Brandon.Si(mmons)

code / art / projects

Cracking a Lock in Haskell With the De Bruijn Sequence, Pt. 1

Update: a more efficient variation is implemented in Part 2.

A De Bruijn sequence is (for example) a cyclical list of characters such that every word of a given length appears once and only once in the sequence. Instead of using letters, you can have a De Bruijn sequence of bits. For example here is one possibility for a sequence in which every 3-bit word appears somewhere (you have to wrap around from the end for the final “words”):

00011101

In a sense we compress a dictionary of 23 = 8 3-bit words (or 24 bits) to a sequence of only 23 = 8 bits. There are some very simple algorithms for generating these kinds of sequences of bits, and I will implement two here: the “prefer one” algorithm and a subtle variation called “ prefer opposite[PDF] by Alhakim”. Here is the author’s excellent description of the traditional Prefer One algorithm from the linked paper:

“The prefer-one algorithm is a very simple method amazingly capable of generating a full cycle. For any positive integer n ≥ 1, the algorithm puts n zeroes, and proceeds after this by proposing 1 for the next bit and accepting it when the word formed by the last n bits has not been encountered previously in the sequence, otherwise 0 is placed. The algorithm stops when both 0 and 1 do not bring a new word.”

And here is my haskell implementation. It works by creating a lazy array which we build from a list being generated by searching the earlier portions of the array that already have been defined. It’s very similar to the method I used in modeling the LZ77 algorithm.:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
module Main
    where

import Data.Array
import Data.List(isInfixOf)

type Bit = Bool

preferOne :: Int -> [ Bit ]
preferOne n =
    let upB = 2^n
        arr = listArray (1, upB) (replicate n False ++ rest)

        -- since we use Bool for bits, we can say (not.alreadySeen):  
        rest = map (not . alreadySeen) [n+1 .. upB]
        alreadySeen i = or $
            do let range = [ arr!i' | i' <- [i-n+1 .. i-1]] ++ [True]
               i1 <- [1..i-n]
               let rangeP = [ arr!i' | i' <- [i1 .. i1+n-1] ]
               return (range == rangeP)
     -- an infinite stream is returned... because I can:   
     in cycle (elems arr)

The Prefer Opposite algorithm works on the same principle, but with a couple twists. In my words it is as follows:

Start with n zeros. Search for successive bits as follows:

propose to place the bit that is different from the previous bit: if the word formed by this bit has not been seen already, then choose it, else choose the same bit as the last. When 23-1 bit have been written, write a 1 for the final bit. and you’re done. (you can also keep track of how long a string of ones has been written; the sequence will always end with n ones)

Here is my implementation:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
preferOpposite :: Int -> [ Bit ]
preferOpposite n =
    let upB = 2^n
        arr = array (1, upB) (final : inits ++ rest)

        -- we must specify the very last element of the sequence  
        -- which will always be a One:  
        final = (upB,True)
        inits = [ (i,False) | i<-[1..n] ]
        rest = map seqBit [n+1 .. upB-1]

        -- if the word generated by making the current bit the opposite  
        -- of the previous has already been seen, we make the bit the  
        -- same as the previous:  
        seqBit i = (i, nextB)
            where bP = arr!(i-1) --previous bit
                  nextB | or (alreadySeen i bP) = bP --same as previous
                        | otherwise = not bP         --choose opposite

        --checks if the n-length string we would form by choosing the  
        --opposite for the next bit is already present in the array:  
        alreadySeen i bP = do
            let range = [ arr!i' | i' <- [i-n+1 .. i-1]] ++ [not bP]
            i1 <- [1..i-n]
            let rangeP = [ arr!i' | i' <- [i1 .. i1+n-1] ]
            return (range == rangeP)

    in cycle (elems arr)

Enough code for now, let’s talk about applications of the sequence. The most easily-approachable and interesting application to me applies to those keyed entry systems, such as electronic door locks, which accept a stream of keys (i.e. they unlock as soon as the correct key sequence is input, without any need to press an “enter” key). These mechanisms are very susceptible to attack with a De Bruijn sequence of key presses.

Since the above algorithms use a binary alphabet, as opposed to say a decimal one found on electronic keypads (check out Jonas Elfström’s blog post dealing with keypads with worn out letters for more on that), I will choose as my target an old-fashined garage door opener.

An old-style garage door opener remote has 8 binary DIP switches allowing 256 different code combinations. We will imagine the garage door is susceptible to a stream-based attack like the electronic lock we described.

We can model the garage door receiver as follows:

1
2
3
4
5
6
type Combo = [ Bit ]
type Receiver = Combo -> Bool

-- True means access granted  
programReceiver :: Combo -> Receiver
programReceiver = isInfixOf

Now let’s test out our model with this main function:

1
2
3
4
5
6
7
main = let secretCode = [False,False,True,False,True,False,True,True]
           receiver = programReceiver secretCode
           crackingStream = preferOne 8

        in if receiver crackingStream
              then print "WE'RE IN!"
              else print "...bugs"

Looks good!:

*Main> :main 
"WE'RE IN!"

In the next couple posts I’ll explore improvements to the performance of these algorithms and maybe a few other things.

Comments