Cm History, 1941-1950


1941

Dec.
– The SQUIRE introduces a Mixed Sequence Playfair, where the keyed alphabet is entered in the square using Route Transposition. Page 109 has a good example cipher to play with.
– Along with Piccola, one other very high-profile member of the ACA to pass away in the previous year was Damonomad. During 1941, there was a committee tasked with finding some way to memorialize both of them. The final decision, as reported in this issue, was to print “Dedicated to Damonomad” under the section heading for Aristocrats, for every issue from here on out, and “Dedicated to Piccola” under the section heading for Cipher Exchange.

1942

Apr.
– Article by The SQUIRE on recovering a Playfair keyword.

June
– A new approach is provided for solving Playfair ciphers, using a contact table. Pretty powerful from what I can see.

Oct.
– The editor announces a new section called The Expert’s Corner. This initially consists of 3 unknowns – An Aristo, a cipher and a Foreign language crypt.
– More examples for breaking Playfair ciphers.

Dec.-Jan.
– The editor announces larger sections for Cipher Exchange (20 CONs) and Pats (19). Up to this point, the full text of the solutions for every CON was being printed. With this issue, they will only print the first sentence each.
– The ACA buys its first $500 U.S. War Bond.
– S-Tuck introduces a method for solving Grilles using a tableau (writing the cipher out as a table).

1943

Feb.-Mar.
– Introduction of a Sigma Test for Vigenere keyword letters, by Contractus.
– Up to this point, the editors of the Cm would list people by name and give the stats for which crypts they solved. With this issue, they started running the SOLs table format that is still in use today.

Apr.-May
– First article on how to solve Quagmire III.

Oct.-Nov.
– S-Tuck’s Introduction of the Key Phrase cipher.

Apr.-May
– The use of trial squares for solving Playfair.
– S-Tuck’s article on solving Porta Auto-Key.
– The Editor for the Cipher Exchange column complains that people are sending in too many transposition ciphers and asks for other types instead.

1944

Aug.-Sept.
– Mention of David Kahn’s “Codes and Condensers” books.
– S-Tuck’s discussion on the Gronsfeld cipher.
– S-Tuck: How to deal with 5×5 keysquares.

Oct.-Nov.
– Membership fees now at $1.50 per year.
– Example given in the Foreign Crypt Department on how to solve a Spanish CON.
– How to find the period of a Bifid cipher.

Dec.-Jan.
– Example showing how to solve an Italian CON.

1945

Apr.-May
– S-Tuck: Discussion on the Tri-numeral cipher.
– Analysis of Slidefair, created by Piccola and described in Elcy (Piccola’s book, Elementary Cryptography).
– Tonto: Analysis of Bifid.

June-July
– Confirmation of the use of K1-K3 keywords for Aristocrats.
– X.Gotky: Analysis of the Delastelle Bifid.

Oct.-Nov.
Sherlac and S-Tuck: Triangular Grilles.
– An introduction to Stebbinsonian Formulas A & B. “A” is similar to Fractionated Morse, in that the alphabet is used to represent dots, dashes and spaces, and the plaintext is converted to Morse before being enciphered by letters. Formula B is also similar, but uses a longer key sentence. Written by Dwight Stebbins.
– Note that during the early years of the ACA, many people kept trying to come up with their own encryption systems, and trying to get them printed in the Cm, claiming them to be “unbreakable.” Every so often, the Cm editor would try to discourage this practice, and tell people to play with these systems independently of the magazine.
– S-Tuck: Article on solving Aristos based on word prefixes.

Dec.-Jan.
– The cover of the Christmas issue has a Walls of Troy motif. Even so, “ornamentals” (illustrated ciphers) remain unknown.
– A description is given of the “Multiple Substitution Number cipher,” which later is renamed to “Homophonic.”

1946

Jan.
– S-Tuck: Introduction of Auto Key, Interrupted Key, and the modern version of Running Key. These are billed as variations of Vigenere, which includes tables for Variant, Beaufort, Gronsfeld and Porta.

Feb.-Mar.
– S-Tuck: Methods for solving Interrupted Key ciphers.

Apr.-May
– S-Tuck: One approach for finding the period for Bifid.

Aug.-Sept.
– Delac: Introduction of the Myszkowsky Transposition cipher.
– X.Gotky : A shortcut for lining up Porta alphabets. It’s fine for pencil and paper analysis, but can be replaced by IC.

Oct.-Nov.
– S-Tuck: Recovering the 5×5 key square for Bifid.
– Discussions start for raising membership fees from $1.50 to $2 due to rising printing costs.
– Sky: A guide to solving Latin CONs.

Dec.-Jan.
– Cherry Blossom gives his account of the birth of the ACA.
– S-Tuck discusses key recovery for 5×5 mixed squares.

1947

Feb.-Mar.
– X.Gotky: Bifids with literal indices only (enciphering without resorting to using number placeholders mid-step), part 1.
– The Foreign Crypt Department officially becomes Xenocrypts.

Apr.-May
– X.Gotky: Part 2, plus an exercise on solving a Bifid.

June-July
– An official announcement is made that the “ACA and You” handbook has been printed, and sales have mostly recovered the printing costs.
– Doctor Cryptogram: How to recover numeric keys from transposition and Gronsfeld ciphers.
– Start of the Armchair Cryptanalyst department, which consists of mini-mystery stories involving ciphers.

Oct.-Nov.
– Red E. Raser: Impressions on Quagmire III.
– Glendale: How to attack the Phillips cipher.

1948

Feb.-Mar.
– Tonto: The Theory of Substitution as applied to Quagmire ciphers.
– Clear Skies: Use of a slide to solve Nihilist Number Substitution ciphers.

Apr.-May
– Phil: A method for differentiating between Vigenere, Beaufort and Variant ciphers.

June-July
– Ab Struse : One of the earliest articles on the solving of a Baconian cipher.

Aug.-Sept.
– Ishcabibel: Straddling Homophonic Bilinear substitution cipher, part 1.

Oct.-Nov.
– Ishcabibel: Part 2.
– Fiddle’s slide for Nihilist Number Substitution.
– Red E. Raser: Discussion of the Portax Cipher, part 1.

Dec.-Jan.
– Red E. Raser: Part 2.

1949

Feb.-Mar.
– Tonto: Applying the Theory of Substitutions to Quagmire IV.

Apr.-May
– Sai-Chess: Solving Foursquare, part 1.

June-July
– Sai-Chess: Part 1.
– S-Tuck: First principles of Playfair.

Aug.-Sept.
– Delac: The Nicodemus Cipher, which is Vigenere followed by Columnar Transposition.

Oct.-Nov.
– Ab Struse: Breaking the Porta Auto Key cipher.
– Helcrypt: Nullifying the Null Cipher, a discussion of methods for creating Null cipher CONs.
– Up until this point, cryptarithms have had multiple solutions. Pressure is now being applied by the department editor for people to make puzzles with one unique solution.
– Most of the more difficult crypts now have hints with Caesar-shifted cribs.
– There’s an editor request to determine the popularity of a Cryptocatechnics department in the Cm for various phases of cryptography.

Dec.-Jan.
– Fiddle: Solving Foursquare using the probable word method, part 1.

1950

Feb.-Mar.
– Fiddle: Part 2.
– Delac: Solving Slidefair.
– S-Tuck: Solving Porta.

Apr.-May
– Fiddle introduces his Fractionated Morse cipher. X.Gotky endorses it as a new type for use by the ACA.
– B.Natural: The Phillips Cipher with Mixed Square.
– Sourdough suggests a new method for devising Aristocrat key alphabets – write the keyword vertically, and follow each letter on the row with the consecutive letters up to the next one in the key. This approach is not in current use today. (A later issue of the Cm has a complaint letter from one member protesting the use of this kind of alphabet as being no different than no key at all.)

VWX
ABCD
RS
IJKLMNOPQ
EFGH
TU
YZ

ABCDEFGHIJKLMNOPQRSTUVWXYZ- plain
ZVWXABCDRSIJKLMNOPQEFGHTUY- cipher

June-July
– Delac suggests the use of a slide for the Delastelle Tableau.
– A major rewrite to the ACA Constitution is proposed (and later adopted).
– An announcement is made that many of the members, including the editor, are doing the Phillips cipher incorrectly.
– S-Tuck: Another article on finding the period of Bifids, for odd periods.

Aug.-Sept.
– B. Natural: A simplified version of X.Gotky’s method for solving Bifids.

