Steven M. Bellovin. Mysterious checks from Mauborgne to Fabyan. Cryptologia, 2017. To appear. [ bib ]

It has long been known that George Fabyan's Riverbank Laboratories provided the U.S. military with cryptanalytic and training services during World War I. The relationship has always be seen as voluntary. Newly discovered evidence raises the question of whether Fabyan was in fact paid, at least in part, for his services, but available records do not provide a definitive answer.

Steven M. Bellovin. Further information on Miller's 1882 one-time pad. Cryptologia, 2017. To appear. [ bib ]

New information has been discovered about Frank Miller's 1882 one-time pad. These documents explain Miller's threat model and show that he had a reasonably deep understanding of the problem; they also suggest that his scheme was used more than had been supposed.

Steven M. Bellovin. Vernam, Mauborgne, and Friedman: The one-time pad and the index of coincidence. In Peter Y. A. Ryan, David Naccache, and Jean-Jacques Quisquater, editors, The New Codebreakers: Essays Dedicated to David Kahn on the Occasion of His 85th Birthday. Springer, 2016. [ bib | DOI ]

The conventional narrative for the invention of the AT&T one-time pad was related by David Kahn. Based on the evidence available in the AT&T patent files and from interviews and correspondence, he concluded that Gilbert Vernam came up with the need for randomness, while Joseph Mauborgne realized the need for a non-repeating key. Examination of other documents suggests a different narrative. It is most likely that Vernam came up with the need for non-repetition; Mauborgne, though, apparently contributed materially to the invention of the two-tape variant. Furthermore, there is reason to suspect that he suggested the need for randomness to Vernam. However, neither Mauborgne, Herbert Yardley, nor anyone at AT&T really understood the security advantages of the true one-time tape. Col. Parker Hitt may have; William Friedman definitely did. Finally, we show that Friedman's attacks on the two-tape variant likely led to his invention of the index of coincidence, arguably the single most important publication in the history of cryptanalysis.

Steven M. Bellovin. By any means possible: How intelligence agencies have gotten their data. IEEE Security & Privacy, 12(4), July--August 2014. [ bib | .pdf ]

Amidst the many public discussions springing from the Edward Snowden documents, one has been about the perceived change in the NSA's practices: they're now hacking computers instead of tapping wires and listening to radio signals. Looked at narrowly---that is, in terms of only NSA's mission---that may be true. Looked at more broadly, in terms of how intelligence agencies have always behaved, this is no surprise at all. They've long used only two criteria when evaluating a proposed tactic: does it work, and at what cost?

Steven M. Bellovin. Frank Miller: Inventor of the one-time pad. Cryptologia, 35(3):203--222, July 2011. An earlier version is available as technical report CUCS-009-11. [ bib | http ]

The invention of the one-time pad is generally credited to Gilbert S. Vernam and Joseph O. Mauborgne. We show that it was invented about 35 years earlier by a Sacramento banker named Frank Miller. We provide a tentative identification of which Frank Miller it was, and speculate on whether or not Mauborgne might have known of Miller's work, especially via his colleague Parker Hitt.