"We've Cracked the Code"

"But we don't know what it means."

I was watching White Collar the other day, and one of the FBI agents said the above. It struck me as odd: what exactly would this mean? I suppose if the reversal of the algorithm you've guessed generates the code produces English words, but of obscure import, you might say the above. But their obscurity might also be taken to indicate you have the wrong algorithm, couldn't it? I suppose once you were getting grammatical English sentences for a time, your confidence that you had the right algorithm would be pretty high, but I could envision creating an algorithm that generated decoy patterns in the encoded string. (Query: Are their codes that do this?)

But I wouldn't really feel certain I had "cracked the code" until I knew what it meant. Silas, what's your take on this?

1. I suppose once you were getting grammatical English sentences for a time, your confidence that you had the right algorithm would be pretty high, but I could envision creating an algorithm that generated decoy patterns in the encoded string. (Query: Are their codes that do this?)

Yes, see La Bocca della Verità.

1. But have you cracked the code yet?

2. Nice one Bob. I have suspected an esoteric subtext going on here for some time.

- I made a post here explaining the senses in which foreign languages/jargon are a kind of "encryption".

- Yes, there are cryptosystems that provide plausible "decoy keys" that decrypt the ciphertext to innocuous cleartext. The general term for this (though it also covers other meanings) is Deniable Encryption. One implementation is in truecrypt.

-- The problems that arise in using deniable encryption are:

a) The cost of generating the plausible decoy cleartext.

b) The reduced entropy of the ciphertext that results from the additional order you impose on it by making it do "double duty". (Lower entropy = easier to find patters = easier to decrypt).

- Generally, it is a problem that you can claim an arbitrary key is the "correct" one and thus that a ciphertext says whatever you want. In the extreme case, you can say it's encrypted with a one-time-pad that you chose specifically so that the XOR with the ciphertext is something incriminating. But even there, that would require using a 1TP of implausibly low entropy (calling into question whether they really used such a key).

A more realistic use-case is when the ciphertext really does decrypt to a given plaintext like prosecutors claim, but then they layer on an additional interpretation that "oh, they're using a code, where T-shirts means heroin ...". It doesn't help that some people *do* use such a code! But with a naive judge and jury, they are vulnerable to being rooked by circular versions of this argument.