Introduction ------------------------------------------------------------------------------- The Wassenaar Arrangement (covering the international military and dual-use goods export controls) lets vendors market and deploy any kind of encryption - providing it's either (a) disclosed to national authorities, (b) open-source, or (c) sold in publicly available commercial products, and... not requiring "vendor maintenance" nor "enduser personalization" capabilities. Despite qualifying, the TWD crypto-system used below is immune to brute-force attacks since all the possible solutions are mathematically equally plausible. As a result, there is no way for someone able to brute-force the keyspace to tell which solution, among all those that are not garbage, is the plaintext searched for. Therefore, keeping TWD's algorithm secret or personalizing it does not make it safer (as "better than cryptographically-unbreakable" is meaningless attackers having access to it will not gain any advantage as compared to attackers not knowing the algorithm). TWD's algorithm will also never become obsolete. The challenge ------------------------------------------------------------------------------- You are invited to break the TWD crypto-system with a 99.99% plaintext-attack, the easiest way to attack encryption. In contrast, today's clunky standards are broken in real-time with a few bytes of ciphertext (thanks to their ciphertext domain-specific algebraic structures). The plaintext is "The Art of War" from Sun Tzu (544 BC) as a 60,212-byte text file (in US-ASCII encoding). Before encrypting the plaintext, a secret English-text paragraph has been added at a random position. To demonstrate that this crypto-system has been broken, one must find and report the secret paragraph and its position in a plaintext resulting from a successful cryptographic attack. Since 2007, intelligence agencies' failure to do so demonstrates that TWD's "unconditionally secure" cryptosystem cannot be attacked because it does not artificially reduce its key-space nor it exposes meaningful statistical bias. As a result, these 99.99% known-plaintext attacks have all been unsuccessful. In contrast, two AES blocks are enough to break AES-256 ciphertexts because only one key/plaintext will match the ciphertext's statistical bias. The rules ------------------------------------------------------------------------------- 1) download the plaintext and the ciphertext; 2) find the secret paragraph hidden in the ciphertext; 3) send us the secret paragraph and its plaintext position, and explain how you found it (only successful cryptographic attacks will qualify - robbery won't). The proof (helping to close a licensing deal) ------------------------------------------------------------------------------- This ciphertext can be decrypted into the plaintext with the TWD crypto-system alone: the same crypto-system can process any other plaintext, whatever the contents and their length. Also the machines that encrypt and decrypt can be distinct and unconnected. Your solution ------------------------------------------------------------------------------- Please send your solution (secret paragraph, position, attack details) by email to contact@trustleap.com. Solutions sent via other means will be ignored. ---[End of page; first version: Feb. 25th 2007; last edited: July 2nd 2018]----