Oct.-Nov.
– S-Tuck: Symmetry of letter positions in Quagmire frames.
– Every so often, the Cm would run short biographies or background summaries of the ACA’s more prolific, or visible members. In this issue, there was a write-up on Tonto (Spanish for “Stupid”). In it, the author mentions that Tonto had acted with Dorothy McGuire for the American troops in Europe during WW II, in the play “Dear Ruth.” It took a lot of digging, but I finally tracked down his real name as William A. Lee.
– Also in the write-up on Tonto was the mention that he had gotten interested in cryptography from a cryptogram from the New York World in 1928, in a column run by magician Harry Houdini.
– Tonto: Bifid Recoveries (the Candela Method).
– In a short piece called “Historical Oddities,” there’s a mention of a cipher written by Christopher Wren in 1714 that was to be used as proof to the Royal Society that he’d developed three instruments for measuring longitude at sea.

“Sir Christopher Wren’s Cypher, describing three instruments
proper for discovering the Longitude at Sea, delivered
to the Society November 30, 1714 – (7) by Mr. Wren:
Qzvcvayinixdncvocwedcnmalnabecirtewngramhhccaw.
Zeiyeinoiebivtxesciocpsdedmnanhsefprpiwhdraehhxcif.
Exzkavebimoxrfcslceedhwmgnniveomrewwerrcshepiip– Vera Copia”.
“Edm Halley”.

[I can’t find anything further on this cipher, but there is a follow-up in a later issue of the Cm giving an almost unreadable translation. I’ve written an email to the Royal Society asking about this, but I’m not expecting an answer back. Either way, I don’t know if this cipher was made up as a joke by one of the ACA members, or if it is indeed real.]

Dec.-Jan.
– Russian is added as one of the accepted languages in the Xenocrypts department. An article is run describing the language and providing letter frequencies.

Thinking About Encryption, Part 53


Condi

I wanted to have something to work on during a break at work, so I went through the ACA’s list of approved ciphers for their Cm newsletter. I have a preference for transposition ciphers, but I was also kind of interested in a simple substitution type that wouldn’t take that much effort to learn. Condi looked promising, so that’s the one I picked next.

Condi (short for CONsecutive DIgraphs) is a very recent addition to the ACA list, having been first introduced in the Cm in the Sept.-Oct. 2011 issue by G4EGG. The Cm archives only go up to Nov.-Dec. 2015, and in that range, there are only 4-5 CONs total featuring the Condi type. And of those, all of them have been given in the Analyst’s Corner (reserved for non-standard ciphers, or those that break the guidelines somehow), rather than in the regular Cipher Exchange section. So, for that period, it’s not been that popular a cipher-type. I only have issues from July 2018 to Jan. 2019 on hand right now, and none of those include a Condi.

On first glance, it seems very straight-forward. You start by picking a keyword, and use that to create the regular key alphabet. Say, “CREAMCHEESE”:

.........11111111112222222
12345678901234567890123456
CREAMHSBDFGIJKLNOPQTUVWXYZ

Next, you need a “starting number,” between 1 and 25. This number is used to create the first half of the first digraph (2-letter pair). Of course, it helps to have a plaintext message. Word breaks and punctuation can be retained.

This is a test message.

Now, take the first letter of the message, and locate it in the alphabet (T = position 20). Then, add the starting number to that position to get the associated cipher letter. If the starter is 5, then t = 20 + 5 = 25 = Y.

Replace the starter value with the position value for T (20), and repeat the process with the next plaintext letter, H . H = 6 + 20 = 26 = Z. Use the position value for H (6), and add that to the next letter (i = 12) to get 18 = P. And continue, each time using the position in the alphabet of the letter to the left to get the cipher value of the current letter.

YZPQ QQ G XWFC YBFKGLK.

Note that if the sum exceeds 26, you just wrap around to the left.

To decipher the message, start from the first letter of the sentence and just subtract the offset instead of adding it.

Solving a Condi CON can be either very difficult or very easy. The easy approach is to go through a dictionary, one word at a time, and use that to test for the key. This is fine for one-word keys that are in English, and are not proper names. I haven’t adapted my VBscript to include a permutating incrementer, but that’s only good for short keys (no more than 8 letters long, or so).

Now, if you use the dictionary approach, you still need to deal with that starter number between 1 and 25. This could imply having to test all 25 numbers for every single word in the dictionary, which would really slow things down. The way to get around this is to take the dictionary word, create the keyed alphabet for it, then encrypt the crib you have, if any, using that keyed alphabet, and finally search the message for the existence of the encrypted crib. So far, all the Condi CONs I’ve seen do include a crib.

The main weakness of the Condi type is that the starter only really affects the first letter of the message. After that, the cipher text is dependent only on the letters in the message themselves. Therefore, if you can place the crib, even if it’s only one letter, and you have the correct key alphabet, then you can print out the plaintext message. So, say we do have the correct keyword (running through the dictionary, we reached CREAMCHEESE), and we want to know if it is right. If the crib is “TEST”,

Drop the first letter of the word “TEST”, and encrypt the remaining 3 letters using the CREAMHSBDFGIJKLNOPQTUVWXYZ alphabet:

WFC

If you have the right keyword, then the encrypted crib (WFC) will exist in the CON. If it does, just use the keyed alphabet you’ve created to decipher the ciphermessage. You’ll still have to find the starter number to decipher the very first letter of the plaintext, but that’s a minor point at this stage. To recover the starter from ?his, we can assume that “?his” is “this” and just subtract T from W (25 – 20 = 5). Or, run the entire CON in a loop, with the starter from 1 to 25, and print out the one deciphered message that contains the plaintext crib (i.e. – “test”).

Ok, what if we use the dictionary approach and that fails? Of the 5 Condi CONs I’ve seen in the archives, including the examples used in articles on solving Condi, most have used keys made up of multiple words, and one key was 14 letters long, making a permutating incrementer useless. In this case, we have to resort to the “hard” approach, which is using the relative positions of the letters from the crib to reconstruct the keyed alphabet.

With the message:
K NDYX QZGAP KZQOAG FP PCNM ARB DWSI VNVL UBFYXNENG, MEV J QYB'O PLK QQ GMO.

And the crib: travelled

Placement of the crib is a combination of matching the word length, and looking for patterns. With Condi, adding two letters together gives the same total regardless of the order. That is, “e” + “l” = “l” + “e”. So, we want to find a ciphertext word that has the same letter at positions 6 and 8. “travelled” is 9 letters, and there is only one cipher word of that length. Plus, positions 6 and 8 are both “n”. We have our match.

UBFYXNENG
travelled

Now, we don’t know the value of L from the last letter of the previous word, so we can’t associate “t” with “U”. But, we are good for the rest of “ravelled”. Recall that to encipher the text, we add the alphabet position of the letter to the left in the plaintext to the alphabet position of the current letter. I.e. = t (20) + e (3) = W (23) in the above example.

Interestingly, the second word “NDYX” shares two of the letters (YX) with “UBFYXNENG”, meaning NDYX = “??VE”. And there is a one-letter word just before it. The sentence can start with “I ??VE” or “A ??VE”. The most common opening for this combination of letters should be “I HAVE”.

This means, in recreating our keyed alphabet, that:

n = i + h
d = h + a
y = a + v
x = v + e
b = t + r
f = r + a
n = e + l
e = l + l
n = l + e
g = e + d


e = 2 * l
n = 3 * l

There is a clue in the “e = 2 * l,” and “n = 3 * l” relationships. If we assume that “l” and “n” are not in the keyword, then they’re most likely in the upper half of the alphabet (and “e” should almost always be less than 13, unless it’s at the end of a massively long key). If so, then we’re looking at wrapping. That is, if we take “l” to be 20, then “e” = 20 * 2 = 40 = (40 – 26) = 14. n = 20 * 3 = 60 = (60 – 56) = 4. However, with simply adding two numbers between 1 and 26, we should never exceed 52. Therefore we’d expect “l” to be between 14 and 17. That would give us possible values of “e” as 2, 4, 6 and 8. And “n” of 16, 19, 22 and 25. Note, though, that normally in the string “lmno”, “l” and “n” can’t be separated by more than 1 or 2 positions (if they are not part of the key). This forces “e” to be in position 2 in the keyed alphabet, “l” to be 14, “n” to be 16, and “m” to most likely be in the middle at 15.

