Gakken Update, June


Gakken’s really gone into a hole with their Otona no Kagaku (adult science) kit series. They’ve stopped sending out their email newsletters, and there hasn’t been a “new” product in maybe a year. The last toys were things for kids (making pictures or dolls) over 9 months ago, which I had no interest in. The only new things have been re-releases of old kits under the “Best Selection” title. First had been the Pinhole Planetarium (BS01) in January.

Then, in June, Gakken released BS02, the Dual Lens 35mm Film Box Camera. The magazine has been scaled down to 24 pages (including instructions), while the kit price is still at 2,980 yen (without the 8% sales tax). This camera is fun to build, but the price of film and processing relegates it strictly to a bookshelf oddity. It’s not going to replace your smartphone, if that’s why you want to buy it. Not recommended unless you can get it at a discount.

Thinking About Encryption, Part 58


5×5 Checkerboard
6×6 Checkerboard
Double Checkerboard
Straddling Checkerboard

The main reason for putting together the Cm history in earlier posts was to lead up to this entry. I feel like I’ve been doing pretty well in learning new cipher types, and being able to crack the CONs in the Cm that I’ve tried tackling. For the most part, I give up on the harder Patristocrats (crypto-quips without the punctuation or word breaks), but I can generally solve all Aristocrats per issue, most if not all cryptarithms, some Expert Corner CONs, and an ever-growing collection of Cipher Exchange CONs (most transpositions, most of the Vigenere family, Nulls, Baconians, etc.) In the Mar.-Apr. 2019 issue, I solved 66 of the 102 CONs (excluding all of the foreign language xenocrypts). I think I’m doing ok.

But, I didn’t want to get involved in any substitution types (Quagmires, Bifids, Trifids, etc.) that would require analyzing letter contacts, trigraph frequencies, or anything more complicated simply because I’m not ready to put in that much effort to solve just one type at a time. However, as I was skimming through the Cm archives, I found Piccola’s article introducing the Checkerboard, and it seemed simple enough.

At its simplest, the 5×5 Checkerboard is a 5×5 grid containing a keyed alphabet (I=J), with keys along the top and left sides. In Piccola’s version, the keys are numeric, but the ACA commonly uses 5-letter words now. The alphabet can be written into the square in any valid Route Transposition pattern. Below, the keys are “CHILD” and “CHAIR”, the alphabet is keyed with “PLAYGROUND” and is written in columns.

....CHAIR
--------
C | PRBIT
H | LOCKV
I | AUEMW
L | YNFQX
D | GDHSX

The plaintext is enciphered by replacing each letter with the associated row and column letters. (e.g. – “S” = “DI”). If the plaintext is “help me”:

DA IA HC CC II IA.

Decryption is just the reverse process.

Solving a 5×5 Checkerboard CON is really no different than tackling a Patristocrat. If you don’t like working with 2-letter or 2-digit values, just convert them to single letters first.

DA = A
IA = B
HC = C
CC = D
II = E
IA = B


ABCDE B

Once you’ve solved the Pat, you can try to extract the keys if you like. This is almost insanely easy. First, extract the first and second letters of the pairs (DIH and ACI in the above example) and anagram them to get potential 5-letter words. If we had a longer CON, we’d see that the letter groups are DIHCL and ACIHR. The only words they form are CHILD and CHAIR. Write CHILD to the left in a column, and CHAIR across the top of the table. Then fill in the square with the matching letters of the plaintext.

....CHAIR
---------
C | P....
H | L....
I | ..EM.
L | .....
D | ..H..

Again, with a longer plaintext message, we’d get enough of the table to guess at the keyword and how the alphabet was written in.

When I first sat down to tackle the 5×5 Checkerboard CON in the Mar.-Apr. 2019 issue of the Cm, I needed to put together a short VBscript for converting the CON to a simple Patristocrat form. That took about 2 hours. After that, I spent maybe half an hour cracking the Pat in my En/De program. Finally, I wanted a second script for taking the solution and comparing that to the ciphertext to print out the keyed alphabet. That part took maybe another hour. The CON was identified by the editors as being moderately difficult, #14 out of 26 total. Getting two working scripts for a cipher type I’ve never tried before, and cracking it in under 4 hours is not too shabby…

6×6 Checkerboard
Nothing really special here, except for how the digits are written into the table. Following past practice in other ciphers, it’s probably going to be:

A1B2C3D4E5F6G7H8I9J0KLMNOPQRSTUVWXYZ

In the above example of PLAYGROUND, we’d get:

....MOTHER
----------
F | P7459S
A | LRBFJR
T | AO260V
H | 1UCHKW
E | YN38MX
R | GDEIQZ

Double Checkerboard
Ok, this is going to be a bit tougher to crack. The idea is to use two different keywords for the row and column identifiers.

.....DAILY
.....CHAIR
----------
DC | PRBIT
OH | LOCKV
CI | AUEMW
KL | YNFQX
SD | GDHSX

This gets us closer to a Homophonic substitution, because we can have four different ways of encrypting a specific plaintext letter. (e.g. – “S” = SL, SI, DL or DI.) I haven’t tried solving a Double Checkerboard yet, but it is going to be similar to a regular 5×5 in that you want to anagram the first and second letters of the pairs to get potential 5-letter words, then use those for determining which pairs are equivalent. That just gives you a plain Patristocrat again, and we know how to solve that.

Straddling Checkerboard
I stumbled across this type when I was looking for more information on the plain 5×5 Checkboard. In fact, the Straddling Checkerboard is nothing more than a slight variation on what the ACA calls the Monome-Dinome. I’ve already discussed this in the past.

Summary:
1) The Checkerboard cipher is just a way of disguising a Patristocrat. It’s a substitution type.
2) The rows and columns can be identified either with 1 or 2 words, or a sequence of numeric digits, and can be 5×5 (I=J) or 6×6.
3) The keyed alphabet is written in the square in any legal Route Transposition pattern.
4) Solve the CON as a Patristocrat.
5) Recover the keys by anagramming the first and second letters of the ciphertext pairs as groups.
6) Then, fill in the blank square with the matching plaintext letters from the finished solution.
7) Straddling Checkerboard is an unrelated type, and is just a variation on the Monome-Dinome type.

Cm History, 1951-1955


1951

Feb.-Mar.
– Minimax provides an introduction to the Hill Cipher, which is an example of algebraic cryptography (C = aP). The article uses C = 3P, combined with modular math. If P = “A” = 1, then C = 3 = “C”. If P = “J” = 10, then C = 30 = 4 = “D”. We’d want “a” to be relatively prime compared to 26, so even numbers are disallowed.
– There’s an unattributed article on the use of cryptography in fingerprinting. The idea here is that the swirls, lines and other features of a fingerprint can be represented symbolically, meaning that fingerprints can be turned into image ciphers.
– B. Natural – A Study of Fractionated Morse.
– Anon – Characteristics of the Russian language.
– The editor writes that the Wren Cipher was not intended to be an official CON, but a lot of readers sent in their own solutions expecting credit for them. The sample solution given looks like garbage.
[Note: I did get a reply back from someone at the Royal Society, saying that the Wren Cipher is real, and they have the original in their archives. It was first solved in the 1890’s, in a letter to an Australian newspaper. The message is written in reverse, where every third letter is used to spell out Christopher Wren’s name. Pretty cool.]

