Here in the UK, it all started with a story in 27th August 2015’s Daily Telegraph:-

Didac Sánchez, a 22-year-old Spanish IT entrepreneur, says he has deciphered Second World War message following a three-year effort at a cost of €1.5 million (£1.1m) – but won’t reveal its message.

Didac Sanchez

Sánchez claims he told GCHQ of the message’s contents: but GCHQ (of course) denies all knowledge of it.

Now, I have to admit that this is quite a different angle from the media’s usual cipher mystery-related tosh. But what’s in it for Sánchez? Ah, the Telegraph went on to say:

He [Sánchez] now plans to market new security software based on the code, a system he has christened 4YEO (For Your Eyes Only) and which will allow any text, document, WhatsApp, Messenger, SMS or Skype conversation to be encrypted, as well as telephone calls.

And A Didac Sánchez Cryptogram Too…

And – mirabile dictu – Sánchez’s clever people have posted up a challenge cryptogram supposedly generated using 4YEO’s software, offering a bounty of 25,000 euros to the first person who can crack its “indecipherable” secrets before, errrm, 31st December 2015:

GDNFP IUALI ZOANN EEING DUORL IELTE ROMSO EVCIS AIFON NBNTN IEPSR LAAAT JELAE IMIRN RSNEP IADIA NIATD DPVRO RURLU UAELP RLASR AAOSQ PDSOY EMINL RIDLN NSIEA AEULA AFSTO DIIUF RRRCG EEZIS BAXTI MMORI ORANO FHDER DCNNT NRADA ETAER CDNIO EEAIO EROMT TUDVI AOCDS RHSEU RLALQ CCOCC MIEON NRNIT TOESF OAAMN ANTAO OICEJ TOSBD DEPIR OIANE AOZUE ECCCN IAEIS REECI IRNUR IATCE FSEUC EIENC ROASP COPSU LNUTI VOUES RACCR SYNCA MROIU TLJOB UVSOO JIRLE SSETU TNNOT ASRNE IOBCU NALEU OMEER GINOU AAETL STHER ONLAR ROTIE LENDR AEEYO TRSBR TDRTE HETRR ICUEL TRDCE ASNND TUCOD MDUJA OESPL RESEG OMOCL TAMTI IEGLM AAERR RRSEN SIBAI EICDL RILCE LOXES ELUEO CTANP TNRYU XGGTA NSTIO DSADC CDEER EODNA SAALS CCZEE EENRE LAOOR VASHA SLEAJ CAITE HRTER ELNIA GNTEL DSAAN EOFTD NURAD OSACE MDICR IOACT NEERO OATCA IRPAO NISMD SVECT NLYLT TETNS HSACL NETNL PGIEU EEEDL DCTSR PÑMDM ATUED OOSTS YERCD TRCAO ANAIE EPSNR ZMMCI RIDIL RIAGD IOMRI SAEAN VOLEE TBEOR OEEEA SEOEA EERAO OLSLM EAERO ZUHVU ALEEM EONIA AOEEZ CEEON NNESO ANBMI DLFDP LEIIS LQCMT UROIT SRAON EICLL IQCNL LIOIT RFAAN NDMTL ECESN OCOIL STOPA OACIS SAVCN ALARE EAIEC OSBNE OOHPS TSGLO LELDP MNGCM ORNUV LCLJG IINAM AOCAS TSOIL NNELA ONTEE OAAOU LIADO VNSEL RSQAM AOMOS CLVND IUREN TTEEA IIREE FOONN OORAP IYAAT ESLAI INPSO EVARO ARONE OÑNNA IGOSI ZPENA UIAAO LUEOA OERDH SVRTO MEOUI GADLR SDNIR BOESS NDTEA PEMFI LEAUI UEEOD OSSEO RLRDI ILBEU OOLTC NDTAE OSCMO OTASR SYDNO EMLMA EAEIR MIAAA IRUOR LESSC ROULE TARAN ASNÑT UNUDS EOTHC EBEGI OEDTG LOPAL LADAB DLISI SEDOE SRGDO OTODT AROAM CLCBE FDAEA HIAAI LARAE BIBEV AAMNO AIAAE POARO IIEEA EYSAF EEIEP RAGTE ANNOS OPLEA ACEDS IIIDA INZEA INNNC YYAEB EEEPI CENCU TNOSD URJIO LDESA LIITN ODIAI MEORE AEMUP EOCLE EOCAC AOC GDNFP

Things to note about this Sánchez challenge cryptogram:
* There are three 5-letter repeats (OTASR, RLESS, GDNFP), which I think would imply that this is not a simple substitution cipher.
* From the presence of “Ñ”, it seems that the plaintext is probably Spanish or Catalan [Catalan does not have a Ñ letter].
* The most common letters are EAOINRSLTC, whereas the most common letters for Spanish are EAOSNRILDT, and the most common letters for Catalan are EASRLTINOUM.
* Hence it seems that, completely unlike the WW2 pigeon cipher, this is nothing more than a path transposition cipher of a Spanish plaintext.
* The length (in characters) is 1428, which factorises as 2 x 2 x 3 x 7 x 17. [But see the update below!]
* Hence this might feasibly be formed from four sequential transposed blocks of 17 x 21 (or of 21 x 17) characters. [But see the update below!]
* Given that no algorithm is specified, it seems that the cryptogram maker is inexperienced in cryptography and hoping for “security by obscurity”.

Naturally, my normal 15% crypto-consultancy rate applies if you manage to crack it from this. 😉

What Does Nick Think?

What do I make of all this? Well, from all this I hear the clear guiding voice of someone who appears to know almost nothing about how encryption technology works in the real world of heterogenous networks and protocols: there could be no single ‘silver bullet’ that could satisfy the technological needs of encryption in all these areas simultaneously.

So all I can honestly see here is a fake from start to finish, a homegrown transposition cipher cobbled together by someone who has perhaps seen the Feynman Challenge Ciphers (but little else besides), and designed to hype some vapourware (i.e. software which hasn’t yet been written). Do I honestly believe that Sánchez’s allegedly crack team of, errm, code crackers ever existed, never mind cracked ‘our’ WW2 pigeon cipher? No, sorry, I don’t. I really don’t.

So unless anyone has proof otherwise, I call this entire story as a Big Fat Modern Bluff, someone trying to appropriate a real-life cipher mystery to promote some crypto-security vapourware that hasn’t even been written. Would I entrust my data to any company who thinks this is in any way “indecipherable”? No, I would not, sorry.

And this is exactly where I planned to finish the whole coverage of this story…

But Then I Read This…

According to this first part and this second part of detailed Spanish exposé from last September, courtesy of Madrid-based online political daily ‘El Confidencial’:

* Didac Sánchez is just a frontman for a group of companies
* Of those (at least) fifteen companies, only three have so far filed any accounts, with a total combined turnover of less than a million euros, some 2% of the amount claimed in the press.
* The journalists were unable to find any genuine trace of several of the other companies (e.g. Hilton Clinic), despite numerous promises made by Sánchez himself to supply them documentation on the companies’ activities.
* Sánchez’s original name was Diego Giménez Sánchez, but he changed it to Diego Sánchez Giménez
* Sánchez’s real history is to be found in connection with his original name (Diego Giménez Sánchez)
* On 29th May 2005, Diego Giménez Sánchez was (at the age of 12), while living in the Casal dels Infants del Raval in Barcelona, sexually abused by a 45-year-old man by the name of José María Hill Prados. José María Hill Prados was convicted in February 2007 (and banned from contacting Giménez Sánchez for five years or coming within 1000 metres of him), but later appealed, saying that Giménez Sánchez had withdrawn all the claims. However, the court was not swayed by this, or by Sánchez’s many letters (and even TV interviews) at the time. José María Hill Prados has since been released.
* Fast forward to 2015, and El Confidencial’s journalists discovered that the person actually behind all Didac Sánchez’s companies was none other than… José María Hill Prados, whom El Confidencial helpfully labels as “pederasta del Raval”.

Personally, I have no way of knowing what the truth of this matter is. At the very least, the existence of Sánchez / Hill Prados’s company ‘Eliminalia’ that helps people remove their unwanted past from the web is an aspect to this whole affair that is either horribly cynical or spectacularly ironic. Closets have rarely held more skeletons simultaneously, it would seem.

Make of all this what you will. 😐

Update: I just now noticed (*sigh*) the connection with the WW2 pigeon ciphertext – the first five-element code group (GDNFP) is the same as the last (GDNFP). In the case of the WW2 cipher, this is almost certainly because it encrypts the initial settings for the five drums used in the Typex machines used so much by the British Army: but in this challenge cipher, who knows? But this would probably make the length of the ciphertext either (by excluding the final GDNFP) 1423 (which would be a high unlikely message length for a transposition cipher, because it’s prime 🙂 ), or (by excluding both the first and final GDNFP) 1418 which equals 2 x 709, which is also somewhat unlikely as a transposition ciphertext length.

So what is probably going on is that “GDNFP” is encrypting some kind of reordering key to the transposition cipher. If A = 1, then (in ascending order) G = 7, D = 4, N = 14, F = 6, and P = 16. If an idiot programmer was behind this, one might possibly predict that this encodes a five-letter-long hex number (i.e. 0x63D5F = 408927) as the enciphering key. If an idiot mathematician was behind this, these might be indices into a list of prime numbers, A = 2, B = 3, C = 5, D = 7, E = 11, F = 13, G = 17, H = 19, I = 23, J = 29, K = 31, L = 37, M = 41, N = 43, O = 47, and P = 53, so [GDNFP] might instead encode [17,7,43,13,53]. Chances are that these are the kinds of thing this peasanty / homegrown transposition cipher will prove to use.

18 thoughts on “Didac Sánchez and the WW2 Cipher Pigeon…

  1. bdid1dr on December 23, 2015 at 7:34 pm said:

    First of all, I’m pretty sure there is no name such as Gimenes (neither spanish nor portuguese: Jimenez is the most common spelling for the pronunciation/sound of the name Himenes or Himenez.
    So, it seems that didac-sanchez is off to a bad start to being with (how’s my grammar, folks — besides my spelling) — much less my endless use of parentheses which rarely replace brackets) ? Feel free to contradict me!

  2. Helen Ensikat on December 24, 2015 at 2:00 am said:

    “…has deciphered Second World War message following a three-year effort at a cost of €1.5 million (£1.1m) – but won’t reveal its message.”

    And I know who the Somerton man is, and also, you should all invest in my start-up…

  3. D.N. O'Donovan on December 24, 2015 at 5:08 am said:

    Really – seriously – isn’t this supposed to be about an intellectual challenge? What relevance the man’s life-history?

    Are we supposed to infer that since he may or may not have suffered childhood abuse and then for reasons unknown first accused and then attempted to avoid the prosecution’s proceeding, that the cipher is not worth addressing?

    I have no idea what character the person might have who constructs a cryptic crossword, and I’m sure I shouldn’t have enjoyed knowing Vermeer or Dali or half the artists whose works I appreciate, but to suggest that the maker’s work should be ignored on some sort of moral grounds is a little unnerving.

  4. I see that the process has begun and is following a possibly preordained path of many people wasting many months.
    Perhaps it is indecipherable, being simply a jumble of random letters. Why?
    Virus authors derive immense but pathetic pleasure from their pastime, why not ‘Walter Mitty’ pseudo cryptographers.

  5. Diane: that’s your interpretation of what I was trying to say in the post, and it’s completely wrong.

    In the post, I described Sanchez’s cipher challenge in reasonable detail, and concluded that it is has no connection whatsoever to the WW2 pigeon cryptogram, and was very probably promoting crypto software that does not exist. On balance, I would be unsurprised if the 25,000 euro prize too does not exist. The (disturbing but entirely factual) remainder of the post was not intended as some kind of “moral” commentary on the cipher (as you suggest), but quite the reverse: which is that what we learn from the cipher might help us evaluate the latter.

  6. enonod: it seems just as likely to me that a maths graduate has constructed an obscure path transposition cipher for Sanchez, numerically confident that the number of permutations goes far beyond what could be brute forced by the end of the year. However, these systems have been cryptologically defanged for decades, so it may well be trivially decryptable for someone who has the right kind of software. I know that Jim Gillogly, for instance, has written numerous hill-climbing transposition cipher cracking applications over the years, so he might well be interested in pushing this text through them to see if the answer drops out for him.

    In my opinion, a ‘Walter Mitty’ pseudo-cryptographer probably wouldn’t have used a transposition cipher: but feel free to draw your own conclusions. 🙂

  7. bdid1dr: good luck with telling people how to spell their own name. 😉

  8. D.N. O'Donovan on December 24, 2015 at 1:30 pm said:

    Nick – I see. Thanks for the correction.

  9. Nick,

    providing somebody solves that code (or cipher, whatever it is), is he/she bound not to reveal it after receiving the reward? Certainly not if he/she does not accept any money. On the other hand, why would he/she get measly 25 tau if he/she could get much more by marketing it him/her self? 🙂

    Jan

  10. Here in continental Europe winter has been largely non-existent. It’s been above 10 degrees Celsius almost all the time. I’m expecting the first flowers anytime, but now it seems it’s already the 1st of April……

    Nowadays, message encryption is fully established and used routinely everywhere. It is based on about half a century of continuous development, by great mathematical minds. The whole idea of someone ‘inventing’ an encryption method and presenting a text of a few hundred characters, with the ‘challenge’ to decrypt it, is a joke. It is more amateurish than anything that has ever been presented in the area of Voynich MS solutions, by several orders of magnitude.

    What that means is: I can’t even begin to figure out what all this story is about.

  11. To me it appears to be what I would call a ‘leapfrog’ code (if there is anything like that?)
    bd

  12. @Rene: Is it likely that some of the blooms may be saffron corms? Another ‘bulb’ which often appears with various weather conditions: the autumn blooming crocus.
    Have a very good winter season! Today we have been having a series of very fast-moving snow-flurries. I’ve lined my balcony with bird seed (small seed for chickadees and titmouse) cracked corn for blue jays and stellar jays — and acorn woodpeckers. No cardinals (red bird–quite raucous).

  13. D.N. O'Donovan on December 25, 2015 at 1:16 am said:

    bdid1dr

    🙂

  14. Aiden Pearce on April 27, 2016 at 11:24 am said:

    So what you say in the post is virtually the solution to the contest?

  15. Aiden: if only things were that simple! The post describes what I think happened and how (broadly) the cryptogram works, but without actually solving it.

    I put it on the site to help people who wanted to solve the challenge cryptogram from wasting a lot of their time on it.

  16. Aiden Pearce on April 27, 2016 at 11:55 am said:

    I understand …… thanks anyway.

    You could decipher the code?

    I only have two days to send an answer, do not know how I’ll do it but I will try to do everything posiblle to get something.

    Do you know people, websites, etc where you can get help to form a
    conserguir group and decipher?

    thank you very much really

  17. Aiden Pearce: no, sorry, the people I know who have looked at this thought it was either (a) a startup theatre fake stage prop, or (b) a stupid peasanty system that wouldn’t last a day in the real world. Either way, they weren’t at all interested. 🙁

  18. bdid1dr on April 30, 2016 at 4:58 pm said:

    To Aiden (Aidan?) :

    Didac Sanchez has not created a coded document. It is nonsense throughout. One thing I did notice is that he never doubled the alpha-character ‘d’ . I’m thinking that he wanted to avoid the possibility of such words as ‘didactic’ appearing in his puzzle.
    ps: It is nonsense/garble/garbage throughout.

    “Twas brillig……. slithy tosh …… wabe……. See if Alice ever responded in writing to Lewis Carroll’s famous book.

    bd

Leave a Reply

Your email address will not be published. Required fields are marked *

Post navigation