The Encrypted Notes of Antonio Marzi

Presented at The Circle Of HOPE (2018), July 21, 2018, 9 p.m. (60 minutes).

Antonio Marzi died in 2007, leaving behind dozens of encrypted notes and a partial key. During World War II, he chose to work with the British Special Operations Executive and was parachuted into Italian territory under German occupation. There he transmitted detailed military-related dispatches in encrypted form. This was not modern cryptography, nor Enigma, but the kind that was doable on the field with pen and paper. Specifically, they used poem codes, as "Between Silk and Cyanide" tells us: a double columnar transposition cipher that scrambles the order of the letters. Marzi sent the notes to an Italian professor and there they stayed undeciphered until 2013. Anna and Filippo obtained copies of the notes and exploited one of the mortal sins of cryptography, key reuse, to reconstruct the key. (Armin Krauss independently decrypted the notes in the same year.) A number of them were indecipherable due to encryption mistakes made in the field. During the war, entire departments hacked away at these ciphertexts, but today computers make easy work of them. This talk will explore how they went from recognizing the code, to reconstructing the key (partially thanks to little handwritten dots), to the contents of the notes.


Presenters:

  • Anna Bernardi
    **Anna Bernardi** is a security engineer interested in Golang and cryptography. She is now based in San Francisco, where she helps Stripe’s security team protect their data. She has a past in penetration testing, and a present in engineering.
  • Filippo Valsorda
    **Filippo Valsorda** (@FiloSottile) is a cryptography engineer, building and breaking systems in Go. He works at Google on the Go Open-Source Project, where he owns the Go cryptography standard libraries. Previously at Cloudflare, he developed its experimental TLS 1.3 stack and kicked DNSSEC until it became something deployable. Nevertheless, he’s probably best known for making popular online vulnerability tests, including the original Heartbleed test.

Links:

Similar Presentations: