Winners of the AusCERT 2013 #sophospuzzle (and how to solve it)

Filed Under: Cryptography, Featured

By request and by design, this #sophospuzzle was easier than previous ones, not least because it consisted of a single stage.

That stage was a sort-of hybrid Caesar cipher with just 24 characters of ciphertext in three groups of eight, each group on one visible face of a Rubik's cube:

The rules said:

  1. Substitition. Shift all repeated letters down the same amount.
  2. Substitition. Shift each singleton letter down a unique amount, from 1 to 9 places.
  3. Transposition. Rearrange the three 8-character blocks to spell the answer.

Some of you took an overly-complex programmatic approach, almost as though you felt that, to justify taking the time to write code at all, you needed to find a way to solve the puzzle that would be impossible to do by hand.

You took the nine singleton letters and tried to work out the most likely unique shift amount for each, by trying every possible combination of shifts.

With nine letters, there are 9x8x7x6x5x4x3x2x1 ways (9 factorial, abbreviated 9!) of arranging them by shift amount, for a total of 362,880 different possibilities.

You can start that way, though it doesn't get you very far. Or, you might say, it gets you too far: with only nine letters to play with, you can't do much in the way of frequency or linguistic analysis, so you have a huge but very partial list.

There's a much easier way, if you're willing to start by assuming that the word SOPHOS appears in the answer.

In that case, a pattern corresponding to SO..OS should appear in the ciphertext.

Don't forget that due to rule 3, the transposition rule , the letters could be out of sequence. But there are only six ways (3!, or 3x2x1) to rearrange the three 8-character blocks, so this is still an easy thing to verify.

The pattern does appear, and right at the start of a transposition block, too!

So the shift for the repeated letters is the distance from W to S in the alphabet: four places. We can lock in all but the nine singleton characters:

Now we can instantly guess that P must be the H in SOPHOS (a shift of 8) and R stands for the L in SIMPLE (a shift of 6):

That leaves seven unsolved letters and seven unused shifts: 1, 2, 3, 4, 5, 7 and 9.

Let's look at the ciphertext K, and see if we can make it fit between SOPHOSSE and ESIMPLE.

With the shifts available, K could become one of B, D, F, G, H, I or J (shifts of 6 and 8 are used up), giving:

All of these look like junk, so we conclude that .ESIMPLE doesn't follow SOPHOSSE. It's also highly unlikely that the string SOPHOSSE appears at the end of the plaintext, as it wouldn't make sense.

So there is only one likely way left to reorder the blocks:

Let's look for the likely letters between M and ESIMPLE that are encrypted as FK.

They can only be shifted by 1, 2, 3, 4, 5, 7 and 9, as shown above. Also, any shift that gives one of the already-decrypted letters SOPHEIMPL can be ruled out (otherwise it would be a repeat and we'd have decrypted it already):

The only combination that makes sense is for F to become A (a shift of 5) and K to become D (a shift of 7):

The rest should fall into place easily, given that we can cross-check our guesses with the remaining shifts of 1, 2, 3, 4 and 9.

It's going to be SOPHOS SECURITY MADE SIMPLE, isn't it?

58 solvers got to the answer in time. Those who agreed to be identified, in finishing order, are as follows:

@pirate_security (under one hour: 27'42")
Lee Cronin (under one hour: 40'37")
Phil Reah (under one hour: 41'08")
Pete Midgley
Maya Kaczorowski 
Veit Heller 
James Halstead
Melissa DeLucchi
Carmine Bussone 
Tyler Young
Charles Helps
Simon Knight
Adam Mazack
Colin England
Enno Schulz
John Dragt
Chuck Woodraska
Diana Moldovan
Adam Jenkins (with just 1'10" to spare)

Well done to everyone who had a go at the puzzle, and special congratulations to our winners, who were drawn entirely at /dev/random as:

  1. @Hearth
  2. Tyler Young
  3. Eoin
  4. Melissa DeLucchi
  5. [anon]

Keep your eye on Naked Security (and follow @duckblog on Twitter) if you'd like early warning of the next #sophospuzzle!

, , , , ,

You might like

2 Responses to Winners of the AusCERT 2013 #sophospuzzle (and how to solve it)

  1. roy jones jr · 856 days ago

    I've read this article and still don't get how the decryption works. Can I just pay you all to get a Sophos tshirt?

  2. Paul Ducklin · 868 days ago


    (Of course, you dont know where the [anon] person came, though I will say she took longer than one hour to complete her solution. And I'll say, for the kudos purposes of the top three people on the list above, that they *were* the top three. No anonymous solvers made it in under an hour.)

    The deal was always to have a random draw of all eligible solvers, whether they replied after the first minute or with just a minute to spare.

    Them's the rules.

    The main reason for doing it like that is to spread the "solver love" across all timezones and to make it worth entering even after a day or so have elapsed.

    Maybe one or two speed-based prizes? Or a double chance to win for the Top Ten?

    We'll think about it...

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog