Aizhi

Digital first

· Best AI for Resume

Digital first

Digital first is a communication theory that publishers should release content into new media channels in preference to old media. The premise behind the theory is that after the advent of Internet, most established media organizations continued to give priority to traditional media. Over time, those organizations faced a choice to either publish first in digital media or traditional media. A "digital first" decision occurs when a publisher chooses to distribute information online in preference to or at the expense of traditional media like print publishing. Many employers and employees find it challenging to imagine using digital first practices. Distributing content digital first introduces new practices, including a need to manage the data which tracks readership. Many paper print publishers feel intimidated by the idea of publishing content online before publishing it in paper media. Comedian John Oliver in the show Last Week Tonight criticized digital first practices as a cause of lower standards in journalism. == Digital-First Transformation in Business and Education == The classical perspective of an information system is that it represents and reflects physical reality. However, it is increasingly evident that digital technologies not only represent reality but also actively shape it, as, in many instances, the digital version is created first, and the physical version follows. Gradually, digital infrastructures are integrated in people's work and life, shaping a digital environment through technologies such as 5G, sensors, and blockchain. The Digital First Framework, developed by Professor Youngjin Yoo, is a conceptual approach that helps the physical companies in the integration of digital technologies into the core of product and service design. The shift from traditional cars, where the physical vehicle precedes its digital representation on Google maps, to autonomous vehicles, where the digital representation (the blue dot) is created first, emphasizes the digital-first mindset in the design and operation of systems. In today's business environment, it's critical for organizations to embrace a digital-first strategy. Companies built on digital platforms will significantly diverge from traditional, hierarchical business structures that typically focus on a single product or market. These digitally-centered enterprises will offer products and services that are tailored to individual requirements, utilizing algorithms to assess needs based on specific situations, and relying on external partners to provide these solutions. This highlights the need to transform traditional R&D practices. It's essential for R&D teams to move beyond their laboratories and immerse themselves in the environments of their users. Understanding the context of use is fundamental to creating a relevant platform. As an illustration, the concept of Digital-first, as defined by Rohm et al. (2019), involves the integration of digital projects within educational courses, exemplified by institutions like M-School. The program adopts a programmatic approach, where successive courses progressively build upon one another, adopting an all-encompassing perspective that regards all aspects of marketing as inherently digital. Students actively participate in real-world projects, including campaigns for community improvement, and are tasked with generating content for diverse platforms. Through hands-on collaboration with live clients and the utilization of tools such as Google AdWords and Facebook Advertising, students acquire practical experience in the realms of digital marketing and analytics. == vBook == A vBook is an eBook that is digital first media with embedded video, images, graphs, tables, text, and other media.