With “x = v + e”, if “vwxyz” are not in the key, then they’re at the end of the alphabet. Because “x = v + 2”, we can say that “w” is between “v” and “x” (vwx). Then, with “y = a + v”, we have 2 cases: “y is in the key, or it’s not.” If it’s not in the key, “y = v + 3″, and v + 3 = a + v,” or “a” = 3. If “y” is in the key, then “a” has to be less than “l”, and we’re going to get conflicts. Assume that “y” is not in the key.

-ea----------lmn-----vwxyz

Looking at “d = h + a” and “g = e + d” gives us “g = h + 5” or “h = g – 5”. Obviously the two letters are not next to each other, and “h” actually appears before g, so it must be part of the key. Then, “h = d – 3” and “d = g – 2”. This implies something like “h–d-g”. We already know where “e” goes, so the gap between “d” and “g” probably contains “f.” “h–dfg.” Going to “f = r + a,” “r = f – 3,” and “hr-dfg.” Follow this with “n = i + h,” or “i = 16 – h.” “i” can’t equal 1, 2 or 3, and if it was 4, then “h” would be 12 and “f” would be 16 (we already know “n” is 16). The only real legal options are for “i” to between 9 and 12, but this just proves that “i” is not part of the key, and must follow “g” in our substring: “hr-dfgi”. If “i – h = 6,” and “n = i + h” with “n” = 16, we now know “16 = h + 6 + h,” or “h” = 5.

-ea-hr-dfgi--lmn-----vwxyz

The gap between “i” and “l” can be filled with “j” and “k.” “-ea-hr-dfgijklmn.” Then use “b = t + r.” Notice now that “b” is either part of the key, and will therefore be in position 1 or 4, or not part of the key and be in position 7. BUT, “t” and “r” must both be smaller than “b,” and we know “r” = 6, and that “b” can’t be in the key and ergo = 7, and “t” = 1.

tea-hrbdfgijklmn-----vwxyz

“c” is part of the key, and must be equal to 4. Finally, we have “teachrbdfgijklmn”, meaning that our key is “teacher,” and the full alphabet is:

teachrbdfgijklmnopqsuvwxyz

All that’s left is to extract the starting number. # = k – i = 13 – 11 = 2. The full plaintext is:

“I have often wanted to take the road less travelled, but I don’t own an SUV.”

Ending note: Yes, I know “traveled” is only supposed to have one “l”. But, if this is how the word was spelled when the message was written, this is what we need to use to solve the message. Once you’re extracted the plaintext, you can always run spellcheck on it to clean it up if you want.

Summary:
1) Condi is a substitution cipher that uses a keyed alphabet, and a starting number.
2) Taking the first letter of the plaintext, find its position in the alphabet.
3) Add the starting number to this position to get the position of the matching cipher letter.
4) Next, use the position of the old plaintext letter as the offset for the next plaintext letter, and repeat the process.
5) Deciphering is the reverse process.
6) Solving Condi is easy if the key is a single English word that’s in your dictionary. If so, just run through the dictionary and try to solve the CON with the keyed alphabet you create each time.
7) Otherwise, you need to place the crib in the ciphertext, and then build a table of relative offsets for each letter.
This is the hard step.
8) Once enough of the key has been recovered, you can build the entire alphabet, which then gives you the plaintext and the starting number.
9) Condi is much harder than I ever would have expected, or liked, but if you have a crib, it should be breakable.

Wiggles, part 49


Just a little ongoing story to give you something to play with until the next blog post.

D SRUFEV VKSH ICE BIRDNB, RHV LKUUKSEV ICE BINRDACI CRUUSRM IK R BEZKHV VKKN. ICDB KHE SRB ZUKBEV, XGI CRV R BDQDURN OGBC-OGBC UKZF QEZCRHDBQ RB ICE KHE RI ICE XRN. D IGNHEV KLL QM LURBCUDACI, RHV OGBCEV ICE VKKN AEHIUM. ICE QEZCRHDBQ ZUDZFEV, RHV D WGDEIUM KOEHEV ICE VKKN. NDACI DH LNKHI KL QE SRB R XDA NKKQ, RUQKBI R ZKOM KL ICE XRN XGI SDICKGI ICE BIRAE, ANEEH NKKQ SRUUB, KN IRXUEB RHV ZCRDNB. DI SRB XNDACIUM UDI, SDIC LUGKNEBZEHI UDACIDHA KH ICE ZEDUDHA, RHV XKTEB BIRZFEV RNKGHV ICE SRUUB RHV DH ICE QDVVUE KL ICE LUKKN. D ZKGUVH’I BEE RHMKHE, CKSEYEN R ORDN KL YKDZEB NERZCEV QE ONEIIM ZUERNUM. KHE SRB ICE XKM’B, RHV CE BIDUU BEEQEV IK XE URGACDHA KYEN BKQEICDHA. ICE KICEN BKGHVEV UDFE R MKGHA ADNU.

 

Thinking About Encryption, Part 52


Two-Square
6×6 Two-Square

Hmm. #52 of this series looking at cipher types and how the ACA uses them. At one entry per week, that means I’ve been at this for something over 3 days, with no one ever leaving comments here. Maybe that means something.

I’ve written about Four-Square before, and I was really thinking that Two-Square would be a natural follow-up, in that it’s in the same family (along with Three-Square), and that the fewer number of squares would make it easier to crack.

In Four-Square, you have four 5×5 squares, labelled PT1, PT2, CT2 and CT2. PT1 and PT2 are both filled in with unkeyed alphabets (skipping “J”), and CT1 and CT2 both have keyed alphabets that can be written in rows or columns. You take the plaintext message in pairs of letters, and locate them in the PT1 and PT2 tables to form the opposite corners of a rectangle. The two ciphertext letters are taken from the other corners as CT1 then CT2. If the keys are “KEY” (CT1) and “WORD” (CT2), we get (top from left – PT1 and CT1; bottom from left – CT2 and PT1):

ABCDE | KEYAB
FGHIK | CDFGH
LMNOP | ILMNO
QRSTU | PQRST
VWXYZ | UVWXZ
-------------
WBHNU | ABCDE
OCIPV | FGHIK
REKQX | LMNOP
DFLSY | QRSTU
AGMTZ | VWXYZ

If the plaintext message starts with “THIS”, then “TH” becomes “RP” and “IS” becomes “FS” (taking CT1 then CT2).

Cracking Four-Square requires creating a filter based on the letter patterns of the crib, and matching the filter up with a section of the cipher message that has similar letter patterns. One thing that generally helps make this process a little easier is that the keyed alphabets are usually predictable in that the last 1-2 rows (or columns) of letters tend to come from the set “QRSTUVWXYZ”, assuming that “RST” are not in the keyword.

Ok, Two-Square is similar in that both squares use keyed 25-letter alphabets. Where it gets crazy-hard is that the alphabets can be entered into the squares in any order allowed by the Route Transposition Cipher. Recall that Route uses a rectangular box and the message can be written in rows, columns, alternating rows or columns, diagonals, alternating diagonals, or spirals, and that the rectangle can be horizontally and/or vertically flipped. The text is then pulled off in whatever way you want, but that last step is not important here for Two-Square. So, assuming that the keys are “KEY” and “WORD” again, but that we’ll fill in square 1 with alternating rows and square 2 in a spiral:

KEYAB | WORDA
HGFDC | NPQSB
ILMNO | MYZTC
TSRQP | LXVUE
UVWXZ | KIHGF

Now, “TH” “IS” becomes “VU” and “TH”. The plaintext pairs are placed as square 1 then square 2, and taken off as square 2 then square 1. If they are on the same row, such as “IT”, then they are simply reversed (i.g. – “TI”).

This latter point, of the letters inverting if they’re on the same row is one of Two-Square’s biggest weaknesses, since it can be expected to occur perhaps 20% of the time (depending on the plaintext message).

Decrypting a message is just the reverse process. Take your key words, use them to build up the key alphabets. Write the alphabets into the two squares as required. Then take the message in two-letter pairs, placing them in square 2, square 1 order, and reading off the plaintext as square 1, square 2.

Solving Two-Square, if you have a crib, is a matter of writing the crib out as pairs (twice, once for each possible shift of the first letter), and looking for repeating letter pairs. If the crib is “THISCRIBISTHICK”:

"TH IS CR IB IS TH IC K?"
"?T HI SC RI BI ST HI CK"

In the first line, with 0 offset, “TH” appears at relative positions 0 and 10, and “IS” at 2 and 8. If the ciphertext has repetitions at similar spacings, that’s probably where the crib goes. Otherwise, look at the second line, with 1 offset, and “HI” appearing at relative positions 1 and 11.

