CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI
September 27, 1995

LECTURE 1
SIMPLE SUBSTITUTION

INTRODUCTION

Cryptography is the science of writing messages that no one

except the intended receiver can read. Cryptanalysis is the
science of reading them anyway. "Crypto" comes from the Greek
'krypte' meaning hidden or vault and "Graphy" comes from the
Greek 'grafik' meaning writing. The words, characters or
letters of the original intelligible message constitute the
Plain Text (PT). The words, characters or letters of the
secret form of the message are called Cipher Text (CT) and
together constitute a Cryptogram.

Cryptograms are roughly divided into Ciphers and Codes.

William F. Friedman defines a Cipher message as one produced by

applying a method of cryptography to the individual letters of
the plain text taken either singly or in groups of constant
length. Practically every cipher message is the result of the
joint application of a General System (or Algorithm) or method
of treatment, which is invariable and a Specific Key which is
variable, at the will of the correspondents and controls the
exact steps followed under the general system. It is assumed
that the general system is known by the correspondents and the
cryptanalyst. [FRE1]

A Code message is a cryptogram which has been produced by using

a code book consisting of arbitrary combinations of letters,
entire words, figures substituted for words, partial words,
phrases, of PT. Whereas a cipher system acts upon individual
letters or definite groups taken as units, a code deals with
entire words or phrases or even sentences taken as units.
We will look at both types of systems in this course.

The process of converting PT into CT is Encipherment. The

reverse process of reducing CT into PT is Decipherment.

Cipher systems are divided into two classes: substitution and

transposition. A Substitution cipher is a cryptogram in which
the original letters of the plain text, taken either singly or
in groups of constant length, have been replaced by other
letters, figures, signs, or combination of them in accordance
with a definite system and key. A Transposition cipher is a
cryptogram in which the original letters of the plain text have
merely been rearranged according to a definite system. Modern
cipher systems use both substitution and transposition to
create secret messages.

SUBSTITUTION AND TRANSPOSITION CIPHERS COMPARED

The fundamental difference between substitution and
transposition methods is that in the former the normal or
conventional values of the letters of the PT are changed,
without any change in the relative positions of the letters in
their original sequences, whereas in the latter only the
relative positions of the letters of the PT in the original
sequences are changed, without any changes to the conventional
values for the letters. Since the methods of encipherment are
radically different in the two cases, the principles involved
in the cryptanalyses of both types of ciphers are fundamentally
different. We will look at the methods for determine whether
a cipher has been enciphered by substitution or transposition.

SIMPLE SUBSTITUTION

Probably the most popular amateur cipher is the simple

substitution cipher. We see them in newspapers. Kids use them
to fool teachers, lovers send them to each for special
meetings, they have been used by the Masons, secret Greek
societies and by fraternal organizations. Current gangs in the
Southwest use them to do drug deals. They are found in
literature like the Gold Bug by Edgar Allen Poe, and death
threats by the infamous Zodiak killer in San Francisco in the
late 1960's.

The Aristocrats (A1-A25) in the Aristocrats Column of "The

Cryptogram" are all simple substitution ciphers in English.
Each English plain text letter in all its occurrences in the
message is replaced by a unique English ciphertext letter. The
mathematical process is called one-to-one contour mapping. It
is unethical (and a possible wedge for the analyst) to use the
same ciphertext letter for substitution for a plaintext letter.

A recurring theme of my lectures is that all substitution

ciphers have a common basis in mathematics and probability
theory. The basis language of the cipher doesn't matter as
long as it can be characterized mathematically. Mathematics is
the common link for deciphering any language substitution
cipher. Based on mathematical principles, we can identify the
language of the cryptogram and the break open its contents.

FOUR BASIC OPERATIONS OF CRYPTANALYSIS

William F. Friedman presents the fundamental operations for the

solution of practically every cryptogram:

(1) The determination of the language employed in the plain

text version.

(2) The determination of the general system of cryptography

employed.

(3) The reconstruction of the specific key in the case of a

cipher system, or the reconstruction of, partial or
complete, of the code book, in the case of a code system
or both in the case of an enciphered code system.
(4) The reconstruction or establishment of the plain text.

In some cases, step (2) may proceed step (1). This is the
classical approach to cryptanalysis. It may be further reduced
to:

1. Arrangement and rearrangement of data to disclose non-

random characteristics or manifestations ( i.e.
frequency counts, repetitions, patterns, symmetrical
phenomena)

2. Recognition of the nonrandom characteristics or

manifestations when disclosed (via statistics or
other techniques)

3. Explanation of nonrandom characteristics when

recognized. (by luck, intelligence, or perseverance)

Much of the work is in determining the general system. In the

final analysis, the solution of every cryptogram involving a
form of substitution depends upon its reduction to mono-
alphabetic terms, if it is not originally in those terms.
[FRE1]

OUTLINE OF CIPHER SOLUTION

According to the Navy Department OP-20-G Course in Crypt-

analysis, the solution of a substitution cipher generally
progresses through the following stages:

(a) Analysis of the cryptogram(s)

(1) Preparation of a frequency table.

(2) Search for repetitions.
(3) Determination of the type of system used.
(4) Preparation of a work sheet.
(5) Preparation of individual alphabets (if more
than one)
(6) Tabulation of long repetitions and peculiar
letter distributions.

(b) Classification of vowels and consonants by a study

of:

(1) Frequencies
(2) Spacing
(3) Letter combinations
(4) Repetitions

(c) Identification of letters.

(1) Breaking in or wedge process

(2) Verification of assumptions.
(3) Filling in good values throughout messages
(4) Recovery of new values to complete the
solution.
 (d) Reconstruction of the system.

(1) Rebuilding the enciphering table.

(2) Recovery of the key(s) used in the operation
of the system
(3) Recovery of the key or keyword(s) used to
construct the alphabet sequences.

All steps above to be done with orderly reasoning. It is

not an exact mechanical process. [OP20]

Since this is a course in Cryptanalysis, lets start cracking

some open.

EYEBALL

While reading the newspaper you see the following cryptogram.

Train your eye to look for wedges or 'ins' into the cryptogram.
Assume that we dealing with English and that we have simple
substitution. What do we know? Although short, there are
several entries for solution. Number the words. Note that it
is a quotation (12, 13 words with * represent a proper name in
ACA lingo).

A-1. Elevated thinker. K2 (71) LANAKI

1 2 3 4 5
F Y V Y Z X Y V E F I T A M G V U X V Z E F A

5 6 7 8 9
I T A M F Y Q F M V Q D V E J D D A J T U V U

10 11 12 13
R O H O E F V D O. * Q G R V D F * E S Y M V Z F P V D

ANALYSIS OF A-1.

Note words 1 and 6 could be: ' The....That' and words 3 and 5
use the same 4 letters I T A M . Note that there is a
flow to this cryptogram The _ _ is? _ _ and? _ _. Titles
either help or should be ignored as red herrings. Elevated
might mean "high" and the thinker could be the proper
person. We also could attack this cipher using pattern
words (lists of words with repeated letters put into
thesaurus form and referenced by pattern and word length) for
words 2, 3, 6, 9, and 11.

Filling in the cryptogram using [ The... That] assumption we

have:
 1 2 3 4 5
t h e h h e t e e t
F Y V Y Z X Y V E F I T A M G V U X V Z E F A

5 6 7 8 9
t h a t e a e e
I T A M F Y Q F M V Q D V E J D D A J T U V U

10 11 12 13
t e a e t h e t e
R O H O E F V D O. * Q G R V D F * E S Y M V Z F P V D

Not bad for a start. We find the ending e_t might be 'est'.
A two letter word starting with t_ is 'to'. Word 8 is 'are'.
So we add this part of the puzzle. Note how each wedge leads
to the next wedge. Always look for confirmation that your
assumptions are correct. Have an eraser ready to start back
a step if necessary. Keep a tally on which letters have
been placed correctly. Those that are unconfirmed guesses,
signify with ? Piece by piece, we build on the opening wedge.

1 2 3 4 5
t h e h h e s t o e e s t o
F Y V Y Z X Y V E F I T A M G V U X V Z E F A

5 6 7 8 9
o t h a t e a r e s r r o e
I T A M F Y Q F M V Q D V E J D D A J T U V U

10 11 12 13
s t e r a e r t s h e t e r
R O H O E F V D O. * Q G R V D F * E S Y M V Z F P V D

Now we have some bigger wedges. The s_h is a possible 'sch'

from German. Word 9 could be 'surrounded.' Z = i. The name
could be Albert Schweitzer. Lets try these guesses. Word 2
might be 'highest' which goes with the title.

1 2 3 4 5
t h e h i g h e s t n o w l e d g e i s t o
F Y V Y Z X Y V E F I T A M G V U X V Z E F A

5 6 7 8 9
n o w t h a t w e a r e s u r r o u n d e d
I T A M F Y Q F M V Q D V E J D D A J T U V U
10 11 12 13
s t e r a l b e r t s c h w e i t z e r
R O H O E F V D O. * Q G R V D F * E S Y M V Z F P V D

The final message is: The highest knowledge is to know that we

are surrounded by mystery. Albert Schweitzer.

Ok that's the message, but what do we know about the keying

method.

KEYING CONVENTIONS

Ciphertext alphabets are generally mixed for more security and

an easy pneumonic to remember as a translation key. ACA
ciphers are keyed in K1, K2, K3, K4 or K()M for mixed variety.
K1 means that a keyword is used in the PT alphabet to scramble
it. K2 is the most popular for CT alphabet scrambling. K3
uses the same keyword in both PT and CT alphabets, K4 uses
different keywords in both PT and CT alphabets. A keyword or
phrase is chosen that can easily be remembered. Duplicate
letters after the first occurrence are deleted.

Following the keyword, the balance of the letters are written

out in normal order. A one-to-one correspondence with the
regular alphabet is maintained. A K2M mixed keyword sequence
using the word METAL and key DEMOCRAT might look like this:

4 2 5 1 3
M E T A L
=============
D E M O C
R A T B F
G H I J K
L N P Q S
U V W X Y
Z

the CT alphabet would be taken off by columns and used:

CT: OBJQX EAHNV CFKSY DRGLUZ MTIPW

Going back to A-1. Since it is keyed aa a K-2, we set up the

PT alphabet as a normal sequence and fill in the CT letters
below it. Do you see the keyword LIGHT?

PT a b c d e f g h i j k l m n o p q r s t u v w x y z
CT Q R S U V W X Y Z L I G H T A B C D E F J K M N O P
----------
KW = LIGHT

In tough ciphers, we use the above key recovery procedure to go

back and forth between the cryptogram and keying alphabet to
yield additional information.

To summarize the eyeball method:

1. Common letters appear frequently throughout the message but

don't expect an exact correspondence in popularity.
2. Look for short, common words (the, and, are, that, is, to)
and common endings (tion, ing, ers, ded, ted, ess,

3. Make a guess, try out the substitutions, keep track of

your progress. Look for readability.

GENERAL NATURE OF ENGLISH LANGUAGE

A working knowledge of the letters, characteristics, relations

with each other, and their favorite positions in words is very
valuable in solving substitution ciphers.

Friedman was the first to employ the principle that English

Letters are mathematically distributed in a unilateral
frequency distribution:

13 9 8 8 7 7 7 6 6 4 4 3 3 3 3 2 2 2 1 1 1 - - - - -
E T A O N I R S H L D C U P F M W Y B G V K Q X J Z

That is, in each 100 letters of text, E has a frequency (or

number of appearances) of about 13; T, a frequency of about 9;
K Q X J Z appear so seldom, that their frequency is a low
decimal.

Other important data on English ( based on Hitt's Military

Text):

6 Vowels: A E I O U Y = 40 %
20 Consonants:
5 High Frequency (D N R S T) = 35 %
10 Medium Frequency (B C F G H L M P V W) = 24 %
5 Low Frequency (J K Q X Z) = 1 %
====
100.%

The four vowels A, E, I, O and the four consonants N, R,

S, T form 2/3 of the normal English plain text. [FR1]

Friedman gives a Digraph chart taken from Parker Hitts Manual

on p22 of reference. [FR2]

The most frequent English digraphs per 200 letters are:

TH--50 AT--25 ST--20

ER--40 EN--25 IO--18
ON--39 ES--25 LE--18
AN--38 OF--25 IS--17
RE--36 OR--25 OU--17
HE--33 NT--24 AR--16
IN--31 EA--22 AS--16
ED--30 TI--22 DE--16
ND--30 TO--22 RT--16
HA--26 IT--20 VE--16

The most frequent English trigraphs per 200 letters are:

THE--89 TIO--33 EDT--27
AND--54 FOR--33 TIS--25
THA--47 NDE--31 OFT--23
ENT--39 HAS--28 STH--21
ION--36 NCE--27 MEN--20

Frequency of Initial and Final Letters

Letters-- A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Initial-- 9 6 6 5 2 4 2 3 3 1 1 2 4 2 10 2 - 4 5 17 2 - 7 - 3 -
Final -- 1 - 1017 6 4 2 - - 1 6 1 9 4 1 - 8 9 11 1 - 1 - 8 -

Relative Frequencies of Vowels.

A 19.5% E 32.0% I 16.7% O 20.2% U 8.0% Y 3.6%

Average number of vowels per 20 letters, 8.

Becker and Piper partition the English language into 5 groups

based on their Table 1.1 [STIN], [BP82]

Table 1.1
Probability Of Occurrence of 26 Letters

Letter Probability Letter Probability

A .082 N .067
B .015 O .075
C .028 P .019
D .043 Q .001
E .127 R .060
F .022 S .063
G .020 T .091
H .061 U .028
I .070 V .010
J .002 W .023
K .008 X .001
L .040 Y .020
M .024 Z .001

Groups
1. E, having a probability of about 0.127

2. T, A, O, I, N, S, H, R, each having probabilities between

0.06 - 0.09

3. D, L, having probabilities around 0.04

4. C, U, M, W, F, G, Y, P, B, each having probabilities

between 0.015 - 0.023.

5. V, K, J, X, Q, Z, each having probabilities less 0.01.

LETTER CHARACTERISTICS AND INTERACTIONS

ELCY gives Data for English, German, French, Italian, Spanish,

Portuguese in her Appendices, p218 ff. She also give tables of
letter contact data. [ELCY]
LANAKI published data on English and 10 different languages as
well as expanded work on Chinese. It is available at the CDB.
[NIC1] [NIC2]

S-TUCK gives detailed English, French and Spanish letter

characteristics in her book. [TUCK]

Friedman in his Military Cryptanalytics Part I - Volume 1

gives charts showing the lower and upper limits of deviation
from theoretical (random) for the number of vowels, high, low,
medium frequency consonants, blanks in distributions for
plain text and random text for messages of various lengths.
[FR1]

Friedman in his Military Cryptanalytics Part I - Volume 2

give a veritable pot puree of statistical data on letter
frequencies, digraphs, trigraphs, tetragraphs, grouped letters,
relative log data, special purpose data, pattern words,
idiomorphic data, standard endings, initials, foreign language
data [German, French, Italian, Spanish, Portuguese and
Russian], classification of systems used in concealment, nulls
and literals. [FR2]

Sinkov assigns log frequencies to digraphs to aid in

identification. The procedure is explained by Friedman.
[FR1] [SINK]

"ACA and You" presents general properties of English letters.

[ACA]

Foster presents detail letter characteristics based on the

Brown Corpus. [CCF]

Don L. Dow puts out a clever computer cryptogram game which

does frequency analysis and is user friendly for very simple
Aristocrats. {Available as shareware} [DOW]

Depending the basis text we choose, we find variations in the

frequency of letters. For example, literary English gives
slightly different results than frequencies based on military
or ordinary English text.

Hagn presented Literary English Letter Usage Statistics based

on "A Tale of Two Cities" by Charles Dickens as follows:[HAGN]

Total letter count = 586747

Letter use frequencies: Total doubled letter count = 14421
E: 72881 12.4% Doubled letter frequencies:
T: 52397 8.9% LL: 2979 20.6%
A: 47072 8.0% EE: 2146 14.8%
O: 45116 7.6% SS: 2128 14.7%
N: 41316 7.0% OO: 2064 14.3%
I: 39710 6.7% TT: 1169 8.1%
H: 38334 6.5% RR: 1068 7.4%
S: 36770 6.2% PP: 628 4.3%
R: 35946 6.1% FF: 430 2.9%
D: 27487 4.6% NN: 301 2.0%
L: 21479 3.6% CC: 243 1.6%
U: 16218 2.7% MM: 207 1.4%
M: 14928 2.5% DD: 201 1.3%
W: 13835 2.3% GG: 99 0.6%
C: 13223 2.2% BB: 41 0.2%
F: 13152 2.2% ZZ: 13 0.0%
G: 12121 2.0% AA: 2 0.0%
Y: 11849 2.0% HH: 1 0.0%
P: 9452 1.6%
B: 8163 1.3%
V: 5044 0.8%
K: 4631 0.7%
Q: 655 0.1%
X: 637 0.1%
J: 623 0.1%
Z: 213 0.0%

Total initial letters = 135664 Total ending letters = 135759

Initial letter frequencies: Ending letter frequencies:

T: 20665 15.2% E: 26439 19.4%

A: 15564 11.4% D: 17313 12.7%
H: 11623 8.5% S: 14737 10.8%
W: 9597 7.0% T: 13685 10.0%
I: 9468 6.9% N: 10525 7.7%
S: 9376 6.9% R: 9491 6.9%
O: 8205 6.0% Y: 7915 5.8%
M: 6293 4.6% O: 6226 4.5%
B: 5831 4.2% F: 5133 3.7%
C: 4962 3.6% G: 4463 3.2%
F: 4843 3.5% H: 3579 2.6%

Top digraphs:
TH: 17783 RE: 8139 ED: 6217 IS: 5566
HE: 17226 ND: 7793 AT: 6200 NG: 5564
IN: 10783 HA: 6611 EN: 5849 IT: 5559
ER: 10172 ON: 6464 HI: 5730 OR: 4915
AN: 9974 OU: 6418 TO: 5703 AS: 4836

POSITION AND FREQUENCY TABLE

Time to put to good use the barrage of data presented. Given

the next slightly harder cryptogram, and ignoring again a
pattern word attack, we can develop some useful tools. [Much
of what I am covering can be done automatically by computer but
then your brain goes mushy for failure to understand the
process.]
A-2. [no clue] S-TUCK

V W H A Z S J X I H S K I M F M W C G M V W O J S I F -

A G F J A Q Q M N R J K Z M G R S W M F. J A T W X H -

A W F. F I Q Q W F F X I H F K H B A O Z J S M A H H F.

T G A H P K D X M A W O V F S A R F X H K I M A F S.
[ Hyphens mean a continuation of a word.]

First we perform a CT Frequency Count.

F A H M W S I J K X G Q O R V Z T B C D N P
13 11 9 9 8 7 6 6 5 5 4 4 3 3 3 3 2 1 1 1 1 1

We have 106 letters. 20% are considered low frequency.

20% of 106 = 21. Counting from right to left we have O, R, V,
Z, T, B, C, D, N, P. We mark A-2. with a dot over each
appearance. We also enter the frequency data under the CT.

Next we develop a CT Letter Position Chart.

deduced
F : I 2 3 - 3 2 E PT equiv's
A 11 : / / ..... /// / i
B 1 : . v
C 1 : / w
D 1 : / x
F 13 : / / ..... / ///// s
G 4 : / / a
H 9 : // // . / / // l
I 6 : / ... // u
J 6 : // / .. / t
K 5 : // / . / o
M 9 :/ // / .. // r
N 1 : / y
O 3 : / / n
P 1 : / b
Q 4 : / / . / c
R 3 : .. / p
S 7 : / / .... / h
T 2 : / / m
V 3 : / . / d
W 8 : / // .. / / / e
X 5 : /// // f
Z 3 : .. / g
===
106
Columns represent the initial, first, second, third letters,
final and two preceding antepenultimate letters. Dots for any
other position in word.

ANALYSIS of A-2. Using Vowel Selection Method.

The Vowel Selection Method is: 1) separate the vowels from the
consonants, 2) assign vowel identities, 3) assign identities to
consonants.
A-2. [no clue] S-TUCK
1 2 3 4
. . . . .
V W H A Z S J X I H S K I M F M W C G M V W O J S I F -
3 8 9 + 3 7 6 5 6 9 7 5 6 9 * 9 8 1 4 9 3 8 3 6 7 6 *

5 6 7
. . . . .
A G F J A Q Q M N R J K Z M G R S W M F. J A T W X H -
+ 4 * 6 + 4 4 9 1 3 6 5 3 9 4 3 7 8 9 * 6 + 2 8 5 9

8 9 10
. . .
A W F. F I Q Q W F F X I H F K H B A O Z J S M A H H F.
+ 8 * * 6 4 4 8 * * 5 6 9 * 5 9 1 + 3 3 6 7 9 + 9 9 *

11 12 13
. . . . . .
T G A H P K D X M A W O V F S A R F X H K I M A F S.
2 4 + 9 1 5 1 5 9 + 8 3 3 * 7 + 3 * 5 9 5 6 9 + * 7

(two digit figures F=13=* ; A=11=+)

Vowels contact the low frequency letters more often than do

consonants. About 80% of the time. We use S-TUCK method
combined with our text. [ELCY] [TUCK]

We go thru A-2. writing down the contact letters on both sides,

for low frequency CT. We tally one for each contact. If a CT
letter is between two low frequency letters we tally 2.
Contacts for low frequency letters touching each other = 0. We
do not count N o R in word 2, and in word 1, W contacts V, so W
is tallied with 1. A an S contact Z, so both A and S are
credited. We get:

///// //// // /// /// // /// // //

W A S G M J K H F

Low Frequency Contacts for A-2.

From the Brown Corpus, vowel contact as percentage of total

number of digrams is low: [CCF]

Second
A E I O U Y

A 0 0 .4 0 .1 .3
Total nonpairs = 5.1%
E .7 .4 .2 .1 0 .2 pairs = 0.7%
F
I I .2 .4 0 .7 0 0
 R
S O .1 .1 .1 .3 1.0 0
T
U .1 .1 .1 0 0 0

Y 0 .1 0 .2 0 0

ELCY tells us quite a bit about vowel behavior.

1. A, E, I, O, are normally high frequency, U is moderate and

Y is low frequency.

2. Letters contacting low frequency letters are usually

vowels.

3. Letters showing a wide variety of contact-letters are

usually vowels.

4. In repeated digrams, one letter is usually a vowel.

5. In reversed digrams, one letter is usually a vowel.

6. Doubled consonants ar usually flanked by vowels, and visa

versa. ( cvvc or vccv)

7. It is unusual to find more than 5 consonants in succession.

8. Vowels do not often contact each other.

9. If the CT letter with highest frequency is assumed E, any

other high frequency letter which never touches E, can be
assumed a vowel. A letter that contacts it very often can
not be a vowel.

10. E is most frequent vowel and rarely touches O. Both double

freely.

11. The vowel that follows and rarely precedes E is A.

12. The vowel that reverse with E is I.

13. Observations 11 and 12 apply to the vowel O. However,

finding U it precedes E and follows O.

14. The only vowel-vowel digrams of consequence are OU,EA,IO.

15. Three vowels in sequence may be IOU, EOU, UOU, EAU.

NYPHO's Robot says that the first four or last four letters of
a word contain a vowel. [TUCK]

ELCY defines high frequency letter behavior.

About 70% of the language is made up of E, T, A, O, N, I, R, S,

H. This high frequency group has three cliques.

Class I. T, O, S appear frequently both as Initials and

Finals; terminal O in short words like to. All
double freely
 Class II. A, I, H appear frequently as initials, but rare as
finals, especially A, I. They do not readily
double.

Class III. E, N, R, appear frequently as finals, less

frequently as initials, frequently double,
especially E, N and R not so often.

When one of these letters changes its class, the least likely
exchange is one occurring between Class II and III.

ELCY gives us tips for identifying consonants:

1. Those letters still remaining in the high frequency section

will usually include T, N, R, S, H. H is the easiest to
identify, it precedes all vowels, and forms TH, HE, HA.

2. R is also recognizable with it reverses openly with all

vowels, and links with the class I club.

3. T is usually found by frequency, precedes vowels rather

than follow them, precedes consonants. S has a similar
pattern to a lesser degree. N confuses this picture.

4. ST -TS AND RT -TR are the only frequent consonant

reversals.

5. TT and SS are most frequent doubles in language.

Having all this information, we are well armed against even the
most resistant Aristocrat.

We return now to solution of A-2.

From the number of their contacts, W and A are most likely

vowels. G, K, M are next most likely.

We look at these letters in the position table.

W. has the looks of E even though it is not the most frequent.

A. cannot be A so it might be I. but frequency may be too

high.

G. and K. have inside positions and look like vowels but can
not be identified.

M. might be O by frequency but is confused with R.

A study of A-2. shows that W and A reverse which might be ei

and ie. AG reverses which might be io or ia. M repeats, and
reverses with W and G. It most likely is R not O. K does not
contact W A G or M. We mark the cipher with W A G K as vowels
and M as a consonant, putting in the assumed values.
A-2. [no clue] S-TUCK

1 2 3 4

d e l i g h t f u l h o u r s r e a r d e t h s
. v c v . c v c v v c c c v . v c . v . v c
V W H A Z S J X I H S K I M F M W C G M V W O J S I F -
3 8 9 + 3 7 6 5 6 9 7 5 6 9 * 9 8 1 4 9 3 8 3 6 7 6 *

5 6 7

i a s t i c c r t o g r h e r s t i f l
v v c v c c c . . v . c v . v c c v . v c c
A G F J A Q Q M N R J K Z M G R S W M F. J A T W X H -
+ 4 * 6 + 4 4 9 1 3 6 5 3 9 4 3 7 8 9 * 6 + 2 8 5 9

8 9 10

i e s s u c c e s s f u l s o l i g t h r i l l s
v v c c v c c v c c c v c c v c . v . . c v c c c
A W F. F I Q Q W F F X I H F K H B A O Z J S M A H H F.
+ 8 * * 6 4 4 8 * * 5 6 9 * 5 9 1 + 3 3 6 7 9 + 9 9 *

11 12 13

a i l o f r i e d s h i s f l u i s h
. v v c . v . c c v v . . c v . c c c v v c v c
T G A H P K D X M A W O V F S A R F X H K I M A F S.
2 4 + 9 1 5 1 5 9 + 8 3 3 * 7 + 3 * 5 9 5 6 9 + * 7

Using Nympho' robots rule, in Word 1, J X I H, one must be a

vowel. Word 8 shows F X I H contains a vowel. Word one
suggest the ending 'ful'. X = f and H = l. Examine X I H
and the I is in the vowel positions. (inner positions). So the
vowels are now W E G K I. From its end position F =s. In
words 4 and 11, GA reverses so G cannot be a u for ui is not a
reversal. We try KI=ou, therefore G = A. Put into the above
cipher tableaus. Word 5 breaks the two c's, so Q = c.
Word 1 might be delightful, so V=d, ZSJ = ght. Remember the
second letter position favors vowels. [ROBO]

The message reads: Delightful hours reward enthusiastic

cryptographers. Time flies. Successful solving thrills.
Mailbox friendships flourish. KW =K1=salutory.

PATTERN WORD ATTACK

Pattern words are words for which one or more letters are
repeated such as awkward, successful, interesting, unusually.
Aegean Park Press publishes pattern word books from 3 - 16
letters. Pattern words lists are indexed by key letters or
figures or by vowel consonant relationships. [BARK] Pattern
words give a quick wedge into the cryptogram. One of the best
Pattern Word Dictionaries is the Cryptodyct. [GODD]
The Crypto Drop Box has the TEA computer program which gives
automated pattern searching and anagraming up to 20 words. It
is a very effective tool.

In A-2. We find a prize in word 8. Using a key letter

approach:

A B C C D A A E B F
F I Q Q W F F X I H
or
1 2 3 3 4 1 1 5 2 6 = (334) 11526 [10L]
F I Q Q W F F X I H

The first pattern found on page 310 Appendix of [CCF] is

successful. The Cryptodyct uses the latter indexing method
and under 10 letter words we find that the 334 11526 pattern
equals successful.

Cryptographers generate their own special lists:

Transposals: from, form; night, thing; mate, meat;

Queer words: adieu, crwth, eggglass, giaour, meaow
Consonant sequences: dths, lcht, ncht, rids, ngst, rths
Favorite ins: people, crypt, success,

Using the TEA model, it was necessary to assume the

vowels at u and e for a 1u22e445u6 template to get
successful and juggernaut on the first try.

Non Pattern word lists are those with words that do not have
even one repeated letter, such as come, wrath, journey. They
are very useful in attacking Patristrocrats and very difficult
Risties.

OMAR gave us this fine list in order of frequency:

CRYPT WORDS ABOUT KNOWS BELOW OKAPI SWORD

BLACK ALONG AFTER NEGRO EXTRA PLACE THREW
WATCH CRAZY CAUSE UNDER FIRST SIXTY WRONG
WHILE CROWD DRUNK UPSET FOUND STUDY
ANGRY PLUMB EMPTY YIELD

We will come back to it in the Patty section.

Also in the CDB is a program called ASOLVER which automates

the Digram solution method to get the best fit.

MORE ABOUT VOWEL POSITION PREFERENCES

Dr. Raj Wal summarized Barkers Vowel Preferences data.

He also developed cross correlation coefficients for each
letter. Foster details this work in his book. [CCF]

This handy little table gives us an entry when needed. It is

correct more times than it fails.
 Word Length Position Preferences

one 1
V

two 1 2
V C

three 1 2 3
C C -

four 1 2 3 4
C V - C

five 1 2 3 4 5
C C V C C

six 1 2 3 4 5 6
C V C - - C

seven 1 2 3 4 5 6 7
C V C C - - C

eight 1 2 3 4 5 . . Final
plus C C - - - - - C

Note the vowel preference in the second column. S-TUCK

describes a method that uses the above table for long word
cryptograms. She lines the words up under each other and
compares the letter positions with each other. Using the
columnar method (named by Sherlack) on A-2 we would have
found an incredible four of the vowels! The same process of
marking the low frequency consonants and word endings would
have given us about half the letters. Wayne Barker developed a
course based on this method. [BAR2]

"DOOSEYS" = TOUGH ARISTOCRATS

CODEX, MICROPOD and ZYZZ are among the best tough "risties"
constructors. A tough ristie is a fascinating form of simple
substitution with word division in which the message is of no
importance whatever and the encipherer's full attention has
been given to the manipulation of letter characteristics.
Both ELCY and S-TUCK present versions of George C. Lamb's
Variety of Contact or Consonant Line Approach. I shall use
ELCY's version and example and expand the consonant line
approach to make it more understandable. We start with:

A-3. No clue. Author Bosley No. 19. CM. June 1936.

1 2 3

U W Y M N X K A E H X R B Z U V X M U W B Z
 4 5 6

O Y Z T W H V C X Y A C Y A U Z D B R A H V K B A;

7 8 9

Z W S V A H K U Z B K C, M S C X C Y X B S,

10

X V Z Y T R Y C X P. (104L)

CONSONANT-LINE METHOD

The object is to isolate a small group of consonants. Whereas

frequency data can be manipulated, variety of contact data
cannot. We start with 1) a list of CT contacts in order of
appearance of the letters and 2) rearrange these CT letters in
order of decreasing variety of contacts.

A-3. Contacts

5U6 4W7 7Y9 3M5 1N2 8X10 4K7 6A7 1E1 4H6 3R5 6B8
--- --- --- --- --- --- --- --- --- --- --- ---
-|W U|Y W|M Y|N M|X N|K X|A K|- -|H E|X X|B R|Z
-|V U|B O|Z X|U | H|R V|B Y|- | W|V B|A W|Z
M|W T|H X|A -|S | V|M H|U Y U | A|V T|Y D|R
A|Z Z|S C|A | | C|Y B|C R|H | A|K | K|A
K|Z | C|X | | C|- | B|- | | | Z|K
| | Z|T | | Y|B | V|H | | | X|S
| | R|C | | -|V | | | | | |
C|P

7Z6 5V8 1O1 2T4 6C5 1D1 3S5 1P1

--- --- --- --- --- --- --- ---
B|- U|X -|Y Z|W V|X -|B W|V X|-
B|- H|C | Y|R -|Y | M|C |
Y|T H|K | | K|- | B|- |
U|- S|A | | S|X | | |
-|W X|Z | | -|Y | | |
U|B | | | Y|X | | |
V|Y | | | | | | |

Variety of Contact Table (VOC):

Freq: 8 7 6 5 4 4 6 5 4 7 / 3 3 6 3 / 2 1 1 1 1 1
VOC: 10 9 8 8 7 7 7 6 6 6 / 5 5 5 5 / 4 2 1 1 1 1
CT: X Y B V W K A U H Z / M R C S / T N E O D P
We start with the position that 20% of the text represented by
variety count are consonants. 20% of 104 = about 21. The line
of demarcation is between R and C but 4 letters have the same
VOC of 5, M,R,S,C. If we take one , we must take all and one
of these most likely is a vowel. The key to solution is the
VOC "step up" versus "step down" observation. Vowels tend to
step up and Consonants tend to step down. [i.e. 3M5 is a step
up of 2 points and 6C5 is a step down of one point.]

M, R, S all step up, C steps down 1 point and most likely is a

consonant. We develop a separation line and place the
contacts on each side of the consonant line starting from the
right of the VOC table.

First Consonant Line

C T N E O D P
---------------------
V |
X | XXXX
YY | YYY
K |
S |
Z |
| W
| R
M |
| H
| B

If any letter does not appear at all below the line, that
letter is most likely a consonant. A and U fall into this
catagory. We add these to analysis:

Second Consonant Line

C T N E O D P A U
---------------------
VV | V mark X and Y as Vowels
X | XXXX (vowel) both step up
YYYY | YYY (vowel) with high VOC
KKK |
S |
Z | ZZ consonant (step down)
| WWW test as h
R | R
MM |
| HHH
B | B
| U
A |
|

We shift to A-3 and mark in the suspected consonents.

A-3. No clue. Author Bosley No. 19. CM. June 1936.
cont 1 2 3

U W Y M N X K A E H X R B Z U V X M U W B Z
- - o - - o -- - o o - o - - - o - - - o -

4 5 6

O Y Z T W H V C X Y A C Y A U Z D B R A H V K B A;
- o - - - o - - o o - - o - - - - o - - o - - o -

7 8 9

Z W S V A H K U Z B K C, M S C X C Y X B S,
- - o - - o - - - o - - - o - o - o o o o
10

X V Z Y T R Y C X P. (104L)
o - - o - - o - o -

n and h turn up on the right and left side of the consonant

line freely. w and h are candidates. Since h=H, then w
might equal h. Digrams such as sh or ch are prevalent. W is
the second position in word 7 which tentatively confirms the
PT h and suggests that Z is a consonant (step down). B is
astep up as well as S. The third word confirms but the 9
word has four vowels. Hmm? K and H are both possibilities
for vowels. Word 4 tends to favor the H. So:

Final Consonant Line

C T N E O D P A U W Z
---------------------
VVV | V mark X and Y as Vowels
X | XXXX (vowel) both step up
YYYYY | YYYYY (vowel) with high VOC
KKK |
S | S vowel low freq? =u?
ZZ | ZZ consonant (step down)
| WWWW test as h
R | R
MM |
| HHHH
BBB | BBB vowel
UUUU | U consonant
A | consonant
T | T consonant

Let me fill in where ELCY stops. A-3 has vowels and consonants
separated. We have the PT letter h. Word 9 is either clever
or wrong. Using Barkers Pattern List on p39, we find bayou and
miaou. The same reference gives us thunderclaps for word 7.
Although not correct we find thunderstorm matching the pattern
under 819710/12W and word 8 suggests puma. The final message
reads: shipyard zealot snapshot kitchenmaid midst goldenrod;
thunderstorm, puma miaou, anticlimax.

The TEA database yields words: thunderstorm and anticlimax.

The reader is invited to reconstruct the keywords, if any.

NON-PATTERN WORD ATTACK

Try this Aristocrat.

A-4. Fire, fire burning bright. by Ah Tin Dhu.

1 2 3 4 5
A B C D E A C F G H I C J F H K C I B L K F B H L

6 7 8 9 10
K C M J N O M J P I B H L M C M R S P E B C A I H

11 12 13 14 15
T I A U H. K U M C E V D U H P. S C F G D J W B I L

16 17 18 19
J S U M L D U V N P, V E O M L C F G L E.

To solve by using non-pattern words, 3 or 4 words in the cipher

having several letters in common. Under one of these write 5
or 6 words from the pattern list. We will use OMAR's list
given previously. Note the initials and final letters and
letter positions of the trial words. In A-4. K is an initial
and L is a terminal. Choose the non-pattern words to conform
with this requirement. We write the common letters under the
trial word and try to make clear message out of the balance of
CT. Word 5 has K, BHL and F.

K F B H L A C F G H K C I B L B H L M C
1 b l a c k l c b a k a c k
2 c r a z y r z c a y a z y
3 w r o n g r n w o g o n g
4 c r o w d r w c o d o w d
5 d r u n k r n d u k u n k
6 f o u n d o n f u d u n d

Line 6 arson, fraud, under. Putting this into the risties

we get:

1 2 3 4 5
b u r y b r o w n a r s o n f r a u d f o u n d
A B C D E A C F G H I C J F H K C I B L K F B H L

6 7 8 9 10
f r e e a u n d e r e y u r b a n
K C M J N O M J P I B H L M C M R S P E B C A I H

11 12 13 14 15
c a b i n f i e r y i n r o w u a d
T I A U H. K U M C E V D U H P. S C F G D J W B I L

16 17 18 19
i e d i y e d r o w d y
J S U M L D U V N P, V E O M L C F G L E.

All the vowels are id'ed and r, n. The message is "Burly brown
arson fraud found fresh vesta under empty cabin. Fiery glint.
Prowl squad spied light, gyved rowdy."

RECAP

1. Common letters appear frequently in a message but not

necessarily in exact correspondence to the uniform frequency
distribution.

2. Start working with shorter words, common endings.

3. Look for repetitions of bigrams, trigrams, reversals.

4. Go with the flow of the cipher text and extract all the
information on frequency, position and contacts.

5. Eliminate all but few possibilities. Test and confirm. Test

and Confirm.

6. Work back and forth from the cryptogram and the keyword
alphabets. Expect the message to make some kind of sense.

7. Look for patterns or non patterns. Separate vowels and

consonants. Try brute force. Use lists.

8. Persevere.

CM REFERENCES

PHOENIX has compiled a list of articles (page 2) concerning

ARISTOCRATS between 1932 - 1993 in "The Cryptogram Index,"
available through the ACA. On page 27, he lists additional
references on simple substitution. Articles by B.NATURAL
and S-TUCK are especially useful. [INDE]

HOMEWORK PROBLEMS

Solve these cryptograms, recovery the keywords, and send your

solutions to me for credit. Be sure to show how you cracked
them. If you used a computer program, please provide "gut"
details. Answers do not need to be typed but should be
generously spaced and not in RED color. Let me know what part
of the problem was the "ah ha", i e. the light of inspiration
that brought for the message to you.

A-1. Bad design. K2 (91) AURION

V G S E U L Z K W U F G Z G O N G M V D G X Z A J U =
X U V B Z H B U K N D W V O N D K X D K U H H G D F =

N Z X U K Y D K V G U N A J U X O U B B S

X D K K G B P Z K D F N Y Z B U L Z .

A-2. Not now. K1 (92) BRASSPOUNDER

K D C Y L Q Z K T L J Q X C Y M D B C Y J Q L : " T R

H Y D F K X C , F Q M K X R L Q Q I Q H Y D L

M K L D X C T W R D C D L Q J Q M N K X T M B

P T B M Y E Q L K F K H C Y L Q Z K T L T C . "

A-3. Ms. Packman really works! K4 (101) APEX DX

* Z D D Y Y D Q T Q M A R P A C , * Q A K C M K

* T D V S V K . B P W V G Q N V O M C M V B : L D X V

K Q A M S P D L V Q U , L D B Z I U V K Q F P O

W A M U X V , E M U V P X Q N V , U A M O Z

N Q K L M O V ( S A P Z V O ) .

A-4. Money value. K4 (80) PETROUSHKA

D V T U W E F S Y Z C V S H W B D X P U Y T C Q P V

E V Z F D A E S T U W X Q V S P F D B Y P Q Y V D A F S ,

H Y B P Q P F Y V C D Q S F I T X P X B J D H W Y Z .

A-5. Zoology lesson. K4 (78) MICROPOD

A S P D G U L W , J Y C R S K U Q N B H Y Q I X S P I N

O C B Z A Y W N = O G S J Q O S R Y U W , J N Y X U

O B Z A ( B C W S D U R B C ) T B G A W U Q E S L.

* C B S W

REFERENCES

[ACA] ACA and You, Handbook For Members of the American

Cryptogram Association, 1995.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.
[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The
Simple Substitution Cipher with Word Divisions," Aegean
Park Press, Laguna Hills, CA. 1975.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NK, 1990.

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956.

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Part 1," ACA-

L, August 24, 1995.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Assoc of America, NYU, 1966.
[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"
CRC Press, London, 1995.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

Notes

Throughout my lectures, PT will be shown in lower case. CT

will be shown in upper case. As a convention, Plain text will
generally be shown above the Cipher text equivalent.

A = Aristocrats, P = Patristrocrats, X = Xenocrypts

Any typo errors are my responsibility. I probably fell asleep

at the keyboard. Please advise and I will correct them as well
as put out an erratum sheet at the end of the course. Students
may want to start a 3" permanent binder with separators for the
various lectures and materials.

OUTLINE

1. Intro - First Principles - Global Mathematical Nature

2. Keyword Systems and Conventions Used
3. Simple Substitution Cryptanalysis without/with
Complexities

a. Eyeball
b. Frequency Distributions - General Nature of English
Letters
c. Friedman Techniques - Random vs Expected -Spaces
and a Wealth of Tables: Digram, Trigram, and more
d. C. C. Foster Techniques
e. S-Tuck Techniques
f. Pattern Words
g. ELCY : Consonant Line Attack
h. Sinkov Techniques
i. Barker's Vowel Separation and Position Table
j. Non Pattern Words: "Dooseys"
k. SI SI Patterns
l. CM References for Risties
m. Relationship to XENOS:French and German Solutions
n. Computer Program Aids - TEA Database, CDB, ABACUS,
Computer Supplement
 o. References

4. Homework Problems

5. Variant Substitution Systems

a. Friedman
b. Waxton

Next lecture we will cover the balance of the outline material

and jump into Patristocrats.

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI
October 23, 1995
Revision. 0

LECTURE 2
SUBSTITUTION WITH VARIANTS
Part I

SUMMARY

In Lecture 2, we expand our purview of substitution ciphers,

drop the requirement for word divisions, solve a lengthy
Patristocrat, add more tools for cryptanalysis, look at some
historical variations and solve the assigned homework problems.

IDENTIFYING SUBSTITUTION AND TRANSPOSITION CIPHERS

Recall from Lecture 1, that the fundamental difference between

substitution and transposition ciphers is that in the former,
the normal or conventional values of the letters of the PT are
changed, without any change in the relative positions of the
letters in their original sequences, whereas in the latter,
only the relative positions of the letters of the PT in the
original sequences are changed, without any changes to the
conventional values for the letters.

I used the term uniliteral frequency distribution [UFD] (I also

misspelled uniliteral as unilateral) to identify the simple
substitution cipher. Three properties can be discerned from
the UFD applied to CT of average length composed of letters:
(1) Whether the cipher belongs to the substitution or
transposition class; (2) If to the former, whether it is
monoalphabetic or non-monoalphabetic in character, (3) If
monoalphabetic, whether the cipher alphabetic is standard
(direct or reversed) or mixed.

CIPHER CLASS

Because a transposition cipher rearranges the PT, without

changing the identities of the PT, the corresponding number of
vowels (A,E,I,O,U,Y), high frequency consonants (D,N,R,S,T),
medium-frequency consonants (B,C,F,G,H,L,M,P,V,W) and
especially, low-frequency consonants (J,Q,X,Y,Z) are exactly
the same in the CT as they are in the PT. In a substitution
cipher, the conventional percentage of vowels and consonants
in the CT have been altered. As messages decrease in length
there is a greater probability of departure from the normal
proportion of vowels and consonants. As messages increase in
length, there is lesser and lesser departure from normal
proportions. At 1000 letters or more, there is practically no
difference at all between actual and theoretical proportions.
Friedman presents charts showing the normal expectation
of vowels and high, medium, low and blanks for messages of
various lengths. For example, for a message of 100 letters in
plain English, there should be between 33 and 47 vowels
(A,E,I,O,U,Y). Likewise, there will be between 28 and 42 high-
frequency consonants (D,N,R,S,T); between 17 and 31 medium
frequency consonants (B,C,F,G,H,L,M,P,V,W); between 0 and 3
low-frequency consonants (J,Q,X,Y,Z); and between 1 and 6
blanks theoretically expected in distribution of the PT. Cipher
class is considered transposition if the above limits bound the
CT message and substitution if the above expected limits are
outside the chart limits for the message length in question.
[FR1/ p32-39]

UFD

The uniliteral frequency distribution (UFD) may be used to

indicate monoalphabeticity. The normal distribution shows
marked crests and troughs by virtue of two circumstances.
Elementary sounds which the symbols represent are used with
greater frequency. This is one of the striking characteristics
of every alphabetic language. With few exceptions, each sound
is represented by a unique symbol. The one-to-one mapping
correspondence between PT and CT will dictate a shifted UFD
with different absolute positions of the crests and troughs
from normal. A marked crest-and-trough appearance in the UFD
for a given cryptogram indicates that a single cipher alphabet
is involved and constitutes one of the tests for a mono-
alphabetic substitution cipher.

The absence of marked crests and troughs in the UFD indicates

that a complex form of substitution is involved. The flattened
out appearance of the distribution is one of the criteria for
rejection of a hypothesis of monoalphabetic substitution.

LAMBDA BLANK EXPECTATION TEST - LB^

Friedman presents a chart supporting the LB^ test for blanks in

English messages up to 200 letters. [FR1] Soloman Kullback
derives the Lambda test and presents extensive probability data
on English, French, German, Italian, Japanese, Portuguese,
Russian and Spanish. [KULL] Statistical studies show that the
number of blanks in a normal PT message is predictable.
Friedman's chart shows that the plaintext limit, P and the
random expectation, R limits are a function of message size.
On his chart, random assortment of letters correspond to
polyalphabetic CT. The number of alphabets used is large
enough to approximate a UFD identical to a distribution of
letters picked randomly out of a hat.

PHI TEST FOR MONOALPHABETICITY

This test compares the observed value PHI(o) for the

distribution being tested with the expected value PHI(r) random
and the expected value of PHI(p) plain text. For English
military text,

PHI(r) = .0385N(N-1)
PHI(p) = .0667N(N-1)

where N is the number of elements in the distribution. The

constant .0385 is 1/26 decimal equivalent and constant .0667
is the sum of squares of the probabilities of occurrence of the
individual letters in English PT. [FR3]

Example 1 of the PHI test on the following cryptogram is:

O W Q W Z A E D T D Q H H O B A W F T Z W O D E Q

T U W R Q B D Q R O X H Q D A G T B D H P Z R D K

f: 3 3 7 2 1 1 4 1 4 1 6 3 4 1 5 1 3
CT: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
f(f-1): 6 6 42 2 0 0 12 0 12 030 6 12 0 20 0 6

N = number of letters = sum fi = 50

PHI(o) = sum [fi(fi-1)] = 154

PHI(r) = .0358N(N-1) = .0385x 50 x49 =94

PHI(p) = .0667N(N-1) = .0667x 50 x49 =163

Since PHI(o), 154, more closely approximates PHI(p) than does

PHI(r), we have mathematical corroboration of the hypothesis
that the CT is monoalphabetic.

Example 2: Given the frequency distribution of CT as:

f: 1 1 2 3 4 2 1 4 2 1 1 3
CT: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
f(f-1): 0 0 2 612 2 0 12 2 0 0 6

N = 25 letters
PHI(o) = 42

PHI(r) = 0.0385x25x24 = 23
PHI(p) = 0.0667x25x24 = 40

Since PHI(o) observed is closer to PHI(p), then this letter

distribution is monoalphabetic. But compare to example 3 with
25 letters:

f: 1 1 1 2 1 1 1 3 1 1 1 2 1 1 1 1 2 3
CT: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
f(f-1): 0 0 0 2 0 0 0 6 0 0 0 2 0 0 0 0 2 6

N = 25 letters
PHI(r) = 0.0385x25x24 = 23
PHI(p) = 0.0667x25x24 = 40

Since PHI(o) observed is closer to PHI(r), then this letter

distribution is non-monoalphabetic.

Before we think this test is perfect, the student should try

the above PHI test on the phrase:

" a quick brown fox jumps over the lazy dog"

He will find that N=33, PHI(o)= 20 and PHI(r) = 41; PHI(p)=70.

since the observed value is less than half of PHI random, this
would suggest that the letters of this phrase could not be
plain text in any language. Think about the cause of this
result. For a simplified derivation, see Sinkov [SINK]

Kullback gives the following tables for Monoalphabetic and

Digraphic texts for eight languages:

Monoalphabetic Digraphic
Text Text

English 0.0661N(N-1) 0.0069N(N-1)

French 0.0778N(N-1) 0.0093N(N-1)
German 0.0762N(N-1) 0.0112N(N-1)
Italian 0.0738N(N-1) 0.0081N(N-1)
Japanese 0.0819N(N-1) 0.0116N(N-1)
Portuguese 0.0791N(N-1)
Russian 0.0529N(N-1) 0.0058N(N-1)
Spanish 0.0775N(N-1) 0.0093N(N-1)

Random Text

Monographic Digraphic Trigraphic

.038N(N-1) .0015N(N-1) .000057N(N-1)

Note that the English plain text value is slightly less than
Friedman's. [KULL] [SINK]

INDEX OF COINCIDENCE (I.C.)

Friedman made famous the Index of Coincidence. It is another

method of expressing the monoalphabeticity of a cryptogram. We
compare the theoretical I.C. with the actual I.C. I.C. is
defined as the ratio of PHI(o)/PHI(r). Thus, in example one
the I.C. is 154/94 = 1.64. The theoretical I.C. for English is
1.73 or (.0667/.0385). The I.C. of random text is 1.00 or
(.0385/.0385). Friedman wrote a paper entitled "The Index of
Coincidence and Its Application in Cryptography", which is
perhaps the most ground breaking treatise in the history of
cryptography. [FR22]
CIPHER ALPHABETS - STANDARD OR MIXED

Assuming a UFD that is monoalphabetic in character, we observe

the crests and troughs of the distribution. If they occupy
relative offset positions to the normal UFD, than the alphabet
is most likely standard, (A, B, C,..). If not, the CT is
prepared using a mixed alphabet. The direction the crests and
troughs progress left to right or right to left tell us whether
the alphabet is standard or reversed in direction.

LONG WORD RISTIES - SHERLAC METHOD

When an Aristocrat consists of all long words, it may be

attacked by the SHERLAC Method. The object is to compare vowel
positions and word endings in a columnar display of the CT by
individual word. We mark all low frequency ( f <= 3 ) , then
the 2nd column position (vowel favorite) and word endings are
examined. For example, from S-TUCK: [TUCK], [B201]

fi 14 13 12 12 10 10 8 5 5 4 4 4 3 3 3 3 3 3 2 2 2 2
CT D Q I N O P A L X E R V C F H M S Y J K W Z

F= 127 letters = sum fi

The CT presented in columnar form and marked for low frequency

letters is:

c . c v . . v c c v
1. X W V I M S O Q P N V
s c o h a n t i

c v . c c . v . v c
2. Q I F E D Y I H O Q,
n o b l e w o m a n

. v . c v . v c c
3. Z I Y P I Y N Q L
o w t o w i n g

v . v c c v c v c v c c .
4. D K O L L D A O P D R E W ,
e x a g g e r a t e d l y

c v c . c v v v c
5. R N X M E D O X D R
d i s l e a e d

c v . v c v v c c
6. X I C D A D N L Q .
s o e r e i g n

. c v . v v v c v v c
7. M A I C I V O P N I Q
r o o e a t i o n

v c v c c v c v c v
8. N Q I A R N Q O P D ,
i n o r d i n a t e
. v c v c . . v c c
9. F O Q N X S H D Q P
a n i s h m e n t

v c c v c c c v . v c c v . c v
10. N Q V I Q P A I C D A P N F E D.
i n c o n t r o v e r t i b l e

v . c v c . v c .
11. O J P D A H O P S,
a f t e r m a t h

. v c c . v . v c
12. Z N Q L -J N K D A !!!
i n g f i x e r

We mark the cipher as we put forth the following thoughts.

Analysis of Column 2 in the above CT, shows that I appears
three times with 11 low frequency contacts. It is probably
a vowel but not "i." N appears twice with 5 low frequency
contacts and also in third end position 3 times. Probable
vowel, may be i as in ion. Q appears twice; no low frequency
contacts, follows probable vowels 7 times. Might be n.
i and n are placed in the CT. Word 7 yields I = o. Word 3
yields the L = g. [Word 6 may not fit though.] Word 7
also suggest that P =t for tion. P precedes N and I 4 times,
and follows O 3 times. D begins one word, ends 2, has high
frequency, and is scattered. Let D = e. O contacts 6 low
frequency, and precedes n 3 times, t 4 times and the t is
followed by e twice. We have the 'ate' trigram, so O=a. Note
that A reverses with D and contacts vowels 10 times. A=r.

Word 10 shows incontrovertible. Playing it thru with V=c,F=b,

and E=l, word 2 becomes noblewoman, Y=w,h=m. Word 11 is
aftermath giving two more PT equivalents of J=f, and S=h.
Word 4 gives us the K=x, R=D, W=y. Word 6 is sovereign and
yields the PT s. The balance of the CT can be found by check
off and testing.

The message reads: Sycophantic noblewoman, kowtowing

exaggeratedly, displeased sovereign. Provocation inordinate,
banishment incontrovertible. Aftermath king-fixer!

I have experimented with the SHERLAC method. Even when the CT

includes small words <= 4 letters, it seems to yield valuable
data. Just line the CT (words 5 or more letters) in columns
and ignore the shorter words. Then work back and forth with
the shorter words for confirmations.

PATRISTOCRATS

When we remove the crutch of word divisions in the Aristocrat

and present in standard telegraphic five letter groups, we have
the "Patristocrat" or "undivided." S-TUCK gives a solution
procedure for "undivideds" as well as Friedman. ELCY also
discusses the Aristocrat without word divisions in her chapter
11. [TUCK], [FR1], [ELCY] Friedman's presentation is
excellent and is summarized for the reader.

Given P-1:

SFDZF IOGHL PZFGZ DYSPF HBZDS GVHTF UPLVD FGYVJ VFVHT

GADZZ AITYD ZYFZJ ZTGPT VTZBD VFHTZ DFXSB GIDZY VTXOI

--- -------------

YVTEF VMGZZ THLLV XZDFM HTZAI TYDZY BDVFH TZDFK ZDZZJ

-------------------------------

SXISG ZYGAV FSLGZ DTHHT CDZRS VTYZD OZFFH TZAIT YDZYG

--------------

AVDGZ ZTKHI TYZYS DZGHU ZFZTG UPGDI XWGHX ASRUZ DFUID

---- -----

EGHTV EAGXX

There are two basic attacks on the Patristocrat. The first

method creates a triliteral frequency table and the second uses
the "probable word" as a wedge into the cryptogram. The first
attack follows many of the vowel - consonant splitting steps
that we have looked at previously.

METHOD A: Vowel - Consonant Splitting

Step 1: Inspect/mark for long repetitions, many letters of

normally low frequency, such as F, G, V, X, Z; and
vowels and high frequency consonants N and R are
relatively scarce.

Step 2: Prepare UFD and apply PHI tests.

8 4 1 23 3 19 19 15 10 3 2 5 2 0 3 5 0 2 10 22 5 16 1 8 14 35
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

PHI(p) = 3668 PHI(r) = 2117 PHI(o) = 3862 ft = 235

The marked crests and troughs and the PHI test support the
monoalphabetic hypothesis. Friedman advises that "the beginner
must repress the natural tendency to place too much confidence
in the generalized principles of frequency and to rely too much
upon them. [i.e. setting Z=e, D=t ] It is far better to into
effective use certain other data concerning normal plain text,
such as digraphic and trigraphic frequencies."

Step 3: Prepare a special worksheet; mark reversible digraphs

 and trigraphs, inscribe the frequencies of the first
and last 10 letters, because these positions often lend
themselves more readily to attack, and note positions
of low frequency CT letters.

Step 4: Prepare a Triliteral Frequency Distribution (TFD)

showing One Prefix and One Suffix Letter. Examine
the TFD for digraphs and trigraphs occurring two or
more times in the cryptogram. Note repeated digraphs
and trigraphs. For the above CT,

DZ = 9x, DF = 5x, DV = 2x
ZDF = 4x, YDZ = 3x, BDV = 2x

-----------------------------------------------------

Condensed Table Of Repetitions For P-1.

Digraphs Trigraphs Polygraphs

DZ - 9 TZ - 5 DZY - 4 HTZAITYDZY - 2
ZD - 9 TY - 5 HTZ - 4 BDVFHTZDF - 2
HT - 8 FH - 4 ITY - 4 ZAITYDZY - 3
ZY - 6 GH - 4 ZDF - 4 FHTZ - 3
DF - 5 IT - 4 AIT - 3
GZ - 5 VF - 4 FHT - 3
VT - 4 TYD - 3
ZF - 4 YDZ - 3
ZT - 4 ZAI - 3
ZZ - 4

--------------------------------------------------------

IE
ZF HV
GI ZG
SZ IY
VG DU AX ZK
YZ ZZ EH IY
ZO FH WH HZ
CZ ZF PD GT VY
ZT VS TU GX HC
ZZ DK ZH GU DH
ZF VH DZ KI HZ
BV DM YA FT IY
YZ EV LZ FT HZ
ZF DX YA HT UD AR ZH
IZ VH SZ TH DX YD VE
EG ZF YZ MZ FT HT RV VX
XS BV VV BI MT AT FL HZ
GV YZ DG TP TL XS IG VZ
ZI AZ TU TA FT AT SG UG JX PV
 GV YD VF PH FY VT OY LV GT XB ZG
ZI SG ZS VA ZG SV VT GD ZS HL DZ UL DG IY
ZI ZD ZY DG ZI FZ FB AT ZZ TH PV FH XI SF SU YP HG
GD HZ TD FZ TF SD OH GL FO VV FZ HP VG IG LZ ZS -F HF
A B C D E F G H I J K L M N O P Q R S T
8 4 1 23 3 19 19 15 10 3 2 5 2 0 3 5 0 2 10 22

KD
TD
DY
TE TA UD
AD XD FT
ST ZS ZT UF
AF TZ GZ DG
DF ZG DY YY
LX TD TD ZT
FM TZ TB GZ
YT ZG JT DY
YT X- ZB FJ TA
DF GX TD DY OF
TT HA IV ZA YD
FI FH IW ZV DZ DR
RZ JF SI ZF BD GD
GP YJ VZ TD GD GY
HZ LD TO GV PF ZJ
FP GH XG FS DS DF DZ
U V W X Y Z

---------------------------------------------------------

Step 5: Classify the cipher letters into vowels and consonants.

As we did in the Aristocrats, again we separate high
frequency letters into probable vowels and consonants.
If we find A, E, I, O, and N, R, S, T, we have values
for 2/3 of the cipher text letters that normally (most
likely) occur in the cryptogram.

Friedman's Table 7-B in Appendix 2 confirms that vowel

combine differently from consonants. The top 18
digraphs compose about 25 per cent of English text.
The letter E enters into 9 of the 18 digraphs.
[FRE1]

ED EN ER ES NE RE SE TE VE

The remaining 9 digraphs are:

AN ND OR ST IN NT TH ON TO

None of the 18 digraphs is a combination of vowels. So E

combines with consonants more readily than with other vowels or
even itself. So if the letters of the highest frequency are
listed with the assume CT =e , those that show a high affinity
are likely N R S T and those that do not show any affinity are
likely A I O U. In P-1., Let Z = e because it is high
frequency and combines with several other high frequency
letters, D, F, G. The nine next highest frequency letters and
their combinatorial affinity with Z are:

Z as prefix 8 4 4 1 0
D(23) T (22) F(19) G(19) V(16)
Z as suffix 9 5 2 5 0

Z as prefix 0 6 0 0
H(15) Y(14) S(10 I(10)
Z as suffix 0 2 0 0

Step 6: Analysis of Data

CT D occurs 23 times, 18 times combined with Z, 9 times as

areversal ZD, DZ. T shows 9 combinations Z, 4 in ZT and
5 in TZ. D and T must be consonants. Similarly, F, G, Y
are guessed as consonants. An initial cut is:

Vowels Consonants
Z=e, V, H, S, I D, T, F, G, Y

Friedman's Table 6 in Appendix 2 gives us 10 most

frequently occurring diphthongs: [FRE1]

Diphthong: io ou ea ei ai ie au eo ay ue
Frequency: 41 37 35 27 17 13 13 12 12 11

Also, O is usually the vowel of second highest CT frequency.

Looking at V, H, S, I not = i, can we find the CT equilvalent
of PT o?

List the combinations of V, H, S, I and Z=e in the message. We

examine the combinations they make among themselves and with Z
= e.

ZZ = 4 VH = 4 HH = 1 HI = 1 IS = 1 SV = 1

Now, ZZ = ee. HH is oo, because aa, ii, uu are practically

non-existent. oo is the second highest frequency double vowel
next to ee. If H=o, then V =i, where VH occurs twice and io is
a high frequency diphthong in English. So our analysis results
(unconfirmed) so far are:

Z = e, H = o, V = i

So I and S should be a and u. Here we use another Friedman

tool to look at the possibilities. We define the alternative
PT diphthongs and add frequency values as a set.

1) either I = a and S = u, each digraph occurs 1x

2) or I = u and S = a.

HI = oa value = 7 HI = ou value = 37
SV = ui value = 5 SV = ai value = 17
 IS = au value = 13 IS = ua value = 5
==== ====
Total 25 59

Alternative two seems more likely. A more precise method for

choosing between alternative groups of Digraphs by considering
logarithmic weights of their assigned probabilities, rather
than PT frequency values. These weights are given by Friedman
in [FRE2] Appendix 2. The method is detailed on pp 259-260.
Tables 8 and 9A - C give the data for 428 digraphs based on
50,000 words of text. See also [KULL].

HI = oa L224 = .48 HI = ou L224 = .79

SV = ui values= .42 SV = ai values= .64
IS = au = .59 IS = ua = .42
===== =====
Total Log base 1.49 1.85
224

Multiple occurrences of a digraph would be multiplied by its

log base 224 relative weight and added as a group.

So we now have Z = e , H = o, V =i, S = A, I = u

for vowel equivalents.

The consonants may be viewed from their combination with

suspected vowels. Since VH = io might infer sion or tion
tetragraphs we look at the CT and find

GVHT and FVHT

T most likely is the n and G or F could be s or t. Note that

the CT D is neither PT t or n or PT s. The reversal with Z
=e, suggests the letter r.

As an alternative, the Consonant-Line approach would yield

B C E J K M O R W
-----------------------
Y �
D D �D D D vowel ?
S S �S S vowel
�G G G G G
Z Z Z Z �Z Z Z Z vowel
H �H H vowel
T T T �
V V V �V vowel
�A
F F �F vowel?
X X �
I �I vowel?
�U
The general principles are repeated. Vowels distinguish
themselves from consonants as they are represented by

1) high frequency letters,

2) high frequency letters that do not contact each other
3) high frequency letters with great variety of contacts
4) high frequency letters with am affinity for low frequency
PT consonants

Step 7: Prepare the partial enciphering alphabet and substitute

into the cryptogram.

PT: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
CT: S Z V T H D G F I
F G
P-1 revisited and rewritten:

S F D Z F I O G H L P Z F G Z D Y S P F H B Z D S
a t r e t u s o e t s e r a t o e r a
s s t s t s

G V H T F U P L V D F G Y V J V F V H T G A D Z Z
s i o n t i r t s i i t i o n s r e e
t s s t s t

A I T Y D Z Y F Z J Z T G P T V T Z B D V F H T Z
u n r e t e e n s n i n e r i t o n e
s t s

D F X S B G I D Z Y V T X O I Y V T E F V M G Z Z
r t a s u r e i n u i n t s e e
s t s t

T H L L V X Z D F M H T Z A I T Y D Z Y B D V F H
n o i e r t o n e u n r e r i t o
s

T Z D F K Z D Z Z J S X I S G Z Y G A V F S L G Z
n e r t e r e e a u a s e s i t a s e
s t t s t

D T H H T C D Z R S V T Y Z D O Z F F H T Z A I T
r n o o n r e a i n e r e t t o n e u n
s s

Y D Z Y G A V D G Z Z T K H I T Y Z Y S D Z G H U
r e s i r s e e n o u n e a r e s o
t t t

Z F Z T G U P G D I X W G H X A S R U Z D F U I D
e t e n s s r u s o a e r t u r
s t t t s
E G H T V E A G X X
s o n i s
t t

I have left out the frequencies above the letters for editorial
space only.

We can see from a first reading that PT words operations, nine

prisoners, and afternoon come thru. G = t, F = s, B = p, L =f.

Step 8: Complete the solution. Prepare the Ct/Pt Key

Alphabets.

Message: As result of yesterdays operations by first division

three hundred seventy nine prisoners captured including sixteen
officers. One hundred prisoners were evacuated this afternoon,
remainder less one hundred thirteen wounded are to be sent by
truck to chambersburg tonight.

PT: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
CT: S U X Y Z L E A V N W O R T H B C D F G I J K M P Q

METHOD B: Probable Word Attack

"Patties" in the CM usually come with a tip and are generally

shorter than the above example. The tip constitutes a probable
PT word or phrase and we search the CT for a pattern of CT
letters that exactly match the probable word. The choice of
probable words is aided or limited by the number and positions
of repeated letters. Repetitions may be patent (visible
externally) or latent ( made patent as a result of the
analysis. For the example DIVISION with a repeated I or
BATTALION with the reversible AT, TA help the cryptanalysis
even though word divisions were removed. Friedman named what
we call patterns as idiomorphs. [FRE2] gives many pattern
lists for solution of substitution and Playfair ciphers. TEA
computer program at the Crypto Drop Box is an automated pattern
list to 20 words. [CAR1], [CAR2], [WAL1], [WAL2] give
idiomorphic data. The process of superimposing the plain
text word over the correct cipher text will effect the entry
to the cryptogram. Other references include: [RAJ1], [RAJ2],
[RAJ3], [RAJ4], [RAJ5], [HEMP], [LYNC].

SOLUTION OF ADDITIONAL CRYPTOGRAMS PRODUCED BY SAME COMPONENTS

Once the cryptogram has been solved and the keying alphabet
reconstructed, subsequent messages which have been enciphered
by the same means solve readily.
P- 2.

Suppose the following message is intercepted slightly later at

the same station.

I Y E W K C E R N W O F O S E L F O O H E A Z X X

P - 1. reconstruction and arbitrarily set at L = a.

PT a b c d e f g h i j k l m n o p q r s t u v w x y z
CT L E A V N W O R T H B C D F G I J K M P Q S U X Y Z

Cryptogram I Y E W K C E R N W
Equivalents P Y B F R L B H E F

running down the sequence yields CLOSE YOURS as a generatrix.

I Y E W K C E R N W
P Y B F R L B H E F
Q Z C G S M C I F G
R A D H T N D J G H
S B E I U O E K H I
T C F J V P F L I J
U D G K W Q G M J K
V E H L X R H N K L
W F I M Y S I O L M
X G J N Z T J P M N
Y H K O A U K Q N O
Z I L P B V L R O P
A J M Q C W M S P Q
B K N R D X N T Q R
*** C L O S E Y O U R S
D M P T F Z P V S T
E N Q U G
F O R V H
G P S W I
H Q T X
I R U Y
J S V Z
K T W A
L U X B
M V Y C
N W Z D
O X A E

Set the cipher component against the normal at C = i.

PT a b c d e f g h i j k l m n o p q r s t u v w x y z
CT F G I J K M P Q S U X Y Z L E A V N W O R T H B C D
Solving: Close your station at two PM.

[FRE1] discusses keyword recovery processes on pp 85 -90.

Also see [ACA].

VOWEL CIPHER

Louis Mansfield introduced the concept of a vowel substitution

cipher in 1936. [MANS] In the vowel cipher the key
alphabet is written into a square with j=i, like this:

COLUMN

A E I O U
�-----------------
A �a b c d e
�
E �f g h i/j k
�
I �l m n o p
ROW �
O �q r s t u
�
U �v w x y z

Enciphering is row by column or t = OO ; h = EI ;

and e = AU.

The entire CT message enciphered is a succession of vowels.

The CT will be exactly twice as long as the PT. This method is
not more difficult to crack than the standard Aristocrat but
our focus is on the frequency of vowel combinations in the CT.
The PT equivalents do not have to be in standard order. Try
this example.

VV-1.

1 2 3 4 5
OUOE OUAE OUIUIAAIUIUUOEOUAOAI OEEOUUOE OEEOAI

6 7 8
UOEUUEUEAIAEOE OOAIOEUUOUUEAE EEUO

9 10 11 12 13
UUUEUE OEUIEEEEIA IUEEAOAIIUAIOAOEAE IOAI EIUUUI-

14 15 16
AIUOEUUEUEEA EIEEIUIAOUUEAIOO UUOAOO AEAIOAOE

17 18 19
OEEE EUAE UIAIIIEUUEUUUIUEEA.

To solve this cipher we list the various combinations of two

vowels.

AA EA (2) IA (4) OA (3) UA

AE (6) EE (6) IE OE (11) UE (10)

AI (11) EI (2) II (1) OI UI (5)

AO (2) EO (2) IO (1) OO (3) UO (3)

AU EU (4) IU (4) OU (6) UU (7)

AI and OE appear 11 times and often as finals. Either might be

the "e". OE appears as an initial. WE try OE as t and AI as
e. Word 5 becomes 'the.' Word 4 confirms as 'that.' UU =
a. UE = l. The normal procedure of test and confirm gives us
the message: It is imperative that the fullest details of all
troop movements be carefully compiled and sent to us regularly.

The partial keying square is:

A E I O U
--------------------------
A s e v

E y o c h u

I p g b m

O n t d i

U l r f a

MIRABEAU'S CIPHER

Comte de Mirabeau (1749 - 1791) was one of the great orators

in the National Assembly, the body that governed France during
the early phases of the French Revolution. He was a political
enemy of Robespierre. He developed a simple substitution
variant to relay his court messages to Louis XVI (who rejected
his moderate advise). His father, the Marquis de Victor
Riqueti Mirabeau imprisoned his son for failure to pay debts.
He devised this system during his stay in debtors prison.

The Mirabeau system of ciphering letters of the alphabet are

divided into five groups of five letters each. Each letter is
numbered according to its position in the group. The group is
also numbered. The key alphabet is arranged as follows:

1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
I S U W B K T D Q R X L P A E
6 8 4

1 2 3 4 5 1 2 3 4 5
G O Y V F Z M C H N
7 5

Encipherment of the phrase ' the boy ran' would

be 82.54.45, 65.72.73, 85.44.55 where the t is
referenced by group 8,letter2. Solution of messages
is clearly by frequency analysis, the key being reconstructed
from the message. Mirabeau experimented by reversing number
order in this positional number system and adding nulls to
confuse the interloper. One of the interesting complications
added by Mirabeau was to express the CT as a fraction with
group number as numerator and position number as denominator.
Other figures were added to foil decipherment. In such a case
the alphabet is grouped into fives as before, but the groups
and positions are each numbered with the same five figures.
So:

1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
O A G P U T C N H Y X M F I S
1 2 3

1 2 3 4 5 1 2 3 4 5
L Q W B V R E K Z D
4 5

Enciphering 'the boys run' :

2 2 5 4 1 2 3 5 1 2
- - - - - - - - - -
1 4 2 4 1 5 5 1 5 3

adding numerals 6, 7, 8, 9, 0 as non-values both above and

below the line increase the security slightly. Or:

29 27 50 48 17 29 39 56 10 28
-- -- -- -- -- -- -- -- -- --
71 64 92 74 94 85 65 91 75 83

The recipient reads the message by cancelling the non-values

and using the others. A key to recognition of this cipher is
that the non-values (nulls) are never employed as group or
position numbers.

The complicated form of the Mirabeau is solved by preparing a

Fractional Bigram sheet and reducing out the non-values.
Suppose we encipher the phrase 'we have been here':
 2 1 4 5 4 5 5 2 1 5 5 5
- - - - - - - - - - - -
4 2 5 2 4 2 2 3 4 2 1 2

Using non-values (6,7,8,9,0) as:

62 10 40 65 47 57 75 62 27 58 57 85
-- -- -- -- -- -- -- -- -- -- -- --
48 62 95 20 84 27 92 30 49 62 19 29

The five 'e' s which occur are different each time.

65 57 75 58 85
-- -- -- -- --
20 27 92 62 29

The fractional group sheet proceeds like a Bigram analysis.

Instead of letters we use fractions.

The first fraction would be noted in four different ways, e.g.,

6 6 2 2
- - - -
4 8 4 8

65 6 6 5 5
the group -- would be catalogued - - - -
20 2 0 2 0

5
The fraction - (which is the real e) will eventually assume
2

its normal frequency and thus display its identity. Armed with
the fact that 5/2 represents e, we cancel out all the
non-values which occur with this fraction. Each time we
cancel out a non-value, we do so for the entire cryptogram.
Even if the 5/2 represents another letter, such as t, the
uniliteral frequency distribution will be present in the CT.

TELEPHONE CIPHER VARIATION - CHARLES SCHWAB

Hardly a cipher, but a modern substitution system effecting 10

million brokerage customers is the Charles Schwab Telephone
Automated Customer Service System. The telephone is used for
the enciphering of literal and numerical data to the Schwab
computer system. So:

1 -
2 - A B C
 3 - D E F
4 - G H I
5 - J K L
6 - M N O
7 - P R S NO Q use 99
8 - T U V
9 - W X Y NO Z use 98
* -
0 -
# -

J F M A M J JU A S O N D
CALLS A B C D E F G H I J K L
PUTS M N O P Q R S T U V W X

STRIKE PRICE CODES

A B C D E F G H I J K L

5 10 15 20 25 30 35 40 45 50 55 60
105 110 115 120 125 130 135 140 145 150 155 160
205 210 215 220 225 230 235 240 245 250 255 260
305 310 315 320 325 330 335 340 345 350 355 360

M N O P Q R S T U V W X

65 70 75 80 85 90 95 100 7.5 12.5 17.5 22.5

165 170 175 180 185 190 195 200
265 270 275 280 285 290 295 300
365 370 375 380 385 390 395 400

Other combinations of the above indicate special actions.

10 = accept. 90 = reject. * = return, end, # - account
terminator. Note that 1 number represents 3 equivalents.
Schwab uses the position to indicate the letter similar to the
ancient Masonic Cipher. For example, Janus Enterprise Fund
symbol is JAENX = 51-21-32-62-92.

An order to buy 750 shares JAENX at a limit price of 23.5 plus

a MAY call for 100 shares of BAX at strike price 25 might
include the following entries in the electronic order:

18002724922, 61702554#, xxxx#, 1, 1, 750, 5121326292, 54,

23*50, *, 1, 1, 100, 222192, 32, 32, 10, *

which represents the telephone number of Charles Schwab,

account number and PIN, order codes, limit code, transfer
codes, menu response items. Other codes would allow you to
move around your account and monitor the order.
[Schw]
Note also that the basis telephone code is a 12 by 3 matrix.

1 2 3
1 - b b b
2 - A B C
3 - D E F
4 - G H I
5 - J K L b - represents available
6 - M N O information slot
7 - P R S
8 - T U V i.e. 9 = W X Y, but 93 = Y
9 - W X Y only
10 * - b b b
11 0 - b b b
12 # - b b b

It is easy to see how this process could be expanded to larger

and larger keyspaces. See references [BOSW], [KOBL] and [WEL].
for a fair discussions of the numerical requirements involved.
A good discussion of the Information Theory is found in
reference [RHEE]. A look at modern design criteria for bank
fund transfer and similar PIN systems in found in Meyer and
Matyas. [MM]

MORE COMPUTER AIDS

Dr. Caxton C. Foster who wrote "Cryptanalysis for Micro-

computers, while at the University of Massachusetts, has
generously donated his computer programs on substitution and
transposition to the class. I have sent an updated disk to our
CDB. [CCF] GWEGG has Cryptodyct on disk written in DbaseIV.
Contact him for a copy.

A review of the entire field of applied cryptography is

presented in Bruce Schneier's book. Most of the material is
beyond the scope of this class, however a PC source / program
diskette is included with his book. There are ITAR limitations
associated with his disk. We will cover some of the historic
symmetric algorithms such as Vigenere and Playfair ciphers.
[SCHE]

HOMEWORK ASSIGNMENTS

Pd-1. Daniel

H Z K L X A L H X P N C I N Z X F L I X G N W Q X
P N Z K T L N K X O L X N I Z X G I N X P N E Z K

X W Q X P Z X L H X P N C I N Z X S N Q N T X W Q

X P N W V S N I K L K H B L X N W Q L X H F Z I L

N X A Z K S B W E N I.

Pd-2. Join the army. Daniel

F L B B A O I A F Q E A O M Z U I L O N R Z O Q A

O P I L O M O L S F P F L I P F L B B A O E R I C

A O Q E F O P Q B L O W A V H Z O W E A P X Z Q Q

G A P Z I V V A Z Q E G A Q E F H T E L G L S A P

L R O W L R I Q O U F I E F P E A Z O Q Z I V I L

Q T F Q E E F P G F M P L I G U B L G G L T H A.

SOLUTION TO HOMEWORK PROBLEMS FROM LECTURE 1

First assume that only English is involved in all 5 problems.

(This may not be true third round.) My thanks to both WALRUS
and SNAIL PACE for detailed solutions.

Problem A-1. can be solved by the Pattern Word method.

A-1. Bad design. K2 (91) AURION

1 2 3 4 5 6
V G S E U L Z K W U F G Z G O N G M V D G X Z A J U =

7 8 9 10
X U V B Z H B U K N D W V O N D K X D K U H H G D F =

11 12 13 14
N Z X U K Y D K V G U N A J U X O U B B S

15 16 17 18
X D K K G B P Z K D F N Y Z B U L Z .

Lots of two and three letter words. One of the three letter
words most likely 'the'. The GON GM combination is a possible
wedge. Note that N = 6/91 = 6.6% of CT, Z = 8/91 = 8.9% and
V = 5/91 = 5.5% of CT. Word 10 pattern is (556) 291 on 12L
word = disappointed. Note the 'ted' ending fits with word 17
t_e = the. so Y=h. Word 16 confirms DF = in.
Plugging in A-1, we have:

A-1. Bad design. K2 (91) AURION

1 2 3 4 5 6
b o y a e s a n o e o u t o b i o d e g r a
V G S E U L Z K W U F G Z G O N G M V D G X Z A J U =
7 8 9 10
d a b l e p l a t i b u t i s d i s a p p o i n
X U V B Z H B U K N D W V O N D K X D K U H H G D F =
11 12 13 14
t e d a s h i s b o a t g r a d u a l l y
N Z X U K Y D K V G U N A J U X O U B B S
15 16 17 18
d i s s o l e s i n t h e l a e
X D K K G B P Z K D F N Y Z B U L Z .

Words 11, 12 show: as his. Word 6 looks like biodegradable,

and V confirms as a b in boat (word 13). Word 8 becomes but.
Word 14 ends ally. The messages reads: Boy makes canoe out of
biodegradable plastic but is disappointed as his boat gradually
dissolves in the lake. The keyword recovered is MAYDAYCALL.
Note that the tip was useless. One 12 letter pattern word
opens her up like a clam.

A-2. Not now. K1 (92) BRASSPOUNDER

K D C Y L Q Z K T L J Q X C Y M D B C Y J Q L : " T R

H Y D F K X C , F Q M K X R L Q Q I Q H Y D L

M K L D X C T W R D C D L Q J Q M N K X T M B

P T B M Y E Q L K F K H C Y L Q Z K T L T C . "

Solve A-2 by eyball method. One letter word = a, look for you
.. your combination, the word to in the first four words
before quotation. The message reads: Auto repairmen to
customer: " If you want, we can freeze your car until future
mechanics discover a way to repair it."

A-3. Ms. Packman really works! K4 (101) APEX DX

* Z D D Y Y D Q T Q M A R P A C , * Q A K C M K

* T D V S V K . B P W V G Q N V O M C M V B : L D X V

K Q A M S P D L V Q U , L D B Z I U V K Q F P O

W A M U X V , E M U V P X Q N V , U A M O Z

N Q K L M O V ( S A P Z V O ) .

APEX DX always sends an interesting con. Vowel splitting

yields V, D, M, Q, P. Word 7 suggests that M=i. Words 15 and
16 look like video game, the word fridge comes to bear.
The message reads: Kuujjuaq airport, Arctic Quebec. So few
amenities: huge caribou head, husky decal on fridge, video
game, drink machine (broken). Kw = chimo; FORT.
A-4. Money value. K4 (80) PETROUSHKA

D V T U W E F S Y Z C V S H W B D X P U Y T C Q P V

E V Z F D A E S T U W X Q V S P F D B Y P Q Y V D A F S ,

H Y B P Q P F Y V C D Q S F I T X P X B J D H W Y Z .

Using the consonant-line method:

CEHZAUIXP
-----------
TTTT �T VOWEL
VV �VVV VOWEL
YY �YY
Q �QQQ
DDDD �DD
WW �WWWW
SS �S
F �FFFFF VOWEL
BB�B
P �P
�
J can be wrongly assumed to be a consonant. Digraph HW and rt
/tr reversal fails but st/ts reversal gives information. The
word merchants can be found in a non-pattern word list. The ch
combination fits CT HW. The message reads: Neighborly
merchants glimpse beyond bright personal splendor, clasp solemn
profit staunchly. Kw(s)= sprightly; BEHAVIOR.

A-5. Zoology lesson. K4 (78) MICROPOD

A S P D G U L W , J Y C R S K U Q N B H Y Q I X S P I N

O C B Z A Y W N = O G S J Q O S R Y U W , J N Y X U

O B Z A ( B C W S D U R B C ) T B G A W U Q E S L.

* C B S W

Note the entry B C W S... *C B S W. Try also.. LAOS. The

consonant line yields S, U, Y, B as vowels. The message is;
Koupreys, wild oxen having tough blackish=brown bodies, white
back (also pedal) marks enjoy Laos. Kws = undomestic; BOVINE.

REFERENCES / RESOURCES

[ACA] ACA and You, Handbook For Members of the American

Cryptogram Association, 1995.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.
[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The
Simple Substitution Cipher with Word Divisions," Aegean
Park Press, Laguna Hills, CA. 1975.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An

Introduction to Information Security," Hayden Books,
Rochelle Park, NJ, 1990.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight Letters

in Length, Aegean Park Press, Laguna Hills, CA 92654,
1986.

[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in Length,

Aegean Park Press, Laguna Hills, CA 92654, 1986.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NJ, 1990.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford

University Press, London, 1974.

[DAN] Daniel, Robert E., "Elementary Cryptanalysis:

Cryptography For Fun," Cryptiquotes, Seattle, WA., 1979.

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
Ciphers," Ambassador Books, Toronto, Canada, 1956.

[GIVI] Givierge, General Marcel, " Course In Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1978.

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976
[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing
Discovery and Decipherment," Basic Books, New York,
1982.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean Park
 Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR4] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part IV, Aegean Park Press,
Laguna Hills, CA, 1995.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FR22] Friedman, William F., The Index of Coincidence and Its

Applications In Cryptography, Publication 22, The
Riverbank Publications, Aegean Park Press, Laguna
Hills, CA, 1979.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For

Divided and Undivided Cryptograms," unpublished
manuscript, 1984.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994.

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KULL] Kullback, Solomon, Statistical Methods in Cryptanalysis,

Agean Park Press, Laguna Hills, Ca. 1976

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing Through

The Ages," Abelard-Schuman, London, 1973.

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and

Ciphers", Alexander Maclehose & Co., London, 1936.

[MM] Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A New

Dimension in Computer Data Security, " Wiley
Interscience, New York, 1982.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Part 1," ACA-

L, August 24, 1995.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,

Ventura, Ca. 93003.
[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &
C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &

C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G &

C. Merriam Co., Norman, OK. 1981.

[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,

Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.

Merriam Co., Norman, OK. 1982.

[RHEE] Rhee, Man Young, "Cryptography and Secure Comm-

unications," McGraw Hill Co, 1994

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," John Wiley and Sons,
1994.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.

[SMIT] Smith, Laurence D., "Cryptography, the Science of Secret

Writing," Dover, NY, 1943.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"

CRC Press, London, 1995.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San

Francisco, 1994.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and Eleven

Letters in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and

Greater in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.
[WEL] Welsh, Dominic, "Codes and Cryptography," Oxford Science
Publications, New York, 1993.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"

Crown Publishers, New York, 1990.

[ZIM] Zim, Herbert S., "Codes and Secret Writing." William

Morrow Co., New York, 1948.
LECTURE 3 OUTLINE

I expect to cover the following subjects in my next lecture:

Variant Substitution Systems

o Simple Numerical Ciphers

o Multiliteral Substitution with Single

Equivalent Cipher Alphabets

o Baconian Cipher
 o Hayes Cipher

o Trithemian Cipher

o Other historical variants.

LECTURE 4

We will cover recognition and solution of XENOCRYPTS (language

substitution ciphers) in detail.

LECTURE 1 ERRATA

The Parker Hitt distribution of letters is per 20,000 letters.

The phrase "aa a" should have been "as a". I will correct
others that I have been advised of and retransmit them to our
CDB.

CLASS NOTES

Our class seems to have leveled off at 86 students!

This may be a record size for any public cryptography class
offered to date. I thank you for your confidence. Please send
homework solutions to me at my 5953 Long Creek Drive, Corpus
Christi, TX 78414 or E-mail to 75542.1003@ compuserve.com.

NORTH DECODER, in addition to running the ACA-L list server and

Crypto Drop Box superbly, has taken it upon himself to act as
my grammarian. I appreciate his help finding the late night
"additions/subtractions." TATTERS has volunteered as an
assistant with LEDGE. Thank you.

TATTERS, in addition to making available his microcomputer

crypto programs to the class has agreed to assist on the Cipher
Exchange lectures at the beginning of 1996. Thank you. LEDGE
will be assisting on the Cryptarithms Lectures. Thank you.
My typing fingers thank you both!

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI
December 27, 1995
Revision 0
 LECTURE 5
XENOCRYPT MORPHOLOGY

SUMMARY

In Lecture 5, we begin our attack on substitution ciphers

created in languages other than English. First, we develop an
understanding of cryptography in its role as a cultural
universal. Next, we tour the elements of language and the
common cryptographic threads that make cryptographic analysis
possible. We then look at GERMAN Xenocrypts, applied traffic
analysis and the ADFGVX cipher of 1918 WWI vintage.

XENOCRYPTS

Xenocrypts are foreign language substitutions. Solving a

Xenocrypt (aka XENO) gives double pleasure; not only do you
have the fun of solving, but also the satisfaction of knowing
that you are acquiring a bowing acquaintance with other
languages.

PHOENIX has compiled and edited a Xenocrypt handbook [XEN1]

which brings together material published in The Cryptogram
since 1940. The book will be available to the KREWE in 1996.
It is an excellent tool. Lectures 5-7 will augment his
efforts. Quoted from PHOENIX's Preface in reference [XEN1]:

" Don't be afraid of Xenocrypts. The languages used

should not offer particular difficulties. Comparing an
English printers table (ETAINORSH...) with any of these
languages will show a lot of resemblance. That's because
English contains elements of most of the languages. Spellings
and endings will differ, but there often will be solid 'root'
that strongly resembles an English word. Most short English
words are of Saxon origin, akin to Danish, Swedish, Dutch, and
more remotely German. Longer words come to us from Latin or
Norman - French in many instances, and all have cognates in
common with English, generally differing slightly from the
English version, but often not at all, especially in French. "

In New Orleans, I keynoted the 1994 ACA Convention with the

possibility that any language could be learned from its
cryptographic building blocks. Xenocrypts represent a cultural
universal expressed at its common denominator - mathematics.
[NICX]

I suggested that languages be taught in schools first via

cryptography and then via sound and structure. This is how I
taught myself the rudiments of Russian, Japanese and Korean.
Cryptography enhanced my passable understanding of French and
reasonable efforts with German.

The real enjoyment came when I could understand Goethe in

German, and translated parts of Budo Shoshinshu by the 17
Century author Daidoji Yuzan [SADL]. Solving Xeno's can open
our eyes to other cultures.

THE STRUCTURE OF LANGUAGE

Linguistic anthropologists have used cryptography to

reconstruct ancient languages by comparing contemporary
descendants and in so doing make discoveries about history.
Others make inferences about universal features of language,
linking them to uniformities in the brain. Still others study
linguistic differences to discover varied world views and
patterns of thought in a multitude of cultures. [KOTT]

The Rossetta Stone found by the Egyptian Dhautpol and the

French officer Pierre-Francois Bouchard near the town of
Rosetta in the Nile Delta, gave us a look at Syriac, Greek and
Egyptian Hieroglyphs all of the same text. The fascinating
story of its decipherment is covered in Kahn. [KAHN] Of
special interest was the final decipherment of the Egyptian
writing containing homophones - different signs standing for
the same sound. [ROSE]

Until the late 1950's linguists thought that the study of

language should proceed through a sequence of stages of
analysis. The first stage was phonology, the study of sounds
used in speech. Phones are speech sounds present and
significant in each language. They were recorded using the
International Phonetic Alphabet, a series of symbols devised to
describe dozens of sounds that occur in different languages.

The next stage was morphology, the study of forms in which

sound combine, to form morphemes - words and their meaningful
constituents. The word cats has two morphemes /cat/ and /s/
indicating the animal and plurality. A lexicon is a dictionary
of all morphemes. A morpheme is the smallest meaningful unit
of speech. [MAYA] Isolating or analytic languages are those
in which words are morphologically unanalyzable, like Chinese
or Vietnamese. Agglutinative languages string together
successive morphemes. Turkish is a good example of this.
Inflection languages change the form of a word to mark all
kinds of grammar distinctions, such as tense or gender. Indo-
European languages tend to be highly inflectional.

The next step was to study syntax, the arrangement and order of
words in phrases and sentences.

PHONEMES and PHONES

No language contains all the sounds in the International

Phonetic Alphabet. Nor is the number of phonemes -significant
sound contrasts in a given language - infinite. Phonemes lack
meaning in themselves but through sound contrasts distinguish
meaning. We find them in minimal pairs, words that resemble
each in al but one sound. An example is the minimal pair
pit/bit. The /p/ and /b/ are phonemes in English. Another
example is bit and beat which separates the phonemes /I/ and
/i/ in English. [KOTT] Friedman describes a similar phenomena
called homologs and uses them to solve a variety of
cryptograms. [FR2] A phoneme is the smallest unit of
distinctive sound. [MAYA]

Standard (American) English (SE), the region free dialect of TV

network newscasters, has about thirty-five phonemes of at least
eleven vowels and twenty four consonants. The number of
phonemes varies from language to language - from fifteen to
sixty, averaging between thirty and forty. The number of
phonemes varies between dialects. In American English, vowel
phonemes vary noticeably from dialect to dialect. Readers
should pronounce the words in Figure 5-1, paying attention to
whether they distinguish each of the vowel sounds. We
Americans do not generally pronounce them at all. [BOLI]

Figure 5-1

Vowel Phonemes
Standard American English
According to Height of Tongue and Tongue Position
in Front, Center and Back of Mouth

Tongue High
i u
I U
ea ua o
e ou Mid
ae a

Tongue Low

Tongue Central Tongue

Front Back

Phonetic symbols are identified by English words that include

them; note that most are minimal pairs.

high front (spread) [i] as in beat

lower high front (spread) [I] as in bit
mid front (spread) [ea] as in bait
lower mid front (spread) [e] as in bet
low front [ae] as in bat
central [ua] as in butt
low back [a] as in pot
lower mid back (rounded) [ou] as in bought
mid back (rounded) [o] as in boat
lower high back (rounded) [U] as in put
high back (rounded) [u] as in boot

Phonetics studies sounds in general, what people actually say

in various languages.

Phonemics is concerned with sound contrasts of a particular

language. In English /b/ and /v/ are phonemes, occurring in
minimal pairs such as bat and vat. In Spanish, the contract
between [b] and [v] doesn't distinguish meaning, and are not
phonemes. The [b] sound is used in Spanish to pronounce words
spelled with either b or v. (Non phonemic phones are enclosed
in brackets).

In any language a given phoneme extends over a phonetic range.

In English the phoneme /p/ ignores the phonetic contrast
between the [pH] in pin and the [p] in spin. How many of you
noticed the difference? [pH] is aspirated, so that a puff of
air follows the [p]. not true with [p] in spin. To see the
difference, light a match and watch the flame as you say the
two words. In Chinese the contrast between [p] and [pH] is
distinguished only by the contrast between an aspirated and
unaspirated [p]. [BOLI]

TRANSFORMATIONAL-GENERATIVE GRAMMAR

Norm Chomsky's influential book Syntactic Structures (1957)

advocated a new method of linguistic analysis - Transform-
ational-generative grammar. [CHOM] Chomsky felt that a
language is more than the surface phenomena just discussed
(sounds, words, word order). He felt that all languages shared
a limed set of organizing principles. Chomsky observed that
every normal child who grows up in society develops language
easily and automatically. This occurs because the brain
contains a genetically transmitted blueprint, or basic
linguistic plan for building language. Chomsky called this
universal grammar. As children learn their native language,
they experiment with their blueprint, reject some sections
applying to other languages and gradually focus in and accept
the principles of their own language. They do this at about
the same age. His study also showed that we learn languages at
similar rates. There are universal improper generalizations
(foot, foots; hit, hitted) which eventually are corrected.

We master a specific grammar as we learn to speak. These rules

let us convert what we want to say into what we do say. People
who hear us and speak our language understand our meaning.
This works at a cryptographic level also. Chomsky
distinguishes between competence (what the speaker must and
does know about his language in order to speak and understand)
and performance (what a speaker actually says in social
situations or writes to someone ). Competence develops during
childhood and becomes an unconscious structure. The linguist
or cryptographer must discover the structure by looking at
deep structures (the mental level) and the surface structure
(actual speech) to find the transformational rules that link
them. Figure 5-2. shows the Chomsky Model.

Figure 5-2
Chomsky Model
For Message From Speaker to Hearer
or Writer on Both Sides

... Sounds (phonological component)...

. .
. .
. .
Surface-structure sentence Surface-structure sentence
. .
. .
Transformational rule Transformational rule
. .
. .
Deep structure sentence Deep structure sentence
. .
. .
. .
Thought Thought
(meaning, semantic component (meaning, semantic component
^
SPEAKER HEARER

The Chomsky model tells us why Xenos are so valuable.

The human brain contains a limited set of rules for organizing
language. The fact that people can learn foreign languages and
that words and ideas can be translated from one language into
another supports the Chomsky model that all humans have similar
linguistic abilities and thought processes.

THE SAPIR-WHORF HYPOTHESIS

Other linguists take the view that rather than universal

structures as clues to relationships between languages, they
belief that different languages produce different thinking
and writing. Edward Sapir and Benjamin Whorf argue that
speakers think about things in particular ways. For example,
the third person singular pronouns of English (he, she, him,
her, his, hers) distinguish gender, whereas those of the
Palaung of Burma do not. [BURL] [SAPR] [WHOR]

Gender exists in English, although a fully developed noun-

gender and adjative-agreement system as in French and other
Romance Languages (la belle fille, la beau fils), does not.
The Sapir-Whorf hypothesis suggests that English speakers
pay more attention to differences between males and females
than the Palaung but less than the French and Spanish speakers.

English divides time into past, present, and future. Hopi,

a language of the Pueblo region of the Native American
Southwest does not. Hopi does distinguish between events that
exist or have existed and those don't or don't yet, along with
imaginary and hypothetical events. Differing perceptions of
time and reality cause difference in spoken and written
thought.

FOCAL VOCABULARY

A lexicon or vocabulary is a language's dictionary, its set of

names for things, events and ideas. APEX DX can probably
confirm that Eskimos have several distinct words for snow. In
English all forms of snow are the same (unless you are a dope
dealer). The Nuer of the Sudan have an elaborate vocabulary to
describe cattle. Specialized distinctions between groups is
called focal vocabulary. Cattle vocabulary of Texas ranchers
is more extensive than New Yorkers; Aspen ski bums
differentiate types of snow that are missing from the lexicons
of Florida retirees. Ten years ago who would have 'faxed'
anything. Simplification of often used words are called
monolexemes and compound expressions are simplified such as
tropical storm to rain. A television becomes TV, an automobile
a car, and a videocassette recorder becomes a VCR.

Semantics refers to a language meaning system. Language,

culture and thought are interrelated. There is considerable
difference between female and male Americans in regard to color
terms. Distinctions implied by such terms as salmon, rust,
peach, beige, teal, mauve, cranberry, and dusk orange aren't in
the vocabularies of most American men. Ask a fashionable woman
and she will know them all. [LAKE]

HISTORICAL LINGUISTICS

Knowledge of linguistic relationships is often valuable to

determine the events of the past 5000 years. By studying
contemporary daughter languages, past language features can be
reconstructed. Daughter languages descend from the same parent
language that has been changing for thousands of years. The
original language from which they diverge is called a
protolanguage. French and Spanish are daughter languages of
Latin. Language evolves over time into subgroups (closely
related from a taxonomy point of view) but with distinct
cultural differences. Figure 5-3. shows the main languages
and subgroups of the Indo European language stock.

All these daughter languages have developed out of the

protolanguage (Proto-Indo-European) spoken in Northern Europe
about 5,000 years ago. Note subgroupings. English, a member
of the Germanic branch, is more closely related to German and
Dutch than it is to Italic or Romance languages such as French
and Spanish. However, English shares many linguistic features
with French through borrowing and diffusion. [FROM]

The doctrine of linguistic relativity is central to

cryptographic treatment of language ciphers. It states that
all known languages and dialects are effective means of
communication. [KOTT] Nichols Theorem states that if they
are linguistically related, they can be codified, enciphered,
deciphered and treated as cryptographic units for analysis and
statistical treatment. [NICX]

Figure 5 -3

Main Languages of Indo-European Stock

INDO-EUROPEAN
.
............................................................
. . . .
. . . .
CELTIC ITALIC GERMANIC .
. . . . . . . . .
. . . . .
o Welsh . . . .
o Irish . West North .
o Scots Gaelic . . . .
o Breton . . . .
. . . .
ROMANCE o Dutch o Danish .
. o English o Icelandic .
Latin o Flemish o Norwegian .
. o Frisian o Swedish .
. o German .
o Catalan o Yiddish .
o French .
o Italian .
o Portuguese .
o Provencal .
o Rumanian .
o Spanish .
.
.
.............................................................
. . .
. . . .
HELLENIC Albanian . .
. . .
. Armenian .
Ancient Greek .
. .
. .
Greek .
.
.
...............................................
. . .
. . .
INDO-IRANIAN BALTIC SLAVIC
. . .
. . .
. o Latvian o Bulgarian
. o Lithuanian o Czech
. o Macedonian
 . o Polish
o Old Persian o Russian
o Persian o Serbo-Croatian
o SANSKRIT o Slovak
. o Slovenian
. o Ukrainian
.
o Bengali
o Hindi
o Punjabi
o Urdu

DEAD LANGUAGES

Figure 5-3 pertains to live languages. Professor Cyrus H.

Gordon in his fascinating book "Forgotten Scripts" shows how
cryptography is used to recover ancient writings. He tells the
story of the unraveling of each of these ancient languages:
Egyptian, Old Persion, Sumer-Akkadian, Hittite, Ugaritic,
Eteocretan, Minoan and Eblaite. He specializes in cuniform and
hieroglyphic inscriptions and gives us a glimpse into the
ancient societies that gave birth to the Western world. [GORD]
See also references [BARB], [POPE] and [STUR].

CRYPTOGRAPHIC THREAD

There is a common cryptographic thread for most languages.

All known writing systems are partly or wholly phonetic, and
express the sounds of a particular language. Writing is speech
put in visible form, in such a way that any reader instructed
in its conventions can reconstruct the vocal message. Writing
as "visible speech" was invented about five thousand years ago
by Sumerians and almost simultaneously by ancient Egyptians.

The ancient Mayan knew that it was 12 cycles, 18 katuns, 16

tuns, 0 uinals, and 16 kins since the beginning of the Great
Cycle. The day was 12 Cib 14 Uo and was ruled by the seventh
Lord of the Night. The moon was nine days old. Precisely
5,101 of our years and 235 days had passed. So said the
ancient Mayan scribes. We remember the day as 14 May 1989.

WRITING SYSTEMS

Three kinds of writing systems have been identified: Rebus

which is a combination of logograms and phonetic signs;
Syllabic such as CV - consonant vowel such as Cherokee or
Inuit; and Alphabetic, which is phonemic, the individual
consonants and vowels make up the sounds of the language.

Table 5-2 differentiates writing systems by the number of signs

used. [MAYA]
 TABLE 5-3

Writing System No. of Signs

Logographic
Sumerian 600+
Egyptian 2,500
Hittite Hieroglyphic 497
Chinese 5,000+

"Pure" Syllabic
Persian 40
Linear B 87
Cypriote 56
Cherokee 85

Alphabetic or Consonantal
English 26
Anglo-Saxon 31
Sanskrit 35
Etruscan 20
Russian 36
Hebrew 22
Arabic 28

Michael D. Coe classifies the entire Proto- Mayan languages.

In fourteen daughter divisions of Proto-Mayan, there are thirty
one sub languages from Huastec to Tzuthil. Extraordinary
story of applied cryptanalysis and applied linguistics.
[MAYA]

XENOCRYPTS

I used to think that Xenocrypts - non English cryptograms, were

very difficult to solve. The 'aha' light came on several years
ago, when I realized that most languages share the common
framework of mathematics and statistics. To be able to solve
Xenocrypts, it is only necessary to learn the basic (group)
mathematical structure of the language, to use a bidirectional
translation dictionary and to recognize the underlying cipher
construct. [NICX]

Many challenge ciphers start with the problem of recognizing

the language and then the distribution of characters within the
particular language. The legendary W. F. Friedman once
remarked: "treating the frequency distribution as a statistical
curve, when such treatment is possible, is one of the most
useful and trustworthy methods in cryptography." [FR1], [FRE]

Table 1 gives the frequency distributions of ten of my favorite

languages (sans Russian, Chinese and Japanese which require
character sets that will not transfer via my e-mail). The
frequencies in Table 5-1 have been developed from various
sources. Table 5-1 frequencies may differ from other published
data, based on text derived solely from literature or military
sources, because I have included the practical text from my
solved Xeno's over the years. Letters used in cryptograms tend
to shift the frequency distribution. Frequencies of letters,
and their order, are not fixed quantities in any language.
Group frequencies, however, are fairly constant in every
language. This is the common thread - the linguistic
relativity of all languages. [NICX], [NIC1]

TABLE 5-1
Partial Frequency Distribution For Cracking Xenocrypts

16 8 7 6 5 4 2 <1
NORWEGIAN: E RNS T AI LDO GKM UVFHPA' JBO' YAECWXZQ

10 9 7 6 4 3 <2
LATIN: I E UTA SRN OM CPL (bal)

18 8 7 6 5 4 3 2 <1
FRENCH: E AN RSIT UO L D CMP VB F-Y

14 13 12 8 6 5 4 3 2 <1
PORTUGUESE: A E O RS IN DMT UCL P QV (bal)

18 11 8 7 5 4 3 2 <1
GERMAN: E N I RS ADTU GHO LBM CW (bal)

15 12 8 7 5 4 3 1 <1
CATALAN: E A S ILRNT OC DU MP BVQGF (bal)

16 13 8 6 5 4 3 <2
HUNGARIAN: E A T OS LNZ KIM RGU (bal)

13 12 11 9 7 6 5 3 2 <1
ITALIAN: E A I O L NRT SC DMO'U VG (bal)

20 10 7 6 5 4 3 2 <1
DUTCH: E N IAT O DL S GKH UVWBJMPZ (bal)

13 9 8 7 5 4 3 1 <1
SPANISH: EA O S RNI DL CTU MP GYB (bal)

ENGLISH REVISITED

English has its characteristic frequencies and sequence data

(based on 10,000 letters):

% 12 10 8 8 7 7 7 6 5 4-3 2 1 < 1
ENGLISH: E / T A / O N I S R H / LDCU / PFMW / YBGV / KQXJZ

GROUP PERCENTAGES:

A E I O U 38.58%

L N R S T 33.43%
J K Q X Z 1.11%

E T A O N 45.08%

E T A O N I S R H 70.02%

ORDER

Digram Order: TH / HE / AN / IN / ER / RE / ES / ON / EA / TI
/ AT / ST / EN / ND / OR

Trigram Order: THE / AND / THA / ENT / ION / TIO / FOR / NDE

Reversals: ER RE / ES SE / AN NA /TI IT /ON NO / IN NI

Initials: T A O S H I W C B P F D M R

Finals: E S T D N R O Y

Vowel % 40% (y included)

The ACA Xenocrypt Handbook compiled by PHOENIX, develops

similar mathematical data on fifteen languages presented in The
Cryptogram on a regular basis. [XEN1]

Review Lecture 2 Kullback's tests and Friedman's I.C. test.

Kullback gives the following tables for Monoalphabetic and

Digraphic texts for eight languages:

Note that the English plain text value is slightly less than
Friedman's. [KULL] [SINK]

Monoalphabetic Digraphic
Text Text

English 0.0661N(N-1) 0.0069N(N-1)

French 0.0778N(N-1) 0.0093N(N-1)
German 0.0762N(N-1) 0.0112N(N-1)
Italian 0.0738N(N-1) 0.0081N(N-1)
Japanese 0.0819N(N-1) 0.0116N(N-1)
Portuguese 0.0791N(N-1)
Russian 0.0529N(N-1) 0.0058N(N-1)
Spanish 0.0775N(N-1) 0.0093N(N-1)

Random Text

Monographic Digraphic Trigraphic

.038N(N-1) .0015N(N-1) .000057N(N-1)
XENO's - foreign language substitutions, as given in the
Xenocrypt Department of The Cryptogram, are usually quotations,
or simple normal wording. Thus the Frequency Table of a
Xenocrypt will follow closely to the normal Frequency Table of
its language. Arranging these two tables in order of
frequency, rather than alphabetically, may be used for testing
probable equivalents. When words are found, if the meaning is
not known, a dictionary helps.

The Contact and Position Tables are used just as in solving

English cryptograms.

Lets start off with German Xenocrypts.

GERMAN DATA [ Based on 60,046 letters of text in FRE2]

Absolute Frequencies

A 3,601 G 1,921 L 1,988 Q 6 V 523

B 1,023 H 2,477 M 1,360 R 4,339 W 899
C 1,620 I 4,879 N 6,336 S 4,127 X 12
D 3,248 J 192 O 1,635 T 3,447 Y 24
E 10,778 K 747 P 499 U 2,753 Z 654
F 958 ======
60,046

Monographic Kappa Plain, German Language = 0.0787, I.C. = 2.05

Relative Frequencies reduced to 1000 letters

E 180 T 57 G 32 F 16 P 8
N 106 D 54 O 27 W 15 J 3
I 81 U 46 C 27 K 13 Y -
R 72 H 41 M 23 Z 11 X -
S 69 L 33 B 17 V 9 Q -
A 60 =======
1,000

Groups

Vowels: A, E, I, O, U, Y = 39.4%
High-Frequency Consonants: D, N, R, S, T = 35.8%
Medium-Frequency Consonants: B, C, F, G, H, L, M, W = 20.4%
Low-Frequency Consonants: J, K, P, Q, V, X, Z = 4.4 %

8 most frequent letters (E, N, I, R, S, A, T, and D) = 67.9%

(descending order)

Initials ( based on 9,568 letters of text)

D 1,716 U 550 Z 343 K 263 O 135

A 762 W 544 M 339 P 181 T 106
S 698 G 461 N 306 R 167 C 22
E 686 B 460 F 280 L 158 Q 2
I 581 V 408 H 265 J 135 ======
 9,568

Digraphs [Based on 60,046 letters reduced to 5,000 digraphs]

A B C D E F G H I J K L M
A 4 14 10 4 33 7 9 7 1 1 2 33 13
B 6 48 1 1 5 3
C 130 5
D 29 2 8 127 1 2 2 60 1 3 2
E 13 22 10 31 13 12 32 24 90 2 6 28 25
F 7 1 3 15 7 2 2 2 1
G 10 1 8 78 1 2 2 8 2 7 1
H 29 1 8 64 1 2 1 14 2 8 3
I 3 1 39 7 91 2 18 7 2 7 12 11
J 4 8
K 12 1 1 11 1 1 1 5
L 26 3 1 6 27 1 2 37 3 20 1
M 16 3 4 26 2 22 1 14 1 2 1 11
N 39 12 118 58 9 57 8 35 4 10 6 10 18
O 1 3 5 3 11 3 3 3 1 18 6
P 10 5 4 1 2 1
Q
R 34 11 5 35 60 9 12 9 37 2 11 6 8
S 14 6 55 13 46 3 7 3 30 1 5 4 7
T 25 3 17 88 2 4 6 40 1 3 7 3
U 1 2 8 2 37 15 5 1 2 2 11
V 1 19 3
W 16 24 20 3
X
Y
Z 1 1 8 5 1

Digraphs [Based on 60,046 letters reduced to 5,000 digraphs]

N O P Q R S T U V W X Y Z
A 48 2 22 27 23 36 1 1 1
B 3 11 2 1 3 1 1
C
D 2 4 1 5 6 2 9 2 2 2
E 235 3 6 195 68 28 24 9 15 7
F 1 3 10 2 10 12
G 3 1 11 8 5 8 2 1 1
H 6 6 1 20 4 23 7 2 3 1
I 84 13 1 7 53 44 1 2 1 1
J 3
K 9 10 1 5 4
L 2 4 10 12 6 1 1
M 1 8 5 1 3 3 9 1 1 1
N 18 8 5 4 36 27 20 10 17 14
O 33 1 5 18 12 4 1 1 5 1
P 7 2 7 1 1
Q 1
R 12 19 3 6 22 18 26 6 8 5
S 3 16 6 2 40 57 9 5 5 1 5
T 4 4 14 20 7 16 2 10 13
U 76 2 18 28 14 1 1 2 1
V 21
W 6 6
X
Y
Z 2 4 27 4

Digraphic Kappa plain = 0.0111, I.C. = 7.50

95 Digraphs comprising 75% of German plain text based on 5,000

digraphs arranged according to relative frequencies.

EN- 235 RE- 60 NA- 39 ED- 31 TA- 25 HR- 20 TU- 16

ER- 195 DI- 60 LI- 37 SI- 30 EM- 25 LL- 20 WA- 16
CH- 130 NE- 58 UE- 37 HA- 29 EH- 24 VE- 19 UF- 15
DE- 127 NG- 57 RI- 37 DA- 29 EU- 24 RO- 19 FE- 15
ND- 118 ST- 57 AU- 36 EL- 28 WE- 24 OR- 18 EW- 14
IE- 91 SC- 55 NS- 36 US- 28 HT- 23 UR- 18 AB- 14
EI- 90 IS- 53 NI- 35 ET- 28 AT- 23 NN- 18 HI- 14
TE- 88 BE- 48 RD- 35 AS- 27 AR- 22 RT- 18 TR- 14
IN- 84 AN- 48 RA- 34 LE- 27 RS- 22 OL- 18 SA- 14
GE- 78 SE- 46 AE- 33 NT- 27 EB- 22 IG- 17 MI- 14
----- IT- 44 ------ ZU- 27 VO- 21 NW- 17 NZ- 14
a) 1,236 SS- 40 2,508 b)LA- 26 NU- 20 TD- 16 UD- 14
TI- 40 ME- 26 WI- 20 MA- 16 SD- 13
UN- 76 IC- 39 ON- 33 RU- 26 TS- 20 SO- 16 ------
ES- 68 AL- 33 3,750
HE- 64 EG- 32

a) 10 digraphs before this line represent 25% of German Plain

b) 37 digraphs before this line represent 50% of German Plain

Frequent Digraph Reversals (based on table of 5,000 digraphs)

EN- 235 NE- 58 IE- 91 EI- 90 ES- 68 SE- 46 AN- 48

ER- 195 RE- 60 IN- 84 NI- 35 IS- 53 SI- 30 IT- 44
DE- 127 ED- 31 GE- 78 EG- 32 NA- 39 TI- 40

Rare Digraph Reversals (based on previous 5,000 digraphs)

CH- 130 HC- 0 ND-113 DN- 2 NG- 57 GN-3 SC- 55 CS-0

Doublets (based on previous 5,000 digraphs)

SS- 40 EE- 13 FF- 7 RR- 6 GG- 2 PP- 2 OO - 1

LL- 20 MM- 11 TT- 7 AA- 4 II- 2 HH- 1 UU - 1
NN- 18 DD- 8

Initial Digraphs (based on 9,568 words)

DE- 805 EI- 300 DA- 244 WE- 192 ER- 153 ZU- 124 ST- 112
DI- 567 GE- 299 VO- 214 VE- 172 HA- 140 MI- 117 IN- 111
UN- 428 BE- 252 SI- 197 WI- 155 AL- 134 SN- 112 SE- 111
AU- 318

Trigraphs (top 102 based on 60,046 letters of German text)

SCH- 666 ERE- 313 NEN- 198 AUS- 162 IST- 142 HRE- 124
DER- 602 ENS- 270 SSE- 191 TIS- 159 STA- 141 HER- 122
CHE- 599 CHT- 264 REI- 190 BER- 157 DES- 140 ACH- 119
DIE- 564 NGE- 263 TER- 188 ENI- 157 FUE- 139 GES- 118
NDE- 541 NDI- 259 REN- 185 ENG- 155 NTE- 139 ABE- 117
EIN- 519 IND- 254 EIT- 184 ION- 154 UER- 138 ERA- 117
END- 481 ERD- 248 EBE- 178 SEN- 152 ERU- 137 BEN- 116
DEN- 457 INE- 247 ENE- 175 ITI- 151 TUN- 136 MEN- 115
ICH- 453 AND- 246 LIC- 175 AUF- 149 SEI- 133 RIE- 112
TEN- 425 RDE- 239 EGE- 173 IES- 149 ESE- 132 VER- 110
UNG- 377 ENA- 214 DAS- 172 ASS- 148 ERT- 128 LAN- 109
HEN- 332 ERS- 212 ENU- 171 ENW- 148 NDA- 127 ENB- 108
UND- 331 EDE- 209 NUN- 169 ENT- 146 IED- 126 ESS- 108
GEN- 321 STE- 205 NER- 166 ERI- 143 ERN- 125 LLE- 108
ISC- 317 VER- 204 RUN- 163 EST- 142 NAU- 108 TSC- 107
ENN- 106 ERG- 106 RIT- 106 EHR- 105 CHA- 104 VON- 104
SIC- 103 IGE- 102 ITE- 101 ENZ- 100 ERB- 100 EUT- 100

Initial Trigraphs (based on 9,568 word beginnings)

EIN- 242 DAS- 79 SCH- 73 AUF- 64 DEU- 61 UNT- 57

VER- 170 BRI- 79 AUS- 69 NER- 63 GES- 60 GRO- 56
FUE- 89 DIE- 76 SEI- 68 IND- 62 GEG- 59 AUC- 55
SIC- 86 NIC- 73 STA- 65 ALL- 61 UEB- 53 POL- 52
WIR- 51

Tetragraphs (50 top based on 60,046 letters)

SCHE-398 NUND-106 NICH- 80 ATIO- 65 RSCH- 60 ENZU- 54

ISCH-317 ITIS-104 UNGD- 80 GEND- 65 EDEN- 59 ITEN- 54
CHEN-296 SICH-103 EITE- 79 TEND- 65 ERGE- 59 KRIE- 54
NDER-243 RUNG-101 DEUT- 78 EBER- 67 ESSE- 59 RIEG- 54
EINE-218 ANDE-100 FUER- 78 GEGE- 65 UNTE- 59 SDIE- 54
ENDE-216 UNGE-100 CHTE- 77 POLI- 64 EICH- 58 URCH- 53
NDIE-176 EREI- 94 EGEN- 76 SIND- 64 TLIC- 58 ALLE- 52
LICH-168 TION- 93 NEIN- 76 TUNG- 64 INER- 57 DERS- 52
ICHT-151 SEIN- 92 IESE- 75 ENSI- 64 EBEN- 56 ENWE- 52
TISC-146 IEDE- 91 ERST- 74 FUTS- 64 ENDA- 56 HABE- 52
ERDE-144 LAND- 91 RDIE- 74 LITI- 62 ENST- 56 ONEN- 52
ENDI-141 SSEN- 90 ERDI- 72 UEBE- 62 IGEN- 56 SCHI- 52
NDEN-136 BRIT- 89 STEN- 72 UTSC- 62 ONDE- 56 DEND 51
RDEN-133 DASS- 86 CHER- 71 AUCH- 62 TENS- 56 DISC- 51
ENUN-120 NTER- 86 INDI- 71 DENS- 62 EDIE- 55 ENEN- 51
ICHE-120 EDER- 83 REIN- 71 EIND- 61 ERTE- 55 NACH- 51
INDE-111 EREN- 83 DERE- 70 OLIT- 61 HREN- 55 NDAS- 51
NGEN-110 ENGE- 81 NGDE- 70 SCHA- 61 TDIE- 55 UNGS- 51
ERUN-109 ENAU- 80 ENBE- 68 SCHL- 61 ATEN- 55 ABEN- 50
DIES-108 ENIN- 80 RITI- 66 WERD- 61 DIEB- 54 NBER- 50
TSCH-107

One-letter words: O (very rare)

Two-letter words: ZU SO ER ES DU DA IN AN IM AM UM WO OB JA

Three-letter words: DER DIE UND IST DAS EIN ICH SIE MAN MIT DEN
DEM VON WAR WAS NUR MIR ALS AUF AUS BEI BIS

Four-letter words: SICH ABER WIRD SIND ODER AUCH NACH NOCH MICH
ALSO DOCH DREI FAST SEHR WELT ZWEI WERT OHNE

Common Pattern words: TUT NUN SEE ALLE EINE NEIN DASS DENN DANN
KANN MUSS WENN WILL SOLL KOMM HERR NEUE GING ALLES IMMER EINES
EINEN LEBEN KEINE JETZT

Common prefixes: BE- GE- AUF- ER- VER- HER- UN- HIN- ZU- VOR-

Common suffixes: -LICH -HEIT -KEIT -ISCH -SCHAFT --EN -ER -IG

Pecularities: C generally followed by H or K; SC invariably by

H giving SCH

Common articles:
masc fem neut plu masc fem neut
the der die das die a, one ein eine ein
of the des der des der of a eines einer eines
in the dem der dem den in a einem einer einen
by the den die das die by a einen eine ein

True Diphthongs: AI AU EI EU

Consonant Rules

B. May appear in any position.

C. Combines with other consonants. CH, CK, SCH.
D. Forms gerund ending, -ende, -ende; similar to ing in
English. Doubles occasionally.
F. Doubles freely.
G. Occasionally doubles.
H. Does not form SH.
J. Initial letter only. Rare.
K. Doubles with CK if separated by - as in bakken
L. Not followed by CK or TZ.
M, N, P, R, T. Doubles freely.
Q. Same as English.
S. Freely doubled, forms SP ST SK not SC nor SH. SCH acts as a
single consonant.
V. Initial.
W. Does not form Wh.
X. Very infrequent. Sound of X is CHS
Y. Not a final.
Z. Never doubles. Follows vowels, changes to TZ. Rare as a
final.

SOLUTION OF GERMAN ARISTOCRAT

Ger-1 K1. [BRASSPOUNDER]

GD QSMJ TE GSK EVGHSIEKSDNRGK-OGFJDNRGH EVEJGFH

HFKOPFKI KGJL SV VSJJGUAGDJUSNRG DJEEJGK EV
*Z. *D. EUUGK PFKIGHK DXHGNRGK MGSOG GKQUSDNR FKO
OGFJDNR.

A frequency analysis of Ger-1 yields:

G - 20 16.1% Try G=e.

K - 13 10.5% Try K=n.
J - 10 8.1% Try J=i.
S - 9 7.3%
D,E - 9 7.3%
F - 7 5.6%
N,R,H - 6 4.8%
V,O,U - 5 4.0%
I - 3
P,Q,M - 2
X,Z,A,T,L - 1
B,C,W,Y - 0

1 2 3 4 5 6
e i ein e i ni en e e e
GD QSMJ TE GSK EVGHSIEKSDNRGK-OGFJDNRGH EVEJGFH

7 8 9 10 11
n n ne i i e e i e en
HFKOPFKI KGJL SV VSJJGUAGDJUSNRG DJEEJGK EV

12 13 14 15 16 17 18 19
en e n e en gi e en i n
Z. D. EUUGK PFKIGHK DXHGNRGK MGSOG GKQUSDNR FKO

20
e
OGFJDNR.

So the first three letters follow the German frequency table.

Note we have ein. Word 19 is und? and word 1 might be es.
The frequencies match. Try these substitutions.

1 2 3 4 5 6
es i ein e i nis en deu s e eu
GD QSMJ TE GSK EVGHSIEKSDNRGK-OGFJDNRGH EVEJGFH

7 8 9 10 11
und n ne i i e es i e s en
HFKOPFKI KGJL SV VSJJGUAGDJUSNRG DJEEJGK EV

12 13 14 15 16 17 18 19
u s en u e n s e en eide en i s und
*Z. *D. EUUGK PFKIGHK DXHGNRGK MGSOG GKQUSDNR FKO

20
deu s
OGFJDNR.

A common trigram is sch. Word 20 might be deutsch. Word 1

could be es followed by gibt. Word 17 might be beide.

1 2 3 4 5 6
es gibt ein e i nischen deutscher teur
GD QSMJ TE GSK EVGHSIEKSDNRGK-OGFJDNRGH EVEJGFH

7 8 9 10 11
rund n net i ittel estlic e st ten
HFKOPFKI KGJL SV VSJJGUAGDJUSNRG DJEEJGK EV

12 13 14 15 16 17 18 19
u s en un e n sprechen beide englisch und
*Z. *D. EUUGK PFKIGHK DXHGNRGK MGSOG GKQUSDNR FKO

20
deutsch
OGFJDNR.

Word 18 becomes english and word 16 could be speaks in german =

sprechen. (insert above)

I note that I have missed a high frequency letter pair E=a.

Inserting brings three additional words.

1 2 3 4 5 6
es gibt a ein americanischen-deutscher amateur
GD QSMJ TE GSK EVGHSIEKSDNRGK-OGFJDNRGH EVEJGFH

7 8 9 10 11
rund n net im mittelwestliche staaten am
HFKOPFKI KGJL SV VSJJGUAGDJUSNRG DJEEJGK EV

12 13 14 15 16 17 18 19
u s allen un e n sprechen beide englisch und
*Z. *D. EUUGK PFKIGHK DXHGNRGK MGSOG GKQUSDNR FKO

20
deutsch
OGFJDNR.

The flow of the german now is clear. A little worterbuch gives

us the balance of letter relationships.

1 2 3 4 5 6
es gibt ja ein americanischen-deutscher amateur
GD QSMJ TE GSK EVGHSIEKSDNRGK-OGFJDNRGH EVEJGFH

7 8 9 10 11
rundfunk netz im mittelwestliche staaten am
HFKOPFKI KGJL SV VSJJGUAGDJUSNRG DJEEJGK EV

12 13 14 15 16 17 18 19
u s allen funkern sprechen beide englisch und
*Z. *D. EUUGK PFKIGHK DXHGNRGK MGSOG GKQUSDNR FKO

20
deutsch
OGFJDNR.

The keyword = sauerkraut.

Note the simularities to English Aristocrat solving and to

English endings and words. Note the group statistics of the
two languages and my comments on common threads. Do you see
how this commonality flows from Figure 5-1?

SOLUTION OF GERMAN PATRISTOCRAT

Lets remove the word divisions and try a German Patristocrat.

Ger-2. Traurige Wahrheit. (zwei ewige) Eng K4 GEMINATOR

1 2 3 4 5 6 7
JGKMH FDZJM JZMKJ IMRKJ ICGXR MYJWG XQXRI

8 9 10 11 12 13 14
IMJQJ RGELP MELJI XQQLJ MFCHJ WQMFI JQXRM

15 16 17 18 19 20 21
YJWGX QMGFI CGRME LFKCR DGMEL JWCPH JWFJM

22 23
RGFJM R.

The hint tells us that the words [zwei ewige] is in the

cryptogram plain text. We also know that K4 password scheme
has been used. Nichols rule says ignore the descriptive part
in the title as a red hering.

Start with the frequency analysis:

J - 17 15.3% K - 5 4.5% O - 0
M - 15 13.5% C - 5 4.5% A - 0
R - 9 8.1% W - 5 4.5% B - 0
G - 9 8.1% E - 4 3.6% N - 0
I - 7 6.3% H - 3 2.7% T - 0
Q - 7 6.3% Z - 2 1.8% S - 0
X - 6 5.4% Y - 2 1.8% V - 0
F - 6 5.4% P - 2 1.8% U - 0
L - 5 4.5% D - 2 1.8%
Let J=e and note the patterns at groups 2 and 3 for the
hint zwei ewige. So Z=w, D=z, M=i K=g.

1 2 3 4 5 6 7
e gi zwei ewige i ge i e
JGKMH FDZJM JZMKJ IMRKJ ICGXR MYJWG XQXRI

8 9 10 11 12 13 14
ie e i e e i e i e i
IMJQJ RGELP MELJI XQQLJ MFCHJ WQMFI JQXRM

15 16 17 18 19 20 21
e i i g z i e e ei
YJWGX QMGFI CGRME LFKCR DGMEL JWCPH JWFJM

22 23
ei
RGFJM R.

The G is a high frequency letter and could be S, A, or N.

Try 'es gibt' in groups 1 and 2. s works, b works, t might.

1 2 3 4 5 6 7
esgib tzwei ewige i ge s i e s
JGKMH FDZJM JZMKJ IMRKJ ICGXR MYJWG XQXRI

8 9 10 11 12 13 14
ie e s i e e it be it e i
IMJQJ RGELP MELJI XQQLJ MFCHJ WQMFI JQXRM

15 16 17 18 19 20 21
e s i t s i tg z i e b e tei
YJWGX QMGFI CGRME LFKCR DGMEL JWCPH JWFJM

22 23
stei
RGFJM R.

Now we must find the n, r and the a. R might be our n.

(see last group). And QQ = mm, A long leap for C=a by
frequency only - later to confirm by digrams. A short leap
lets us assume W=r. Placing these guesses in temporarily,
we find the following:
 1 2 3 4 5 6 7
esgib tzwei ewige dinge dasun ivers umund
JGKMH FDZJM JZMKJ IMRKJ ICGXR MYJWG XQXRI

8 9 10 11 12 13 14
dieme nschl iched ummhe itabe rmitd emuni
IMJQJ RGELP MELJI XQQLJ MFCHJ WQMFI JQXRM

15 16 17 18 19 20 21
versu mistd asnic htgan zsich eralb ertei
YJWGX QMGFI CGRME LFKCR DGMEL JWCPH JWFJM

22 23
nstei n
RGFJM R.

Our digram table helps us with cipher text L and X. X is a good

candidate for u and L = h is a reasonable guess, because EL =
ch brings us two words. Note group 12 now gives us the W=r
and I = d! A little help from the dictionary yields Y=v and
P=l.

Putting the word divisions back in we have a quote by

Dr. Einstein.

Es gibt zwei ewige dinge das universum und die

menschliche dummheit aber mit dem universum ist
das nicht ganz sicher. == Albert Einstein.

The kewords are (facts; SAD). The plain text x is over the
cipher text S for the initial position of the keying alphabets.

GERMAN REDUCTION CIPHERS - TRAFFIC ANALYSIS

A small sister to cryptanalysis is the applications of traffic

analysis. Traffic analysis was the forerunner to differential
cryptanalysis and a primary reason for the cracking of the
German Codes in WWII. {Unfortunately, the same principles
worked on the British and American Codes as well.} The German
Army (maybe even the German Soul) was dedicated to unquestioned
organization. Paperwork and radio messages must flow to the
various military units in a prescribed manner. Traffic
Analysis is the branch of signal intelligence analysis which
deals with the study of external characteristic of signal
communications.

The information is used: 1) to effect interception, 2) to aid

cryptanalysis, 3) to rate the level and value of intelligence
in the absence of the specific message contents and 4) to
improve the security in the communication nets. [AFM]

COMPONENTS

Allowing for differences in language and procedure signs and

signals, there are six standard elements for military radio
communications systems. These are: 1) call-up, 2) order of
traffic, 3) transmission of traffic, 4) receipting for traffic,
5) corrections and services, and 6) signing off. [TM32]

In order to insure proper handling of messages in the field and

message center, some information was sent in the clear or using
simple coding. This information about routing and accounting
was usually in the preamble or message postamble. This
included: 1) Serial numbers, message center number, 2) Group
Count, 3) File Date and Time [like a PGP signature] 4) Routing
System - origin, destination and relay, (distinction is made as
to action or FYI locations) 5) Priority (important stuff was
originally signal flashed - hence the term FLASH message for
urgent message) 6) transmission and delivery procedure, 7)
addresses and signatures, 8) special instructions. As a
general rule, German high-echelon traffic contained most of
these items and German low-echelon traffic cut them to a
minimum.

The German penchant for organization could be seen in the way

they handled serial numbers. Any radio message flowing from
division level to soldier in the field would have a reference
serial number attached in clear or matrix cipher, by the
writer, the HQ message center, the signal center or code room,
the "in desk" , the transmitter, linkage, and/or operator. The
routing system usually consisted of a code and syllabary that
represented the location or unit. [HIN1]

An example taken from WWII U. S. Army procedure:

A45 BR6 B STX-O-P P-A45 BR6-T-N-A45 A-79K 011046Z

A-45-W-F2P SLW BR6

GR 28

BT TEXT

BT 011046Z K

where:

A45 BR6 - multiple callup; receiving calls

STX-O-P - transmitting call with precedence designation, OP=

operational priority

P-A45 - message priority to A45 only; to others routine

BR6-T-N-A45 - BR6 to relay to all except A45

A-79K - originator of message

011046 - Date and Time Zulu used pre and postamble

A-45 - action destination

W-F2P SLW BR6 - Information destinations

GR 28 Group Count.. note how small for such external

information envelope

You can see where modern E-Mail and word processing systems
have made some of this information easier to handle by the
portable desk idea but traffic analysis would still apply.

American "cryptees' were adept in determining the German Order

of Battle from their cryptonets (ex. from intercepts re limited
distribution from corp to a theater). Traffic analysis not
only gave the locations but the communication relationships
between units or groups of units in the field. Some German
commands were allowed latitude in their compositions of codes
and ciphers. This proved to be an exploitable fault in the
German security.

ANALYSIS OF ROUTING

American success in reconstructing German communication

networks was partly do to the appropriate (and sometimes lucky)
analysis of the routing system. The radio station could be
tied into the code group. Crib techniques included focusing on
the relay point, recognizing a book message crib to several
locations, correlating the address and signature cribs, tagging
the operational chatter, separating the addresses, using solved
messages to give outright routing assignments, syllabary
solutions and changes in the system itself.

The textual features of the message gave valuable information.

Tabulations of messages, text type, and volumes helped
discriminate the practice and dummy traffic. Recognition of
the communications net as order of battle often gave away the
crypto-entity.

APPLICATIONS TO CRYPTANALYSIS

Traffic analysis yields information via Crib messages, Isologs

and Chatter. Crib messages assume a partial knowledge of the
underlying plain text through recognition of the external
characteristics. Command sitrep reports, up and down German
channels, were especially easy for American crypees. The
origin, serial number range, the cryptonet id, report type, the
file date and time, message length and error messages in the
clear, gave a clear picture of the German command process.
German order of battle, troop dispositions and movements were
deduced by traffic analysis. [TM32]

An Isolog exists when the underlying plain text is encrypted in

two different systems. They exist because of relay repetition
requirements, book messages to multiple receivers (spamming
would have been a definite no-no), or error by the code clerk.
American crypees were particularly effective in obtaining
intelligence from this method.

Traffic analysis boils down to finding the contact

relationships among units, tracking their movements, building
up the cryptonet authorities, capitalizing on lack of
randomness in their structures, and exploiting book and relay
cribs. I submit that American intelligence was quite
successful in this endeavor against the Germans in WWII.

ADFGVX

"Weh dem der leugt und Klartext funkt" - Lieutenant Jaeger

German 5th Army. ["Woe to him who lies and radios in the
clear"]

Jaeger was a German code expert sent to stiffen the German Code
discipline in France in 1918. Ironically, the double "e" in
Jaeger's name gave US Army traffic analysis experts a fix on
code changes in 1918.

ADFGVX, is one of the best known field ciphers in the history

of cryptology. Originally a 5 x 5 matrix of just 5 letters,
ADFGX, the system was expanded on June 1, 1918 to a 6th letter
V. The letters were chosen for their clarity in Morse: A .-, D
-.., F ..-., G --., V ...-, and X -..-.

W. F. Friedman describes one of the first traffic analysis

charts regarding battle activity from May to August, 1918
at Marne, and Rheims, France. It was based solely on the ebb
and flow of traffic in the ADFGVX cipher. This cipher was
restricted to German High Command communications between and
among the headquarters of divisions and army corps.

The ADFGVX cipher was considered secure because it combined

both a good substitution (bipartite fractionation) and an
excellent transposition in one system. During the eight month
history of this cipher, only 10 keys were recovered by the
Allies (in 10 days of heavy traffic) and fifty percent of the
messages on these days were read. These intercepts effected
the reverse of the German advances (15 divisions) under
Ludendorff at Montdidier and Compiegne, about 50 miles North of
Paris. Solution by the famed French Captain Georges Painvin
was based on just two specialized cases. No general solution
for the cipher was found by the Allies. In 1933, William
Friedman and the SIS found a general solution. French General
Givierge, of the Deuxieme Bureau also published a solution to
the general case.

The June 3 message that Painvin cracked which changed the

course of WWI:

From German High Command in Remaugies: Munition-ierung

beschleunigen Punkt Soweit nicut eingesehen auch bei Tag

"Rush Munitions Stop Even by day if not seen."

CT starts: CHI-126: FGAXA XAXFF FAFFA AVDFA GAXFX FAAAG

This told the Allies where and when the bombardment preceding
the next major German push was planned.

ENCIPHERING ADFGVX
26 letters and 10 digits of the ADFGVX were placed into a 6 x 6
Bipartite Square:

A D F G V X

A F L 1 A O 2

D J D W 3 G U

F C I Y B 4 P

G R 5 Q 8 V E

V 6 K 7 Z M X

X S N H 0 T 9

PT: a l l q u i e t o n t h i s

CT: AG AD AD GF DX FD GX XV AV XD XV XF FD XA

PT: f r o n t t o d a y

CT: AA GA AV XD XV XV AV DD AG FF

The bilateral cipher which results is transposed with a keyed

matrix, written in by row and removed by column.

G E R M A N
3 2 6 4 1 5

A G A D A D

G F D X F D

G X X V A V

X D X V X F

F D X A A A

G A A V X D

X V X V A V

D D A G F F

and the final CT is:

AFAXA XAFGF XDDAV DAGGX FGXDD XVVAV VGDDV FADVF ADXXX

AXA
Known decipherment was accomplished with the Key and possession
of the original matrix. Fine and dandy but cryptanalysis in
1918, was another thing.

ADFGVX CRYPTANALYSIS

According to William Friedman, there were only three viable

ways to attack this cipher. The first method required 2 or
messages with identical plain text beginnings to uncover the
transposition. Under the second method, 2 or more messages
with plain text endings were required to break the flat
distribution shield of the substitution part of the cipher.
The German addiction to stereotyped phraseology was so
prevalent in all German military communications that in each
days traffic, messages with similar endings and beginnings were
found (sometimes both). The third method required messages
with the exact same number of letters. Painvin used the first
two methods when he cracked the 5 letter ADFGX version in
April, 1918. [FRAA], [FRAB]

Lest we underestimate the difficulty of this cipher, I think we

might step behind Painvin shoulders as he worked. At 4:30 am
on March 21, 6000 guns opened fire on the Allied line at Somme.
Five hours later, 62 German Divisions pushed forward on a 40
mile front. Radio traffic increased dramatically, Painvin had
just a few intercepts in the ADFGX cipher and the longer ones
had been split in three parts to prevent anagraming.

Five letters, therefore, a checkerboard? Simple mono cipher -

too flat a distribution.

The German oddity of first parts of messages with identical

bits and pieces of text larded in the same order in the
cryptograms begin to show. Painvin feels the oddity could most
likely have resulted from transposed beginnings according to
the same key; the identical tops of the columns of the
transposition tableau. Painvin sections the cryptograms by
timeframe:

chi-110: (1) ADXDA (2) XGFXG (3) DAXXGX (4) GDADFF

chi-114: (1) ADXDD (2) XGFFD (3) DAXAGD (4) GDGXD

He does this with 20 blocks to reconstruct the transposition

key. Using the principle - long columns to the left, he finds
segments 3,6,14, 18 to left. Balance clustered to right.
Using other messages with common endings (repeated) He segments
the columns to the left. Correctly? No. He uses 18 additional
intercepts to juxtaposition 60 letters AA's, AD's, etc. Using
frequency count, he finds a monoalphabetic substitution.
He finds column 5-8 and 8-5 are inverted.

Painvin sets up a skeleton checkerboard - he assumes correctly

the order to be side-top:

A D F G X

A
D e
F
 G
X

Since the message was 20 letters, the order might be side-top,

repeated, meaning side coordinates would fall on 1st, 3rd,
5th.. positions during encipherment, so he separates them by
frequency characteristics. In 48 hours of incredible labor,
Painvin pairs the correct letters and builds the checkerboard,
solving the toughest field cipher the world had yet seen. A
cipher that defends itself by fractionation - the breaking up
of PT letters equivalents into pieces, with the consequent
dissipation of its ordinary characteristics. The transposition
further scatters these characteristics in a particularly
effective fashion, while dulling the clues that normally help
to reconstruct a transposition.

HOMEWORK PROBLEMS

Solve these:

Ger-3. Kalenderblatt August. K2 (Sonne) BRASSPOUNDER

QV FHOHIC ICMPC KQM IXWWM QW KML WFMPM KMI

*IQLQHI, KMI *PHWKICMLWI, KFPML KQM "*PHWKIC-

FOMI," KQM AMKML VMWIJP WXJP CQMLM VXMOMW.

Ger-4. Ungerechtes Schicksal. Eng. K4 GEMINATOR

IRFJA DRGAI RAMRT VFAKF DLUFS UXABR ADSEQ

DBHMR XBAIC KVELR JAVKV AFDJI HMBHP IEQII

HMQEL JEIIA QGAUB SSAVJ AVIAQ GATVC KAIIC

VJBAI AQGAD KVELA D. hints: (zum zw-; zimm-)

Fre-1. French digraphic. Christmas Greeting. MON NOM

DBAAB AADBB BBBAB CABAA BBCDC ACCAA BABAC

AABBD ACBAA AAACA CABAC BCCCB BAAAB IJGFG

GKJGJ FFGJH JGFIK JFGFH GGFKG FGHKG FFGJJ

GGJIK GJFJG JGFJH FGIIG KIKJF.

hints: (noel, plus). Look out for disruption area in cipher
square.

REFERENCES / RESOURCES

[ACA] ACA and You, "Handbook For Members of the American

Cryptogram Association," ACA publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure

Communications", American Cryptogram Association,
1994.

[AFM] AFM - 100-80, Traffic Analysis, Department of the Air

Force, 1946.

[ALAN] Turing, Alan, "The Enigma", by A. Hodges. Simon and

Shuster, 1983.

[ANDR] Andrew, Christopher, 'Secret Service', Heinemann,

London 1985.

[ANNA] Anonymous., "The History of the International Code.",

Proceedings of the United States Naval Institute, 1934.

[AS] Anonymous, Enigma and Other Machines, Air Scientific

Institute Report, 1976.

[BARB] Barber, F. J. W., "Archaeological Decipherment: A

Handbook," Princeton University Press, 1974.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and Essays,

London, 1928.
[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The
Simple Substitution Cipher with Word Divisions," Aegean
Park Press, Laguna Hills, CA. 1975.

[BAR2] Barker, W., ed., History of Codes and Ciphers in the

U.S. During the Period between World Wars, Part II,
1930 - 1939., Aegean Park Press, 1990.

[BAR3] Barker, Wayne G., "Cryptanalysis of the Hagelin

Cryptograph, Aegean Park Press, 1977.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.

[BARR] Barron, John, '"KGB: The Secret Work Of Soviet Agents,"

Bantom Books, New York, 1981.

[BAUD] Baudouin, Captain Roger, "Elements de Cryptographie,"

Paris, 1939.

[BEES] Beesley, P., "Very Special Intelligence", Doubleday, New

York, 1977.

[BLK] Blackstock, Paul W. and Frank L Schaf, Jr.,

"Intelligence, Espionage, Counterespionage and Covert
Operations," Gale Research Co., Detroit, MI., 1978.

[BLOC] Bloch, Gilbert and Ralph Erskine, "Exploit the Double

Encipherment Flaw in Enigma", Cryptologia, vol 10, #3,
July 1986, p134 ff. (29)

[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th ed.,

Annapolis: U.S. Naval Institute, 1978.

[BODY] Brown, Anthony - Cave, "Bodyguard of Lies", Harper and

Row, New York, 1975.

[BOLI] Bolinger, D. and Sears, D., "Aspects of Language,"

3rd ed., Harcourt Brace Jovanovich,Inc., New York,
1981.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An

Introduction to Information Security," Hayden Books,
Rochelle Park, NJ, 1990.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.

[BRAS] Brasspounder, "Language Data - German," MA89, THe

Cryptogram, American Cryptogram Association, 1989.

[BRIT] Anonymous, "British Army Manual of Cryptography", HMF,

1914.

[BRYA] Bryan, William G., "Practical Cryptanalysis - Periodic

Ciphers -Miscellaneous", Vol 5, American Cryptogram
 Association, 1967.

[BURL] Burling, R., "Man's Many Voices: Language in Its

Cultural Context," Holt, Rinehart & Winston, New York,
1970.

[CAND] Candela, Rosario, "Isomorphism and its Application in

Cryptanalytics, Cardanus Press, NYC 1946.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight Letters

in Length, Aegean Park Press, Laguna Hills, CA 92654,
1986.

[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in Length,

Aegean Park Press, Laguna Hills, CA 92654, 1986.

[CASE] Casey, William, 'The Secret War Against Hitler',

Simon & Schuster, London 1989.

[CAVE] Cave Brown, Anthony, 'Bodyguard of Lies', Harper &

Row, New York 1975.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NJ, 1990.

[CHOM] Chomsky, Norm, "Syntactic Structures," The Hague:

Mouton, 1957.

[CI] FM 34-60, Counterintelligence, Department of the Army,

February 1990.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis Of The

Columnar Double Transposition Cipher, by Courville
Assoc., South Gate, CA, 1986.

[CLAR] Clark, Ronald W., 'The Man who broke Purple',

Weidenfeld and Nicolson, London 1977.

[COLF] Collins Gem Dictionary, "French," Collins Clear Type

Press, 1979.

[COLG] Collins Gem Dictionary, "German," Collins Clear Type

Press, 1984.

[COLI] Collins Gem Dictionary, "Italian," Collins Clear Type

Press, 1954.

[COLL] Collins Gem Dictionary, "Latin," Collins Clear Type

Press, 1980.

[COLP] Collins Gem Dictionary, "Portuguese," Collins Clear Type

Press, 1981.

[COLR] Collins Gem Dictionary, "Russian," Collins Clear Type

Press, 1958.

[COLS] Collins Gem Dictionary, "Spanish," Collins Clear Type

 Press, 1980.

[COVT] Anonymous, "Covert Intelligence Techniques Of the Soviet

Union, Aegean Park Press, Laguna Hills, Ca. 1980.

[CULL] Cullen, Charles G., "Matrices and Linear

Transformations," 2nd Ed., Dover Advanced Mathematics
Books, NY, 1972.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford

University Press, London, 1974.

[DAN] Daniel, Robert E., "Elementary Cryptanalysis:

Cryptography For Fun," Cryptiquotes, Seattle, WA., 1979.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The Cryptogram,

September-October, Vol XLII, No 5. 1976.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum," tr. by

Gilbert Watts, (1640) or tr. by Ellis, Spedding, and
Heath (1857,1870).

[DEVO] Devours, Cipher A. and Louis Kruh, Machine Cryptography

and Modern Cryptanalysis, Artech, New York, 1985.

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956.