Apr.-May
– Cagliastro – Using a probable word approach on Slidefair (Vigenere/Beaufort).
– Two new departments are added: Keynotes and Cryptopics.
Keynotes uses Aristos with some of the plaintext aded to help newbies.
Cryptopics is a catchall for various topics on cryptography.
[Both departments die off after a few issues.]
– One article gives dates for 20+ cipher systems, taken from the book “Secret and Urgent,” by Fletcher Pratt.
– Cryptopic 1: by Ab Struse – Non-idiomorphic solutions. Using words with no repeating letters as a crib in Quagmire III ciphers.
– Tonto – Theory of Substitutions as applied to Quag. III.
– Xenocrypts introduces the Dutch language.
– 2 members write to the editor about Fractionated Morse – one saying “I hate it, nevermore!”, the other “I love it! More, more!”

June-July
– An obituary is run for Contractus, who passed away in Feb. 1951.
– Contractus (posthumous) – The Optional Diagonal Analysis for determining unknown types.

Aug.-Sept.
Sellwyn White – A Baconian Variation. The idea is to use a keyword, with the letters in sequence through the plaintext, to represent “b”. All other letters, or other letters of the keyword that are not in sequence, are “a”. [I haven’t seen this variation used yet.]

Oct.-Nov.
– Delac – Serated Playfair. This is an introduction, and instructions on how to solve it. Basically, the text is written in periodic groups (as with Bifid) and the Playfair table lookup is done by vertical pairs.

THISIS
ATESTX

Instead of taking the letters as TH, IS, IS, we use TA, HT, IE, etc.

– Red E. Raser – An article on solving AMSCO.
– Helcrypt – Using consonant sequences for solving Aristos.

Dec.-Jan.
– Text graphics of a raindeer on the cover. It’s not an ornamental crypt, but is a first step towards one.
– Fiddle – A method for solving Progressive ciphers (Vigenere, Porta, etc.) Crib placement when the crib is at least 2 letters longer than the period. The progressive cipher was described in Elementary Cryptography (Helen Gaines). Basically, it’s a Vigenere (etc.) cipher encrypted twice, with an offset the second time.
– Helcrypt – Using pattern words to solve Keyphrase ciphers.
– Film-D – Using “greater-than, less-than” analysis to solve certain types of cryptarithms.

1952

Feb.-Mar.
– First real appearance of a Table of Contents for the magazine.
– S-Tuck provides an analysis of a difficult simple substitution cipher.
– Sellwyn White – Writes an article on the Interrupted Key Cipher.

Apr.-May
– S-Tuck – Decrypting the Nicodemus Cipher.
– Ab Struse – Writes about the d’Agapeyeff Cryptogram, which was a challenge cipher from the book “Codes and Ciphers” (1939).
– Curley – Writes about the benefits of using a pre-made Phi Test table.

June-July
– The editor attempts to start a single-topic theme concept for the Cm, with this one dedicated to Simple Substitutions.
– Nip N’ Bud – 15th century rules for Modern Italian Simple Substitution ciphers.

Aug.-Sept.
– Tonto – The Trifid cipher (similar to the Bifid, which uses a keyed alphabet in a 5×5 square, but with a straight keyed alphabet instead).
– Zembi – “Pablo Waberski’s message of distress,” an analysis of a simple cipher given in H. O. Yardley’s “The Black Chamber” (p. 169).

Oct.-Nov.
– X. Gotky and S-Tuck – An analysis of the Even-Period Bifid.
– Ewlee – Breaking Progressive ciphers using probable words.

Dec.-Jan.
– Introduction of the VariTyper for printing up the Cm, and the implementation of a new typeface for the use of new symbols. The Russian typeface is available for $21, allowing for Russian Xenocrypts in the original character set.
– The ACA is running out of money. Dues are now at $3/year. Suggestions are to raise the rates, or stay at $3 and beg for donations.

1953

Apr.-May
– We get a bio of Helcrypt, AKA Henry E. Langen. He worked as an instructor of applied criminology for the Chinese Police Force, commissioned by Chiang Kai-Shek in 1946. Later works as in security for a department store chain.
– Dubious – Working through an example of a German Field cipher as described in the Elcy (Elementary Cryptography) book.
– Helcrypt – Combining probable word with letter frequencies for Aristos and Pats.
– Anon – Examples for Route Transposition. [This is the first complete examination I’ve seen in the Cm for rows, columns, diags and spirals.]
– First call for “photocrypts” for use in the Cm. This may be the origin of Ornamentals (image-based crypts), but it’s slow to catch on.
– Members had demanded that the deadlines for submitting Sols be eliminated. So, in this issue the editor announces that answers will no longer be included in the Cm. If you want them, you have to write a letter asking for them to be mailed to you.

June-July
– Red E. Raser – Using and solving the Portax Cipher.
– Helcrypt – Ciphers in literature.
– Photocrypt of a Christmas postcard (p. 34).

Aug.-Sept.
– First appearance of a Russian Xenocrypt using the Russian typeface.
– Photos of the department editors are run in each of their departments for the first time (this is also short-lived).
– A chart of alphabets and letter frequencies is presented for Xenocrypts.
– Announcement of Empty’s death.
– S-Tuck – Solving Myszkowski Transposition.
– Astrolabe – Analysis of the ADFGVX German Field Cipher of 1918.

Oct.-Nov.
– Don Scotus – Analysis of the St. Cyr Cipher.
– The Canton ACA office is hit by a fire. The Cm needs to be completely retyped and reset.
– Kohop – Finding Kpt-Kr for any non-English alphabetic language.

Dec.-Jan.
– Quexna – Developing a framework for phonetic ciphers (written ciphers based on the dictionary pronunciations of words. To be used with Trifid or Vigenere type ciphers). This approach does not seem to have been adopted by the ACA.
– Fiddle – Introducing ancient Greek Xenocrypts.
– Fiddle – A table of International Morse Code for English, German and Russian.
– Esby – Historical notes on an early Nihilist cipher. The message is written in plaintext, but the cipher is encrypted based on the number of letters joined together using handwritten script. The group numbers are then used as row and column indices for a 5×5 Polybius square. The article is adapted from the writings of John Holt Schooling, published in a British magazine in 1896.

1954

Feb.-Mar.
– Bob O’Lynque – A start on cracking Quagmire III.
– Dr. Cryptogram – A review of Fletcher Pratt’s April 1953 Computers and Automation magazine article, “The Art of Solving Secret Ciphers and the Digital Computer.” The gist is that Pratt thinks computers are best suited to frequency analysis and key breaking.

Apr.-May
– First appearance of Helcrypt’s “The Cryptyro’s Black Chamber” department. This is a series of articles designed to help newbies understand crypts. It starts with a Brief History of Cryptography.
– A short article on Georgetown University’s IBM 701 computer program for machine translation from Russian to English, and ends with the fear that all the fun will be sucked from cryptography by auto-solvers.
– An article on Dr. Alfred Kinsey’s use of codes to make his sex research reports unreadable by the unintiated.

Apr.-May Solver’s Supplement
– Solutions to crypts are being placed in a booklet separate from the main Cm.

June-July
– H. O. Yardley rejoins the ACA under his old nom of Bozo.
– Tonto – Article on Identifying different periodic ciphers (Vigenere family, Porta, etc.)
– Fiddle – A look at Japanese kana, with a table for Hiragana.
– Helcrypt – Cryptyro’s Black Chamber (CBC) – This is a short glossary of cryptography terms.
– We get short bios with pictures of some of the Cm staff, including ENE, Pat, Pem, and the Nero sisters.
– First Japanese CON to show up in the Xenocrypt section.