Common Image Generator Interface

The Common Image Generator Interface (CIGI) (pronounced sig-ee), is an on-the-wire data protocol that allows communication between an Image Generator and its host simulation. The interface is designed to promote a standard way for a host device to communicate with an image generator (IG) within the industry. CIGI enables plug-and-play by standard-compliant image generator vendors and reduces integration costs when upgrading visual systems. == Background == Most high-end simulators do not have everything running on a single machine the way popular home software flight simulators are currently implemented. The airplane model is run on one machine, normally referred to as the host, and the out the window visuals or scene graph program is run on another, usually referred to as an Image Generator (IG). Frequently there are multiple IGs required to display the surrounding environment created by a host. CIGI is the interface between the 'host' and the IGs. The main goal of CIGI is to capitalize on previous investments through the use of a common interface. CIGI is designed to assist suppliers and integrators of IG systems with ease of integration, code reuse, and overall cost reduction. In the past most image generators provided their own proprietary interface; every host had to implement that interface making changing image generators a costly ordeal. CIGI was created to standardize the interface between the host and the image generator so that little modification would be needed to switch image generators. The CIGI initiative was largely spearheaded by The Boeing Company during the early 21st century. The latest version of CIGI (CIGI 4.0) was developed by the Simulation Interoperability Standards Organization (SISO) in the form of SISO-STD-013-2014, Standard for Common Image Generator Interface (CIGI), Version 4.0, dated 22 August 2014. SISO-STD-013-2014 is freely available from SISO. == Definitions == Image generator – In this context an image generator consists of one or more rendering channels that produce an image that can be used to visualize an “Out-The-Window” scene, or images produced by various sensor simulations such as Infra-red, Day TV, electro-optical, and night vision. Host simulation – In this context a “Host” is the computational system that provides information about the device being simulated so that the image generator can portray the correct scenery to the user. This information is passed via CIGI to the image generator. == Maturation == CIGI 4 is the latest version of the standard as was approved by the Simulation Interoperability Standards Organization on August 22, 2014. CIGI became an international SISO standard known as SISO-STD-013-2014; which contains the CIGI version 4.0 Interface Control Document (ICD). CIGI 4.0 is the official standard, published by SISO. Previous versions of CIGI were spearheaded by Boeing include CIGI v3.3, in November 2008, v3.2 April 2006, v3.1 June 2004, v3 November 2003, v2 in March 2002, and the original (v1) in March 2001 == Protocol dependencies == Typically, CIGI uses UDP as its transport protocol, but CIGI does not require a specific transport mechanism, only packet definition conformance. CIGI traffic does not have a well known port; however, the use of ports 8004-8005 has been widely adopted by commercial image generator vendors implementations. == Development tools == === Host Emulator === The Host Emulator can be used as a surrogate to manipulate the interface when a simulation Host is not available. It is a Windows-based image generator Host application used to develop, integrate and test image generators that use the CIGI protocol. It provides a graphical user interface (GUI) for the creation, modification and deletion of entities; manipulation of views; control of environmental attributes and phenomena; and other host functions. The Host Emulator has several features that are useful for integration and testing. A free-flight mode allows for fixed-wing and rotorcraft flight, movement along entity axes and free rotation using a joystick or a joystick-like widget. Scripting and record/playback features support regression testing, demonstrations and other tasks needing exact reproduction of certain sequences of events. A packet-level snoop feature allows the user to examine the contents of CIGI messages, image generator response times and latencies. A Heartbeat Monitor Window shows a graphical timing history of the Image Generator's data frame rate. Other features include explicit packet creation, animation control, missile flyouts and a situation display window (Host Emulator 3.x only). === Multi-Purpose Viewer === The Multi-Purpose Viewer (MPV) provides the basic functionality expected of an Image Generator, such as loading and displaying a terrain database, displaying entities and so forth. The Multi-Purpose Viewer can be used as a surrogate to manipulate the interface when a real Image Generator is not available. The MPV is capable of operating with both the Windows and Linux operating systems. === CIGI Class Library === The CCL is an object-oriented software interface that automatically handles message composition and decomposition (i.e. packing, unpacking and byte swapping to the ICD specification) on both the Host and Image Generator sides of the interface. The CCL interprets Host or Image Generator messages based on compile time parameters. It also performs error handling and translation between different versions of CIGI. Each packet type has its own class. The individual packet members are accessed through packet class accessors. Outgoing messages are constructed by placing each packet into the outgoing buffer using a streaming operator. Incoming messages are parsed using callback or event-based mechanisms that supply the using program with fully populated packet objects. === Current tool suite === A set of CIGI development tools are managed and maintained by the SISO CIGI Product Support Group. The latest packages are available on SourceForge. Comments/Suggestions to the package can be directed to the SISO discussion board at: https://discussions.sisostds.org/index.htm?A0=SAC-PSG-CIGI Archived 2017-09-13 at the Wayback Machine === Wireshark === Wireshark is a free and open source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark provides a dissector for CIGI packets. As of October 2016, “The CIGI dissector is fully functional for CIGI version 2 and 3. Version 1 is not yet implemented.” === Older versions of CIGI === A CIGI Interface Control Document (ICD) and development suite is available in open source format. The tools, ICD, and accompanying user documentation can be found and downloaded from the CIGI sourceforge web site. The SourceForge version of the MPV is limited in its support of CIGI data packets and is intended to grow as needs arise. The MPV uses CIGI 3 as its interface, but the MPV is backward-compatible with earlier CIGI versions through the use of the CCL. The MPV uses the Open Scene Graph library to render a scene. The scene graph is manipulated according to the CIGI commands received from the Host via the CCL. The MPV itself is an application layer that consists of a small kernel leveraging heavily on a plug-in architecture for ease of maintainability and flexibility. An implementer can implement the interface from scratch, however a full suite of integration tools is available. These tools consist of three elements. The Host Emulator (HE), the Multi-Purpose Viewer (MPV), and the CIGI Class Library (CCL).