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,

"ENIGMA95 - A Simulation of Enhanced Enigma Cipher
Machine on A Standard Personal Computer," for
publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
Ciphers," Ambassador Books, Toronto, Canada, 1956.

[EYRA] Eyraud, Charles, "Precis de Cryptographie Moderne'"

Paris, 1953.

[FL] Anonymous, The Friedman Legacy: A Tribute to William and

Elizabeth Friedman, National Security Agency, Central
Security Service, Center for Cryptological History,1995.

[FREB] Friedman, William F., "Cryptology," The Encyclopedia

Britannica, all editions since 1929. A classic article
by the greatest cryptanalyst.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean Park
 Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR4] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part IV, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR5] Friedman, William F. Military Cryptanalysis - Part I,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR6] Friedman, William F. Military Cryptanalysis - Part II,

Aegean Park Press, Laguna Hills, CA, 1980.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FREA] Friedman, William F. , "Advanced Military Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FRAA] Friedman, William F. , "American Army Field Codes in The

American Expeditionary Forces During the First World
War, USA 1939.

[FRAB] Friedman, W. F., Field Codes used by the German Army

During World War. 1919.

[FR22] Friedman, William F., The Index of Coincidence and Its

Applications In Cryptography, Publication 22, The
Riverbank Publications, Aegean Park Press, Laguna
Hills, CA, 1979.

[FROM] Fromkin, V and Rodman, R., "Introduction to Language,"

4th ed.,Holt Reinhart & Winston, New York, 1988.

[FRS] Friedman, William F. and Elizabeth S., "The

Shakespearean Ciphers Examined," Cambridge University
Press, London, 1957.

[GARL] Garlinski, Jozef, 'The Swiss Corridor', Dent,

London 1981.

[GAR1] Garlinski, Jozef, 'Hitler's Last Weapons',

Methuen, London 1978.

[GERM] "German Dictionary," Hippocrene Books, Inc., New York,

1983.

[GIVI] Givierge, General Marcel, " Course In Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1978. Also, M.
Givierge, "Cours de Cryptographie," Berger-Levrault,
Paris, 1925.

[GRA1] Grandpre: "Grandpre, A. de--Cryptologist. Part 1

'Cryptographie Pratique - The Origin of the Grandpre',
ISHCABIBEL, The Cryptogram, SO60, American Cryptogram
Association, 1960.
[GRA2] Grandpre: "Grandpre Ciphers", ROGUE, The Cryptogram,
SO63, American Cryptogram Association, 1963.

[GRA3] Grandpre: "Grandpre", Novice Notes, LEDGE, The

Cryptogram, MJ75, American Cryptogram Association,1975

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976

[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing

Discovery and Decipherment," Basic Books, New York,
1982.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[HAWA] Hitchcock, H. R., "Hawaiian," Charles E. Tuttle, Co.,

Toyko, 1968.

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For

Divided and Undivided Cryptograms," unpublished
manuscript, 1984.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic

Alphabet", The American Mathematical Monthly, June-July
1929.

[HINS] Hinsley, F. H., "History of British Intelligence in the

Second World War", Cambridge University Press,
Cambridge, 1979-1988.

[HIN2] Hinsley, F. H. and Alan Strip in "Codebreakers -Story

of Bletchley Park", Oxford University Press, 1994.

[HIS1] Barker, Wayne G., "History of Codes and Ciphers in the

U.S. Prior to World War I," Aegean Park Press, Laguna
Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of Military
Ciphers," Aegean Park Press, Laguna Hills, CA, 1976.

[HOFF] Hoffman, Lance J., editor, "Building In Big Brother:

The Cryptographic Policy Debate," Springer-Verlag,
N.Y.C., 1995. ( A useful and well balanced book of
cryptographic resource materials. )

[HOM1] Homophonic: A Multiple Substitution Number Cipher", S-

TUCK, The Cryptogram, DJ45, American Cryptogram
Association, 1945.

[HOM2] Homophonic: Bilinear Substitution Cipher, Straddling,"

ISHCABIBEL, The Cryptogram, AS48, American Cryptogram
Association, 1948.
[HOM3] Homophonic: Computer Column:"Homophonic Solving,"
PHOENIX, The Cryptogram, MA84, American Cryptogram
Association, 1984.

[HOM4] Homophonic: Hocheck Cipher,", SI SI, The Cryptogram,

JA90, American Cryptogram Association, 1990.

[HOM5] Homophonic: "Homophonic Checkerboard," GEMINATOR, The

Cryptogram, MA90, American Cryptogram Association, 1990.

[HOM6] Homophonic: "Homophonic Number Cipher," (Novice Notes)

LEDGE, The Cryptogram, SO71, American Cryptogram
Association, 1971.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,

Yorktown Heights, N.Y., 1971.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994.

[JAPA] Martin, S.E., "Basic Japanese Coversation Dictionary,"

Charles E. Tuttle Co., Toyko, 1981.

[JOHN] Johnson, Brian, 'The Secret War', Arrow Books,

London 1979.

[KAHN] Kahn, David, "The Codebreakers", Macmillian Publishing

Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New

Cryptology," MacMillan Co., New York, 1983.

[KAH2] Kahn, David, "An Enigma Chronology", Cryptologia Vol

XVII,Number 3, July 1993.

[KAH3] Kahn, David, "Seizing The Enigma", Houghton Mifflin, New

York, 1991.

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KONH] Konheim, Alan G., "Cryptography -A Primer" , John Wiley,

1981, pp 212 ff.

[KOTT] Kottack, Phillip Conrad, "Anthropology: The Exploration

Of Human Diversity," 6th ed., Mcgraw-Hill, Inc., New
York, N.Y. 1994.

[KOZA] Kozaczuk, Dr. Wladyslaw, "Enigma: How the German

Machine Cipher was Broken and How it Was Read by the
Allies in WWI", University Pub, 1984.

[KULL] Kullback, Solomon, Statistical Methods in Cryptanalysis,

Aegean Park Press, Laguna Hills, Ca. 1976

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing Through

The Ages," Abelard-Schuman, London, 1973.

[LAKE] Lakoff, R., "Language and the Womans Place," Harper &
 Row, New York, 1975.

[LANG] Langie, Andre, "Cryptography," translated from French

by J.C.H. Macbeth, Constable and Co., London, 1922.

[LAUE] Lauer, Rudolph F., "Computer Simulation of Classical

Substitution Cryptographic Systems" Aegean Park Press,
1981, p72 ff.

[LEDG] LEDGE, "NOVICE NOTES," American Cryptogram Association,

1994. [ One of the best introductory texts on ciphers
written by an expert in the field. Not only well
written, clear to understand but as authoritative as
they come! ]

[LEWI] Lewin, Ronald, 'Ultra goes to War', Hutchinson,

London 1978.

[LEWY] Lewy, Guenter, "America In Vietnam", Oxford University

Press, New York, 1978.

[LEVI] Levine, J., U.S. Cryptographic Patents 1861-1981,

Cryptologia, Terre Haute, In 1983.

[LISI] Lisicki, Tadeusz, 'Dzialania Enigmy', Orzet Biaty,

London July-August, 1975; 'Enigma i Lacida',
Przeglad lacznosci, London 1974- 4; 'Pogromcy
Enigmy we Francji', Orzet Biaty, London, Sept.
1975.'

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret

Writing," David Kemp Co., NY 1936.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and

Ciphers", Alexander Maclehose & Co., London, 1936.

[MARO] Marotta, Michael, E. "The Code Book - All About

Unbreakable Codes and How To Use Them," Loompanics
Unlimited, 1979. [This is a terrible book. Badly
written, without proper authority, unprofessional, and
prejudicial to boot. And, it has one of the better
illustrations of the Soviet one-time pad with example,
with three errors in cipher text, that I have corrected
for the author.]

[MARS] Marshall, Alan, "Intelligence and Espionage in the Reign

of Charles II," 1660-1665, Cambridge University, New
York, N.Y., 1994.

[MART] Martin, James, "Security, Accuracy and Privacy in

Computer Systems," Prentice Hall, Englewood Cliffs,
N.J., 1973.

[MAYA] Coe, M. D., "Breaking The Maya Code," Thames and Hudson,
New York, 1992.
[MAZU] Mazur, Barry, "Questions On Decidability and
Undecidability in Number Theory," Journal of Symbolic
Logic, Volume 54, Number 9, June, 1994.

[MEND] Mendelsohn, Capt. C. J., Studies in German Diplomatic

Codes Employed During World War, GPO, 1937.

[MILL] Millikin, Donald, " Elementary Cryptography ", NYU

Bookstore, NY, 1943.

[MYER] Myer, Albert, "Manual of Signals," Washington, D.C.,

USGPO, 1879.

[MM] Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A New

Dimension in Computer Data Security, " Wiley
Interscience, New York, 1982.

[MODE] Modelski, Tadeusz, 'The Polish Contribution to the

Ultimate Allied Victory in the Second World War',
Worthing (Sussex) 1986.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog Signals for
the Navy with Brief Description of the Ardois Hight
System," In Proceedings of the United States Naval
Institute, Annapolis: U. S. Naval Institute, 1891.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts 1-3,"

ACA-L, August 24, 1995.

[NIC3] Nichols, Randall K., "German Reduction Ciphers Parts

1-4," ACA-L, September 15, 1995.

[NIC4] Nichols, Randall K., "Russian Cryptography Parts 1-3,"

ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F. Friedman",

NCSA FORUM, August 20, 1995.

[NIC6] Nichols, Randall K., "Wallis and Rossignol," NCSA

FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to

Cryptography,", in The Cryptogram, ND95, ACA, 1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down Morse
Code System," The Cryptogram, SO95, ACA publications,
1995.

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM, March 10,
1995.

[NICX] Nichols, R. K., Keynote Speech to A.C.A. Convention,

"Breaking Ciphers in Other Languages.," New Orleans,
La., 1993.
[NORM] Norman, Bruce, 'Secret Warfare', David & Charles,
Newton Abbot (Devon) 1973.

[NORW] Marm, Ingvald and Sommerfelt, Alf, "Norwegian," Teach

Yourself Books, Hodder and Stoughton, London, 1967.

[NSA] NSA's Friedman Legacy - A Tribute to William and

Elizabeth Friedman, NSA Center for Cryptological
History, 1992, pp 201 ff.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,

Ventura, Ca. 93003.

[POPE] Pope, Maurice, "The Story of Decipherment: From Egyptian

Hieroglyphic to Linear B., Thames and Hudson Ltd., 1975.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &

C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &

C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G &

C. Merriam Co., Norman, OK. 1981.

[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,

Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.

Merriam Co., Norman, OK. 1982.

[REJE] Rejewski, Marian, "Mathematical Solution of the Enigma

Cipher" published in vol 6, #1, Jan 1982 Cryptologia pp
1-37.

[RHEE] Rhee, Man Young, "Cryptography and Secure Commun-

ications," McGraw Hill Co, 1994

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[ROHE] Jurgen Roher's Comparative Analysis of Allied and Axis

Radio-Intelligence in the Battle of the Atlantic,
Proceedings of the 13th Military History Symposium, USAF
Academy, 1988, pp 77-109.

[ROOM] Hyde, H. Montgomery, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[ROSE] Budge, E. A. Wallis, "The Rosetta Stone," British Museum

Press, London, 1927.

[RUNY] Runyan, T. J. and Jan M. Copes "To Die Gallently",

Westview Press 1994, p85-86 ff.

[RYSK] Norbert Ryska and Siegfried Herda, "Kryptographische

 Verfahren in der Datenverarbeitung," Gesellschaft fur
Informatik, Berlin, Springer-Verlag1980.

[SADL] Sadler, A. L., "The Code of the Samurai," Rutland and

Tokyo: Charles E. Tuttle Co., 1969.

[SACC] Sacco, Generale Luigi, " Manuale di Crittografia",

3rd ed., Rome, 1947.

[SAPR] Sapir, E., "Conceptual Categories in Primitive

Language," Science: 74: 578-584., 1931.

[SASS] Sassoons, George, "Radio Hackers Code Book", Duckworth,

London, 1986.

[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," John Wiley and Sons,
1994.

[SCH2] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," 2nd ed., John Wiley and
Sons, 1995.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San

Francisco, 1994.

[SHAN] Shannon, C. E., "The Communication Theory of Secrecy

Systems," Bell System Technical Journal, Vol 28 (October
1949).

[SIG1] "International Code Of Signals For Visual, Sound, and

Radio Communications," Defense Mapping Agency,
Hydrographic/Topographic Center, United States Ed.
Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound, and

Radio Communications," U. S. Naval Oceanographic
Office, United States Ed., Pub. 102, 1969.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.

[SISI] Pierce, C.C., "Cryptoprivacy," Author/Publisher, Ventura

Ca., 1995. (XOR Logic and SIGTOT teleprinters)

[SMIT] Smith, Laurence D., "Cryptography, the Science of Secret

Writing," Dover, NY, 1943.

[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag Archipelago I-

III, " Harper and Row, New York, N.Y., 1975.

[STEV] Stevenson, William, 'A Man Called INTREPID',

Macmillan, London 1976.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"

CRC Press, London, 1995.

[STUR] Sturtevant, E. H. and Bechtel, G., "A Hittite

 Chrestomathy," Linguistic Society of American and
University of Pennsylvania, Philadelphia, 1935.

[SUVO] Suvorov, Viktor "Inside Soviet Military Intelligence,"

Berkley Press, New York, 1985.

[TERR] Terrett, D., "The Signal Corps: The Emergency (to

December 1941); G. R. Thompson, et. al, The Test(
December 1941 - July 1943); D. Harris and G. Thompson,
The Outcome;(Mid 1943 to 1945), Department of the Army,
Office of the Chief of Military History, USGPO,
Washington,1956 -1966.

[TILD] Glover, D. Beaird, Secret Ciphers of The 1876

Presidential Election, Aegean Park Press, Laguna Hills,
Ca. 1991.

[TM32] TM 32-250, Fundamentals of Traffic Analysis (Radio

Telegraph) Department of the Army, 1948.

[TRAD] U. S. Army Military History Institute, "Traditions of

The Signal Corps., Washington, D.C., USGPO, 1959.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The Cipher
Dispatches, New York, 1879.

[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite de

Jean Tritheme ,Paris: Editions Traditionelles, 1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[TUCM] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[VERN] Vernam, A. S., "Cipher Printing Telegraph Systems For

Secret Wire and Radio Telegraphic Communications," J.
of the IEEE, Vol 45, 109-115 (1926).

[VOGE] Vogel, Donald S., "Inside a KGB Cipher," Cryptologia,

Vol XIV, Number 1, January 1990.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and Eleven

Letters in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and

Greater in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius," in

Tudor Studies, Longmans and Green, London, 1924.

[WEL] Welsh, Dominic, "Codes and Cryptography," Oxford Science

Publications, New York, 1993.
[WELC] Welchman, Gordon, 'The Hut Six Story', McGraw-Hill,
New York 1982.

[WHOR] Whorf, B. L., "A Linguistic Consideration of Thinking In

Primitive Communities," In Language, Thought, and
Reality: Selected Writings of Benjamin Lee Whorf, ed. J.
B. Carroll, Cambridge, MA: MIT Press, pp. 65-86., 1956.

[WINT] Winterbotham, F.W., 'The Ultra Secret', Weidenfeld

and Nicolson, London 1974.

[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill Books,

NY, 1970.

[WOLF] Wolfe, Jack M., " A First Course in Cryptanalysis,"

Brooklin College Press, NY, 1943.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"

Crown Publishers, New York, 1990.

[XEN1] PHOENIX, "Xenocrypt Handbook," American Cryptogram

Association, 1 Pidgeon Dr., Wilbraham, MA., 01095-2603,
for publication March, 1996.

[YARD] Yardley, Herbert, O., "The American Black Chamber,"

Bobbs-Merrill, NY, 1931.

[ZIM] Zim, Herbert S., "Codes and Secret Writing." William

Morrow Co., New York, 1948.

[ZEND] Callimahos, L. D., Traffic Analysis and the Zendian

Problem, Agean Park Press, 1984. (also available
through NSA Center for Cryptologic History)

From [email protected] Nov 19 08:47:55 1995

Date: Mon, 13 Nov 1995 12:53:00 EST
From: "Randy Nichols, ACA Pres." <[email protected]>
Reply to: ACA-L <[email protected]>
To: Multiple recipients of list ACA-L <[email protected]>
Newsgroups: bit.listserv.aca-l
Subject: Lecture 3

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI
November 13, 1995
Revision 1

LECTURE 3
 SUBSTITUTION WITH VARIANTS PART II
MULTILITERAL SUBSTITUTION

SUMMARY

In Lecture 3, we continue our look into substitution ciphers,

and move into the multiliteral substitution case, we field more
tools for cryptanalysis, look at some fascinating historical
variations, we review "the unbreakable cipher" and solve
homework problems.

MULTILITERAL SUBSTITUTION WITH SINGLE-EQUIVALENT CIPHER

ALPHABETS

Monoalphabetic substitution methods are classified as

uniliteral and multiliteral systems. Uniliteral systems
maintain a strict one-to-one correspondence between the length
of the units of the plain and those of the cipher text. Each
letter of plain text is replaced by a single character in the
cipher text. In multiliteral monoalphabetic substitution
systems, this correspondence is no longer one plain to one
cipher but may be one plain to two cipher, where each letter of
the plain text is replaced by two characters in the cipher
text; or one plain to three cipher, where a three-character
combination in the cipher text represents a single letter of
the plain text. We refer to these systems as uniliteral,
biliteral, and triliteral, respectively. Ciphers in which one
plain text letter is represented by cipher characters of two or
more elements are classed as multiliteral. [FR1], [FR2],
[FR5]

BILITERAL CIPHERS

Friedman gives some interesting examples of biliteral

monoalphabetic substitution. [FR1] Many cipher systems
start with a geometric shape. Using the square in Figure 3-1,

W H I T E
.......................
W . A B C D E
.
H . F G H IJ K
.
I . L M N O P
.
T . Q R S T U
.
E . V W X Y Z
Figure 3-1

We derive the following cipher alphabet:

Plain : a b c d e f g h i j k l m
Cipher: WW WH WI WT WE HW HH HI HT HT HE IW IH

Plain : n o p q r s t u v w x y z
 Cipher: II IT IE TW TH TI TT TE EW EH EI ET EE

The alphabet derived from the cipher square or matrix is

referenced by row and column coordinates, respectively.

The key to this system is that when a message is enciphered by

this biliteral alphabet, the cryptogram is still monoalphabetic
in character. A frequency distribution based upon pairs of
letters will have all the characteristics of a simple
uniliteral distribution for a monoalphabetic substitution
cipher.

Numbers can be used as effectively as letters in the biliteral

cipher. The simplest form is A=01, B=02, C=03,...Z=26. So,
the plain text letters have as their equivalents two-digit
numbers indicating their position in the normal alphabet.

Other dinome (two digit) cipher matrices are previewed:

1 2 3 4 5 6 7 8 9 0
................................. Figure 3-2
1 . A B C D E F G H I J
2 . K L M N O P Q R S T
3 . U V W X Y Z . , : ;

Note that frequently-used punctuation marks can be enciphered

in the above matrix.

Another four examples are:

Figure 3-3 Figure 3-4

5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
.................... ............................
1 . A B C D E F 1 . A B C D E F G H I
2 . G H IJ K L M 2 . J K L M N O P Q R
3 . N O P Q R S 3 . S T U V W X Y Z *
4 . T UV W X Y Z

Figure 3-5 Figure 3-6

M U N I C H A B C D E F G H I
.................... .............................
B .A 7 E 5 R M A . A D G J M P S V Y
E .G 1 N Y B 2 B . B E H K N Q T W Z
R .C 3 D 4 F 6 C . C F I L O R U X 1
L .H 8 I 9 J 0 D . 2 3 4 5 6 7 8 9 0
I .K L O P Q S
N .T U V W X Z

It is possible to generate false or pseudo-code or artificial

code language by using an enciphering matrix with vowels as row
indicators and consonants as column indicators.

Figure 3-7
 B C D F G
..............
A . A B C D E
E . F G H IJ K
I . L M N O P
O . Q R S T U
U . V W X Y Z

Enciphering the word RAIDS would be OCABE FAFOD. [FR5]

Another subterfuge used to camouflage the biliteral cipher

matrix is to append a third character to the row or column
indicator. This third character may be produced through the
use of cipher matrix shown in Figure 3-8 (wherein A=611,
B=612, etc.) or the third character can be the "sum checking"
digit which is the non-carrying sum (modulo 10) of the
preceding two digits such as trinomes 257, 831, and 662. It
may also involve self summing groups such as 254, 830, 669 all
which sum to the constant 1, or finally the third digit can be
random, inserted solely for the pleasure of the cryptanalyst.

Figure 3-8

1 2 3 4 5
..................
61 . A B C D E
72 . F G H IJ K
83 . L M N O P
94 . Q R S T U
05 . V W X Y Z

A=611 , B=612 X=053

All the above matrices are bipartite. They can be divided into
two separate parts that can be clearly and cleanly defined by
row and column indicators. This is the primary weakness of
this type of cipher. [FR1]

Sinkov presents a good description of the modulo arithmetic

required to solve biliteral cipher challenges. [SINK] A more
involved look at the statistics involved can be found in
[CULL].

BILITERAL BUT NOT BIPARTITE

Consider the following cipher matrix:

Figure 3-9
 1 2 3 4 5
..................
09 . H Y D R A
15 . U L IJ C B
21 . E F G K M
27 . N O P Q S
33 . T V W X Z

We can produce a biliteral cipher alphabet in which the

equivalent for any letter in the matrix is the sum of the two
coordinates which indicate its cell in the matrix:

Plain A B C D E F G H I J K L M
Cipher 14 20 19 12 22 23 24 10 18 18 25 17 26

Plain N O P Q R S T U V W X Y Z
Cipher 28 29 30 31 13 32 34 16 35 36 37 11 38

A = 9+5 =14, E = 21 + 1 =22

The cipher units are biliteral but they are not bipartite.
Cipher text equivalent of plain text letter "A" is 14 and
digits 1 and 4 have no meaning per se. Plain text letters
whose cipher equivalents begin with 1 may be found in two
different rows of the matrix and those of whose equivalents end
in 4 appear in three different columns. [FR1]

Another possibility lends itself to certain multiliteral

ciphers in the use of a word spacer or word separator. The
word space might be represented by a value in the matrix;
i.e., the separator is enciphered as a value (dinome 39 in
Figure 3-4). The word space might be an unenciphered element.

Lets break from the theory and look at four interesting

multiliteral historical ciphers before discussing the general
cryptanalytic attack on the multiliteral cipher.

TRITHEMIAN

The abbot Trithemius, born Johann von Heydenberg (1462-1516)

invented one of the first multiliteral ciphers. It was
fashioned similar to the Baconian Cipher and was a means for
disguising secret text. His work "Steganographia" published in
1499 describes several systems of 'covered writing.' [TRIT]
[WATS], [FR1] The science of steganography is named after
him. Several Internet discussion groups currently discuss the
use of steganography to hide messages in graphics files. (.GIF
files)

His alphabet, modified to include 26 letters of present-day

English, is shown in Figure 3-10, below; it consists of all
the permutations of three things taken three at a time or
3 ** 3 = 27 in all.

Figure 3-10
A - 111 G - 131 M - 221 S - 311 Y - 331
B - 112 H - 132 N - 222 T - 312 Z - 332
C - 113 I - 133 O - 223 U - 313 * - 333
D - 121 J - 211 P - 231 V - 321
E - 122 K - 212 Q - 232 W - 322
F - 123 L - 213 R - 233 X - 323

The cipher text does not have to be restricted to digits; any

groupings of three things taken three at a time will do.

BACON

Sir Francis Bacon (1561-1626) invented a cipher in which the

cipher equivalents are five-letter groups and the resulting
cipher is monoalphabetic in character. Bacon uses a 24 letter
cipher with I and J, U and W used interchangeably.

A = aaaaa I/J = abaaa R = baaaa

B = aaaab K = abaab S = baaab
C = aaaba L = ababa T = baaba
D = aaabb M = ababb U/V = baabb
E = aabaa N = abbaa W = babaa
F = aabab O = abbab X = babab
G = aabba P = abbba Y = babba
H = aabbb Q = abbbb Z = babbb

Bacon described the steganographic effect of message enfolding

in an innocent external message. Suppose we let capitals be
the "a" element and lower-case letters represent the "b"
elements. The message "All is well with me today" can be made
to convey the message "Help." Thus,

A L l i s W E l L W I t H m E T o d a Y
a a b b b a a b a a a b a b a a b b b a

H E l P

Bacon describes many several variations on the theme. [FR1],

[DEAU] Note the regularity of construction of Bacon's
biliteral alphabet, a feature which permits its reconstruction
from memory.

HAYES CIPHERS

Probably the most corrupt political election occurred on

November 7, 1876 with the election of President Rutherford B.
Hayes (Republican). He defeated Samuel Jones Tilden
(Democrat). Tilden had won the popular vote by 700,000 votes
but because of frauds surrounding the electoral college, he was
deprived of the high office of President. Actual both
candidates were involved with bribery, election tampering,
voter fraud, conspiracy and a host of other goodies. Tilden
ran on a law and order ticket that credited him with convicting
Boss Tweed and the Tweed Ring in New York City, which
controlled the city through Tammany Hall. For two years into
Hayes Presidency, the scandals persisted.

With the help of New York Tribune, Republicans finished the

Tilden 'honesty' horse. They published the Tilden Ciphers and
keys. There were about 400 of them representing substitution
and transposition forms. We will revisit the transposition
forms at a later juncture. They represented secret and illegal
operations by Tilden's men in Florida, Louisiana, South
Carolina and Oregon. The decipherments were done by
investigators of the Tribune. Here are two examples and their
solution. [TILD] , [FR1] , [TRIB]

GEO. F. RANEY, Tallahassee.

P P Y Y E M N S N Y Y Y P I M A S H N S Y Y S S I T E P A A E
N S H N S P E N N S S H N S M M P I Y Y S N P P Y E A A P I E
I S S Y E S H A I N S S S P E E I Y Y S H N Y N S S S Y E P I
A A N Y I T N S S H Y Y S P Y Y P I N S Y Y S S I T E M E I P
I M M E I S S E I Y Y E I S S I T E I E P Y Y P E E I A A S S
I M A A Y E S P N S Y Y I A N S S S E I S S M M P P N S P I N
S S N P I N S I M I M Y Y I T E M Y Y S S P E Y Y M M N S Y Y S
S I T S P Y Y P E E P P P M A A A Y Y P I I T

L' Engle goes up tomorrow. Daniel

Examination of the message discloses a bipartite alphabet

cipher with only ten different letters used. Dividing the
messages by twos, assigning arbitrary letters for pairs of
letters and performing a triliteral frequency distribution will
yield a solution.

PP YY EM NS NY YY PI MA SH NS YY SS etc

A B C D E B F G H D B I etc

Message reads:

Have Marble and Coyle telegraph for influential men from

Delaware and Virginia. Indications of weakening here. Press
advantage and watch board.

Here is another Tilden cipher using numerical substitutes:

S. PASCO AND E. M. L'ENGLE

84 55 84 25 93 34 82 31 31 75 93 82 77 33 55 42

93 20 93 66 77 66 33 84 66 31 31 93 20 82 33 66

52 48 44 55 42 82 48 89 42 93 31 82 66 75 31 93

DANIEL
There were several messages of this type. They disclosed that
only 26 different numbers were used.

Message reads:

Cocke will be ignored, Eagan called in. Authority reliable.

The Tribute experts gave the following alphabets:

AA = O EN = Y IT = D NS = E PP = H SS = N
AI = U EP = C MA = B NY = M SH = L YE = F
EI = I IA = K MM = G PE = T SN = P YI = X
EM = V IM = S NN = J PI = R SP = W YY = A
-------------------------------------------------------
20 = D 33 = N 44 = H 62 = X 77 = G 89 = Y
25 = K 34 = W 48 = T 66 = A 82 = I 93 = E
27 = S 39 = P 52 = U 68 = F 84 = C 96 = M
31 = L 42 = R 55 = O 75 = B 87 = V 99 = J

William F. Friedman correlated these alphabets with the results

being amusing:

H I S P A Y M E N T
1 2 3 4 5 6 7 8 9 0
-------------------------------
H 1 . .
I 2 . K S D .
S 3 . L N W P .
P 4 . R H T .
A 5 . U O .
Y 6 . X A F .
M 7 . B G .
E 8 . I C V Y .
N 9 . E M J .
T 0 . .
------------------------------

The blank squares may have contained proper names and money
designations. Key = HISPAYMENT for bribary seems to be
appropriate. [HIS1], [TRIB], [TILD], [FR1]

BLUE AND GREY

One of the most fascinating stories of the American Civil War

(1861-65) is about communications using flag telegraphy or also
known as the wigwag signal system.

Wigwag is a system of positioning a flag (or flags) at various

angles that indicate the corresponding twenty-six letters of
the alphabet. It was created in the mid-1800s by three men
working at separate locations: Navy Captain Phillip Colomb and,
Army Captain Francis Bolton, in England, and Surgeon-inventor
Albert J. Meyer in America. [WRIX] Meyer observed the
railroad electromagnetic telegraph, developed by Alexander
Bain, and invented a touch method of communication for the deaf
and later the wigwag system. He developed companion methods
with torches and disks. The name "wigwag" derived from the
flag movements.

Three main color combinations were used in flags measuring two,

four and six feet square. The white banners had red square
centers while the black or red flags had white centers. Myers
method required three motions (elements) to be used for each
letter. The first position always initiated a message
sequence. Motion one went from head to toe and back on right
side. Motion 2 went from head to toe and back on left side.
Motion three went from head to toe and back in front of the
man. Each motion made quickly. Chart 3-1 indicates the
multiliteral alphabet and directional orders required to convey
a message.

Chart 3-1

A - 112 H - 312 O - 223 V - 222

B - 121 I - 213 P - 313 W - 311
C - 211 J - 232 Q - 131 X - 321
D - 212 K - 323 R - 331 Y - 111
E - 221 L - 231 S - 332 Z - 113
F - 122 M - 132 T - 133
G - 123 N - 322 U - 233

Myers Signal Directions

3 - End of a word
33 - End of a sentence
333 - End of message
22.22.22.3 - Signal of assent. Message understood
22.22.22.333 - Cease signaling
121.121.121.3 - Repeat
212121.3 - Error
211.211.211.3 - Move a little to the right
221.221.221.3 - Move a little to the left

As the Civil War wore on, Myer increased the wigwag motions to
four. This enabled more specialized words and abbreviations to
be used. In 1864, Myer invented a similar daytime system with
disks.

For night signals, Myer applied his system with torches on the
signal poles and lanterns. A foot torch was used as a
reference point. Thus the direction of the flying wave could
better be seen. Compare this to the semaphore system used by
ships at sea when radio silence is a must.

Myer continuously improved his invention through 1859 and

presented his findings gratis to the Union Army (which gave him
a luke warm yawn for his trouble). Alexander Porter, his chief
assistant joined the Confederate Army and used the wigwag
system in actual combat. Porter was able to warn Colonel
Nathan Evans at Manassas Junction - Stone Bridge that the Union
Army had reached Sudley Ford and was about to surprise General
Beauregard's best Division. Porter sent from his observation
tower, the following message to Colonel Evans at the Stone
Bridge defenses: "Look out for your left, you are turned."

Colonel Evans turned his cannons and musket fire toward the
Federal troops before they could initiate their attack. Porter
was credited later (and decorated) for his vigilance led to
changes in the tactics of the entire struggle around Manassas
Junction. The application of the new signal system had
directly influenced the shocking Union defeat that eventful
July day.

Myers signaling system was catapulted into use at the Battle of

Gettysburg. General Lee had invaded northern soil in June
1863. His Potomac crossing was relayed by flag system to the
War Department. General Joseph Hooker resigned under fire on
June 28. General George Meade (of NSA grounds fame) took over
command of the Army of the Potomac. His headquarters were at
Taneytown, MD. Startling news came via signalmen on July 1.
A skirmish on the Maryland border indicated that General Buford
was facing a major force not in Maryland but in Pennsylvania.
Lee was himself in command at Gettysburg. Signalmen of each
army unit sent out calls for help. Reinforcements from dozens
of units several miles away were committed to the fray. By
July 1, 73,000 gray and 88,000 blue met in one of history's
most decisive battles. Rarely, if at all, do textbooks even
hint that the secret message system of flags affected these
history changing events. Yet the crucial sightings by Union
observers directly tipped the scales against Lee's best
tactics. The most famous incident was when Captain Castle on
Cemetery Ridge, refused to submit to Confederate artillery
barrage as General George Pickett charged the "thin blue line",
used a wooden pole and a bedsheet to make a makeshift flag to
alert Union forces under General Meade who ordered counter-
measures. Pickett's charge was stopped short of breaching the
Union lines. General Lee's gamble failed. Previously
disregarded flagmen enabled George Meade to enter the shrine of
heros. [BLUE], [ANNA], [MYER], [NIBL], [TRAD], [WRIX], [KAHN]

FURTHER NOTES ON CRYPTANALYSIS OF MULTILITERAL CIPHERS

LIMITED CHARACTERS

Multiliteral ciphers are often recognized by the fact that the

cryptographic text is usually composed of but a very limited
number of different characters. They are handled in the same
way as are uniliteral monoalphabetic substitution ciphers. So
long as the same character or number is used to represent the
same plain text letter, and so long as a given letter of
plain text is always represented by the same character or
combination of characters, then the substitution is strictly
monoalphabetic and can be handled by methods in my Lectures 1
and 2.
BILITERAL CIPHERS

In the case of biliteral ciphers where the row and column

indicators are not identical, the direction of reading the
cipher pairs is chosen at will for each succeeding cipher pair,
and analysis of contacts of the letters comprising the cipher
pairs will disclose that there are two distinct families of
letters, and the cipher pair will never consist of two letters
of the same family. We reduce by further substitution to
uniliteral terms and solve by known methods.

WORD SEPARATORS

If a multiliteral cipher includes a provision for the

encipherment of a word separator, the cipher equivalent of this
word separator may be readily identified because it will have
the highest frequency of any cipher unit.

Friedman presents data on word separators:

For English, the average word length is 5.2 letters. The word
separator will be close to 16% frequency. [FR1] The letters
of the alphabet take on new percentage frequencies as follows:

A - 6.2 J - 0.16 S - 5.1

B - 0.84 K - 0.25 T - 7.7
C - 2.6 L - 3.0 U - 2.2
D - 3.5 M - 2.1 V - 1.3
E - 11.0 N - 6.6 W - 1.3
F - 2.3 O - 6.3 X - 0.41
G - 1.3 P - 2.3 Y - 1.6
H - 2.9 Q - 0.25 Z - 0.08
I - 6.2 R - 6.4

On the other hand, if the word separator is a single character,

this character may be identified by its positional appearance
spaced 'wordlength-wise' in the cipher text and by the fact
that it never contacts itself.

It is advisable to reduce multiliteral cipher text to

uniliteral equivalents, especially if a triliteral frequency
distribution is made. If not more than 36 combinations are
present in the cryptogram, the extra values over 26 may be
represented by digits for the purpose of reduction. For more
than 36 groups, cipher text can be attacked in multiliteral
groupings.

ANAGRAMING

One of the first steps to solving a multiliteral cipher with a

cipher matrix, is to anagram the letters comprising the row and
column indicators in an attempt to disclose the key words used.
When the anagraming process does disclose any key word(s), a
skeleton reconstruction matrix which is the duplicate of the
original enciphering matrix is made to show the order of the
row and column indicators. Partial recovery of plain text may
be possible at this point in the analysis. Looking at the
frequency analysis (and location of the crests and troughs) may
tell us something about the enciphering alphabet as normal or
keyed.

NUMERICAL CIPHERS

Cipher alphabets whose cipher components consist of numbers are

practicable for telegraph or radio transmission. They may take
forms corresponding to those employing letters.

Standard numerical cipher alphabets are those in which the

cipher component is a normal sequence of numbers.

Plain - A B C D E F G H I J K L M
Cipher - 11 12 13 14 15 16 17 18 19 20 21 22 23

Plain - N O P Q R S T U V W X Y Z
Cipher - 24 25 26 27 28 29 30 31 32 33 34 35 36

We could easily have started the cipher alphabet with A= 01,

B=02,..., Z=26 with the same results.

Mixed numerical cipher alphabets are those that have been keyed
by a key word turned into numerical cipher equivalents or have
a random combination of two or more digits for each letter of
plain text.

Plain - A B C D E F G H I - J K L M
Cipher - 76 88 01 67 04 80 66 99 96 96 02 69 90

Plain - N O P Q R S T U V W X Y Z
Cipher - 77 05 87 60 39 79 03 78 68 98 86 70 97

The computer whizzes are now thinking that the example has
all numbers less than 100. Therefore, a brute force attack
on all combinations of two letter-equivalents of the above
ciphertext numerical values taken two at a time in combination
with the digram frequency data could be a good approach to the
cipher matrix construction problem. The ASOLVER computer
program at the CDB does this kind analysis and adds threshold
limitations on the search.

Figure 3-3 and 3-4 could be arranged for simple numerical

equivalents like this:

Figure 3-3a Figure 3-4a

1 2 3 4 5 1 2 3 4 5 6 7 8 9
................ ............................
1 . A B C D E 1 . A B C D E F G H I
2 . F G H IJ K 2 . J K L M N O P Q R
 3 . L M N O P 3 . S T U V W X Y Z *
4 . Q R S T U
5 . V W X Y Z

where: A = 11, R=42 Z=55

Numerical cipher values lend themselves to treatment by various

mathematical processes to further complicate the cipher system
in which they are used. These processes, mainly addition or
subtraction, may be applied to each cipher equivalent
individually, or to the complete numerical cipher message by
considering it as one number. [OP20]

Reference [NIC4] on Russian Cryptography describes the VIC

Cipher and the one-time pad. Both involve mathematical
treatment to numerical based ciphers. The Hill cipher is
another good example of the use of mathematical transformation
processes on ciphers and is presented in David Kahn's book.
[KAHN]

In modern cryptographic systems, the DES family of ciphers use

simple S-Boxes [substitution boxes] that are reorganized by
ordered non-linear mathematical rules applied several times
over (know as rounds). [NIC4], [OP20], [RHEE], [HILL], [IBM1]

ONE-TIME PAD

The question of 'unbreakable' mathematical ciphers might be

poised at this juncture. Lets look at the famous one-time pad
and see what it offers. [NIC4]

The one-time pad is truly an unbreakable cipher system. There

are many descriptions of this cipher. One of the better
descriptions is by Bruce Schneier. [SCHN] It consists of a
nonrepetitive truly random key of letters or characters that is
used just once. The key is written on special sheets of paper
and glued together in a pad. The sender uses each key letter
on the pad to encrypt exactly one plain text letter or
character. The receiver has an identical pad and uses the key
on the pad, in turn, to decrypt each letter of the ciphertext.
[SHAN]

Each key is used exactly once and for only one message.
The sender encrypts the message and destroys the pad's page.
The receiver does the same thing after decrypting the message.
New message - new page and new key letters/numbers - each time.

The one-time pad is unbreakable both in theory and in practice.

Interception of ciphertext does not help the cryptographer
break this cipher. No matter how much ciphertext the analyst
has available, or how much time he had to work on it, he could
never solve it. [KAHN]

The reason is that no pattern can be constructed for the key.

The perfect randomness of the one time system nullifies any
efforts to reconstruct the key or plain text via horizontal or
lengthwise analysis, via cohesion, via re-assembly (such as
Kasiski or Kerckhoff's columns) via repeats or via internal
framework erection. [KAHN] [KAH1], [WRIX], [NIC4], [SCHN]

Brute force (trial and error) might bring out the true
plaintext but it would also yield every other text of the same
length, and there is no way to tell which is the right one.
The worst of it is that the possible solutions increase as the
message lengthens.

Supposing the key were stolen, would this help to predict

future keys? No, because a random key has no underling system
to exploit. If it did, it would not be random. [KAHN]

A random key sequence XOR 'ed with a nonrandom plain text

message produces a completely random ciphertext message and no
amount of computing will change that. [SCHN] The one-time
pad can be extended to encryption of binary data. Instead of
letters, we use bits. [SCHN]

FRESH KEY DRAWBACK

The one-time pad has a drawback - the quantities of fresh key

required. For military messages in the field (a fluid
situation) a practical limit is reached. It is impossible to
produce and distribute sufficient fresh key to the units.
During WWII, the US Army's European theater HQ's transmitted,
even before the Normandy invasion, 2 million five (5) letter
code groups a day! It would have therefore, consumed 10
million letters of key every 24 hours -the equivalent of a
shelf of 20 average books. [KAH1] , [FRAA]

RANDOMNESS

The real issue for the one-time pad, is that the keys must be
truly random. Attacks against the one-time pad must be against
the method used to generate the key itself. [SCHN] Pseudo-
random number generators don't count; often they have nonrandom
properties. Reference [SCHN], Chapter 15, discusses in detail
random sequence generators and stream cipher. I take exception
to his remarks regarding keyboard latency measurement.
People's typing patterns are anything but random (especially us
two finger types). [SCHN] [MART]

ONE-TIME PAD SIMPLE EXAMPLE W/O SUPERENCIPHERMENT OR XOR

Begin with a cipher (A=1, B=2 ...)

PT: T A X A T I O N I S T H E F T
CE: 20 1 24 1 20 9 15 14 9 19 20 8 5 6 20

>From a table of truly random numbers:

10480 15011 01536 02011 81647 91646 69719 22368

45673 25595 85393 30995 89198 27982 24130 48360
22527 97265 76393 64809 15179 42167 ....
Add the cipher equivalent to the random key:

T A X A T I
20 1 24 1 20 9
10480 15011 01536 02011 81647 91646
----- ----- ----- ----- ----- ----- ...
10500 15012 01560 02012 81667 91655

Transmit new cipher text:

10500 15012 01560 02012 81667 91655 69734 .....

Receiver subtract key out of message and decodes equivalents.

Many variations exist. Note in the cipher text T1 .ne. T2

.ne. T(i) and A1 .ne. A2 .ne. A(i), etc.

[MARO]

ONE-TIME PAD HISTORICAL CONSIDERATIONS

The one-time pad originated from the work of Gilbert Vernam in

1917. Vernam worked for ATT. He got his idea from the French
telegrapher Emile Baudot. Baudot code replaced letters with
electrical impulses, called units. Every character was given 5
units that either signified a pulse of electrical current
("marks") or its absence ("spaces") during a given time period.
[ 32 combinations in all]. In 1917, paper tape was used and
the marks and spaces were read by metallic fingers. Vernam
essentially automated the process and devised a cipher on it.

In modern computer terms, key bits were added modulo 2 to

plaintext bits on a bit by bit basis. If X = x1, x2, x3..
denotes the plain text, and K = k1, k2, k3 .. the keystream,
Vernam's cipher produces a cipher text bit stream Y = Ek(X) =
y1, y2, y3. [VERN]

CONCURRENT DEVELOPMENTS

Other countries conducted similar research. Between 1918-1920,

other one-time pad methods were developed. The German Foreign
Office employed the one-time pad in 1920. The Russians first
stole and then improved the German system. It was fully
deployed in 1925 for diplomatic use! OSS and SOE operatives in
WWII had special grid one-time pad's. By 1944, OSS technicians
had developed pages made of film that were read with a hand
magnifying glass. By 1960, Russian pads were the size of a
postage stamp or scrolls the size of a large eraser. The
Russians were first to conceal the one-time pad in microfilm.
One-time pads were made of cellulose nitrate for rapid
destruction. [RHEE] ,[VERN], [TERR], [KAHN]
RUSSIAN IMPLEMENTATION OF THE ONE-TIME PAD

So why classify the one-time pad with Russian Ciphers? Because

they have been serious about using it since 1925! Before 1917,
Russian diplomatic and military systems could be expressed by
the old axiom:

Cryptography + Loose Discipline = Chaos

After her loss of trade information to the British in 1920, and

defeats of her Army in WWI because of poor cipher handling, she
woke up. By 1916, Russia's intercept service at Nicolaieff
was in full service against the Germans. From 1920 through
today, Russia has targeted stealing other countries codes with
"great vigor" as Kennedy once said. Code stealing was done
through the COMINT efforts of the former KGB and GRU. The
Spets-Odel (Special Department) was a primary agency involved
with Ciphers and Cryptanalysis. Section 6 grew 400% over a 10
year period prior to WWII.

The Soviet Union has employed the one-time pad to protect ALL
her diplomatic missions from 1930 on. Consequently her
crucial Foreign Office messages were not read by foes,
neutrals, nor allies. The GRU and the Soviet Spy rings -
"LUCY", "RED ORCHESTRA, and "Sorge's Net" all used the one-
time pad. They also used a straddling checkerboard variant
(not unbreakable).

The one-time pad is used in the old fashioned form in the

Soviet Mission - diplomatic , secret police, military,
commercial, political (Communist Party) - all have their own
keys. All cables coming into a legation look alike: simple
groups of five digits. Letters that are photographed,
codenames are applied and then enciphered in one-time pad
system. [COVT], [BLK], [BARR]

Agents in the field use the one-time pad. Radio links to

Moscow, are encrypted via one-time pads. The main Soviet spy
cipher today still employs the one-time pads.

The most dramatic spy stories (Klaus Fuchs, Iger Gouzenko,

Vladimir Petrov, Colonel Zabotin, Rudolf Abel, Gregory
Liolios, Eleftherious Voutsas, the Krogers, Guiseppe Martelli,
Ali Abbasi, Reino Hayhanen, Aldridge Ames ...) all have used
the one-time pads.

Such is cryptology in the Soviet Union - complex, enigmatic,

focused, state-of-the-art, applying the one-time pad principles
to other ciphers. Do you remember when the diplomatic ciphers
in use at the American embassy in Moscow were solved? Russia
has a profound understanding of cryptography and cryptanalysis.
[VOGE], [SUVO], [KAHN]

The U.S. history was different. Some would argue that the U.S.
became serious and superplayers in 1953. Some would argue
1943. But not many will argue 1925 (we still had SIGTOT then).
[SISI]

LECTURE 4

In Lecture 4, we will complete our look into English

substitution ciphers, by describing multiliteral substitution
with difficult variants. The Homophonic and GrandPre Ciphers
will be covered. A synoptic diagram of the substitution
ciphers presented in Lectures 1-4 will be presented.

LECTURE 5 - 6

We will cover recognition and solution of XENOCRYPTS (language

substitution ciphers) in detail.

SOLUTION TO HOMEWORK PROBLEMS FROM LECTURE 2

BOZOL gets the kudo for best solution on the homework. Both
problems were unkeyed.

Pd-1. Daniel

H Z K L X A L H X P N C I N Z X F L I X G N W Q X

P N Z K T L N K X O L X N I Z X G I N X P N E Z K

X W Q X P Z X L H X P N C I N Z X S N Q N T X W Q

X P N W V S N I K L K H B L X N W Q L X H F Z I L

N X A Z K S B W E N I.

Problem 1 breaks down as follows:

High frequency (top 7%), count = 8 : XNLZI

Medium frequency letters: : KPWHQS
Lo frequency (less than 3) : ABCEFGTOV
Zero (0) frequency : DJMRUY
By "N" Gram Count

6 gram Count CT Frequency

HXPNCI 2 5 19 6 17 2 8
LHXPNC 2 10 5 19 6 17 2
NCINZX 2 17 2 8 17 9 19
PNCINZ 2 6 17 2 8 17 9
XPNCIN 2 19 6 17 2 8 17

5 grams

CINZX 2 2 8 17 9 19
HXPNC 2 5 19 6 17 2
LHXPN 2 10 5 19 6 17
NCINZ 2 17 2 8 17 9
PNCIN 2 6 17 2 8 17
WQXPN 2 6 5 19 6 17
XPNCI 2 19 6 17 2 8
XWQXP (THATS)? 2 19 6 5 19 6

4 grams

CINX 2 2 8 17 9
HXPN 2 5 19 6 17
INZX 2 8 17 9 19
LHXP 2 10 5 19 6
NCIN 2 17 2 8 17
PNCI 2 6 17 2 8
QXPN 2 5 19 6 17
WQXP 2 6 5 19 6
YPNC 2 19 6 17 2
XWQX (THAT)? 2 19 6 5 19

3 grams

CIN 2 2 8 17
HXP 2 5 19 6
INZ 2 8 17 9
LHX 2 10 5 19
LXN 2 10 19 17
NCI 2 17 2 8
NWQ 2 17 6 5
NZX 2 17 9 19
PNC 2 6 17 2
QXP 3 5 19 6
WQX 3 6 5 19
XPN 5 19 6 17
XWQ 2 19 6 5

2 grams Count CT Frequency

CI 2 2 8
HX 2 5 19
IN 3 8 17
KL 2 7 10
KX 2 7 19
LH 2 10 5
LN 2 10 17
LX 4 10 19
NC 2 17 2
NI 2 17 8
NW 3 17 6
NX 2 17 19
NZ 3 17 9
PN 5 6 17
QX 3 5 19
SN 2 3 17
WQ 4 6 5
XA 2 19 2
XG 2 19 2
XN 2 19 17
XP 6 19 6
XW 2 19 6
ZK 4 9 7
ZX 4 9 19

Frequency * Variety = Contacts

A 2 3 6 XLZ
B 2 4 8 HLSW
C 2 2 4 NI
D 0 0 0
E 2 3 6 NZW
F 2 4 8 XLHZ
G 2 3 6 XNI
H 5 6 30 ZLXKBF
I 8 7 56 CNLXZGK
J 0 0 0
K 7 8 56 ZLTNXIHS
L 10 11 110 KXAHFITNOBQ
M 0 0 0
N 17 13 221 PCIZGWLKXESQT
O 1 2 2 XL
P 6 3 18 XNZ
Q 5 4 20 WXNL
R 0 0 0
S 3 5 15 XNVKB
T 2 4 8 KLNX
U 0 0 0
V 1 2 2 WS
W 6 6 36 NQXVBE
X 19 15 285 LAHPZFIGQKONWST
Y 0 0 0
Z 9 9 81 HKNXIEPFA

>From above data we try X= t and N=e, P=h. Then E=y, L=i,
W=o, S = D.

Message reads: Sanity is the great virtue of the ancient

literature; the want of that is the great defect of the modern,
in spite of its variety and power. Matthew Arnold

Pd-2. Join the army. Daniel

F L B B A O I A F Q E A O M Z U I L O N R Z O Q A

O P I L O M O L S F P F L I P F L B B A O E R I C

A O Q E F O P Q B L O W A V H Z O W E A P X Z Q Q

G A P Z I V V A Z Q E G A Q E F H T E L G L S A P

L R O W L R I Q O U F I E F P E A Z O Q Z I V I L

Q T F Q E E F P G F M P L I G U B L G G L T H A.
Problem 2 breaks down as follows:

High frequency (top 7%), count = 10 : LOAFQEI

Medium frequency letters: : PZGBRVHMTUW
Lo frequency (less than 3) : SCNX
Zero (0) frequency : DJKY

By "N" Gram Count

6 gram Count CT Frequency

FLBBAO 2 12 15 6 6 14 15

5 grams

FLBBA 2 12 15 6 6 14
LBBAO 2 15 6 6 14 15

4 grams

BBAO 2 6 6 14 15
FLBB 2 12 15 6 6
LBBA 2 12 6 6 14

3 grams

BAO 2 6 14 15
BBA 2 6 6 14
EFP 2 11 12 10
FLB 2 12 15 6
FQE 2 12 12 11
ILO 2 11 15 15
LBB 2 15 6 6
PFL 2 10 12 15
QEF 2 12 11 12
ZIV 2 8 11 4
ZOQ 2 8 15 12

2 grams Count CT. Frequency

AO 5 14 15
AP 3 14 10
AZ 2 14 8
BA 2 6 14
BB 2 6 6
BL 2 6 15
EA 3 11 14
EF 4 11 12
FL 3 12 15
FP 3 12 10
FQ 2 12 12
GA 2 7 14
GL 2 7 15
IL 3 11 15
IV 2 11 4
LB 2 15 6
LG 2 15 7
LI 2 15 11
LO 3 15 15
LR 2 15 4
LS 2 15 2
OM 2 15 3
OP 2 15 10
OQ 3 15 12
OW 3 15 3
PF 2 10 12
PL 2 10 15
QE 5 12 11
RI 2 4 11
ZI 2 8 11
ZO 3 8 15
ZQ 2 8 12

Frequency * Variety = Contacts

A 14 14 196 BOIFEQCWVPGZSH
B 6 5 30 LBAQU
C 1 2 2 IA
D 0 0 0
E 11 12 132 QAORFWGTLIPE
F 12 13 156 LAQSPEOHUITGM
G 7 9 63 QAELPFIUG
H 3 5 15 VZFTA
I 11 13 143 OAULPRCZVQFEG
J 0 0 0
K 0 0 0
L 15 12 180 FBIOSEGPRWQT
M 3 4 12 OZFP
N 1 2 2 OR

O 15 13 195 AIMLNZQPEFWRU
P 10 11 110 OIFQAXZLEGM
Q 12 12 144 FEOAPBZQGILT
R 4 6 24 NZEILO
S 2 3 6 LFA
T 3 5 15 HEQFL
U 3 6 18 ZIOFGB
V 4 4 16 AHIV
W 3 4 12 OAEL
X 1 2 2 PZ
Y 0 0 0
Z 8 10 80 MUROHQXPIA

BOZOL tried the crib word World from "Join the Army ..see the
world" The crib failed but did show him some possibilities.
LANAKI's caveat - Forget the tip, it is usually a red hering.

Try the A=e, Q=t, e=h, O=r, and I=n. Look for words offer,
battles, death, country.

Message reads: "I offer neither pay nor quarters nor

provisions. I offer hunger, thirst, forced marches, battles
and death. Let him who loves our country in his heart and not
with his lips only, follow me." Made famous by Girabaldi.

HOMEWORK LECTURE 3

Solve the following cipher problems.

Mv-1. From Martin Gardner.

8 5 1 8 5 1 9 1 1 9 9 1 3
1 6 1 2 5 1 1 2 1 6 8 1 2 5
2 0 9 3 3 1 5 4 5 2 0 8 1
2 0 9 2 2 5 1 4 5 2 2 5
1 8 1 9 5 5 1 4 2 5 6 1 5
1 8 5 1 3 1 2 5 2 5 2 5 1 5
2 1 3 1 1 4 2 1 1 9 5 9 2 0
9 1 4 2 5 1 5 2 1 1 8 3 1 5
1 2 2 1 1 3 1 4

1 3 1 1 8 2 0 9 1 4 7 1 1 8 4 1 4 5 1 8
8 5 1 4 4 5 1 8 1 9 1 5 1 4 2 2 9 1 2 1 2 5
1 4 1 5 1 8 2 0 8 3 1 1 8 1 5 1 2 9 1 4 1

Solve and reconstruct the cryptographic systems used.

Mv-2.

0 6 0 2 1 0 0 5 0 1 0 1 0 5 1 5 2 2 0 2 0 6 0 8 2
3 2 5 1 0 0 8 0 4 0 2 2 1 0 9 0 8 0 4 0 8 2 2 1 1
0 8 0 4 1 7 1 5 1 3 1 4 2 2 2 1 0 2 2 4 0 2 0 1 2
2 0 2 0 2 0 1 0 8 1 9 0 6 1 5 1 7 0 8 0 1 1 1 2 2
1 4 0 2 0 1 1 9 0 6 0 5 1 0 0 2 0 2 1 1 2 2 1 4 0
6 2 3 1 9 0 5 1 5 0 1 2 2 1 3 0 2 0 5 0 6 1 3 0 2
0 5 0 1 1 0 0 5 2 3 0 6 2 1 0 2 2 2 1 4 0 6 0 2 0
2 2 2 1 4 0 6 0 2 0 2 2 6 0 2 0 6 0 5 2 1 1 9 0 2
0 2 1 1 2 2 0 3 0 2 1 7 2 4 0 2 1 9 0 2 0 6 1 5 0
5 1 1 0 6 0 2 1 9 0 5 0 6 2 2 0 1 0 5 0 5 0 1 1 9
0 5 2 1 1 5 2 2 1 5 0 5 0 1 2 2 0 5 1 8 0 5 0 6 0
6 0 5 0 3

Mv-3.

5 3 2 4 1 5 4 5 3 2 2 4 4 3 2 5 1 2 4 3 2 4 2 3 1
5 4 4 4 5 4 5 3 2 5 1 4 3 4 4 1 4 1 5 2 1 4 1 1 5
4 3 4 5 3 5 2 1 2 3 3 5 1 2 5 1 1 4 2 1 5 3 3 3 4
5 3 2 4 4 2 3 1 5 4 5 4 5 2 4 4 3 2 4 1 4 4 4 3 2
1 2 5 3 2 4 4 3 4 4 2 4 1 5 4 4 4 5 2 4 4 3 3 5 2
1 5 3 3 3 1 3 1 4 4 4 1 5 4 5 4 4 5 1 4 3 2 5 1 5
2 3 2 4 1 5 5 2 2 4 4 3 1 5 3 1 3 3 1 3 3 1 4 5 5
3 2 4 1 3 4 5 2 1 2 5 3 3 5 2 2 4 3 4 1 3 1 2 4 5
4 4 5 2 3 3 4 4 3 3 2 2 3 3 3 5 3 3 4 5 2 1 3 5 2
4 4 4 4 4 4 5 3 2 1 5 1 3 1 5 5 2 2 4 4 3 1 5 3 1
2 4 5 1 1 3 1 4 2 4 4 4 3 3 4 3 1 5 2 2 3 5 2 4 2
5 3 5 2 1 3 3 1 3 3 1 2 3 1 2 1 3 1 4 3 3 4 5 3 3
1 2 1 3 4 4 4 1 2 4 4 3 3 3 1 2 1 4 3 2 2 4 3 3 3
1 3 2 4 5 1 2 2 5 3 5 1 2 5 3 2 3 3 5 1 2 5 1 1 4
4 4 1 5 4 5 4 1 4 3 2 4 4 4 2 4 1 3 4 5 1 5 2 2 1
2 5 1 4 5 1 2 1 3 2 4 4 5 3 2 1 2 5 1 4 4 1 5 1 3
1 4 2 5 2 4 2 4 4 5

REFERENCES / RESOURCES

[ACA] ACA and You, "Handbook For Members of the American

Cryptogram Association," ACA publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure

Communications", American Cryptogram Association,
1994.

[ANNA] Anonomous., "The History of the International Code.",

Proceedings of the United States Naval Institute, 1934.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and Essays,

London, 1928.

[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The

Simple Substitution Cipher with Word Divisions," Aegean
Park Press, Laguna Hills, CA. 1975.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.
[BARR] Barron, John, '"KGB: The Secret Work Of Soviet Agents,"
Bantom Books, New York, 1981.

[BAUD] Baudouin, Captain Roger, "Elements de Cryptographie,"

Paris, 1939.

[BLK] Blackstock, Paul W. and Frank L Schaf, Jr.,

"Intelligence, Espionage, Counterespionage and Covert
Operations," Gale Research Co., Detroit, MI., 1978.

[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th ed.,

Annapolis: U.S. Naval Institute, 1978.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An

Introduction to Information Security," Hayden Books,
Rochelle Park, NJ, 1990.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.

[BRIT] Anonymous, "British Army Manual of Cryptography", HMF,

1914.

[BRYA] Bryan, William G., "Practical Cryptanalysis - Periodic

Ciphers -Miscellaneous", Vol 5, American Cryptogram
Association, 1967.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight Letters

in Length, Aegean Park Press, Laguna Hills, CA 92654,
1986.

[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in Length,

Aegean Park Press, Laguna Hills, CA 92654, 1986.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NJ, 1990.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis Of

The Columnar Double Transposition Cipher, by Courville
Assoc., South Gate, CA, 1986.

[COVT] Anonymous, "Covert Intelligence Techniques Of the Soviet

Union, Aegean Park Press, Laguna Hills, Ca. 1980.

[CULL] Cullen, Charles G., "Matrices and Linear

Transformations," 2nd Ed., Dover Advanced Mathematics
Books, NY, 1972.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford

University Press, London, 1974.

[DAN] Daniel, Robert E., "Elementary Cryptanalysis:

Cryptography For Fun," Cryptiquotes, Seattle, WA., 1979.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The

 Cryptogram, September-October, Vol XLII, No 5. 1976.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum," tr. by

Gilbert Watts, (1640) or tr. by Ellis, Spedding, and
Heath (1857,1870).

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956.

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,

"ENIGMA95 - A Simulation of Enhanced Enigma Cipher
Machine on A Standard Personal Computer," for
publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
Ciphers," Ambassador Books, Toronto, Canada, 1956.

[FREB] Friedman, William F., "Cryptology," The Encyclopedia

Britannica, all editions since 1929. A classic article
by the greatest cryptanalyst.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR4] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part IV, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR5] Friedman, William F. Military Cryptanalysis - Part I,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR6] Friedman, William F. Military Cryptanalysis - Part II,

Aegean Park Press, Laguna Hills, CA, 1980.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FREA] Friedman, William F. , "Advanced Military Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FRAA] Friedman, William F. , "American Army Field Codes in The

American Expeditionary Forces During the First World
War, USA 1939.

[FR22] Friedman, William F., The Index of Coincidence and Its

 Applications In Cryptography, Publication 22, The
Riverbank Publications, Aegean Park Press, Laguna
Hills, CA, 1979.

[FRS] Friedman, William F. and Elizabeth S., "The

Shakespearean Ciphers Examined," Cambridge University
Press, London, 1957.

[GIVI] Givierge, General Marcel, " Course In Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1978. Also, M.
Givierge, "Cours de Cryptographie," Berger-Levrault,
Paris, 1925.

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976

[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing

Discovery and Decipherment," Basic Books, New York,
1982.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For

Divided and Undivided Cryptograms," unpublished
manuscript, 1984.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic

Alphabet", The American Mathematical Monthly, June-July
1929.

[HIS1] Barker, Wayne G., "History of Codes and Ciphers in the

U.S. Prior to World War I," Aegean Park Press, Laguna
Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of Military
Ciphers," Aegean Park Press, Laguna Hills, CA, 1976.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,

Yorktown Heights, N.Y., 1971.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994.

[KAHN] Kahn, David, "The Codebreakers", Macmillian Publishing

Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New

Cryptology," MacMillan Co., New York, 1983.

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KULL] Kullback, Solomon, Statistical Methods in Cryptanalysis,

Agean Park Press, Laguna Hills, Ca. 1976

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing Through

The Ages," Abelard-Schuman, London, 1973.
[LANG] Langie, Andre, "Cryptography," translated from French
by J.C.H. Macbeth, Constable and Co., London, 1922.

[LEWY] Lewy, Guenter, "America In Vietnam", Oxford University

Press, New York, 1978.

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret

Writing," David Kemp Co., NY 1936.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and

Ciphers", Alexander Maclehose & Co., London, 1936.

[MARO] Marotta, Michael, E. "The Code Book - All About

Unbreakable Codes and How To Use Them," Loompanics
Unlimited, 1979. [This is terrible book. Badly
written, without proper authority, unprofessional, and
prejudicial too boot. And, it has one of the better
illustrations of the Soviet one-time pad with example,
with three errors in cipher text, that I have corrected
for the author.]

[MART] Martin, James, "Security, Accuracy and Privacy in

Computer Systems," Prentice Hall, Englewood Cliffs,
N.J., 1973.

[MILL] Millikin, Donald, " Elementary Cryptography ", NYU

Bookstore, NY, 1943.

[MYER] Myer, Albert, "Manual of Signals," Washington, D.C.,

USGPO, 1879.

[MM] Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A New

Dimension in Computer Data Security, " Wiley
Interscience, New York, 1982.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog Signals for
the Navy with Brief Description of the Ardois Hight
System," In Proceedings of the United States Naval
Institute, Annapolis: U. S. Naval Institute, 1891.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts 1-3,"

ACA-L, August 24, 1995.

[NIC3] Nichols, Randall K., "German Reduction Ciphers Parts

1-4," ACA-L, September 15, 1995.

[NIC4] Nichols, Randall K., "Russian Cryptography Parts 1-3,"

ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F. Friedman",

NCSA FORUM, August 20, 1995.
[NIC6] Nichols, Randall K., "Wallis and Rossignol," NCSA
FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to

Cryptography,", in The Cryptogram, ND95, ACA, 1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down Morse
Code System," The Cryptogram, SO95, ACA publications,
1995.

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM, March 10,
1995.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,

Ventura, Ca. 93003.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &

C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &

C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G &

C. Merriam Co., Norman, OK. 1981.
[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,
Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.

Merriam Co., Norman, OK. 1982.

[RHEE] Rhee, Man Young, "Cryptography and Secure Comm-

unications," McGraw Hill Co, 1994

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[SACC] Sacco, Generale Luigi, " Manuale di Crittografia",

3rd ed., Rome, 1947.

[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," John Wiley and Sons,
1994.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San

Francisco, 1994.

[SHAN] Shannon, C. E., "The Communication Theory of Secrecy

Systems," Bell System Technical Journal, Vol 28 (October
1949).

[SIG1] "International Code Of Signals For Visual, Sound, and

Radio Communications," Defense Mapping Agency,
Hydrographic/Topohraphic Center, United States Ed.
Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound, and

Radio Communications," U. S. Naval Oceanographic
 Office, United States Ed., Pub. 102, 1969.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.

[SISI] Pierce, C.C., "Cryptoprivacy," Author/Publisher, Ventura

Ca., 1995. (XOR Logic and SIGTOT teleprinters)

[SMIT] Smith, Laurence D., "Cryptography, the Science of Secret

Writing," Dover, NY, 1943.

[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag Archipelago I-

III, " Harper and Row, New York, N.Y., 1975.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"

CRC Press, London, 1995.

[SUVO] Suvorov, Viktor "Inside Soviet Military Intelligence,"

Berkley Press, New York, 1985.

[TERR] Terrett, D., "The Signal Corps: The Emergency (to

December 1941); G. R. Thompson, et. al, The Test(
December 1941 - July 1943); D. Harris and G. Thompson,
The Outcome;(Mid 1943 to 1945), Department of the Army,
Office of the Chief of Military History, USGPO,
Washington,1956 -1966.

[TILD] Glover, D. Beaird, Secret Ciphers of The 1876

Presidential Election, Aegean Park Press, Laguna Hills,
Ca. 1991.

[TRAD] U. S. Army Military History Institute, "Traditions of

The Signal Corps., Washington, D.C., USGPO, 1959.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The Cipher
Dispatches, New York, 1879.

[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite de

Jean Tritheme ,Paris: Editions Traditionelles, 1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[TUCM] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[VERN] Vernam, A. S., "Cipher Printing Telegraph Systems For

Secret Wire and Radio Telegraphic Communications," J.
of the IEEE, Vol 45, 109-115 (1926).

[VOGE] Vogel, Donald S., "Inside a KGB Cipher," Cryptologia,

Vol XIV, Number 1, January 1990.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and Eleven

Letters in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.
[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and
Greater in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius," in

Tudor Studies, Longmans and Green, London, 1924.

[WEL] Welsh, Dominic, "Codes and Cryptography," Oxford Science

Publications, New York, 1993.

[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill Books,

NY, 1970.

[WOLF] Wolfe, Jack M., " A First Course in Cryptanalysis,"

Brooklin College Press, NY, 1943.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"

Crown Publishers, New York, 1990.

[YARD] Yardley, Herbert, O., "The American Black Chamber,"

Bobbs-Merrill, NY, 1931.

[ZIM] Zim, Herbert S., "Codes and Secret Writing." William

Morrow Co., New York, 1948.

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI
December 05, 1995
Revision 0

LECTURE 4
SUBSTITUTION WITH VARIANTS PART III
MULTILITERAL SUBSTITUTION

SUMMARY

Welcome back from the Thanksgiving holiday break. The good

news is that this lecture will come to you about Christmas,
therefore, no homework. The not so good news is that this
concluding Lecture 4 on Substitution with Variants covers some
difficult material of wide practically in the field.
In Lecture 4, we complete our look into English monoalphabetic
substitution ciphers, by describing multiliteral substitution
with difficult variants. The Homophonic and GrandPre Ciphers
will be covered. The use of isologs is demonstrated. A
synoptic diagram of the substitution ciphers described in
Lectures 1-4 will be presented.

MULTILITERAL SUBSTITUTION WITH MULTIPLE-EQUIVALENT CIPHER

ALPHABETS - aka "MONOALPHABETIC SUBSTITUTION WITH VARIANTS"

Each English letter in plain text has a characteristic

frequency which affords definite clues in the solution of
simple monoalphabetic ciphers. Associations which individual
letters form in combining to make up words, and the
peculiarities which certain of them manifest in plain text,
afford further direct clues by means of which ordinary
monoalphabetic substitution encipherments of such plain text
may be readily solved. [FR1]

Cryptographers have devised methods for disguising,

suppressing, or eliminating the foregoing characteristics in
the cryptograms produced by methods described in Lectures 1-3.
One category of methods call "variants or variant values" is
that in which the letters of the plain component of a cipher
alphabet are assigned two or more cipher equivalents.

Systems involving variants are generally multiliteral. In such

systems, there are a large number of equivalents made available
by combinations and permutations of a limited number of
elements, each letter of the plain text may be represented by
several multiliteral cipher equivalents which may be selected
at random. For example, if 3-letter combinations are employed
as multiliteral equivalents, there are 26**3 or 17,576
available equivalents for the 26 letters of the plain text.

They may be assigned in equal numbers of different equivalents

for the 26 letters, in which case each letter would be
representable by 676 different 3 letter equivalents or they
be assigned on some other basis, for example proportionately to
the relative frequencies of the plain text letters. [FR1]

The primary object of substitution with variants is again to

provide several values which may be employed at random in a
simple substitution of cipher equivalents for the plain text
letters.

As a slight diversion, the reader may ask about uniliteral

substitution with variants. It is but not very practical.
Note the following cipher alphabet constructed in French by
Captain Roger Baudouin in reference [BAUD]:

Plain: A B C D E F G H I L M N O P Q R S T U V X Z
Cipher: L G O R F Q A H C M B T I D N P U S Y E W J
K X Z
V
(Note that the Captain was not an ACA member. The H=H
combination is not allowed.)

Baudouin proposed that the J and Y plain be replaced by I plain

and K plain by C plain or Q plain and W plain by VV plain. Four
cipher letters would be available as variants for the high-
frequency plain text letters in French.

Mixed alphabets formed by including all repeated letters of the

key word or key phrase in the cipher component were common in
Edgar Allen Poe's day but are impractical because they are
ambiguous, making decipherment difficult; for example:

Enciphering Alphabet:

Plain : a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: N O W I S T H E T I M E F O R A L L G O O D M E N T

Inverse form for deciphering

Cipher: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Plain : p v h m s g d q k a b o e f c
l j r w y n i
x t z
u

The average cipher clerk would have difficulty in decrypting a

cipher group such as TOOET, each letter having 3 or more
equivalents, from which plain text fragments (n)inth, ft
thi(s), it thi, etc. can be formed on decipherment. [FR1]

THEORETICAL DISTINCTIONS

In simple or single-equivalent monoalphabetic substitution with

variants, two points are evident:

1) the same letter of the plain text is invariable represented

by but one and always the same character or cipher unit of
the cryptogram.

2) The same character or cipher unit of the cryptogram

invariably represents one and always the same letter of the
plain text.

In multiliteral - equivalent monoalphabetic substitution with

variants, two points are also evident:

1) the same letter of the plain text may be represented by one

or more different characters or cipher units of the
cryptogram. But,

2) The same character or cipher unit of the cryptogram

nevertheless invariably represents one and always the same
 letter of the plain text.

SIMPLE TYPES OF CIPHER ALPHABETS WITH VARIANTS

Figure 4-1 Figure 4-2

6 7 8 9 0 V W X Y Z
1 2 3 4 5 Q R S T U
. .............. . ..............
6 1 . A B C D E L F A . A B C D E
7 2 . F G H IJ K M G B . F G H IJ K
8 3 . L M N O P N H C . L M N O P
9 4 . Q R S T U O I D . Q R S T U
0 5 . V W X Y Z P K E . V W X Y Z

Figure 4-3

A E I O U
. ..............
T N H B . A B C D E
V P J C . F G H IJ K
W Q K D . L M N O P
X R L F . Q R S T U
Z S M G . V W X Y Z

Figure 4-4

V W X Y Z
Q R S T U
L M N O P
F G H I K
A B C D E
. ..............
V Q L F A . A B C D E
W R M G B . F G H IJ K
X N S H C . L M N O P
Y T O I D . Q R S T U
Z U P K E . V W X Y Z

Figure 4-5

O
M N
J K L
 F G H I
A B C D E
. ...............
O M J F A . E N A L U
N K G B . T R S F W
L H C . O IJ H Y X
I D . D C M V K
E . P G B Q Z
.

Figure 4-6

Z
W X Y
S T U V
N O P Q R
. ...............
M J F A . E N A L U
K G B . T R S F W
L H C . O IJ H Y X
I D . D C M V K
E . P G B Q Z
.

Figure 4-7

1 2 3 4 5 6 7 8 9 0
.................................
7 4 1 . A B C D E F G H I J
8 5 2 . K L M N O P Q R S T
9 6 3 . U V W X Y Z . , : ;
.

Figure 4-8

1 2 3 4 5 6 7 8 9
.............................
7 4 1 . A B C D E F G H I
8 5 2 . J K L M N O P Q R
9 6 3 . S T U V W X Y Z *
.

Figure 4-9

1 2 3 4 5 6 7 8 9
.............................
5 1 . A B C D E F G H I
6 2 . J K L M N O P Q R
7 3 . S T U V W X Y Z 1
8 4 . 2 3 4 5 6 7 8 9 0
 Figure 4-10

1 2 3 4 5 6 7 8 9
.............................
0 8 5 1 . T E R M I N A L S
9 6 2 . B C D F G H J K O
7 3 . P Q U V W X Y Z 1
4 . 2 3 4 5 6 7 8 9 0

The matrices in Figures 4 -1 to 4-10 represent some of the

simpler means for accomplishing monoalphabetic substitution
with variants. The matrices are extensions of the basic ideas
of multiliteral substitution presented in Lecture 3.

The variant equivalents for any plain text letter may be chosen
at will; thus, in Figure 4-1, e= 10, 15, 60, or 65; in Figure
4-2, e= AU, AZ, FU, FZ, LU or LZ.

Encipherment by means of matrices shown in Figures 4-2, 4-3,

4-6 is commutative. The coordinates may be read row by column
or visa versa. There is no cryptographic ambiguity. The
remaining matrices are noncommutative. The general convention
is to read row by column.

In Figures 4-5 and 4-6, the letters in the square have been
inscribed in such a manner that, coupled with the particular
arrangement of the row and column coordinates, the number of
variants available for each plain text letter is roughly
proportional to the frequencies of the letters in the
plain text. Figure 35 incorporates a keyword on top of this
idea. [FR1]
HOMOPHONIC

The Homophonic Cipher is a simple variant system. It is a

4-level (alphabets) dinome cipher. Consider Figure 4-11.

Figure 4-11

A B C D E F G H IJ K L M N
08 09 10 11 12 13 14 15 16 17 18 19 20
35 36 37 38 39 40 41 42 43 44 45 46 47
68 69 70 71 72 73 74 75 51 52 53 54 55
87 88 89 90 91 92 93 94 95 96 97 98 99

O P Q R S T U V W X Y Z
21 22 23 24 25 01 02 03 04 05 06 07
48 49 50 26 27 28 29 30 31 32 33 34
56 57 58 59 60 61 62 63 64 65 66 67
00 76 77 78 79 80 81 82 83 84 85 86

The keyword TRIP is found by inspecting dinomes 01, 26, 51, and
76. (The lowest number in each of the four sequences.)
[FR1] [FR5]
The Russians added an interesting gimmick called the Disruption
Area. Consider Figure 4-12 and note the slashes under U - X
for the fourth level of dinomes. The famous VIC cipher used
this feature very effectively. [NIC4]

Figure 4-12

A B C D E F G H I J K L M N
14 15 16 17 18 19 20 21 22 23 24 25 26 01
27 28 29 30 31 32 33 34 35 36 37 38 39 40
58 59 60 61 62 63 64 65 66 67 68 69 70 71
81 82 83 84 85 86 87 88 89 90 91 92 93 94

O P Q R S T U V W X Y Z
02 03 04 05 06 07 08 09 10 11 12 13
41 42 43 44 45 46 47 48 49 50 51 52
72 73 74 75 76 77 78 53 54 55 56 57
95 96 97 98 99 00 ////////////// 79 80

The keyword NAVY is represented by dinomes 01, 27, 53, and 79.

Security for Homophonic systems is greatly improved if the

dinomes and the four sequences are assigned randomly. However,
the easy mnemonic feature of the keyworded four sequences is
lost.

The Mexican Cipher device is a Homophonic consisting of five

concentric disks, the outer disk bearing 26 letters and the
other four bearing sequences 01-26, 27-52, 53-78, 79-00.
The cipher disk enhances frequent key changes. Figure 4-12
shows the matrix without the disruption area. [FR5] [NIC4]
HOMOPHONIC CRYPTANALYSIS

Lets solve the following cryptogram.

68321 09022 48057 65111 88648 42036 45235 09144

05764 22684 00225 57003 97357 14074 82524 40768
51058 93074 92188 47264 09328 04255 06186 79882
85144 45886 32574 55136 56019 45722 76844 68350
45219 71649 90528 65106 11886 44044 89669 70553
18491 06985 48579 33684 50957 70612 09795 29148
56109 08546 62062 65509 32800 32568 97216 44282
34031 84989 68564 53789 12530 77401 68494 38544
11368 87616 56905 20710 58864 67472 22490 09136
62851 24551 35180 14230 50886 44084 06231 12876
05579 58980 29503 99713 32720 36433 82689 04516
52263 21175 06445 72255 68951 86957 76095 67215
53049 08567 9730

Assuming we did not know that the above cryptogram was a

HOMOPHONIC, we might may a preliminary analysis to see if we
are dealing with a cipher or a code. We will cover code
systems later in the course, but a few introductory remarks
might be in order. The five letter groups could indicate
either a cipher or a code.
If the cryptogram contains an even number of digits, as for
example 494 in the previous message, this leaves open the
possibility that the message is a cipher containing 247 pairs
of digits; were the number of digits an exact odd multiple of
five, such as 125, 135, etc., the possibility that the
cryptogram is in code of the 5-figure group type must be
considered.

We next study the message repetitions and what their

characteristics are. If the cipher text is of 5-figure code
type, then such repetitions as appear should generally be in
whole groups of five digits, and they should be visible in the
text just as the message stands, unless the code message has
been superenciphered. If the cryptogram is a cipher, then
repetitions should extend beyond the 5-digit groupings; if they
conform to any definite at all they should for the most part
contain even numbers of digits since each letter is probably
represented by a pair (dinome) of digits.

We start with 4-part frequency distribution. We next assume

a 25 character alphabet from 01-00. This is the common scheme
of drawing up the alphabets. Breaking the text into dinomes
(2-digit) pairs yields:

01 /// 26 /// 51 ///// 76 //////

02 27 52 ///// 77 /
03 //// 28 / 53 /// 78
04 / 29 / 54 79 /
05 ///// 30 /// 55 //// 80 ///
06 ////// 31 56 ///// 81
07 /// 32 ////// 57 ////// 82 ////
08 33 / 58 // 83 /
09 //// 34 / 59 84 //////
10 //// 35 // 60 85 //////
11 ///// 36 ///// 61 86 ///
12 /// 37 / 62 // 87
13 / 38 63 88 ////
14 / 39 / 64 ////// 89 /////
15 / 40 /// 65 90 //////
16 /// 41 66 / 91 ///
17 42 //// 67 // 92 /
18 ////// 43 / 68 /////// 93 /
19 44 ////// 69 // 94 /
20 / 45 ////// 70 / 95 ///
21 // 46 /// 71 / 96
22 ///// 47 72 //// 97 //////
23 // 48 /// 73 98 /
24 49 ///// 74 //// 99
25 / 50 ///// 75 / 00 //

What we have before us are four simple, monoalphabetic

frequency distributions similar to those involved in a
monoalphabetic substitution cipher using standard cipher
alphabets. The next step is to fit the distribution to the
normal. Since I=J for the 25 letter alphabet, we find that
the Keyword is JUNE and the following alphabets result:

01 I-J 26 U 51 N 76 E
02 K 27 V 52 O 77 F
03 L 28 W 53 P 78 G
04 M 29 X 54 Q 79 H
05 N 30 Y 55 R 80 IJ
06 O 31 Z 56 S 81 K
07 P 32 A 57 T 82 L
08 Q 33 B 58 U 83 M
09 R 34 C 59 V 84 N
10 S 35 D 60 W 85 O
11 T 36 E 61 X 86 P
12 U 37 F 62 Y 87 Q
13 V 38 G 63 Z 88 R
14 W 39 H 64 A 89 S
15 X 40 IJ 65 B 90 T
16 Y 41 K 66 C 91 U
17 Z 42 L 67 D 92 V
18 A 43 M 68 E 93 W
19 B 44 N 69 F 94 X
20 C 45 O 70 G 95 Y
21 D 46 P 71 H 96 Z
22 E 47 Q 72 IJ 97 A
23 F 48 R 73 K 98 B
24 G 49 S 74 L 99 C
25 H 50 T 75 M 00 D

The first groups of the cryptogram decipher as follows:

68 32 10 90 22 48 05 76 51 11 88 64 84 20 36 45 23
e a s t e r n e n t r a n c e o f

If a 26-element alphabet were used only the distribution

analysis would have been changed to be on a basis of 26, the
process of fitting the distribution to the normal would be the
same.

PLAIN COMPONENT COMPLETION METHOD

Suppose we know that two correspondents have been using the

same variant system as in the previous Homophonic.
The message intercepted is:

48226 88423 52099 93604 76059 05651 36683 52267

97114 54466 76

A variation of the plain-component completion method can be

used to crack the new message. We copy the message into
dinomes and separate by levels.

48 22 68 84 23 52 09 99 36 04 76 05 90 56 51 36 68 35 22 67 97
--------------------------------------------------------------
2 1 3 4 1 3 1 4 2 1 4 1 4 3 3 2 3 2 1 3 4

11 45 44 66 76
--------------
1 2 2 3 4
Levels

(1) 22 23 09 04 05 22 11
(2) 48 36 36 35 45 44
(3) 68 52 56 51 68 67 66
(4) 84 99 76 90 97 76

These dinomes are converted into terms of plain component by

setting each of the cipher sequences against the plain
component at an arbitrary point of coincidence, such as the
following:

A B C D E F G H IJ K L M N
01 02 03 04 05 06 07 08 09 10 11 12 13
26 27 28 29 30 31 32 33 34 35 36 37 38
51 52 53 54 55 56 57 58 59 60 61 62 63
76 77 78 79 80 81 82 83 84 85 86 87 88

O P Q R S T U V W X Y Z
14 15 16 17 18 19 20 21 22 23 24 25
39 40 41 42 43 44 45 46 47 48 49 50
64 65 66 67 68 69 70 71 72 73 74 75
89 90 91 92 93 94 95 96 97 98 99 00

So:

Levels

(1) 22=W; 23=X; 09=I; 04=D; 05=E; 22=W; 11=L

(2) 48=X; 36=L; 36=L; 35=K; 45=U; 44=T
(3) 68=S; 52=B; 56=F; 51=A; 68=S; 67=R; 66=Q
(4) 84=I; 99=Y; 76=A; 90=P; 97=W; 76=A

This method works because both the plain component (A,B..) and
the cipher component (01, 02..) are known sequences.

The plain-component sequence is completed on the letters of the

four levels by Caesar Rundown, as follows:

Level 1 Level 2 Level 3 Level 4

WXIDEWL XLLKUT SBFASRQ IYAPWA

XYKEFXM YMMLVU TCGBTSR KZBQXB
YZLFGYN ZNNMWV UDHCUTS LACRYC
ZAMGHZO AOONXW VEIDVUT MBDSZD
ABNHIAP BPPOYX WFKEWVU NCETAE
BCOIKBQ CQQPZY XGLFXWV ODFUBF
CDPKLCR DRRQAZ YHMGYXW PEGVCG
DEQLMDS ESSRBA ZINHZYZ QFHWDH
EFRMNET FTTSCB AKOIAZY RGIXEI
FGSNOFU GUUTDC BLPKBAZ SHKYFK
GHTOPGV HVVUED CMQLCBA TILZGL
HIUPQHW IWWVFE DNRMDCB UKMAHM
IKVQRIX KXXWGF EOSNEDC VLNBIN
KLWRSKY LYYXHG FPTOFED WMOCKO
LMXSTLZ MZZYIH GQUPGFE XNPDLP
MNYTUMA NAAZKI HRVQHGF YOQEMQ
NOZUVNB OBBALK ISWRIHG ZPRFNR
OPAVWOC PCCBML KTXSKIH AQSGOS
PQBWXPD QDDCNM LUYTLKI BRTHPT
QRCXYQE REEDON MVZUMLK CSUIQU
RSDYZRF SFFEPO NWAVNML DTVKRV
STEZASG TGGFQP OXBWONM EUWLSW
TUFABTH UHHGRQ PYCXPON FVXMTX
UVGBCUI VIIHSR QZDYQPO GWYNUY
VWHCDVK WKKITS RAEZRQP HXZOVZ

The generatrices with the best assortment of high frequency

letters for the four levels are:

Level 1 Level 2 Level 3 Level 4

EFRMNET REEDON EOSNEDC NCETAE

Arranging the letters of these generatrices in order of

appearance of their dinome equivalents, according to levels we
have:

48 22 68 84 23 52 09 99 36 04 76 05 90 56 51 36 68 35 22 67 97
E F R M N E
R E E D
E O S N E D
N C E T A

The plain text reads "Reinforcements needed a[t once]".

Looking at the equivalents 01,26, 51, 76 we reveal the keyword
JUNE.

In evaluating generatrices, the sum of the arithmetic

frequencies of the letters in each row may be used as an
indication of the relative "goodness". A statistically better
procedure uses the logarithm of the probabilities of the plain
text letters forming the generatrices. See [FR2]

The Homophonic is a popular cipher and has been discussed in

several issues of The Cryptogram as well as LEDGES' NOVICE
NOTES. See references [HOM1 -HOM6] and [LEDG].

For our computer bugs, TATTERS Homophonic solver is very easy

to use and available on the Crypto Drop Box.

MORE COMPLICATED TYPES OF CIPHER ALPHABETS WITH VARIANTS

GRANDPRE

Consider the cipher matrices shown in figures 4-11 to 4-13.

These are called frequential matrices, since the number of
cipher values available for any given plain text letter closely
approximates its relative plain text frequency.

Figure 4-11

A B C D E V W X Y Z
.........................................
A . T G A U R I E C A P .
B . S L I E Y F R N S T .
C . C N D O M E L T I H .
D . R A P T F ..... O Y S O V .
E . N T X N E C E R E D .
. . . .
. . . .
V . N O A T E A L E Z H .
W . I H R O Q ..... E T R T B .
X . O I E T A C N P E S .
Y . F T L O S A M T I U .
Z . I S N D R I E D O N .
.........................................

( 676 - cell matrix )

In figure 4-11, the number of occurrences of a particular

letter within the matrix is proportional to the frequency in
plain text; the letters are inscribe in random manner, in order
to enhance the security of the system.

Figure 4-12

6 8 9 1 5 4 3 7 2 0
......................
7 .A A A C D E E I L N .
1 .A A C D E E H K N O .
3 .A B D E E H J N O R .
8 .A D E E H I N O R S .
9 .C E E G I N O R S T .
2 .E E F I M O Q S T T .
0 .E F I M O P R T T U .
5 .F I L N P R S T U X .
6 .I L N P R S T U W Y .
4 .L N O R S T T V Y Z .
......................

In figure 4-12, the same idea as 4-11 is presented in reduced

form from 26 x 26 to 10 x 10. The letters have been inscribed
by a simple diagonal route, from left to right, within the
square, and the coordinates scrambled by means of a key word
or key number.

Figure 4-13

"Grandpre"
 0 1 2 3 4 5 6 7 8 9
......................
0 .E N T R U C K I N G .
1 .Q U A R A N T I N E .
2 .U N E X P E C T E D .
3 .I M P O S S I B L E .
4 .V I C T O R I O U S .
5 .A D J U D I C A T E .
6 .L A B O R A T O R Y .
7 .E I G H T E E N T H .
8 .N A T U R A L I Z E .
9 .T W E N T Y F I V E .
......................

Figure 4-13 illustrates the famous Grandpre Cipher; in this

square ten words are inscribed containing all the letters of
the alphabet and linked by a column keyword ("equivalent") as a
mnemonic for inscription of the row words. ACA literature also
covers this cipher. See references [LEDG] and [GRA1 - 3] for
solution hints for the Grandpre cipher.

SACCO

General Luigi Sacco proposed a frequential-type system that

uses both enciphering and deciphering matrices. The inscribed
dinomes were completely disarranged by applying a double
transposition to suppress the relationships between letters.
References [SACC] and [FR1] both give a good description of the
process. The number of variant values in this system are
reflective of the Italian language.

BACONIAN

The Baconian ciphers found in the Cryptogram are a variant

system. The "a" elements may be represented by any one of 20
consonants as variants, while the "b" elements may be
represented by any one of 6 vowels; or the letters A-M may be
used to represent the "a" elements and the letters N-Z for the
"b" elements; digits may be used for either the "a" or "b"
elements, either on the basis of first five or last five
digits, or odd versus even digits, or the first 10 consonants
(B-M) and the last 10 consonants (N-Z)

SUMMING-TRINOME

Friedman describes a complex variant known as the summing-

trinome system. Each plain text letter is assigned a value
from 1-26; this value is expressed as a trinome, the digits of
which sum to the designated value of the letter. The letter
assigned the value of 4 may be represented by any of 15
permutations and combinations. Friedman discusses further ways
of complication including disarrangement, addition of
punctuation and nulls. See [FR1] pages 109-110. Note the
inverted normal distribution representation of this cipher.

ANALYSIS OF A SIMPLE VARIANT EXAMPLE

The following cryptogram is available for study:

Q M D C V P L F N F D H N W J W L K D K N H B P V
R L T V M B K L W D W V H V K S H B C L P Q K J R
V W S M L K G C N R L R N K V M G F X W J R G M V
W G T J H Q K X F N Z V F D M L T B P L P V F L M
D C N W N H B C V Z N M L W Q F D H D W V Z B R V
K L C V C V R D H L R V T L F N C D K G M X W X M
D T S C B C L Z L R L M V T S Z N K B W V P B R N
C L R X R D C N K V P B T N T G H J Z L F Q F V K
B W D Z X P N H S P G H L K L F V Z L T V M L K D
P Q R N Z L Z D T B M N T G M N Z V F X K S F D C
L Z V T V F D F V R G C L P Q P N C D W V R J T N
H L Z L M V W N P V P D Z D W J P N W L R J K V M
X M D T S M G F D R D K L W J F L P J M S F Q W B
F N C B Z D K V W G Z S H B H D H J C X

Note the total absence of A, E, I, O, U, and Y. Remarkable

and definitely nonrandom event. Since a uniliteral
substitution alphabet with 6 letters missing is highly
unlikely, the next guess is we are dealing with a multiliteral
substitution. Closer inspection shows that ten consonants are
initials (B D G J L N Q S V X) and the remaining ten consonants
are used as terminals (C F H K M P R T W Z). This implies both
bipartite and biliteral character.

We construct a digraphic distribution:

C F H K M P R T W Z
...............................
B . 3 1 1 1 1 2 2 1 2 1 .
D . 4 1 3 3 1 1 1 3 4 2 .
G . 2 2 2 3 1 1 .
J . 1 1 1 1 1 1 2 1 1 1 .
L . 1 4 4 3 4 5 3 3 4 .
N . 4 1 4 3 1 1 1 2 3 3 .
Q . 2 2 1 1 1 1 .
S . 1 2 2 2 1 1 .
V . 1 4 1 3 4 4 4 3 4 3 .
X . 1 1 2 1 1 2 .
...............................

We assume the use of a small enciphering matrix with variants

for rows and columns. We assume that the various possible
cipher variants are of approximately equal frequency; the
column indicators pair equally often with the row indicators
of the enciphering matrix. We look for similar row profiles
and column profiles. We match first the rows and then the
columns.
Row L and V distributions have pronounced similarities. They
are "heavy" in their frequency distributions in the same
places. So are rows D and N. They have homologous attributes
in appearance.

C F H K M P R T W Z

L . 1 4 4 3 4 5 3 3 4 .
V . 1 4 1 3 4 4 4 3 4 3 .

D . 4 1 3 3 1 1 1 3 4 2 .
N . 4 1 4 3 1 1 1 2 3 3 .

Finding the next rows are not obvious. We use a "goodness of

match" procedure to equate interchangeable variants. We
calculate the cross-product sums for each trial. The next
heavy row is G. We test G against the remaining rows.

G . 2 2 2 3 1 1 .
B . 3 1 1 1 1 2 2 1 2 1 .
G*B + 6 2 2 3 1 1 = 15

We compare the balance of rows

G*B + 6 2 2 3 1 1 = 15
G*J + 2 2 2 3 1 1 = 11
G*Q + 4 3 = 7
G*S + 2 4 4 6 1 = 17 !
G*X + 2 6 = 8

The results are most probably match G and S.

The next heaviest row is B. Testing against the remaining

three rows we have:

B*J + 3 1 1 1 1 2 4 1 2 1 = 17
B*Q + 2 2 1 2 2 2 1 = 12
B*X + 1 1 2 2 2 4 = 12

The correct pairings are B with J and Q with X. Since we have

not found more than two rows for any one set of interchangeable
values the original matrix has only five rows.

C F H K M P R T W Z
...............................
B J . 4 2 2 2 2 3 4 2 3 2 .
D N . 8 2 8 7 2 2 2 5 7 5 .
G S . 3 4 4 5 1 1 2 .
L V . 2 8 1 7 7 8 9 6 7 7 .
Q X . 3 3 3 2 2 3 .
................................

Values represent the sums of the combined rows.

We apply the same process to matching columns. C and H are
a matched pair. F with M and P with R. We use the cross
product sums for the balance of the columns.

K*T+: 4 35 - 42 - = 81
 K*W+: 4 49 - 49 9 = 113
K*Z+: 4 35 - 49 - = 88
T*W+: 6 35 - 42 - = 83
T*Z+: 4 25 2 42 - = 73
W*Z+: 6 35 - 49 - = 90

Combinations:

KT, WZ: 81 + 90 = 171

KW, TZ: 113 + 73 = 186
KZ, TW: 88 + 83 = 171

We would expect that the proper pairings are K with W and T

with Z.

C F K P T
H M W R Z
..................
B J . 6 4 5 7 4 . PHI(p) = 1962
D N . 16 4 14 4 10 . PHI(r) = 1132
G S . 7 9 - 1 3 . PHI(o) = 1670
L V . 3 15 14 17 13 .
Q X . - 6 6 - 4 .
..................
We convert the multiliteral text to uniliteral equivalents
using an arbitrary square for reduction to plain text.

C F K P T
H M W R Z
.................
B J . A B C D E .
D N . F G H IJ K .
G S . L M N O P .
L V . Q R S T U .
Q X . V W X Y Z .
.................

The converted cryptogram is solved via the principals in

Lectures 2 and 3. The beginning of the message reads Weather
forecast. The original keying matrix is recovered with a
keyword of ATMOSPHERIC.

C F K P T
H M W R Z
.................
B J . A T M O S .
D N . P H E R I .
G S . C B D F G .
L V . K L N Q U .
Q X . V W X Y Z .
.................

The method of matching rows and columns applies equally well

for all the matrices shown previously. It is key to start with
the best rows and columns from not only heaviness standpoint
but the distinctive crests and troughs. A second key is the
low frequency letters. No variant system can adequately
disguise low frequency letters and they will have the same
frequency in the cipher text. Friedman describes a more
general solution to variant analysis. [FRE1, p119 ff]

Chapter 10 of reference [FRE1] covers the disruption process

associated with monome-dinome alphabets of Irregular-Length
cipher text units. Figures 4-14 and Figure 4-15 show
enciphering matrices where the encipherment is disrupted and
commutative. The normal row conventions are used to encipher
except when the row indicator was the same for the immediately
preceding letter. In Figure 4-14, EIGHT could be encrypted
10 29 7 8 49 and then rearranged into standard groups of 5
letters (numbers). In Figure 4-15, E = 24 or 42, T = 621 or
162. Figure 4-16 is an example of the Russian disruption
process added for security.

ISOLOGS

Cryptograms produced using identical plain text but subjected

to different cryptographic treatment, and yielding different
cipher texts are called isologs. (isos = equal and logos =
word in Greek). Isologs are usually equal or nearly equal in
length. Isologs, no matter how the cryptographic treatment
varies, are among the most powerful tools available to the
cryptanalyst to solve difficult cryptosystems.

Take two messages A and B suspected of being isologs and write

them out under each other. We then examine the similarities
and differences. Assume the messages both start Reference
your message... I will arrange the messages in a special
table to facilitate the study.

Group No.

5 10 15
.............................................
A 82 26 56 31 03 74 83 96 98 42 32 52 97 01 15
A' 30 15 08 74 97 14 51 19 73 60 49 67 65 01 06

B 80 27 78 91 06 94 00 01 38 28 54 08 24 00 65
B' 45 64 79 91 81 69 67 25 38 89 41 56 32 52 03

C 63 62 93 39 18 43 15 88 10 48 26 45 84 50 39
C' 90 62 87 75 36 20 35 11 05 70 89 27 77 50 11

D 81 71 35 25 38 73 30 92 07 49 61 75 21 64 76
D' 35 19 99 01 38 99 97 45 02 32 04 11 58 92 16
E 38 72 89 11 47 99 92 64 14 68 13 36 53 38 81
E' 38 46 31 75 47 14 64 80 06 46 85 86 45 38 98

F 89 69 79 38 16 51 75 05 70 74 11 80 44 32 55
F' 26 12 18 38 78 94 88 93 37 28 11 27 22 05 04

G 28 12 02 77 30 31 19 97 99 62 27 86 56 06 53
G' 06 48 43 21 03 98 71 54 26 62 80 76 08 98 80

H 90 87 04 08 67 46 59 41 98 55 10 82 22 29 87
H' 44 10 55 29 00 59 72 82 28 55 87 30 07 08 93

J 46 72 93 62 45
J' 59 68 24 62 53

The dinome distributions for these two messages are as follows:

1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0
................... ....................
1 . 2 1 1 1 2 1 - 1 1 2 1 . 4 1 - 2 1 1 - 1 2 1
2 . 1 1 - 1 1 2 2 2 1 - 2 . 1 1 - 1 1 2 2 2 1 1
3 . 2 2 - - 1 1 - 5 2 2 3 . 1 2 - - 2 1 1 5 - 2
4 . 1 1 1 1 2 2 1 1 1 - 4 . 1 - 1 1 3 2 1 1 1 -
5 . 1 1 2 1 2 2 - - 1 1 5 . 1 1 1 1 2 1 - 1 2 1
6 . 1 3 1 2 1 - 1 1 1 - 6 . - 3 - 2 1 - 2 1 1 1
7 . 1 2 1 2 2 1 1 1 1 1 7 . 1 1 1 1 2 1 1 1 1 1
8 . 2 2 1 1 - 1 2 1 2 2 8 . 1 1 - - 1 1 2 1 2 3
9 . 1 2 2 1 - 1 2 2 2 1 9 . 1 1 2 1 - - 2 3 2 1
0 . 2 1 1 1 1 2 1 2 - 2 0 . 2 1 2 2 2 3 1 3 - 1

Message A Message B

Both distributions are too flat - no crests or troughs.

We assume a variant system of a monoalphabetic cryptosystem.
[FRE3] shows us how to use a Poisson exponential distribution
to evaluate random text. The gist of the statistics is that
the expected number of blanks is too low. The chi test
indicates extreme non randomness for both messages. The chi
test applied to both distributions implies that they both have
been enciphered by the same cryptosystem because there exists a
close correlation between the patterns of the two
distributions. [FR1, p123} discusses the potentialities of the
cryptomathematics as a supporting science to cryptography.

There are several identical values between the messages. This

implies that not only has the same cryptosystem been used but
also the same enciphering matrix. The values 38 and 62 must
represent very low frequency letters because no variants are
even provided for this letter.
We now form isolog chains between the messages.

(06 14 15 26 28 31 35 73 74 81 89 98 99)
(02 07 20 22 43 44 63 90)
(12 37 48 51 69 70 83 94)
(03 30 41 54 65 82 97)
(05 10 24 32 49 87 93)
(16 18 36 76 78 79 86)
(27 45 53 64 80 92)
(11 39 75 88)
(21 58 77 84)
(46 59 68 72)
(00 52 67)
(04 55 61)
(08 29 56)
(19 71 96)
(01 25)
(13 85) Single Dinomes:
(42 60) (38) (47) (50) (62) (91)

These chains of cipher values represent identical plain text

pairs. Beginning with the first value in the message 82 and 30
a partial chain of equivalent variants is formed; now locating
the other occurrences of either value we note the value that
coincides with it in the other message. We therefore extend
the chain.

We now assign a different letter arbitrarily to each chain and

each single dinome value. We convert the messages to
uniliteral terms and note the pattern of opening stereotype
"Reference your message" and then quickly recover text.
(This is how we attacked the German ciphers in WWII.) [NIC4]

The plain text values are arbitrarily fit into 10 x 10 square:

1 2 3 4 5 6 7 8 9 0
...................
1 . D N H E E A - A C O
2 . I T - O M E S E F T
3 . E O - - E A N B D R
4 . R Y T T S L V N O -
5 . N U S R P F - I L X
6 . P W T S R - U L N Y
7 . C L E E D A I A A N
8 . E R N I H A O D E S
9 . G S O N - C R E E T
0 . M T R P O E T F - U

Manipulating the rows and columns with a view to uncovering the

keys or symmetry, we find a latent diagonal pattern without
keyword. We set up the following enciphering matrix:

6 8 9 1 5 4 3 7 2 0
...................
7 . A A A C D E E I L N
1 . A A C D E E H K N O
 3 . A B D E E H J N O R
8 . A D E E H I N O R S
9 . C E E G I N O R S T
2 . E E F I M O Q S T T
0 . E F I M O P R T T U
5 . F I L N P R S T U X
6 . I L N P R S T U W Y
4 . L N O R S T T V Y Z

I can not over emphasize the value of isologs. The value goes
far beyond simple variant systems. Isologs produced by two
different code books or two different enciphered code versions
of the same plain text; or two encryptions of identical plain
text at different settings of a cipher machine, may all prove
of inestimable value in the attack on a difficult system.

SYNOPTIC CHART OF CRYPTOGRAPHY PRESENTED IN LECTURES 1 - 5

Cryptograms
.
.
------------------------------------------
Cipher Code Enciphered Code
.
.
--------------------------------------------
Substitution Transposition Combined
. Substitution -
. Transposition
.
.-------------------------------------------
Monoalphabetic Multiple- Polyalphabetic
. Alphabetic
. Systems
.
.
Uniliteral ......................... Multiliteral
. .
. .
. .
Standard ... Mixed .
Alphabets Alphabets .
. .
. .
Keyword ... Random .
Mixed Mixed .
.
.
.
...............................
. .
Single Equivalent Variant ........
. .
. .
 .................... .
. . .
Fixed Length Mixed Length .
Cipher Groups Cipher Groups .
. . .
. ....................... .
Biliteral...N-literal . . .
Monome-Dinome Others .
.
.
.
...................................
.
.
..........................
. .
Matrices with Non Bipartite
Coordinates
(Bipartite)
Here is the tentative plan for the balance of the course. Just
a plan - subject to revision.

LECTURES 5 - 7

We will cover recognition and solution of XENOCRYPTS (language

substitution ciphers) in detail.

LECTURES 8 - 12

We will investigate and crack Polyalphabetic Substitution

systems.

LECTURES 13 - 18

We will investigate and crack Cipher Exchange and

Transpositions problems.

LECTURE 19

We will devote this lecture to International Law.

LECTURES 20 - 23

We will walk through the mathematical fields to solve

Cryptarithms.

LECTURES 24 - 25

We will introduce modern cryptographic systems and field

special topics. We will do a primer on PGP.

SOLUTIONS TO HOMEWORK PROBLEMS FROM LECTURE 3

Thanks to JOE-O for his concise sols.

Mv-1. From Martin Gardner.

 8 5 1 8 5 1 9 1 1 9 9 1 3
1 6 1 2 5 1 1 2 1 6 8 1 2 5
2 0 9 3 3 1 5 4 5 2 0 8 1
2 0 9 2 2 5 1 4 5 2 2 5
1 8 1 9 5 5 1 4 2 5 6 1 5
1 8 5 1 3 1 2 5 2 5 2 5 1 5
2 1 3 1 1 4 2 1 1 9 5 9 2 0
9 1 4 2 5 1 5 2 1 1 8 3 1 5
1 2 2 1 1 3 1 4

1 3 1 1 8 2 0 9 1 4 7 1 1 8 4 1 4 5 1 8
8 5 1 4 4 5 1 8 1 9 1 5 1 4 2 2 9 1 2 1 2 5
1 4 1 5 1 8 2 0 8 3 1 1 8 1 5 1 2 9 1 4 1

I presented Mv-1 in a strange format. It fooled some but not

all. The Key is 01=1=a, 02=2=b,...26=z. the alphabet is
standard. Message reads: " Here's a simple alphabetic code
that I've never seen before. Maybe you can use it in you
column. Martin Gardner, Hendersonville, North Carolina.

Solve and reconstruct the cryptographic systems used.

Mv-2.

0 6 0 2 1 0 0 5 0 1 0 1 0 5 1 5 2 2 0 2 0 6 0 8 2
3 2 5 1 0 0 8 0 4 0 2 2 1 0 9 0 8 0 4 0 8 2 2 1 1
0 8 0 4 1 7 1 5 1 3 1 4 2 2 2 1 0 2 2 4 0 2 0 1 2
2 0 2 0 2 0 1 0 8 1 9 0 6 1 5 1 7 0 8 0 1 1 1 2 2
1 4 0 2 0 1 1 9 0 6 0 5 1 0 0 2 0 2 1 1 2 2 1 4 0
6 2 3 1 9 0 5 1 5 0 1 2 2 1 3 0 2 0 5 0 6 1 3 0 2
0 5 0 1 1 0 0 5 2 3 0 6 2 1 0 2 2 2 1 4 0 6 0 2 0
2 2 2 1 4 0 6 0 2 0 2 2 6 0 2 0 6 0 5 2 1 1 9 0 2
0 2 1 1 2 2 0 3 0 2 1 7 2 4 0 2 1 9 0 2 0 6 1 5 0
5 1 1 0 6 0 2 1 9 0 5 0 6 2 2 0 1 0 5 0 5 0 1 1 9
0 5 2 1 1 5 2 2 1 5 0 5 0 1 2 2 0 5 1 8 0 5 0 6 0
6 0 5 0 3

Divide the original cipher into pairs, noting that each pair
started with 0,1, or 2 and ended with 0 - 9. Construct a
matrix similar to Figure 3-2. (3 x 10) Fill in the matrix with
A=01, ending with Z=26. Used 00 =blank. Reduce by converting
dinomes to letters. Apply the Phi test and found mon-
alphabetic. Used frequency, VOC count, and consonant line to
identify B, H, E as vowels and N,D,X,C,I,Y,R,J, as possible
consonants. Marking the message with these assumptions, found
last eight characters to be a pattern word in Cryptodict as
TOMORROW. Working between cipher text and key alphabet
matrix, rest fell.

Message reads:Reconnoiter Auys Cayes Bay at daylight seventeen

April and then proceed through point George on course three
three zero speed twelve period report noon position tomorrow.

Key = NEW YORK, 3 X 10 matrix, Rows 0,1,2, columns 0-9 and 00

blank.

Mv-3.

5 3 2 4 1 5 4 5 3 2 2 4 4 3 2 5 1 2 4 3 2 4 2 3 1
5 4 4 4 5 4 5 3 2 5 1 4 3 4 4 1 4 1 5 2 1 4 1 1 5
4 3 4 5 3 5 2 1 2 3 3 5 1 2 5 1 1 4 2 1 5 3 3 3 4
5 3 2 4 4 2 3 1 5 4 5 4 5 2 4 4 3 2 4 1 4 4 4 3 2
1 2 5 3 2 4 4 3 4 4 2 4 1 5 4 4 4 5 2 4 4 3 3 5 2
1 5 3 3 3 1 3 1 4 4 4 1 5 4 5 4 4 5 1 4 3 2 5 1 5
2 3 2 4 1 5 5 2 2 4 4 3 1 5 3 1 3 3 1 3 3 1 4 5 5
3 2 4 1 3 4 5 2 1 2 5 3 3 5 2 2 4 3 4 1 3 1 2 4 5
4 4 5 2 3 3 4 4 3 3 2 2 3 3 3 5 3 3 4 5 2 1 3 5 2
4 4 4 4 4 4 5 3 2 1 5 1 3 1 5 5 2 2 4 4 3 1 5 3 1
2 4 5 1 1 3 1 4 2 4 4 4 3 3 4 3 1 5 2 2 3 5 2 4 2
5 3 5 2 1 3 3 1 3 3 1 2 3 1 2 1 3 1 4 3 3 4 5 3 3
1 2 1 3 4 4 4 1 2 4 4 3 3 3 1 2 1 4 3 2 2 4 3 3 3
1 3 2 4 5 1 2 2 5 3 5 1 2 5 3 2 3 3 5 1 2 5 1 1 4
4 4 1 5 4 5 4 1 4 3 2 4 4 4 2 4 1 3 4 5 1 5 2 2 1
2 5 1 4 5 1 2 1 3 2 4 4 5 3 2 1 2 5 1 4 4 1 5 1 3
1 4 2 5 2 4 2 4 4 5

Noted all entries were numbered 1-5. Assumed a 5 x 5 matrix

filled with a straight alphabet, substituted letters for the
dinomes. Used frequency count, contact count and phi test to
confirm mono-alphabeticity. Identified 8 consonants and 2
vowels. Made the E, T assumption based on frequency. First
word dropped as weather. Rest of message fell apart with
addition of W, A, R to the matrix.

Message reads: Weather forecast Thursday partly cloudy ...

at present about one thousand feet.

Key = Beginning column 1 = MONDAY, in 5 x 5 matrix.

My last two problems were taken from reference [OP20] course.

REFERENCES / RESOURCES

[ACA] ACA and You, "Handbook For Members of the American

Cryptogram Association," ACA publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure

Communications", American Cryptogram Association,
1994.

[ANDR] Andrew, Christopher, 'Secret Service', Heinemann,

London 1985.

[ANNA] Anonymous., "The History of the International Code.",

Proceedings of the United States Naval Institute, 1934.

[AFM] AFM - 100-80, Traffic Analysis, Department of the Air

Force, 1946.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and Essays,

London, 1928.

[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The

Simple Substitution Cipher with Word Divisions," Aegean
Park Press, Laguna Hills, CA. 1975.

[BAR2] Barker, W., ed., History of Codes and Ciphers in the U.S.
During the Period between World Wars, Part II, 1930 -
1939., Aegean Park Press, 1990.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.

[BARR] Barron, John, '"KGB: The Secret Work Of Soviet Agents,"

Bantom Books, New York, 1981.

[BAUD] Baudouin, Captain Roger, "Elements de Cryptographie,"

Paris, 1939.
[BLK] Blackstock, Paul W. and Frank L Schaf, Jr.,
"Intelligence, Espionage, Counterespionage and Covert
Operations," Gale Research Co., Detroit, MI., 1978.

[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th ed.,

Annapolis: U.S. Naval Institute, 1978.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An

Introduction to Information Security," Hayden Books,
Rochelle Park, NJ, 1990.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.
[BRIT] Anonymous, "British Army Manual of Cryptography", HMF,
1914.

[BRYA] Bryan, William G., "Practical Cryptanalysis - Periodic

Ciphers -Miscellaneous", Vol 5, American Cryptogram
Association, 1967.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight Letters

in Length, Aegean Park Press, Laguna Hills, CA 92654,
1986.

[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in Length,

Aegean Park Press, Laguna Hills, CA 92654, 1986.

[CASE] Casey, William, 'The Secret War Against Hitler',

Simon & Schuster, London 1989.

[CAVE] Cave Brown, Anthony, 'Bodyguard of Lies', Harper &

Row, New York 1975.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NJ, 1990.

[CI] FM 34-60, Counterintelligence, Department of the Army,

February 1990.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis Of

The Columnar Double Transposition Cipher, by Courville
Assoc., South Gate, CA, 1986.

[CLAR] Clark, Ronald W., 'The Man who broke Purple',

Weidenfeld and Nicolson, London 1977.

[COVT] Anonymous, "Covert Intelligence Techniques Of the Soviet

Union, Aegean Park Press, Laguna Hills, Ca. 1980.

[CULL] Cullen, Charles G., "Matrices and Linear

Transformations," 2nd Ed., Dover Advanced Mathematics
Books, NY, 1972.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford

University Press, London, 1974.

[DAN] Daniel, Robert E., "Elementary Cryptanalysis:

 Cryptography For Fun," Cryptiquotes, Seattle, WA., 1979.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The

Cryptogram, September-October, Vol XLII, No 5. 1976.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum," tr. by

Gilbert Watts, (1640) or tr. by Ellis, Spedding, and
Heath (1857,1870).

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956.

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,

"ENIGMA95 - A Simulation of Enhanced Enigma Cipher
Machine on A Standard Personal Computer," for
publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
Ciphers," Ambassador Books, Toronto, Canada, 1956.

[EYRA] Eyraud, Charles, "Precis de Cryptographie Moderne'"

Paris, 1953.

[FREB] Friedman, William F., "Cryptology," The Encyclopedia

Britannica, all editions since 1929. A classic article
by the greatest cryptanalyst.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR4] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part IV, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR5] Friedman, William F. Military Cryptanalysis - Part I,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR6] Friedman, William F. Military Cryptanalysis - Part II,

Aegean Park Press, Laguna Hills, CA, 1980.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FREA] Friedman, William F. , "Advanced Military Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1976.
[FRAA] Friedman, William F. , "American Army Field Codes in The
American Expeditionary Forces During the First World
War, USA 1939.

[FRAB] Friedman, W. F., Field Codes used by the German Army

During World War. 1919.

[FR22] Friedman, William F., The Index of Coincidence and Its

Applications In Cryptography, Publication 22, The
Riverbank Publications, Aegean Park Press, Laguna
Hills, CA, 1979.

[FRS] Friedman, William F. and Elizabeth S., "The

Shakespearean Ciphers Examined," Cambridge University
Press, London, 1957.

[GARL] Garlinski, Jozef, 'The Swiss Corridor', Dent,

London 1981.

[GAR1] Garlinski, Jozef, 'Hitler's Last Weapons',

Methuen, London 1978.

[GIVI] Givierge, General Marcel, " Course In Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1978. Also, M.
Givierge, "Cours de Cryptographie," Berger-Levrault,
Paris, 1925.

[GRA1] Grandpre: "Grandpre, A. de--Cryptologist. Part 1

'Cryptographie Pratique - The Origin of the Grandpre',
ISHCABIBEL, The Cryptogram, SO60, American Cryptogram
Association, 1960.

[GRA2] Grandpre: "Grandpre Ciphers", ROGUE, The Cryptogram,

SO63, American Cryptogram Association, 1963.

[GRA3] Grandpre: "Grandpre", Novice Notes, LEDGE, The

Cryptogram, MJ75, American Cryptogram Association,1975

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976

[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing

Discovery and Decipherment," Basic Books, New York,
1982.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For

Divided and Undivided Cryptograms," unpublished
manuscript, 1984.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic

Alphabet", The American Mathematical Monthly, June-July
1929.
[HIS1] Barker, Wayne G., "History of Codes and Ciphers in the
U.S. Prior to World War I," Aegean Park Press, Laguna
Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of Military
Ciphers," Aegean Park Press, Laguna Hills, CA, 1976.

[HOFF] Hoffman, Lance J., editor, "Building In Big Brother:

The Cryptographic Policy Debate," Springer-Verlag,
N.Y.C., 1995. ( A useful and well balanced book of
cryptographic resource materials. )

[HOM1] Homophonic: A Multiple Substitution Number Cipher", S-

TUCK, The Cryptogram, DJ45, American Cryptogram
Association, 1945.

[HOM2] Homophonic: Bilinear Substitution Cipher, Straddling,"

ISHCABIBEL, The Cryptogram, AS48, American Cryptogram
Association, 1948.

[HOM3] Homophonic: Computer Column:"Homophonic Solving,"

PHOENIX, The Cryptogram, MA84, American Cryptogram
Association, 1984.

[HOM4] Homophonic: Hocheck Cipher,", SI SI, The Cryptogram,

JA90, American Cryptogram Association, 1990.

[HOM5] Homophonic: "Homophonic Checkerboard," GEMINATOR, The

Cryptogram, MA90, American Cryptogram Association, 1990.

[HOM6] Homophonic: "Homophonic Number Cipher," (Novice Notes)

LEDGE, The Cryptogram, SO71, American Cryptogram
Association, 1971.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,

Yorktown Heights, N.Y., 1971.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994.

[JOHN] Johnson, Brian, 'The Secret War', Arrow Books,

London 1979.

[KAHN] Kahn, David, "The Codebreakers", Macmillian Publishing

Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New

Cryptology," MacMillan Co., New York, 1983.

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KULL] Kullback, Solomon, Statistical Methods in Cryptanalysis,

Aegean Park Press, Laguna Hills, Ca. 1976

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing Through

The Ages," Abelard-Schuman, London, 1973.

[LANG] Langie, Andre, "Cryptography," translated from French

by J.C.H. Macbeth, Constable and Co., London, 1922.
[LEDG] LEDGE, "NOVICE NOTES," American Cryptogram Association,
1994. [ One of the best introductory texts on ciphers
written by an expert in the field. Not only well
written, clear to understand but as authoritative as
they come! ]

[LEWI] Lewin, Ronald, 'Ultra goes to War', Hutchinson,

London 1978.

[LEWY] Lewy, Guenter, "America In Vietnam", Oxford University

Press, New York, 1978.

[LISI] Lisicki, Tadeusz, 'Dzialania Enigmy', Orzet Biaty,

London July-August, 1975; 'Enigma i Lacida',
Przeglad lacznosci, London 1974- 4; 'Pogromcy
Enigmy we Francji', Orzet Biaty, London, Sept.
1975.'

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret

Writing," David Kemp Co., NY 1936.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and

Ciphers", Alexander Maclehose & Co., London, 1936.

[MARO] Marotta, Michael, E. "The Code Book - All About

Unbreakable Codes and How To Use Them," Loompanics
Unlimited, 1979. [This is terrible book. Badly
written, without proper authority, unprofessional, and
prejudicial to boot. And, it has one of the better
illustrations of the Soviet one-time pad with example,
with three errors in cipher text, that I have corrected
for the author.]

[MARS] Marshall, Alan, "Intelligence and Espionage in the Reign

of Charles II," 1660-1665, Cambridge University, New
York, N.Y., 1994.

[MART] Martin, James, "Security, Accuracy and Privacy in

Computer Systems," Prentice Hall, Englewood Cliffs,
N.J., 1973.

[MAZU] Mazur, Barry, "Questions On Decidability and

Undecidability in Number Theory," Journal of Symbolic
Logic, Volume 54, Number 9, June, 1994.

[MEND] Mendelsohn, Capt. C. J., Studies in German Diplomatic

Codes Employed During World War, GPO, 1937.

[MILL] Millikin, Donald, " Elementary Cryptography ", NYU

Bookstore, NY, 1943.

[MYER] Myer, Albert, "Manual of Signals," Washington, D.C.,

USGPO, 1879.
[MM] Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A New
Dimension in Computer Data Security, " Wiley
Interscience, New York, 1982.

[MODE] Modelski, Tadeusz, 'The Polish Contribution to the

Ultimate Allied Victory in the Second World War',
Worthing (Sussex) 1986.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog Signals for
the Navy with Brief Description of the Ardois Hight
System," In Proceedings of the United States Naval
Institute, Annapolis: U. S. Naval Institute, 1891.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts 1-3,"

ACA-L, August 24, 1995.

[NIC3] Nichols, Randall K., "German Reduction Ciphers Parts

1-4," ACA-L, September 15, 1995.

[NIC4] Nichols, Randall K., "Russian Cryptography Parts 1-3,"

ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F. Friedman",

NCSA FORUM, August 20, 1995.

[NIC6] Nichols, Randall K., "Wallis and Rossignol," NCSA

FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to

Cryptography,", in The Cryptogram, ND95, ACA, 1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down Morse
Code System," The Cryptogram, SO95, ACA publications,
1995.

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM, March 10,
1995.

[NORM] Norman, Bruce, 'Secret Warfare', David & Charles,

Newton Abbot (Devon) 1973.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,

Ventura, Ca. 93003.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &

C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &

C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G &

 C. Merriam Co., Norman, OK. 1981.

[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,

Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.

Merriam Co., Norman, OK. 1982.

[RHEE] Rhee, Man Young, "Cryptography and Secure

Communications," McGraw Hill Co, 1994

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[SACC] Sacco, Generale Luigi, " Manuale di Crittografia",

3rd ed., Rome, 1947.

[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," John Wiley and Sons,
1994.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San

Francisco, 1994.

[SHAN] Shannon, C. E., "The Communication Theory of Secrecy

Systems," Bell System Technical Journal, Vol 28 (October
1949).

[SIG1] "International Code Of Signals For Visual, Sound, and

Radio Communications," Defense Mapping Agency,
Hydrographic/Topographic Center, United States Ed.
Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound, and

Radio Communications," U. S. Naval Oceanographic
Office, United States Ed., Pub. 102, 1969.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.

[SISI] Pierce, C.C., "Cryptoprivacy," Author/Publisher, Ventura

Ca., 1995. (XOR Logic and SIGTOT teleprinters)

[SMIT] Smith, Laurence D., "Cryptography, the Science of Secret

Writing," Dover, NY, 1943.

[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag Archipelago I-

III, " Harper and Row, New York, N.Y., 1975.

[STEV] Stevenson, William, 'A Man Called INTREPID',

Macmillan, London 1976.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"

CRC Press, London, 1995.

[SUVO] Suvorov, Viktor "Inside Soviet Military Intelligence,"

Berkley Press, New York, 1985.

[TERR] Terrett, D., "The Signal Corps: The Emergency (to

 December 1941); G. R. Thompson, et. al, The Test(
December 1941 - July 1943); D. Harris and G. Thompson,
The Outcome;(Mid 1943 to 1945), Department of the Army,
Office of the Chief of Military History, USGPO,
Washington,1956 -1966.

[TILD] Glover, D. Beaird, Secret Ciphers of The 1876

Presidential Election, Aegean Park Press, Laguna Hills,
Ca. 1991.

[TM32] TM 32-250, Fundamentals of Traffic Analysis (Radio

Telegraph) Department of the Army, 1948.

[TRAD] U. S. Army Military History Institute, "Traditions of

The Signal Corps., Washington, D.C., USGPO, 1959.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The Cipher
Dispatches, New York, 1879.

[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite de

Jean Tritheme ,Paris: Editions Traditionelles, 1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[TUCM] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[VERN] Vernam, A. S., "Cipher Printing Telegraph Systems For

Secret Wire and Radio Telegraphic Communications," J.
of the IEEE, Vol 45, 109-115 (1926).

[VOGE] Vogel, Donald S., "Inside a KGB Cipher," Cryptologia,

Vol XIV, Number 1, January 1990.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and Eleven

Letters in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and

Greater in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius," in

Tudor Studies, Longmans and Green, London, 1924.

[WEL] Welsh, Dominic, "Codes and Cryptography," Oxford Science

Publications, New York, 1993.

[WELC] Welchman, Gordon, 'The Hut Six Story', McGraw-Hill,

New York 1982.

[WINT] Winterbotham, F.W., 'The Ultra Secret', Weidenfeld

and Nicolson, London 1974.
[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill Books,
NY, 1970.

[WOLF] Wolfe, Jack M., " A First Course in Cryptanalysis,"

Brooklin College Press, NY, 1943.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"

Crown Publishers, New York, 1990.

[YARD] Yardley, Herbert, O., "The American Black Chamber,"

Bobbs-Merrill, NY, 1931.

[ZIM] Zim, Herbert S., "Codes and Secret Writing." William

Morrow Co., New York, 1948.

[ZEND] Callimahos, L. D., Traffic Analysis and the Zendian

Problem, Agean Park Press, 1984. (also available through
NSA Center for Cryptologic History)

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

May 05, 1996

Revision 0

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 11

POLYALPHABETIC SUBSTITUTION SYSTEMS II

CRYPTANALYSIS OF VIGGY'S FAMILY

SUMMARY

In Lectures 11-12, we continue our course schedule with a study

of fascinating cipher systems known as the "Viggy" based on
multiple alphabets - Polyalphabetic Substitution systems.

We will continue developing our subject via an overview based

on the Op-20-GYT course notes (Office of Chief Of Naval
Operations, Washington) [OP20]. We will revisit polyalphabetic
cipher systems using Friedman's detailed analysis. We will
cover the Viggy, Variant, PORTA systems and other family
members. [FRE4], [FRE5], FRE6], [FRE7], [FRE8]. We will take
material from ACA's Practical Cryptanalysis Volume V by William
G. Bryan on "Periodic Ciphers - Miscellaneous: Volume II"
[BRYA] and Sinkov's [SINK] text to discover Viggy's secrets.
We will look at [ELCY's] treatment of these systems.

In Lecture 12, we will describe the difficult aperiodic

polyalphabetic case and give a diagram of topics considered in
Lectures 10 - 12. [FR3] We will complete the Viggy family.
I will also cover decimation processes in detail.

I have again updated our Resources Section with many references

on these systems - focusing on the cryptanalytic attack and
areas of historical interest. Kahn has some wonderful stories
about the Viggy family. [KAHN]

ZEN CRYPTO

In Lectures 1- 10, I have purposely stayed away from the

heavier mathematics of cryptography (subject to change).
Everything I am presenting can and has been reduced to
mathematical models and computerized for ease of work. For my
readers who can not live without the math diet, there are
plenty of guru' s like [SCHN] and [SCH2] to have breakfast
with. There are plenty of computer aids at the Crypto Drop Box
to help you do the setup work.

BUT those who embark on a course of 'only the computer' do this

without knowing the real effort -the brain power - the
shortcuts - the tradecraft - the historical implications, in
my opinion, have lost the real heart of Cryptography. The 'ah
ha's of inspiration are what make the difference. First, there
is a fundamental problem in that computer models do not apply
to all variant cases. Simple changes to the system can fool
even the most adept computer program. For example, placing
clever nulls will defeat many a statistical based model.

Second, we lose the sense of urgency that was required for

wartime cryptography. If President Kennedy's Playfair message
[ that's right it was not English as in the movie PT-109] on
the back of a coconut had been intercepted and deciphered by
the Japanese [which they very capable of doing], we might not
have had the graceful light of his Presidency or who knows the
moon landings. As another case in point, the solution of
ENIGMA during the mid - final Atlantic Campaigns of World War
II, reduced the operational effectiveness of the U-Boat to one
day and hence saved allied tonnage and warships suppling
Europe. The American and British Crypee's 'thought' more like
their German counterparts than their counterparts. Computer
solutions were bulky, machine dependent [ the solution "stops"]
and not reliable until 1945. People made the difference.

SOLVING A PERIODIC POLYALPHABETIC CIPHER

There are three fundamental steps to solve a Periodic cipher.

1) Determine the period. This sets up the correct geometrical

positioning of ciphertext alphabets.

2) Identify the Cipher System and reduce or consolidate the

multiple alphabet distribution into a series of
monoalphabetic frequency distributions.

3) Solve the monoalphabetic distributions by known principles.

We have covered this in Lectures 1-3 and Lecture 10.

Friedman presents a more detailed and eloquent version of this

procedure in [FR7].

THE LONG AND SHORT OF KASISKI

Step one is finding the period. Bryan reminds us that there

are at least two ways to find the period. The short approach
makes use of the distances between patent cipher text
repetitions and factors the differentials. The long approach
is used when there are no patent repetitions to factor. In
this case we set up a possibilities matrix and factor every
combination looking for the highest probable common factor.
[BRYA]

As an example of the first case take:

10 20 30 40
BGZEY DKFWK BZVRM LUNYB QNUKA YCRYB GWMKC DDTSP

50 60 70 80
OFIAK OWWHM RFBLJ JQFRM PNIQA VQCUP IFLAZ HKATJ

90 100 110 120

UVVQE EKESZ DUDWE KKESL IZQAT SBYUZ UUVAZ IXYEZ

130 140
JFTAJ EMRAS QKZSQ FOPHM W.

We tabulate the repetitions and the cipher text letter

differences between repetitions.

Delta Factors
BG 29 -
RM 45 3,5,9
KA 53 -
MR 77 7,11
QA 39 3,13
VQ 17 -
AZ 40 4,5,8,10
AT 26 13
UV 31 -
EK 9 3,9
KES 10 5,10 .... this trigraph more important
SQ 4 4 than QA or AT digraphs.
Suggest that the period is
either 5 or 10. Practice dictates
that the larger number is the
proper.

But suppose there are no repeats or those that do exist do not

establish a period. What then?

Given:
10 20 30 40
RNQJH AUKGV WGIVO BBSEJ CRYUS FMQLP OFTLC MRHKB

50 60 70 80
BUTNA WXZQS NFWLM OHYOF VMKTV HKVPK KSWEI TGSRB

90 100 110 120

LNAGJ BFLAM EAEJW WVGZG SVLBK IXHGT JKYUC HLKTU

MWWK.

We set up the following vertical tally. We note the

actual position of every letter.

A 6 45 83 89 92 115
B 16 17 40 41 80 86 104
C 21 35
D ---
E 19 74 91 93
F 26 32 52 60 87
G 9 12 77 84 98 100 109
H 5 38 57 66 108 116
I 13 75 106
J 4 20 85 94 111
K 8 39 63 67 70 71 105 112 118 124
L 29 34 54 81 88 103 117
M 27 36 55 62 90 121
N 2 44 51 82
O 15 31 56 59
P 30 69
Q 3 28 49
R 1 22 37 79
S 18 25 50 72 78 101
T 33 43 64 76 110 119
U 7 24 42 114 120
V 10 14 61 65 68 97 102
W 11 46 53 73 95 96 122 123
X 107
Y 23 47 58 113
Z 48 99

Now we take each difference and every difference in each case.

For example, A45-6, 83-6,89-6,92-6,115-6; and 83-45,89-45,92-
45,115-45; and 89-83,92-83,115-83; and 92-89,115-89, and 115-
92. Then we factor these differences, setting up a matrix
(Table 11-1) of potential periods from 3 -12 inclusive and
total the tabulations for each factor in each of the letters of
the alphabet. The highest column total represents the period.
The number is correct more than 98 per cent of the time.

Table 11-1

3 4 5 6 7 8 9 10 11 12
-------------------------------
A 3 1 1 1 1 1 2 1
B 9 7 4 5 3 7 4 2 1 2
C 1 1 1 1 1
D
E 1 1 1 1 1 1 1
F 2 3 3 1 2 1 1 1 1
G 5 5 4 1 4 3 2 1 3 1
H 6 3 2 2 3 1 1 2 1
I 1
J 3 1 2 1 1 1 3 1
K 13 10 4 9 8 5 3 1 2 3
L 4 3 4 1 4 1 3 1 2
M 4 2 3 2 6 3 1 1
N 1 1 1 1 3 1 1
O 1 3 1 1 1 1
P 1
Q 1 1 1
R 5 1 1 3 2 1 1
S 4 4 2 3 2 1 1 1 1
T 4 3 1 1 2 1 1 2 2
U 5 1 2 5 1 2 3 1 2 2
V 5 6 2 2 1 2 3 1 1
W 9 4 5 3 8 1 4 4 3 1
X
Y 2 2 3 2 1 2 1 3 1
Z 1
---------------------------------
87 61 47 43 57 30 35 21 25 16 Columns total
X 3 4 5 6 7 8 9 10 1 112 times period
----------------------------------
261 244 235 258 399 240 315 210 275 192 Total
===

The period is 7.

WHAT CIPHERS MAKE UP THE VIGGY FAMILY?

The Viggy (or more correctly the Vigenere) Family is group of

ciphers. Included in this group are: Vigenere, Variant,
Beaufort, Gronsfeld, Porta, Portax, and Quagmires I-IV.
Other ciphers may be included in the group. They are Nihilist
Substitution, Auto - Key, Running Key and Interrupted ciphers.
Bryan includes the Tri-square, the periodic Fractionated
Morse, the Seriated Playfair and the Homophonic in the same
class of ciphers.

These ciphers were invented at different times by different

authors, sometimes with confusion of authorship, and in
different countries. They are similar in that they represent
permutations of the same cryptographic concept and can be
cracked with the same general methodology, albeit with slight
variations in procedure. What is also interesting is that
these ciphers can be viewed in tableaux form, in slide form or
matrix form.

The theory of polyalphabetic substitution is simple. The

encipherer has at his disposal several simple substitution
alphabets, usually 26. He uses one such alphabet to encipher
only one letter, another alphabet for the second letter,
and so forth, until some preconcerted plan has been followed.
The earliest known ciphers of this kind, the Porta (1563), the
Vigenere (1586) used tableau's for encipherment, in which all
the alphabets were written out in full below each other. The
Gronsfield (1655) had a mental key, and the Beaufort (1857)
which came two hundred years later, again used the tableaux.
The process was reduced to strips or slides in 1880 at the
French military academy of Saint-Cyr. The polyalphabetic
deciphering slides now bear that name. [ELCY]

To know thoroughly any of these ciphers is to understand the

fundamental principles of all. Lets look at the papa bear.

THE VIGENERE CIPHER

The father of the Viggy family is the Vigenere Cipher. Like

most of the periodic ciphers, the 'Viggy' is actually a series
of monoalphabetic substitutions such as Aristocrats, and since
a keyword is used, under each letter of the keyword, there is a
separate simple substitution cipher - each one different- ,
using all the letters, in such a manner, that the resulting
cipher is a combination of several such substitutions.

Attributed to Blaise de Vigenere, the cipher named for him was

invented by him in 1586. In his "Traicte des Chiffres"
he did invent an autokey system which used both a priming key
and did not recommence his plaintext key with each word, nut
kept it running continuously. He described a second autokey
system which was more open but still secure. Both systems were
forgotten and were re-invented in the 19th century. Historians
have credited Vigenere with the simpler polyalphabetic
substitution system. Legend grew around this cipher that it
was "impossible of translation" as late as 1917. [KAHN]

The original Viggy was composed of an enciphering and

deciphering tableaux. Letters were enciphered and deciphered
one letter at a time. The modern Vigenere tableaux is
shown in Figure 11-1.

Figure 11-1

a b c d e f g h i j k l m n o p q r s t u v w x y z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

The normal alphabet at the top of the tableaux is for plaintext

and the keyletters are shown at the extreme left under the 'A'
of the top row. Where the two lines intersect in the body of
Figure 11-1, the ciphertext is found.

For example using the keyword TENT, we encipher "COME AT ONCE"

we have: TENT TENT

---- ----
COME VSZX (ciphertext)
ATON TXBG
CE VI--

The enciphering and deciphering problem are done as a group of

letters to improve speed and accuracy of the process.

Another way to look at this is that the Viggy is really a two

dimensional slide problem. We can construct (or purchase for
about $2.00 from ACA) a set of two Saint-Cyr slides that
operate the same way as the tableaux shown in Figure 11-1.
What is useful is that each slide bears the standard normal
alphabet from A-Z with high frequency letters colored or
shaded. Each slide is a double-alphabet to allow flexibility.

Figure 11-2

ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ
GHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEF
* *

Figure 2 shows the Saint- Cyr slide at a key of G. Check with

Figure 11-1 to see that the results are the same for Nplain =
Tcipher or Iplain = Ocipher.
The practical use of the Saint Cyr slide is that the whole
column of plaintext is enciphered as a unit. So C A C would be
enciphered as V A V, plaintext O T E becomes S X I, etc.
This eliminates mistakes. The cipher is taken off in 5 letter
groups by rows, so we would have VSZXT XBGVI for our previous
example.

Friedman points out that the sliding components produce the

same type of cipher with the circular disks like the old U. S.
Army version. [FRE7]

Koblitz [KOBL] describes the Viggy as follows:

For some fixed k, regard blocks of k letters as vectors in

(Z/NZ)**k. Where N is the N-letter alphabet and a digraph
integer correspondence exists between modulo N**2 array
and it is a vector mapping. Choose some fixed vector b
which exists in the plane (Z/NZ)**k which can be remembered
by a key word and encipher by means of the vector translation
C = P +b where C is the ciphertext message unit and P is the
plaintext message unit which is a k-tuple of the integers
modulo N.

The object is to guess N and k, break up the ciphertext in

blocks of k letters and performs a frequency analysis on the
first letter of each block to determine the first component of
b and then proceeds onto the second letter
in the block, etc.

Konheim's description is worse than Koblitz's. [KONH]

Seberry and Pieprzyk describe the Viggy as made up of

key sequence k= k1...kd where ki , (i=1,d) gives the amount of
shift in the ith alphabet, fi(a) = a+ki(mod n) and the
ciphertext is described as fi**(-1) = (ki -c) mod n so that

fi(a) = [(n-1)-a +(ki +1) ] mod n [SEAB]

The latter four descriptions are boring - even to my

engineering background. They also do not hold water for
randomized alphabets or tableauxs with disruption areas in
place. These represent discontinuities in the mathematical
function. They are discontinuous and tractable. Or
differentiable if the model is such. SCYER's program may have
solved the discontinuity integer problem by area limits or
module limits. When he publishes the procedure, maybe he will
tell us.

WHICH WAY ?

Does it matter with the Viggy, that we encipher S by B (B

alphabet or Key B) to find cipher T or encipher B by S (S
alphabet or Key S) to find T? No. This is an interesting
characteristic not shared by all in the Viggy family. It may
be its downfall.
For instance, the message:

Send Supplies To Morley's Station

enciphered with the repeating key, BED under the original

method of encipherment as might be described by Blaise de
Vigenere would be:

Key : BEDB EDBEDBED BE DBEDBED BEDBEDB

Plain : SEND SUPPLIES TO MORLEYS STATION
Cipher: TIQE WXQTOJIV US PPVOFCV TXDUMRO

The modern Saint-Cyr slide encipherment of the above would be:

Key B E D B E D B E D
Plain S E N D S U P P L
Cipher T I Q E W X Q T O

I E S T O M O R L
J I V U S P P V O

E Y S S T A T I O
F C V T X D U M R

N
O

which gives:

5 10 15 20 25
T I Q E W X Q T O J I V U S P P V O F C V T X D U

30
M R O X X (two ending nulls and a bad choice at that)

With the Saint Cyr slide, we would encipher S, I, E, N; then

D, T, S, and finally P, O , T by setting the B key on the
bottom slide under the A key of the top slide and reading off
the equivalents. [SINK], [ELCY]

DECIPHERMENT BY PROBABLE WORD

Refer to Figure 11-3:

Figure 11-3
Deciphering with the Key:

Key : B E D B E D B E D B E D ........
Cipher: T I Q E W X Q T O J I V ........
Plain : S E N D S U P P L I E S ........

Deciphering with the Message:

Plain : S E N D S U P P L I E S ........ (trial key)

Cipher: T I Q E W X Q T O J I V ........
Key : B E D B E D B E D B E D ........ (true key)

Figure 11-3 indicates a possible solution method. The message

fragment works well as a trial key, and if applied in the
same manner as the true key, the true original key will be
revealed. The Vigenere Cipher works equally well in reverse.
It is this peculiarity that portends the use of a probable word
attack.

Suppose we have the cryptogram:

U S Z H L W D B P B G G F S ...

which we suspect that the presence of the word SUPPLIES.

We decipher the first 8 letters using this probable word as a
trial key, and obtain the jumbled series: C Y K S A O Z J,

which is unsatisfactory. We next drop the first U, and obtain

group : A F S W L V X X. We fail again on the third and
fourth trials. The fifth decipherment obtains the series
TCOMETCO. We see the TCO repeats and the key word COMET.
[ELCY]

F. R. Carter of the ACA shows us a more organized approach in

Figure 11-4:

Figure 11-4

Cryptogram Fragment: U S Z H L W D B P B G G F S ......

Probable Word:
*
S C A H P T E L J X J O O N A
U Y F N R C J H V H M M L Y
P K S W H O M A M R R Q D
P S W H O M A M R R Q D
L A L S Q E Q V V U H
I O V T H T Y Y X K
E Z X L X C C B O
S O
*
Look down at an angle between the stars to find the key word
COMET. The first letter S was used to decipher every possible
key letter which can produce S. The entire row of equivalents
were produced at the same time. The resulting rows of
decipherment indicate all the possible keyletters that could
produce S, then U, then P, and so on. Carter actually
shortened the procedure to three full rows and then partials
thereafter. He assumes that the keyword is readable and
discards non readable text.

DECIPHERMENT BY PROBABLE TRIGRAM SEQUENCE

For the case where we have no probable word or the sequence is

very short, we may use Ohaver's Trigram Method. We start with
a list of usual trigrams THE, AND, THA, ENT, ION, TIO. The key
fragments deciphered by these will be short and numerous, some
correct and some incorrect to bring out the repeating key
sequence. A secondary worksheet is used to test the various
fragments as keys. If any one of them is a fragment of the
original key, it must bring out fragments of plaintext at
regular intervals.

A scheme like Carters can be used with the trigrams THE, AND..
replacing the word SUPPLIES. Refer to Figure 11-5.

Given:
10 20 26
L N F V E O L N V M R N G Q F H H R N H I R V F E B

The cipher text is only 26 letters long. Every letter except

the final two might begin a cipher trigram. So we have 24
cipher trigrams. Write them out in full on two worksheets.

Figure 11-5

ION Trial 1

LNF NFV FVE VEO EOL OLN LNV NVM VMR MRN RNG NGQ
AZS FRI XHR NQB WAY GXA DZI FHZ NYE EDA JZT FSD
---
GQF QFH FHH HHR HRN RNH NHI HIR IRV RVF VFE FEB
YCS IRU XTU ZTE ZDA ZJU FTV ZUE ADI JHS NRR XQO

EDA Trial 2

LNF NFV FVE VEO EOL OLN LNV NVM VMR MRN RNG NGQ
HKF JCV BSE RBO ALL KIN HKV JSM RJR ION NKC JDQ
---
GQF QFH FHH HHR HRN RNH NHI HIR IRV RVF VFE FEB
CNF MCH BEH DER DON NKH JEI DFR EOV NSF RCE BBB

Trial 1 tests for THA, THE, AND fail but ION gives us FRI and
WAY. But anyone of these 24 decipherments on the second row
might be a fragment of the original key. Trial 2 fails to
confirm FRI or WAY but test of key-fragment EDA yields ION.
If this sequence is actually a portion of the original key,
then the plaintext will be brought out at some constant
distance apart. The point we found the trigram is the tenth
cryptogram letter; that is every trigram presents only one new
letter so to find a completely different trigram in either
direction, we must count backwards or forwards a distance of
three trigrams.

Beginning at the tenth trigram we examine every third trigram

in both directions. The following is found: HKF, RBO, HKV,ION,
CNF, DER,JEI, NSF. These are incoherent. This would be
equivalent to a period of three - not likely. Try every fourth
decipherment: JCV,KIN,ION,MCH,NKH,NSF. Not usable for a
consecutive sequence, continuously written cryptogram.
Trying the decipherments at a proposed period of 5, we get ALL,
ION, BEH, DFR. This possibility is good. We try to
decipher the T before ION and get the letter C. We now have
four letters in our key C E D A. With a little anagraming we
have the word D A * C E. A probable word FRIDAY comes to mind.

BRYAN'S SAINT-CYR 'HITS' METHOD

William G. Bryan shows us how to use the high frequency letters

on the Saint-Cyr slide to good use.

Given the Viggy with a known period of 7 based on a similar

effort used in Table 11-1:

PXIZH GVGEU UOXIX MYEEJ ZCOCM OWZCL FMTOR ISIGH LKWPS

MSIDX WCFBR KPYXO PRJIL HFMCR IHUDU LVRLJ FVVVS HTYFR

RGPHQ WIIBL XQXMM TDVGU EITFM QEEJH WUHFW.

We reset the problem in groups of 7:

1234567
PXIZHGV
GEUUOXI
XMYEEJZ
COCMOWZ
CLFMTOR
ISIGHLK
WPSMSID
XWCFBRK
PYXOPRJ
ILHFMCR
IHUDULV
RLJFVVV
SHTYFRR
GPHQWII
BLXQXMM
TDVGUEI
TFMQEEJ
HWUHFW
Now each column represents a separate simple substitution
cipher. They will not produce consecutive plaintext, but
merely show isolated letters in that particular substitution,
to be coupled with those letters that fall on either side in
other substitutions, to make a true plain text sequence. Here's
where the underlined high-frequency letters on the slide come
in:

We go down column 1 and tabulate all the letters which

appear\more than once. P-2, G-2, X-2, C-2, I-3, T-2. We
rearrange them in their normal sequence = C G I P T X.
The lower slide is moved successively so that the first letter
C is under the high frequency letters, in turn, A E H I N O R S
T, and a reading is made of the number of 'hits' , the number
of other cipher text letters G I P T X that fall below the high
frequency letters. If they do then the letter under A of the
top slide is the key letter for that column. If they don't
further trials are necessary.

High frequency letters don't always show up. Some times medium
frequency letters may be required. So with C under A: G-E, I-
G,P-N, T-R, X-V; With C under E:G-I, I-K, P-R, T-V, X-Z; With C
under the H: G-L, I-N, P-U, T-Y, X-C; with C under the I: G-
M,I-O,P-V, T-Z, X-D; and with C under the N: G-R, I-t, P -A, T-
E, X-I (six hits); and we have found the setting. So we set P
under the A in the top slide, and decipher the entire column A
R I N N T H I A T T C D R, and write it into a blank column as
column 1.

Proceeding with Column 2, we have no results. Column shows 2

passable results at P and U, Column 4 seems to go with Y,
column 5, setting B has 4 hits, Column 6 has 5 hits indicating
an E, and Column 7, R gives six hits.

The keyword thus recovered is P P Y B E R. We choose to

decipher the ending B E R as the ending of a keyword to
produce:

B E R
-----
G C E
N T R
O F I
N S I
S K A
G H T
R E M
A N T
O N S
L Y A
T H E
U R E
E N A
V E R
W I V
T A R
D A S
 E S -

These are almost all good fragments. The GHT must have an I or
U before it. Since cipher letter G is involved, we place the G
under the I which results in the Y we already had and putting G
under the U gives us M under the A, we choose the latter.

Now we have MBER has a key fragment. Deciphering column 4

with M adds N I I S A A U A T C T R T M E E U E V to the
evidence.

There are several possibilities NGCE preceded by an O, UGHT

preceded by an O, TANT preceded by an OR; TLYA preceded by an
N; UTAR preceded by an O or A; and EWIV preceded by R/H.

With the Viggy cipher, remember to read the setting for the
keyword letter below the A of the Stationary slide; and the
plain text appears on the same slide as this A, while the
cipher text is in the lower slide.

VIGENERE COMPUTER SOLUTION IS QUICKER

At this juncture, I wondered how our Viggy solver at the CDB

would do on this problem. I brought up my faithful computer
program and entered the cipher text into Vigenere.exe without
telling it the period and found the following:

The period was found within 1 second. The trial keyword

was PLQMBER, which I assumed was PLUMBER. Using PLUMBER as my
keyword, it typed out the answer: "AMONG CERTAIN TRIBES OF
INDIANS IN ALASKA.. ends BUT ARE USED AS SLAVES." The process
took less than 3 seconds of compute time on my 486/50.

I then rearranged the ciphertext with five nulls strategically

added. The next pass gave me a period of nine and a gibberish
trial keyword. So for well defined problems the computer is
less fun but a clear winner. For the clever cryptographer,
the computer can be defeated.

PRIMARY COMPONENTS

We have seen that equivalents obtainable from use of square

tables may be duplicated by slides or revolving disks [FR2],
[FR7] or computer models. Cryptographically, the results may
be quite diverse from different methods of using such
paraphenalia, since the specific equivalents obtained from one
method may be altogether different from those obtained from
another method. But from the cryptanalytic point of view the
diversity referred to is of little significance.

There are, not two, but four letters involved in every case of
finding equivalents by means of sliding components;
furthermore, the determination of an equivalent for a given
plaintext letter is represented by two equations involving four
equally important elements, usually letters.
Consider this juxtaposition:

1. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
2. F B P Y R C Q Z I G S E H T D J U M K V A L W N O X

Question - what is the equivalent of Pplain when the Key letter

is K? Answer - without further specification, the cipher
equivalent can not be stated. Which letter do we set K against
and in which alphabet? We have previously assumed that the K
cipher would be put against A in the plain. But this is only a
convention.

Figure 11-6

Index Plain
* *
1. Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
2. Cipher:FBPYRCQZIGSEHTDJUMKVALWNOXFBPYRCQZIGSEHTDJUMKVALWNOX
* *
Key Cipher

With this setting Pplain = Zcipher.

The four elements are:

1. The Key letter, 0k

2. The index letter, 01
3. The plaintext letter, 0p
4. The cipher letter. 0c

The index letter is commonly the initial letter of the

component, but by convention only. We will assume from now on
that 01 is the initial letter of the component in which it is
located. Refer to Figure 11-6 to confirm this assumption.
The enciphering equations above are:

(I) Kk = A1 ; Pp = Zc k=key, p=plain,

c=cipher, 1= initial

There is nothing sacred about the sliding components. Consider

Figure 11-6b.

Figure 11-6b

Index Cipher
* *
1. Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
2. Cipher:FBPYRCQZIGSEHTDJUMKVALWNOXFBPYRCQZIGSEHTDJUMKVALWNOX
* *
Key Plain

thus (II) Kk = A1; Pp = Kc

Since equations (I) and (II) yield different results even with
the same index, key and plain text letters, it is obvious that
a more precise formula is required. Adding locations to these
equations does the trick.

(I) Kk in component (2) =A1 in component (1); Pp in component

(1) = Zc in component (2).

(II) Kk in component (2) =A1 in component (1); Pp in component

(2) = Zc in component (1).

In shorthand notation:

(1) Kk/2 = A1/1; Pp/1 + Zc/2

(2) Kk/2 = A1/1; Pp/2 + Zc/1

Employing two sliding components and four letters implies

twelve different resulting systems for the same set of
components and twelve enciphering conditions. These
constitute the Viggy Family:

Table 11-2

(1) 0k/2=01/1; 0p/1=0c/2 (7) 0k/2=0p/1; 01/2=0c/1

(2) 0k/2=01/1; 0p/2=0c/1 (8) 0k/2=0c/1; 01/2=0p/1
(3) 0k/1=01/2; 0p/1=0c/2 (9) 0k/1=0p/2; 01/1=0c/2
(4) 0k/1=01/2; 0p/2=0c/1 (10) 0k/1=0c/2; 01/1=0p/2
(5) 0k/2=0p/1; 01/1=0c/2 (11) 0k/1=0p/2; 01/2=0c/1
(6) 0k/2=0c/1; 0p/1=0p/2 (12) 0k/1=0c/2; 01/2=0p/1

The first two equations (1) and (2) define the Vigenere type of
encipherment and are widely used. Equations (5) and (6) define
the Beauford type and Equations (9) and (10) define the
Delastelle type of encipherment. [FR7]

FURTHER REMARKS ON REPETITIONS

I have said that the three steps in the cryptanalysis of

repeating key systems are : 1) Find the length of the period,
2) Allocate or distribute the letters of the ciphertext into
their respective alphabets, thereby reducing the polyalphabetic
text to monoalphabetic terms, and 3) analysis of the individual
monoalphabetic distributions to determine the plain text values
of their cipher equivalents in each distribution or alphabet.

As a direct result of using a repeating key (no matter how

long) certain phenomena are manifested externally to the
cryptogram. Regardless of what system is used, identical plain
text letters enciphered by the same cipher alphabet with single
equivalents must yield identical cipher letters. This happens
each time the same key letter is used to encipher identical
plaintext letters.

Since the number of columns or positions with respect to the

key are limited, and there is a normal redundancy in the
language, it follows that there will be in a message of fair
length many cases where identical plain text letters must fall
into the same column. This will be enciphered by the same
cipher alphabet, resulting in many repetitions. There are two
types of repetitions: causal and accidental (random)
repetitions. The former we can trace back to the key. The
latter occurs when different plaintext letters fall in
different columns and by chance produce identical cipher text
letters.

Accidental repetitions will occur frequently with individual

letters, less frequently with digraphs (because the accident
must occur twice in succession, much less in the case of
trigraphs and very much less in the case of a tetragraph.
The probability of chance repetition decreases significantly as
the repetition increases in length. Friedman has developed
statistical tables based on the binomial and Poisson
distributions to determine the individual and cumulative
probabilities for expected number of repetitions in n letter
text to occur x or more times in samples of random text.

The use of these tables is important. They tell us when

we are dealing with cryptographically maneuvered text versus
random noise designed to fool the listener. They indicate
what may be a hoax (Beale or Bacon - Shakespeare controversies)
versus valid enciphered text.

Tables 11-3 to 11-6 show the above theory.

Table 11-3

Number Expected Number of Digraphs Occurring

of Exactly x Times
Letters E(2) E(3) E(4) E(5) E(6) E(7) E(8) E(9) E(10)
--------------------------------------------------------------
100 6.21 .298 .011
200 21.8 2.12 .154 .009
300 42.5 6.23 .683 .060 .004
400 65.3 12.8 1.87 .220 .022 .002
500 88.1 21.6 3.97 .582 .071 .008
600 110. 32.3 7.11 1.25 .184 .023 .003
700 129. 44.3 11.4 2.35 .403 .059 .008 .001
800 145. 57.1 16.8 3.96 .777 .130 .019 .003
900 158. 70.1 23.2 6.16 1.36 .257 .043 .006 .001
1000 169. 83.0 30.6 9.03 2.21 .466 .085 .014 .002

Table 11-4
Number Expected Number of Trigraphs Occurring
of Exactly x Times
Letters E(2) E(3) E(4)
--------------------------
100 .269 .001
200 1.10 .004
300 2.48 .014
400 4.40 .033
500 6.85 .064
600 9.81 .111 .001
700 13.3 .175 .002
800 17.3 .261 .003
900 21.8 .371 .005
1000 26.8 .505 .008

Table 11-5

Number Expected Number of Tetragraphs Occurring

of Exactly x Times
Letters E(2) E(3)
--------------------------
100 .010
200 .043
300 .096
400 .171
500 .270
600 .389
700 .530
800 .693
900 .877
1000 1.08 0.001

Table 11-6

Number Expected Number of Pentagraphs Occurring

of Exactly x Times
Letters E(2)
----------------
100
200 .002
300 .004
400 .007
500 .011
600 .015
700 .021
800 .027
900 .034
1000 .042

By way of illustration, of the use of these tables, from Table

11-3, we obseve that in a sample of 300 letters of random text,
we may expect 43 digraphs to occur twice, 6 digraphs to occur
three times and 1 digraph to occur four times. If we sum the
values under E(2) through E(6) we have the cumulative
probability in the 300 letter sample. The sum is 49.477, which
indicates that in a sample of 300 letters or so, 49 digraphs
will occur two or more times.

STATISTICAL PROOF OF THE MONOALPHABETICITY OF THE DISTRIBUTIONS

The second step in the solution of periodic ciphers is to

distribute the cipher text into the component monoalphabets.
The period once established tells us the number of cipher
alphabets. By rewriting the message in groups corresponding to
the length of the key (period) in columnar fashion, we
automatically have divided up the text so that letters
belonging to the same cipher alphabet occupy similar positions
in the groups or in the same columns.

If we make separate uniliteral frequency distributions for the

isolated alphabets, each of these resulting distributions is
therefore, a monoalphabetic frequency distribution. Were this
not so, if they did not have the characteristic crest and
trough appearance including the expected number of blanks,
if the observed values of Phi are not sufficiently close to the
expected value of Phi plain, or do not yield I.C.'s in the
close vicinity of the expected value, then the entire analysis
is fallacious.

The I.C. values of these individual distributions may be

considered an index of correctness of the factoring process.
Both theoretically and practically, the correct hypothesis with
respect to these distributions will tend to conform more
closely to the expected I.C. of a monoalphabetic frequency
distribution.

Friedman demonstrates the above with an example: [FR7]

Plaintext Message:

The artillery battalion marching in the rear of the advance

guard keeps its combat train with it insofar as practical.

Keyword BLUE using direct standard alphabets.

Cipher Alphabets

Plain: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
---------------------------------------------------
1. B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
2. L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
3. U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
4. E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

B L U E B L U E B L U E B L U E B L U E B L U E ...
T H E A R T I L L E R Y B A T T I L I O N M A R ...

Cipher Text
USYES ECPMP LCCLN XBWCS OXUVD SCRHT
HXIPL IBCIJ USYEE GURDP AYBCX OFPJW
JEMGP XVEUE LEJYQ MUSCX JYMSG LLETA
LEDEC GBMFI

Friedman gives a useful formula for monographic I.C. of a 26

character text:

I.C. = 26 sum f(f-1)/N(N-1) = Phi(o) / Phi (r)

and since Phi (p) for English is 0.0667N (N-1)

and Phi (r) = 0.0385 N ( N-1) where N is the total number of

elements in the distribution. I.C. for English plain = 1.73
and 1.0 for random text. We may apply the I.C. test to the
distributions of periodic polyalphabetic ciphers to confirm
the monoalphabeticity of their character. This also confirms
the period length and correctness. if the correct period is
assumed, then the Phi test applied to each of the alphabets
should approximate closely and consistently the value of Phi(p)
and conversely, if the incorrect period is assumed, then the
Phi(o) should approximate the value of Phi(r). Deviation from
this hypothesis must be statistically significant. [FR7]

So we break down the four alphabets:

4 1 4 1 1 1 1 1 3 1 1 1 1 1 4 Phi =42
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z I.C.=1.68

1 2 4 1 2 1 4 4 1 1 2 2 Phi=44
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z I.C.=1.91

1 5 1 1 1 1 5 2 1 1 2 1 1 2 Phi=46
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z I.C.=1.99

1 6 2 2 1 1 1 1 2 2 1 1 3 1 Phi=44
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z I.C.=1.91

It is seen that all these distributions are monoalphabetic

since their observed Phi's are closer to the Phi (p) = 40.
rather than Phi (r) = 23. Any other period assumed at four
or a multiple of four, will not yield monoalphabetic
distributions.

In light of the foregoing principles, we now look at two

additional cryptanalytic techniques for the Viggy family.
The first compares the distributions to the normal and the
second is very important - completing the plain-component.

SOLUTION BY FITTING THE DISTRIBUTIONS TO THE NORMAL

Given message text A:

5 10 15 20 25
A. A U K H Y J A M K I Z Y M W M J M I G X N F M L X
B. E T I M I Z H B H R A Y M Z M I L V M E J K U T G
C. D P V X K Q U K H Q L H V R M J A Z N G G Z V X E
D. N L U F M P Z J N V C H U A S H K Q G K I P L W P
E. A J Z X I G U M T V D P T E J E C M Y S Q Y B A V
F. A L A H Y P O I X W P V N Y E E Y X E E U D P X R
G. B V Z V I Z I I V O S P T E G K U B B R Q L L X P
H. W F Q G K N L L L E P T I K W D J Z X I G O I O I
J. Z L A M V K F M W F N P L Z I O V V F M Z K T X G
K. N L M D F A A E X I J L U F M P Z J N V C A I G I
L. U A W P R N V I W E J K Z A S Z L A F M H S

The period is 5 and the I.C. confirms this hypothesis.

We make uniliteral frequency distributions for the 5 alphabets

to determine if we have standard alphabets.

Alphabet 1 I.C. = 1.44

5 1 2 3 3 3 2 2 6 2 1 6 1 5 3 1 2 1 6
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Alphabet 2 I.C. = 1.47

5 1 1 3 3 1 2 4 9 1 2 5 1 2 4 4 4 3
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Alphabet 3 I.C. = 1.71

2 3 1 8 2 2 4 8 1 1 2 3 4 5 1 1 5
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Alphabet 4 I.C. = 1.36

3 1 1 3 4 4 4 2 2 3 3 1 1 1 2 2 4 9 2 2
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Alphabet 5 I.C. = 1.91

6 2 4 8 1 3 7 1 2 1 4 3 5 2 2 2
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Except for possibly Alphabet 1, all are standard distributions.

It is clear that the Aplain for alphabets 2,3,4,5 are H,I,T,E
cipher. A little experimentation gets us Aplain in alphabet 1=
Wcipher. The key word under Aplain is WHITE. The five complete
cipher alphabets are shown in matrix form in Figure 11-7.

Figure 11-7

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
2 H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
3 I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
4 T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
5 E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

Applying these values to the first groups of our message:

A U K H Y J A M K I Z Y M W M J M I G X N F M L X
E N C O U N T E R E D R E D I N F A N T R Y E S T

Look at the I.C.'s for these alphabets. The expected is

1.73. The third alphabet is almost exact. Three alphabets seem
low and one is high or are they? Actually these deviations are
within one sigma of the samples of these sizes 55 tallies, so
the deviations are not abnormal. The standard deviations may
be calculated with:

For plain text:

Sigma (O) = Sqrt[ (0.0048)N**3 + (.1101)N**2-

(.1149) N]

Sigma(I.C.)= 26/(N-1)sqrt(N) * sqrt[ (0.0048)N**2 +

(.1101)N- (.1149) ]

The more important deviation is from random rather than

observed:

Sigma(Phi) = 0.2720 sqrt[ N (N-1)]

Sigma(I.C.)= 7.0711/sqrt[N(N-1)]

where: sqrt is the square root function

The latter two equations apply to a 26 letter alphabet only.

Since simage is defined as a difference between the observed

and the expected number, divided by the standard deviation, it
may be shown that the I.C. of Alphabet 1 is 1.44-1.00/.13 =
3.38 sigma over random; for this type of distribution which
follows the Chi squared distribution, this amounts to 1 chance
in 300 of being random.

In the foregoing example, standard alphabets were used.

We could easily of used reversed standard alphabets. The U.S.
Army Cipher Disk produces just this type of cipher. It is known
as the Beaufort Cipher. The direction of the crests and
troughs is reversed when fitting the distributions to the
normal.

SOLUTION BY COMPLETING THE PLAIN-COMPONENT SEQUENCE

When direct standard alphabets are used we can mechanically

solve the cipher by completing the plain component. The plain
text reappears on only one generatrix and this generatrix is
the same for the whole message. It is the only generatrix that
yields intelligible text. This same process can be modified to
work with the alphabets of a Viggy. In this case the correct
generatrix should be distinguishable from the others because it
shows a more favorable assortment of high frequency letters,
and thus can be selected by eye from the whole set of
generatrixes.

Using the previous example, we let the first ten cipher letters
in each alphabet be set down in a horizontal line and the
assumption is made that the alphabets are direct standard with
normal sequences. See Figure 11-8.
We use the following selection rules:

1. Circle all low frequency letters J, K, Q, X, Z and discard

any row that has two or more of these letters in it.

2. We weight the eight highest frequency letters (ETANORISH)

as 1 and the remaining letters as 0. The sum of the weights
is recorded at the side of each row.

3. Select the highest score. This works 8 out of 10 times.

The correct answer is 10 out of 10 if we examine the top
three scores. Friedman presents the statistical proof for
this method in FRE7].

This method works regardless of the key (which might be a

number) as in the Gronsfeld Cipher.

Figure 11-8

Gen./ Alphabet 1 Alphabet 2 Alphabet 3 Alphabet 4

1 AJZJNEZAIJ 2 UAYMFTHYLK 2 KMMIMIBMVU HKWGLMHZMT
2 BKAKOFABJK VBZNGUIZML LNNJNJCNWV 5 ILXHMNIANU
3 0 CLBLPGBCKL 4 WCAOHVJANM MOOKOKDOXW JMYINOJBOV
4 0 DMCMQHCDLM XDBPIWKBON 2 NPPLPLEPYX KNZJOPKCPW
5 * 7 ENDNRIDEMN YECQJXLCPO OQQMQMFQZY LOAKPQLDQX
6 7 FOEOSJEFNO ZFDRKYMDQP 7 PRRNRNGRAZ 3 MPBLQRMERY
7 2 GPFPTKFGOP AGESLZNERQ 7 QSSOSOHSBA NQCMRSNFSZ
8 HQGQULGHPQ 5 BHFTMAOFSR 6 RTTPTPITCB *8 ORDNSTOGTA
9 5 IRHRVMHIQR 4 CIGUNBPGTS SUUQUQJUDC 4 PSEOTUPHUB
10 JSISWNIJRS DJHVOCQHUT 4 TVVRVRKVED QTFPUVQIVC
11 KTJTXOJKST 4 EKIWPDRIVU 3 UWWSWSLWFE RUGQVWRJWD
12 LUKUYPKLTU FLJXQESJWV VXXTXTMXGF SVHRWXSKXE
13 MVLVZQLMUV GMKYRFTKXW 1 WYYUYUNYHG 3 TWISXYTLYF
14 4 NWMWARMNVW HNLZSGULYX XZZVZVOZIH UXJTYZUMZG
15 OXNXBSNOWX 4 IOMATHVMZY 5 YAAWAWPAJI VYKUZAVNAH
16 3 PYOYCTOPXY JPNBUIWNAZ ZBBXBXQBKJ 3 WZLVABWOBI
17 QZPZDUPQYZ KQOCVJXOBA 2 ACCYCYRCLK XAMWBCXPCJ
18 RAQAEVQRZA 1 LRPDWKYPCB BDDZDZSDML YBNXCDYQDK
19 5 SBRBFWRSAB MSQEXLZQDC *8 CEEAEATENM ZCOYDEZREL
20 4 TCSCGXSTBC *6 NTRFYMARED 2 DFFBFBUFON 4 ADPZEFASFM
21 2 UDTDHYTUCD 5 OUSGZNBSFE 2 EGGCGCVGPO 4 BEQAFGBTGN
22 4 VEUEIZUVDE 4 PVTHAOCTGF 0 FHHDHDWHQP 2 CFRBGHCUHO
23 2 WFVFJAVWEF 1 QWUIBPDUHG GIIEIEXIRQ 3 DGSCHIDVIP
24 XGWGKBWXFG RXVJCQEVIH HJJFJFYJSR EHTDIJEWJQ
25 YHXHLCXYGH SYWKDRFWJI IKKGKGZKTS FIUEJKFXKR
26 ZIYIMDYZHI TZXLESGXKJ 2 JLLHLHALUT GJVFKLGYLS

Alphabet 5
1 YIMXXIRMEG
2 ZJNYYJSNFH
3 AKOZZKTOGI
4 2 BLPAALUPHJ
5 CMQBBMVQIK
 6 4 DNRCCNWRJL
7 EOSDDOXSKM
8 5 FPTEEPYTLN
9 GQUFFQZUMO
10 4 HRVGGRAVNP
11 4 ISWHHSBWOQ
12 JTXIITCXPR
13 KUYJJUDYQS
14 LVZKKVEZRT
15 3 MWALLWFASU
16 NXBMMXGBTV
17 3 OYCNNYHCUW
18 PZDOOZIDVX
19 QAEPPAJEWY
20 RBFQQBKFXZ
21 4 SCGRRCLGYA
22 3 TDHSSDMHZB
23 *8 UEITTENIAC
24 VFJUUFOJBD
25 WGKVVGPKCE
26 XHLWWHQLDF

The high frequency generatrixes are selected and their letters

are juxtaposed in columns, the consecutive letters of
intelligible plain text present themselves. If reversed
standard alphabets are used, we must convert the cipher letters
of each isolated alphabet into their normal, plain component
equivalents, and then proceed as in the case of direct standard
alphabets.

For Alphabet 1, generatrix 5.. E N D N R I D E M N

For Alphabet 2, generatrix 20.. N T R F Y M A R E D
For Alphabet 3, generatrix 19.. C E E A E A T E N M
For Alphabet 4, generatrix 8.. O R D N S T O G T A
For Alphabet 5, generatrix 23.. U E I T T E N I A C

(Read down the columns for plain text.)

Friedman describes a graphical method for generatrix

development in [FR7] and [FR8].

Time to move on to other family members. We shall identify the

systems and peculiarities of each, but remember that the
solution techniques presented for the papa bear apply equally
well to the children and cousins.

VARIANT CIPHER

The Variant Cipher is just that, a variant of the Vigenere,

except that if the Viggy procedure is followed through, a
peculiar keyword appears, like JYUWFT. Going back to the
slides, In the Variant, the plaintext appears in the opposite
slide from the one containing the key letter: Vigenere below
the 'A' and Variant above the 'A'. The application of the high
frequency letters is the same. The keyword is obtained in a
different fashion. For the simple encipherment of COME AT
ONCE with the keyword TENT:

T E N T T E N T
------- -------
C O M E J K Z L
A T O N H P B U
C E - - J A - -

The setting of the slides for say , the initial T of the

keyword is:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

The decipherment of a Variant is the same as a Vigenere.

VARIANT SOLUTION BY COMPUTER

>From our trusty CDB, I found Variant.exe and applied it to the

following cryptogram:

UALOT SILKH RWEBN NRHNL THURD VPVCH DLSUC OABSM YMXFO QAUBR
NFHFR IBAOH YTMWT ENJVQ UPZHF AQWGZ MVHTB OENJD IGIMF SULUA
BPMLZ RNFNX SMJTG DJHAF EKKSZ QWDZQ CLVRN FZXBZ WISTJ LMRNH
RZ.

The solution was found in two steps with a period of 7, keyword

"RABBVTS" which is RABBITS, and reads: Lamp black is
extensively in the manufacture of printing inks, as a pigment
for oil painting and also for waxing and lacquering of leather
as well as in darkening a furniture polish. Total time 2 or
3 minutes.

BEAUFORT CIPHER

A third member of the Viggy family, the Beaufort, and while the
same procedure is applied, the slides (or tables) are
different. One is a normal alphabet, extending double length
A-Z; the other is reversed, double length Z-A. So if I = T at
one setting, then T=I at the same setting. It does not matter
what the index for the key is, the results are the same.

So:

ABCDEFGHIJKLMNOBQRSTUVWXYZABCDEFGHIJKL
TSRQPONMLKJIHGFEDCBAZYWXVUTSRQPONMLKJI
* *

Again the simple example.

T E N T T E N T
------- -------
C O M E R Q B P
A T O N T L Z G
C E - - R A --
BEAUFORT SOLUTION BY COMPUTER NEEDS WORK

I found BEAUFORT.exe at the CDB and applied it two the

following message:

LDYUP AKUPT LVDTO BXUFW SERZP QMQPD NITHA NXUHE UGZTG HMGSM
SRCUF LBQPZ XRYOB FDMNZ TGCUP QQUFB PANAQ HBOON XOOQP DJCJK
TPFDV TBRKL TTSZG ODUFB TETEL POIEB HRTSM DBGGA YUT.

Not so successful this time. It croaked at period = 6.

The best i could get was "light-" I then reran the program with
a wider key range and found that the true period was 10. After
some trial and error,
the keyword is LIGHTHOUSE and the message starts:

A fine head land of granite pierced by a natural arch on..

Solution time 15 minutes with at least two wrong trails.

RELATIONSHIPS

LEDGE points out some interesting relationships between the

Vigenere, Variant and Beaufort. Let A=0, B=1, C=2 .. Z=25,
then:

O Vigenere: Cipher Letter = Plaintext letter + keyletter

(modulo 26)

O Variant: Cipher letter = Plaintext letter - keyletter

(modulo 26)

O Beaufort: Cipher letter = Keyletter - Plaintext letter

(modulo 26)

Suppose plain text = B and Key = C. Since B=1 and C=2,

Vigenere ciphertext = 1 + 2 = 3 or D; For Variant ciphertext
1-2=-1 +26 = 25 = Z.

For Vigenere and Variant if key letter = A, since A=0,the

cipher text = plain text. If we reconstruct a cipher assuming
it is a Vigenere, but it is actually a Variant, we will get the
true plain text but strange keyword. By subtracting the
Variant equation from the Vigenere equation and setting cipher
text (Viggy) = ciphertext (Variant) and similarly plaintext
(Viggy) = plaintext (Variant), we get the keyletter (Variant)
= - keyletter(Vigenere) the same relationship as that between
ciphertext and plaintext when the keyletter is A in the
Beaufort (since A=0). Hence, we encipher our strange keyword
with the A Beaufort alphabet to get the Variant key. The same
holds true if we have a Variant and assume it a Viggy.

If we have a Vigenere and a fragment of the same message

enciphered with the same key in Variant (or visa versa) then,

a. Plaintext = (Ciphertext(Variant)) +
Ciphertext(Vigenere))/2(modulo 13)

b. Key = (Ciphertext(Vigenere) - Ciphertext(Variant))/2

(modulo 13)

If we have a Vigenere and a fragment of a Beaufort for the same

key and plaintext or visa versa then,

c. Plaintext = (Ciphertext(Vigenere)) -
Ciphertext(Beaufort))/2(modulo 13)

d. Key = (Ciphertext(Vigenere) +
Ciphertext(Beaufort))/2(modulo 13)

In equations a-d, two answers are produced because modulo 13

will give one number from 0-12 and another 13-25. Solution is
by inspection.

PORTA (aka NAPOLEON'S TABLE)

Table 11-7 defines the PORTA Cipher. In this table the

alphabets are all reciprocal, for example Gplain(Wkey) =
Rcipher, Rplain(Wkey)=Gcipher. They are called complementary
alphabets. Either of two letters may serve as a key letter
indifferently: Gplain(Wkey) or Gplain(Xkey) = Rcipher.

Table 11-7

A B C D E F G H I J K L M
AB N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M
CD O P Q R S T U V W X Y Z M

A B C D E F G H I J K L M
EF P Q R S T U V W X Y Z N O

A B C D E F G H I J K L M
GH Q R S T U V W X Y Z N O P

A B C D E F G H I J K L M
IJ R S T U V W X Y Z N O P Q

A B C D E F G H I J K L M
KL S T U V W X Y Z N O P Q R

A B C D E F G H I J K L M
MN T U V W X Y Z N O P Q R S

A B C D E F G H I J K L M
OP U V W X Y Z N O P Q R S T

A B C D E F G H I J K L M
QR V W X Y Z N O P Q R S T U
 A B C D E F G H I J K L M
ST W X Y Z N O P Q R S T U V

A B C D E F G H I J K L M
UV X Y Z N O P Q R S T U V W

A B C D E F G H I J K L M
WX Y Z N O P Q R S T U V W X

A B C D E F G H I J K L M
YZ Z N O P Q R S T U V W X Y

The Porta Cipher permits 13 different ways to disguise a plain

letter.

Again our simple encipherment:

T E N T T E N T
C O M E Y M S N
A T O N W E I E
C E - - Y T - -

A peculiarity of this system is that since half the alphabet

is represented by the half of the alphabet, there never will be
found the letters A-M of the plaintext appearing as A-M in the
ciphertext; no N-Z plaintext appearing as the N-Z ciphertext.
This helpful in placing a tip. THE shows up as a (A-M) (N-Z)
(N-Z) combination. [BRYA]

Table 11-8 shows a different view of the PORTA Cipher

Table 11-8

Plain Text
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
---------------------------------------------------
A,B N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
C,D O P Q R S T U V W X Y Z N M A B C D E F G H I J K L
E,F P Q R S T U V W X Y Z N O L M A B C D E F G H I J K
G,H Q R S T U V W X Y Z N O P K L M A B C D E F G H I J
I,J R S T U V W X Y Z N O P Q J K L M A B C D E F G H I
K,L S T U V W X Y Z N O P Q R I J K L M A B C D E F G H
M,N T U V W X Y Z N O P Q R S H I J K L M A B C D E F G
O,P U V W X Y Z N O P Q R S T G H I J K L M A B C D E F
Q,R V W X Y Z N O P Q R S T U F G H I J K L M A B C D E
S,T W X Y Z N O P Q R S T U V E F G H I J K L M A B C D
U,V X Y Z N O P Q R S T U V W D E F G H I J K L M A B C
W,X Y Z N O P Q R S T U V W X C D E F G H I J K L M A B
Y,Z Z N O P Q R S T U V W X Y B C D E F G H I J K L M A

Using the message text A from page 20 as an example with key

word WHITE , the distribution of 5 alphabets is:

2 6 2 1 6 1 5 3 1 6 5 1 2 3 3 3 2 2 1
1. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

4 2 5 1 3 4 4 1 2 3 1 2 4 9 1 2 5
2. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
 5 3 3 2 5 1 1 3 4 7 2 2 4 8 1 1 2
3. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

1 1 4 4 2 2 3 3 1 9 2 2 3 1 1 3 3 2 2 4
4. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

5 2 2 2 4 3 2 1 6 2 4 9 1 3 7 1
5. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Now we can divide the M and N distributions, and each half may
be used to fit a normal distribution. In alphabet 1, the
sequence CDEFGHIJ cipher may easily be recognized as NOPQRSTU
plain; this would fix the keyletters as WX, and therefor the
A...Mplain sequence should begin with Ycipher. In alphabets
2,3, and 5 the RSTplain sequence may be spotted at BCDcipher,
ABCcipher, and CDEcipher, respectively, whereas in alphabet 4,
if Ncipher = Eplain, then Ecipher = Nplain; therefore the
original assumptions for the first halves will be confirmed by
the goodness of fit of the distributions for the second halves.
The keys fore these 5 alphabets are derived as (W,X), (G,H)
(I,J), (S,T), and (E,F); from these letters we get WHITE.

In completing the plain component sequence for the Porta

encipherment, the cipher letters are first converted to their
Porta plain-component equivalents and then these letters are
used for the decipherment. EXCEPT, cipher letters A-M are
completed in a downward direction and cipher letters N-Z are
completed in an upward direction.

Reference [FR7] gives the example:

P K T F F C D V I T O B V Z X C V R E E G I V J E
T P R K T O Q C F L P B V P X ....

The conversion process and plain component completion of the

first three alphabets are shown below using the generatrix
elimination and weighting scheme developed earlier:

Alphabet 1 Alphabet 2 Alphabet 3

P C O C G T O P K D B V I P Q B T V V R V R C V
--------------- --------------- ---------------
1 C P B P T G B C X Q O I V C D O 6 G I I E I E P I
3 D O C O S H C D 3 W P N J U D E N H J J F J F O J
6 E N D N R I D E V O Z K T E F Z I K K G K G N K
F Z E Z Q J E F 2 U N Y L S F G Y J L L H L H Z L
0 G Y F Y P K F G T Z X M R G H X 2 K M M I M I Y M
H X G X O L G H 3 S Y W A Q H I W L A A J A J X A
3 I W H W N M H I R X V B P I J V M B B K B K W B
J V I V Z A I J Q W U C O J K U 1 A C C L C L V C
K U J U Y B J K 3 P V T D N K L T 0 B D D M D M U D
L T K T X C K L 3 O U S E Z L M S 7 C E E A E A T E
2 M S L S W D L M 5 N T R F Y M A R 1 D F F B F B S F
5 A R M R V E M A Z S Q G X A B Q 2 E G G C G C R G
B Q A Q U F A B 1 Y R P H W B C P 0 F H H D H D Q H

The generatrixes with the highest scores are the correct ones.
MODIFIED PORTA

Just as the Vigenere table consisting of direct standard

alphabets has its complementary table of reversed standard
alphabets, a variant of the Porta table can be constructed
where the lower halves of the sequences run in opposite
direction to the upper half. For example,

A,B A B C D E F G H I J K L M
Z Y X W V U T S R Q P O N

C,D A B C D E F G H I J K L M
N Z Y X W V U T S R Q P O

PROBABLE WORD METHOD OF SOLUTION FOR PORTA

The probable word method is very easy way to attack a Porta

cipher. Let 1 = any letter in the A-M sequence, and 2 equal
any letter in the N-Z sequence.

P K T F F C D V I T O B V Z X C V R E E G I V J E
2 1 2 1 1 1 1 2 1 2 2 1 2 2 2 1 2 2 1 1 1 1 2 1 1

T P R K T O Q C F L P B V P X ....
2 2 2 1 2 2 2 1 1 1 2 1 2 2 2

Use the probable word INFANTRY, which has the class notation of
12112222, but in encipherment is reversed to 21221111 pattern.
At position 15, X C V R E E G I, we find:

plain I N F A N T R Y
cipher X C V R E E G I

key E W G I S E W G
derived F X H J T F X H

Read diagonally, we see WHITE repeated.

COMPUTER SOLUTION OF PORTA

At the trusty CDB is a program called PORTA.exe. Using it on

the following cipher message found a period of 9 with a
possible key of KL/IJ/CD/MN/AB/OP/OP/EF/QR. I came up with the
keyword LIDNAOOER

EYWRR MOTJJ QOHFA LTYQV SQFPG EPWTG RVGUC DVVBT EMLMN

BYSOE OHFKW YARQL PEBSB ETVXM WVBCV XRTIT JJAMX EHADX
VCAXN MMWZR WALFY BTJSP RTLLP LZDVD FZHGE PBKQR RUKWQ
AEAOP Y

and behold the message cracked to:

 While the Romans used leeks in the culinary depart..

The process took less than two minutes but did not yield the
actual keyword or require it.

GRONSFELD

The GRONSFELD Cipher uses a numerical key and restricts the

Viggy table to just ten alphabets. We can construct a slide
with one normal alphabet and numbered one like this:

... 9 8 7 6 5 4 3 2 1 0 1 2 3 4 5 6 7 8 9 ...

One half the digits are used for encipherment and the other
half for decipherment. For example the key is derived as
follows:

C O N S T I T U T I O N
1 6 4 8 9 2 10 12 11 3 7 5

The first duplicate letter carries the lower number.

So back to:

6 2 3 4 6 2 3 4
C O M E I Q P I
A T O N G V R R
C E - - I G - -

Slide method: put the 0 over the C, take the letter to the
right in juxtaposition of the 6 = I, same for A which is G
and so on. We decipher by looking to the left.

A typical decipherment might look like this for the test word
"YOUR":

0 2 4 7 0 2 4 7 0 2 4 7 0 2
T S V H Y Q B V Y I G L M G U X A S R M F K C I A A O V I Z
-----------------------------------------------------------
S R U G Y O U R X F H K M E N T Z R Q L F I V E Z Z N U I X
------- ------- ------- ---
R Q T F W G E J Y Q P K Y Y M T
Q P S E V F D I X P O J W W K R

T S V H Y Q B V Y I G L M G U X A S R M F K C I A A O V I Z
-----------------------------------------------------------
Y 9 0 3 0 8 8 2 7 4 2 2
O 2 7 6 4 0
U 7 4 3 1
R 4 9
LECTURE 11 PROBLEMS

11.1 Viggy.

SYCVT HFXEQ DPTLN KTGMP FHMPA SRVIT LSEXH DPITX

KELIQ WDXEC VNLIP HPWXD XXIXH UTRIH.

11.2 Beaufort.

SXSXZ IYLEQ AWEQF EZEPP QZQRD VANKH HLZJX OQSEU

YSOVS SZKLE DRMRU THTUW SCLOX NEHLA OPEEU GAZIA
UUOQG OJX.

11.3 Variant.

JQRSB YBKNF WWTGK UXDTK ZAOAA MCVJU KBCEX GUYLB

UASWY TIENQ XLPYX CWASU VAKOM XIGIK XHWZT SWGOP
WRTSJ NAWG.

11.4 Gronsfeld.

ZRWQU IKLMS IXAWI UQMWP KFQEL RBWJG XHIXT NLVKS ZHVHS

ZRUEK KWPIM GSXIA XVUEL RHZPI SLBWT NHU.

11.5 Viggy or Beaufort; same message and key starts ONOIHT.

ORQGX HPNKW QQCHI ABIFZ NQCHR VLVLU HYUDT MCYJN WAUHP

HLVIN BZCCB GCGKZ JNLMM WTVLY DYCCV JPUVG KLKQX YTTKI
XOQYB JJMHJ BYHQY LFQWF NRYUC XCECN GPCBW TPAXE ABKGC
PVHKL OIKQW TPKOW KNCMM HFFAV A.

ANSWERS TO LECTURE 10 PROBLEMS

Thanks to JOE O for a fine analysis of all three problems.

QQ-1 QUAGMIRE I Travelogue. (Ends:SINGOUTOFTHESEA) RHIZOME

1234567 1234567 1234567 1234567 1234567 1234567 1234567

THEFIRS TIMEaVI SITOREX CLAIMSA HROMANT ICVENIC ESINKIN
KKQHPQR KTYOiTA TLGAWBM XORKTAT BSOOIYI CGICEJV UCYZRJP

ALNSFRZ UCQDXIS TDRBFYS YTFDZBD USQWKMT CPPDOAI CAAKEHK

UAYFHQA TLNIFSI SIGJHAS V.

QQ-1 Quagmire I Solution.

VERDICT/nose. Period =7.

The first time visitor exclaims "Ah, romantic Venice sinking
into the sea." The seasoned traveler exclaims,"Ah, stinking
Venice rising out of the sea.
 0 A B C D F G H I J K L M P Q R T U V W X Y Z N O S E
1 V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
2 E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
3 R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
4 D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
5 I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
6 C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
7 T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

QQ-2 QUAGMIRE III Tedious. (CRYPTANALYTIC METHODS)

DOPPELSCHACH
Period= 6

12345 61234 56123 45612 34561 23456 12345 61234 56123

THETI MEREQ UIRED BYS.......
PNATV SJBAQ WGMTR BZYLU ACACR GBNTQ FGGCN APNID ULMVD

SCEPB AMCQF BBPVR EOBSL AFSAN HFYVV MCYTF LEMAO MFHVU

KBAAU ATTEA NGOHU GTQEX ISUGU SAKCC TLIRT TLSZM PBMGV

APYRV YIIGL WGNUF JFROG SNQGN HBOTU TACUO JUVQH HUGWW

WBIMT WNHVO GTLSZ MPYQZ BNCEN UWLC.

HARDER/decorative. Period = 6. The time required by some

cryptanalytic methods grows extremely rapidly as key length or
message length increases. All possible keys for a columnar
transposition instead of making an entry by building up a
from a pair of columns is an example.

0 D E C O R A T I V B F G H J K L M N P Q S V W X Y Z
1 H J K L M N P Q S V W X Y Z D E C O R A T I V B F G
2 A T I V B F G H J K L M N P Q S V W X Y Z D E C O R
3 R A T I V B F G H J K L M N P Q S V W X Y Z D E C O
4 D E C O R A T I V B F G H J K L M N P Q S V W X Y Z
5 E C O R A T I V B F G H J K L M N P Q S V W X Y Z D

QQ-3 QUAGMIRE IV Economics Lesson. EDNASANDE

(BUSINESSACTIVITYDURINGAPERIOD)

THEEC ONOMY OFTHE NATIO ..........

TDNSE PMBSV FURMQ UFYSJ PAGGY FVIKT GYVLV FBTPH IIIAD

HVIUY QSAFA VQVFU HPIHE BIXNN HBSTN IRMQH IIIAD OVIXT

CTNOW EOJOZ BOWBU ONLFN GOBJS HBOQS VZMOU JSFQH SAHPS

JBBJT AAMIE XILRA TOTVL TUAML FLNEJ PPMNT XHVQV FCYSB

JODNF XJSFT UIUTM ONKDO UMMSB NWUL.

 EXCHANGE/stock/MARKET. The economy of the Nation is built
on supply and demand, the result of inflation. Recession
is a temporary falling off of business activity during a
period when such activity has been generally increasing..

0 S T O C K A B D E F G H I J L M N P Q R U V W X Y Z
1 E T B C D F G H I J L N O P Q S U V W X Y Z M A R K
2 X Y Z M A R K E T B C D F G H I J L N O P Q S U V W
3 C D F G H I J L N O P Q S U V W X Y Z M A R K E T B
4 H I J L N O P Q S U V W X Y Z M A R K E T B D E F G
5 A R K E T B C D F G H I J L N O P Q S U V W X Y Z M
6 N O P Q S U V W X Y Z M A R K E T B D E F G H I J L
7 G H I J L N O P Q S U V W X Y Z M A R K E T B D E F
8 E T B C D F G H I J L N O P Q S U V W X Y Z M A R K

REFERENCES / RESOURCES [updated 5 May 1996]

[ACA] ACA and You, "Handbook For Members of the American
Cryptogram Association," ACA publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure

Communications", American Cryptogram Association,
1994.

[ACM] Association For Computing Machinery, "Codes, Keys and

Conflicts: Issues in U.S. Crypto Policy," Report of a
Special Panel of ACM U. S. Public Policy Committee
(USACM), June 1994.

[AFM] AFM - 100-80, Traffic Analysis, Department of the Air

Force, 1946.

[ALAN] Turing, Alan, "The Enigma", by A. Hodges. Simon and

Schuster, 1983.

[ALBA] Alberti, "Treatise De Cifris," Meister Papstlichen,

Princeton University Press, Princeton, N.J., 1963.

[ALEX] Alexander, D. A., "Secret codes and Decoding," Padell

Book Co., New York, 1945.

[ALKA] al-Kadi, Ibrahim A., Origins of Cryptology: The Arab

Contributions, Cryptologia, Vol XVI, No. 2, April 1992,
pp 97-127.

[AND1] Andree, Josephine, "Chips from the Math Log," Mu Alpha

Theta, 1966.

[AND2] Andree, Josephine, "More Chips from the Math Log," Mu

Alpha Theta, 1970.

[AND3] Andree, Josephine, "Lines from the O.U. Mathematics

Letter," Vols I,II,III, Mu Alpha Theta, 1971,1971,1971.

[AND4] Andree, Josephine and Richard V., "RAJA Books: a Puzzle

Potpourri," RAJA, 1976.

[AND5] Andree, Josephine and Richard V., "Preliminary

Instructors Manual for Solving Ciphers," Project CRYPTO,
Univ of Oklahoma, Norman, OK, 1977.

[AND6] Andree, Josephine and Richard V., "Teachers Handbook

For Problem Solving and Logical Thinking," Project
CRYPTO, Univ of Oklahoma, Norman, OK, 1979.

[AND7] Andree, Josephine and Richard V., "Preliminary

Instructors Manual for Cryptarithms," Project CRYPTO,
Univ of Oklahoma, Norman, OK, 1976.

[AND8] Andree, Josephine and Richard V., "Sophisticated

Ciphers: Problem Solving and Logical Thinking," Project
CRYPTO, Univ of Oklahoma, Norman, OK, 1978.

[AND9] Andree, Josephine and Richard V., "Logic Unlocs

 Puzzles," Project CRYPTO, Univ of Oklahoma, Norman, OK,
1979.

[ANDR] Andrew, Christopher, 'Secret Service', Heinemann,

London 1985.

[ANK1] Andreassen, Karl, "Cryptology and the Personal Computer,

with Programming in Basic," Aegean Park Press, 1986.

[ANK2] Andreassen, Karl, "Computer Cryptology, Beyond Decoder

Rings," Prentice-Hall 1988.

[ANNA] Anonymous., "The History of the International Code.",

Proceedings of the United States Naval Institute, 1934.

[ANN1] Anonymous., " Speech and Facsimile Scrambling and

Decoding," Aegean Park Press, Laguna Hills, CA, 1981.

[ASA ] "The Origin and Development of the Army Security

Agency 1917 -1947," Aegean Park Press, 1978.

[ASHT] Ashton, Christina, "Codes and Ciphers: Hundreds of

Unusual and Secret Ways to Send Messages," Betterway
Books, 1988.

[ASIR] Anonymous, Enigma and Other Machines, Air Scientific

Institute Report, 1976.

[AUG1] D. A. August, "Cryptography and Exploitation of Chinese

Manual Cryptosystems - Part I:The Encoding Problem",
Cryptologia, Vol XIII, No. 4, October 1989.

[AUG2] D. A. August, "Cryptography and Exploitation of Chinese

Manual Cryptosystems - Part II:The Encrypting Problem",
Cryptologia, Vol XIV, No. 1, August 1990.

[BADE] Badeau, J. S. et. al., The Genius of Arab Civilization:

Source of Renaissance. Second Edition. Cambridge: MIT
Press. 1983.

[BAMF] Bamford, James, "The Puzzle Palace: A Report on

America's Most Secret Agency," Boston, Houghton Mifflin,
1982.

[BARB] Barber, F. J. W., "Archaeological Decipherment: A

Handbook," Princeton University Press, 1974.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and Essays,

London, 1928.

[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The

Simple Substitution Cipher with Word Divisions," Aegean
 Park Press, Laguna Hills, CA. 1975.

[BAR2] Barker, W., ed., History of Codes and Ciphers in the

U.S. During the Period between World Wars, Part II,
1930 - 1939., Aegean Park Press, 1990.

[BAR3] Barker, Wayne G., "Cryptanalysis of the Hagelin

Cryptograph, Aegean Park Press, 1977.

[BAR4] Barker, Wayne G., "Cryptanalysis of the Enciphered Code

Problem - Where Additive Method of Encipherment Has Been
Used," Aegean Park Press, 1979.

[BAR5] Barker, W., ed., History of Codes and Ciphers in the

U.S. Prior To World War I," Aegean Park Press, 1978.

[BAR6] Barker, W., " Cryptanalysis of Shift-Register Generated

Stream Cipher Systems," Aegean Park Press, 1984.

[BAR7] Barker, W., ed., History of Codes and Ciphers in the

U.S. During the Period between World Wars, Part I,
1919-1929, Aegean Park Press, 1979.

[BAR8] Barker, W., ed., History of Codes and Ciphers in the

U.S. During World War I, Aegean Park Press, 1979.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.

[BARR] Barron, John, '"KGB: The Secret Work Of Soviet Agents,"

Bantom Books, New York, 1981.

[BAUD] Baudouin, Captain Roger, "Elements de Cryptographie,"

Paris, 1939.

[BAZE] Bazeries, M. le Capitaine, " Cryptograph a 20 rondelles-

alphabets," Compte rendu de la 20e session de l'
Association Francaise pour l'Advancement des Scienses,
Paris: Au secretariat de l' Association, 1892.

[BECK] Becket, Henry, S. A., "The Dictionary of Espionage:

Spookspeak into English," Stein and Day, 1986.

[BEES] Beesley, P., "Very Special Intelligence", Doubleday, New

York, 1977.

[BENN] Bennett, William, R. Jr., "Introduction to Computer

Applications for Non-Science Students," Prentice-Hall,
1976. (Interesting section on monkeys and historical
cryptography)

[BLK] Blackstock, Paul W. and Frank L Schaf, Jr.,

"Intelligence, Espionage, Counterespionage and Covert
Operations," Gale Research Co., Detroit, MI., 1978.

[BLOC] Bloch, Gilbert and Ralph Erskine, "Exploit the Double

Encipherment Flaw in Enigma", Cryptologia, vol 10, #3,
July 1986, p134 ff. (29)
[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th ed.,
Annapolis: U.S. Naval Institute, 1978.

[BODY] Brown, Anthony - Cave, "Bodyguard of Lies", Harper and

Row, New York, 1975.

[BOLI] Bolinger, D. and Sears, D., "Aspects of Language,"

3rd ed., Harcourt Brace Jovanovich,Inc., New York,
1981.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An

Introduction to Information Security," Hayden Books,
Rochelle Park, NJ, 1990.

[BOWE] Bowers, William Maxwell, "The Bifid Cipher, Practical

Cryptanalysis, II, ACA, 1960.

[BOW1] Bowers, William Maxwell, "The Trifid Cipher," Practical

Cryptanalysis, III, ACA, 1961.

[BOW2] Bowers, William Maxwell, "The Digraphic Substitution,"

Practical Cryptanalysis, I, ACA, 1960.

[BOW3] Bowers, William Maxwell, "Cryptographic ABC'S:

Substitution and Transposition Ciphers," Practical
Cryptanalysis, IV, ACA, 1967.

[BOWN] Bowen, Russell J., "Scholar's Guide to Intelligence

Literature: Bibliography of the Russell J. Bowen
Collection," National Intelligence Study Center,
Frederick, MD, 1983.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.

[BRAS] Brasspounder, "Language Data - German," MA89, The

Cryptogram, American Cryptogram Association, 1989.

[BREN] Brennecke, J., "Die Wennde im U-Boote-Krieg:Ursachen und

Folgren 1939 - 1943," Herford, Koehler, 1984.

[BROO] Brook, Maxey, "150 Puzzles in Cryptarithmetic,"

Dover, 1963.

[BROW] Brownell, George, A. "The Origin and Development of

the National Security Agency, Aegean Park Press, 1981.

[BRIG] Brigman,Clarence S., "Edgar Allan Poe's Contribution

to Alexander's Weekly Messenger," Davis Press, 1943.

[BRIT] Anonymous, "British Army Manual of Cryptography",

HMF, 1914.

[BROG] Broglie, Duc de, Le Secret du roi: Correspondance

secrete de Louis XV avec ses agents diplomatiques
1752-1774, 3rd ed. Paris, Calmann Levy, 1879.
[BRYA] Bryan, William G., "Practical Cryptanalysis - Periodic
Ciphers -Miscellaneous", Vol 5, American Cryptogram
Association, 1967.

[BUGS] Anonymous, "Bugs and Electronic Surveillance," Desert

Publications, 1976.

[BUON] Buonafalce, Augusto, "Giovan Battista Bellaso E Le Sue

Cifre Polialfabetiche," Milano, 1990

[BURL] Burling, R., "Man's Many Voices: Language in Its

Cultural Context," Holt, Rinehart & Winston, New York,
1970.

[BWO] "Manual of Cryptography," British War Office, Aegean

Park Press, Laguna Hills, Ca. 1989. reproduction 1914.

[CAND] Candela, Rosario, "Isomorphism and its Application in

Cryptanalytics, Cardanus Press, NYC 1946.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight Letters

in Length, Aegean Park Press, Laguna Hills, CA 92654,
1986.

[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in Length,

Aegean Park Press, Laguna Hills, CA 92654, 1986.

[CASE] Casey, William, 'The Secret War Against Hitler',

Simon & Schuster, London 1989.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NJ, 1990.

[CHOI] Interview with Grand Master Sin Il Choi.,9th DAN, June

25, 1995.

[CHOM] Chomsky, Norm, "Syntactic Structures," The Hague:

Mouton, 1957.

[CHUN] Chungkuo Ti-erh Lishih Tangankuan, ed "K'ang-Jih

chengmien chanch'ang," Chiangsu Kuchi Ch'upansheh,
1987., pp993-1026.

[CI] FM 34-60, Counterintelligence, Department of the Army,

February 1990.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis Of The

Columnar Double Transposition Cipher, by Courville
Associates., South Gate, CA, 1986.

[CLAR] Clark, Ronald W., 'The Man who broke Purple',

Weidenfeld and Nicolson, London 1977.

[COLF] Collins Gem Dictionary, "French," Collins Clear Type

Press, 1979.

[COLG] Collins Gem Dictionary, "German," Collins Clear Type

Press, 1984.
[COLI] Collins Gem Dictionary, "Italian," Collins Clear Type
Press, 1954.

[COLL] Collins Gem Dictionary, "Latin," Collins Clear Type

Press, 1980.

[COLP] Collins Gem Dictionary, "Portuguese," Collins Clear Type

Press, 1981.

[COLR] Collins Gem Dictionary, "Russian," Collins Clear Type

Press, 1958.

[COLS] Collins Gem Dictionary, "Spanish," Collins Clear Type

Press, 1980.

[COPP] Coppersmith, Don.,"IBM Journal of Research and

Development 38, 1994.

[COVT] Anonymous, "Covert Intelligence Techniques Of the Soviet

Union, Aegean Park Press, Laguna Hills, Ca. 1980.

[CREM] Cremer, Peter E.," U-Boat Commander: A Periscope View of

The Battle of The Atlantic," New York, Berkley, 1986.

[CRYP] "Selected Cryptograms From PennyPress," Penny Press,

Inc., Norwalk, CO., 1985.

[CULL] Cullen, Charles G., "Matrices and Linear

Transformations," 2nd Ed., Dover Advanced Mathematics
Books, NY, 1972.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford

University Press, London, 1974.

[DALT] Dalton, Leroy, "Topics for Math Clubs," National Council

of Teachers and Mu Alpha Theta, 1973.

[DAN] Daniel, Robert E., "Elementary Cryptanalysis:

Cryptography For Fun," Cryptiquotes, Seattle, WA., 1979.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The Cryptogram,

September-October, Vol XLII, No 5. 1976.

[DEAC] Deacon, R., "The Chinese Secret Service," Taplinger, New

York, 1974.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum," tr. by

Gilbert Watts, (1640) or tr. by Ellis, Spedding, and
Heath (1857,1870).

[DELA] Delastelle, F., Cryptographie nouvelle, Maire of Saint-

Malo, P. Dubreuil, Paris, 1893.

[DENN] Denning, Dorothy E. R.," Cryptography and Data

Security," Reading: Addison Wesley, 1983.

[DEVO] Deavours, Cipher A. and Louis Kruh, Machine Cryptography

 and Modern Cryptanalysis, Artech, New York, 1985.

[DEV1] Deavours, C. A., "Breakthrough '32: The Polish Solution

of the ENIGMA," Aegean Park Press, Laguna Hills, CA,
1988.

[DEV2] Deavours, C. A. and Reeds, J.,"The ENIGMA," CRYPTOLOGIA,

Vol I No 4, Oct. 1977.

[DEV3] Deavours, C. A.,"Analysis of the Herbern Cryptograph

using Isomorphs," CRYPTOLOGIA, Vol I No 2, April, 1977.

[DEV4] Deavours, C. A., "Cryptographic Programs for the IBM

PC," Aegean Park Press, Laguna Hills, CA, 1989.

[DIFF] Diffie, Whitfield," The First Ten Years of Public Key

Cryptography," Proceedings of the IEEE 76 (1988): 560-
76.

[DIFE] Diffie, Whitfield and M.E. Hellman,"New Directions in

Cryptography, IEEE Transactions on Information Theory
IT-22, 1976.

[DONI] Donitz, Karl, Memoirs: Ten Years and Twenety Days,

London: Weidenfeld and Nicolson, 1959.

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[EIIC] Ei'ichi Hirose, ",Finland ni okeru tsushin joho," in

Showa gunji hiwa: Dodai kurabu koenshu, Vol 1, Dodai
kurabu koenshu henshu iinkai, ed., (Toyko: Dodai keizai
konwakai, 1987), pp 59-60.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956. [ A text that every serious player should have!]

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,

"ENIGMA95 - A Simulation of Enhanced Enigma Cipher
Machine on A Standard Personal Computer," for
publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
Ciphers," Ambassador Books, Toronto, Canada, 1956.

[ERSK] Erskine, Ralph, "Naval Enigma: The Breaking of Heimisch

and Triton," Intelligence and National Security 3, Jan.
1988.

[EVES] Eves, Howard, "An Introduction to the History of

Mathematics, " New York, Holt Rinehart winston, 1964.

[EYRA] Eyraud, Charles, "Precis de Cryptographie Moderne'"

Paris, 1953.

[FL] Anonymous, The Friedman Legacy: A Tribute to William and

 Elizabeth Friedman, National Security Agency, Central
Security Service, Center for Cryptological History,1995.

[FLI1] Flicke, W. F., "War Secrets in the Ether - Volume I,"

Aegean Park Press, Laguna Hills, CA, 1977.

[FLIC] Flicke, W. F., "War Secrets in the Ether - Volume II,"

Aegean Park Press, Laguna Hills, CA, 1977.

[FLIC] Flicke, W. F., "War Secrets in the Ether," Aegean Park

Press, Laguna Hills, CA, 1994.

[FOWL] Fowler, Mark and Radhi Parekh, " Codes and Ciphers,
- Advanced Level," EDC Publishing, Tulsa OK, 1994.
(clever and work)

[FREB] Friedman, William F., "Cryptology," The Encyclopedia

Britannica, all editions since 1929. A classic article
by the greatest cryptanalyst.

[FRSG] Friedman, William F., "Solving German Codes in World War

I, " Aegean Park Press, Laguna Hills, CA, 1977.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR4] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part IV, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR5] Friedman, William F. Military Cryptanalysis - Part I,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR6] Friedman, William F. Military Cryptanalysis - Part II,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR7] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part II - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR8] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part II - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FREA] Friedman, William F. , "Advanced Military Cryptography,"

 Aegean Park Press, Laguna Hills, CA, 1976.

[FREB] Friedman, William F. , "Elementary Military

Cryptography," Aegean Park Press, Laguna Hills, CA,
1976.

[FRAA] Friedman, William F. , "American Army Field Codes in The

American Expeditionary Forces During the First World
War, USA 1939.

[FRAB] Friedman, W. F., Field Codes used by the German Army

During World War. 1919.

[FR22] Friedman, William F., The Index of Coincidence and Its

Applications In Cryptography, Publication 22, The
Riverbank Publications, Aegean Park Press, Laguna
Hills, CA, 1979.

[FRAN] Franks, Peter, "Calculator Ciphers," Information

Associates, Champaign, Il. 1980.

[FRS6] Friedman, W. F., "Six Lectures On Cryptology," National

Archives, SRH-004.

[FR8] Friedman, W. F., "Cryptography and Cryptanalysis

Articles," Aegean Park Press, Laguna Hills, CA, 1976.

[FR9] Friedman, W. F., "History of the Use of Codes,"

Aegean Park Press, Laguna Hills, CA, 1977.

[FRZM] Friedman, William F.,and Charles J. Mendelsohn, "The

Zimmerman Telegram of January 16, 1917 and its
Cryptographic Background," Aegean Park Press, Laguna
Hills, CA, 1976.

[FROM] Fromkin, V and Rodman, R., "Introduction to Language,"

4th ed.,Holt Reinhart & Winston, New York, 1988.

[FRS] Friedman, William F. and Elizabeth S., "The

Shakespearean Ciphers Examined," Cambridge University
Press, London, 1957.

[FUMI] Fumio Nakamura, Rikugun ni okeru COMINT no hoga to

hatten," The Journal of National Defense, 16-1 (June
1988) pp85 - 87.

[GAJ] Gaj, Krzysztof, "Szyfr Enigmy: Metody zlamania," Warsaw

Wydawnictwa Komunikacji i Lacznosci, 1989.

[GAR1] Gardner, Martin, "536 Puzzles and Curious Problems,"

Scribners, 1967.

[GAR2] Gardner, Martin, "Mathematics, Magic, and Mystery ,"

Dover, 1956.

[GAR3] Gardner, Martin, "New Mathematical Diversions from

Scientific American," Simon and Schuster, 1966.

[GAR4] Gardner, Martin, "Sixth Book of Mathematical Games from

 Scientific American," Simon and Schuster, 1971.

[GARL] Garlinski, Jozef, 'The Swiss Corridor', Dent, London

1981.

[GAR1] Garlinski, Jozef, 'Hitler's Last Weapons', Methuen,

London 1978.

[GAR2] Garlinski, Jozef, 'The Enigma War', New York, Scribner,

1979.

[GE] "Security," General Electric, Reference manual Rev. B.,

3503.01, Mark III Service, 1977.

[GERH] Gerhard, William D., "Attack on the U.S, Liberty,"

SRH-256, Aegean Park Press, 1981.

[GERM] "German Dictionary," Hippocrene Books, Inc., New York,

1983.

[GILE] Giles, Herbert A., "Chinese Self-Taught," Padell Book

Co., New York, 1936?

[GIVI] Givierge, General Marcel, " Course In Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1978. Also, M.
Givierge, "Cours de Cryptographie," Berger-Levrault,
Paris, 1925.

[GLEN] Gleason, Norma, "Fun With Codes and Ciphers Workbook,"

Dover, New York, 1988.

[GLE1] Gleason, Norma, "Cryptograms and Spygrams," Dover, New

York, 1981.

[GLEA] Gleason, A. M., "Elementary Course in Probability for

the Cryptanalyst," Aegean Park Press, Laguna Hills, CA,
1985.

[GLOV] Glover, D. Beaird, "Secret Ciphers of the 1876

Presidential Election," Aegean Park Press, Laguna Hills,
CA, 1991.

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976

[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing

Discovery and Decipherment," Basic Books, New York,
1982.

[GRA1] Grandpre: "Grandpre, A. de--Cryptologist. Part 1

'Cryptographie Pratique - The Origin of the Grandpre',
ISHCABIBEL, The Cryptogram, SO60, American Cryptogram
Association, 1960.

[GRA2] Grandpre: "Grandpre Ciphers", ROGUE, The Cryptogram,

SO63, American Cryptogram Association, 1963.

[GRA3] Grandpre: "Grandpre", Novice Notes, LEDGE, The

Cryptogram, MJ75, American Cryptogram Association,1975
[GRAH] Graham, L. A., "Ingenious Mathematical Problems and
Methods," Dover, 1959.

[GRAN] Grant, E. A., "Kids Book of Secret Codes, Signals and

Ciphers, Running Press, 1989.

[GREU] Greulich, Helmut, "Spion in der Streichholzschachtel:

Raffinierte Methoden der Abhortechnik, Gutersloh:
Bertelsmann, 1969.

[GROU] Groueff, Stephane, "Manhattan Project: The Untold Story

of the Making of the Atom Bomb," Little, Brown and
Company,1967.

[GUST] Gustave, B., "Enigma:ou, la plus grande 'enigme de la

guerre 1939-1945." Paris:Plon, 1973.

[GYLD] Gylden, Yves, "The Contribution of the Cryptographic

Bureaus in the World War," Aegean Park Press, 1978.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[HAFT] Haftner, Katie and John Markoff, "Cyberpunk,"

Touchstine, 1991.

[HAGA] Hagamen,W. D. et. al., "Encoding Verbal Information as

Unique Numbers," IBM Systems Journal, Vol 11, No. 4,
1972.

[HAWA] Hitchcock, H. R., "Hawaiian," Charles E. Tuttle, Co.,

Toyko, 1968.

[HAWC] Hawcock, David and MacAllister, Patrick, "Puzzle Power!

Multidimensional Codes, Illusions, Numbers, and
Brainteasers," Little, Brown and Co., New York, 1994.

[HELD] Held, Gilbert, "Top Secret Data Encryption Techniques,"

Prentice Hall, 1993. (great title..limited use)

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For

Divided and Undivided Cryptograms," unpublished
manuscript, 1984.

[HEPP] Hepp, Leo, "Die Chiffriermaschine 'ENIGMA'", F-Flagge,

1978.

[HIDE] Hideo Kubota, " Zai-shi dai-go kokugun tokushu joho

senshi." unpublished manuscript, NIDS.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic

Alphabet", The American Mathematical Monthly, June-July
1929.

[HIL1] Hill, L. S. 1929. Cryptography in an Algebraic

 Alphabet. American Mathematical Monthly. 36:306-312.

[HIL2] Hill, L. S. 1931. Concerning the Linear

Transformation Apparatus in Cryptography. American
Mathematical Monthly. 38:135-154.

[HINS] Hinsley, F. H., "History of British Intelligence in the

Second World War", Cambridge University Press,
Cambridge, 1979-1988.

[HIN2] Hinsley, F. H. and Alan Strip in "Codebreakers -Story

of Bletchley Park", Oxford University Press, 1994.

[HIN3] Hinsley, F. H., et. al., "British Intelligence in The

Second World War: Its Influence on Strategy and
Operations," London, HMSO vol I, 1979, vol II 1981, vol
III, 1984 and 1988.

[HISA] Hisashi Takahashi, "Military Friction, Diplomatic

Suasion in China, 1937 - 1938," The Journal of
International Studies, Sophia Univ, Vol 19, July, 1987.

[HIS1] Barker, Wayne G., "History of Codes and Ciphers in the

U.S. Prior to World War I," Aegean Park Press, Laguna
Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of Military
Ciphers," Aegean Park Press, Laguna Hills, CA, 1976.

[HODG] Hodges, Andrew, "Alan Turing: The Enigma," New York,

Simon and Schuster, 1983.

[HOFF] Hoffman, Lance J., editor, "Building In Big Brother:

The Cryptographic Policy Debate," Springer-Verlag,
N.Y.C., 1995. ( A useful and well balanced book of
cryptographic resource materials. )

[HOF1] Hoffman, Lance. J., et. al.," Cryptography Policy,"

Communications of the ACM 37, 1994, pp. 109-17.

[HOLM Holmes, W. J., "Double-Edged Secrets: U.S. Naval

Intelligence Operations in the Pacific During WWII",
Annapolis, MD: Naval Institute Press, 1979.

[HOM1] Homophonic: A Multiple Substitution Number Cipher", S-

TUCK, The Cryptogram, DJ45, American Cryptogram
Association, 1945.

[HOM2] Homophonic: Bilinear Substitution Cipher, Straddling,"

ISHCABIBEL, The Cryptogram, AS48, American Cryptogram
Association, 1948.

[HOM3] Homophonic: Computer Column:"Homophonic Solving,"

PHOENIX, The Cryptogram, MA84, American Cryptogram
Association, 1984.

[HOM4] Homophonic: Hocheck Cipher,", SI SI, The Cryptogram,

 JA90, American Cryptogram Association, 1990.

[HOM5] Homophonic: "Homophonic Checkerboard," GEMINATOR, The

Cryptogram, MA90, American Cryptogram Association, 1990.

[HOM6] Homophonic: "Homophonic Number Cipher," (Novice Notes)

LEDGE, The Cryptogram, SO71, American Cryptogram
Association, 1971.

[HYDE] H. Montgomery Hyde, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,

Yorktown Heights, N.Y., 1971.

[IMPE] D'Imperio, M. E, " The Voynich Manuscript - An Elegant

Enigma," Aegean Park Press, Laguna Hills, CA, 1976.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994.

[ITAL] Italian - English Dictionary, compiled by Vittore E.

Bocchetta, Fawcett Premier, New York, 1965.

[JAPA] Martin, S.E., "Basic Japanese Conversation Dictionary,"

Charles E. Tuttle Co., Toyko, 1981.

[JAPH] "Operational History of Japanese Naval Communications,

December 1941- August 1945, Monograph by Japanese
General Staff and War Ministry, Aegean Park Press, 1985.

[JOHN] Johnson, Brian, 'The Secret War', Arrow Books,

London 1979.

[KADI] al-Kadi, Ibrahim A., Cryptography and Data Security:

Cryptographic Properties of Arabic, Proceedings of the
Third Saudi Engineering Conference. Riyadh, Saudi
Arabia: Nov 24-27, Vol 2:910-921., 1991.

[KAHN] Kahn, David, "The Codebreakers", Macmillian Publishing

Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New

Cryptology," MacMillan Co., New York, 1983.

[KAH2] Kahn, David, "An Enigma Chronology", Cryptologia Vol

XVII,Number 3, July 1993.

[KAH3] Kahn, David, "Seizing The Enigma: The Race to Break the
German U-Boat Codes 1939-1943 ", Houghton Mifflin, New
York, 1991.

[KARA] Karalekas, Anne, "History of the Central Intelligence

Agency," Aegean Park Press, Laguna Hills, CA, 1977.

[KASI] Kasiski, Major F. W. , "Die Geheimschriften und die

Dechiffrir-kunst," Schriften der Naturforschenden
Gesellschaft in Danzig, 1872.
[KAS1] Bowers, M. W., {ZEMBIE} "Major F. W. Kasiski -
Cryptologist," The Cryptogram, XXXI, JF, 1964.

[KATZ] Katzen, Harry, Jr., "Computer Data Security,"Van

Nostrand Reinhold, 1973.

[KERC] Kerckhoffs, "la Cryptographie Militaire, " Journel des

Sciences militaires, 9th series, IX, (January and
February, 1883, Libraire Militaire de L. Baudoin &Co.,
Paris. English trans. by Warren T, McCready of the
University of Toronto, 1964

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KONH] Konheim, Alan G., "Cryptography -A Primer" , John Wiley,

1981, pp 212 ff.

[KORD] Kordemsky, B., "The Moscow Puzzles," Schribners, 1972.

[KOTT] Kottack, Phillip Conrad, "Anthropology: The Exploration

Of Human Diversity," 6th ed., McGraw-Hill, Inc., New
York, N.Y. 1994.

[KOZA] Kozaczuk, Dr. Wladyslaw, "Enigma: How the German

Machine Cipher was Broken and How it Was Read by the
Allies in WWI", University Pub, 1984.

[KRAI] Kraitchek, "Mathematical Recreations," Norton, 1942, and

Dover, 1963.

[KULL] Kullback, Solomon, Statistical Methods in Cryptanalysis,

Aegean Park Press, Laguna Hills, Ca. 1976

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing Through

The Ages," Abelard-Schuman, London, 1973.

[LAI] Lai, Xuejia, "On the Design and Security of Block

Ciphers," ETH Series in Information Processing 1, 1992.
(Article defines the IDEA Cipher)

[LAIM] Lai, Xuejia, and James L. Massey, "A Proposal for a New
Block Encryption Standard," Advances in Cryptology -
Eurocrypt 90 Proceedings, 1992, pp. 55-70.

[LAKE] Lakoff, R., "Language and the Women's Place," Harper &
Row, New York, 1975.

[LANG] Langie, Andre, "Cryptography," translated from French

by J.C.H. Macbeth, Constable and Co., London, 1922.

[LAN1] Langie, Andre, "Cryptography - A Study on Secret

Writings", Aegean Park Press, Laguna Hills, CA. 1989.

[LAN2] Langie, Andre, and E. A. Soudart, "Treatise on

Cryptography, " Aegean Park Press, Laguna Hills, CA.
1991.

[LATI] BRASSPOUNDER, "Latin Language Data, "The Cryptogram,"

 July-August 1993.

[LAUE] Lauer, Rudolph F., "Computer Simulation of Classical

Substitution Cryptographic Systems" Aegean Park Press,
1981, p72 ff.

[LEAR] Leary, Penn, " The Second Cryptographic Shakespeare,"

Omaha, NE [from author] 1994.

[LEA1] Leary, Penn, " Supplement to The Second Cryptographic

Shakespeare," Omaha, NE [from author] 1994.

[LEAU] Leaute, H., "Sur les Mecanismes Cryptographiques de M.

de Viaris," Le Genie Civil, XIII, Sept 1, 1888.

[LEDG] LEDGE, "NOVICE NOTES," American Cryptogram Association,

1994. [ One of the best introductory texts on ciphers
written by an expert in the field. Not only well
written, clear to understand but as authoritative as
they come! ]

[LENS] Lenstra, A.K. et. al. "The Number Field Sieve,"

Proceedings of the 22 ACM Symposium on the Theory of
Computing," Baltimore, ACM Press, 1990, pp 564-72.

[LEN1] Lenstra, A.K. et. al. "The Factorization of the Ninth

Fermat Number," Mathematics of Computation 61 1993, pp.
319-50.

[LEWF] Lewis, Frank, "Problem Solving with Particular Reference

to the Cryptic (or British) Crossword and other
'American Puzzles', Part One," by Frank Lewis,
Montserrat, January 1989.

[LEW1] Lewis, Frank, "The Nations Best Puzzles, Book Six,"

by Frank Lewis, Montserrat, January 1990.

[LEWI] Lewin, Ronald, 'Ultra goes to War', Hutchinson,

London 1978.

[LEW1] Lewin, Ronald, 'The American Magic - Codes, ciphers and

The Defeat of Japan', Farrar Straus Giroux, 1982.

[LEWY] Lewy, Guenter, "America In Vietnam", Oxford University

Press, New York, 1978.

[LEVI] Levine, J., U.S. Cryptographic Patents 1861-1981,

Cryptologia, Terre Haute, In 1983.

[LEV1] Levine, J. 1961. Some Elementary Cryptanalysis

of Algebraic Cryptography. American Mathematical
Monthly. 68:411-418

[LEV2] Levine, J. 1961. Some Applications of High-

Speed Computers to the Case n =2 of Algebraic
Cryptography. Mathematics of Computation. 15:254-260

[LEV3] Levine, J. 1963. Analysis of the Case n =3 in Algebraic

 Cryptography With Involuntary Key Matrix With Known
Alphabet. Journal fuer die Reine und Angewante
Mathematik. 213:1-30.

[LISI] Lisicki, Tadeusz, 'Dzialania Enigmy', Orzet Biaty,

London July-August, 1975; 'Enigma i Lacida',
Przeglad lacznosci, London 1974- 4; 'Pogromcy
Enigmy we Francji', Orzet Biaty, London, Sept.
1975.'

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[LYN1] Lynch, Frederick D., "An Approach To Cryptarithms,"

ACA, 1976.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret

Writing," David Kemp Co., NY 1936.

[MACI] Macintyre, D., "The Battle of the Atlantic," New York,

Macmillan, 1961.

[MADA] Madachy, J. S., "Mathematics on Vacation," Scribners,

1972.

[MAGN] Magne, Emile, Le plaisant Abbe de Boisrobert, Paris,

Mecure de France, 1909.

[MANN] Mann, B.,"Cryptography with Matrices," The Pentagon, Vol

21, Fall 1961.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and

Ciphers", Alexander Maclehose & Co., London, 1936.

[MARO] Marotta, Michael, E. "The Code Book - All About

Unbreakable Codes and How To Use Them," Loompanics
Unlimited, 1979. [This is a terrible book. Badly
written, without proper authority, unprofessional, and
prejudicial to boot. And, it has one of the better
illustrations of the Soviet one-time pad with example,
with three errors in cipher text, that I have corrected
for the author.]

[MARS] Marshall, Alan, "Intelligence and Espionage in the Reign

of Charles II," 1660-1665, Cambridge University, New
York, N.Y., 1994.

[MART] Martin, James, "Security, Accuracy and Privacy in

Computer Systems," Prentice Hall, Englewood Cliffs,
N.J., 1973.

[MAST] Lewis, Frank W., "Solving Cipher Problems -

Cryptanalysis, Probabilities and Diagnostics," Aegean
Park Press, Laguna Hills, CA, 1992.

[MAU] Mau, Ernest E., "Word Puzzles With Your Microcomputer,"

Hayden Books, 1990.
[MAVE] Mavenel, Denis L., Lettres, Instructions Diplomatiques
et Papiers d' Etat du Cardinal Richelieu, Historie
Politique, Paris 1853-1877 Collection.

[MAYA] Coe, M. D., "Breaking The Maya Code," Thames and Hudson,
New York, 1992.

[MAZU] Mazur, Barry, "Questions On Decidability and

Undecidability in Number Theory," Journal of Symbolic
Logic, Volume 54, Number 9, June, 1994.

[MELL] Mellen G. 1981. Graphic Solution of a Linear

Transformation Cipher. Cryptologia. 5:1-19.

[MEND] Mendelsohn, Capt. C. J., Studies in German Diplomatic

Codes Employed During World War, GPO, 1937.

[MERK] Merkle, Ralph, "Secrecy, Authentication and Public Key

Systems," Ann Arbor, UMI Research Press, 1982.

[MER1] Merkle, Ralph, "Secure Communications Over Insecure

Channels," Communications of the ACM 21, 1978, pp. 294-
99.

[MER2] Merkle, Ralph and Martin E. Hellman, "On the Security of

Multiple Encryption ," Communications of the ACM 24,
1981, pp. 465-67.

[MER3] Merkle, Ralph and Martin E. Hellman, "Hiding Information

and Signatures in Trap Door Knapsacks," IEEE
Transactions on Information Theory 24, 1978, pp. 525-
30.

[MILL] Millikin, Donald, " Elementary Cryptography ", NYU

Bookstore, NY, 1943.

[MM] Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A New

Dimension in Computer Data Security, " Wiley
Interscience, New York, 1982.

[MODE] Modelski, Tadeusz, 'The Polish Contribution to the

Ultimate Allied Victory in the Second World War',
Worthing (Sussex) 1986.

[MRAY] Mrayati, Mohammad, Yahya Meer Alam and Hassan al-

Tayyan., Ilm at-Ta'miyah wa Istikhraj al-Mu,amma Ind
al-Arab. Vol 1. Damascus: The Arab Academy of Damascus.,
1987.

[MULL] Mulligan, Timothy," The German Navy Examines its

Cryptographic Security, Oct. 1941, Military affairs, vol
49, no 2, April 1985.

[MYER] Myer, Albert, "Manual of Signals," Washington, D.C.,

USGPO, 1879.
[NBS] National Bureau of Standards, "Data Encryption
Standard," FIPS PUB 46-1, 1987.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog Signals for
the Navy with Brief Description of the Ardois Hight
System," In Proceedings of the United States Naval
Institute, Annapolis: U. S. Naval Institute, 1891.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts 1-3,"

ACA-L, August 24, 1995.

[NIC3] Nichols, Randall K., "German Reduction Ciphers Parts

1-4," ACA-L, September 15, 1995.

[NIC4] Nichols, Randall K., "Russian Cryptography Parts 1-3,"

ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F. Friedman",

NCSA FORUM, August 20, 1995.

[NIC6] Nichols, Randall K., "Wallis and Rossignol," NCSA

FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to

Cryptography,", in The Cryptogram, ND95, ACA, 1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down Morse
Code System," The Cryptogram, SO95, ACA publications,
1995.

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM, March 10,
1995.

[NICX] Nichols, R. K., Keynote Speech to A.C.A. Convention,

"Breaking Ciphers in Other Languages.," New Orleans,
La., 1993.

[NICK] Nickels, Hamilton, "Codemaster: Secrets of Making and

Breaking Codes," Paladin Press, Boulder, CO., 1990.

[NORM] Norman, Bruce, 'Secret Warfare', David & Charles,

Newton Abbot (Devon) 1973.

[NORW] Marm, Ingvald and Sommerfelt, Alf, "Norwegian," Teach

Yourself Books, Hodder and Stoughton, London, 1967.

[NSA] NSA's Friedman Legacy - A Tribute to William and

Elizabeth Friedman, NSA Center for Cryptological

[NSA1] NMasked Dispatches: Cryptograms and Cryptology in

American History, 1775 -1900. Series 1, Pre World War I
Volume I, National Security Agency, Central Security
Service, NSA Center for Cryptological History, 1993.

[OHAV] OHAVER, M. E., "Solving Cipher Secrets," Aegean Park

Press, 1989.
[OHA1] OHAVER, M. E., "Cryptogram Solving," Etcetera Press,
1973.

[OKLA] Andre, Josephine and Richard V. Andree, "Cryptarithms,"

Unit One, Problem Solving and Logical Thinking,
University of Oklahoma, Norman, Ok. Copy No: 486, 1976.

[OKLI] Andre, Josephine and Richard V. Andree, " Instructors

Manual For Cryptarithms," Unit One, Problem Solving and
Logical Thinking, University of Oklahoma, Norman, Ok.
Copy No: 486, 1976.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[OTA] "Defending Secrets, Sharing Data: New Locks and Keys for
Electronic Information," Office of Technology
Assessment, 1988.

[PEAR] "Pearl Harbor Revisited," U.S. Navy Communications

Intelligence, 1924-1941, U.S. Cryptological History
Series, Series IV, World War II, Volume 6, NSA CSS ,
CH-E32-94-01, 1994.

[PECK] Peck, Lyman C., "Secret Codes, Remainder Arithmetic, and

Matrices," National Counsil of Teachers of Mathematics,
Washington, D.C. 1971.

[PERR] Perrault, Charles, Tallement des Reaux, Les

Historiettes, Bibliotheque del La Pleiade, Paris 1960,
pp 256-258.

[PGP] Garfinkel, Simson, "PGP: Pretty Good Privacy," O'reilly

and Associates, Inc. Sebastopol, CA. 1995.

[PHIL] Phillips, H., "My Best Puzzles in Logic and Reasoning,"

Dover, 1961.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,

Ventura, Ca. 93003, 1994.

[PIE1] Pierce, Clayton C., "Privacy, Cryptography, and Secure

Communication ", 325 Carol Drive, Ventura, Ca. 93003,
1977.

[POLY] Polya, G., "Mathematics and Plausible Reasoning,"

Princeton Press, 1954.

[POL1] Polya, G., "How To Solve It.," Princeton Press, 1948.

[POPE] Pope, Maurice, "The Story of Decipherment: From Egyptian

Hieroglyphic to Linear B., Thames and Hudson Ltd., 1975.

[PORT] Barker, Wayne G. "Cryptograms in Portuguese," Aegean

Park Press, Laguna Hills, CA., 1986.

[POR1] Aliandro, Hygino, "The Portuguese-English Dictionary,"

Pocket Books, New York, N.Y., 1960.
[POUN] Poundstone, William, "Biggest Secrets," Quill
Publishing, New York, 1993. ( Explodes the The Beale
Cipher Hoax.)

[PRIC] Price, A.,"Instruments of Darkness: the History of

Electronic Warfare, London, Macdonalds and Janes, 1977.

[PROT] "Protecting Your Privacy - A Comprehensive Report On

Eavesdropping Techniques and Devices and Their
Corresponding Countermeasures," Telecommunications
Publishing Inc., 1979.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &

C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &

C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G &

C. Merriam Co., Norman, OK. 1981.

[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,

Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.

Merriam Co., Norman, OK. 1982.

[RAND] Randolph, Boris, "Cryptofun," Aegean Park Press, 1981.

[RB1] Friedman, William F., The Riverbank Publications, Volume

1," Aegean Park Press, 1979.

[RB2] Friedman, William F., The Riverbank Publications, Volume

2," Aegean Park Press, 1979.

[RB3] Friedman, William F., The Riverbank Publications, Volume

3," Aegean Park Press, 1979.

[REJE] Rejewski, Marian, "Mathematical Solution of the Enigma

Cipher" published in vol 6, #1, Jan 1982 Cryptologia pp
1-37.

[RELY] Relyea, Harold C., "Evolution and Organization of

Intelligence Activities in the United States,"
Aegean Park Press, 1976.

[RENA] Renauld, P. "La Machine a' chiffrer 'Enigma'", Bulletin

Trimestriel de l'association des Amis de L'Ecole
superieure de guerre no 78, 1978.

[RHEE] Rhee, Man Young, "Cryptography and Secure Commun-

ications," McGraw Hill Co, 1994

[RIVE] Rivest, Ron, "Ciphertext: The RSA Newsletter 1, 1993.

[RIV1] Rivest, Ron, Shamir, A and L. Adleman, "A Method for

Obtaining Digital Signatures and Public Key
Cryptosystems," Communications of the ACM 21, 1978.
[ROAC] Roach, T., "Hobbyist's Guide To COMINT Collection and
Analysis," 1330 Copper Peak Lane, San Jose, Ca. 95120-
4271, 1994.

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[ROHE] Jurgen Rohwer's Comparative Analysis of Allied and Axis

Radio-Intelligence in the Battle of the Atlantic,
Proceedings of the 13th Military History Symposium, USAF
Academy, 1988, pp 77-109.

[ROHW] Rohwer Jurgen, "Critical Convoy Battles of March 1943,"

London, Ian Allan, 1977.

[ROH1] Rohwer Jurgen, "Nachwort: Die Schlacht im Atlantik in

der Historischen Forschung, Munchen: Bernard and Graefe,
1980.

[ROH2] Rohwer Jurgen, et. al. , "Chronology of the War at Sea,

Vol I, 1939-1942, London, Ian Allan, 1972.

[ROH3] Rohwer Jurgen, "U-Boote, Eine Chronik in Bildern,

Oldenburs, Stalling, 1962. Skizzen der 8 Phasen.

[ROOM] Hyde, H. Montgomery, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[ROSE] Budge, E. A. Wallis, "The Rosetta Stone," British Museum

Press, London, 1927.

[RSA] RSA Data Security, Inc., "Mailsafe: Public Key

Encryption Software Users Manual, Version 5.0, Redwood
City, CA, 1994

[RUNY] Runyan, T. J. and Jan M. Copes "To Die Gallently",

Westview Press 1994, p85-86 ff.

[RYSK] Norbert Ryska and Siegfried Herda, "Kryptographische

Verfahren in der Datenverarbeitung," Gesellschaft fur
Informatik, Berlin, Springer-Verlag1980.

[SADL] Sadler, A. L., "The Code of the Samurai," Rutland and

Tokyo: Charles E. Tuttle Co., 1969.

[SACC] Sacco, Generale Luigi, " Manuale di Crittografia",

3rd ed., Rome, 1947.

[SALE] Salewski, Michael, "Die Deutscher Seekriegsleitung,

1938- 1945, Frankfurt/Main: Bernard and Graefe, 1970-
1974. 3 volumes.

[SANB] Sanbohonbu, ed., "Sanbohonbu kotokan shokuinhyo." NIDS

Archives.

[SAPR] Sapir, E., "Conceptual Categories in Primitive

 Language," Science: 74: 578-584., 1931.

[SASS] Sassoons, George, "Radio Hackers Code Book", Duckworth,

London, 1986.

[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," John Wiley and Sons,
1994.

[SCH2] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," 2nd ed., John Wiley and
Sons, 1995.

[SCHU] Schuh, fred, "Master Book of Mathematical Recreation,"

Dover, 1968.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San

Francisco, 1994.

[SEBE] Seberry, Jennifer and Joseph Pieprzyk, "Cryptography: An

Introduction to Computer Security," Prentice Hall, 1989.
[CAREFUL! Lots of Errors - Basic research efforts may
be flawed - see Appendix A pg 307 for example.]

[SHAN] Shannon, C. E., "The Communication Theory of Secrecy

Systems," Bell System Technical Journal, Vol 28 (October
1949).

[SHIN] Shinsaku Tamura, "Myohin kosaku," San'ei Shuppansha,

Toyko, 1953.

[SHUL] Shulman, David, "An Annotated Bibliography of

Cryptography," Garland Publishing, New York, 1976.

[SIC1] S.I. Course in Cryptanalysis, Volume I, June 1942,

Aegean Park Press, Laguna Hills , CA. 1989.

[SIC2] S.I. Course in Cryptanalysis, Volume II, June 1942,

Aegean Park Press, Laguna Hills , CA. 1989.

[SIG1] "International Code Of Signals For Visual, Sound, and

Radio Communications," Defense Mapping Agency,
Hydrographic/Topographic Center, United States Ed.
Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound, and

Radio Communications," U. S. Naval Oceanographic
Office, United States Ed., Pub. 102, 1969.

[SIMM] Simmons, G. J., "How To Insure that Data Acquired to

Verify Treaty Compliance are Trustworthy, " in
"Authentication without secrecy: A secure communications
problem uniquely solvable by asymmetric encryption
techniques.", IEEE EASCON 79, Washington, 1979, pp. 661-
62.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.
[SMIH] Smith, David E., "John Wallis as Cryptographer",
Bulletin of American Mathematical Society, XXIV, 1917.

[SMIT] Smith, Laurence D., "Cryptography, the Science of Secret

Writing," Dover, NY, 1943.

[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag Archipelago I-

III, " Harper and Row, New York, N.Y., 1975.

[SPAN] Barker, Wayne G. "Cryptograms in Spanish," Aegean Park

Press, Laguna Hills, CA., 1986.

[STAL] Stallings, William, "Protect Your Privacy: A Guide for

PGP Users," Prentice Hall PTR, 1995.

[STEV] Stevenson, William, 'A Man Called INTREPID',

Macmillan, London 1976.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"

CRC Press, London, 1995.

[STIX] Stix, F., Zur Geschicte und Organisation der Wiener

Geheimen Ziffernkanzlei, Mitteilungen des
Osterreichischen Instituts fir Geschichtsforschung,
LI 1937.

[STUR] Sturtevant, E. H. and Bechtel, G., "A Hittite

Chrestomathy," Linguistic Society of American and
University of Pennsylvania, Philadelphia, 1935.

[SURV] Austin, Richard B.,Chairman, "Standards Relating To

Electronic Surveillance," American Bar Association
Project On Minimum Standards For Criminal Justice,
Tentative Draft, June, 1968.

[SUVO] Suvorov, Viktor "Inside Soviet Military Intelligence,"

Berkley Press, New York, 1985.

[TERR] Terrett, D., "The Signal Corps: The Emergency (to

December 1941); G. R. Thompson, et. al, The Test(
December 1941 - July 1943); D. Harris and G. Thompson,
The Outcome;(Mid 1943 to 1945), Department of the Army,
Office of the Chief of Military History, USGPO,
Washington,1956 -1966.

[THEO] Theodore White and Annalee Jacoby, "Thunder Out Of

China," William Sloane Assoc., New York, 1946.

[THOM] Thompson, Ken, "Reflections on Trusting Trust,"

Communications of the ACM 27, 1984.

[TILD] Glover, D. Beaird, Secret Ciphers of The 1876

Presidential Election, Aegean Park Press, Laguna Hills,
 Ca. 1991.

[TM32] TM 32-250, Fundamentals of Traffic Analysis (Radio

Telegraph) Department of the Army, 1948.

[TORR] Torrieri, Don J., "Principles of Military Communication

Systems," Artech, 1981.

[TRAD] U. S. Army Military History Institute, "Traditions of

The Signal Corps., Washington, D.C., USGPO, 1959.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The Cipher
Dispatches, New York, 1879.

[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite de

Jean Tritheme ,Paris: Editions Traditionelles, 1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[TUKK] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[TURN] Turn, Rein, "Advances in Computer Security," Artec

House, New York, 1982. [Original papers on Public Key
Cryptography, RSA, DES]

[UBAL] Ubaldino Mori Ubaldini, "I Sommergibili begli Oceani: La

Marina Italian nella Seconda Guerra Mondiale," vol XII,
Roma, Ufficio Storico della Marina Militare, 1963.

[USAA] U. S. Army, Office of Chief Signal Officer,

"Instructions for Using the Cipher Device Type M-94,
February, 1922," USGPO, Washington, 1922.

[USAH] Gilbert, James L. and John P. Finnegan, Eds. "U. S.

Army Signals Intelligence in World War II: A Documentary
History," Center of Military History, United States
Army, Washington, D.C. 1993

[USSF] "U.S. Special Forces Operational Techniques," FM 31-20,

Headquarters Department Of The Army, December 1965.

[USOT] "U.S. Special Forces Recon Manual," Elite Unit Tactical

Series, Lancer, Militaria, Sims, ARK. 71969, 1982.

[VAIL] Vaille, Euggene, Le Cabinet Noir, Paris Presses

Universitaires de Frances, 1950.

[VALE] Valerio, "De La Cryptographie," Journal des Scienses

militares, 9th series, Dec 1892 - May 1895, Paris.

[VAND] Van de Rhoer, E., "Deadly Magic: A personal Account of

Communications Intilligence in WWII in the Pacific, New
York, Scriber, 1978.
[VERN] Vernam, A. S., "Cipher Printing Telegraph Systems For
Secret Wire and Radio Telegraphic Communications," J.
of the IEEE, Vol 45, 109-115 (1926).

[VIAR] de Viaris in Genie Civil: "Cryptographie", Publications

du Journal Le Genie Civil, 1888.

[VIA1] de Viaris, "L'art de chiffre et dechiffre les depeches

secretes," Gauthier-Villars, Paris, 1893.

[VOGE] Vogel, Donald S., "Inside a KGB Cipher," Cryptologia,

Vol XIV, Number 1, January 1990.

[VN] "Essential Matters - History of the Cryptographic Branch

of the Peoples Army of Viet-Nam, 1945 - 1975," U.S.
Cryptological History Series, Series V, NSA CSS,
CH-E32-94-02, 1994.

[WALL] Wallis, John, "A Collection of Letters and other Papers

in Cipher" , Oxford University, Bodleian Library, 1653.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and Eleven

Letters in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and

Greater in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius," in

Tudor Studies, Longmans and Green, London, 1924.

[WAY] Way, Peter, "Codes and Ciphers," Crecent Books, 1976.

[WEBE] Weber, Ralph Edward, "United States Diplomatic Codes and

Ciphers, 1175-1938, Chicago, Precedent Publishing, 1979.

[WELS] Welsh, Dominic, "Codes and Cryptography," Oxford Science

Publications, New York, 1993.

[WELC] Welchman, Gordon, 'The Hut Six Story', McGraw-Hill,

New York 1982.

[WELS] Welsh, Dominic, "Codes and Cryptography," Oxford Science

Publications, New York, 1993.

[WHOR] Whorf, B. L., "A Linguistic Consideration of Thinking In

Primitive Communities," In Language, Thought, and
Reality: Selected Writings of Benjamin Lee Whorf, ed. J.
B. Carroll, Cambridge, MA: MIT Press, pp. 65-86., 1956.

[WILL] Williams, Eugenia, "An Invitation to Cryptograms," Simon

and Schuster, 1959.

[WILD] Wildman, Ted, "The Expendables," Clearwater Pub., 1983

[WINJ] Winton, J., " Ultra at Sea: How Breaking the Nazi Code
Affected Allied Naval Strategy During WWII," New Uork,
William Morror, 1988.

[WINK] Winkle, Rip Van, "Hungarian: The Cryptogram,", March -

April 1956.

[WINF] Winterbotham, F.W., 'The Ultra Secret', Weidenfeld

and Nicolson, London 1974.

[WINR] Winter, Jack, "Solving Cryptarithms," ACA, 1984.

[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill Books,

NY, 1970.

[WOLF] Wolfe, Jack M., " A First Course in Cryptanalysis,"

Brooklin College Press, NY, 1943.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"

Crown Publishers, New York, 1990.

[XEN1] PHOENIX, "Xenocrypt Handbook," American Cryptogram

Association, 1 Pidgeon Dr., Wilbraham, MA., 01095-2603,
for publication March, 1996.

[YARD] Yardley, Herbert, O., "The American Black Chamber,"

Bobbs-Merrill, NY, 1931.

[YAR1] Yardley, H. O., "The Chinese Black Chamber," Houghton

Mifflin, Boston, 1983.

[YAR2] Yardley, H. O., "Yardleygrams", Bobbs Merrill, 1932.

[YAR3] Yardley, H. O., "The Education of a Poker Player, Simon

and Schuster, 1957.

[YOKO] Yukio Yokoyama, "Tokushu joho kaisoka," unpublished

handwritten manuscript.

[YOUS] Youshkevitch, A. P., Geschichte der Mathematik im

Mittelatter, Liepzig, Germany: Teubner, 1964.

[YUKI] Yukio Nishihara, "Kantogan tai-So Sakusenshi," Vol 17.,

unpublished manuscript, National Institute for Defense
Studies Military Archives, Tokyo.,(hereafter NIDS
Archives)

[ZIM] Zim, Herbert S., "Codes and Secret Writing." William

Morrow Co., New York, 1948.

[ZEND] Callimahos, L. D., Traffic Analysis and the Zendian

Problem, Agean Park Press, 1984. (also available
through NSA Center for Cryptologic History)

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

April 6, 1996
 Revision 0

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 10

POLYALPHABETIC SUBSTITUTION SYSTEMS I

VIGGY'S FAMILY AND QUAGMIRES I - IV
APPLICATIONS OF THE PRINCIPALS OF SYMMETRY

SUMMARY

In Lecture 10, we return to our course schedule with a study of

fascinating cipher systems based on multiple alphabets
-Polyalphabetic Substitution systems. What is amazing about
these systems is how long they remained secure. The Viggy
systems (my name for Vigenere) was considered unbreakable for
over 200 years. Along comes Major Kasiski, and poof, we have
recreational cryptography.

I think the best way to introduce the subject is via an

overview based on the Op-20-GYT course notes (Office of Chief
Of Naval Operations, Washington) [OP20]. From there, I will
bring in MASTERTON's dissolution of QUAGMIRES I-IV. [MAST]

In Lecture 11, we will revisit polyalphabetic cipher systems

and the polygraphic cases using Friedman's detailed analysis.
We will cover the PORTA system and other family members. I
will cover decimation processes in detail. [FRE4], [FRE5],
FRE6], [FRE7], [FRE8]

In Lecture 12, we will describe the aperiodic polyalphabetic

case and give a diagram of topics considered in Lectures 10 -
12. [FR3]

I have updated our Resources Section with many references on

these systems - focusing on the cryptanalytic attack and those
of historical interest. Kahn has some interesting stories about
the Viggy family. [KAHN]

POLYALPHABETIC SUBSTITUTION

A cipher system which employs two or more cipher alphabets and

includes a method for designating which cipher alphabet is to
be used for the encipherment of each plain-text letter, is
called a polyalphabetic substitution system. Cipher systems
employing variant values may appear to use more than one
alphabet, but they have characteristics of mono-alphabetic
substitution and are properly classified as such.

Polyalphabetic substitution systems consists of two general

types; periodic and non-periodic.

(a) In the periodic type the text of a message is divided

into definite, regular groups or cycles of letters which are
enciphered with identical portions of the key. Periodic
systems are further subdivided as follows:

(1) Multiple Alphabet Ciphers in which any number of

cipher alphabets are used in order designated by a
prearranged key.

(2) Progressive Alphabet Ciphers in which a primary

cipher alphabet and its 25 secondary alphabets are
used either in regular succession, sliding the
components one letter at a time, or in irregular
order according to a prearranged shift.

(b) In the non-periodic type there are no cyclic repetitions

of the key.

The cipher alphabets employed in multiple alphabet substitution

systems may be constructed by any number of methods. As an
example, the QUAGMIRE IV uses both vertical and horizontal
keywords.

Example:

Plain A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher 1 R T U V W X Y Z P E N C I L S A B D F G H J K M O Q
" 2 E N C I L S A B D F G H J K M O Q R T U V W X Y Z P
" 3 D F G H J K M O Q R T U V W X Y Z P E N C I L S A B

Here the plain component is a normal sequence, and the cipher

component are identical keyword sequences. The same keyword
sequences may be used in both the plain cipher components, or
different sequences may be used. The key which determines the
setting of the cipher alphabets against the plain component
(RED) may be any prearranged word or phrase. Also, each cipher
alphabet may be assigned a number and the alphabets used in
accordance with a prearranged numerical key.

The process of enciphering a message with the multiple alphabet

system above would appear as follows:

Cipher Alphabet No.

1-2-3-1-2-3-1-2-3-1-2-3-1-2-3-1-2-3-1-2-3-1-2-3

Plain - M Y C O U R S E Z E R O T H R E E Z E R O A T T
Cipher - I Z G S V P F L B W R X G B P W L B W R X R U N

1-2-3-1-2-3-1-2-3-1-2-3-1-2-3-1-2-3

Plain - H I R T E E N T H I R T Y T H R E E
Cipher - Z D P G L J L U O P R N O U O D L J

In order to reduce the chances of encipherment by the wrong

alphabet, the plain text is often written so that the letters
designated by the key for encipherment by each alphabet are
placed in the same vertical column.
Note the repetitions in the plain text which begin at the same
point in the key produce repetitions in the cipher text, while
others [may not] do not. Friedman discusses accidental
repetitions in [FR7].

PRINCIPLES OF FACTORING

Major Friedrich W. Kasiski (1805-1881) was a career officer in

East Prussia's 33 Infantry Regiment. He is credited with a
revolutionary insight regarding polyalphabetic repeating key
systems - that the conjuction of a repeated portion of the key
with the repetition in the plaintext produces a repetition in
the ciphertext. Like causes produce like effects. The
interval between plaintext or ciphertext repetitions is noted
throughout the cryptogram, factored and the commonality of the
factor is a good indication of the key and number of alphabets
used to encipher the original methods. The fall of the
Vigenere family is attributed to Kasiski's examination. [KASI]
[KAS1], [KAHN]

If there are several long repetitions in the cipher text of an

unknown system, the intervals between the initial letters of
these repetition have a common factor, this factor represents
the number of alphabets used to encipher the message and the
exact number of repetitions of the key.

A simple example:

Given the cryptogram:

IZGSV PFLBW RXGBP WLBWR XRUNZ

DPGLJ LUOPR NOUOD LJ

Factoring:

Repetition Interval Factors Common Factor(s)

LBWRX 9 3,3 3
LJ 12 2,2,3 3
UO 6 2,3 3

The "period" or common factor is three and this is the number

of alphabets employed.

Digraph and trigraph repetitions may be the result of chance

instead of plain text repetitions. [FR7] discusses in detail.

When factoring results in more than one common factor we shall

use the highest common factor and check with frequencies of the
expected alphabets to see how close to normal they are. Only
short messages fail to lead to the correct determination of the
number of cipher alphabets employed in the system. When
factoring fails on a longer message, an aperiodic cipher may
have been employed.
SOLUTION OF A MULTIPLE ALPHABET CIPHER

Phamplet Number 7, Office of Operations Cryptanalysis, Office

of the Chief of Naval Operations, Washington, 1930 [OP20]
prepared this problem for discussion.

From: A B (Black Force Commander)

To: CD, EF, GH, IJ (Black Ships)
Time Groups: 0013-2300 April 1930
Remarks: Cruiser transmitter.

Cryptogram written out in worksheet format:

Alpha. - 1 2 3 4 5 6 7 8 9 10 Alpha. - 1 2 3 4 5 6 7 8 9 10

1 K P T X S L I C T M 16 M V H A W A D G G Z

2 I A M C B B N M S Z 17 Y F A R Q V K M M Q

3 M J K A Q J B F Z A 18 K F M P S L G X A H

4 J G M B S L N P H H 19 E F W K G C B F T H

5 E E J Z W N C L O W 20 S V C B B U A H S S

6 Z F S A A S Z D E P 21 K P K D E C G O H Z

7 Z X C D J D D H A J 22 L V O D S C O C H A

8 O D B K A H P L G H 23 G V W B Z C A M O Z

9 A J M K T V A M K H 24 M J K A Q J B F J H

10 M B C A A C N W S Z 25 X B H A A V A K O S

11 Z D W I J K G M C X 26 K P K G U L T J O Q

12 M V X X U N B W Z T 27 D F Q Q J K K M H Z

13 I Y N C P O G H H W 28 H V H A E P Z W Q R

14 L G T B W P L V T T 29 O P L A U L B M O Z

15 O B O X J L R M H Z 30 M J K A Q J B F

Collateral Information:

The Black and Blue Fleets are engaged in war maneuvers in the
Caribbean Sea. The Fleets are not in contact. The location of
the enemy (the Black Fleet) is unknown. The message in
question was intercepted by the Blue Flagship at 0015 on 14
April 1930. The operator had reason to believe that a cruiser
sent the message.
The composition of the Black Fleet is as follows:

Battleships Cruisers

West Virginia (flag) Trenton (flag)

Maryland Marblehead
Tennessee Richmond
New Mexico Memphis
Mississippi
California

Destroyers Air Force

Litchfield (flag) Saratoga (flag)

Preble Langley
Pruitt Gannet
Noa
Decatur Submarine Force
Sicard
Hulbert Argonne (flag and tender)
V-1, V-2, V-3
William B. Preston

Factoring:

Repetition Interval Factors

ZMJKAQJBF 210 2,3,5,7,10

ZMJKAQJBF 270 2,3,3,5,10
ZMJKAQJBF 60 2,2,3,5,10
MHZMVHA 120 2,2,2,3,5,10
ZMV 40 2,2,2,5,10
ZMV 160 2,2,2,2,2,5,10
KPK 50 2,5,5,10

The highest common factor is 10; the period and number of

alphabets used is 10, so the sequence repeats itself after
each 10 letters.

"Lining-up" is one of the basic operations of solution.

We group the message in lines of ten letters. The letters in
each column are enciphered by the same alphabet. Checking the
frequency tables, each alphabet resembles a single alphabet.

Frequency Tables

#1 #2 #3 #4 #5 #6 #7 #8 #9 #10
A 1 A 1 A 1 A 9 A 4 A 1 A 4 A A 2 A 2
B B 3 B 1 B 4 B 2 B 1 B 6 B B B
C C C 3 C 2 C C 5 C 1 C 2 C 1 C
D 1 D 2 D D 3 D D 1 D 2 D 1 D D
E 2 E 1 E E E 2 E E E E 1 E
F F 5 F F F F F F 4 F F
G 1 G 2 G G 1 G 1 G G 4 G 1 G 2 G
H H H 3 H H H 1 H H 3 H 6 H 6
I 2 I I I 1 I I I 1 I I I
J 1 J 4 J 1 J J 4 J 3 J J 1 J 1 J 1
K 4 K K 5 K 1 K K 2 K 2 K 1 K 1 K
L 2 L L 1 L 1 L L 6 L 1 L 2 L L
M 7 M M 4 M M M M M 8 M 1 M 1
N N N 1 N N N 2 N 3 N N N
O 3 O O 2 O O O 1 O 1 O 1 O 5 O
P P 4 P P 1 P 1 P 2 P 1 P 1 P P 1
Q Q Q 1 Q 1 Q 4 Q Q Q Q 1 Q 2
R R R R 1 R R R 1 R R R 1
S 1 S S 1 S S 4 S 1 S S S 3 S 2
T T T 2 T T 1 T T 1 T T 3 T 2
U U U U U 3 U 1 U U U U
V V 6 V V V V 3 V V 1 V V
W W W 3 W W 3 W W W 3 W W 2
X 1 X 1 X 1 X 3 X X X X 1 X X
Y 1 Y 1 Y Y Y Y Y Y Y Y
Z 3 Z Z Z 1 Z 1 Z Z 2 Z Z 2 Z 9
30 30 30 30 30 30 30 30 29 29

SOLUTION BY KNOWN-WORD METHOD

When ample collateral information is available, the known-word

attack is the easiest and potentially the quickest method of
solution. From the given data, the message is presumably from
the Commander of a cruiser division to his four cruisers,
giving orders for scouting operations of the cruiser division.

The words most likely to appear are:

Scouting Scouting line Trenton Latitude

Course Scouting course Marblehead Longitude
Speed Scouting speed Richmond Hundred
Distance Scouting distance Memphis Numbers
Position Commence scouting Enemy Times/Dates

Our concern is not with guessing words but standardizing the

solution.

The Known-Word" method applied in two ways:

(1) Start at a particular point in the cryptogram indicated by

the repetitions, symmetrical sequences, and try to fit the
known-word at this point. This is called the "Obvious
Location Method."

(2) Start with a "Known-word" and find a place where it will

fit. This may be called the "Obvious Word Method."

The best method to use depends on the circumstances. In this

problem both methods apply.

OBVIOUS LOCATION

The long repetitions are words or phrases, important to the

subject of the message, and may be known-words. They are
excellent points of attack. The beginning of the message or
the end of the message are usually good points of attack.

The second longest repetition is the right length for Trenton,

Memphis, or Hundred; furthermore it links in the letters of the
longest repetition.

Original Assumptions -

MHZ MVHA lines 15-27 TRENTON is best assumption.

TRE NTON
MEM PHIS
HUN DRED

Check

MOZ MJKAQJBF lines 24, 30 MOZ MJKAQJBF could be

T E N N Excellent TEE NHUNDRED excellent
M M P S Poor THE E--N --- poor
H N D D Poor

Check
MCZ MVX lines 1-12
TWE NTY excellent
M M PH poor
H V DP poor

Check the values of TEEN HUNDRED and TRENTON

Line 2-3 12345678910 12345678910

IAMCBBNMSZ MJKAQJBFZA
T E NHUNDRED
suggests ATTE NHUNDRED

Line 23-24 GVWBZCAMOZ MJKAQJBFDI

T TEE NHUNDRED
suggests THIR
FOUR
FIF
SIX
ATSEVEN
EIGH

Lines 29-30 OPLAULBMOZ MJKAQJBF--

N ETEE NHUNDRED
suggests NINETEE NHUNDRED

It is possible that all the above assumptions are incorrect but

they are too good to ignore. We enter the above values into
the cryptogram to see if skeletons of words appear.

Possibilities are indicated below:

Lines 19-20 12345678910 12345678910

EFWKGCBFTH SVCBBUAHSS
ED T T
SPEEDFI FTEENKNOTS
SI X
Line 19 ED could be Speed.. building on that we have other
possibilities.

Lines 21-22 KPKDECGOHZ LVODSCOCHA

U RE T R
COURSETHRE ETHREEZERO

Lines 11-12 ZEWIJKGMCZ MVXXUNBWZT

T E NT E
TWE NTYMILES
T THREE
FIVE

TRENTON is the most obvious break. Check letter-combinations

of frequencies to see which of the three chosen words fitted
best.

HZ =1 ZMV=1 ZM =4 HA=1
RE ENT EN ON Trenton is only assumption
EM MPH MP IS
UN NDR ND ED

Frequency 869 7639

Cipher MHZ MVHA

Frequency XXX XXXX X = high frequency

Plain TRE NTON
- = intermediate frequency
Frequency -X- --XX
Plain MEM PHIS O + low frequency

Frequency --X -XX-

Plain HUN DRED

OBVIOUS WORD METHOD - LOCATION BY FREQUENCIES

One method of fixing the location of an obvious word is by

frequencies, provided the obvious word has one or more letters
of very low frequency. The word should be 10 or more letters
to be practical.

The possibilities are RENDEZVOUS and MARBLEHEAD.

First, frequencies are written over each letter of the

cryptogram. The Known-word is put on a card and slid over the
cryptogram until it fits with the very low frequency letters
and neighbors. This method is rather tedious and painful, but
good in a pinch.

OBVIOUS WORD METHOD - LOCATION BY SYMMETRY OR REPETITIONS

Location of words by symmetry is commonly employed when dealing

with single key ciphers. With double key ciphers its
application depends much on chance. If the alphabets are
repeated in the key or the key is short, we employ a limited
form of symmetry.

With a non repeating key or very long key, this method fails.
With a fairly short key we employ this method provided:

(1) We assume a word or phrase longer than the key, and

(2) This word or phrase happens to contain a letter repeated
at an interval equal to the length of the key.

For our sample problem, one of our choices might be

10 letter key - SCOUTINGDISTANCE

Therefore, any place in the cryptogram where two successive

lines have common letters in the same column is a possible
location of our word. Failure to find this location,
eliminates the possibility of this word.

Table one partially shows the ciphertext where repeated letters

are ten spaces apart. Of the twelve possibilities for the word
"SCOUTINGDISTANCE" some are eliminated by frequencies of the
letters C,G,C, others by letter combinations and the balance by
test. All fail.

Our Navy students would try the scouting line of cruisers as:

4 3 1 2
MEMPHIS RICHMOND TRENTON MARBLEHEAD
2 1 OR 3 4
MARBLEHEAD TRENTON RICHMOND MEMPHIS
(flag)

These names might appear as follows:

MEMPHISRIC MARBLEHEAD
HMONDTRENT OR TRENTONRIC
ONMARBLEHE HMONDMEMPH
AD IS

These can be checked against Table I and cross checked by

frequency or digram analysis.

We have a little luck at Line 14 - 15 - 16

Line 14 LGTBWPLVTT
--MEMPHISR

Line 15 OBOXJLRMHZ
ICHMONDTRE
 Line 16 MVHAWADGGZ
NTONMARBLE

check

Line 29 OPLAULDMOZ Line 11 MOZ

I N N T E I E
NINETEE TWE

Line 30 MJKAQJBF Line 12 MVX

NHUNDRED NT
NTY

OBVIOUS LOCATION METHOD

Table I gives a list of obvious locations. We suspect

the word COURSE followed by a ZERO and ONE TWO or THREE.

Some possibilities are:

COURSEZERO COURSETHRE
FOUR EZERO

COURSEONET COURSETHRE
WO EONE

COURSEZERO (promising but no check)

FOUR

COURSETHRE
ETHREE (checks with #9 in Table I)

Assumption

Line 21 KPKDECGOHZ Line 26 S KPKGULT

COU
S COUTING

Line 22 LVODSCOCHA
ETHREEZERO

Both assumptions are entered into the cryptogram.

TABLE I

Lines Reference

6-7 ZFSAASZDEPZXCDJD 1
8-9 KAHPLGHAJMKTVAMK 2
8-9 HAJMKTVAMKHMBCAA 3
10-11 ZZDWIJKGMCZMVXXU 4
15-16 ZMVHAWADGGZYFARQ 5
17-18 FARQVKMMQKFMPSLG 6
18-19 FPMSLGXAHEFWKGCB 7
18-19 HEFWKGCBFTHSVCBB 8
21-22 DECGOHZLVODSCOCH 9
21-22 CGOHZLVODSCOCHAG 10
21-22 HZLVODSCOCHAGVWB 11
22-23 VCDSCOCHAGVWBZCA 12
22-23 COCHAGVWBZCAMOZM 13
24-25 AQJBFJHXBHAAVAKO 14
25-26 OSKPKGULTJOQDFQQ 15
28-29 AEPZWQROPLAULBMO 16
29-30 AVLBMOZMJKAQJBF 17

TABLE II

12345678910 12345678910 12345678910 12345678910

COURSEZERO COURSETHRE COURSEONE COURSETWO
ZERO EZERO ERO Z ERO Z
ONE ONE NE O NE O
TWO TWO WO T WO T
THREE THREE HREE T HREE T
FOUR FOUR OUR F OUR F
FIVE FIVE IVE F IVE F
SIX SIX IX S IX S
SEVEN SEVEN EVEN S EVEN S
EIGHT EIGHT IGHT E IGHT E
NINE NINE INE N INE N

COURSEZERO COURSETHRE COURSEONET COURSETWOT

FOUR EZER WO WO
EONE
ETHREE

DISCOVERY OF THE SYSTEM

We study the values assumed previously:

Value Alphabets Value AlphabetS

C=E 3,6,8 H=O, O=H 3,6,8
O=H 3,8 N=L,L=N 3,6,8
H=O 3,8 K=U, U=K 3,6,8
B=E 4,7 N=A,A=N 4,7
A=N 4,7 S=E,E=S 5

The common values indicate that alphabets 3,6, and 8 are

identical and similarly so are 4 and 7. Five reciprocal
values are noted without inconsistencies. Seven different
alphabets are used. The alphabets are probably reciprocal.
If the seven alphabets are Secondary (derived from the same
cipher component set against the same plaintext but in
different alignments) a short cut solution is possible. We can
next combine the alphabets into one system.

We have enough clear text to solve the cryptogram - I leave the

balance to the student.

Alpha. - 1 2 3 4 5 6 7 8 9 10 Alpha. - 1 2 3 4 5 6 7 8 9 10

1 K P T X S L I C T M 16 M V H A W A D G G Z
C O M E N E N T O N R E

2 I A M C B B N M S Z 17 Y F A R Q V K M M Q
T N A T T E D S T

3 M J K A Q J B F Z A 18 K F M P S L G X A H
N H U N D R E D O C T E N T Y I

4 J G M B S L N P H H 19 E F W K G C B F T H
T E E N A R I S S P E E D I

5 E E J Z W N C L O W 20 S V C B B U A H S S
R L N E T E E N K N O T S

6 Z F S A A S Z D E P 21 K P K D E C G O H Z
N C O U R S E T H R E

7 Z X C D J D D H A J 22 L V O D S C O C H A
E R R O E T H R E E Z E R O

8 O D B K A H P L G H 23 G V W B Z C A M O Z
S O N I A T S E V E N T E E

9 A J M K T V A M K H 24 M J K A Q J B F J H
H T S N T I N H U N D R E D I

10 M B C A A C N W S Z 25 X B H A A V A K O S
N E N E A S T E O N N U E S

11 Z D W I J K G M C X 26 K P K G U L T J O Q
S U T T W E C O U T I N R E
12 M V X X U N B W Z T 27 D F Q Q J K K M H Z
N T Y M I L E S U S T R E

13 I Y N C P O G H H W 28 H V H A E P Z W Q R
I H T O R N T O N S S

14 L G T B W P L V T T 29 O P L A U L B M O Z
E E O N N I N E T E E

15 O B O X J L R M H Z 30 M J K A Q J B F
H M N T R E N H U N D R E D
 TABLE III
DECIPHERING TABLE

PLAIN- A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

1 G K L M
2 J P V
3 C O H J W K X
4 B X A D K
5 Q S U B G E Z
6 C U N L
7 N B A G O
8 F C O H W M
9 O H S C
10 Z H A S

TABLE IV
ENCIPHERING TABLE

PLAIN- A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 G K L M
2 J P V
3-6-8 F C O U N L H J W M K X
4-7 N B X A D K G O
5 Q S U B G E Z
9 O H S C
10 Z H A S

Op-20-G gives us the quick and dirty of the problem. We need

to understand what equivalent cipher alphabets are and how the
multiple alphabet system lends itself to reconstruction.

EQUIVALENT CIPHER ALPHABETS

Any sequence containing 26 letters may be rearranged so that

all the letters which are originally separated by equal
intervals will also be spaced at equal intervals in the new
related sequences. Including the original sequence, a total of
of six related sequences may be constructed. [Friedman expands
on this principle in FR7.]

Example:

1 3 5 7 9 11
1 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

2 A D G J M P S V Y B E H K N Q T W Z C F I L O R U X

3 A F K P U Z E J O T Y D I N S X C H M R W B G L Q V
4 A H O V C J Q X E L S Z G N U B I P W D K R Y F M T

5 A J S B K T C L U D M V E N W F O X G P Y H Q Z I R

6 A L W H S D O Z K V G R C N Y J U F Q B M X I T E P

In this example, a normal alphabet sequence has been re-spaced

to form five related sequences. In constructing them, the
original sequence is regarded as a circle and the letters are
counted off in equal intervals, then written in adjacent
positions to form a related sequence.

Only the odd intervals from 3 - 11 can be used in re-spacing a

26 letter sequence to form different related sequences.
{primes} Even intervals will produce only 13 letter sequences,
and the interval 13 can not be used. Odd intervals from 15-25
will produce identical sequences with those from 1-11 but in
reversed direction. (like the Porta)

Cipher alphabets may be re-spaced to form equivalent cipher

alphabets by the same process as that applied to construct
related sequences.

Example:

Original Cipher Alphabet

Plain - D I P L O M A C Y B E F G H J K N Q R S T U V W X Z
Cipher - V W X Z T H U R S D A Y B C E F G I J K L M N O P Q

Equivalent Cipher Alphabet

Plain - D L A B G K R U X I O C E H N S V Z P M Y F J Q T W
Cipher - V Z U D B F J M P W T R A C G K N Q X H S Y E I L O

An equivalent cipher alphabet can not be distinguished from the

original cipher alphabet unless a systematic construction or
some outside information is available to identify the original
one. The secondary alphabets generated by shifting the points
of coincidence of the plain and cipher components are the same
alphabets regardless of which equivalent cipher alphabet has
been shifted.

Example:

Original Cipher Alphabet

Plain - D I P L O M A C Y B E F G H J K N Q R S T U V W X Z
Cipher - X Z T H U R S D A Y B C E F G I J K L M N O P Q V W

Equivalent Cipher Alphabet

Plain - D L A B G K R U X I O C E H N S V Z P M Y F J Q T W
Cipher - X H S Y E I L O V Z U D B F J M P W T R A C G K N Q

The secondary alphabet of this example has been derived by

shifting the cipher component of the original alphabet of the
previous paragraph, and the equivalent secondary cipher
alphabet by shifting the cipher component of the equivalent
alphabet of the previous paragraph.

The number of spaces each cipher component has been shifted is

not the same in each case, yet the plain and cipher values
correspond exactly. This illustrates the most important
principle of symmetry in the secondary alphabets.

RECONSTRUCTION OF MULTIPLE ALPHABET SYSTEMS

When the same sequence has been used for each of the cipher
components of a multiple alphabet system, there are definite
relationships between the individual cipher values which may be
used in recovering other cipher values after a few have been
identified through analysis.

(a) When the plain component is originally a normal sequence

the cipher sequences will be recovered in their original order
and new values may be placed in the various cipher components
as soon as their relative positions have been established.

(b) When the plain and cipher components are originally the
same mixed sequence, the plain component enters into the
reconstruction in the same manner as the other cipher
component.

(c) The reconstruction of a multiple alphabet system in

which the plain component is a different mixed sequence from
that used in the cipher components, requires a relatively large
number of values for analysis.

The principles are explained by another example in which the

plain and cipher components are different mixed sequences:

Plain 0 - D I P L O M A C Y B E F G H J K N Q R S T U V W X Z
Cipher 1 - O P Q V W X Z T H U R S D A Y B C D F G I J K L M N
2 - N O P Q V W X Z T H U R S D A Y B C E F G I J K L M
3 - E F G I J K L M N O P Q V W X Z T H U R S D A Y B C

The interval between letters of two cipher components, letters

which occur in the same vertical column, is equal to the amount
of displacement of one component from the other.

O (1) To N(2) is an interval of one, the amount of shift

between the cipher components (1) and (2).

E (3) to O (1) is the same interval as O (3) to U (1), and is

the same interval as U (3) to F (1), etc.

Thus a chain of letters, EOUF with current relative spacings

could be made from the vertical relationship alone, when the
order of plain component sequence is unknown. A set of
equivalent alphabets might be the result of construction by
this means, but the original in this case would be recognized
when the proper spacing is found.

If the vertical relationship is used between components which

are displaced an even number of letters, such as ciphers (2)
and (3), a chain of 13 letters will result, and if the
components were originally displaced 13 letters, they would
show only reciprocal relationships.

APPLICATION OF SYMMETRY PRINCIPLES

Suppose the Enciphering table obtained during the solution of a

cryptogram appeared as follows:

Plain 0 - A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher 1 - Z U T R D A P V C W G I H
2 - X H Z N U D O W B V E F G T
3 - L E P W F I K T J U R S

Since the interval between R and P in the cipher sequence is

the same as that between P and F, we may arbitrarily assume
this interval to be one and build up a cipher sequence
accordingly.

The vertical columns remain unchanged. We write:

0 E I R in the third cipher S E I

1 R P F component appears under G R P F U O
2 U O S plain, so we continue G R P F U O
3 R P F G R P F U O

The progress of adding values to the plain and cipher sequences

progresses through the various stages:

0 T S E I R B Y
1 I S G R P F U O E H T
2 I S G R P F U O E H T
3 I S G R P F U O E H T

0 O L T S E I R B Y N C
1 W J V I S G R P F U O E H C T B Z
2 W J V I S G R P F U O E H C T B Z
3 W J V I S G R P F U O E H C T B Z

0 M H O G L T S E I R B Y N C A
1 L X K A W J D V I S G R P F U O E H C T B Z
2 K A W J D V I S G R P F U O E H C T B Z L X
3 X K A W J D V I S G R P F U O E H C T B Z L
The intervals between E, F, G and between V, W, X in the cipher
sequence obtained above, indicate the equivalent alphabets have
been recovered which should be re-spaced by counting off every
third letter in the reverse direction.

0 I L O M A C Y B E G H N R S T
1 O P V W X Z T H U R S D A B C E F G I J K L
2 O P V W X Z T H U R S D A B C E F G I J K L
3 E F G I J K L O P V W X Z T H U R S D A B C

CONTINUATION OF BLACK FORCE CRYPTOGRAM

A few more values are necessary in Table IV in order to

completely reconstruct the system used.

Line 1 Line 18

Alpha 1 2 3 4 5 6 7 8 9 10 Alpha 1 2 3 4 5 6 7 8 9 10
Cipher K P T X S L I C Cipher K F M P S L G X A H
Plain C O M E N E Plain C T E N T Y I
New M C New W

Line 3 to 5

Alpha 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 1
Cipher M J K A Q J B F Z A J G M B S L N P H H E
Plain N H U N D R E D O T E E N A R I
New F U R P L

Adding these new values to Table IV gives the following table

for use in reconstruction of the system:

TABLE IV
Revised
ENCIPHERING TABLE

PLAIN- A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 G K L E M J
2 J P V
3-6-8 F C O U N T L H P J W M K X
4-7 N I B X A D K G P O
5 Q S U B G E Z
9 O Z H S C
10 Z H A S

The reciprocal relationship will be ignored.

On account of L and B being found in two vertical columns, a

good starting point is to assume that L and B are adjacent in
the cipher component. Then we would have the following in the
cipher component: GN, KI, MA, FQ, CS, PQ, AND WE.

Using the PGN sequence in the first three cipher components,

partial reconstruction can be made:

PLAIN- W T A O R P L
1 P G N W E
2 V P G N
3-6-8 M A H J P G N
4-7 P G N D
5 P G N
9 C S H J
10 M A

Since HJ appears with the same interval as LB, then OC and SM

are also adjacent in the cipher sequence being constructed.

PLAIN- H E W T A S O R Z N P L U
1 L B P G N O C S M A W E H J
2 H J V L
B P G N
3-6-8 O C S M A W
E H J V L B P G N K
4-7 L B P G N K
I D O C S M A
5 O C S M A W E
H J V L B P G N
9 O G S M A W E H J V
10 O C S M A

We combine the three partials:

PLAIN- H E W T A S O R Z N P L U
1 L B P G N O C S M A W E H J
2 H J V L B P G N
3-6-8 O C S M A W E H J V L B P G N K I D
4-7 L B P G N K I D O C S M A
5 O C S M A W E H J V L B P G N
9 O G S M A W E H J V
10 Z O C S M A

I think you can see that most of the cipher sequence could be
obtained without considering the fact that the plain component
is the same sequence reversed. The important point is that the
complete system may be reconstructed from relatively few values
obtained through analysis of the cryptogram.

The sequence used in this problem is randomly mixed, therefore

the original one can not be distinguished from a related one
which may be reconstructed. The ten cipher components are set
with the key GUANTANAMO under the A plain.

FURTHER REMARKS

The same method used in determining which cipher values

probably represent vowels or consonants may be applied to poly-
alphabetic substitution ciphers as described in Lectures 1 and
2. However, the values in each alphabet must be considered
with their respective prefixes and suffixes in adjacent
alphabets, in studying the frequencies of their combinations.

After the original sequences of a poly-alphabetic substitution

system are recovered, subsequent messages using these sequences
may be solved by a modified method. The "generatrix frequency"
method was developed by W. F. Friedman and is described in FR7.

SOLVING CIPHER SECRETS

MASTERTON (Frank W. Lewis) was a personal 'pick' of William F.

Friedman. His experience and book [MAST] is as insightful as
it is brilliant. He takes us through the QUAGMIRE family. The
American Cryptogram Association calls the class of periodic
polyalphabetic substitution QUAGMIRES I, II, II, IV after the
terminology used for keying Aristocrats. QUAGMIRES have a
mixed alphabet in at least one of the components. QUAGMIRE I
uses a keyword-mixed plain component with a determined number
of normal cipher alphabets at different settings; QUAGMIRE II
uses a normal plain and various settings of the same mixed
cipher component; QUAGMIRE III employs the same mixed alphabet
for plain and cipher (juxtaposition repeated on a cycle); and
QUAGMIRE IV which has one mixed alphabet for plain and a series
of slides of another mixed alphabet for the cipher components.
[MAST] The use of normal alphabets on a cycle, either direct
or reverse, is a weakness because the components are known and
are more vulnerable to solution.

QUAGMIRE I

We will take the QUAGMIRES in turn, making sure we understand

the method of encipherment and tricks of unraveling the text.

Lets build an alphabet on the Keyword ENCIPHERMENT:

E N C I P H R M T A B D F G J K L O Q S U V W X Y Z

Let us take a NORMAL alphabet, with C under the first letter of

plain sequence. This is cipher setting No 1. Slide the normal
alphabet to I, under E, P, H, E, R to get:

Plain 0 E N C I P H R M T A B D F G J K L O Q S U V W X Y Z
Cipher 1 C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
2 I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
3 P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
4 H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
5 E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
6 R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

I have numbered the alphabets for ease of use. The initial

column keyword is standard practice.

To encipher the word regarding: The first R is found in the

plain sequence, and the letter under it in alphabet 1 is I, we
use the cipher alphabets sequentially and return to alphabet 1
after using the sixth alphabet.

QUAGMIRE I ATTACK

Given:

WBFWX LWVPY WICQJ HJYDL LNABF JCQFB BHMPA XGKIU CRHVK

YNEJO VMDEJ SPQPT GLFFB YOEYD MIHYY JJCPY YDVIE TOFXX

LWPSC YTBKJ ORCYZ DBYDH YHR.

The Cryptogram usually provides a tip: "ILEANDTHENREPLIED. "

This will appear in the text someplace.

The repeat method of factoring doesn't work to well on this

example. So assume 6, 7 or 8. Write the crib based on those
cycles.

awh awh awh

ILEAND ILEANDT ILEANDTH
THENRE HENREPL ENREPLIE
PLIED IED D

We have added a possible text of awh to the crib. The middle

crib has the I over an I 13 letters apart and the E's interval
of 6. The stretch of cipher we want will have a repeat as:

----X------Y-----XY---.

The stretch "glffbYoeydmihYyjjcpYYdvie" fits the bill. We

rewrite the cryptogram into a cycle of seven letters either in
columns or rows. We fill in the tip and number the alphabets:

1234567 1234567 1234567 1234567 1234567 1234567 1234567

WBFWXLW VPYWICQ JHJYDLL NABFJCQ FBBHMPA XGKIUCR HVKYNEJ

1234567 1234567 1234567 1234567 1234567 1234567 1234567

OVMDEJS PQPTGLF FBYOEYD MIHYYJJ CPYYDVI ETOFXXL WPSCYTB
a whILEAN DTHENRE PLIED

1234567 1234567 1
KJORCYZ DBYDHYH R.

We prepare a deciphering tableux, putting the plain values

above the normal cipher strip and using the plain E to start.

Plain 0 E
-----------------------------------------------------
Cipher 1
2
3
4 U V W X Y Z A B C D E F G H I J K L M N O P Q R S T 5
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
6
7 F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

Since the fourth alphabet also has a plain L, we enter it on

the top line, and similarly place a plain N from the fifth
alphabet. The N is confirmed by its appearance in the 7th
alphabet, so we know we are on the right track.

Since we have the plain L, the second alphabet comes in too and
hence the plain H and T. This gives us the third alphabet and
the plain I. There is more help. Looking down the various
columns we find the Keyword COUNTRY which must have been placed
under the first letter of the plain sequence. Snowballs.

Plain 0 A B C D E H R T P L W I N G
-----------------------------------------------------
Cipher 1 J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
2 V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
3 B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
4 U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
5 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
6 Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
7 F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

The clues add up. The Keywords are PLOWING and COUNTRY.

The RST sequence is obvious. The message reads: The city

slicker asked the farmer what's your mules name? The farmer
thought awhile and replied I don't rightly know but I call him
JACK.

QUAGMIRE II

This polyalphabetic substitution uses a Normal plain and a

keyword mixed cipher alphabet. Lets tackle a problem with the
tip of 20 letters TAPHORICORTABOONATUR and also the tip
"usage." Sometimes we have hunches. Assume the period is 10,
and write out the tip on this basis. Nice pattern with a
digraphic hit TT, OO, RR

TAPHORICOR
TABOONATURe I have added the e
possibility.

and the cipher is:

12345678910 12345678910 12345678910 12345678910 12345678910

GJGQHJLELW SZGGETGMQS YVAHUOLFYN NIRJHVKJDS XMZVUEPETG
12345678910 12345678910 1
HIAHWZOTFN HIHVWQUQDN UENAEQMFQA YXIOVUIVYG NYLUJMOCVL
TAPHORICOR TABOONATUR e

RXSOTVSSMT CIIFHVEFYA VJLEUVDQFX OZJHNNUHQY EOGQDYGHEG

RXVVVOBVYY SR

Now we develop the deciphering tableaux.

Plain 0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
-----------------------------------------------------
Cipher 1 U H
2 I
3 H A
4 H N
5 W
6 Q Z
7 U O
8 T Q
9 F D
10 N

QUAGMIRE II ATTACK

We know that the plain sequence is normal. it is in the right

order and we can base our interval analysis on the plain. We
introduce Mr. Friedman's principle of symmetry to discover the
relationships in the cipher alphabets.

We know that the cipher text reads from left to right just as
we see it. The skeleton sequence is:

H------V------A, Q---Z----T, U-------O, and F-----D,

We can fill in a few letters. The Q---Z is either QVW-Z or Q-

VWZ. In No 1 Q cipher is either Y or Z and Z cipher is either C
or D. [MASTERTON jumps in with a NIO combination and VW but I
didn't see this until after the solution.] Alpha 4 puts V +6
from H, transposing that to alpha 1, puts a V under the A
plain, and suggests Q V W X Z sequence with Y in the Keyword.
X is pretty unpopular in keywords so we will go with this
assumption.

INTERMEDIATE DECIPHERING TABLEUX

Plain 0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
-----------------------------------------------------
Cipher 1 V W X Z U ? ? A T O H Q
2 I
3 H Q V W X Z U ? ? A T O
4 H Q V W X Z U A T
5 H Q V W X Z U A T O
6 O H Q V W X Z U A T
7 U T O H Q V W X Z
 8 A T O H Q V W X Z U
9 F D
10 N

So we build up alpha's 1, 3, 5, 6, 8. We can place the H's

back in them from the Q by -6. in alpha 8 and 5. We see that
U +8 = O in alpha 7. The sequence ---A starts the keyword from
alpha three. Look at the T behind the Q by -17 offset in
alpha 8. Remember my assumed 'e' = U in alpha 1. We place this
hunch and let it play through.

We have U - - AT ........Y. I see the prefix UN and digram SA.

The word "unsatisfactory" comes to mind but I haven't got
enough hard evidence yet. We have a U +8 to O in the 7th
alpha. Fill in the alphas.

FINAL DECIPHERING TABLEUX

Plain 0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
-----------------------------------------------------
Cipher 1 V W X Z U n s A T i f c O r Y b d e g H j k l m p Q
2 I
3 H Q V W X Z U ? ? A T O
4 H Q V W X Z U A T
5 H Q V W X Z U A T O
6 O H Q V W X Z U A T
7 U T O H Q V W X Z
8 A T O H Q V W X Z U
9 F D
10 N

I know that Y is in the keyword and could be the last letter of

it. Look at the F-----D sequence. F is in the keyword and the
O-------H is the only area than can fit the F and the Y.

Plug in my UNSATifcOrY guess. The lower letters require

checking. Alphabet 1 fits the key as UNSATISFACTORY adjusted
for duplicate letters.

The message reads in part: Slang is language or phrases of a

vigorous colorful metaphoric or taboo nature invented to ...

QUAGMIRE III

The QUAGMIRE III is a very important class of ciphers because

they introduce the one of the most important tools invented by
Mr. Friedman, as explained in his Riverbank papers, called
"Direct and Indirect Symmetry."

The title of this problem is "Inertia in the British Labor

Market" and has the tip "ANDTHREECALLINGFORAMANTOSTANDON."

IBWVU PLTPJ TKPPM YCTDV XYGNY QYNTW NFSUI XNACX CFTGV

AIKPS RTCOJ JWPRR VOLAA ZRURJ NUIXM XPQBV UIBWO GPCDP

LNNRD FPSLI BUGOC DOTWK CPIRQ RVQGY GCXLV MNOBE QFVOL

GBWGP ATNJL YWRMW EKLAA VICVE AQBKU VFJUR DVIOZ MPTZO

VSLIH QBQXF LLLWH PUSGV XP.

QUAGMIRE III ATTACK

Note the repeat of the first three letters IBW at interval 81.
If the message starts with THE and the period turns out to be 9
we have found a wedge. Next place the tip in columnar line for
a cycle of nine.

A N D T H R E E C A I K P S R T C O
A L L I N G F O R J J W P R R V O L
A M A N T O S T A A A A R U R J N U
N D O N t w o f e e t ? I X M X P Q B V U
t h e ------- ? I B W O G P C D P

(also first three IBW)

The three A's in the first column followed by the two N's
prove the period of 9. This is not accidental. My guesses
of additional plain text are partially right - 'the' as you
will see later. Note the triple R's, two U's and Two I's in
the ciphertext lined up by columns in a period of 9.

Break the ciphertext into groups of nine.

123456789 123456789 123456789 123456789 123456789

IBWVUPLTP JTKPPMYCT DVXYGNYQY NTWNFSUIX NACXCFTGV

AIKPSRTCO JJWPRRVOL AAARURJNU IXMXPQBVU IBWOGPCDP

ANDT HREECALLI NGFORAMAN TOSTANDON THE

LNNRDFPSL IBUGOCDOT WKCPIRQRV QGYGCXLVM NOBEQFVOL

GBWGPATNJ LYWRMWEKL AAVICVEAQ BKUVFJURD VIOZMPTZO

VSLIHQBQX FLLLWHPUS GVXP.

Place the extended tip. In a QUAGMIRE III, or in any case

where the cipher component is the same as the plain component,
if one cipher -plain matches E for E, all pairs must match,
for the sequence is set A to A, B to B, etc. When this
happens, we get a column of our write-out as "free plain text,"
which is of considerable help.

I can not overemphasize the next step. Because of the K3

nature of the keying, the Plain component and the Cipher 1
alphabet represents pairs that are the same distance removed -
H to J, N to A, T to I, in this case. Similarly G to A, H to
B, O to X, and R to J are equally separated - though not at the
same interval as the first pairs obtained from line 1.
(Obviously, if H to J is "x" distance, H to B cannot be the
same distance.) Check this observation of Symmetry on the
decipher tableaux.

INITIAL DECIPHERING TABLEUX

Plain 0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
-----------------------------------------------------
Cipher1 J A I
2 A B X J
3 W A M
4 P R X
5 P R U
6 R Q
7 B V J T
8 N C O V
9 L U O

Let us write down all the pairs we get by going from plain to
cipher in each of the alphabets in turn. We can also write
down the from the sidewise relationships. For instance, A to C
on the plain sequence is the same distance P to R on Row 5. In
addition, Row 7 to Row 8 tells us that BC is the same distance
apart as VO.

This is a most powerful tool in solution of a sequence against

itself. You can imagine a little "square" and go up, or down,
or across, to find relationships within and between both plain
and cipher components.

Plain sequence to Row 1 HJ NA TI

2 GA HB OX RJ
3 EW FA SM
4 EP OR TX
5 AP CRU (CR-RU)
6 AR NQ
7 DB LV MJ NT
8 AN DC LOV (LO-OV)
9 IL NU TO
>From Plain A to C AC PR
>From Row 7 to 8 BC VO

There are a lot of relationships. I have not listed the

sidewise ones like Plain to Row 1 - H to N and J to A.

MASTERTON points out that Row 1 is the reverse of Row 8.

[MAST] I didn't see this "little" jump.

But I did make sense of the three letter chains; if L-O is the
same as O-V we have a three letter segment. Do you see that
the pairs in the listing above are separated by one letter in a
sequence obtained from the next set, as evidenced by LV in 7
and LOV in 8? We can add the two together:
 DCB LOV M-J AN-T

Look at the fragments, and realize that we have found some good
information about the sequence. First of all the sequences are
reversed alphabets. The sequence has BCD, VOL, JKM since we
have used L and T-NA in it? [We can also look at a process
called decimination to bring the sequence to bear. We will do
that in the Friedman section.] Remember the very important
part of the tool of symmetry - that because the plain and all
the cipher alphabets are the same, we can associated pairs in
the straight, sideways, down etc as we find them, using the
plain or all nine cipher alphabets. In a QUAGMIRE IV, we
cannot use the plain sequence in this way because of a
different key.

We continue our recovery with A to N plain as the same

distance as R to Q in alpha 6. We add QR to our line.

VOL TINA BCD HJKM QR

Notice the H to B and G to A in the plain to alphabet 2

relationship. This tells us to put G ahead of H, then A goes
behind B as we expect. Since O is in VOL and N is in TINA

VOL/TINABCD/GHIJM/QR

the only missing element is P which we place as follows:

ku VOL/?/TINABCD (f)GHJMPQR swxyz

missing elements at this stage are e, k, u, w , x , y , z which

likely the E and U are in the Keyword.

INTERMEDIATE DECIPHERING TABLEUX - PARTIALS

Plain 0 V O L T I N A B C D F G H J M P Q R S
-----------------------------------------------------
Cipher1 V O L T I N A B C D F G H J M P Q R S w
2 X T I N A B C D F G H J M P Q
3 T I N A B C D F G H J M P
4 Q R S W? X
5
6
7
8 V O L T I N A B C F G H J M P Q R S
9

The line ups are not correct. We can find where alphabets 1,
2 and three start by putting the low frequency X in the right
spot. I leave this part of the work to the you all. [ Hint:
compress the V O L -----T I N A space and what keyword will fit
into - V O L u? T I (O)N. and place the E in the beginning.]
The answer is with Keywords EVOLUTION and BLUEPRINT:

FINAL DECIPHERING TABLEUX

Plain 0 E V O L U T I N A B C D F G H J K M P Q R S W X Y Z
-----------------------------------------------------
Cipher1 V O L U T I N A B C D F G H J K M P Q R S W X Y Z E
2 S W X Y Z E V O L U T I N A B C D F G H J K M P Q R
3 W X Y Z E V O L U T I N A B C D F G H J K M P Q R S
4 P Q R S W X Y Z E V O L U T I N A B C D F G H J K M
5 C D F G H J K M P Q R S W X Y Z E V O L U T I N A B
6 F G H J K M P Q R S W X Y Z E V O L U T I N A B C D
7 Y Z E V O L U T I N A B C D F G H J K M P Q R S W X
8 Z E V O L U T I N A B C D F G H J K M P Q R S W X Y
9 X Y Z E V O L U T I N A B C D F G H J K M P Q R S W

The message reads: The British created a civil service job in

eighteen hundred and three calling for a man to stand on the
cliffs of Dover with a spyglass.....

QUAGMIRE IV

The QUAGMIRE IV is probably the most difficult of the QUAGMIRES

because we need to recovery two keyworded alphabets and direct
symmetry will not work with the plain.

We are given:

MWQYD KMCAO KHSEE YULIH WYTEW YRLHG LMEJC ZHAKE NYWUP

thegr reat

QSQSO ESYEP BIZEW QYPKZ FHAAM GWPTR XNYWR LKSQE XHGRA

QCWAV JNCPM HDHZT BCBHR AMXUE OLTWR RIKNQ AKKDZ VJOYW

bet?

WHQJR FGYVP GILWV WGPTF MLYKX TAKOZ ATFGL AUT.

weenl atese ptemb erand decem berof thaty ear

QUAGMIRE IV ATTACK

The Title is "Lost Horsepower", the tips are starts with THE
GREAT and has WEENLATESEPTEMBERANDDECEMBEROFTHATYEAR in the
text. The letters bet?WEEN might be inferred.

Finding the cycle is our first challenge.

The WQY is +58, a discouraging number for factors. The cribs
are pretty generous, so looking at them we might find
something. Obviously, a plain hit at the correct interval of
the cycle would result in a cipher coincidence at the same
interval. Two occurrences of a plain letter at some interval
other than the period or multiple of the cycle, the ciphers
cannot be the same. MASTERTON describes a graphical technique
for knocking out intervals. [MAST]

OYWWHQJRFGYVPGILWVWGPTFMLYKXTAKOZATFGLAUT
betweenlateseptemberanddecemberofthatyear
* --9-- *

Thus the Y over E and H and Q over E "knock out" the intervals
3, 4 which are too short anyway, and also 11 because of the Y
over P. Note the +9 hit for Y over E. So we write out the
cipher in a period of nine:

123456789 123456789 123456789 123456789 123456789

MWQYDKMCA OKHSEEYUL IHWYTEWYR LHGLMEJCZ HAKENYWUP
thegreatE E GH EE E A

QSQSOESYE PBIZEWQYP KZFHAAMGW PTRXNYWRL KSQEXHGRA

E ?HE E T EA R RT ER E R E E

QCWAVJNCP MHDHZTBCB HRAMXUEOL TWRRIKNQA KKDZVJOYW

T A TE NH E E R bet

WHQJRFGYV PGILWVWGP TFMLYKXTA KOZATFGLA UT.

weenlates eptembera nddecembe rofthatye ar

Even with all the help and correct hits, the message is not a
give a way.

INITIAL DECIPHERING TABLEUX

Plain 0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
-----------------------------------------------------
Cipher1 U P T K M W
2 F H W O G T
3 M Q Z I
4 L Y J A
5 Y T R W D
6 F V K
7 M O W X G
8 T Y G C
9 P A C V W

Since the alphabets are different we can not chain from the
plain to cipher. However, WITHIN the cipher, the same rules
apply as before - except their isn't nearly as much
information. In Cipher 1 row we see that U to P is the same
distance as F to K , M to W and P to A. Ok. Remember that we
are dealing with unknown decimations, so the relationships
between UPA, PK and PT is unknown.

By decimation I mean the process of selection of elements from

a sequence according to some fixed interval. For example, the
sequence A E I M is derived, by decimation , from a normal
alphabet by selecting every fourth letter. It is the key to
Symmetry solutions because the latent relationships in a cipher
alphabet can be made patent by decimation. Lecture 11 will
give two methods of decimation in detail.
Table of Relationships in foregoing example:

UPA FK MW Plain A to E and Rows 1 to 9

PT LJ " E to N
PK HT YG " E to R and Rows 1 to 6 adding UF
PM QI LAWG YC " E to T and Rows 9 to 7 and 4 to 9
UMG PW " A to T and Rows 1 to 7
TM JA " N TO T
FH MQ " D to E
WTD " H to R and Rows 2 to 5
FV MO " A to B
VK OW TY " B to E
OG TC " B to T
PH KT Rows 1 to 2
PQ MI Rows 1 to 3
PL TJ MA Rows 1 to 4
PY KG MC Rows 1 to 8
FM HQ KW VO Rows 2 to 0
HY TG Rows 2 to 9
QL IA Rows 3 to 4
QW IG Rows 3 to 7
QY IC Rows 3 to 8
QA IW Rows 3 to 9
LW AG Rows 4 to 7
LY AC Rows 4 to 8 and Plain A to G adding
Cipher C under Plain G on Row
FP KA Rows 6 to 9 9
OT WY GC Rows 7 to 8
YA CW Rows 8 to 9

Row 2 to 3 and 6 to 7 are combined. S and T in plain are most

likely adjacent from VW in Cipher 9. Partials FH and MQ look
good without an intervening letter.

LAWG is our best bet for the wedge. It ties together E and T
in the same decimation. So:

Plain E T
Cipher P M
H
Q I
L A W G

K
L A W G
Y C
L A W G

If FH and MQ are the right order, P is in the keyword, since

the reverse bits of above (MP, IQ, GWAL) would not be
consistent with MPQ. Unfortunately, we have run out of gas and
must guess more plain. The plain E-gh-EE most likely is
Eighteen and since they are talking about years, why not
Seventy, since so many E's are fitting? The plain T of seventy
is confirmed. The plain V may not produce much but the cipher
G might be a bonanza. These new values add KE and JR to the
chain.

123456789 123456789 123456789 123456789 123456789

MWQYDKMCA OKHSEEYUL IHWYTEWYR LHGLMEJCZ HAKENYWUP
thegreatE T EIGHTEEN SEVENTY E A

QSQSOESYE PBIZEWQYP KZFHAAMGW PTRXNYWRL KSQEXHGRA

E THE E T EA R RT ER E R E E

QCWAVJNCP MHDHZTBCB HRAMXUEOL TWRRIKNQA KKDZVJOYW

T A TE NH E E R bet

WHQJRFGYV PGILWVWGP TFMLYKXTA KOZATFGLA UT.

weenlates eptembera nddecembe rofthatye ar

FINAL DECIPHERING TABLEUX

Plain 0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
-----------------------------------------------------
Cipher1 U P T K L M W
2 F H W O G T
3 M Q Z W I G
4 L Y J A
5 Y T R W M D
6 F V K J E
7 M O W X G
8 T Y G C
9 P A C V W

We look at VW and LM and KLM under the plain RST. We must

conclude that G-C is correct. Rows 7 and 8 have a G and C
under plain T, and WY under E and OT under B. This suggests
that WXY and O-T are part of the final chain. So push the
following chains:

KLM, G-C, VWXY, EA, O-T

The cipher sequence appears to go:

JKLMQVWXYZ

0 A N D E I C B F G H
---------------------------------------------
1 U T P R A
2 F H J K L M Q V W X Y Z
3 F H J K L M Q V W X Y Z
4 F H J K L M Q V W X Y Z
5 F H J K L M Q V W X Y Z
6 F H J K L M Q V W X Y Z
7 F H J K L M Q V W X Y Z
8F H J K L M Q V W X Y Z
9 P R A

The cipher keyword has this form O U T - P R - A I N G

with S, E, D candidates. The keyword is SPREADING.
The plain keyword can be derived as PANDEMIC and the cipher
setting key is HORSETAIL. The groundwork is left to the
student. Notice how resistant the QUAGMIRE IV was even with
loads of help.

LECTURE 10 HOMEWORK PROBLEMS

QQ-1 QUAGMIRE I Travelogue. (Ends:SINGOUTOFTHESEA) RHIZOME

KKQHPQR KTYOHTA TLGAWBM XORKTAT BSOOIYI CGICEJV UCYZRJP

ALNSFRZ UCQDXIS TDRBFYS YTFDZBD USQWKMT CPPDOAI CAAKEHK

UAYFHQA TLNIFSI SIGJHAS V.

QQ-2 QUAGMIRE III Tedious. (CRYPTANALYTIC METHODS)

DOPPELSCHACH

PNATV SJBAQ WGMTR BZYLU ACACR GBNTQ FGGCN APNID ULMVD

SCEPB AMCQF BBPVR EOBSL AFSAN HFYVV MCYTF LEMAO MFHVU

KBAAU ATTEA NGOHU GTQEX ISUGU SAKCC TLIRT TLSZM PBMGV

APYRV YIIGL WGNUF JFROG SNQGN HBOTU TACUO JUVQH HUGWW

WBIMT WNHVO GTLSZ MPYQZ BNCEN UWLC.

QQ-3 QUAGMIRE IV Economics Lesson. EDNASANDE

(BUSINESSACTIVITYDURINGAPERIOD)

TDNSE PMBSV FURMQ UFYSJ PAGGY FVIKT GYVLV FBTPH IIIAD

HVIUY QSAFA VQVFU HPIHE BIXNN HBSTN IRMQH IIIAD OVIXT

CTNOW EOJOZ BOWBU ONLFN GOBJS HBOQS VZMOU JSFQH SAHPS

JBBJT AAMIE XILRA TOTVL TUAML FLNEJ PPMNT XHVQV FCYSB

JODNF XJSFT UIUTM ONKDO UMMSB NWUL.

REFERENCES / RESOURCES [updated 6 April 1996]

[ACA] ACA and You, "Handbook For Members of the American

Cryptogram Association," ACA publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure

Communications", American Cryptogram Association,
1994.

[ACM] Association For Computing Machinery, "Codes, Keys and

Conflicts: Issues in U.S. Crypto Policy," Report of a
Special Panel of ACM U. S. Public Policy Committee
(USACM), June 1994.

[AFM] AFM - 100-80, Traffic Analysis, Department of the Air

Force, 1946.

[ALAN] Turing, Alan, "The Enigma", by A. Hodges. Simon and

Schuster, 1983.

[ALBA] Alberti, "Treatise De Cifris," Meister Papstlichen,

Princeton University Press, Princeton, N.J., 1963.

[ALKA] al-Kadi, Ibrahim A., Origins of Cryptology: The Arab

Contributions, Cryptologia, Vol XVI, No. 2, April 1992,
pp 97-127.

[AND1] Andree, Josephine, "Chips from the Math Log," Mu Alpha

Theta, 1966.

[AND2] Andree, Josephine, "More Chips from the Math Log," Mu

Alpha Theta, 1970.

[AND3] Andree, Josephine, "Lines from the O.U. Mathematics

Letter," Vols I,II,III, Mu Alpha Theta, 1971,1971,1971.
[AND4] Andree, Josephine and Richard V., "RAJA Books: a Puzzle
Potpourri," RAJA, 1976.

[AND5] Andree, Josephine and Richard V., "Preliminary

Instructors Manual for Solving Ciphers," Project CRYPTO,
Univ of Oklahoma, Norman, OK, 1977.

[AND6] Andree, Josephine and Richard V., "Teachers Handbook

For Problem Solving and Logical Thinking," Project
CRYPTO, Univ of Oklahoma, Norman, OK, 1979.

[AND7] Andree, Josephine and Richard V., "Preliminary

Instructors Manual for Cryptarithms," Project CRYPTO,
Univ of Oklahoma, Norman, OK, 1976.

[ANDR] Andrew, Christopher, 'Secret Service', Heinemann,

London 1985.

[ANK1] Andreassen, Karl, "Cryptology and the Personal Computer,

with Programming in Basic," Aegean Park Press, 1986.

[ANK2] Andreassen, Karl, "Computer Cryptology, Beyond Decoder

Rings," Prentice-Hall 1988.

[ANNA] Anonymous., "The History of the International Code.",

Proceedings of the United States Naval Institute, 1934.

[ANN1] Anonymous., " Speech and Facsimile Scrambling and

Decoding," Aegean Park Press, Laguna Hills, CA, 1981.

[ASA ] "The Origin and Development of the Army Security

Agency 1917 -1947," Aegean Park Press, 1978.

[ASIR] Anonymous, Enigma and Other Machines, Air Scientific

Institute Report, 1976.

[AUG1] D. A. August, "Cryptography and Exploitation of Chinese

Manual Cryptosystems - Part I:The Encoding Problem",
Cryptologia, Vol XIII, No. 4, October 1989.

[AUG2] D. A. August, "Cryptography and Exploitation of Chinese

Manual Cryptosystems - Part II:The Encrypting Problem",
Cryptologia, Vol XIV, No. 1, August 1990.

[BADE] Badeau, J. S. et. al., The Genius of Arab Civilization:

Source of Renaissance. Second Edition. Cambridge: MIT
Press. 1983.

[BAMF] Bamford, James, "The Puzzle Palace: A Report on

America's Most Secret Agency," Boston, Houghton Mifflin,
1982.

[BARB] Barber, F. J. W., "Archaeological Decipherment: A

Handbook," Princeton University Press, 1974.
[B201] Barker, Wayne G., "Cryptanalysis of The Simple
Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and Essays,

London, 1928.

[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The

Simple Substitution Cipher with Word Divisions," Aegean
Park Press, Laguna Hills, CA. 1975.

[BAR2] Barker, W., ed., History of Codes and Ciphers in the

U.S. During the Period between World Wars, Part II,
1930 - 1939., Aegean Park Press, 1990.

[BAR3] Barker, Wayne G., "Cryptanalysis of the Hagelin

Cryptograph, Aegean Park Press, 1977.

[BAR4] Barker, Wayne G., "Cryptanalysis of the Enciphered Code

Problem - Where Additive Method of Encipherment Has Been
Used," Aegean Park Press, 1979.

[BAR5] Barker, W., ed., History of Codes and Ciphers in the

U.S. Prior To World War I," Aegean Park Press, 1978.

[BAR6] Barker, W., " Cryptanalysis of Shift-Register Generated

Stream Cipher Systems," Aegean Park Press, 1984.

[BAR7] Barker, W., ed., History of Codes and Ciphers in the

U.S. During the Period between World Wars, Part I,
1919-1929, Aegean Park Press, 1979.

[BAR8] Barker, W., ed., History of Codes and Ciphers in the

U.S. During World War I, Aegean Park Press, 1979.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.

[BARR] Barron, John, '"KGB: The Secret Work Of Soviet Agents,"

Bantom Books, New York, 1981.

[BAUD] Baudouin, Captain Roger, "Elements de Cryptographie,"

Paris, 1939.

[BAZE] Bazeries, M. le Capitaine, " Cryptograph a 20 rondelles-

alphabets," Compte rendu de la 20e session de l'
Association Francaise pour l'Advancement des Scienses,
Paris: Au secretariat de l' Association, 1892.

[BEES] Beesley, P., "Very Special Intelligence", Doubleday, New

York, 1977.

[BENN] Bennett, William, R. Jr., "Introduction to Computer

Applications for Non-Science Students," Prentice-Hall,
1976. (Interesting section on monkeys and historical
cryptography)

[BLK] Blackstock, Paul W. and Frank L Schaf, Jr.,

 "Intelligence, Espionage, Counterespionage and Covert
Operations," Gale Research Co., Detroit, MI., 1978.

[BLOC] Bloch, Gilbert and Ralph Erskine, "Exploit the Double

Encipherment Flaw in Enigma", Cryptologia, vol 10, #3,
July 1986, p134 ff. (29)

[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th ed.,

Annapolis: U.S. Naval Institute, 1978.

[BODY] Brown, Anthony - Cave, "Bodyguard of Lies", Harper and

Row, New York, 1975.

[BOLI] Bolinger, D. and Sears, D., "Aspects of Language,"

3rd ed., Harcourt Brace Jovanovich,Inc., New York,
1981.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An

Introduction to Information Security," Hayden Books,
Rochelle Park, NJ, 1990.

[BOWE] Bowers, William Maxwell, "The Bifid Cipher, Practical

Cryptanalysis, II, ACA, 1960.

[BOWN] Bowen, Russell J., "Scholar's Guide to Intelligence

Literature: Bibliography of the Russell J. Bowen
Collection," National Intelligence Study Center,
Frederick, MD, 1983.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.

[BRAS] Brasspounder, "Language Data - German," MA89, The

Cryptogram, American Cryptogram Association, 1989.

[BREN] Brennecke, J., "Die Wennde im U-Boote-Krieg:Ursachen und

Folgren 1939 - 1943," Herford, Koehler, 1984.

[BROO] Brook, Maxey, "150 Puzzles in Cryptarithmetic,"

Dover, 1963.

[BROW] Brownell, George, A. "The Origin and Development of

the National Security Agency, Aegean Park Press, 1981.

[BRIT] Anonymous, "British Army Manual of Cryptography",

HMF, 1914.

[BROG] Broglie, Duc de, Le Secret du roi: Correspondance

secrete de Louis XV avec ses agents diplomatiques
1752-1774, 3rd ed. Paris, Calmann Levy, 1879.

[BRYA] Bryan, William G., "Practical Cryptanalysis - Periodic

Ciphers -Miscellaneous", Vol 5, American Cryptogram
Association, 1967.

[BURL] Burling, R., "Man's Many Voices: Language in Its

Cultural Context," Holt, Rinehart & Winston, New York,
1970.
[BWO] "Manual of Cryptography," British War Office, Aegean
Park Press, Laguna Hills, Ca. 1989. reproduction 1914.

[CAND] Candela, Rosario, "Isomorphism and its Application in

Cryptanalytics, Cardanus Press, NYC 1946.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight Letters

in Length, Aegean Park Press, Laguna Hills, CA 92654,
1986.

[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in Length,

Aegean Park Press, Laguna Hills, CA 92654, 1986.

[CASE] Casey, William, 'The Secret War Against Hitler',

Simon & Schuster, London 1989.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NJ, 1990.
[CHOI] Interview with Grand Master Sin Il Choi.,9th DAN, June
25, 1995.

[CHOM] Chomsky, Norm, "Syntactic Structures," The Hague:

Mouton, 1957.

[CHUN] Chungkuo Ti-erh Lishih Tangankuan, ed "K'ang-Jih

chengmien chanch'ang," Chiangsu Kuchi Ch'upansheh,
1987., pp993-1026.

[CI] FM 34-60, Counterintelligence, Department of the Army,

February 1990.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis Of The

Columnar Double Transposition Cipher, by Courville
Associates., South Gate, CA, 1986.

[CLAR] Clark, Ronald W., 'The Man who broke Purple',

Weidenfeld and Nicolson, London 1977.

[COLF] Collins Gem Dictionary, "French," Collins Clear Type

Press, 1979.

[COLG] Collins Gem Dictionary, "German," Collins Clear Type

Press, 1984.

[COLI] Collins Gem Dictionary, "Italian," Collins Clear Type

Press, 1954.

[COLL] Collins Gem Dictionary, "Latin," Collins Clear Type

Press, 1980.

[COLP] Collins Gem Dictionary, "Portuguese," Collins Clear Type

Press, 1981.

[COLR] Collins Gem Dictionary, "Russian," Collins Clear Type

Press, 1958.

[COLS] Collins Gem Dictionary, "Spanish," Collins Clear Type

Press, 1980.
[COPP] Coppersmith, Don.,"IBM Journal of Research and
Development 38, 1994.

[COVT] Anonymous, "Covert Intelligence Techniques Of the Soviet

Union, Aegean Park Press, Laguna Hills, Ca. 1980.

[CREM] Cremer, Peter E.," U-Boat Commander: A Periscope View of

The Battle of The Atlantic," New York, Berkley, 1986.

[CRYP] "Selected Cryptograms From PennyPress," Penny Press,

Inc., Norwalk, CO., 1985.

[CULL] Cullen, Charles G., "Matrices and Linear

Transformations," 2nd Ed., Dover Advanced Mathematics
Books, NY, 1972.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford

University Press, London, 1974.

[DALT] Dalton, Leroy, "Topics for Math Clubs," National Council

of Teachers and Mu Alpha Theta, 1973.

[DAN] Daniel, Robert E., "Elementary Cryptanalysis:

Cryptography For Fun," Cryptiquotes, Seattle, WA., 1979.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The Cryptogram,

September-October, Vol XLII, No 5. 1976.

[DEAC] Deacon, R., "The Chinese Secret Service," Taplinger, New

York, 1974.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum," tr. by

Gilbert Watts, (1640) or tr. by Ellis, Spedding, and
Heath (1857,1870).

[DELA] Delastelle, F., Cryptographie nouvelle, Maire of Saint-

Malo, P. Dubreuil, Paris, 1893.

[DENN] Denning, Dorothy E. R.," Cryptography and Data

Security," Reading: Addison Wesley, 1983.

[DEVO] Deavours, Cipher A. and Louis Kruh, Machine Cryptography

and Modern Cryptanalysis, Artech, New York, 1985.

[DEV1] Deavours, C. A., "Breakthrough '32: The Polish Solution

of the ENIGMA," Aegean Park Press, Laguna Hills, CA,
1988.

[DEV2] Deavours, C. A. and Reeds, J.,"The ENIGMA," CRYPTOLOGIA,

Vol I No 4, Oct. 1977.

[DEV3] Deavours, C. A.,"Analysis of the Herbern cryptograph

using Isomorphs," CRYPTOLOGIA, Vol I No 2, April, 1977.

[DEV4] Deavours, C. A., "Cryptographic Programs for the IBM

PC," Aegean Park Press, Laguna Hills, CA, 1989.
[DIFF] Diffie, Whitfield," The First Ten Years of Public Key
Cryptography," Proceedings of the IEEE 76 (1988): 560-
76.

[DIFE] Diffie, Whitfield and M.E. Hellman,"New Directions in

Cryptography, IEEE Transactions on Information Theory
IT-22, 1976.

[DONI] Donitz, Karl, Memoirs: Ten Years and Twenety Days,

London: Weidenfeld and Nicolson, 1959.

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[EIIC] Ei'ichi Hirose, ",Finland ni okeru tsushin joho," in

Showa gunji hiwa: Dodai kurabu koenshu, Vol 1, Dodai
kurabu koenshu henshu iinkai, ed., (Toyko: Dodai keizai
konwakai, 1987), pp 59-60.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956.

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,

"ENIGMA95 - A Simulation of Enhanced Enigma Cipher
Machine on A Standard Personal Computer," for
publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
Ciphers," Ambassador Books, Toronto, Canada, 1956.

[ERSK] Erskine, Ralph, "Naval Enigma: The Breaking of Heimisch

and Triton," Intelligence and National Security 3, Jan.
1988.

[EVES] Eves, Howard, "An Introduction to the History of

Mathematics, " New York, Holt Rinehart winston, 1964.

[EYRA] Eyraud, Charles, "Precis de Cryptographie Moderne'"

Paris, 1953.

[FL] Anonymous, The Friedman Legacy: A Tribute to William and

Elizabeth Friedman, National Security Agency, Central
Security Service, Center for Cryptological History,1995.

[FLI1] Flicke, W. F., "War Secrets in the Ether - Volume I,"

Aegean Park Press, Laguna Hills, CA, 1977.

[FLIC] Flicke, W. F., "War Secrets in the Ether - Volume II,"

Aegean Park Press, Laguna Hills, CA, 1977.

[FLIC] Flicke, W. F., "War Secrets in the Ether," Aegean Park

Press, Laguna Hills, CA, 1994.

[FOWL] Fowler, Mark and Radhi Parekh, " Codes and Ciphers,
- Advanced Level," EDC Publishing, Tulsa OK, 1994.
(clever and work)
[FREB] Friedman, William F., "Cryptology," The Encyclopedia
Britannica, all editions since 1929. A classic article
by the greatest cryptanalyst.

[FRSG] Friedman, William F., "Solving German Codes in World War

I, " Aegean Park Press, Laguna Hills, CA, 1977.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR4] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part IV, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR5] Friedman, William F. Military Cryptanalysis - Part I,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR6] Friedman, William F. Military Cryptanalysis - Part II,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR7] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part II - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR8] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part II - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FREA] Friedman, William F. , "Advanced Military Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FREB] Friedman, William F. , "Elementary Military

Cryptography," Aegean Park Press, Laguna Hills, CA,
1976.

[FRAA] Friedman, William F. , "American Army Field Codes in The

American Expeditionary Forces During the First World
War, USA 1939.

[FRAB] Friedman, W. F., Field Codes used by the German Army

During World War. 1919.

[FR22] Friedman, William F., The Index of Coincidence and Its

Applications In Cryptography, Publication 22, The
Riverbank Publications, Aegean Park Press, Laguna
Hills, CA, 1979.
[FRS6] Friedman, W. F., "Six Lectures On Cryptology," National
Archives, SRH-004.

[FR8] Friedman, W. F., "Cryptography and Cryptanalysis

Articles," Aegean Park Press, Laguna Hills, CA, 1976.

[FR9] Friedman, W. F., "History of the Use of Codes,"

Aegean Park Press, Laguna Hills, CA, 1977.

[FRZM] Friedman, William F.,and Charles J. Mendelsohn, "The

Zimmerman Telegram of January 16, 1917 and its
Cryptographic Background," Aegean Park Press, Laguna
Hills, CA, 1976.

[FROM] Fromkin, V and Rodman, R., "Introduction to Language,"

4th ed.,Holt Reinhart & Winston, New York, 1988.

[FRS] Friedman, William F. and Elizabeth S., "The

Shakespearean Ciphers Examined," Cambridge University
Press, London, 1957.

[FUMI] Fumio Nakamura, Rikugun ni okeru COMINT no hoga to

hatten," The Journal of National Defense, 16-1 (June
1988) pp85 - 87.

[GAJ] Gaj, Krzysztof, "Szyfr Enigmy: Metody zlamania," Warsaw

Wydawnictwa Komunikacji i Lacznosci, 1989.

[GAR1] Gardner, Martin, "536 Puzzles and Curious Problems,"

Scribners, 1967.

[GAR2] Gardner, Martin, "Mathematics, Magic, and Mystery ,"

Dover, 1956.

[GAR3] Gardner, Martin, "New Mathematical Diversions from

Scientific American," Simon and Schuster, 1966.

[GAR4] Gardner, Martin, "Sixth Book of Mathematical Games from

Scientific American," Simon and Schuster, 1971.

[GARL] Garlinski, Jozef, 'The Swiss Corridor', Dent, London

1981.

[GAR1] Garlinski, Jozef, 'Hitler's Last Weapons', Methuen,

London 1978.

[GAR2] Garlinski, Jozef, 'The Enigma War', New York, Scribner,

1979.

[GE] "Security," General Electric, Reference manual Rev. B.,

3503.01, Mark III Service, 1977.

[GERH] Gerhard, William D., "Attack on the U.S, Liberty,"

SRH-256, Aegean Park Press, 1981.

[GERM] "German Dictionary," Hippocrene Books, Inc., New York,

1983.
[GIVI] Givierge, General Marcel, " Course In Cryptography,"
Aegean Park Press, Laguna Hills, CA, 1978. Also, M.
Givierge, "Cours de Cryptographie," Berger-Levrault,
Paris, 1925.

[GLEN] Gleason, Norma, "Fun With Codes and Ciphers Workbook,"

Dover, New York, 1988.

[GLEA] Gleason, A. M., "Elementary Course in Probability for

the Cryptanalyst," Aegean Park Press, Laguna Hills, CA,
1985.

[GLOV] Glover, D. Beaird, "Secret Ciphers of the 1876

Presidential Election," Aegean Park Press, Laguna Hills,
CA, 1991.

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976

[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing

Discovery and Decipherment," Basic Books, New York,
1982.

[GRA1] Grandpre: "Grandpre, A. de--Cryptologist. Part 1

'Cryptographie Pratique - The Origin of the Grandpre',
ISHCABIBEL, The Cryptogram, SO60, American Cryptogram
Association, 1960.

[GRA2] Grandpre: "Grandpre Ciphers", ROGUE, The Cryptogram,

SO63, American Cryptogram Association, 1963.

[GRA3] Grandpre: "Grandpre", Novice Notes, LEDGE, The

Cryptogram, MJ75, American Cryptogram Association,1975

[GRAH] Graham, L. A., "Ingenious Mathematical Problems and

Methods," Dover, 1959.

[GREU] Greulich, Helmut, "Spion in der Streichholzschachtel:

Raffinierte Methoden der Abhortechnik, Gutersloh:
Bertelsmann, 1969.

[GUST] Gustave, B., "Enigma:ou, la plus grande 'enigme de la

guerre 1939-1945." Paris:Plon, 1973.

[GYLD] Gylden, Yves, "The Contribution of the Cryptographic

Bureaus in mthe World War," Aegean Park Press, 1978.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[HAGA] Hagamen,W. D. et. al., "Encoding Verbal Information as

Unique Numbers," IBM Systems Journal, Vol 11, No. 4,
1972.

[HAWA] Hitchcock, H. R., "Hawaiian," Charles E. Tuttle, Co.,

 Toyko, 1968.

[HAWC] Hawcock, David and MacAllister, Patrick, "Puzzle Power!

Multidimensional Codes, Illusions, Numbers, and
Brainteasers," Little, Brown and Co., New York, 1994.

[HELD] Held, Gilbert, "Top Secret Data Encryption Techniques,"

Prentice Hall, 1993. (great title..limited use)

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For

Divided and Undivided Cryptograms," unpublished
manuscript, 1984.

[HEPP] Hepp, Leo, "Die Chiffriermaschine 'ENIGMA'", F-Flagge,

1978.

[HIDE] Hideo Kubota, " Zai-shi dai-go kokugun tokushu joho

senshi." unpublished manuscript, NIDS.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic

Alphabet", The American Mathematical Monthly, June-July
1929.

[HIL1] Hill, L. S. 1929. Cryptography in an Algebraic

Alphabet. American Mathematical Monthly. 36:306-312.

[HIL2] Hill, L. S. 1931. Concerning the Linear

Transformation Apparatus in Cryptography. American
Mathematical Monthly. 38:135-154.

[HINS] Hinsley, F. H., "History of British Intelligence in the

Second World War", Cambridge University Press,
Cambridge, 1979-1988.

[HIN2] Hinsley, F. H. and Alan Strip in "Codebreakers -Story

of Bletchley Park", Oxford University Press, 1994.

[HIN3] Hinsley, F. H., et. al., "British Intelligence in The

Second World War: Its Influence on Strategy and
Operations," London, HMSO vol I, 1979, vol II 1981, vol
III, 1984 and 1988.

[HISA] Hisashi Takahashi, "Military Friction, Diplomatic

Suasion in China, 1937 - 1938," The Journal of
International Studies, Sophia Univ, Vol 19, July, 1987.

[HIS1] Barker, Wayne G., "History of Codes and Ciphers in the

U.S. Prior to World War I," Aegean Park Press, Laguna
Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of Military
Ciphers," Aegean Park Press, Laguna Hills, CA, 1976.

[HODG] Hodges, Andrew, "Alan Turing: The Enigma," New York,

Simon and Schuster, 1983.

[HOFF] Hoffman, Lance J., editor, "Building In Big Brother:

The Cryptographic Policy Debate," Springer-Verlag,
N.Y.C., 1995. ( A useful and well balanced book of
 cryptographic resource materials. )

[HOF1] Hoffman, Lance. J., et. al.," Cryptography Policy,"

Communications of the ACM 37, 1994, pp. 109-17.

[HOLM Holmes, W. J., "Double-Edged Secrets: U.S. Naval

Intelligence Operations in the Pacific During WWII",
Annapolis, MD: Naval Institute Press, 1979.

[HOM1] Homophonic: A Multiple Substitution Number Cipher", S-

TUCK, The Cryptogram, DJ45, American Cryptogram
Association, 1945.

[HOM2] Homophonic: Bilinear Substitution Cipher, Straddling,"

ISHCABIBEL, The Cryptogram, AS48, American Cryptogram
Association, 1948.

[HOM3] Homophonic: Computer Column:"Homophonic Solving,"

PHOENIX, The Cryptogram, MA84, American Cryptogram
Association, 1984.

[HOM4] Homophonic: Hocheck Cipher,", SI SI, The Cryptogram,

JA90, American Cryptogram Association, 1990.

[HOM5] Homophonic: "Homophonic Checkerboard," GEMINATOR, The

Cryptogram, MA90, American Cryptogram Association, 1990.

[HOM6] Homophonic: "Homophonic Number Cipher," (Novice Notes)

LEDGE, The Cryptogram, SO71, American Cryptogram
Association, 1971.

[HUNG] Rip Van Winkel, "Hungarian," The Cryptogram, March -

April, American Cryptogram Association, 1956.

[HYDE] H. Montgomery Hyde, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,

Yorktown Heights, N.Y., 1971.

[IMPE] D'Imperio, M. E, " The Voynich Manuscript - An Elegant

Enigma," Aegean Park Press, Laguna Hills, CA, 1976.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994.

[ITAL] Italian - English Dictionary, compiled by Vittore E.

Bocchetta, Fawcett Premier, New York, 1965.

[JAPA] Martin, S.E., "Basic Japanese Conversation Dictionary,"

Charles E. Tuttle Co., Toyko, 1981.

[JAPH] "Operational History of Japanese Naval Communications,

December 1941- August 1945, Monograph by Japanese
General Staff and War Ministry, Aegean Park Press, 1985.

[JOHN] Johnson, Brian, 'The Secret War', Arrow Books,

London 1979.
[KADI] al-Kadi, Ibrahim A., Cryptography and Data Security:
Cryptographic Properties of Arabic, Proceedings of the
Third Saudi Engineering Conference. Riyadh, Saudi
Arabia: Nov 24-27, Vol 2:910-921., 1991.

[KAHN] Kahn, David, "The Codebreakers", Macmillian Publishing

Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New

Cryptology," MacMillan Co., New York, 1983.

[KAH2] Kahn, David, "An Enigma Chronology", Cryptologia Vol

XVII,Number 3, July 1993.

[KAH3] Kahn, David, "Seizing The Enigma: The Race to Break the
German U-Boat Codes 1939-1943 ", Houghton Mifflin, New
York, 1991.

[KARA] Karalekas, Anne, "History of the Central Intelligence

Agency," Aegean Park Press, Laguna Hills, CA, 1977.

[KASI] Kasiski, Major F. W. , "Die Geheimschriften und die

Dechiffrir-kunst," Schriften der Naturforschenden
Gesellschaft in Danzig, 1872.

[KAS1] Bowers, M. W., {ZEMBIE} "Major F. W. Kasiski -

Cryptologist," The Cryptogram, XXXI, JF, 1964.

[KERC] Kerckhoffs, "la Cryptographie Militaire, " Journel des

Sciences militaires, 9th series, IX, (January and
February, 1883, Libraire Militaire de L. Baudoin &Co.,
Paris. English trans. by Warren T, McCready of the
University of Toronto, 1964

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KONH] Konheim, Alan G., "Cryptography -A Primer" , John Wiley,

1981, pp 212 ff.

[KORD] Kordemsky, B., "The Moscow Puzzles," Schribners, 1972.

[KOTT] Kottack, Phillip Conrad, "Anthropology: The Exploration

Of Human Diversity," 6th ed., McGraw-Hill, Inc., New
York, N.Y. 1994.

[KOZA] Kozaczuk, Dr. Wladyslaw, "Enigma: How the German

Machine Cipher was Broken and How it Was Read by the
Allies in WWI", University Pub, 1984.

[KRAI] Kraitchek, "Mathematical Recreations," Norton, 1942, and

Dover, 1963.

[KULL] Kullback, Solomon, Statistical Methods in Cryptanalysis,

Aegean Park Press, Laguna Hills, Ca. 1976

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing Through

The Ages," Abelard-Schuman, London, 1973.
[LAI] Lai, Xuejia, "On the Design and Security of Block
Ciphers," ETH Series in Information Processing 1, 1992.
(Article defines the IDEA Cipher)

[LAIM] Lai, Xuejia, and James L. Massey, "A Proposal for a New
Block Encryption Standard," Advances in Cryptology -
Eurocrypt 90 Proceedings, 1992, pp. 55-70.

[LAKE] Lakoff, R., "Language and the Women's Place," Harper &
Row, New York, 1975.

[LANG] Langie, Andre, "Cryptography," translated from French

by J.C.H. Macbeth, Constable and Co., London, 1922.

[LAN1] Langie, Andre, "Cryptography - A Study on Secret

Writings", Aegean Park Press, Laguna Hills, CA. 1989.

[LAN2] Langie, Andre, and E. A. Soudart, "Treatise on

Cryptography, " Aegean Park Press, Laguna Hills, CA.
1991.

[LATI] BRASSPOUNDER, "Latin Language Data, "The Cryptogram,"

July-August 1993.

[LAUE] Lauer, Rudolph F., "Computer Simulation of Classical

Substitution Cryptographic Systems" Aegean Park Press,
1981, p72 ff.

[LEAR] Leary, Penn, " The Second Cryptographic Shakespeare,"

Omaha, NE [from author] 1994.

[LEA1] Leary, Penn, " Supplement to The Second Cryptographic

Shakespeare," Omaha, NE [from author] 1994.

[LEAU] Leaute, H., "Sur les Mecanismes Cryptographiques de M.

de Viaris," Le Genie Civil, XIII, Sept 1, 1888.

[LEDG] LEDGE, "NOVICE NOTES," American Cryptogram Association,

1994. [ One of the best introductory texts on ciphers
written by an expert in the field. Not only well
written, clear to understand but as authoritative as
they come! ]

[LENS] Lenstra, A.K. et. al. "The Number Field Sieve,"

Proceedings of the 22 ACM Symposium on the Theory of
Computing," Baltimore, ACM Press, 1990, pp 564-72.

[LEN1] Lenstra, A.K. et. al. "The Factorization of the Ninth

Fermat Number," Mathematics of Computation 61 1993, pp.
319-50.

[LEWI] Lewin, Ronald, 'Ultra goes to War', Hutchinson,

London 1978.

[LEW1] Lewin, Ronald, 'The American Magic - Codes, ciphers and

The Defeat of Japan', Farrar Straus Giroux, 1982.

[LEWY] Lewy, Guenter, "America In Vietnam", Oxford University

Press, New York, 1978.
[LEVI] Levine, J., U.S. Cryptographic Patents 1861-1981,
Cryptologia, Terre Haute, In 1983.

[LEV1] Levine, J. 1961. Some Elementary Cryptanalysis

of Algebraic Cryptography. American Mathematical
Monthly. 68:411-418

[LEV2] Levine, J. 1961. Some Applications of High-

Speed Computers to the Case n =2 of Algebraic
Cryptography. Mathematics of Computation. 15:254-260

[LEV3] Levine, J. 1963. Analysis of the Case n =3 in Algebraic

Cryptography With Involuntary Key Matrix With Known
Alphabet. Journal fuer die Reine und Angewante
Mathematik. 213:1-30.

[LISI] Lisicki, Tadeusz, 'Dzialania Enigmy', Orzet Biaty,

London July-August, 1975; 'Enigma i Lacida',
Przeglad lacznosci, London 1974- 4; 'Pogromcy
Enigmy we Francji', Orzet Biaty, London, Sept.
1975.'

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret

Writing," David Kemp Co., NY 1936.

[MACI] Macintyre, D., "The Battle of the Atlantic," New York,

Macmillan, 1961.

[MADA] Madachy, J. S., "Mathematics on Vacation," Scribners,

1972.

[MAGN] Magne, Emile, Le plaisant Abbe de Boisrobert, Paris,

Mecure de France, 1909.

[MANN] Mann, B.,"Cryptography with Matrices," The Pentagon, Vol

21, Fall 1961.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and

Ciphers", Alexander Maclehose & Co., London, 1936.

[MARO] Marotta, Michael, E. "The Code Book - All About

Unbreakable Codes and How To Use Them," Loompanics
Unlimited, 1979. [This is a terrible book. Badly
written, without proper authority, unprofessional, and
prejudicial to boot. And, it has one of the better
illustrations of the Soviet one-time pad with example,
with three errors in cipher text, that I have corrected
for the author.]

[MARS] Marshall, Alan, "Intelligence and Espionage in the Reign

of Charles II," 1660-1665, Cambridge University, New
York, N.Y., 1994.

[MART] Martin, James, "Security, Accuracy and Privacy in

 Computer Systems," Prentice Hall, Englewood Cliffs,
N.J., 1973.

[MAST] Lewis, Frank W., "Solving Cipher Problems -

Cryptanalysis, Probabilities and Diagnostics," Aegean
Park Press, Laguna Hills, CA, 1992.

[MAU] Mau, Ernest E., "Word Puzzles With Your Microcomputer,"

Hayden Books, 1990.

[MAVE] Mavenel, Denis L., Lettres, Instructions Diplomatiques

et Papiers d' Etat du Cardinal Richelieu, Historie
Politique, Paris 1853-1877 Collection.

[MAYA] Coe, M. D., "Breaking The Maya Code," Thames and Hudson,
New York, 1992.

[MAZU] Mazur, Barry, "Questions On Decidability and

Undecidability in Number Theory," Journal of Symbolic
Logic, Volume 54, Number 9, June, 1994.

[MELL] Mellen G. 1981. Graphic Solution of a Linear

Transformation Cipher. Cryptologia. 5:1-19.

[MEND] Mendelsohn, Capt. C. J., Studies in German Diplomatic

Codes Employed During World War, GPO, 1937.

[MERK] Merkle, Ralph, "Secrecy, Authentication and Public Key

Systems," Ann Arbor, UMI Research Press, 1982.

[MER1] Merkle, Ralph, "Secure Communications Over Insecure

Channels," Communications of the ACM 21, 1978, pp. 294-
99.

[MER2] Merkle, Ralph and Martin E. Hellman, "On the Security of

Multiple Encryption ," Communications of the ACM 24,
1981, pp. 465-67.

[MER3] Merkle, Ralph and Martin E. Hellman, "Hiding Information

and Signatures in Trap Door Knapsacks," IEEE
Transactions on Information Theory 24, 1978, pp. 525-
30.

[MILL] Millikin, Donald, " Elementary Cryptography ", NYU

Bookstore, NY, 1943.

[MM] Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A New

Dimension in Computer Data Security, " Wiley
Interscience, New York, 1982.

[MODE] Modelski, Tadeusz, 'The Polish Contribution to the

Ultimate Allied Victory in the Second World War',
Worthing (Sussex) 1986.

[MRAY] Mrayati, Mohammad, Yahya Meer Alam and Hassan al-

Tayyan., Ilm at-Ta'miyah wa Istikhraj al-Mu,amma Ind
al-Arab. Vol 1. Damascus: The Arab Academy of Damascus.,
1987.
[MULL] Mulligan, Timothy," The German Navy Examines its
Cryptographic Security, Oct. 1941, Military affairs, vol
49, no 2, April 1985.

[MYER] Myer, Albert, "Manual of Signals," Washington, D.C.,

USGPO, 1879.

[NBS] National Bureau of Standards, "Data Encryption

Standard," FIPS PUB 46-1, 1987.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog Signals for
the Navy with Brief Description of the Ardois Hight
System," In Proceedings of the United States Naval
Institute, Annapolis: U. S. Naval Institute, 1891.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts 1-3,"

ACA-L, August 24, 1995.

[NIC3] Nichols, Randall K., "German Reduction Ciphers Parts

1-4," ACA-L, September 15, 1995.

[NIC4] Nichols, Randall K., "Russian Cryptography Parts 1-3,"

ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F. Friedman",

NCSA FORUM, August 20, 1995.

[NIC6] Nichols, Randall K., "Wallis and Rossignol," NCSA

FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to

Cryptography,", in The Cryptogram, ND95, ACA, 1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down Morse
Code System," The Cryptogram, SO95, ACA publications,
1995.

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM, March 10,
1995.

[NICX] Nichols, R. K., Keynote Speech to A.C.A. Convention,

"Breaking Ciphers in Other Languages.," New Orleans,
La., 1993.

[NICK] Nickels, Hamilton, "Codemaster: Secrets of Making and

Breaking Codes," Paladin Press, Boulder, CO., 1990.

[NORM] Norman, Bruce, 'Secret Warfare', David & Charles,

Newton Abbot (Devon) 1973.

[NORW] Marm, Ingvald and Sommerfelt, Alf, "Norwegian," Teach

Yourself Books, Hodder and Stoughton, London, 1967.

[NSA] NSA's Friedman Legacy - A Tribute to William and

 Elizabeth Friedman, NSA Center for Cryptological
History, 1992, pp 201 ff.

[OHAV] OHAVER, M. E., "Solving Cipher Secrets," Aegean Park

Press, 1989.

[OKLA] Andre, Josephine and Richard V. Andree, "Cryptarithms,"

Unit One, Problem Solving and Logical Thinking,
University of Oklahoma, Norman, Ok. Copy No: 486, 1976.

[OKLI] Andre, Josephine and Richard V. Andree, " Instructors

Manual For Cryptarithms," Unit One, Problem Solving and
Logical Thinking, University of Oklahoma, Norman, Ok.
Copy No: 486, 1976.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[PEAR] "Pearl Harbor Revisited," U.S. Navy Communications

Intelligence, 1924-1941, U.S. Cryptological History
Series, Series IV, World War II, Volume 6, NSA CSS ,
CH-E32-94-01, 1994.

[PERR] Perrault, Charles, Tallement des Reaux, Les

Historiettes, Bibliotheque del La Pleiade, Paris 1960,
pp 256-258.

[PGP] Garfinkel, Simson, "PGP: Pretty Good Privacy," O'reilly

and Associates, Inc. Sebastopol, CA. 1995.

[PHIL] Phillips, H., "My Best Puzzles in Logic and Reasoning,"

Dover, 1961.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,

Ventura, Ca. 93003, 1994.

[PIE1] Pierce, Clayton C., "Privacy, Cryptography, and Secure

Communication ", 325 Carol Drive, Ventura, Ca. 93003,
1977.

[POLY] Polya, G., "Mathematics and Plausible Reasoning,"

Princeton Press, 1954.

[POL1] Polya, G., "How To Solve It.," Princeton Press, 1948.

[POPE] Pope, Maurice, "The Story of Decipherment: From Egyptian

Hieroglyphic to Linear B., Thames and Hudson Ltd., 1975.

[PORT] Barker, Wayne G. "Cryptograms in Portuguese," Aegean

Park Press, Laguna Hills, CA., 1986.

[POR1] Aliandro, Hygino, "The Portuguese-English Dictionary,"

Pocket Books, New York, N.Y., 1960.

[POUN] Poundstone, William, "Biggest Secrets," Quill

Publishing, New York, 1993. ( Explodes the The Beale
Cipher Hoax.)

[PRIC] Price, A.,"Instruments of Darkness: the History of

 Electronic Warfare, London, Macdonalds and Janes, 1977.

[PROT] "Protecting Your Privacy - A Comprehensive Report On

Eavesdropping Techniques and Devices and Their
Corresponding Countermeasures," Telecommunications
Publishing Inc., 1979.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &

C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &

C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G &

C. Merriam Co., Norman, OK. 1981.

[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,

Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.

Merriam Co., Norman, OK. 1982.

[RB1] Friedman, William F., The Riverbank Publications, Volume

1," Aegean Park Press, 1979.

[RB2] Friedman, William F., The Riverbank Publications, Volume

2," Aegean Park Press, 1979.

[RB3] Friedman, William F., The Riverbank Publications, Volume

3," Aegean Park Press, 1979.

[REJE] Rejewski, Marian, "Mathematical Solution of the Enigma

Cipher" published in vol 6, #1, Jan 1982 Cryptologia pp
1-37.

[RELY] Relyea, Harold C., "Evolution and Organization of

Intelligence Activities in the United States,"
Aegean Park Press, 1976.

[RENA] Renauld, P. "La Machine a' chiffrer 'Enigma'", Bulletin

Trimestriel de l'association des Amis de L'Ecole
superieure de guerre no 78, 1978.

[RHEE] Rhee, Man Young, "Cryptography and Secure Commun-

ications," McGraw Hill Co, 1994

[RIVE] Rivest, Ron, "Ciphertext: The RSA Newsletter 1, 1993.

[RIV1] Rivest, Ron, Shamir, A and L. Adleman, "A Method for

Obtaining Digital Signatures and Public Key
Cryptosystems," Communications of the ACM 21, 1978.

[ROAC] Roach, T., "Hobbyist's Guide To COMINT Collection and

Analysis," 1330 Copper Peak Lane, San Jose, Ca. 95120-
4271, 1994.
[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[ROHE] Jurgen Rohwer's Comparative Analysis of Allied and Axis

Radio-Intelligence in the Battle of the Atlantic,
Proceedings of the 13th Military History Symposium, USAF
Academy, 1988, pp 77-109.

[ROHW] Rohwer Jurgen, "Critical Convoy Battles of March 1943,"

London, Ian Allan, 1977.

[ROH1] Rohwer Jurgen, "Nachwort: Die Schlacht im Atlantik in

der Historischen Forschung, Munchen: Bernard and Graefe,
1980.

[ROH2] Rohwer Jurgen, et. al. , "Chronology of the War at Sea,

Vol I, 1939-1942, London, Ian Allan, 1972.

[ROH3] Rohwer Jurgen, "U-Boote, Eine Chronik in Bildern,

Oldenburs, Stalling, 1962. Skizzen der 8 Phasen.

[ROOM] Hyde, H. Montgomery, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[ROSE] Budge, E. A. Wallis, "The Rosetta Stone," British Museum

Press, London, 1927.

[RSA] RSA Data Security, Inc., "Mailsafe: Public Key

Encryption Software Users Manual, Version 5.0, Redwood
City, CA, 1994

[RUNY] Runyan, T. J. and Jan M. Copes "To Die Gallently",

Westview Press 1994, p85-86 ff.

[RYSK] Norbert Ryska and Siegfried Herda, "Kryptographische

Verfahren in der Datenverarbeitung," Gesellschaft fur
Informatik, Berlin, Springer-Verlag1980.

[SADL] Sadler, A. L., "The Code of the Samurai," Rutland and

Tokyo: Charles E. Tuttle Co., 1969.

[SACC] Sacco, Generale Luigi, " Manuale di Crittografia",

3rd ed., Rome, 1947.

[SALE] Salewski, Michael, "Die Deutscher Seekriegsleitung,

1938- 1945, Frankfurt/Main: Bernard and Graefe, 1970-
1974. 3 volumes.

[SANB] Sanbohonbu, ed., "Sanbohonbu kotokan shokuinhyo." NIDS

Archives.

[SAPR] Sapir, E., "Conceptual Categories in Primitive

Language," Science: 74: 578-584., 1931.

[SASS] Sassoons, George, "Radio Hackers Code Book", Duckworth,

London, 1986.
[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,
Algorithms, and Source Code C," John Wiley and Sons,
1994.

[SCH2] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," 2nd ed., John Wiley and
Sons, 1995.

[SCHU] Schuh, fred, "Master Book of Mathematical Recreation,"

Dover, 1968.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San

Francisco, 1994.

[SEBE] Seberry, Jennifer and Joseph Pieprzyk, "Cryptography: An

Introduction to Computer Security," Prentice Hall, 1989.
[CAREFUL! Lots of Errors - Basic research efforts may
be flawed - see Appendix A pg 307 for example.]

[SHAN] Shannon, C. E., "The Communication Theory of Secrecy

Systems," Bell System Technical Journal, Vol 28 (October
1949).

[SHIN] Shinsaku Tamura, "Myohin kosaku," San'ei Shuppansha,

Toyko, 1953.

[SIC1] S.I. Course in Cryptanalysis, Volume I, June 1942,

Aegean Park Press, Laguna Hills , CA. 1989.

[SIC2] S.I. Course in Cryptanalysis, Volume II, June 1942,

Aegean Park Press, Laguna Hills , CA. 1989.

[SIG1] "International Code Of Signals For Visual, Sound, and

Radio Communications," Defense Mapping Agency,
Hydrographic/Topographic Center, United States Ed.
Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound, and

Radio Communications," U. S. Naval Oceanographic
Office, United States Ed., Pub. 102, 1969.

[SIMM] Simmons, G. J., "How To Insure that Data Acquired to

Verify Treaty Compliance are Trustworthy, " in
"Authentication without secrecy: A secure communications
problem uniquely solvable by asymmetric encryption
techniques.", IEEE EASCON 79, Washington, 1979, pp. 661-
62.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.

[SISI] Pierce, C.C., "Cryptoprivacy," Author/Publisher, Ventura

Ca., 1995. (XOR Logic and SIGTOT teleprinters)

[SMIH] Smith, David E., "John Wallis as Cryptographer",

Bulletin of American Mathematical Society, XXIV, 1917.

[SMIT] Smith, Laurence D., "Cryptography, the Science of Secret

Writing," Dover, NY, 1943.
[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag Archipelago I-
III, " Harper and Row, New York, N.Y., 1975.

[SPAN] Barker, Wayne G. "Cryptograms in Spanish," Aegean Park

Press, Laguna Hills, CA., 1986.

[SPEE] "Speech and Facsimile Scrambling and Decoding - A Basic

Text on Speech Scrambling," Aegean Park Press, 1981.

[STEV] Stevenson, William, 'A Man Called INTREPID',

Macmillan, London 1976.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"

CRC Press, London, 1995.

[STIX] Stix, F., Zur Geschicte und Organisation der Wiener

Geheimen Ziffernkanzlei, Mitteilungen des
Osterreichischen Instituts fir Geschichtsforschung,
LI 1937.

[STUR] Sturtevant, E. H. and Bechtel, G., "A Hittite

Chrestomathy," Linguistic Society of American and
University of Pennsylvania, Philadelphia, 1935.

[SUVO] Suvorov, Viktor "Inside Soviet Military Intelligence,"

Berkley Press, New York, 1985.

[TERR] Terrett, D., "The Signal Corps: The Emergency (to

December 1941); G. R. Thompson, et. al, The Test(
December 1941 - July 1943); D. Harris and G. Thompson,
The Outcome;(Mid 1943 to 1945), Department of the Army,
Office of the Chief of Military History, USGPO,
Washington,1956 -1966.

[THEO] Theodore White and Annalee Jacoby, "Thunder Out Of

China," William Sloane Assoc., New York, 1946.

[THOM] Thompson, Ken, "Reflections on Trusting Trust,"

Communications of the ACM 27, 1984.

[TILD] Glover, D. Beaird, Secret Ciphers of The 1876

Presidential Election, Aegean Park Press, Laguna Hills,
Ca. 1991.

[TM32] TM 32-250, Fundamentals of Traffic Analysis (Radio

Telegraph) Department of the Army, 1948.

[TRAD] U. S. Army Military History Institute, "Traditions of

The Signal Corps., Washington, D.C., USGPO, 1959.

[TRAI] Lange, Andre and Soudart, E. A., "Treatise On

Cryptography," Aegean Park Press, Laguna Hills, Ca.
1981.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The Cipher
Dispatches, New York, 1879.
[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite de
Jean Tritheme ,Paris: Editions Traditionelles, 1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[TUKK] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[TURN] Turn, Rein, "Advances in Computer Security," Artec

House, New York, 1982. [Original papers on Public Key
Cryptography, RSA, DES]

[UBAL] Ubaldino Mori Ubaldini, "I Sommergibili begli Oceani: La

Marina Italian nella Seconda Guerra Mondiale," vol XII,
Roma, Ufficio Storico della Marina Militare, 1963.

[USAA] U. S. Army, Office of Chief Signal Officer,

"Instructions for Using the Cipher Device Type M-94,
February, 1922," USGPO, Washington, 1922.

[USSF] "U.S. Special Forces Operational Techniques," FM 31-20,

Headquarters Department Of The Army, December 1965.

[USOT] "U.S. Special Forces Recon Manual," Elite Unit Tactical

Series, Lancer, Militaria, Sims, ARK. 71969, 1982.

[VAIL] Vaille, Euggene, Le Cabinet Noir, Paris Presses

Universitaires de Frances, 1950.

[VALE] Valerio, "De La Cryptographie," Journal des Scienses

militares, 9th series, Dec 1892 - May 1895, Paris.

[VAND] Van de Rhoer, E., "Deadly Magic: A personal Account of

Communications Intilligence in WWII in the Pacific, New
York, Scriber, 1978.

[VERN] Vernam, A. S., "Cipher Printing Telegraph Systems For

Secret Wire and Radio Telegraphic Communications," J.
of the IEEE, Vol 45, 109-115 (1926).

[VIAR] de Viaris in Genie Civil: "Cryptographie", Publications

du Journal Le Genie Civil, 1888.

[VIA1] de Viaris, "L'art de chiffre et dechiffre les depeches

secretes," Gauthier-Villars, Paris, 1893.

[VOGE] Vogel, Donald S., "Inside a KGB Cipher," Cryptologia,

Vol XIV, Number 1, January 1990.

[VN] "Essential Matters - History of the Cryptographic Branch

of the Peoples Army of Viet-Nam, 1945 - 1975," U.S.
Cryptological History Series, Series V, NSA CSS,
CH-E32-94-02, 1994.
[WALL] Wallis, John, "A Collection of Letters and other Papers
in Cipher" , Oxford University, Bodleian Library, 1653.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and Eleven

Letters in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and

Greater in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius," in

Tudor Studies, Longmans and Green, London, 1924.

[WAY] Way, Peter, "Codes and Ciphers," Crecent Books, 1976.

[WEBE] Weber, Ralph Edward, "United States Diplomatic Codes and

Ciphers, 1175-1938, Chicago, Precedent Publishing, 1979.

[WEL] Welsh, Dominic, "Codes and Cryptography," Oxford Science

Publications, New York, 1993.

[WELC] Welchman, Gordon, 'The Hut Six Story', McGraw-Hill,

New York 1982.

[WHOR] Whorf, B. L., "A Linguistic Consideration of Thinking In

Primitive Communities," In Language, Thought, and
Reality: Selected Writings of Benjamin Lee Whorf, ed. J.
B. Carroll, Cambridge, MA: MIT Press, pp. 65-86., 1956.

[WINT] Winton, J., " Ultra at Sea: How Breaking the Nazi Code
Affected Allied Naval Strategy During WWII," New Uork,
William Morror, 1988.

[WINK] Winkle, Rip Van, "Hungarian: The Cryptogram,", March -

April 1956.

[WINT] Winterbotham, F.W., 'The Ultra Secret', Weidenfeld

and Nicolson, London 1974.

[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill Books,

NY, 1970.

[WOLF] Wolfe, Jack M., " A First Course in Cryptanalysis,"

Brooklin College Press, NY, 1943.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"

Crown Publishers, New York, 1990.

[XEN1] PHOENIX, "Xenocrypt Handbook," American Cryptogram

Association, 1 Pidgeon Dr., Wilbraham, MA., 01095-2603,
for publication March, 1996.

[YARD] Yardley, Herbert, O., "The American Black Chamber,"

Bobbs-Merrill, NY, 1931.

[YAR1] Yardley, H. O., "The Chinese Black Chamber," Houghton

Mifflin, Boston, 1983.
[YOKO] Yukio Yokoyama, "Tokushu joho kaisoka," unpublished
 handwritten manuscript.

[YOUS] Youshkevitch, A. P., Geschichte der Mathematik im

Mittelatter, Liepzig, Germany: Teubner, 1964.

[YUKI] Yukio Nishihara, "Kantogan tai-So Sakusenshi," Vol 17.,

unpublished manuscript, National Institute for Defense
Studies Military Archives, Tokyo.,(hereafter NIDS
Archives)

[ZIM] Zim, Herbert S., "Codes and Secret Writing." William

Morrow Co., New York, 1948.

[ZEND] Callimahos, L. D., Traffic Analysis and the Zendian

Problem, Agean Park Press, 1984. (also available
through NSA Center for Cryptologic History)

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

February 22, 1996

Revision 0

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 8

INTRODUCTION TO CRYPTARITHMS

AND

HILL CIPHER

SUMMARY

In Lecture 8, we depart from the schedule for a real treat.

In the first part of this Lecture, we introduce Cryptarithms by
our guest lecturer LEDGE (Dr. Gerhard D. Linz). LEDGE has
already produced one of our better references on beginning
cryptography [LEDG], and I appreciate his assistance in our
course. The cryptarithms portion of this course will be
presented in three lectures and for the final book labelled
Lectures 20 - 23.

Following the Cryptarithms section we introduce the Hill

Cipher.

Our second guest lecturer is NORTH DECODER. Dr. Jerry Metzger

and his team are presenting you with the Crypto Drop Box and
the ACA-L Listserver. The Hill cipher has six GIF files
associated with it and can be found at the CDB.

Waiting in wings patiently for my resource materials is TATTERS

to present Cipher Exchange problems.

INTRODUCTION TO CRYPTARITHMS (by LEDGE)

Here's the first of the Cryptarithm lectures. It consists of a

general introduction to the genre including how to read the
problems. That's followed by an explanation of modulo
arithmetic. Then we look at how to identify the letters that
represent 0, 1 and 9, called digital characteristics. Then
there are two sections on making inferences, each demonstrating
a problem solution. Finally, there's a section on extracting
square roots.

Next lecture LEDGE will give some aids for solving

multiplication problems and then go into base 11 and base 12
arithmetic. Perhaps after that I can go to the more
complicated problems such as double key division.

PART I

DEFINITION: A cryptarithm is a mathematical problem, generally

in arithmetic, in which the numerical digits have been replaced
systematically by letters. The challenge of the problem is to
identify the digit for each letter and the key, if any.

Rules: 1. Each digit is replaced by one and only one letter

throughout the problem.
2. All digits appear at least once in the problem.
3. No letter represents more than one digit.
4. The numerical base, if other than ten (decimal),
is named.
5. The highest order digit of a number cannot be
zero.

KEYS: A table consisting of each of the letters used in the

cryptarithm paired with its numerical equivalent constitutes
the key to the cryptarithm. When the digits are arranged in
numerical order, either from smallest to largest or largest to
smallest or other logical order, the letter portion of the key
may spell out one or more words. The word or words are then
known as the keyword or keywords. Generally, the constructor of
the problem indicates the number of words or the fact that the
letters do not spell out words.

When the letter portion of the key consists of a word or

several words with no repeated letters (rule 3, above), the
digits are assigned in one of four ways:

1. From 0 to 9 (0-9). Ex. L O G A R I T H M S

0 1 2 3 4 5 6 7 8 9

2. From 9 to 0 (9-0) 9 8 7 6 5 4 3 2 1 0

3. From 1 to 0 (1-0) 1 2 3 4 5 6 7 8 9 0
 4. From 0 to 1 (0-1) 0 9 8 7 6 5 4 3 2 1

In the first and fourth case L represents 0; in the second it

represents 9; and in the third it represents 1, etc. Higher
base arithmetic systems require additional digits according to
the size of the base. Undecimal is based on 11 digits rather
than 10. Generally the letter X or A is used to represent the
11th digit, or ten. Thus instead of a key for 0-9 we would have
a key for 0-X or 0-A. Ex. B I G N U M E R A L S
0 1 2 3 4 5 6 7 8 9 X

Here the digit X (ten) will be replaced by S when it occurs.

In undecimal, 10 means eleven. If you do not understand the
concept of higher base arithmetic systems now, you will get an
extended treatment of this topic later in the course.

If no word is used, that fact will be stated as well as the

order in which letter equivalents are to be reported, e.g., No
word, (0-9), indicating that the letters for reporting purposes
are to be arranged starting with the letter representing 0,
followed by the letter for 1, then 2, etc., with the letter for
9 last. The letters will then appear in random order, generally
not alphabetical order.

ARITHMETIC: Knowledge of addition, subtraction, multiplication

and division of whole numbers in base 10 (decimal) system will
be assumed. Extraction of square and cube roots will be
explained later. While base 13 problems sometimes appear among
the numbered problems in the Cryptarithms section, they and
higher base problems are generally offered as specials. More
esoteric operations, such as powers, magic squares, Pythagorean
equations, etc. are also offered as specials for those who like
extra challenges.

PROBLEM STATEMENT: In order to conserve space in the journal,

the problems in the Cryptarithms section are written
sequentially on one or more lines. I recommend rewriting the
problems in normal arithmetic format on every other line, so as
to have room for trial numbers. The process, without skipping
lines, will be illustrated with each of the normal type of
problems presented for solution.

The following sample problems to be rewritten are taken from

the September-October, 1993, issue of The Cryptogram:

C-1. Square root. (Two words, 1-0) by EDNASANDE.

VO'TI'NG gives root VTO; - IN = NNTI; - NNNT = HONG; -UIGG =
NUFE

_V__T__O
Rewritten: {VO'TI'NG
IN___
NN TI
NN_NT
HO NG
 UI_GG
NU FE

C-3. Division. (Three words, 9-0) by LI'L GAMIN.

AUSSIE v SHEEP = UE; - SHEEP = SUMAIE; - SPIBHP = LUHE

____UE
Rewritten: SHEEP/AUSSIE
SHEEP
SUMAIE
SPIBHP
LUHE

C-6. Subtractions. (Two words, (0-9) by CAGEY KIWI.

LADIES - GENTS = GNSDGS. DAMES - MALES = NDGSS

Rewritten: LADIES DAMES

-GENTS -MALES
GNSDGS NDGSS

Additions and equations (mixed additions and subtractions) are

rearranged the same way.

C-8. Multiplication. (Three words, 0-9) by APEX DX.

OTTAWA x ON = HNNTLIL + IIIEHE = TOOINRL

Rewritten: OTTAWA
___xON
HNNTLIL
IIIEHE_
TOOINRL

At this point you should understand the mechanics of the

presentation of the problems. You should also be ready to
construct cryptarithms of your own, although they may not be
suitable as yet for publication. To be suitable for
publication, the problem must conform to the rules listed on
page 1, and have a unique numerical solution. There must be one
and only one key that will solve the problem. If you have
understood the material thus far, you are ready to consider
ways of analyzing a problem to obtain the solution.

MODULO ARITHMETIC: Since we will be dealing with the ten

digits, 0 - 9, but sometimes adding or subtracting them to get
numbers that are either greater than 9 or less than 0 (in other
words negative numbers), we need a way of reducing those
results back to the digits mathematically. Modulo arithmetic is
that way. If you add 8 + 5, you get 13. If you want to talk
about only the units digit of the result, you could subtract 10
from the 13 and get that units digit, 3. We say, then, that 13
= 3 (modulo 10). The 10 comes from the fact that there are ten
digits in the decimal system. When we learned addition, we
learned to carry the 10 to the next column on the left, thus
avoiding having to write a two digit number in a space where
there is room for only one:

28
+5
33 or 20 + 13 (8 + 5).

In subtraction, 5 - 8 = -3, but -3 is not in the range of the

positive digits. Here we could add 10 to -3: -3 + 10 = 7, or -3
= 7 (modulo 10). In a subtraction problem we get the 10 by
borrowing it from the next highest order digit in the
subtrahend: 25
-8
= 17 or 20 - 3 or 10 + (10 - 3)

The way we learned to subtract eliminates the negative numbers

by borrowing 10 from the 20 in 25. Modulo arithmetic is another
way of talking about the same process.

DIGITAL CHARACTERISTICS: Gaining an entry into a problem is

often expedited by being able to identify one or more of the
digits. Those most commonly identifiable with a little bit of
study of the problem are 0, 9, and 1. Zero in particular has a
number of recognizable characteristics. Add zero to a number
and the sum is that number, i.e., A + 0 = A. Similarly,
subtracting zero from a number yields that number, i.e., A -0 =
A. Multiply a number by zero and you get zero. Subtract a
number from itself and you get zero, i.e., A - A = 0. Once
zero is identified, you will have the first or last letter of a
keyword, if any.

If 0 cannot be identified through any of the characteristics

enumerated above, it may yet be possible to discover the
candidates for it through a process of elimination. Given a
number, we know that the highest order digit of that number
cannot be zero. So if we have a number, ABC, then A is not
zero. Let's use that fact and any other inferences we can make
on the example multiplication problem, C-8, from page 3.

OTTAWA
___xON
HNNTLIL
IIIEHE_
TOOINRL

This problem has five different numbers with four different

beginning letters: O, H, I, and T. None of those can be zero.
The multiplier, ON, contains the digit N which, when
multiplying OTTAWA, produces a product not equal to zero.
Hence, N does not equal zero. When adding the two partial
products, E + I yields R not either E or I. Hence neither E
nor I = zero. We have eliminated seven letters as candidates
for zero. So far, at least, L, W, or R could be zero. It will
take more detailed analysis to determine which one is actually
zero.

The number 9 has some interesting characteristics, one of which

mimics zero. When subtracting 9 from a number, you must borrow
from the next higher digit. The difference between 9 and the
number is then one more than that number, i.e., 24 - 9 = 15
contains 4 -9 yielding 4 + 1 or 5. The 2 in the original
number has been reduced by 1 because of the borrowing.

Let's look at another subtracting operation involving 9.: 247 -

48 = 199 or 247
-48
= 199

That example includes a digit that is subtracted from itself.

That operation normally would produce zero. Here it produces 9

because of a borrowing necessitated by a previous subtraction,
namely 7 - 8. 4 - 4 becomes 3 -4 yielding 9 and reducing the 2
to 1. That sort of effect is not possible in the units place of
a number because there is no previous borrowing when dealing
with whole numbers. Thus, when given a problem that includes:

ABCDE
-DCFE
GHIJ

H could equal 0 or 9. More information is needed to resolve the

ambiguity. We have it here in the units place where E -E = J.
There is no ambiguity in that fact since there cannot have been
any previous borrowing. So J = 0 and H = 9.

The number one can often be recognized as the highest order

digit of a number particularly when, in a subtraction problem,
it is not carried down to the answer line. Note that in the
previous example, A is the highest order of the subtrahend, the
number from which another number is to be subtracted. It does
not appear in GHIJ, the difference between the two numbers.
Clearly, it must have disappeared in the process of borrowing.
D must be greater than B, thus B - D yields G, a number that is
greater than B and necessitating borrowing one from A, reducing
it to zero. Notice than when subtracting a larger digit from a
smaller one, the resulting difference is larger than the
subtrahend digit, e.g., 5 - 8 yields 7 or 15 - 8 = 7 > 5. If
you now understand subtracting using modulo arithmetic, you
will recognize that 5 - 8 = -3 which = 7 (modulo 10). In
modulo arithmetic we can add or subtract the base, here 10, as
many times as necessary to produce a number in the desired
range, here 0 to 9. (See page 3, "Modulo arithmetic," 1st
sentence.)

The number one can also be spotted in multiplication since one

times a number equals that number, i.e. A x 1 = A. One times
one also yields one, making it one of three digits that when
squared or multiplied by itself yields a number whose unit
digit is the same as the number squared: 1 x 1 = 1, 5 x 5 = 25,
and 6 x 6 = 36. Once again, modulo arithmetic lets us know that
25 = 5 (modulo 10) and 36 = 6 (modulo 10).
MAKING INFERENCES: (Example 1). Once you have done what you can
to spot 0, 1 and 9, you will have to rely on your knowledge of
arithmetic to determine the possibilities of the other letters
and to make decisions about their values. To see how that
works, let's work on a simple problem, the division problem C-3
at the bottom of page 2. It's reproduced below:

____UE
SHEEP/AUSSIE
SHEEP
SUMAIE
SPIBHP
LUHE

Before reading on, see what you can do with this problem.
Remember, the key is three words, 9-0. When you are ready, read
on for the solution.

In the above problem, we are helped by being able to find all

three of the digits, 0, 1, and 9. In the first subtraction,
I - P = I. In the second subtraction, E - P = E. Both facts
make 0 = P. Note also that U x P = P and E x P = P, both
consistent with P = 0, but not sufficient to prove that P is
zero, since both of those equations, modulo 10, could be true
for P = 5, e.g., 3 x 5 = 15 and 7 x 5 = 35, both ending in 5.
Next for the letter that represents one. U x SHEEP = SHEEP.
Hence, U must be 1. Note also in the second subtraction, U -P =
blank or zero. Since we know P to be zero, U must be 1. These
chains of reasoning are typical in the solution of
cryptarithms.

Now let's find the letter for 9. In the first subtraction, note
that U - H = U. That could make H be zero or nine. In the
absence of other information, you could not be sure which of
those is true. Here you already know that zero is represented
by P. Thus, H = 9.

You now have a lot of useful information. Let's look at the

multiplications for more. U x SHEEP is 1 x SHEEP = SHEEP, not
much help there. E x SHEEP = SPIBHP. You can replace the
identified letters with their digital equivalents and get:
E x S9EE0 = S0IB90. E x 0 = 0, so far so good. E x E = 9
(modulo 10). What are the possible values of E. E could be 3,
as 3 x 3 = 9, or 7, since 7 x 7 = 49 or 9 (modulo 10). Let's
try out each possibility. 3 x S9330 = ??7990 or ??IHHP, not
consistent with SPIBHP. So E is not 3. E must then be 7. Let's
check that and see what else you can uncover. 7 x S9770 =
??8390 making I = 8 and B = 3. Now SPIBHP is S08390. 8 is
preceded by 0 so 7 x S must end in 4 since we are carrying a 6
from the multiplication of 7 x 9 and 6 + 4 = 0 (modulo 10).
Hence, S must be 2 as 7 x 2 = 14. SPIBHP becomes 208390. To
bring order out of all this in-formation, we need to
reconstruct as much of the key as we can.

9 8 7 6 5 4 3 2 1 0
H I E B S U P

The missing letters are A, L, and M, all found in the second

subtraction. Entering what is known now makes that subtraction

21MA87
-208390
L197

Remember, you can check a subtraction by adding the subtracter

and the difference to get the subtrahend. Here, 0 + 7 = 7;
9 + 9 = 18, carrying 1 to the next addition; 1 + 3 + 1(carried)
= 5, so A = 5. Since L and M are both less than 8, representing
as they do the two remaining unidentified digits, 6 and 4. L +
8 = M (modulo 10), or 6 + 8 = 14 or 4 (modulo 10). So L
= 6 and M = 4. The key becomes HIELAMBSUP.

You could also have worked with the first subtraction, as it

contains the letters M and A. Try that now using the partially
reconstructed key above. The results should be the same.

MAKING INFERENCES: (Example 2). The multiplication example, C-

8, given on page 3 presents somewhat more difficulties than the
previous one, as none of 0, 1, or 9 can be initially
identified. There are enough other clues, however, to make the
solution come through a straightforward series of inferences.
Before reading on, see what you can recover from that problem
on your own. When you are in a thoroughly stuck place, read on
for some help, or the complete solution.

Here is the problem:

OTTAWA
___xON
HNNTLIL
IIIEHE_
TOOINRL

It was determined that zero is represented by L, W, or R. On

page 3 the key is stated to be three words, 0-9. First, notice
that N time OTTAWA results in a 7-digit number and that O time
OTTAWA results in a 6-digit number, the same length as OTTAWA.
Examine the second product carefully. O x OTTAWA = IIIEHE. The
highest order I (first digit of IIIEHE) results from the
product O x O. O cannot = 1 for 1 x OTTAWA = OTTAWA. O
cannot be as large as 4, for 4 x 4 = 16, which would add a
seventh digit to the product. So O = 2 or 3. 3 x 3 = 9, which
would make I at least 9. Looking at the problem again, the
first I is added to H giving T, a digit, but adding anything
other than zero to 9 produces a two digit number. So I
cannot be 9 and O cannot be 3. So O = 2.
With O = 2, I must be 4 or 5 since O x O is 4 or could be 5 if
a 1 is carried from the previous multiplication (2 x T).
So we have the following multiplication: 2 x 2TTAWA = 444EHE
or 555EHE. We can divide each of those products by the
multiplier, 2, getting respectively 222??? and 277???. The
first quotient gives 222??? to represent OTTAWA - not possible
(it would be OOO???). The second quotient is consistent in
making T = 7 and I = 5. OTTAWA becomes 277AWA. IIIEHE = 555EHE.

Now let's look at the first product, N x 277AWA = HNN7LIL. The

product must be less than 10 x OTTAWA and that makes its first
digit less than O. There is only one such digit, so H = 1. You
could now divide 1NN7LIL by various values of N to find a
quotient that begins 277. It's easier, however, to look at the
addition of the two partial products as they contain N's.

1NN7LIL
555EHE_
7225NRL

Since 1 + 5 = 7 (highest order pair), N + 5 must be >

10. That would allow a carried 1 to be added to 1 + 5.
N + 5 + 1(carried from the previous N + 5) = 2 (modulo 10).
That makes N = 6. Let's pause to construct a partial key using
the information so far identified.

The key table becomes:

0 1 2 3 4 5 6 7 8 9
H O I N T

It's also possible to rewrite the problem substituting digits

for the identified letters:

277AWA
____x26
1667L5L
555E1E_
72256RL

The sums produce the following modulo 10 equation: E + 7 = 5;

L + 1 = 6; E + 5 = R. The equations ignore possible carries of
1 which you may have to supply. Accepting that contingency, the
first equation produces 8 as the only possible value of E. The
third equation then makes R = 3 since there is no carry
possible. The second equation makes 4 and 5 possible values of
L, but 4 is the only available digit. Of the three letters that
could be zero only W is left unidentified. Only 9 is left for
A. As a check, 9 x 6 = 4 or L and 9 x 2 = 8 or E, checking
out. The key has become WHORLINTEA as the solution.

EXTRACTING SQUARE ROOTS: Not understanding the following

algebraic analysis of the process of extracting a square root
is no barrier to understanding how to follow the method. It is
included here for those who are interested in understanding how
it is that the method works.
When squaring a number, one doubles the number of digits of the
original number. If you square 9, you get 81, 2 digits.
Squaring 3 you get 09. Square 35 and you get 1225, 4 digits.
Square 12 and you get 0144. When extracting the square root of
a number, you take cognizance of this fact by making a mark
after every two numbers beginning from the decimal point in
both directions. So 45678.96 becomes 4'56'78.96' with the
initial 4 being understood as 04. As many pairs 00 can be added
after the last mark without changing the value of the number.

The first trial root is the largest number whose square is

equal to or less than the initial pair of numbers. We'll call
that trial root x. (One could use the largest number whose
square is equal to or less than the initial two or more pairs
of numbers. That makes no theoretical difference although in
practice that's more difficult.) The square of x is then
subtracted from the first pair of numbers. The next pair of
numbers is appended to the difference as in a long division
problem.

Now there is room for a 2-digit root whose first digit is x.

If we call its second digit y, the root becomes 10x+y.
Multiplying that number by itself produces 100x} + 20xy +y}.
That can be factored to produce 100x} + y(20x + y). As x} has
already been subtracted from the highest order two digit number
of the original number it remains to subtract y(20x + y) from
the current remainder to make sure that y is not too large and
to determine a new remainder.

Now let's extract the square root of 45678. First mark after
every second number starting at the decimal point.
_______
{4'56'78 The first pair of numbers is 04. The
square root of 4 is 2, a number we'll
place above the 4. We'll then square 2
getting 4 and placing it under the 4 in
the number and subtracting. Since the
remainder is zero we'll merely pull down
the next pair, 56, and produce our trial
divisor. The work looks like:

2______
{4'56'78
4___
56 The trial divisor is produced by
multiplying the root we have, 2, by 20
making 40. 40 divides into 56 one time
(trial y) which is added to 40 making
41. The trial y, 1, is placed over the
second digit of the new pair, 6. 41 is
multiplied by y (1) and subtracted from
56. Then 78 is pulled down at the end of
the difference. The work looks like:

2__1___
{4'56'78
4___
 41 56
41___
15 78 Again the root, now 21 is multiplied by
20 giving 420. 1578 divided by 420
gives 3, our new y which is added to
420 giving 423. 3 x 423 or 1269 is
then subtracted from 1578 giving a
remaider of 309. The 3 is put above the
8 of 78 making the new root 213 with a
remainder. If it were desired to extend
the calculation to the right of the
decimal point, a pair of zeroes could
be appended to the remainder and the
process repeated with a decimal point
placed in the root after the 3. The
work without going past the decimal
point becomes:

2__1__3
{4'56'78
4___
41 56
41___
423 15 78
12_69
3 09
You can check that by squaring 213 (213
x 213) and adding 309. You should get
45,678. Practice by taking the square
root of another 5 or 6-digit number and
checking your outcome. Solve C-1 on
page 2 for homework.

If you want more practice work, find divisions, square roots,

and multiplication problems in the two current issues of The
Cryptogram. Do the subtraction problem, C-6 on page 3 if you
wish. Discuss problems you may have with your mentor. If you
have suggestions, questions, or other reactions you wish to
share with me, my address is

Dr. Gerhard D. Linz

2649 Tanglewood Road
Decatur, GA 30033-2729.

My e-mail address is [email protected].

I hope your pleasure in solving Cryptarithms is enhanced by

this presentation. Next time I'll respond to any concerns you
have. I also plan to give you some more tools for
multiplication and introduce counting systems based on 11 and
above.

LEDGE
January 2, 1996
OBSERVATIONS ON SQUARES (LANAKI)

Dr. Andree gives us some hints on squares and square roots.

[OKLA]

S-1 Squares end only in 0, 1, 4, 5, 6, or 9.

S-2 If (...S)**2 ends in ...S, then S=0,1, 5 or 6.

S-3 If (...S)**2 ends in B n.e. S, then S= 2,3,4,7,8 or 9

B= 1, 4, 6 or 9

S-4 If (..X)**2 ends in 0 1 4 5 6 9

then (...X) ends in 0 1,9 2,8 5 4,6 3,7

S-5 If N contains k digits, then N**2 contains either 2k-1 or

2k digits.

HILL CIPHER SYSTEM (by NORTH DECODER)

There are two basic ways to prevent the tell-tale behavior

of plaintext letters from showing through in ciphertext. One
method is to vary the ciphertext letter that replaces a given
plaintext letter. That is the solution offered by the Vigenere
and other polyalphabetic systems. A second technique is to
encipher the plaintext in chunks of several letters at a time.
The Playfair system provides a compact method for enciphering
digraphs, that is, pairs of letters. While the Playfair does
disguise the behavior of individual letters, even better would
be a system that operated on letters in groups of three letter
(or four or five or ...). It seems that no convenient pencil-
and-paper method for handling such trigraphic (or quadgraphic
or ...) encipherment has been devised.

In 1929, Lester Hill [HIL1, HIL2] described an algebraic

procedure that allows encipherment of plaintext letters n at a
time (that is, in n-graphs), where n can be any positive
integer 1,2,3,.... Hill's Cipher could be carried out by hand
probably without too much hardship for groups of letters up to
five. After that, it would become a challenge to keep the
computations accurate. However, on a computer it would
be feasible to work with large groups of letters, and it seems
that plaintext enciphered in such a system using say 10-graphs
would be difficult to crack.

The first step in using Hill's system is to assign numerical

values to the 26 letters of the alphabet. There is nothing
sacred about 26 in the system. The ideas work just as well for
alphabets of any size. So it would be possible to add a few
punctuation marks to the usual alphabet to get say 29 symbols,
or to work entirely with data in binary form with an alphabet
of just two symbols. Also the numerical equivalents of the
letters of the alphabet could be assigned in some arbitrary
way, which would probably add to the security of the system.
For these notes, the 26 letter alphabet will be used, and
letters will be given their standard numerical equivalents,
namely a = 00, b = 01, ..., z = 26. The encipherment of
plaintext is most neatly described using matrix
multiplication. A matrix is a rectangular array of numbers
such as:

| 1 5 3 |
M = | 0 2 1 |

That particular matrix has 2 rows and 3 columns. More briefly,

it is a 2 x 3 matrix. In certain cases, the product of two
matrices can be computed. The rule for multiplication requires
that the number of columns in the lefthand factor match
the number of rows in the righthand factor. For example, if

| 2 5 0 1 |
N = | 7 6 1 3 |
| 3 3 0 1 |

Then the product MN can be formed since M has three columns and
N has three rows. On the other hand, the product NM is not
defined. For these two matrices the product is

| 1 5 3 | | 2 5 0 1 | | 46 44 5 19 |
MN = | 0 2 1 | X | 7 6 1 3 | = | 17 15 2 7 |
| 3 3 0 1 |

The upper lefthand entry in the product matrix is produced

by multiplying each number in the first row of M by the
corresponding number in the first column of N, and adding the
results:(1)(2)+(5)(7)+(3)(3)=46. That explains why the number
of columns in M must match the number of rows in N. The second
number in the first row of the product is produced in the same
way by multiplying the first row of M times the second column
of N: (1)(5)+(5)(6)+(3)(3)=44. And so on, the third number in
the first row of the product is produced by multiplying the
first row of M by the third column of N, and finally, the
fourth number in the first row of the product comes from
multiplying the first row of M by the fourth column of N. To
produce the second row of the product, the second row of M is
used in place of the first row of M in the preceding
computations. So, for example,(0)(2)+(2)(7)+(3)(3)=17 gives
the first number in the second row of the product matrix. If M
had more rows, each would be used in turn in the same way to
produce one more row in the product matrix.

If you think about the multiplication process described above,

you will see that the result of multiplying an r x s matrix and
an s x t matrix will be an r x t matrix.

In the application of matrix multiplication to the Hill Cipher

system, all arithmetic will be carried out modulo 26. In other
words, any time a number appears which is 26 or larger, it is
divided by 26, and the number is replaced by the remainder of
the division. In the example above, the computation of the
top left number in the product of M and N could be written as
(1)(2)+(5)(7)+(3)(3) = 2 +35 + 9 = 2 + 9 + 9 = 20 (mod 26). The
symbol (mod 26) is added here just to indicate there is
funny arithmetic being used, namely that arithmetic is being
done modulo 26. If the alphabet had 29 symbols instead of 26,
operations would be carried out modulo 29. Since all the
examples here will be done modulo 26, the indicator (mod 26)
will be omitted from now on. So we will write the example
above as:

| 1 5 3 | | 2 5 0 1 | | 20 18 5 19 |
MN = | 0 2 1 | X | 7 6 1 3 | = | 17 15 2 7 |
| 3 3 0 1 |

To encipher the plaintext message "send more money", first the

message is rewritten in groups of letters of the selected
length. For this example, length three will be used, so the
message becomes "sen dmo rem one ykz", where two nulls have
been added to fill out the last group. Next an enciphering
matrix, or key, is selected. If letter groups of size n are
being used, an n x n enciphering matrix will be needed.
For this example, the 3 x 3 matrix

| 1 7 22 |
E = | 4 9 2 |
| 1 2 5 |

will be used. Notice that the numbers in the matrix might as

well be selected between 0 and 25 since all arithmetic will be
done modulo 26 anyway. To encipher the first three letter
group of plaintext, it is written as a 3 x 1 matrix, say P, the
letters are replaced by their numerical equivalents, and the
matrix product EP is computed.

The product is a 3 x 1 matrix, say C. Its entries are

converted to letters, and these give the ciphertext for the
first group. Here are the details.

| 1 7 22 | | s | | 1 7 22 | |18 | |20| | U |
EP = | 4 9 2 | X | e | = | 4 9 2 | X | 4 |= | 4|= | E |
| 1 2 5 | | n | | 1 2 5 | |13 | |13| | N |

So the first three letters of ciphertext are UEN. The second

trigraph is enciphered as

| 1 7 22 | | d | | 1 7 22 | | 3 | | 5| | F |
EP = | 4 9 2 | X | m | = | 4 9 2 | X |12 |= |18|= | S |
| 1 2 5 | | o | | 1 2 5 | |17 | |19| | T |

Continuing in this way, the ciphertext is found to be UEN FST

XYH LZI UCN, or, in traditional five letter groups, UENFS
TXYHL ZIUCN. Notice that in this example, repeated plaintext
letters are replaced by different ciphertext letters, and
repeated ciphertext letters represent different plaintext
letters.

Deciphering requires a second matrix that undoes the effects of

the enciphering matrix. For the enciphering matrix given above,
the deciphering matrix, or deciphering key, is

| 21 23 18 |
D = | 6 23 6 |
| 9 7 15 |

and operating on the first ciphertext trigram UEN gives

| U | | 21 23 18 | | 20 | | 18 | | s |
D | E | = | 6 23 6 | X | 4 | = | 4 | = | e |
| N | | 9 7 15 | | 13 | | 13 | | n |

Operating on the remaining ciphertext trigram produces the rest

of the plaintext message.

The enciphering key matrix cannot be selected arbitrarily. For

example, the matrix

| 0 0 0 |
Z = | 0 0 0 |
| 0 0 0 |

would convert every plaintext message into the ciphertext

AAAAAAAA. To allow unique decipherment, an n x n enciphering
key matrix should convert different plaintext n-grams into
different ciphertext n-grams. An n x n matrix that behaves that
way is called nonsingular.

There are a number of more or less efficient tests for

nonsingularity. Here is one test that involves the determinant
of an n x n matrix. The determinant of a square matrix is a
number computed from the entries in the matrix. The definition
builds up from small matrices to larger ones. First the
determinant of any 1 x 1 matrix is defined to be the number
that is the entry in that matrix. Thus det |7| = 7. To
compute the determinant of a 2 x 2 matrix, step across the
entries in the first row of the matrix, multiply each entry by
the determinant of the 1 x 1 matrix that appears when the row
and the column the entry appears in are eliminated from
the matrix. The numbers produced in this way are alternately
added and subtracted to produce the determinant of the matrix.
Here's an example.

| 4 3 |
det | 8 2 | = (4) (det |2| ) -(3) ( det |8| ) =

4 x 2 - 3 x 8 = 8 - 24 = -16.

The determinant of a 3 x 3 matrix is produced in the same way:

step across the first row, multiply each entry by the
determinant of the 2 x 2 matrix that appears when the entry's
row and column are crossed out, and alternately add and
subtract the resulting numbers. For the matrix of the earlier
example, the computations, carried out modulo 26 this time,
look like

| 1 7 22 | |9 2| | 4 2 |
det | 4 9 2 | = 1 x det |2 5| - 7 x det | 1 5 |
| 1 2 5 |

| 4 9 |
+ 22 x det | 1 2 | = 1 x 41 - 7 x 18 + 22 x(-1) = 23

The computation of the determinant is extended to larger

square matrices in the same pattern. More efficient ways to
compute determinants are discussed in textbooks on Linear
Algebra.

The importance of the determinant is that a matrix is

nonsingular (and so usable as an enciphering key matrix in
Hill's cipher) if and only if its determinant is relatively
prime to 26. The matrix above has determinant 23 which is
relatively prime to 26, so it is a legal enciphering key. More
generally, if the alphabet used for the plaintext is made up of
m symbols, then the usable enciphering matrices are those with
determinant relatively prime to m. In the case of an alphabet
of 26 symbols, the determinant of a usable matrix must be odd
but not 13. Notice that if the size of the alphabet is
increased to 29 by adding a few punctuation symbols, many more
legal enciphering matrices will be available, both because
operations will now be carried out modulo 29, and also because
every number from 1 to 28 would be an acceptable value for the
determinant of an enciphering key matrix.

Once an enciphering key matrix has been selected, the companion

deciphering matrix needs to be computed. There are some
reasonably efficient methods for finding the deciphering
matrix. The method given here is easy to describe, but not
very efficient. Check out a Linear Algebra text for better
methods to handle matrices larger than say 4 x 4.

The first step is the computation of the determinant of

the enciphering key E. If det E = e, then a number d is needed
such that ed= 1 (mod 26). For a relatively small modulus such
as 26, the d can be found by trial and error. Simply compute e
times 1,3,5,7 ,9,11,15,17,19,21,23, and 25 until a product
equivalent to 1 modulo 26 appears.

For larger alphabets with say m letters, solving ed =1 (mod m)

can be carried out in a more sophisticated way using the
Euclidean Algorithm, for example.

Check a Number Theory text for details. Set the number d aside
for a minute.

Second, each number in the enciphering key matrix is replaced

by the determinant of the matrix obtained when the element's
row and column are erased from the matrix.
Third, plus and minus signs are prefixed to each entry in the
new matrix in a checkerboard pattern starting with a plus sign
in the upper lefthand corner.

Next, the matrix is flipped over the diagonal from the upper
left corner to the lower right corner so that the first row be
comes the first column, the second rows becomes the second
column, and so on.

Finally, each entry in the matrix is multiplied by the d

computed in the first step.

The resulting matrix is D, the deciphering key matrix.

Here are the computations that produce the deciphering key D of

the example above. The determinant of the enciphering key E
has already been computed: det E = 23. Since (17)(23) = 1 (mod
26), it follows that d = 17. Next, the 1 in the upper left
handcorner of E is replaced by

| 9 2 |
det | 2 5 | = (9)(5)-(2)(2) = 45 - 4 = 41 = 15 (mod 26).

where, in the last step, 41 has been reduced modulo 26.

The replacement for the 7 in the first row and second column is

| 4 2 |
det| 1 5 | = (4)(5)-(2)(1) = 18 (mod 26).

The replacement for the 9 in the second row and second column
is

| 1 22 |
det| 1 5 | = (1)(5) - (22)(1) = - 17 = 9 (mod 26).

When all nine entries in E have been replaced, the matrix looks
like

| 15 18 25 |
| 17 9 21 |
| 24 18 7 |

Adding the plus and minus signs in a checkerboard pattern

produces and replacing negative numbers by equivalent positive
numbers modulo 26 gives

| 15 -18 25 | | 15 8 25 |
| -17 9 -21 | = | 9 9 5 |
| 24 -18 7 | | 24 8 7 |

Flipping over the diagonal gives

| 15 9 24 |
| 8 9 8 |
| 25 5 7 |
Finally, multiplying every entry of the last matrix by the
d=17 computed earlier, and reducing the entries modulo 26, the
result is

| (17)(15) (17)(9) (17)(24) | | 21 23 18 |

D = | (17)( 8) (17)(9) (17)( 8) | = | 6 23 6 |
| (17)(25) (17)(5) (17)( 7) | | 9 7 15 |

Arithmetic done with matrices has a lot in common with

arithmetic done with ordinary numbers. The n x n matrix whose
entries are all 0 except for 1's down the diagonal from the
upper left to the lower right is called the identity matrix.
It plays a role in matrix multiplication similar to the role 1
plays in multiplication of numbers. That is, for any number m,
(1)(m) = m, while for any n x k matrix M, it is easily checked
that IM= M. Moreover, for each number r (provided r is not
equal to 0), it is possible to find a number s so that sr=1.
The number s is called the multiplicative inverse of r, and is
written as r^(-1) (that is, r to the -1 power). Likewise, for
each n x n matrix M (provided it is nonsingular), there is an
n x n matrix N for which MN=I. The matrix N is called
the inverse of M, and is written as M^(-1).

The Hill Cipher system can be expressed compactly using some

algebraic notation. To encipher a plaintext n-gram using the
Hill Cipher, a nonsingular n x n matrix M is selected.
The n-gram is written as an n x 1 matrix P, and the ciphertext
is the n x 1 matrix C determined by the equation

C = MP.

The deciphering matrix is the inverse of M. When the

ciphertext C is multiplied by M^(-1), the plaintext is
recovered.

M^(-1) C = M^(-1) MP = IP = P.

Hill suggested that a good choice for an enciphering key matrix

M is one that turns out to be its own inverse. If M = M^(-1),
Mi s called an involuntary matrix. The advantage gained is that
it is not necessary to compute the deciphering key. There are
a number of methods that will automatically produce involuntary
matrices, so the process of finding involuntary matrices does
not have to proceed by trial-and-error. In any case, almost all
papers written about the Hill Cipher system following Hill's
time down to the present day assume the key is involuntary.

It seems that Hill and a partner (Weisner) filed a patent

(Message Protector, patent number 1,854,947) for a mechanical
version of the Hill Cipher in 1929, which, according to Kahn
[KAHN], used an involuntary matrix enciphering key so that the
same machine could be used to both encipher and decipher.

The Message Protector patented by Weisner and Hill provides

a mechanical means of doing matrix multiplication. The device
illustrated in the patent application is more accurately
described as authentication indicator rather than a
cryptographic mechanism. The principle of operation is very
simple. The active component consists of three gears on an axle
which are connected to three accumulator gears by chains. The
three accumulator gears all have the same number of teeth (101
in the patent), and they can rotate independently. The three
gears on the axle have 101, 202 and 303 teeth. As the axle is
turned through a certain amount, the accumulator gears turn
one, two and three times as far respectively. The teeth on
the accumulator gears are numbered from 0 to 100, and small
gear on the axle also has its teeth numbered from 0 to 100.

Now suppose the three accumulator gears start in position

0,0,0. If the axle turned through an amount that rotates its
small gear through 43 teeth, then accumulator gear one will
read 43, accumulator two will show 86 and accumulator three
will show 28. The last value occurs since the third
accumulator wheel will have made more than one revolution. If
the starting position of the accumulator wheels had been
11,91,4, then the axle rotation through 43 teeth would leave
the accumulators showing 53,76,32. In essence, the
accumulators are modulo 101.

On the actual devise, there are six axles, and their gears can
be moved to engage the accumulator drive chain one axle at a
time. The placement of the gears on the axles vary from one
axle to the next. On the illustrated machine in the patent,
the sequence is:

axle 1: 101,202,303
axle 2: 202,303,101
axle 3: 303,101,202
axle 4: 101,303,202
axle 5: 202,101,303
axle 6: 303,202,101

Suppose the accumulators begin showing 0,0,0. Keeping track

for now of only the total on the accumulator that connects to
first gear on each axle, here is what happens as the axles are
turned as follows:

axle 1: 23,
axle 2: 10,
axle 3: 88,
axle 4: 17,
axle 5: 41, and
axle 6: 51.

Initially, all the axles are disengaged from the accumulator

drive chain. (Keeping in mind the number of teeth on the first
gear on each axle.) axle 1 is engaged, turned 23, and the
accumulator shows 23. Axle 1 is disengaged, axle 2 is engaged,
turned 10, and the accumulator shows 43. Axle 2 is disengaged,
axle 3 is engaged, turned 88 , and the accumulator shows 4.
Axle 4 is disengaged, axle 4 is engaged, turned 17, and the
accumulator shows 21. Axle 4 is disengaged, axle 5 is
engaged, turned 41, and the accumulator shows 18. Axle 5 is
disengaged, axle 6 is engaged, turned 51, and the accumulator
shows 70. The final total on the on that accumulator
represents the computation
(1)(23)+(2)(10)+(3)(88)+(1)(17)+(2)(41)+(3)(51) = 70 (mod 101).

Likewise the value on the accumulator connected to the second

gear on each axle shows the result of the operation

(2)(23)+(3)(10)+(1)(88)+(3)(17)+(1)(41)+(2)(51) = 2 (mod 101).

Matrix notation can be used to express to whole operation

compactly as

| 23 |
| 10 |
| 1 2 3 1 2 3 | | 88 | | 59 |
| 2 3 1 3 1 2 | . | 17 | = | 55 |
| 3 1 2 2 3 1 | | 41 | | 54 |
| 51 |

where arithmetic has been carried out modulo 101.

To use the machine to authenticate a check for example, six

numbers, between 0 and 101, are selected from the check.
Perhaps the dollar amount of $1230.45 could be split up as 12
and 30 and the cents could be ignored. The check number of say
22131 might contribute three more numbers, 2, 21, and 31.
Finally, the date of the check, maybe January 25, 1996 might
contribute a sixth number, say 25. Of course, people must
agree on how these numbers are selected. The check writer runs
the six values through the Message Protector as described
above, and the resulting triple of values is stamped on the
check. The bank, before cashing the check, operates on the
same six numbers with its Message Protector, and makes sure
that the numbers produced on the accumulators matches the ones
stamped on the check, thus being sure that none of the
important figures on the check have been changed.

Although the Message Protector is a clever engineering

construction, there are certainly many obvious mechanical
shortcomings as well as weaknesses in the cryptographic system
which probably explains why the machine never became popular.
In fact, it's not clear if any were actually constructed. It
would take a good salesman to get people to spend money on a
machine to multiple 3 x 6 and 6 x 1 matrices. There did not
seem to be and reasonable way to change the gear sizes. If a
key matrix with entries besides 1, 2, and 3 were wanted, the
number of teeth on the gears would soon become so large that
the structure would have to be made pretty large, instead of
the shoebox size Weisner and Hill diagrammed.

Weisner and Hill also explain how the Message Protector could
be modified to act as a cryptographic devise. First of all,
the numbers on the various gears would be replaced by letters,
and the number of teeth on the accumulator gears would be 26 so
that the arithmetic operations would be carried out modulo 26.
Next, the axles would now carry six gears each, with the number
of teeth on each gear being a multiple of 26. There would be
six accumulators, so that six plaintext are converted to six
ciphertext letters. They say that the number of teeth on
the various gears "have to be selected according to certain
mathematical principles". What they mean, of course, is the
6 x 6 matrix, each entry of which gives the multiple of 26 that
gives the number of teeth on the corresponding gear, has to be
non-singular modulo 26. It is suggested that the matrix may be,
but does not have to be, selected to be involuntary.

The gearing in the devise cannot be changed easily, and

certainly cannot be changed arbitrarily, so it seems the
gearing set was intended to be selected once and for all. Since
that pretty much makes the device cryptographically pointless,
the inventors proposed that a plaintext message first be
converted to a preliminary ciphertext according to so system
left unspecified, but they probably had something like a
Playfair in mind. The resulting ciphertext is then passed
through the 6 x 6 Message Protector, to yield an intermediate
ciphertext which is then passed through a third and final
encipherment using another unspecified cipher system. The
final ciphertext is transmitted, and the authorized recipient
reverses each of the three encipherments to recover the
original plaintext. It's not very clear how much additional
security has been introduced passing the text through the
Message Protector.

Nearly all discussions of cryptanalysis of Hill enciphered

messages begin with the fairly generous assumptions that the
cryptanalyst knows that an involuntary key matrix of known size
has been used, and also knows the numerical values assigned to
the alphabet letters. The only unknown is the particular key
matrix used to encipher the message. For a key matrix of size
2 x 2, a brute force attack is feasible since there are only
736 2 x 2 involuntary matrices. As the size of the key grows,
a brute force attack is no longer practical. For larger key
sizes, no specific cryptanalytic approaches have been
published. But, several authors given more or less detailed
descriptions of cryptanalysis, with examples for small key size
(2 x 2, 3 x 3) using the classic probable word or crib
technique. That is, a piece of plaintext is assumed to appear
in the message, and it is tried in each possible position.
At each test location, a number of equations must be true if
the crib is to generate the ciphertext at that spot. It turns
out that even with a relatively modest crib (3 letters for a
2 x 2 key, and 4 for a 3 x 3 key), most positions can be
eliminated as impossible by applying a few principles of linear
algebra. Each possible crib location will produce a candidate
matrix key. A trial decipherment of the ciphertext is made.
If recognizable plaintext results, the cryptogram is broken. If
not, the crib is moved along to the next possible spot, and the
process is repeated. For details on see on cryptanalysis of
the Hill Cipher, see [LEV1], [LEV2], [LEV3], [SINK], [MELL].

NORTH DECODER advises that the Hill cipher patent diagrams (GIF
format) scanned in reasonable well into the CDB. If you would
like to look at them, the files they are at the CDB in
 /lanaki.crypt.class/docs/hill-gifs

There is a freeware gif file viewer at the CDB in

/msdos/gif-viewers

HOMEWORK SOLUTIONS FROM LECTURE 7

FRE-2. K2. (105) Another species. {sauvage,fp=ST] MELODE

P Q N X B M H Q I Q A B C I Q D K E X Q B Q O Q

P' W M R R Q; D K E X Q B Q O Q U Q I Q E Q Q M C

T E X R X B X D Q , X P Q A B K P' W M R R Q N Q

V C Q N W K B O Q U M C B B X Q E Q Q A B K C

N W K B A K C D K U Q.

Solution reads: (PRIMITIVE) Le citoyen est une variete de

l'homme; vavariete degeneree ou primitive, il est a l'homme ce
que chat de gouttiere est au chat sauvage.

FRE-3. K2. (87) (jamais, A=b) It's fun trying. GUNG HO

D G X Z Q N J D P M C J P U P L S U E' Z D

Z D H U Q J S E J S N P U Q E Z H Z D P M J H -

K N D P: G Z K U D I Q S N U , G Z H S P D L S U,

U Q G U P O Z H U P . * R J I Q U I U G G U

Solution reads: (AMOUR) Il y a trois choses que j'ai aime

toujours et jamais compris: La peinture, la musique, et les
dames. Fontenelle.

FRE-4. PAT from [GIVI] page 13.and ff. (130)

Solve and recover key(s).

YJXMG XBXUF JGECU JEBZD XAMNM ZDFLG FAFNJ OFNDJ

GVJXE FNNME VRJZJ KAFNB FNZAG NCUJE BNRUX OFNJG

NNXKX FELGF BJRVF NOFUI FXAAF GTFVR FAFKU FNBJE

NADXN VMXUF

PAT format reads: JAIOU IDIRE AUNGR ANDPH ILOSO PHEQU ELESA
MESHA UTAIN ESSON TCAPA BLESD ESPLU SGRAN DSCRI MESAU SSIBI
ENQUE DACTE SMERV EILLE UXETC ELEBR ESDAN SLHIS TOIRE.

ITA-2. K2. (88) ( ne, han, con) Thirty days hath September.
LABRONICUS

I D S A I K Q W P L A I K A L B S C M D S P L A

K E D W Z S, U W O U A L S R S I I S C M D S . Q W

B S A I L I I L P S A ' S O A L. I O I I W U Z W

K Z I D W A S V K A I D S A U I O A L.

Solution reads: (CALANDRIO) Trenta di contra Novembre con

Aprile, giugno e Settembre. Di ventotto ce n'e uno. Tutti gli
altri ne han trentuno.

ITA-3. K2. (117) (sulla, f=I). La frode necessaria. MICROPOD

G Z Q K E A F S Z L T K F Q A Q S F N F Q K G K Q

T G G Z P Z Q F R A T J Z E F N S Z M T Z J S A S

Z R A P T D A F F Q K G K Z L Z S S K E O F J F Q

Q T J K R A E Z F Q Z S S Z H F J S F M T F G G K

E O F L F J Q Z G A J X T S Z J D.

Solution reads: (PERFIDO) La sicieta puoesister esolo sulla

basediunacerta quantitadibugie esolo apatto che
nessunodicaesattamente quello che pensalinyutang.

SPA-1. BARKER

Z K E P C U K Y T C Y D M S R V C T P E R A

Z P Z N D Z K G C T Y R Z K R N T D G R Y C V K
K S T P Q D P E R M K T C Y G R Z Y P Q P M P E K E

E C M K S C Z S K E R G R T C M U R U C Z S R.

Partial solution: no key. TADI MAS RESULTO HERIDO Y

SPA-2. K2. (96) (deseo, f=R) Musica. D. STRASSE

T I Z Q B J N A Z K J K T F Z N B P L T B B F

K N A G B N A G K T F P J G T P A O Z F M B F

S J G H N B R T B T I K T N Z G B I Q B

B P K J I Q Z I B J M P B B J N A Q G A O J M B

M Z I Y Z N.

Partial solution: (HOMBRES) UNA TEORIA POPULAR ES QUE

SPA-3. (122) (-ulado, MZ=qk) Flight? LIFER

N S P Y K I X P U A K P Z D X P S P E X K R L K O

K A X T S P Q K D X R K R R S S I N K Y K R L A R

S D K T Q L D L P X K T A S Q X S P X P R S O S P

R X J K R K T O A S T S P Q X L S D O A X I S A E

C S D L R S C P V D L N L B A X O C D K R L.

Partial solution: (DIPLOMAT) BENJAMIN FRANKLIN ENVIADO

POR-2. K2 (96) (tenta; gj=NQ) Machine Age? YO TAMBIEN

E P E J T X D U R T C J Z X G C V R J D J

X I N R S O C H C D T C V R P U C D V R J

Z J U D C T J H J D G X U M P C H J A X H X

O X T J T V R J A J U A C M C B J S X.

*O. *T R T M X I H *Q X U J D

Solution reads: (VIDAREL) Vivemos numa epoca que se orgulha

das maquinas que pensam e desconfia de todo homen que tenta
fazelo. H. Mumford Jones.
POR-3. K1. (nossos va-) Letter to horseman? ZYZZ

U C U C G V C J F D E F W E O C B G C V S I H C L

I T I W F Y C V F U H F W F T L F R F B C H W F C

E S H I L F G I C D E G T I J H C V G R P C V C J

F V D E F W F H C V L F V F H J I S K I X J I Z U

I G V T I V V I V B C D E F G H I V V C I F Y K F

R F T W F V.

Partial Solution reads: (VAQUEIRO): Papai sabe que tu.

NEW PROBLEMS

C-1 Give two solutions to: (BE)**2 = ARE

C-2 Square root: [OKLA] [OKLI]

R, A, T, S
-----------
|Q UA RT ET
-A
-----
T UA
-T SI
-----
U RT
-A UT
-----
E AO ET
-E ES UB
---------
R AR

>From Sinkov [SINK] two Hill system problems:

Hill-1

Decipher the message: YITJP GWJOW FAQTQ XCSMA ETSQU

SQAPU SQGKC PQTYJ
Use the deciphering matrix | 5 1 |
| 2 7 |

Hill-2

Decipher the message: MWALO LIAIW WTGBH JNTAK QZJKA ADAWS

SKQKU AYARN CSODN IIAES OQKJY B

Use the deciphering matrix | 2 23 |

| 21 7 |

REFERENCES / RESOURCES [updated 22 February 1996]

[ACA] ACA and You, "Handbook For Members of the American

Cryptogram Association," ACA publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure

Communications", American Cryptogram Association,
 1994.

[ACM] Association For Computing Machinery, "Codes, Keys and

Conflicts: Issues in U.S. Crypto Policy," Report of a
Special Panel of ACM U. S. Public Policy Committee
(USACM), June 1994.

[AFM] AFM - 100-80, Traffic Analysis, Department of the Air

Force, 1946.

[ALAN] Turing, Alan, "The Enigma", by A. Hodges. Simon and

Schuster, 1983.

[ALBA] Alberti, "Treatise De Cifris," Meister Papstlichen,

Princeton University Press, Princeton, N.J., 1963.

[ALKA] al-Kadi, Ibrahim A., Origins of Cryptology: The Arab

Contributions, Cryptologia, Vol XVI, No. 2, April 1992,
pp 97-127.

[AND1] Andree, Josephine, "Chips from the Math Log," Mu Alpha

Theta, 1966.

[AND2] Andree, Josephine, "More Chips from the Math Log," Mu

Alpha Theta, 1970.

[AND3] Andree, Josephine, "Lines from the O.U. Mathematics

Letter," Vols I,II,III, Mu Alpha Theta, 1971,1971,1971.

[AND4] Andree, Josephine and Richard V., "RAJA Books: a Puzzle

Potpourri," RAJA, 1976.

[ANDR] Andrew, Christopher, 'Secret Service', Heinemann,

London 1985.

[ANNA] Anonymous., "The History of the International Code.",

Proceedings of the United States Naval Institute, 1934.

[AS] Anonymous, Enigma and Other Machines, Air Scientific

Institute Report, 1976.

[AUG1] D. A. August, "Cryptography and Exploitation of Chinese

Manual Cryptosystems - Part I:The Encoding Problem",
Cryptologia, Vol XIII, No. 4, October 1989.

[AUG2] D. A. August, "Cryptography and Exploitation of Chinese

Manual Cryptosystems - Part II:The Encrypting Problem",
Cryptologia, Vol XIV, No. 1, August 1990.

[BADE] Badeau, J. S. et. al., The Genius of Arab Civilization:

Source of Renaissance. Second Edition. Cambridge: MIT
Press. 1983.

[BAMF] Bamford, James, "The Puzzle Palace: A Report on

America's Most Secret Agency," Boston, Houghton Mifflin,
1982.

[BARB] Barber, F. J. W., "Archaeological Decipherment: A

 Handbook," Princeton University Press, 1974.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and Essays,

London, 1928.

[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The

Simple Substitution Cipher with Word Divisions," Aegean
Park Press, Laguna Hills, CA. 1975.

[BAR2] Barker, W., ed., History of Codes and Ciphers in the

U.S. During the Period between World Wars, Part II,
1930 - 1939., Aegean Park Press, 1990.

[BAR3] Barker, Wayne G., "Cryptanalysis of the Hagelin

Cryptograph, Aegean Park Press, 1977.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.

[BARR] Barron, John, '"KGB: The Secret Work Of Soviet Agents,"

Bantom Books, New York, 1981.

[BAUD] Baudouin, Captain Roger, "Elements de Cryptographie,"

Paris, 1939.

[BAZE] Bazeries, M. le Capitaine, " Cryptograph a 20 rondelles-

alphabets," Compte rendu de la 20e session de l'
Association Francaise pour l'Advancement des Scienses,
Paris: Au secretariat de l' Association, 1892.

[BEES] Beesley, P., "Very Special Intelligence", Doubleday, New

York, 1977.

[BLK] Blackstock, Paul W. and Frank L Schaf, Jr.,

"Intelligence, Espionage, Counterespionage and Covert
Operations," Gale Research Co., Detroit, MI., 1978.

[BLOC] Bloch, Gilbert and Ralph Erskine, "Exploit the Double

Encipherment Flaw in Enigma", Cryptologia, vol 10, #3,
July 1986, p134 ff. (29)

[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th ed.,

Annapolis: U.S. Naval Institute, 1978.

[BODY] Brown, Anthony - Cave, "Bodyguard of Lies", Harper and

Row, New York, 1975.

[BOLI] Bolinger, D. and Sears, D., "Aspects of Language,"

3rd ed., Harcourt Brace Jovanovich,Inc., New York,
1981.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An

Introduction to Information Security," Hayden Books,
Rochelle Park, NJ, 1990.
[BOWE] Bowers, William Maxwell, "The Bifid Cipher, Practical
Cryptanalysis, II, ACA, 1960.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.

[BRAS] Brasspounder, "Language Data - German," MA89, THe

Cryptogram, American Cryptogram Association, 1989.

[BROO] Brook, Maxey, "150 Puzzles in Cryptarithmetic,"

Dover, 1963.

[BRIT] Anonymous, "British Army Manual of Cryptography",

HMF, 1914.

[BROG] Broglie, Duc de, Le Secret du roi: Correspondance

secrete de Louis XV avec ses agents diplomatiques
1752-1774, 3rd ed. Paris, Calmann Levy, 1879.

[BRYA] Bryan, William G., "Practical Cryptanalysis - Periodic

Ciphers -Miscellaneous", Vol 5, American Cryptogram
Association, 1967.

[BURL] Burling, R., "Man's Many Voices: Language in Its

Cultural Context," Holt, Rinehart & Winston, New York,
1970.

[CAND] Candela, Rosario, "Isomorphism and its Application in

Cryptanalytics, Cardanus Press, NYC 1946.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight Letters

in Length, Aegean Park Press, Laguna Hills, CA 92654,
1986.

[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in Length,

Aegean Park Press, Laguna Hills, CA 92654, 1986.

[CASE] Casey, William, 'The Secret War Against Hitler',

Simon & Schuster, London 1989.

[CAVE] Cave Brown, Anthony, 'Bodyguard of Lies', Harper &

Row, New York 1975.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NJ, 1990.

[CHOI] Interview with Grand Master Sin Il Choi.,9th DAN, June

25, 1995.

[CHOM] Chomsky, Norm, "Syntactic Structures," The Hague:

Mouton, 1957.

[CHUN] Chungkuo Ti-erh Lishih Tangankuan, ed "K'ang-Jih

chengmien chanch'ang," Chiangsu Kuchi Ch'upansheh,
1987., pp993-1026.

[CI] FM 34-60, Counterintelligence, Department of the Army,

 February 1990.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis Of The

Columnar Double Transposition Cipher, by Courville
Assoc., South Gate, CA, 1986.

[CLAR] Clark, Ronald W., 'The Man who broke Purple',

Weidenfeld and Nicolson, London 1977.

[COLF] Collins Gem Dictionary, "French," Collins Clear Type

Press, 1979.

[COLG] Collins Gem Dictionary, "German," Collins Clear Type

Press, 1984.

[COLI] Collins Gem Dictionary, "Italian," Collins Clear Type

Press, 1954.

[COLL] Collins Gem Dictionary, "Latin," Collins Clear Type

Press, 1980.

[COLP] Collins Gem Dictionary, "Portuguese," Collins Clear Type

Press, 1981.

[COLR] Collins Gem Dictionary, "Russian," Collins Clear Type

Press, 1958.

[COLS] Collins Gem Dictionary, "Spanish," Collins Clear Type

Press, 1980.

[COPP] Coppersmith, Don.,"IBM Journal of Research and

Development 38, 1994.

[COVT] Anonymous, "Covert Intelligence Techniques Of the Soviet

Union, Aegean Park Press, Laguna Hills, Ca. 1980.

[CULL] Cullen, Charles G., "Matrices and Linear

Transformations," 2nd Ed., Dover Advanced Mathematics
Books, NY, 1972.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford

University Press, London, 1974.

[DALT] Dalton, Leroy, "Topics for Math Clubs," National Council

of Teachers and Mu Alpha Theta, 1973.

[DAN] Daniel, Robert E., "Elementary Cryptanalysis:

Cryptography For Fun," Cryptiquotes, Seattle, WA., 1979.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The Cryptogram,

September-October, Vol XLII, No 5. 1976.

[DEAC] Deacon, R., "The Chinese Secret Service," Taplinger, New

York, 1974.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum," tr. by

Gilbert Watts, (1640) or tr. by Ellis, Spedding, and
 Heath (1857,1870).

[DELA] Delastelle, F., Cryptographie nouvelle, Maire of Saint-

Malo, P. Dubreuil, Paris, 1893.

[DENN] Denning, Dorothy E. R.," Cryptography and Data

Security," Reading: Addison Wesley, 1983.

[DEVO] Devours, Cipher A. and Louis Kruh, Machine Cryptography

and Modern Cryptanalysis, Artech, New York, 1985.

[DIFF] Diffie, Whitfield," The First Ten Years of Public Key

Cryptography," Proceedings of the IEEE 76 (1988): 560-
76.

[DIFE] Diffie, Whitfield and M.E. Hellman,"New Directions in

Cryptography, IEEE Transactions on Information Theory
IT-22, 1976.

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[EIIC] Ei'ichi Hirose, ",Finland ni okeru tsushin joho," in

Showa gunji hiwa: Dodai kurabu koenshu, Vol 1, Dodai
kurabu koenshu henshu iinkai, ed., (Toyko: Dodai keizai
konwakai, 1987), pp 59-60.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956.

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,

"ENIGMA95 - A Simulation of Enhanced Enigma Cipher
Machine on A Standard Personal Computer," for
publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
Ciphers," Ambassador Books, Toronto, Canada, 1956.

[EYRA] Eyraud, Charles, "Precis de Cryptographie Moderne'"

Paris, 1953.

[FL] Anonymous, The Friedman Legacy: A Tribute to William and

Elizabeth Friedman, National Security Agency, Central
Security Service, Center for Cryptological History,1995.

[FREB] Friedman, William F., "Cryptology," The Encyclopedia

Britannica, all editions since 1929. A classic article
by the greatest cryptanalyst.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

 Military Cryptanalytics Part I - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR4] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part IV, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR5] Friedman, William F. Military Cryptanalysis - Part I,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR6] Friedman, William F. Military Cryptanalysis - Part II,

Aegean Park Press, Laguna Hills, CA, 1980.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FREA] Friedman, William F. , "Advanced Military Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FRAA] Friedman, William F. , "American Army Field Codes in The

American Expeditionary Forces During the First World
War, USA 1939.

[FRAB] Friedman, W. F., Field Codes used by the German Army

During World War. 1919.

[FR22] Friedman, William F., The Index of Coincidence and Its

Applications In Cryptography, Publication 22, The
Riverbank Publications, Aegean Park Press, Laguna
Hills, CA, 1979.

[FROM] Fromkin, V and Rodman, R., "Introduction to Language,"

4th ed.,Holt Reinhart & Winston, New York, 1988.

[FRS] Friedman, William F. and Elizabeth S., "The

Shakespearean Ciphers Examined," Cambridge University
Press, London, 1957.

[FUMI] Fumio Nakamura, Rikugun ni okeru COMINT no hoga to

hatten," The Journal of National Defense, 16-1 (June
1988) pp85 - 87.

[GAR1] Gardner, Martin, "536 Puzzles and Curious Problems,"

Scribners, 1967.

[GAR2] Gardner, Martin, "Mathematics, Magic, and Mystery ,"

Dover, 1956.

[GAR3] Gardner, Martin, "New Mathematical Diversions from

Scientific American," Simon and Schuster, 1966.

[GAR4] Gardner, Martin, "Sixth Book of Mathematical Games

from Scientific American," Simon and Schuster, 1971.

[GARL] Garlinski, Jozef, 'The Swiss Corridor', Dent,

 London 1981.

[GAR1] Garlinski, Jozef, 'Hitler's Last Weapons',

Methuen, London 1978.

[GERM] "German Dictionary," Hippocrene Books, Inc., New York,

1983.

[GIVI] Givierge, General Marcel, " Course In Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1978. Also, M.
Givierge, "Cours de Cryptographie," Berger-Levrault,
Paris, 1925.

[GRA1] Grandpre: "Grandpre, A. de--Cryptologist. Part 1

'Cryptographie Pratique - The Origin of the Grandpre',
ISHCABIBEL, The Cryptogram, SO60, American Cryptogram
Association, 1960.

[GRA2] Grandpre: "Grandpre Ciphers", ROGUE, The Cryptogram,

SO63, American Cryptogram Association, 1963.

[GRA3] Grandpre: "Grandpre", Novice Notes, LEDGE, The

Cryptogram, MJ75, American Cryptogram Association,1975

[GRAH] Graham, L. A., "Ingenious Mathematical Problems and

Methods," Dover, 1959.

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976

[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing

Discovery and Decipherment," Basic Books, New York,
1982.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[HAWA] Hitchcock, H. R., "Hawaiian," Charles E. Tuttle, Co.,

Toyko, 1968.

[HAWC] Hawcock, David and MacAllister, Patrick, "Puzzle Power!

Multidimensional Codes, Illusions, Numbers, and
Brainteasers," Little, Brown and Co., New York, 1994.

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For

Divided and Undivided Cryptograms," unpublished
manuscript, 1984.

[HIDE] Hideo Kubota, " Zai-shi dai-go kokugun tokushu joho

senshi." unpublished manuscript, NIDS.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic

Alphabet", The American Mathematical Monthly, June-July
1929.
[HIL1] Hill, L. S. 1929. Cryptography in an Algebraic
Alphabet. American Mathematical Monthly. 36:306-312.

[HIL2] Hill, L. S. 1931. Concerning the Linear

Transformation Apparatus in Cryptography. American
Mathematical Monthly. 38:135-154.

[HINS] Hinsley, F. H., "History of British Intelligence in the

Second World War", Cambridge University Press,
Cambridge, 1979-1988.

[HIN2] Hinsley, F. H. and Alan Strip in "Codebreakers -Story

of Bletchley Park", Oxford University Press, 1994.

[HISA] Hisashi Takahashi, "Military Friction, Diplomatic

Suasion in China, 1937 - 1938," The Journal of
International Studies, Sophia Univ, Vol 19, July, 1987.

[HIS1] Barker, Wayne G., "History of Codes and Ciphers in the

U.S. Prior to World War I," Aegean Park Press, Laguna
Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of Military
Ciphers," Aegean Park Press, Laguna Hills, CA, 1976.

[HODG] Hodges, Andrew, "Alan Turing: The Enigma," New York,

Simon and Schuster, 1983.

[HOFF] Hoffman, Lance J., editor, "Building In Big Brother:

The Cryptographic Policy Debate," Springer-Verlag,
N.Y.C., 1995. ( A useful and well balanced book of
cryptographic resource materials. )

[HOF1] Hoffman, Lance. J., et. al.," Cryptography Policy,"

Communications of the ACM 37, 1994, pp. 109-17.

[HOM1] Homophonic: A Multiple Substitution Number Cipher", S-

TUCK, The Cryptogram, DJ45, American Cryptogram
Association, 1945.

[HOM2] Homophonic: Bilinear Substitution Cipher, Straddling,"

ISHCABIBEL, The Cryptogram, AS48, American Cryptogram
Association, 1948.

[HOM3] Homophonic: Computer Column:"Homophonic Solving,"

PHOENIX, The Cryptogram, MA84, American Cryptogram
Association, 1984.

[HOM4] Homophonic: Hocheck Cipher,", SI SI, The Cryptogram,

JA90, American Cryptogram Association, 1990.

[HOM5] Homophonic: "Homophonic Checkerboard," GEMINATOR, The

Cryptogram, MA90, American Cryptogram Association, 1990.

[HOM6] Homophonic: "Homophonic Number Cipher," (Novice Notes)

LEDGE, The Cryptogram, SO71, American Cryptogram
Association, 1971.

[HUNG] Rip Van Winkel, "Hungarian," The Cryptogram, March -

 April, American Cryptogram Association, 1956.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,

Yorktown Heights, N.Y., 1971.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994.

[ITAL] Italian - English Dictionary, compiled by Vittore E.

Bocchetta, Fawcett Premier, New York, 1965.

[JAPA] Martin, S.E., "Basic Japanese Coversation Dictionary,"

Charles E. Tuttle Co., Toyko, 1981.

[JOHN] Johnson, Brian, 'The Secret War', Arrow Books,

London 1979.

[KADI] al-Kadi, Ibrahim A., Cryptography and Data Security:

Cryptographic Properties of Arabic, Proceedings of the
Third Saudi Engineering Conference. Riyadh, Saudi
Arabia: Nov 24-27, Vol 2:910-921., 1991.

[KAHN] Kahn, David, "The Codebreakers", Macmillian Publishing

Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New

Cryptology," MacMillan Co., New York, 1983.

[KAH2] Kahn, David, "An Enigma Chronology", Cryptologia Vol

XVII,Number 3, July 1993.

[KAH3] Kahn, David, "Seizing The Enigma: The Race to Break the
German U-Boat Codes 1939-1943 ", Houghton Mifflin, New
York, 1991.

[KERC] Kerckhoffs, "la Cryptographie Militaire, " Journel des

Sciences militaires, 9th series, IX, (January and
February, 1883, Libraire Militaire de L. Baudoin &Co.,
Paris. English trans. by Warren T, McCready of the
University of Toronto, 1964

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KONH] Konheim, Alan G., "Cryptography -A Primer" , John Wiley,

1981, pp 212 ff.

[KORD] Kordemsky, B., "The Moscow Puzzles," Schribners, 1972.

[KOTT] Kottack, Phillip Conrad, "Anthropology: The Exploration

Of Human Diversity," 6th ed., McGraw-Hill, Inc., New
York, N.Y. 1994.

[KOZA] Kozaczuk, Dr. Wladyslaw, "Enigma: How the German

Machine Cipher was Broken and How it Was Read by the
Allies in WWI", University Pub, 1984.

[KRAI] Kraitchek, "Mathematical Recreations," Norton, 1942, and

Dover, 1963.
[KULL] Kullback, Solomon, Statistical Methods in Cryptanalysis,
Aegean Park Press, Laguna Hills, Ca. 1976

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing Through

The Ages," Abelard-Schuman, London, 1973.

[LAI] Lai, Xuejia, "On the Design and Security of Block

Ciphers," ETH Series in Information Processing 1, 1992.
(Article defines the IDEA Cipher)

[LAIM] Lai, Xuejia, and James L. Massey, "A Proposal for a New
Block Encryption Standard," Advances in Cryptology -
Eurocrypt 90 Proceedings, 1992, pp. 55-70.

[LAKE] Lakoff, R., "Language and the Women's Place," Harper &
Row, New York, 1975.

[LANG] Langie, Andre, "Cryptography," translated from French

by J.C.H. Macbeth, Constable and Co., London, 1922.

[LATI] BRASSPOUNDER, "Latin Language Data, "The Cryptogram,"

July-August 1993.

[LAUE] Lauer, Rudolph F., "Computer Simulation of Classical

Substitution Cryptographic Systems" Aegean Park Press,
1981, p72 ff.

[LEAU] Leaute, H., "Sur les Mecanismes Cryptographiques de M.

de Viaris," Le Genie Civil, XIII, Sept 1, 1888.

[LEDG] LEDGE, "NOVICE NOTES," American Cryptogram Association,

1994. [ One of the best introductory texts on ciphers
written by an expert in the field. Not only well
written, clear to understand but as authoritative as
they come! ]

[LENS] Lenstra, A.K. et. al. "The Number Field Sieve,"

Proceedings of the 22 ACM Symposium on the Theory of
Computing," Baltimore, ACM Press, 1990, pp 564-72.

[LEN1] Lenstra, A.K. et. al. "The Factorization of the Ninth

Fermat Number," Mathematics of Computation 61 1993,
pp. 319-50.

[LEWI] Lewin, Ronald, 'Ultra goes to War', Hutchinson,

London 1978.

[LEWY] Lewy, Guenter, "America In Vietnam", Oxford University

Press, New York, 1978.

[LEVI] Levine, J., U.S. Cryptographic Patents 1861-1981,

Cryptologia, Terre Haute, In 1983.

[LEV1] Levine, J. 1961. Some Elementary Cryptanalysis

of Algebraic Cryptography. American Mathematical
Monthly. 68:411-418
[LEV2] Levine, J. 1961. Some Applications of High-
Speed Computers to the Case n =2 of Algebraic
Cryptography. Mathematics of Computation. 15:254-260

[LEV3] Levine, J. 1963. Analysis of the Case n =3 in Algebraic

Cryptography With Involuntary Key Matrix With Known
Alphabet. Journal fuer die Reine und Angewante
Mathematik. 213:1-30.

[LISI] Lisicki, Tadeusz, 'Dzialania Enigmy', Orzet Biaty,

London July-August, 1975; 'Enigma i Lacida',
Przeglad lacznosci, London 1974- 4; 'Pogromcy
Enigmy we Francji', Orzet Biaty, London, Sept.
1975.'

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret

Writing," David Kemp Co., NY 1936.

[MADA] Madachy, J. S., "Mathematics on Vacation," Scribners,

1972.

[MAGN] Magne, Emile, Le plaisant Abbe de Boisrobert, Paris,

Mecure de France, 1909.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and

Ciphers", Alexander Maclehose & Co., London, 1936.

[MARO] Marotta, Michael, E. "The Code Book - All About

Unbreakable Codes and How To Use Them," Loompanics
Unlimited, 1979. [This is a terrible book. Badly
written, without proper authority, unprofessional, and
prejudicial to boot. And, it has one of the better
illustrations of the Soviet one-time pad with example,
with three errors in cipher text, that I have corrected
for the author.]

[MARS] Marshall, Alan, "Intelligence and Espionage in the Reign

of Charles II," 1660-1665, Cambridge University, New
York, N.Y., 1994.

[MART] Martin, James, "Security, Accuracy and Privacy in

Computer Systems," Prentice Hall, Englewood Cliffs,
N.J., 1973.

[MAVE] Mavenel, Denis L., Lettres, Instructions Diplomatiques

et Papiers d' Etat du Cardinal Richelieu, Historie
Politique, Paris 1853-1877 Collection.

[MAYA] Coe, M. D., "Breaking The Maya Code," Thames and Hudson,
New York, 1992.

[MAZU] Mazur, Barry, "Questions On Decidability and

Undecidability in Number Theory," Journal of Symbolic
Logic, Volume 54, Number 9, June, 1994.
[MELL] Mellen G. 1981. Graphic Solution of a Linear
Transformation Cipher. Cryptologia. 5:1-19.

[MEND] Mendelsohn, Capt. C. J., Studies in German Diplomatic

Codes Employed During World War, GPO, 1937.

[MERK] Merkle, Ralph, "Secrecy, Authentication and Public Key

Systems," Ann Arbor, UMI Research Press, 1982.

[MER1] Merkle, Ralph, "Secure Communications Over Insecure

Channels," Communications of the ACM 21, 1978, pp. 294-
99.

[MER2] Merkle, Ralph and Martin E. Hellman, "On the Security of

Multiple Encryption ," Communications of the ACM 24,
1981, pp. 465-67.

[MER3] Merkle, Ralph and Martin E. Hellman, "Hiding

Information and Signatures in Trap Door Knapsacks,"
IEEE Transactions on Information Theory 24, 1978, pp.
525-30.

[MILL] Millikin, Donald, " Elementary Cryptography ", NYU

Bookstore, NY, 1943.

[MM] Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A New

Dimension in Computer Data Security, " Wiley
Interscience, New York, 1982.

[MODE] Modelski, Tadeusz, 'The Polish Contribution to the

Ultimate Allied Victory in the Second World War',
Worthing (Sussex) 1986.

[MRAY] Mrayati, Mohammad, Yahya Meer Alam and Hassan al-

Tayyan., Ilm at-Ta'miyah wa Istikhraj al-Mu,amma Ind
al-Arab. Vol 1. Damascus: The Arab Academy of Damascus.,
1987.

[MYER] Myer, Albert, "Manual of Signals," Washington, D.C.,

USGPO, 1879.

[NBS] National Bureau of Standards, "Data Encryption

Standard," FIPS PUB 46-1, 1987.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog Signals for
the Navy with Brief Description of the Ardois Hight
System," In Proceedings of the United States Naval
Institute, Annapolis: U. S. Naval Institute, 1891.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts 1-3,"

ACA-L, August 24, 1995.

[NIC3] Nichols, Randall K., "2erman Reduction Ciphers Parts

1-4," ACA-L, September 15, 1995.
[NIC4] Nichols, Randall K., "Russian Cryptography Parts 1-3,"
ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F. Friedman",

NCSA FORUM, August 20, 1995.

[NIC6] Nichols, Randall K., "Wallis and Rossignol," NCSA

FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to

Cryptography,", in The Cryptogram, ND95, ACA, 1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down Morse
Code System," The Cryptogram, SO95, ACA publications,
1995.

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM, March 10,
1995.

[NICX] Nichols, R. K., Keynote Speech to A.C.A. Convention,

"Breaking Ciphers in Other Languages.," New Orleans,
La., 1993.

[NICK] Nickels, Hamilton, "Codemaster: Secrets of Making and

Breaking Codes," Paladin Press, Boulder, CO., 1990.

[NORM] Norman, Bruce, 'Secret Warfare', David & Charles,

Newton Abbot (Devon) 1973.

[NORW] Marm, Ingvald and Sommerfelt, Alf, "Norwegian," Teach

Yourself Books, Hodder and Stoughton, London, 1967.

[NSA] NSA's Friedman Legacy - A Tribute to William and

Elizabeth Friedman, NSA Center for Cryptological
History, 1992, pp 201 ff.

[OKLA] Andre, Josephine and Richard V. Andree, "Cryptarithms,"

Unit One, Problem Solving and Logical Thinking,
University of Oklahoma, Norman, Ok. Copy No: 486, 1976.

[OKLI] Andre, Josephine and Richard V. Andree, " Instructors

Manual For Cryptarithms," Unit One, Problem Solving and
Logical Thinking, University of Oklahoma, Norman, Ok.
Copy No: 486, 1976.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[PERR] Perrault, Charles, Tallement des Reaux, Les

Historiettes, Bibliotheque del La Pleiade, Paris 1960,
pp 256-258.

[PGP] Garfinkel, Simson, "PGP: Pretty Good Privacy," O'reilly

and Associates, Inc. Sebastopol, CA. 1995.

[PHIL] Phillips, H., "My Best Puzzles in Logic and Reasoning,"

 Dover, 1961.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,

Ventura, Ca. 93003.

[POLY] Polya, G., "Mathematics and Plausible Reasoning,"

Princeton Press, 1954.

[POL1] Polya, G., "How To Solve It.," Princeton Press, 1948.

[POPE] Pope, Maurice, "The Story of Decipherment: From Egyptian

Hieroglyphic to Linear B., Thames and Hudson Ltd., 1975.

[PORT] Barker, Wayne G. "Cryptograms in Portuguese," Aegean

Park Press, Laguna Hills, CA., 1986.

[POR1] Aliandro, Hygino, "The Portuguese-English Dictionary,"

Pocket Books, New York, N.Y., 1960.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &

C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &

C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G &

C. Merriam Co., Norman, OK. 1981.

[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,

Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.

Merriam Co., Norman, OK. 1982.

[REJE] Rejewski, Marian, "Mathematical Solution of the Enigma

Cipher" published in vol 6, #1, Jan 1982 Cryptologia pp
1-37.

[RHEE] Rhee, Man Young, "Cryptography and Secure Commun-

ications," McGraw Hill Co, 1994

[RIVE] Rivest, Ron, "Ciphertext: The RSA Newsletter 1, 1993.

[RIV1] Rivest, Ron, Shamir, A and L. Adleman, "A Method for

Obtaining Digital Signatures and Public Key
Cryptosystems," Communications of the ACM 21, 1978.

[ROAC] Roach, T., "Hobbyist's Guide To COMINT Collection and

Analysis," 1330 Copper Peak Lane, San Jose, Ca. 95120-
4271, 1994.

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[ROHE] Jurgen Roher's Comparative Analysis of Allied and Axis

Radio-Intelligence in the Battle of the Atlantic,
Proceedings of the 13th Military History Symposium, USAF
Academy, 1988, pp 77-109.

[ROOM] Hyde, H. Montgomery, "Room 3603, The Story of British

 Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[ROSE] Budge, E. A. Wallis, "The Rosetta Stone," British Museum

Press, London, 1927.

[RSA] RSA Data Security, Inc., "Mailsafe: Public Key

Encryption Software Users Manual, Version 5.0, Redwood
City, CA, 1994

[RUNY] Runyan, T. J. and Jan M. Copes "To Die Gallently",

Westview Press 1994, p85-86 ff.

[RYSK] Norbert Ryska and Siegfried Herda, "Kryptographische

Verfahren in der Datenverarbeitung," Gesellschaft fur
Informatik, Berlin, Springer-Verlag1980.

[SADL] Sadler, A. L., "The Code of the Samurai," Rutland and

Tokyo: Charles E. Tuttle Co., 1969.

[SACC] Sacco, Generale Luigi, " Manuale di Crittografia",

3rd ed., Rome, 1947.

[SANB] Sanbohonbu, ed., "Sanbohonbu kotokan shokuinhyo." NIDS

Archives.

[SAPR] Sapir, E., "Conceptual Categories in Primitive

Language," Science: 74: 578-584., 1931.

[SASS] Sassoons, George, "Radio Hackers Code Book", Duckworth,

London, 1986.

[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," John Wiley and Sons,
1994.

[SCH2] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," 2nd ed., John Wiley and
Sons, 1995.

[SCHU] Schuh, fred, "Master Book of Mathematical Recreation,"

Dover, 1968.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San

Francisco, 1994.

[SHAN] Shannon, C. E., "The Communication Theory of Secrecy

Systems," Bell System Technical Journal, Vol 28 (October
1949).

[SHIN] Shinsaku Tamura, "Myohin kosaku," San'ei Shuppansha,

Toyko, 1953.

[SIG1] "International Code Of Signals For Visual, Sound, and

Radio Communications," Defense Mapping Agency,
Hydrographic/Topographic Center, United States Ed.
Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound, and

 Radio Communications," U. S. Naval Oceanographic
Office, United States Ed., Pub. 102, 1969.

[SIMM] Simmons, G. J., "How To Insure that Data Acquired to

Verify Treaty Compliance are Trustworthy, " in
"Authentication without secrecy: A secure communications
problem uniquely solvable by asymmetric encryption
techniques.", IEEE EASCON 79, Washington, 1979, pp. 661-
62.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.

[SISI] Pierce, C.C., "Cryptoprivacy," Author/Publisher, Ventura

Ca., 1995. (XOR Logic and SIGTOT teleprinters)

[SMIH] Smith, David E., "John Wallis as Cryptographer",

Bulletin of American Mathematical Society, XXIV, 1917.

[SMIT] Smith, Laurence D., "Cryptography, the Science of Secret

Writing," Dover, NY, 1943.

[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag Archipelago I-

III, " Harper and Row, New York, N.Y., 1975.

[SPAN] Barker, Wayne G. "Cryptograms in Spanish," Aegean Park

Press, Laguna Hills, CA., 1986.

[STEV] Stevenson, William, 'A Man Called INTREPID',

Macmillan, London 1976.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"

CRC Press, London, 1995.

[STIX] Stix, F., Zur Geschicte und Organisation der Wiener

Geheimen Ziffernkanzlei, Mitteilungen des
Osterreichischen Instituts fir Geschichtsforschung,
LI 1937.

[STUR] Sturtevant, E. H. and Bechtel, G., "A Hittite

Chrestomathy," Linguistic Society of American and
University of Pennsylvania, Philadelphia, 1935.

[SUVO] Suvorov, Viktor "Inside Soviet Military Intelligence,"

Berkley Press, New York, 1985.

[TERR] Terrett, D., "The Signal Corps: The Emergency (to

December 1941); G. R. Thompson, et. al, The Test(
December 1941 - July 1943); D. Harris and G. Thompson,
The Outcome;(Mid 1943 to 1945), Department of the Army,
Office of the Chief of Military History, USGPO,
Washington,1956 -1966.

[THEO] Theodore White and Annalee Jacoby, "Thunder Out Of

China," William Sloane Assoc., New York, 1946.

[THOM] Thompson, Ken, "Reflections on Trusting Trust,"

 Communications of the ACM 27, 1984.

[TILD] Glover, D. Beaird, Secret Ciphers of The 1876

Presidential Election, Aegean Park Press, Laguna Hills,
Ca. 1991.

[TM32] TM 32-250, Fundamentals of Traffic Analysis (Radio

Telegraph) Department of the Army, 1948.

[TRAD] U. S. Army Military History Institute, "Traditions of

The Signal Corps., Washington, D.C., USGPO, 1959.

[TRAI] Lange, Andre and Soudart, E. A., "Treatise On

Cryptography," Aegean Park Press, Laguna Hills, Ca.
1981.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The Cipher
Dispatches, New York, 1879.

[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite de

Jean Tritheme ,Paris: Editions Traditionelles, 1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[TUKK] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[TUCM] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[USAA] U. S. Army, Office of Chief Signal Officer,

"Instructions for Using the Cipher Device Type M-94,
February, 1922," USGPO, Washington, 1922.

[VAIL] Vaille, Euggene, Le Cabinet Noir, Paris Presses

Universitaires de Frances, 1950.

[VALE] Valerio, "De La Cryptographie," Journal des Scienses

militares, 9th series, Dec 1892 - May 1895, Paris.

[VERN] Vernam, A. S., "Cipher Printing Telegraph Systems For

Secret Wire and Radio Telegraphic Communications," J.
of the IEEE, Vol 45, 109-115 (1926).

[VIAR] de Viaris in Genie Civil: "Cryptographie", Publications

du Journal Le Genie Civil, 1888.

[VIA1] de Viaris, "L'art de chiffre et dechiffre les depeches

secretes," Gauthier-Villars, Paris, 1893.

[VOGE] Vogel, Donald S., "Inside a KGB Cipher," Cryptologia,

Vol XIV, Number 1, January 1990.

[WALL] Wallis, John, "A Collection of Letters and other Papers

 in Cipher" , Oxford University, Bodleian Library, 1653.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and Eleven

Letters in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and

Greater in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius," in

Tudor Studies, Longmans and Green, London, 1924.

[WEBE] Weber, Ralph Edward, "United States Diplomatic Codes and

Ciphers, 1175-1938, Chicago, Precedent Publishing, 1979.

[WEL] Welsh, Dominic, "Codes and Cryptography," Oxford Science

Publications, New York, 1993.

[WELC] Welchman, Gordon, 'The Hut Six Story', McGraw-Hill,

New York 1982.

[WHOR] Whorf, B. L., "A Linguistic Consideration of Thinking In

Primitive Communities," In Language, Thought, and
Reality: Selected Writings of Benjamin Lee Whorf, ed. J.
B. Carroll, Cambridge, MA: MIT Press, pp. 65-86., 1956.

[WINK] Winkle, Rip Van, "Hungarian: The Cryptogram,", March -

April 1956.

[WINT] Winterbotham, F.W., 'The Ultra Secret', Weidenfeld

and Nicolson, London 1974.

[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill Books,

NY, 1970.

[WOLF] Wolfe, Jack M., " A First Course in Cryptanalysis,"

Brooklin College Press, NY, 1943.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"

Crown Publishers, New York, 1990.

[XEN1] PHOENIX, "Xenocrypt Handbook," American Cryptogram

Association, 1 Pidgeon Dr., Wilbraham, MA., 01095-2603,
for publication March, 1996.

[YARD] Yardley, Herbert, O., "The American Black Chamber,"

Bobbs-Merrill, NY, 1931.

[YAR1] Yardley, H. O., "The Chinese Black Chamber," Houghton

Mifflin, Boston, 1983.

[YOKO] Yukio Yokoyama, "Tokushu joho kaisoka," unpublished

handwritten manuscript.

[YOUS] Youshkevitch, A. P., Geschichte der Mathematik im

Mittelatter, Liepzig, Germany: Teubner, 1964.

[YUKI] Yukio Nishihara, "Kantogan tai-So Sakusenshi," Vol 17.,

 unpublished manuscript, National Institute for Defense
Studies Military Archives, Tokyo.,(hereafter NIDS
Archives)

[ZIM] Zim, Herbert S., "Codes and Secret Writing." William

Morrow Co., New York, 1948.

[ZEND] Callimahos, L. D., Traffic Analysis and the Zendian

Problem, Agean Park Press, 1984. (also available
through NSA Center for Cryptologic History)
#

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

June 12, 1996

Revision 0

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 14

LEDGE'S INTRODUCTION TO CRYPTARITHMS II

SUMMARY

It is my pleasure to present our guest lecturer LEDGE's (Dr.

Gerhard D. Linz) second lecture on the interesting topic of
Cryptarithms. In this lecture, he covers Multiplication,
Multiplicative Structures, Base 11 and Base 12 calculations.
LEDGE has a natural writing style, and a talent for making
understandable some difficult concepts. LEDGE has already
produced one of our better references on novice cryptography,
and I appreciate his assistance in our course. Enjoy. [LEDG]

UNIQUE SOLUTION

Another Rule. Cryptarithms must meet another rule not stated

in the first Lecture 8. There must be only one solution to
the problem. That means that the solution must be unique.

For ease in reading we will now use "mod" for "modulo. See
the previous cryptarithm lecture for the meaning of the term.

MULTIPLICATION

Let's start our analysis of reconstructing multiplication

problems by looking at a typical multiplication of whole
numbers as we learned it in grammar school:

478
x52
---
956
2390
----
 24856

For convenience in talking about this problem, we need to

introduce some nomenclature. The number being multiplied,
here 478, is called the "multiplicand." The number by which
the multiplicand is multiplied, here 52, is the "multiplier."

The result of the multiplication, here 24856, is the

"product."

If we analyze the parts or steps of this process, we find we

have two separate multiplications and one addition in what we
usually consider a single multiplication problem. The problem
contains substeps: 2 x 478 = 956; 5 x 478 = 2390 and an
addition to which we will turn in a moment. Notice in the
second multiplication of the multiplicand by a digit in the
multiplier, instead of 5 x 478 we really have 50 x 478. We
don't write it that way because we moved the product of 5 x
478 one decimal place to the left and left a blank space for
the product of 0 x 478 (which equals 0). If the multiplier
had more digits, we would have continued to move the
subsequent partial products another space to the left. We
have done multiplications like this so often that we don't
usually recognize what we are doing.

Now we can look at the addition: 956

2390
-----
24856.

OBSERVATIONS

Each of these steps can give us different and valuable

information.

1. The highest order digit of the multiplicand,

multiplier, and product cannot be zero. In other words, by
convention, no number starts with zero since no decimals are
involved. If we had used letters in this example, the letters
representing the 4 in 478, the 5 in 52, the 9 in 956, the 2
in 2390, and the 2 in 24856 could not represent 0.

2. The product of any sized multiplicand by a single

digit multiplier can never contain more digits than the
number of digits in the multiplicand plus one. If you need
convincing, try it out with examples of your choice. In this
case we have one such example: 5 x 478 = 2390. The
multiplicand has three digits, the product four.

3. If a product has more digits than the multiplicand,

the highest order digit of the product is less than or equal
to the lower of the multiplier or the highest order digit of
the multiplicand. Here, 5 x 478 = 2390. The highest order
digit of the product is 2, smaller than the 4 of the
multiplicand which in turn is smaller than the multiplier, 5.

4. The addition step is subject to the kinds of analyses

we saw in the first lecture.
When solving multiplication cryptarithms, you may want to
write out the separate parts of the problem as CROTALUS
has suggested. In this lecture we will use the understandings
we have developed, but leave the problem intact. [CROT]

The units digits of the products (the digit on the right end
of each product) also can produce useful information which we
will address later.

Example 1. Now let's tackle an example that should not be too

difficult. This one is a C-6 from the March-April, 1995,
issue of The Cryptogram by DYETI. The key is two words (9-0).

LARK
xCAR
-----
OOYRR
ORLOA
LEECC
-------
LOSBRLR

SOLUTION OF EXAMPLE 1

By now you should be able to see the various parts of the

problem: three multiplications of the multiplicand by R, A,
and C; and the addition of the three partial products, each
one after the first shifted an additional space to the left
to give the final product, LOSBRLR.

Let's start with something familiar, the addition. We can

notice that the leftmost digit of LEECC, the L, is carried to
the final product without change; hence the sum of O and E,
the next digits on the right, is less than 10 as there was no
carry to the L. Finally, O + E + (0, 1 or 2) = O without a
carry to the L. The (0, 1, or 2) are the possible carries
from the previous addition of O + R + E plus a carry. But the
only way for O + E = O mod 10 without a carry is for O + E =
O not O + 10. As a result E = zero. Now let's take a look at
the partial products. The products of C, A, and R times LARK
is in no case LARK. Hence none of C, A, and R = 1. However,
the product of R x K = R mod 10. The product of A x K = A mod
10, and the product of C times K = C mod 10.

There is only one value of K that would make that true. K

must = 1. Furthermore, there is no carry in any of those
multiplications.

That takes care of the information we can gather from the

examination of the units digits.

With a carry of 0 from the first multiplications, we can look

similarly at the result of multiplying each of the digits in
the multiplier by the tens digit of the multiplicand, the R:
R x R = R mod 10 (the tens digit in the first partial
product). A x R = O mod 10 and C x R = C mod 10. Looking at
the first product, R x R, the only digits that give
themselves as the units number of their products when
multiplied by themselves are 0 x 0 = 0; 1 x 1 = 1; 5 x 5 = 25
or 5 mod 10; and 6 x 6 = 36 or 6 mod 10. We already know what
letters represent 0 and 1 so R = 5, or 6.

Both 5 and 6 are interesting numbers when considered from a

multiplication standpoint. 5 x an even number = 0 mod 10.
5 x an odd number = 5 mod 10. Hence any product of 5 must end
in either 5 or 0, two choices. Here we have three different
products of R, not two. So R = 6.

Let's take a look at the products of 6 mod 10 since we have

the product C x R = C: 6 x 2 = 2; 6 x 4 = 4, 6 x 8 = 8, all
mod 10. The general rule is that R must be even for 6 x R =
R. Furthermore, since R is even, the product of R x n is
even for any digit value of n. The only way to get an odd
numbered product is to multiply two odd numbers. Try it out.
So C = 2, 4, or 8. Can we narrow that down? It turns out that
we can.

Each of the partial products is 5 digits long, one more than

the multiplicand. From fact 3 above, we know that the highest
order digit in each case cannot be larger than the lower of
the single digit multiplier and the highest order digit of
the multiplicand. The highest order digits of the partial
products are O, O, and L. Since L is the highest order digit
of the multiplicand, C x LARK must yield the largest product.
The highest possible value of C is 8. The next one is 4.
Almost certainly C = 8.

Let's put our number-letter equivalents into a table:

9 8 7 6 5 4 3 2 1 0
C R K E.

We're supposed to find two words at the end of this process.

The letters we have make a promising beginning.

The product C x LARK = LEECC or, since we know many of the

values of the letters, 8 x LA61 = L0088. Let's go through
that multiplication step by step. 8 x 1 = 8, no carry. 8 x 6
= 48, carry the 4. 8 x A + 4 (the carry) must = 0 mod 10; so
8 x A must = 6 mod 10 since 6 + 4 = 0 mod 10. The products of
8 that end in 6 are 16 and 56; so A = 2 or 7. The addition
section will give us the clue we need.

At the tens digit of the addition R + A = L mod 10. We know R

is 6. If A = 2, then R + A = 8, not possible since C =
8 already. So A = 7. R + A = 6 + 7 = 3 mod 10 or L = 3.
Dividing the product LEECC or 30088 by 8 (C) gives 3761 for
LARK. O could = 1 or 2, but only 2 is available (why?).
Multiplying LARK x R will give us Y in the first partial
product = 5. Only B has not been determined. By default it
must be = 4. The key tableau is 9 8 7 6 5 4 3 2 1 0.

S C A R Y B L O K E

The final result : 3761

x876
 -----
22566
26327
30088
-------
3294636

Example 2. Let's try another. If you feel brave, try it on

your own before reading the explanation. It's not any more
difficult than the first problem, only different.

On the third page of Lecture I we presented this

multiplication problem by APEX DX:

OTTAWA
xON
------
HNNTLIL
IIIEHE
-------
TOOINRL

SOLUTION OF EXAMPLE 2

In Lecture 8, we determined that the only candidates for the

representation of zero were L, W and R. We carried the
solution no further at that point. We can do better than that
with the tools we now have.

The problem contains two partial products, N x OTTAWA =

HNNTLIL and O x OTTAWA = IIIEHE, plus the addition of those
products to give the final product. TOOINRL. We now note that
the second partial product and the multiplicand have the same
number of digits, six.

Further, the highest order digit of the multiplicand and

multiplier are the same, namely O. O x O + carry = I. The
highest digit O can represent is 3 as 3 x 3 = 9. Any higher
digit when multiplied by itself gives a two-digit result,
adding a digit to that partial product. If O = 3, then
I = 9. The partial product become 999EHE. Dividing by the
multiplier value, 3 produces 333??? for OTTAWA. That cannot
be since we have only one digit per letter. O also is not
one, for multiplying any number by one results in that
number. Therefore O must be = 2. 2 x 2 = 4 and the partial
product would 444EHE. Again, dividing by 2 give 222???.
As before I cannot equal T. Since 2 x 3 is 6 and I is less
than that, I = 5, and the partial product is 555EHE. Dividing
by O or 2, the multiplier, gives 277??? for OTTAWA; hence T =
7. In lecture I we were left with L, W, and R as the only
possible candidate for the digit, 0. At that time we could
not unambiguously select one of these as representing zero.
We can now eliminate L from consideration. Look at the
problem to see if you can spot how.

L comes from the product of N x A mod 10. For L to be = zero,

either N or A must be = 5. We have already determined that I
= 5. Neither N or A are five, so L cannot be zero. We are
left to choose between R and W.

Our letter-number equivalent table now is:

0 1 2 3 4 5 6 7 8 9
O I T

At the moment we can make no progress with the second partial

product so let's examine the first, N x OTTAWA = HNNTLIL.
Substituting the identified digits we have N x 277AWA =
HNN7L5L. This product has seven digits, one more than
OTTAWA. We have learned that the highest order digit of such
a product must be less than or equal to the lower of the
multiplier or the highest order digit of the multiplicand,
i.e, O or N. Since O = 2, H can only = 1. We add that to the
letter-number equivalent table. The partial product becomes N
x 277AWA = 1NN7L5L. Dividing the product by OTTAWA or 277AWA,
we learn that N could be 4,5, or 6. Since I = 5, N must be 4
or 6.

Still working with the first partial product, N x A = L mod

10. A is multiplied by N again when we reach the hundreds
digit of OTTAWA. Again the result is L mod 10. How could this
be? It can only happen if there is no carry from the product
of N x W. In the second partial product 2 x A = E mod 10 two
times, as before. Thus 2 x W cannot have a carry here as
well. Neither 4 x W, 6 x W, nor 2 x W > 9. W can only be 0 or
1. Because H = 1, W = 0.

We could have gone another route. In the addition I + E = R.

If R were = 0, since I = 5, E would have to be 5 also. That's
not allowed, so R cannot be 0 and only W is left to = zero.
Still a third way of determining whether R or W = zero is by
anagraming. If R = zero, we look at the equivalent table and
the keyword would have to start RHO, not impossible, but not
encouraging. If W = zero, the keyword starts WHO, a word,
very encouraging. Just like in K1 and K2 Aristocrats,
reconstructing the equivalent table (instead of the
equivalent alphabets) can give us useful clues. I generally
use anagraming only as a last resort if I am otherwise
stymied, however.

With W = 0 we know that O x A = HE and N x A = IL. Replacing

known letter values, we have 2 x A = 1E and N x A = 5L. The
only products in the 50's produced by multiplying two single
digit numbers are 54 and 56 or 9 x 6 or 7 x 8. Since T = 7,
we cannot use N = 7 to yield N x A = 56; hence N and A are 9
and 6 and L = 4. We know that N is 4 or 6 (see above). So N =
6, A = 9, and, since 2 x 9 = 18, E = 8. The results are
consistent; they produce no redundancies.

The equivalent table becomes:

0 1 2 3 4 5 6 7 8 9
W H O L I N T E A.

Only the R needs to be placed. What are the three words?

Whorl in tea (Tempest in a teapot???).
PROBLEMS IN BASES OTHER THAN TEN

Our number system is based on the number 10, perhaps because

normally humans have ten fingers and ten toes. So having ten
for a base makes counting easier. We generally write our
numbers as a series of digits with or without a decimal
point, but we read the real value of a digit by its position
in relation to the decimal point, either provided or tacitly
understood. So we read 5,678 as five thousand, six hundred,
seventy eight. Translating the English into number it becomes
5 x 1000 + 6 x100 + 7 x 10 + 8 x 1. That process is pure
convention, but we don't usually think about it.

Notice also that we have ten different characters for the ten
different digits. When we count from zero up in whole numbers
we use all ten (0-9) to get to 9 and then we move on to two
digits, using a one in the tens place and starting anew with
zero in the units place. It takes a lot of words to explain
it, but we're so used it; we just spout the number and go on.

Yet it is pure convention that we use ten as the base. We

call it decimal, using the Greek word for ten. In fact we
could use any whole number as the base except, of course, 0
alone as we can't count with it. Whatever number we use as a
base, that's how many characters we need. If we were to want
to count base 2 (like a series of switches that are either on
or off), we'd need only the digits 0 and 1. That's called the
binary system. Counting would go as follows:

Base 2: 0 1 10 11 100 101 110 111 1000 1001 1010 1011 1100
1101
Base 10: 0 1 2 3 4 5 6 7 8 9 10 11 12
13

Notice that in binary 1101 = 1 x 8 + 1 x 4 + 0 x 2 + 1.

In decimal we would read as 1 x 1000 + 1 x 100 + 0 x 10 + 1 x
1.

Just as 1000 is 10x10x10, so 8 is 2 x 2 x 2. 100 is 10x10; 4

is 2 x 2. Binary 1000 translates to decimal 8, etc. Binary
1101 = Decimal 13. Naturally with only two symbols, binary
representation of numbers are much longer than base 10
representations.

We used base two as an illustration only. Cryptarithms, if

not in decimal or base 10 form, use bases that are larger
than ten, most often 11, called undecimal, or 12, called
duodecimal. For undecimal we need to create a new character
to replace decimal 10. Usually, "x" is used. Since we are
using x as the multiplication symbol, we will use "t" for
ten. We need another symbol for decimal 11. Usually, "e" is
used.

Counting in undecimal goes like this: 1, 2, 3, 4, 5, 6, 7, 8,

9, t, 10, 11, 12 etc. What we are used to reading as 10 is
really 11 base 10. 11 is really 12 base 10, etc. In
duodecimal counting proceeds 1, 2, 3, 4, 5, 6, 7, 8, 9, t, e,
10, 11, 12, etc. Looks are deceiving and you have to be
careful. What looks like ten is read as 12, 11 is really
decimal 13. If you have a number like 378 in duodecimal,
think 3 x 12 x 12 + 7 x 12 + 8 or 3 x 144 + 7 x 12 + 8. If
you wish, you can think three hundred seventy eight, but you
must remember that in our ordinary notation 100 base 12 = 144
base 10 and 10 base 12 = 12 base 10. Arithmetical problems
are solved as always, taking note of the different notation.

If you find the following explanations which involve

arithmetical manipulations in base 11 and 12 confusing,
consult the multiplication and addition tables in the
Appendix. [Tables 14-1 - 14-4]

DUODECIMAL

Now let's look at some duodecimal examples.

Example 1. Addition 497

+876
----
1151.

It looks odd, but it's duodecimal. 7 + 6 = 13. Divide by 12

and you get a quotient of 1 and a remainder of 1. Put down
the remainder and carry the quotient of 1. 9 + 7 + 1 (carry)
= 17. Divide by 12 giving a quotient of 1 and a remainder of
5. Put down the remainder of 5 and carry the quotient of 1. 8
+ 4 + 1 (carry) = 13. Divide by 12 giving a quotient of 1 and
a remainder of 1. Put down the remainder of 1 and, because
the next column adds to 0 + 1 (the carried quotient), put
down another 1. If we had an addition of 4 + 6 = ten, we
would not divide by twelve but merely put down the ten as t.
So in duodecimal 4 + 6 = t.

Example 2. Subtraction. 67
-39
--
2t.

To subtract 9 from 7 we must borrow 12 from 6, making it 5.

12 + 7 - 9 = 10 or t. We put that down. 6 - 1(borrow) - 3 =
2. Hence the answer is 2t.

Example 3. Multiplication. 67
x39
---
4e3
179
----
2083

The process in words: 9 x 7 = 63, divide by 12 giving

quotient of 5 and remainder of 3. Put down the 3 and carry
the quotient of 5, just as in addition. 9 x 6 + 5(carry) =
59. Divide by 12 giving 4 as quotient and 11 or e as the
remainder. Put down the remainder of e and, since there are
no more digits to multiply by 9, put down the quotient of 4.
Let's check this last one: 4 x 12 + 11 = 48 + 11 = 59. Work
through the rest of this example on your own.

Example 4. Division. 2e
---
17/48t
32
--
16t
155
---
15

First, we choose a trial quotient, here 2, and multiply the

divisor, here 17, by it. 2 x 7 is 14, divide by 12 getting a
remainder of 2 and a quotient of 1. Put down the 2 and carry
the 1. 2 x 1 + 1(carry) = 3. Put it down. Bring down the next
digit of the dividend, here t. Now go on your own and check
out my work.

Undecimal works the same way, except that instead of dividing

by 12, we would divide by 11. If all that dividing and
translating is too much to remember, use the proper
multiplication table in the Appendix. Just as in the base 10
or decimal multiplication table the product of one digit by
another is a one-digit or a two digit number, so it is in
undecimal and duodecimal. In fact that's true of any base
greater than 2. Be careful about reading and manipulating an
undecimal or duodecimal number as a decimal number. The
occasional t and e will remind you, but it's easy to forget
momentarily, even after you've been at it for a while.

MULTIPLICATIVE STRUCTURES

FIRE-O in the May-June, 1970, issue of The Cryptogram

introduced the concept of multiplicative structures [FIRE-O].
In 1977, in a two part article on base 11 and 12 arithmetic,
I expanded on FIRE-O's work by extending the multiplicative
structures to the higher bases [LEDG1] and [LEDG2]. The
concept is simple, but often very useful. [FIRE]

Let's take a digit, like 7, multiply it by 1 and then

multiply it successively by the resulting product, i.e., when
we multiply again we use the latest product. All the
multiplications will be mod 10 as we are only interested in
the units digit of the product. With using 7 we get:

1 x 7 = 7 7 x 7 = 9 9 x 7 = 3 3 x 7 = 1

Notice that the last product in the series in this case

results in the multiplier we started with, 1. For 7 we have
found a circular structure: (= 1 => 7 => 9 => 3 =). I am
using the symbols =) and (= as indicators to return to the
other end of the series.

We could also diagram it as:

1 => 7
^ |
| V
3 <= 9.

You can read the series as 1 to 7 to 9 to 3 to 1 to 7 etc.

Because of the lack of printable characters in ASCII, I'll be

using the first kind of diagram. Notice that all the digits
in the diagram are odd. We can start another diagram by
starting with an even number, say 2.

2 x 7 = 4 4 x 7 = 8 8 x 7 = 6 6 x 7 = 2 or

(= 2 => 4 => 8 => 6 =).

That leaves 5 x 7 = 5 or 5 <=, and 0 x 7 = 0 or 0 <=. In

other words, multiplying 7 by 5 or 0 gives the multiplier as
the units digit of the product. The last is true for any odd
number.

As we will see shortly, 3 diagrams out in a similar fashion

to 7, two circles, one of odd numbers and one of even ones.

If n is odd, then 5 x n => 5. Diagram: 5 <=.

If n is even, then 5 x n => 0. Diagram 5 => 0 <=
In both cases, 0 x n => 0 and 0 x 0 => 0. Diagram 0 <=.

Now let's look at the other diagrams.

BASE 10.

O: n x 0 <=

1: n x 1 => n <=. In other words, successive multiplications

by 1 always yield n.

2: 1 7 9 3 2 X 2 = 4 4 X 2 = 8 etc.
| | | | 1 x 2 = 2 7 x 2 = 4 etc.
V V V V and 5 => 0 <=.
(= 2 => 4 => 8 => 6 =)

3. (= 1 => 3 => 9 => 7 =) 5 <= and 0 <=

(= 2 => 6 => 8 => 4 =)

4. 1 => 4 <==> 6 <= 9; 3 => 2 <==> 8 <= 7; 5 => 0 <=

5. odd x 5 <=; even x 5 => 0 <=

6. 1 => 6 <=; 3 => 8 <=; 5 => 0 <=; 7 => 2 <=; 9 => 4 <=.

7. (= 1 => 7 => 9 => 3 =) 5 <= and 0 <=

 (= 2 => 4 => 8 => 6 =)

8. 1 3 9 7 5 => 0 <=
| | | |
V V V V
(= 8 => 4 => 2 => 6 =)

9. 1 <==> 9; 2 <==> 8; 3 <==> 7; 4 <==> 6 5<= 0 <=.

Remember that in each case, each resulting product (mod 10)

is multiplied by the original multiplier given at the
beginning of each set, e.g., " 6.".

BASE 11 (UNDECIMAL)

0. n x 0 => 0 <=

1. n x 1 => n <=

2. (= 1 => 2 => 4 => 8 => 5 => t => 9 => 7 => 3 => 6 =) 0

<=

3. (= 1 => 3 => 9 => 5 => 4 =); (= 2 => 6 => 7 => t => 8 =);
0 <=

4. (= 1 => 4 => 5 => 9 => 3 =); (= 2 => 8 => t => 7 => 6 =);
0 <=

5. (= 1 => 5 => 3 => 4 => 9 = ; (= 2 => t => 6 => 8 => 7 =);

0 <=

6. (= 1 => 6 => 3 => 7 => 9 => t => 5 => 8 => 4 => 2=); 0 <=

7. (= 1 => 7 => 5 => 2 => 3 => t => 4 => 6 => 9 => 8 =); 0 <=

8. (= 1 => 8 => 9 => 6 => 4 => t => 3 => 2 => 5 => 7 =); 0 <=

9. (= 1 => 9 => 4 => 3 => 5 =); (= 2 => 7 => 8 => 6 => t =);
0 <=

t. 1 <==> t; 2 <==> 9; 3 <==> 8; 4 <==> 7; 5 <==> 6; 0 <=

BASE 12 (DUODECIMAL)

0. n x 0 => 0 <=

1. n x 1 => n <=

2. 1,7 => 2 => 4 (==> 8 <= t <= 5,e; 3,9 => 6 => 0 <=

3. 1,5 => 3 <==> 9 <= 7,e; 2,t => 6 <=; 4,8 => 0 <=

4. 1,7,t => 4 <=; 2,5,e => 8 <=; 3,6,9 => 0 <=

5. 1 <==> 5; 2 <==> t; 4 <==> 8; 7 <==> e; 3,6,9 0 <=

6. 1,3,5,7,9,e, => 6 => 0 <= 0,2,4,8,t

7. 1 <==> 7; 3 <==> 9; 5 <==> e; 0 <=; 2<=; 4 <=; 6 <=; 8
<=; t <=;

8. 1,7,t => 8 <==> 4 <= 2,5,e; 3,6,9 => 0 <=

9. 1,5 => 9 <=; 2,7 => 6 <=; 7,e => 3 <=; 4,8 => 0 <=;

t. 1,7 => t => 4 <=; 5,e => 2 => 8 <=; 3,9 => 6 => 0 <=;

e 1 <==> e; 2 <==> t; 3 <==> 9; 4 <==> 8; 5 <==> 7; 6 <=;

0 <=

Notes: 1) In each system 1 x n = n and 0 x n = 0.

2) In each system the two digits involved in each
structure for the highest digit (base - 1) add up
to the base. Another way to look at that is to
realize that the digits in the product of n x (base
- 1) add up to base - 1. Thus, in decimal 8 x 9 =
72 and 7 + 2 = 9 (10 - 1). In undecimal, 6 x t = 55
and 5 + 5 = t. Finally, in duodecimal, 9 x e = 83
and 8 + 3 = e.
3) The structure for 5 (which = base/2) in decimal
has the same form as for 6 (which also = base/2) in
duodecimal. Undecimal, being odd, has no equivalent
for 5 and six.

DUODECIMAL MULTIPLICATION EXAMPLE

To begin to put some of these findings together, let's tackle

a duodecimal multiplication example. In the process we will
discover the usefulness of the multiplicative structures for
at least some of the more difficult or complicated mult-
plication problems and, by extension, division problems as
well. You remember that division problems have one or more
partial multiplications in them.

Here's the problem: It's by MORDASHKA and appeared as C-11 in

the November-December, 1994, issue of The Cryptogram.

YOUR
TAB
----
IYATR
UOYLN
PYPRR
-------
YCRORTR

The problem contains three partial products and one addition

with three addends shifted as per usual for multiplication.
It could be helpful if we can locate zero. We could use a
process of elimination. Neither Y, T, A, B, I, U, P, nor R
can be zero. That leaves four letters as possibilities: C,
O, N, and L. Fortunately for us, in the addition section we
find T + N = T. Hence N = zero.

Also from the addition section at the left end, Y > P. U + Y

must be greater than e, giving a carry of 1, so Y = P + 1.
That should be useful later.

Again from the addition section, A + L + R = R mod 12. There

is no carry from the previous column: T + N as N = 0. We can
subtract R from both sides of the first equation giving us A
+ L = 0 mod 12. But A and L are both greater than 0 so A + L
= 10 or decimal 12. That means if we can determine the value
of A, we can compute the value of L from the equation, and
vice versa.

>From the partial products, all of which are 5 digits long

whereas the multiplicand is 4 digits long, Y > I, U, P > 0.
Therefore Y must more than 3. Now let's look at the partial
products to see whether we can uncover a recognizable
multiplicative structure, remembering that we are dealing
with a duodecimal or base 12 problem. We get these equations
from the product of the last digit of the multiplicand by
each digit of the multiplier:

R x B = R R x A = N or zero R x T = R all mod 12

The multiplicative structure becomes: B,T => R and A => zero.

There are only two places that yield the appropriate

relations, when R = 4 or R = 8. Since none of R, B, and T
equal 1 and R does not equal zero, here are the results:

R = 4 then B and T are 7 and t or t and 7. A = 3, 6, or 9.

R = 8 then B and T are two of 7, t, and 4. A = 3, 6, or 9.

That's not very many possibilities, simplifying our search.

The first partial product ends with TR. The third ends with
RR. If we identify T and B, we should be able to calculate U
in the multiplicand and check it in both partial
multiplications.

So here's our table:

B T R U
7 t 4
t 7 4
7 t 8
t 7 8
4 t 8
t 4 8

Those are the only possible values of B, T, and R, all the

permutations. In each instance we have to calculate U to
discover what value of U is consistent in both
multiplications.

Now let's check these possibilities. B x YOUR = IYATR.

1) B = 7, T = t, R = 4, TR = t4. B x R = 7 x 4 = 28 base 10
or 24 base 12. Carry the 2. B x U + 2 => T or t. 7 x U + 2 =>
4, U = 8. Check: 7 x 8 + 2 = 58 base 10 or 4t base 12 or t
mod 12. Our trial value for U is 8. Let's check that with
the third partial product T x YOUR = PYPRR. T = t etc. as
before. RR = 44. t x 4 = 40 base 10 or 34 base 12. Carry the
3. t x 8 + 3 = 83 base 10 or 6e base 12 or e mod 12, but we
needed a 4 for 44. It doesn't work.

2) We have to continue the process until we get a combination

that is consistent. Try the second one. You may find that no
value of U can be found from the first partial. Similar
problems beset the next three combinations on the table.

3) Let's check the 5th combination. B = 4, T = t, R = 8, TR =

t8. B x R = 4 x 8 = 32 base 10 or 28 base 12 or 8 mod 12.
Carry the 2. B x U + 2 = t mod 12. 4 x U + 2 = t. U could be
2 or 5. Try them with the second product. RR = 88. T or t x
8 = 80 base 10 or 68 base 12 or 8 mod 12. Carry 6. For U = 2,
t x 2 + 6 = 26 base 10 or 22 base 12 or 2 mod 12. But we need
an 8 for 88. That's a conflict. Let's try U = 5. t x 5 + 6 =
56 base 10 or 48 base 12 or 8 mod 12. Eureka! U = 5 checks
out. We now also know that B = 4, T = t and R = 8. You can
check the last combination also to make sure it produces no
alternate value of U that stays consistent.

The letter-number equivalent table is

0 e t 9 8 7 6 5 4 3 2 1
N T R U B

We can now determine the value of A using fact 4) A + L = 12

with the middle partial product. A x YOUR = UOYLN or A x ..58
= (12 - A)0. A can have the value of 3, 6 or 9. If A is 6,
then L = 6 (A + L = 12, remember?). That's not possible. If A
= 3 L = 9. If A = 9, L = 3. Try 3. 3 x 8 = 24 base 10 or 20
base 12. Carry the 2. 3 x 5 + 2 = 17 base 10 or 15 base 12
or 5 mod 12. But we needed a 9. Try A = 9. It better work or
we've done something wrong. 9 x 8 = 72 base 10 or 60 base 12.
Carry the 6. 9 x 5 + 6 = 51 base 10 or 43 base 12 or 3 mod
12. So L = 3. That's the value of L we were looking for.
Success! We can add that to the equivalent table. With A = 9
and T = t, T x YOUR = A x YOUR + YOUR.

Since we know that T x YOUR = PYPRR and A x YOUR = UOYLN, we

can put the addition into normal form:

UOYLN
+YOUR
-----
PYPRR

>From this addition we deduce that P = U + 1 or 5 + 1 = 6.

Looking at the multiplier, TAB = t93. The first product must

be the smallest, followed by the second, with the third the
largest. Their leftmost digits must be in the same order.
Hence, I < U < P < Y.or Y > P > U > I. The only letters about
which we have no information yet are C and O.

At this point our equivalent table reads:

0 e t 9 8 7 6 5 4 3 2 1
 N T A R U B L

Replacing letters of known value in the above addition by

their respective digits yields

5OY30
+YO58
-----
PYP88

We note that Y + O = P and O + Y = Y. 3 + 5 = 8, no carry. Y

+ O must yield a carry of 1 which makes Y = P + 1. Since I <
U, the only place in the table for two numbers that are
adjacent in value is 7 and 6; thus Y = 7 and P = 6. Y + O = P
mod 12. That means 7 + O = 16 base 12 or 18 base 10. Thus, O
= e. The addition of all three partial products will give us
the remaining values for I and C without resorting to
anagraming. (Just a nicety here.)

I79t8
5e730
+67688
--------
7C8et8

9 + 3 + 8 = 18 base 12. Carry 1. 7 + 7 + 8 + 1 = 1e base 12.

Carry 1. I + e + 6 + 1 = 8 or 18 base 12. Solving for I gives
I = 2. Carry 1. 5 + 7 + 1 = 11 base 12. Thus C = 1. The
keyphrase for the equivalent table becomes NOTARYPUBLIC.

Although this problem was given the number C-11, for someone
familiar with duodecimal arithmetic it is of medium
difficulty. There are problems in the Cryptarithm section
that provide far fewer clues and necessitate trying out many
more possibilities. In the next lecture we will take a look
at organizing that process so as not to get lost in the
bookkeeping aspect of finding a solution. We may also find a
few more relationships that can be helpful at times.

REFERENCES

[CROT] Winter, Jack (CROTALUS), "Solving Cryptarithms,"

American Cryptogram Association, 1984.

[FIDD] FIDDLE, Lynch, Frederick D., "An Approach to

Cryptarithms," ACA Publications, 1974.

[FIRE] FIRE-O, "A Tool for Mathematicians: Multiplicative

Structures," The Cryptogram, Volume XXXVI, No 3, 1970.

[LED1] LEDGE, "Basic Patterns in Base Eleven and Twelve

Arithmetic (Part 1)," The Cryptogram, Volume XLIII, No
5, 1977.

[LED2] LEDGE, "Basic Patterns in Base Eleven and Twelve

Arithmetic (Part 2)," The Cryptogram, Volume XLIII, No
6, 1977.
 APPENDIX

Table 14-1

Undecimal Multiplication Table

1 2 3 4 5 6 7 8 9 t
1 | 1 2 3 4 5 6 7 8 9 t
2 | 2 4 6 8 t 11 13 15 17 19
3 | 3 6 9 11 14 17 1t 22 25 28
4 | 4 8 11 15 19 22 26 2t 33 37
5 | 5 t 14 19 23 28 32 37 41 46
6 | 6 11 17 22 28 33 39 44 4t 55
7 | 7 13 1x 26 32 39 45 51 58 64
8 | 8 15 22 2x 37 44 51 59 66 73
9 | 9 18 25 33 41 4t 58 66 74 82
t | t 19 28 37 46 55 64 73 82 91

Table 14-2

Duodecimal Multiplication Table

1 2 3 4 5 6 7 8 9 t e
1 | 1 2 3 4 5 6 7 8 9 t e
2 | 2 4 6 8 t 10 12 14 16 18 1t
3 | 3 6 9 10 13 16 19 20 23 26 29
4 | 4 8 10 14 18 20 24 28 30 34 38
5 | 5 t 13 18 21 26 2e 34 39 42 47
6 | 6 10 16 20 26 30 36 40 42 50 56
7 | 7 12 19 24 2e 36 41 48 53 5x 65
8 | 8 14 20 38 34 40 48 54 60 68 74
9 | 0 16 23 30 39 46 53 60 69 76 83
t | t 18 26 34 42 50 5x 68 76 84 92
e | e 1t 29 38 47 56 65 74 83 92 t1

Table 14-3

Undecimal Addition Table

1 2 3 4 5 6 7 8 9 t
1 | 2 3 4 5 6 7 8 9 t 10
2 | 3 4 5 6 7 8 9 t 10 11
3 | 4 5 6 7 8 9 t 10 11 12
4 | 5 6 7 8 9 t 10 11 12 13
5 | 6 7 8 9 t 10 11 12 13 14
6 | 7 8 9 t 10 11 12 13 14 15
7 | 8 9 t 10 11 12 13 14 15 16
8 | 9 t 10 11 12 13 14 15 16 17
9 | t 10 11 12 13 14 15 16 17 18
t |10 11 12 13 14 15 16 17 18 19

Table 14-4

Duodecimal Addition Table

 1 2 3 4 5 6 7 8 9 t e
1 | 2 3 4 5 6 7 8 9 t e 10
2 | 3 4 5 6 7 8 9 t e 10 11
3 | 4 5 6 7 8 9 t e 10 11 12
4 | 5 6 7 8 9 t e 10 11 12 13
5 | 6 7 8 9 t e 10 11 12 13 14
6 | 7 8 9 t e 10 11 12 13 14 15
7 | 8 9 t e 10 11 12 13 14 15 16
8 | 9 t e 10 11 12 13 14 15 16 17
9 | t e 10 11 12 13 14 15 16 17 18
t | e 10 11 12 13 14 15 16 17 18 19
e |10 11 12 13 14 15 16 17 18 19 1t

LECTURE 13 SOLUTIONS

13-1 Beaufort

ABRVJ UTAMP YPLHZ OZYAP YPJNP KNXUG

QRDPC ELPNC BVCEF NLLSJ LGOWC VYCGA
EVGIX XNDKY U. (butter) (INWVQH)

Key = AGRICULTURE, A fantastic glut ...

13-2 Vigenere.

DWNIT KGEWZ ENJQZ WXLLZ WZOKC ETOWI NXVQS

DQGAK MGGBH NAMWE OWVAM UJDVQ IMDSB VCCTR
YUIQX. (making, UHVW)

Key = LIBERTY, Some criminals in ....

13-3 Vigenere Running Key

YPOSC DWVWY CCHZT AKALF I. (tolls -2)

Key = Never send for whom the be (continues bell tolls )

13-4 Vigenere Progressive key. "Fungi"

IPGPUPX GTIAKNP AMEHLAW SJSTROZ TCGYUND STNPJZM

OESWAXG VLHSPZC GNEIWHP EKHNOWW PMEQFVV PDQAWCA
GGFRKSO RCHZVKL NBWHYBV CUNBBBB AVGCJFA FLTMKUV K.

Key = PICTURE (3), The way to identify....

LECTURE 14 PROBLEMS

Some time ago, CROTALUS cooked up some goodies:

14-1. Multiplication (Two words, 0-1) original by EDNASANDE

WOMEN X MEN = UTNNLM + NWTWNN = NLSMTUWM

14-2. Division (Two words, 0 -9) MORDASHKA

ATOM / ASK = N; - GNC = IS

14-3. Multiplication. (No word, 0-1) FOMALHAUT

ASAP X MAB = RITMT + TMPRY + PDBYD =PAYDIRT

14-4. Unidecimal multiplication. (Two words 0-X) WALRUS

TOUGH X DIG = IDIGDN + NYYDNG + UIHDOU = DDCUUILN

CLASSICAL CRYPTOGRAPHY COURSE

BY
LANAKI

May 30, 1996

Revision 0

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 12

POLYALPHABETIC SUBSTITUTION SYSTEMS III

CRYPTANALYSIS OF VIGGY'S EXTENDED FAMILY
DECIMATION IN DETAIL

SUMMARY

In Lectures 12 - 13, we continue our study of the "Viggy"

cipher family or Polyalphabetic Substitution systems. We
will cover decimation processes in detail and investigate
special solutions for periodic ciphers. The important
principle of Superimposition will be introduced.

The Resources Section has been updated with more than 50 ACA
published references on these and similar systems - focusing
on the cryptanalytic attack and areas of historical interest.
Thanks to PHOENIX for his help in compiling these sources.
[INDE]

"INCOMING"

In Lecture 13, we will tackle the difficult aperiodic

polyalphabetic case and introduce auto/running key systems.
We will diagram the topics covered in Lectures 10 - 13.

Lecture 14 will be presented by LEDGE. He will cover further

Cryptarithm topics.

Lectures 15-18 will discuss the various geometric,

transposition and fractionation ciphers.

PORTAX CIPHER

We start with a difficult cousin of the PORTA described in

Lecture 11. The PORTAX uses pairs of letters as a unit for
encipherment and decipherment as apart from single letters.

A special slide is required for its operation, and a keyword

is needed.

A B C D E F G H I J K L M (stationary)
. N O P Q R S T U V W X Y Z N O P Q R S T U V W X Y Z ...

. C E G I H M O Q S U W Y A C E G I K M O Q S .. (sliding
. D F H J L N P R T V X Z B D F H J L N P R T .. key)

(The above slide-setting is for G-H (key) directly under the

A-indicator of the stationary alphabet.)

To encipher the digraph RE, we take the R in the upper row of

letters (stationary slide) and the E from the lower pair of
letters (sliding), and use the opposite corners of the
rectangle formed to obtain the ciphertext, or PI. However,
if the digram ER is to be enciphered, we take the E from the
stationary alphabet at the top, and the R from the sliding
alphabet at the bottom to obtain FP.

Note that if the first letter of a digraph is in the range of

A-M, the equivalent ciphertext is dependent on where the
slide is used for the key-letter; but, if the first letter of
the digraph is in the range of N-Z, then it slides along with
the paired rows of lower letters, and therefore all such
digraphs having the first letter in the N-Z are constant,
without dependent of the key. There is an exception when
both letters in the plaintext digraph are in the same column,
in which case the key letter has to be known, for letters
appearing above the needed letters are used for the
ciphertext. [BRYA]

To encipher with keyword, the plaintext is written in two

rows under it; continuing to the end of the message. When
the final group is reached, if there are not enough letters
to make it complete (an even number), add a single null.

For example, encipher the word INNOVATION using the key

OFTEN :

*
A B C D E F G H I J K L M (stationary)
. N O P Q R S T U V W X Y Z N O P Q R S T U V W X Y Z ...

. C E G I K M O Q S U W Y A C E G I K M O Q S .. (sliding
. D F H J L N P R T V X Z B D F H J L N P R T .. key)
*
O F T E N (keyword)
---------
I N N O V
A T I O N
g w
e b
---------
S A R E F
O U N D x
u i
k e

Setting the O of the sliding pairs under the 'A' indicator

of the stationary alphabet, we enciphering IA as GE (opposite
corners); then SO, continuing down the column we encipher the
whole column. We then slide the strip until E-F (key) is
under the A indicator and encipher that column.

To find the period in the PORTAX is dependent on possible

fragments of the plaintext which are known (through the N-Z
combinations produced from the unchanged relationship of
letters). Lets partially decipher the following PORTAX:

SNPOW LBAMP ISCWU OOBXC WKMAT ZKTOW JCBLN CBJGB

TAAJD IWUKW HHVZN MNUFM APBJW PCBSX JCJQX TMVUB
MDCBJ CGUGR. (90)

Assuming a period of 6:

S N P O W L
B A M P I S
n t u r natural ?
l e d s good
-----------
C W U O O B
X C W K M A
o y s
s o c ok
-----------
T Z K T O W
J C B L N C
r o s t o
n y n d s better
-----------
B J G B T A
A J D I W U
y
m
-----------
K W H H V Z
N M N U F M
t p t
s r y
-----------
A P B J W P
C B S X J C
n r o
f t e
-----------
 J Q X T M V
U B M D C B
n t o n
h u n r
-----------
J C R - -
U G R
-----------

Note the NY-NDS which could be NYaNDS or NYeNDS. Look at the

final group, we find -NTON -HUN-R (hundred?) We next test the
keyword by putting T in the final position and testing the
precursor letter; A C E F H I L N O P R S and U, At the E
setting, OM = TC, making -OYST/-SOCCU with R in the next
group confirming OCCUR. The E substitution also gives us the
HUNDRED. The rest of the analysis is left for the student
for credit.

THE NIHILIST SUBSTITUTION CIPHER

One of my favorite ciphers is the Nihilist Substitution

Cipher. Classified as a periodic, it employs numbers to
represent letters. Numbers are derived from a 5 x 5 Polybius
Square.

We set up a block of 25 letters and combine I/J in one cell.

Figure 12-1a

1 2 3 4 5
1 A B C D E
2 F G H I/J K
3 L M N O P
4 Q R S T U
5 V W X Y Z

So A = 11, L = 31, T = 44. (Row by Column)

The Polybius Square can be keyed. For example, using

UNITED STATES OF AMERICA and eliminating the duplicate
letters, we have:

Figure 12-1b

1 2 3 4 5
1 U N I T E
2 D S A O F
3 M R C B G
4 H K L P Q
5 V W X Y Z

We can also mix it up further with a little transposition.

Use BLACKSMITH, transpose and remove the ciphertext by

columns starting at 1:
 B L A C K S M I T H
D E F G N O P Q R U
V W X Y Z

B D V L E W A F X C G Y K N Z S O M P I Q T R H U

The resulting square reads:

Figure 12-1c

1 2 3 4 5
1 B D V L E
2 W A X F C
3 G Y K N Z
4 S O M P I
5 Q T R H U

Figure 12-1c shows the effect of the transposition applied

first.

Now the message COME AT ONCE enciphered with a keyword of

TENT (period = 4) is:

T-44 E-15 N-35 T-44

----------------------
C-13 O-34 M-32 E-16
A-11 T-44 O-34 N-33
C-13 E-15 - -

We add the key and the plaintext equivalents together to

produce the ciphertext: COME: 57 49 65 59; ATON: 55 59 67
77; CE: 57 30. Each column represents a monoalphabetic
substitution in itself, and the reading or value of these
letters is dependent on the letters on either side of them.

WEAKNESSES

The lowest number of any key-letter which may be added to the

lowest plaintext letter is 11, with a total of 22; the
highest combination is two 55's or 10 (110). The numbers
6,7,8, or 9, are not involved in either the tens or the one's
additions - but they may result in a sum. Cipher 22 must
equal 11 plus 11; and 10 can only mean the sum of two 55's.
Zero in the one's column means that two 5's have been added.
This is also true in the ten's column. If at any time we find
that a 6-7-8-9 is involved we can discard the period assumed
as wrong. What we are looking for is a number in the 1-2-3-
4-5 range that may be added to produce first the ten's sum
and then the one's sum.

FINDING THE PERIOD

There are two ways to find the period - the short and the
long way.

SHORT METHOD

The short way of finding the period is to look for two or

more 30's. We treat them like a repeated digraph and factor
the interval between them looking for a common factor. We may
also try the same procedure with the lowest number versus the
highest number, for example the distance between two 94's or
two 26's.

LONG METHOD

The long way is to assume a 3 period and test the 1'st and
4'th, 2'nd and 5'th, 3'rd and 6'th in the same manner as the
short method. When conflicts arise, discard the choice.
We continue with an assumption of periods 4, 5, 6, etc. and
increase the differentials between ciphertext numbers. [BRYA]

CRYPTANALYSIS OF THE NIHILIST SUBSTITUTION

Gaines [ELCY] suggests that cracking this cipher parallels

the Viggy. The period is found through repeated sequences, or
in their absence, through repeated single letters, yielding
individual frequency counts on the several alphabets of the
period. If the arrangement of the ciphertext follows the
normal Polybius (aka Checkerboard) Square, the frequency
counts will follow the graph of the normal alphabet less one
letter. Even with the keyword mixed ciphertext alphabet,
no matter how badly mixed, the frequency counts are parallel,
the several alphabets combined follow one graph, and can be
"lined up."

Notice that the primary alphabet contains only the digits 1-

2-3-4-5. The maximum difference is 4 and addition of any
number to all of them does not change this fact. the maximum
difference between any to sums is still 4. Now the number
added during encipherment is also a number containing no
digit other than 1-2-3-4-5; thus any number found in the
cryptogram can be considered as carrying two separate
additions, one for tens and one for ones. The two 5's added
give us the revealing 0; the carried digit 1 can be mentally
borrowed back, by decreasing the size of the digit preceding
the zero. If we find a 40 , we look at it as 3 tens with ten
units or finding 110, we may regard this as ten tens and ten
units. If we find the numbers 29 and 87 in the cryptogram,
we know they were not enciphered by the same key. This is
because a difference greater than 4 in the respective tens
units exists and no digit whatever added to any two digits of
the original square can produce a difference greater than 4.
Say we have 30 and 77, with no difference greater than 4, the
presence of the zero needs to be accounted for. The number
30 has 2 tens and ten units; 7 - 2 >4, hence, we reject
the same key hypothesis.

Four giveaways are 22, 30, 102, and 110. The presence of any
one of these numbers gives away the key to the whole cipher
alphabet.

[BRYA] presents a useful aid for the standard Polybius

Square in Table 12-1. At the top is the key-number, at the
left is the plaintext letter, and at ciphertext is found at
the intersection. Any two of the three variables yields the
unknown letter/number.

Table 12-1

11 12 13 14 15 21 22 23 24 25 31 32
A B C D E F G H I/J K L M
A 11 22 23 24 25 26 32 33 34 35 36 42 43
B 12 23 24 25 26 27 33 34 35 36 37 43 44
C 13 24 25 26 27 28 34 35 36 37 38 44 45
D 14 25 26 27 28 29 35 36 37 38 39 45 46
E 15 26 27 28 29 30 36 37 38 39 40 46 47

F 21 32 33 34 35 36 42 43 44 45 46 52 53
G 22 33 34 35 36 37 43 44 45 46 47 53 54
H 23 34 35 36 37 38 44 45 46 47 48 54 55
I 24 35 36 37 38 39 45 46 47 48 49 55 56
K 25 36 37 38 39 40 46 47 48 49 50 56 57

L 31 42 43 44 45 46 52 53 54 55 56 62 63
M 32 43 44 45 46 47 53 54 55 56 57 63 64
N 33 44 45 46 47 48 54 55 56 57 58 64 65
O 34 45 46 47 48 49 55 56 57 58 59 65 66
P 35 46 47 48 49 50 56 57 58 59 60 66 67

Q 41 52 53 54 55 56 62 63 64 65 66 72 73
R 42 53 54 55 56 57 63 64 65 66 67 73 74
S 43 54 55 56 57 58 64 65 66 67 68 74 75
T 44 55 56 57 58 59 65 66 67 68 69 75 76
U 45 56 57 58 59 60 66 67 68 69 70 76 77

V 51 62 63 64 65 66 72 73 74 75 76 82 83
W 52 63 64 65 66 67 73 74 75 76 77 83 84
X 53 64 65 66 67 68 74 75 76 77 78 84 85
Y 54 65 66 67 68 69 75 76 77 78 79 85 86
Z 55 66 67 68 69 70 76 77 78 79 80 86 87

Table 12-1
continued

33 34 35 41 42 43 44 45 51 52 53 54 55
N O P Q R S T U V W X Y Z
A 11 44 45 46 52 53 54 55 56 62 63 64 65 66
B 12 45 46 47 53 54 55 56 57 63 64 65 66 67
C 13 46 47 48 54 55 56 57 58 64 65 66 67 68
D 14 47 48 49 55 56 57 58 59 65 66 67 68 69
E 15 48 49 50 56 57 58 59 60 66 67 68 69 70

F 21 54 55 56 62 63 64 65 66 72 73 74 75 76
G 22 55 56 57 63 64 65 66 67 73 74 75 76 77
H 23 56 57 58 64 65 66 67 68 74 75 76 77 78
I 24 57 58 59 65 66 67 68 69 75 76 77 78 79
K 25 58 59 60 66 67 68 69 70 76 77 78 79 80

L 31 64 65 66 72 73 74 75 76 82 83 84 85 86
M 32 65 66 67 73 74 75 76 77 83 84 85 86 87
N 33 66 67 68 74 75 76 77 78 84 85 86 87 88
O 34 67 68 69 75 76 77 78 79 85 86 87 88 89
P 35 68 69 70 76 77 78 79 80 86 87 88 89 90

Q 41 74 75 76 82 83 84 85 86 92 93 94 95 96
R 42 75 76 77 83 84 85 86 87 93 94 95 96 97
S 43 76 77 78 84 85 86 87 88 94 95 96 97 98
T 44 77 78 79 85 86 87 88 89 95 96 97 98 99
U 45 78 79 80 86 87 88 89 90 96 97 98 99 00

V 51 84 85 86 92 93 94 95 96 02 03 04 05 06
W 52 85 86 87 93 94 95 96 97 03 04 05 06 07
X 53 86 87 88 94 95 96 97 98 04 05 06 07 08
Y 54 87 88 89 95 96 97 98 99 05 06 07 08 09
Z 55 88 89 90 96 97 98 99 00 06 07 08 09 10

Consider Edwin Linquist's challenge:

24 66 35 77 37 77 55 59 55 45 55 88 28 66 46

88 37 67 33 59 58 65 45 66 67 58 44 55 34 79

44 59 55 45 42 87 28 76 43 78 46 86 26 67 24

85 26 67 28 76 26 78 46 65 65 88 36 49 54 67

28 65 42 88 36 49 44 89 57 58 54 66 47 67 26

Try period = 2. Starting at the first number 24 constant we

scan the line looking for differences greater than 4 using a
constant difference of 2. We come to 33 and 38 and stop.

Try period = 3. The first comparison fails at 24 and 77.

Try period = 4. We are able to go through the entire

cryptogram, comparing numbers at an interval of 4, without
find any difference in either tens or units greater than 4.
We now must look at the numbers collectively in columns to
verify the period is 4. We recopy the cryptogram into a
block.
Key = 4?

24 66 35 77
37 77 55 59
55 45 55 88
28 66 46 88
37 67 33 59
58 65 45 66
67 58 44 55
34 79 44 59
55 45 42 87
28 76 43 78
 46 86 26 67
28 76 26 78
46 65 65 88
36 49 54 67
28 65 42 88
36 49 44 89
57 58 54 65
47 67 26 -

Alphabet 1: The tens-half of the first column contains the

digit 2 and since this can only come from the addition of 1
plus 1, the only possible key digit is 1. The units-half has
a range of 4-5-6-7-8, maximum range possible. The smallest
digit to result in 8 is 3, the largest digit to result in 4
is also 3, that is the only digit which can result in all of
the digits 4-5-6-7-8 is 3, so that the cipher key for this
column is 13. It cannot be anything else.

Alphabet 2: The tens-half of the second column ranges over

the full five digits 4-5-6-7-8 (key 3), and the units-half
ranges over 5-6-7-8-9 (key 4). This suggests the key digit
is 34.

Alphabet 3: The tens-half of the third column contains the

'giveaway' digit of 2 and the units-half also contains the
digit 2. The key digit to produce this situation is 11.

Alphabet 4: The tens-half of the fourth column ranges only

over the digits 5-6-7-8, with nothing to indicate whether the
missing digit is 4 or 9. The key might be either 3 or 4.
The units has the full range of digits 5-6-7-8-9, hence key =
4. So we have either 34 o 44 for our key digit. The normal
square suggests COAO or COAT as the key word. We use Table
12-1 to good advantage and decipher this cryptogram.

We decipher the whole cryptogram a column at a time:

'C' 'O' 'A' 'T'

-- -- -- --
A M I N
I S T E
R A T T
E M P T
I N G E
U L O G
Y I N A
F U N E
R A L S
E R M O
M W E H
A V E H
E R E O
N L Y T
H E S H
E L L T
H E N U
 T I S G
O N E

Reads: A minister attempting eulogy in a funeral sermon: We

have here only the shell, the nut has gone.

For the most difficult case presenting multiple key

possibilities, we line up the alphabets graphically against
their frequency counts to eliminate the extra key digits.

GROMARK

MASTERTON describes a cipher called the GROMARK. The Gromark

is akin to the GRONSFELD in that the components never change
their position relative to each other and every plain text
values has 10 possible cipher representatives. The GROMARK
uses a different keying method; encipherment is effected by
means of a normal alphabet plain set against a mixed cipher
text alphabet. However, instead of cycles or predictable
slides of the cipher component, one finds the plain value on
the top (normal) component and counts a specified number of
positions to the right, then takes the letter in the cipher
alphabet immediately below. The choice of how far to count
along the sequence is determined by the digital key. One
essentially is adding 0 to 9 to the plain value, as in the
Gronsfeld, but it is on the mixed sequence, set underneath a
plain sequence. The key is derived from a Fibonacci series.
On some cycle (frequently 5 wide) the key is derived from a
starting group, by adding the first position to the second
and placing the result in the sixth position. Similarly,
positions 2 and 3 are added to make position number 7, 3, and
4 to make 8, and so forth. All additions are non carrying -a
very common cryptographic practice. [MAST]

Example:

Use the starter or "seed" of 48671, the key is:

48671 24383 67119 382021 ...

Solution follows the normal Viggy methods. The crib

placement can be interesting.

Example:

7 7 2 6 6 4 9 8 2 0 3 7 0 2 3 0 7 2 5 3 7 9 7
J C N W Z Y C A C J N A Y N L Q P W W S T W P

without knowing the cipher sequence, we are given the crib

SUBSTITUTES and runs somewhere from the J to the final P
above.

Since the plain sequence is normal, a repeated cipher letter,

with different key letters on it, must stand for plain values
removed from each other exactly by the difference of the two
numbers. Thus C A C with keys 9 8 2 above it implies that
the first cipher C is M for example, the second C is seven
positions to the right on the plain sequence, or T.
Or:

J K L M N O P Q R S T U V W X
C
*

We prepare a difference table. We are looking for a

favorable case where the differences in the cipher repeats
matches the plain differences, at the correct interval.
To match these differences, we measure them in one direction
for the plain and the reverse for the cipher. Table 12-1
shows subtraction of the left hand letter from the right, and
we must look at the cipher in the other direction.
Differences may be calculated modulo 26.

Table 12-1

adjacent 19 21 2 19 20 9 20 21 20 5 19
diff's S U B S T I T U T E S
xx 2 7 17 1 15 11 1 25 11 14
x-x 9 24 18 16 0 12 0 10
x--x 0 25 7 ...

There is a difference of 7 with the C-C hit, but it doesn't

appear on the second row of the table. The keyword must
first between A (between C's) and W.

7 7 2 6 6 4 9 8 2 0 3 7 0 2 3 0 7 2 5 3 7 9 7
J C N W Z Y C A C J N A Y N L Q P W W S T W P
S U B S T I T U T E S
This is a good tip placement and confirmed by the N-N hit.
The A---A in the cipher matches the S---T plain. We build
the cipher component by writing the cipher component, and a
normal alphabet, count along it from any given plain the
number of steps given by the key, then write the cipher
value. Find S on the top strip, count 8 to right, place an
A. C is two spaces to the right of the position held by the
U, and so on. Decipher other letters by counting backwards
the number of steps given by the key. Cipher C ahead of thew
crib translates to N.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A J Y P Q W N C L

Without a tip the system will fall to statistics. The numbers

associated with any given cipher letter represent a stretch
of 10 consecutive values along a normal alphabet such as C to
L or X to G, we could prepare a table with A to Z as the rows
and 9 to 0 as the columns. Frequencies can be combined
and a stretch such as PQRST area will show as the normal.
The backwards normal sequence yields a bar graph of the
segment of the normal alphabetic frequencies.

DECIMATION PROCESSES - FURTHER REMARKS

In Lecture 11, we presented QUAGMIRES I-IV and solved them by
a variety of methods. Inherent in their solution was
Friedman's principle of indirect symmetry. [FRE7] Prima
facie to this symmetry principle is a process of alphabet
dissociation called Decimation. This same process effects
all Viggy class ciphers and is important from a theoretical
point of view. Decimation is especially effective in solving
mixed alphabet systems like the Quagmire III & IV.
Decimation is a process of selection and derivation of a
sequence of equivalent components according to some fixed
interval. For example, the sequence A E I M is derived by
decimation of extracting every fourth letter from a normal
alphabet.

Consider the two mixed alphabets in a QUAGMIRE III:

O1
* *
Plain: QUESTIONABLYCDFGHJKMPRVWXZ
Cipher: QUESTIONABLYCDFGHJKMPRVWXZQUESTIONABLYCDFGHJKMPRVWXZ
* *
Ok

By setting the two sliding components against each other in

the two positions shown: A in the first set and B in the
second set we can derive two, we can derive two different
sets of secondary alphabets based on the key letters.

O1 * *
Plain: QUESTIONABLYCDFGHJKMPRVWXZ
Cipher: QUESTIONABLYCDFGHJKMPRVWXZQUESTIONABLYCDFGHJKMPRVWXZ
* *
Ok

Secondary Alphabet (1)

Plain: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher: H J P R L V W X D Z Q K U G F E A S Y C B T I O M N

Secondary Alphabet (2)

Plain: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher: J K R V Y W X Z F Q U M E H G S B T C D L I O N P A

Sliding strips will yield the same results as a Viggy type

table based on the Keyword QUESTIONABLY (see a partial table
in Table 11-2.

Table 12-2
Partial Reconstruction

QUESTIONABLYCDFGHJKMPRVWXZ
UESTIONABLYCDFGHJKMPRVWXZQ
ESTIONABLYCDFGHJKMPRVWXZQU
STIONABLYCDFGHJKMPRVWXZQUE
TIONABLYCDFGHJKMPRVWXZQUES
 IONABLYCDFGHJKMPRVWXZQUEST
ONABLYCDFGHJKMPRVWXZQUESTI
NABLYCDFGHJKMPRVWXZQUESTIO
ABLYCDFGHJKMPRVWXZQUESTION
BLYCDFGHJKMPRVWXZQUESTIONA
LYCDFGHJKMPRVWXZQUESTIONAB
YCDFGHJKMPRVWXZQUESTIONABL
CDFGHJKMPRVWXZQUESTIONABLY
. .

Superficially secondary alphabets (1) and (2) show no

resemblance of symmetry despite the fact that they were both
created from the same primary alphabet. We do find a Latent
Symmetry Of Position (aka Indirect Symmetry of Position).
This phenomenon has widespread use in the Viggy family.
Consider alphabet (2):

Secondary Alphabet (2)

Plain: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher: J K R V Y W X Z F Q U M E H G S B T C D L I O N P A

We construct a chain of alternating plaintext and ciphertext

equivalents, beginning at any point and continuing until the
chain is completed. We start Aplain = Jcipher, Jplain =
Qcipher, Qplain = Bcipher...., dropping the common letters
we have A J Q B. The complete sequence of letters is:

A J Q B K U L M E Y P S C R T D V I F W O G X N H Z

When slid against itself it will produce exactly the same

secondary alphabets as do the primary components based upon
the word QUESTIONABLY. For example, compare the secondary
alphabets given by the two settings of the externally
different components below:

* *
Plain: QUESTIONABLYCDFGHJKMPRVWXZ
Cipher: QUESTIONABLYCDFGHJKMPRVWXZQUESTIONABLYCDFGHJKMPRVWXZ
* *

Secondary Alphabet (1)

Plain: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher: J K R V Y W X Z F Q U M E H G S B T C D L I O N P A

* *
Plain: AJQBKULMEYPSCRTDVIFWOGXNHZ
Cipher: AJQBKULMEYPSCRTDVIFWOGXNHZAJQBKULMEYPSCRTDVIFWOGXNHZ
* *

Secondary Alphabet (2)

Plain: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher: J K R V Y W X Z F Q U M E H G S B T C D L I O N P A

Since the sequence A J Q B K ... gives exactly the same

equivalents in the secondary alphabets as does the sequence
QUEST......XZ, the former is cryptographically equivalent to
the latter sequence. For this reason the A J Q B K ..
sequence is termed an equivalent primary component. If the
real or original primary component is a keyword mixed
sequence, it is hidden or latent within the equivalent
primary sequence; it can also be made patent by the process
of decimation of the equivalent primary component.

Friedman in [FRE7] describes the process as follows: find

three letters in the equivalent primary component that are a
likely unbroken sequence in the original primary component,
and see if the interval between the first and second is the
same as that of the second and third. Try X, Y, Z in the
equivalent primary component above. Note the sequence ..W O
G X N H Z...; the distance or interval between W X Z is three
letters. Continuing the chain by adding letters three
intervals removed, the latent original primary component is
made patent.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 W
X Z Q U E S T I O N A B L Y C D F G H J K M

24 25 26
P R V

KEYWORD - MIXED SEQUENCE

We can combine the previous steps into one operation.

Starting with any pair of letters in the cipher component of
the secondary alphabets, likely to be sequent in the keyword-
mixed sequence, such as JK, the following chains of digraphs
may be produced. Thus JK plain stand over QU cipher
respectively, QU in the plain stand over BL in the cipher,
respectively, etc. Connecting the pairs:

JK>QU>BL>KM>UE>LY>MP>ES>YC>PR>ST>CD>RV>TI>DF>VW>IO>FG>WX>
ON>GH>XZ>NA>HJ>ZQ>AB>JK.....

We then unite by common letters:

JK>KM>MP>PR>RV>VW>WX>XZ>ZQ>QU>UE>ES>ST>TI>IO>ON>NA>
AB>BL>LY>YC>CD>DF>FG>GH>HJ>JK.....

or:

JKMPRVWXZ-QUESTIONABLY-CDFGH

HALF CHAINS

Only 12 /26 alphabets will yield a complete equivalent

primary component, as shown above. Even number of intervals
for sliding the alphabets will yield half chains or 13 letter
chains. Friedman [FRE7] describes several methods to combine
the half chains into fully equivalent primary components.
FRIEDMAN'S OBSERVATIONS

Friedman observed that in the case of a 26-element component

sliding against itself (both components proceeding in the
same direction), it is only the secondary alphabets resulting
from odd-interval displacements of the primary components
which permit reconstructing a single 26-letter chain of
equivalents. This is true except for the 13th interval
displacement, which acts like an even number displacement, in
that no complete chain of equivalents can be established from
the secondary alphabet. Friedman states the general rule as:
any displacement interval which has a factor in common with
the number of letters in the primary sequence will yield a
secondary alphabet from which no complete chain of 26
equivalents can be derived for the construction of a complete
equivalent primary component. Components sliding in opposite
directions act as a 13 interval displacement because of their
reciprocal nature.

Friedman concluded that whether or not a complete equivalent

primary component is derivable by decimation from an original
primary component (and if not, the lengths and numbers of
chains of letters, or incomplete components, that can be
constructed in attempts to derive such equivalent components)
will depend upon the number of letters in the original
primary component and the specific decimation interval
selected. [FRE7] Friedman constructed a table relating the
number of characters in the original primary component,
decimation interval and total number of complete sequences
that can be formed. See Table 12-3.

TABLE 12-3

Number of Characters in Original Primary Component

Decimation Interval 32 30 28 27 26 25 24 22 21 20
18 16
----------------------------------------------
2 16 15 14 27 13 25 12 11 21 10 9 8
3 32 10 28 9 26 25 8 22 7 20 6 16
4 8 15 7 27 13 25 6 11 21 5 9 4
5 32 6 28 27 26 5 24 22 21 4 18 16
6 16 5 14 9 13 25 4 11 7 10 3 8
7 32 30 4 27 26 25 24 22 3 20 18 16
8 4 15 7 27 13 25 3 11 21 5 9 2
9 32 10 28 3 26 25 8 22 7 20 2 16
10 16 3 14 27 13 5 12 11 21 2 9 8
11 32 30 28 27 26 25 24 2 21 20 18 16
12 8 5 7 9 13 25 2 11 7 5 3 4
13 32 30 28 27 2 25 24 22 21 20 18 16
14 16 15 2 27 13 25 12 11 3 10 9 8
15 32 2 28 9 26 5 8 22 7 4 6
16 2 15 7 27 13 25 3 11 21 5 9
17 32 30 28 27 26 25 24 22 21 20
18 16 5 14 3 13 25 4 11 7 10
19 32 30 28 27 26 25 24 22 21
20 8 3 7 27 13 5 6 11
21 32 10 4 9 26 25 8
 22 16 15 14 27 13 25 12
23 32 30 28 27 26 25
24 4 5 7 9 13
25 32 6 28 27
26 16 15 14
27 32 10
28 8 15
29 32
30 16

Total Number
Of
Sequences 14 6 10 16 10 18 6 8 10 6 4 6

>From Table 12-3, we see that in a 26-letter original primary

component, decimation interval 5 will yield a complete
equivalent primary component of 26 letters, whereas
decimation intervals of 4 or 8 will yield 2 chains of 13
each. In a 24-letter component, decimation interval 5 will
also yield a complete equivalent primary component of 24
letters, but decimation interval 4 will yield 6 chains of 4
letters each, and decimation interval 8 will yield 3 chains
of 8 letters each.

It follows that in the case of an original primary component

in which the total number of characters is a prime number,
all decimation intervals will yield complete equivalent
primary components. Table 12-3 omits the prime number
sequences from 16-32. [FRE7]

SPECIAL SOLUTIONS FOR PERIODIC CIPHERS

Special circumstances give rise atypical solutions of

periodic ciphers. We shall look at four special cases:
1) isologs, 2) 'stagger', 3) long latent repetition and 4)
superimposition.

ISOLOGS

Recall that an Isolog is defined as the exact same plain text

message enciphered by two different keys in the same
cryptosystem. Lets use two monoalphabetic substitution
systems to illustrate the point. Assume two messages are
intercepted going from station A to B. B had called for a
retransmit because of some error in transmission. We suspect
the messages are the same plaintext content and they both
have the same length. We superimpose one message over the
other:

1. NXGRV MPUOF ZQVCP VWERX QDZVX WXZQE TBDSP VVXJK RFZWH 2.

EMLHJ FGVUB PRJNG JKWHM RAPJM KMPRW ZTAXG JJMCD HBPKY

chaining from 1 to 2: NE>EW>WK>KD>DA ......

1. ZUWLU IYVZQ FXOAR

2. PVKIV QOJPR BMUSH
Next we initiate a chain of ciphertext equivalents (reducing
the common letter) from message 1 to message 2, yielding:
*
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 N
E W K D A S X M F B T Z P G L I Q R H Y O U
* * * * *

24 25 26
V J C

With some experimentation, we find the Key word QUESTIONABLY

and the decimation interval of +5 Modulo 26. The complete 26
letter chain was available for reconstruction, but this is
not a requirement.

Why is it possible to reconstruct the primary component and

solve the above two messages without having any plain text at
all? Since the plain text of both messages is the same, the
relative displacement of the same primary components in the
case of message 1 differs from the relative displacement of
the same primary components in message 2 by a FIXED interval.
Therefore, the distance between N and E (1st two cipher
letters of the two messages) on the primary component,
regardless of what plaintext letter these two cipher letters
represent, is the same distance between E and W (18th
letters), W and K (17th letters), and so forth. Thus this
fixed interval permits the establishing of a complete chain
of letters separated by constant intervals and this chain
becomes an equivalent primary component.

To solve, we take the frequency distributions of message 1

and 2:
E S T I O
1 1 1 2 2 3 1 1 1 1 1 1 1 1 2 3 4 4 1 1 3 7 4 6 1 6
1: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

E S T I O
2 3 1 1 1 1 3 4 1 7 4 1 6 1 1 7 1 4 1 1 2 3 2 1 1 1
2: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

We set up two key word mixed alphabets and slide against each
other. With some trial and error we find:

NABLYCDFGHJKMPRVWXZQUESTIO
QUESTIONABLYCDFGHJKMPRVWXZ

The plain text reads: Five squadrons must be in position by H

plus six zero two at Jackson Ridge.

The same procedure is applied on two repeating key ciphers

suspected of being Isologs:

Message 1

YHYEX UBUKA PVLLT ABUVV DYSAB PCQTU

NGKFA ZEFIZ BDJEZ ALVID TROQS UHAFK

Message 2
CGSLZ QUBMN CTYBV HLQFT FLRHL MTAIQ
ZWMDQ NSDWN LCBLQ NETOC VSNZR BJNOQ

The first step is to find the length of the period. The

usual method fails for lack of long repetitions and the
digraphs are not promising. We use the Principle of
Superimposition to get a hold on the period for both
cryptograms.

1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930
Y H Y E X U B U K A P V L L T A B U V V D Y S A B P C Q T U
C G S L Z Q U B M N C T Y B V H L Q F T F L R H L M T A I Q

313233343536373839404142434445464748495051525354555657585960
N G K F A Z E F I Z B D J E Z A L V I D T R O Q S U H A F K
Z W M D Q N S D W N L C B L Q N E T O C V S N Z R B J N O Q

We employ a subterfuge will be employed based upon the theory

of factoring. We search for cases of identical
superimposition. We have:

4 44 6 18 30
E and E are separated by 40 letters, U, U and U which
L L Q Q Q

are separated by 12 letters. We factor these intervals as if

they were ordinary repetitions. The most frequent factor
should correspond to the period. We are dealing with
Isologs. The plain text is the same in both messages, so the
principle of identity of superimposition can only be the
result of identity of encipherments by identical cipher
alphabets. The same relative position in the keying cycle
has been reached in both cases of the identity. The distance
between identical superimpositions must be equal to or a
multiple of the length of the period. The following is the
complete set of superimposed pairs:

Repetition Interval Factors

--------------------------------------------
EL - EL 40 2,4,5,8,10,20
UQ - UQ -UQ 12 2,3,4,6
UB - UB 48 2,3,4,6,,8,12,24
KM - KM 24 2,3,4,6,12
AN -AN -AN 36/12 2,3,4,6;9,12,18
VT -VT -VT 8/28 2,4; 2,4,7,14
TV - TV 36 2,3,4,6,9,12,18
AH - AH 8 2,4
BL -BL -BL 8/16 2,4,;8
SR - SR 32 2,4,8,16
FD - FD 4 2
ZN - ZN 4 2
DC - DC 8 2, 4
------------------------------------------------

Only the factors 2 and 4 are common. We discard 2 as

improbable. We break up the message into groups of four.

1234 1234 1234 1234 1234 1234 1234 1234

1. YHYE XUBU KAPV LLTA BUVV DYSA BPCQ TUNG 2. CGSL ZQUB
MNCT YBVH LQFT FLRH LMTA IQZW
* * * *

1234 1234 1234 1234 1234 1234 1234

1. KFAZ EFIZ BDJE ZALV IDTR OQSU HAFK
2. MDQN SDWN LCBL QNET OCVS NZRB JNOQ

We develop a decipherment Tableaux:

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
------------------------------------------------------
1 L F S J O M Y N I Z C Q
2 N C D G B M Z Q L
3 Q U T O W B E Z C R V F S
4 H L W Q A S B T N
------------------------------------------------------

Using the meyhods previously described, we build up the

equivalent primary component and combine our digrams.

BL, DF, ES, HJ, IO, KM, LY, ON,TI, XZ, YC, ZQ.

BLYC .DF TION XZQ(U) [ES]TION(A)BLY CDF (G) H

JKM(P) (R) (V) XZ

It is not a long jump to a key word QUESTIONABLY and the

equivalent primary component:

Q U E S T I O N A B L Y C D F G H J K M P R V W X Z

The fact that the original primary component was exposed was
pure chance, it could have been an equivalent primary
sequence alphabet.

>From here we apply the completion of the plain-component

sequence using the high frequency letter assortments.
For the first message:

Gen Alphabet 1 Alphabet 2 Alphabet 3 Alphabet 4

1 YXKLBDBTKE 1HUALUYPUFF 5YBPTVSCNAI EUVAVAQGZZ

2 2CZMYLFLIMS 4JEBYECREGG 5CLRIWTDABO SEWBWBUHQQ
3 2DQPCYGYOPT 3KSLCSDVSHH 3DYVOXIFBLN TSXLXLEJUU
4 4FURDCHCNRI MTYDTFWTJJ 3FCWNZOGLYA ITZYZYSKEE
5 3GEVFDJDAVO PICFIGXIKK GDXAQNHYCB OIQCQCTMSS
6 2HSWGFKFBWN 4RODGOHZOMM HFZBUAJCDL 5NOUDUDIPTT
7 JTXHGMGLXA VNFHNJQNPP JGQLEBKDFY 8ANEFEFORII*
8 KIZJHPHYZB WAGJAKUARR 1KHUYSLMFGC 6BASGSGNVOO
9 MOQKJRJCQL XBHKBMEBVV 2MJECTYPGHD 5LBTHTHAWNN
10 PNUMKVKDUY ZLJMLPSLWW PKSDICRHJF YLIJIJBXAA
11 4RAEPMWMFEC QYKPYRTYXX RMTFODVJKG CYOKOKLZBB
12 3VBSRPXPGSD UCMRCVICZZ 2VPIGNFWKMH 2DCNMNMYQLL
13 4WLTVRZRHTF EDPVDWODQQ WROHAGXMPJ 2FDAPAPCUYY
14 XYIWVQVJIG 3SFRWFXNFUU XVNJBHZPRK 3GFBRBRDECC
15 ZCOXWUWKOH TGVXGZAGEE ZWAKLJQRVM 1HGLVLVFSDD
16 QDNZXEXMNJ IHWZHQBHSS QXBMYKUVWP 1JHYWYWGTFF
17 UFAQZSZPAK OJXQJULJTT UZLPCMEWXR KJCXCXHIGG
18 EGBUQTQRBM NKZUKEYKII EQYRDPSXZV MKDZDZJOHH
19 3SHLEUIUVLP 5AMQEMSCMOO SUCVFRTZQW PMFQFQKNJJ
20 6TJYSEOEWYR? 4BPUSPTDPNN TEDWGVIQUX RPGUGUMAKK
21 IKCTSNSXCV 8LRETRIFRAA* ISFXHWOUEZ 3VRHEHEPBMM
22 5OMDITATZDW? 3YVSIVOGVBB OTGZJXNESQ WVJSJSRLPP
23 NPFOIBIQFX 3CWTOWNHWLL NIHQKZASTU XWKTKTVYRR
24 5ARGNOLOUGZ? DXINXAJXYY AOJUMQBTIE ZXMIMIWCVV
25 4BVHANYNEHQ FZOAZBKZCC 5BNKEPULIOS QZPOPOXDWW
26 LWJBACASJU GQNBQLMQDD 7LAMSREYONT* UQRNRNZFXX

We choose generatrices 20/22/24; 21; 26; 7 because of the

highest two category scores. it is not much of a jump to
find Alphabet 1 generatrix as alphabet 24:

1 2 3 4
A L L A
R R A N
G E M E
N T S F
O R R E
L I E F
O F Y O
U R O R
G A N I
Z A T I

>From a Vigenere Square (Figure 12-1) based on the keyword

QUESTIONABLY, we find the key words SOUP for message 1 and
TIME for message 2.

S O U P S O U P S O U P S O U P S O U P S O U P
----------------------------------------------------
Y H Y E X U B U K A P L L L T A B U V V D Y S A
A L L A R R A N G E M E N T S F O R R E L I E F

B P C Q T U N G K F A Z E F I Z B D J E Z A L V
O F Y O U R O R G A N I Z A T I O N H A V E B E

I D T R O Q S U H A F K
E N S U S P E N D E D X

T I M E T I M E T I M E T I M E T I M E T I M E
____________________________________________________

C G S L Z Q U B M N C T Y B V H L Q F T F L R H
A L L A R R A N G E M E N T S F O R R E L I E F

L M T A I Q Z W M D Q N S D W N L C B L Q N E T
O F Y O U R O R G A N I Z A T I O N H A V E B E

O C V S N Z R B J N O Q
E N S U S P E N D E D X
 Figure 12-1

Q U E S T I O N A B L Y C D F G H J K M P R V W X Z
U E S T I O N A B L Y C D F G H J K M P R V W X Z Q
E S T I O N A B L Y C D F G H J K M P R V W X Z Q U
S T I O N A B L Y C D F G H J K M P R V W X Z Q U E
T I O N A B L Y C D F G H J K M P R V W X Z Q U E S
I O N A B L Y C D F G H J K M P R V W X Z Q U E S T
O N A B L Y C D F G H J K M P R V W X Z Q U E S T I
N A B L Y C D F G H J K M P R V W X Z Q U E S T I O
A B L Y C D F G H J K M P R V W X Z Q U E S T I O N
B L Y C D F G H J K M P R V W X Z Q U E S T I O N A
L Y C D F G H J K M P R V W X Z Q U E S T I O N A B
Y C D F G H J K M P R V W X Z Q U E S T I O N A B L
C D F G H J K M P R V W X Z Q U E S T I O N A B L Y
D F G H J K M P R V W X Z Q U E S T I O N A B L Y C
F G H J K M P R V W X Z Q U E S T I O N A B L Y C D
G H J K M P R V W X Z Q U E S T I O N A B L Y C D F
H J K M P R V W X Z Q U E S T I O N A B L Y C D F G
J K M P R V W X Z Q U E S T I O N A B L Y C D F G H
K M P R V W X Z Q U E S T I O N A B L Y C D F G H J
M P R V W X Z Q U E S T I O N A B L Y C D F G H J K
P R V W X Z Q U E S T I O N A B L Y C D F G H J K M
R V W X Z Q U E S T I O N A B L Y C D F G H J K M P
V W X Z Q U E S T I O N A B L Y C D F G H J K M P R
W X Z Q U E S T I O N A B L Y C D F G H J K M P R V
X Z Q U E S T I O N A B L Y C D F G H J K M P R V W
Z Q U E S T I O N A B L Y C D F G H J K M P R V W X

SOLUTION OF ISOLOGS INVOLVING THE SAME SET OF PRIMARY

COMPONENTS BUT WITH KEY WORDS OF DIFFERENT LENGTHS

The example previous had two keywords the same lengths.

The Method of Superimposition works with Keywords of
different lengths. Friedman works an interesting example:

Message 1

VMYZG EAUNT PKFAY JIZMB UMYKB VFIVV

SEOAF SKXKR YWCAC ZORDO ZRDEF BLKFE
SMKSF AFEKV QURCM YZVOX VABTA YYUOA
YTDKF ENWNT DBQKU LAJLZ IOUMA BOAFS
KXQPU YMJPW QTDBT OSIYS MIYKU ROGMW
CTMZZ VMVAJ

Message 2

ZGANW IOMOA CODHA CLRLP MOQOJ EMOQU

DHXBY UQMGA UVGLQ DBSPU OABIR PWXYM
OGGFT MRHVF GWKNI VAUPF ABRVI LAQEM
ZDJXY MEDDY BOSVM PNLGX XDYDO PXBYU
QMNKY FLUYY GVPVR DNCZE KJQOR WJXRV
GDKDS XCEEC.

Both messages permit factoring at periods of 4 and 6 letters,

respectively. Superimposing the two messages and marking the
position of each letter in the corresponding period, we have:

12341 23412 34123 41234 12341 23412

No. 1 VMYZG EAUNT PKFAY JIZMB UMYKB VFIVV
No. 2 ZGANW IOMOA CODHA CLRLP MOQOJ EMOQU
12345 61234 56123 45612 34561 23456

34123 41234 12341 23412 34123 41234

No. 1 SEOAF SKXKR YWCAC ZORDO ZRDEF BLKFE
No. 2 DHXBY UQMGA UVGLQ DBSPU OABIR PWXYM
12345 61234 56123 45612 34561 23456

12341 23412 34123 41234 12341 23412

No. 1 SMKSF AFEKV QURCM YZVOX VABTA YYUOA
No. 2 OGGFT MRHVF GWKNI VAUPF ABRVI LAQEM
12345 61234 56123 45612 34561 23456

34123 41234 12341 23412 34123 41234

No. 1 YTDKF ENWNT DBQKU LAJLZ IOUMA BOAFS
No. 2 ZDJXY MEDDY BOSVM PNLGX XDYDO PXBYU
12345 61234 56123 45612 34561 23456

12341 23412 34123 41234 12341 23412

No. 1 KXQPU YMJPW QTDBT OSIYS MIYKU ROGMW
No. 2 QMNKY FLUYY GVPVR DNCZE KJQOR WJXRV
12345 61234 56123 45612 34561 23456

34123 41234
No. 1 CTMZZ VMVAJ.
No. 2 GDKDS XCEEC.
12345 61234

What is neat about this superimposition is that we can

establish secondary alphabets by distributing the letters
from the 12 different superimposed pairs of numbers.
The 1 - 1 superimposition is placed in the tableau at the
0 - 1 row, column in the tableaux.

0 1 2 3 4 5 6 7 8 91011121314151617181920212223242526
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
---------------------------------------------------
1-1 I J P D Q G C E K O R Z
2-2 H V N G U W E D M L X
3-3 E M X G I D J N R A O
4-4 X O C D K A F Y Q V N
1-5 B T W L R E M N Y U A
2-6 M O I C D U V F R
3-1 O G R L P S D Z
4-2 L P H U V E D M F
1-3 Q J V W K O X Y M A
2-4 B J X P O A F Y D
3-5 N R Y B C G Q S
4-6 M L O S U V W X
---------------------------------------------------
We construct the complete equivalent primary component:

1 2 3 4 5 6 7 8 91011121314151617181920212223242526
I T K N P Z H M W B Q E U L F C S J A X R G D V O Y
Ok. We have the cipher component. Is it normal? reversed?
Mixed? Same questions for the plain component sequence.
We assume that the primary plain component is normal direct
sequence. We attempt to solve and fail. Normal reverse will
also fail. We assume a K3 situation, i.e. the plain and
cipher components are identical. Again the test fails. We
assume that the plain is in reverse mode. Nope. So we have a
K4 situation, both primary components are different mixed
sequences.

Message 1 transcribed into periods of four letters.

Message 1

VMYZ GEAU NTPK FAYJ IZMB UMYK BVFI VVSE

OAFS KXKR YWCA CZOR DOZR DEFB LKFE SMKS
FAFE KVQU RCMY ZVOX VABT AYYU OAYT DKFE
NWNT DBQK ULAJ LZIO UMAB OAFS KXQP UYMJ
PWQT DBTO SIYS MIYK UROG MWCT MZZV MVAJ

The Uniliteral frequency distributions for the four secondary

alphabets are shown in 1A -4A. We have the reconstructed
cipher alphabet, 1B-4b shows the sequences rearranged.

1 15 1 2 1 1 3 2 4 2 3 1 1 2 5 3 1 1
1A A B C
D E F G H I J K L M N O P Q R S T U V W X Y Z
6 2 21 2 2 1 4 1 1 1 5 4 2 2 4
2A A B C
D E F G H I J K L M N O P Q R S T U V W X Y Z
4 1 2 7 1 2 3 1 3 1 4 1 1 7 2
3A A B C
D E F G H I J K L M N O P Q R S T U V W X Y Z
1 3 4 1 4 4 2 1 3 4 5 3 1 1 1 1
4A A B
C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 3 2 1 1 4 1 5 2 2 1 2 1 1 1 5 3 3 1
1B I T K N P Z H M W B Q E U L F C S J A X R G D V O Y

2 1 2 4 4 3 2 2 1 1 6 2 1 5 1 2
2B I T K N P Z H M W B Q E U L F C S J A X R G D V O Y

1 1 2 1 1 2 3 1 4 7 2 1 4 3 7
3B I T K N P Z H M W B Q E U L F C S J A X R G D V O Y

1 5 4 1 1 3 4 3 4 4 1 1 3 1 1 2 1
4B I T K N P Z H M W B Q E U L F C S J A X R G D V O Y

We now shift 1B-4B for superimposition and combine the

distributions. The latter distributions may be combined so
as to yield a single monoalphabetic distribution for the
entire message. In other words, the polyalphabetic message
can be converted into monoalphabetic terms, and thereby
simplifying the situation considerably.

1 3 2 1 1 4 1 5 2 2 1 2 1 1 1 5 3 3 1
1B I T K N P Z H M W B Q E U L F C S J A X R G D V O Y
2 1 1 6 2 1 5 1 2 2 1 2 4 3 2
2B E U L F C S J A X R G D V O Y I T K N P Z H M W B Q 2 1 1
2 3 1 4 7 2 1 4 3 7
3B K N P Z H M W B Q E U L F C S J A X R G D V O Y I T
1 1 3 4 3 4 4 1 1 3 1 1 2 1 1 5 4
4B P Z H M W B Q E U L F C S J A X R G D V O Y I T K N

6 2 5 4 2 7 15 9 2 21 9 6 410 3 1 1 7 2 918 9 1
1B-4B I T K N P Z H M W B Q E U L F C S J A X R G D V O Y
combinedH M L R S O A I Y N E T
Plain
Equiv's

I have converted 2B-4B into terms of 1B. The 2 E's of 2B add

to 1B I. The two K's of alphabet 3 becomes I's and the N
becomes a T, and so forth. We solve the monoalphabetic
cipher.

12341 23412 34123 41234 12341 23412

ENEMY HASCA PTURE DHILL ONETW OONEO

VDVTG ISWNZ KOFMV LIRZZ UDVOB UUDVU

URTRO OPSHA VEDUG INAND CANHO LDFOR

FMOMU UKWIS YVLFC RDSDL NSDIU ZLJUM

ANHOU RORPO SSIBL YLONG ERREQ UESTR

SDIUF MUMKU WWRPZ GZUDC VMMVA FVWOM

EINFO RCEME NTSTO PADDI TIONA LTROO

VVDJU MNVTV DOWOU KSLLR ORDUS ZOMUU

PSSHO ULDBE SENTV IAGEO RGETO WNFRE

KWWIU FZLPV WVDOY RSCVU MCVOU BDJMV
DERIC KROAD.
LVMRN XMUSL.

Having the plain text, the derivation of the plain or

equivalent plain component is straightforward. We may base
the reconstruction upon any of the secondary alphabets, since
the plaintext - ciphertext relationship is known directly,
and the primary cipher component is at hand. So:

1 2 3 4 5 6 7 8 9 1011121314151617181920212223242526
H M P C B L . R S W . . O D U G A F Q K I Y N E T V

with Key words of STAR and OCEANS for messages 1 and 2.

NECESSARY AND SUFFICIENT CONDITIONS FOR SUPERIMPOSITION AND

CONVERSION TO MONOALPHABETIC TERMS

This example shows the power of the method of superimposition

and conversion of a polyalphabetic cipher to monoalphabetic
terms. This conversion is possible because the sequence of
letters forming the cipher component has been reconstructed
and was known, and the uniliteral distributions for the
respective secondary cipher alphabets could theoretically be
shifted to correct superimpositions for monoalphabeticity.
The data was sufficient to give proper indications for
alignment of the alphabets and relative displacements. The
chi test could also have been brought to bear to match
columns. The above constitutes the necessary and sufficient
conditions to convert theory to actuality.

SOLUTION OF ISOLOGS INVOLVING DIFFERENT PAIRS OF UNKNOWN

PRIMARY COMPONENTS

The principle of superimposition continues to work for us

even when the primary components are different, and the
repeating keys are of different lengths.

There are two general attacks. The first is a slight

modification of the procedures previously discussed. We first
factor the messages, then superimpose the messages on a width
of the least common multiple, then create a reconstruction
matrix based on the cipher values. We must limit our
observations to within the matrix, because the given messages
are different and therefore the indirect symmetry does not
extend to the 0 or assumed plain line. The wrinkle in the
fabric is we must restrict our observations to a homogeneous
set of lines, like 1-1,1-2,1-3,1-4 etc. From this data, we
reduce the reconstruction matrix to a smaller set and solve
for the equivalent primary component. It is possible to
invert the matrix so that values for the second message will
yield its equivalent primary component.

ARBITRARY REDUCTION METHOD

It is not necessary to recognize the plain text to solve a

problem involving Isologs. The next cryptanalytic attack is
applicable for many types of ciphers. The procedure exposes
latent letter relationships and reduces the imposed chaos of
the cryptogram. Given:
Message 1

BWXPS OBYII UYHLF KFSOP VGEYW PBVXO

UGJPB WDXUG HSWDH KHKHC UAYKP NFSPD
OBBYB INKFL WABOX PJXUV WKFXR WXYWS
SDYZQ ZHETA JXXZW XJROS PDEEW OJONK
GIRXR WUYDK NTJWR EVBUR DLISJ BLCKK
FODEV DYZQZ SHCTW DIEXZ

Factoring gives us periods of 4 and 5 for messages 1 and 2,

respectively. We write out the messages on a width of the
least common multiple of 20.

Message 2

JNLEJ HWUAH JHUIV YNCHC HLPKD EWZJJ

JNAHB HZBIM TUBQE FJAKM JVBEF XNCTL
FAAKV KIABG CVFNY FWBIQ GERSA TZUSD
SXBUD SHAWA YXLJD CQLED HXGZL ZWHNB
VTJSA TSUUC MIAKK JEMIY DSKGB VTJYC
XYLZE CXLSU MVMND ONFJY

12341 23412 34123 41234 20

BWXPS OBYII UYHLF KFSOP
JNLEJ HWUAH JHUIV YNCHC
12345 12345 12345 12345
 A A A
12341 23412 34123 41234 40
VGEYW PBVXO UGJPB WDXUG
HLPKD EWZJJ JNAHB HZBIM
12345 12345 12345 12345
A A
12341 23412 34123 41234 60
HSWDH KHKHC UAYKP NFSPD
TUBQE FJAKM JVBEF XNCTL
12345 12345 12345 12345
A
12341 23412 34123 41234 80
OBBYB INKFL WABOX PJXUV
FAAKG KIABG CVFNY FWBIQ
12345 12345 12345 12345
A A A A
12341 23412 34123 41234 100
WQFXR WXYWS SDYZQ ZHETA
GERSA TZUSD SXBUD SHAWA
12345 12345 12345 12345

12341 23412 34123 41234 120

JXXZW XJROS PDEEW OJONK
YXLJD CQLED HXGZL ZWHNB
12345 12345 12345 12345

12341 23412 34123 41234 140

GIRXR WUYDK NTJWR EVBUR
VTJSA TSUUC MIAKK JEMIY
12345 12345 12345 12345
A A A
12341 23412 34123 41234 160
DLISJ BLCKK FODEV DYZQZ
DSKGB VTJYC XYLZE CXLSU
12345 12345 12345 12345
A
12341 23412 170
SHCTW DIEXZ
MVMND ONFJY
12345 12345
A

We arbitrarily assign the value of A(plain) as the first

letter of the plain text. Since in message 1, B(cipher)=
A(plain), then every B(cipher) in alphabet 1 must equal
A(plain); these values are entered in the table above. Also
the 65th and 73rd letter of message 1 are A(plain), this
establishes that in message 2, G(cipher) in alphabet 5 and
F(cipher) in alphabet 3 are also A(plain); we enter these
values. Similarly, every J(cipher) in alphabet 1 of message
2 equals A(plain). We continue the process and recover all
the A(plains) of the pseudo-plain text with the resulting
worksheet shown above.

We arbitrarily assign the value of B(plain) to the V(cipher)

at the 21st position of message 1. The other V(cipher) of
message number 1 establishes the E(cipher) of message 2 also
as a B(plain). This procedure of arbitrary assignments is
continued until all the cipher letters of alphabet 1 of
message 1, are placed. we are able to reduce most of the
text to monoalphabetic terms. The worksheet is as follows:

12341 23412 34123 41234 20

BWXPS OBYII UYHLF KFSOP
JNLEJ HWUAH JHUIV YNCHC
12345 12345 12345 12345
ACHDIIFCK ACCA FME D

12341 23412 34123 41234 40

VGEYW PBVXO UGJPB WDXUG
HLPKD EWZJJ JNAHB HZBIM
12345 12345 12345 12345
B CE F LI AMF F BHOAM

12341 23412 34123 41234 60

HSWDH KHKHC UAYKP NFSPD
TUBQE FJAKM JVBEF XNCTL
12345 12345 12345 12345
CEOOC D FCM AJODB MEBO

12341 23412 34123 41234 80

OBBYB INKFL WABOX PJXUV
FAAKG KIABG CVFNY FWBIQ
12345 12345 12345 12345
DGFCA IFMA OJAIH DFOA

12341 23412 34123 41234 100

WQFXR WXYWS SDYZQ ZHETA
GERSA TZUSD SXBUD SHAWA
12345 12345 12345 12345
EB EJ CHCEE LOOHE LCF J

12341 23412 34123 41234 120

JXXZW XJROS PDEEW OJONK
YXLJD CQLED HXGZL ZWHNB
12345 12345 12345 12345
FOHLE O HDE BOPFO FIIF

12341 23412 34123 41234 140

GIRXR WUYDK NTJWR EVBUR
VTJSA TSUUC MIAKK JEMIY
12345 12345 12345 12345
G EJ CACHD IIFC ABGAH

12341 23412 34123 41234 160

DLISJ BLCKK FODEV DYZQZ
DSKGB VTJYC XYLZE CXLSU
12345 12345 12345 12345
HAM F G ND HFC OOHEL

12341 23412 170

 SHCTW DIEXZ
MVMND ONFJY
12345 12345
IJGIE MALH

The above table is about 85% reduced and note the idiomorphic
repetition ACHDIIFC representing Artillery becomes patent in
the reduction process. This is rather exciting. From no
patent clues to reduction and latent clues exposed. Clever.

The solution is continued by setting up sequence recon-

struction matrices for both messages. The 0 line represents
the pseudo-plain text and the values inside the matrix being
cipher text.

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
------------------------------------------------------
1 B V H O W J G D S R I X F K Y E
2 L Q W K S E B Z O H C X
3 U P V Q B C X N S I W
4 E W Y P X K R T A Z G D
-------------------------------------------------------

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
------------------------------------------------------
1 J H T F G Y V D M S C
2 S E H U W A Z I V N X
3 F U C A M L H K B G
4 I T K E S Z U N A J B Y Q
5 G F E C D B Y J A U M L
------------------------------------------------------

>From the above we chain out the equivalent primary components

used for each message. Having reconstructed the cipher
component for each message, the alphabets are aligned,
combined and reduced to monoalphabetic terms. After solution
of these messages, we find message 1 is a case of direct
symmetry with the cipher component based on the keyword
HYDRAULIC, and message 2 is a case of indirect symmetry with
both components being keyword-mixed sequences based on our
favorite keyword QUESTIONABLY. Friedman points out that the
keywords are prime to each other (9 vs 11). Primality is not
a necessary condition for solution based on this procedure.
[FRE7]

The method of Arbitrary Reduction is very powerful and works

in other ares besides solving periodic polyalphabetic
ciphers. It represents a workable approach where the
cryptosystem involves nonrelated, random-mixed secondary
alphabets among which no symmetry of any sort exists!

SOLUTION BASED ON INDIRECT SYMMETRY OF A "STAGGER'

Given two messages with group counts nearly identical and two
isologous initial fragments which are identical except by one
letter (called a 'stagger') we can solve the isologous
portions of the messages and recover the primary cipher
component by the process of indirect symmetry. Transmission
garble usually creates stagger messages. Machine cipher
systems sometimes produce these when a word separator is
added. Staggers may be progressively larger as further word
separators are omitted or added.

Given:

Message A

* *
ZFWAY ITBVX XWZQV PEBGS GGFIZ TUAMF
RFEQX PEPPO PCNBP QPOTX VNAIH HVRXC
NHVGM FRFSI ESQMV
*
Message B
* *
ZFWAY ITBVX XWZQV PDRKF USVAG XLJKC
NDVPR OWBRH YFJMS HRFVS BAHWG ZFAJO
JMFAV CNDVD ORZPH A
*

We note that both messages have the same 16 letter beginnings

and that message B is 1 letter longer than message A. Note
that the tetragraphs MFRF (29) and (65) are spaced 1 less
letter than CNDV at (30) and (66). The D in position 17 of
message 2 is the extra letter.

Starting from the E in position 17 of message 1, we

superimpose message one over message 2 starting at the R in
position 18. [We use a period of 6 because the tetragraph
delta equals 36 which factors into 3,4,6 and 9; 6 is
confirmed via the message.]

56123456123456123456123456123456123456123456123456123456123
EBGSGGFIZTUAMFRFEQXPEPPOPCNBPQPOTXVNAIHHVRXCNHVGMFRFSIESQMV
RKFUSVAGXLJKCNDVPROWBRHYFJMSHRFVSBAHWGZFAJOJMFAVCNDVDORZPHA

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
-------------------------------------------------------
1-2 B F Z M P D S X
2-3 S V F H R U L B
3-4 P S H D J A
4-5 K V O H Y R J
5-6 W R A C F O
6-1 K J N G V W Z
-------------------------------------------------------

It is fairly easy to align properly the cipher components

after the primary cipher component or its equivalent have
been recovered, thereby expediting the reduction of the
cipher into monoalphabetic terms. Note that B(cipher) of
alphabet 2 is under E(cipher) of alphabet 1; V(cipher) of
alphabet 3 is under F(cipher) alphabet 2;P(cipher) of
alphabet 4 is under E(cipher) of alphabet 1. From this point
on solution follows the normal path of reconstruction,
keyword recovery and combination of alphabets, reduction to
monoalphabetic terms and solution by frequency analysis.

LONG LATENT REPETITIONS

The stagger procedure applies to a periodic cryptogram which

contains a long passage repeated in its plain text, the
second occurrence occurring at a point in the keying cycle
different from the first occurrence. If the passage is long
enough, the equivalencies from the two corresponding
sequences may be chained together to yield an equivalent
primary component. In effect, we by-pass the solution by
frequency analysis or making assumptions in the plain text of
a polygraphic cipher.

FINAL REMARKS REGARDING SOLUTION BY SUPERIMPOSITION

In solving an ordinary repeating-key cipher the first step,

ascertaining the length of the period, is a relatively minor
consideration. It paves the way for the second step, which
consists of allocating the letters of the cryptogram into
individual monoalphabetic distributions. The third step is to
solve these distributions. The text is transcribed into its
periods and written out in successive lines corresponding to
the length of the period. The columns of letters as a series
belong to the same monoalphabet.

We also can see the letters as transcribed into superimposed

periods; in such a case the letters in each column have
undergone the same kind of treatment by the same elements
(plain and cipher components of the cipher alphabet.)

If we have a case of a very long repeating key and a short

message ( few cycles in the text) we have a difficult
problem. But supposing there were several short cryptograms
enciphered by the same key, each message beginning at
identical starting points in the key. We can superimpose
these messages "in flush depth" or "head on" and know that 1)
the letters in the columns belong to the same individual
alphabets, 2) and that if there are enough messages (about
25-30 in English), then the frequency distributions
applicable to the successive columns of text can be solved -
without knowing the length of the key. Any difficulties that
may have arisen because we were not able to factor the
problem correctly are circumvented. The second step of the
normal solution to the problem is by-passed. The assumption
of probable initial words of messages and stereotyped
beginnings is a powerful method of attack in such situations.
Since the superimposed texts in these cases comprise only the
beginnings of messages, assumptions of probable words are
more easily made than when words are sought in the interior
of the messages. Some common introductory words are REQUEST,
REFER, ENEMY, WHAT, WHEN, and SEND. High frequency initial
digraphs will manifest themselves in the first two columns of
the superimposed diagram. The high frequency RE diagram
manifests itself in such words as REQUEST, REQUIRE,
REFERENCE, REFERRING, REQUISITIONS, REPEAT, RECOMMEND,
REPORT, RECONNAISSANCE, REINFORCEMENTS and perhaps REGIMENT.
(I assume the military text here.)

This same superimposition principle applies even if the

messages start at different initial points, providing the
messages can be correctly superimposed, so that the letters
which fall in one column really belong to one cipher
alphabet. The superimposed messages are said to be "in
depth." The chi test may be used to advantage in finding and
combining columns of the superimposed diagram which were
enciphered by identical keys, thus assisting in the analysis
of frequencies of larger samples than were available before
the amalgamation. [FRE7]

CONCLUSION

In summary, we have seen that the chaining process between

cipher texts applies to the latent characteristics of the
cipher components, regardless of the identity of the plain
components and regardless whether direct or indirect symmetry
is involved in the cryptosystems. The principle of super-
imposition ranks as one of the most important principles of
cryptanalysis. A pretty impressive tool.

LECTURE 11 SOLUTIONS

Thanks to BOZOL for the quick response and correct too!

11.1 Vigenere. Key= SLEEP. "Any reputable physician will

agree..

11.2 Beaufort. Key = SILENCE. "Although every one may not

subscribe to ..

11.3 Variant. Key = IMPSHGXW (HINSNOTI). Because of the

many pressures... [the correct key is SOLITUDE]

11.4 GRONSFELD. 6-3-8-4-0. "Too much discussion, especially..

11.5 BEAUFORT. Key = OCCUPATION. "Almost every man has a

job, many find..

BOZOL reports that the tip did not help him and that the
first pass at the key was ORCUPATMON which he mystically
came up with organization.
LECTURE 12 PROBLEMS

12.1 Nihilist Substitution

74 46 66 44 79 47 45 37 58 66 37 60 25 54 33 69 78 35 68 27
47 36 28 88 36 60 33 48 43 29 87 35 49 57 76 37 37 88 36 60
33 77 74 50 86 55 47 27 76 45 40 55 56 58 66 78 57 30 94 58
38 26 55 57 59 88 56 79 46 46 66 60 58 55 48 56. (DGGLWLRQ,
ends WXEOIW)

12.2 Nihilist Substitution

38 76 54 76 64 76 76 54 74 55 35 76 77 76 47 58 76 85 74 44
65 88 63 74 47 36 95 74 63 44 37 58 57 96 65 36 66 85 74 63
55 79 53 67 57 56 58 64 67 67 56 67 57 74 55 55 57 86 03 43
46 67 73 96 67 39. (ETARVQITCO, ends HSMX)

12.3 PORTA

QLAMU CHQGO FTESV XKEWC GMXPH

UCLUS WSGXT EVURH TMTSU TKVSQ GCQCW
LHMDX NUFUE EFXRF XPHUN RGPKC OXULB
BBCUS IBBHW. (HAVE)

12.4 PORTA

XFXYW ZJICZ IBUZN HJXEA ACWBE

JOOCZ UPXFQ BXHFI CGMAZ KVQEG BBCAF
KLLXF BVOUN TSAYZ KKXLR CWAJC LVVVI
XNBFQ JVWBW BSWEY VUNGX ODFRZ PTEWO
PJQNH WZPNA YRCLV YYWCQ ULOJB VK. (GSRWXERX)

12.5 PORTAX
 UXCUD ZMVBA FWWPV DIKDO JISMA
WRBBA YLOYX AKUXR JGDCJ MYAPV RJWJA
DMUKL KLUAM KAOEN YBFCC IQGFK QZAA. (PQXKEG)

12.6 PORTAX

WWQPE JBDTM TMNWH CTJSW WKIAC

BJKWL YHBYN OAKRZ PDYZM DIVGB QKNJP
RNSRU FXWMU TKMJS KDNLW WFHKR JSCVF
HTJIS JD. (UHDOLCH)

12.7 GROMARK

HPMZU IBQHI SDHHH JKUNC OYJSC

24106
RBLOF REXTG EXAZA ILAXX XHFNH CDUYQ

YUOMQ NVOIN XYMBR WAHNT FGPFB DOOMA

CWHDH JXTTX CJIUR PVMZR EILDZ QJJTT

ILNNP TREVL BQLL. ( tip: UCAUKYKUJK; ends tivpw.)

REFERENCES / RESOURCES [updated 30 May 1996]

[ACA] ACA and You, "Handbook For Members of the American

Cryptogram Association," ACA publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure

Communications", American Cryptogram Association,
1994.

[ACM] Association For Computing Machinery, "Codes, Keys and

Conflicts: Issues in U.S. Crypto Policy," Report of a
Special Panel of ACM U. S. Public Policy Committee
(USACM), June 1994.

[ADFG] ASTROLABE, "ADFGVX Cipher - The German Field Cipher of

1918," AS53, The Cryptogram, American Cryptogram
Association, 1953.

[AFM] - 100-80, Traffic Analysis, Department of the Air

Force, 1946.

[ALAN] Turing, Alan, "The Enigma", by A. Hodges. Simon and

Schuster, 1983.

[ALBA] Alberti, "Treatise De Cifris," Meister Papstlichen,

Princeton University Press, Princeton, N.J., 1963.

[ALEX] Alexander, D. A., "Secret codes and Decoding," Padell

Book Co., New York, 1945.

[ALGE] MINIMAX, "Introduction To Algebraic Cryptography,"

FM51, The Cryptogram, American Cryptogram Association,
1951.

[ALKA] al-Kadi, Ibrahim A., Origins of Cryptology: The Arab

Contributions, Cryptologia, Vol XVI, No. 2, April
 1992, pp. 97-127.

[ALP1] PICCOLA, "Lining Up the Alphabets," AM37, The

Cryptogram, American Cryptogram Association, 1937.

[ALP2] PICCOLA, "Recovering a Primary Number Alphabet," JJ37,

The Cryptogram, American Cryptogram Association, 1937.

[ALP3] CLEAR SKIES, "Method For Recovering Alphabets," AM46,

The Cryptogram, American Cryptogram Association, 1946.

[ALP4] PICCOLA, "Lining Up the Alphabets," AM37, The

Cryptogram, American Cryptogram Association, 1937.

[ALP5] MACHIAVELLI,"Recovery of Incomplete Cipher Alphabets,"

SO78, The Cryptogram, American Cryptogram Association,
1978.

[ALP6] BOZO,"Recovery of Primary Alphabets I," JJ35, The

Cryptogram, American Cryptogram Association, 1935.

[ALP7] BOZO,"Recovery of Primary Alphabets II," AS35, The

Cryptogram, American Cryptogram Association, 1935.

[ALP8] ZYZZ,"Sinkov - Frequency-Matching," JA93, The

Cryptogram, American Cryptogram Association, 1993.

[AMS1] RED E RASER,"AMSCO," ON51, The Cryptogram, American

Cryptogram Association, 1951.

[AMS2] PHOENIX,"Computer Column: Amsco Encipherment," SO84,

The Cryptogram, American Cryptogram Association, 1984.

[AMS3] PHOENIX,"Computer Column: Amsco Decipherment," MA85,

The Cryptogram, American Cryptogram Association, 1985.

[AMS4] PHOENIX,"Computer Column: Amsco Decipherment," MJ85,

The Cryptogram, American Cryptogram Association, 1985.

[AMS5] PHOENIX,"Computer Column: Amsco Decipherment," JA85,

The Cryptogram, American Cryptogram Association, 1985.

[AND1] Andree, Josephine, "Chips from the Math Log," Mu Alpha

Theta, 1966.

[AND2] Andree, Josephine, "More Chips from the Math Log," Mu

Alpha Theta, 1970.

[AND3] Andree, Josephine, "Lines from the O.U. Mathematics

Letter," Vols. I,II,III, Mu Alpha Theta, 1971, 1971,
1971.

[AND4] Andree, Josephine and Richard V., "RAJA Books: a

Puzzle Potpourri," RAJA, 1976.

[AND5] Andree, Josephine and Richard V., "Preliminary

Instructors Manual for Solving Ciphers," Project
CRYPTO, Univ of Oklahoma, Norman, OK, 1977.
[AND6] Andree, Josephine and Richard V., "Teachers Handbook
For Problem Solving and Logical Thinking," Project
CRYPTO, Univ of Oklahoma, Norman, OK, 1979.

[AND7] Andree, Josephine and Richard V., "Preliminary

Instructors Manual for Cryptarithms," Project CRYPTO,
Univ of Oklahoma, Norman, OK, 1976.

[AND8] Andree, Josephine and Richard V., "Sophisticated

Ciphers: Problem Solving and Logical Thinking,"
Project CRYPTO, Univ of Oklahoma, Norman, OK, 1978.

[AND9] Andree, Josephine and Richard V., "Logic Unlocs

Puzzles," Project CRYPTO, Univ of Oklahoma, Norman,
OK, 1979.
[ANDR] Andrew, Christopher, 'Secret Service', Heinemann,
London 1985.

[ANK1] Andreassen, Karl, "Cryptology and the Personal

Computer, with Programming in Basic," Aegean Park
Press, 1986.

[ANK2] Andreassen, Karl, "Computer Cryptology, Beyond Decoder

Rings," Prentice-Hall 1988.

[ANNA] Anonymous., "The History of the International Code.",

Proceedings of the United States Naval Institute,
1934.

[ANN1] Anonymous., " Speech and Facsimile Scrambling and

Decoding," Aegean Park Press, Laguna Hills, CA, 1981.

[ARI1] OZ,"The Construction of Medium - Difficulty

Aristocrats," MA92, The Cryptogram, American
Cryptogram Association, 1992.

[ARI2] HELCRYPT,"Use of Consonant Sequences for Aristocrats,"

ON51, The Cryptogram, American Cryptogram Association,
1951.

[ARI3] HELCRYPT,"Use of Tri-Vowel Sequences for Aristocrats,"

JJ52, The Cryptogram, American Cryptogram Association,
1952.

[ARI4] AB STRUSE, "Equifrequency Crypts," JF74, The

Cryptogram, American Cryptogram Association, 1974.

[ARI5] HOMO SAPIENS,"End-letter Count for Aristocrats," FM45,

The Cryptogram, American Cryptogram Association, 1945.

[ARI6] S-Tuck, "Aristocrat Affixes," ON45, The Cryptogram,

American Cryptogram Association, 1945.

[ASA ] "The Origin and Development of the Army Security

Agency 1917 -1947," Aegean Park Press, 1978.

[ASHT] Ashton, Christina, "Codes and Ciphers: Hundreds of

Unusual and Secret Ways to Send Messages," Betterway
 Books, 1988.

[ASIR] Anonymous, Enigma and Other Machines, Air Scientific

Institute Report, 1976.

[AUG1] D. A. August, "Cryptography and Exploitation of

Chinese Manual Cryptosystems - Part I:The Encoding
Problem", Cryptologia, Vol XIII, No. 4, October 1989.

[AUG2] D. A. August, "Cryptography and Exploitation of

Chinese Manual Cryptosystems - Part II:The Encrypting
Problem", Cryptologia, Vol XIV, No. 1, August 1990.

[AUT1] PICCOLA,"Autokey Encipherment,"DJ36, The Cryptogram,

American Cryptogram Association, 1936.

[AUT2] PICCOLA,"More about Autokeys,"FM37, The Cryptogram,

American Cryptogram Association, 1937.

[AUT3] ISKANDER,"Converting an Autokey to a Periodic," "JJ50,

The Cryptogram, American Cryptogram Association, 1950.

[BAC1] SHMOO,"Quicker Baconian Solutions," ND80, The

Cryptogram, American Cryptogram Association, 1980.

[BAC2] XERXES,"Sir Francis Bacon Cipher," AS36, The

Cryptogram, American Cryptogram Association, 1936.

[BAC3] AB STRUSE,"Solving a Baconian," JJ48, The Cryptogram,

American Cryptogram Association, 1948.

[BAC4] B.NATURAL,"Tri-Bac Cipher," JA69, The Cryptogram,

American Cryptogram Association, 1969.

[BAC5] annonomous,"Numerical Baconian," JF62, The Cryptogram,

American Cryptogram Association, 1962.

[BAC6] FIDDLE,"Extended Baconian," SO69, The Cryptogram,

American Cryptogram Association, 1969.

[BADE] Badeau, J. S. et. al., The Genius of Arab

Civilization: Source of Renaissance. Second Edition.
Cambridge: MIT Press. 1983.

[BAMF] Bamford, James, "The Puzzle Palace: A Report on

America's Most Secret Agency," Boston, Houghton
Mifflin, 1982.

[BARB] Barber, F. J. W., "Archaeological Decipherment: A

Handbook," Princeton University Press, 1974.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and Essays,

London, 1928.

[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The

 Simple Substitution Cipher with Word Divisions,"
Aegean Park Press, Laguna Hills, CA. 1975.

[BAR2] Barker, W., ed., History of Codes and Ciphers in the

U.S. During the Period between World Wars, Part II,
1930 - 1939., Aegean Park Press, 1990.

[BAR3] Barker, Wayne G., "Cryptanalysis of the Hagelin

Cryptograph, Aegean Park Press, 1977.

[BAR4] Barker, Wayne G., "Cryptanalysis of the Enciphered

Code Problem - Where Additive Method of Encipherment
Has Been Used," Aegean Park Press, 1979.

[BAR5] Barker, W., ed., History of Codes and Ciphers in the

U.S. Prior To World War I," Aegean Park Press, 1978.

[BAR6] Barker, W., " Cryptanalysis of Shift-Register

Generated Stream Cipher Systems," Aegean Park Press,
1984.

[BAR7] Barker, W., ed., History of Codes and Ciphers in the

U.S. During the Period between World Wars, Part I,
1919-1929, Aegean Park Press, 1979.

[BAR8] Barker, W., ed., History of Codes and Ciphers in the

U.S. During World War I, Aegean Park Press, 1979.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.

[BARR] Barron, John, '"KGB: The Secret Work Of Soviet

Agents," Bantom Books, New York, 1981.

[BAUD] Baudouin, Captain Roger, "Elements de Cryptographie,"

Paris, 1939.

[BAZE] Bazeries, M. le Capitaine, " Cryptograph a 20

rondelles-alphabets," Compte rendu de la 20e session
de l' Association Francaise pour l'Advancement des
Scienses, Paris: Au secretariat de l' Association,
1892.

[BEA1] S-TUCK, "Beaufort Auto-key," JJ46, The Cryptogram,

American Cryptogram Association, 1946.

[BEA2] PICCOLA, "Beaufort Ciphers," JJ36, The Cryptogram,

American Cryptogram Association, 1936.

[BEA3] LEDGE, "Beaufort Fundamentals (Novice Notes)," ND71,

The Cryptogram, American Cryptogram Association, 1971.

[BEA4] SI SI, "Comparative Analysis of the Vigenere, Beaufort

and Variant Ciphers," JA80, The Cryptogram, American
Cryptogram Association, 1980.

[BEA5] O'PSHAW, "Porta, A special Case of Beaufort," MA91,

The Cryptogram, American Cryptogram Association, 1991.
[BECK] Becket, Henry, S. A., "The Dictionary of Espionage:
Spookspeak into English," Stein and Day, 1986.

[BEES] Beesley, P., "Very Special Intelligence", Doubleday,

New York, 1977.

[BENN] Bennett, William, R. Jr., "Introduction to Computer

Applications for Non-Science Students," Prentice-Hall,
1976. (Interesting section on monkeys and historical
cryptography)

[BIGR] PICCOLA, "Use of Bigram Tests" AS38, The Cryptogram,

American Cryptogram Association, 1938.

[BLK] Blackstock, Paul W. and Frank L Schaf, Jr.,

"Intelligence, Espionage, Counterespionage and Covert
Operations," Gale Research Co., Detroit, MI., 1978.

[BLOC] Bloch, Gilbert and Ralph Erskine, "Exploit the Double

Encipherment Flaw in Enigma", Cryptologia, vol 10, #3,
July 1986, p134 ff. (29)

[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th ed.,

Annapolis: U.S. Naval Institute, 1978.

[BODY] Brown, Anthony - Cave, "Bodyguard of Lies", Harper and

Row, New York, 1975.

[BOLI] Bolinger, D. and Sears, D., "Aspects of Language,"

3rd ed., Harcourt Brace Jovanovich,Inc., New York,
1981.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An

Introduction to Information Security," Hayden Books,
Rochelle Park, NJ, 1990.

[BOWE] Bowers, William Maxwell, "The Bifid Cipher, Practical

Cryptanalysis, II, ACA, 1960.

[BOW1] Bowers, William Maxwell, "The Trifid Cipher,"

Practical Cryptanalysis, III, ACA, 1961.

[BOW2] Bowers, William Maxwell, "The Digraphic Substitution,"

Practical Cryptanalysis, I, ACA, 1960.

[BOW3] Bowers, William Maxwell, "Cryptographic ABC'S:

Substitution and Transposition Ciphers," Practical
Cryptanalysis, IV, ACA, 1967.

[BOWN] Bowen, Russell J., "Scholar's Guide to Intelligence

Literature: Bibliography of the Russell J. Bowen
Collection," National Intelligence Study Center,
Frederick, MD, 1983.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.
[BRAS] Brasspounder, "Language Data - German," MA89, The
Cryptogram, American Cryptogram Association, 1989.

[BREN] Brennecke, J., "Die Wennde im U-Boote-Krieg:Ursachen

und Folgren 1939 - 1943," Herford, Koehler, 1984.

[BROO] Brook, Maxey, "150 Puzzles in Cryptarithmetic,"

Dover, 1963.

[BROW] Brownell, George, A. "The Origin and Development of

the National Security Agency, Aegean Park Press, 1981.

[BRIG] Brigman,Clarence S., "Edgar Allan Poe's Contribution

to Alexander's Weekly Messenger," Davis Press, 1943.

[BRIT] Anonymous, "British Army Manual of Cryptography",

HMF, 1914.

[BROG] Broglie, Duc de, Le Secret du roi: Correspondance

secrete de Louis XV avec ses agents diplomatiques
1752-1774, 3rd ed. Paris, Calmann Levy, 1879.

[BRYA] Bryan, William G., "Practical Cryptanalysis - Periodic

Ciphers -Miscellaneous", Vol 5, American Cryptogram
Association, 1967.

[BUGS] Anonymous, "Bugs and Electronic Surveillance," Desert

Publications, 1976.

[BUON] Buonafalce, Augusto, "Giovan Battista Bellaso E Le Sue

Cifre Polialfabetiche," Milano, 1990

[BURL] Burling, R., "Man's Many Voices: Language in Its

Cultural Context," Holt, Rinehart & Winston, New York,
1970.

[BWO] "Manual of Cryptography," British War Office, Aegean

Park Press, Laguna Hills, Ca. 1989. reproduction 1914.

[CAND] Candela, Rosario, "Isomorphism and its Application in

Cryptanalytics, Cardanus Press, NYC 1946.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight

Letters in Length, Aegean Park Press, Laguna Hills, CA
92654, 1986.

[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in

Length, Aegean Park Press, Laguna Hills, CA 92654,
1986.

[CASE] Casey, William, 'The Secret War Against Hitler',

Simon & Schuster, London 1989.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NJ, 1990.

[CHEC] CHECHEM,"On the Need for a Frequency Counter," AM48,

The Cryptogram, American Cryptogram Association, 1948.
[CHOI] Interview with Grand Master Sin Il Choi.,9th DAN, June
25, 1995.

[CHOM] Chomsky, Norm, "Syntactic Structures," The Hague:

Mouton, 1957.

[CHUN] Chungkuo Ti-erh Lishih Tangankuan, ed "K'ang-Jih

chengmien chanch'ang," Chiangsu Kuchi Ch'upansheh,
1987., pp. 993-1026.

[CI] FM 34-60, Counterintelligence, Department of the Army,

February 1990.

[CONS] S-TUCK and BAROKO, "Consonant-Line and Vowel-Line

Methods," MA92, The Cryptogram, American Cryptogram
Association, 1992.

[CONT] F.R.CARTER,"Chart Showing Normal Contact Percentages,"

AM53, The Cryptogram, American Cryptogram Association,
1953.

[CON1] S-TUCK."Table of Initial and Second-Letter Contacts,"

DJ43, The Cryptogram, American Cryptogram Association,
1943.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis Of The

Columnar Double Transposition Cipher, by Courville
Associates., South Gate, CA, 1986.

[CLAR] Clark, Ronald W., 'The Man who broke Purple',

Weidenfeld and Nicolson, London 1977.

[COLF] Collins Gem Dictionary, "French," Collins Clear Type

Press, 1979.

[COLG] Collins Gem Dictionary, "German," Collins Clear Type

Press, 1984.

[COLI] Collins Gem Dictionary, "Italian," Collins Clear Type

Press, 1954.

[COLL] Collins Gem Dictionary, "Latin," Collins Clear Type

Press, 1980.

[COLP] Collins Gem Dictionary, "Portuguese," Collins Clear

Type Press, 1981.

[COLR] Collins Gem Dictionary, "Russian," Collins Clear Type

Press, 1958.

[COLS] Collins Gem Dictionary, "Spanish," Collins Clear Type

Press, 1980.

[COPP] Coppersmith, Don.,"IBM Journal of Research and

Development 38, 1994.

[COVT] Anonymous, "Covert Intelligence Techniques Of the

Soviet Union, Aegean Park Press, Laguna Hills, Ca.
 1980.

[CREM] Cremer, Peter E.," U-Boat Commander: A Periscope View

of The Battle of The Atlantic," New York, Berkley,
1986.

[CRYP] "Selected Cryptograms From PennyPress," Penny Press,

Inc., Norwalk, CO., 1985.

[CRY1] NYPHO'S ROBOT, "Cryptometry Simplified," DJ40, FM41,

AM41, The Cryptogram, published by the American
Cryptogram Association, 1940, 1941, 1941.

[CRY2] AB STRUSE, "Non-Ideomorphic Solutions," AM51, The

Cryptogram, published by the American Cryptogram
Association, 1951.

[CRY3] MINIMAX, "Problems in Cryptanalysis - A Transposition

that cannot be Anagrammed," MA60, The Cryptogram,
published by the American Cryptogram Association,
1960.

[CRY4] FAUSTUS, "Science of Cryptanalysis," AS32, The

Cryptogram, published by the American Cryptogram
Association, 1932.

[CRY5] FAUSTUS, "Science of Cryptanalysis,The " JA91, The

Cryptogram, published by the American Cryptogram
Association, 1991.

[CRY6] BEAU NED, "Semi-Systems in Crypt-Cracking," FM36, The

Cryptogram, published by the American Cryptogram
Association, 1936.

[CRY7] Y.NOTT, "Systems Of Systems," ON35, The Cryptogram,

published by the American Cryptogram Association,
1935.

[CULL] Cullen, Charles G., "Matrices and Linear

Transformations," 2nd Ed., Dover Advanced Mathematics
Books, NY, 1972.

[CUNE] CHECHACO, "The Decipherment of Cuneiform," JJ33, The

Cryptogram, published by the American Cryptogram
Association, 1933.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford

University Press, London, 1974.

[DALT] Dalton, Leroy, "Topics for Math Clubs," National

Council of Teachers and Mu Alpha Theta, 1973.

[DAN] Daniel, Robert E., "Elementary Cryptanalysis:

Cryptography For Fun," Cryptiquotes, Seattle, WA.,
1979.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The

 Cryptogram, September-October, Vol XLII, No 5. 1976.

[DEAC] Deacon, R., "The Chinese Secret Service," Taplinger,

New York, 1974.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum," tr. by

Gilbert Watts, (1640) or tr. by Ellis, Spedding, and
Heath (1857,1870).

[DELA] Delastelle, F., Cryptographie nouvelle, Maire of

Saint-Malo, P. Dubreuil, Paris, 1893.

[DENN] Denning, Dorothy E. R.," Cryptography and Data

Security," Reading: Addison Wesley, 1983.

[DEVO] Deavours, Cipher A. and Louis Kruh, Machine

Cryptography and Modern Cryptanalysis, Artech, New
York, 1985.

[DEV1] Deavours, C. A., "Breakthrough '32: The Polish

Solution of the ENIGMA," Aegean Park Press, Laguna
Hills, CA, 1988.

[DEV2] Deavours, C. A. and Reeds, J.,"The ENIGMA,"

CRYPTOLOGIA, Vol I No 4, Oct. 1977.

[DEV3] Deavours, C. A.,"Analysis of the Herbern Cryptograph

using Isomorphs," CRYPTOLOGIA, Vol I No 2, April,
1977.

[DEV4] Deavours, C. A., "Cryptographic Programs for the IBM

PC," Aegean Park Press, Laguna Hills, CA, 1989.

[DIFF] Diffie, Whitfield," The First Ten Years of Public Key

Cryptography," Proceedings of the IEEE 76 (1988): 560-
76.

[DIFE] Diffie, Whitfield and M.E. Hellman,"New Directions in

Cryptography, IEEE Transactions on Information Theory
IT-22, 1976.

[DONI] Donitz, Karl, Memoirs: Ten Years and Twenty Days,

London: Weidenfeld and Nicolson, 1959.

[DOUB] TIBEX, " A Short Study in doubles ( Word beginning or

ending in double letters)," FM43, The Cryptogram,
published by the American Cryptogram Association,
1943.

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[EIIC] Ei'ichi Hirose, ",Finland ni okeru tsushin joho," in

Showa gunji hiwa: Dodai kurabu koenshu, Vol 1, Dodai
kurabu koenshu henshu iinkai, ed., (Toyko: Dodai
 keizai konwakai, 1987), pp 59-60.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956. [ A text that every serious player should have!]

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,

"ENIGMA95 - A Simulation of Enhanced Enigma Cipher
Machine on A Standard Personal Computer," for
publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
Ciphers," Ambassador Books, Toronto, Canada, 1956.

[ERSK] Erskine, Ralph, "Naval Enigma: The Breaking of

Heimisch and Triton," Intelligence and National
Security 3, Jan. 1988.

[EVES] , Howard, "An Introduction to the History of

Mathematics, " New York, Holt Rinehart winston, 1964.

[EYRA] Eyraud, Charles, "Precis de Cryptographie Moderne'"

Paris, 1953.

[FIBO] LOGONE BASETEN, "Use of Fibonacci Numbers in

Cryptography," JF69, The Cryptogram, published by the
American Cryptogram Association, 1969.

[FING] HELCRYPT, "Cryptography in Fingerprinting," FM51, The

Cryptogram, published by the American Cryptogram
Association, 1951.

[FL] Anonymous, The Friedman Legacy: A Tribute to William

and Elizabeth Friedman, National Security Agency,
Central Security Service, Center for Cryptological
History,1995.

[FLI1] Flicke, W. F., "War Secrets in the Ether - Volume I,"

Aegean Park Press, Laguna Hills, CA, 1977.

[FLIC] Flicke, W. F., "War Secrets in the Ether - Volume II,"

Aegean Park Press, Laguna Hills, CA, 1977.

[FLIC] Flicke, W. F., "War Secrets in the Ether," Aegean Park

Press, Laguna Hills, CA, 1994.

[FORE] DELAC, "Solving a Foreign Periodic by Lining Up the

Alphabets," JJ46, The Cryptogram, published by the
American Cryptogram Association, 1946.

[FOWL] Fowler, Mark and Radhi Parekh, " Codes and Ciphers,
- Advanced Level," EDC Publishing, Tulsa OK, 1994.
(clever and work)

[FRAA] Friedman, William F. , "American Army Field Codes in

The American Expeditionary Forces During the First
World War, USA 1939.
[FRAB] Friedman, W. F., Field Codes used by the German Army
During World War. 1919.

[FRAN] Franks, Peter, "Calculator Ciphers," Information

Associates, Champaign, Il. 1980.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FREA] Friedman, William F. , "Advanced Military

Cryptography," Aegean Park Press, Laguna Hills, CA,
1976.

[FREB] Friedman, William F. , "Elementary Military

Cryptography," Aegean Park Press, Laguna Hills, CA,
1976.

[FREC] Friedman, William F., "Cryptology," The Encyclopedia

Britannica, all editions since 1929. A classic
article by the greatest cryptanalyst.

[FRSG] Friedman, William F., "Solving German Codes in World

War I, " Aegean Park Press, Laguna Hills, CA, 1977.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR4] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part IV, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR5] Friedman, William F. Military Cryptanalysis - Part I,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR6] Friedman, William F. Military Cryptanalysis - Part II,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR7] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part II - Volume 1, Aegean
Park Press, Laguna Hills, CA, 1985.

[FR8] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part II - Volume 2, Aegean
Park Press, Laguna Hills, CA, 1985.

[FR22] Friedman, William F., The Index of Coincidence and Its

Applications In Cryptography, Publication 22, The
Riverbank Publications, Aegean Park Press, Laguna
 Hills, CA, 1979.

[FRS6] Friedman, W. F., "Six Lectures On Cryptology,"

National Archives, SRH-004.

[FR8] Friedman, W. F., "Cryptography and Cryptanalysis

Articles," Aegean Park Press, Laguna Hills, CA, 1976.

[FR9] Friedman, W. F., "History of the Use of Codes," Aegean

Park Press, Laguna Hills, CA, 1977.

[FRZM] Friedman, William F.,and Charles J. Mendelsohn, "The

Zimmerman Telegram of January 16, 1917 and its
Cryptographic Background," Aegean Park Press, Laguna
Hills, CA, 1976.

[FROM] Fromkin, V and Rodman, R., "Introduction to Language,"

4th ed.,Holt Reinhart & Winston, New York, 1988.

[FRS] Friedman, William F. and Elizabeth S., "The

Shakespearean Ciphers Examined," Cambridge University
Press, London, 1957.

[FUMI] Fumio Nakamura, Rikugun ni okeru COMINT no hoga to

hatten," The Journal of National Defense, 16-1 (June
1988) pp85 - 87.

[GAJ] Gaj, Krzysztof, "Szyfr Enigmy: Metody zlamania,"

Warsaw Wydawnictwa Komunikacji i Lacznosci, 1989.

[GAR1] Gardner, Martin, "536 Puzzles and Curious Problems,"

Scribners, 1967.

[GAR2] Gardner, Martin, "Mathematics, Magic, and Mystery ,"

Dover, 1956.

[GAR3] Gardner, Martin, "New Mathematical Diversions from

Scientific American," Simon and Schuster, 1966.

[GAR4] Gardner, Martin, "Sixth Book of Mathematical Games

from Scientific American," Simon and Schuster, 1971.

[GARL] Garlinski, Jozef, 'The Swiss Corridor', Dent, London

1981.

[GAR1] Garlinski, Jozef, 'Hitler's Last Weapons', Methuen,

London 1978.

[GAR2] Garlinski, Jozef, 'The Enigma War', New York,

Scribner, 1979.

[GE] "Security," General Electric, Reference manual Rev.

B., 3503.01, Mark III Service, 1977.

[GERH] Gerhard, William D., "Attack on the U.S., Liberty,"

SRH-256, Aegean Park Press, 1981.

[GERM] "German Dictionary," Hippocrene Books, Inc., New York,

1983.
[GILE] Giles, Herbert A., "Chinese Self-Taught," Padell Book
Co., New York, 1936?

[GIVI] Givierge, General Marcel, " Course In Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1978. Also, M.
Givierge, "Cours de Cryptographie," Berger-Levrault,
Paris, 1925.

[GLEN] Gleason, Norma, "Fun With Codes and Ciphers Workbook,"

Dover, New York, 1988.

[GLE1] Gleason, Norma, "Cryptograms and Spygrams," Dover, New

York, 1981.

[GLEA] Gleason, A. M., "Elementary Course in Probability for

the Cryptanalyst," Aegean Park Press, Laguna Hills,
CA, 1985.

[GLOV] Glover, D. Beaird, "Secret Ciphers of the 1876

Presidential Election," Aegean Park Press, Laguna
Hills, CA, 1991.

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976

[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing

Discovery and Decipherment," Basic Books, New York,
1982.

[GRA1] Grandpre: "Grandpre, A. de--Cryptologist. Part 1

'Cryptographie Pratique - The Origin of the Grandpre',
ISHCABIBEL, The Cryptogram, SO60, American Cryptogram
Association, 1960.

[GRA2] Grandpre: "Grandpre Ciphers", ROGUE, The Cryptogram,

SO63, American Cryptogram Association, 1963.

[GRA3] Grandpre: "Grandpre", Novice Notes, LEDGE, The

Cryptogram, MJ75, American Cryptogram Association,1975

[GRAH] Graham, L. A., "Ingenious Mathematical Problems and

Methods," Dover, 1959.

[GRAN] Grant, E. A., "Kids Book of Secret Codes, Signals and

Ciphers, Running Press, 1989.

[GRAP] DR. CRYPTOGRAM,"The Graphic Position Chart (On

Aristocrats)," JF59, The Cryptogram, American
Cryptogram Association, 1959.

[GREU] Greulich, Helmut, "Spion in der Streichholzschachtel:

Raffinierte Methoden der Abhortechnik, Gutersloh:
Bertelsmann, 1969.

[GRI1] ASAP,"An Aid For Grille Ciphers," SO93, The

Cryptogram, American Cryptogram Association, 1993.
[GRI2] DUN SCOTUS,"Binary Number Grille," JA60, The
Cryptogram, American Cryptogram Association, 1960.

[GRI3] S-TUCK,"Grille Solved By the Tableaux Method," DJ42,

The Cryptogram, American Cryptogram Association, 1942.

[GRI4] The SQUIRE,"More About Grilles," ON40,DJ40, The

Cryptogram, American Cryptogram Association, 1940,
1940.

[GRI5] OMAR,"Rotating Grille Cipher," FM41, The Cryptogram,

American Cryptogram Association, 1941.

[GRI6] S-TUCK,"Solving The Grille. A New Tableaux Method,"

FM44, The Cryptogram, American Cryptogram Association,
1944.

[GRI7] LABRONICUS,"Solving The Turning Grille," JF88, The

Cryptogram, American Cryptogram Association, 1988.

[GRI8] BERYL,"The Turning Grille," ND92, The Cryptogram,

American Cryptogram Association, 1992.

[GRI9] SHERLAC and S-TUCKP,"Triangular Grilles," ON45, The

Cryptogram, American Cryptogram Association, 1945.

[GRIA] SHERLAC,"Turning Grille," ON49, The Cryptogram,

American Cryptogram Association, 1949.

[GRIB] DUN SCOTUS,"Turning (by the numbers)," SO61, The

Cryptogram, American Cryptogram Association, 1961.

[GRIC] LEDGE,"Turning Grille (Novice Notes)," JA77, The

Cryptogram, American Cryptogram Association, 1977.

[GRO1] DENDAI, DICK," Analysis of Gromark Special,"ND74, The

Cryptogram, American Cryptogram Association, 1974.

[GRO2] BERYL," BERYL'S Pearls: Gromark Primers by hand

calculator," ND91, The Cryptogram, American Cryptogram
Association, 1991.

[GRO3] MARSHEN," Checking the Numerical Key,"JF70, The

Cryptogram, American Cryptogram Association, 1970.

[GRO4] PHOENIX," Computer Column: Gronsfeld -> Gromark,"

"MJ90, The Cryptogram, American Cryptogram
Association, 1990.

[GRO5] PHOENIX," Computer Column: Perodic Gromark," MJ90

The Cryptogram, American Cryptogram Association, 1990.

[GRO6] ROGUE," Cycles for Gromark Running Key," JF75, The

Cryptogram, American Cryptogram Association, 1975.

[GRO7] DUMBO," Gromark Cipher," MA69, JA69, The Cryptogram,

American Cryptogram Association, 1969.
[GRO8] DAN SURR," Gromark Club Solution," MA75, The
Cryptogram, American Cryptogram Association, 1975.

[GRO9] B.NATURAL," Keyword Recovery in Periodic Gromark,"

SO73, The Cryptogram, American Cryptogram Association,
1973.

[GROA] D.STRASSE," Method For Determining Term of Key," MA75,

The Cryptogram, American Cryptogram Association, 1975.

[GROB] CRUX," More On Gromark Keys," ND87, The Cryptogram,

American Cryptogram Association, 1987.

[GROC] DUMBO," Periodic Gromark ," MA73, The Cryptogram,

American Cryptogram Association, 1973.

[GROD] ROGUE," Periodic Gromark ," SO73, The Cryptogram,

American Cryptogram Association, 1973.

[GROE] ROGUE," Theoretical Frequencies in the Gromark," MA74,

The Cryptogram, American Cryptogram Association, 1974.

[GRON] R.L.H., "Condensed Analysis of a Gronsfeld," AM38,

ON38,The Cryptogram, American Cryptogram Association,
1938,1938.

[GRN1] CHARMER, "Gronsfeld," AS44, The Cryptogram, American

Cryptogram Association, 1944.

[GRN2] PICCOLA, "Gronsfeld Cipher," ON35, The Cryptogram,

American Cryptogram Association, 1935.

[GRN3] S-TUCK, "Gronsfeld Cipher," AS44, The Cryptogram,

American Cryptogram Association, 1944.

[GROU] Groueff, Stephane, "Manhattan Project: The Untold

Story of the Making of the Atom Bomb," Little, Brown
and Company,1967.

[GUST] Gustave, B., "Enigma:ou, la plus grande 'enigme de la

guerre 1939-1945." Paris:Plon, 1973.

[GYLD] Gylden, Yves, "The Contribution of the Cryptographic

Bureaus in the World War," Aegean Park Press, 1978.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[HAFT] Haftner, Katie and John Markoff, "Cyberpunk,"

Touchstine, 1991.

[HAGA] Hagamen,W. D. et. al., "Encoding Verbal Information as

Unique Numbers," IBM Systems Journal, Vol 11, No. 4,
1972.

[HAWA] Hitchcock, H. R., "Hawaiian," Charles E. Tuttle, Co.,

 Toyko, 1968.

[HAWC] Hawcock, David and MacAllister, Patrick, "Puzzle

Power! Multidimensional Codes, Illusions, Numbers,
and Brainteasers," Little, Brown and Co., New York,
1994.

[HEBR] COMET, "First Hebrew Book (of Cryptology)," JF72, The

Cryptogram, published by the American Cryptogram
Association, 1972.

[HELD] , Gilbert, "Top Secret Data Encryption Techniques,"

Prentice Hall, 1993. (great title..limited use)

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For

Divided and Undivided Cryptograms," unpublished
manuscript, 1984.

[HEPP] Hepp, Leo, "Die Chiffriermaschine 'ENIGMA'", F-Flagge,

1978.

[HIDE] Hideo Kubota, " Zai-shi dai-go kokugun tokushu joho

senshi." unpublished manuscript, NIDS.

[HIER] ISHCABIBEL, "Hieroglyphics: Cryptology Started Here,

MA71, The Cryptogram, American Cryptogram Association,
1971.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic

Alphabet", The American Mathematical Monthly, June-
July 1929.

[HIL1] Hill, L. S. 1929. Cryptography in an Algebraic

Alphabet. American Mathematical Monthly. 36:306-312.

[HIL2] Hill, L. S. 1931. Concerning the Linear

Transformation Apparatus in Cryptography. American
Mathematical Monthly. 38:135-154.

[HINS] Hinsley, F. H., "History of British Intelligence in

the Second World War", Cambridge University Press,
Cambridge, 1979-1988.

[HIN2] Hinsley, F. H. and Alan Strip in "Codebreakers -Story

of Bletchley Park", Oxford University Press, 1994.

[HIN3] Hinsley, F. H., et. al., "British Intelligence in The

Second World War: Its Influence on Strategy and
Operations," London, HMSO vol I, 1979, vol II 1981,
vol III, 1984 and 1988.

[HISA] Hisashi Takahashi, "Military Friction, Diplomatic

Suasion in China, 1937 - 1938," The Journal of
International Studies, Sophia Univ, Vol 19, July,
1987.

[HIS1] Barker, Wayne G., "History of Codes and Ciphers in the

 U.S. Prior to World War I," Aegean Park Press, Laguna
Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of

Military Ciphers," Aegean Park Press, Laguna Hills,
CA, 1976.

[HODG] Hodges, Andrew, "Alan Turing: The Enigma," New York,

Simon and Schuster, 1983.

[HOFF] Hoffman, Lance J., editor, "Building In Big Brother:

The Cryptographic Policy Debate," Springer-Verlag,
N.Y.C., 1995. ( A useful and well balanced book of
cryptographic resource materials. )

[HOF1] Hoffman, Lance. J., et. al.," Cryptography Policy,"

Communications of the ACM 37, 1994, pp. 109-17.

[HOLM Holmes, W. J., "Double-Edged Secrets: U.S. Naval

Intelligence Operations in the Pacific During WWII",
Annapolis, MD: Naval Institute Press, 1979.

[HOM1] Homophonic: A Multiple Substitution Number Cipher", S-

TUCK, The Cryptogram, DJ45, American Cryptogram
Association, 1945.

[HOM2] Homophonic: Bilinear Substitution Cipher, Straddling,"

ISHCABIBEL, The Cryptogram, AS48, American Cryptogram
Association, 1948.

[HOM3] Homophonic: Computer Column:"Homophonic Solving,"

PHOENIX, The Cryptogram, MA84, American Cryptogram
Association, 1984.

[HOM4] Homophonic: Hocheck Cipher,", SI SI, The Cryptogram,

JA90, American Cryptogram Association, 1990.

[HOM5] Homophonic: "Homophonic Checkerboard," GEMINATOR, The

Cryptogram, MA90, American Cryptogram Association,
1990.

[HOM6] Homophonic: "Homophonic Number Cipher," (Novice Notes)

LEDGE, The Cryptogram, SO71, American Cryptogram
Association, 1971.

[HYDE] H. Montgomery Hyde, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,

Yorktown Heights, N.Y., 1971.

[IC1 ] GIZMO, "Bifid Period Determination Using a Digraphic

Index of Coincidence, JF79, The Cryptogram, American
Cryptogram Association, 1979.

[IC2 ] PHOENIX, "Computer Column: Applications of the Index

of Coincidence, JA90, The Cryptogram, American
 Cryptogram Association, 1990.

[IC3 ] PHOENIX, "Computer Column: Digraphic Index of

Coincidence, ND90, The Cryptogram, American Cryptogram
Association, 1990.

[IC4 ] PHOENIX, "Computer Column: Index of Coincidence (IC),

JA82, The Cryptogram, American Cryptogram Association,
1982.

[IC5 ] PHOENIX, "Computer Column: Index of Coincidence,

(correction) MA83, The Cryptogram, American Cryptogram
Association, 1983.

[IMPE] D'Imperio, M. E, " The Voynich Manuscript - An Elegant

Enigma," Aegean Park Press, Laguna Hills, CA, 1976.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA,

1994.

[ITAL] Italian - English Dictionary, compiled by Vittore E.

Bocchetta, Fawcett Premier, New York, 1965.

[JAPA] Martin, S.E., "Basic Japanese Conversation

Dictionary," Charles E. Tuttle Co., Toyko, 1981.

[JAPH] "Operational History of Japanese Naval Communications,

December 1941- August 1945, Monograph by Japanese
General Staff and War Ministry, Aegean Park Press,
1985.

[JOHN] Johnson, Brian, 'The Secret War', Arrow Books,

London 1979.

[KADI] al-Kadi, Ibrahim A., Cryptography and Data Security:

Cryptographic Properties of Arabic, Proceedings of the
Third Saudi Engineering Conference. Riyadh, Saudi
Arabia: Nov 24-27, Vol 2:910-921., 1991.

[KAHN] Kahn, David, "The Codebreakers", Macmillian Publishing

Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New

Cryptology," MacMillan Co., New York, 1983.

[KAH2] Kahn, David, "An Enigma Chronology", Cryptologia Vol

XVII,Number 3, July 1993.

[KAH3] Kahn, David, "Seizing The Enigma: The Race to Break

the German U-Boat Codes 1939-1943 ", Houghton Mifflin,
New York, 1991.

[KARA] Karalekas, Anne, "History of the Central Intelligence

Agency," Aegean Park Press, Laguna Hills, CA, 1977.

[KASI] Kasiski, Major F. W. , "Die Geheimschriften und die

Dechiffrir-kunst," Schriften der Naturforschenden
Gesellschaft in Danzig, 1872.
[KAS1] Bowers, M. W., {ZEMBIE} "Major F. W. Kasiski -
Cryptologist," The Cryptogram, XXXI, JF, 1964.

[KAS2] ----, "Kasiski Method," JF64,MA64, The Cryptogram,

American Cryptogram Association, 1964.

[KAS3] PICCOLA, "Kasiski Method for Periodics," JJ35,AS35,

The Cryptogram, American Cryptogram Association, 1935,
1935.

[KAS4] AB STRUSE, "Who was Kasiski?" SO76, The Cryptogram,

American Cryptogram Association, 1976.

[KATZ] Katzen, Harry, Jr., "Computer Data Security,"Van

Nostrand Reinhold, 1973.

[KERC] Kerckhoffs, "la Cryptographie Militaire, " Journel des

Sciences militaires, 9th series, IX, (January and
February, 1883, Libraire Militaire de L. Baudoin &Co.,
Paris. English trans. by Warren T, McCready of the
University of Toronto, 1964

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KONH] Konheim, Alan G., "Cryptography -A Primer" , John

Wiley, 1981, pp 212 ff.

[KORD] Kordemsky, B., "The Moscow Puzzles," Schribners, 1972.

[KOTT] Kottack, Phillip Conrad, "Anthropology: The

Exploration Of Human Diversity," 6th ed., McGraw-Hill,
Inc., New York, N.Y. 1994.

[KOZA] Kozaczuk, Dr. Wladyslaw, "Enigma: How the German

Machine Cipher was Broken and How it Was Read by the
Allies in WWI", University Pub, 1984.

[KRAI] Kraitchek, "Mathematical Recreations," Norton, 1942,

and Dover, 1963.

[KULL] Kullback, Solomon, Statistical Methods in

Cryptanalysis, Aegean Park Press, Laguna Hills, Ca.
1976.

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing

Through The Ages," Abelard-Schuman, London, 1973.

[LAI] Lai, Xuejia, "On the Design and Security of Block

Ciphers," ETH Series in Information Processing 1,
1992. (Article defines the IDEA Cipher)

[LAIM] Lai, Xuejia, and James L. Massey, "A Proposal for a

New Block Encryption Standard," Advances in Cryptology
 -Eurocrypt 90 Proceedings, 1992, pp. 55-70.

[LAKE] Lakoff, R., "Language and the Women's Place," Harper &
Row, New York, 1975.

[LANG] Langie, Andre, "Cryptography," translated from French

by J.C.H. Macbeth, Constable and Co., London, 1922.

[LAN1] Langie, Andre, "Cryptography - A Study on Secret

Writings", Aegean Park Press, Laguna Hills, CA. 1989.

[LAN2] Langie, Andre, and E. A. Soudart, "Treatise on

Cryptography, " Aegean Park Press, Laguna Hills, CA.
1991.

[LATI] BRASSPOUNDER, "Latin Language Data, "The Cryptogram,"

July-August 1993.

[LAUE] Lauer, Rudolph F., "Computer Simulation of Classical

Substitution Cryptographic Systems" Aegean Park Press,
1981, p72 ff.

[LEAR] Leary, Penn, " The Second Cryptographic Shakespeare,"

Omaha, NE [from author] 1994.

[LEA1] Leary, Penn, " Supplement to The Second Cryptographic

Shakespeare," Omaha, NE [from author] 1994.

[LEAU] Leaute, H., "Sur les Mecanismes Cryptographiques de M.

de Viaris," Le Genie Civil, XIII, Sept 1, 1888.

[LEDG] LEDGE, "NOVICE NOTES," American Cryptogram

Association, 1994. [ One of the best introductory
texts on ciphers written by an expert in the field.
Not only well written, clear to understand but as
authoritative as they come! ]

[LENS] Lenstra, A.K. et. al. "The Number Field Sieve,"

Proceedings of the 22 ACM Symposium on the Theory of
Computing," Baltimore, ACM Press, 1990, pp 564-72.

[LEN1] Lenstra, A.K. et. al. "The Factorization of the Ninth

Fermat Number," Mathematics of Computation 61 1993,
pp. 319-50.

[LEWF] Lewis, Frank, "Problem Solving with Particular

Reference to the Cryptic (or British) Crossword and
other 'American Puzzles', Part One," by Frank Lewis,
Montserrat, January 1989.

[LEW1] Lewis, Frank, "The Nations Best Puzzles, Book Six," by

Frank Lewis, Montserrat, January 1990.

[LEWI] Lewin, Ronald, 'Ultra goes to War', Hutchinson,

London 1978.

[LEW1] Lewin, Ronald, 'The American Magic - Codes, ciphers

and The Defeat of Japan', Farrar Straus Giroux, 1982.
[LEWY] Lewy, Guenter, "America In Vietnam", Oxford University
Press, New York, 1978.

[LEVI] Levine, J., U.S. Cryptographic Patents 1861-1981,

Cryptologia, Terre Haute, In 1983.

[LEV1] Levine, J. 1961. Some Elementary Cryptanalysis

of Algebraic Cryptography. American Mathematical
Monthly. 68:411-418

[LEV2] Levine, J. 1961. Some Applications of High-

Speed Computers to the Case n =2 of Algebraic
Cryptography. Mathematics of Computation. 15:254-260

[LEV3] Levine, J. 1963. Analysis of the Case n =3 in

Algebraic Cryptography With Involuntary Key Matrix
With Known Alphabet. Journal fuer die Reine und
Angewante Mathematik. 213:1-30.

[LISI] Lisicki, Tadeusz, 'Dzialania Enigmy', Orzet Biaty,

London July-August, 1975; 'Enigma i Lacida',
Przeglad lacznosci, London 1974- 4; 'Pogromcy
Enigmy we Francji', Orzet Biaty, London, Sept.
1975.'

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[LYN1] Lynch, Frederick D., "An Approach To Cryptarithms,"

ACA, 1976.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret

Writing," David Kemp Co., NY 1936.

[MACI] Macintyre, D., "The Battle of the Atlantic," New York,

Macmillan, 1961.

[MADA] Madachy, J. S., "Mathematics on Vacation," Scribners,

1972.

[MAGN] Magne, Emile, Le plaisant Abbe de Boisrobert, Paris,

Mecure de France, 1909.

[MANN] Mann, B.,"Cryptography with Matrices," The Pentagon,

Vol 21, Fall 1961.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and

Ciphers", Alexander Maclehose & Co., London, 1936.

[MARO] Marotta, Michael, E. "The Code Book - All About

Unbreakable Codes and How To Use Them," Loompanics
Unlimited, 1979. [This is a terrible book. Badly
written, without proper authority, unprofessional, and
prejudicial to boot. And, it has one of the better
illustrations of the Soviet one-time pad with example,
with three errors in cipher text, that I have
corrected for the author.]
[MARS] Marshall, Alan, "Intelligence and Espionage in the
Reign of Charles II," 1660-1665, Cambridge University,
New York, N.Y., 1994.

[MART] Martin, James, "Security, Accuracy and Privacy in

Computer Systems," Prentice Hall, Englewood Cliffs,
N.J., 1973.

[MAST] Lewis, Frank W., "Solving Cipher Problems -

Cryptanalysis, Probabilities and Diagnostics," Aegean
Park Press, Laguna Hills, CA, 1992.

[MAU] Mau, Ernest E., "Word Puzzles With Your

Microcomputer," Hayden Books, 1990.

[MAVE] Mavenel, Denis L., Lettres, Instructions

Diplomatiques et Papiers d' Etat du Cardinal
Richelieu, Historie Politique, Paris 1853-1877
Collection.

[MAYA] Coe, M. D., "Breaking The Maya Code," Thames and

Hudson, New York, 1992.

[MAZU] Mazur, Barry, "Questions On Decidability and

Undecidability in Number Theory," Journal of Symbolic
Logic, Volume 54, Number 9, June, 1994.

[MELL] Mellen G. 1981. Graphic Solution of a Linear

Transformation Cipher. Cryptologia. 5:1-19.

[MEND] Mendelsohn, Capt. C. J., Studies in German Diplomatic

Codes Employed During World War, GPO, 1937.

[MERK] Merkle, Ralph, "Secrecy, Authentication and Public Key

Systems," Ann Arbor, UMI Research Press, 1982.

[MER1] Merkle, Ralph, "Secure Communications Over Insecure

Channels," Communications of the ACM 21, 1978, pp.
294-99.

[MER2] Merkle, Ralph and Martin E. Hellman, "On the Security

of Multiple Encryption ," Communications of the ACM
24, 1981, pp. 465-67.

[MER3] Merkle, Ralph and Martin E. Hellman, "Hiding

Information and Signatures in Trap Door Knapsacks,"
IEEE Transactions on Information Theory 24, 1978, pp.
525-30.

[MILL] Millikin, Donald, " Elementary Cryptography ", NYU

Bookstore, NY, 1943.

[MM] Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A

New Dimension in Computer Data Security, " Wiley
Interscience, New York, 1982.

[MODE] Modelski, Tadeusz, 'The Polish Contribution to the

Ultimate Allied Victory in the Second World War',
Worthing (Sussex) 1986.
[MRAY] Mrayati, Mohammad, Yahya Meer Alam and Hassan al-
Tayyan., Ilm at-Ta'miyah wa Istikhraj al-Mu,amma Ind
al-Arab. Vol 1. Damascus: The Arab Academy of
Damascus.,
1987.

[MULL] Mulligan, Timothy," The German Navy Examines its

Cryptographic Security, Oct. 1941, Military affairs,
vol 49, no 2, April 1985.

[MYER] Myer, Albert, "Manual of Signals," Washington, D.C.,

USGPO, 1879.

[NBS] National Bureau of Standards, "Data Encryption

Standard," FIPS PUB 46-1, 1987.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog Signals

for the Navy with Brief Description of the Ardois
Hight System," In Proceedings of the United States
Naval Institute, Annapolis: U. S. Naval Institute,
1891.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts 1-3,"

ACA-L, August 24, 1995.

[NIC3] Nichols, Randall K., "German Reduction Ciphers Parts

1-4," ACA-L, September 15, 1995.

[NIC4] Nichols, Randall K., "Russian Cryptography Parts 1-3,"

ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F.

Friedman", NCSA FORUM, August 20, 1995.

[NIC6] Nichols, Randall K., "Wallis and Rossignol," NCSA

FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to

Cryptography,", in The Cryptogram, ND95, ACA, 1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down

Morse Code System," The Cryptogram, SO95, ACA
Publications, 1995.

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM, March

10, 1995.

[NICX] Nichols, R. K., Keynote Speech to A.C.A. Convention,

"Breaking Ciphers in Other Languages.," New Orleans,
La., 1993.

[NICK] Nickels, Hamilton, "Codemaster: Secrets of Making and

Breaking Codes," Paladin Press, Boulder, CO., 1990.
[NIHL] PHOENIX," Computer Column: Nihilist Substitution,"
MA88, The Cryptogram, American Cryptogram
Association, 1988.

[NIH1] PHOENIX," Computer Column: Nihilist Substitution,"

MJ88, The Cryptogram, American Cryptogram
Association, 1988.

[NIH2] PHOENIX," Computer Column: Nihilist Substitution,"

JA88, The Cryptogram, American Cryptogram
Association, 1988.

[NIH3] PHOENIX," Computer Column: Nihilist Substitution,"

JA89, The Cryptogram, American Cryptogram
Association, 1989.

[NIH4] FIDDLE and CLEAR SKYS," FIDDLE'S slide for Nihilist

Number Substitution," ON48, The Cryptogram, American
Cryptogram Association, 1948.

[NIH5] RIG R. MORTIS," Mixed Square Nihilist," JA60, The

Cryptogram, American Cryptogram Association, 1960.

[NIH6] PICCOLA," Nihilist Number Cipher," AS37, The

Cryptogram, American Cryptogram Association, 1937.

[NIH7] PICCOLA," Nihilist Transposition," DJ38, The

Cryptogram, American Cryptogram Association, 1938.

[NORM] Norman, Bruce, 'Secret Warfare', David & Charles,

Newton Abbot (Devon) 1973.

[NORW] Marm, Ingvald and Sommerfelt, Alf, "Norwegian," Teach

Yourself Books, Hodder and Stoughton, London, 1967.

[NSA] NSA's Friedman Legacy - A Tribute to William and

Elizabeth Friedman, NSA Center for Cryptological

[NSA1] NMasked Dispatches: Cryptograms and Cryptology in

American History, 1775 -1900. Series 1, Pre World War
I Volume I, National Security Agency, Central Security
Service, NSA Center for Cryptological History, 1993.

[OHAV] OHAVER, M. E., "Solving Cipher Secrets," Aegean Park

Press, 1989.

[OHA1] OHAVER, M. E., "Cryptogram Solving," Etcetera Press,

1973.

[OKLA] Andre, Josephine and Richard V. Andree,

"Cryptarithms," Unit One, Problem Solving and Logical
Thinking, University of Oklahoma, Norman, Ok. Copy
No: 486, 1976.

[OKLI] Andre, Josephine and Richard V. Andree, " Instructors

Manual For Cryptarithms," Unit One, Problem Solving
and Logical Thinking, University of Oklahoma, Norman,
 Ok. Copy No: 486, 1976.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[OTA] "Defending Secrets, Sharing Data: New Locks and Keys

for Electronic Information," Office of Technology
Assessment, 1988.

[OZK ] OZ,"Variation in Letter Frequency with Cipher Length

or Where Did All Those K's Come From? ," SO59, The
Cryptogram, American Cryptogram Association, 1959.

[PEAR] "Pearl Harbor Revisited," U.S. Navy Communications

Intelligence, 1924-1941, U.S. Cryptological History
Series, Series IV, World War II, Volume 6, NSA CSS ,
CH-E32-94-01, 1994.

[PECK] Peck, Lyman C., "Secret Codes, Remainder Arithmetic,

and Matrices," National Counsil of Teachers of
Mathematics, Washington, D.C. 1971.

[PERR] Perrault, Charles, Tallement des Reaux, Les

Historiettes, Bibliotheque del La Pleiade, Paris 1960,
pp 256-258.

[PGP] Garfinkel, Simson, "PGP: Pretty Good Privacy,"

O'reilly and Associates, Inc. Sebastopol, CA. 1995.

[PHL ] PHIL,"System Identification by General Frequencies,"

AM48, The Cryptogram, American Cryptogram Association,
1948.

[PHIL] Phillips, H., "My Best Puzzles in Logic and

Reasoning," Dover, 1961.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,

Ventura, Ca. 93003, 1994.

[PIE1] Pierce, Clayton C., "Privacy, Cryptography, and Secure

Communication ", 325 Carol Drive, Ventura, Ca. 93003,
1977.

[POLY] Polya, G., "Mathematics and Plausible Reasoning,"

Princeton Press, 1954.

[POL1] Polya, G., "How To Solve It.," Princeton Press, 1948.

[POPE] Pope, Maurice, "The Story of Decipherment: From

Egyptian Hieroglyphic to Linear B., Thames and Hudson
Ltd., 1975.

[PORT] Barker, Wayne G. "Cryptograms in Portuguese," Aegean

Park Press, Laguna Hills, CA., 1986.

[POR1] Aliandro, Hygino, "The Portuguese-English Dictionary,"

Pocket Books, New York, N.Y., 1960.
[POUN] Poundstone, William, "Biggest Secrets," Quill
Publishing, New York, 1993. ( Explodes the Beale
Cipher Hoax.)

[PRIC] Price, A.,"Instruments of Darkness: the History of

Electronic Warfare, London, Macdonalds and Janes,
1977.

[PROT] "Protecting Your Privacy - A Comprehensive Report On

Eavesdropping Techniques and Devices and Their
Corresponding Countermeasures," Telecommunications
Publishing Inc., 1979.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &

C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &

C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G

& C. Merriam Co., Norman, OK. 1981.

[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,

Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.

Merriam Co., Norman, OK. 1982.

[RAND] Randolph, Boris, "Cryptofun," Aegean Park Press, 1981.

[RB1] Friedman, William F., The Riverbank Publications,

Volume 1," Aegean Park Press, 1979.

[RB2] Friedman, William F., The Riverbank Publications,

Volume 2," Aegean Park Press, 1979.

[RB3] Friedman, William F., The Riverbank Publications,

Volume 3," Aegean Park Press, 1979.

[REJE] Rejewski, Marian, "Mathematical Solution of the Enigma

Cipher" published in vol 6, #1, Jan 1982 Cryptologia
pp 1-37.

[RELY] Relyea, Harold C., "Evolution and Organization of

Intelligence Activities in the United States," Aegean
Park Press, 1976.

[RENA] Renauld, P. "La Machine a' chiffrer 'Enigma'",

Bulletin Trimestriel de l'association des Amis de
L'Ecole superieure de guerre no 78, 1978.

[RHEE] Rhee, Man Young, "Cryptography and Secure Commun-

ications," McGraw Hill Co, 1994

[RIVE] Rivest, Ron, "Ciphertext: The RSA Newsletter 1, 1993.

[RIV1] Rivest, Ron, Shamir, A and L. Adleman, "A Method for

Obtaining Digital Signatures and Public Key
 Cryptosystems," Communications of the ACM 21, 1978.

[ROAC] Roach, T., "Hobbyist's Guide To COMINT Collection and

Analysis," 1330 Copper Peak Lane, San Jose, Ca. 95120-
4271, 1994.

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[ROHE] Jurgen Rohwer's Comparative Analysis of Allied and

Axis Radio-Intelligence in the Battle of the Atlantic,
Proceedings of the 13th Military History Symposium,
USAF Academy, 1988, pp 77-109.

[ROHW] Rohwer Jurgen, "Critical Convoy Battles of March

1943," London, Ian Allan, 1977.

[ROH1] Rohwer Jurgen, "Nachwort: Die Schlacht im Atlantik in

der Historischen Forschung, Munchen: Bernard and
Graefe, 1980.

[ROH2] Rohwer Jurgen, et. al. , "Chronology of the War at

Sea, Vol I, 1939-1942, London, Ian Allan, 1972.

[ROH3] Rohwer Jurgen, "U-Boote, Eine Chronik in Bildern,

Oldenburs, Stalling, 1962. Skizzen der 8 Phasen.

[ROOM] Hyde, H. Montgomery, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[ROSE] Budge, E. A. Wallis, "The Rosetta Stone," British

Museum Press, London, 1927.

[RSA] RSA Data Security, Inc., "Mailsafe: Public Key

Encryption Software Users Manual, Version 5.0, Redwood
City, CA, 1994

[RUNY] Runyan, T. J. and Jan M. Copes "To Die Gallently",

Westview Press 1994, p85-86 ff.

[RYP1] A B C, "Adventures in Cryptarithms (digital maze),"

JA63, The Cryptogram, published by the American
Cryptogram Association, 1963.

[RYP2] CROTALUS "Analysis of the Classic Cryptarithm,"MA73,

The Cryptogram, published by the American Cryptogram
Association, 1973.

[RYP3] CLEAR SKIES "Another Way To Solve Cryptarithms,"DJ44,

The Cryptogram, published by the American Cryptogram
Association, 1944.

[RYP4] CROTALUS "Arithemetic in Other Bases (Duodecimal

table),"JF74, The Cryptogram, published by the
American Cryptogram Association, 1974.

[RYP5] LEDGE, "Basic Patterns in Base Eleven and Twelve

Arithmetic,"SO77, ND77, The Cryptogram, published by
 the American Cryptogram Association, 1977,1977.

[RYP6] COMPUTER USER, "Computer Solution of Cryptarithms,"

JF72, The Cryptogram, published by the American
Cryptogram Association, 1972.

[RYP7] PIT, "Cryptarithm Crutch," JA80, The Cryptogram,

published by the American Cryptogram Association,
1980.

[RYP8] DENDAI, DICK, "Cryptarithm Ccub root," ND76, The

Cryptogram, published by the American Cryptogram
Association, 1976.

[RYP9] S-TUCK, "Cryptarithm in Addition," AM44, The

Cryptogram, published by the American Cryptogram
Association, 1944.

[RYPA] APEX DX, "Cryptarithm Line of Attack," ND91, The

Cryptogram, published by the American Cryptogram
Association, 1991.

[RYPB] HUBBUBBER and CROTALUS, "Cryptarithm Observations,"

ND73, The Cryptogram, published by the American
Cryptogram Association, 1973.

[RYPC] CROTALUS, "Cryptarithms and Notation," JF73, The

Cryptogram, published by the American Cryptogram
Association, 1973.

[RYPD] JUNKERL, "Cryptarithms: The digital root method,"

AS43, The Cryptogram, published by the American
Cryptogram Association, 1943.

[RYPE] CROTALUS, "Divisibility by Eleven," ND89, The

Cryptogram, published by the American Cryptogram
Association, 1989.

[RYPF] S-TUCK, "Double Key Division," JJ43, The Cryptogram,

published by the American Cryptogram Association,
1943.

[RYPG] NEOTERIC, "Duo-Decimal Cryptarithms," AM40, The

Cryptogram, published by the American Cryptogram
Association, 1940.

[RYPH] QUINTUPLEX, "Duo-Decimal Cryptarithms," JJ40, The

Cryptogram, published by the American Cryptogram
Association, 1940.

[RYPI] FIDDLE, "Exhausitive for Three," JF59, The Cryptogram,

published by the American Cryptogram Association,
1959.

[RYPJ] ---, "Finding the Zero In Cryptarithms," DJ42, The

Cryptogram, published by the American Cryptogram
Association, 1942.

[RYPK] FILM-D, "Greater than Less than Diagram for

 Cryptarithms," DJ51, The Cryptogram, published by the
American Cryptogram Association, 1951.

[RYPL] MI TI TI, "Introduction To Cryptarithms," SO63, The

Cryptogram, published by the American Cryptogram
Association, 1963.

[RYPM] FORMALHUT, "Leading Digit Analysis in Cryptarithms,"

JA91, The Cryptogram, published by the American
Cryptogram Association, 1991.

[RYPN] CROTALUS, "Make Your Own Arithmetic Tables In Other

Bases," MJ89, The Cryptogram, published by the
American Cryptogram Association, 1989.

[RYPO] BACEDI, "Method for Solving Cryptarithms," JF78, The

Cryptogram, published by the American Cryptogram
Association, 1978.

[RYPP] SHERLAC, "More on Cryptarithms," DJ44, The Cryptogram,

published by the American Cryptogram Association,
1944.

[RYPQ] FIRE-O, "Multiplicative Structures," MJ70, The

Cryptogram, published by the American Cryptogram
Association, 1970.

[RYPR] CROTALUS, "Solving A Division Cryptarithm," JA73, The

Cryptogram, published by the American Cryptogram
Association, 1973.

[RYPS] CROTALUS, "Solving A Multiplication Cryptarithm,"

MJ73, The Cryptogram, published by the American
Cryptogram Association, 1973.

[RYPT] PHOENIX, "Some thoughts on Solving Cryptarithms,"

SO87, The Cryptogram, published by the American
Cryptogram Association, 1987.

[RYPU] CROTALUS, "Square Root Cryptarithms," SO73, The

Cryptogram, published by the American Cryptogram
Association, 1973.

[RYPV] FIDDLE, "Theory of Duplicated Digital Figures,"

JJ53, The Cryptogram, published by the American
Cryptogram Association, 1953.

[RYPW] FIDDLE, "Theory of Three Unlike Digital Figures,"

AS52, The Cryptogram, published by the American
Cryptogram Association, 1952.

[RYPX] CROTALUS, "Unidecimal Tabless," MJ73, The Cryptogram,

published by the American Cryptogram Association,
1973.

[RYSK] Norbert Ryska and Siegfried Herda, "Kryptographische

Verfahren in der Datenverarbeitung," Gesellschaft fur
Informatik, Berlin, Springer-Verlag1980.
[SADL] Sadler, A. L., "The Code of the Samurai," Rutland and
Tokyo: Charles E. Tuttle Co., 1969.

[SACC] Sacco, Generale Luigi, " Manuale di Crittografia",

3rd ed., Rome, 1947.

[SALE] Salewski, Michael, "Die Deutscher Seekriegsleitung,

1938- 1945, Frankfurt/Main: Bernard and Graefe, 1970-
1974. 3 volumes.

[SANB] Sanbohonbu, ed., "Sanbohonbu kotokan shokuinhyo." NIDS

Archives.

[SAPR] Sapir, E., "Conceptual Categories in Primitive

Language," Science: 74: 578-584., 1931.

[SASS] Sassoons, George, "Radio Hackers Code Book",

Duckworth, London, 1986.

[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," John Wiley and Sons,
1994.

[SCH2] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," 2nd ed., John Wiley
and Sons, 1995.

[SCHU] Schuh, fred, "Master Book of Mathematical Recreation,"

Dover, 1968.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San

Francisco, 1994.

[SEBE] Seberry, Jennifer and Joseph Pieprzyk, "Cryptography:

An Introduction to Computer Security," Prentice Hall,
1989. [CAREFUL! Lots of Errors - Basic research
efforts may be flawed - see Appendix A pg 307 for
example.]

[SHAN] Shannon, C. E., "The Communication Theory of Secrecy

Systems," Bell System Technical Journal, Vol 28
(October 1949).

[SHIN] Shinsaku Tamura, "Myohin kosaku," San'ei Shuppansha,

Toyko, 1953.

[SHUL] Shulman, David, "An Annotated Bibliography of

Cryptography," Garland Publishing, New York, 1976.

[SIC1] S.I. Course in Cryptanalysis, Volume I, June 1942,

Aegean Park Press, Laguna Hills , CA. 1989.

[SIC2] S.I. Course in Cryptanalysis, Volume II, June 1942,

Aegean Park Press, Laguna Hills , CA. 1989.

[SIG1] "International Code Of Signals For Visual, Sound, and

Radio Communications," Defense Mapping Agency,
Hydrographic/Topographic Center, United States Ed.
 Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound, and

Radio Communications," U. S. Naval Oceanographic
Office, United States Ed., Pub. 102, 1969.

[SIMM] Simmons, G. J., "How To Insure that Data Acquired to

Verify Treaty Compliance are Trustworthy, " in
"Authentication without secrecy: A secure
communications problem uniquely solvable by asymmetric
encryption techniques.", IEEE EASCON 79, Washington,
1979, pp. 661-62.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.

[SMIH] Smith, David E., "John Wallis as Cryptographer",

Bulletin of American Mathematical Society, XXIV, 1917.

[SMIT] Smith, Laurence D., "Cryptography, the Science of

Secret Writing," Dover, NY, 1943.

[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag Archipelago I-

III, " Harper and Row, New York, N.Y., 1975.

[SPAN] Barker, Wayne G. "Cryptograms in Spanish," Aegean Park

Press, Laguna Hills, CA., 1986.

[STAL] Stallings, William, "Protect Your Privacy: A Guide for

PGP Users," Prentice Hall PTR, 1995.

[STEV] Stevenson, William, 'A Man Called INTREPID',

Macmillan, London 1976.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"

CRC Press, London, 1995.

[STIX] Stix, F., Zur Geschicte und Organisation der Wiener

Geheimen Ziffernkanzlei, Mitteilungen des
Osterreichischen Instituts fir Geschichtsforschung,
LI 1937.
[STUR] Sturtevant, E. H. and Bechtel, G., "A Hittite
Chrestomathy," Linguistic Society of American and
University of Pennsylvania, Philadelphia, 1935.

[SURV] Austin, Richard B.,Chairman, "Standards Relating To

Electronic Surveillance," American Bar Association
Project On Minimum Standards For Criminal Justice,
Tentative Draft, June, 1968.

[SUVO] Suvorov, Viktor "Inside Soviet Military Intelligence,"

Berkley Press, New York, 1985.

[TERR] Terrett, D., "The Signal Corps: The Emergency (to

December 1941); G. R. Thompson, et. al, The Test(
December 1941 - July 1943); D. Harris and G.
Thompson, The Outcome;(Mid 1943 to 1945), Department
of the Army, Office of the Chief of Military History,
USGPO, Washington,1956 -1966.
[THEO] Theodore White and Annalee Jacoby, "Thunder Out Of
China," William Sloane Assoc., New York, 1946.

[THOM] Thompson, Ken, "Reflections on Trusting Trust,"

Communications of the ACM 27, 1984.

[TILD] Glover, D. Beaird, Secret Ciphers of The 1876

Presidential Election, Aegean Park Press, Laguna
Hills, Ca. 1991.

[TM32] TM 32-250, Fundamentals of Traffic Analysis (Radio

Telegraph) Department of the Army, 1948.

[TORR] Torrieri, Don J., "Principles of Military

Communication Systems," Artech, 1981.

[TRAD] U. S. Army Military History Institute, "Traditions of

The Signal Corps., Washington, D.C., USGPO, 1959.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The Cipher
Dispatches, New York, 1879.

[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite de

Jean Tritheme ,Paris: Editions Traditionelles, 1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[TUKK] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[TURN] Turn, Rein, "Advances in Computer Security," Artec

House, New York, 1982. [Original papers on Public Key
Cryptography, RSA, DES]

[UBAL] Ubaldino Mori Ubaldini, "I Sommergibili begli Oceani:

La Marina Italian nella Seconda Guerra Mondiale," vol
XII, Roma, Ufficio Storico della Marina Militare,
1963.

[USAA] U. S. Army, Office of Chief Signal Officer,

"Instructions for Using the Cipher Device Type M-94,
February, 1922," USGPO, Washington, 1922.

[USAH] Gilbert, James L. and John P. Finnegan, Eds. "U. S.

Army Signals Intelligence in World War II: A
Documentary History," Center of Military History,
United States Army, Washington, D.C. 1993

[USSF] "U.S. Special Forces Operational Techniques," FM 31-

20, Headquarters Department Of The Army, December
1965.

[USOT] "U.S. Special Forces Recon Manual," Elite Unit

Tactical Series, Lancer, Militaria, Sims, ARK. 71969,
1982.
[VAIL] Vaille, Euggene, Le Cabinet Noir, Paris Presses
Universitaires de Frances, 1950.

[VALE] Valerio, "De La Cryptographie," Journal des Scienses

militares, 9th series, Dec 1892 - May 1895, Paris.

[VAND] Van de Rhoer, E., "Deadly Magic: A personal Account of

Communications Intilligence in WWII in the Pacific,
New York, Scriber, 1978.

[VERN] Vernam, A. S., "Cipher Printing Telegraph Systems For

Secret Wire and Radio Telegraphic Communications," J.
of the IEEE, Vol 45, 109-115 (1926).

[VIAR] de Viaris in Genie Civil: "Cryptographie",

Publications du Journal Le Genie Civil, 1888.

[VIA1] de Viaris, "L'art de chiffre et dechiffre les depeches

secretes," Gauthier-Villars, Paris, 1893.

[VOGE] Vogel, Donald S., "Inside a KGB Cipher," Cryptologia,

Vol XIV, Number 1, January 1990.

[VN] "Essential Matters - History of the Cryptographic

Branch of the Peoples Army of Viet-Nam, 1945 - 1975,"
U.S. Cryptological History Series, Series V, NSA CSS,
CH-E32-94-02, 1994.

[WALL] Wallis, John, "A Collection of Letters and other

Papers in Cipher" , Oxford University, Bodleian
Library, 1653.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and

Eleven Letters in Length, Aegean Park Press, Laguna
Hills, CA 92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and

Greater in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius," in

Tudor Studies, Longmans and Green, London, 1924.

[WAY] Way, Peter, "Codes and Ciphers," Crecent Books, 1976.

[WEBE] Weber, Ralph Edward, "United States Diplomatic Codes

and Ciphers, 1175-1938, Chicago, Precedent Publishing,
1979.

[WELS] Welsh, Dominic, "Codes and Cryptography," Oxford

Science Publications, New York, 1993.

[WELC] Welchman, Gordon, 'The Hut Six Story', McGraw-Hill,

New York 1982.

[WELS] Welsh, Dominic, "Codes and Cryptography," Oxford

 Science Publications, New York, 1993.

[WHOR] Whorf, B. L., "A Linguistic Consideration of Thinking

In Primitive Communities," In Language, Thought, and
Reality: Selected Writings of Benjamin Lee Whorf, ed.
J. B. Carroll, Cambridge, MA: MIT Press, pp. 65-86.,
1956.

[WILL] Williams, Eugenia, "An Invitation to Cryptograms,"

Simon and Schuster, 1959.

[WILD] Wildman, Ted, "The Expendables," Clearwater Pub., 1983

[WINJ] Winton, J., " Ultra at Sea: How Breaking the Nazi Code
Affected Allied Naval Strategy During WWII," New Uork,
William Morror, 1988.

[WINK] Winkle, Rip Van, "Hungarian: The Cryptogram,", March -

April 1956.

[WINF] Winterbotham, F.W., 'The Ultra Secret', Weidenfeld

and Nicolson, London 1974.

[WINR] Winter, Jack, "Solving Cryptarithms," ACA, 1984.

[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill Books,

NY, 1970.

[WOLF] Wolfe, Jack M., " A First Course in Cryptanalysis,"

Brooklin College Press, NY, 1943.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"

Crown Publishers, New York, 1990.

[XEN1] PHOENIX, "Xenocrypt Handbook," American Cryptogram

Association, 1 Pidgeon Dr., Wilbraham, MA., 01095-
2603, for publication March, 1996.

[YARD] Yardley, Herbert, O., "The American Black Chamber,"

Bobbs-Merrill, NY, 1931.

[YAR1] Yardley, H. O., "The Chinese Black Chamber," Houghton

Mifflin, Boston, 1983.

[YAR2] Yardley, H. O., "Yardleygrams", Bobbs Merrill, 1932.

[YAR3] Yardley, H. O., "The Education of a Poker Player,

Simon and Schuster, 1957.

[YOKO] Yukio Yokoyama, "Tokushu joho kaisoka," unpublished

handwritten manuscript.

[YOUS] Youshkevitch, A. P., Geschichte der Mathematik im

Mittelatter, Liepzig, Germany: Teubner, 1964.

[YUKI] Yukio Nishihara, "Kantogan tai-So Sakusenshi," Vol

17., unpublished manuscript, National Institute for
Defense Studies Military Archives, Tokyo.,(hereafter
 NIDS Archives)

[ZIM] Zim, Herbert S., "Codes and Secret Writing." William

Morrow Co., New York, 1948.

[ZEND] Callimahos, L. D., Traffic Analysis and the Zendian

Problem, Agean Park Press, 1984. (also available
through NSA Center for Cryptologic History)

[ZYZZ] ZYZZ,"Sinkov's Frequency Matching," JA93, The

Cryptogram, American Cryptogram Association, 1993.

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

March 10, 1996

Revision 1

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 9

GERMAN REDUCTION CIPHERS

ENIGMA IN HISTORICAL AND MODERN TIMES

SUMMARY

In Lecture 9, we circumvent the schedule for another real

treat - the ENIGMA cipher machine. Considering the focus of
the 1995 ACA convention, several articles in CRYPTOLOGIA, a
recent book by Robert Harris called " Enigma ", a Randomhouse
challenge cipher contest based on the Enigma (won by several of
the KREWE), many questions from my students, I thought we would
address the subject of ENIGMA.

I have had the pleasure to work with ESSAYONS on a project in

which we looked at the security of the original Enigma D
machine in terms of 1995 technology improvements. ESSAYONS has
brought to light some brilliant insights.

The ENIGMA 95 computer program cited in this lecture is

available at the CDB. Contact NORTH DECODER for access.

Students have asked 1) what is Enigma and 2) where does Enigma

fit into history of radio communications in WWII?
There are three pillars of radio-intelligence: direction
finding, traffic analysis and deciphering. Direction finding
equipment and technology is outside the scope of this course.
Traffic analysis has been discussed in a previous lecture. We
will quickly revisit its value and then follow Professor Jurgen
Rohwer's analysis of the Atlantic Warfare to understand
Enigma's position in cryptographic history. [ROHE]

The Enigma machine is actually a good starting point for

my discussion on polygraphic and polyalphabetic cipher analysis
(originally planned for Lecture 9). We start at the endpoint
of a discussion and return to the beginning to build up the
cryptanalytic tools to understand the cleverness of the ENIGMA.
We will continue with the Friedman and MASTERTON in Lecture 10
and following. [MAST], [FR2], [FR3]

TRAFFIC ANALYSIS REVISITED

Recall that traffic analysis yields information via Crib

messages, Isologs and Chatter. Crib messages assume a partial
knowledge of the underlying plain text through recognition of
the external characteristics. Command reports, up and down
German channels, were especially easy for American crypees. The
origin, serial number range, the cryptonet id, report type, the
file date and time, message length and error messages in the
clear, gave a clear picture of the German command process.
German order of battle, troop dispositions and movements were
deduced by traffic analysis.

An Isolog exists when the underlying plain text is encrypted in

two different systems. They exist because of relay repetition
requirements, book messages to multiple receivers or error by
the code clerk. American crypees were particularly effective in
obtaining intelligence from this method.

Traffic analysis boils down to finding the contact relationships

among units, tracking their movements, building up the cryptonet
authorities, capitalizing on lack of randomness in their
structures, and exploiting book and relay cribs.

ENIGMA

ENIGMA was the generic term for the German machine ciphers. It
was both the name of the first enciphering device and the many
variations used during WWII. ULTRA was the British code-name
for intelligence derived from cracking the Enigma machine
ciphers by an organization of about 10,000 at Bletchley Park
(BP). The extent of the penetration of the German command
structure was so profound and so pervasive that it is clear that
BP's work changed not only the conduct but the outcome of Allied
European Operations in WWII. Most brilliant of ULTRA successes
was against German Afrika Korps whereby the 8th Army HQ read
Enigma telegrams before Rommel himself. [ASIR] [KAH2]

There now exists a fair amount of material on Enigma. The

following annotated outline should give the reader some ideas
how important Enigma was in WWII and sources of information:

ENIGMA CIPHER MACHINE(S)

A: HISTORY

A1: Historical Perspective - Atlantic Theater Warfare in Eight

Phases 1939 - 1945.

Enigma was central to the Battle of the Atlantic in WWII.

Primary sources for the historical perspective come from
Germany, Canada, UK, and USA. Professor Jurgen Rohwer's
Comparative Analysis of Allied and Axis Radio-Intelligence in
the Battle of the Atlantic, [ROHE] presents the ENIGMA history
in 8 phases:

Phase 1 - Single U-Boats vs Independent Ships

9/39-6/40 Failure of BP on Schlussel M (Navy Machine)
Phase 2 - Wolf Pack vs Convoy
7/40-5/41 Success of B-Dienst (German Naval decryption
service)

Phase 3 - Evasive Routing, US Entry

6/41-12/41 U-33 3 rotors recovered, U-110, Munchen
Bombe limited success 336 settings
German 4 rotor improvement

Phase 4 - BP Successes on Enigma D, US losses

1/1-6/42

Phase 5 - Convoy Battles

7/47-12/13 Triton Broken ; Rerouting; Milch runs

Phase 6 - Bay Offensive

6/43-8/43

Phase 7 - Decreased Operations vs Convoys

9/43-5/44 Increased use of Ultra

Phase 8 - Holding Campaign with Schnorkel U-boats

6/44-end New Enigma not released in time for Germany

Professor Rohwer presents 105 primary references. [ROHE]

A2. Discussion:

>From September, 1939 to June 1940, German U-boats cruised west

of the British Isles and Bay of Biscay to intercept Allied
Merchant ships. U-boats found enough targets. Radio signals
were as indispensable to the German Commander in Chief, U-boats
(BdU = Befehlshaber der Unterseeboote - Commander in Chief of
Submarines) for directing his U-boat groups or wolf packs as
they were for Allied commanders directing the convoys of
merchant ships and their escorts. The aim of the Axis powers
was to sever the lines of communication by surface radars,
aircraft and especially U-boats to attack ships in the convoys
and thus sink more vessels and tonnage than the Allied
shipbuilding yards could replace.

In the first two phases of the Battle of the Atlantic, there was
a clear superiority with cryptanalytic success on the German
side. Intelligence was of limited value to actual operations.
The Germans introduced the short signal system, using a codebook
to shorten communications to a few four letter groups which were
superenciphered with daily settings of the Schlussel M [M Key]
in the circuit of Heimische Gewasser (home waters). The Royal
Navy used two crypto-systems - the first was the Naval Cypher
which used 4 figure codebooks and the second was the 5 figure
codebook Naval code. Both used subtractor tables of 5000 groups
changed monthly. B-dienst was reading about 30 -50 % of the
Naval Cypher, used by officers. The Merchant Navy Code was
broken by the B-dienst in March 1940.

In the third phase BP mastered the Schlussel M- 3 and saved

about 400 ships by rerouting convoys. The Schlussel M-3 used
three rotors out a stock of eight rotors. BP had limited no
success against VI-VIII and limited success against rotors I-IV.
The boarding of the Krebs gave the British a box of five rotors.
A key to Enigma is its two inner settings, the Walzenlage, or
rotor order, and the Ringstellung, the setting of the alphabet
rings. In addition to these were the plugboard , the
Steckerverbindungen, of ten pairs of letters and the
Grundstellung, the starting positions of the rotors. The
capture of U-110 gave BP a consistent set of settings and grid
maps to reference. The British STR (Submarine Tracking Room)
became key to rerouting ships valued at 1.5 mm GRT.

Phase 4 clearly went to the Germans because of their score

of ships sunk off the Americas.

In Phase 5, near 1942, the BdU had many interceptions because

the B-dienst decrypted the rerouting signals more effectively.
Triton introduced and stumps BP. In March 1943, BP solves the
Triton and Admiralty changes the operation patterns.

The six and seventh phases German cipher improvements broken by

use of U. S. and British high speed Bombes.

Introduction of Kurier system for high speed transmissions to

new U-boat type XXI was released to late to stop operation
Overlord.

A3: Shipping Losses and Input Tonnage

Allied shipping losses were significant and import tonnage was

reduced because of the U-boat success and communication.
T. J. Runyan and Jan M. Copes "To Die Gallently" [RUNY]
presents details.

A4. Enigma Chronology

David Kahn presents an Enigma chronology in terms of world

events. A clearer picture of the effect of ULTRA can not be
found. Timelines based on his and the honorable F. H. Hinsley
books. [KAH2], [KAH3], [HINS] and [KAH3]
A5: British Perspective

The early history of the Enigma, the Polish attack and the
beginnings of BP covered in [KAH3] ,[WINT] Winterbotham and
Beesley give us special insights into the fray. [BEES] Other
perspectives found in [ANTH] and [HYDE].

A6: Polish Perspective

The story of the Marian Rejewski, Jerzy Rozycki and Henryk

Zygalski pioneering work in the Biuro Szyfrow (Cipher Bureau)
and their escape to France is told in [ASIR].

B: SPECIFICATIONS

B1: Enigma Machine Classes A-E (Deavours)

Enigma was a class of machines. Cipher A. Deavours and Louis

Kruh, in Chapter III of " Machine Cryptography and Modern
Cryptanalysis", give detailed descriptions with pictures, rotor
order, settings, plug-board and their influence on frequency
distribution. [DEVO]

B2: Enigma - 3 rotor (Kahn)

David Kahn in his "Seizing the Enigma" , pp 178 ff gives good

detail. Also "Codebreakers" p422. , also various articles by
Kahn in Cryptologia give pictorials. [KAH3] [KAHN]

B3: Army Enigma - 3 rotor (Hinsley)

F.H. Hinsley and Alan Strip in "Codebreakers - Story of

Bletchley Park", [HINS] have pictures and supporting detail for
the Army version 3 rotor device.

B4: Early Variations - (Friedman)

NSA's Friedman Legacy - A Tribute to William and Elizabeth

Friedman, 1992, pp 201 ff discusses the early Enigma variants.
[FL]

B5: Naval Variation - Air Ministry (3 of 8 rotors)

See Ref's [ASIR]

B6: Air Force Variation - 3 rotor of five (British Air Ministry)

See section B3.

B7: University of Hamburg - WWW : Enigma pictures

Dr. Klaus Brunnstein (University of Hamburg) has provided

excellent GIF Enigma pictures in their Working Groups "museum":

Address: http://www.informatik.uni-hamburg.de
Select "international homepage"
 From 2nd entry "groups", select AGN
(first of the working groups)

There, select "Museum" (4th entry) where you get a

list of about 40 pictures. The CDB has these also.

C: PATENTS

C1: General - (Levine)

Jack Levine presents the most comprehensive treatment of U.S.

Cryptographic Patents 1861-1981 in [LEVI].

C2: Scherbius #1,657,411 [LAUE] [Geheimschrijfmachine] 1919

Rudolph F Lauer discusses the original A. Scherbius Enigma

patent # 1657411 in his "Computer Simulation of Classical
Substitution Cryptographic Systems" in [LAUE]. This machine
was used for diplomatic communications and had ten rotors. BP
broke it late in the game using the Colossus machines.

C3: Herbern # 1,683,072 [Electric Code Machine], 1917

Reference [ASIR] gives an interesting account of Herbern's

efforts.

D: ENCIPHERING PROCESS

D1: Naval Enigma (Kahn)

David Kahn in his "Seizing the Enigma" Appendix presents a

detailed Enciphering procedure for the Naval Enigma.
Approximately 20 pages of notes, biblio, interviews and
diagrams. [KAH3]

D2: ESSAYONS and LANAKI present modern PC technology applied to

encipherment process in [ENIG].

E: CRYPTANALYSIS

E1: BP Analysis (Turing)

Cryptanalysis of the various Enigma variants starts with

Alan Turing "The Enigma", in [ALAN]

E2: Polish Attack (Rejewski)

Perhaps the earliest and best attack, Marian Rejewski wrote the
brilliant "Mathematical Solution of the Enigma Cipher" published
in [REJE].

E3: Double Encipherment Flaw (Bloch)

Gilbert Bloch and Ralph Erskine exploit the double encipherment

flaw in article on Enigma, in Cryptologia. [BLOC]
E4: Lauer Analysis of Classical Systems & (Deavours)

Rudolph F. Lauer presents Cipher A Deavours simulation program

p73 ff in reference [LAUE]. Deavour's program reveals the
German Army cipher machine simulated consisted of three rotors
(of eight), rings settings, plugboard (for key super -
encipherment, rotor starting positions and a reflecting rotor.
The program requires the user to set "prepare the machine" by
setting the rotor wirings, rotor order, rotor starting position,
ringsettings, plugboard pairs and no of plugs used and the
current rotor positions. It calculates the patchpanel, dis-
placements of cylinder coding and effects of reverse rotors, and
reflecting rotor. There are no error checks for singularity.

Lauer also presents ten cryptographic systems and representative

cipher machines in increasing order of difficulty. He presents
72 references (including the Cipher A. Deavours simulations) on
disk. Each system is not only simulated but the principles for
the entire class of machines are presented. Ignoring the
programming language, BASIC ( I would choose FORTRAN, others
would choose C, and others APL, and others ADA and..); the
methods applicable to one machine apply equally well to others
in the same class.

I have rearranged his classification methodology and added my

own thoughts to show how ENIGMA fits into the progression of
classical cryptographic / mechanical systems:

E40: Mathematical Footholds

a: Modulo 26 Arithmetic, Congruences, Matrices

b: Statistical Phi values for small distributions
c: Isomorphism - reference [CAND]
d: Optimization Theory
e: Advanced Calculus, Linear Transformations
f: Probability Theory

E41: Simple Substitution - Cipher Disk {My Lectures 1-8 }

Principles: monosubstitution, K1,K2,K3,K4, KM sequence

keying, transpositional keys.

Examples: Aristocrats, Patristocrats, Xenocrypts

Caesar, sliding strips, rotating disks

Attacks: Frequency analysis, word pattern, bigram,

trigram, vowel spotting, letter distribution.

E42: Periodic Polyalphabetic Substitution - Viggy Devices

{My Lectures 10-13}

Principles: poly-alpha-substitution, repeat key

sequence

Examples: Vigenere, Variant, Beaufort, Porta, Gronsfeld

Attack: Periodicity, Kasiski, trigraphic, traffic

 analysis, Kerckhoff's method.

E43: Running Key and Autokey - Kammel and Weller Devices

Principles: polyalphasubstitution, non-repeat key

sequence, PT autokey, CT autokey and running key

Examples: Running key and autokey ciphers

Attack: Friedman attack - "Solution of Running Key

Ciphers, probable word, known plain text.

E44: Simple Progressive

Principles: constant shift interval to employ all

secondary alphabets (period = 26)

Examples: Progressive Cipher

Attacks: Friedman attacks, periodicity at 26,13,2,1

same as E42, Chi test, matching frequency
distributions, decimation intervals, coherent key

E45: Irregular - KRYHA

Principles: irregular shifting of primary components

non coherent key, non recognizable key, long key
derived from two or more short keys, pseudo-random
different interval shifts on progressive; sum of shifts
be relatively prime to N in alphabet

Examples: One time pad, Vernam Key Tape

Attacks: Sacco's solution, Isomorphism, Friedmans

technique

E46: Wheatstone Cryptograph

Principles: Aperiodic cipher, extra sequence shift,

error control

Examples: Jefferson, Hebern machine, Vernam

Attack: Friedmans techniques [FR4] probable phrase

E47: Multiplex Systems

Principles: Wheel ciphers

Examples: Jefferson, M-138, M-94

Attack: Friedman techniques, De Viaris examination,

synoptic tables, G. Mellen attack, Rohrbach method
coincidences - generatrices group

E48: HAGELIN M-209

 Principles: pin lug mechanism, cylindrical cage, guide
arm - print wheel rotates number of positions = sum of
the lugs on those key wheels which were affected by
active pins. ==> key value with period of 3,120,180
letters.

Examples: C-36, M-209

Attack: Wayne Barker analysis one wheel to six wheels,

statistical analysis on settings, probable word

E49: ENIGMA

Principles: electrical rotor or transfer wheel,

stepping gears, maze between keyboard and indicating
device producing 26 ** N different enciphering
alphabets, re-entrance phenomenon, excess contacts.
superencipherment

Examples: ENIGMA A-E

Attacks: Polish, BP, Turing, Deavours, Friedman IC,

E1-E8 previously cited, Chi test on diagonals,
isomorphs, Pohlig w/ PT, Konheim analysis, Lisicki
Grille 1000x1000 rearrangements

Modern Experiments: Remove reflecting rotor.

Use re-entrance type rotor
[ ACA and Install bi-directional Rotors
University of Increase entropy
Hamburg ] Expand character sets

E410: HILL SYSTEM {NORTH DECODER in Lecture 8}

Principles: Polygraphic encipherment, non - linear

encipherment == forerunner of "S" boxes in DES

Examples: Playfair, Hill Device

Attacks: Konheim technique, Rhee analysis, Mapping,

-----------------------------------------------------------

E5: Polish attacks (Kozaczuk)

Dr. Wladyslaw Kozaczuk discusses the Polish attacks on Enigma in

[KOZA]

E6: Involution Principle (Konheim)

Involution principles are presented by Alan G. Konheim,

"Cryptography -A Primer" , in [KONH]

E7: Related Machines (Barker)

Wayne G. Barker presents a related analysis in "Cryptanalysis of

the Hagelin Cryptograph, in [BARK].

E8: Enigma 3 (Sassoons )

A clever treatment of the Enigma 3 wheel device can be found

in George Sassoons, "Radio Hackers Code Book", [SASS]

E9: Tieman C (Schneier)

Bruce Schneier, in his "Applied Cryptography', presents Tieman's

C program. [SCH1]

F: ROTOR SYSTEMS

F1: Theory (Konheim)

The general theory of rotor systems is well presented in chapter

5 of Konheim's primer. [KONH]

F2: Polish Solution

The brilliance of Marian Rejewski solution is presented in "The

Mathematical Solution of the Enigma Cipher " in [REJE]

F3: Computer Crypto and Probability Analysis [A German View]

Norbert Ryska and Siegfried Herda give a fresh look at computer

techniques required for Cryptography. From a German point of
view, it gives the reader a look at security risks, and crypto-
methodology. [RYSK]

G: ENIGMA IMPROVEMENTS

G1: Code Changes (Sassoon)

Sassoon suggests improvements to Enigma by using full ASCII

set of 256. Sequence length 256 x x 256. Rotor settings in
blocks of 256 8-bit bytes one to define the position of each
rotor. Sassoon's Basic Enigma3 simulation 4 rotors and a
reflector rotor. It simulates the movement towards the
reflector or away from it. Rotor cross connections are well
defined. Subroutines to test the encryption and decryption are
included. Clear rotor advancement routines. Error checking
subs as well. No plugboard. [SASS]

G2: Improved Security (ESSAYONS and LANAKI)

Clarence Tyner Jr. has spent significant time since 1944 on

German cipher production and reduction efforts. Starting with a
Model D (circa 1920's) Tyner simulated the original Enigma with
wartime enhancements (plugboard, expanded rotor sets, etc.) and
then improved it while staying within the original concepts of
the original machine (keyboard input, data path through a
plugboard, rotating rotors, reflecting rotors, and output
display. Presented in detail later in this lecture.

H: ORGANIZATIONS (Kahn) (ASI)

H1:BP
 H2:OSS
H3:German Navy - U Boat Command
H4:B-Dienst
H5:Bureau De Chiffer
H6:Polish Biuro Szyfrow
H7:French Service Renseignements
H8:AVA Telecomunications
H9:German Army Command
H10:SOE
H11:RAF-SLU
H12:Siemans und Halske Aktiengesellschaft
H13:AC Bridge Laboratory

David Kahn in his books "Seizing Enigma", "Codebreakers" ,

"Kahn on Codes" and "Hitlers Spies" presents the various
people and organizations surrounding Enigma. Also the British
Air Scientific Institute, chap 6 describes the relevance of each
organization in the cracking of Enigma. [ASIR] [KAH1] [KAH2]
[KAHN]

ENIGMA 95

A simulation of an enhanced Enigma Cipher Machine on a standard personal

computer

Clarence E. Tyner Jr. and Randall K. Nichols

ADDRESS : 11322 Carrollwood Drive, Tampa, Florida, 33618, USA.

5953 Long Creek Drive, Corpus Christi, Texas, 78414, USA

ABSTRACT : An exploration into the possibilities of what can be done with the
operating methods of the Enigma on the personal computer. The same concept of
employing keyboard input, a plugboard, rotors ( both normal and reflecting ),
Uhr
box and visual output are used, but are expanded by using 100-position rotors
that
intermittently rotate a prime amount after each input, allowing the number of
rotors to vary from 1 to 12, in front or backwards orientation, top permit any
keyboard character ( including spaces ) to be encrypted, and to simultaneously
display cipher and clear text for editing. A rotating Character Set converts
single-character input into 2-digit numbers for processing and
superencipherment
of numeric output into alpha bigrams is possible. Regular rotors, Reversing
rotors, Character Sets and Superencipherment Tables are provided in sets of 100
for extensive variety. Visual monitor display and paper printout are
employed
and other controls are provided. It is a "what if" speculation that shows what
could have been possible if the technology had been available.

KEYWORDS : Enigma, prime numbers, rotors, intermittent rotation,

superencipherment, personal computer, QBasic, interval method, character set,
random numbers, checksum, plugboard, orientation, internal settings, external
settings.

Everyone is familiar with the Enigma Cipher Machine and the way it operates.

However, the more you learn about it and read about the cryptanalysis that
overcame it in World War II, the more you wonder if it could be improved without
becoming impossibly complicated. The personal computer provides a means to
improve the concepts that made the original Enigma work, and it can make it work
much better.

This project started as a simulation of the original Enigma. The pathway of the
electric circuit caused by pressing a key is easy to understand. It goes from
the
keyboard through the plugboard to the rotors, is reflected from the reversing
rotor, back through the rotors, through the plugboard and finally to a lamp that
lights under a round window with an alphabet on it. At least one rotor will
rotate during the pressing of the key and the pathway through the rotors will
change from what it was previously. The internal wiring of the rotors is random
and the cumulative circuit offset combinations produce an extensive number of
substitution alphabets. The plugboard adds to this, as did the Uhr box.

Aside from administrative and operator errors, the weaknesses of the enigma were
as follows:

1. The internal wiring of the rotors was fixed. It never changed except for
a
few specialized purposes. While the mathematical possibilities were
astronomical, only a small portion of them were utilized probably because of
manufacturing, cost and logistics considerations.

2. There were only eight rotors in a set and only 3 or 4 could be used at a
time.

3. The rotors rotated only very restricted basis. One moved one position
each time. The second moved only after the first had moved 1 to 26 positions.
The 3rd moved only after the 2nd had moved 1 to 26 positions. There were
notches
on the rotors to accomplish this and the rotors could be set so that the
movements
occurred at different times, but movement of two rotors was infrequent, and
movement of all rotors was limited and somewhat predictable.

4. The reversing ( reflecting ) rotor did not move, nor could it be moved (
except on the earlier models ).

5. A subtle weakness was that a given letter could never be encrypted as

itself.

6. It was expensive and labor-intensive both to manufacture and to operate.

Once it had been determined how to simulate the rotation of rotors and to
simulate
the transfer of the electrical current between rotors correctly, a major problem
was solved. Then it was necessary to determine how to keep the internal wiring
connections unchanged during rotation. This was followed by developing a method
of selecting and installing the rotors at a given position and then how to
rotate
them to an initial setting. Having an old Model D Enigma ( 3 rotor ) so that
it
was possible to determine what the outcome should be was helpful.

Creation of rotors presented a challenge in establishing the internal wiring and

in making a set from which to choose three. Edward H. Hebern used the Interval
Method of wiring his rotors, so it was decided to use that approach. For those
who are not familiar with it, it involves determining the positional difference
(
interval ) between points connected on opposite faces of the rotor. For a 26 (
A
- Z ) position rotor, the intervals range from 0 to 25, with each interval being
used only once. But the geometry of the problem prevents one interval from
being
used and requires one interval to be used twice. All intervals are measured in
the same direction. For example, a connection from point A on one face to point
C
on the other has an interval of 2 ( assuming opposite positions are identified
with the same letter ).

I don't know how Mr. Hebern did it, but it is a job perfectly suited for a
computer. At any rate, "wiring" a rotor using the Interval Method can be very
tedious because it involves a lot of trial and error if done manually ( or, as
it
turned out, by computer ). It would be interesting to know if there is a simple
algorithm. It is supposed to produce a more secure encryption. After trying to
do it manually ( by diagramming on paper ), programs were written to do it for
both regular and reversing rotors. The programs also produce a file on a floppy
disk to simulate a set of rotors and print the results for record purposes.
Each
rotor had to be unique from all others so use of random numbers was involved.

The plugboard was programmed so that it was possible to enter the 2-point ( from
-
to ) sets that were to be connected. Multiple sets could be created, just as it
is possible to have multiple cable connections on a mechanical Enigma.
A file of plugboards is not needed because the variance within fixed fields is
derived from the connections, and to allow numbers of connections to be varied.
It was necessary though to provide for editing to insure that each position was
used only once ( as in real life ).

At this point, the idea of expanding the Enigma came into being in the form of
introducing variability between the keyboard and the plugboard such as the Uhr
Box
does. It was decided to make the Enigma process the data in numerical form and
expand it from a 26 to a 100 character format. This numerical format ( 00 -99 )
has the disadvantage of doubling the length of a message, but it has certain
advantages. In addition to handling alphabetic letters, it can also:

1. Allow upper/lower cases, numbers, symbols, punctuations, and spaces to be

encrypted.
2. Better conceal the language and individual characters being transmitted.
3. Eliminate the problem of a letter not being encrypted as itself.
4. Allow a longer period between repetitions.
5. Permit superencipherment.
6. Provide 100-position rotors and plugboard which are more difficult to
analyze.
7. Facilitate masking control elements in messages. ( e.g., rotor settings,
etc. )

This format required a method of converting input into 2-digit form. It was
done
by creating what are called "Character Sets". These are randomly organized sets
of 100 characters ( upper and lowercase ) that appear on the keyboard. The
entire
100 positions are not used and the unused are filled with a seldom-used accent
mark. One hundred sets are available in a file on floppy disk. The sets are
used
in both encryption and decryption to convert from and back to cleartext.

Using 100 as a common feature, brought into use the digits 00 - 99 to identify
rotors, sets, tables and plugboard positions. Sets of these components have 100
of each ( "00" means "100" ).

The next feature was to provide for the unique rotation or non-rotation (
movement
of each rotor is randomly intermittent ) of each regular and the reversing rotor
after each input. The Character Set also rotates so that doubles ( like "oo" in
book ) are converted differently. Rotation is by a prime amount to 100 ( 2 and
5
are not used ). Editing prevents using other numbers. An additional feature
was
to provide a Rotor Display similar to the windows on the Enigma. This is
primarily
informational but has proven to be helpful in de-bugging the program.....and it
does provide a sense of rotor movement.

Another idea was borrowed from Mr. Hebern. That was the ability to "insert"
rotors into the machine either forwards or backwards which doubles the number of
rotors in a given set. It was also possible to provide for a variable number of
rotors. An arbitrary limit of 12 was chosen but it would be possible to have
more
( though that might be considered overkill ). The important thing here is that
it
would be possible to employ from 1 to 12 rotors ( from a set of 100 ), depending
on the security desired. The rotor display automatically adjusts to the
selected
number.

The next feature that was added was the ability to optionally superencipher the
resulting numeric ciphertext. This involves replacing a 2-digit numeric cipher
with a 2-character alphabetic bigram (e.g., 36 to HK ). It also permits each
numeric cipher to be represented by one of 6 or 7 bigrams (e.g., 36 could be
HK,
UM, RY, AU, ZM or BI ). The 7th bigram appears only for selected numerics
because
the 676 ( 26 x 26 ) possible bigrams are evenly distributed amongst the 100
numerics. In addition, the use of a given bigram in a set for each numeric is
incremented sequentially so using this example, the numeric "36" would be
converted to HK the first time it appears, to UM the second time, etc. The
first
selection can start at any of the first 6 positions and it cycles around to
position 1 when position 6 or 7 is used. A SuperEnciphering Table ( Figure 18
)
accomplishes this and there is a matching SuperDeciphering Table ( Figure 19 )
to
reverse it.

Text input requires no use of the <enter> key and the computer buffer handles
rapid input so that the entry of clear or cipher text is faster than that of the
original Enigma. Input is displayed on the monitor and the resulting
cipher/clear
text is displayed immediately below so that it is possible to visually check it.
If an error occurs, a simple procedure allows you to correct it without having
to
re-type everything. A screenful of data consists of 6 sets of double lines
( one input, one output ) double spaced with the sets separated by a dotted line
for clarity. There are 27 inputs per line for a total of 162. When the 159th
-
161st are entered, a beep sounds to alert you to the approaching end of a
screen.
This allows you to make a final check of the input for errors (and easily
correct
them) before entering the 162nd which triggers printing that screenful to paper.
During the printing you can start entering the next screenful. A limit of 1943
inputs ( 12 screenfuls less 1 ) was arbitrarily chosen for demonstration
purposes
( more would be possible, depending on memory available ). This limit can be
easily set to a shorter value to control message length to make cryptanalysis
more
difficult.

Printing is considered essential for the purpose of having a record of what was
sent and how it was encrypted or decrypted ( e.g., was the cleartext entered
correctly and was the machine correctly set ? ). It also eliminates the need
for
a second person to transcribe the output. Attached are four exhibits that are
examples of the printouts that can be produced:

Exhibit A : Encryption into numeric form

Exhibit B : Decryption of Exhibit A
Exhibit C : Encryption in Superenciphered Form
Exhibit D : Decryption of Exhibit C

Each exhibit is divided into the following parts:

1. The Heading: This indicates whether it is encryption or

decryption,
and the date and time that the settings were entered . This does not change for
repeated use of the settings for two or more consecutive messages. To enter a
new
date/time group or change the internal settings, the program must be completely
restarted. ( See A1, B1, C1 or D1 )

2. The Internal Control Settings: This indicates the number of

plugboard connections used, the specific plugboard connections, the number of
rotors used, the specific rotor numbers in the position sequence and then each
rotors orientation ( frontwards or backwards ). The reversing rotor number is
indicated. Next, the unique rotation value for each rotor and the reversing
rotor
are shown, followed by the character set number and its rotation value. These
constitute the internal settings that would be specified by the Signal Operating
Instructions ( SOI ). All of these settings generate an Internal Checksum which
is used to verify that the settings have been correctly entered.

This checksum is printed. If it does not agree with that provided in the SOI,
then all the settings must be re-entered by restarting the program.
Intermittent
rotation of each rotor is a function of the installed rotors and previous
entries
and does not have to be specified.

3. The External Control Settings: This lists the settings that the
operator selects and enters for the specific message. They consist of the
Initial
Settings of each rotor and optionally the Superencipherment Table number if it
is
used. These settings add to the Internal Checksum and produce an External
Checksum in the form of a 2-digit number ( mod-100 of the total sum ) that is
sent
with the message. The superencipherment table counter setting is NOT included
and
is NOT sent because the recipient does not have to know it. (See A1, B1, C1, D1
)

4. The Input / Output Message Text: This duplicates that which appears
on the monitor screen and is provided primarily for a message audit ( to insure
that the message was entered correctly ). Each "line" has 27 inputs with the 27
outputs below. Twenty-seven was used to provide legibility on an 80-column
screen. Six such "lines" are possible for each screenful. (See A1, B1, C1 or D1
)

5. The Message Control Data: A count of the input characters ( message

length ) is provided for both superenciphered and non-superenciphered messages.

However, only non-superenciphered ( numeric ciphertext ) messages have the

following additional data provided:

a. A Hash Total which is a Mod-100 sum of the numeric cipher

text.
( See A1, B1 )
b. A set of Column Check Totals which is the Mod-100 sum of each
of
the 27 columns of cipher text. This is followed by a non-mod total of the
columns. ( See A2, A3, B2 )
c. A total of Row Check Totals which is the Mod-100 sum of each
row
of cipher text. This is followed by a non-mod total of the rows. ( See A2,
A3,
B2 )

The purpose of providing column and row totals is to be able to locate

transmission garbles. They would be sent only if requested. Variances in any
given column and row would locate the error by intersection.

6. The Message in Transmission Form: This is what would be sent and

would
contain only the External Control Settings ( rotor settings, superencipherment
table number and external checksum ) , the date and time group, the message
ciphertext and the character count. The External Control Settings would be
disguised by a simple manual superencipherment that would be administrative and
outside the operation of the Enigma 95 ( i.e., prescribed by the SOI ). ( See
A3,
C2 ) If it is decryption, the cleartext message is presented with normal
horizontal spacing and vertically double spaced for convenient reading. ( See
B3,
D2 )

7. Following this is an optional message analysis which is simply a

count
of input and output characters. This can be skipped and was provided only to
assist any system analysis. ( See A4 and C3 )

This completes the printing.

Next displayed on the monitor is an option to re-use the Internal Control
Settings
for another message ( it was assumed that these would remain in effect for a
period of time as was the case for the Enigma ). If this is not selected, the
program ends.

HARDWARE AND SOFTWARE REQUIREMENTS

The Enigma 95 is a program written in Microsoft QBasic. This was done so that
it
could be run on any standard MS DOS computer using MS DOS 5 or higher ( QBasic
is
bundled with MS DOS ) thereby eliminating the need for a specialized computer.
It
fits onto a 3.5 inch floppy disc, together with the necessary data files that
constitute the Regular Rotors Set, Reversing Rotors Set, Character Sets and
Superencipherment Tables. It is possible to also have on the same disk, the
programs that create these files and the necessary documentation ( .DOC ) text
files for each one. This makes the Enigma 95 very portable, very inexpensive
and
very easy to replicate.

Any computer that will run MS DOS QBasic is suitable for the Enigma 95. A color
monitor is preferred but not essential. A printer is very useful, but could be
eliminated if one is willing to copy output manually from the monitor screen (
as
the original Enigma required ).

There is provided a program that produces a graphic representation of the

circuit
path through the Enigma 95 and a program to produce pseudo-random numbers to use
in programs that produce the rotor disks. Also included are programs to analyze
the Enigma 95.

OPERATIONAL OVERVIEW OF THE ENIGMA 95

The following is a run-through of the operating procedure, with the appropriate

illustrations of the monitor screen at each meaningful step.

1. The computer is turned on, QBasic is selected and the Enigma95 program is
loaded and run.

2. You are asked to place the data files disk in the Drive B so that they will
be
available.

3. You are then asked to enter the Internal Control Settings:

a. Number of Plugboard Settings ( 1 to 50 ). 45 is optimum.

b. The plugboard settings ( from and to ) ( Figure 1 )
--------------------------------------------------------------------------------
----------

SOI : ENTER THE NUMBER OF PLUGBOARD CONNECTIONS TO SET : 21

 SET 1 : 1735 SET 11 : 2653 SET 21 :
SET 2 : 2356 SET 12 : 4899
SET 3 : 4581 SET 13 : 6250
SET 4 : 9852 SET 14 : 4069
SET 5 : 3377 SET 15 : 3180
SET 6 : 5544 SET 16 : 9402
SET 7 : 6612 SET 17 : 8437
SET 8 : 5987 SET 18 : 9307
SET 9 : 3254 SET 19 : 8843
SET 10 : 6791 SET 20 : 8514

Plugboard Positions not yet selected

01 03 04 05 06 08 09 10 11 13 15 16 18 19 20
21 22 24 25 27 28 29 30 34 36 38 39
41 42 46 47 49 51 57 58 60
61 63 64 65 68 70 71 72 73 74 75 76 78 79
82 83 86 89 90 92 95 96 97 00
---------------------------------------- Figure 1
----------------------------------------
c. Number of rotors to be used ( 1 to 12 )
d. The rotor number ( 1 to 100 ) for each position and its orientation (
1=Fwd,
2 = Bkwd )
e. The reversing rotor number ( 1 to 100 ) ( Figure 2 )
--------------------------------------------------------------------------------
----------

12 ROTORS ARE TO BE SELECTED FROM THE S.O.I.

Select Rotor ( 1 to 100 ) and Orientation ( 1 or 2 ) IN THE SAME ENTRY

For example : < RO > or < RRO > or < RRRO > <enter>
< 71 > < 232 > < 1001 >

ROTOR ORIENTATION

Position No. 1 32 1 - Forward

Position No. 2 49 2 - Backward
Position No. 3 42 1 - Forward
Position No. 4 98 1 - Forward
Position No. 5 63 2 - Backward
Position No. 6 94 2 - Backward
Position No. 7 62 1 - Forward
Position No. 9 4 1 - Forward
Position No. 10 33 2 - Backward
Position No. 11 25 1 - Forward
Position No. 12 11 1 - Forward

ENTER REVERSING ROTOR NUMBER (1 TO 100): 53

---------------------------------------- Figure 2
----------------------------------------

f. The rotational shift value for each rotor ( a prime number between 0
and 97
inclusive less 2 and 5 ) ( Figure 3 )
--------------------------------------------------------------------------------
----------

(See the current S.O.I. for the values to use)

SET ROTATIONAL SHIFT VALUES FOR EACH ROTOR POSITION

USING THE FOLLOWING PRIME NUMBERS (EACH ONLY ONCE)

0,1,3,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97

FOR ROTOR POSITION 1 : 07

FOR ROTOR POSITION 2 : 29
FOR ROTOR POSITION 3 : 01
FOR ROTOR POSITION 4 : 71
FOR ROTOR POSITION 5 : 17
FOR ROTOR POSITION 6 : 13
FOR ROTOR POSITION 7 : 11
FOR ROTOR POSITION 8 : 47
FOR ROTOR POSITION 9 : 03
FOR ROTOR POSITION 10 : 61
FOR ROTOR POSITION 11 : 23
FOR ROTOR POSITION 12 : 19

FOR REVERSING ROTOR : 31

---------------------------------------- Figure 3
----------------------------------------

g. The Character Set number ( 1 to 100 ) ( Figure 4 )

--------------------------------------------------------------------------------
----------

( See S.O.I. )

ENTER CHARACTER SET NUMBER : 44

---------------------------------------- Figure 4
----------------------------------------

h. The rotational value for the character set ( the same range as f.
above ). (
Figure 5 )
--------------------------------------------------------------------------------
----------
( See the current S.O.I. for the values to use )

SET ROTATIONAL SHIFT VALUE FOR THE CHARACTER SET

USING ONE OF THE FOLLOWING PRIME NUMBERS NOT USED FOR THE ROTORS

0,1,3,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97

ROTATIONAL VALUE : 89

----------------------------------------- Figure 5
---------------------------------------

4. You are then asked: DO YOU WANT TO ( 1 ) ENCIPHER OR ( 2 ) DECIPHER

?
a. Assuming that ( 1 ) is selected, a "random number" generator is
presented to
select numbers for use as Internal Settings.

b. This is a sort of "spin the arrow" device to prevent bad selection of

settings
but any source of random numbers may be used. It is optional. It is
skipped if ( 2
) is selected.

5. The Internal Checksum is displayed and then you are asked for the
External
Control Settings:
a. Initial settings for the regular rotors ( 1 to 100 ).
b. Initial setting for the reversing rotor ( 1 to 100 ).
( Figure 6 )

--------------------------------------------------------------------------------
----------

Internal Checksum = 60354

( See your list )

SET INITIAL ROTOR SETTINGS ( 1 TO 100 )

ROTOR 1 : 15
ROTOR 2 : 22
ROTOR 3 : 09
ROTOR 4 : 41
ROTOR 5 : 87
ROTOR 6 : 36
ROTOR 7 : 08
ROTOR 8 : 01
ROTOR 9 : 57
ROTOR 10 : 91
ROTOR 11 : 03
ROTOR 12 : 49

REVERSING ROTOR : 77

---------------------------------------- Figure 6
----------------------------------------

c. The Superencipherment Table number ( 1 to 100 ) if used, and

d. The initial setting of the superencipherment table counter ( 1 to 6
).
( Figure 7 )

--------------------------------------------------------------------------------
----------
 ( See your list )

ENTER SUPERENCIPHERMENT TABLE NUMBER : 35

SET INITIAL COUNT ( 1 TO 6 ) : 4

----------------------------------------- Figure 7
---------------------------------------

6. The opening screen for beginning the message entry appears with: (
Figure 8 )
a. The External Checksum.
b. Instructions for starting and stopping text entry and making
corrections.

--------------------------------------------------------------------------------
----------

ENTERNAL CHECKSUM = 99

To stop operations and :

1. Print text : Press \

2. Correct input : Press Shift & |

Press ENTER key to start - or - to make the next screen

---------------------------------------- Figure 8
----------------------------------------

7. After pressing <enter>, a blank screen will appear with the initial Rotor
Display at
the bottom and START ENTERING MESSAGE will appear in the middle of the screen. (
Figure 9 )

--------------------------------------------------------------------------------
----------

START ENTERING MESSAGE

Rotor Display 15 22 09 41 87 36 08 01 57 91 03 49
77

---------------------------------------- Figure 9
----------------------------------------

8. At this point you can start entering text and see it appear on the
monitor,
starting at the upper left corner, and filling left to right. The input
and its
related output will appear simultaneously. At the bottom of the screen,
above the
rotor display, are instructions for ending the input and for making
corrections to
 the input. There is also a count of input at the right corner. ( Figure
10 )

--------------------------------------------------------------------------------
----------

F O U R S C O R E A N D S E V E N Y E A R S
A
FM VQ ND OU UF OF EN MX FE ZR DO YD BS YW VO RB BB HC QI UR ZD BW BZ TQ EO
WD RF

----------------------------------------------------------------------------
----
G O , O U R F
FW DP JA XW QN ZX OT DA WX

Enter '\' to end message. Press 'Shift |' to make correction. Input No.
36
Rotor Display 41 73 31 61 44 79 62 00 11 72 25 67
04

---------------------------------------- Figure 10
---------------------------------------

Below is a listing ( in columns 4 through 16 ) of the 13 Rotor Display

windows of the
above 36 inputs, to show the intermittent movement of the rotors. See
Figures 11
and 12.
Col. 1 is the Input No.
Col. 2 is the cleartext input.
Col. 3 is the Character Set conversion of the cleartext.
Cols. 4 - 15 are the Regular Rotor displays.
Col. 16 is the Reversing Rotor display.
Col. 17 is the numeric cipher output.
Col. 18 is the superenciphered output.

When numbers are repeated in a rotor column, this indicates that the rotor
did not
rotate after that specific input. When rotation does occur, it rotates
the amount
previously set for that rotor. This illustration is not part of the
regular
operating display. It was used only as a test and to illustrate
intermittent
movement.
--------------------------------------------------------------------------------
----------
Start 15 22 09 41 87 36 08 01 57 91 03 49 77
-- -- -- -- -- -- -- -- -- -- -- -- --
1 F 87 15 51 10 12 87 49 19 48 60 52 03 68 08 52
FM
2 O 26 15 51 11 83 87 49 19 48 63 52 03 68 39 18
VQ
3 U 64 15 51 12 54 04 62 19 48 66 52 03 68 70 06
ND
 4 R 57 15 51 13 54 21 62 30 48 69 13 26 87 01 15
OU
5 S 79 22 80 14 25 21 62 30 95 69 13 26 06 32 03
UF
6 C 10 29 09 15 96 21 75 41 42 69 74 49 06 32 64
OF
7 O 81 29 09 15 96 38 75 41 42 69 35 49 06 32 69
EN
8 R 01 36 38 15 67 38 75 52 42 69 35 72 25 32 03
MX
9 E 65 36 38 15 38 38 75 63 42 72 96 72 44 32 92
FE
10 06 43 67 16 09 55 88 74 89 75 96 72 63 32 37
ZR
11 A 20 50 67 16 80 72 88 74 89 78 57 72 82 63 53
DO
12 N 12 50 96 16 80 89 88 85 89 81 18 95 01 94 34
YD
13 D 61 57 25 17 80 89 88 85 89 81 79 18 01 94 46
BS
14 50 57 25 18 51 06 88 96 89 81 79 18 20 94 93
YW
15 S 89 64 25 18 51 06 01 96 36 84 79 18 39 25 42
VO
16 E 42 64 54 19 22 23 14 96 36 84 40 18 39 25 65
RB
17 V 71 64 83 20 22 23 27 96 36 84 01 41 58 25 13
BB
18 E 64 64 83 21 93 40 40 96 83 84 62 64 77 56 66
HC
19 N 89 64 83 21 93 57 40 96 83 87 62 87 77 56 53
QI
20 16 71 12 22 64 57 53 07 30 87 62 10 96 56 20
UR
21 Y 84 71 12 22 64 74 53 07 30 90 23 10 15 56 60
ZD
22 E 8 78 12 22 35 91 66 07 77 93 23 10 34 56 93
BW
23 A 52 78 12 23 06 08 66 07 77 96 84 10 53 56 80
BZ
24 R 77 85 41 24 06 25 66 07 24 96 84 10 72 87 39
TQ
25 S 99 92 41 25 06 42 66 18 71 96 84 10 91 18 55
EO
26 82 92 70 25 06 59 66 29 18 96 84 33 10 18 20
WD
27 A 96 92 99 25 77 59 66 29 18 96 45 33 10 49 92
RF
28 G 65 99 99 26 77 76 66 29 65 99 06 33 29 49 01
FW
29 O 23 99 28 26 77 76 66 40 12 02 67 33 48 49 01
DP
30 ' 36 06 57 27 77 93 66 40 59 05 28 56 67 80 65
JA
31 37 13 86 27 48 10 66 40 59 05 89 79 67 11 59
XW
32 O 56 20 15 28 19 10 66 40 06 08 50 79 67 11 18
QN
33 U 94 27 15 28 19 27 66 40 06 08 50 02 67 11 38
 ZX
34 R 87 34 44 29 90 27 79 40 53 11 50 02 67 42 34
OT
35 81 34 44 30 61 27 79 51 53 11 11 02 67 73 28
DA
36 F 72 41 73 31 61 44 79 62 00 11 72 25 67 04 17
WX
----------------------------------------- Figure 11
--------------------------------------
- 13 -

Figure 12 is the same as Figure 11 except that the repeated numbers in

each column
have been replaced by a [] to indicate no movement to emphasize the
irregular
movement of each rotor.
--------------------------------------------------------------------------------
----------

Rotor No. 01 02 03 04 05 06 07 08 09 10 11 12 RR
Rotation 7 29 1 71 17 13 11 47 3 61 23 19 31

Start Posn 15 22 09 41 87 36 08 01 57 91 03 49 77
-- -- -- -- -- -- -- -- -- -- -- -- --
1 F 87 [] 51 10 12 [] 49 19 48 60 52 [] 68 08 52
FM
2 O 26 [] [] 11 83 [] [] [] [] 63 [] [] [] 39 18
VQ
3 U 64 [] [] 12 54 04 62 [] [] 66 [] [] [] 70 06
ND
4 R 57 [] [] 13 [] 21 [] 30 [] 69 13 26 87 01 15
OU
5 S 79 22 80 14 25 [] [] [] 95 [] [] [] 06 32 03
UF
6 C 10 29 09 15 96 [] 75 41 42 [] 74 49 [] [] 64
OF
7 O 81 [] [] [] [] 38 [] [] [] [] 35 [] [] [] 69
EN
8 R 01 36 38 [] 67 [] [] 52 [] [] [] 72 25 [] 03
MX
9 E 65 [] [] [] 38 [] [] 63 [] 72 96 [] 44 [] 92
FE
10 06 43 67 16 09 55 88 74 89 75 [] [] 63 [] 37
ZR
11 A 20 50 [] [] 80 72 [] [] [] 78 57 [] 82 63 53
DO
12 N 12 [] 96 [] [] 89 [] 85 [] 81 18 95 01 94 34
YD
13 D 61 57 25 17 [] [] [] [] [] [] 79 18 [] [] 46
BS
14 50 [] [] 18 51 06 [] 96 [] [] [] [] 20 [] 93
YW
15 S 89 64 [] [] [] [] 01 [] 36 84 [] [] 39 25 42
VO
16 E 42 [] 54 19 22 23 14 [] [] [] 40 [] [] [] 65
RB
17 V 71 [] 83 20 [] [] 27 [] [] [] 01 41 58 [] 13
BB
 18 E 64 [] [] 21 93 40 40 [] 83 [] 62 64 77 56 66
HC
19 N 89 [] [] [] [] 57 [] [] [] 87 [] 87 [] [] 53
QI
20 16 71 12 22 64 [] 53 07 30 [] [] 10 96 [] 20
UR
21 Y 84 [] [] [] [] 74 [] [] [] 90 23 [] 15 [] 60
ZD
22 E 8 78 [] [] 35 91 66 [] 77 93 [] [] 34 [] 93
BW
23 A 52 [] [] 23 06 08 [] [] [] 96 84 [] 53 [] 80
BZ
24 R 77 85 41 24 [] 25 [] [] 24 [] [] [] 72 87 39
TQ
25 S 99 92 [] 25 [] 42 [] 18 71 [] [] [] 91 18 55
EO
26 82 [] 70 [] [] 59 [] 29 18 [] [] 33 10 [] 20
WD
27 A 96 [] 99 [] 77 [] [] [] [] [] 45 [] [] 49 92
RF
28 G 65 99 [] 26 [] 76 [] [] 65 99 06 [] 29 [] 01
FW
29 O 23 [] 28 [] [] [] [] 40 12 02 67 [] 48 [] 01
DP
30 ' 36 06 57 27 [] 93 [] [] 59 05 28 56 67 80 65
JA
31 37 13 86 [] 48 10 [] [] [] [] 89 79 [] 11 59
XW
32 O 56 20 15 28 19 [] [] [] 06 08 50 [] [] [] 18
QN
33 U 94 27 [] [] [] 27 [] [] [] [] [] 02 [] [] 38
ZX
34 R 87 34 44 29 90 [] 79 [] 53 11 [] [] [] 42 34
OT
35 81 [] [] 30 61 [] [] 51 [] [] 11 [] [] 73 28
DA
36 F 72 41 73 31 [] 44 [] 62 00 [] 72 25 [] 04 17
WX

[] = no movement (repeated numbers)

---------------------------------------- Figure 12
---------------------------------------

9. Corrections are made by pressing the " shift and | " keys
simultaneously.
Light magenta numbers appear between the lines of input and output so that
you can
identify where the error is. This position number ( note 37 below ) is
entered (
Figure 13 ).

--------------------------------------------------------------------------------
----------

F O U R S C O R E A N D S E V E N Y E A R S
A
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
26 27
FM VQ ND OU UF OF EN MX FE ZR DO YD BS YW VO RB BB HC QI UR ZD BW BZ TQ EO
WD RF

----------------------------------------------------------------------------
----
G O , O U R F U R F A Y T H E R S
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
53 54
FW DP JA XW QN ZX OT DA WX MG LY QW KM WQ EL WM DG XB HY

55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
80 81

82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 00 01 02 03 04 05 06
07 08

09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
34 35

36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
61 62

Enter '\' to end message. Press 'Shift |' to make correction. Input No.
46
ENTER THE (FIRST) POSITION TO CORRECT 37

----------------------------------- Figure 13
--------------------------------------------

10. The <enter> key is pressed twice. The screen will blank and then
automatically
refill with "good" text up to that number and stop. CONTINUE ENTERING
MESSAGE will
appear in the middle of the screen. Entry of correct text is then
continued from that
point onwards ( Figure 14 ).

--------------------------------------------------------------------------------
----------

F O U R S C O R E A N D S E V E N Y E A R S
A

FM VQ ND OU UF OF EN MX FE ZR DO YD BS YW VO RB BB HC QI UR ZD BW BZ TQ EO
WD RF

----------------------------------------------------------------------------
----
G O , O U R F

FW DP JA XW QN ZX OT DA WX
 CONTINUE ENTERING MESSAGE

Enter '\' to end message. Press 'Shift |' to make correction. Input No.
36
Rotor Display 41 73 31 61 44 79 62 00 11 72 25 67
04

--------------------------------------- Figure 14
----------------------------------------
11. When the first screen is filled ( 162 characters input ) or is ended
with a
backslash ( \ ), the above control settings, etc. are printed, followed by
the text
screen. As each subsequent screenful is completed it will be printed.
This
continues until the end of the message is reached and the backslash ( \ )
key is
pressed. This causes any partial screen to be printed before the message
control
data, message form and other output is printed.

If Decipherment ( 2 ) is selected, the process is essentially the same

(entering
control settings, etc.) except the input is ciphertext and the output is
cleartext.
Message Control Data is available but message analysis is not.

ROTORS, SETS AND TABLES

The term "data files" encompasses the files that constitute the 100 each
groupings of
Regular Rotors, Reversing Rotors, Character Sets and Superencipherment
Tables that
are used by Enigma 95. They have been described earlier and now they are
presented
for inspection. They were used in the examples discussed earlier.

A From 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
24 25
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
B To 58 28 56 40 80 78 05 92 49 31 14 93 30 77 62 64 79 25 13 22 41 65 29
43 39

A From 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
49 50
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
B To 51 19 73 02 01 42 83 94 08 69 04 07 66 57 84 26 54 44 09 68 85 52 34
03 46

A From 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
74 75
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
 B To 27 10 17 70 37 23 06 38 59 97 91 71 95 88 96 32 45 18 82 53 61 99 81
12 16

A From 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98
99 00
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
B To 36 60 24 48 67 33 11 72 63 76 21 75 87 86 00 50 47 35 98 90 89 74 20
55 15

Figure 15 - Regular Rotor No. 32

The "To" position indicates the position on the rotor's opposite face to
achieve the
offset effect.
( For example, position 1 on face A is connected to position 58 on face B
)

From 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23
24 25
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
To 48 65 34 39 86 95 82 51 12 71 17 09 90 26 43 42 11 91 67 60 59 89 87
25 24

From 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
49 50
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
To 14 83 78 99 72 77 61 35 03 33 53 57 97 04 50 96 16 15 93 49 62 54 01
45 40

From 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
74 75
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
To 08 70 36 47 63 69 37 73 21 20 32 46 55 85 02 00 19 92 56 52 10 30 58
79 84

From 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98
99 00
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- --
To 98 31 28 74 94 88 07 27 75 64 05 23 81 22 13 18 68 44 80 06 41 38 76
29 66

Figure 16 - Reversing Rotor No. 53

The "To" position indicates the connecting position on the same face to
achieve the
offset effect.
( For example, Positions 1 and 48 are connected, 2 and 65 are connected,
etc. )

Posn 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Char # q . c j t + 9 A * 4 f r O ~ , { 8 d

Posn 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Char y o 5 R n h w X D p g M ~ 3 S e m l T -

Posn 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Char [ U 1 & @ / z ~ ~ Q a = P ! C 7 ~ 0 K u

Posn 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Char B ' ~ Y s b < G W v ? I ~ H ( > E : ~ x

Posn 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 00
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Char } L J ~ k Z F ~ _ ) N ~ 2 ; V i 6 ] % $

Figure 17 - Character Set No. 44

"Posn" is the position value the Character is converted to when it is
input. The
characters "rotate" afterwards so that character position values change.
This figure
shows the set before the first input.

Letter "A" = 10 initially. After the first input, "A" = "99", then "88" (
For a
rotation values of 89 ), etc.

01 02 03 04 05 06 07 01 02 03 04 05 06 07
-- -- -- -- -- -- -- -- -- -- -- -- -- --
01 HO HI BV FW DP PX BK 51 AO YC JI VC CT ET IX
02 EF DS SJ QJ MK BH GS 52 DD NO NL FM XA EM
03 BG HD EP UF MX YB WV 53 NT PJ CJ DO QI AN FC
04 JG OO TI QW UJ IQ 54 TD VR TV QG EE JU RK
05 VW ZL BX LD KF TL CM 55 QD GE MD EO OX JW IH
06 DQ XZ CK ND AM MH LE 56 XP BL UN FQ KR MV
07 WO FH PT FY WN GN SI 57 OL CH SU NI GX HZ DU
08 UW FN RA YU YR ZZ 58 MS MJ FA EW TY YX WJ
09 WB DZ OJ LU QL WZ SK 59 VA TO OI XW ZQ ZA WG
10 XG KL OB RE QP UQ JH 60 RJ IK YH ZD SR HJ
11 FU WI QS MP UX ZH IF 61 M0 AA NZ AP IV JB VS
12 KP OA SF IG SO FS 62 DE LF FO UP EV CB GB
13 CY BJ TJ BB KQ WE PA 63 GH UV IM OE XL ST QF
14 NK BQ HA HU FG XS CN 64 GF TX NS OF NU VY
15 VU FI UB OU YV GT PH 65 SG KC MN RB JA KE TE
16 UH PI RU LC HB NJ 66 VX CW QO HC BM SC ES
17 LQ NM UD WX WM EH PQ 67 VJ PF QQ QR LS XI BE
18 CF HM DY VQ QN HW AS 68 LJ LV ZT LY DM WC
19 JV CX ED XC OG ID KS 69 JN YG XV EN FL AB TT
20 HH AX AJ UR WD MY 70 VP AT GL PO KI IY WK
21 YY KA NF AI VT ZO TM 71 ME UU SX XN RN HE KD
22 ER DX JF QK TF MA FT 72 YI QA GA EL KO QH
23 HF OH DC VM VD VG RR 73 LX CS FK PE JO YN VK
24 JX FZ SD UZ DN FX 74 WU LT DR ZC IE BC XK
25 RG PG HX RM IJ RQ LZ 75 XR US KG EQ JZ QT MB
26 KX YA GO XQ OM FD NC 76 CP IU PK ZN IZ AW
27 IA BP PZ II KH PP IO 77 GU QB EY ZV LM XF TG
28 MM UL IT DA GQ IB 78 EC SS VH NP PS ZI ON
29 IW CU IC GI KY BR CL 79 MR TU NW AY QM ZY BY
30 KJ PL JE DJ RT XU PU 80 QC OD RW BZ CZ SW
31 CE JK WS UT AD AK JJ 81 ZP SA XO YZ NG EU QE
 32 UK XJ PR JY XY SQ 82 GJ ZW RX RH EK AC JC
33 WL KV LG YM NR BA EB 83 TA OS KZ CQ UA WP AV
34 IP CR LB YD OT XB GC 84 TK OW AH UY HP DW
35 QU YP JT VB KT AR VI 85 FR WW PY KM WQ MQ LN
36 HK UM RY AU ZM BI 86 SY GZ TR RC BO UC EI
37 MZ PD YK ZR UE JL NA 87 AQ DV RD YL RO PM KK
38 OC TZ DF ZX CC NB IS 88 KU CA CQ MG QV YS
39 BF XE NH TQ HN SE JM 89 NV BU GK EJ GR LW MW
40 SL LI WF NQ NN XT 90 PB OR TB RV VN CV VL
41 MF MC WH OZ VE ZG AG 91 DL TN DB LP YO LH LL
42 HG GD GG VO OQ UO HS 92 QZ DI XM FE RF WA
43 HL SM VF SZ PW HV RL 93 YQ MI NX YW BW PN GY
44 KW JQ SN ZB BD VZ 94 LO JS GV YE ML YT FP
45 WY EZ SB AZ GW ZS ZF 95 OV JD DT DG QX PV JR
46 OP NE GP BS RS CO HQ 96 NY EA MU AL FJ CD
47 LK YJ IN ZJ XH CI PC 97 OY KB ZU HY GM QY TW
48 RI WT FF RP SH EX 98 FB TS HR UG TH BN IL
49 MT XD ZE WR AF DH RZ 99 EG YF IR LR SP TC LA
50 DK ZK UI JP VV HT TP 00 AE KN SV FV XX BT OK

Figure 18 - Superencipherment Table No. 35

The left column is the numeric cipher. The other 7 columns are the
possible super
encipherments. 36 can be converted to HK , UM , RY , AU , ZM , BI in
turn, depending
on where the counter starts. A blank causes the counter to be reset to 1.
A B C D E F G H I J K L M N O P Q R S T U V W X Y
Z
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
--
A 61 69 82 31 00 49 41 84 21 20 31 96 06 53 51 61 87 35 18 70 36 83 76 20 79
45 A
B 33 13 74 44 67 39 03 02 36 13 01 56 66 98 86 27 14 29 46 00 89 01 93 05 79
80 B
C 88 62 38 96 31 18 88 57 47 53 06 29 05 14 46 76 83 34 73 51 29 90 66 19 13
80 C
D 28 91 23 52 62 38 95 49 92 30 50 91 68 24 53 01 06 74 02 95 57 87 84 22 18
09 D
E 96 33 78 19 54 02 99 17 86 89 82 72 52 69 55 03 75 22 66 51 81 62 58 48 77
45 E
F 58 98 53 26 92 48 14 07 15 96 73 69 52 08 62 94 56 85 12 22 11 00 01 24 07
24 F
G 72 62 34 42 55 64 42 63 29 82 89 70 97 07 26 46 28 89 02 15 77 94 45 57 93
86 G
H 14 16 66 03 71 23 42 20 01 60 36 43 18 39 01 84 46 98 42 50 14 43 18 25 97
57 H
I 27 28 29 19 74 11 12 55 27 25 60 98 63 47 27 34 04 99 38 28 76 61 29 51 70
76 I
J 65 61 82 95 30 22 04 10 51 31 31 37 39 69 73 50 44 95 94 35 54 19 55 24 32
75 J
K 21 97 65 71 65 05 75 27 70 30 87 10 85 00 72 12 13 56 19 35 88 33 44 26 29
83 K
L 99 34 16 05 06 62 33 91 40 68 47 91 77 85 94 91 17 99 67 74 09 68 89 73 68
25 L
M 22 75 41 55 71 41 88 06 93 58 02 94 28 65 61 11 85 79 58 49 96 56 89 03 20
37 M
N 37 38 26 06 46 21 81 39 57 16 14 52 17 40 52 78 40 33 64 53 64 89 79 93 96
61 N
O 12 10 38 80 63 64 19 23 59 09 00 57 26 78 04 46 42 90 83 34 15 95 84 55 97
41 O
P 13 90 47 37 73 67 25 15 16 53 76 30 87 93 70 27 17 32 78 07 30 95 43 01 85
27 P
Q 72 77 80 55 81 63 54 72 53 02 22 09 79 18 66 10 67 67 11 75 35 88 04 95 97
92 Q
R 08 65 86 87 10 92 25 82 48 60 54 43 25 71 87 48 25 23 46 30 16 90 80 82 36
49 R
S 81 45 66 24 39 12 65 48 07 02 09 40 43 44 12 99 32 60 78 63 57 00 80 71 86
43 S
T 83 90 99 54 65 22 77 98 04 13 84 05 21 91 59 50 39 86 98 69 79 54 97 64 58
38 T
U 83 15 86 17 37 03 98 16 50 04 32 28 36 56 42 62 10 20 75 31 71 63 08 11 84
24 U
V 59 35 51 23 41 43 23 78 35 67 73 90 23 90 42 70 18 54 61 21 15 50 05 66 64
44 V
W 92 09 68 20 13 40 59 41 11 58 70 33 17 07 07 83 85 49 31 48 74 03 85 17 45
09 W
X 52 34 19 49 39 77 10 47 67 32 74 63 92 71 81 56 26 75 14 40 30 69 59 00 32
06 X
Y 26 03 51 34 94 99 69 60 72 47 37 87 33 73 91 35 93 08 88 94 08 15 93 58 21
81 Y
Z 59 44 74 60 49 45 41 11 78 47 50 05 36 76 21 81 59 37 45 68 97 77 82 38 79
08 Z
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
--
A B C D E F G H I J K L M N O P Q R S T U V W X Y
Z

Figure 19 - Superdecipherment Table 35

First letter at left. Second letter at top. Numeric cipher at
intersection ( HK,
UM, RY, etc. = 36 )

The Enigma rotor operation principle has probably been long superseded by
much more
sophisticated methods of encryption that are faster and more secure, but
it will
remain interesting for a long time to amateurs such as myself. It is
something that
is understandable and before the advent of the computer, resulted in some
beautiful
machines.

The Enigma 95 is not one now, but I believe that it could be "translated"
into a
handsome electro-mechanical device. It is something to dream about.

The only absolutely secure cipher is the One Time Pad and it has the
disadvantage of
requiring copies to be destroyed after one use. The Enigma 95 is an
attempt to
approach this holy Grail of cryptography by providing an almost unlimited
supply of
enhanced (both in size and method of rotation) Rotors, Character Sets,
Superencipherment Tables and a lengthened Plugboard. While I cannot prove
it
mathematically or otherwise, I suspect that the ability to use almost
unlimited
expendable sets of all possible combinations of these for very limited
periods (throw
away feature) such as is possible in the Enigma 95, would strengthen any
cipher
considerably by preventing the accumulation of sufficient material on
which to base
an in-depth cryptanalysis. Any comments would appreciated.

AT THE CRYPTO DROP BOX IS:

The disk accompanying this article contains ENIGMA 95 and the necessary
supporting
files needed in its operation. Also included are program files to create them
and to
analyze and test its operation. DOC files are included for each file to explain
them. Start with CRYPTO.1ST, then read ENIGMA95.DOC and study ENIGMA95.FLO to
gain
an understanding of Enigma 95 before running it. The list of files is:

CRYPTO.1ST : An outline of the files that constitute Enigma 95

system
ENIGMA95.DOC : Detailed documentation pertaining to ENIGMA95
ENIGMA95.FLO : A flowchart of the ENIGMA95 operation
ENIGMA95.BAS * : ENIGMA95

ROTORS.DAT : Set of 100 Regular Rotors

REVROTRS.DAT : Set of 100 Reversing Rotors
CHARS.DAT : Set of 100 Character Sets
CODE.DAT : Set of 100 Super Encipherment Tables

CRYPTO05.BAS * : Random Numbers Generator for CRYPTO27 & CRYPTO34

CRYPTO27.BAS * : Regular Rotor Creation using the Interval Method
CRYPTO28.BAS * : Super Encipherment Tables Creation
CRYPTO30.BAS * : Character Set Creation
CRYPTO34.BAS * : Reversing Rotor Creation

CRYPTO43.BAS * : ENIGMA95 Cipher Machine Data Paths Demonstrator

CRYPTO45.BAS * : Rotors Matching Analysis
CRYPTO47.BAS * : Check of Rotor Files for Errors
CRYPTO48.BAS * : Analysis of Cleartext vs. Ciphertext
CRYPTO49.BAS * : Rotor Intermittent Movement Test
CRYPTO51.BAS : Plugboard Combinations

ENIGMA95.WRI : The article about Enigma 95. ( Created using Windows 3.1
Write )

* = Has a matching .DOC file

The .1st , .DOC and .FLO files are DOS files

The .BAS and .DAT files are QBASIC or QUICKBASIC files
The .WRI file is a WINDOWS 3.1 Write file

ENCRYPTION 10-31-1995 16:36:57 Hours

--------------------------------------------------------------------------------
No. of PB Connections 21
Plugboard Connections (1735) (2356) (4581) (9852) (3377) (5544) (6612)
(5987) (3254) (6791) (2653) (4899) (6250) (4069)
 (3180) (9402) (8437) (9307) (8843) (8514) (2176)
No. of Rotors 12
Rotors Sequence 32 49 42 98 63 94 62 60 04 33 25 11
Rotors Orientation 1 2 1 1 2 2 1 1 2 2 1 1
Reversing Rotor No. 53
Rotors Rotation Values 07 29 01 71 17 13 11 47 03 61 23 19
Rev Rotor Rotation Value 31
Character Set (CS) No. 44
CS Rotation Value 89 Internal Checksum 60354
--------------------------------------------------------------------------------
Rotors Initial Settings 15 22 09 41 87 36 08 01 57 91 03 49
Rev Rotor Initial Setting 77
External Checksum 64
--------------------------------------------------------------------------------
F O U R S C O R E A N D S E V E N Y E A R S A
52 18 06 15 03 64 69 03 92 37 53 34 46 93 42 65 13 66 53 20 60 93 80 39 55 20 92
--------------------------------------------------------------------------------
G O , O U R F O R E F A T H E R S B R O U G H T
01 01 65 59 18 38 34 28 17 43 63 98 60 64 41 31 11 13 56 20 34 65 57 72 73 95 10
--------------------------------------------------------------------------------
F O R T H U P O N T H I S C O N T I N E N T
53 19 21 23 57 21 59 32 96 45 50 23 79 29 01 92 30 12 30 42 04 58 82 66 86 40 28
--------------------------------------------------------------------------------
A N E W N A T I O N . 1 2 3 4 5 6 7 8 9 0 ( * )
27 86 23 88 28 11 26 30 91 76 90 06 96 83 85 74 48 64 96 82 80 53 00 59 25 74 73
--------------------------------------------------------------------------------
TOTAL INPUT CHARACTERS IS 108 HASH TOTAL OF CODE IS 02

EXHIBIT A-1

COL CHECK TOTALS

33 24 15 85 06 34 88 93 96 01 56 61 81 69 69 62 02 55 35 64 78 69 19 36 39 29 03
TOTAL COLUMNS = 5202
ROW CHECK TOTALS
83 67 78 74
TOTAL ROWS = 5202

EXHIBIT A-2

================================= SEPARATE PAGE ================================

FOR TRANSMISSION AS MESSAGE No.

--------------------------------------------------------------------------------
15 22 09 41 87 36 08 01 57 91 03 49 77 64 10 31 95 16 36 57
--------------------------------------------------------------------------------
52 18 06 15 03 64 69 03 92 37 53 34 46 93 42 65 13 66 53 20 60 93 80 39 55 20 92
01 01 65 59 18 38 34 28 17 43 63 98 60 64 41 31 11 13 56 20 34 65 57 72 73 95 10
53 19 21 23 57 21 59 32 96 45 50 23 79 29 01 92 30 12 30 42 04 58 82 66 86 40 28
27 86 23 88 28 11 26 30 91 76 91 06 96 83 85 74 48 64 96 82 80 53 00 59 25 74 73

108 02
--------------------------------------------------------------------------------
Column and row totals. Do not transmit unless requested.
33 24 15 85 06 34 88 93 96 01 56 61 81 69 69 62 02 55 35 64 78 69 19 36 39 29 03
83 67 78 74

EXHIBIT A-3
INPUT FREQUENCY ANALYSIS

| Char Freq | Char Freq | Char Freq | Char Freq | Char

Freq |
| ---- ---- | ---- ---- | ---- ---- | ---- ---- | ----
---- |
| A 6 | U 4 | ; | k | ?
|
| B 1 | V 1 | ' | l | ( 1
|
| C 2 | W 1 | = | m | ) 1
|
| D 1 | X | ! | n | {
|
| E 8 | Y 1 | @ | o | }
|
| F 4 | Z | # | p | <
|
| G 2 | 0 1 | $ | q | >
|
| H 4 | 1 1 | % | r | [
|
| I 3 | 2 1 | & | s | ]
|
| J | 3 1 | * 1 | t | ~
|
| K | 4 1 | a | u | ~
|
| L | 5 1 | b | v | ~
|
| M | 6 1 | c | w | ~
|
| N 9 | 7 1 | d | x | ~
|
| O 10 | 8 1 | e | y | ~
|
| P 1 | 9 1 | f | z | ~
|
| Q | space 15 | g | _ | ~
|
| R 8 | . 1 | h | - | ~
|
| S 5 | , 1 | i | + | ~
|
| T 7 | : | j | / | ~
|

Total = 108

OUTPUT FREQUENCY ANALYSIS

Code Count Code Count Code Count Code Count Code

Count
|---------------|----------------|----------------|----------------|------------
----|
| 1 = 3 | 21 = 2 | 41 = 1 | 61 = | 81 =
|
| 2 = | 22 = | 42 = 2 | 62 = | 82 = 2
|
| 3 = 2 | 23 = 3 | 43 = 1 | 63 = 1 | 83 = 1
|
| 4 = 1 | 24 = | 44 = | 64 = 3 | 84 =
|
| 5 = | 25 = 1 | 45 = 1 | 65 = 3 | 85 = 1
|
| 6 = 2 | 26 = 1 | 46 = 1 | 66 = 2 | 86 = 2
|
| 7 = | 27 = 1 | 47 = | 67 = | 87 =
|
| 8 = | 28 = 3 | 48 = 1 | 68 = | 88 = 1
|
| 9 = | 29 = 1 | 49 = | 69 = 1 | 89 =
|
| 10 = 1 | 30 = 3 | 50 = 1 | 70 = | 90 = 1
|
| 11 = 2 | 31 = 1 | 51 = | 71 = | 91 = 1
|
| 12 = 1 | 32 = 1 | 52 = 1 | 72 = 1 | 92 = 3
|
| 13 = 2 | 33 = | 53 = 4 | 73 = 2 | 93 = 2
|
| 14 = | 34 = 3 | 54 = | 74 = 2 | 94 =
|
| 15 = 1 | 35 = | 55 = 1 | 75 = | 95 = 1
|
| 16 = | 36 = | 56 = 1 | 76 = 1 | 96 = 3
|
| 17 = 1 | 37 = 1 | 57 = 2 | 77 = | 97 =
|
| 18 = 2 | 38 = 1 | 58 = 1 | 78 = | 98 = 1
|
| 19 = 1 | 39 = 1 | 59 = 3 | 79 = 1 | 99 =
|
| 20 = 3 | 40 = 1 | 60 = 2 | 80 = 2 | 00 = 1
|

Total = 108

EXHIBIT A-4

DECRYPTION 10-31-1995 17:00:58 Hours

--------------------------------------------------------------------------------
No. of PB Connections 21
Plugboard Connections (1735) (2356) (4581) (9852) (3377) (5544) (6612)
(5987) (3254) (6791) (2653) (4899) (6250) (4069)
(3180) (9402) (8437) (9307) (8843) (8514) (2176)
No. of Rotors 12
Rotors Sequence 32 49 42 98 63 94 62 60 04 33 25 11
Rotors Orientation 1 2 1 1 2 2 1 1 2 2 1 1
Reversing Rotor No. 53
Rotors Rotation Values 07 29 01 71 17 13 11 47 03 61 23 19
Rev Rotor Rotation Value 31
Character Set (CS) No. 44
CS Rotation Value 89 Internal Checksum 60354
--------------------------------------------------------------------------------
Rotors Initial Settings 15 22 09 41 87 36 08 01 57 91 03 49
Rev Rotor Initial Setting 77
External Checksum 64
--------------------------------------------------------------------------------
52 18 06 15 03 64 69 03 92 37 53 34 46 93 42 65 13 66 53 20 60 93 80 39 55 20 92
F O U R S C O R E A N D S E V E N Y E A R S A
--------------------------------------------------------------------------------
01 01 65 59 18 38 34 28 17 43 63 98 60 64 41 31 11 13 56 20 34 65 57 72 73 95 10
G O , O U R F O R E F A T H E R S B R O U G H T
--------------------------------------------------------------------------------
53 19 21 23 57 21 59 32 96 45 50 23 79 29 01 92 30 12 30 42 04 58 82 66 86 40 28
F O R T H U P O N T H I S C O N T I N E N T
--------------------------------------------------------------------------------
27 86 23 88 28 11 26 30 91 76 90 06 96 83 85 74 48 64 96 82 80 53 00 59 25 74 73
A N E W N A T I O N . 1 2 3 4 5 6 7 8 9 0 ( * )
--------------------------------------------------------------------------------
TOTAL INPUT CHARACTERS IS 108 HASH TOTAL OF CODE IS 02

EXHIBIT B-1

COL CHECK TOTALS

33 24 15 85 06 34 88 93 96 01 56 61 81 69 69 62 02 55 35 64 78 69 19 36 39 29 03
TOTAL COLUMNS = 5202
ROW CHECK TOTALS
83 67 78 74
TOTAL ROWS = 5202

EXHIBIT B-2

================================= SEPARATE PAGE ================================

Messsage No.--------------------From----------------------------------Date/Time
of Receipt

: :

: / :
: :

: / :
--------------------------------------------------------------------------------
----------

FOURSCORE AND SEVEN YEARS AGO, OUR FOREFATHERS BROUGHT FORTH UPON THIS CONTINENT
A NEW NAT

ION. 1234567890(*)

EX
HIBIT B-3

ENCRYPTION 10-31-1995 16:36:57 Hours

--------------------------------------------------------------------------------
No. of PB Connections 21
Plugboard Connections (1735) (2356) (4581) (9852) (3377) (5544) (6612)
(5987) (3254) (6791) (2653) (4899) (6250) (4069)
(3180) (9402) (8437) (9307) (8843) (8514) (2176)
No. of Rotors 12
Rotors Sequence 32 49 42 98 63 94 62 60 04 33 25 11
Rotors Orientation 1 2 1 1 2 2 1 1 2 2 1 1
Reversing Rotor No. 53
Rotors Rotation Values 07 29 01 71 17 13 11 47 03 61 23 19
Rev Rotor Rotation Value 31
Character Set (CS) No. 44
CS Rotation Value 89 Internal Checksum 60354
--------------------------------------------------------------------------------
Rotors Initial Settings 15 22 09 41 87 36 08 01 57 91 03 49
Rev Rotor Initial Setting 77
Super Encipher Table No. 35
External Checksum 99
--------------------------------------------------------------------------------
F O U R S C O R E A N D S E V E N Y E A R S A
FM VQ ND OU UF OF EN MX FE ZR DO YD BS YW VO RB BB HC QI UR ZD BW BZ TQ EO WD RF
--------------------------------------------------------------------------------
G O , O U R F O R E F A T H E R S B R O U G H T
FW DP JA XW QN ZX OT DA WX SZ OE UG SR NU OZ UT MP KQ FQ MY XB KE NI EL PE DG RE
--------------------------------------------------------------------------------
F O R T H U P O N T H I S C O N T I N E N T
AN XC AI VM GX VT ZQ JY AL AZ JP VD AY GI PX WA DJ IG RT OQ QW EW RH BM RC NQ GQ
--------------------------------------------------------------------------------
A N E W N A T I O N . 1 2 3 4 5 6 7 8 9 0 ( * )
II BO VG MG IB UX XQ XU LP ZN RV AM FJ CQ KM ZC RP VY CD EK CZ FC FV ZA RM IE JO
--------------------------------------------------------------------------------
TOTAL INPUT CHARACTERS IS 108

EXHIBIT C-1

FOR TRANSMISSION AS MESSAGE No.

--------------------------------------------------------------------------------
15 22 09 41 87 36 08 01 57 91 03 49 77 35 99 10 31 95 17 00 58
--------------------------------------------------------------------------------

FM VQ ND OU UF OF EN MX FE ZR DO YD BS YW VO RB BB HC QI UR ZD BW BZ TQ EO WD RF

FW DP JA XW QN ZX OT DA WX SZ OE UG SR NU OZ UT MP KQ FQ MY XB KE NI EL PE DG RE

AN XC AI VM GX VT ZQ JY AL AZ JP VD AY GI PX WA DJ IG RT OQ QW EW RH BM RC NQ GQ
II BO VG MG IB UX XQ XU LP ZN RV AM FJ CQ KM ZC RP VY CD EK CZ FC FV ZA RM IE JO

108

EXHIBIT C-2

INPUT FREQUENCY ANALYSIS

| Char Freq | Char Freq | Char Freq | Char Freq | Char

Freq |
| ---- ---- | ---- ---- | ---- ---- | ---- ---- | ----
---- |
| A 6 | U 4 | ; | k | ?
|
| B 1 | V 1 | ' | l | ( 1
|
| C 2 | W 1 | = | m | ) 1
|
| D 1 | X | ! | n | {
|
| E 8 | Y 1 | @ | o | }
|
| F 4 | Z | # | p | <
|
| G 2 | 0 1 | $ | q | >
|
| H 4 | 1 1 | % | r | [
|
| I 3 | 2 1 | & | s | ]
|
| J | 3 1 | * 1 | t | ~
|
| K | 4 1 | a | u | ~
|
| L | 5 1 | b | v | ~
|
| M | 6 1 | c | w | ~
|
| N 9 | 7 1 | d | x | ~
|
| O 10 | 8 1 | e | y | ~
|
| P 1 | 9 1 | f | z | ~
|
| Q | space 15 | g | _ | ~
|
| R 8 | . 1 | h | - | ~
|
| S 5 | , 1 | i | + | ~
|
| T 7 | : | j | / | ~
|

Total = 108
OUTPUT FREQUENCY ANALYSIS

\2 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Total
1\ -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-----
A 1 1 1 1 1 1
6
B 1 1 1 1 1 1
6
C 1 1 1
3
D 1 1 1 1 1
5
E 1 1 1 1 1
5
F 1 1 1 1 1 1 1
7
G 1 1 1
3
H 1
1

I 1 1 1 1
4
J 1 1 1 1
4
K 1 1 1
3
L 1
1
M 1 1 1 1
4
N 1 1 1 1
4
O 1 1 1 1 1 1
6
P 1 1
2
Q 1 1 1
3
R 1 1 1 1 1 1 1 1 1
9
S 1 1
2
T 1
1
U 1 1 1 1 1
5
V 1 1 1 1 1 1 1
7
W 1 1 1
3
X 1 1 1 1 1
5
Y 1 1
2
Z 1 1 1 1 1 1 1
7
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-----
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Total
 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-----
4 4 5 6 6 3 5 1 5 2 1 2 6 4 5 5 10 3 1 4 3 2 6 6 4 5
108

EXHIB
IT C-3

DECRYPTION 10-31-1995 17:36:57 Hours

--------------------------------------------------------------------------------
No. of PB Connections 21
Plugboard Connections (1735) (2356) (4581) (9852) (3377) (5544) (6612)
(5987) (3254) (6791) (2653) (4899) (6250) (4069)
(3180) (9402) (8437) (9307) (8843) (8514) (2176)
No. of Rotors 12
Rotors Sequence 32 49 42 98 63 94 62 60 04 33 25 11
Rotors Orientation 1 2 1 1 2 2 1 1 2 2 1 1
Reversing Rotor No. 53
Rotors Rotation Values 07 29 01 71 17 13 11 47 03 61 23 19
Rev Rotor Rotation Value 31
Character Set (CS) No. 44
CS Rotation Value 89 Internal Checksum 60354
--------------------------------------------------------------------------------
Rotors Initial Settings 15 22 09 41 87 36 08 01 57 91 03 49
Rev Rotor Initial Setting 77
Super Encipher Table No. 35
External Checksum 99
--------------------------------------------------------------------------------
FM VQ ND OU UF OF EN MX FE ZR DO YD BS YW VO RB BB HC QI UR ZD BW BZ TQ EO WD RF
F O U R S C O R E A N D S E V E N Y E A R S A
--------------------------------------------------------------------------------
FW DP JA XW QN ZX OT DA WX SZ OE UG SR NU OZ UT MP KQ FQ MY XB KE NI EL PE DG RE
G O , O U R F O R E F A T H E R S B R O U G H T
--------------------------------------------------------------------------------
AN XC AI VM GX VT ZQ JY AL AZ JP VD AY GI PX WA DJ IG RT OQ QW EW RH BM RC NQ GQ
F O R T H U P O N T H I S C O N T I N E N T
--------------------------------------------------------------------------------
A N E W N A T I O N . 1 2 3 4 5 6 7 8 9 0 ( * )
II BO VG MG IB UX XQ XU LP ZN RV AM FJ CQ KM ZC RP VY CD EK CZ FC FV ZA RM IE JO
--------------------------------------------------------------------------------
TOTAL INPUT CHARACTERS IS 108

EXHIBIT D-1

Messsage No.--------------------From----------------------------------Date/Time
of Receipt
: :

: / :
: :

: / :
--------------------------------------------------------------------------------
----------

FOURSCORE AND SEVEN YEARS AGO, OUR FOREFATHERS BROUGHT FORTH UPON THIS CONTINENT
A NEW NAT

ION. 1234567890(*)

SOLUTIONS TO LECTURE 8 PROBLEMS

Thanks to GRAPE JUICE for the quick and clear reply:

C-1 Give two solutions to: (BE)**2 = ARE

A>0 , B= 1...3, E>0, R>0

(16) ** 2 = 256 and (31) ** 2 = 961

C-2 Square root: [OKLA] [OKLI]

R, A, T, S A= E+1 +4,9
----------- B
|Q UA RT ET E
-A I > A
----- O=0
T UA Q >A, T
-T SI R =2,3
----- S
U RT T
-A UT U =S+1 > A, E
----- T
E AO ET U
-E ES UB
---------
R AR

2 4 1 7 4=4,9
+ ------------ 9> 1
| 5 84 21 31 3
-4 6
---------------- 0=0
1 84 5>4,1
-1 76 2=2,3
---------------- 7
1
8 21 8=7+1 >4,3 =7,8
 -4 81 1
---------------- 8

3 40 31
-3 37 89
----------------
2 42

A B E I O Q R S T U 1 2 3 4 5 6 7 8 9 0
T R E A Q I S U B O

A B E I O Q R S T U 0 1 2 3 4 5 6 7 8 9
O T R E A Q I S U B

A B E I O Q R S T U 0 9 8 7 6 5 4 3 2 1
O B U S I Q A E R T

A B E I O Q R S T U 9 8 7 6 5 4 3 2 1 0
B U S I Q A E R T O

>From Sinkov [SINK] two Hill system problems:

Hill-1

Decipher the message: YITJP GWJOW FAQTQ XCSMA ETSQU

SQAPU SQGKC PQTYJ

Use the deciphering matrix | 5 1 |

| 2 7 |

Let A =1, B=2... Z=26

P1 = 5(C1) + 1(C2)
P2 = 2(C1) + 7(C2)

5(Y) + 1(I) = 5(25) + 1(9) = 125 + 9 =134 MOD 26 = 4 = D

2(Y) + 7(I) = 2(25) + 7(9) = 50 + 63 =113 MOD 26 = 9 = I

5(T) + 1(J) = 5(20) + 1(10) = 100 + 10=110 MOD 26 = 6 = F

2(T) + 7(J) = 2(20) + 7(10) = 40 + 70 =110 MOD 26 = 6 = F

Difficulties are things that show what men are.

---
Hill-2

Decipher the message: MWALO LIAIW WTGBH JNTAK QZJKA ADAWS

SKQKU AYARN CSODN IIAES OQKJY B

Use the deciphering matrix | 2 23 |

use A=1, B=2, ...Z=26

P1 = 2(C1) +23(C2)
P2 = 21(C1) +7(C2)

2(M) + 23(W) =2(13) + 23(23) =26 + 529 = 555 MOD 26 = 9 = I

21(M) +7(W) =21(13) + 7(23) =273 + 161 = 434 MOD 26 =18 = R

2(A) + 23(L) = 2(1) + 23(12) = 2 + 276 = 278 MOD 26 = 18= R

21(A) +7(L) = 21(1) + 7(12) = 21 + 84 = 105 MOD 26 = 1 = A

Irrationally held truths may be more harmful than reasoned

errors.

-------------------

REFERENCES / RESOURCES [updated 10 March 1996]

[ACA] ACA and You, "Handbook For Members of the American
Cryptogram Association," ACA publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure

Communications", American Cryptogram Association,
1994.

[ACM] Association For Computing Machinery, "Codes, Keys and

Conflicts: Issues in U.S. Crypto Policy," Report of a
Special Panel of ACM U. S. Public Policy Committee
(USACM), June 1994.

[AFM] AFM - 100-80, Traffic Analysis, Department of the Air

Force, 1946.

[ALAN] Turing, Alan, "The Enigma", by A. Hodges. Simon and

Schuster, 1983.

[ALBA] Alberti, "Treatise De Cifris," Meister Papstlichen,

Princeton University Press, Princeton, N.J., 1963.

[ALKA] al-Kadi, Ibrahim A., Origins of Cryptology: The Arab

Contributions, Cryptologia, Vol XVI, No. 2, April 1992,
pp 97-127.

[AND1] Andree, Josephine, "Chips from the Math Log," Mu Alpha

Theta, 1966.

[AND2] Andree, Josephine, "More Chips from the Math Log," Mu

Alpha Theta, 1970.

[AND3] Andree, Josephine, "Lines from the O.U. Mathematics

Letter," Vols I,II,III, Mu Alpha Theta, 1971,1971,1971.

[AND4] Andree, Josephine and Richard V., "RAJA Books: a Puzzle

Potpourri," RAJA, 1976.

[ANDR] Andrew, Christopher, 'Secret Service', Heinemann,

London 1985.

[ANNA] Anonymous., "The History of the International Code.",

Proceedings of the United States Naval Institute, 1934.

[ANN1] Anonymous., " Speech and Facsimile Scrambling and

Decoding," Aegean Park Press, Laguna Hills, CA, 1981.

[ANTH] Anthony - Cave Brown, "Bodyguard of Lies", Harper and

Row, New York, 1975.

[ASIR] Anonymous, Enigma and Other Machines, Air Scientific

Institute Report, 1976.

[AUG1] D. A. August, "Cryptography and Exploitation of Chinese

Manual Cryptosystems - Part I:The Encoding Problem",
Cryptologia, Vol XIII, No. 4, October 1989.

[AUG2] D. A. August, "Cryptography and Exploitation of Chinese

Manual Cryptosystems - Part II:The Encrypting Problem",
Cryptologia, Vol XIV, No. 1, August 1990.
[BADE] Badeau, J. S. et. al., The Genius of Arab Civilization:
Source of Renaissance. Second Edition. Cambridge: MIT
Press. 1983.

[BAMF] Bamford, James, "The Puzzle Palace: A Report on

America's Most Secret Agency," Boston, Houghton Mifflin,
1982.

[BARB] Barber, F. J. W., "Archaeological Decipherment: A

Handbook," Princeton University Press, 1974.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and Essays,

London, 1928.

[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The

Simple Substitution Cipher with Word Divisions," Aegean
Park Press, Laguna Hills, CA. 1975.

[BAR2] Barker, W., ed., History of Codes and Ciphers in the

U.S. During the Period between World Wars, Part II,
1930 - 1939., Aegean Park Press, 1990.

[BAR3] Barker, Wayne G., "Cryptanalysis of the Hagelin

Cryptograph, Aegean Park Press, 1977.

[BAR4] Barker, Wayne G., "Cryptanalysis of the Enciphered Code

Problem - Where Additive method of Encipherment Has
Been Used," Aegean Park Press, 1979.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.

[BARR] Barron, John, '"KGB: The Secret Work Of Soviet Agents,"

Bantom Books, New York, 1981.

[BAUD] Baudouin, Captain Roger, "Elements de Cryptographie,"

Paris, 1939.

[BAZE] Bazeries, M. le Capitaine, " Cryptograph a 20 rondelles-

alphabets," Compte rendu de la 20e session de l'
Association Francaise pour l'Advancement des Scienses,
Paris: Au secretariat de l' Association, 1892.

[BEES] Beesley, P., "Very Special Intelligence", Doubleday, New

York, 1977.

[BLK] Blackstock, Paul W. and Frank L Schaf, Jr.,

"Intelligence, Espionage, Counterespionage and Covert
Operations," Gale Research Co., Detroit, MI., 1978.

[BLOC] Bloch, Gilbert and Ralph Erskine, "Exploit the Double

 Encipherment Flaw in Enigma", Cryptologia, vol 10, #3,
July 1986, p134 ff. (29)

[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th ed.,

Annapolis: U.S. Naval Institute, 1978.

[BODY] Brown, Anthony - Cave, "Bodyguard of Lies", Harper and

Row, New York, 1975.

[BOLI] Bolinger, D. and Sears, D., "Aspects of Language,"

3rd ed., Harcourt Brace Jovanovich,Inc., New York,
1981.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An

Introduction to Information Security," Hayden Books,
Rochelle Park, NJ, 1990.

[BOWE] Bowers, William Maxwell, "The Bifid Cipher, Practical

Cryptanalysis, II, ACA, 1960.

[BOWN] Bowen, Russell J., "Scholar's Guide to Intelligence

Literature: Bibliography of the Russell J. Bowen
Collection," National Intelligence Study Center,
Frederick, MD, 1983.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.

[BRAS] Brasspounder, "Language Data - German," MA89, THe

Cryptogram, American Cryptogram Association, 1989.

[BREN] Brennecke, J., "Die Wennde im U-Boote-Krieg:Ursachen und

Folgren 1939 - 1943," Herford, Koehler, 1984.

[BROO] Brook, Maxey, "150 Puzzles in Cryptarithmetic,"

Dover, 1963.

[BRIT] Anonymous, "British Army Manual of Cryptography",

HMF, 1914.

[BROG] Broglie, Duc de, Le Secret du roi: Correspondance

secrete de Louis XV avec ses agents diplomatiques
1752-1774, 3rd ed. Paris, Calmann Levy, 1879.

[BRYA] Bryan, William G., "Practical Cryptanalysis - Periodic

Ciphers -Miscellaneous", Vol 5, American Cryptogram
Association, 1967.

[BURL] Burling, R., "Man's Many Voices: Language in Its

Cultural Context," Holt, Rinehart & Winston, New York,
1970.

[CAND] Candela, Rosario, "Isomorphism and its Application in

Cryptanalytics, Cardanus Press, NYC 1946.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight Letters

in Length, Aegean Park Press, Laguna Hills, CA 92654,
1986.
[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in Length,
Aegean Park Press, Laguna Hills, CA 92654, 1986.

[CASE] Casey, William, 'The Secret War Against Hitler',

Simon & Schuster, London 1989.

[CAVE] Cave Brown, Anthony, 'Bodyguard of Lies', Harper &

Row, New York 1975.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NJ, 1990.

[CHOI] Interview with Grand Master Sin Il Choi.,9th DAN, June

25, 1995.

[CHOM] Chomsky, Norm, "Syntactic Structures," The Hague:

Mouton, 1957.

[CHUN] Chungkuo Ti-erh Lishih Tangankuan, ed "K'ang-Jih

chengmien chanch'ang," Chiangsu Kuchi Ch'upansheh,
1987., pp993-1026.

[CI] FM 34-60, Counterintelligence, Department of the Army,

February 1990.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis Of The

Columnar Double Transposition Cipher, by Courville
Assoc., South Gate, CA, 1986.

[CLAR] Clark, Ronald W., 'The Man who broke Purple',

Weidenfeld and Nicolson, London 1977.

[COLF] Collins Gem Dictionary, "French," Collins Clear Type

Press, 1979.

[COLG] Collins Gem Dictionary, "German," Collins Clear Type

Press, 1984.

[COLI] Collins Gem Dictionary, "Italian," Collins Clear Type

Press, 1954.

[COLL] Collins Gem Dictionary, "Latin," Collins Clear Type

Press, 1980.

[COLP] Collins Gem Dictionary, "Portuguese," Collins Clear Type

Press, 1981.

[COLR] Collins Gem Dictionary, "Russian," Collins Clear Type

Press, 1958.

[COLS] Collins Gem Dictionary, "Spanish," Collins Clear Type

Press, 1980.

[COPP] Coppersmith, Don.,"IBM Journal of Research and

Development 38, 1994.

[COVT] Anonymous, "Covert Intelligence Techniques Of the Soviet

 Union, Aegean Park Press, Laguna Hills, Ca. 1980.

[CREM] Cremer, Peter E.," U-Boat Commander: A Periscope View of

The Battle of The Atlantic," New York, Berkley, 1986.

[CULL] Cullen, Charles G., "Matrices and Linear

Transformations," 2nd Ed., Dover Advanced Mathematics
Books, NY, 1972.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford

University Press, London, 1974.

[DALT] Dalton, Leroy, "Topics for Math Clubs," National Council

of Teachers and Mu Alpha Theta, 1973.

[DAN] Daniel, Robert E., "Elementary Cryptanalysis:

Cryptography For Fun," Cryptiquotes, Seattle, WA., 1979.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The Cryptogram,

September-October, Vol XLII, No 5. 1976.

[DEAC] Deacon, R., "The Chinese Secret Service," Taplinger, New

York, 1974.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum," tr. by

Gilbert Watts, (1640) or tr. by Ellis, Spedding, and
Heath (1857,1870).

[DELA] Delastelle, F., Cryptographie nouvelle, Maire of Saint-

Malo, P. Dubreuil, Paris, 1893.

[DENN] Denning, Dorothy E. R.," Cryptography and Data

Security," Reading: Addison Wesley, 1983.

[DEVO] Deavours, Cipher A. and Louis Kruh, Machine Cryptography

and Modern Cryptanalysis, Artech, New York, 1985.

[DEV1] Deavours, C. A., "Breakthrough '32: The Polish Solution

of the ENIGMA," Aegean Park Press, Laguna Hills, CA,
1988.

[DEV2] Deavours, C. A. and Reeds, J.,"The ENIGMA," CRYPTOLOGIA,

Vol I No 4, Oct. 1977.

[DEV3] Deavours, C. A.,"Analysis of the Herbern cryptograph

using Isomorphs," CRYPTOLOGIA, Vol I No 2, April, 1977.

[DIFF] Diffie, Whitfield," The First Ten Years of Public Key

Cryptography," Proceedings of the IEEE 76 (1988): 560-
76.

[DIFE] Diffie, Whitfield and M.E. Hellman,"New Directions in

Cryptography, IEEE Transactions on Information Theory
IT-22, 1976.

[DONI] Donitz, Karl, Memoirs: Ten Years and Twenety Days,

London: Weidenfeld and Nicolson, 1959.

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

 Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[EIIC] Ei'ichi Hirose, ",Finland ni okeru tsushin joho," in

Showa gunji hiwa: Dodai kurabu koenshu, Vol 1, Dodai
kurabu koenshu henshu iinkai, ed., (Toyko: Dodai keizai
konwakai, 1987), pp 59-60.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956.

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,

"ENIGMA95 - A Simulation of Enhanced Enigma Cipher
Machine on A Standard Personal Computer," for
publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
Ciphers," Ambassador Books, Toronto, Canada, 1956.

[ERSK] Erskine, Ralph, "Naval Enigma: The Breaking of Heimisch

and Triton," Intelligence and National Security 3, Jan.
1988.

[EVES] Eves, Howard, "An Introduction to the History of

Mathematics, " New York, Holt Rinehart winston, 1964.

[EYRA] Eyraud, Charles, "Precis de Cryptographie Moderne'"

Paris, 1953.

[FL] Anonymous, The Friedman Legacy: A Tribute to William and

Elizabeth Friedman, National Security Agency, Central
Security Service, Center for Cryptological History,1995.

[FLIC] Flicke, W. F., "War Secrets in the Ether," Aegean Park

Press, Laguna Hills, CA, 1994.

[FOWL] Fowler, Mark and Radhi Parekh, " Codes and Ciphers,
- Advanced Level," EDC Publishing, Tulsa OK, 1994.
(clever and work)

[FREB] Friedman, William F., "Cryptology," The Encyclopedia

Britannica, all editions since 1929. A classic article
by the greatest cryptanalyst.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park Press,
Laguna Hills, CA, 1995.
[FR4] Friedman, William F. and Callimahos, Lambros D.,
Military Cryptanalytics Part IV, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR5] Friedman, William F. Military Cryptanalysis - Part I,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR6] Friedman, William F. Military Cryptanalysis - Part II,

Aegean Park Press, Laguna Hills, CA, 1980.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FREA] Friedman, William F. , "Advanced Military Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FRAA] Friedman, William F. , "American Army Field Codes in The

American Expeditionary Forces During the First World
War, USA 1939.

[FRAB] Friedman, W. F., Field Codes used by the German Army

During World War. 1919.

[FR22] Friedman, William F., The Index of Coincidence and Its

Applications In Cryptography, Publication 22, The
Riverbank Publications, Aegean Park Press, Laguna
Hills, CA, 1979.

[FR6] Friedman, W. F., "Six Lectures On Cryptology," National

Archives, SRH-004.

[FROM] Fromkin, V and Rodman, R., "Introduction to Language,"

4th ed.,Holt Reinhart & Winston, New York, 1988.

[FRS] Friedman, William F. and Elizabeth S., "The

Shakespearean Ciphers Examined," Cambridge University
Press, London, 1957.

[FUMI] Fumio Nakamura, Rikugun ni okeru COMINT no hoga to

hatten," The Journal of National Defense, 16-1 (June
1988) pp85 - 87.

[GAJ] Gaj, Krzysztof, "Szyfr Enigmy: Metody zlamania," Warsaw

Wydawnictwa Komunikacji i Lacznosci, 1989.

[GAR1] Gardner, Martin, "536 Puzzles and Curious Problems,"

Scribners, 1967.

[GAR2] Gardner, Martin, "Mathematics, Magic, and Mystery ,"

Dover, 1956.

[GAR3] Gardner, Martin, "New Mathematical Diversions from

Scientific American," Simon and Schuster, 1966.

[GAR4] Gardner, Martin, "Sixth Book of Mathematical Games

from Scientific American," Simon and Schuster, 1971.

[GARL] Garlinski, Jozef, 'The Swiss Corridor', Dent, London

 1981.

[GAR1] Garlinski, Jozef, 'Hitler's Last Weapons', Methuen,

London 1978.

[GAR2] Garlinski, Jozef, 'The Enigma War', New York, Scribner,

1979.

[GERM] "German Dictionary," Hippocrene Books, Inc., New York,

1983.

[GIVI] Givierge, General Marcel, " Course In Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1978. Also, M.
Givierge, "Cours de Cryptographie," Berger-Levrault,
Paris, 1925.

[GLEA] Gleason, A. M., "Elementary Course in Probability for

the Cryptanalyst," Aegean Park Press, Laguna Hills, CA,
1985.

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976

[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing

Discovery and Decipherment," Basic Books, New York,
1982.

[GRA1] Grandpre: "Grandpre, A. de--Cryptologist. Part 1

'Cryptographie Pratique - The Origin of the Grandpre',
ISHCABIBEL, The Cryptogram, SO60, American Cryptogram
Association, 1960.

[GRA2] Grandpre: "Grandpre Ciphers", ROGUE, The Cryptogram,

SO63, American Cryptogram Association, 1963.

[GRA3] Grandpre: "Grandpre", Novice Notes, LEDGE, The

Cryptogram, MJ75, American Cryptogram Association,1975

[GRAH] Graham, L. A., "Ingenious Mathematical Problems and

Methods," Dover, 1959.

[GREU] Greulich, Helmut, "Spion in der Streichholzschachtel:

Raffinierte Methoden der Abhortechnik, Gutersloh:
Bertelsmann, 1969.

[GUST] Gustave, B., "Enigma:ou, la plus grande 'enigme de la

guerre 1939-1945." Paris:Plon, 1973.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[HAWA] Hitchcock, H. R., "Hawaiian," Charles E. Tuttle, Co.,

Toyko, 1968.

[HAWC] Hawcock, David and MacAllister, Patrick, "Puzzle Power!

Multidimensional Codes, Illusions, Numbers, and
Brainteasers," Little, Brown and Co., New York, 1994.
[HELD] Held, Gilbert, "Top Secret Data Encryption Techniques,"
Prentice Hall, 1993. (great title..limited use)

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For

Divided and Undivided Cryptograms," unpublished
manuscript, 1984.

[HEPP] Hepp, Leo, "Die Chiffriermaschine 'ENIGMA'", F-Flagge,

1978.

[HIDE] Hideo Kubota, " Zai-shi dai-go kokugun tokushu joho

senshi." unpublished manuscript, NIDS.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic

Alphabet", The American Mathematical Monthly, June-July
1929.

[HIL1] Hill, L. S. 1929. Cryptography in an Algebraic

Alphabet. American Mathematical Monthly. 36:306-312.

[HIL2] Hill, L. S. 1931. Concerning the Linear

Transformation Apparatus in Cryptography. American
Mathematical Monthly. 38:135-154.

[HINS] Hinsley, F. H., "History of British Intelligence in the

Second World War", Cambridge University Press,
Cambridge, 1979-1988.

[HIN2] Hinsley, F. H. and Alan Strip in "Codebreakers -Story

of Bletchley Park", Oxford University Press, 1994.

[HIN3] Hinsley, F. H., et. al., "British Intilligence in The

Second World War: Its Influence on Strategy and
Operations," London, HMSO vol I, 1979, vol II 1981, vol
III, 1984 and 1988.

[HISA] Hisashi Takahashi, "Military Friction, Diplomatic

Suasion in China, 1937 - 1938," The Journal of
International Studies, Sophia Univ, Vol 19, July, 1987.

[HIS1] Barker, Wayne G., "History of Codes and Ciphers in the

U.S. Prior to World War I," Aegean Park Press, Laguna
Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of Military
Ciphers," Aegean Park Press, Laguna Hills, CA, 1976.

[HODG] Hodges, Andrew, "Alan Turing: The Enigma," New York,

Simon and Schuster, 1983.

[HOFF] Hoffman, Lance J., editor, "Building In Big Brother:

The Cryptographic Policy Debate," Springer-Verlag,
N.Y.C., 1995. ( A useful and well balanced book of
cryptographic resource materials. )

[HOF1] Hoffman, Lance. J., et. al.," Cryptography Policy,"

Communications of the ACM 37, 1994, pp. 109-17.
[HOLM Holmes, W. J., "Double-Edged Secrets: U.S. Naval
Intelligence Operations in the Pacific During WWII",
Annapolis, MD: Naval Institute Press, 1979.

[HOM1] Homophonic: A Multiple Substitution Number Cipher", S-

TUCK, The Cryptogram, DJ45, American Cryptogram
Association, 1945.

[HOM2] Homophonic: Bilinear Substitution Cipher, Straddling,"

ISHCABIBEL, The Cryptogram, AS48, American Cryptogram
Association, 1948.

[HOM3] Homophonic: Computer Column:"Homophonic Solving,"

PHOENIX, The Cryptogram, MA84, American Cryptogram
Association, 1984.

[HOM4] Homophonic: Hocheck Cipher,", SI SI, The Cryptogram,

JA90, American Cryptogram Association, 1990.

[HOM5] Homophonic: "Homophonic Checkerboard," GEMINATOR, The

Cryptogram, MA90, American Cryptogram Association, 1990.

[HOM6] Homophonic: "Homophonic Number Cipher," (Novice Notes)

LEDGE, The Cryptogram, SO71, American Cryptogram
Association, 1971.

[HUNG] Rip Van Winkel, "Hungarian," The Cryptogram, March -

April, American Cryptogram Association, 1956.

[HYDE] H. Montgomery Hyde, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,

Yorktown Heights, N.Y., 1971.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994.

[ITAL] Italian - English Dictionary, compiled by Vittore E.

Bocchetta, Fawcett Premier, New York, 1965.

[JAPA] Martin, S.E., "Basic Japanese Coversation Dictionary,"

Charles E. Tuttle Co., Toyko, 1981.

[JOHN] Johnson, Brian, 'The Secret War', Arrow Books,

London 1979.

[KADI] al-Kadi, Ibrahim A., Cryptography and Data Security:

Cryptographic Properties of Arabic, Proceedings of the
Third Saudi Engineering Conference. Riyadh, Saudi
Arabia: Nov 24-27, Vol 2:910-921., 1991.

[KAHN] Kahn, David, "The Codebreakers", Macmillian Publishing

Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New

Cryptology," MacMillan Co., New York, 1983.

[KAH2] Kahn, David, "An Enigma Chronology", Cryptologia Vol

 XVII,Number 3, July 1993.

[KAH3] Kahn, David, "Seizing The Enigma: The Race to Break the
German U-Boat Codes 1939-1943 ", Houghton Mifflin, New
York, 1991.

[KERC] Kerckhoffs, "la Cryptographie Militaire, " Journel des

Sciences militaires, 9th series, IX, (January and
February, 1883, Libraire Militaire de L. Baudoin &Co.,
Paris. English trans. by Warren T, McCready of the
University of Toronto, 1964

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KONH] Konheim, Alan G., "Cryptography -A Primer" , John Wiley,

1981, pp 212 ff.

[KORD] Kordemsky, B., "The Moscow Puzzles," Schribners, 1972.

[KOTT] Kottack, Phillip Conrad, "Anthropology: The Exploration

Of Human Diversity," 6th ed., McGraw-Hill, Inc., New
York, N.Y. 1994.

[KOZA] Kozaczuk, Dr. Wladyslaw, "Enigma: How the German

Machine Cipher was Broken and How it Was Read by the
Allies in WWI", University Pub, 1984.

[KRAI] Kraitchek, "Mathematical Recreations," Norton, 1942, and

Dover, 1963.

[KULL] Kullback, Solomon, Statistical Methods in Cryptanalysis,

Aegean Park Press, Laguna Hills, Ca. 1976

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing Through

The Ages," Abelard-Schuman, London, 1973.

[LAI] Lai, Xuejia, "On the Design and Security of Block

Ciphers," ETH Series in Information Processing 1, 1992.
(Article defines the IDEA Cipher)

[LAIM] Lai, Xuejia, and James L. Massey, "A Proposal for a New
Block Encryption Standard," Advances in Cryptology -
Eurocrypt 90 Proceedings, 1992, pp. 55-70.

[LAKE] Lakoff, R., "Language and the Women's Place," Harper &
Row, New York, 1975.

[LANG] Langie, Andre, "Cryptography," translated from French

by J.C.H. Macbeth, Constable and Co., London, 1922.

[LATI] BRASSPOUNDER, "Latin Language Data, "The Cryptogram,"

July-August 1993.

[LAUE] Lauer, Rudolph F., "Computer Simulation of Classical

Substitution Cryptographic Systems" Aegean Park Press,
1981, p72 ff.

[LEAR] Leary, Penn, " The Second Cryptographic Shakespeare,"

 Omaha, NE [from author] 1994.

[LEA1] Leary, Penn, " Supplement to The Second Cryptographic

Shakespeare," Omaha, NE [from author] 1994.

[LEAU] Leaute, H., "Sur les Mecanismes Cryptographiques de M.

de Viaris," Le Genie Civil, XIII, Sept 1, 1888.

[LEDG] LEDGE, "NOVICE NOTES," American Cryptogram Association,

1994. [ One of the best introductory texts on ciphers
written by an expert in the field. Not only well
written, clear to understand but as authoritative as
they come! ]

[LENS] Lenstra, A.K. et. al. "The Number Field Sieve,"

Proceedings of the 22 ACM Symposium on the Theory of
Computing," Baltimore, ACM Press, 1990, pp 564-72.

[LEN1] Lenstra, A.K. et. al. "The Factorization of the Ninth

Fermat Number," Mathematics of Computation 61 1993,
pp. 319-50.

[LEWI] Lewin, Ronald, 'Ultra goes to War', Hutchinson,

London 1978.

[LEWY] Lewy, Guenter, "America In Vietnam", Oxford University

Press, New York, 1978.

[LEVI] Levine, J., U.S. Cryptographic Patents 1861-1981,

Cryptologia, Terre Haute, In 1983.

[LEV1] Levine, J. 1961. Some Elementary Cryptanalysis

of Algebraic Cryptography. American Mathematical
Monthly. 68:411-418

[LEV2] Levine, J. 1961. Some Applications of High-

Speed Computers to the Case n =2 of Algebraic
Cryptography. Mathematics of Computation. 15:254-260

[LEV3] Levine, J. 1963. Analysis of the Case n =3 in Algebraic

Cryptography With Involuntary Key Matrix With Known
Alphabet. Journal fuer die Reine und Angewante
Mathematik. 213:1-30.

[LISI] Lisicki, Tadeusz, 'Dzialania Enigmy', Orzet Biaty,

London July-August, 1975; 'Enigma i Lacida',
Przeglad lacznosci, London 1974- 4; 'Pogromcy
Enigmy we Francji', Orzet Biaty, London, Sept.
1975.'

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret

Writing," David Kemp Co., NY 1936.

[MACI] Macintyre, D., "The Battle of the Atlantic," New York,

Macmillan, 1961.
[MADA] Madachy, J. S., "Mathematics on Vacation," Scribners,
1972.

[MAGN] Magne, Emile, Le plaisant Abbe de Boisrobert, Paris,

Mecure de France, 1909.

[MANN] Mann, B.,"Cryptography with Matrices," The Pentagon, Vol

21, Fall 1961.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and

Ciphers", Alexander Maclehose & Co., London, 1936.

[MARO] Marotta, Michael, E. "The Code Book - All About

Unbreakable Codes and How To Use Them," Loompanics
Unlimited, 1979. [This is a terrible book. Badly
written, without proper authority, unprofessional, and
prejudicial to boot. And, it has one of the better
illustrations of the Soviet one-time pad with example,
with three errors in cipher text, that I have corrected
for the author.]

[MARS] Marshall, Alan, "Intelligence and Espionage in the Reign

of Charles II," 1660-1665, Cambridge University, New
York, N.Y., 1994.

[MART] Martin, James, "Security, Accuracy and Privacy in

Computer Systems," Prentice Hall, Englewood Cliffs,
N.J., 1973.

[MAVE] Mavenel, Denis L., Lettres, Instructions Diplomatiques

et Papiers d' Etat du Cardinal Richelieu, Historie
Politique, Paris 1853-1877 Collection.

[MAYA] Coe, M. D., "Breaking The Maya Code," Thames and Hudson,
New York, 1992.

[MAZU] Mazur, Barry, "Questions On Decidability and

Undecidability in Number Theory," Journal of Symbolic
Logic, Volume 54, Number 9, June, 1994.

[MELL] Mellen G. 1981. Graphic Solution of a Linear

Transformation Cipher. Cryptologia. 5:1-19.

[MEND] Mendelsohn, Capt. C. J., Studies in German Diplomatic

Codes Employed During World War, GPO, 1937.

[MERK] Merkle, Ralph, "Secrecy, Authentication and Public Key

Systems," Ann Arbor, UMI Research Press, 1982.

[MER1] Merkle, Ralph, "Secure Communications Over Insecure

Channels," Communications of the ACM 21, 1978, pp. 294-
99.

[MER2] Merkle, Ralph and Martin E. Hellman, "On the Security of

Multiple Encryption ," Communications of the ACM 24,
1981, pp. 465-67.

[MER3] Merkle, Ralph and Martin E. Hellman, "Hiding

Information and Signatures in Trap Door Knapsacks,"
 IEEE Transactions on Information Theory 24, 1978, pp.
525-30.

[MILL] Millikin, Donald, " Elementary Cryptography ", NYU

Bookstore, NY, 1943.

[MM] Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A New

Dimension in Computer Data Security, " Wiley
Interscience, New York, 1982.