Aug.-Sept.
– CBC – Hints on getting started breaking a crypt. 1) Never work on the original. Always work from copies. 2) Ascertain the background info, such as the sender, the suspected subject matter, suspected probable words, etc. 3) ID all papers and notes with the same ID number for record keeping. 4) Build your library.
– A suggestion for books to be in everyone’s library:
Codes and Secret Writing, Zim
A First Course in Cryptanalysis, Wolfe
Cryptography, Laurence Smith
Secret and Urgent, Fletcher Pratt
Elcy, Helen Gaines
– Fiddle – Periodic Fractionated Morse. In this variant, write the morse code out on three lines in any desired period, and take the letters off as vertical triplets. Use a 27-letter alphabet. Doesn’t seem to have been adopted by the ACA.

Oct.-Nov.
– CBC – How to differentiate between substitution and transposition ciphers.
– Tonto – How to solve every Vigenere family type cipher using one method. This is a simple equation for standardizing the tables to fit the main Vigenere layout.
– The ACA is trying to buy their own VariType printer for $5,00 for printing up the Cm. But, the purchase hadn’t been approved by the Board yet. This caused delays in getting the next issue out.

Dec.
– Bozo had received the full set of the Beale papers in 1931, and sporadically tried to break #1 and #3, with no luck. His feeling, at the time the papers are printed in the Cm, is that they’re valid ciphers, but probably they’re hoaxes, in that #3 is too short to be a full list of heirs to the treasure.
– The Beale Papers take up so much room in this issue that there’s no space for other articles.
– Due to problems with the printers, this issue is also late. Many people complained about the delay to everyone but the Cm editor, which is what they should have done. Only one reader asked if something was wrong and if they could help. Additionally, one group of volunteers decided to form their own commerical printing company, and now all the issues of the Cm will be printed for only the cost of materials by Bell Associates.

1955

Jan.-Feb.
– With this issue, the month labeling is changed to start the year as “January-February,” to make cataloging the newsletters easier.
– Ab Struse – An article on the Masonic Cipher, AKA – Pigpen, which was mentioned in Pratt’s “Secret and Urgent.” The Masonic cipher dates back at least to Porta.
– CBC – How to make key alphabets (K1-K2 keys, and Caesar shifts). Plus, Vulnerabilities of Simple Subs (frequency counting, pattern words, non-pattern words).
– B-Natural – Nihilist Running Key cipher description and method of attack.

Mar.-Apr.
– Kohop – Solving Vigenere-type periodics in an unknown language with a non-Roman alphabet. The example uses a Russian Gronsfeld.
– CBC – Solving Patristocrats (letter frequencies, vowel spotting).
– Sherlac passed away on Dec. 13, 1954. His obit appears in this issue. He was born Sept. 11, 1880. He served in the Pennsylvania National Guard, and fought in the Spanish-American War. He was married and had 4 children. He suffered from severe arthritis from 1918, became an invalid in 1924, joined the ACA in 1937, and at the end became blind and had to give up cryptography.
– At the end of the issue are several “Potporri” articles – which include petitions by the NYC club to move the ACA and Cm headquarters to New York. And, Bell Associates resigning as the official publishers to the ACA because of perceived flaws in the constitution, the NYC petition, and the ACA board neglecting to stay in contact with Bell. There doesn’t seem to be a follow-up discussion of these events in later Cm issues.

May-June
– Tonto resigns as president of the ACA following two minor heart attacks. He is replaced by Bob O’Lynque.
– B-Natural writes about his proposed Moss-Back Cipher. It’s a merger of Morse Code (Moss) and Baconian (Back) to reduce the length of ciphertext to 2/3’s of the plaintext length. It doesn’t seem to have been adopted by the ACA.
– CBC – An introduction to transposition ciphers, using Railfence.
– Fiddle – An article on the International Chess Cable Code. This is a code system for exchanging chess moves through the mail or over the phone. It could be adapted to be used as a cipher.

July-Aug.
– Dr. Cryptogram introduces Sherlac’s Ragbaby cipher, which Sherlac had called his rag-baby. This was adopted by the ACA.
– CBC – Route Transposition cipher. General solving is by trial and error only.
– The Oak – Introduces “An Equi-Frequency Cipher System” that combines substitution and transposition ala ADFGVX. Doesn’t seem to have been adopted.

Sept.-Oct.
– Color cover (just the ACA Scytale logo).
– Helcrypt resigns as Cm editor because he has to move to Miami to work as the Protection Manager of a new department store there.
– Nip N’Bud – How to solve the Cadenus cipher.
– CBC – Columnar Transposition.

Nov.-Dec.
– The Cm moves from Canton, Ohio, to New Jersey. The editor drops the illustrations that had been appearing on the cover page in favor of a more formal Table of Contents. Nip N’Bud takes over as Cm editor.
– Dun Scotus – “Cryptanalysis by Archeologists.” Touches on Linear B, the Rosetta Stone and the Hittite Records. Includes excerpts from “The Secrets of the Hittites” by C. W. Ceram (Knopf, 1956, $5.00).
– CBC – The Baconian Cipher.

Wiggles, part 51


Just a little ongoing story to give you something to play with until the next blog post.

VH HZVH EGENFH, HZNRN XVU V “QKIQB” WRGE UGENXZNRN VSGON EN, VFY HZN HXG OGIQNU XNFH JPINH. V HZIRY OGIQN QVKKNY GPH “BIHVRGP, XZVH YIY I HNKK CGP VSGPH AGIFA IFHG HZN SVUNENFH?” I QGPKY SVRNKC ZNVR HZN AIRK ZIUU “EVEV,” SPH IH XGPKY ZVON SNNF VF NVUC APNUU IF VFC NONFH. HZN SGC RNEVIFNY UIKNFH. V WNX UNQGFYU KVHNR, HZN OGIQN RNDNVHNY, “BIHVRGP,” SPH IF V EPQZ EGRN HZRNVHNFIFA HGFN. I YGF’H BFGX ZGX HZN HXG BIYU XNRN RNVQHIFA; I ZVY V WNNKIFA KIBN V YVAANR LVSSIFA EN IF HZN APHU VFY HZNF HXIUHIFA UZVRDKC. IH XVU V DKNVUVFH NFGPAZ OGIQN, YRGDDIFA VF GQHVON GR UG WGR HZVH KVUH “BIHVRGP,” CNH IH XVU KIBN UNFUIFA V EVEPUZI (V DIH OIDNR) LPUH VU IH UHRIBNU – CGP BFGX SVY HZIFAU VRN VSGPH HG ZVDDNF, VFY CGP’RN FGH AGIFA HG ANH GPH GW HZN XVC IF HIEN SNWGRN HZNC YG.

 

Thinking About Encryption, Part 55


Grille Transposition

Before I start, I just want to say that I’ve gotten really busy with work, and have fallen behind on writing new paragraphs for the Wiggles story. Sorry about that. I hope to be able to get back to that in a few days. However, I still have 2 month’s worth of “Thinking About” articles backlogged, so I’ll keep running those without a break.

I didn’t want to tackle Grille ciphers at this point largely because I didn’t feel up to dealing with a rotating piece of paper in software. However, the Mar.-Apr. 2019 issue of the Cm newsletter had a relatively easy “Unknown” (E-8), and the letter frequency distribution hinted that it might be a transposition (rather than a substitution). I tried running the CON through almost all of my transposition solvers (railfence, redefence, columnar, etc.), with no success. I posted a request for help with the ACA facebook group, and one of the replies indicated that E-8, because it was 36 letters long, might be from a cipher type that requires a square (6×6) format. The two choices were Nihilist Transposition and Grille. I’d hadn’t tried Nihilist yet, so I checked that solver, and still no luck. That left Grille, and one of the other FB people gave a pretty clear hint that it was a Grille, so now I felt a bit pressured to at least look at Grilles a bit more closely. It took me 2 hours to write encrypter and decrypter scripts, but my attempt at a bruteforce solver didn’t pan out. I then tried using Bion’s Grille Gadget, and after another hour of figuring out what I was doing, I’d finally gotten the solution.

The basic idea of the Grille is to take a piece of paper or cardboard, and cut out some holes. The holes need to be located so that they expose every letter in a square grid once and only once. If the grid side length is even, you’ll get full coverage with 4 rotations. If odd, the center cell of the grid will be skipped. The easiest way to make the grille is to draw the matching grid on the cardboard, and when you cut out one hole, mark the matching places of the other 3 rotations as “don’t cut”. Cut the second hole from the remaining “good” positions, and mark the other three rotation points as “don’t cut”, and repeat. With a 6×6 grille, there will be 9 holes, and the plaintext will need to be 36 letters long (padded if necessary).

Once you have the grille, place it on a piece of paper and write your plaintext into the holes, from top left to bottom right. When you’re done, rotate the grille 90 degrees, and write in the next set of letters, and repeat for the remaining 2 rotations. Remove the grille and read off the rows to make the finished cipher text.

Normal.. 90 rot.. 180 rot. 270 rot.
------ + ------ + ------ + ------ +
..X..X | ...... | .X..X. | X..X.. |
...X.. | XX.... | ..X.X. | .....X |
...... | ..X..X | X..X.. | .X..X. |
..X..X | .X..X. | ...... | X..X.. |
.X.X.. | X..... | ..X... | ....XX |
.X..X. | ..X..X | X..X.. | ...... |
------ + ------ + ------ + ------ +

The key here would be formed by reading off the number positions of the holes for the 0 degree rotation. 3 6 10 21 24 26 28 32 35

If the ciphertext is ABCDE FGHIJ KLMNO PQRST UVWXY Z0123 45678 9
the grid would be:

ABCDEF
GHIJKL
MNOPQR
STUVWX
YZ0123
456789

And the letters from the plaintext would have been written in as:

------ + ------ + ------ + ------ +
..C..F | ...... | .B..E. | A..D.. |
...J.. | GH.... | ..I.K. | .....L |
...... | ..O..R | M..P.. | .N..Q. |
..U..X | .T..W. | ...... | S..V.. |
.Z.1.. | Y..... | ..0... | ....23 |
.5..8. | ..6..9 | 4..7.. | ...... |
------ + ------ + ------ + ------ +

Meaning the plaintext would have started out as:
CFJUXZ158 GHORTWY69 BEIKMP047 ADLNQSV23

Deciphering is the reverse process. Write the ciphertext in a 6×6 square, place the grille over the square, and read the letters visible through the holes from top left to lower right. Rotate the grille 90 degrees, and repeat for the rest of the message (as demonstrated above).

Solving a grille cipher if you have a crib can be relatively easy, if the grid is small and the crib is relatively long. I suggest using Bion’s gadget to get started. Look for letters that have low repetition counts, and click on those first. This may help show where the word starts within the grille (if it’s at the top left, or bottom right). If the word starts low in the grille, then it’s probably going to be split across rotations. Otherwise, if the word can fit within the grille without rotations, then just click on the remaining letters to spell the word out, while checking the rest of the sentence for readability. If the word is split, then go to the next rotation block and continue spelling out the word as necessary.

The grille does have an “orientation”, or an “up” direction. If you start by assuming the crib is placed in the grille at rotation 0 degrees, you may in fact be starting in the middle of the sentence. This is not really a problem, though, since the sentence can be shifted in a ring as necessary to get it to start at the correct point.

I wrote a modified permutating key incrementer to bruteforce solve the E-8 CON. On a 4×4 grille, the incrementer can generate about 1,800 keys in a couple seconds. But, at 6×6 there are almost 98,000,000 key values, many of which are illegal (i.e. – the holes overlap each other). Even when filtering out the illegal values, it still took my solver script over a couple hours to find the correct key. This means that using this kind of approach on larger grille sizes (the ACA guidelines allow for up to 12×12) is futile. Fortunately, grille transpositions are not all that popular with the ACA, so I’m not going to worry about it at this point.

Say we have a 4×4 square (the plaintext message is 16 characters long). Create a numeric array 1×4, and populate it with 1 2 3 and 4. Now, starting from the left (ary(0) = 1), check whether the next cell to the right of (ary(1)) is ary(0) + 1. If so, increment the pointer (ary(1)) and check the next cell to the right (ary(2)) for the same thing. If you get to ary(3), then increment ary(3), and set the other cells back to 1 2 3. Otherwise, increment the cell you’re on, and reset the other cells to the left to 1 and 2. When you get to 13 14 15 16, stop.

Example.
01 02 03 04
01 02 03 05
01 02 04 05
01 03 04 05
02 03 04 05
01 02 03 06
01 02 04 06
01 03 04 06
02 03 04 06
01 02 05 06
01 03 05 06
02 03 05 06
01 04 05 06
02 04 05 06
03 04 05 06
01 02 03 07
...
13 14 15 16

Use these values for the 4 digit key, testing for legal keys, then testing whether the resulting text out contains the crib. The number of holes in the grille for a square of side n is, (n^2)/4 (when n is even). When n is odd, ((n^2) – 1)/4.

Summary:
1) Grille ciphers are transpositions based on the idea of using a card with holes cut from it, and reading and writing the text that is visible through the holes.
2) In simple CONs, the grid will be square, and padding will be added to the end of the plaintext to bring the message length up.
3) To encrypt the message, put the grille on a blank piece of paper and write the plaintext into the holes. Rotate the grille and keep writing until you’ve written in the entire text. Remove the grille and read the cipher out of the square in rows.
4) Decryption is the reverse process. Write the ciphertext in a square, place the grille over it, and read the plaintext out of the holes from top left to bottom right. Rotate the grille 90 degrees CW and repeat.
5) Even width squares will use every position. Odd length squares will leave the central cell blank.
6) Solving a grille CON can best be done on Bion’s grille gadget. First, place any padding characters at the end of the message (the last grille rotation), and any low frequency count letters from the crib. This may help to identify whether the crib is split across rotations. After that, fill in the remaining letters of the crib, checking to ensure that the rest of the sentence you’re building up is something legible.
7) Grilles get very unwieldy very quickly. A bruteforce software approach is feasible with a 6×6 grille, but will take forever when you go to 8×8. A manual approach may still be the best bet for larger grilles.
8) Grille transposition is relatively easy to break, but may be hardened by combination with any other transposition type, and/or substitution ciphers.
9) Square grilles are standard, but triangles, rectangles, and other non-standard shapes have also been used in the past.

Thinking About Encryption, Part 51


Approaching St. Cyr

The Jan.- Feb. 2019 issue of the ACA Cm newsletter had a CON using the St. Cyr cipher-type. St. Cyr isn’t one of the standard ACA types, so the CON was listed in the Analyst’s Corner (which features ciphers that either don’t follow the guidelines, or aren’t one of the approved types). Fortunately, there was a note to refer to the Oct.-Nov. 1953 Cm from the archives. There, one of the earlier ACA members had written up a good article introducing the St. Cyr type.

What’s important to note up front is that if you do a net search on “St. Cyr cipher,” you’re going to find a few articles on how to make a St. Cyr slide. In effect, the slides are a simple strip of paper within a guide frame. The slide will have the letters A-Z repeated on them to create a short cycle. The guide will also have A-Z printed at the bottom. Together they form a Caesar shift encrypter. If you were instead to put the two alphabets on a pair of rotating disks, you’d have a Caesar shift encoder wheel, or ring. Which means that the St. Cyr slide and the secret encoder rings you used to get in boxes of sugar cereals and Cracker Jacks are fundamentally the same.

However, that’s not really what the St. Cyr cipher is about. Instead, we’re really talking about the Vigenere cipher again. As a refresher, the Vigenere cipher uses a table of Caesar-shifted rows in combination with a keyword. The keyword is written over the plaintext message, repeating as necessary, and each key letter acts as an index to one of the rows of the table. The cipher text letter is taken where the column indicated by the plaintext letter intersects with the cipher letter row. The main weakness to Vigenere is that the use of a keyword makes the ciphertext periodic, and if you can determine the period, you can crack the cipher as just groups of Caesar shifts.

St. Cyr is the French military academy established in 1802 by order of Napoleon Bonaparte. The St. Cyr cipher was taught at this academy, which is where it got its name. The St. Cyr slide can be used to encipher and decipher messages, but at St. Cyr’s heart is the Vigenere table (which can also include the Beaufort and Variant tables). The difference from Vigenere is the practice of using the keyletters on whole plaintext words. This breaks up the periodicity of the Vigenere cipher, but renders it vulnerable to a much simpler attack.

For example, say we use the keyword “HUMAN”, and the plaintext “to err is inevitable, to get caught at it is not.”

With Vigenere, we’d use:

HUMANHUMANHUMANHUMANHUMANHUMANHUMANHU
toerrisinevitabletogetcaughtatitisnot

ciphertext:
AIQREPMUNRCCFAOSYFOTLNOAHNBFAGPNUSAVN

But, with St. Cyr, it’s

HH UUU MM AAAAAAAAAA NN HHH UUUUUU MM AA NN HHH
to err is inevitable to get caught at it is not

ciphertext:
AVYLLUEINEVITABLEGBNLAWUOABNMFITVFUVA

Encryption and decryption would follow the same steps as with Vigenere, but using the “stutter key” as shown above.

Breaking St. Cyr is insanely easy with software. Just print out the text 26 times, once each with the incremented Caesar-shifted row.

A = AVYLLUEINEVITABLEGBNLAWUOABNMFITVFUVA
B = ZUXKKTDHMDUHSZAKDFAMKZVTNZAMLEHSUETUZ
C = YTWJJSCGLCTGRYZJCEZLJYUSMYZLKDGRTDSTY
D = XSVIIRBFKBSFQXYIBDYKIXTRLXYKJCFQSCRSX
E = WRUHHQAEJAREPWXHACXJHWSQKWXJIBEPRBQRW
F = VQTGGPZDIZQDOVWGZBWIGVRPJVWIHADOQAPQV
G = UPSFFOYCHYPCNUVFYAVHFUQOIUVHGZCNPZOPU
H = TOREENXBGXOBMTUEXZUGETPNHTUGFYBMOYNOT
I = SNQDDMWAFWNALSTDWYTFDSOMGSTFEXALNXMNS
J = RMPCCLVZEVMZKRSCVXSECRNLFRSEDWZKMWLMR
K = QLOBBKUYDULYJQRBUWRDBQMKEQRDCVYJLVKLQ
L = PKNAAJTXCTKXIPQATVQCAPLJDPQCBUXIKUJKP
M = OJMZZISWBSJWHOPZSUPBZOKICOPBATWHJTIJO
N = NILYYHRVARIVGNOYRTOAYNJHBNOAZSVGISHIN
O = MHKXXGQUZQHUFMNXQSNZXMIGAMNZYRUFHRGHM
P = LGJWWFPTYPGTELMWPRMYWLHFZLMYXQTEGQFGL
Q = KFIVVEOSXOFSDKLVOQLXVKGEYKLXWPSDFPEFK
R = JEHUUDNRWNERCJKUNPKWUJFDXJKWVORCEODEJ
S = IDGTTCMQVMDQBIJTMOJVTIECWIJVUNQBDNCDI
T = HCFSSBLPULCPAHISLNIUSHDBVHIUTMPACMBCH
U = GBERRAKOTKBOZGHRKMHTRGCAUGHTSLOZBLABG
V = FADQQZJNSJANYFGQJLGSQFBZTFGSRKNYAKZAF
W = EZCPPYIMRIZMXEFPIKFRPEAYSEFRQJMXZJYZE
X = DYBOOXHLQHYLWDEOHJEQODZXRDEQPILWYIXYD
Y = CXANNWGKPGXKVCDNGIDPNCYWQCDPOHKVXHWXC
Z = BWZMMVFJOFWJUBCMFHCOMBXVPBCONGJUWGVWB

Look for the rows with readable plaintext, and switch from row to row at the end of each plaintext word. Because the keyword is still going to be short compared to the plaintext message, it will cycle, so we just cycle on the output lines as well.

A = AV YLL UE INEVITABLE GB NLA WUOABN MF IT VF UVA
H = TO REE NX BGXOBMTUEX ZU GET PNHTUG FY BM OY NOT
M = OJ MZZ IS WBSJWHOPZS UP BZO KICOPB AT WH JT IJO
N = NI LYY HR VARIVGNOYR TO AYN JHBNOA ZS VG IS HIN
U = GB ERR AK OTKBOZGHRK MH TRG CAUGHT SL OZ BL ABG

Rearranging the lines to put the words in order will then expose the key.

H = TO --- -- ---------- -- GET ------ -- -- -- NOT
U = -- ERR -- ---------- -- --- CAUGHT -- -- -- ---
M = -- --- IS ---------- -- --- ------ AT -- -- ---
A = -- --- -- INEVITABLE -- --- ------ -- IT -- ---
N = -- --- -- ---------- TO --- ------ -- -- IS ---

Summary:
1) St. Cyr is a polyalphabetic substitution cipher that uses the Vigenere tables, but one keyword letter enciphers one full plaintext word.
2) It is not secure, and is actually easier to break in software than Vigenere or any of its variants.
3) You REALLY want to avoid keywords that include the letter “A”, which translates to a Caesar-shift of 0.
4) St. Cyr can be hardened by using the Variant or Beauford tables, and by mixing things up with any of the regular transposition types.

