## Pariah Moonshine Part III: Pariah Groups, Prime Factorizations, and Points on Elliptic Curves

by Joshua Holden

This post originally appeared on The Aperiodical. We republish it here with permission.

In Part I of this series of posts, I introduced the sporadic groups, finite groups of symmetries which aren’t the symmetries of any obvious categories of shapes. The sporadic groups in turn are classified into the Happy Family, headed by the Monster group, and the Pariahs. In Part II, I discussed Monstrous Moonshine, the connection between the Monster group and a type of function called a modular form. This in turn ties the Monster group, and with it the Happy Family, to elliptic curves, Fermat’s Last Theorem, and string theory, among other things. But until 2017, the Pariah groups remained stubbornly outside these connections.

In September 2017, John Duncan, Michael Mertens, and Ken Ono published a paper announcing a connection between the Pariah group known as the O’Nan group (after Michael O’Nan, who discovered it in 1976) and another modular form. Like Monstrous Moonshine, the new connection is through an infinite-dimensional shape which breaks up into finite-dimensional pieces. Also like Monstrous Moonshine, the modular form in question has a deep connection with elliptic curves. In this case, however, the connection is more subtle and leads through yet another set of important mathematical objects: the quadratic fields.

### At play in the fields quadratic

What mathematicians call a field is a set of objects which are closed under addition, subtraction, multiplication, and division (except division by zero). The rational numbers form a field, and so do the real numbers and the complex numbers. The integers don’t form a field because they aren’t closed under division, and the positive real numbers don’t form a field because they aren’t closed under subtraction.  (It’s also possible to have fields of things that aren’t numbers, which are useful in lots of other situations; see Section 4.5 of The Mathematics of Secrets for a cryptographic example.)

A common way to make a new field is to take a known field and enlarge it a bit. For example, if you start with the real numbers and enlarge them by including the number i (the square root of -1), then you also have to include all of the imaginary numbers, which are multiples of i, and then all of the numbers which are real numbers plus imaginary numbers, which gets you the complex numbers. Or you could start with the rational numbers, include the square root of 2, and then you have to include the numbers that are rational multiples of the square root of 2, and then the numbers which are rational numbers plus the multiples of the square root of 2. Then you get to stop, because if you multiply two of those numbers you get

which is another number of the same form. Likewise, if you divide two numbers of this form, you can rationalize the denominator and get another number of the same form. We call the resulting field the rational numbers “adjoined with” the square root of 2. Fields which are obtained by starting with the rational numbers and adjoining the square root of a rational number (positive or negative) are called quadratic fields.

### Prime suspects

After addition, subtraction, multiplication, and division, one of the really important things you can do with rational numbers is factor their numerators and denominators into primes. In fact, you can do it uniquely, aside from the order of the factors. If you have number in a quadratic field, you can still factor it into primes, but the primes might not be unique. For example, in the rational numbers adjoined with the square root of negative 5 we have

where 2, 5, 1 + √–5, and 1 – √–5 are all primes. You’ll have to trust me on that last part, since it’s not always obvious which numbers in a quadratic field are prime. Figures 1 and 2 show some small primes in the rational numbers adjoined with the square roots of negative 1 and negative 3, respectively, plotted as points in the complex plane.

Figure 1. Some small primes in the rational numbers adjoined with the square root of -1 (D = -4), plotted as points in the complex plane. By Wikimedia Commons User Georg-Johann.)

Figure 2. Some small primes in the rational numbers adjoined with the square root of -3 (D = -3), plotted as points in the complex plane. By Wikimedia Commons User Fropuff.)

We express this by saying the rational numbers have unique factorization, but not all quadratic fields do. The question of which quadratic fields have unique factorization is an important open problem in general. For negative fundamental discriminants, we know that D = ‑3, ‑4, ‑7, ‑8, ‑11, ‑19, ‑43, ‑67, ‑163 are the only such quadratic fields; an equivalent form of this was conjectured by Gauss but fully acceptable proofs were not given until 1966 by Alan Baker and 1967 by Harold Stark. For positive fundamental discriminants, Gauss conjectured that there were infinitely many quadratic fields with unique factorization but this is still unproved.

Furthermore, Gauss identified a number, called the class number, which in some sense measures how far from unique factorization a field is. If the class number is 1, the field has unique factorization, otherwise not. The rational numbers adjoined with the square root of negative 5 (D = -20) have class number 2, and therefore do not have unique factorization. Gauss also conjectured that the class number of a quadratic field went to infinity as its discriminant went to negative infinity; this was proved by Hans Heilbronn in 1934.