[MODE] Modelski, Tadeusz, 'The Polish Contribution to the

Ultimate Allied Victory in the Second World War',
Worthing (Sussex) 1986.

[MRAY] Mrayati, Mohammad, Yahya Meer Alam and Hassan al-

Tayyan., Ilm at-Ta'miyah wa Istikhraj al-Mu,amma Ind
al-Arab. Vol 1. Damascus: The Arab Academy of Damascus.,
1987.

[MULL] Mulligan, Timothy," The German Navy Examines its

Cryptographic Security, Oct. 1941, Military affairs, vol
49, no 2, April 1985.

[MYER] Myer, Albert, "Manual of Signals," Washington, D.C.,

USGPO, 1879.

[NBS] National Bureau of Standards, "Data Encryption

Standard," FIPS PUB 46-1, 1987.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog Signals for
the Navy with Brief Description of the Ardois Hight
System," In Proceedings of the United States Naval
Institute, Annapolis: U. S. Naval Institute, 1891.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts 1-3,"

ACA-L, August 24, 1995.

[NIC3] Nichols, Randall K., "German Reduction Ciphers Parts

1-4," ACA-L, September 15, 1995.

[NIC4] Nichols, Randall K., "Russian Cryptography Parts 1-3,"

ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F. Friedman",

NCSA FORUM, August 20, 1995.

[NIC6] Nichols, Randall K., "Wallis and Rossignol," NCSA

FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to

Cryptography,", in The Cryptogram, ND95, ACA, 1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down Morse
Code System," The Cryptogram, SO95, ACA publications,
 1995.

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM, March 10,
1995.

[NICX] Nichols, R. K., Keynote Speech to A.C.A. Convention,

"Breaking Ciphers in Other Languages.," New Orleans,
La., 1993.

[NICK] Nickels, Hamilton, "Codemaster: Secrets of Making and

Breaking Codes," Paladin Press, Boulder, CO., 1990.

[NORM] Norman, Bruce, 'Secret Warfare', David & Charles,

Newton Abbot (Devon) 1973.

[NORW] Marm, Ingvald and Sommerfelt, Alf, "Norwegian," Teach

Yourself Books, Hodder and Stoughton, London, 1967.

[NSA] NSA's Friedman Legacy - A Tribute to William and

Elizabeth Friedman, NSA Center for Cryptological
History, 1992, pp 201 ff.

[OKLA] Andre, Josephine and Richard V. Andree, "Cryptarithms,"

Unit One, Problem Solving and Logical Thinking,
University of Oklahoma, Norman, Ok. Copy No: 486, 1976.

[OKLI] Andre, Josephine and Richard V. Andree, " Instructors

Manual For Cryptarithms," Unit One, Problem Solving and
Logical Thinking, University of Oklahoma, Norman, Ok.
Copy No: 486, 1976.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[PERR] Perrault, Charles, Tallement des Reaux, Les

Historiettes, Bibliotheque del La Pleiade, Paris 1960,
pp 256-258.

[PGP] Garfinkel, Simson, "PGP: Pretty Good Privacy," O'reilly

and Associates, Inc. Sebastopol, CA. 1995.

[PHIL] Phillips, H., "My Best Puzzles in Logic and Reasoning,"

Dover, 1961.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,

Ventura, Ca. 93003.

[POLY] Polya, G., "Mathematics and Plausible Reasoning,"

Princeton Press, 1954.

[POL1] Polya, G., "How To Solve It.," Princeton Press, 1948.

[POPE] Pope, Maurice, "The Story of Decipherment: From Egyptian

Hieroglyphic to Linear B., Thames and Hudson Ltd., 1975.

[PORT] Barker, Wayne G. "Cryptograms in Portuguese," Aegean

Park Press, Laguna Hills, CA., 1986.

[POR1] Aliandro, Hygino, "The Portuguese-English Dictionary,"

 Pocket Books, New York, N.Y., 1960.

[PRIC] Price, A.,"Instruments of Darkness: the History of

Electronic Warfare, London, Macdonalds and Janes, 1977.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &

C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &

C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G &

C. Merriam Co., Norman, OK. 1981.

[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,

Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.

Merriam Co., Norman, OK. 1982.

[REJE] Rejewski, Marian, "Mathematical Solution of the Enigma

Cipher" published in vol 6, #1, Jan 1982 Cryptologia pp
1-37.

[RENA] Renauld, P. "La Machine a' chiffrer 'Enigma'", Bulletin

Trimestriel de l'association des Amis de L'Ecole
superieure de guerre no 78, 1978.

[RHEE] Rhee, Man Young, "Cryptography and Secure Commun-

ications," McGraw Hill Co, 1994

[RIVE] Rivest, Ron, "Ciphertext: The RSA Newsletter 1, 1993.

[RIV1] Rivest, Ron, Shamir, A and L. Adleman, "A Method for

Obtaining Digital Signatures and Public Key
Cryptosystems," Communications of the ACM 21, 1978.

[ROAC] Roach, T., "Hobbyist's Guide To COMINT Collection and

Analysis," 1330 Copper Peak Lane, San Jose, Ca. 95120-
4271, 1994.

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[ROHE] Jurgen Rohwer's Comparative Analysis of Allied and Axis

Radio-Intelligence in the Battle of the Atlantic,
Proceedings of the 13th Military History Symposium, USAF
Academy, 1988, pp 77-109.

[ROHW] Rohwer Jurgen, "Critical Convoy Battles of March 1943,"

London, Ian Allan, 1977.

[ROH1] Rohwer Jurgen, "Nachwort: Die Schlacht im Atlantik in

der Historischen Forschung, Munchen: Bernard and Graefe,
1980.

[ROH2] Rohwer Jurgen, et. al. , "Chronology of the War at Sea,

Vol I, 1939-1942, London, Ian Allan, 1972.

[ROH3] Rohwer Jurgen, "U-Boote, Eine Chronik in Bildern,

 Oldenburs, Stalling, 1962. Skizzen der 8 Phasen.

[ROOM] Hyde, H. Montgomery, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[ROSE] Budge, E. A. Wallis, "The Rosetta Stone," British Museum

Press, London, 1927.

[RSA] RSA Data Security, Inc., "Mailsafe: Public Key

Encryption Software Users Manual, Version 5.0, Redwood
City, CA, 1994

[RUNY] Runyan, T. J. and Jan M. Copes "To Die Gallently",

Westview Press 1994, p85-86 ff.

[RYSK] Norbert Ryska and Siegfried Herda, "Kryptographische

Verfahren in der Datenverarbeitung," Gesellschaft fur
Informatik, Berlin, Springer-Verlag1980.

[SADL] Sadler, A. L., "The Code of the Samurai," Rutland and

Tokyo: Charles E. Tuttle Co., 1969.

[SACC] Sacco, Generale Luigi, " Manuale di Crittografia",

3rd ed., Rome, 1947.

[SALE] Salewski, Michael, "Die Deutscher Seekriegsleitung,

1938- 1945, Frankfurt/Main: Bernard and Graefe, 1970-
1974. 3 volumes.

[SANB] Sanbohonbu, ed., "Sanbohonbu kotokan shokuinhyo." NIDS

Archives.

[SAPR] Sapir, E., "Conceptual Categories in Primitive

Language," Science: 74: 578-584., 1931.

[SASS] Sassoons, George, "Radio Hackers Code Book", Duckworth,

London, 1986.

[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," John Wiley and Sons,
1994.

[SCH2] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," 2nd ed., John Wiley and
Sons, 1995.

[SCHU] Schuh, fred, "Master Book of Mathematical Recreation,"

Dover, 1968.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San

Francisco, 1994.

[SEBE] Seberry, Jennifer and Joseph Pieprzyk, "Cryptography: An

Introduction to Computer Security," Prentice Hall, 1989.
[CAREFUL! Lots of Errors - Basic research efforts may
be flawed - see Appendix A pg 307 for example.]

[SHAN] Shannon, C. E., "The Communication Theory of Secrecy

 Systems," Bell System Technical Journal, Vol 28 (October
1949).

[SHIN] Shinsaku Tamura, "Myohin kosaku," San'ei Shuppansha,

Toyko, 1953.

[SIG1] "International Code Of Signals For Visual, Sound, and

Radio Communications," Defense Mapping Agency,
Hydrographic/Topographic Center, United States Ed.
Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound, and

Radio Communications," U. S. Naval Oceanographic
Office, United States Ed., Pub. 102, 1969.

[SIMM] Simmons, G. J., "How To Insure that Data Acquired to

Verify Treaty Compliance are Trustworthy, " in
"Authentication without secrecy: A secure communications
problem uniquely solvable by asymmetric encryption
techniques.", IEEE EASCON 79, Washington, 1979, pp. 661-
62.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.

[SISI] Pierce, C.C., "Cryptoprivacy," Author/Publisher, Ventura

Ca., 1995. (XOR Logic and SIGTOT teleprinters)

[SMIH] Smith, David E., "John Wallis as Cryptographer",

Bulletin of American Mathematical Society, XXIV, 1917.

[SMIT] Smith, Laurence D., "Cryptography, the Science of Secret

Writing," Dover, NY, 1943.

[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag Archipelago I-

III, " Harper and Row, New York, N.Y., 1975.

[SPAN] Barker, Wayne G. "Cryptograms in Spanish," Aegean Park

Press, Laguna Hills, CA., 1986.

[STEV] Stevenson, William, 'A Man Called INTREPID',

Macmillan, London 1976.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"

CRC Press, London, 1995.

[STIX] Stix, F., Zur Geschicte und Organisation der Wiener

Geheimen Ziffernkanzlei, Mitteilungen des
Osterreichischen Instituts fir Geschichtsforschung,
LI 1937.

[STUR] Sturtevant, E. H. and Bechtel, G., "A Hittite

Chrestomathy," Linguistic Society of American and
University of Pennsylvania, Philadelphia, 1935.

[SUVO] Suvorov, Viktor "Inside Soviet Military Intelligence,"

Berkley Press, New York, 1985.
[TERR] Terrett, D., "The Signal Corps: The Emergency (to
December 1941); G. R. Thompson, et. al, The Test(
December 1941 - July 1943); D. Harris and G. Thompson,
The Outcome;(Mid 1943 to 1945), Department of the Army,
Office of the Chief of Military History, USGPO,
Washington,1956 -1966.

[THEO] Theodore White and Annalee Jacoby, "Thunder Out Of

China," William Sloane Assoc., New York, 1946.

[THOM] Thompson, Ken, "Reflections on Trusting Trust,"

Communications of the ACM 27, 1984.

[TILD] Glover, D. Beaird, Secret Ciphers of The 1876

Presidential Election, Aegean Park Press, Laguna Hills,
Ca. 1991.

[TM32] TM 32-250, Fundamentals of Traffic Analysis (Radio

Telegraph) Department of the Army, 1948.

[TRAD] U. S. Army Military History Institute, "Traditions of

The Signal Corps., Washington, D.C., USGPO, 1959.

[TRAI] Lange, Andre and Soudart, E. A., "Treatise On

Cryptography," Aegean Park Press, Laguna Hills, Ca.
1981.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The Cipher
Dispatches, New York, 1879.

[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite de

Jean Tritheme ,Paris: Editions Traditionelles, 1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[TUKK] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[TUCM] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[UBAL] Ubaldino Mori Ubaldini, "I Sommergibili begli Oceani: La

Marina Italian nella Seconda Guerra Mondiale," vol XII,
Roma, Ufficio Storico della Marina Militare, 1963.

[USAA] U. S. Army, Office of Chief Signal Officer,

"Instructions for Using the Cipher Device Type M-94,
February, 1922," USGPO, Washington, 1922.

[VAIL] Vaille, Euggene, Le Cabinet Noir, Paris Presses

Universitaires de Frances, 1950.

[VALE] Valerio, "De La Cryptographie," Journal des Scienses

 militares, 9th series, Dec 1892 - May 1895, Paris.

[VAND] Van de Rhoer, E., "Deadly Magic: A personal Account of

Communications Intilligence in WWII in the Pacific, New
York, Scriber, 1978.

[VERN] Vernam, A. S., "Cipher Printing Telegraph Systems For

Secret Wire and Radio Telegraphic Communications," J.
of the IEEE, Vol 45, 109-115 (1926).

[VIAR] de Viaris in Genie Civil: "Cryptographie", Publications

du Journal Le Genie Civil, 1888.

[VIA1] de Viaris, "L'art de chiffre et dechiffre les depeches

secretes," Gauthier-Villars, Paris, 1893.

[VOGE] Vogel, Donald S., "Inside a KGB Cipher," Cryptologia,

Vol XIV, Number 1, January 1990.

[WALL] Wallis, John, "A Collection of Letters and other Papers

in Cipher" , Oxford University, Bodleian Library, 1653.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and Eleven

Letters in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and

Greater in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius," in

Tudor Studies, Longmans and Green, London, 1924.

[WEBE] Weber, Ralph Edward, "United States Diplomatic Codes and

Ciphers, 1175-1938, Chicago, Precedent Publishing, 1979.

[WEL] Welsh, Dominic, "Codes and Cryptography," Oxford Science

Publications, New York, 1993.

[WELC] Welchman, Gordon, 'The Hut Six Story', McGraw-Hill,

New York 1982.

[WHOR] Whorf, B. L., "A Linguistic Consideration of Thinking In

Primitive Communities," In Language, Thought, and
Reality: Selected Writings of Benjamin Lee Whorf, ed. J.
B. Carroll, Cambridge, MA: MIT Press, pp. 65-86., 1956.

[WINT] Winton, J., " Ultra at Sea: How Breaking the Nazi Code
Affected Allied Naval Strategy During WWII," New Uork,
William Morror, 1988.

[WINK] Winkle, Rip Van, "Hungarian: The Cryptogram,", March -

April 1956.

[WINT] Winterbotham, F.W., 'The Ultra Secret', Weidenfeld

and Nicolson, London 1974.

[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill Books,

NY, 1970.
[WOLF] Wolfe, Jack M., " A First Course in Cryptanalysis,"
Brooklin College Press, NY, 1943.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"

Crown Publishers, New York, 1990.

[XEN1] PHOENIX, "Xenocrypt Handbook," American Cryptogram

Association, 1 Pidgeon Dr., Wilbraham, MA., 01095-2603,
for publication March, 1996.

[YARD] Yardley, Herbert, O., "The American Black Chamber,"

Bobbs-Merrill, NY, 1931.

[YAR1] Yardley, H. O., "The Chinese Black Chamber," Houghton

Mifflin, Boston, 1983.

[YOKO] Yukio Yokoyama, "Tokushu joho kaisoka," unpublished

handwritten manuscript.

[YOUS] Youshkevitch, A. P., Geschichte der Mathematik im

Mittelatter, Liepzig, Germany: Teubner, 1964.

[YUKI] Yukio Nishihara, "Kantogan tai-So Sakusenshi," Vol 17.,

unpublished manuscript, National Institute for Defense
Studies Military Archives, Tokyo.,(hereafter NIDS
Archives)

[ZIM] Zim, Herbert S., "Codes and Secret Writing." William

Morrow Co., New York, 1948.

[ZEND] Callimahos, L. D., Traffic Analysis and the Zendian

Problem, Agean Park Press, 1984. (also available
through NSA Center for Cryptologic History)

From [email protected] Jul 2 05:56:15 1996

Date: Mon, 1 Jul 1996 23:45:36 EDT
From: "Randy Nichols, ACA President" <[email protected]>
Reply to: ACA-L <[email protected]>
To: Multiple recipients of list ACA-L <[email protected]>
Subject: LECTURE 15 AND BIBLIOGRAPHY

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

July 01, 1996

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 15

STATISTICAL ATTACKS

SUMMARY
Lecture 15 considers the role and influence that statistics
and probability theory exert on the cryptanalysis of unknown
ciphers. We develop our subject by the following references:
[FRE3], [SINK], [MAST], [ELCY], [GLEA], [KULL].

DISCUSSION

As you may know, William F. Friedman and Dr. Solomon Kullback

were the first Americans to apply Probability Theory and
Applied Statistics to the Science of Cryptanalysis. Their
achievements were so dynamic that American Crypee's were
able to read the secret messages of many of the Foreign
Governments that it dealt with. [YARD]

SCOPE

We shall look at three tests: Kappa test for coincidences,

Chi test or cross product test for superimposition, and Phi
test for monoalphabeticity. We will briefly touch on
Gleason's logarithmic weighting scheme for determination of
number of letters to differentiate a transposition. The
References and Resource section is substantially broadened
with nearly 150 more choice plums.

BASIC THEORY OF COINCIDENCES

We have already looked at a table of Phi Values For

Monoalphabetic and Digraphic Text By Kullback in Lecture 1.
We have also studied various Phi values for Xenocrypts
in Lecture 5. We found that the probability is related to
coincidences and that it is of significance when we
investigate repetitions of letters in a cipher.

We know that the probability of monographic coincidence (1)

of random text employing a 26 letter alphabet is 0.0385 , (2)
in English telegraphic plain text is 0.0667. We have defined
these values as Kr and Kp respectively.

One of the most important techniques in cryptanalysis is that

of applying the Kappa Test or Test of Coincidences. The most
important purpose for this test is to ascertain whether two
or more sequences are correctly superimposed. Correct means
the sequences are so arranged to facilitate or make possible
a solution. The Kappa test has the following theoretical
basis the following circumstances:

(1) If any two rather lengthy sequences of characters are

superimposed, it will be found that as successive pairs
of letters are brought into vertical juxtaposition, that
in a certain number of cases the two superimposed letters
will coincide,

(2) If we are dealing with random text (26 alphabet) there

will be 38 or 39 cases of coincidence per 1000 pairs of
letters examined because Kr = 0.0385.

(3) If we are dealing with plain text (English) there will be

 66 or 67 cases of coincidence per 1000 pairs of letters
examined because Kp = 0.0667.

(4) If the superimposed sequences are wholly monoalphabetic

encipherments of plain text by the same cipher alphabet,
there will be 66 or 67 cases of coincidence per 1000
pairs of letters examined because in monoalphabetic
substitution there is a fixed or unvarying relation
between plain text and cipher text, so that for
statistical purposes the cipher text behaves just as if
it were normal plain text.

(5) Even if the two superimposed sequences are polyalphabetic

in character, there still will be 66 or 67 cases of
coincidence or identity per 1000 pairs of letters
examined provided the two sequences really belong to the
same cryptographic system and are superimposed at the
proper point with respect to the keying sequence.

(6) This last point may be seen in the two polyalphabetic

messages below: They have been enciphered poly-
alphabetically by the same two primary components sliding
against each other. The two messages begin at the same
point in the keying sequence. Consequently, they are
identically enciphered, letter for letter, the only
differences between them is due to differences in plain
text.

No. 1

Alpha 16 21 13 5 6 4 17 19 21 21 2 6 3 6 13 13 1 7 12 6
Plain W H E N I N T H E C O U R S E L O N G M
Cipher E Q N B T F Y R C X X L Q J N Z O Y A W

No. 2

Alpha 16 21 13 5 6 4 17 19 21 21 2 6 3 6 13 13 1 7 12 6
Plain T H E G E N E R A L A B S O L U T E L Y
Cipher P Q N T U F B W D J L Q H Y Z P T M Q I

Note, that (a) in every case in which two superimposed cipher

letters are the same, the plain text letters are identical
and (b) in every case in which two superimposed cipher
letters are the different, the plain text letters are
different. In such a system, even though the cipher alphabet
changes from letter to letter, the number cases of identity
or coincidence in the two members of a pair of superimposed
cipher letters will still be about 66 or 67 per thousand
cases examined, because the two members of each pair of
superimposed letters are in the same alphabet and it has been
seen in (4) that in monoalphabetic cipher text K is the same
as for plain text, viz, 0.667. The fact that in this case
each monoalphabet contains just two letters does not affect
the theoretical value of K (Kappa) and whether the actual
number of coincidences agrees closely with the expected
number based upon Kp = 0.0667 depends upon the lengths of the
two superimposed sequences. Messages No's 1 and 2 are said
to be superimposed correctly , that is brought into proper
juxtaposition with respect to the keying sequences.

(7) Now change the situation by changing the juxtaposition to

an incorrect superimposition with respect to the keying
sequence.

No. 1

Alpha 16 21 13 5 6 4 17 19 21 21 2 6 3 6 13 13 1 7 12 6
Plain W H E N I N T H E C O U R S E L O N G M
Cipher E Q N B T F Y R C X X L Q J N Z O Y A W

No. 2

Alpha 16 21 13 5 6 4 17 19 21 21 2 6 3 6 13 13 1 7
Plain T H E G E N E R A L A B S O L U T E
Cipher P Q N T U F B W D J L Q H Y Z P T M

It is evident that the two members of every pair are not in

the same cipher alphabets and any identical letters after
superimposition is strictly accidental. Actually the number
of repetitions will approximate Kr = 0.0385.

Note again, that in every case in which two superimposed

cipher letters are the same, the plain text letters are
not identical and in every case in which two superimposed
cipher letters are the different, the plain text letters are
no always different. Look at the superimposed T(cipher)'s
representing two different plain text letters and that the S
in "COURSE" gives the value J (cipher) and in the word
ABSOLUTELY gives H (cipher). It should be clear that an
incorrect superimposition by two different plain-text letters
enciphered by two different alphabets may "by chance" produce
identical cipher letters, which on superimposition yield
coincidence but have no external indications as to
dissimilarity in plain text equivalents. This incorrect
superimposition will coincide by a value of Kr = 0.0385.

(8) Note the two Z's and they represent the plain text L.
This occurred because the same cipher alphabet came into
play by chance twice to encipher the same plain text
letter both times. This may distort the Kr value for
some systems.

(9) In general, in the case of correct superimposition the

probability of identity or coincidence is Kp = 0.0667; in
the case of incorrect superimposition, the probability is
greater than or equal to Kr = 0.0385. The Kappa test,
aka coincidence test is defined by these values.

APPLYING THE KAPPA TEST

When we say Kp = 0.0667, this means that in a 1000 cases
where two letters are drawn at random from a large volume of
plain text, we should expect 66 or 67 cases of two letters to
coincide or be identical. Nothing is specified what these
letters shall be; they can be two Z's or two E's. Another
way is to consider that at random 6.67% of the comparisons
made will yield coincidences. So for 2000 examinations, we
expect 2000 x 6.67% = 133.4 coincidences [ use integers and
round down to 133]. Or 20,000 comparisons means 1,334
coincidences.

A more practical approach is to find the ratio of observed

number of coincidences to the total number of cases in
question that may occur, i.e. the total number of comparisons
of superimposed letters. When the ratio is closer to 0.0667
than 0.0385 the correct superimposition has been found. This
is true because both members of each pair of superimposed
letters belong to the same monoalphabet and therefore the
probability of their coinciding is 0.067; whereas, in the
case of incorrect superimposition, each pair belongs to
different monoalphabets and the probability of their
coinciding approaches 0.0385 rather than 0.0667.

To use the Kappa test requires calculating the total number

of comparisons in a given case and the actual number of
coincidences in the case under consideration. When two
messages are superimposed, the total number of comparisons
made equals the number of superimposed letters. When more
than two messages are superimposed in a superimposition
diagram (Lecture 13) it is necessary to calculate the number
of comparisons based on the number of letters in the column.

n letters = n(n-1)/2 pairs or comparisons,

in column

For a column of 3 letters , there are 3(2)/2 = 3 comparisons.

We compare the 1st with the 2nd, 2nd with 3rd and 1st with
3rd columns. The more general probability formula is

nCr = n!/r!(n-r)!

where we determine the number of combinations of n different

things taken r at a time. For two letters, r is always 2,
so n!/r!(n-r)! is the same as

n(n-1)(n-2)!/2(n-2)!

becomes n(n-1)/2

with the cancellation of terms using (n-2)!.

RULE

The number of comparisons per column times the number of

columns in the superimposition diagram of letters gives the
total number of comparisons. The extension to this reasoning
is where the superimposition diagram involves columns of
various lengths, then we add together the number of
comparisons for columns of different lengths to obtain a
grand total. Table 15-1 shows the number of letters in a
column versus the number of comparisons calculated. [FRE3]

Table 15 -1

Number of Number of Number of Number of

letters in comparisons letters in comparisons
column column

2 1 16 120
3 3 17 136
4 6 18 153
5 10 19 171
6 15 20 190
7 21 21 210
8 28 22 231
9 36 23 253
10 45 24 276
11 55 25 300
12 66 26 325
13 78 27 351
14 91 28 378
15 105 29 406
30 435

In ascertaining the number of coincidences in the case of a

column containing several letters, we still use the n(n-1)/2
formula, only in this case, n is the number of identical
letters in the column. The reasoning is essentially the same
as above. The total number of coincidences is the sum of the
number of coincidences for each case of identity.

Given the column:

C
K
B
K
Z
K
C
B
B
K

There are 10 letters with 3B's, 2C's 4K's and 1 Z. The 3B's
yield 3 coincidences, the 2 C's yield 1 coincidence, the 4
K's yield 6 coincidences. The sum is 3 + 1 + 6 = 10
coincidences in 45 comparisons = 0.2222

ENCIPHERMENT WITH SAME KEY BUT DIFFERENT INITIATION POINTS

In Lecture 13, I ended with the note that several messages

enciphered by the same keying sequence but each beginning at
a different point presented a challenge. The best attack is
that by superimposition and the Kappa test is used to
correctly line up the messages with respect to each other.

It is understood that the messages may be shifted relative to

each other at many points of superimposition but their is
only one point of superimposition for each message which
corresponds to monoalphabetic columnar superimposition of the
cipher text.

The method:

(1) Number the message according to their lengths.

(2) Fix message 1, message 2 is placed under it so that the

first pair of letters coincide.

(3) Examine, calculate total number of cases in which

superimposed letters are identical, thus the observed
number of coincidences. The total number of superimposed
pairs is calculated and multiplied by 0.0667 to find the
expected number of coincidences.

(4) If the observed number is considerably below the expected

number, or if the ratio of the observed number of
coincidences to the total is closer to 0.0385 than
0.0667, then the superimposition is wrong and we shift
message 2 one letter to the left.

(5) Repeat steps (3) - (4) until the correct superimposition

is found.

(6) Test message 3 against message 1 and then against message

2.

(7) Continue the process until all the messages are lined up
correctly.

Computers are a big help in this process.

EXAMINE OF KAPPA TEST

Given 4 messages of 30 intercepted using a long enciphered

keying sequence:

Message 1

PGLPN HUFRK SAUQQ AQYUO ZAKGA EOQCN

PRKOV HYEIU YNBON NFDMW ZLUKQ AQAHZ
MGCDS LEAGC JPIVJ WVAUD BAHMI HKORM
LTFYZ LGSOG K. [101]

Message 2
 CWHPK KXFLU MKURY XCOPH WNJUW KWIHL
OKZTL AWRDF GDDEZ DLBOT FUZNA SRHHJ
NGUZK PRCDK YOOBV DDXCD OGRGI RMICN
HSGGO PYAOY X. [101]

Message 3

WFWTD NHTGM RAAZG PJDSQ AUPFR OXJRO

HRZWC ZSRTE EEVPX OATDQ LDOQZ HAWNX
THDXL HYIGK VYZWX BKOQO AZQND TNALT
CNYEH TSCT. [99]

Message 4

TULDH NQEZZ UTYGD UEDUP SDLIO LNNBO

NYLQQ VQGCD UTUBQ XSOSK NOXUV KCYJX
CNJKS ANGUI FTOWO MSNBQ DBAIV IKNWG
VSHIE P [96]

Superimpose messages 1 and 2.

* * *
No. 1 PGLPN HUFRK SAUQQ AQYUO ZAKGA EOQCN
No. 2 CWHPK KXFLU MKURY XCOPH WNJUW KWIHL

*
No. 1 PRKOV HYEIU YNBON NFDMW ZLUKQ AQAHZ
No. 2 OKZTL AWRDF GDDEZ DLBOT FUZNA SRHHJ

* * *
No. 1 MGCDS LEAGC JPIVJ WVAUD BAHMI HKORM
No. 2 NGUZK PRCDK YOOBV DDXCD OGRGI RMICN

*
No. 1 LTFYZ LGSOG K. [101]
No. 2 HSGGO PYAOY X. [101]

The number of comparisons is 101 x 0.0667 = 7 coincidences

which is less than the observed 8. Nice start but
suspicious. Shifting one letter to right the number of
coincidences is 4. One more shift = 3. Then:

* * *
No. 1 PGLPNHUFRKSAUQQAQYUOZAKGAEOQCN
No. 2 CWHPKKXFLUMKURYXCOPHWNJUWKW

* *
No. 1 PRKOVHYEIUYNBONNFDMWZLUKQAQAHZ
No. 2 IHLOKZTLAWRDFGDDEZDLBOTFUZNASR

* **
No. 1 MGCDSLEAGCJPIVJWVAUDBAHMIHKORM
No. 2 HHJNGUZKPRCDKYOOBVDDXCDOGRGIRM

*
No. 1 LTFYZLGSOGK.
No. 2 ICNHSGGOPYAOYX. [98]

Now 98 x 0.0667 = 6.5366 versus 9 coincidences or 30% more

than the first comparison. The first test was accidental.
The jump is normal from incorrect to correct. The correct
superimposition is either 100% correct or incorrect.

Friedman suggests that tests be made first to the right and

then to the left, one letter at a time for best efficiency.
[FRE3]

It is possible to systematize our investigation by testing

three or four messages at a time.

We make a diagram where the number of coincidences are

tallied with all three messages:

1 2 3
-----------------
1| x 9 3
|
2| x x 3
|
3| x x x

The number of tallies in cell 1-2 is 9 as examined. A column

which shows identical letters in messages 1 and 3 yields a
tally in 1-3, between 2 and 3 goes to 2-3 and so forth. Only
when a superimposition yields three identical letters in a
column is a tally to be recorded in 1-3 or 1-2 (3
coincidences.

So adding message 3 to the investigation:

*
No. 1 PGLPNHUFRKSAUQQAQYUOZAKGAEOQCN
No. 2 CWHPKKXFLUMKURYXCOPHWNJUWKW
No. 3 WFWTDNHTGMRAAZGPJDSQAUPFROXJRO

* * *
No. 1 PRKOVHYEIUYNBONNFDMWZLUKQAQAHZ
No. 2 IHLOKZTLAWRDFGDDEZDLBOTFUZNASR
No. 3 HRZWCZSRTEEEVPXOATDQLDOQZHAWNX

* *
No. 1 MGCDSLEAGCJPIVJWVAUDBAHMIHKORM
No. 2 HHJNGUZKPRCDKYOOBVDDXCDOGRGIRM
No. 3 THDXLHYIGKVYZWXBKOQOAZQNDTNALT
No. 1 LTFYZLGSOGK.
No. 2 ICNHSGGOPYAOYX.
No. 3 CNYEHTSCT.

so:

1 2 3
-----------------
1| x 9 3
|
2| x x 3
|
3| x x x

Successive number of columns are examined and coincidences

(of messages 1 and 3 and 2 and 3) are tabulated. We find:

Combination Total Number Number of Coincidences

of Delta
Comparisons Expected Observed %

1 - 3 99 ~ 7 3 -57
2 - 3 96 ~ 6 3 -50
1- 2- 3 293 ~ 20 15 -21

A correct superimposition for one of the three combinations

may yield such good results as to mask the bad results for
the other two combinations.

We shift message 3 one space to the right with the following

results:

*
No. 1 PGLPNHUFRKSAUQQAQYUOZAKGAEOQCN
No. 2 CWHPKKXFLUMKURYXCOPHWNJUWKW
No. 3 WFWTDNHTGMRAAZGPJDSQAUPFROXJR

* * * *
No. 1 PRKOVHYEIUYNBONNFDMWZLUKQAQAHZ
No. 2 IHLOKZTLAWRDFGDDEZDLBOTFUZNASR
No. 3 OHRZWCZSRTEEEVPXOATDQLDOQZHAWN

* *
No. 1 MGCDSLEAGCJPIVJWVAUDBAHMIHKORM
No. 2 HHJNGUZKPRCDKYOOBVDDXCDOGRGIRM
No. 3 XTHDXLHYIGKVYZWXBKOQOAZQNDTNAL

* *
No. 1 LTFYZLGSOGK.
No. 2 ICNHSGGOPYAOYX.
No. 3 TCNYEHTSCT.
 1 2 3
-----------------
1| x 9 10
|
2| x x 7
|
3| x x x

Combination Total Number Number of Coincidences

of Delta
Comparisons Expected Observed %

1 - 3 99 ~ 7 10 +43
2 - 3 97 ~ 6 6 0
1- 2- 3 294 ~ 20 25 +25

The results are very good. We add the fourth message.

No. 1 PGLPNHUFRKSAUQQAQYUOZAKGAEOQCN
No. 2 CWHPKKXFLUMKURYXCOPHWNJUWKW
No. 3 WFWTDNHTGMRAAZGPJDSQAUPFROXJR
No. 4 TULDHNQEZZUTYGDUEDUPSDLIOLNN

No. 1 PRKOVHYEIUYNBONNFDMWZLUKQAQAHZ
No. 2 IHLOKZTLAWRDFGDDEZDLBOTFUZNASR
No. 3 OHRZWCZSRTEEEVPXOATDQLDOQZHAWN
No. 4 BONYLQQVQGCDUTUBQXSOSKNOXUVKCY

No. 1 MGCDSLEAGCJPIVJWVAUDBAHMIHKORM
No. 2 HHJNGUZKPRCDKYOOBVDDXCDOGRGIRM
No. 3 XTHDXLHYIGKVYZWXBKOQOAZQNDTNAL
No. 4 JXCNJKSANGUIFTOWOMSNBQDBAIVIKN

No. 1 LTFYZLGSOGK.
No. 2 ICNHSGGOPYAOYX.
No. 3 TCNYEHTSCT.
No. 4 WGVSHIEP.

1 2 3 4
----------------------
1| x 9 10 7
|
2| x x 7 7
|
3| x x x 5
|
 4| x x x x

Combination Total Number Number of Coincidences

of Delta
Comparisons Expected Observed %

1 - 3 96 ~ 6 7 +16
2 - 3 95 ~ 6 7 +16
3 - 4 96 ~ 6 5 -16
1,2,3,4 581 ~39 44 +10

This is actually the correct group of superimpositions.

Testing another message 4 movement to right shows us the
picture.

No. 1 PGLPNHUFRKSAUQQAQYUOZAKGAEOQCN
No. 2 CWHPKKXFLUMKURYXCOPHWNJUWKW
No. 3 WFWTDNHTGMRAAZGPJDSQAUPFROXJR
No. 4 TULDHNQEZZUTYGDUEDUPSDLIOLN

No. 1 PRKOVHYEIUYNBONNFDMWZLUKQAQAHZ
No. 2 IHLOKZTLAWRDFGDDEZDLBOTFUZNASR
No. 3 OHRZWCZSRTEEEVPXOATDQLDOQZHAWN
No. 4 NBONYLQQVQGCDUTUBQXSOSKNOXUVKC

No. 1 MGCDSLEAGCJPIVJWVAUDBAHMIHKORM
No. 2 HHJNGUZKPRCDKYOOBVDDXCDOGRGIRM
No. 3 XTHDXLHYIGKVYZWXBKOQOAZQNDTNAL
No. 4 YJXCNJKSANGUIFTOWOMSNBQDBAIVIK

No. 1 LTFYZLGSOGK.
No. 2 ICNHSGGOPYAOYX.
No. 3 TCNYEHTSCT.
No. 4 NWGVSHIEP.

1 2 3 4
----------------------
1| x 9 10 3
|
2| x x 7 3
|
3| x x x 2
|
4| x x x x

Combination Total Number Number of Coincidences

of Delta
Comparisons Expected Observed %
 1 - 3 96 ~ 6 3 -50
2 - 3 96 ~ 6 3 -50
3 - 4 96 ~ 6 2 -83
1,2,3,4 582 ~39 33 -18

SUBSEQUENT SOLUTION STEPS

These four messages were enciphered by a long keying

sequence. We now have found the correct superimposition of
the four messages. Therefore, the text has been reduced to
monoalphabetic columnar form and can be solved. What was not
given on this example was that the enciphering device was a
U. S. Army Cipher Disk and that the key was intelligent as
well as the alphabets are reversed standard.

It doesn't matter to the Kappa test what kind of cipher

alphabets were used or whether or not the key is random or
intelligent. We try our favorite technique - the probable
word on message 1 of DIVISION.

Ciphertext P G L P N H U F R K S A U Q Q
Assumed Plain D I V I S I O N
Resultant Key S O G X F

nope, shift one letter right.

Ciphertext P G L P N H U F R K S A U Q Q
Assumed Plain . D I V I S I O N
Resultant Key . J T K

nope, shift one more, and one and finally to the end with no
resultant intelligent key.

Ciphertext P G L P N H U F R K S A U Q Q
Assumed Plain R E G I M E N T N O
Resultant Key E L A N D O F T H E

which suggests LAND of T(HE) which yields REGIMENT NO. More

assumptions yield an E before LAND and the cipher text
yielding IS for the plain. The process continues one letter
at a time and checking the cipher versus the plain for
reconstructive clues.

We can use all four messages to gives us clues by multiple

superimposition.

Key E L A N D O F T
No 1 Ciphertext P G L P N H U F R K S A U Q Q
Plain R E G I M E N T

No 2 Ciphertext C W H P K K X F L U M K
Plain I E L D T R A I

No 3 Ciphertext W F W T D N H T G M R A A Z
Plain L I N G K I T C
No 4 Ciphertext T U L D H N Q E Z Z U T Y
Plain T I T A N K G U

We see No. 2 gives us FIELD TRAIN, No 3 has ROLLING KITCHEN,

and No 4 with ANTITANK GUN. These words yield additional
letters. If the key is unintelligent text we use the
messages against each rather than against the key.

UNKNOWN SEQUENCES

The previous example assumed a known cipher alphabet. When

it is not known, Data for solution by indirect symmetry by
detection of isomorphs cannot be expected, for isomorphs may
not be produced by the system. Solution can be reached only
if there is sufficient text to permit analysis of columns for
superimposition diagram. Large amount of text yields
repetitions and the basis for probable word assumption.
After establishment of a few values for cipher text letters
does indirect symmetry come into play. Each column requires
15 -20 letters minimum. These can be studied statistically
and if two columns have similar characteristics, they may be
combined using the cross product test.

RUNNING KEY PRINCIPLE

The running - key principle may be interesting in principle

but difficult in practice. Mistakes in encipherment or
transmission, essentially decrease the likely hood of the
correct decipherment. The running Key does improve
cryptographic security but the mechanical details involved in
the production, reproduction, and distribution of such keys
represents a formidable challenge - enough to destroy the
effectiveness of the system for practical purposes
(voluminous communication).

Suppose a basic unintelligible, random sequence of keying

characters which is not derived from the interaction of two
or more shorter keys and which NEVER repeats is employed only
ONCE as a key for encipherment. Can such a cryptogram be
solved. No. No method of attack will solve this because the
system is not uniquely solvable.

Two things are required for solution: the logical answer must
be offered and it must be unique. The Bacon-Shakespeare
"cryptographers tend to overlook the latter issue.
To attempt to solve a cryptogram enciphered as previously
described is like solving an equation in two unknowns with
absolutely no data available for solution but the solution
itself. The key is one unknown and the plain text is the
other. Any one quantity may be chosen and yield a viable
result without the required uniqueness constraint being
observed. There are an infinite number of solutions
possible.
The problem is better defined when the running key
constitutes intelligent test, or if it is used to encipher
more than one message, or if it is the secondary result of
the interaction of two or more short primary keys which go
thru cycles themselves. The additional information in these
cases are enough to meet the uniqueness constraint.

CROSS-PRODUCT TEST OR CHI [X]

The KAPPA test is used to prepare data for analysis. It

circumvents the polyalphabetic obstacle. It moves the
solution from polyalphabetic to monoalphabetic terms. The
solution can be reached if their is some cryptographic
relationship between the columns, or the letters can be
combined into a single frequency distribution.

The amount of data has to be sufficient for comparison

purposes and this depends on the type of cipher alphabets
involved. Although the superimposition diagram may be
composed of many columns, often only a relatively small
number of different cipher alphabets are put into play.
The number of times that a secondary alphabet is employed is
directly related to the key text or number of keying elements
in the sequence.

In the running-key cipher using a long phrase or book as a

key, the key is intelligible text and it follows that the
secondary alphabets will be employed with frequencies
directly related to the respective frequencies of occurrence
of letters of plain text. The key letter 'E' alphabet should
be most frequent, 'T' next and so forth. J, K, Q, X, Z are
improbable, so the cryptanalyst usually handles no more than
19-20 secondary alphabets.

It is possible to study the various distributions for the

columns of the superimposition diagram with the view of
assembling those distributions which belong to the same
cipher alphabet, say 'E', thus making the determination of
values easier in a combined distribution.

If the key is random text, and assuming sufficient text

within the columns, the columnar frequency distributions may
afford the opportunity to amalgamate a large number of small
distributions into a smaller number of larger distributions.
This is known as matching and we use the Cross-Product or Chi
Test, aka X test.

The Chi test is used to identify distributions which belong

to the same cipher alphabet. It is used when the amount of
data is not very large.

DERIVATION OF CHI TEST [KULL]

The theory of monographic coincidence in plain text was

originally developed by Friedman and applied in his technical
paper written in 1925 dealing with his solution of messages
enciphered by a cryptographic machine known as the "Herbern
Electric Super-Code." The paper is among the Riverbank
Publications in 1934.

The probability of coincidence of two A's in plain text is

the square of the probability of occurrence of the single
letter A in such text. Samething with B's through Z's.
The sum of these squares for all letters of the alphabet as
shown in Table 15-2, is found to be 0.0667. This is almost
double the combined probability of random text for hitting
two random text letters coincidentally or:

26 letters x 1/26 x 1/26 = 1/26 = 0.0385 = Kr

Table 15-2

Letter Frequency in Probability Square of

1000 Letters of Occurrence Probability
Separately of Separate
Occurrence
-----------------------------------------------------------
A 73.66 0.0737 0.0054
B 9.74 .0097 .0001
C 30.68 .0307 .0009
D 42.44 .0424 .0018
E 129.96 .1300 .0169
F 28.32 .0283 .0008
G 16.38 .0164 .0003
H 33.88 .0339 .0012
I 73.52 .0735 .0054
J 1.64 .0016 .0000
K 2.96 .0030 .0000
L 36.42 .0364 .0013
M 24.74 .0247 .0006
N 79.50 .0795 .0063
O 75.28 .0753 .0057
P 26.70 .0267 .0007
Q 3.50 .0035 .0000
R 75.76 .0758 .0057
S 61.16 .0612 .0037
T 91.90 .0919 .0084
U 26.00 .0260 .0007
V 15.32 .0153 .0002
W 15.60 .0156 .0002
X 4.62 .0046 .0000
Y 19.34 .0193 .0004
Z .98 .0010 .0000
 ---------------------------------------------------------
Total 1,000.00 1.0000 0.0667

We have seen this value before as Kp. It is the probability

that any two letters selected at random in a large volume of
normal English plain text will coincide.

Given a 50 letter plain-text distribution:

3 1 1 7 1 2 3 1 2 5 6 2 5 6 2 2
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

The number of pairings that can be made are n (n-1)/2 =

(50 x 49)/2 = 1,225 comparisons. According to the theory of

coincidences, there should be 1,225 x 0.0667 = 81.7065 or
approximately 82 coincidences of single letters. We look at
the distribution and finds there are 83 for a very close
agreement. [N(N-1)/2]

3 1 1 7 1 2 3 1 2 5 6 2 5 6 2 2
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
3+0+0+1+21+0+0+1+3+0+0+0+1+10+15+0+0+1+10+15+1+0+1+0+0+0=83

If N is the total number of letters in the distribution, then

the number of comparisons is N(N-1)/2 and the expected number
of coincidences may be written:

.0067N(N-1)/2

or (.0067N**2 - 0.0667N)/2 eq. I

If we let Fa = number of occurrences of A in the foregoing

distribution, the number of coincidences for letter A is
Fa(Fa-1)/2. Similarly for B, we have Fb(Fb-1)/2. The total
number of coincidences for the distribution is:

Fa(Fa-1)/2 +Fb(Fb-1)/2+...+Fz(Fz-1)/2.

Let Fa = any letter A..Z and d = the sum of all terms that
follow it. The distribution d(Fa**2-Fa)/2 represents the
actual coincidences.

Although derived from different sources we equate the terms.

d(Fa**2-Fa)/2 = (.0067N**2 - 0.0667N)/2

and dFa = N

d(Fa**2-Fa) = (.0067N**2 - 0.0667N)

dFa**2 - N = (.0067N**2 - 0.0667N)

dFa**2 = .0067N**2 + 0.9333N eg. II

Equation II tells us the sum of the squares of the absolute

frequencies of a distribution is equal to 0.0667 times the
square of the total number of letters in the distribution,
plus 0.933 times the total number of letters in the
distribution. We let S2 replace dFa**2.

Suppose two monoalphabetic distributions pertain to the same

cipher alphabet. If they are to be correctly combined into a
single distribution, the latter must still be monoalphabetic.
We use subscripts 1 and 2 to indicate the distributions in
question. So:

d(Fa1+Fa2)**2 = .0067(N1+N2)**2 + 0.9333(N1+N2)

expanding terms:

dFa1**2 +2dFa1Fa2 +dFa2**2 =0.0667(N1**2 +2N1N2 + N2**2) +

.9333N1 +.9333N2 eq. III

dFa1**2 = .0067N1**2 + 0.9333N1

dFa2**2 = .0067N2**2 + 0.9333N2

and rearranging:

.0667N1**2 +.9333N1 +2dFa1Fa2 + .0667 N2**2 + .9333N2 =

.0667(N1**2 +2N1N2 +N2**2) + .9333N1 +.9333N2

further reducing:

2dFa1Fa2 = 0.667 (2N1N2)

finally:

dFa1Fa2 = 0.667 eq. IV

-------
N1N2

This equation permits the establishment of an expectant value

for the sum of products of the corresponding frequencies of
the two distributions being considered for amalgamation. The
Chi test or Cross-product test is based on Equation IV.

Given two distributions to be matched:

1 4 3 1 1 1 1 3 2 2 1 1 3 2
F1 - A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

2 3 1 1 1 1 3 1 1 1 2
F2 - A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
We juxtapose the frequencies for convenience.

N1 = 26
Fa1 1 4 3 1 1 1 1 3 2 2 1 1 3 2
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Fa2 2 3 1 1 1 1 3 1 1 1 2
N2 = 17
Fa1Fa2 0 8 0 0 0 3 0 0 1 0 0 0 0 0 1 0 0 9 2 2 0 0 0 0 0 4
d=30

N1N2 = 26 x 17 = 442

dFa1Fa2 30
------- = -- = 0.0711
N1N2 442

or 442 x 0.0667 = 28.15 expected value versus 30. The two

distributions very probably belong together.

To point out the effectiveness of the correct Chi test

placement, we look at the example but juxtaposed one interval
to the left.

N1=26
1 4 3 1 1 1 1 3 2 2 1 1 3 2
F1 - A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
F2 - B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
2 3 1 1 1 1 3 1 1 1 2
N2=17
Fa1Fa2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3 2 0 0 0 0 3 0 0
dFa1Fa2=2+3+2+3= 10

dFa1Fa2 10
-------- = ---- = 0.226
N1N2 442

Thus, if the two distribution pertain to the same primary

components then they are not properly superimposed. The Chi
test may be applied also to cases where two or more frequency
distributions must be shifted relatively in order to find the
correct superimposition. The problem determines whether we
use direct superimposition or shifted superimposition of the
second distribution in question.

APPLYING THE CHI TEST TO PROGRESSIVE-ALPHABET SYSTEM

We assume for this example that the secondary alphabets were

derived from the interaction of two identical mixed primary
components. The cipher alphabet is based on HYDRAYLIC...Z
sequence shifted one letter to the right for each encipher-
ment. Based on Figure 15-1, the horizontal sequences are all
identical and shifted relatively. The letters inside the
square are plain-text letters.

Instead of letters in the cells of the square we tally the

normal frequencies of the letters occupying the respective
cells. For the first 3 rows we have:

1 . . . 5 . . . . 10 . . . . 15 . . . . 20 . . . . . 26

A 7 3 4 8 3 1 12 3 2 3 8 7 3 6 9 1 1 3 2 4 8
B 112 3 2 3 8 7 3 6 9 1 1 3 2 4 8 7 3 8 3 1
C 3 112 3 2 3 8 7 3 6 9 1 1 3 2 4 8 7 3 4 8

The shift required in this case is 5 to the right to match up

A and B. Note that amount of displacement, or number of
intervals, the B sequence must be shifted to make it match A
sequence corresponds exactly to the distance between the
letters A and B in the primary cipher component.

..... A U L I C B ......
0 1 2 3 4 5

The fact that the primary plain component is identical with

the primary cipher component is coincidental. The
displacement interval is being measured on the cipher
component.

The Given Cipher message is written into a 26 column (26

alphabets) square rather than the standard 5 letter groups.

FIGURE 15-1

ALPHABET NO

1 5 10 15 20 26
A | AULICBEFGJKMNOPQSTVWXZHYDR
B | BEFGJKMNOPQSTVWXZHYDRAULIC
C | CBEFGJKMNOPQSTVWXZHYDRAULI
D | DRAULICBEFGJKMNOPQSTVWXZHY
E | EFGJKMNOPQSTVWXZHYDRAULICB
F | FGJKMNOPQSTVWXZHYDRAULICBE
C H | HYDRAULICBEFGJKMNOPQSTVWXZ
I I | ICBEFGJKMNOPQSTVWXZHYDRAUL
P J | JKMNOPQSTVWXZHYDRAULICBEFG
H K | KMNOPQSTVWXZHYDRAULICBEFGJ
E L | LICBEFGJKMNOPQSTVWXZHYDRAU
R M | MNOPQSTVWXZHYDRAULICBEFGJK
N | NOPQSTVWXZHYDRAULICBEFGJKM
O | OPQSTVWXZHYDRAULICBEFGJKMN
L P | PQSTVWXZHYDRAULICBEFGJKMNO
E Q | QSTVWXZHYDRAULICBEFGJKMNOP
T R | RAULICBEFGJKMNOPQSTVWXZHYD
T S | STVWXZHYDRAULICBEFGJKMNOPQ
E T | TVWXZHYDRAULICBEFGJKMNOPQS
 R U | ULICBEFGJKMNOPQSTVWXZHYDRA
V | VWXZHYDRAULICBEFGJKMNOPQST
W | WXZHYDRAULICBEFGJKMNOPQSTV
X | XZHYDRAULICBEFGJKMNOPQSTVW
Y | YDRAULICBEFGJKMNOPQSTVWXZH
Z | ZHYDRAULICBEFGJKMNOPQSTVWX

1 . . . 5 . . . .10 . . . .15 . . . .20 . . . . . 26

1 W G J J M M M J X E D G C O C F T R P B M I I I K Z
2 R Y N N B U F R W W W W Y O I H F J K O K H T T A Z
3 C L J E P P F R W C K O O F F F G E P Q R Y Y I W X
4 M X U D I P F E X M L L W F K G Y P B B X C H B F Y
5 I E T X H F B I V D I P N X I V R P W T M G I M P T
6 E C J B O K V B U Q G V G F F F K L Y Y C K B I W X
7 M X U D I P F F U Y N V S S I H R M H Y Z H A U Q W
8 G K T I U X Y J J A O W Z O C F T R P P O Q U S G Y
9 C X V C X U C J L M L L Y E K F F Z V Q J Q S I Y S
10 P D S B B J U A H Y N W L O C X S D Q V C Y V S I L
11 I W N J O O M A Q S L W Y J G T V P Q K P K T L H S
12 R O O N I C F E V M N V W N B N E H A M R C R O V S
13 T X E N H P V B T W K U Q I O C A V W B R Q N F J V
14 N R V D O P U Q R L K Q N F F F Z P H U R V W L X G
15 S H Q W H P J B C N N J Q S O Q O R C B M R R A O N
16 R K W U H Y Y C I W D G S J C T G P G R M I Q M P S
17 G C T N M F G J X E D G C O P T G P W Q Q V Q I W X
18 T T T C O J V A A A B W M X I H O W H D E Q U A I N
19 F K F W H P J A H Z I T W Z K F E X S R U Y Q I O V
20 R E R D J V D K H I R Q W E D G E B Y B M L A B J V
21 T G F F G X Y I V G R J Y E K F B E P B J O U A H C
22 U G Z L X I A J K W D V T Y B F R U C C C U Z Z I N
23 N D F R J F M B H Q L X H M H Q Y Y Y M W Q V C L I
24 P T W T J Y Q B Y R L I T U O U S R C D C V W D G I
25 G G U B H J V V P W A B U J K N F P F Y W V Q Z Q F
26 L H T W J P D R X Z O W U S S G A M H N C W H S W W
27 L Y R Q Q U S Z V D N X A N V N K H F U C V V S S S
28 P L Q U P C V V V W D G S J O G T C H D E V Q S I J
29 P H Q J A W F R I Z D W X X H C X Y C T M G U S E S
30 N D S B B K R L V W R V Z E E P P P A T O I A N E E
31 E E J N R C Z B T B L X P J J K A P P M J E G I K R
32 T G F F H P V V V Y K J E F H Q S X J Q D Y V Z G R
33 R H Z Q L Y X K X A Z O W R R X Y K Y G M G Z B Y N
34 V H Q B R V F E F Q L L W Z E Y L J E R O Q S O Q K
35 O M W I O G M B K F F L X D X T L W I L P Q S E D Y
36 I O E M O I B J M L N N S Y K X J Z J M L C Z B M S
37 D J W Q X T J V L F I R N R X H Y B D B J U F I R J
38 I C T U U U S K K W D V M F W T T J K C K C G C V S
39 A G Q B C J M E B Y N V S S J K S D C B D Y F P P V
40 F D W Z M T B P V T T C G B V T Z K H Q D D R M E Z
41 O O

A frequency distribution square is compiled, each column of

the text forming a separate distribution in columnar form in
the square. See Figure 15-2. Note the size of each
distribution on the right side of the square under N.

The Chi test is applied to the horizontal rows in the square.

Since the test is statistical, it is more reliable as the
size of the distribution increases. We choose the V and W
distributions because they have the greatest total number of
tallies at 53 and 52 occurrences, respectively.

Figure 15-2

1 . . . 5 . . . .10 . . . .15 . . . .20 . . . . . 26 N

A 1 1 1 4 1 3 1 1 3 2 3 3 1 25
B 6 3 3 7 1 1 1 1 2 1 2 1 8 1 4 43
C 2 3 2 1 3 1 1 1 1 1 2 4 2 1 5 2 6 4 2 1 45
D 1 4 4 2 2 7 1 1 2 1 3 3 1 1 1 34
E 2 3 2 1 4 2 1 4 2 3 2 1 2 1 1 3 1 35
F 2 4 2 3 7 1 1 2 1 6 3 9 3 2 2 1 1 1 51
G 3 6 1 1 1 1 1 4 2 1 4 3 1 1 3 2 3 2 39
H 5 7 4 1 3 4 2 6 2 2 2 1 38
I 4 2 3 2 2 2 1 3 1 1 4 1 3 2 8 4 2 45
J 1 4 3 4 4 3 6 1 3 4 2 1 3 2 4 2 2 50
K 3 2 3 3 4 6 2 2 2 2 1 2 2 2 1 37
L 2 2 1 1 1 2 2 7 4 1 2 1 1 1 1 3 1 1 33
M 2 1 1 3 1 5 1 3 2 1 2 4 7 3 1 37
N 3 2 5 1 7 1 3 2 3 1 1 1 4 34
O 2 3 1 6 1 2 2 1 5 4 2 1 3 1 2 2 38
P 4 2 9 1 1 1 1 1 1 1 9 5 1 2 1 3 43
Q 5 3 1 1 1 1 3 2 2 3 2 5 1 7 5 3 45
R 5 2 1 1 2 1 4 1 1 3 1 2 1 3 4 3 4 1 3 1 2 46
S 1 2 2 1 5 4 1 4 1 3 6 1 8 39
T 3 2 6 1 2 2 1 1 1 2 6 4 3 2 1 1 39
U 1 3 3 2 4 2 2 1 2 1 1 1 2 1 2 4 1 33
V 1 2 2 6 4 8 7 2 1 1 1 1 1 6 4 2 4 53
W 1 1 5 3 1 2 8 1 7 6 1 2 3 2 1 2 4 2 52
X 4 1 3 2 1 5 3 2 3 2 3 1 2 1 1 3 37
Y 1 1 3 3 1 4 4 2 1 4 2 4 3 5 1 2 3 44
Z 2 1 1 1 3 1 2 2 2 2 1 3 3 3 27
1 . . . 5 . . . .10 . . . .15 . . . .20 . . . . . 26

The results of three relative displacements are given.

Test 1
 FV 1 2 2 6 4 8 7 2 1 1 1 1 1 6 4 2 4
1 . . . 5 . . . .10 . . . .15 . . . .20 . . . . . 26
FW 4 2 1 1 5 3 1 2 8 1 7 6 1 2 3 2 1 2
24. . 1 . . . 5 . . . .10 . . . .15 . . . .20 . . .
FVFW 4 1018 8 14 14 6 1 18 2 8

NV = 53, NW =52
dFVFW = 103

dFVFW = 103
----- --- = 0.037 nok.
NVNW 2756

Test 2

FV 1 2 2 6 4 8 7 2 1 1 1 1 1 6 4 2 4
1 . . . 5 . . . .10 . . . .15 . . . .20 . . . . . 26
FW 2 3 2 1 2 4 2 1 1 5 3 1 2 8 1 7 6 1
. .20 . . . 24. . 1 . . . 5 . . . .10 . . . .15 . .
FVFW 2 4 16 16 35 2 2 8 1 36

NV = 53, NW =52
dFVFW = 122

dFVFW = 122
----- --- = 0.044 nok.
NVNW 2756

Test 3

FV 1 2 2 6 4 8 7 2 1 1 1 1 1 6 4 2 4
1 . . . 5 . . . .10 . . . .15 . . . .20 . . . . . 26
FW 3 1 2 8 1 7 6 1 2 3 2 1 2 4 2 1 1 5
. 5 . . . .10 . . . .15 . . . .20 . . . . .26 1 . .
FVFW 3 2 4 48 4 56 7 4 3 2 1 2 24 8 2 20

NV = 53, NW =52
dFVFW = 190

dFVFW = 190
----- --- = 0.069 OK!
NVNW 2756

More tests would indicate that we have found the best

correlation for these two cipher alphabets. Therefore, the
primary cipher component has the letters V and W in these
positions. The 4th cell of the W distribution must be placed
under the 1 st cell of the V distribution per Test 3.

1 2 3 4
. . . V . . W . . .

The next best row is F with 51 occurrences. We must test

this row against V, W, and V+W. Test 4,5 and 6 show the
correct superimpositions for the F row. Note that the
computer can be a big time help in this evaluation.

Test 4

FV 1 2 2 6 4 8 7 2 1 1 1 1 1 6 4 2 4
1 . . . 5 . . . .10 . . . .15 . . . .20 . . . . . 26
FF 1 1 2 1 6 3 9 3 2 2 1 1 1 2 4 2 3 7
. .10 . . . .15 . . . .20 . . . . .26 1 . . . 5 . .
FVFF 1 4 36 12 72 14 2 1 1 1 2 24 8 6 28

NV = 53, NF =51
dFVFF = 212

dFVFW = 212
----- --- = 0.078
NVNF 2703

Test 5

FW 1 1 5 3 1 2 8 1 7 6 1 2 3 2 1 2 4 2
1 . . . 5 . . . .10 . . . .15 . . . .20 . . . . . 26
FF 3 7 1 1 2 1 6 3 9 3 2 2 1 1 1 2 4 2
5 . . . .10 . . . .15 . . . .20 . . . . .26 1 . . .
FVFF 3 35 2 48 3 63 18 2 6 2 1 4 16 4

NW = 52, NF =51
dFWFF = 210

dFWFF = 210
----- --- = 0.078
NWNF 2703

Test 6

FV+W 4 3 414 515 6 8 4 4 1 3 2 3 10 6 1 3 9

1 . . . 5 . . . .10 . . . .15 . . . .20 . . . . . 26
FF 1 1 2 1 6 3 9 3 2 2 1 1 1 2 4 2 3 7
. .10 . . . .15 . . . .20 . . . . . 26 1 . . . 5 . .
FV+W 4 6 84 15 35 18 16 8 1 3 21 6 40 12 9 63
*FF
N(V+W) = 105, NF = 51
dF(W+V)FF = 422

dF(W+V)FF = 422
-------- --- = 0.079
N(W+V)NF 5355

This test yield the sequence:

1 2 3 4 5 6 7 8 9

V . . W . . . F .

As the work progresses, we use smaller and smaller

distributions. This decrease in information is
counterbalanced by the number of superimpositions being
reduced as the primary cipher alphabet comes to the surface.

The completely reconstructed primary cipher component (both

plain and cipher were specified as identical) is:

1 . . . 5 . . . .10 . . . .15 . . . .20 . . . . . 26

V A L W N O X F B P Y R C Q Z I G S E H T D J U M K

In practice, the matching process would be interrupted after

a few letters of the primary component were retrieved and the
skeleton of a few words became apparent.

We ascertain the initial position for the primary cipher

component and decipher the cryptogram.

1 . . . 5 . . . .10 . . . .15 . . . .20 . . . . . 26

1 W G J J M M M J X E D G C O C F T R P B M I I I K Z
W I T H T H E I M P R O V E M E N T S I N T H E A I

2 R Y N N B U F R W W W W Y O I H F J K O K H T T A Z
R P L A I N A N D T H E M E A N S O F C O M M U N I

3 C L J E P P F R W C K O O F F F G E P Q R Y Y I W X
C A T I O N A N D W I T H T H E V A S T S I Z E O F

...... and so forth.

The interesting point is that all the tallies in the

frequency square were made of cipher letters occuring in the
cryptogram, and the tallies represented their actual
occurences. We compared cipher alphabet to cipher alphabet.
The plain text letters were held as unknown through out the
process.

CRACKING THE PROGRESSIVE CIPHER USING INDIRECT SYMMETRY

What happens when we do not have enough data to foster the

statistical attack? We can use indirect symmetry because of
certain phenomena arising from the mechanics of the
progressive cipher encipherment method itself.

Take:

Plain HYDRAULICBEFGJKMNOPQSTVWXZ
Cipher FBPYRCQZIGSEHTDJUMKVALWNOX

Encipher FIRST BATTALION by the progressive method sliding

the cipher component to the left one interval after each
encipherment.:

1 2 3 4 5 6 7 8 91011121314
Plain F I R S T B A T T A L I O N
Cipher E I C N X D S P Y T U K Y Y
Index F E B C I L U A R D Y H Z X
shift(-) 1 2 3 4 5 6 7 8 910111213

Repeated letters in the text are two I's, three T's and two
A's. Lets look at them:

F I R S T B A T T A L I O N
1 2 3 4 5 6 7 8 91011121314
Plain . I . . . . . . . . . I . .
Cipher . I . . . . . . . . . K . .
Plain . . . . T . . T T . . . . .
Cipher . . . . X . . P Y . . . . .
Plain . . . . . . A . . A . . . .
Cipher . . . . . . S . . T . . . .

The two I's are 10 letters apart in both the plain and cipher
components. Since the cipher component is displaced one step
after each encipherment, two identical letters n intervals
apart in the plain text must yield cipher equivalents which
are n intervals apart in the cipher component. This leads to
the probable word and indirect symmetry attack on the
progressive cipher.

A second flaw concerns the repeated cipher letters. Look at

the three Y's.

1 2 3 4 5 6 7 8 91011121314
Plain . . . . . . . . T . . . O N
Cipher . . . . . . . . Y . . . Y Y

Reference to the plain component shows that the N O . . . T

is reversed in order with respect to the plain text. The
intervals are correct. Since the cipher component is shifted
one to the left each encipherment, two identical letters n
intervals apart in the cipher text must yield plain text
equivalents which are n intervals apart in the cipher
component. If the cipher is displaced to the left than the
order of the plain is logically reversed.

Given the following message, which is assumed to start with

the military greeting COMMANDING GENERAL FIRST ARMY (probable
words) the data yielded by this assumption is:

IKMKI LIDOL WLPNM VWPXW DUFFT

FNIIG XGAMX CADUV AZVIS YNUNL ...

1.......................26

Plain (assumed) COMMANDINGGENERALFIRSTARMY

Cipher IKMKILIDOLWLPNMVWPXWDUFFTF

Set up the decryption square in Figure 15-3.

Figure 15-3

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 I
2 K
3 M
4 K
5 I
6 L
7 I
8 D
9 O
10 L
11 W
12 L
13 P
14 N
15 M
16 V
17 W
18 P
19 X
20 W
21 D
22 U
23 F
24 F
25 T
26 F

Applying indirect symmetry to the above square gives:

1 . . . 5 . . . .10 . . . .15 . . . .20 . . . . . 26

Plain A L I C E F G M N O S Y D R
Cipher M K V . L W N O . F . P . . . . . I . . . . T
 D . . . . . . . . . . M

Setting C (plain) = I (cipher) for the first encipherment,

the 8th value, I (plain) = D (cipher) which yields D and
eventually X. We use the partial sequences to unlock other
letters. Using the word ARMY we open the gaps some more.

1 2 3 4 5 6 7 8 9 10 11 12
Plain N I I G X G A M X C A D
Cipher . I L . . . . E O . . R

The next word after ARMY might be WILL. We then insert the
W in the plain and G in the Cipher.

The presence of MMM, WWW, FFF in the cipher might be a short

word used several time.. hmm how about THE?? replacing any
one of the triplets with THE, applying indirect symmetry, we
may have a wedge.

MACHINE CRYPTOGRAPHY

The principles discussed in the previous paragraph may be

used with progressive systems in which the interval is > 1
and with modifications to those intervals which are irregular
but follow a pattern such as 1-2-3, 1-2-3, ... or 2-5-7-3-1,
2-5-7-3-1- and so on. The latter type of progression is
encountered in certain mechanical cryptographs. [FRE3]

THE PHI TEST h FOR MONOALPHABETICITY

The Chi test is based on the general theory of coincidences

and the probability constants Kp and Kr. Now two
monoalphabetic distributions when correctly combined will
yield a single distribution which still will be
monoalphabetic in character. The Phi (h) test is used to
confirm that a distribution is in fact alphabetic.

DERIVATION Of PHI h TEST

Start with a uniliteral frequency distribution, the total

number of pairs of letters for comparison purposes is:

N(N-1)/2 for N letters

from the discussion on the Chi (a) test we found that the
expected value of Fa(Fa-1)/2 +..+Fz(Fz-1) for A...Z is equal
to the theoretical number of coincidences of two letters to
be expected in N(N-1)/2 for N letters, which for normal
English plaintext is Kp x N(N-1)/2 and for random text is Kr
x N(N-1)/2.

d Fi (Fi-1) = E(hp) = Kp x N(N-1)

for i= A to Z for plain text

d Fi (Fi-1) = E(hr) = Kr x N(N-1)

 for i= A to Z for random text

E(a) means the average or expected value of the expression in

parenthesis, Kp = 0.0667 for normal English plain text, Kr =
0.0385 for random English text (26 letters).

Example 1:

Is the following enciphered monoalphabetically:

1 1 2 3 4 2 1 4 2 1 1 3 N=25
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

E(ao) = 1x0+1x0+2x1+3x2+4x3+2x1+1x0+4x3+2x1+1x0+1x0+3x2=
2+6+12+2+12+2+6 = 42 o = observed

E(ap) = Kp x N(N-1) = 0.0667 x 25 x 24 = 40 plain

E(ar) = Kr x N(N-1) = 0.0385 x 25 x 24 = 23.1 random

Since the E(ao) =42 is closer to E(ap) = 40, the distribution

is most likely monoalphabetic.

Example 2:

Y O U I J Z M M Z Z M R N Q C X I Y T W R G K L H

The distribution is

1 1 1 2 1 1 1 3 1 0 2 1 2 1 1 1 1 2 3 N=25
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

d Fi(Fi-1) = 18

Since E(ar) is closer to E(ao) the enciphement is probabably

polyalphabetic to suppress the frequency distribution. The
message was enciphered actually by 25 alphabets used in
sequence.

LOGARITHMIC WEIGHT: CHI SQUARED TEST

Gleason discusses an important application of the theory of

testing hypothesis. Given a number of messages, some of which
are transposed English text and some are flat text. We want
to develop a test for picking out the transpositions, and to
accomplish this is possible to frame a statistical hypothesis
concerning each message. Gleason discusses a 5 step
procedure to 1) obtain probability information, 2) calculate
its critical region, 3) differentiate by weighted logs 4)
calculate the values of alpha and beta statistical inference
5) examine the normal distribution for given values of alpha
and beta. The answer tells us how many letters to examine at
some level of certainty to determine if we are dealing with a
transposition. Chapter 13 Problem 1 gives a reasonable look
at the process. [GLEA] Problems 2 and 3 look at the concept
of Bayesian probability applied to transposition problems and
should be of interest.

WITZEND'S TABLES TO AID CRYPTARITHM SOLUTION

WITZEND has graciously produced several cryptarithmic tables

to aid in solution for problems involving bases from ten to
sixteen. They are given as Tables 15 - 3 through 15 - 9 and
should ease the pain.

Table 15 - 3
DECIMAL - BASE 10

ADDITION

0 1 2 3 4 5 6 7 8 9
----------------------------
0 | 0 1 2 3 4 5 6 7 8 9
1 | 1 2 3 4 5 6 7 8 9 10
2 | 2 3 4 5 6 7 8 9 10 11
3 | 3 4 5 6 7 8 9 10 11 12
4 | 4 5 6 7 8 9 10 11 12 13
5 | 5 6 7 8 9 10 11 12 13 14
6 | 6 7 8 9 10 11 12 13 14 15
7 | 7 8 9 10 11 12 13 14 15 16
8 | 8 9 10 11 12 13 14 15 16 17
9 | 9 10 11 12 13 14 15 16 17 18

MULTIPLICATION

0 1 2 3 4 5 6 7 8 9
----------------------------
0 | 0 0 0 0 0 0 0 0 0 0
1 | 0 1 2 3 4 5 6 7 8 9
2 | 0 2 4 6 8 10 12 14 16 18
3 | 0 3 6 9 12 15 18 21 24 27
4 | 0 4 8 12 16 20 24 28 32 36
5 | 0 5 10 15 20 25 30 35 40 45
6 | 0 6 12 18 24 30 36 42 48 54
7 | 0 7 14 21 28 35 42 49 56 63
8 | 0 8 16 24 32 40 48 56 64 72
9 | 0 9 18 27 36 45 54 63 72 81

N 1 2 3 4 5 6 7 8 9
----------------------------------------------------
N Square 1 4 9 16 25 36 49 64 81
N Cube 1 8 27 64 125 216 343 512 729
N Fourth 1 16 81 256 625 1296 2401 4096 6561
N Fifth 1 32 243 1024 3125 7776 16807 32768 59049
N Sixth 1 64 729 4096 15625 46656 117649 262144 531441
N Sevnth 1 128 2187 16384 78125 279936 823543 2097152 4782969

X 2 4 5 5 5 5 6 8
Y 6 6 3 5 7 9 6 6
X * Y 12 24 15 25 35 45 36 48

Table 15 - 4
UNDECIMAL - BASE 11

ADDITION

1 2 3 4 5 6 7 8 9 A
----------------------------
1 | 2 3 4 5 6 7 8 9 A 10
2 | 3 4 5 6 7 8 9 A 10 11
3 | 4 5 6 7 8 9 A 10 11 12
4 | 5 6 7 8 9 A 10 11 12 13
5 | 6 7 8 9 A 10 11 12 13 14
6 | 7 8 9 A 10 11 12 13 14 15
7 | 8 9 A 10 11 12 13 14 15 16
8 | 9 A 10 11 12 13 14 15 16 17
9 | A 10 11 12 13 14 15 16 17 18
A |10 11 12 13 14 15 16 17 18 19

MULTIPLICATION

1 2 3 4 5 6 7 8 9 A
----------------------------
1 | 1 2 3 4 5 6 7 8 9 A
2 | 2 4 6 8 A 11 13 15 17 19
3 | 3 6 9 11 14 17 1A 22 25 28
4 | 4 8 11 15 19 22 26 2A 33 37
5 | 5 A 14 19 23 28 32 37 41 46
6 | 6 11 17 22 28 33 39 44 4A 55
7 | 7 13 1A 26 32 39 45 51 58 64
8 | 8 15 22 2A 37 44 51 59 66 73
9 | 9 17 25 33 41 4A 58 66 74 82
A | A 19 28 37 46 55 64 73 82 91

N 1 2 3 4 5 6 7 8 9 A
-------------------------------------------------
N Square 1 4 9 15 23 33 45 59 74 91
N Cube 1 8 25 59 104 187 292 427 603 82A
 Table 15 - 5
DUODECIMAL - BASE 12

ADDITION

1 2 3 4 5 6 7 8 9 A B
-------------------------------
1 | 2 3 4 5 6 7 8 9 A B 10
2 | 3 4 5 6 7 8 9 A B 10 11
3 | 4 5 6 7 8 9 A B 10 11 12
4 | 5 6 7 8 9 A B 10 11 12 13
5 | 6 7 8 9 A B 10 11 12 13 14
6 | 7 8 9 A B 10 11 12 13 14 15
7 | 8 9 A B 10 11 12 13 14 15 16
8 | 9 A B 10 11 12 13 14 15 16 17
9 | A B 10 11 12 13 14 15 16 17 18
A | B 10 11 12 13 14 15 16 17 18 19
B |10 11 12 13 14 15 16 17 18 19 1A

MULTIPLICATION

1 2 3 4 5 6 7 8 9 A B
-------------------------------
1 | 1 2 3 4 5 6 7 8 9 A B
2 | 2 4 6 8 A 10 12 14 16 18 1A
3 | 3 6 9 10 13 16 19 20 23 26 29
4 | 4 8 10 14 18 20 24 28 30 34 38
5 | 5 A 13 18 21 26 2B 34 39 42 47
6 | 6 10 16 20 26 30 36 40 46 50 56
7 | 7 12 19 21 2B 36 41 48 53 5A 65
8 | 8 14 20 28 34 40 48 54 60 68 74
9 | 9 16 23 30 39 46 53 60 69 76 83
A | A 18 26 34 42 50 5A 68 76 84 92
B | B 1A 29 38 47 56 65 74 83 92 A1

N 1 2 3 4 5 6 7 8 9 A B
---------------------------------------------
N Square 1 4 9 14 21 30 41 54 69 84 A1
N Cube 1 8 23 54 A5 160 247 368 569 874 92B

X 2 3 3 4 4 6 6 6
Y 6 4 8 3 6 2 4 6
X * Y 10 10 20 10 20 10 20 30
X 6 6 8 8 8 9 9 2
Y 8 A 3 6 9 4 8 1
X * Y 40 50 20 40 60 30 60 2

X 2 3 3 3 4 4 4 4
Y 7 1 5 9 1 4 7 A
X * Y 12 3 13 23 4 14 24 34

Table 15 - 6
TERDECIMAL - BASE 13

ADDITION

1 2 3 4 5 6 7 8 9 A B C
----------------------------------
1 | 2 3 4 5 6 7 8 9 A B C 10
2 | 3 4 5 6 7 8 9 A B C 10 11
3 | 4 5 6 7 8 9 A B C 10 11 12
4 | 5 6 7 8 9 A B C 10 11 12 13
5 | 6 7 8 9 A B C 10 11 12 13 14
6 | 7 8 9 A B C 10 11 12 13 14 15
7 | 8 9 A B C 10 11 12 13 14 15 16
8 | 9 A B C 10 11 12 13 14 15 16 17
9 | A B C 10 11 12 13 14 15 16 17 18
A | B C 10 11 12 13 14 15 16 17 18 19
B | C 10 11 12 13 14 15 16 17 18 19 1A
C |10 11 12 13 14 15 16 17 18 19 1A 1B

MULTIPLICATION

1 2 3 4 5 6 7 8 9 A B C
----------------------------------
1 | 1 2 3 4 5 6 7 8 9 A B C
2 | 2 4 6 8 A C 11 13 15 17 19 1B
3 | 3 6 9 C 12 15 18 1B 21 24 27 2A
4 | 4 8 C 13 17 1B 22 26 2A 31 35 39
5 | 5 A 12 17 1C 24 29 31 36 3B 43 48
6 | 6 B 15 1B 24 2A 33 39 42 48 51 57
7 | 7 11 18 22 29 33 3A 44 4B 55 5C 66
8 | 8 13 1B 26 31 39 44 4C 57 62 6A 75
9 | 9 15 21 2A 36 42 4B 57 63 6C 78 84
A | A 17 24 31 3B 48 55 62 6C 79 86 93
B | B 19 27 35 43 51 5C 84 78 86 94 A2
C | C 1B 2A 39 48 57 66 75 84 93 A2 B1

N 1 2 3 4 5 6 7 8 9 A B C
-------------------------------------------------
N Square 1 4 9 13 1C 2A 3A 4C 63 79 94 B1
N Cube 1 8 21 4C 98 138 205 365 441 5BC 785 A2C
 Table 15 - 7
QUADECIMAL - BASE 14

ADDITION

1 2 3 4 5 6 7 8 9 A B C D
-------------------------------------
1 | 2 3 4 5 6 7 8 9 A B C D 10
2 | 3 4 5 6 7 8 9 A B C D 10 11
3 | 4 5 6 7 8 9 A B C D 10 11 12
4 | 5 6 7 8 9 A B C D 10 11 12 13
5 | 6 7 8 9 A B C D 10 11 12 13 14
6 | 7 8 9 A B C D 10 11 12 13 14 15
7 | 8 9 A B C D 10 11 12 13 14 15 16
8 | 9 A B C D 10 11 12 13 14 15 16 17
9 | A B C D 10 11 12 13 14 15 16 17 18
A | B C D 10 11 12 13 14 15 16 17 18 19
B | C D 10 11 12 13 14 15 16 17 18 19 1A
C | D 10 11 12 13 14 15 16 17 18 19 1A 1B
D |10 11 12 13 14 15 16 17 18 19 1A 1B 1C

MULTIPLICATION

1 2 3 4 5 6 7 8 9 A B C D
-------------------------------------
1 | 1 2 3 4 5 6 7 8 9 A B C D
2 | 2 4 6 8 A C 10 12 14 16 18 1A 1C
3 | 3 6 9 C 11 14 17 1A 1D 22 25 28 2B
4 | 4 8 C 12 16 1A 20 24 28 2C 32 36 3A
5 | 5 A 11 16 1B 22 27 2C 33 38 3D 44 49
6 | 6 C 14 1A 22 28 30 36 3C 44 4A 52 58
7 | 7 10 17 20 27 30 37 40 47 50 57 60 67
8 | 8 12 1A 24 2C 36 40 48 52 5A 64 6C 76
9 | 9 14 1D 28 33 3D 47 52 5B 66 71 7A 85
A | A 16 22 2C 38 44 50 5A 66 72 7C 88 94
B | B 18 25 32 3D 4D 57 64 71 7C 89 96 A3
C | C 1A 28 36 44 52 60 6C 7A 88 96 A4 B2
D | D 1C 2B 3A 49 58 67 76 85 94 A3 B2 C1

N 1 2 3 4 5 6 7 8 9 A B C D
-----------------------------------------------
N **2 1 4 9 12 1B 28 37 48 5B 72 89 A4 C1
N **3 1 8 1D 48 8D 116 1A7 288 3A1 516 6B1 8B6 B2D

X 2 4 6 7 7 7 7 7
Y 7 7 7 2 4 6 8 A
X * Y 10 20 30 10 20 30 40 50

X 7 8 A C 2 4 6 7
Y C 7 7 7 8 8 8 3
X * Y 60 40 50 60 12 24 36 17

X 7 7 7 7 7 8 A C
Y 5 7 9 B D 8 8 8
X * Y 27 37 47 57 67 48 5A 6C

Table 15 - 8
QUINDECIMAL - BASE 15

ADDITION

1 2 3 4 5 6 7 8 9 A B C D E
----------------------------------------
1 | 2 3 4 5 6 7 8 9 A B C D E 10
2 | 3 4 5 6 7 8 9 A B C D E 10 11
3 | 4 5 6 7 8 9 A B C D E 10 11 12
4 | 5 6 7 8 9 A B C D E 10 11 12 13
5 | 6 7 8 9 A B C D E 10 11 12 13 14
6 | 7 8 9 A B C D E 10 11 12 13 14 15
7 | 8 9 A B C D E 10 11 12 13 14 15 16
8 | 9 A B C D E 10 11 12 13 14 15 16 17
9 | A B C D E 10 11 12 13 14 15 16 17 18
A | B C D E 10 11 12 13 14 15 16 17 18 19
B | C D E 10 11 12 13 14 15 16 17 18 19 1A
C | D E 10 11 12 13 14 15 16 17 18 19 1A 1B
D | E 10 11 12 13 14 15 16 17 18 19 1A 1B 1C
E |10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D

MULTIPLICATION

1 2 3 4 5 6 7 8 9 A B C D E
----------------------------------------
1 | 1 2 3 4 5 6 7 8 9 A B C D E
2 | 2 4 6 8 A C E 11 13 15 17 19 1B 1D
3 | 3 6 9 C 10 13 16 19 1C 2A 2E 33 37 3B
4 | 4 8 C 11 15 19 1D 22 26 2A 2E 40 45 4A
5 | 5 A 10 15 1A 20 25 2A 30 35 3A 40 45 4A
6 | 6 C 13 19 20 26 2C 33 39 40 46 4C 53 59
7 | 7 E 16 1D 25 2C 34 3B 43 4A 52 5E 61 68
8 | 8 11 19 22 2A 33 3B 44 4C 55 5D 66 6E 77
9 | 9 13 1C 26 30 39 43 4C 56 60 69 73 7C 86
A | A 15 20 2A 35 40 4A 55 60 6A 75 80 8A 95
B | B 17 23 2E 3A 46 52 5D 69 75 81 8C 98 A4
C | C 19 26 33 40 4C 5E 66 73 80 8C 99 A7 B3
D | D 1B 29 37 45 53 61 6E 7C 8A 98 A7 B4 C2
E | E 1D 2C 3B 4A 59 68 77 86 95 A4 B3 C2 D1

N 1 2 3 4 5 6 7 8 9 A B C D E
---------------------------------------------------
N **2 1 4 9 11 1A 26 34 44 56 6A 81 99 B4 D1
N **3 1 8 1C 44 85 E6 17D 242 339 46A 5DB 7A3 9B7 C2E

X 3 3 5 5 5 5 6 6
Y 5 A 3 6 9 C 5 A
X * Y 10 20 10 20 30 40 20 40

X 9 9 A A A A C C
Y 5 A 3 6 9 C 5 A
X * Y 30 60 20 40 60 80 80 40

X 3 3 5 5 5 5 6 9
Y 6 B 4 7 A D B 6
X * Y 40 80 13 23 10 25 35 45
Table 15 - 9
SEXDECIMAL - BASE 16

ADDITION

1 2 3 4 5 6 7 8 9 A B C D E F
-------------------------------------------
1 | 2 3 4 5 6 7 8 9 A B C D E F 10
2 | 3 4 5 6 7 8 9 A B C D E F 10 11
3 | 4 5 6 7 8 9 A B C D E F 10 11 12
4 | 5 6 7 8 9 A B C D E F 10 11 12 13
5 | 6 7 8 9 A B C D E F 10 11 12 13 14
6 | 7 8 9 A B C D E F 10 11 12 13 14 15
7 | 8 9 A B C D E F 10 11 12 13 14 15 16
8 | 9 A B C D E F 10 11 12 13 14 15 16 17
9 | A B C D E F 10 11 12 13 14 15 16 17 18
A | B C D E F 10 11 12 13 14 15 16 17 18 19
B | C D E F 10 11 12 13 14 15 16 17 18 19 1A
C | D E F 10 11 12 13 14 15 16 17 18 19 1A 1B
D | E F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C
E | F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D
F |10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E

MULTIPLICATION

1 2 3 4 5 6 7 8 9 A B C D E F
-------------------------------------------
1 | 1 2 3 4 5 6 7 8 9 A B C D E F
2 | 2 4 6 8 A C E 10 12 14 16 18 1A 1C 1E
3 | 3 6 9 C F 12 15 18 1B 1E 21 24 27 2A 2D
4 | 4 8 C 10 14 18 1C 20 24 28 2C 30 34 38 3C
5 | 5 A F 14 19 1E 23 28 2D 32 37 3C 41 46 4B
6 | 6 C 12 18 1E 24 2A 30 36 3C 42 48 4E 54 5A
7 | 7 E 15 1C 23 2A 31 38 3F 46 4D 54 5B 62 69
8 | 8 10 18 20 28 30 38 40 48 50 58 60 68 70 78
9 | 9 12 1B 24 2D 36 3F 48 51 5A 63 6C 75 7E 87
A | A 14 1E 28 32 3C 46 50 5A 64 6E 78 82 8C 96
B | B 16 21 2C 37 42 4D 58 63 6E 79 84 8F 9A A5
C | C 18 24 30 3C 48 54 60 6C 78 84 90 9C A8 B4
D | D 1A 27 34 41 4E 5B 68 75 82 8F 9C A9 B6 C3
E | E 1C 2A 38 46 54 62 70 7E 8C 9A A8 B6 C4 D2
F | F 1E 2D 3C 4B 5A 69 78 87 96 A5 B4 C3 D2 E1

N 1 2 3 4 5 6 7 8 9 A B C D E F
-----------------------------------------------------
N **2 1 4 9 10 19 24 31 40 51 64 79 90 A9 C4 E1
N **3 1 8 1B 40 7D D8 157 200 2D9 3E8 533 6C0 895 AB8 D2F
LECTURE 14 SOLUTIONS

14-1. Multiplication (Two words, 0-1) original by EDNASANDE

WOMEN X MEN = UTNNLM + TIWENO + NWTWNN = NLSMTUWM

0123456789
SLOWMINUET

14-2. Division (Two words, 0 -9) MORDASHKA

ATOM / ASK = N; - GNC = IS

O123456789
TASKCOMING

14-3. Multiplication. (No word, 0-1) FOMALHAUT

ASAP X MAB = RITMT + TMPRY + PDBYD =PAYDIRT

0123456789
DBARTMPIYS

14-4. Unidecimal multiplication. (Two words 0-X) WALRUS

TOUGH X DIG = IDIGDN + NYYDNG + UIHDOU = DDCUUILN

0123456789X
CLOUDYNIGHT
LECTURE 15 PROBLEMS - Taken from OP- 20 -G course:

15-1. Naval Text. Recover Keys.

J Z S S W B P D Z Z L F O M E K Q P D J H C K U M C

A B C O O X M Y S I I G B S G G Y V D S W A J O Q E

K U P W K N J K C C H W O Z Q Q B P Y N V J J O Q E

K U C D S L R W C F Q I A V M S R S I X Y T P O P G

D H U V N K V K C Y Y A L R Q O O Q D N Z C G L R E

K F H Q R N J B.

15-2. Naval Text.

A U V Z I S Z F B F Y E I R B I O W A O Y J L B L D

D G K U I T T Z B D B E Q I O C J R F W X D Y H G M

S P P I S W Y P F V S Y G G S H Q K L A L Z A Q F N

U T C Q H D G Y L B Z P D V C S J N W G N T P T M S

H J T W C K O C M X Z P Z R R U Y I W H H M E Z F L

O C F I S W L P D N W T Z H H T I R L Y I P N Q F N

U T C Q H D G Y L B Z P D V C S J N W G N T P T M E

O S V B W J B L V X Z P Z R R U Y I W H H P L P F T

R B P G X B U L V N W J P R H I H F Q X L N B L P S

H J T W I J T T Q W E E Q F O I I Z P M B J Q P Y M

D U Q W A T Z O W D C L Z Q M P U K.
REFERENCES / CRYPTOGRAPHIC RESOURCES [updated 01 July 1996]

[ACA] ACA and You, "Handbook For Members of the American

Cryptogram Association," ACA publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure

Communications", American Cryptogram Association,
1994.

[ACM] Association For Computing Machinery, "Codes, Keys and

Conflicts: Issues in U.S. Crypto Policy," Report of a
Special Panel of ACM U. S. Public Policy Committee
(USACM), June 1994.

[ADFG] ASTROLABE, "ADFGVX Cipher - The German Field Cipher of

1918," AS53, The Cryptogram, American Cryptogram
Association, 1953.

[AFM] - 100-80, Traffic Analysis, Department of the Air

Force, 1946.

[ALAN] Turing, Alan, "The Enigma", by A. Hodges. Simon and

Schuster, 1983.

[ALBA] Alberti, "Treatise De Cifris," Meister Papstlichen,

Princeton University Press, Princeton, N.J., 1963.

[ALEX] Alexander, D. A., "Secret codes and Decoding," Padell

Book Co., New York, 1945.

[ALGE] MINIMAX, "Introduction To Algebraic Cryptography,"

FM51, The Cryptogram, American Cryptogram Association,
1951.

[ALKA] al-Kadi, Ibrahim A., Origins of Cryptology: The Arab

Contributions, Cryptologia, Vol XVI, No. 2, April
1992, pp. 97-127.

[ALP1] PICCOLA, "Lining Up the Alphabets," AM37, The

Cryptogram, American Cryptogram Association, 1937.

[ALP2] PICCOLA, "Recovering a Primary Number Alphabet," JJ37,

The Cryptogram, American Cryptogram Association, 1937.

[ALP3] CLEAR SKIES, "Method For Recovering Alphabets," AM46,

The Cryptogram, American Cryptogram Association, 1946.

[ALP4] PICCOLA, "Lining Up the Alphabets," AM37, The

Cryptogram, American Cryptogram Association, 1937.

[ALP5] MACHIAVELLI,"Recovery of Incomplete Cipher Alphabets,"

SO78, The Cryptogram, American Cryptogram Association,
1978.

[ALP6] BOZO,"Recovery of Primary Alphabets I," JJ35, The

 Cryptogram, American Cryptogram Association, 1935.

[ALP7] BOZO,"Recovery of Primary Alphabets II," AS35, The

Cryptogram, American Cryptogram Association, 1935.

[ALP8] ZYZZ,"Sinkov - Frequency-Matching," JA93, The

Cryptogram, American Cryptogram Association, 1993.

[AMS1] RED E RASER,"AMSCO," ON51, The Cryptogram, American

Cryptogram Association, 1951.

[AMS2] PHOENIX,"Computer Column: Amsco Encipherment," SO84,

The Cryptogram, American Cryptogram Association, 1984.

[AMS3] PHOENIX,"Computer Column: Amsco Decipherment," MA85,

The Cryptogram, American Cryptogram Association, 1985.

[AMS4] PHOENIX,"Computer Column: Amsco Decipherment," MJ85,

The Cryptogram, American Cryptogram Association, 1985.

[AMS5] PHOENIX,"Computer Column: Amsco Decipherment," JA85,

The Cryptogram, American Cryptogram Association, 1985.

[ANDE] D. Andelman, J. Reeds, On the cryptanalysis of rotor

and substitution-permutation networks. IEEE Trans. on
Inform. Theory, 28(4), 578--584, 1982.

[ANGL] D. Angluin, D. Lichtenstein, Provable Security in

Crypto-systems: a survey. Yale University, Department
of Computer Science, #288, 1983.

[AND1] Andree, Josephine, "Chips from the Math Log," Mu Alpha

Theta, 1966.

[AND2] Andree, Josephine, "More Chips from the Math Log," Mu

Alpha Theta, 1970.

[AND3] Andree, Josephine, "Lines from the O.U. Mathematics

Letter," Vols. I,II,III, Mu Alpha Theta, 1971, 1971,
1971.

[AND4] Andree, Josephine and Richard V., "RAJA Books: a

Puzzle Potpourri," RAJA, 1976.

[AND5] Andree, Josephine and Richard V., "Preliminary

Instructors Manual for Solving Ciphers," Project
CRYPTO, Univ of Oklahoma, Norman, OK, 1977.

[AND6] Andree, Josephine and Richard V., "Teachers Handbook

For Problem Solving and Logical Thinking," Project
CRYPTO, Univ of Oklahoma, Norman, OK, 1979.

[AND7] Andree, Josephine and Richard V., "Preliminary

Instructors Manual for Cryptarithms," Project CRYPTO,
Univ of Oklahoma, Norman, OK, 1976.

[AND8] Andree, Josephine and Richard V., "Sophisticated

Ciphers: Problem Solving and Logical Thinking,"
Project CRYPTO, Univ of Oklahoma, Norman, OK, 1978.
[AND9] Andree, Josephine and Richard V., "Logic Unlocs
Puzzles," Project CRYPTO, Univ of Oklahoma, Norman,
OK, 1979.

[ANDR] Andrew, Christopher, 'Secret Service', Heinemann,

London 1985.

[ANK1] Andreassen, Karl, "Cryptology and the Personal

Computer, with Programming in Basic," Aegean Park
Press, 1986.

[ANK2] Andreassen, Karl, "Computer Cryptology, Beyond Decoder

Rings," Prentice-Hall 1988.

[ANNA] Anonymous., "The History of the International Code.",

Proceedings of the United States Naval Institute,
1934.

[ANN1] Anonymous., " Speech and Facsimile Scrambling and

Decoding," Aegean Park Press, Laguna Hills, CA, 1981.

[ARI1] OZ,"The Construction of Medium - Difficulty

Aristocrats," MA92, The Cryptogram, American
Cryptogram Association, 1992.

[ARI2] HELCRYPT,"Use of Consonant Sequences for Aristocrats,"

ON51, The Cryptogram, American Cryptogram Association,
1951.

[ARI3] HELCRYPT,"Use of Tri-Vowel Sequences for Aristocrats,"

JJ52, The Cryptogram, American Cryptogram Association,
1952.

[ARI4] AB STRUSE, "Equifrequency Crypts," JF74, The

Cryptogram, American Cryptogram Association, 1974.

[ARI5] HOMO SAPIENS,"End-letter Count for Aristocrats," FM45,

The Cryptogram, American Cryptogram Association, 1945.

[ARI6] S-Tuck, "Aristocrat Affixes," ON45, The Cryptogram,

American Cryptogram Association, 1945.

[ASA ] "The Origin and Development of the Army Security

Agency 1917 -1947," Aegean Park Press, 1978.

[ASHT] Ashton, Christina, "Codes and Ciphers: Hundreds of

Unusual and Secret Ways to Send Messages," Betterway
Books, 1988.

[ASIR] Anonymous, Enigma and Other Machines, Air Scientific

Institute Report, 1976.

[AUG1] D. A. August, "Cryptography and Exploitation of

Chinese Manual Cryptosystems - Part I:The Encoding
Problem", Cryptologia, Vol XIII, No. 4, October 1989.

[AUG2] D. A. August, "Cryptography and Exploitation of

Chinese Manual Cryptosystems - Part II:The Encrypting
 Problem", Cryptologia, Vol XIV, No. 1, August 1990.

[AUT1] PICCOLA,"Autokey Encipherment,"DJ36, The Cryptogram,

American Cryptogram Association, 1936.

[AUT2] PICCOLA,"More about Autokeys,"FM37, The Cryptogram,

American Cryptogram Association, 1937.

[AUT3] ISKANDER,"Converting an Autokey to a Periodic," "JJ50,

The Cryptogram, American Cryptogram Association, 1950.

[AUT4] UBET,"Auto-Transposition Cipher," SO62, The

Cryptogram, American Cryptogram Association, 1962.

[AUT5] BARGE,"Decrypting the Auto-Transposition Cipher,"

ND63, The Cryptogram, American Cryptogram Association,
1963.

[BAC1] SHMOO,"Quicker Baconian Solutions," ND80, The

Cryptogram, American Cryptogram Association, 1980.

[BAC2] XERXES,"Sir Francis Bacon Cipher," AS36, The

Cryptogram, American Cryptogram Association, 1936.

[BAC3] AB STRUSE,"Solving a Baconian," JJ48, The Cryptogram,

American Cryptogram Association, 1948.

[BAC4] B.NATURAL,"Tri-Bac Cipher," JA69, The Cryptogram,

American Cryptogram Association, 1969.

[BAC5] Anonymous, "Numerical Baconian," JF62, The Cryptogram,

American Cryptogram Association, 1962.

[BAC6] FIDDLE,"Extended Baconian," SO69, The Cryptogram,

American Cryptogram Association, 1969.

[BADE] Badeau, J. S. et. al., The Genius of Arab

Civilization: Source of Renaissance. Second Edition.
Cambridge: MIT Press. 1983.

[BAMF] Bamford, James, "The Puzzle Palace: A Report on

America's Most Secret Agency," Boston, Houghton
Mifflin, 1982.

[BARB] Barber, F. J. W., "Archaeological Decipherment: A

Handbook," Princeton University Press, 1974.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and Essays,

London, 1928.

[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The

Simple Substitution Cipher with Word Divisions,"
Aegean Park Press, Laguna Hills, CA. 1975.

[BAR2] Barker, W., ed., History of Codes and Ciphers in the

 U.S. During the Period between World Wars, Part II,
1930 - 1939., Aegean Park Press, 1990.

[BAR3] Barker, Wayne G., "Cryptanalysis of the Hagelin

Cryptograph, Aegean Park Press, 1977.

[BAR4] Barker, Wayne G., "Cryptanalysis of the Enciphered

Code Problem - Where Additive Method of Encipherment
Has Been Used," Aegean Park Press, 1979.

[BAR5] Barker, W., ed., History of Codes and Ciphers in the

U.S. Prior To World War I," Aegean Park Press, 1978.

[BAR6] Barker, W., " Cryptanalysis of Shift-Register

Generated Stream Cipher Systems," Aegean Park Press,
1984.

[BAR7] Barker, W., ed., History of Codes and Ciphers in the

U.S. During the Period between World Wars, Part I,
1919-1929, Aegean Park Press, 1979.

[BAR8] Barker, W., ed., History of Codes and Ciphers in the

U.S. During World War I, Aegean Park Press, 1979.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.

[BARR] Barron, John, '"KGB: The Secret Work Of Soviet

Agents," Bantom Books, New York, 1981.

[BAUD] Baudouin, Captain Roger, "Elements de Cryptographie,"

Paris, 1939.

[BAZE] Bazeries, M. le Capitaine, " Cryptograph a 20

rondelles-alphabets," Compte rendu de la 20e session
de l' Association Francaise pour l'Advancement des
Scienses, Paris: Au secretariat de l' Association,
1892.

[BAZ1] OZ,"Bazeries Cipher," MA59, The Cryptogram, American

Cryptogram Association, 1959.

[BAZ2] ALII KIONA,"Bazeries Cipher," F35, The Cryptogram,

American Cryptogram Association, 1935.

[BAZ3] ZANAC,"A Poker Player's Method to Solve Bazeries

Ciphers," JF82, The Cryptogram, American Cryptogram
Association, 1982.

[BAZ4] HI-FI,"Bazeries Ciphers Revisited," SO64, The

Cryptogram, American Cryptogram Association, 1964.

[BAZ5] MACHIAVELLI,"Bazeries Cipher - Dutch," ND71, The

Cryptogram, American Cryptogram Association, 1971.

[BAZ6] MACHIAVELLI,"Bazeries Cipher - English," JF71, The

Cryptogram, American Cryptogram Association, 1971.
[BAZ7] MACHIAVELLI,"Bazeries Cipher - French," JF71, The
Cryptogram, American Cryptogram Association, 1971.

[BAZ8] MACHIAVELLI,"Bazeries Cipher - German," MA71, The

Cryptogram, American Cryptogram Association, 1971.

[BAZ9] MACHIAVELLI,"Bazeries Cipher - Italian," JA71, The

Cryptogram, American Cryptogram Association, 1971.

[BAZA] MACHIAVELLI,"Bazeries Cipher - Portuguese," SO71, The

Cryptogram, American Cryptogram Association, 1971.

[BAZB] MACHIAVELLI,"Bazeries Cipher - Spanish," MJ71, The

Cryptogram, American Cryptogram Association, 1971.

[BAZC] MACHIAVELLI,"Bazeries Cipher - Unknown Language,"

MJ72, The Cryptogram, American Cryptogram Association,
1972.

[BAZD] HANO,"Bazeries Cipher - Swedish," JA81, The

Cryptogram, American Cryptogram Association, 1981.

[BAZE] D. STRASSE,"Bazeries Cipher - Esperanto," SO74, The

Cryptogram, American Cryptogram Association, 1974.

[BAZ5] MACHIAVELLI, "Equivalents of 'e' in the Bazeries

Cipher" SO72, The Cryptogram, American Cryptogram
Association, 1972.

[BEA1] S-TUCK, "Beaufort Auto-key," JJ46, The Cryptogram,

American Cryptogram Association, 1946.

[BEA2] PICCOLA, "Beaufort Ciphers," JJ36, The Cryptogram,

American Cryptogram Association, 1936.

[BEA3] LEDGE, "Beaufort Fundamentals (Novice Notes)," ND71,

The Cryptogram, American Cryptogram Association, 1971.

[BEA4] SI SI, "Comparative Analysis of the Vigenere, Beaufort

and Variant Ciphers," JA80, The Cryptogram, American
Cryptogram Association, 1980.

[BEA5] O'PSHAW, "Porta, A special Case of Beaufort," MA91,

The Cryptogram, American Cryptogram Association, 1991.

[BECK] Becket, Henry, S. A., "The Dictionary of Espionage:

Spookspeak into English," Stein and Day, 1986.

[BEKE] H. Beker, F. Piper, Cipher Systems. Wiley, 1982.

[BEES] Beesley, P., "Very Special Intelligence", Doubleday,

New York, 1977.

[BENN] Bennett, William, R. Jr., "Introduction to Computer

Applications for Non-Science Students," Prentice-Hall,
1976. (Interesting section on monkeys and historical
 cryptography)

[BEN1] John Bennett, Analysis of the Encryption Algorithm

Used in the WordPerfect Word Processing Program.
Cryptologia 11(4), 206--210, 1987.

[BERG] H. A. Bergen and W. J. Caelli, File Security in

WordPerfect 5.0. Cryptologia 15(1), 57--66, January
1991.

[BETH] T. Beth, Algorithm engineering for public key

algorithms. IEEE Selected Areas of Communication,
1(4), 458--466, 1990.

[BIF1] ESP, "4-Square Method for C. M. Bifid," SO92, The

Cryptogram, American Cryptogram Association, 1992.

[BIF2] GALUPOLY, "6X6 Bifid," JA62, The Cryptogram, American

Cryptogram Association, 1962.

[BIF3] DR. CRYPTOGRAM, "Bifid and Trifid Cryptography," MJ59,

The Cryptogram, American Cryptogram Association, 1959.

[BIF4] TONTO, "Bifid Cipher," JJ45, The Cryptogram, American

Cryptogram Association, 1945.

[BIF5] GOTKY, "Bifid Cipher with Literal Indices Only," FM47,

AM47, The Cryptogram, American Cryptogram Association,
1947.

[BIF6] SAI CHESS, "Bifid-ian Timesaver," ON48, The

Cryptogram, American Cryptogram Association, 1948.

[BIF7] LABRONICUS, "Bifid Period by Pattern," ND89, The

Cryptogram, American Cryptogram Association, 1989.

[BIF8] TONTO, "Bifid recoveries," ON50, The Cryptogram,

American Cryptogram Association, 1950.

[BIF9] GIZMO, "Bifid Period Determination Using a Digraphic

Index of Coincidence," JF79, The Cryptogram, American
Cryptogram Association, 1979.

[BIFA] GALUPOLY, "Bifid with Conjugated Matrices," JF60, The

Cryptogram, American Cryptogram Association, 1960.

[BIFB] XAMAN EK, "Bifid Workshop, Part 1 - Encoding a Bifid,"

MA93, The Cryptogram, American Cryptogram Association,
1993.

[BIFC] XAMAN EK, "Bifid Workshop, Part 2 - Problem Setup,"

MJ93, The Cryptogram, American Cryptogram Association,
1993.

[BIFD] XAMAN EK, "Bifid Workshop, Part 3 - Tip Placement,"

JA93, The Cryptogram, American Cryptogram Association,
1993.
[BIFE] XAMAN EK, "Bifid Workshop, Part 4 - Solving a Bifid,"
SO93, The Cryptogram, American Cryptogram Association,
1993.

[BIFF] DUBIOUS and GALUPOLY, " Chi-Square Test for Bifids,"

JA60, The Cryptogram, American Cryptogram Association,
1960.

[BIFG] FIDDLE, "C. M. Bifid, Simplified Solution," MJ73, The

Cryptogram, American Cryptogram Association, 1973.

[BIFH] ZYZZ, "Conjugated Matrix Bifid, Modified Solving

Technique," SO92, The Cryptogram, American Cryptogram
Association, 1992.

[BIFI] X.GOTKY, "Delastelle Bifid Cipher," AS45, The

Cryptogram, American Cryptogram Association, 1945.

[BIFJ] D.MORGAN, "Finding the Period in a Bifid," JJ46, The

Cryptogram, American Cryptogram Association, 1946.

[BIFK] S-TUCK, "Finding the Period in a Bifid," AM46, The

Cryptogram, American Cryptogram Association, 1946.

[BIFL] S-TUCK, "Finding the Period in Bifids," ON44, The

Cryptogram, American Cryptogram Association, 1944.

[BIFM] ROGUE, "General Probabilities of Part Naturals in

Bifid, Trifid" JA70, The Cryptogram, American
Cryptogram Association, 1970.

[BIFN] B.NATURAL, "In Line Bifid Method," MA62, The

Cryptogram, American Cryptogram Association, 1962.

[BIFO] ABC, "Short Cut in a Bifid," SO61, The Cryptogram,

American Cryptogram Association, 1961.

[BIFP] ROGUE, "Specific Probabilities of Part Naturals in

Bifid, Trifid" SO70, The Cryptogram, American
Cryptogram Association, 1970.

[BIFQ] ROGUE, "Split Half Method For Finding A Period of

Bifid," MA71, The Cryptogram, American Cryptogram
Association, 1971.

[BIFR] ABC, "Twin Bifids - A Probable Word Method," JA62, The

Cryptogram, American Cryptogram Association, 1962.

[BIFS] GALUPOLY, "Twin Bifids," MJ60, JA60, The Cryptogram,

American Cryptogram Association, 1960.

[BIGR] PICCOLA, "Use of Bigram Tests" AS38, The Cryptogram,

American Cryptogram Association, 1938.

[BIHS] E. Biham and A. Shamir, Differential cryptanalysis of

DES-like cryptosystems. Journal of Cryptology, vol.
4, #1, 3--72, 1991.

[BISH] E. Biham, A. Shamir, Differential cryptanalysis of

 Snefru, Khafre, REDOC-II, LOKI and LUCIFER. In
Proceedings of CRYPTO '91, ed. by J. Feigenbaum, 156-
-171, 1992.

[BLK] Blackstock, Paul W. and Frank L Schaf, Jr.,

"Intelligence, Espionage, Counterespionage and Covert
Operations," Gale Research Co., Detroit, MI., 1978.

[BLOC] Bloch, Gilbert and Ralph Erskine, "Exploit the Double

Encipherment Flaw in Enigma", Cryptologia, vol 10, #3,
July 1986, p134 ff. (29)

[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th ed.,

Annapolis: U.S. Naval Institute, 1978.

[BODY] Brown, Anthony - Cave, "Bodyguard of Lies", Harper and

Row, New York, 1975.

[BOLI] Bolinger, D. and Sears, D., "Aspects of Language,"

3rd ed., Harcourt Brace Jovanovich,Inc., New York,
1981.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An

Introduction to Information Security," Hayden Books,
Rochelle Park, NJ, 1990.

[BOWE] Bowers, William Maxwell, "The Bifid Cipher, Practical

Cryptanalysis, II, ACA, 1960.

[BOW1] Bowers, William Maxwell, "The Trifid Cipher,"

Practical Cryptanalysis, III, ACA, 1961.

[BOW2] Bowers, William Maxwell, "The Digraphic Substitution,"

Practical Cryptanalysis, I, ACA, 1960.

[BOW3] Bowers, William Maxwell, "Cryptographic ABC'S:

Substitution and Transposition Ciphers," Practical
Cryptanalysis, IV, ACA, 1967.

[BOWN] Bowen, Russell J., "Scholar's Guide to Intelligence

Literature: Bibliography of the Russell J. Bowen
Collection," National Intelligence Study Center,
Frederick, MD, 1983.

[BOYA] J. Boyar, Inferring Sequences Produced by Pseudo-

Random Number Generators. Journal of the ACM, 1989.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.

[BRAG] G. Brassard, Modern Cryptology: a tutorial. Spinger-

Verlag, 1988.

[BRAS] Brasspounder, "Language Data - German," MA89, The

Cryptogram, American Cryptogram Association, 1989.

[BREN] Brennecke, J., "Die Wennde im U-Boote-Krieg:Ursachen

und Folgren 1939 - 1943," Herford, Koehler, 1984.
[BRIK] E. Brickell, J. Moore, M. Purtill, Structure in the
S-boxes of DES. In Proceedings of CRYPTO '86, A. M.
Odlyzko ed., 3--8, 1987.

[BRIG] Brigman,Clarence S., "Edgar Allan Poe's Contribution

to Alexander's Weekly Messenger," Davis Press, 1943.

[BRIT] Anonymous, "British Army Manual of Cryptography",

HMF, 1914.

[BROG] Broglie, Duc de, Le Secret du roi: Correspondance

secrete de Louis XV avec ses agents diplomatiques
1752-1774, 3rd ed. Paris, Calmann Levy, 1879.

[BROO] Brook, Maxey, "150 Puzzles in Cryptarithmetic,"

Dover, 1963.

[BROP] L. Brown, J. P ieprzyk, J. Seberry, LOKI - a

cryptographic primitive for authentication and secrecy
applications. In Proceedings of AUSTCRYPT 90, 229--
236, 1990.

[BROW] Brownell, George, A. "The Origin and Development of

the National Security Agency, Aegean Park Press, 1981.

[BRO1] L. Brown, A proposed design for an extended DES,

Computer Security in the Computer Age. Elsevier
Science Publishers B.V. (North Holland), IFIP, W. J.
Caelli ed., 9--22, 1989.

[BRYA] Bryan, William G., "Practical Cryptanalysis - Periodic

Ciphers -Miscellaneous", Vol 5, American Cryptogram
Association, 1967.

[BUGS] Anonymous, "Bugs and Electronic Surveillance," Desert

Publications, 1976.

[BUON] Buonafalce, Augusto, "Giovan Battista Bellaso E Le Sue

Cifre Polialfabetiche," Milano, 1990

[BURL] Burling, R., "Man's Many Voices: Language in Its

Cultural Context," Holt, Rinehart & Winston, New York,
1970.

[BWO] "Manual of Cryptography," British War Office, Aegean

Park Press, Laguna Hills, Ca. 1989. reproduction 1914.

[CAD1] NIP N. BUD,"Cadenus - A Lesson in Practical

Cryptography," SO55, The Cryptogram, American
Cryptogram Association, 1955.

[CAD2] BERYL,"Cadenus Xenocrypt Note," SO91, The Cryptogram,

American Cryptogram Association, 1991.

[CAD3] PHOENIX,"Computer Column :Cadenus," SO89, The

Cryptogram, American Cryptogram Association, 1989.

[CAEL] H. Gustafson, E. Dawson, W. Caelli, Comparison of

 block ciphers. In Proceedings of AUSCRYPT '90, J.
Seberry and J. Piepryzk eds., 208--220, 1990.

[CAMP] K. W. Campbell, M. J. Wiener, Proof the DES is Not a

Group. In Proceedings of CRYPTO '92, 1993.

[CAND] Candela, Rosario, "Isomorphism and its Application in

Cryptanalytics, Cardanus Press, NYC 1946.

[CARJ] John Carrol and Steve Martin, The Automated

Cryptanalysis of Substitution Ciphers. Cryptologia
10(4), 193--209, 1986.

[CARL] John Carrol and Lynda Robbins, Automated Cryptanalysis

of Polyalphabetic Ciphers. Cryptologia 11(4), 193--
205, 1987.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight

Letters in Length, Aegean Park Press, Laguna Hills, CA
92654, 1986.

[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in

Length, Aegean Park Press, Laguna Hills, CA 92654,
1986.

[CASE] Casey, William, 'The Secret War Against Hitler',

Simon & Schuster, London 1989.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NJ, 1990.

[CHE1] ABAKUSAN, " A tip for Checkerboard Solution," AS40,

The Cryptogram, American Cryptogram Association, 1940.

[CHE2] X.GOTSKY, " On the Checkerboard, AS44,The Cryptogram,

American Cryptogram Association, 1944.

[CHE3] QUARTERNION, "Straddling Checkerboard, " MA76, The

Cryptogram, American Cryptogram Association, 1976.

[CHE4] PICCOLA, "The Checkerboard Alphabet, " DJ34, The

Cryptogram, American Cryptogram Association, 1934.

[CHE5] SI SI, "The Hocheck Cipher Examined, " JA90, The

Cryptogram, American Cryptogram Association, 1990.

[CHE5] SI SI, "The Checkerway Cipher Examined, " MJ90, The

Cryptogram, American Cryptogram Association, 1990.

[CHE6] GEMINATOR, "The Homophonic Checkerboard, " MA90, The

Cryptogram, American Cryptogram Association, 1990.

[CHE6] GEMINATOR, "The Checkerway Cipher, " JF90, The

Cryptogram, American Cryptogram Association, 1990.

[CHEC] CHECHEM,"On the Need for a Frequency Counter," AM48,

The Cryptogram, American Cryptogram Association, 1948.

[CHOI] Interview with Grand Master Sin Il Choi.,9th DAN, June

 25, 1995.

[CHOM] Chomsky, Norm, "Syntactic Structures," The Hague:

Mouton, 1957.

[CHUN] Chungkuo Ti-erh Lishih Tangankuan, ed "K'ang-Jih

chengmien chanch'ang," Chiangsu Kuchi Ch'upansheh,
1987., pp. 993-1026.

[CI] FM 34-60, Counterintelligence, Department of the Army,

February 1990.

[CONS] S-TUCK and BAROKO, "Consonant-Line and Vowel-Line

Methods," MA92, The Cryptogram, American Cryptogram
Association, 1992.

[CONT] F.R.CARTER,"Chart Showing Normal Contact Percentages,"

AM53, The Cryptogram, American Cryptogram Association,
1953.

[CON1] S-TUCK."Table of Initial and Second-Letter Contacts,"

DJ43, The Cryptogram, American Cryptogram Association,
1943.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis Of The

Columnar Double Transposition Cipher, by Courville
Associates., South Gate, CA, 1986.

[CLAR] Clark, Ronald W., 'The Man who broke Purple',

Weidenfeld and Nicolson, London 1977.

[COLF] Collins Gem Dictionary, "French," Collins Clear Type

Press, 1979.

[COLG] Collins Gem Dictionary, "German," Collins Clear Type

Press, 1984.
[COLI] Collins Gem Dictionary, "Italian," Collins Clear Type
Press, 1954.

[COLL] Collins Gem Dictionary, "Latin," Collins Clear Type

Press, 1980.

[COLP] Collins Gem Dictionary, "Portuguese," Collins Clear

Type Press, 1981.

[COLR] Collins Gem Dictionary, "Russian," Collins Clear Type

Press, 1958.

[COLS] Collins Gem Dictionary, "Spanish," Collins Clear Type

Press, 1980.

[COPP] Coppersmith, Don.,"IBM Journal of Research and

Development 38, 1994.

[COVT] Anonymous, "Covert Intelligence Techniques Of the

Soviet Union, Aegean Park Press, Laguna Hills, Ca.
1980.

[CREM] Cremer, Peter E.," U-Boat Commander: A Periscope View

 of The Battle of The Atlantic," New York, Berkley,
1986.

[CROT] Winter, Jack, "Solving Cryptarithms," American

Cryptogram Association, 1984.

[CRYP] "Selected Cryptograms From PennyPress," Penny Press,

Inc., Norwalk, CO., 1985.

[CRY1] NYPHO'S ROBOT, "Cryptometry Simplified," DJ40, FM41,

AM41, The Cryptogram, published by the American
Cryptogram Association, 1940, 1941, 1941.

[CRY2] AB STRUSE, "Non-Ideomorphic Solutions," AM51, The

Cryptogram, published by the American Cryptogram
Association, 1951.

[CRY3] MINIMAX, "Problems in Cryptanalysis - A Transposition

that cannot be Anagrammed," MA60, The Cryptogram,
published by the American Cryptogram Association,
1960.

[CRY4] FAUSTUS, "Science of Cryptanalysis," AS32, The

Cryptogram, published by the American Cryptogram
Association, 1932.

[CRY5] FAUSTUS, "Science of Cryptanalysis,The " JA91, The

Cryptogram, published by the American Cryptogram
Association, 1991.

[CRY6] BEAU NED, "Semi-Systems in Crypt-Cracking," FM36, The

Cryptogram, published by the American Cryptogram
Association, 1936.

[CRY7] Y.NOTT, "Systems Of Systems," ON35, The Cryptogram,

published by the American Cryptogram Association,
1935.

[CULL] Cullen, Charles G., "Matrices and Linear

Transformations," 2nd Ed., Dover Advanced Mathematics
Books, NY, 1972.

[CUNE] CHECHACO, "The Decipherment of Cuneiform," JJ33, The

Cryptogram, published by the American Cryptogram
Association, 1933.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford

University Press, London, 1974.

[DALT] Dalton, Leroy, "Topics for Math Clubs," National

Council of Teachers and Mu Alpha Theta, 1973.

[DAN] Daniel, Robert E., "Elementary Cryptanalysis:

Cryptography For Fun," Cryptiquotes, Seattle, WA.,
1979.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The

Cryptogram, September-October, Vol XLII, No 5. 1976.
[DAVJ] M. Davio, J. Goethals, Elements of cryptology. in
Secure Digital Communications, G. Longo ed., 1--57,
1983.

[DEAC] Deacon, R., "The Chinese Secret Service," Taplinger,

New York, 1974.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum," tr. by

Gilbert Watts, (1640) or tr. by Ellis, Spedding, and
Heath (1857,1870).

[DELA] Delastelle, F., Cryptographie nouvelle, Maire of

Saint-Malo, P. Dubreuil, Paris, 1893.

[DENN] Denning, Dorothy E. R.," Cryptography and Data

Security," Reading: Addison Wesley, 1983.

[DEVO] Deavours, Cipher A. and Louis Kruh, Machine

Cryptography and Modern Cryptanalysis, Artech, New
York, 1985.

[DEV1] Deavours, C. A., "Breakthrough '32: The Polish

Solution of the ENIGMA," Aegean Park Press, Laguna
Hills, CA, 1988.

[DEV2] Deavours, C. A. and Reeds, J.,"The ENIGMA,"

CRYPTOLOGIA, Vol I No 4, Oct. 1977.

[DEV3] Deavours, C. A.,"Analysis of the Herbern Cryptograph

using Isomorphs," CRYPTOLOGIA, Vol I No 2, April,
1977.

[DEV4] Deavours, C. A., "Cryptographic Programs for the IBM

PC," Aegean Park Press, Laguna Hills, CA, 1989.

[DEVR] HOMO SAPIENS, "De Vries Cipher," SO60, The Cryptogram,

The American Cryptogram Association, 1960.

[DIG1] DENDAI, "Digrafid, A Footnote to Tip Placement," SO84,

The Cryptogram, The American Cryptogram Association,
1984.

[DIG2] B. NATURAL, "Digrafid, Cipher solution," MJ61, The

Cryptogram, The American Cryptogram Association, 1961.

[DIG3] KNUTE, "Digrafid Cipher," SO60, The Cryptogram, The

American Cryptogram Association, 1960.

[DIG4] THE RAT, "The Buzzsaw, an Enhanced Digrafid," JA83,

The Cryptogram, The American Cryptogram Association,
1983.

[DIG5] BERYL, "Digrafid, Cipher," SO93, The Cryptogram, The

American Cryptogram Association, 1993.

[DIFF] W. Diffie, M. Hellman, Privacy and Authentication: An

introduction to cryptography. IEEE proceedings, 67(3),
397--427, 1979.
[DIF2] W. Diffie, The first ten years of public key
cryptography. IEEE proceedings, 76(5), 560--577,
1988.

[DIFE] Diffie, Whitfield and M.E. Hellman,"New Directions in

Cryptography, IEEE Transactions on Information Theory
IT-22, 1976.

[DONI] Donitz, Karl, Memoirs: Ten Years and Twenty Days,

London: Weidenfeld and Nicolson, 1959.

[DOUB] TIBEX, " A Short Study in doubles ( Word beginning or

ending in double letters)," FM43, The Cryptogram,
published by the American Cryptogram Association,
1943.

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[EDUC] OZ, "Educational Cryptography," MA89, The Cryptogram,

The American Cryptogram Association, 1989.

[EIIC] Ei'ichi Hirose, ",Finland ni okeru tsushin joho," in

Showa gunji hiwa: Dodai kurabu koenshu, Vol 1, Dodai
kurabu koenshu henshu iinkai, ed., (Toyko: Dodai
keizai konwakai, 1987), pp 59-60.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956. [ A text that every serious player should have!]

[ELLI] Carl M. Ellison, A Solution of the Hebern Messages.

Cryptologia, vol. XII, #3, 144-158, Jul 1988.

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,

"ENIGMA95 - A Simulation of Enhanced Enigma Cipher
Machine on A Standard Personal Computer," for
publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
Ciphers," Ambassador Books, Toronto, Canada, 1956.

[EQUI] THE OAK, "An Equi-Frequency Cipher System," JA55, The

Cryptogram, The American Cryptogram Association, 1955.

[ERSK] Erskine, Ralph, "Naval Enigma: The Breaking of

Heimisch and Triton," Intelligence and National
Security 3, Jan. 1988.

[EVEN] S. Even, O. Goldreich, DES-like functions can generate

the alternating group. IEEE Trans. on Inform. Theory,
vol. 29, #6, 863--865, 19 83.

[EVES] , Howard, "An Introduction to the History of

Mathematics, " New York, Holt Rinehart winston, 1964.

[EYRA] Eyraud, Charles, "Precis de Cryptographie Moderne'"

 Paris, 1953.

[FEI1] H. Feistel, Cryptography and Computer Privacy.

Scientific American, 228(5), 15--23, 1973.

[FEI2] H. Feistel, H, W. Notz, J. Lynn Smith. Some

cryptographic techniques for machine-to-machine data
communications, IEEE proceedings, 63(11), 1545--1554,
1975.

[FIBO] LOGONE BASETEN, "Use of Fibonacci Numbers in

Cryptography," JF69, The Cryptogram, published by the
American Cryptogram Association, 1969.

[FIDD] FIDDLE, (Frederick D. Lynch, Col.) "An Approach to

Cryptarithms," ACA Publications, 1964.

[FID1] FIDDLE, " The International Chess Cable Code," MJ55,

The Cryptogram, American Cryptogram Association, 1955.

[FING] HELCRYPT, "Cryptography in Fingerprinting," FM51, The

Cryptogram, published by the American Cryptogram
Association, 1951.

[FIRE] FIRE-O, "A Tool for Mathematicians: Multiplicative

Structures," The Cryptogram, Vol. XXXVI, No 5, 1977.

[FL] Anonymous, The Friedman Legacy: A Tribute to William

and Elizabeth Friedman, National Security Agency,
Central Security Service, Center for Cryptological
History,1995.

[FLI1] Flicke, W. F., "War Secrets in the Ether - Volume I,"

Aegean Park Press, Laguna Hills, CA, 1977.

[FLIC] Flicke, W. F., "War Secrets in the Ether - Volume II,"

Aegean Park Press, Laguna Hills, CA, 1977.

[FLIC] Flicke, W. F., "War Secrets in the Ether," Aegean Park

Press, Laguna Hills, CA, 1994.

[FORE] DELAC, "Solving a Foreign Periodic by Lining Up the

Alphabets," JJ46, The Cryptogram, published by the
American Cryptogram Association, 1946.

[FOR1] VULPUS, "Four-Square Cipher," JA63, The Cryptogram,

The American Cryptogram Association, 1963.

[FOR2] FIDDLE, "Further Comments on Solution of Four-Square

Ciphers by Probable Word Method," FM50, The
Cryptogram, The American Cryptogram Association, 1950.

[FOR3] GALUPOLY, "Numerical Four-Square Cipher," MA62, MJ62,

The Cryptogram, The American Cryptogram Association,
1962.

[FOR4] SAI CHESS, "Sharpshooting the Four-Square Cipher,"

AM49,JJ49, The Cryptogram, The American Cryptogram
 Association, 1949.

[FOR5] B. NATURAL, "Solution of Type II-X Four-Square

Cipher," MJ62, The Cryptogram, The American Cryptogram
Association, 1962.

[FOR6] FIDDLE, "Solutionof Four-Square Ciphers by Probable

Word Method," DJ49, The Cryptogram, The American
Cryptogram Association, 1949.

[FOWL] Fowler, Mark and Radhi Parekh, " Codes and Ciphers,
- Advanced Level," EDC Publishing, Tulsa OK, 1994.
(clever and work)

[FRAA] Friedman, William F. , "American Army Field Codes in

The American Expeditionary Forces During the First
World War, USA 1939.

[FRAB] Friedman, W. F., Field Codes used by the German Army

During World War. 1919.

[FRAN] Franks, Peter, "Calculator Ciphers," Information

Associates, Champaign, Il. 1980.

[FRA1] SI SI, "Analysis and Optimization of the Fractionated

Morse Cipher," ND81, The Cryptogram, The American
Cryptogram Association, 1981.

[FRA2] B. NATURAL, "Elementary Study of the Fractionated

Morse Cipher," AS51, The Cryptogram, The American
Cryptogram Association, 1951.

[FRA3] X.GOTKY, "Fractionated Morse Cipher," AM50, The

Cryptogram, The American Cryptogram Association, 1950.

[FRA4] CROTALUS, "Fractionated Morse Frequencies Reissued,"

MA93, The Cryptogram, The American Cryptogram
Association, 1993.

[FRA5] RIG R. MORTIS, "Fractionated Morse Keyword Recovery,"

MA60, The Cryptogram, The American Cryptogram
Association, 1960.

[FRA6] LAMONT CRANSTON, "Fractionated Morse Made Easy," JA92,

The Cryptogram, The American Cryptogram Association,
1992.

[FRA7] MOOJUB, "General Break For Fractionated Morse," AS51,

The Cryptogram, The American Cryptogram Association,
1951.

[FRA8] FIDDLE, "Periodic Fractionated Morse," AS54, The

Cryptogram, The American Cryptogram Association, 1954.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.
[FREA] Friedman, William F. , "Advanced Military
Cryptography," Aegean Park Press, Laguna Hills, CA,
1976.

[FREB] Friedman, William F. , "Elementary Military

Cryptography," Aegean Park Press, Laguna Hills, CA,
1976.

[FREC] Friedman, William F., "Cryptology," The Encyclopedia

Britannica, all editions since 1929. A classic
article by the greatest cryptanalyst.

[FRSG] Friedman, William F., "Solving German Codes in World

War I, " Aegean Park Press, Laguna Hills, CA, 1977.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR4] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part IV, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR5] Friedman, William F. Military Cryptanalysis - Part I,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR6] Friedman, William F. Military Cryptanalysis - Part II,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR7] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part II - Volume 1, Aegean
Park Press, Laguna Hills, CA, 1985.

[FR8] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part II - Volume 2, Aegean
Park Press, Laguna Hills, CA, 1985.

[FR22] Friedman, William F., The Index of Coincidence and Its

Applications In Cryptography, Publication 22, The
Riverbank Publications, Aegean Park Press, Laguna
Hills, CA, 1979.

[FRS6] Friedman, W. F., "Six Lectures On Cryptology,"

National Archives, SRH-004.

[FR8] Friedman, W. F., "Cryptography and Cryptanalysis

Articles," Aegean Park Press, Laguna Hills, CA, 1976.

[FR9] Friedman, W. F., "History of the Use of Codes," Aegean

Park Press, Laguna Hills, CA, 1977.
[FRZM] Friedman, William F.,and Charles J. Mendelsohn, "The
Zimmerman Telegram of January 16, 1917 and its
Cryptographic Background," Aegean Park Press, Laguna
Hills, CA, 1976.

[FROM] Fromkin, V and Rodman, R., "Introduction to Language,"

4th ed.,Holt Reinhart & Winston, New York, 1988.

[FRS] Friedman, William F. and Elizabeth S., "The

Shakespearean Ciphers Examined," Cambridge University
Press, London, 1957.

[FUMI] Fumio Nakamura, Rikugun ni okeru COMINT no hoga to

hatten," The Journal of National Defense, 16-1 (June
1988) pp85 - 87.

[GAJ] Gaj, Krzysztof, "Szyfr Enigmy: Metody zlamania,"

Warsaw Wydawnictwa Komunikacji i Lacznosci, 1989.

[GAR1] Gardner, Martin, "536 Puzzles and Curious Problems,"

Scribners, 1967.

[GAR2] Gardner, Martin, "Mathematics, Magic, and Mystery ,"

Dover, 1956.

[GAR3] Gardner, Martin, "New Mathematical Diversions from

Scientific American," Simon and Schuster, 1966.

[GAR4] Gardner, Martin, "Sixth Book of Mathematical Games

from Scientific American," Simon and Schuster, 1971.

[GARL] Garlinski, Jozef, 'The Swiss Corridor', Dent, London

1981.

[GAR1] Garlinski, Jozef, 'Hitler's Last Weapons', Methuen,

London 1978.

[GAR2] Garlinski, Jozef, 'The Enigma War', New York,

Scribner, 1979.

[GARO] G. Garon, R. Outerbridge, DES watch: an examination of

the sufficiency of the Data Encryption Standard for
financial institutions in the 1990's. Cryptologia,
vol. XV, #3, 177--193, 1991.

[GE] "Security," General Electric, Reference manual Rev.

B., 3503.01, Mark III Service, 1977.

[GERH] Gerhard, William D., "Attack on the U.S., Liberty,"

SRH-256, Aegean Park Press, 1981.

[GERM] "German Dictionary," Hippocrene Books, Inc., New York,

1983.

[GILE] Giles, Herbert A., "Chinese Self-Taught," Padell Book

Co., New York, 1936?
[GIVI] Givierge, General Marcel, " Course In Cryptography,"
Aegean Park Press, Laguna Hills, CA, 1978. Also, M.
Givierge, "Cours de Cryptographie," Berger-Levrault,
Paris, 1925.

[GLEN] Gleason, Norma, "Fun With Codes and Ciphers Workbook,"

Dover, New York, 1988.

[GLE1] Gleason, Norma, "Cryptograms and Spygrams," Dover, New

York, 1981.

[GLEA] Gleason, A. M., "Elementary Course in Probability for

the Cryptanalyst," Aegean Park Press, Laguna Hills,
CA, 1985.

[GLOV] Glover, D. Beaird, "Secret Ciphers of the 1876

Presidential Election," Aegean Park Press, Laguna
Hills, CA, 1991.

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976

[GOOD] I. J. Good, Good Thinking: the foundations of

probability and its applications. University of
Minnesota Press, 1983.

[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing

Discovery and Decipherment," Basic Books, New York,
1982.

[GRA1] Grandpre: "Grandpre, A. de--Cryptologist. Part 1

'Cryptographie Pratique - The Origin of the Grandpre',
ISHCABIBEL, The Cryptogram, SO60, American Cryptogram
Association, 1960.

[GRA2] Grandpre: "Grandpre Ciphers", ROGUE, The Cryptogram,

SO63, American Cryptogram Association, 1963.

[GRA3] Grandpre: "Grandpre", Novice Notes, LEDGE, The

Cryptogram, MJ75, American Cryptogram Association,1975

[GRAH] Graham, L. A., "Ingenious Mathematical Problems and

Methods," Dover, 1959.

[GRAN] Grant, E. A., "Kids Book of Secret Codes, Signals and

Ciphers, Running Press, 1989.

[GRAP] DR. CRYPTOGRAM,"The Graphic Position Chart (On

Aristocrats)," JF59, The Cryptogram, American
Cryptogram Association, 1959.

[GREU] Greulich, Helmut, "Spion in der Streichholzschachtel:

Raffinierte Methoden der Abhortechnik, Gutersloh:
Bertelsmann, 1969.

[GRI1] ASAP,"An Aid For Grille Ciphers," SO93, The

Cryptogram, American Cryptogram Association, 1993.
[GRI2] DUN SCOTUS,"Binary Number Grille," JA60, The
Cryptogram, American Cryptogram Association, 1960.

[GRI3] S-TUCK,"Grille Solved By the Tableaux Method," DJ42,

The Cryptogram, American Cryptogram Association, 1942.

[GRI4] The SQUIRE,"More About Grilles," ON40,DJ40, The

Cryptogram, American Cryptogram Association, 1940,
1940.

[GRI5] OMAR,"Rotating Grille Cipher," FM41, The Cryptogram,

American Cryptogram Association, 1941.

[GRI6] S-TUCK,"Solving The Grille. A New Tableaux Method,"

FM44, The Cryptogram, American Cryptogram Association,
1944.

[GRI7] LABRONICUS,"Solving The Turning Grille," JF88, The

Cryptogram, American Cryptogram Association, 1988.

[GRI8] BERYL,"The Turning Grille," ND92, The Cryptogram,

American Cryptogram Association, 1992.

[GRI9] SHERLAC and S-TUCKP,"Triangular Grilles," ON45, The

Cryptogram, American Cryptogram Association, 1945.

[GRIA] SHERLAC,"Turning Grille," ON49, The Cryptogram,

American Cryptogram Association, 1949.

[GRIB] DUN SCOTUS,"Turning (by the numbers)," SO61, The

Cryptogram, American Cryptogram Association, 1961.

[GRIC] LEDGE,"Turning Grille (Novice Notes)," JA77, The

Cryptogram, American Cryptogram Association, 1977.

[GRO1] DENDAI, DICK," Analysis of Gromark Special,"ND74, The

Cryptogram, American Cryptogram Association, 1974.

[GRO2] BERYL," BERYL'S Pearls: Gromark Primers by hand

calculator," ND91, The Cryptogram, American Cryptogram
Association, 1991.

[GRO3] MARSHEN," Checking the Numerical Key,"JF70, The

Cryptogram, American Cryptogram Association, 1970.

[GRO4] PHOENIX," Computer Column: Gronsfeld -> Gromark,"

"MJ90, The Cryptogram, American Cryptogram
Association, 1990.

[GRO5] PHOENIX," Computer Column: Perodic Gromark," MJ90

The Cryptogram, American Cryptogram Association, 1990.

[GRO6] ROGUE," Cycles for Gromark Running Key," JF75, The

Cryptogram, American Cryptogram Association, 1975.

[GRO7] DUMBO," Gromark Cipher," MA69, JA69, The Cryptogram,

American Cryptogram Association, 1969.

[GRO8] DAN SURR," Gromark Club Solution," MA75, The

 Cryptogram, American Cryptogram Association, 1975.

[GRO9] B.NATURAL," Keyword Recovery in Periodic Gromark,"

SO73, The Cryptogram, American Cryptogram Association,
1973.

[GROA] D.STRASSE," Method For Determining Term of Key," MA75,

The Cryptogram, American Cryptogram Association, 1975.

[GROB] CRUX," More On Gromark Keys," ND87, The Cryptogram,

American Cryptogram Association, 1987.

[GROC] DUMBO," Periodic Gromark ," MA73, The Cryptogram,

American Cryptogram Association, 1973.

[GROD] ROGUE," Periodic Gromark ," SO73, The Cryptogram,

American Cryptogram Association, 1973.

[GROE] ROGUE," Theoretical Frequencies in the Gromark," MA74,

The Cryptogram, American Cryptogram Association, 1974.

[GRON] R.L.H., "Condensed Analysis of a Gronsfeld," AM38,

ON38,The Cryptogram, American Cryptogram Association,
1938,1938.

[GRN1] CHARMER, "Gronsfeld," AS44, The Cryptogram, American

Cryptogram Association, 1944.

[GRN2] PICCOLA, "Gronsfeld Cipher," ON35, The Cryptogram,

American Cryptogram Association, 1935.

[GRN3] S-TUCK, "Gronsfeld Cipher," AS44, The Cryptogram,

American Cryptogram Association, 1944.

[GROU] Groueff, Stephane, "Manhattan Project: The Untold

Story of the Making of the Atom Bomb," Little, Brown
and Company,1967.

[GUST] Gustave, B., "Enigma:ou, la plus grande 'enigme de la

guerre 1939-1945." Paris:Plon, 1973.

[GYLD] Gylden, Yves, "The Contribution of the Cryptographic

Bureaus in the World War," Aegean Park Press, 1978.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[HAFT] Haftner, Katie and John Markoff, "Cyberpunk,"

Touchstine, 1991.

[HAGA] Hagamen,W. D. et. al., "Encoding Verbal Information as

Unique Numbers," IBM Systems Journal, Vol 11, No. 4,
1972.

[HAWA] Hitchcock, H. R., "Hawaiian," Charles E. Tuttle, Co.,

Toyko, 1968.
[HAWC] Hawcock, David and MacAllister, Patrick, "Puzzle
Power! Multidimensional Codes, Illusions, Numbers,
and Brainteasers," Little, Brown and Co., New York,
1994.

[HEBR] COMET, "First Hebrew Book (of Cryptology)," JF72, The

Cryptogram, published by the American Cryptogram
Association, 1972.

[HELD] Gilbert, "Top Secret Data Encryption Techniques,"

Prentice Hall, 1993. (great title..limited use)

[HELL] M. Hellman, The mathematics of public key

cryptography. Scientific American, 130--139, 1979.

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For

Divided and Undivided Cryptograms," unpublished
manuscript, 1984.

[HEPP] Hepp, Leo, "Die Chiffriermaschine 'ENIGMA'", F-Flagge,

1978.

[HIDE] Hideo Kubota, " Zai-shi dai-go kokugun tokushu joho

senshi." unpublished manuscript, NIDS.

[HIER] ISHCABIBEL, "Hieroglyphics: Cryptology Started Here,

MA71, The Cryptogram, American Cryptogram Association,
1971.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic

Alphabet", The American Mathematical Monthly, June-
July 1929.

[HIL1] Hill, L. S. 1929. Cryptography in an Algebraic

Alphabet. American Mathematical Monthly. 36:306-312.

[HIL2] Hill, L. S. 1931. Concerning the Linear

Transformation Apparatus in Cryptography. American
Mathematical Monthly. 38:135-154.

[HINS] Hinsley, F. H., "History of British Intelligence in

the Second World War", Cambridge University Press,
Cambridge, 1979-1988.

[HIN2] Hinsley, F. H. and Alan Strip in "Codebreakers -Story

of Bletchley Park", Oxford University Press, 1994.

[HIN3] Hinsley, F. H., et. al., "British Intelligence in The

Second World War: Its Influence on Strategy and
Operations," London, HMSO vol I, 1979, vol II 1981,
vol III, 1984 and 1988.

[HISA] Hisashi Takahashi, "Military Friction, Diplomatic

Suasion in China, 1937 - 1938," The Journal of
International Studies, Sophia Univ, Vol 19, July,
1987.

[HIS1] Barker, Wayne G., "History of Codes and Ciphers in the

U.S. Prior to World War I," Aegean Park Press, Laguna
 Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of

Military Ciphers," Aegean Park Press, Laguna Hills,
CA, 1976.

[HODG] Hodges, Andrew, "Alan Turing: The Enigma," New York,

Simon and Schuster, 1983.

[HOFF] Hoffman, Lance J., editor, "Building In Big Brother:

The Cryptographic Policy Debate," Springer-Verlag,
N.Y.C., 1995. ( A useful and well balanced book of
cryptographic resource materials. )

[HOF1] Hoffman, Lance. J., et. al.," Cryptography Policy,"

Communications of the ACM 37, 1994, pp. 109-17.

[HOLM Holmes, W. J., "Double-Edged Secrets: U.S. Naval

Intelligence Operations in the Pacific During WWII",
Annapolis, MD: Naval Institute Press, 1979.

[HOM1] Homophonic: A Multiple Substitution Number Cipher", S-

TUCK, The Cryptogram, DJ45, American Cryptogram
Association, 1945.

[HOM2] Homophonic: Bilinear Substitution Cipher, Straddling,"

ISHCABIBEL, The Cryptogram, AS48, American Cryptogram
Association, 1948.

[HOM3] Homophonic: Computer Column:"Homophonic Solving,"

PHOENIX, The Cryptogram, MA84, American Cryptogram
Association, 1984.

[HOM4] Homophonic: Hocheck Cipher,", SI SI, The Cryptogram,

JA90, American Cryptogram Association, 1990.

[HOM5] Homophonic: "Homophonic Checkerboard," GEMINATOR, The

Cryptogram, MA90, American Cryptogram Association,
1990.

[HOM6] Homophonic: "Homophonic Number Cipher," (Novice Notes)

LEDGE, The Cryptogram, SO71, American Cryptogram
Association, 1971.

[HUNT] D. G. N. Hunter and A. R. McKenzie, Experiments with

Relaxation Algorithms for Breaking Simple Substitution
Ciphers. Computer Journal 26(1), 1983.

[HYDE] H. Montgomery Hyde, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,

Yorktown Heights, N.Y., 1971.

[IC1 ] GIZMO, "Bifid Period Determination Using a Digraphic

Index of Coincidence, JF79, The Cryptogram, American
 Cryptogram Association, 1979.

[IC2 ] PHOENIX, "Computer Column: Applications of the Index

of Coincidence, JA90, The Cryptogram, American
Cryptogram Association, 1990.

[IC3 ] PHOENIX, "Computer Column: Digraphic Index of

Coincidence, ND90, The Cryptogram, American Cryptogram
Association, 1990.

[IC4 ] PHOENIX, "Computer Column: Index of Coincidence (IC),

JA82, The Cryptogram, American Cryptogram Association,
1982.

[IC5 ] PHOENIX, "Computer Column: Index of Coincidence,

(correction) MA83, The Cryptogram, American Cryptogram
Association, 1983.

[IMPE] D'Imperio, M. E, " The Voynich Manuscript - An Elegant

Enigma," Aegean Park Press, Laguna Hills, CA, 1976.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA,

1994.

[ITAL] Italian - English Dictionary, compiled by Vittore E.

Bocchetta, Fawcett Premier, New York, 1965.

[JAPA] Martin, S.E., "Basic Japanese Conversation

Dictionary," Charles E. Tuttle Co., Toyko, 1981.

[JAPH] "Operational History of Japanese Naval Communications,

December 1941- August 1945, Monograph by Japanese
General Staff and War Ministry, Aegean Park Press,
1985.

[JOHN] Johnson, Brian, 'The Secret War', Arrow Books,

London 1979.

[KADI] al-Kadi, Ibrahim A., Cryptography and Data Security:

Cryptographic Properties of Arabic, Proceedings of the
Third Saudi Engineering Conference. Riyadh, Saudi
Arabia: Nov 24-27, Vol 2:910-921., 1991.

[KAHN] Kahn, David, "The Codebreakers", Macmillian Publishing

Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New

Cryptology," MacMillan Co., New York, 1983.

[KAH2] Kahn, David, "An Enigma Chronology", Cryptologia Vol

XVII,Number 3, July 1993.

[KAH3] Kahn, David, "Seizing The Enigma: The Race to Break

the German U-Boat Codes 1939-1943 ", Houghton Mifflin,
New York, 1991.

[KAMD] J. Kam, G. Davida, A structured design of

substitution-permutation encryption networks. IEEE
Trans. Information Theory, 28(10), 747--753, 1978.
[KARA] Karalekas, Anne, "History of the Central Intelligence
Agency," Aegean Park Press, Laguna Hills, CA, 1977.

[KASI] Kasiski, Major F. W. , "Die Geheimschriften und die

Dechiffrir-kunst," Schriften der Naturforschenden
Gesellschaft in Danzig, 1872.

[KAS1] Bowers, M. W., {ZEMBIE} "Major F. W. Kasiski -

Cryptologist," The Cryptogram, XXXI, JF, 1964.

[KAS2] ----, "Kasiski Method," JF64,MA64, The Cryptogram,

American Cryptogram Association, 1964.

[KAS3] PICCOLA, "Kasiski Method for Periodics," JJ35,AS35,

The Cryptogram, American Cryptogram Association, 1935,
1935.

[KAS4] AB STRUSE, "Who was Kasiski?" SO76, The Cryptogram,

American Cryptogram Association, 1976.

[KATZ] Katzen, Harry, Jr., "Computer Data Security,"Van

Nostrand Reinhold, 1973.

[KERC] Kerckhoffs, "la Cryptographie Militaire, " Journel des

Sciences militaires, 9th series, IX, (January and
February, 1883, Libraire Militaire de L. Baudoin &Co.,
Paris. English trans. by Warren T, McCready of the
University of Toronto, 1964

[KINN] P. Kinnucan, Data encryption gurus: Tuchman and

Meyer. Cryptologia, vol. II #4, 371--XXX, 1978.