Cm History, 1932-1940


I bought an Android tablet about a year ago, and I got so irritated with how clunky the interface was, and how difficult it was to write apps in Java, that I tossed it on a stack of stuff and let it gather dust. I have a cell phone and a good pocket camera, and I don’t text or listen to music when I’m outside, so the tablet didn’t really add anything. More recently, though, I’ve been wanting a way to read archived issues of the ACA Cm newsletter while I’m riding the streetcar, or between English classes, and I was wondering if the Android natively supported a PDF reader. By this point I’d forgotten my login password and I didn’t remember where I wrote it down (if I ever did). So, I did a hard reboot, and spent several days trying to find a secure Wifi hotspot site so I could access the net and reset the password (I don’t need wifi at home). When that was over, I downloaded a test archive PDF from the ACA website, and I could read that. So, I downloaded every archive file from 1932 to 2015, and began reading. (Please note, I may not have all of the below information 100% correct, but this is as good as I can get it right now.)

Actually, I’m only up to 1940, but that’s good enough for the moment. For background, the American Cryptogram Association first formed in 1929 as a group of friends that had played card games together, but wanted something else to do when they couldn’t get 4 partners together for Bridge. They investigated various kinds of puzzles, such as crosswords, and hit on newspaper-style crypto quips as their favorite type. They registered the name American Cryptogram Association (ACA) and printed their first newsletter, the Cryptogram (The Cm), in Feb., 1932. Membership was $1 for one year.

The ACA was joining the ranks of other groups such as the National Puzzler’s League (1883-, mostly word games and wordplay; newsletter is The Enigma), Detective Story Magazine (1915-1949, which had a Cipher Secrets corner), and a couple others which seem to have faded into the mists of time. Some of the ACA members came from the NPL, so some of the vocabulary overlapped the two groups (members are called the Krewe, and aliases are “noms”). The ACA leaders felt that crypto quips were “the aristocrats of puzzles,” and were thus dubbed “aristocrats” to differentiate them from other cipher types.

1932

Feb.
– First issue of the Cm released. All ciphers in the issue are Aristocrats.

April
– The term “the Krewe” for the membership is introduced. Martin Gardner joins briefly.

June
– First attempt to introduce rules for how to construct Aristocrats for submission.

Aug.
– First start at trying to explain how to solve Aristos, introduction of the Phillips System, and the Porta Slide.

Oct.
– First mention of “undivided substitutions,” with the process for solving them. First appearance of undivided substitution crypts as an alternative to Aristos.

1933

April
– First appearance of a French Aristo. More foreign-language crypts start showing up after this, in French and Spanish.

June
Herbert Yardley ((1889-1956) former head of the Army Signal Corps intelligence MI8 department, creator of the Black Chamber, and author of The American Black Chamber) joins the ACA and is immediately named Vice President, with the nom “Bozo.”
– Joining at the same time is Helen Fouche Gaines, with the nom “Piccola” (1888-1940). Helen had been working as an author for other puzzle magazines at the time, and became one of the ACA’s most prolific writers in the Cm, introducing a wide variety of cipher types over the next 7 years, and showing how to solve them. Her entry in the Arkansas Biography: A Collection of Notable Lives states that there’s a very good likelihood that she served as a cryptographer/trainer for the U.S. Navy during WW I. She eventually published one of the best books on the subject, Elementary Cryptanalysis to that date in 1939. The book is still recommended by the ACA to members new to the subject. She passed away 1 year later.

Aug.
– Introduction of “bi-literals,” Aristocrats enciphered in such a way that the ciphertext is also readable English words. Introduction of the book review section.

Dec.
– Piccola introduces the first transposition cipher type, which is later called Route Transposition. Transposition CONs start appearing in the Cm after this.

1934

Feb.
– One reader asks for Fletcher Pratt’s address to ask him about Nihilist and Grille ciphers. Piccola writes the first true article on vowel spotting and digraphs in undivided substitutions.

Apr.
– Piccola introduces a method for finding repeated sequences. Transpositions are now a regular column in the CONs section. Foreign language CONs are still mostly Aristos, but now include German and Portuguese.

Aug.
– Italian is added to the foreign CONs.

Oct.
– Piccola introduces Null ciphers.

Dec.
– Piccola introduces 5×5 Checkerboard ciphers using numbers for the row and column identifiers. A user named Patristocrat starts showing up more often in the Cm.

1935

Feb.
– One article introduces the Bazeries cipher. Piccola introduces the Vigenere, and the first set of Vigenere CONs to appear in the Cm. A Challenges column is added to include harder CONs.

April
– One of the members starts writing about Bacon, Shakespeare and ciphers. The problem up to this point is that a certain group of people that felt Bacon wrote Shakespeare’s plays had tended to be borderline crazy in coming up with conspiracy theories, and the ACA members viewed them as nutjobs. Also in this issue, Piccola writes about how to solve Vigenere ciphers.

June
– Piccola introduces the Kasiski method for obtaining the period length of Vigeneres. Bozo writes an article on recovering key alphabets (does not include Aristos. Up to this point, people do not seem to be using key alphabets for encrypting Aristos or “undivided substitutions.”)

Aug.
– We’re given the letter frequencies of different languages.

Oct.
– Piccola introduces the Gronsfeld cipher.

Dec.
– An article appears on the solution of one of Benjamin Franklin’s enciphered messages that had up to that point been unbroken.

1936

Feb.
– Piccola introduces the Saint Cyr slide.
– A new CONs section is specifically dedicated to “undivided substitutions” (Aristos without the punctuation or word breaks), and 2 of the 3 CONs are provided by the user Patristocrat.

Apr.
– First appearance of a cryptarithm (math division problem with letters substituted for the numbers). For the next year or so, these kinds of problems can have multiple solutions, and several members would compete to see who could find the most possible.

Sept.
– This is actually a special cipher contest issue, and just consists of challenge ciphers.

Oct.
– Piccola introduces the Running Key Cipher. At this point, running key is a Vigenere cipher, using a long passage from a book as the key. The current implementation where one half of the plaintext is used to encrypt the other half does not appear until later.

Dec.
– Piccola introduces the Auto Key Cipher.

1937

Feb.
– Occasionally, one or another member will discuss books that have caught their interest, but there’s still no real review section yet. Other times, someone will attempt to compile a comprehensive list of books that either analyze ciphers, or incorporate them in the story.
– In this issue we get one of the “comprehensive lists,” which includes Bram Stoker’s “The Mysteries of the Sea,” with it’s Bacon cipher on pages 465-475.
– Piccola writes more on Auto Key.
– There’s an announcement of the new Cipher Exchange department, to hold the ciphers discussed by Piccola.

Apr.
– Piccola talks about the use of parallel alphabets for periodic ciphers (like Porta and Vigenere), and we get the first appearance of the Cipher Exchange (now a common feature of the modern version of the Cm).

June
– Piccola writes about recovering the primary alphabets from Vigenere and other periodic ciphers.
– Columnar Transposition starts showing up by name in the Cipher Exchange.

Aug.
– Piccola introduces the Nihilist Substitution Cipher.

Oct.
– Piccola writes more on the idea of key phrases for key alphabets.

Dec.
– Piccola delves deep into Columnar Transposition, with Part 1 here, and Part 2 in the Feb., 1938, issue.

1938

Feb.
– The encrypted math problems are now officially renamed to Cryptarithms.
– Up to this point, the user Patristocrat (Webb C. Patterson) had been almost the sole supplier of undivided simple substitution CONs, and the Cm editor claims that because he has a backlog of over 500 of these from Webb, that from here on Undivided Simple Subs will be called “Patristocrats.”

Apr.
– Nap writes an article on Alphabet Slides and their uses. This includes instructions on making cardboard slides with sets of alphabets on them for easy encryption and decryption of periodic ciphers. Good for solving the Vigenere family by hand.