### Moonshine with class (numbers)

What about Moonshine? Duncan, Mertens, and Ono proved that the O’Nan group was associated with the modular form

F(z) = e -8 π i z + 2 + 26752 e 6 π i z + 143376 e 8 π i z  + 8288256 e 14 π i z  + …

which has the property that the coefficient of e 2 |D| π I z  is related to the class number of the field with fundamental discriminant < 0.  Furthermore, looking at elements of the O’Nan group sometimes gives us very specific relationships between the coefficients and the class number.  For example, the O’Nan group includes a symmetry which is like a 180 degree rotation, in that if you do it twice you get back to where you started.  Using that symmetry, Duncan, Mertens, and Ono showed that for even D < -8, 16 always divides a(D)+24h(D), where a(D) is the coefficient of  e 2 |D| π i z  and h(D) is the class number of the field with fundamental discriminant D.  For the example D = -20 from above, a(D) = 798588584512 and h(D) = 2, and 16 does in fact divide 798588584512 + 48.  Similarly, other elements of the O’Nan group show that 9 always divides a(D)+24h(D) if D = 3k+2 for some integer k and that 5 and 7 always divide a(D)+24h(D) under other similar conditions on And 11 and 19 divide a(D)+24h(D) under (much) more complicated conditions related to points on an elliptic curve associated with each D, which brings us back nicely to the connection between Moonshine and elliptic curves.

### How much Moonshine is out there?

Monstrous Moonshine showed that the Monster, and therefore the Happy Family, was related to modular forms and elliptic curves, as well as string theory. O’Nan Moonshine brings in two more sporadic groups, the O’Nan group and its subgroup the “first Janko group”. (Figure 3 shows the connections between the sporadic groups. “M” is the Monster group, “O’N” is the O’Nan group, and “J1” is the first Janko group.) It also connects the sporadic groups not just to modular forms and elliptic curves, but also to quadratic fields, primes, and class numbers. Furthermore, the modular form used in Monstrous Moonshine is “weight 0”, meaning that k = 0 in the definition of a modular form given in Part II. That ties this modular form very closely to elliptic curves.

Figure 3. Connections between the sporadic groups. Lines indicate that the lower group is a subgroup or a quotient of a subgroup of the upper group. “M” is the Monster group and “O’N” is the O’Nan group; the groups connected below the Monster group are the rest of the Happy Family. (By Wikimedia Commons User Drschawrz.)

The modular form in O’Nan Moonshine is “weight 3/2”. Weight 3/2 modular forms are less closely tied to elliptic curves, but are tied to yet more ideas in mathematical physics, like higher-dimensional generalizations of strings called “branes” and functions that might count the number of states that a black hole can be in. That still leaves four more pariah groups, and the smart money predicts that Moonshine connections will be found for them, too. But will they come from weight 0 modular forms, weight 3/2 modular forms, or yet another type of modular form with yet more connections? Stay tuned! Maybe someday soon there will be a Part IV.

Joshua Holden is professor of mathematics at the Rose-Hulman Institute of Technology. He is the author of The Mathematics of Secrets: Cryptography from Caesar Ciphers to Digital Encryption.

## Craig Bauer on unsolved ciphers

In 1953, a man was found dead from cyanide poisoning near the Philadelphia airport with a picture of a Nazi aircraft in his wallet. Taped to his abdomen was an enciphered message. In 1912, a book dealer named Wilfrid Voynich came into possession of an illuminated cipher manuscript once belonging to Emperor Rudolf II, who was obsessed with alchemy and the occult. Wartime codebreakers tried—and failed—to unlock the book’s secrets, and it remains an enigma to this day. In Unsolved, Craig Bauer examines these and other vexing ciphers yet to be cracked. Recently he took the time to answer some questions about his new book.

Why focus on unsolved ciphers?

They’re much more intriguing because they could be concealing anything. Some might reveal the identities of serial killers. Others could unmask spies, rewrite history, expose secret societies, or even give the location of buried treasure worth millions. This sense of mystery is very appealing to me.

Did you try to solve the ciphers yourself first?

There are so many unsolved ciphers that I realized I would never finish writing about them if I kept stopping to try to solve them. There’s one that I’m confident I could solve, but instead of doing so, I simply presented the approach I think will work and am leaving it for a reader to pursue. I expect that several of them will be solved by readers and I look forward to seeing their results!

Does someone who wants to attack these mysteries need to know a lot of mathematics or have computer programming skills?

No. Many of the ciphers were created by people with very little knowledge in either area. Also, past solvers of important ciphers have included amateurs. One of the Zodiac killer’s ciphers was solved by a high school history teacher. Some of the ciphers might be solved in a manner that completely bypasses mathematics. A reader may find a solution through papers the cipher’s creator left behind, perhaps in some library’s archives, in government storage, or in a relative’s possession. I think some may be solved by pursuing a paper trail or some other non-mathematical avenue. Of course, there are mathematical challenges as well, for those who have the skills to take them on. The puzzles span thousands of years, from ancient Egypt to today’s online community. Twentieth century challenges come from people as diverse as Richard Feynman (a world-class physicist) and Ricky McCormick (thought to have been illiterate).

Are all of the unsolved ciphers covered in the book?