Forking lemma

The forking lemma is any of a number of related lemmas in cryptography research. The lemma states that if an adversary (typically a probabilistic Turing machine), on inputs drawn from some distribution, produces an output that has some property with non-negligible probability, then with non-negligible probability, if the adversary is re-run on new inputs but with the same random tape, its second output will also have the property. This concept was first used by David Pointcheval and Jacques Stern in "Security proofs for signature schemes," published in the proceedings of Eurocrypt 1996. In their paper, the forking lemma is specified in terms of an adversary that attacks a digital signature scheme instantiated in the random oracle model. They show that if an adversary can forge a signature with non-negligible probability, then there is a non-negligible probability that the same adversary with the same random tape can create a second forgery in an attack with a different random oracle. The forking lemma was later generalized by Mihir Bellare and Gregory Neven. The forking lemma has been used and further generalized to prove the security of a variety of digital signature schemes and other random-oracle based cryptographic constructions. == Statement of the lemma == The generalized version of the lemma is stated as follows. Let A be a probabilistic algorithm, with inputs (x, h1, ..., hq; r) that outputs a pair (J, y), where r refers to the random tape of A (that is, the random choices A will make). Suppose further that IG is a probability distribution from which x is drawn, and that H is a set of size h from which each of the hi values are drawn according to the uniform distribution. Let acc be the probability that on inputs distributed as described, the J output by A is greater than or equal to 1. We can then define a "forking algorithm" FA that proceeds as follows, on input x: Pick a random tape r for A. Pick h1, ..., hq uniformly from H. Run A on input (x, h1, ..., hq; r) to produce (J, y). If J = 0, then return (0, 0, 0). Pick h'J, ..., h'q uniformly from H. Run A on input (x, h1, ..., hJ−1, h'J, ..., h'q; r) to produce (J', y'). If J' = J and hJ ≠ h'J then return (1, y, y'), otherwise, return (0, 0, 0). Let frk be the probability that FA outputs a triple starting with 1, given an input x chosen randomly from IG. Then frk ≥ acc ⋅ ( acc q − 1 h ) . {\displaystyle {\text{frk}}\geq {\text{acc}}\cdot \left({\frac {\text{acc}}{q}}-{\frac {1}{h}}\right).} === Intuition === The idea here is to think of A as running two times in related executions, where the process "forks" at a certain point, when some but not all of the input has been examined. In the alternate version, the remaining inputs are re-generated but are generated in the normal way. The point at which the process forks may be something we only want to decide later, possibly based on the behavior of A the first time around: this is why the lemma statement chooses the branching point (J) based on the output of A. The requirement that hJ ≠ h'J is a technical one required by many uses of the lemma. (Note that since both hJ and h'J are chosen randomly from H, then if h is large, as is usually the case, the probability of the two values not being distinct is extremely small.) === Example === For example, let A be an algorithm for breaking a digital signature scheme in the random oracle model. Then x would be the public parameters (including the public key) A is attacking, and hi would be the output of the random oracle on its ith distinct input. The forking lemma is of use when it would be possible, given two different random signatures of the same message, to solve some underlying hard problem. An adversary that forges once, however, gives rise to one that forges twice on the same message with non-negligible probability through the forking lemma. When A attempts to forge on a message m, we consider the output of A to be (J, y) where y is the forgery, and J is such that m was the Jth unique query to the random oracle (it may be assumed that A will query m at some point, if A is to be successful with non-negligible probability). (If A outputs an incorrect forgery, we consider the output to be (0, y).) By the forking lemma, the probability (frk) of obtaining two good forgeries y and y' on the same message but with different random oracle outputs (that is, with hJ ≠ h'J) is non-negligible when acc is also non-negligible. This allows us to prove that if the underlying hard problem is indeed hard, then no adversary can forge signatures. This is the essence of the proof given by Pointcheval and Stern for a modified ElGamal signature scheme against an adaptive adversary. == Known issues with application of forking lemma == The reduction provided by the forking lemma is not tight. Pointcheval and Stern proposed security arguments for Digital Signatures and Blind Signature using Forking Lemma. Claus P. Schnorr provided an attack on blind Schnorr signatures schemes, with more than p o l y l o g ( n ) {\displaystyle polylog(n)} concurrent executions (the case studied and proven secure by Pointcheval and Stern). A polynomial-time attack, for Ω ( n ) {\displaystyle \Omega (n)} concurrent executions, was shown in 2020 by Benhamouda, Lepoint, Raykova, and Orrù. Schnorr also suggested enhancements for securing blind signatures schemes based on discrete logarithm problem.