June
– Piccola introduces the Nilihist Cipher.

Aug.
– Piccola writes about the bigram test, which is useful for breaking Columnar and Nihilist Transpositions, and Patristocrats by hand.
– There’s a walkthrough for a solution of a French crypt, with the frequency analysis of the French language.
– There’s also a condensed analysis for identifying unknowns.

Oct.
– First outright suggestion that people construct Aristos using a keyed alphabet. No mention of K-1 through K-4 yet.
– More condensed analysis of unknowns.
– Piccola and RLH discuss the Playfair Cipher, part 1.

Dec.
– The first discussion of using decimation to recover Aristo K-3 type keywords.
– Part 2 of Piccola’s and RLH’s Playfair Cipher article.
– Letter frequencies of other languages.

1939

Feb.
– Part 3 of the Playfair article.
– As the presence of WW II makes itself ever more obvious to America, there are more references to it in the Cm. Several members, specifically those in Canada, are announced as going into military training, and then being posted overseas. The Cm editor suggests that ACA members should contact their local authorities to see if their skills can be used by the government. The ACA votes on whether to use its spare funds for buying War Bonds. And, there is a growing request for members to stop sending ciphers on post cards in the mail, because it’s resulting in the embarrassment of being hauled in for questioning on what exactly is in those secret messages.

Apr.
– Neoteric writes about the difficulties of understanding the German language.
– Piccola writes an introduction on Incomplete Columnar Transposition.

June
– A review of Fletcher Pratt’s book “Secret and Urgent” (1939).

Dec.
– There had been some mention in the Cm up to this point of Piccola’s work on her “Elementary Cryptanalysis” book, with the ACA deciding to publish it and multiple requests for preorders to cover initial printing costs. In this issue, there’s the official announcement that the book is on the shelves. From here, ACA members start sending in CONs based on types described in the book that had not yet been introduced in the Cm. A few articles appear later on analyzing how to break these CONs. There’s also kind of an unofficial contest for who can solve every single CON in the book first. A couple years later, there are still 2 or 3 that remained unsolved.
– There’s an article in this issue on the process for solving Italian crypts.

1940

Feb.
– Ab Struse writes an article on pattern word lists. He basically suggests the usefulness of lists of words with certain repeated letter patterns. It’s good for a pencil and paper approach, and ultimately extends to software tools for breaking Myszkowski ciphers.

Apr.
– The use of partial alphabet tables for Vigenere for determining letter shifts based on frequency counts. This may be a good test for harder Vigs, but it may duplicate the IC test.

June
– Helen Gaines (Piccola) passes away. Her obit appears in this issue.
– A posthumous article by Piccola appears, highlighting Porta.

Oct.
– Use of odd-numbered Grilles, part 1.

Dec.
– A “robot” approach to solving subs is described. This seems to be best suited for Aristos rather than Pats.
– Use of odd-numbered Grilles, part 2.

Wiggles, part 41


Just a little ongoing story to give you something to play with until the next blog post.

RFY RFHAT HV, RFLBTF, RFNR SFHOY H SYND RFY SNRUF LA QM OYZR SDHVR, H FNJY RFY XNAC VYR N XHR RHTFRYD RFNA ALDQNO, NAC DLRNRYC RL XY “ZNUY CLSA” ULQENDYC RL LRFYD EYLEOY. RFNR HV, HZ H SNV SDHRHAT NR N CYVP, QM SNRUF SLBOC XY ZNUHAT RFY ZOLLD NAC ALR NR QY. XBR, H DYNOOM BVY HR SFYA H’Q LA VRNTY. RFHV SNM, H UNA VYY RFY RHQY NV H’Q EONMHAT QM TBHRND, NAC H’OO NOSNMV PALS HZ H’Q NXLBR RL DBA OLAT. H CL QM CNQAYCYVR RL ZHAHVF QM VYRV YGNUROM LA RFY VYULAC. RFY XND LSAYDV OLLP NR QY SYHDC NZRYD H CL RFHV N ZYS RHQYV, XBR HR’V THJYA QY N DYEBRNRHLA ZLD DYOHNXHOHRM NV N EONMYD RFNR H QNM LD QNM ALR XY RYVRHAT SHRF RFHV ENDRHUBOND OHRROY VRBAR RLAHTFR.

Wiggles, part 38


Just a little ongoing story to give you something to play with until the next blog post.

LXU ZNNM DX HVGN FRXAZ UB IZ JVBVZ DX SZXA JUCD HXA WUZMVYNZDVE WXPNC (SIDCUZN) VZM RVQQXXZ MXFC (DVZUSI) VRN DX DHN QUEDURN HNRN. TXDH SIZMC XW QRNVDURNC VRN SZXAZ DX HVGN CHVBNCHIWDIZF VTIEIDINC, CUBNRZVDURVE BXANRC, V DNZMNZQL WXR HVZFIZF VRXUZM HUYVZ CXQINDL, VZM V EXGN WXR YNCCIZF AIDH BNXBEN. DHVD CIEGNRL YXGNYNZD TVQS IZ DHN TVR QXUEM HVGN TNNZ VZLDHIZF – V QVD AIDH V CEIQS QXVD, VZ VTZXRYVEEL VFIEN CYVEE QHIEM, XR V CHXRD WXP. I HVM YL MXUTDC VTXUD V DVZUSI, TNQVUCN DHXCN HVGN V RNBUDVDIXZ WXR TNIZF YXRN BEXMMIZF VZM TUESL. TUD, IW I AVC MNVEIZF AIDH CBIRID VZIYVEC, VZLDHIZF AVC BXCCITEN. XZ DHN XDHNR HVZM, I QXUEMZ’D IYVFIZN V QVD XR QHIEM QHICNEIZF DHN NZDRVZQN DX DHN QRNGIQN. VEYXCD IZCDIZQDIGNEL, I BUEENM XUD YL CUYVWX VZM TRXUFHD UB DHN BXSNYXZ FX VBB. ZXBN, ZX CIFZVE, VZM ZX EXXCN BISVQHUC. I BUD DHN BHXZN TVQS IZ YL BXQSND VZM QHNQSNM DHN VZIYVE DRVQSC VFVIZ. DHNL CNNYNM DX TN HNVMIZF CXUDH, DXAVRM DHN QEXCNCD NZM XW DHN CHXBBIZF MICDRIQD. I WVQNM IZDX DHN CEIFHD TRNNON VZM SNBD QRVAEIZF VEE WXURC. IW VZLDHIZF QVYN IZ HNRN VWDNR YN, ID’M TN BRNDDL XTGIXUC DX DHNY DHVD DHNIR CNQRND BEVQN HVM TNNZ IZGVMNM. DXX TVM WXR DHNY.

Thinking About Encryption, Part 40


It’s been a long time since I’ve talked about Autokey ciphers, and I’ve only just recently actively solved one from the ACA Cm newsletter. The Nov.-Dec. 2018 issue of the Cm had two Autokey CONS, and I’d figured I’d try solving both of them just because I’d thought I could. However, it had been so long since I’d looked at it, that I’d forgotten that the VBScript I’d written was just for generating Autokey ciphers for the blog, and wasn’t actually a solver. So, I pretty much had to start over from scratch.