No, far from it. There are enough unsolved ciphers to fill many volumes. I limited myself to only the most interesting examples, and still there were too many! I originally set out to write a book about half the size of what was ultimately published. The problem was that there was so much fascinating material that I had to go to 600 pages or experience the agony of omitting something fabulous. Also, unsolved ciphers from various eras are constantly coming to light, and new ones are created every year. I will likely return to the topic with a sequel covering the best of these.

I’m the most excited about the Paul Rubin case. It involves a cipher found taped to the abdomen of a teenage whiz-kid who was found dead in a ditch by the Philadelphia airport, way back in 1953. While I like well-known unsolved ciphers like the Voynich Manuscript and Kryptos, I have higher hopes for this one being solved because it hasn’t attracted any attention since the 1950s. The codebreakers have made a lot of progress since then, so it’s time to take another look and see what can be learned about this young man’s death. I felt it was very important to include cases that will be new even to those who have read a great deal about cryptology already and this is one such case.

Should the potential reader have some prior knowledge of the subject?

If he or she does, there will still be much that is new, but for those with no previous exposure to cryptology, everything is explained from the ground up. As a teenager I loved books at the popular level on a wide range of topics. In particular, the nonfiction of Isaac Asimov instilled in me a love for many subjects. He always started at the beginning, assuming his readers were smart, but new to the topic he was covering. This is the approach that I have taken. I hope that the book finds a wide readership among the young and inspires them in the same way Asimov inspired me.

Is there anything that especially qualifies you to write on this topic?

Early work on this book was supported by the National Security Agency through their Scholar-in-Residence program at the Center for Cryptologic History. They wanted me in this role because, while I have a PhD in mathematics and have carried out mathematical research in cryptology, I also have a passion for history and other disciplines. In fact, both of my books have the word “history” in their titles. The journal Cryptologia, for which I serve as the editor-in-chief, is devoted to all aspects of cryptology, mathematical, historical, pedagogical, etc. My love of diverse fields allows me to write with enthusiasm about ciphers in music, art, criminal cases, ancient history, and other areas. The broad approach to the subject is more entertaining and ensures that there’s something in the book for nearly every reader.

Craig Bauer is professor of mathematics at York College of Pennsylvania. He is editor in chief of the journal Cryptologia, has served as a scholar in residence at the NSA’s Center for Cryptologic History, and is the author of Unsolved! The History and Mystery of the World’s Greatest Ciphers from Ancient Egypt to Online Secret Societies. He lives in York, Pennsylvania.

## Craig Bauer: The Ongoing Mystery of Unsolved Ciphers (and new hope)

When a civilization first develops writing and few people are literate, simply putting a message down on paper can be all that is required to keep an enemy from understanding it. As literacy spreads, a more sophisticated method is needed, which is why codes and ciphers, a.k.a. “secret writing,” always follow closely on the heels of the discovery of writing. Over the millennia, ciphers have become extremely sophisticated, but so too have the techniques used by those attempting to break them.

In recent decades, everyone from mathematicians and computer scientists to artists and authors have created ciphers as challenges to specialists or the general public, to see if anyone is clever enough to unravel the secrets. Some, like the first three parts of James Sanborn’s sculpture Kryptos and the ciphers appearing in the television show Gravity Falls, have been solved, while others remain mysteries. The highly secretive online society known as Cicada 3301 has repeatedly issued such challenges as a means of talent scouting, though for what purpose such talented individuals are sought remains unknown. One unsolved cipher was laid down as a challenge by former British army intelligence officer Alexander d’Agapeyeff in his book Codes & Ciphers (1939). Sadly, when frustrated letters of enquiry reached the author, he admitted that he had forgotten how to solve it! Another was made by the famous composer Edward Elgar in 1897 as a riddle for a young lady friend of his. She, along with various experts, all failed to ferret out the meaning and Elgar himself refused to reveal it.

Elgar’s cipher

Many unsolved ciphers appear in much more serious contexts. The serial killer who referred to himself as “The Zodiac” was responsible for at least five murders, as well as the creation of several ciphers sent to San Francisco newspapers. While the first of these ciphers was solved, others remain unbroken. Could a solution to one of these lead to an identification of the killer? Although many have speculated on his identity, it has never been firmly established. The Zodiac is not the only murderer to have left us such mysterious communiques, he is just the best known. Other killers’ secrets have persisted through relative obscurity. How many readers have heard of Henry Debsonys? In 1883, a jury sentenced him to death for the murder of his wife, after deliberating for only nine minutes. But this unfortunate woman was Henry’s third wife and the first two died under strange circumstances. Had Henry killed all of them? Will the ciphers he left behind confirm this? I think his ciphers will be among the first to fall this year, thanks to a major clue I provide in my book, Unsolved: The History and Mystery of the World’s Greatest Ciphers from Ancient Egypt to Online Secret Societies. There are many more such criminal ciphers. One deranged individual even sent threatening letters containing ciphers to John Walsh of America’s Most Wanted fame! The FBI’s codebreakers maintain a list of their top unsolved ciphers. At present, only two of these are known to the public, but many others that didn’t make the top 10 are available for anyone to try to crack.

How do codebreakers, whether amateur or professional, meet the challenges they face? Statistics and other areas of mathematics often help, as do computers, but two of the codebreakers’ most powerful tools are context and intuition. This is why ciphers have often been broken by amateurs with no programming skills and little knowledge of mathematics. Enter Donald Harden, a high school history teacher, who with assistance from his wife Bettye, broke one of the Zodiac killer’s ciphers by guessing that the egotistical killer’s message would begin with “I” and contain the word “KILL.” Context allows the attacker to guess words, sometimes entire phrases, that might appear in the message. These are known as cribs. During World War II, the German word eins (meaning one) appeared in so many Nazi messages that a process known as “einsing” was developed, searching the cipher for the appearance of this word in every possible position. In today’s ciphers, the word President appears frequently.

Of course, time and again cribs and intuition can lead in the wrong direction. Indeed, the single most important attribute for a codebreaker is patience. A good codebreaker will have the ability to work on a cipher for months, for that is sometimes what it takes to reach a solution, ignoring the body’s normal demands for food and sleep; during World War I, the French codebreaker Georges Painvin lost 33 pounds over three months while sitting at a desk breaking the German ADFGX and ADFGVX ciphers.

Is it possible that some of the earliest known ciphers, dating from the ancient world, have survived unread by anyone other than those they were created for? I believe this is the case and that they’ve been hiding in plain sight, like the purloined letter in Poe’s classic tale. Those studying ancient cultures have long been aware of so-called “nonsense inscriptions.” These appear on Egyptian sarcophagi, Greek vases, runestones, and elsewhere. They are typically dismissed as the work of illiterates imitating writing, merely because the experts cannot read them. But all of these cultures are known to have made use of ciphers and some of the contexts of the inscriptions are so solemn (e.g. sarcophagi) that it’s hard to believe they could be meaningless. I’d like to see a closer examination of these important objects. I expect some of the messages will be read in the near future, if cryptologists can form collaborations with linguists. These two groups have worked together successfully in military contexts for many decades. It is time that they also join forces for historical studies.

With a very large number of unsolved ciphers, spanning millennia, having been composed by a diverse group of individuals, it seems likely that it will take a diverse group of attackers, with skills ranging over many disciplines, to solve them. Some mysterious texts may reveal themselves to clever computer programmers or linguists, others to those taking the psychological approach, getting into the creator’s head and guessing phrases he or she used in the cipher, and some may be broken by readers who manage to discover related material in government archives or private hands that provides just enough extra information to make the break. I look forward to seeing the results!

Craig P. Bauer is professor of mathematics at York College of Pennsylvania. He is editor in chief of the journal Cryptologia, has served as a scholar in residence at the NSA’s Center for Cryptologic History, and is the author of Unsolved!: The History and Mystery of the World’s Greatest Ciphers from Ancient Egypt to Online Secret Societies. He lives in York, Pennsylvania.

## Joshua Holden: Quantum cryptography is unbreakable. So is human ingenuity

Two basic types of encryption schemes are used on the internet today. One, known as symmetric-key cryptography, follows the same pattern that people have been using to send secret messages for thousands of years. If Alice wants to send Bob a secret message, they start by getting together somewhere they can’t be overheard and agree on a secret key; later, when they are separated, they can use this key to send messages that Eve the eavesdropper can’t understand even if she overhears them. This is the sort of encryption used when you set up an online account with your neighbourhood bank; you and your bank already know private information about each other, and use that information to set up a secret password to protect your messages.

The second scheme is called public-key cryptography, and it was invented only in the 1970s. As the name suggests, these are systems where Alice and Bob agree on their key, or part of it, by exchanging only public information. This is incredibly useful in modern electronic commerce: if you want to send your credit card number safely over the internet to Amazon, for instance, you don’t want to have to drive to their headquarters to have a secret meeting first. Public-key systems rely on the fact that some mathematical processes seem to be easy to do, but difficult to undo. For example, for Alice to take two large whole numbers and multiply them is relatively easy; for Eve to take the result and recover the original numbers seems much harder.

Public-key cryptography was invented by researchers at the Government Communications Headquarters (GCHQ) – the British equivalent (more or less) of the US National Security Agency (NSA) – who wanted to protect communications between a large number of people in a security organisation. Their work was classified, and the British government neither used it nor allowed it to be released to the public. The idea of electronic commerce apparently never occurred to them. A few years later, academic researchers at Stanford and MIT rediscovered public-key systems. This time they were thinking about the benefits that widespread cryptography could bring to everyday people, not least the ability to do business over computers.