HTTP Strict Transport Security

HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone. HSTS is an IETF standards track protocol and is specified in RFC 6797. The HSTS Policy is communicated by the server to the user agent via an HTTP response header field named Strict-Transport-Security. HSTS Policy specifies a period of time during which the user agent should only access the server in a secure fashion. Websites using HSTS often do not accept clear text HTTP, either by rejecting connections over HTTP or systematically redirecting users to HTTPS (though this is not required by the specification). The consequence of this is that a user-agent not capable of doing TLS will not be able to connect to the site. The protection normally only applies after a user has visited the site at least once, relying on the principle of "trust on first use". The way this protection works is that when a user entering or selecting an HTTP (not HTTPS) URL to the site, the client, such as a Web browser, will automatically upgrade to HTTPS without making an HTTP request, thereby preventing any HTTP man-in-the-middle attack from occurring. To counteract this problem, an HSTS preload list maintained by Google Chrome and used by other major web browsers is maintained. If a domain is on this list, the browser skips the initial request and encrypts all communication immediately. Additional domains can be registered at no cost. == Specification history == The HSTS specification was published as RFC 6797 on 19 November 2012 after being approved on 2 October 2012 by the IESG for publication as a Proposed Standard RFC. The authors originally submitted it as an Internet Draft on 17 June 2010. With the conversion to an Internet Draft, the specification name was altered from "Strict Transport Security" (STS) to "HTTP Strict Transport Security", because the specification applies only to HTTP. The HTTP response header field defined in the HSTS specification however remains named "Strict-Transport-Security". The last so-called "community version" of the then-named "STS" specification was published on 18 December 2009, with revisions based on community feedback. The original draft specification by Jeff Hodges from PayPal, Collin Jackson, and Adam Barth was published on 18 September 2009. The HSTS specification is based on original work by Jackson and Barth as described in their paper "ForceHTTPS: Protecting High-Security Web Sites from Network Attacks". Additionally, HSTS is the realization of one facet of an overall vision for improving web security, put forward by Jeff Hodges and Andy Steingruebl in their 2010 paper The Need for Coherent Web Security Policy Framework(s). == HSTS mechanism overview == A server implements an HSTS policy by supplying a header over an HTTPS connection (HSTS headers over HTTP are ignored). For example, a server could send a header such that future requests to the domain for the next year (max-age is specified in seconds; 31,536,000 is equal to one non-leap year) use only HTTPS: Strict-Transport-Security: max-age=31536000. When a web application issues HSTS Policy to user agents, conformant user agents behave as follows: Automatically turn any insecure links referencing the web application into secure links (e.g. http://example.com/some/page/ will be modified to https://example.com/some/page/ before accessing the server). If the security of the connection cannot be ensured (e.g. the server's TLS certificate is not trusted), the user agent must terminate the connection and should not allow the user to access the web application. This helps protect web application users against some passive (eavesdropping) and active network attacks. A man-in-the-middle attacker has a greatly reduced ability to intercept requests and responses between a user and a web application server while the user's browser has HSTS Policy in effect for that web application. == Applicability == The most important security vulnerability that HSTS can fix is SSL-stripping man-in-the-middle attacks, first publicly introduced by Moxie Marlinspike in his 2009 BlackHat Federal talk "New Tricks For Defeating SSL In Practice". The SSL (and TLS) stripping attack works by transparently converting a secure HTTPS connection into a plain HTTP connection. The user can see that the connection is