The thing is, the other scripts I had for solving Vigenere had everything I needed for loading the tabula rosa tables for Vigenere, Variant and Beaufort (which can be used with Autokey), and for loading and prepping the cipher text message. That left adding the functions for printing out key strings and plaintext for specific pieces of ciphertext, and then automating the process for partially solving the CON when given the placement of the crib and the width of the primer. Overall, I think I spent no more than 2 days on everything.

Recall that with the Vigenere cipher, you’re using a lookup table that has an index key at the left, and is Caesar-shifted one character to the left per line.

A ABCDEFGHIJKLMNOPQRSTUVWXYZ
B BCDEFGHIJKLMNOPQRSTUVWXYZA
C CDEFGHIJKLMNOPQRSTUVWXYZAB
D DEFGHIJKLMNOPQRSTUVWXYZABC
E EFGHIJKLMNOPQRSTUVWXYZABCD
:
H HIJKLMNOPQRSTUVWXYZABCDEFG
:
:
Z ZABCDEFGHIJKLMNOPQRSTUVWXY

First, we need to pick a keyword, say, “HELPME”, and then write the plaintext under repetitions of that.

HELPMEHELPMEHELPMEHELPMEHEL
inthebeginningiwasaquietman

To create the ciphertext, we take the plaintext one letter at a time, and locate it in the top row. We take the matching key letter at the left of the table, and look for the letter at the intersecting row and column we’ve formed. For “i”, the key letter is “H”. Going down the “i” column and across the “H” row, we get “P”. For “n” and “E”, we get “R”. Etc.

Variant and Beaufort work the same way, they just use different letter arrangement tables.

The main weakness with all of these cipher types is that the key is periodic, and all of the letters encrypted by a specific letter are all part of the same Caesar-shifted alphabet. Meaning that if we can determine the key length, we can apply simple letter frequency matching to that alphabet to get the shift value for recovering the plaintext. The way around this is to make the key the full length of the plaintext message.

With Autokey, we do this by picking a “primer,” a word or phrase that starts our keystring, and then append the plaintext message to the primer, so that the text is encrypting itself. Autokey can use the Vigenere, Variant, or Beaufort tables. The advantage here is that it’s as easy to remember the primer as it is the keyword, but we don’t get something that’s as periodic.

Example:
Primer: machine
Plaintext: inthebeginningiwasaquietman
Keystring: MACHINEINTHEBEGINNINGIWASAQ

Using the Vigenere table, the ciphertext is (with the letters in groups of 5):
UNVOM OIOVG UMOKO ENFID AQATE AD

Now, to break an Autokey cipher, most of the articles I’ve read so far work on the assumption that the crib (the hint given to help solve the cipher) is relatively long compared to the primer. This means that the crib is going to overlap itself somewhat between the plaintext and the keystring. We can see this in the above example for the word “beginning.” The idea is to encrypt the crib with itself, shifting the word on the line below to the right one position each time, and then checking to see whether the encrypted crib text appears in the cipher.

beginning
.......beginning
.......OK.......

“OK” does appear in the cipher, once, at position 13. We’ve now placed the crib, and we know that “beginning” starts at position 6. If we put the keystring we reconstruct above the ciphertext, and the reconstructed plaintext below, we get:

............BEGINNING......
UNVOMOIOVGUMOKOENFIDAQATEAD
.....beginning.............

It’s just a matter of working backwards in the alphabet table to finding the missing corresponding plain or key text. The more text we get, the more we have for completing the rest of the message.

In the articles I’ve read, the authors focus on reconstructing the plaintext, first working from the crib to the right. After they reach the right end of the text, they return to the crib, and work left to finish recovering the plaintext, and finally revealing the primer.

That’s all well and good, but what if the crib is short compared to the primer? That is, what if the crib had been “the”? Now, there’s no overlap between the plaintext and the keystring, and the above method doesn’t work.

I’d like to propose a more generic approach than that be used in both the “long” and “short” crib cases. We start out with the ciphertext below, and the crib “have”. And, I’m using the Vigenere table.

QUVDW ITPGZ LTOSW ZMEYR HFOJP ARYVJ K

The entire point of the crib is to give us a word from the plaintext that we can use to crack the puzzle (in the real world, we’d like to hope that we have a lot more source material to work from). This means that we KNOW the crib is in both the plaintext AND the keystring. We can just slide the crib along the ciphertext, and write out the corresponding plain and key values, and see what that gets us. For solving for the key, for the first letters, “Q” and “h”, I get “J”. Continuing the process for the first 10 slide positions:

Pos = 1, QUVD, Built from crib: JUAZ
Pos = 2, UVDW, Built from crib: NVIS
Pos = 3, VDWI, Built from crib: ODBE
Pos = 4, DWIT, Built from crib: WWNP
Pos = 5, WITP, Built from crib: PIYL
Pos = 6, ITPG, Built from crib: BTUC
Pos = 7, TPGZ, Built from crib: MPLV
Pos = 8, PGZL, Built from crib: IGEH
Pos = 9, GZLT, Built from crib: ZZQP
Pos = 10, ZLTO, Built from crib: SLYK
Pos = 11, LTOS, Built from crib: ETTO
Pos = 12, TOSW, Built from crib: MOXS

Now, one weird artifact that appears in Vigenere that’s not in Variant or Beaufort, is that solving for the keystring actually gives you the same result as for solving for the plaintext. Case in point, the below list is for the plaintext:

Pos = 1, QUVD, Built from crib: JUAZ
Pos = 2, UVDW, Built from crib: NVIS
Pos = 3, VDWI, Built from crib: ODBE
Pos = 4, DWIT, Built from crib: WWNP
Pos = 5, WITP, Built from crib: PIYL
Pos = 6, ITPG, Built from crib: BTUC
Pos = 7, TPGZ, Built from crib: MPLV
Pos = 8, PGZL, Built from crib: IGEH
Pos = 9, GZLT, Built from crib: ZZQP
Pos = 10, ZLTO, Built from crib: SLYK

Ignoring that, looking for text fragments that look English-like, we get “NVIS” at position #2, and “ETTO” (maybe for “get Tom”?) at position #11. If we build up what we have (keystring on top, cipher in the middle, and plaintext below, we have:

.NVIS.....HAVE
QUVDWITPGZLTOSWZMEYRHFOJPARYVJK
.have.....etto

If we make the assumption that ACA Autokey CONs use primers shorter than 11 letters, then because “NVIS” is at position 2, and “ETTO” is at position 11, we get a tentative primer length of 9. And here’s my point – instead of continuing to the end of the message and then guessing at words in the plaintext and keystring, and trying to fill them in before tackling the primer, why not attack the primer NOW?

Using an online Scrabble-like word finder for 9-letter words fitting the pattern “?NVIS????”, we get envisaged, envisages, envisions, invisible, invisibly and unvisted.

Testing “ENVIS”, the result is “MHAVE”. Testing “INVIS”, the result is “IHAVE”.

Boss, I think we have a winner. Punching in a primer of “INVISIBLE” causes the entire cipher to crumble.

INVISIBLEIHAVEASECRETTOWHICHNOM
ihaveasecrettowhichnomanisprivy

In summary, Autokey has a major flaw, in that if you can place a crib in both the keystring and the plaintext, you’re given the length of the primer. If necessary, you can work towards the left to uncover bits of the primer, and possibly use that with an online word finder to obtain potential primers that you can then plug into an Autokey solver. If the list is short enough, you’ll crack the cipher faster than if you follow the conventional methods.