As additional confirmation, or if the crib lacks this kind of pattern, look for places where the letters are flipped (i.e. – “CR” and “RC”, or “CI” and “IC”.

TS HY KW SS VW LM RC LU VL BA CI ML KA
.. .. .. .. TH IS CR IB IS TH IC K

Ok, this was the easy part. Next, we want to recreate the key alphabet squares. Say we have a cipher message that reads:

HI WY EK EE FW CD BQ FC OF PW TT BN EC HI WY FE
UO EC GY IR EX DS CW OD SF BO OD XF TM SO FC YR

And, we’re told that the crib is: “found a friend”. First, we want to place the crib.

FO UN DA FR IE ND
or:
?F OU ND AF RI EN D?

While there are no repeat patterns in either string, there are two reversed pairs that match up with the second string (“?F OU ND AF RI EN D?”):

HI WY EK EE FW CD BQ FC OF PW TT BN EC HI WY FE
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .F


UO EC GY IR EX DS CW OD SF BO OD XF TM SO FC YR
OU ND AF RI EN D. .. .. .. .. .. .. .. .. .. ..

OU = UO and RI = IR. Promisingly, we also have FE = ?F, but we can leave that lead for later. Right now, we’re looking for pair combinations that have the most letters in common with the other pairs throughout the crib. The first really good candidate is EC = ND. We start by creating a little grid, with P1 (plaintext letter 1) on the left, P2 on the right one line down, C1 (ciphertext letter 1) on the right directly above P2, and C2 on the left, directly below P1, as follows:

N | E
C | D

If we follow the rules for encryption, ND creates a rectangle with EC at the opposing corners. The next pair should be EX = EN. Here, the letters EN don’t align with anything we have in the table, so we put them on a new row and a new column. But for EX, the “E” matches the “E” on the right side of the divider, so P1 will be on the same row as C1 E, C2 will be below P1, and P2 will be on the same line as C2, directly under C1. Like this:

EN | E
.C | D
X. | N

If we look at DS = D?, and compare that with EX = EN, we don’t really know what the unknown character “?” could be. But for FE = ?F, it’s guaranteed that we have a mirror flip. In order for P1 to be F and C2 to be the same letter, P2 and C1 also have to be the same, meaning that FE = EF.

EN | EF
.C | D
X. | N

This is as far as we can go with the table, so let’s see if we can add to the plaintext.

HI WY EK EE FW CD BQ FC OF PW TT BN EC HI WY FE
.. .. .. EE .. .. .. .. .. .. .. .. ND .. .. EF


UO EC GY IR EX DS CW OD SF BO OD XF TM SO FC YR
OU ND AF RI EN D. .. .. .. .. .. .. .. .. .. ..

Obviously, I wrote this message, so I can claim some kind of magic knowledge and wave my hands here. But, that “ND” does show up in “FOUND” as well as “FRIEND”, or it could be part of “AND”. However, if we look at “EC HI WY FE”, there’s a chance that “HI” is a mirror flip, which could give us “IH ?? EF”. “I HAVE FOUND A FRIEND” is not too outrageous a leap, so let’s try it.

HI WY EK EE FW CD BQ FC OF PW TT BN EC HI WY FE
.. .. .. EE .. .. .. .. .. .. .. .. ND IH AV EF


UO EC GY IR EX DS CW OD SF BO OD XF TM SO FC YR
OU ND AF RI EN D. .. .. .. .. .. .. .. .. .. ..

Unfortunately, it doesn’t give us anything to work with table-wise. “BN EC” = “?A ND” is a deadend, too. There’s nothing to lose by trying to plug in “FRIEND”.

HI WY EK EE FW CD BQ FC OF PW TT BN EC HI WY FE
.. .. .. EE .. .. .. .. .. .. FR IE ND IH AV EF


UO EC GY IR EX DS CW OD SF BO OD XF TM SO FC YR
OU ND AF RI EN D. .. .. .. .. .. .. .. .. .. ..

This at least gives us BN = IE, and that fits in with what we already have in the table.

.EN | EF
..C | D
.X. | N
..I | BH


HI WY EK EE FW CD BQ FC OF PW TT BN EC HI WY FE
IH AV E. EE .. .. .. .. .. .. FR IE ND IH AV EF


UO EC GY IR EX DS CW OD SF BO OD XF TM SO FC YR
OU ND AF RI EN D. .. .. .. .. .. .. .. .. .. ..

And, we just repeat the process. Since my goal is to recreate the table, I’ll just fill in the rest of the plaintext.

HI WY EK EE FW CD BQ FC OF PW TT BN EC HI WY FE
IH AV EB EE NL OO KI NG FO RA FR IE ND IH AV EF


UO EC GY IR EX DS CW OD SF BO OD XF TM SO FC YR
OU ND AF RI EN DI NA DO GT HE DO GW AS HU NG RY


YEN | EF
A.C | DG
.X. | N
.KI | BH
..W | .LA
.Q. | I
..R | ..P

Running from IH = HI to AF = GY, I get the above table. Note that are 7 rows, but there are a couple gaps in two of the rows that could be merged down. Specifically, rows 5 and 7 could merge into either rows 3 or 6. However, the next solved letter pair, RI = IR, is going to force the merger of row 7 into 6.

YEN | EF
A.C | DG
.X. | N
.KI | BH
..W | .LA
.QR | I.P

And that means row 5 merges into 3.

YEN | EF
A.C | DG
.XW | NLA
.KI | BH
.QR | I.P

Going through the entire CON, I get the below assignments.

.OYEN | EFC.U.V
FDA.C | DGO.T.W
...XW | NLA
GHMKI | BH..S.X
.S.QR | I.P..Y
T.... | ....R

It looks like, based on the right-hand column of the right-hand side that Square 2 is in columns. However, the left-hand column of Square 2 is running the opposite direction. So, maybe Square 2 was filled in alternating columns. It’s too early to say anything much about Square 1. But, Square 2 columns 6 and 7 can be merged, and the rows reordered.

.OYEN | EFCUV
FDA.C | DGOTW
GHMKI | BH.SX
T.... | ...R
.S.QR | I.P.Y
...XW | NLA

Rows 4 and 5 can be merged. We can guess that “QZ” can go at the right end of the last row.

.OYEN | EFCUV
FDA.C | DGOTW
GHMKI | BH.SX
TS.QR | I.PRY
...XW | NLAQZ

Square 2 columns 4 and 5 are in the correct locations, and it looks like columns 1 and 2 are also matched (B, D, E, F, G, H). Column 3 seems to be out of place, so let’s move that to column 1 and see what happens.

.OYEN | CEFUV
FDA.C | ODGTW
GHMKI | .BHSX
TS.QR | PI.RY
...XW | ANLQZ

The letters missing from Square 2 are J, K and M. Two-Square doesn’t use J, and anagraming the letters COPANIMK might give COMPANI-something (actually, COMPANION). Fill those in. Then, looking at rows 2 and 3 of Square 1 shows that that’s been filled in alternating rows.

LONEY | CEFUV
FDCBA | ODGTW
GHIKM | MBHSX
TSRQP | PIKRY
UVWXZ | ANLQZ

The keys are “LONELY” and “COMPANION.”

===============

Closely related to the above cipher-type is 6×6 Two-Square. The unkeyed alphabet for 6×6 is “a1b2c3d4e5f6g7h8i9j0klmnopqrstuvwxyz”.

This took me a while to figure out, but when you write in the keyword, you do so in letter+digit pairs. That is, if you want a keyed alphabet using the word “Derby,” in rows, you get:

D4E5RB
2YA1C3
F6G7H8
I9J0KL
MNOPQS
TUVWXZ

The larger table does make it a little harder to recover the plaintext from the cipher, but the letter+digit pairs are an almost immediate giveaway for how the keyed alphabets were entered in the squares.

I went through 15 year’s worth of Cm newsletter archives (2001-2015), with about 30 Two-Square, and five 6×6 Two Square, ciphers. The regular CONs showed a fairly even mix of routes (rows, columns, diagonals, spirals, alternations and mirror flips). The 6×6’s were largely on-by-rows and on-by-columns. But, out of 90 total issues, Two-Square isn’t one of the more popular, or consistent cipher types. I’ve written an encipher script, and a print-out script when given the solution keys. But, I haven’t bothered tackling a full solver yet. I’ve tried using Bion’s Two-Square gadget, but that’s clunky when I need to have several extra scratchpad rows and columns to work with. Instead, I’m still at the pencil and paper point. We’ll see if I ever get to writing up something a little more useful.

Summary:
1) Two-Square is a two-alphabet substitution cipher-type, in the same family as Three- and Four-Square.
2) Both squares use 25-letter keyed alphabets (minus the J), filled in any way legal within the Route Transposition cipher.
3) The plaintext is taken in pairs. The first letter goes into square 1, and the second into square 2, to form the opposite corners of a rectangle. The cipher pair is read off as square 2/square 1 from the other two corners.
4) If the plaintext pair is on the same row, just flip the order for the cipher pair (i.e. – “RI” = “IR”).
5) Decrypt the cipher by reversing the process.
6) Solving Two-Square involves placing a crib, if any, by looking for pair repetitions in the plaintext crib, and the shifted plaintext crib, then aligning those repetitions with repetitions of the same spacing in the ciphertext. If there are no repetitions in the crib, then look for letter pair inversions (i.e. – “RI”/”IR”).
7) Use the crib-to-ciphertext match-ups to reconstruct the squares.
8) When adding new letters to the squares, put them on new rows or columns. When you have enough information to confirm that two rows or columns are actually the same, merge the entire row or column.
9) Use alphabet ordering to identify the route used to fill the table. If enough information exists, you can use the reconstructed table to further solve the plaintext.
10) 6×6 Two-Square uses the alphabet: “a1b2c3d4e5f6g7h8i9j0klmnopqrstuvwxyz”.
11) The letter+digit pairs (a-1, b-2…) can be used to fill in the keyed squares, which is a useful clue for reconstructing the squares later.
12) For me, Two-Square is actually harder to solve than Four-Square. And, I think Four-Square is difficult.

Wiggles, part 48


Just a little ongoing story to give you something to play with until the next blog post.

DUT FTETMD KRE KSWFDM ETST ZTDDWFZ URSCTS DY XRNT YAD WF DUT MRFC, LAD W ERM ZATMMWFZ DUTO MDWPP UTRCTC MYADU. W ZYD WFDY R VSYAVU, ZWFZTSPO MDAVN XO SWZUD URFC WFDY XO MUWSD GYS R MPWFZ, RFC NTKD ZYWFZ. EWDUWF R XWFADT YS DEY, W VYAPC MTT DUT TFC YG DUT DAFFTP. WD DTSXWFRDTC WF R VRJT-WF, EWDU YFT KRDU SAFFWFZ DY XO PTGD, WF DUT MRXT CWSTVDWYF RM DUT SYADT GSYX DUT LRS. YCCPO, WFMDTRC YG R CSYK GSYX DUT DYK YG DUT KWKT DY R PYETS GPYYS, DUWM KRDU URC EYYCTF MDRWSM PTRCWFZ CYEF DY R GWFWMUTC LSWVN-PWFTC URPPERO. GASDUTS, DUTST ERM R CYYS DURD YKTFTC RERO GSYX DUT DAFFTP, RFC XO MWCT YG DUT CYYS URC LTTF GWFWMUTC DY STMTXLPT DUT MASSYAFCWFZ MRFC ERPPM. FY CYALD RLYAD WD, DUWM KRSD ERM CTMWZFTC WFDTFDWYFRPPO, RFC KSYLRLPO CWC FYD XTTD QRKRFTMT LAWPCWFZ VYCTM.

 

Thinking About Encryption, Part 51


Approaching St. Cyr

The Jan.- Feb. 2019 issue of the ACA Cm newsletter had a CON using the St. Cyr cipher-type. St. Cyr isn’t one of the standard ACA types, so the CON was listed in the Analyst’s Corner (which features ciphers that either don’t follow the guidelines, or aren’t one of the approved types). Fortunately, there was a note to refer to the Oct.-Nov. 1953 Cm from the archives. There, one of the earlier ACA members had written up a good article introducing the St. Cyr type.

What’s important to note up front is that if you do a net search on “St. Cyr cipher,” you’re going to find a few articles on how to make a St. Cyr slide. In effect, the slides are a simple strip of paper within a guide frame. The slide will have the letters A-Z repeated on them to create a short cycle. The guide will also have A-Z printed at the bottom. Together they form a Caesar shift encrypter. If you were instead to put the two alphabets on a pair of rotating disks, you’d have a Caesar shift encoder wheel, or ring. Which means that the St. Cyr slide and the secret encoder rings you used to get in boxes of sugar cereals and Cracker Jacks are fundamentally the same.

However, that’s not really what the St. Cyr cipher is about. Instead, we’re really talking about the Vigenere cipher again. As a refresher, the Vigenere cipher uses a table of Caesar-shifted rows in combination with a keyword. The keyword is written over the plaintext message, repeating as necessary, and each key letter acts as an index to one of the rows of the table. The cipher text letter is taken where the column indicated by the plaintext letter intersects with the cipher letter row. The main weakness to Vigenere is that the use of a keyword makes the ciphertext periodic, and if you can determine the period, you can crack the cipher as just groups of Caesar shifts.

St. Cyr is the French military academy established in 1802 by order of Napoleon Bonaparte. The St. Cyr cipher was taught at this academy, which is where it got its name. The St. Cyr slide can be used to encipher and decipher messages, but at St. Cyr’s heart is the Vigenere table (which can also include the Beaufort and Variant tables). The difference from Vigenere is the practice of using the keyletters on whole plaintext words. This breaks up the periodicity of the Vigenere cipher, but renders it vulnerable to a much simpler attack.

For example, say we use the keyword “HUMAN”, and the plaintext “to err is inevitable, to get caught at it is not.”

With Vigenere, we’d use:

HUMANHUMANHUMANHUMANHUMANHUMANHUMANHU
toerrisinevitabletogetcaughtatitisnot

ciphertext:
AIQREPMUNRCCFAOSYFOTLNOAHNBFAGPNUSAVN

But, with St. Cyr, it’s

HH UUU MM AAAAAAAAAA NN HHH UUUUUU MM AA NN HHH
to err is inevitable to get caught at it is not

ciphertext:
AVYLLUEINEVITABLEGBNLAWUOABNMFITVFUVA

Encryption and decryption would follow the same steps as with Vigenere, but using the “stutter key” as shown above.

Breaking St. Cyr is insanely easy with software. Just print out the text 26 times, once each with the incremented Caesar-shifted row.

A = AVYLLUEINEVITABLEGBNLAWUOABNMFITVFUVA
B = ZUXKKTDHMDUHSZAKDFAMKZVTNZAMLEHSUETUZ
C = YTWJJSCGLCTGRYZJCEZLJYUSMYZLKDGRTDSTY
D = XSVIIRBFKBSFQXYIBDYKIXTRLXYKJCFQSCRSX
E = WRUHHQAEJAREPWXHACXJHWSQKWXJIBEPRBQRW
F = VQTGGPZDIZQDOVWGZBWIGVRPJVWIHADOQAPQV
G = UPSFFOYCHYPCNUVFYAVHFUQOIUVHGZCNPZOPU
H = TOREENXBGXOBMTUEXZUGETPNHTUGFYBMOYNOT
I = SNQDDMWAFWNALSTDWYTFDSOMGSTFEXALNXMNS
J = RMPCCLVZEVMZKRSCVXSECRNLFRSEDWZKMWLMR
K = QLOBBKUYDULYJQRBUWRDBQMKEQRDCVYJLVKLQ
L = PKNAAJTXCTKXIPQATVQCAPLJDPQCBUXIKUJKP
M = OJMZZISWBSJWHOPZSUPBZOKICOPBATWHJTIJO
N = NILYYHRVARIVGNOYRTOAYNJHBNOAZSVGISHIN
O = MHKXXGQUZQHUFMNXQSNZXMIGAMNZYRUFHRGHM
P = LGJWWFPTYPGTELMWPRMYWLHFZLMYXQTEGQFGL
Q = KFIVVEOSXOFSDKLVOQLXVKGEYKLXWPSDFPEFK
R = JEHUUDNRWNERCJKUNPKWUJFDXJKWVORCEODEJ
S = IDGTTCMQVMDQBIJTMOJVTIECWIJVUNQBDNCDI
T = HCFSSBLPULCPAHISLNIUSHDBVHIUTMPACMBCH
U = GBERRAKOTKBOZGHRKMHTRGCAUGHTSLOZBLABG
V = FADQQZJNSJANYFGQJLGSQFBZTFGSRKNYAKZAF
W = EZCPPYIMRIZMXEFPIKFRPEAYSEFRQJMXZJYZE
X = DYBOOXHLQHYLWDEOHJEQODZXRDEQPILWYIXYD
Y = CXANNWGKPGXKVCDNGIDPNCYWQCDPOHKVXHWXC
Z = BWZMMVFJOFWJUBCMFHCOMBXVPBCONGJUWGVWB

Look for the rows with readable plaintext, and switch from row to row at the end of each plaintext word. Because the keyword is still going to be short compared to the plaintext message, it will cycle, so we just cycle on the output lines as well.

A = AV YLL UE INEVITABLE GB NLA WUOABN MF IT VF UVA
H = TO REE NX BGXOBMTUEX ZU GET PNHTUG FY BM OY NOT
M = OJ MZZ IS WBSJWHOPZS UP BZO KICOPB AT WH JT IJO
N = NI LYY HR VARIVGNOYR TO AYN JHBNOA ZS VG IS HIN
U = GB ERR AK OTKBOZGHRK MH TRG CAUGHT SL OZ BL ABG

Rearranging the lines to put the words in order will then expose the key.

H = TO --- -- ---------- -- GET ------ -- -- -- NOT
U = -- ERR -- ---------- -- --- CAUGHT -- -- -- ---
M = -- --- IS ---------- -- --- ------ AT -- -- ---
A = -- --- -- INEVITABLE -- --- ------ -- IT -- ---
N = -- --- -- ---------- TO --- ------ -- -- IS ---

Summary:
1) St. Cyr is a polyalphabetic substitution cipher that uses the Vigenere tables, but one keyword letter enciphers one full plaintext word.
2) It is not secure, and is actually easier to break in software than Vigenere or any of its variants.
3) You REALLY want to avoid keywords that include the letter “A”, which translates to a Caesar-shift of 0.
4) St. Cyr can be hardened by using the Variant or Beauford tables, and by mixing things up with any of the regular transposition types.

Wiggles, part 47


Just a little ongoing story to give you something to play with until the next blog post.

JEFXXB KAGMCVB, G YGY PFX XZ R CGIY ZQ X-GIXFETFMXGZI, OGXU R JRGE ZQ TGYF JRXUT HERIMUGIP ZQQ VGCF XUF ZIF QZE XUF HRE. HAX, XUF JRO JEGIXT G QZVVZOFY TFFWFY XZ HF MZIXGIAGIP TXERGPUX RUFRY. RIZXUFE 5-6 WFXFET, G EFRMUFY RI REFR OGXU R VGXXVF WZEF UFRY EZZW, OUFEF G MZAVY TGX AJEGPUX RIY MERYVF WB REW OUGVF G MRAPUX WB HEFRXU. G AIHAXXZIFY XUF QEZIX ZQ WB TUGEX XZ PFX FIZAPU WRXFEGRV VZZTF XZ OGJF TZWF ZQ XUF TRIY ZQQ WB QRMF RIY ZAX ZQ WB URGE. G TOAIP XUF QVRTUVGPUX REZAIY RPRGI, TUZOGIP XURX G ORT TXGVV GI R XAIIFV RHZSF XUF YERGIRPF JGJF, TAEEZAIYFY HB TRIY ORVVT RIY MFGVGIP. G ORTI’X TAEF, HAX GX QFVX VGCF G MZAVY TFITF TXEFFX XERQQGM. GX ORT PFXXGIP MVZTF XZ 10:30, TZ WZTX ZQ XUF SFUGMVFT OZAVY HF HATFT, XRLGT RIY YFVGSFEB XEAMCT IZO. IZX MZITXRIX IZGTF, HAX TZWF VZO EAWHVGIP XURX PZX VZAYFE XUFI KAGFXFE. G WATX HF IFREGIP XUF FYPF ZQ XUF REMRYF.

Thinking About Encryption, Part 50


Approaching Monome-Dinome

ND 2018 and JF 2019 both had Monome-Dinome CONs, and I misremembered having a VBScript solver for M-D. I was going to solve this one last cipher for both issues of the Cm, and then, really, take a break to do my chores. Turned out, though, that the earlier script was for Amsco, which also used the “monome” “dinome” terminology. By then, it was too late. I looked up the description for the cipher-type on the ACA website, and I found an article in the ACA Cm archives on how to solve M-D. The next day, I was at the school I teach at, and during one of the breaks I sat down and tried working on the ND 2018 M-D CON, because I didn’t have anything else to read. A little later, I had a longer break, and I solved ND2018 all the way up to almost getting the key. By the end of the day, I’d extracted the key, too. The following day was a rainy Sunday, so I went to a coffee shop and focused specifically on the JA2019 M-D CON. I had the key for that one 2 hours later, ignoring the fact that I was doing all my work in ink on paper because I couldn’t be bothered to pull my pencil out of my backpack.

Monome-Dinome is a simple monoalphabetic substitution cipher that uses a 3×8 grid to create the substitution table, either to the digits 0-9, or 10 random letters of your choice. Since the grid only holds 24 letters, 2 letters need to be doubled up (generally J with I, and either V with W, or Z with Y, but it could be anything, depending on the author’s discretion). I’ll use numbers, and double up I and J, and Y and Z. First, pick the order of 8 of the 10 digits and write them over the top of the grid. Use the remaining two digits as row selectors for the grid. Also, pick a keyword for the alphabet, write that into the grid and fill in the rest of the grid with the other letters.

. 71029645
----------
.|TEACHRBD
3|FGIKLMNO
8|PQSUVWXY

Write out your plaintext message:

T H I S I S A T E S T I T I S O N L Y A T E S T

Next, use just the single digits for the top row of letters from the grid (the monome), and the row selector plus column number for the letters in the other two rows (the dinome).

7 9 30 80 30 80 0 7 1 80 7 30 7 30 80 35 34 39 85 0 7 1 80 7

Finally, pull out all the spaces, and order the numbers in groups of five (out of tradition, and also because it makes the message harder to crack).

79308 03080 07180 73073 08035 34398 50718 07

Deciphering is the reverse process. First, make the grid, and fill in the key alphabet. Write out the ciphertext, and separate the numbers into 1 and 2-digit pairs. Finally, substitute the numbers for the corresponding letters in the grid.

Cracking M-D first requires that you identify the two digits used for the row selectors. If you look at the grid carefully, you’ll see that a selector can not be combined with itself (i.e. – 33, and 88 are illegal pairs), and it can not combine with the other selector (i.e. – 38 and 83 are illegal pairs).

Now, in my test cipher, the only doubled-up digit is 00, so we need to see what the pairings are. We do have a “93” and “39” combination, “03” and “30”, “08” and “80”, “07”, etc. But, the message is too short to draw other conclusions. So we need to do a frequency count.

0 - 11 (Invalid because of 00 pairing)
1 - 2
2 - 0
3 - 7
4 - 1
5 - 2
6 - 0
7 - 6
8 - 6
9 - 2

Because the two selectors pair generally with the other 8 digits, they should appear more frequently than anything else. Unfortunately, we still have three strong candidates – 3, 7, 8. Of the three, 3 is the most common, so let’s flip a coin and use 3 and 7. Break up the message into 1- and 2-digit units.

79 30 8 0 30 8 0 0 71 8 0 73 0 73 0 8 0 35 34 39 8 5 0 71 8 0 7

Yes! A clear reason to invalidate 7. Actually two clear reasons. First, it’s pairing with 3 (73), and second it appears at the end of the message unpaired. That leaves me with 3 and 8 as the selectors. Let’s try this again.

7 9 30 80 30 80 0 7 1 80 7 30 7 30 80 35 34 39 85 0 7 1 80 7

This is now a Patristocrat (the ACA’s name for newspaper-like Crypto Quips minus the word spacing and punctuation). Let’s supply a crib – “it is”. This gives us a filter of “1_1_”. Or, the same letter has to appear somewhere in the text separated by something that itself isn’t duplicated within the 4-character segment.

Possible candidates are: 30 7 30 80 and 80 30 80 0.

We need to do another frequency count.
7 9 30 80 30 80 0 7 1 80 7 30 7 30 80 35 34 39 85 0 7 1 80 7

0 - 2
1 - 2
7 - 6
9 - 1
30 - 4
34 - 1
35 - 1
39 - 1
80 - 5
85 - 1

Following the ETAOIN SHRDLU pattern, “E” would generally be the most common letter, but since we already know what the plaintext is, we also know that things are kind of out of skew. But, we should still expect “T” to be a little more frequent than “I”. With “30 7 30 80”, 7 outperforms 30 at 6 to 4. while with “80 30 80 0”, it’s 80 for 5 and 30 for 4. We’d also expect “S” to slightly outperform “I”, and we don’t get that with “80 30 80 0” (0 only shows twice). The better bet for our crib right now is “30 7 30 80.”

T 9 I S I S 0 T 1 S T I T I S 35 34 39 85 0 T 1 S T

For the first word, “T9IS”, the first obvious choice would be 9 = “H”. But that only appears once. We do get “0T1ST” twice, and that could be “something-TEST”. “IS something TEST” might be “IS A TEST”, so let’s try that (A = 0, 1 = E).

T H I S I S A T E S T I T I S 35 34 39 85 A T E S T

From here, we don’t have enough information to pin down “35 34 39 85”. So, let’s look at the grid.

. 01245679
----------
.|AE....TH
3|I
8|S

And now we really are at a deadend because we don’t have that many letters in the alphabet to work with. But, we can make maybe one or two observations. First, the last row is going to include RSTUVWXY unless one or more of the letters are in the keyword. We can already see that “T” has to be in the key, while “S” isn’t. The other upper end letters aren’t either because they’re pretty low frequency. That means that the “S” column may be shifted two places to the right. Like so:

. 12045679
----------
.|E.A...TH
3|..I
8|..S

I’d fill in UVWXY, except I don’t know which letters pair with “T” and “H”. Notice, though, that “A” is in the middle of the key. Also, there are 8 + 2 letters until we get to “I”, and “I” is the 8th letter in the alphabet. Therefore, the key has to use 2 letters higher up in the alphabet than “I”. We already have “T”, and we think we’ve placed “S”. We’re not using “J”, and that just leaves K-R. We don’t think “I” is in the key, unless it’s a really long key. There are 7 letters in the grid between “I” and “S”, and normally there are 8 letters there. Anagramming “EATH” + “BCD” + one letter from “KLMNOPQR” will give us “EARTH” and “TEACHER” (drop the second “E” for “TEACHR”). We would like “A” to be the 3rd letter in the key, and we do get that with “TEACHER”. If we rearrange the grid again, we get:

. 71049562
----------
.|TEACHRBD
3|FGIKLMNO
8|PQSUVWXY

Yes, the numbers on the top row are speculative for “C”, “R”, “B” and “D”, but this is the best we can do with such a short plaintext message. Even so, I don’t think I cheated all that much by knowing the original key alphabet. I did make a few leaps, but they were probably justifiable.

BUT… The word we couldn’t place, “35 34 39 85”, uses three letters from “KLMNO” and one from “UVWXY”. Further, 35 and 85 are in the same column. Surprisingly, 39 aligns with “L” (we’ve placed the 9 column because it includes “H”). That means our word could be M?LW, N?LX or O?LY. If we assume that it is “ONLY”, it does fit in with our plaintext message, and maybe we can finish off the number key after all.

. 71049245
----------
.|TEACHRBD
3|FGIKLMNO
8|PQSUVWXY

In any event, Monome-Dinome is solvable with pencil and paper, and I’m not seeing a reason for writing up a solver for it just yet. I may consider a tool for doing the digit counting for me, and for testing for legal row selectors, but it’s not a priority. When the next M-D CON comes out, I’ll try Bion’s solver first, and then see where that takes me.

Now, I have no excuse. Chores. Sigh.

Summary:
1) Monome-Dinome is a simple single-alphabet substitution cipher.
2) Pick a keyword, remove duplicate letters, and then complete the alphabet with the other letters, minus J and maybe V or Z.
3) Pick an 8-digit number (0-9) with no repeating digits and write them above a 3×8 grid. Write the remaining 2 digits to the left of the bottom two rows of the grid, then fill in the grid with the 24-letter alphabet.
4) Write down the plaintext message and encrypt it with the single digits for the top row of the grid, or the row selector and column digit for the bottom two rows. Remove the spaces between numbers and order them in groups of 5.
5) For decrypting, just reverse the process.
6) To solve M-D, do a frequency count on the digits, with the expectation that the 2 highest values will be the row selectors. Of the two selectors, the one with the lower frequency will probably represent the bottom row of the grid (because of the presence of so many low-frequency letters, like Q, V and X.
7) The list of row selectors can be narrowed down by eliminating any digits that appear in pairs in the plaintext (i.e. – 11 or 55). Also, no selector will be paired with the other selector (if you have “83”, and “8” is a selector, “3” can’t be the other selector.)
8) Once you have the selectors identified, solve the CON as a Patristocrat.
9) You can extract the keyword and grid numbering by putting the letters in the lower two rows into ascending order.
10) M-D is not particularly secure, and if you have a crib with repeated letters (i.e. – “letter” or “river,”) it’s pretty easy to solve. It can be hardened by completely randomizing the alphabet, and by applying something like Rail Fence to the finished cipher.

Wiggles, part 46


Just a little ongoing story to give you something to play with until the next blog post.

E MEMG’X HSLOOV OEWS XPS EMSL UT TUOOUZEGR LTXSH XPS XPEGR, DUV, ZPLXSBSH, DFX E PLXSM XPS EMSL UT RUEGR XPHUFRP XPS CLQQLRS SAEX LGM MUUH PLXIP SBSG NUHS. DSQEMSQ, XPSHS ZLQ L TLEGX PUCS XPLX XPSHS NERPX DS NUHS XPLG UGS ZLV UFX UT PSHS. ZPEOS XPS CLQQLRS XU XPS DLH ZLQ IOSLG, LGM IOSLGOV IFX, LGM XPS OLXIP UG XPS MUUH ZLQ EG RUUM IUGMEXEUG, XPS CLZ CHEGXQ EGMEILXSM HSOLXEBSOV IUGQEQXSGX XHLTTEI XPHUFRP PSHS, ZPEIP QUNSUGS EG XPS DLH ZUFOM PLBS QCUXXSM DSTUHS XPEQ ET LOO UT EX PLM DSSG XPHUFRP XPS RHSSG HUUN. E RHEXXSM NV XSSXP, OEXSHLOOV – MLNG QLGM – LGM WSCX IHLZOEGR TUHZLHM.

Cm History, 1932-1940


I bought an Android tablet about a year ago, and I got so irritated with how clunky the interface was, and how difficult it was to write apps in Java, that I tossed it on a stack of stuff and let it gather dust. I have a cell phone and a good pocket camera, and I don’t text or listen to music when I’m outside, so the tablet didn’t really add anything. More recently, though, I’ve been wanting a way to read archived issues of the ACA Cm newsletter while I’m riding the streetcar, or between English classes, and I was wondering if the Android natively supported a PDF reader. By this point I’d forgotten my login password and I didn’t remember where I wrote it down (if I ever did). So, I did a hard reboot, and spent several days trying to find a secure Wifi hotspot site so I could access the net and reset the password (I don’t need wifi at home). When that was over, I downloaded a test archive PDF from the ACA website, and I could read that. So, I downloaded every archive file from 1932 to 2015, and began reading. (Please note, I may not have all of the below information 100% correct, but this is as good as I can get it right now.)

Actually, I’m only up to 1940, but that’s good enough for the moment. For background, the American Cryptogram Association first formed in 1929 as a group of friends that had played card games together, but wanted something else to do when they couldn’t get 4 partners together for Bridge. They investigated various kinds of puzzles, such as crosswords, and hit on newspaper-style crypto quips as their favorite type. They registered the name American Cryptogram Association (ACA) and printed their first newsletter, the Cryptogram (The Cm), in Feb., 1932. Membership was $1 for one year.

The ACA was joining the ranks of other groups such as the National Puzzler’s League (1883-, mostly word games and wordplay; newsletter is The Enigma), Detective Story Magazine (1915-1949, which had a Cipher Secrets corner), and a couple others which seem to have faded into the mists of time. Some of the ACA members came from the NPL, so some of the vocabulary overlapped the two groups (members are called the Krewe, and aliases are “noms”). The ACA leaders felt that crypto quips were “the aristocrats of puzzles,” and were thus dubbed “aristocrats” to differentiate them from other cipher types.

1932

Feb.
– First issue of the Cm released. All ciphers in the issue are Aristocrats.

April
– The term “the Krewe” for the membership is introduced. Martin Gardner joins briefly.

June
– First attempt to introduce rules for how to construct Aristocrats for submission.

Aug.
– First start at trying to explain how to solve Aristos, introduction of the Phillips System, and the Porta Slide.

Oct.
– First mention of “undivided substitutions,” with the process for solving them. First appearance of undivided substitution crypts as an alternative to Aristos.

1933

April
– First appearance of a French Aristo. More foreign-language crypts start showing up after this, in French and Spanish.

June
Herbert Yardley ((1889-1956) former head of the Army Signal Corps intelligence MI8 department, creator of the Black Chamber, and author of The American Black Chamber) joins the ACA and is immediately named Vice President, with the nom “Bozo.”
– Joining at the same time is Helen Fouche Gaines, with the nom “Piccola” (1888-1940). Helen had been working as an author for other puzzle magazines at the time, and became one of the ACA’s most prolific writers in the Cm, introducing a wide variety of cipher types over the next 7 years, and showing how to solve them. Her entry in the Arkansas Biography: A Collection of Notable Lives states that there’s a very good likelihood that she served as a cryptographer/trainer for the U.S. Navy during WW I. She eventually published one of the best books on the subject, Elementary Cryptanalysis to that date in 1939. The book is still recommended by the ACA to members new to the subject. She passed away 1 year later.

Aug.
– Introduction of “bi-literals,” Aristocrats enciphered in such a way that the ciphertext is also readable English words. Introduction of the book review section.

Dec.
– Piccola introduces the first transposition cipher type, which is later called Route Transposition. Transposition CONs start appearing in the Cm after this.

1934

Feb.
– One reader asks for Fletcher Pratt’s address to ask him about Nihilist and Grille ciphers. Piccola writes the first true article on vowel spotting and digraphs in undivided substitutions.

Apr.
– Piccola introduces a method for finding repeated sequences. Transpositions are now a regular column in the CONs section. Foreign language CONs are still mostly Aristos, but now include German and Portuguese.

Aug.
– Italian is added to the foreign CONs.

Oct.
– Piccola introduces Null ciphers.

Dec.
– Piccola introduces 5×5 Checkerboard ciphers using numbers for the row and column identifiers. A user named Patristocrat starts showing up more often in the Cm.

1935

Feb.
– One article introduces the Bazeries cipher. Piccola introduces the Vigenere, and the first set of Vigenere CONs to appear in the Cm. A Challenges column is added to include harder CONs.

April
– One of the members starts writing about Bacon, Shakespeare and ciphers. The problem up to this point is that a certain group of people that felt Bacon wrote Shakespeare’s plays had tended to be borderline crazy in coming up with conspiracy theories, and the ACA members viewed them as nutjobs. Also in this issue, Piccola writes about how to solve Vigenere ciphers.

June
– Piccola introduces the Kasiski method for obtaining the period length of Vigeneres. Bozo writes an article on recovering key alphabets (does not include Aristos. Up to this point, people do not seem to be using key alphabets for encrypting Aristos or “undivided substitutions.”)

Aug.
– We’re given the letter frequencies of different languages.

Oct.
– Piccola introduces the Gronsfeld cipher.

Dec.
– An article appears on the solution of one of Benjamin Franklin’s enciphered messages that had up to that point been unbroken.

1936

Feb.
– Piccola introduces the Saint Cyr slide.
– A new CONs section is specifically dedicated to “undivided substitutions” (Aristos without the punctuation or word breaks), and 2 of the 3 CONs are provided by the user Patristocrat.

Apr.
– First appearance of a cryptarithm (math division problem with letters substituted for the numbers). For the next year or so, these kinds of problems can have multiple solutions, and several members would compete to see who could find the most possible.

Sept.
– This is actually a special cipher contest issue, and just consists of challenge ciphers.

Oct.
– Piccola introduces the Running Key Cipher. At this point, running key is a Vigenere cipher, using a long passage from a book as the key. The current implementation where one half of the plaintext is used to encrypt the other half does not appear until later.

Dec.
– Piccola introduces the Auto Key Cipher.

1937

Feb.
– Occasionally, one or another member will discuss books that have caught their interest, but there’s still no real review section yet. Other times, someone will attempt to compile a comprehensive list of books that either analyze ciphers, or incorporate them in the story.
– In this issue we get one of the “comprehensive lists,” which includes Bram Stoker’s “The Mysteries of the Sea,” with it’s Bacon cipher on pages 465-475.
– Piccola writes more on Auto Key.
– There’s an announcement of the new Cipher Exchange department, to hold the ciphers discussed by Piccola.

Apr.
– Piccola talks about the use of parallel alphabets for periodic ciphers (like Porta and Vigenere), and we get the first appearance of the Cipher Exchange (now a common feature of the modern version of the Cm).

June
– Piccola writes about recovering the primary alphabets from Vigenere and other periodic ciphers.
– Columnar Transposition starts showing up by name in the Cipher Exchange.

Aug.
– Piccola introduces the Nihilist Substitution Cipher.

Oct.
– Piccola writes more on the idea of key phrases for key alphabets.

Dec.
– Piccola delves deep into Columnar Transposition, with Part 1 here, and Part 2 in the Feb., 1938, issue.

1938

Feb.
– The encrypted math problems are now officially renamed to Cryptarithms.
– Up to this point, the user Patristocrat (Webb C. Patterson) had been almost the sole supplier of undivided simple substitution CONs, and the Cm editor claims that because he has a backlog of over 500 of these from Webb, that from here on Undivided Simple Subs will be called “Patristocrats.”

Apr.
– Nap writes an article on Alphabet Slides and their uses. This includes instructions on making cardboard slides with sets of alphabets on them for easy encryption and decryption of periodic ciphers. Good for solving the Vigenere family by hand.

June
– Piccola introduces the Nilihist Cipher.

Aug.
– Piccola writes about the bigram test, which is useful for breaking Columnar and Nihilist Transpositions, and Patristocrats by hand.
– There’s a walkthrough for a solution of a French crypt, with the frequency analysis of the French language.
– There’s also a condensed analysis for identifying unknowns.

Oct.
– First outright suggestion that people construct Aristos using a keyed alphabet. No mention of K-1 through K-4 yet.
– More condensed analysis of unknowns.
– Piccola and RLH discuss the Playfair Cipher, part 1.

Dec.
– The first discussion of using decimation to recover Aristo K-3 type keywords.
– Part 2 of Piccola’s and RLH’s Playfair Cipher article.
– Letter frequencies of other languages.

1939

Feb.
– Part 3 of the Playfair article.
– As the presence of WW II makes itself ever more obvious to America, there are more references to it in the Cm. Several members, specifically those in Canada, are announced as going into military training, and then being posted overseas. The Cm editor suggests that ACA members should contact their local authorities to see if their skills can be used by the government. The ACA votes on whether to use its spare funds for buying War Bonds. And, there is a growing request for members to stop sending ciphers on post cards in the mail, because it’s resulting in the embarrassment of being hauled in for questioning on what exactly is in those secret messages.

Apr.
– Neoteric writes about the difficulties of understanding the German language.
– Piccola writes an introduction on Incomplete Columnar Transposition.

June
– A review of Fletcher Pratt’s book “Secret and Urgent” (1939).

Dec.
– There had been some mention in the Cm up to this point of Piccola’s work on her “Elementary Cryptanalysis” book, with the ACA deciding to publish it and multiple requests for preorders to cover initial printing costs. In this issue, there’s the official announcement that the book is on the shelves. From here, ACA members start sending in CONs based on types described in the book that had not yet been introduced in the Cm. A few articles appear later on analyzing how to break these CONs. There’s also kind of an unofficial contest for who can solve every single CON in the book first. A couple years later, there are still 2 or 3 that remained unsolved.
– There’s an article in this issue on the process for solving Italian crypts.

1940

Feb.
– Ab Struse writes an article on pattern word lists. He basically suggests the usefulness of lists of words with certain repeated letter patterns. It’s good for a pencil and paper approach, and ultimately extends to software tools for breaking Myszkowski ciphers.

Apr.
– The use of partial alphabet tables for Vigenere for determining letter shifts based on frequency counts. This may be a good test for harder Vigs, but it may duplicate the IC test.

June
– Helen Gaines (Piccola) passes away. Her obit appears in this issue.
– A posthumous article by Piccola appears, highlighting Porta.

Oct.
– Use of odd-numbered Grilles, part 1.

Dec.
– A “robot” approach to solving subs is described. This seems to be best suited for Aristos rather than Pats.
– Use of odd-numbered Grilles, part 2.