insecure, but crucially there is no way of knowing whether the connection should be secure. At the time of Marlinspike's talk, many websites did not use TLS/SSL, therefore there was no way of knowing (without prior knowledge) whether the use of plain HTTP was due to an attack, or simply because the website had not implemented TLS/SSL. Additionally, no warnings are presented to the user during the downgrade process, making the attack fairly subtle to all but the most vigilant. Marlinspike's sslstrip tool, presented at Black Hat DC 2009, fully automates the attack. HSTS addresses this problem by informing the browser that connections to the site should always use TLS/SSL. The HSTS header can be stripped by the attacker if this is the user's first visit. Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge attempt to limit this problem by including a "pre-loaded" list of HSTS sites. Unfortunately this solution cannot scale to include all websites on the internet. See limitations, below. HSTS can also help to prevent having one's cookie-based website login credentials stolen by widely available tools such as Firesheep. Because HSTS is time limited, it is sensitive to attacks involving shifting the victim's computer time e.g. using false NTP packets. == Limitations == The initial request remains unprotected from active attacks if it uses an insecure protocol such as plain HTTP or if the URI for the initial request was obtained over an insecure channel. The same applies to the first request after the activity period specified in the advertised HSTS Policy max-age (sites should set a period of several days or months depending on user activity and behavior). === Solutions with preload list === Google Chrome, Mozilla Firefox, and Internet Explorer/Microsoft Edge address this limitation by implementing a "HSTS preloaded list", which is a list that contains known sites supporting HSTS. This list is distributed with the browser so that it uses HTTPS for the initial request to the listed sites as well. As previously mentioned, these pre-loaded lists cannot scale to cover the entire Web. A potential solution might be achieved by using DNS records to declare HSTS Policy, and accessing them securely via DNSSEC, optionally with certificate fingerprints to ensure validity (which requires running a validating resolver to avoid last mile issues). Junade Ali has noted that HSTS is ineffective against the use of false domains; by using DNS-based attacks, it is possible for a man-in-the-middle interceptor to serve traffic from an artificial domain which is not on the HSTS Preload list, this can be made possible by DNS Spoofing Attacks, or simply a domain name that misleadingly resembles the real domain name such as www.example.org instead of www.example.com. Even with an HSTS preloaded list, HSTS cannot prevent advanced attacks against TLS itself, such as the BEAST or CRIME attacks introduced by Juliano Rizzo and Thai Duong. Attacks against TLS itself are orthogonal to HSTS policy enforcement. Neither can it protect against attacks on the server - if someone compromises it, it will happily serve any content over TLS. === Privacy issues === HSTS can be used to near-indelibly tag visiting browsers with recoverable identifying data (supercookies) which can persist in and out of browser "incognito" privacy modes. By creating a web page that makes multiple HTTP requests to selected domains, for example, if twenty browser requests to twenty different domains are used, theoretically over one million visitors can be distinguished (220) due to the resulting requests arriving via HTTP vs. HTTPS; the latter being the previously recorded binary "bits" established earlier via HSTS headers. == Browser support == Chromium and Google Chrome since version 4.0.211.0 Firefox since version 4; with Firefox 17, Mozilla integrates a list of websites supporting HSTS. Opera since version 12 Safari since OS X Mavericks (version 10.9, late 2013) Internet Explorer 11 on Windows 8.1 and Windows 7 with KB3058515 installed (Released as a Windows Update in June 2015) Microsoft Edge and Internet Explorer 11 on Windows 10 BlackBerry 10 Browser and WebView since BlackBerry OS 10.3.3. == Deployment best practices == Depending on the actual deployment there are certain threats (e.g. cookie injection attacks) t