Now cryptographers think that a new kind of computer based on quantum physics could make public-key cryptography insecure. Bits in a normal computer are either 0 or 1. Quantum physics allows bits to be in a superposition of 0 and 1, in the same way that Schrödinger’s cat can be in a superposition of alive and dead states. This sometimes lets quantum computers explore possibilities more quickly than normal computers. While no one has yet built a quantum computer capable of solving problems of nontrivial size (unless they kept it secret), over the past 20 years, researchers have started figuring out how to write programs for such computers and predict that, once built, quantum computers will quickly solve ‘hidden subgroup problems’. Since all public-key systems currently rely on variations of these problems, they could, in theory, be broken by a quantum computer.

Cryptographers aren’t just giving up, however. They’re exploring replacements for the current systems, in two principal ways. One deploys quantum-resistant ciphers, which are ways to encrypt messages using current computers but without involving hidden subgroup problems. Thus they seem to be safe against code-breakers using quantum computers. The other idea is to make truly quantum ciphers. These would ‘fight quantum with quantum’, using the same quantum physics that could allow us to build quantum computers to protect against quantum-computational attacks. Progress is being made in both areas, but both require more research, which is currently being done at universities and other institutions around the world.

Yet some government agencies still want to restrict or control research into cryptographic security. They argue that if everyone in the world has strong cryptography, then terrorists, kidnappers and child pornographers will be able to make plans that law enforcement and national security personnel can’t penetrate.

But that’s not really true. What is true is that pretty much anyone can get hold of software that, when used properly, is secure against any publicly known attacks. The key here is ‘when used properly’. In reality, hardly any system is always used properly. And when terrorists or criminals use a system incorrectly even once, that can allow an experienced codebreaker working for the government to read all the messages sent with that system. Law enforcement and national security personnel can put those messages together with information gathered in other ways – surveillance, confidential informants, analysis of metadata and transmission characteristics, etc – and still have a potent tool against wrongdoers.

In his essay ‘A Few Words on Secret Writing’ (1841), Edgar Allan Poe wrote: ‘[I]t may be roundly asserted that human ingenuity cannot concoct a cipher which human ingenuity cannot resolve.’ In theory, he has been proven wrong: when executed properly under the proper conditions, techniques such as quantum cryptography are secure against any possible attack by Eve. In real-life situations, however, Poe was undoubtedly right. Every time an ‘unbreakable’ system has been put into actual use, some sort of unexpected mischance eventually has given Eve an opportunity to break it. Conversely, whenever it has seemed that Eve has irretrievably gained the upper hand, Alice and Bob have found a clever way to get back in the game. I am convinced of one thing: if society does not give ‘human ingenuity’ as much room to flourish as we can manage, we will all be poorer for it.

Joshua Holden is professor of mathematics at the Rose-Hulman Institute of Technology and the author of The Mathematics of Secrets.

This article was originally published at Aeon and has been republished under Creative Commons.

## Keith Devlin: Fibonacci introduced modern arithmetic —then disappeared

More than a decade ago, Keith Devlin, a math expositor, set out to research the life and legacy of the medieval mathematician Leonardo of Pisa, popularly known as Fibonacci, whose book Liber abbaci has quite literally affected the lives of everyone alive today. Although he is most famous for the Fibonacci numbers—which, it so happens, he didn’t invent—Fibonacci’s greatest contribution was as an expositor of mathematical ideas at a level ordinary people could understand. In 1202, Liber abbaci—the “Book of Calculation”—introduced modern arithmetic to the Western world. Yet Fibonacci was long forgotten after his death. Finding Fibonacci is a compelling firsthand account of his ten-year quest to tell Fibonacci’s story. Devlin recently answered some questions about his new book for the PUP blog:

KD: This is my third book about the history of mathematics, which already makes it different from most of my books where the focus was on abstract concepts and ideas, not how they were discovered. What makes it truly unique is that it’s the first book I have written that I have been in! It is a first-person account, based on a diary I kept during a research project spread over a decade.

If you had to convey the book’s flavor in a few sentences, what would you say?

KD: Finding Fibonacci is a first-person account of a ten-year quest to uncover and tell the story of one of the most influential figures in human history. It started out as a diary, a simple record of events. It turned into a story when it became clear that it was far more than a record of dates, sources consulted, places visited, and facts checked. Like any good story, it has false starts and disappointments, tragedies and unexpected turns, more than a few hilarious episodes, and several lucky breaks. Along the way, I encountered some amazing individuals who, each for their own reasons, became fascinated by Fibonacci: a Yale professor who traced modern finance back to Fibonacci, an Italian historian who made the crucial archival discovery that brought together all the threads of Fibonacci’s astonishing story, an American math professor who fought against cancer to complete the world’s first (and only) modern language translation of Liber abbaci, and the widow who took over and brought his efforts to fruition after he lost that battle. And behind it all, the man who was the focus of my quest. Fibonacci played a major role in creating the modern commercial world. Yet he vanished from the pages of history for five hundred years, made “obsolete,” and in consequence all but forgotten forever, by a new technology.

What made you decide to write this book?

