# Winners of the AusCERT 2013 #sophospuzzle (and how to solve it)

By request and by design, this #sophospuzzle was easier than previous ones, not least because it consisted of a single stage.

That stage was a sort-of hybrid Caesar cipher with just 24 characters of ciphertext in three groups of eight, each group on one visible face of a Rubik’s cube:

The rules said:

1. Substitition. Shift all repeated letters down the same amount.
2. Substitition. Shift each singleton letter down a unique amount, from 1 to 9 places.
3. Transposition. Rearrange the three 8-character blocks to spell the answer.

Some of you took an overly-complex programmatic approach, almost as though you felt that, to justify taking the time to write code at all, you needed to find a way to solve the puzzle that would be impossible to do by hand.

You took the nine singleton letters and tried to work out the most likely unique shift amount for each, by trying every possible combination of shifts.

With nine letters, there are 9x8x7x6x5x4x3x2x1 ways (9 factorial, abbreviated 9!) of arranging them by shift amount, for a total of 362,880 different possibilities.

You can start that way, though it doesn’t get you very far. Or, you might say, it gets you too far: with only nine letters to play with, you can’t do much in the way of frequency or linguistic analysis, so you have a huge but very partial list.

There’s a much easier way, if you’re willing to start by assuming that the word SOPHOS appears in the answer.

In that case, a pattern corresponding to SO..OS should appear in the ciphertext.

Don’t forget that due to rule 3, the transposition rule , the letters could be out of sequence. But there are only six ways (3!, or 3x2x1) to rearrange the three 8-character blocks, so this is still an easy thing to verify.

The pattern does appear, and right at the start of a transposition block, too!

So the shift for the repeated letters is the distance from W to S in the alphabet: four places. We can lock in all but the nine singleton characters:

Now we can instantly guess that P must be the H in SOPHOS (a shift of 8) and R stands for the L in SIMPLE (a shift of 6):

That leaves seven unsolved letters and seven unused shifts: 1, 2, 3, 4, 5, 7 and 9.

Let’s look at the ciphertext K, and see if we can make it fit between SOPHOSSE and ESIMPLE.

With the shifts available, K could become one of B, D, F, G, H, I or J (shifts of 6 and 8 are used up), giving:

All of these look like junk, so we conclude that .ESIMPLE doesn’t follow SOPHOSSE. It’s also highly unlikely that the string SOPHOSSE appears at the end of the plaintext, as it wouldn’t make sense.

So there is only one likely way left to reorder the blocks:

Let’s look for the likely letters between M and ESIMPLE that are encrypted as FK.

They can only be shifted by 1, 2, 3, 4, 5, 7 and 9, as shown above. Also, any shift that gives one of the already-decrypted letters SOPHEIMPL can be ruled out (otherwise it would be a repeat and we’d have decrypted it already):

The only combination that makes sense is for F to become A (a shift of 5) and K to become D (a shift of 7):

The rest should fall into place easily, given that we can cross-check our guesses with the remaining shifts of 1, 2, 3, 4 and 9.

It’s going to be SOPHOS SECURITY MADE SIMPLE, isn’t it?

58 solvers got to the answer in time. Those who agreed to be identified, in finishing order, are as follows:

```@pirate_security (under one hour: 27'42")
Lee Cronin (under one hour: 40'37")
Phil Reah (under one hour: 41'08")
@TabChalk
wjm
@BirdPlaneMeteor
Pete Midgley
@DJM
Philip
@dkulshitsky
Maya Kaczorowski
@JRPLambeth
@RobertWinkel
Veit Heller
Melissa DeLucchi
@agarner
@fromCharCode
@pjm0
Carmine Bussone
Tyler Young
Charles Helps
Simon Knight
@hackery
Colin England
Enno Schulz
@charleskillmer
@SecuritySift
@Hearth
@iamheer
@TimoHirvonen
@secolive
Eoin
@abduelhamit
John Dragt
@seakingWD
maikikun
Diana Moldovan
Adam Jenkins (with just 1'10" to spare)
```

Well done to everyone who had a go at the puzzle, and special congratulations to our winners, who were drawn entirely at /dev/random as:

1. @Hearth
2. Tyler Young
3. Eoin
4. Melissa DeLucchi
5. [anon]

Keep your eye on Naked Security (and follow @duckblog on Twitter) if you’d like early warning of the next #sophospuzzle!