Honey encryption

Honey encryption is a type of data encryption that "produces a ciphertext, which, when decrypted with an incorrect key as guessed by the attacker, presents a plausible-looking yet incorrect plaintext." == Creators == Ari Juels and Thomas Ristenpart of the University of Wisconsin, the developers of the encryption system, presented a paper on honey encryption at the 2014 Eurocrypt cryptography conference. == Method of protection == A brute-force attack involves repeated decryption with random keys; this is equivalent to picking random plaintexts from the space of all possible plaintexts with a uniform distribution. This is effective because even though the attacker is equally likely to see any given plaintext, most plaintexts are extremely unlikely to be legitimate i.e. the distribution of legitimate plaintexts is non-uniform. Honey encryption defeats such attacks by first transforming the plaintext into a space such that the distribution of legitimate plaintexts is uniform. Thus an attacker guessing keys will see legitimate-looking plaintexts frequently and random-looking plaintexts infrequently. This makes it difficult to determine when the correct key has been guessed. In effect, honey encryption "[serves] up fake data in response to every incorrect guess of the password or encryption key." The security of honey encryption relies on the fact that the probability of an attacker judging a plaintext to be legitimate can be calculated (by the encrypting party) at the time of encryption. This makes honey encryption difficult to apply in certain applications e.g. where the space of plaintexts is very large or the distribution of plaintexts is unknown. It also means that honey encryption can be vulnerable to brute-force attacks if this probability is miscalculated. For example, it is vulnerable to known-plaintext attacks: if the attacker has a crib that a plaintext must match to be legitimate, they will be able to brute-force even Honey Encrypted data if the encryption did not take the crib into account. == Example == An encrypted credit card number is susceptible to brute-force attacks because not every string of digits is equally likely. The number of digits can range from 13 to 19, though 16 is the most common. Additionally, it must have a valid IIN and the last digit must match the checksum. An attacker can also take into account the popularity of various services: an IIN from MasterCard is probably more likely than an IIN from Diners Club Carte Blanche. Honey encryption can protect against these attacks by first mapping credit card numbers to a larger space where they match their likelihood of legitimacy. Numbers with invalid IINs and checksums are not mapped at all (i.e. have probability 0 of legitimacy). Numbers from large brands like MasterCard and Visa map to large regions of this space, while less popular brands map to smaller regions, etc. An attacker brute-forcing such an encryption scheme would only see legitimate-looking credit card numbers when they brute-force, and the numbers would appear with the frequency the attacker would expect from the real world. == Application == Juels and Ristenpart aim to use honey encryption to protect data stored on password manager services. Juels stated that "password managers are a tasty target for criminals," and worries that "if criminals get a hold of a large collection of encrypted password vaults they could probably unlock many of them without too much trouble." Hristo Bojinov, CEO and founder of Anfacto, noted that "Honey Encryption could help reduce their vulnerability. But he notes that not every type of data will be easy to protect this way. … Not all authentication or encryption system yield themselves to being honeyed."

Boyfriend Maker

Boyfriend Maker was a dating sim, romance chatbot smartphone app for iOS (iPhone) and Android devices, developed by Japanese studio 36 You Games (styled as 36You) and distributed under the freemium business model. Boyfriend Maker incorporated advanced artificial intelligence chat technology a decade before products such as ChatGPT. According to the developer's website, Boyfriend Maker is an "app that lets you interact and chat with quirky virtual boyfriends". While each virtual boyfriend has certain unique characteristics, the various instances of the boyfriend are powered by a chat engine, that (at least within a language and market) can utilise vocabulary and knowledge acquired in a chat with one user in subsequent chats with other users. == Gameplay == Users gain experience points and in-game coins. Users can customize their virtual boyfriend's appearance by selecting items such as hair, clothing, face, and a necklace. == Apple delisting and reintroduction == In late November 2012, the original iOS Boyfriend Maker app was delisted from the Apple App Store due to "ribald" chat, according to the New York Times. Boyfriend Maker was removed by Apple due to "reports of references to violent sexual acts and pedophilia". Boyfriend Maker had an age rating of 4+, even though the chat bot "responds with often strange and explicit text unsuitable for young children". User-posted chat excerpts indicate that the virtual boyfriend would sometimes transition abruptly to sexual chat in response to a seemingly innocent question. In one user-posted example, in response to the question, "what kind of wedding cake will we have" the boyfriend responds, "a good sex ima be on top of u u gonna ride oon me bitin the pillow gurrl ima fuck da shit out of u". The developer's use of the SimSimi-created third-party chat engine may be responsible for the sexual text. As the virtual boyfriend converses with human users, the SimSimi chat engine acquires vocabulary from users of the game and applies this "learned" vocabulary in chats with other users. The chat engine might also employ lines harvested from human-human chat logs, song lyrics, movies or TV shows. In April 2013, a detuned and presumably tamer version of the app, titled Boyfriend Plus, was permitted on Apple's App Store.