KD: There were really two key decisions that led to this book. One was deciding, back in the year 2000, to keep a diary of my experiences writing The Man of Numbers. My first history book was The Unfinished Game. For that, all I had to do was consult a number of reference works. It was not intended to be original research. Basic Books asked me to write a short, readable account of a single mathematical document that changed the course of human history, to form part of a series they were bringing out. I chose the letter Pierre De Fermat wrote to his colleague Blaise Pascal in 1654, which most experts agree established modern probability theory, in particular how it can be used to predict the future.

In The Man of Numbers, in contrast, I set out to tell a story that no one had told before; indeed, the consensus among the historians was that it could not be told—there simply was not enough information available. So writing that book would require engaging in a lot of original historical research. I had never done that. I would be stepping well outside my comfort zone. That was in part why I decided to keep a diary. The other reason for keeping a record was to ensure I had enough anecdotes to use when the time came to promote the book—assuming I was able to complete it, that is. (I had written enough popular mathematics books to appreciate the need for author promotional activities!)

The second decision, to turn my diary into a book (which only at the end found the title, Finding Fibonacci), came after The Man of Numbers was published in 2011. The ten-year process of researching and writing that book had turned out to be so rich, and so full of unexpected twists and turns, including several strokes of immense luck, that it was clear there was a good story to be told. What was not clear was whether I would be able to write such a book. All my other books are third-person accounts, where I am simply the messenger. In Finding Fibonacci, I would of necessity be a central character. Once again, I would be stepping outside my comfort zone. In particular, I would be laying out on the printed page, part of my inner self. It took five years and a lot of help from my agent Ted Weinstein and then my Princeton University Press editor Vickie Kearn to find the right voice and make it work.

Who do you expect will enjoy reading this book?

KD: I have a solid readership around the world. I am sure they will all read it. In particular, everyone who read The Man of Numbers will likely end up taking a look. Not least because, in addition to providing a window into the process of writing that earlier book, I also put in some details of that story that I did not fully appreciate until after the book had been published. But I hope, and in fact expect, that Finding Fibonacci will appeal to a whole new group of readers. Whereas the star of all my previous books was a discipline, mathematics, this is a book about people, for the most part people alive today. It’s a human story. It has a number of stars, all people, connected by having embarked on a quest to try to tell parts of the story of one of the most influential figures in human history: Leonardo of Pisa, popularly known as Fibonacci.

Now that the book is out, in one sentence if you can, how would you summarize writing it?

KD: Leaving my author’s comfort zone. Without a doubt. I’ve never been less certain how a book would be received.

Keith Devlin is a mathematician at Stanford University and cofounder and president of BrainQuake, an educational technology company that creates mathematics learning video games. His many books include The Unfinished Game: Pascal, Fermat, and the Seventeenth-Century Letter That Made the World Modern and The Man of Numbers: Fibonacci’s Arithmetic Revolution. He is the author of Finding Fibonacci: The Quest to Rediscover the Forgotten Mathematical Genius Who Changed the World.

## Cipher challenge #2 from Joshua Holden: Subliminal channels

The Mathematics of Secrets by Joshua Holden takes readers on a tour of the mathematics behind cryptography. Most books about cryptography are organized historically, or around how codes and ciphers have been used in government and military intelligence or bank transactions. Holden instead focuses on how mathematical principles underpin the ways that different codes and ciphers operate. Discussing the majority of ancient and modern ciphers currently known, The Mathematics of Secrets sheds light on both code making and code breaking. Over the next few weeks, we’ll be running a series of cipher challenges from Joshua Holden. The first was on Merkle’s puzzles. Today’s focuses on subliminal channels:

As I explain in Section 1.6 of The Mathematics of Secrets, in 1929 Lester Hill invented the first general method for encrypting messages using a set of multiple equations in multiple unknowns.  A less general version, however, had already appeared in 1926, submitted by an 18-year-old to a cryptography column in a detective magazine.  This was Jack Levine, who would later become a prolific researcher in several areas of mathematics, including cryptography.

Levine’s system was billed as a way of encrypting two different messages at the same time.  Maybe one of them was the real message and the other was a dummy message–if the message was intercepted, the interceptor could be thrown off the scent by showing them the dummy message.  This sort of system is now known as a subliminal channel.

