Select random mysql

Here at the School of Mathematics the second University of Southampton National Cipher Challenge is under way and much of the frantic effort to prepare the ciphers, the storyline, the design and the publicity is behind us. One week into the three month challenge we have over 1,000 teams registered from something over 1 in 20 of the UK's secondary schools. It is only five months since we held the prizegiving for the first National Cipher Challenge and less than two years since we first started to explore the idea of adapting Simon Singh's infamous Cipher Challenge for the school population.

The idea of a cipher challenge grew from a decision to include a cryptology section in our first year curriculum at Southampton. It was suggested that some form of challenge could be embedded in the syllabus, and interest in the challenge from colleagues in local high schools quickly convinced us that there was a much wider potential audience. As part of the University's Silver Jubilee celebrations during Easter 2002, Simon Singh gave a public lecture on his own cipher challenge (see [3]) and we launched a small scale local competition, which was sponsored by IBM and the national book seller chain Waterstone's.

As in Simon's original challenge we published a graded series of ciphertexts and competitors were invited to submit solutions as quickly as possible to an email address at the University. The ciphers we used ranged from a Caesar shift preserving word and sentence structure, to a Playfair cipher. Playing distinctly unfairly we included a keyword substitution encryption of an extract from the English translation of "A Void" by Perec, a novel written entirely without the letter "e", [2]. With only local participation we had around 50 participants and were able to check submissions by hand and to offer personal feedback by email.

The competition was enthusiastically embraced by small teams of pupils who wrote their own programs to tackle the harder ciphers. We received very positive feedback from local school teachers requesting a sequel which we decided quickly should be run on a national basis. Several difficulties were immediately apparent. First was the problem of advertising the competition. The UK has over 5,000 secondary schools and ideally we wanted to reach them all. Furthermore, while our original competition largely drew its competitors from the pool of school children who already had an interest in cryptography, mathematics and computing, we were particularly keen to attract a wider range of pupils to the subject. Finally we wanted to ensure that as many pupils as possible followed the cipher challenge to its conclusion.

The solution to all these problems lay in the final format chosen, that of a mystery story in the style of Sherlock Holmes. By embedding the challenges in an adventure story set in the Victorian period we gave the competition a distinctive feel that could be captured in a poster campaign, and in August 2002 we sent a mailshot to secondary schools across the UK advertising the competition. We set up a website and published the URL. To recruit teachers to our cause we published a series of lesson plans on elementary cryptography, with supporting materials based partly on the ciphers used in the first three challenges.

Our story narrated the adventures of Charles Babbage, Charles Wheatstone and Ada Lovelace as they tried to recover their plans (stolen by French conspirators) for a revolutionary new encryption engine - the Turning Machine. 1 Of course our story has no parallel in history, although it is not beyond belief that these three brilliant scientists and inventors could indeed have constructed such a machine. Babbage and Wheatstone were gifted cryptologists and cryptographers and their engineering talents combined with Lovelace's programming skills were probably equal to the task. The conflict with France is also rooted in the uneasy relationship between the two nations at that time. We peppered the story with references to the history of the period, and published short essays at each stage of the challenge amplifying these references and linking to internet resources. We were delighted when the BBC History magazine described our site as

"Outstanding among University sites . . . . Excellent and comprehensive links covering historical issues and a fun cipher-breaking competition"

Our main goal was to introduce as many UK schoolchildren as possible to the joys of cryptography. The celebrated cryptologists Niels Ferguson and Bruce Schneier, authors of Practical Cryptography [1] and sponsors of the competition, say on their web sites that

"We believe that cryptography is about the most fun you can have with mathematics"

and we agreed. We intended to inject as much additional fun into the Cipher Challenge as we could.

One of the main problems facing any competition aimed at schoolchildren is the wide variation in ability across and within age groups. We decided early on to split the first National Cipher Challenge into two competitions, the first restricted to under sixteens and the second an open competition. The first stage lasted three months and consisted of a series of ciphertexts encrypted with monoalpahabetic substitutions and, at the end, Vigen??re ciphers of graded difficulty. The easiest Vigen??re had period three and we more or less described it in the text of the preceding challenge. As we published each new challenge we also published the solution to the preceding one, and often this contained clues useful in subsequent decryptions. (One message contained the keyword for the subsequent substitution cipher as an acrostic, with the hint that the keyword would be found "in my initial comments".) While this did risk reducing the mathematical element of deciphering the text it added to the fun. It also encouraged a spirit of freeform enquiry, which is arguably closer to the activity of a professional mathematician than the rigid application of known attacks.

Competitors could enter at any stage since all the available clues from early rounds were published on the web, although, since the prize fund was split among the individual challenges, a late entry reduced the number of opportunities to win a prize. With hindsight this prize structure was wrong in several ways.

Inspired by Simon Singh's first-past-the-post competition we had originally intended to award a series of substantial cash prizes to the first individuals or teams who submitted a correct decryption of each ciphertext. What we did not count on was the penalty this imposed on those who had a slow connection or restricted internet access. Particularly in the early stages the best competitors were able to decipher a message within minutes of receiving it. Anyone who had to wait for half an hour to get a terminal to download it was essentially shut out of the competition. Fortunately we had written a broad discretionary clause into the rules which allowed us to modify them, and so we changed them to allow us to select prize winners at random from among the first correct entries we received. While one or two of the competitors complained about the change it was generally well received, and we believe that it helped to maintain interest when there was a risk that many of the competitors would give up trying to beat those with the best facilities.

There was another practical problem which we did not satisfactorily solve: if you advertise large cash prizes for solutions to a competition which you will publish on the web at a particular time you are essentially inviting a de facto denial of service attack on your web server. Fortunately we had partnered with Education.Guardian.co.uk, and their version of the competition web site took some of the load from ours. Nonetheless in the first few weeks our server would lock up pretty comprehensively for around twenty minutes after the publication of a new challenge. We added RAM, reconfigured swap space and edited Apache configuration files which did alleviate some of the problems, but the real solution lies in more resources, parallel servers and so on which even now we do not have. While mentioning these dry technical matters it is only fair to point out that we implemented the entire challenge using open source software. Pages were served by Apache, and the database of competition entries was held in mySQL. Competitors submitted their solutions on a webform, and their solutions were processed and marked by Perl scripts. All of the backend was written by my friend and colleague Jim Renshaw and if anyone were to ask me what is the most important ingredient in the machinery, my answer would have to be Jim. He also implemented a feedback mechanism whereby competitors would receive an email pointing out, where their solution differed from ours, and inviting them to try again.