Blocknots

Blocknots were random sequences of numbers contained in a book and organized by numbered rows and columns and were used as additives in the reciphering of Soviet Union codes, during World War II. The Blocknot consisted of a booklet of fifty sheets of 5-figure random additive, 100 additive groups to a sheet. No sheet was used more than once, thus the blocknots were in effect a form of one-time pad. The Soviet Unions highest grade ciphers that were used in the East, were the 5-figure codebook enciphered with the Blocknot book, and were generally considered unbreakable. == Technical Description == Blocknots were distributed centrally from an office in Moscow. Every Blocknot contained 5-figure groups in a number of sheets, for the enciphering of 5-figure messages. The encipherment was effected by applying additives taken from the pad, of which 50-100 5-figure groups appeared. Each pad had a 5-figure number and each sheet had a 2-figure number running consecutively. There were 5 different types of Blocknots, in two different categories The Individual in which each table of random numbers was used only once. The General in which each page of the Blocknot was valid for one day. The security of the additive sequence rested on the choice of different starting points for each message. In 5-figure messages, the blocknot was one of the first 10 Groups in the message. Its position changed at long intervals, but was always easy to re-identify. The Russians differentiated between three types of blocks: The 3-block, DRIERBLOCK. I-block for Individual Block: 50 pages, additive read off in one direction only. The messages could be used and read only between 2 wireless telegraphy stations on one net. The 6-block, SECHSERBLOCK. Z-block for Circular Block: 30 pages, additive read off in either direction. The messages could be used and read, between all W/T stations in a net. The 2-block, ZWEIERBLOCK. OS-block. Used only in traffic from lower to higher formations. Two other types were used, in lower echelons. Notblock: Used in an emergency. Blocknot used for passing on traffic. The distribution of Blocknots was carried out centrally from Moscow to Army Groups then to Armies. The Army was responsible for their distribution throughout the lower levels of the army down to company level. Independent units took their cipher material with them. Occasionally the same blocknot was distributed to two units on different parts of the front, which enabled Depth to be established. Records of all Blocknots used were kept in Berlin and when a repeat was noticed a BLOCKNOT ANGEBOT message was sent out to all German Signals units, to indicate that it may have been possible to break the code using it. There was no certainty in this. A cryptanalyst with the General der Nachrichtenaufklärung stated while being interrogated by TICOM: It seems that depths of up to 8 were established at the beginning of the Russian Campaign but that no 5-figure code was broken after May 1943 German cryptanalysts who were prisoners of war stated under interrogation, that each of the figures 0 to 9 were placed en clair usually within the first ten groups of the text or sometimes at the end. One indicator was the Blocknot number and the consisted of two random figures, the figure representing the type, and the remaining two, the page of the Blocknot being used. In long messages, 000000 was placed in the message when the end of a page had been reached. == Chi number == The Chi-number was the serial numbering of all 5-figure messages passing through the hands of the Cipher Officer, starting on the first of January and ending on thirty-first December of the current year. It always appeared as the last group in an intercepted message, e.g. 00001 on the 1st January, or when the unit was newly set up. The progression of Chi-numbers was carefully observed and recorded in the form of a graph. A Russian corps had about 10 5-figure messages per day, and Army about 20-30 and a Front about 60–100. After only a relatively short time, the individual curves separated sharply and the type of formation could be recognized by the height of the Chi-number alone. == Monitoring == Blocknots were tracked in a card index, that was maintained by the Signal Intelligence Evaluation Centre (NAAS). The NAAS functionality included evaluation and traffic analysis, cryptanalysis, collation and dissemination of intelligence. The card index, which was one amongst several Card Indexes. A careful recording and study of blocks provided the positive clues in the identification and tracking of formations using 5-figure ciphers. The index was subdivided into two files: Search card index, contained all blocknots and chi-numbers whether or not they were known. Unit card index, contained only known Block and Chi-numbers. Inspector Berger, who was the chief cryptanalyst of NAAS 1 stated that the two files formed: The most important and surest instruments for identifying Russian radio nets, known to him. The Blocknots were also used in the Stationary Intercept Company (Feste), the military unit that were designed to work at a lower level to the NAAS, at the Army level and were semi-motorized, and closer to the front. The Feste used the Blocknot value along with several other parameters to build a network diagram. The network diagram was studied extensively, as part of a 6-stage process, that involved several departments within the Feste. The outcome was a metric which determined the most interesting circuit for traffic monitoring, and least interesting, where monitoring of traffic should cease. == Analysis == Johannes Marquart was a mathematician and cryptanalyst who initially worked for Inspectorate 7/VI and later led Referat Ia of Group IV of the General der Nachrichtenaufklärung. Marquart was assigned the study of the Soviet Union Blocknot traffic. Marquart and his unit conducted extensive research in an attempt to discover the method by which they were produced. All the counts which they made, however, failed to reveal any non-random characteristics in the design of the tables, and while they thought the Blocknots must have been generated by machine, they were never able to draw any concrete deductions as a result of their research. == Example == The Soviet 3rd Guard Tank Army transmits a 5-figure message with the Blocknot of 37581 (one of the first 10 groups in the message). On the same day the Block 37582 was used by the same formation. The next day 37583 appeared. Thereafter, for a period, the Army was not heard by German Wireless telegraphy intercept operators, as it was maintaining wireless silence. After a few days, an unidentified net with the Blocknot 37588 is picked up. This message net is claimed, because of the proximity of the blocks (88/83) to be the 3rd Guard Tank Army. The missing Blocknots 84-87 were presumably used in telegraphic, telephonic or courier communications. The Chi number provides confirmation of the first assumption, based on proximity of blocknots in most cases.

Related Articles