The system starts with numbering the letters of the alphabet in two different ways:

```   a  b  c  d  e  f  g  h  i  j  k  l  m
27 28 29 30 31 32 33 34 35 36 37 38 39
1  2  3  4  5  6  7  8  9 10 11 12 13

n  o  p  q  r  s  t  u  v  w  x  y  z
40 41 42 43 44 45 46 47 48 49 50 51 52
14 15 16 17 18 19 20 21 22 23 24 25 26```

Suppose the first plaintext, or unencrypted message, is “tuesday” and the second plaintext is “tonight.”  We use the first set of numbers for the first plaintext:

```   t  u  e  s  d  a  y
46 47 31 45 30 27 51```

and the second set for the second plaintext:

```   t  o  n  i  g  h  t
20 15 14  9  7  8 20```

The encrypted message, or ciphertext, is made up of pairs of numbers.  The first number in each pair is half the sum of the two message numbers, and the second number is half the difference:

```    t       u        e       s       d       a        y
46      47       31      45      30      27       51

t       o        n       i       g       h        t
20      15       14       9       7       8       20

33,13    31,16  22½,8½   27,18 18½,11½  17½,9½  35½,15½```

To decrypt the first message, just take the sum of the two numbers in the pair, and to decrypt the second message just take the difference.  This works because if P1 is the first plaintext number and P2 is the second, then the first ciphertext number is

and the second is

Then the plaintext can be recovered from the ciphertext using

and

This system is not as secure as Hill’s because it gives away too much information.  For starters, the existence and nature of the fractions is a clue to the encryption process.  (The editor of the cryptography column suggested doubling the numbers to avoid the fractions, but then the pattern of odd and even numbers would still give information away.)  Also, the first number in each pair is always between 14 and 39 and is always larger than the second number, which is always between ½ and 25 ½.  This suggests that subtraction might be relevant, and the fact that there are twice as many numbers as letters might make a codebreaker suspect the existence of a second message and a second process.  Hill’s system solves some of these issues, but the problem of information leakage continues to be relevant with modern-day ciphers.

With those hints in mind, can you break the cipher used in the following message?

```11 3/5, 15 4/5   10 4/5,  9 2/5   17,     11        14 1/5, 16 3/5
9 4/5,  7 2/5   12 3/5,  7 4/5    9 2/5, 12  1/5   13 1/5, 13 3/5
18,     11       12 2/5, 14 1/5    8 4/5, 10  2/5   12 1/5,  6 3/5
15 4/5, 12 2/5   13 3/5, 13 4/5   12,     16        11 2/5,  8 1/5
9 1/5, 16 3/5   14,     17       16 3/5, 12  4/5    9 4/5, 14 2/5
12 1/5,  6 3/5   11 3/5, 15 4/5   10,     11        11 4/5,  6 2/5
10 2/5, 14 1/5   17 2/5, 12 1/5   14 3/5,  9  4/5```

Once you have the two plaintexts, can you deduce the process used to encrypt them?

Answer to Cipher Challenge #1: Merkle’s Puzzles

The hole in the version of Merkle’s puzzles is that the shift we used for encrypting is vulnerable to a known-plaintext attack. That means that if Eve knows the ciphertext and part of the plaintext, she can get the rest of the plaintext. In Cipher Challenge #1, she knew that the word “ten” is part of the plaintext. So she shifts it until she finds a ciphertext that matches one of the puzzles:

```ten
UFO
VGP
```

“Aha!” says Eve. “The first puzzle starts with VGP, so it must decrypt to ten!” Then she decrypts the rest of the puzzle:

```VGPVY QUGXG PVYGP VAQPG UKZVG GPUGX GPVGG PBTPU XSNHT JZFEB
whqwz rvhyh qwzhq wbrqh vlawh hqvhy hqwhh qcuqv ytoiu kagfc
xirxa swizi rxair xcsri wmbxi irwiz irxii rdvrw zupjv lbhgd
yjsyb txjaj sybjs ydtsj xncyj jsxja jsyjj sewsx avqkw mcihe
⋮
qbkqt lpbsb kqtbk qvlkb pfuqb bkpbs bkqbb kwokp snico euazw
rclru mqctc lrucl rwmlc qgvrc clqct clrcc lxplq tojdp fvbax
sdmsv nrdud msvdm sxnmd rhwsd dmrdu dmsdd myqmr upkeq gwcby
tentw oseve ntwen tyone sixte ensev entee nzrns vqlfr hxdcz
```

So the secret key is 2, 7, 21, 16.

The hole can be fixed by using a cipher that is less vulnerable to known-plaintext attacks. Sections 4.4 and 4.5 of The Mathematics of Secrets give examples of ciphers that would be more secure.

## Joshua Holden: The secrets behind secret messages

“Cryptography is all about secrets, and throughout most of its history the whole field has been shrouded in secrecy.  The result has been that just knowing about cryptography seems dangerous and even mystical.”

In The Mathematics of Secrets: Cryptography from Caesar Ciphers to Digital EncryptionJoshua Holden provides the mathematical principles behind ancient and modern cryptic codes and ciphers. Using famous ciphers such as the Caesar Cipher, Holden reveals the key mathematical idea behind each, revealing how such ciphers are made, and how they are broken.  Holden recently took the time to answer questions about his book and cryptography.

There are lots of interesting things related to secret messages to talk abouthistory, sociology, politics, military studies, technology. Why should people be interested in the mathematics of cryptography?

JH: Modern cryptography is a science, and like all modern science it relies on mathematics.  If you want to really understand what modern cryptography can and can’t do you need to know something about that mathematical foundation. Otherwise you’re just taking someone’s word for whether messages are secure, and because of all those sociological and political factors that might not be a wise thing to do. Besides that, I think the particular kinds of mathematics used in cryptography are really pretty.

What kinds of mathematics are used in modern cryptography? Do you have to have a Ph.D. in mathematics to understand it?

JH: I once taught a class on cryptography in which I said that the prerequisite was high school algebra.  Probably I should have said that the prerequisite was high school algebra and a willingness to think hard about it.  Most (but not all) of the mathematics is of the sort often called “discrete.”  That means it deals with things you can count, like whole numbers and squares in a grid, and not with things like irrational numbers and curves in a plane.  There’s also a fair amount of statistics, especially in the codebreaking aspects of cryptography.  All of the mathematics in this book is accessible to college undergraduates and most of it is understandable by moderately advanced high school students who are willing to put in some time with it.

What is one myth about cryptography that you would like to address?

JH: Cryptography is all about secrets, and throughout most of its history the whole field has been shrouded in secrecy.  The result has been that just knowing about cryptography seems dangerous and even mystical. In the Renaissance it was associated with black magic and a famous book on cryptography was banned by the Catholic Church. At the same time, the Church was using cryptography to keep its own messages secret while revealing as little about its techniques as possible. Through most of history, in fact, cryptography was used largely by militaries and governments who felt that their methods should be hidden from the world at large. That began to be challenged in the 19th century when Auguste Kerckhoffs declared that a good cryptographic system should be secure with only the bare minimum of information kept secret.

Nowadays we can relate this idea to the open-source software movement. When more people are allowed to hunt for “bugs” (that is, security failures) the quality of the overall system is likely to go up. Even governments are beginning to get on board with some of the systems they use, although most still keep their highest-level systems tightly classified. Some professional cryptographers still claim that the public can’t possibly understand enough modern cryptography to be useful. Instead of keeping their writings secret they deliberately make it hard for anyone outside the field to understand them. It’s true that a deep understanding of the field takes years of study, but I don’t believe that people should be discouraged from trying to understand the basics.

I invented a secret code once that none of my friends could break. Is it worth any money?

JH: Like many sorts of inventing, coming up with a cryptographic system looks easy at first.  Unlike most inventions, however, it’s not always obvious if a secret code doesn’t “work.” It’s easy to get into the mindset that there’s only one way to break a system so all you have to do is test that way.  Professional codebreakers know that on the contrary, there are no rules for what’s allowed in breaking codes. Often the methods for codebreaking with are totally unsuspected by the codemakers. My favorite involves putting a chip card, such as a credit card with a microchip, into a microwave oven and turning it on. Looking at the output of the card when bombarded
by radiation could reveal information about the encrypted information on the card!

That being said, many cryptographic systems throughout history have indeed been invented by amateurs, and many systems invented by professionals turned out to be insecure, sometimes laughably so. The moral is, don’t rely on your own judgment, anymore than you should in medical or legal matters. Get a second opinion from a professional you trustyour local university is a good place to start.

A lot of news reports lately are saying that new kinds of computers are about to break all of the cryptography used on the Internet. Other reports say that criminals and terrorists using unbreakable cryptography are about to take over the Internet. Are we in big trouble?

JH: Probably not. As you might expect, both of these claims have an element of truth to them, and both of them are frequently blown way out of proportion. A lot of experts do expect that a new type of computer that uses quantum mechanics will “soon” become a reality, although there is some disagreement about what “soon” means. In August 2015 the U.S. National Security Agency announced that it was planning to introduce a new list of cryptography methods that would resist quantum computers but it has not announced a timetable for the introduction. Government agencies are concerned about protecting data that might have to remain secure for decades into the future, so the NSA is trying to prepare now for computers that could still be 10 or 20 years into the future.

In the meantime, should we worry about bad guys with unbreakable cryptography? It’s true that pretty much anyone in the world can now get a hold of software that, when used properly, is secure against any publicly known attacks. The key here is “when used properly. In addition to the things I mentioned above, professional codebreakers know that hardly any system is always used properly. And when a system is used improperly even once, that can give an experienced codebreaker the information they need to read all the messages sent with that system.  Law enforcement and national security personnel can put that together with information gathered in other waysurveillance, confidential informants, analysis of metadata and transmission characteristics, etc.and still have a potent tool against wrongdoers.

There are a lot of difficult political questions about whether we should try to restrict the availability of strong encryption. On the flip side, there are questions about how much information law enforcement and security agencies should be able to gather. My book doesn’t directly address those questions, but I hope that it gives readers the tools to understand the capabilities of codemakers and codebreakers. Without that you really do the best job of answering those political questions.

Joshua Holden is professor of mathematics at the Rose-Hulman Institute of Technology in Terre Haute, IN. His most recent book is The Mathematics of Secrets: Cryptography from Caesar Ciphers to Digital Encryption.