[KING] King and Bahler, Probabilistic Relaxation in the

Cryptanalysis of Simple Substitution Ciphers.
Cryptologia 16(3), 215--225, 1992.

[KINB] King and Bahler, An Algorithmic Solution of Sequential

Homophonic Ciphers. Cryptologia 17(2), in press.

[KNUT] D. E. Knuth, The Art of Computer Programming, volume

2: Seminumerical Algorithms. Addison-Wesley, 1981.

[KOCH] Martin Kochanski, A Survey of Data Insecurity

Packages. Cryptologia 11(1), 1--15, 1987.

[KOCM] Martin Kochanski, Another Data Insecurity Package.

Cryptologia 12(3), 165--177, 1988.

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KONH] Konheim, Alan G., "Cryptography -A Primer" , John

Wiley, 1981, pp 212 ff.

[KORD] Kordemsky, B., "The Moscow Puzzles," Schribners, 1972.

[KOTT] Kottack, Phillip Conrad, "Anthropology: The

Exploration Of Human Diversity," 6th ed., McGraw-Hill,
 Inc., New York, N.Y. 1994.

[KOZA] Kozaczuk, Dr. Wladyslaw, "Enigma: How the German

Machine Cipher was Broken and How it Was Read by the
Allies in WWI", University Pub, 1984.

[KOZC] W. Kozaczuk, Enigma. University Publications of

America, 1984 ov, Elementary Cryptanalysis. Math.
Assoc. Am. 1966.

[KRAI] Kraitchek, "Mathematical Recreations," Norton, 1942,

and Dover, 1963.

[KULL] Kullback, Solomon, Statistical Methods in

Cryptanalysis, Aegean Park Press, Laguna Hills, Ca.
1976.

[KUL1] Soloman Kullback, Information Theory and Statistics.

Dover, 1968.

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing

Through The Ages," Abelard-Schuman, London, 1973.

[LAI] Lai, Xuejia, "On the Design and Security of Block

Ciphers," ETH Series in Information Processing 1,
1992. (Article defines the IDEA Cipher)

[LAIM] Lai, Xuejia, and James L. Massey, "A Proposal for a

New Block Encryption Standard," Advances in Cryptology
-Eurocrypt 90 Proceedings, 1992, pp. 55-70.

[LAKE] Lakoff, R., "Language and the Women's Place," Harper &
Row, New York, 1975.

[LAKS] S. Lakshmivarahan, Algorithms for public key

cryptosystems. In Advances in Computers, M. Yovtis
ed., 22, Academic Press, 45--108, 1983.

[LANG] Langie, Andre, "Cryptography," translated from French

by J.C.H. Macbeth, Constable and Co., London, 1922.

[LAN1] Langie, Andre, "Cryptography - A Study on Secret

Writings", Aegean Park Press, Laguna Hills, CA. 1989.

[LAN2] Langie, Andre, and E. A. Soudart, "Treatise on

Cryptography, " Aegean Park Press, Laguna Hills, CA.
1991.

[LATI] BRASSPOUNDER, "Latin Language Data, "The Cryptogram,"

July-August 1993.

[LAUE] Lauer, Rudolph F., "Computer Simulation of Classical

Substitution Cryptographic Systems" Aegean Park Press,
1981, p72 ff.

[LEAR] Leary, Penn, " The Second Cryptographic Shakespeare,"

Omaha, NE [from author] 1994.
[LEA1] Leary, Penn, " Supplement to The Second Cryptographic
Shakespeare," Omaha, NE [from author] 1994.

[LEAU] Leaute, H., "Sur les Mecanismes Cryptographiques de M.

de Viaris," Le Genie Civil, XIII, Sept 1, 1888.

[LEDG] LEDGE, "NOVICE NOTES," American Cryptogram

Association, 1994. [ One of the best introductory
texts on ciphers written by an expert in the field.
Not only well written, clear to understand but as
authoritative as they come! ]

[LED1] LEDGE, "Basic Patterns in Base Eleven and Twelve

Arithmetic (Part 1) ," The Cryptogram, American
Cryptogram Association, Vol XLIII, No. 5, 1977.

[LED2] LEDGE, "Basic Patterns in Base Eleven and Twelve

Arithmetic (Part 2) ," The Cryptogram, American
Cryptogram Association, Vol XLIII, No. 6, 1977.

[LEMP] A. Lempel, Cryptology in transition, Computing

Surveys, 11(4), 285--304, 1979.

[LENS] Lenstra, A.K. et. al. "The Number Field Sieve,"

Proceedings of the 22 ACM Symposium on the Theory of
Computing," Baltimore, ACM Press, 1990, pp 564-72.

[LEN1] Lenstra, A.K. et. al. "The Factorization of the Ninth

Fermat Number," Mathematics of Computation 61 1993,
pp. 319-50.

[LEWF] Lewis, Frank, "Problem Solving with Particular

Reference to the Cryptic (or British) Crossword and
other 'American Puzzles', Part One," by Frank Lewis,
Montserrat, January 1989.

[LEW1] Lewis, Frank, "The Nations Best Puzzles, Book Six," by

Frank Lewis, Montserrat, January 1990.

[LEWI] Lewin, Ronald, 'Ultra goes to War', Hutchinson,

London 1978.

[LEWN] Lewin, Ronald, 'The American Magic - Codes, ciphers

and The Defeat of Japan', Farrar Straus Giroux, 1982.

[LEWY] Lewy, Guenter, "America In Vietnam", Oxford University

Press, New York, 1978.

[LEVI] Levine, J., U.S. Cryptographic Patents 1861-1981,

Cryptologia, Terre Haute, In 1983.

[LEV1] Levine, J. 1961. Some Elementary Cryptanalysis

of Algebraic Cryptography. American Mathematical
Monthly. 68:411-418

[LEV2] Levine, J. 1961. Some Applications of High-

 Speed Computers to the Case n =2 of Algebraic
Cryptography. Mathematics of Computation. 15:254-260

[LEV3] Levine, J. 1963. Analysis of the Case n =3 in

Algebraic Cryptography With Involuntary Key Matrix
With Known Alphabet. Journal fuer die Reine und
Angewante Mathematik. 213:1-30.

[LISI] Lisicki, Tadeusz, 'Dzialania Enigmy', Orzet Biaty,

London July-August, 1975; 'Enigma i Lacida',
Przeglad lacznosci, London 1974- 4; 'Pogromcy
Enigmy we Francji', Orzet Biaty, London, Sept.
1975.'

[LUBY] C. Rackoff, M. Luby, How to construct psuedorandom

permutations from psuedorandom functions. SIAM Journal
of Computing, vol. 17, #2, 373--386, 1988.

[LUCK] Michael Lucks, A Constraint Satisfaction Algorithm for

the Automated Decryption of Simple Substitution
Ciphers. In CRYPTO '88. 598--605, 1979.

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[LYN1] Lynch, Frederick D., "An Approach To Cryptarithms,"

ACA, 1976.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret

Writing," David Kemp Co., NY 1936.

[MACI] Macintyre, D., "The Battle of the Atlantic," New York,

Macmillan, 1961.

[MADA] Madachy, J. S., "Mathematics on Vacation," Scribners,

1972.

[MAGN] Magne, Emile, Le plaisant Abbe de Boisrobert, Paris,

Mecure de France, 1909.

[MANN] Mann, B.,"Cryptography with Matrices," The Pentagon,

Vol 21, Fall 1961.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and

Ciphers", Alexander Maclehose & Co., London, 1936.

[MARO] Marotta, Michael, E. "The Code Book - All About

Unbreakable Codes and How To Use Them," Loompanics
Unlimited, 1979. [This is a terrible book. Badly
written, without proper authority, unprofessional, and
prejudicial to boot. And, it has one of the better
illustrations of the Soviet one-time pad with example,
with three errors in cipher text, that I have
corrected for the author.]

[MARS] Marshall, Alan, "Intelligence and Espionage in the

Reign of Charles II," 1660-1665, Cambridge University,
New York, N.Y., 1994.
[MASS] J. Massey, An introduction to contemporary cryptology,
IEEE proceedings, 76(5), 533--549, 1988.

[MART] Martin, James, "Security, Accuracy and Privacy in

Computer Systems," Prentice Hall, Englewood Cliffs,
N.J., 1973.

[MAST] Lewis, Frank W., "Solving Cipher Problems -

Cryptanalysis, Probabilities and Diagnostics," Aegean
Park Press, Laguna Hills, CA, 1992.

[MAU] Mau, Ernest E., "Word Puzzles With Your

Microcomputer," Hayden Books, 1990.

[MAVE] Mavenel, Denis L., Lettres, Instructions

Diplomatiques et Papiers d' Etat du Cardinal
Richelieu, Historie Politique, Paris 1853-1877
Collection.

[MAYA] Coe, M. D., "Breaking The Maya Code," Thames and

Hudson, New York, 1992.

[MAZU] Mazur, Barry, "Questions On Decidability and

Undecidability in Number Theory," Journal of Symbolic
Logic, Volume 54, Number 9, June, 1994.

[MELL] Mellen G. 1981. Graphic Solution of a Linear

Transformation Cipher. Cryptologia. 5:1-19.

[MEND] Mendelsohn, Capt. C. J., Studies in German Diplomatic

Codes Employed During World War, GPO, 1937.

[MERK] Merkle, Ralph, "Secrecy, Authentication and Public Key

Systems," Ann Arbor, UMI Research Press, 1982.

[MER1] Merkle, Ralph, "Secure Communications Over Insecure

Channels," Communications of the ACM 21, 1978, pp.
294-99.

[MER2] Merkle, Ralph and Martin E. Hellman, "On the Security

of Multiple Encryption ," Communications of the ACM
24, 1981, pp. 465-67.

[MER3] Merkle, Ralph and Martin E. Hellman, "Hiding

Information and Signatures in Trap Door Knapsacks,"
IEEE Transactions on Information Theory 24, 1978, pp.
525-30.

[MER4] R. Merkle, Fast software encryption functions. In

Proceedings of CRYPTO '90, Menezes and Vanstone ed.,
476--501, 1991.

[MEYE] C. Meyer and S. Matyas, Cryptography: A new dimension

in computer security. Wiley, 1982.

[MEYR] C. Meyer, Ciphertext/plaintext and ciphertext/key

dependence vs. number of rounds for the Data
Encryption Standard. AFIPS Conference proceedings, 47,
1119--1126, 1978.
[MILL] Millikin, Donald, " Elementary Cryptography ", NYU
Bookstore, NY, 1943.

[MODE] Modelski, Tadeusz, 'The Polish Contribution to the

Ultimate Allied Victory in the Second World War',
Worthing (Sussex) 1986.

[MRAY] Mrayati, Mohammad, Yahya Meer Alam and Hassan al-

Tayyan., Ilm at-Ta'miyah wa Istikhraj al-Mu,amma Ind
al-Arab. Vol 1. Damascus: The Arab Academy of
Damascus.,
1987.

[MULL] Mulligan, Timothy," The German Navy Examines its

Cryptographic Security, Oct. 1941, Military affairs,
vol 49, no 2, April 1985.

[MYER] Myer, Albert, "Manual of Signals," Washington, D.C.,

USGPO, 1879.

[NBS] National Bureau of Standards, "Data Encryption

Standard," FIPS PUB 46-1, 1987.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog Signals

for the Navy with Brief Description of the Ardois
Hight System," In Proceedings of the United States
Naval Institute, Annapolis: U. S. Naval Institute,
1891.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts 1-3,"

ACA-L, August 24, 1995.

[NIC3] Nichols, Randall K., "German Reduction Ciphers Parts

1-4," ACA-L, September 15, 1995.

[NIC4] Nichols, Randall K., "Russian Cryptography Parts 1-3,"

ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F.

Friedman", NCSA FORUM, August 20, 1995.

[NIC6] Nichols, Randall K., "Wallis and Rossignol," NCSA

FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to

Cryptography,", in The Cryptogram, ND95, ACA, 1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down

Morse Code System," The Cryptogram, SO95, ACA
Publications, 1995.

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM, March

10, 1995.
[NICX] Nichols, R. K., Keynote Speech to A.C.A. Convention,
"Breaking Ciphers in Other Languages.," New Orleans,
La., 1993.

[NICK] Nickels, Hamilton, "Codemaster: Secrets of Making and

Breaking Codes," Paladin Press, Boulder, CO., 1990.

[NIHL] PHOENIX," Computer Column: Nihilist Substitution,"

MA88, The Cryptogram, American Cryptogram
Association, 1988.

[NIH1] PHOENIX," Computer Column: Nihilist Substitution,"

MJ88, The Cryptogram, American Cryptogram
Association, 1988.

[NIH2] PHOENIX," Computer Column: Nihilist Substitution,"

JA88, The Cryptogram, American Cryptogram
Association, 1988.

[NIH3] PHOENIX," Computer Column: Nihilist Substitution,"

JA89, The Cryptogram, American Cryptogram
Association, 1989.

[NIH4] FIDDLE and CLEAR SKYS," FIDDLE'S slide for Nihilist

Number Substitution," ON48, The Cryptogram, American
Cryptogram Association, 1948.

[NIH5] RIG R. MORTIS," Mixed Square Nihilist," JA60, The

Cryptogram, American Cryptogram Association, 1960.

[NIH6] PICCOLA," Nihilist Number Cipher," AS37, The

Cryptogram, American Cryptogram Association, 1937.

[NIH7] PICCOLA," Nihilist Transposition," DJ38, The

Cryptogram, American Cryptogram Association, 1938.

[NORM] Norman, Bruce, 'Secret Warfare', David & Charles,

Newton Abbot (Devon) 1973.

[NORW] Marm, Ingvald and Sommerfelt, Alf, "Norwegian," Teach

Yourself Books, Hodder and Stoughton, London, 1967.

[NSA] NSA's Friedman Legacy - A Tribute to William and

Elizabeth Friedman, NSA Center for Cryptological

[NSA1] NMasked Dispatches: Cryptograms and Cryptology in

American History, 1775 -1900. Series 1, Pre World War
I Volume I, National Security Agency, Central Security
Service, NSA Center for Cryptological History, 1993.

[OHAV] OHAVER, M. E., "Solving Cipher Secrets," Aegean Park

Press, 1989.

[OHA1] OHAVER, M. E., "Cryptogram Solving," Etcetera Press,

1973.

[OKLA] Andre, Josephine and Richard V. Andree,

"Cryptarithms," Unit One, Problem Solving and Logical
Thinking, University of Oklahoma, Norman, Ok. Copy
 No: 486, 1976.

[OKLI] Andre, Josephine and Richard V. Andree, " Instructors

Manual For Cryptarithms," Unit One, Problem Solving
and Logical Thinking, University of Oklahoma, Norman,
Ok. Copy No: 486, 1976.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[ORAN] The ``Orange Book'' is DOD 520 0.28-STD, published

December 1985 as part of the ``rainbow book'' series.
Write to Department of Defense, National Security
Agency, ATTN: S332, 9800 Savage Road, Fort Meade, MD
20755-6000, and ask for the Trusted Computer System
Evaluation Criteria. Or call 301-766-8729. The
``Orange Book'' will eventually be replaced by the
U.S. Federal Criteria for Information Technology
Security (FC) online at the NIST site [FTPNS], which
also contains information on other various proposed
and active federal standards.

[OTA] "Defending Secrets, Sharing Data: New Locks and Keys

for Electronic Information," Office of Technology
Assessment, 1988.

[OZK ] OZ,"Variation in Letter Frequency with Cipher Length

or Where Did All Those K's Come From? ," SO59, The
Cryptogram, American Cryptogram Association, 1959.

[PATT] Wayne Patterson, Mathematical Cryptology for Computer

Scientists and Mathematicians. Rowman & Littlefield,
1987.

[PEAR] "Pearl Harbor Revisited," U.S. Navy Communications

Intelligence, 1924-1941, U.S. Cryptological History
Series, Series IV, World War II, Volume 6, NSA CSS ,
CH-E32-94-01, 1994.

[PECK] Peck, Lyman C., "Secret Codes, Remainder Arithmetic,

and Matrices," National Counsil of Teachers of
Mathematics, Washington, D.C. 1971.

[PELE] S. Peleg and A. Rosenfeld, Breaking Substitution

Ciphers Using a Relaxation Algorithm. CACM 22(11),

[PERR] Perrault, Charles, Tallement des Reaux, Les

Historiettes, Bibliotheque del La Pleiade, Paris 1960,
pp 256-258.

[PFLE] C. Pfleeger, Security in Computing. Prentice-Hall,

1989.

[PGP] Garfinkel, Simson, "PGP: Pretty Good Privacy,"

O'reilly and Associates, Inc. Sebastopol, CA. 1995.

[PHL ] PHIL,"System Identification by General Frequencies,"

AM48, The Cryptogram, American Cryptogram Association,
1948.
[PHIL] Phillips, H., "My Best Puzzles in Logic and
Reasoning," Dover, 1961.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,

Ventura, Ca. 93003, 1994.

[PIE1] Pierce, Clayton C., "Privacy, Cryptography, and Secure

Communication ", 325 Carol Drive, Ventura, Ca. 93003,
1977.

[POLY] Polya, G., "Mathematics and Plausible Reasoning,"

Princeton Press, 1954.

[POL1] Polya, G., "How To Solve It.," Princeton Press, 1948.

[POPE] Pope, Maurice, "The Story of Decipherment: From

Egyptian Hieroglyphic to Linear B., Thames and Hudson
Ltd., 1975.

[PORT] Barker, Wayne G. "Cryptograms in Portuguese," Aegean

Park Press, Laguna Hills, CA., 1986.

[POR1] Aliandro, Hygino, "The Portuguese-English Dictionary,"

Pocket Books, New York, N.Y., 1960.

[POUN] Poundstone, William, "Biggest Secrets," Quill

Publishing, New York, 1993. ( Explodes the Beale
Cipher Hoax.)

[PRIC] Price, A.,"Instruments of Darkness: the History of

Electronic Warfare, London, Macdonalds and Janes,
1977.

[PRI1] W. Price, D. Davies, Security for computer networks.

Wiley, 1984.

[PROT] "Protecting Your Privacy - A Comprehensive Report On

Eavesdropping Techniques and Devices and Their
Corresponding Countermeasures," Telecommunications
Publishing Inc., 1979.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &

C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &

C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G

& C. Merriam Co., Norman, OK. 1981.

[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,

Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.

Merriam Co., Norman, OK. 1982.
[RAND] Randolph, Boris, "Cryptofun," Aegean Park Press, 1981.

[RB1] Friedman, William F., The Riverbank Publications,

Volume 1," Aegean Park Press, 1979.

[RB2] Friedman, William F., The Riverbank Publications,

Volume 2," Aegean Park Press, 1979.

[RB3] Friedman, William F., The Riverbank Publications,

Volume 3," Aegean Park Press, 1979.

[REED] J. Reeds, `Cracking' a Random Number Generator.

Cryptologia 1(1), 20--26, 1977.

[REE1] J. A. Reeds and P. J. Weinberger, File Security and

the UNIX Crypt Command. AT&T Bell Laboratories
Technical Journal, Vol. 63 #8, part 2, 1673--1684,
October, 1984.

[REJE] Rejewski, Marian, "Mathematical Solution of the Enigma

Cipher" published in vol 6, #1, Jan 1982 Cryptologia
pp 1-37.

[RELY] Relyea, Harold C., "Evolution and Organization of

Intelligence Activities in the United States," Aegean
Park Press, 1976.

[RENA] Renauld, P. "La Machine a' chiffrer 'Enigma'",

Bulletin Trimestriel de l'association des Amis de
L'Ecole superieure de guerre no 78, 1978.

[RHEE] Rhee, Man Young, "Cryptography and Secure

Communications," McGraw Hill Co, 1994

[RIVE] Rivest, Ron, "Ciphertext: The RSA Newsletter 1, 1993.

[RIV1] Rivest, Ron, Shamir, A and L. Adleman, "A Method for

Obtaining Digital Signatures and Public Key
Cryptosystems," Communications of the ACM 21, 1978.

[ROAC] Roach, T., "Hobbyist's Guide To COMINT Collection and

Analysis," 1330 Copper Peak Lane, San Jose, Ca. 95120-
4271, 1994.

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[ROHE] Jurgen Rohwer's Comparative Analysis of Allied and

Axis Radio-Intelligence in the Battle of the Atlantic,
Proceedings of the 13th Military History Symposium,
USAF Academy, 1988, pp 77-109.

[ROHW] Rohwer Jurgen, "Critical Convoy Battles of March

1943," London, Ian Allan, 1977.

[ROH1] Rohwer Jurgen, "Nachwort: Die Schlacht im Atlantik in

der Historischen Forschung, Munchen: Bernard and
Graefe, 1980.
[ROH2] Rohwer Jurgen, et. al. , "Chronology of the War at
Sea, Vol I, 1939-1942, London, Ian Allan, 1972.

[ROH3] Rohwer Jurgen, "U-Boote, Eine Chronik in Bildern,

Oldenburs, Stalling, 1962. Skizzen der 8 Phasen.

[ROOM] Hyde, H. Montgomery, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[ROSE] Budge, E. A. Wallis, "The Rosetta Stone," British

Museum Press, London, 1927.

[RSA] RSA Data Security, Inc., "Mailsafe: Public Key

Encryption Software Users Manual, Version 5.0, Redwood
City, CA, 1994

[RUEP] R. Rueppel, Design and Analysis of Stream Ciphers.

Springer-Verlag, 1986.

[RUNY] Runyan, T. J. and Jan M. Copes "To Die Gallently",

Westview Press 1994, p85-86 ff.

[RYP1] A B C, "Adventures in Cryptarithms (digital maze),"

JA63, The Cryptogram, published by the American
Cryptogram Association, 1963.

[RYP2] CROTALUS "Analysis of the Classic Cryptarithm,"MA73,

The Cryptogram, published by the American Cryptogram
Association, 1973.

[RYP3] CLEAR SKIES "Another Way To Solve Cryptarithms,"DJ44,

The Cryptogram, published by the American Cryptogram
Association, 1944.

[RYP4] CROTALUS "Arithemetic in Other Bases (Duodecimal

table),"JF74, The Cryptogram, published by the
American Cryptogram Association, 1974.

[RYP5] LEDGE, "Basic Patterns in Base Eleven and Twelve

Arithmetic,"SO77, ND77, The Cryptogram, published by
the American Cryptogram Association, 1977,1977.

[RYP6] COMPUTER USER, "Computer Solution of Cryptarithms,"

JF72, The Cryptogram, published by the American
Cryptogram Association, 1972.

[RYP7] PIT, "Cryptarithm Crutch," JA80, The Cryptogram,

published by the American Cryptogram Association,
1980.

[RYP8] DENDAI, DICK, "Cryptarithm Ccub root," ND76, The

Cryptogram, published by the American Cryptogram
Association, 1976.

[RYP9] S-TUCK, "Cryptarithm in Addition," AM44, The

Cryptogram, published by the American Cryptogram
Association, 1944.
[RYPA] APEX DX, "Cryptarithm Line of Attack," ND91, The
Cryptogram, published by the American Cryptogram
Association, 1991.

[RYPB] HUBBUBBER and CROTALUS, "Cryptarithm Observations,"

ND73, The Cryptogram, published by the American
Cryptogram Association, 1973.

[RYPC] CROTALUS, "Cryptarithms and Notation," JF73, The

Cryptogram, published by the American Cryptogram
Association, 1973.

[RYPD] JUNKERL, "Cryptarithms: The digital root method,"

AS43, The Cryptogram, published by the American
Cryptogram Association, 1943.

[RYPE] CROTALUS, "Divisibility by Eleven," ND89, The

Cryptogram, published by the American Cryptogram
Association, 1989.

[RYPF] S-TUCK, "Double Key Division," JJ43, The Cryptogram,

published by the American Cryptogram Association,
1943.

[RYPG] NEOTERIC, "Duo-Decimal Cryptarithms," AM40, The

Cryptogram, published by the American Cryptogram
Association, 1940.

[RYPH] QUINTUPLEX, "Duo-Decimal Cryptarithms," JJ40, The

Cryptogram, published by the American Cryptogram
Association, 1940.

[RYPI] FIDDLE, "Exhausitive for Three," JF59, The Cryptogram,

published by the American Cryptogram Association,
1959.

[RYPJ] ---, "Finding the Zero In Cryptarithms," DJ42, The

Cryptogram, published by the American Cryptogram
Association, 1942.

[RYPK] FILM-D, "Greater than Less than Diagram for

Cryptarithms," DJ51, The Cryptogram, published by the
American Cryptogram Association, 1951.

[RYPL] MI TI TI, "Introduction To Cryptarithms," SO63, The

Cryptogram, published by the American Cryptogram
Association, 1963.

[RYPM] FORMALHUT, "Leading Digit Analysis in Cryptarithms,"

JA91, The Cryptogram, published by the American
Cryptogram Association, 1991.

[RYPN] CROTALUS, "Make Your Own Arithmetic Tables In Other

Bases," MJ89, The Cryptogram, published by the
American Cryptogram Association, 1989.

[RYPO] BACEDI, "Method for Solving Cryptarithms," JF78, The

 Cryptogram, published by the American Cryptogram
Association, 1978.

[RYPP] SHERLAC, "More on Cryptarithms," DJ44, The Cryptogram,

published by the American Cryptogram Association,
1944.

[RYPQ] FIRE-O, "Multiplicative Structures," MJ70, The

Cryptogram, published by the American Cryptogram
Association, 1970.

[RYPR] CROTALUS, "Solving A Division Cryptarithm," JA73, The

Cryptogram, published by the American Cryptogram
Association, 1973.

[RYPS] CROTALUS, "Solving A Multiplication Cryptarithm,"

MJ73, The Cryptogram, published by the American
Cryptogram Association, 1973.

[RYPT] PHOENIX, "Some thoughts on Solving Cryptarithms,"

SO87, The Cryptogram, published by the American
Cryptogram Association, 1987.

[RYPU] CROTALUS, "Square Root Cryptarithms," SO73, The

Cryptogram, published by the American Cryptogram
Association, 1973.

[RYPV] FIDDLE, "Theory of Duplicated Digital Figures,"

JJ53, The Cryptogram, published by the American
Cryptogram Association, 1953.

[RYPW] FIDDLE, "Theory of Three Unlike Digital Figures,"

AS52, The Cryptogram, published by the American
Cryptogram Association, 1952.

[RYPX] CROTALUS, "Unidecimal Tables," MJ73, The Cryptogram,

published by the American Cryptogram Association,
1973.

[RYSK] Norbert Ryska and Siegfried Herda, "Kryptographische

Verfahren in der Datenverarbeitung," Gesellschaft fur
Informatik, Berlin, Springer-Verlag1980.

[SADL] Sadler, A. L., "The Code of the Samurai," Rutland and

Tokyo: Charles E. Tuttle Co., 1969.

[SACC] Sacco, Generale Luigi, " Manuale di Crittografia",

3rd ed., Rome, 1947.

[SALE] Salewski, Michael, "Die Deutscher Seekriegsleitung,

1938- 1945, Frankfurt/Main: Bernard and Graefe, 1970-
1974. 3 volumes.

[SANB] Sanbohonbu, ed., "Sanbohonbu kotokan shokuinhyo." NIDS

Archives.

[SAPR] Sapir, E., "Conceptual Categories in Primitive

Language," Science: 74: 578-584., 1931.
[SASS] Sassoons, George, "Radio Hackers Code Book",
Duckworth, London, 1986.

[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," John Wiley and Sons,
1994.

[SCH2] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," 2nd ed., John Wiley
and Sons, 1995.

[SCHU] Schuh, fred, "Master Book of Mathematical Recreation,"

Dover, 1968.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San

Francisco, 1994.

[SEBE] Seberry, Jennifer and Joseph Pieprzyk, "Cryptography:

An Introduction to Computer Security," Prentice Hall,
1989. [CAREFUL! Lots of Errors - Basic research
efforts may be flawed - see Appendix A pg 307 for
example.]

[SALO] A. Saloma, Public-key cryptography. Springer-Verlag,

1990.

[SHAF] Shafi Goldwasser, Silvio Micali, Probabilistic

Encryption and How To Play Mental Poker Keeping Secret
All Partial Information. Proceedings of the
Fourteenth Annual ACM Symposium on Theory of
Computing, 1982.

[SHAN] Shannon, C. E., "The Communication Theory of Secrecy

Systems," Bell System Technical Journal, Vol 28
(October 1949).

[SHAN] C. Shannon, Communication Theory of Secrecy Systems.

Bell System Technical Journal 28(4), 656--715, 1949.

[SHEM] B. Kaliski, R. Rivest, A. Sherman, Is the Data

Encryption Standard a Group. Journal of Cryptology,
vol. 1, #1, 1--36, 1988.

[SHIM] A. Shimizu, S. Miyaguchi, Fast data encipherment

algorithm FEAL. EUROCRYPT '87, 267--278, 1988.

[SHIR] K. Shirriff, C. Welch, A. Kinsman, Decoding a VCR

Controller Code. Cryptologia 16(3), 227--234, 1992.

[SIMM] G. Simmons (ed.), Contemporary Cryptology: the Science

of Information Integrity. IEEE press, 1991.10.4.
Reference articles

[SORK] A. Sorkin, LUCIFER: a cryptographic algorithm.

Cryptologia, 8(1), 22--35, 1984.

[SPIL] R. Spillman et al., Use of Genetic Algorithms in

Cryptanalysis of Simple Substitution Ciphers.
 Cryptologia 17(1), 31--44, 1993.

[SHIN] Shinsaku Tamura, "Myohin kosaku," San'ei Shuppansha,

Toyko, 1953.

[SHUL] Shulman, David, "An Annotated Bibliography of

Cryptography," Garland Publishing, New York, 1976.

[SIC1] S.I. Course in Cryptanalysis, Volume I, June 1942,

Aegean Park Press, Laguna Hills , CA. 1989.

[SIC2] S.I. Course in Cryptanalysis, Volume II, June 1942,

Aegean Park Press, Laguna Hills , CA. 1989.

[SIG1] "International Code Of Signals For Visual, Sound, and

Radio Communications," Defense Mapping Agency,
Hydrographic/Topographic Center, United States Ed.
Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound, and

Radio Communications," U. S. Naval Oceanographic
Office, United States Ed., Pub. 102, 1969.
[SIMM] Simmons, G. J., "How To Insure that Data Acquired to
Verify Treaty Compliance are Trustworthy, " in
"Authentication without secrecy: A secure
communications problem uniquely solvable by asymmetric
encryption techniques.", IEEE EASCON 79, Washington,
1979, pp. 661-62.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.

[SMIH] Smith, David E., "John Wallis as Cryptographer",

Bulletin of American Mathematical Society, XXIV, 1917.

[SMIT] Smith, Laurence D., "Cryptography, the Science of

Secret Writing," Dover, NY, 1943.

[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag Archipelago I-

III, " Harper and Row, New York, N.Y., 1975.

[SPAN] Barker, Wayne G. "Cryptograms in Spanish," Aegean Park

Press, Laguna Hills, CA., 1986.

[STAL] Stallings, William, "Protect Your Privacy: A Guide for

PGP Users," Prentice Hall PTR, 1995.

[STEV] Stevenson, William, 'A Man Called INTREPID',

Macmillan, London 1976.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"

CRC Press, London, 1995.

[STIX] Stix, F., Zur Geschicte und Organisation der Wiener

Geheimen Ziffernkanzlei, Mitteilungen des
Osterreichischen Instituts fir Geschichtsforschung,
LI 1937.

[STUR] Sturtevant, E. H. and Bechtel, G., "A Hittite

 Chrestomathy," Linguistic Society of American and
University of Pennsylvania, Philadelphia, 1935.

[SURV] Austin, Richard B.,Chairman, "Standards Relating To

Electronic Surveillance," American Bar Association
Project On Minimum Standards For Criminal Justice,
Tentative Draft, June, 1968.

[SUVO] Suvorov, Viktor "Inside Soviet Military Intelligence,"

Berkley Press, New York, 1985.

[TERR] Terrett, D., "The Signal Corps: The Emergency (to

December 1941); G. R. Thompson, et. al, The Test(
December 1941 - July 1943); D. Harris and G.
Thompson, The Outcome;(Mid 1943 to 1945), Department
of the Army, Office of the Chief of Military History,
USGPO, Washington,1956 -1966.

[THEO] Theodore White and Annalee Jacoby, "Thunder Out Of

China," William Sloane Assoc., New York, 1946.

[THOM] Thompson, Ken, "Reflections on Trusting Trust,"

Communications of the ACM 27, 1984.

[TILD] Glover, D. Beaird, Secret Ciphers of The 1876

Presidential Election, Aegean Park Press, Laguna
Hills, Ca. 1991.

[TM32] TM 32-250, Fundamentals of Traffic Analysis (Radio

Telegraph) Department of the Army, 1948.

[TORR] Torrieri, Don J., "Principles of Military

Communication Systems," Artech, 1981.

[TRAD] U. S. Army Military History Institute, "Traditions of

The Signal Corps., Washington, D.C., USGPO, 1959.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The Cipher
Dispatches, New York, 1879.

[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite de

Jean Tritheme ,Paris: Editions Traditionelles, 1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[TUKK] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[TURN] Turn, Rein, "Advances in Computer Security," Artec

House, New York, 1982. [Original papers on Public Key
Cryptography, RSA, DES]

[UBAL] Ubaldino Mori Ubaldini, "I Sommergibili begli Oceani:

La Marina Italian nella Seconda Guerra Mondiale," vol
XII, Roma, Ufficio Storico della Marina Militare,
 1963.

[USAA] U. S. Army, Office of Chief Signal Officer,

"Instructions for Using the Cipher Device Type M-94,
February, 1922," USGPO, Washington, 1922.

[USAH] Gilbert, James L. and John P. Finnegan, Eds. "U. S.

Army Signals Intelligence in World War II: A
Documentary History," Center of Military History,
United States Army, Washington, D.C. 1993

[USSF] "U.S. Special Forces Operational Techniques," FM 31-

20, Headquarters Department Of The Army, December
1965.

[USOT] "U.S. Special Forces Recon Manual," Elite Unit

Tactical Series, Lancer, Militaria, Sims, ARK. 71969,
1982.

[VAIL] Vaille, Euggene, Le Cabinet Noir, Paris Presses

Universitaires de Frances, 1950.

[VALE] Valerio, "De La Cryptographie," Journal des Scienses

militares, 9th series, Dec 1892 - May 1895, Paris.

[VAND] Van de Rhoer, E., "Deadly Magic: A personal Account of

Communications Intilligence in WWII in the Pacific,
New York, Scriber, 1978.

[VERN] Vernam, A. S., "Cipher Printing Telegraph Systems For

Secret Wire and Radio Telegraphic Communications," J.
of the IEEE, Vol 45, 109-115 (1926).

[VIAR] de Viaris in Genie Civil: "Cryptographie",

Publications du Journal Le Genie Civil, 1888.

[VIA1] de Viaris, "L'art de chiffre et dechiffre les depeches

secretes," Gauthier-Villars, Paris, 1893.

[VOGE] Vogel, Donald S., "Inside a KGB Cipher," Cryptologia,

Vol XIV, Number 1, January 1990.

[VN] "Essential Matters - History of the Cryptographic

Branch of the Peoples Army of Viet-Nam, 1945 - 1975,"
U.S. Cryptological History Series, Series V, NSA CSS,
CH-E32-94-02, 1994.

[WALL] Wallis, John, "A Collection of Letters and other

Papers in Cipher" , Oxford University, Bodleian
Library, 1653.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and

Eleven Letters in Length, Aegean Park Press, Laguna
Hills, CA 92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and

Greater in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.
[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius," in
Tudor Studies, Longmans and Green, London, 1924.

[WAY] Way, Peter, "Codes and Ciphers," Crecent Books, 1976.

[WEBE] Weber, Ralph Edward, "United States Diplomatic Codes

and Ciphers, 1175-1938, Chicago, Precedent Publishing,
1979.

[WELH] D. Welsh, Codes and Cryptography. Claredon Press,

1988.

[WELS] Welsh, Dominic, "Codes and Cryptography," Oxford

Science Publications, New York, 1993.

[WELC] Welchman, Gordon, 'The Hut Six Story', McGraw-Hill,

New York 1982.

[WELS] Welsh, Dominic, "Codes and Cryptography," Oxford

Science Publications, New York, 1993.

[WHOR] Whorf, B. L., "A Linguistic Consideration of Thinking

In Primitive Communities," In Language, Thought, and
Reality: Selected Writings of Benjamin Lee Whorf, ed.
J. B. Carroll, Cambridge, MA: MIT Press, pp. 65-86.,
1956.

[WILL] Williams, Eugenia, "An Invitation to Cryptograms,"

Simon and Schuster, 1959.

[WILD] Wildman, Ted, "The Expendables," Clearwater Pub., 1983

[WINJ] Winton, J., " Ultra at Sea: How Breaking the Nazi Code
Affected Allied Naval Strategy During WWII," New Uork,
William Morror, 1988.

[WINK] Winkle, Rip Van, "Hungarian: The Cryptogram,", March -

April 1956.

[WINF] Winterbotham, F.W., 'The Ultra Secret', Weidenfeld

and Nicolson, London 1974.

[WINR] Winter, Jack, "Solving Cryptarithms," ACA, 1984.

[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill Books,

NY, 1970.

[WOLF] Wolfe, Jack M., " A First Course in Cryptanalysis,"

Brooklin College Press, NY, 1943.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"

Crown Publishers, New York, 1990.

[XEN1] PHOENIX, "Xenocrypt Handbook," American Cryptogram

Association, 1 Pidgeon Dr., Wilbraham, MA., 01095-
2603, for publication March, 1996.

[YAOA] A. Yao, Computational Information Theory. In

 Complexity in Information Theory, ed. by Abu-Mostafa,
1988.

[YARD] Yardley, Herbert, O., "The American Black Chamber,"

Bobbs-Merrill, NY, 1931.

[YAR1] Yardley, H. O., "The Chinese Black Chamber," Houghton

Mifflin, Boston, 1983.

[YAR2] Yardley, H. O., "Yardleygrams", Bobbs Merrill, 1932.

[YAR3] Yardley, H. O., "The Education of a Poker Player,

Simon and Schuster, 1957.

[YOKO] Yukio Yokoyama, "Tokushu joho kaisoka," unpublished

handwritten manuscript.

[YOUS] Youshkevitch, A. P., Geschichte der Mathematik im

Mittelatter, Liepzig, Germany: Teubner, 1964.

[YUKI] Yukio Nishihara, "Kantogan tai-So Sakusenshi," Vol

17., unpublished manuscript, National Institute for
Defense Studies Military Archives, Tokyo.,(hereafter
NIDS Archives)

[ZIM] Zim, Herbert S., "Codes and Secret Writing." William

Morrow Co., New York, 1948.

[ZEND] Callimahos, L. D., Traffic Analysis and the Zendian

Problem, Agean Park Press, 1984. (also available
through NSA Center for Cryptologic History)

[ZYZZ] ZYZZ,"Sinkov's Frequency Matching," JA93, The

Cryptogram, American Cryptogram Association, 1993.

From [email protected] Jun 10 13:42:15 1996

Date: Mon, 10 Jun 1996 12:51:06 EDT
From: "Randy Nichols, ACA President" <[email protected]>
Reply to: ACA-L <[email protected]>
To: Multiple recipients of list ACA-L <[email protected]>
Subject: LECTURE 13

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

June 10, 1996

Revision 0

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 13

APERIODIC SYSTEMS

IMPROVING CRYPTOGRAPHIC SECURITY IN POLYALPHABETIC SYSTEMS

SUMMARY

Lecture 13 describes the difficult aperiodic polyalphabetic

case and reconsiders the Principle of Superimposition. We
diagram the topics (I consider the heart) considered in
Lectures 10 - 13. We develop our subject via the following
references [FRE3], [SACC], [BRYA], [SINK], [OP20] and [ELCY].

COURSE SCHEDULE CHANGES

In order to be more cost-efficient, I have been thinking how

to condense some of my future lecture material. Here is how
the schedule looks for the balance of my course:

Lecture 14 -
Cryptarithms by LEDGE
Lecture 15 -
Statistical Methods (Sinkov, Kullback, Friedman)
Lecture 16 -
Transposition
Lecture 17 -
Transposition
Lecture 18 -
Fractionation, Advanced Monome - Dinome Systems
Lecture 19 -
Law and Politics of Cryptography
Lecture 20 -
Cipher Exchange Systems
Lecture 21 -
Cipher Exchange Systems
Lecture 22 -
Modern Crypto-Systems, Double Key Cryptography,
Cipher Machines, PGP and PGPphone, Diamond
Cipher Family
Lecture 23 - Volume I and II References / Resources, Index to
Volume II Lectures 11 - 22. Table of Figures,
Table of Tables; Presentation of Certificates of
Achievement to my Students and Grateful Thanks
form LANAKI!

LEDGE has done a marvelous job on the Cryptarithms section. I

will leave open a slot for him if he consents to a third
Lecture. Expect Lecture 23, which is devoted to Resources
and References, to be more than 125,000 bytes download.
Several of our class are helping out with an extra set of
eyes, to correct my atrocious typing and other errors caused
by crossing the different E-Mail gateways. I thank them for
their valued help.

IMPROVING CRYPTOGRAPHIC SECURITY IN POLYALPHABETIC SYSTEMS

The last two chapters have explored the effects of repeating

key ciphers and the periodicity that occurs in them.
Establishing the period opens the wedge for solution of this
type of cipher system. The difficulty of solution is related
to the number of cipher alphabets employed and their type.

Two procedures suggest themselves to improve the crypto-

graphic security of these systems. First, we can increase
the length of the key. This is akin to what we do with
modern public key systems. Second, since the first step in
solution of a Viggy or other polyalphabetic cipher is to
establish the period, hence the number of alphabets employed,
we can eliminate the periodicity, and therefore eliminate the
cryptanalyst's attack.
APERIODIC CIPHER SYSTEMS

What is the real nature of periodicity in polyalphabetic

substitution systems? How do we remove periodicity from
ciphers?

We understand the cyclic and repeating nature of a keyword

based periodic system. However, we have taken for granted
that the keying element acts on constant-length plain text
groupings. If this were not true, there would not be any
external manifestation of periodicity, despite the repetitive
or cyclic use of a constant-length key. The key is of a
constant or fixed character.

Two approaches for eliminating or suppressing periodicity

come to bear: 1) by using constant-length keying units to
encipher variable-length plain-text groupings or 2) by using
variable-length keying units to encipher constant-length
plain-text groupings.

In cases of encipherment by constant-length groupings, the

apparent length of the period (found by factoring) is a
multiple of the real length and the multiple corresponds to
the length of the groupings, i.e. the number of plain-text
letters enciphered by the same key letter. Periodicity still
exists because in every system studied so far both the keying
units and the plain-text groupings are constant in length.

EFFECT OF VARYING THE LENGTH OF PLAIN-TEXT GROUPINGS

Lets assume that the keying units are kept constant and vary
the plain-text groupings. The effect is to suppress
periodicity, even though the key may repeat itself many times
in the cryptogram. This is true unless the law governing the
variation in plain-text groupings is itself cyclic in
character, and the length of the message is at least two or
more times that of the cycle applicable to this variable
grouping. [FRE3]

For example we encipher the following message using the

keyword SIGNAL, but divide up the plain-text into groups:

S I G N A L S I G N A L S I G
1 12 123 1234 12345 1 12 123 1234 12345 1 12 123 1234 12345
C OM MAN DING GENER A LF IRS TARM YHASI S SU EDO RDER SEFFE
Q UW UGT KFAH UWNWJ L HN ARQ NGPU PGNVF I TR OPE RFER OCBBC

N A L S I G N A L S I G N A L
1 12 123 1234 12345 1 12 123 1234 12345 1 12 123 1234 12345
C TI VET WENT YFIRS T AT NOO NDIR ECTIN G TH ATT ELEP HONES
L HS QHS WOFZ KDARQ N NU NMM YIDU OQZKF C NZ NUU WPWL EXYHT

S I G N A L S I
1 12 123 1234 12345 1 12 123...
C OM MAS WITC HBOAR D SC OMM...
Q UW UGO RFUL TZMAJ I AQ UWW...
 Cryptogram

QUWUG TKFAH UWNWJ LHNAR QNGPU PGNVF ITROP ERFER

OCBBC LHSQH SWOFZ KDARQ NNUNM MYIDU OQZKF CNZNU
UWPWL EXYHT QUWUG ORFUL TZMAJ IAQUW W...

The cipher text above shows a tetragraphic and a pentagraphic

repetition. The two occurrences of QUWUG (COMMA) are
separated by an interval of 90 letters, the two occurrences
of ARQN (=IRST) by 39 letters. The former is the true
periodic repetition measured in grouping cycle rather than
letters. The interval is the product of the keying cycle of
6 by the grouping cycle of 15. The latter repetition are
produced by the same key letters I and G but do not have the
same enciphering points and is considered a partial periodic
as opposed to a completely periodic type.

Kasiski analysis focuses on the intervals between repetition

letters and developing factors which indicate the number of
cipher alphabets employed. We also can study the interacting
cycles that produce the intervals directly. If we look at
the above as counting according to groupings and not
according to single letters, the two pentagraphs QUWUG are
separated by an interval of 30 groupings. The separation of
30 key letters is made up of a key 6 letters in length and
has gone through 5 cycles. So 30 is the product of the number
of letters in the keying cycle (6) times the number of
different-length groupings in the grouping cycle (5).

Friedman describes a clever little cipher system based on a

lengthy grouping cycle which is guided by a key of its own.
We can use the number of dots and dashes contained in the
International Morse signals for the letters composing the
phrase DECLARATION OF INDEPENDENCE. Thus, A(._) has 2,
B(_...) has 4, and so on. So:

D E C L A R A T I O N O F I N D E P E N D E N C E
3 1 4 4 2 3 2 1 2 3 2 3 4 2 2 3 1 4 1 2 3 1 2 4 1

The grouping cycle is 3+1+4+4+.., or 60 letters long. If the

same phrase is used as the enciphering key (25 letters) the
complete period of the system would be the least common
multiple of 25 and 60 or 300 letters. The length of the
complete period is the least common multiple of the two
component or interacting periods.

One drawback - the variable factor introduced above is

subject to a law which itself is periodic in character.

SOLUTION OF SYSTEMS USING CONSTANT-LENGTH KEYING UNITS TO

ENCIPHER VARIABLE-LENGTH PLAIN-TEXT GROUPINGS

APERIODIC GROUPINGS ACCORDING TO WORD LENGTHS

The simplest way to introduce aperiodicity is to encipher our

message by actual word lengths. Although the average number
of letters composing words of any alphabetical language is
fairly constant, successive words comprising plain text vary
a great deal in this respect, and the variation is subject to
no law. In English, the mean length of words is 5.2 letters
but the words may contain from 1 - 15 or more letters;
successive words vary in length in an extremely irregular
manner, no matter how long the text is.

The use of word lengths for determining the number of letters

to be enciphered by each key letter of a repetitive key
seems more secure than it is. The reasoning goes something
like this: if there is no periodicity in the cryptogram, how
can the letters of the cipher text, written in groups of five
letters be distributed into their respective monoalphabets.
If the first step is foiled, how can the cryptograms be
solved? The answer: using a variation of the completion of
the plain component sequence method discussed under the
monoalphabetic cipher cracking.

SOLUTION WHEN DIRECT STANDARD CIPHER ALPHABETS ARE EMPLOYED

Since the individual separate words of a message are

enciphered by different key letters, these words will
reappear on different generatrices of the diagram.

Given:

T R E C S Y G E T I L U V W V I K M Q I R X S P J
S V A G R X U X P W V M T U C S Y X G X V H F F B
L L B H G.

First step: Run down the first 10 letters for a clue.

T R E C S Y G E T I
U S F D T Z H F U J
V T G E U A I G V K
W U H F V B J H W L
X V I G W C K I X M CAN YOU GET
Y W J H X D L J Y N
Z X K I Y E M K Z O
A Y L J Z F N L A P
B Z M K A G O M B Q
C A N L B H P N C R
D B O M C I Q O D S
E C P N D J R P E T
F D Q O E K S Q F U
G E R P F L T R G V
H F S Q G M U S H W
I G T R H N V T I X
J H U S I O W U J Y
K I V T J P X V K Z
L J W U K Q Y W L A
M K X V L R Z X M B
N L Y W M S A Y N C
O M Z X N T B Z O D
P N A Y O U C A P E
Q O B Z P V D B Q F
R P C A Q W E C R G
S Q D B R X F D S H
We place these over the first ten cipher letters to backout
the keying letters of R E A. We can either set up the
remaining letters of the message on a sliding normal alphabet
scale or assume various keywords such as READ, REAL, REAM.
The completed solution is:

R E A D E R

C A N Y O U G E T F I R S T R E G I M E N T B Y
T R E C S Y G E T I L U V W V I K M Q I R X S P

S D I G E S

R A D I O O U R P H O N E N O W O U T O F
J S V A G R X U X P W V M T U C S Y X G X

C O M M I S S I O N
V H F F B L L B H G. Key = READERS DIGEST

The slide is very quick. We place the C(1) over T(2) and
back out the index A(1) over the Key letter R(2). For the
second group the Y(1) over C(2) will back out the A(1) over
E(2). If reversed standard alphabets are employed we either
convert the cipher letter to normal alphabets or employ the
reverse alphabet slide. The slides, if not out of stock,
referred to are available from ACA for about $3. It may be
used to aid solutions for the entire Viggy family.

SOLUTION WHEN ORIGINAL WORD LENGTHS ARE RETAINED IN THE

CRYPTOGRAM

Given the enciphered message:

DIVISION
12324256
XIXLP EQVIB VEFHAPFVT RT XWK PWEWIWRD XM NTJCTYZL

BATTALIONS ARTILLERY
1233245678 123455627
OAS XYQ ARVVRKFONT BH SFJDUUXFP OUVIGJPF ULBFZ

OCLOCK
123124
RV DKUKW ROHROZ.

We crack the above using Idiomorphs and "Probable Word"

analysis.

We note the Idiomorphs and use the Cryptodyct or TEA:

1) 12324256 = 32426 (8) = DIVISION

PWEWIWRD

2) 1233245678 = 3328 (10) = BATTALIONS

 ARVVRKFONT
3) 123455627 = 55627 (9) = ARTILLERY
SFJDUUXFP

4) 123124 = 3124 (6) = O'CLOCK

ROHROZ

Using the assumed equivalents a reconstruction matrix is

established on the hypothesis that the cipher alphabets have
been derived from a mixed component against a normal
sequence. Note that O(plain) = R(cipher) in both DIVISION
and OCLOCK, so the same cipher alphabet has been used.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
DIVISION|---------------------------------------------------
OCLOCK | n O P s t v W x Z H D R a u I E f j k
|
BATTA- |---------------------------------------------------
LIONS |R A F K N O T V
|
ARTILL- |---------------------------------------------------
ERY |
|S X D U F J P
|---------------------------------------------------

The interval between letters O and R in the first and second

alphabets is the same at 12, therefore direct symmetry of
position is assumed. We fill in the additional letters
(lower case).

It is a short stretch to find the keyword HYDRAULIC and to

decipher the equivalents based on the HYDRAULIC...Z sequence
against the normal alphabet at any point of coincidence and
completing the plain component sequence. The words of the
message will then reappear on different generatrices. The key
letters may be ascertained and the solution completed. The
first three words are deciphered as follows:

XIXLP EQVIB VEFHAPFVT

----------------------------------
YHYGS KTWHJ WKLAESLW
ZIZHT LUXIK XLMBFTMX
AJAIU MVYJL YMNCGUNY
BKBJV NWZKM ZNODHVOZ
CLCKW OXALN AOPEIWPA
DMDLX PYBMO BPQFJXQB
ENEMY QZCNP CQRGKYRC
RADOQ DRSHLZSD
Ap = Sc SBEPR ESTIMATE
TCFQS
UDGRT Ap = Pc
VEHSU
WFITV
XGJUW
YHKVX
 ZILWY
AJMXZ
BKNYA
CLOZB
DMPAC
ENQBD
FORCE
Ap = Uc

The key for this message is SUPREME COURT and the complete
message is:

ENEMY FORCE ESTIMATED AS ONE DIVISION OF INFANTRY

XIXLP EQVIB VEFHAPFVT RT XWK PWEWIWRD XM NTJCTYZL

AND TWO BATTALIONS OF ARTILLERY MARCHING NORTH

OAS XYQ ARVVRKFONT BH SFJDUUXFP OUVIGJPF ULBFZ

AT SEVEN OCLOCK
RV DKUKW ROHROZ.

In the case of plain component in reverse normal alphabets.

the procedure is the same , except the completion tableaux
is created after the cipher letters are converted into their
plain-component equivalents.

ILLUSTRATION OF THE USE OF ISOMORPHISM

Consider the following cryptogram which has been enciphered

using the primary key word-mixed alphabet of (HYDRAULIC...XZ)
against a normal sequence. I have retained word lengths for
simplicity:

VCLLKIDVSJDCI ORKD CFSTV IXHMPPFXU EVZZ

FK NAKFORA DKOMP ISE CSPPHQKCLZKSQ LPRO

JZWBCX HOQCFFAOX ROYXANO EMDMZMTS

TZFVUEAORSL AU PADDERXPNBXAR IGHFX JXI.

We look at three sets of isomorphs:

1) a VCLLKIDVSJDCI 2) a IXHMPPFXU
b CSPPHQKCLZKSQ b HOQCFFAOX
c PADDERXPNBXAR
3) a NAKFORA
b ROYXANO

Rather than identifying these from a TEA or Cryptodyct

database, we build up the partial sequences of equivalents.
[TEA], [CRYP]

>From 1a and 1b:

V = C, C = S, L = P, K = H, I = Q, D = K, S = L, J = Z
so: VCSLP DKH IQ JZ are constructed.

>From 1b and 1c:

C=P, S=A, P=D, H=E, Q=R, K=X, L=N, Z=B

We find:

CPD SA HE QR KX LN ZB

>From 1a and 1c:

V=P, C=A, L=D,K=E,I=R,D=X,S=N,J=B

and:
LDX VP CA KE IR SN JB

Noting that the three isomorphs may be combined (VCSLP and

CPD make VCSLP..D; the latter and LDX make VCSLP..D...X),
the following sequences are established:

1 2 3 4 5 6 7 8 9 10 11 12 13
1. V C S L P A N D K H . X E
2. I Q . . R
3. J Z . . B

Chain 1 contains exactly 13 letters and suggests a half-chain

is disclosed. the latter represents a decimation of the
original primary component at an even interval.

1 2 3 4 5 6 7 8 9 10
The placement of the letters V . S . P . N . K . suggests a
reversed alphabet; we reverse the half-chain and extend to 26
places as follows:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
E j K N P q S V X z H D r A

23 24 25 26
L i C b

We add the data from the two partial chains (JZ..B and
IQ..R). [Small letters]

The keyword is HYDRAULIC. the full sequence is:

1234567891011121314151617181920212223242526
HYDRAULIC B E F G J K M N O P Q S T V W X Z

We confirm from 2a and 2b that the interval between H and I

is 7; same for O to X and Q and H, and C and M. From
idiomorphs 3a and 3b, the interval between R and N is 13;
which is the same for O and A and Y and K.

We now convert the ciphertext letters into plain-component

equivalents then complete the plain component sequences.

Solution Key: Strike While The Iron is (Hot?)

>From the slide we put A/S which confirms O/S,M/L C/V etc.,

S T R I K
COMMUNICATION WITH FIRST ARTILLERY WILL
VCLLKIDVSJDCI ORKD CFSTV IXHMPPFXU EVZZ

E W H I L E
BE THROUGH CORPS AND COMMUNICATION WITH
FK NAKFORA DKOMP ISE CSPPHQKCLZKSQ LPRO

T H E I
SECOND ARTILLERY THROUGH DIVISION
JZWBCX HOQCFFAOX ROYXANO EMDMZMTS

R O N I S
SWITCHBOARD NO COMMUNICATION AFTER TEN
TZFVUEAORSL AU PADDERXPNBXAR IGHFX JXI.

Four assumptions were made in the above:

1. The actual word lengths were known.

2. The words were enciphered monoalphabetically by
different alphabets, producing isomorphs and lengths
of isomorphs that are known.

3. Repetitions of plain-text words enciphered by

different alphabets, produce isomorphs and the
lengths of the isomorphs are definitely known as a
result of this action.

What if the cryptogram is put in the form of a Patristocrat

with 5-letter-groups?

Take the same problem as above and destroy the word lengths.
The problem is a little more difficult and requires more
trial and error.

VCLLK IDVSJ DCIOR KDCFS TVIXH MPPFX

UEVZZ FKNAK FORAD KOMPI SECSP PHQKC

LZKSQ LPROJ ZWBCX HOQCF FAOXR OYXAN

OEMDM ZMTST ZFVUE AORSL AUPAD DERXP

NBXAR IGHFX JXI.

The 13 letter isomorps are relatively easy to spot:

1. VCLLKIDVSJDCI
2. CSPPHQKCLZKSQ Column ends IQR
3. PADDERXPNBXAR
Number 1 is the "header" and the left-hand boundary is known.
The right hand boundary marked by IQR is fortuitous. Not
knowing the exact length by one or two letters is not fatal
to the solution because we are interested in reconstructing
cipher equivalents not looking up the pattern words.

Isomorphism is not restricted to cases where secondary

alphabets are derived from a primary component sliding
against the normal. It is useful in all cases of
interrelated alphabets no matter what the basis of their
derivation may be. It is second only to the importance of the
"Probable Word" method which has nearly universal
applicability.

SOLUTION OF SYSTEMS USING VARIABLE-LENGTH KEYING UNITS TO

ENCIPHER CONSTANT-LENGTH PLAIN-TEXT GROUPINGS

THE INTERRUPTED KEY CIPHER

Periodicity can also be suppressed by applying variable-

length key groupings to constant length plain-text groups.
One such method is the Interrupted Key Cipher which employs
an irregularly interrupted key sequence, the latter may be of
fixed or limited length and restarting it from its initial
point after the interruption, so that the keying sequence
becomes equivalent to a series of keys of different lengths.

Take the phrase BUSINESS MACHINES and expand it to a series

of irregular-length keying sequences, such as BUSI/BUSINE/
BU/BUSINESSM/BUSINESSMAC/ etc. Three usual schemes for
interruption prearrangement are given by Friedman [FRE3]:

(1) The keying sequence merely stops and begins again at

the initial point of the cycle.

(2) One or more of the elements in the keying sequence

may be omitted from time to time irregularly.

(3) The keying sequence irregularly alternates in the

direction of progression, with or without omission
of some of the elements.

Using an asterisk to indicate an interruption, a sequence of

10 elements might look like this:

Letter No 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Key Element No1-2-3-4*-1-2-3-4-5-6-* -1- 2- 3-*-1- 2- 3
Letter No 17 18 19 20 21 22 23 24 25 26 27 28 29 30
(1) Key Element No-4 -5 -6 -7-* 1 -2 -3 -4 -5 -6 -7 -8 -9 -10
Letter No 31 32 33 34 35
Key Element No_*-1 -2 -3-*- 1 -2

Letter No 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Key Element No1-2-3-*-7-8-9-10-1-2-*-4- 5- 6-*-3- 4- 5- 6
Letter No 17 18 19 20 21 22 23 24 25 26 27 28 29
(2) Key Element No-7 -8 -9-10- 1-*-8- 9- 10 -1-2-* -5 -6 -7-*
Letter No 30 31 32 33 34 35
Key Element No - 9-10 -1-*-5 -6 -7-
 Letter No 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Key Element No1-2-3-4-5-*-4-3-*4-5 -6 -7 -8 -9-10 -1-*-10
Letter No 17 18 19 20 21 22 23 24 25 26 27 28 29 30
(3) Key Element No 9- 8- 7-*-8- 9-10- 1- 2- 3-*-2- 1-10- 9-8-
Letter No 31 32 33 34 35
Key Element No *-9-10- 1- 2- 3

Method three is a key progression direction reversing method

and if their were no interruptions in the key, it could be
handled as a special form of the second method. However,
combined with the second method, it represents a difficult
cryptographic variant.

RETURNING TO THE PRINCIPAL OF SUPERIMPOSITION

If one knows when the interruptions take place in each cycle,

then successive sections of the basic keying cycle in the
three cases may be superimposed. Obviously, if one does not
know when or how the interruptions take place, the then the
successive sections of keying elements cannot be
superimposed. See Table 13-1.

The interruption of the cycle keying sequence practically

takes place according to some prearranged plan, and the three
basic methods of interruption will be described in turn using
a short mnemonic key as an example.

Suppose we agree to interrupt the keying sequence after the

occurrence of a specified letter (called an interruptor-
fancy that). This may be a plain or cipher text letter,
agreed to in advance. Then since in either case their is
nothing fixed about the time of interruption will occur - it
will take place at no fixed intervals - not only does the
interruption become quite irregular, following no pattern,
but also the method never reverts back to one having
periodicity. We have the LANAKI equivalent of a DOOSEY in the
polyalphabetic arena.

We will use the mnemonic key BUSINESS MACHINES and the cipher
alphabet HYDRAULIC...XZ sequence which slides:

1234567891011121314151617181920212223242526
HYDRAULIC B E F G J K M N O P Q S T V W X Z

The keying set is a Viggy, so A(1)/K(2) = P(1)/C(1),

where A is the index, K is the key letter, P is the plain
text letter, C is the ciphertext letter, (1) and (2)
subscripts refer to the top and the bottom slides.

Table 13-1

Method (1)
Keying Element No 1 2 3 4 5 6 7 8 9 10
------------------------------
Letter No 1 2 3 4|
Letter No 5 6 7 8 9 10|
Letter No 11 12 13|
Letter No 14 15 16 17 18 19 20|
Letter No 21 22 23 24 25 26 27 28 29 30|
Letter No 31 32 33
Letter No 34 35

Method (2)
Keying Element No 1 2 3 4 5 6 7 8 9 10
------------------------------
Letter No 1 2 3 - - - 4 5 6 7
Letter No 8 9| - 10 11 12|
Letter No - - 13 14 15 16 17 18 19 20
Letter No 21|- - - - - - 22 23 24
Letter No 25 26|- - 27 28 29| - 30 31
Letter No 32|- - - 33 34 35

Method (3)
Keying Element No 1 2 3 4 5 6 7 8 9 10
------------------------------
Letter No 1 2 3 4 5| - - - - -
Letter No - - 7 6 - - - - - -
Letter No - - - 8 9 10 11 12 13 14
Letter No 15|- - - - -| 19 18 17 16
Letter No 23 24 25|- - - - 20 21 22
Letter No 27 26 - - - - - |30 29 28
Letter No 33 34 35 31 32

PLAIN TEXT LETTER INTERRUPTOR

Let the plain text letter R be designated an interruptor.

Interruption will occur immediately after and R occurs in the
plain text.

Index A(1)
Key K(2) B U S I N E S S M A C H I|B U S|B U S I|B U S I
Plain P(1) A M M U N I T I O N F O R F I R S T A R T I L L
Cipher C(2) B O L Y R P J D R O J K X K J F Y X S X D J U P

Index A(1)
Key K(2) N E|B U S I N E S S M A C H I N E S B U|B U S I
Plain P(1) E R Y W I L L B E L O A D E D A F T E R A M M U
Cipher C(2) S Y I Y D P Y F X U R A F A E N M J J V B O L Y

Index A(1)
Key K(2) N E S S M A C H I|B U S I|B U S|B U S I N E|
Plain P(1) N I T I O N F O R T H I R D A R T I L L E R
Cipher C(2) R P J D R O J K X D G D X G U F D J U P S Y

Index A(1)
Key K(2) B U S I N|
Plain P(1) Y . . . .
Cipher C(2) I

examples: with Index = A

group 1, plain letter 1 = A ; key B ; cipher B

Plain ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher HYDRAULICBEFGJKMNOPQSTVWXZHYDRAULICBEFGJKMNOPQSTVWXZ
*

group 1, plain letter 2 = M ; key U ; cipher O

Plain ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher HYDRAULICBEFGJKMNOPQSTVWXZHYDRAULICBEFGJKMNOPQSTVWXZ
* *
group 1, plain letter 3 = M ; key S ; cipher L

Plain ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher HYDRAULICBEFGJKMNOPQSTVWXZHYDRAULICBEFGJKMNOPQSTVWXZ
* *
group 2, plain letter 1 = F ; key B ; cipher K

Plain ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher HYDRAULICBEFGJKMNOPQSTVWXZHYDRAULICBEFGJKMNOPQSTVWXZ
* *

group 2, plain letter 2 = I ; key U ; cipher J

Plain ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher HYDRAULICBEFGJKMNOPQSTVWXZHYDRAULICBEFGJKMNOPQSTVWXZ
* *

group 3, plain letter 2 = S ; key B ; cipher Y

Plain ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher HYDRAULICBEFGJKMNOPQSTVWXZHYDRAULICBEFGJKMNOPQSTVWXZ
* *

Cryptogram

B O L Y R P J D R O J K X K J F Y X S X D J U P S
Y I Y D P Y F X U R A F A E N M J J V B O L Y R P
J D R O J K X D G D X G U F D J U P S Y I X X X X

Instead of employing an ordinary letter for interruptor, we

can use a low frequency letter like J. Actually any letter,
no matter what frequency level will produce plentiful
repetitions. The only advantage is that the intervals will be
random and therefor suppress (or reduce) periodicity.

INTERRUPTOR CASES

The interruptor problem presents two cases for investigation.

The first is when the system has been used several times and
the cipher alphabets are known. The second case is when the
cipher alphabets are not known but several messages have been
intercepted.

Case 1 - Cipher Alphabets Known, Problem is to find specific

key.

Attack: Probable word. Using probable word ARTILLERY on

previous example, starting from first letter we have:
 Cipher B O L Y R P J D R
Plain A R T I L L E R Y
'Key' B H J Q P I B F U

failed. We move one cipher letter to right with assumed

word. Continued failure until the following:

Cipher S X D J U P S Y I
Plain A R T I L L E R Y
'Key' S I B U S I N E B
* *

We note the BUSINE suggesting BUSINESS. We also note the

interruptor letter R. We use this key part on the first part
of the message with success.

Key B U S I N E S S B U S
Cipher B O L Y R P J D R O J
Plain A M M U N I T I U M T

The last three letters suggest that there is more to the key.
Using Ammunition and back calculating the Key, we find
MA. We use the cipher and the plain back and forth to find
the total key, taking into account the interruptor letter R.

Case 2 - Cipher Alphabets Unknown, Problem is to find both

cipher alphabet and specific key.

Assume that the repetitive key is very long and that the
message is short. Solution is difficult because there are not
enough superimposable periods to help line up the alphabets
to yield monoalphabetic distributions that can be solved by
frequency principles. This is the first step in the
cryptanalytic attack. The superimposed periods essentially
line up the letters in the columns so that the same treatment
has been used to process both plain and cipher components.

Attack: Solution by Superimposition.

The second most important attack on cryptanalytic problems is

the Solution by Imposition. First we need a sufficient number
messages (25 - 30 for English) enciphered by the same key to
work with. It is clear that if we superimpose these
messages, 1) the letters in the respective columns will all
belong to individual alphabets; and 2) a frequency
distribution of the columnar letters can be solved without
knowing the length of the key. In other words, any
difficulties that may have arisen on account of failure to
ascertain the length of the period have been circumvented.
The second step in the solution is by-passed. (3) For a very
long key employed, and a series of messages beginning at
different initial points are enciphered by the same key, this
method of attack can be employed after the messages are
superimposed at the same initial point [done with the help of
the Chi square test]. An example of this will be done in a
later lecture on statistical techniques.
CIPHER TEXT LETTER INTERRUPTOR

If we use a cipher text letter, say Q, as the interruptor, we

find a more difficult case with no significant repetitions
available for superimposition.

Key K(2) B U S I N E S S M A C H I N E S B U S I N E S S
Plain P(1) A M M U N I T I O N F O R F I R S T A R T I L L
Cipher C(2) B O L Y R P J D R O J K X T P F Y X S X B P U U

Key K(2) M|B U S I N E S S M A C H I N|B U S I N E S S M

Plain P(1) E R Y W I L L B E L O A D E D A F T E R A M M U
Cipher C(2) Q H R N M Y T T X H P C R F Q B E J F I E L L B

Key K(2) A C H|B U|B U S I N E S S M A C H|B U S I N E

Plain P(1) N I T I O N F O R T H I R D A R T I L L E R Y
Cipher C(2) O N Q O Q V E C X B O D F P A Z Q O N U F I C

Cryptogram

B O L Y R P J D R O J K X T P F Y X S X B P U U Q
H R N M Y T T X H P C R F Q B E J F I E L L B O N
Q O Q V E C X B O D F P A Z Q O N U F I C x x x x

The attack is first to find the interruptor and then to

recover the plain by method of superimposition. To accomplish
superimposition a statistical test is essential and for this
a good many letters are required.

THE AUTO-KEY CIPHER or AUTOCLAVE CIPHER

The purpose of the Auto-key Cipher or Autoclave Cipher is to

eliminate periodicity and introduce a long key for the entire
message. The Autoclave may be used with the Vigenere,
Variant, Beaufort, Gronsfeld, Porta or the Nihilist
Substitutions' basic principles. The overall picture is the
same; its handling, however, depends on the system involved.
>From a purely theoretical standpoint, we are approximating
the features of a One-Time Pad.

In practice, the Auto-Key is a nightmare. MASTERTON points

out that the slightest difficulty in transmission of cipher
letters destroys the communication. [MAST] Other authors
[ELCY] and [BRYA] and ACA KREWE find the Auto-Key and
Progressive Ciphers a real challenge. There are two possible
sources for successive key letters: the plain text or the
cipher text of the message itself. In either case, the
initial key letter or key letters are supplied by pre-
agreement between the correspondents; after which the text
letters that are to serve as the key are displaced 1,2,3..
intervals to the right, depending upon the length of the
prearranged key.

Lets review the methods.

Plain-text keying using the single letter X:

Index A(1) A1
Key K(2) X N O T I F Y Q U A R T E R M A S T E R . .
Plain P(1) N O T I F Y Q U A R T E R M A S T E R . . .
Cipher C(2) K B H B N D O K U R K X V D M S L X V . . .

Plain-text keying using long phrase TYPEWRITER as initial:

Index A(1) A1
Key K(2) T Y P E W R I T E R|N O T I F Y Q U A R . .
Plain P(1) N O T I F Y Q U A R T E R M A S T E R . . .
Cipher C(2) G M I M B P Y N E I G S K U F Q J Y R . . .

Plain-text keying using divided text [aka Running Key]:

Type PORTA
Key K(2) OFFICERSANDDIRE
Plain P(1) CTORSOFTHELOCAL
Cipher C(2) WEMAEMNKUXZATVN

Cipher text auto key with single letter X:

Index A(1) A1
Key K(2) X K Y R Z E C S M M D W A R D D V O S . . .
Plain P(1) N O T I F Y Q U A R T E R M A S T E R . . .
Cipher C(2) K Y R Z E C S M M D W A R D D V O S J . . .

Cipher text auto key with key phrase TYPEWRITER:

Index A(1) A1
Key K(2) T Y P E W R I T E R|G M I M B P Y N E I . .
Plain P(1) N O T I F Y Q U A R T E R M A S T E R . . .
Cipher C(2) G M I M B P Y N E I G S K U F Q J Y R . . .

Cipher text auto key with key phrase TYPEWRITER using only
the last letter of keyphrase to seed progression:

Index A(1) A1
Key K(2) T Y P E W R I T E R|I B F W I I A T X . . .
Plain P(1) N O T I F Y Q U A R T E R M A S T E R . . .
Cipher C(2) G M I M B P Y N E I B F W I I A T X O . . .

SOLUTION OF CIPHER-TEXT AUTO-KEYED CRYPTOGRAMS WHEN KNOWN

CIPHER ALPHABETS ARE EMPLOYED

Attack: Decipher the message beyond the key letter or key

word portion and then work backwards.

Cryptogram

W S G Q V O H V M Q W E Q U H A A L N B N Z Z M P
E S K D

Write the cipher text as key letters (displaced one interval

to the right) and decipher by direct standard alphabets
yields the following:
Key W S G Q V O H V M Q W E Q U H A A L N B N Z Z M P E S K
Ct W S G Q V O H V M Q W E Q U H A A L N B N Z Z M P E S K D
Plain W O K F T T O R E G I M E N T A L C O M M A N D P O S T

Try the probable word REPORT on the initial group:

Key F O R C E V O H V M Q . .
Cipher W S G Q V O H V M Q . . .
Plain R E P O R T T O R E . . .

A semi-automatic method of solving such a message is to use

sliding normal alphabets and align the strips so that as one
progresses from left to right, each cipher letter set
opposite the letter A on the preceding strip. Take the
letters VMQWEQUHA in the above example and note how the
successive plain text letters of the word REGIMENT reappear
to the left of the cipher letters MQWEQUHA.

SOLUTION OF AUTOCLAVE BY FREQUENCY ANALYSIS

REDUCED REPETITIONS

Repetitions are not as plentiful in the Autoclave Cipher Text

as they are in the Plain text because in this system, before
a repetition can occur, two things must happen simul-
taneously. First the plain-text sequence must be repeated and
second, one or more of the cipher-text letters immediately
before the second appearance of the plain text repetition
must be identical with one or more of the cipher-text letters
immediately before the first appearance of the group. This
can only happen as a result of chance.

ex: Use single key letter X:

Key X C K B T M D H N V H L Y...K D K S J M D H N V H L Y
Plain F I R S T R E G I M E N T T H I R D R E G I M E N T
Cipher C K B T M D H N V H L Y R .KD K S J M D H N V H L Y R

The repeated word REGIMENT has 8 letters but the repeated

cipher text has 9 letters. The plain letter R must be M in
cipher both times. The chances of this are 1/26. In general,
an n-letter repetition in the cipher text, represents an
(n-k) -letter repetition in the plain text, where n is the
length of the cipher-text repetition and k is the length of
the introductory key.

DOUBLETS

Define the 'base letter' as the letter opposite which the key
letter is placed. We also know this as the index. For
convenience, we have chosen A or the initial letter in the
Viggy sequence. When the first key is a single letter, if the
base letter occurs as a plain-text letter its cipher
equivalent is identical with the immediately preceding cipher
letter; there is produced a double letter in the cipher text,
no matter what the cipher component is and no matter what the
key letter happens to be for encipherment.
ex. use HYDRAULIC..XZ sequence for both primary components,
with H, the initial letter of the plain component as a base
letter, and using introductory X as key letter:

Key X J O I I F L Y U T T D K K Y C X G
Plain M A N H A T T A N H I G H J I N K S
Cipher J O I I F L Y U T T D K K Y C X G L

Each time the doublet appears it means the second letter

represents H(plain), which is the base letter in this case
(initial letter of the plain component). If the base letter
happens to be high frequency in normal plain text, say E, or
T, then the cipher text will show a high number of doublets.
The number of doublets is directly proportional to the
frequency of the base letter. If the cryptogram has 1000
letters, we should expect 72 occurrences of doublets, if the
letter was A, and visa-versa. This observation acts as a
check and a guess for new values in the cryptanalysis of the
problem.

When the introductory key is 2 letters, the same phenomenon

will produce groups of the formula ABA, where A and be may be
any letters but the first and the third letters must be
identical. Combine this phenomena with our use of idiomorphs
and we have a powerful wedge into the problem. If we take
BATTALION, it will be enciphered by AABCCDEFG formula. If
the plain component is a mixed sequence and happens to start
with an E, the word ENEMY would be enciphered by AABBCD
formula. Used together, we have a powerful tool to open this
cipher.

AMOUNT OF TEXT REQUIRED FOR FREQUENCY ANALYSIS

The Autoclave cipher essentially shifts the key text or

"offsets" the key by at least one letter to the right of the
cipher text. Every cipher letter which immediately follows
the key letter in the cryptogram is monoalphabetically
distributed. If 26 distributions are made, one for each
letter of the alphabet, showing the cipher letter immediately
succeeding each different letter of cipher text, then the
text will be allocated into 26 monoalphabetic distributions
which can be solved by frequency analysis. To do this
effectively requires at least 680 letters of text. Friedman
details a 6 page long solution by frequency analysis of a
seven message problem which uses the above techniques to good
form. [FRE3]

SOLUTION BY ANALYSIS OF ISOMORPHISMS

Of more interest to me, is when the message is short and does

not have enough letters to solve by frequency analysis.
Isomorphism is a frequent phenomena in the Autoclave cipher
and generally leads to a reasonable solution.

Given the following intercepted cryptograms:

 1.
USYPD TRXDI MLEXR KVDBD DQGSU NSFBO
BEKVB MAMMO TXXBW ENAXM QLZIX DIXGZ
PMYUC NEVVJ LKZEK URCNI FQFNN YGSIJ
TCVNI XDDQQ EKKLR VRFRF XROCS SJTBV
EFAAG ZRLFD NDSCD MPBBV DEWRR NQICH
ATNNB OUPIT JLXTC VAOVE YJJLK DMLEG
NXQWH UVEVY PLQGW UPVKU BMMLB OAEOT
TNKKU XLODL WTHCZ R.

2.

BIIBF GRXLG HOUZO LLZNA MHCTY SCAAT

XRSCT KVBWK OTGUQ QFJOC YYBVK IXDMT
KTTCF KVKRO BOEPL QIGNR IQOVJ YKIPH
JOEYM RPEEW HOTJO CRIIX OZETZ NK.

3.

HALOZ JRRVM MHCVB YUHAO EOVAC QVVJL

KZEKU RFRFX YBHAL ZOFHM RSYJL APGRS
XAGXD MCUNX XLXGZ JPWUI FDBBY PVFZN
BJNNB ITMLJ OOSEA ATKPB Y.

Frequency distributions are made (26 x 26 matrix), based on

the second letters of pairs. The data is relatively scanty
and not promising.

Fortunately, there are several isomorphs available to work

with.

Message 1 (1) D B D D Q G S U N S F B O B E K . . .
(2) N E V V J L K Z E K U R C N I F . . .
(3) T N K K U X O L D L W T H C Z R| end of
message

Message 2 (4) C R I I X O Z E T Z N K| end of message

Message 3 (5) C Q V V J L K Z E K U R F R F X ..

First, it is necessary to delimit the length of the

isomorphs.

We confirm the isomorphs begins with the doubled letters.

There is an E before the VV and within the isomorph. If E
were included, then the letter preceding the DD would be an N
to match its homolog E in the isomorph, which it is not.
The evidence suggests a 10 letter isomorph, because of the
tie in letter Z and the impossibility of 11 letters because
of the recurrence of the letter R in isomorph (5). It is not
matched with the recurrence of R in isomorph (2) nor by the
recurrence of T in isomorph 3.

Applying the principles of indirect symmetry to the

superimposed isomorphs, partial chains of equivalents may be
constructed and most of the primary component can be
established. So:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
T E Z K R . I V F . . . Q . W G . N U S B X J

24 25 26
D O L

The only missing letters are A, C, H, M, P and Y. We apply

decimation on this partial reconstructed alphabet. The
seventh decimation yields results:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
T V W X Z . . D R . U L I . B E F G J K . N O

24 25 26
. Q S

Our old friend HYDRAULIC...XZ returns to the surface.

The plain component turns out to be just a normal sequence.

Plain A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher H Y D R A U L I C B E F G J K M N O P Q S T V W X Z

We assume a single letter key.

Key ? U S Y P W T R X D I M L E X R K V D B D D Q G S
Cipher U S Y P W T R X D I M L E X R K V D B D D Q G S U
Plain ? P H R F Y I V E F I R E O F L I G H T A R T I L ...

Our one letter assumption is wrong.

Key W I C K E R|T R X D I M L E X R K V D B D D Q G S
Cipher U S Y P W T R X D I M L E X R K V D B D D Q G S U
Plain I N T E N S I V E F I R E O F L I G H T A R T I L ...

The first word suggest INTENSIVE coupled with FIRE. Plug it

in and we have a key word of WICKER. The other two messages
are recoverable in the same way.

Key P R O M I S E R X L G H O U Z O ..
Cipher R E Q U E S T V I G O U R O U S
Plain B I I B F G R X L G H O U Z O ....

Key C H A R G E D R R V M M H C V B
Cipher S E C O N D B A T T A L I O N
Plain H A L O Z J R R V M M H C V B

There are always several ways to skin a cat.

COMMANDANT BASSIERES

Both [ELCY] and General Givierge [GIVI] describe the two

processes designed by Commandant Bassieres for solving the
Autoclave cipher. He describes the preliminary process as one
similar to the Kasiski analysis for determining the correct
period. A search is made of the repeated letters standing
exactly the group length interval apart. The single letter
separation upon tabulation will present itself as one of the
predominating periods.

Bassieres has two processes that follow the discovery of the

period. Process 1 for a group length of 7 for instance, would
take the 1st, 8th, 15th 22nd letters and consider them as a
series or columns. The cryptogram is written into seven
columns which permits decipherment straight down the column.
Starting with key letter A the complete first column is
deciphered and checked. Then we use B, C,.. until we have a
good decipherment. Then on to series 2, etc. The Bassieres
process no. 1 sets up the entire 26 possible decipherments
for each series (column) and checks for "good" decipherments.
The form of decipherment reduces to alternating Vigenere and
Beauford groups. Alternate rows in his matrix of solutions
reverse direction with respect to the keys.

Bassieres process no. 2 sets up a trial key of say 7 A's and

this has the effect of introducing periodicity into the
cryptogram at double the key length of the original key.
Solution is based on periodic methods.

Phillip D. Hurst put together some tables to help solve the

plain text keyed auto-key cipher. Where message and key are
made up of ordinary text, both components will be subject to
the 70% high frequency letter consideration - therefor, high
frequency letters in the key and high frequency letters in
the message will be paired again and again as the coeff-
icients of cryptogram letters, so that cryptograms enciphered
with this kind of key must contain a great many letters
caused by this kind of coincidence. Tables 13 -2a,b,c show
Hurst's observations for the Vigenere, Beauford and Porta
ciphers. The alphabet across the top of any table is the
list of possible cryptogram letters, each with its own
column, each column containing only E,T,A,O,N,I,R,S,H and
which if enciphered by another letter from the same group,
would result in the cryptogram letter at the top of the
column. The key is found to the left. Attacks are made on the
second letter as discussed previously. [ELCY]

With Hurst's method the Index A(1) over Key O(2) for plain
O(1) yields cipher C(2) for a Viggy. Hurst's Table 13-2a gets
the answer on the first try.

Table 13-2a
Tables of High Frequency Coefficients for Autoclave
Vigenere

Keys Cipher Letters

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
---------------------------------------------------
E | A E H I N O R S T
T | H I N O R S T A E
A | A E H I N O R S T
O | N O R S T A E H I
N | N O R S T A E H I
I | S T A E H I N O R
S | I N O R S T A E H
H | T A E H I N O R S
R | N O R S T A E H I
6 4 1 - 4 4 4 4 4 2 3 4 3 2 3 2 1 4 4 2 2 6 4 4 2 4

Table 13-2b
Tables of High Frequency Coefficients for Autoclave
True Beaufort/ Variant

Keys Cipher Letters

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A Z Y X W V U T S R Q P O N M L K J I H G F E D C B
---------------------------------------------------
E | E A T S R O N I H
T | T S R O N I H E A
A | A T S R O N I H E
O | O N I H E A T S R
N | N I H E A T S R O
I | I H E A T S R O N
S | S R O N I H E A T
H | H E A T S R O N I
R | R O N I H E A T S
9 4 1 2 4 3 3 3 2 3 3 3 3 4 3 3 3 3 2 3 3 3 3 2 1 4

Table 13-2c
Tables of High Frequency Coefficients for Autoclave
Porta

Keys Cipher Letters

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
---------------------------------------------------
E | R S T N O A E H I
T | N O R S T E H I A
A | N O R S T A E H I
O | N O R S T H I A E
N | T N O R S H I A E
I | R S T N O A E H I
S | N O R S T E H I A
H | R S T N O A E H I
R | N O R S T H I A E
3 3 3 2 4 4 3 2 3 4 6 5 3 4 2 3 4 4 -2 3 3 3 3 3 3 2

C. Stanley Lamb also put out a table of rough estimate of

rank and frequency of letters in cipher text for auto-key
cipher. See Table 13- 3.

Table 13-3

Where Key is a Segment of Ordinary Plain Text

Estimated Rank of Cryptogram Letters and Their Frequency
per 10,000 Letters - from a Table of Ohaver
Vigenere

V A I S ERL WHB XGM FOZ K N T P U J Y C Q

344 314 304 296 intermediate 150112 84 84 84 72 72 64 49

Beaufort and
Variant

A N E W O M Z BQKJRTHVFGUDX P L S I YC
480 262 246 246 196 196 191 intermediate 121 121 104 104 57

Porta

K N L E RMF TWP UYQ XGC AVI BJZ D H O

329 300 282 275 intermediate 132 113 97

SOLUTION OF PLAIN-TEXT AUTO-KEY SYSTEMS

Plain text auto-keying presents a different problem. So let

me stop dancing and get on with the challenge. The mechanics
of this method disclose that a repetition of n letters
produces a repetition of (n-k) letters in the cipher text.
When an introductory key is k letters in length then an n-
letter repetition represents an (n+k) -letter repetition in
the plain text. If key k equals 1, then there will be as
many repetitions in the plain as in the cipher text except
for true digraphic repetitions which disappear.

SINGLE KEY LETTER CASE

Look at the following plain-text encipherments of common

military terms: COMMANDING, BATTALION, DIVISION, CAPTAIN.

Key . B A T T A L I O N
Plain B A T T A L I O N .
Cipher . B T M T L T W B .

Key . C O M M A N D I N G
Plain C O M M A N D I N G .
Cipher . Q A Y M N Q L V T .

Key . D I V I S I O N .
Plain D I V I S I O N
Cipher . L D D A A W B

Key . C A P T A I N
Plain C A P T A I N .
Cipher . C P I T I V .

Five observations:

1. The cipher equivalent of A(plain) is the plain text

letter immediately preceding A(plain).

2. A plain-text sequence of the general formula ABA yields

a doublet as a(cipher) equivalent of the final two
 letters; see IVI OR ISI in DIVISION.

3. Every plain-text trigraph having A(plain) as its central

letter yields a cipher equivalent the last two letters
of which are identical with the initial and final
letters of the plain-text trigraph; see MAN in
COMMANDING.

4. Every plain-text tetragraph having A(plain) as the

initial and the final letter yields a cipher equivalent
the second and fourth letters of which are identical
with the second and third letters of the plain-text
tetragraph; see APTA in CAPTAIN or ATTA in BATTALION.

5. For a single letter initial key, a repetition of n

plain-text yields an (n-k) sequence of cipher letters.
The simplest method of solving this type of cipher is by
means of the probable word.

Message 1

B E C J I B T M T L T W B P Q A Y M N Q H V N E T
B A T T A L I O N
W A A L C

The sequence BTMTLTWB fits the isomorph Battalion and we

insert on the cipher text. We proceed backward and forward

B E C J I B T M T L T W B P Q A Y M N Q H V N E T
E A C H B A T T A L I O N C O M M A N D E R W I L

W A A L C
L P L A C

CRITICAL REVIEW

Masterton was right in his negative assessment of the Autokey

or Autoclave cipher. Both cipher text and plain text
versions have serious weaknesses which exclude them from
practical or military use. They are slow to work with, prone
to serious/disabling error and they can be solved even when
unknown cipher alphabets are employed.

Recognition is not an issue. In both systems there are

characteristics which permit of identifying a cryptogram as
belonging to this class of substitution. Both cases show
repetitions in the cipher text. In cipher text autokeying
there will be far fewer repetitions than in the original
plain text, especially when introductory keys of more than
one letter in length are employed. In plain text autokeying
there will be nearly as many repetitions in the cipher text
as in the original plain text unless long introductory keys
are employed. In either system the repetitions will show no
constancy as regards intervals between them, and a uniliteral
frequency distribution will come up as a polyalphabetic.
Cipher text autokeying may be distinguished from its sister
by the appearance of the frequency distributions of the
second number of sets of two letters separated by the length
of the introductory key. In the case of cipher text auto-
keying these frequency distributions will be monoalphabetic
in nature; its plain text keying sister will not show this
characteristic.

EXTENDING THE KEY

We have looked at ciphers that suppress/destroy the

periodicity, interrupt the key, and used variable lengths for
grouping of plain text. We can also lengthen the key to the
point where it provides insufficient text to decipher.

We can select a phrase from a book, a long mnemonic or long

numerical key. However, any method of transposition applied
to a single alphabetic sequence repeated several times will
yield a fairly long key which approaches randomness. Another
method of developing a long key from a short mnemonic one is
shown below:

Mnemonic Key C H R I S T M A S
Numerical Key 2-3-6-4-7-9-5-1-8

Extended key
1 2 3 4 5 6 7
C H R I S T M A|C|CH|C H R I|C H R I S T M|C H R|C H R I S|
8 9
C H R I S T M A S|C H R I S T|

The original key was 9 letters and the extended one is 45

letters.

Another popular method is to take the reciprocal like 1/49

which has many digits = .02040815... as the interruptor for
the key. 0 means use the first letter then use the next
numbers as seeds to how many letters are to be enciphered.

RUNNING KEY CIPHER

The Running Key, aka Continuous Key, or Non Repeating Key

systems in which the key consists of a sequence of elements
which never repeats no matter how long the message to be
enciphered happens to be. Once though indecipherable, this
cipher is subject to the probable word attack and
cryptanalysis when several messages with the same or
superimposable initial keys are intercepted.

PROGRESSIVE KEY CIPHER

The basic principle is quite reasonable. Two or more primary

elements are arranged or provided for according to a key
which may be varied; the interaction of the primary elements
results in a set of cipher alphabets; all the latter are
employed in a fixed sequence or progression. If the number
of alphabets is small, the text relatively long, this reduces
to a periodic method.

The series of cipher alphabets in such a system constitutes

the keying sequence. Once set up, the only remaining element
in the key for a specific message is the initial cipher
alphabet employed. If the keying system is used by a large
group of correspondents, and employ the same starting point
in the message, the cipher will fall to superimposition.

The probable word method still remains the best attack on

this cipher. Suppose a cipher message contains the sequence
HVGGLOWBESLTR.. and suppose we assume that the phrase THAT
THE is in the key text, and find the plain text MMUNITI..

Assumed Key Text . T H A T T H E

Cipher Text . H V G G L O W B E S L T R . . .
Resultant Plain Text . M M U N I T I

This suggests the word AMMUNITION. The ON in the cipher text

then yields PR as the beginning of the word after THE in the
Key Text.

Assumed Key Text . T H A T T H E P R

Cipher Text . H V G G L O W B E S L T R . . .
Resultant Plain Text . M M U N I T I O N

PR must be followed by a vowel, perhaps O. The O yields W

which may suggest WILL yielding OTEC.

Assumed Key Text . T H A T T H E P R O T E C . . .

Cipher Text . H V G G L O W B E S L T R . . .
Resultant Plain Text . M M U N I T I O N W I L L . . .

This suggests the words PROTECTION, PROTECTIVE, PROTECTING,

etc. We coerce a few letters in each direction.

When we have multiple messages, we can superimpose them

assuming the correct reference point. Correct super-
imposition with reference to the key text will provide the
addition of two to three letters to the key and assumptions
for words in several messages. This leads to the assumption
of more letters, etc.

SOLUTION OF A PROGRESSIVE-ALPHABET CIPHER WHEN CIPHER

ALPHABETS ARE KNOWN

Use the cipher alphabet HYDRAULIC..XZ sequence sliding

against itself continuously producing secondary alphabets in
1 - 26. Starting with alphabet 1:

Plain HYDRAULICBEFGJKMNOPQSTVWXZHYD ...

Cipher HYDRAULICBEFGJKMNOPQSTVWXZ

Letter 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Alpha 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Plain E N E M Y H A S P L A C E D H E A V Y I N
Cipher E O G P U U E Y H M K Q V M K Z S J Q H E

Letter 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
Alpha 22 23 24 25 26 1 2 3 4 5 6 7 8 9 10 11 12 13
Plain T E R D I C T I O N F I R E U P O N
Cipher N L H H L C V B S S N J E P K D D D

Letter 40 41 42 43 44 45 46 47 48 49 50 51 52 53
Alpha 14 15 16 17 18 19 20 21 22 23 24 25 26 1
Plain Z A N E S V I L L E R O A D
Cipher G P U H F K H H Y L H M R D

This method reduces to a periodic system involving 26

secondary alphabets and used in simple progression. The 1st,
27th, 53rd letters are in the 1st alphabet; the 2nd, 28th,
54th are in the 2nd alphabet and so on.

Solving the above, knowing the two primary components is not

too difficult. We lack only the starting point. The solution
becomes evident by completing the plain component and
examining the diagonals of the diagram, the plain text
becomes evident. Try:

Given: H I D C T E H U X I ; We complete the plain

component sequences initiated by successive cipher letters,
the plain text E N E M Y M A C H I is seen to come out in
successive steps upwards in Figure 13-1. Had the cipher
component been shifted in opposite directions during
encipherment, the plain text would be visible downward on the
diagonal. If the sliding strips had been set up according to
the sequence of cipher letters on the diagonal, then the
plaintext would be seen as one generatrix.

GENERAL SOLUTION FOR CIPHERS INVOLVING A LONG-KEYING SEQUENCE

OF FIXED LENGTH AND COMPOSITION

No matter how the keying sequence is derived, if all the same

correspondents employ the same key, or if this key is used
many times by a single office, and if it always begins at the
same point, the various messages can be solved by
superimposition. If there are sufficient messages than the
successive columns can be solved by frequency analysis. This
holds no matter how long the keying sequence and regardless
of whether the keying sequence is intelligible or random
text.

If the messages do not start at the same point, then we must

find a tie element to line up the columns. The tie element is
similar to the chemical engineering principle of material
balance and provides a stable point for the text to be
anchored for analysis. Find one 5 letter polygraph that is
common to two messages and align the messages for super-
imposition based on their position. Next we find a smaller
tie group of say 4 letters and tie the second message with a
third. We can extend the process to trigraphs or even
digraphs between the messages. The first step then is to
examine the messages for repetitions. If there are enough
we can use the probable word method to set up plain - cipher
equivalencies and to reconstruct the primary components.
[FRE3]

Figure 13-1

H I D C T E H U X I
Y C R B V F Y L Z I
D B A E W G D I H C
R E U F X J R C Y B
A F L G Z K A B D E
U G I J H M U E R F
L J C K Y N L F A G
I K B M D O I G U J
C M E N R P C J L K
B N F O A Q B K I M
E O G P U S E M C N
F P J Q L T F N B O
G Q K S I V G O E P

ANALYTICAL KEY FOR LECTURES 10 - 13

--------------------------
. POLYALPHABETIC CIPHERS .
-------------------------
| |
------------------- -------------------
| PERIODIC SYSTEMS | | APERIODIC SYSTEMS |
------------------- -------------------
. .
. .
. II
.
.
.
............................
. . .
---------------- . --------------
. Repeating Key. . . Progressive .
. Systems . . . Alphabet .
. . . . Systems .
---------------- . --------------
. ............................
 . ---------------
. . Enciphered .
. .. .. Numerical .
. Systems .
--------------
|..........|
----------- --------------
. Additive . . Subtraction .
----------- -------------

|----------------------|-----------------------|
| | |
----------- ---------- ----------
.Monographic. .Digraphic . .N-Graphic .
----------- ---------- ----------
. ...e
.
.................................
. .
---------------- ---------------
. Interrelated . . Unrelated .
. cipher . . cipher .
. alphabets . . alphabets .
---------------- ----------------
.
............................
. .
---------------- ---------------
. Standard . . Mixed .
. Alphabets . . alphabets .
. . . ...a
---------------- ----------------
..............................
. .
---------------- ---------------
. Direct . . Reversed .
. Standard . . Standard .
---------------- ----------------

a..........................................
. .
---------------- ---------------
. One component . . Both components .
. mixed . . mixed .
---------------- ----------------
. .
. .
b c

b.......
.
.
............................
. .
---------------- ---------------
. Normal . . Normal .
. plain . . cipher .
 . component . . component .
---------------- ----------------

c....
......................................
. .
---------------- ---------------
. Identical . . Different .
. components . . components .
---------------- ----------------
.
.
.
.

............................
. .
---------------- ---------------
. Sequences . . Sequences .
. proceed in same. . proceed in .
. direction . . different .
---------------- . directions .

e......
.
.... ............................
. .
---------------- ---------------
. Related . . Unrelated .
. Digraphic . . Digraphic .
. encipherment . . encipherment .
---------------- ----------------

II
.
-------------------
| APERIODIC SYSTEMS |
---------.---------
. . . .
--------------------------- . . . .
. Constant Length Keying .. a b c
. Units on Variable Length .
. Plain Text Groups .
---------------------------
. .
. .
| ------------ | | ----------|
| Word Lengths | | Non-Word |
| ------------ | | Lengths |
. |-----------|
. .
. ....................................
 . .
--------------------------- ------------------------
. Original Plain Text Groups . . Original Plain Text .
. retained in Cryptograms . . Groupings not retained .
---------------------------- . in Cryptograms .
------------------------

a
.
.
-----------------------------------------
. Variable-length keying units encipher .
. constant length plain-text .
. groupings. .
-----------------------------------------
.
............................
. .
---------------- ---------------
. Interruptor . . Interruptor .
. plain text . . cipher text .
. letter . . letter .
---------------- ----------------

b
.
.
----------------------
. Auto Key Systems .
----------------------
.
.
............................
. .
---------------- ---------------
. Cipher Text . . Plain Text .
. auto keying . . Auto Keying .
. systems . . systems .
---------------- ........... ----------------
.
............................
. .
---------------- ---------------
. Introductory . . Introductory .
. key is a . . key is a word .
. single letter. . or phrase .
---------------- ----------------

c
.
.
-------------------------------
. Systems Using Lengthy Keys .
-------------------------------
 .
.
............................
. .
---------------- --------------
. Running Key . . Progressive .
. systems . . Key systems .
---------------- ---------------

LECTURE 12 SOLUTIONS

Thanks to DAVLIN & DR FOX-G for their solutions for Lecture

12 problems:

12.1 Nihilist Substitution

When you are doing your addition and subtractions, work
carefully to avoid mistakes.

Keywords: CAREFUL, GUIDANCE

12.2 Nihilist Substitution

Perseverance is the mark of a true cryptogram addict.
Be patient and you can do it.

Keywords: SOLVE, CRYPTFANS

12.3 Porta
Conservative scientists have predicted the end of change at
various times but they have always been proved wrong.

Keyword: CHANGE

12.4 Porta
In a leisure society constant rebuilding of your own home to
your own taste, filling it with personal ingenuities and bold
signs might become the fashionable thing to do.

Keyword: EQUALITY

12.5 Portax
Thank you for your letters and suggestions for the Novice
Notes series. Keep them coming. (signed) LEDGE

Keyword: THANKS

12.6 Portax
Now, that the new year has come, might be the time to realize
that even the best resolutions are meant to be broken.

Keyword: BROKEN
12.7 Gromark
The crazy person says "I am Abraham Lincoln" and the neurotic
says "I wish I were Abraham Lincoln" and the healthy person
says "I am I and you are you". Frederick Perls

Keyword: Neurotics

LECTURE 13 PROBLEMS

13-1 Beaufort

ABRVJ UTAMP YPLHZ OZYAP YPJNP KNXUG

QRDPC ELPNC BVCEF NLLSJ LGOWC VYCGA
EVGIX XNDKY U. (butter) (INWVQH)

13-2 Vigenere.

DWNIT KGEWZ ENJQZ WXLLZ WZOKC ETOWI NXVQS

DQGAK MGGBH NAMWE OWVAM UJDVQ IMDSB VCCTR
YUIQX. (making, UHVW)

13-3 Vigenere Running Key

YPOSC DWVWY CCHZT AKALF I. (tolls -2)

13-4 Vigenere Progressive key. "Fungi"

IPGPUPX GTIAKNP AMEHLAW SJSTROZ TCGYUND STNPJZM

OESWAXG VLHSPZC GNEIWHP EKHNOWW PMEQFVV PDQAWCA
GGFRKSO RCHZVKL NBWHYBV CUNBBBB AVGCJFA FLTMKUV K.

REFERENCES / RESOURCES

I will issue additional references/resources at a later

Lecture to conserve mailing costs and reduce file download
size.
 CLASSICAL CRYPTOGRAPHY COURSE
BY LANAKI

September 11, 1996

Revision 0

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 18

LEDGE'S INTRODUCTION TO CRYPTARITHMS III

SUMMARY

It is again my distinct pleasure to present our guest

lecturer LEDGE's (Dr. Gerhard D. Linz) third and final
lecture on the interesting topic of Cryptarithms. In
this lecture, he covers Multiplication, Multiplicative
Structures, Base 11 and Base 12 calculations. LEDGE
natural writing style, and talent for making under-
standable some difficult concepts, makes this lecture
strong indeed. LEDGE has already produced one of our
better references on novice cryptography, and I
sincerely appreciate his assistance in our course.
Enjoy. [LEDG]

NOMENCLATURE AND SYMBOLS

Lecture 15 included addition and multiplication tables

as well as digital squares and cubes for bases 10
through 16. For the additional numerical symbols
required for these bases above ten, it used A to
represent ten, B for eleven, C for twelve, D for
thirteen, E for fourteen and F for fifteen as needed. In
lecture 14 we used t for ten and e or E for eleven, the
t for bases 11 and 12 and e for base 12. That has been
the custom in the Cryptarithm column in The Cryptogram.
We will continue the latter usage in this lecture. The
usage in lecture 15 has the virtue of consistency as,
for instance, A is used for ten in all the higher bases.
Once understood, the tables should occasion no
difficulty. Furthermore, base 16 was called
"Sexdecimal." Those of you knowing some computer
programming recognize it as "Hexadecimal."
As we are restricted to ASCII symbols, we will be using
"*" as the symbol for multiplying and "**" for exponen-
tiation. Thus 3 * 4 is three times four and 4**3 is four
raised to the third power or four cubed.

INTRODUCTION

In this lecture we will be looking at some more complex

cryptarithms: those involving roots of 2 and higher in
bases higher than 10, exponentiation, and base 10
problems that give minimal clues and require more of
what is called brute force methods. To aid our
understanding of cube roots we will first revisit square
root arithmetic to gain a deeper understanding of what
that procedure involves.

SQUARE ROOTS

First, let's look at the extraction of a square root

using numbers rather than letters but presented in the
same form as a cryptarithm problem.

1 9 4 1
___________
V 3'76'85'04
-1
----
2 76
-2 61
-------
15 85
-15 36
--------
49 04
-38 81
-----
10 23

The difference in this presentation as compared with

that in the first cryptarithm lecture is that we do not
have the numbers at each level that were multiplied by
their respective digits in the answer. Thus after the
first level we see that 261 is to be subtracted from
276, but we do not know that it resulted from the
product of 9 times (20 * 1) + 9 or as we pointed out
before, b * ((20 * a) + b).

If you look closely at the process of extracting this

square root, you will see that it is a process of
continual refinement of the trial square root by
subtracting the increment added to the square of the
trial root successively from the original number. Having
marked off every two digits starting at the decimal
point, the process starts off with an approximation
using only the leftmost or highest order digits of the
original number and subtracts the highest number that
could be the square root of that digit or digits. In
this case the highest order digit(s) in the number is
the digit 3. It's square root is between 1 and 2.
Because the square of the root should not exceed the 3,
we choose the number 1 as the first digit of the
root and subtract it's square from 3.
Then we pull down the next pair of digits, 76. Now we
need to estimate the root of 376. For that we need a
second digit to the left of the 1. If we call the
first digit "a" and the second digit "b", we want the
highest possible number such that (a + b)**2 does not
exceed 376.

Unless you are aware of it, you may not have recognized
that the number 1 in the quotient is no longer just
itself. It has become the highest order digit of a two
digit number. That means that it has become a ten. The
square that we are looking for has become:

(10a + b)**2

If you remember your algebra, you will remember that

when we expand this expression we get:

100a**2 + 20a*b + b**2

But 100a**2 is the square of the first number in the

trial root. We have already subtracted it from the
number for which we computing the square root and we
don't want to subtract it again. Hence we need the
number (10a + b)**2 - 10a**2 the incremental difference
b makes. In this case since b = 9, we would need to
compute 19**2 - 10**2 giving us 361 - 100 = 261,
and that is just the number below the 276. If you have a
calculator you can use (no, it isn't cheating), you can
perform that arithmetic process quickly and painlessly.

Having subtracted the 261 from 276, we bring down the

next pair of digits, the 85. Now we need the highest
root of 37685. It's at least 190 and no more than 199.
The example suggests 4 as the next trial digit. Now a =
190 and b = 4. We have to calculate the value of 194**2
- 190**2. You can see the value of having a calculator
here. It computes to 1536 which we can subtract from
1585 nicely. It's not too large or too small.

Now look what's happened from this viewpoint. We have

subtracted successively 10,000, 26,100, and 1,536 from
37,685. Those first three subtractions total 37,636
which, when subtracted from 37,685, leaves a remainder
of 49. You might also have noticed that 37,636 is the
square of 194.

There is one more detail to notice. In each subtraction

the units digit of the subtracter is the same as the
units digit of the square of the trial root digit b with
which we are working. 9**2 = 81 or 1 mod 10, the units
digit of 251. 4**2 = 16 or 6 mod 10, the units digit of
1536. If you are puzzled by that, look at how we came to
those subtracters. Except for the square of the trial
digit, all other products involve "a" which ends
with zero!

A DUODECIMAL SQUARE ROOT

Now let's solve the duodecimal square root problem, C-6,

in the May-June, 1996, issue of The Cryptogram. It's by
ARIES and has a key that is two words, 0 - E.

Here is the problem:

N N C
________
VON'LY'IF
CT
-----
IA LY
IB TT
--------
I SL IF
I RB OT
-----
II SC

1) Try to spot zero. Failing that, list all the letters

that cannot represent zero. The highest order digits
of the numbers cannot be zero. Numbers in the
quotient that produce non-zero subtracters cannot be
zero. So far, then, N, C, O and I are not zero. Next
look for numbers. either units digits that are not
zero or differences of zero. That adds T, L and A to
the list. Finally, add S from the last subtrahend,
ISLIF, since R is subtracted from it and does not
(cannot produce a carry to the next higher digit.
That leaves B, F, R and Y as the only candidates for
zero. Although the letter representing zero has not
been identified conclusively, the information so far
recovered will prove useful.

2) Next notice the units digit of the squares in the

root, The units digits of N**2 and C**2 are both T.
None of digits are zero. None of the squares unit
digits are N or C. Finally, both squares have the
same units digit. We know that N**2 is a two digit
number. Considering the length of the last of the
last subtracter, five digits, it is reasonable to
hypothesize that C**2 is also a two digit number. Now
look at the table of duodecimal squares given in
Lecture 15 with special attention to the two-digit
ones:

N 5 6 7 8 9 t e
n**2 21 30 41 54 69 84 t1

The squares of 6 and 9 do not meet the conditions - T is

not zero and a square cannot end with the digit that is
its root.

3) Now the subtracter, IBTT, can be calculated.

N(12) NN(12) NN(10) NN**2(10) N0**2(10)diff(10) diff(12)

5 55 65 4225 3600 625 441
...
8 88 104 10816 9216 1600 e14
t tt 130 16900 14400 2500 1544

The first column is the estimated value of the digit N.

The number in the parentheses is in each instance the
base, here 12. The next column is the entire trial root
base 12, NN, here 55. That's converted to base 10 in
the next column (5*12 + 5). In the next column that last
number is squared. The fifth column reports the base 10
square of a, 50 base 12 or 60 base 10. The next column
reports the difference of the two squares base 10. The
final column is the base 12 equivalent of the
difference. We compute the base 12 equivalent by
successive division of the base 10 number by 12 as
follows:

12/625
***
12/52 r1 625 = 52*12 + 1
**
4 r4 625 = 4*12**2 + 4*12 + 1

Starting with the last quotient and appending each

remainder from the last in turn to the first produces
441 as the proposed base 12 value of IBTT. As can be
seen, that value is much too small by one digit. When N
is 8, the value is still too small. N = 9 was
eliminated (remember why?). When t is used as the value
for N, the number IBTT becomes 1544. The repeated 4
clinches it as it matches the repeated T. Now I = 1, B =
5, T = 4, N = t, and C = 8. As a check, N**2 = CT or 84.
That's consistent with our result.

4) To find the value of F, we note that F - T = C base

12. substituting known values F - 8 = 4; hence F =
12 (base 10!!!) or F = 10 base 12 or 0 mod 12.

5) Knowing the value of the root, NNC, the value of the

last subtracter, IRBOT, is determined by computing
NNC**2 -NN0**2 as in the above tabular method. Do it.
You should get 12594 (1568**2-1560**2 base 10).
Remember tt8 base 12 converts to base 10 as 10*144 +
10 * 12 + 8.

6) From the last subtraction the values of S and L can

be found. From the other subtractions the values of
A and Y can now be identified. Putting all known
values in a key table produces ???.
CUBE ROOTS

The square root process can be extended to the

extraction of any higher order root, in the present
instance to cube roots. The process is again extending
trial cube roots one digit at a time for a closer and
closer approximation to the root. Since cube roots are
involved, the number whose root is to be extracted is
marked after every third digit from the decimal point.
The digit or digits before the last mark (the highest
order digits) provide the means of estimating a single
digit root. That digit should produce the highest cube
possible without exceeding the number made by the
highest digit(s). The cube of that digit, a, is then
subtracted from the number, and the next group of
letters is brought down. A second digit, b, is then
selected such that the cube of ab (not a * b) is as high
as possible without exceeding the number. That process
is continued until the units digit of the original
number has been brought down and the last increment
subtracted.

Since a is the first digit and b the second we need the

difference of (10*a + b)**3 - a**3. (Remember that the
10 in this instance represents the value of the base,
not decimal 10. 10 base 12 = 12 base 10.) Expanding the
above expression yields a longer expression to evaluate:
1000*(a**3) + (300a**2)*b + (300a) *b**2 + b**3 -
1000*(a**3). "b" can be factored from the result giving:
b*(300a**2 + 300a*b + b**2). Knowing a and b, the value
of that expression can be computed and then subtracted.
But it's easier to compute the unexpanded form as was
done with square roots.

A UNIDECIMAL CUBE ROOT

Now let's tackle an undecimal cube root presented in the

May-June issue of The Cryptogram by FIBBER. It has a key
of two words, 1-0. Here's the problem:

E L I
3_____________
VWIE'LDI'EST
WYT
-------
IW LDI
WS DEE
----------
W AYA EST
W TIL PLA
-------
LNT NDP
1) Following the same steps as before try to identify
the letter representing zero, or at least the non-
zero letters. Here we are more fortunate than before.
I - Y = I. If Y were = t, borrowing from W of WIE
would be necessary. The evidence indicates no such
borrowing could have taken place; thus Y = 0. Along
the way we might notice that W - S = W. Since Y = 0
and we're working in base 11, S = t.

2) Now to identify the value for E. E**3 = WYT, a three

digit number whose second digit is zero and ends in a
digit different from E. In the table of unidecimal
cubes from lecture 15 we get:

N 5 9
N**3 104 603

These two are the only ones that meet all the discovered
criteria. Can we find other evidence to be able to
decide between them? It turns out we can.

When the T of WYT is subtracted from the E above it, the

remainder is W, i.e., E - T = W mod 11. We can make a
table.

E T E-T W
5 4 1 1
9 3 6 6

Both values are consistent with the evidence. Hence E =

5 or 9. Since I - W -1 = 0 on the next subtraction, I =
W + 1. If E =5, W = 1 and I = 2. If E = 9, then W = 6
and I = 7. We'll carry both possibilities to the next
step.

3) The next task is to identify L, if we can. L**3 ends

in E as we can determine from the second subtracter,
WSDEE. If E = 5, L**3 ends in 5. We look in the table
of cubes again and find only one cube that ends in 5,
namely 25, the cube of 3. So L = 3. If E = 9 the
cube of L must end in 9. There is again only one
such cube: 4**3 = 59, thus L = 4. So if E = 9, then L
= 4. There is no conflict.

4) Now it's possible to calculate WSDEE. It is EL**3 -

E0**3.

EL(11) EL(10) E0(11) E0(10) EL**3(10) E0**3(10) diff(10)

diff(11)
53 50 58 55 195,112 166,375 28737
1t655
94 103 90 99 970,299 729,000 241,299
too big
You probably know the process involved for each step,
but here's the explanation if you don't understand it
all. Since E = 5 and L = 3, EL is 53 base 11. That's
converted to base 10 by computing 5*11 + 3 = 55 + 3 or
58 base 10. Similarly for E0 base 11 becomes 5 * 11 + 0
= 55. The cubes and the difference should be self-
explanatory. To compute the base 11 value of 28737 base
10 repeated division by 11 is necessary as follows:

11/28737
-----
11/2612 r5 28,737 = 2612*11 + 5
----
11/237 r5 28,737 = 237*11**2 + 5*11 + 5
--
11/21 r6 28,737 = 21*11**3 + 6*11**2 + 5*11 + 5
-
1 rt 28,727 = 1*11**4 + t*11**3 + 6*11**2 +
5*11 + 5 or 1t655

Hence, WSDEE = (starting with the last quotient and

going up the remainders) 1t655. Since W, S and E have
already been identified, D = 6 can be added to the list.

5) Now the remaining letters can be identified. They are

A, P and N and can be computed in that order from the
subtractions. It remains only to write out the key
table.

6) Could we now compute the last subtracter even without

knowing the values of S, D, P, A, or N. The answer is
yes, of course, as we need only the values of the
digits in the root, 532. The subtracter is 532**3 -
530**3 base 11

ELI(11) ELI(10) EL0(10) ELI**3(10) EL0**3(10) diff(10)

diff(11)
532 640 638 262144000 259694072 2449928
1423738

1423738 checks out with the numerical equivalent of

WTILPLA. Remember to use successive division by the
base or 11 on the base 10 difference to recover the base
11 equivalent.

A FOURTH ROOT PROBLEM, BASE 15

The methods used on the square root and cube root

problems will work quite as well on higher order roots
and higher bases. To demonstrate the truth of that let's
look at the C-Sp-1 in the March-April, 1996, issue of
The Cryptogram by CROTALUS, the capable editor of the
Cryptarithm column. It's a fourth root problem in base
15 with a key consisting of three words, 1-0. You will
remember that base 15 requires 15 different numerical
symbols. The first ten are the digits from 0 to 9. The
other five are A, B, C, D, and E representing
respectively 10, 11, 12, 13, and 14. 10 base 15 = 15
base 10. Addition and multiplication tables for base 15
are contained in Lecture 15 as are the squares and cubes
of each of the digits. The digits to the fourth power
are not presented and will have to be calculated. That's
a little chore but not intrinsically difficult. The
simplest method is to raise the base 10 equivalent of
the digit to the 4th power and convert the result to
base 15 using successive division by 15 as was done for
bases 11 and 12. The resulting table is as follows:

N 1 2 3 4 5 6 7 8 9 A B C
D E
N**4 1 11 56 121 2BA 5B6 AA1 1331 1E26 2E6A 4511 68C6
86E1 B5B1

Here's the problem:

S L B
4______________
VNA'STYS'HIPS
WH
-------
WB STYS
YR POPB
-----------
B'WBAU'HIPS
GGGN ALUB
----------
LYNA RBNU

1) The non-zero letters are S, L, B, N, W, H, Y, G, and

U.

2) We can spot the letter representing 1. It has to be

the B as the highest order digit of BWBAUHIPS.

3) When S is raised to the fourth power, the result is a

two-digit number, WH. Looking at the table above,
there is only one such two-digit number with two
different letters, namely 56. 3**4 = 56. Hence S =
3, W = 5, and H = 6.

4) Since W - Y = zero, there must have been a borrowing

in the previous column's subtraction and Y = W - 1 =
5 - 1 = 4.

5) B - R = B. R cannot = 0 else there would be no

necessary borrowing from the W in the next column. So
R = (base -1) or 14 or E.

6) In the first subtraction A - H = B or A - 6 = 1;

hence A = 7.

7) in the units place of the last subtraction S - B = U

or 3 - 1 = U; therefore U = 2.

8) We still have not identified the digit for L. The

 subtracter associated with it is YRPOPB. It's unit
digit is B or 1. Hence L**4 end in 1. Looking at the
table, there are eight digits whose 4th power ends in
1. We have to look more deeply to determine the
correct one. We know the values of the first two
digits and the last digit of the subtracter, YRPOPB.
Substituting their values we obtain 4EPOP1. We can
approximate the base 10 value of that number by
expanding it: 4*15**5 + 14*15**4 + P*15**3 + O*15**2
+ P*15 + 1. The two highest terms of that expansion
are the most significant. They become 3,037,500 +
708,750 = 3,746,250. Following the model used
previously we know that the subtracter can be
calculate as SL**4 - S0**4. Since we do not know the
value of L we must assume one and try it out. Let's
take a number from the middle of the pack whose 4th
power ends in 1 as does the subtracter. L = 7 will do
as a first approximation.

9) Now for the calculation:

SL(15) SL(10) SL**4(10) S0(10) S0**4(10) diff(10)

diff(15)
37 52 7311616 45 4100625 3210991 too
small
38 53 7890481 45 4100625 3789856 4ECDC1

The first trial difference (base 10) was much below

3,746,250. The second trial difference, with L = 8, is
slightly more than the estimated subtracter as can be
expected since the less significant digits were ignored
in the estimation. Notice also the pattern of the
result. The C repeats as expected to match the repeat of
the P. P = C and O = D.

10) The key table has become 1 2 3 4 5 6 7 8 9 A B C D E

0
B U S Y W H A L P O R

The value of the rest of the letters can be computed

from the various subtractions in the problem. That's
left for you to finish.

EXPONENTIATION

Raising a number to a higher power, such as squaring

(2nd power), cubing (3rd power) or more has some facets
that can be helpful to a solution of a problem involving
integer exponents. Generally, such problems are
relegated to specials in the Cryptarithm section,
although problems involving the extraction of a root are
generally not unless they involve other complications.

JE SAURAIS contributed an exponentiation problem that

was published as a special in the March-April issue of
The Cryptogram. It was a base 10 problem. It's key was
one word, 0-1. At worst it could be solved by
anagraming, but that is a non-mathematical approach.
Here is the problem:

(ELT)**I = SLENTSGNI. (PRA)**N = NPARIA,

Problems like this can involve considerable amounts of

trial and error. A calculator (or a computer) can be
very helpful. The calculator need not be fancy. One
that can handle normal arithmetic operations of
addition, subtraction, multiplication and division is
adequate. Having one memory to store numbers can
make the process simpler. Such calculators are very
inexpensive.

The problem, while it will involve some trial and error,

has much less of it than might be imagined at first
glance. There are more clues than initially meet the
eye. First we notice that the exponents, I and N, are
digits, i.e., integers having a value of 2 to 9. Next we
could count the number of digits in each number. In
each case the number to be raised to a power has three
digits. In the first equation the result is a nine
digit number. In the second a six digit one. Let's
examine that more closely.

A two digit number can be as small as 10 and as large as

99. When squared (or raised to the 2nd power) they
result in 100 and 9801, Either three or four digits. No
square of a two digit number can have fewer or more
digits. A three digit number can be as small as 100 and
as large as 999. Their squares are 10,000 and 998,001,
either five or six-digits. Notice that there is no
overlap on the number of digits in the length between
powers. We find a similar situation with the cube (3rd
power) of those four numbers. 10**3 = 1000 and 99**3 =
970,279: from four to six digits long. 100**3 =
1,000,000 and 999**3 = 997,002,999: from seven to nine
digits long. Again there is no overlap between powers.
A six-digit number must be the square of a three-digit
number or the cube of two-digit number. There is in fact
a general rule about the number of digits in the result
when a number of known length, L, is raised to a power,
P. The maximum length of the result, R-max, is P*L. The
minimum length, R-min, is L*(P-1) + 1.

We can apply that information to the above problem. In

the second equation, L = 3, R = 6, and power = N. Using
the equation for R-max, 6 = 3 * N; hence N = 2. For the
first equation, L = 3, R = 9 and power = I. Again using
the equation for R-max, 9 = 3 * I or I = 3. If we had
seven digits in the result of the second equation and
ignored the first equation, we would have solved the
equation 7 = 3 * N and N would be greater than 2 (2.33)
but not more than 3.
We could then safely deduce that N = 3. If we wanted to
check on the lower bound of N, we could have used the
equation for R-min. The above formulas work for any
integer power and any length of the original number.

The second equation contains the letters P, R, and A in

both numbers and I in the result, a known number (3).
PRA is a number that when squared produces a number
whose highest order digit is 2. Another way of saying
that is it produces a number between 200,000 and
299,999. The square roots of these numbers extend
from 447 to 547. That's 101 numbers to try, if we need
to. But we don't. We can narrow the search much more
than that. The six-digit result starts NP and three
digit base stars with P. We have just found out that P
must be 4 or 5 (447-547). Hence the range of the six-
digit result is from 240,000 to 259,999. The
square roots of these two numbers extend from 490 to
509, a range of only twenty numbers, quite a reduction
from 101. Yet, we can even do better than that. Both
numbers, base and result end in A so that A**2 = A mod
10. If A were zero, the result of squaring the number
would have two zeros at the end. It does not. So A = 1,
5 or 6. Now we have only six numbers to try that are in
the correct range and end with a possibly correct digit:
491, 501, 495, 505, 496 and 506. We are looking for a
number that has the pattern of NPARIA or 24AR3A OR
25AR3A. Here are the results:

ELT 491 501 495 505 496 506

ELT**3 241081 251001 245025 illegal 246016 256036

Only the last square gives the correct pattern. Now we

know that R = 0, P = 5, and A = 6.

Our key table is 0 9 8 7 6 5 4 3 2 1

R A P I N

Now let's look at the cube. T**3 must = I mod 10 since I

is the units digit of the result. I = 3; the only digit
that when cubed ends in three is 7 (check the unidecimal
table in Lecture 15); hence T = 7. The largest eight
digit number is 99,999,999. Since the result is a nine
digit number, the base that produced it must be larger
than the cube root of 99,999,999. That cube root < 465.
The highest order digit of the base, E can be 9, 8, or
4. The last digit, T is 7. The second digit of the base
is the same as the second digit of result.

Now let's use intelligent trial and error. For ELT, E =

4, 8, or 9: L = 1, 4 ,8 or 9 and must differ from E; and
T = 7. The possible values for ELT are as follows:

487 497 817 847 897 917 947 987

That's only 8 numbers to try. 947**3 = 849,278,123.

Match that with the pattern of SLE,NTS,GNI. S = 8, L =
4, E = 9, N = 2, T = 7, G = 1, I = 3. Add those which
are new to the key table and read the resulting word. If
you have followed the reasoning and understand it,
congratulations. Perhaps in the future you will say to
yourself, "I can probably do that."
The major lesson to have learned is this: when faced
with trial and error, try to limit as much as you can
the range of the possible. In the last part of this
problem we had identified six of the digits, leaving
only four to choose among. Further we able to determine
that for ELT, E was had only three possible values, L
had four and T was identified. Without any clues, ELT
could range from 102 to 987, a range of 886
possibilities less those numbers that have a repeated
digit. We were able to reduce that number of permissible
values to just eight.

A MORE DIFFICULT ADDITION

Equations and additions can produce more challenges for

the solver because often very few if any of the
numerical equivalents of the letters can be identified.
Algebraic equations involving the digits can be written.
These equations are often helpful, but much trial and
error is still required. Trial and error is often called
brute force, because, while it must be systematically
applied, it does not require much deep thinking. Yet is
does require some, as we discovered in the previous
problem.

Here is an addition problem in base 10 provided by THE

RAT as C-11 in the May-June, 1996, issue of The
Cryptogram. The key is two words, 9-0.

RATTLE LO
+ SNAKE +GO
------ ---
RRKGKK SGG

1) We can identify the following non-zero letters: S, G,

L, O, R, E, and probably T. That leaves K, N, and A
as the candidates for zero.

2) From the second addition, we can identify S = 1.

3) Also from the second addition, since L cannot be zero

(since it's the highest order digit of LO), L = 9.

4) There are two digital sums that could be useful: O +

O = G mod 10 and E + E = K mod 10. In each case the
sum has to produce a carry of 1 so that L + 1 = 0 mod
10. Hence neither E nor O can be less than 5. G
cannot equal zero so O must be 6 or more.

5) Since L + K + 1 = 10 + K, T + A + 1 = G and T + N (+
1?) = K.

6) We now have enough information to produce a table of

known and unknown values to try out, remembering L =
9 and S = 1.

O G E K (T, A) N
 6 2 5 0
7 4
7 4 5 0
6 2
8 6
8 6 5 0
7 5

In case it's not clear, we start each line with a

possible value of O: 6, 7, or 8. O cannot be 5, nor
9(L). In each case G = O + O mod 10. Then we start with
the smallest possible value for E, 5 and add the
resultant value for K which is 0. It turns out that E
can be 5 for each value of O. When O is 6, E cannot be 6
but it can = 7. Nor can E be 8 as that would make K = 6.
It turns out that E can be 6 or 8 only when O = 7. When
O = 8, E can be 5 or 7.

7) Since K occurs four times in the problem, and the

value of zero works well for it in each place and
occurs in three positions of the table, I have a
preference for trying those places first.

8) On the top line where O = 6 and E = 5, T + A + 1 = G:

2 or 12. Because 2 and 0 are assigned to G and K. T
+ A = 11. Therefore the pair, T, A, can be 8,3; 7,4;
or 6,5. We do not know which letter represents which
digit. 6,5 is not permissible since O = 6 and E = 5.
The two other pairs produce a carry to the next
addition: T + N + 1 = K: 10 or T + N = 9. For the 8,
3 pair N = 1 or 6, since 8 + 1 = 9 and 3 + 6 = 9.
Nether value of N is permissible. For the 7,4 pair N
= 2 or 5, neither of which is permissible. So we
abandon O = 6 for the moment. Not permissible
means that the results conflict with assignments
already made to other letters.

For O = 7, T + A + 1 = 4 mod 10 or T + A = 3, 13.

Only 13 is permissible. It is produced by 6, 7; 5,
8; or 4, 9. Since on this line 4, 7, 5, and 9 are
already in use, this solution is not permissible. It
produced redundancies.

For O = 8. T + A + 1 = 6(G) mod 10 or T + A = 5, 15.

15 can be produced by 8 + 7 but 8 is already
assigned. 5 = 2 + 3. No problem. T, A are 2, 3 but
maybe not in that order. With T + A = 5 there is no
carry to the next addition; hence T + N = 10(K).
Since 8 is already assigned, T = 3 and N = 7. A must
= 2. No contradictions so far.

9) Let's construct our partial key table and then go

back to the problem, if everything looks OK.

9 8 7 6 5 4 3 2 1 0
L O N G E T A S K
The only letter left to place is the letter, R, which
must be 4.

You can substitute all the digits in the problem and

check the answer.

Sometimes it takes courage to tackle a cryptarithm,

particularly if it might take you to less well known
territory. My best advice is to forge ahead. You cannot
lose. Either you will solve the problem and perhaps be
surprised by your competence or ingenuity, or you will
find yourself stumped, needing to learn something new.
Look at a book, or consult with a mathematically
inclined friend or a friendly math teacher, someone who
can point the way or find a fallacy. That way, you learn
and add something you had not known to your
armamentarium of mathematical strategies.

You are of course welcome to contact me with a problem,

a success, or a new wrinkle you've discovered. If there
are problem types you'd like me to write more about, let
me know. Phrase any questions as clearly as you can,
and I'll see what I can do with them. There's no sin in
being stumped - our hobby sees to it that we run into
that situation with regularity.

DOUBLE KEY DIVISION

>From time to time a division problem is presented which

has two sets of substitutes for the digits, one upper
case and one lower case. The sets are complete but keyed
differently. The problem is often done in base ten, but
occasionally in base 11 or twelve. Such a problem was
presented as a special in the September - October, 1994,
issue of The Cryptogram. A base twelve problem with two
words, 0-1, and FOUR WORDS, 0 to E, was propounded by
ARIES. It's presented here written in standard
arithmetical form.

r h l d b
*****************
i l l a d/G O L D E N A G E
i l l a d
***********
A Y Y G L N
l y d t i d
*************
U M U Y Y A
r h i b h y
*************
U L O N A G
r l r e h h
***********
S N Y L B E
d r u c u h
*************
S L D O U
As in any division problem, we have a series of
multiplications, or products, and a series of
subtraction (or additions). The subtractions involve
both sets of letters, but, interestingly, the
multiplications involve only the lower case letters. We
cannot do the subtractions without both sets of letters.
We can, however, attack the multiplications by
considering only the lower case letters. Let's see what
can be done to identify the numerical equivalents of the
lower case letters.

As usual, the first effort is to find the letters

representing 1 and 0. The letter representing 1 is easy
to find: r * illad = illad; so r = 1. The letter for
zero is hidden a little better. In the third
subtraction, A - y = A; so y = 0. Our equivalent table
looks like:

0 E X 9 8 7 6 5 4 3 2 1
y r

So the first of the two words starts with y and the

second ends with r. A double-key division problem
usually has a lot of products. This one is typical. That
characteristic allows us to build a partial
multiplicative structure to which we can look for the
appropriate diagram (see Lecture 14). Since we are
interested at this point only in the units digits of the
products, we will use modulo 12 multiplication.

h * illad = lyttid or h * d = d or h => d. Likewise l =>

y; d => h; and b => h. We can combine this information
for the following partial structure:

b => h <=> d and l => y. Since we know that y = 0, l * d

= 0; or, finally, l => 0.

Having this much information, we can now look at the

base 12 structures in lecture 14. Look them over
yourself. There are two possible matches. Can you spot
them? It could be a good exercise to stop and try this
on your own.

The two that match produce the following table:

d h b l
3 <=> 9 <= E, 7 4, 8
8 <=> 4 <= 2, 5, E 3, 6, 9

In each case there is only one possible value for d and

h on each line. To narrow the possibilities, choosing a
product with most letter equivalents partially
identified will provide the quickest entry. Such a
product is the second one: h * illad = lydtid. The
inverse of that is lydtid/h = illad. In other words, if
the product is divided by the single digit multiplier
that produced it, the divisor of the problem which
served as the multiplicand should emerge.

Before doing that, there is more useful information in

the problem that may result in the elimination of some
of the possibilities. Notice that two of the products
have r as their highest order digit Since r = 1, the
digit multipliers that produced them must be smaller
than the other two letters that also produced 6-digit
products. So l and d < h and b. In the first group h (9)
is always greater l (4, 8) and d(3). On the other hand,
if l = 4, b = 7 or e. If l = 8, b can only be E.

In the second set d > h. But d should be < h. Hence the

second set cannot be correct. So we will confine our
attention to the first set. Back to the proposed
division: h = 9; lydtid is l03ti3. l can be 4 or 8. One
of those must be correct. It's a 50/50 chance to guess
correctly. Let's start with l = 4.

********* Remember this is base 12. 4 x 12 + 0 is 48.

9 / 403ti3. 9 goes into 48, 5 times, giving 9 * 5 = 45.
39 base 10 or 39 base 12 (3 * 12 + 9 = 45).
*** Hence i = 5. Subtracting 9 from 0 or 12 =
33 3. 39 divided by 9 = 4. 4 x 9 = 36 or 30
30 base 12. Hence l = 4. Since we are looking
** for illad, we hope the next quotient will
3? be 4 also. Though we don't know t's
** equivalent, we do know we can subtract 30
again! 403ti3 has become 403t53. illad is
544a3. We move to the end of this
division. 9 * 3 = 27 or 23 base 12. Hence
the previous subtraction must have produce
a 2 in its units place.

Since the units digit in the dividend is 5, 9 * a = 3

mod 12. The multiplicative structure and the
multiplication table both show that the only possible
multipliers of 9 that fit are 7 and E. 7 * 9 = 53 base
12, making t = 5, not possible since i = 5. E * 9 = 83,
making t = 8 and a = E. The completed partial product
is: 9 * 544E3 = 403853. The equivalent table now
becomes;

0 E X 9 8 7 6 5 4 3 2 1
y a h t i l d r. Letters without values are b,
c, u and e.

"b" is the units value of the quotient. b * 544E3 =

31ucu9. 31 base 12 or 37 base 10 divided by 5 = 7; thus
b = 7. If you carry out the multiplication, you will
discover the values of u and c. That would leave only
one place for e. If you can do a little anagraming, you
can read the key without those last computations.

We were fortunate. Had we chosen l = 8, we would soon

have run into contradictions leading to the discarding
of that possibility.

We have identified all the lower case letter equivalents

and not yet one single upper case equivalent. Now that's
just a matter of solving five subtraction problems. That
shouldn't prove too difficult and will be fine base 12
practice.

Errata for Lecture 14

a) In the explanatory paragraph below the duodecimal

Example 4. Division, after writing down the 32 we must
first subtract it from 48, making 16 the difference, and
then bring down the next digit of the dividend, t.

b) The final product of the duodecimal multiplication at

the end of the lecture, before the Appendix, is 7C8e8t8
not 7C8et8 as written. Unfortunately this typo was not
spotted in time before publication.

LECTURE 17 ANSWERS

17-1 Headline Puzzle

Paul Derthick's HEADLINE PUZZLE . by Larry Gray

The following are all headlines from a recent daily

newspaper. Each of the five is a different mono -
alphabetic substitution, and all five are derived from
the same mixed alphabet at different settings against
itself.

1. PXYWFXKLJE DFYMJYV VGHKJ `DFYM-US' GF ZYFGJVG

PJEJYHW VLXGEFDS;

2. JUBHFGO EUHKEOF HR WEUDBGO, FHSJF DKD RO ZGI YRE

FUNROI HUED;

3. NEZZY AEZYVKU AEVP NFUVLKY LR ALVVKU JLBPV ECKU

AWGBKV;

4. ZEHCGOL LZCCOMMSS WEMSAQ MZALD AFB AZFMS MZ DZBZA

MDZAGS;

5. PTQQU WQRKWCQBSD WQEKLLQUBX BZOKWEQ MKW ENJWSQX JUB

BZ

ANS:
Setting = ANOLE Key = GECKO Hat= CHAMELEON

17-2 Playfair. While Rome Burns. BARRISTER: ON44:CE17

Tip= "ers are"

OCMAF ZDAPZ BYPGY BOKYT BYVMT AVIBY PVGPP RBCFH

XEAPI VTCPV VBKGV MEWCB IEGMQ PPBOL ENRHZ MRFSC
DRNAI ZEITN SUNA.
TWO HINTS: The title is significant and does not follow
LANAKI's Red Herring rule and look for naturals such as
PO = QP or OPQ. A Natural is a cipher digraph not in
the keyword whose letters because of the standard
alphabetical relationships stay in the natural
alphabetical order in the cipher square.

Key Square:

H U C K L
E B R Y F
I N A D G
M O P Q S
T V W X Z

Message: Pupil's answers are que(x)er, to wit: Nero was

a cruel tyrant who would torture his poor subjects by
playing the violin.

17-3 Foursquare 'anasonly' ZEMBIE

UB XB MS SF SQ MS TH DE UB HM GL NL BW GB LW NQ NF UB FM
QH EM BW BI GT LD UQ IG WM CF TQ ET CT NF IP LS UQ FK UH
IZ UQ YF TN XP NS FF UV HV NF HI CE NQ UO UQ GK ET HT ND
PV BI BE ND BD YM DE LX UB GA CX ET XT DE PE NL BF PY IQ
NG QW IS NC CK XB TF GK ED LA EL LE RW MI EX SF MS UP XQ
NF EV FF BI KK NA MX.

Answer in complex Caesar: (ISUPV OMPAY - UGBSK NGKPN)

ZKXJO GGKGN SFXPC DYJKP MRPPJ

hints: run down 10 letters ; Look for thinks 2x, germs

2x, if all fails - square to = i/juxtaposition, square 4
= viewpoints.

17-4 Short Bifid. Clue - DIAMONDS is there somewhere and

the text talks about them being HIDDEN. Period = 7.

ETIALIG LDMNITV NFEMISI EEIDGEI

HPCEDUT PINOFLW INDLEEK

ANS: The diamonds are hidden in the side pocket of me

bosses car.

LECTURE 18 PROBLEMS

18-1 Unidecimal square root. (Three words 0-E) MARSHEN

LO'SE gives root it; - KF = EKSE; - ERRE = EWH

18-2 Duodecimal division. (Two words, 0-E) CODEX

BRIDGE / CLUBS = CC; - DUHRE = BRHEE; - DUHRE = BOLO

REFERENCES AND CRYPTOGRAPHIC RESOURCES

The CDB (Crypto Drop Box) was updated last week with
140,000 bytes of references. I will update them again
after Lecture 19 is complete.

From [email protected] Feb 6 07:37:55 1996

Date: Mon, 5 Feb 1996 16:57:08 EST
From: "Randy Nichols, ACA President" <[email protected]>
Reply to: ACA-L <[email protected]>
To: Multiple recipients of list ACA-L <[email protected]>
Newsgroups: bit.listserv.aca-l
Subject: LECTURE 7

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI
February 4, 1996
Revision 0

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 7
XENOCRYPT MORPHOLOGY
Part III

SUMMARY

In Lecture 7, we conclude our review of materials related to

ciphers created in languages other than English. Lecture 7
will give practical language data for Xenocrypts commonly
published in the Cryptogram - French, Italian, Spanish,
Portuguese.

Also, we have time for a short review and more homework

problems to solve. Lets start with French.

FRENCH - The language of lovers

FRENCH DATA [ Based on 55,758 letters of text in FRE2]

Absolute Frequencies

A 4,480 G 624 L 2,737 Q 616 V 801

B 406 H 276 M 1,617 R 4,117 W 6
C 1,944 I 4,230 N 4,406 S 4,564 X 317
D 2,198 J 184 O 3,255 T 4,057 Y 100
E 9,334 K 25 P 1,689 U 3,054 Z 84
F 646 ======
55,758

Monographic Kappa Plain, French Language = 0.0777, I.C.= 2.02

Relative Frequencies, based on 55,758 letters of French plain

text referenced in FRE2 reduced to 1000 letters:
E 167 T 73 C 35 G 11 J 3
S 82 O 58 P 30 Q 11 Y 2
A 80 U 55 M 29 B 7 Z 2
N 79 L 49 V 14 X 6 K 1
I 76 D 39 F 12 H 5 W -
R 74 =======
1,000

Groups

Vowels: A, E, I, O, U, Y = 43.8%
High-Frequency Consonants: N, R, S, T = 30.7% ; with L =34.0%
Medium-Frequency Consonants: C, D, L, M, P = 18.3%
Low-Frequency Consonants:B,F,G,H,J,K,Q,V,W,X,Z = 7.2 %

8 most frequent letters (E, S, A, N, I, R, T, and O) = 68.9%

(descending order)

Note that group frequencies between German and French are

statistically similar.

Initials ( based on 10,748 letters of French plain text, One

letter words have been omitted.)

D 1,445 L 784 I 315 U 240 H 67

P 929 S 664 F 313 O 177 Z 7
E 894 Q 394 T 305 G 146 K 5
A 866 R 389 N 278 B 115 W 3
C 816 M 337 V 263 J 98 Y 3
======
9,853

Digraphs [Frequency Distribution of Digraphs based on 55,758

letters of French plain text reduced to 5,000 digraphs]

A B C D E F G H I J K L M
A 2 6 20 12 4 6 11 50 1 36 12
B 4 4 4 12
C 15 6 47 11 20 5
D 18 1 109 1 20 1 1
E 30 4 49 48 30 15 14 3 13 5 56 58
F 10 2 1 9 6 8 1
G 6 16 1 2 3 1
H 6 6 4
I 9 3 12 10 41 4 4 1 27 8
J 4 6
K
L 57 1 5 95 1 1 23 26
M 22 9 1 1 52 23 13
N 19 1 29 40 54 9 11 1 20 1 3 2
O 5 7 3 1 1 2 1 21 1 10 21
P 30 1 1 13 2 3 11
Q 1
R 62 2 10 13 127 2 6 24 1 16 11
S 42 2 16 32 75 5 2 1 36 2 15 8
T 40 1 7 22 78 4 1 2 67 11 12 4
U 12 3 10 5 39 14 3 1 24 3 13 6
V 9 24 16
W
X 4 3 3 3 1 1 1
Y 2 2
Z 3 1

Digraphs [Frequency Distribution of Digraphs based on 55,758

letters of French plain text reduced to 5,000 digraphs]

N O P Q R S T U V W X Y Z
A 68 1 21 3 41 17 46 29 13 2 1
B 4 5 2 1 2
C 48 4 1 8 8
D 10 1 6 2 26
E 105 4 38 12 89 154 58 27 17 8 3
F 8 1 10 1 1
G 7 6 8 4 2
H 3 1 4
I 49 51 5 12 27 52 47 9 7 1
J 5 2
K 1
L 3 10 1 5 4 12 1
M 8 9 1 4
N 10 19 6 4 3 53 99 4 7 1
O 109 7 23 13 8 52 2 2
P 35 9 34 1 6 4
Q 54
R 8 27 5 3 7 14 19 6 7 1
S 6 22 24 11 8 41 33 24 4 1
T 4 14 11 7 44 23 10 11 2
U 26 1 8 1 48 26 19 1 8 13 1
V 16 5 2
W
X 1 4 1 1 2 3 1
Y 1 2
Z 1

Digraphic Kappa plain, French = 0.0093, I.C. = 6.29

87 Digraphs comprising 75% of French plain text based on 5,000

digraphs arranged according to relative frequencies.

ES- 154 RA- 62 AI- 50 SS- 41 EA- 30 UI- 24 OM- 21

RE- 127 a)==== EC- 49 ND- 40 EE- 30 SP- 24 NI- 20
ON- 109 ET- 58 IN- 49 b)==== NC- 29 SU- 24 DI- 20
DE- 109 EM- 58 ED- 48 TA- 40 AU- 29 RI- 24 CI- 20
EN- 105 LA- 57 CO- 48 UE- 39 IR- 27 VE- 24 AC- 20
NT- 99 EL- 56 UR- 48 EP- 38 EU- 27 TS- 23 UT- 19
LE- 95 QU- 54 CE- 47 AL- 36 IL- 27 MI- 23 NO- 19
ER- 89 NE- 54 IT- 47 SI- 36 RO- 27 LI- 23 RT- 19
TE- 78 NS- 53 AT- 46 PO- 35 OR- 27 SO- 22 NA- 19
SE- 75 ME- 52 TR- 44 PR- 34 DU- 26 MA- 22 DA- 18
AN- 68 IS- 52 SA- 42 ST- 33 LL- 26 TD- 22 AS- 17
TI- 67 OU- 52 IE- 41 SD- 32 US- 26 AP- 21 EV- 17
IO- 51 AR- 41 PA- 30 UN- 26 OI- 21 =====
3,751

a) 13 digraphs (1,237 total count, above this line represent

25% of French plain

b) 39 digraphs (2,515 total count, above this line represent

50% of French plain

Frequent Digraph Reversals (based on table of 5,000 digraphs)

ES- 154 SE- 75 LE- 95 EL- 56 RA- 62 AR- 41 IS- 52

RE- 127 ER- 89 TE- 78 ET- 58 EM- 58 ME- 52 EC- 49
DE- 109 ED- 48 TI- 67 IT- 47 LA- 57 AL- 36 AT- 46
EN- 105 NE- 54 SI- 36 CE- 47 TA- 40

Rare Digraph Reversals (based on previous 5,000 digraphs)

NT- 99 TN- 4 QU- 54 UQ- 1 NS- 57 SN-6 OU- 52 UO-1

Doublets (based on previous 5,000 digraphs)

SS- 41 LL- 26 NN- 10 PP- 9 CC- 6 AA- 2 GG - 1

EE- 30 MM- 13 TT- 10 RR- 7 FF- 6 DD- 1 UU - 1

Initial Digraphs 22 digraphs occurring 100 or more times based

on 10,748 French plain text words, according to absolute
frequencies:

DE- 501 RE- 283 PI- 222 SU- 168 AU- 150 DI- 124 SO- 117
CO- 394 PA- 268 IN- 178 CE- 163 NO- 133 AL- 122 VO- 112
QU- 347 LE- 240 SE- 178 ET- 153 TR- 127 UN- 122 FR- 101
PR- 291

Trigraphs (top 97 based on 55,758 letters of French text)

ENT- 588 CON- 271 EST- 188 ESS- 151 NSE- 130 EUR- 115
ION- 555 ERE- 267 ERA- 185 AIT- 147 REN- 127 NTA- 115
TIO- 433 ANT- 238 ECO- 184 POU- 146 SQU- 124 SER- 115
ONS- 373 ESE- 230 ESD- 179 TER- 146 AIR- 123 ESO- 112
RES- 367 ELA- 227 OND- 175 COM- 143 EPA- 120 DEC- 110
QUE- 338 LLE- 216 LEM- 175 ESP- 139 QUI- 120 EPR- 110
DES- 313 PAR- 213 NCE- 173 OUS- 139 SET- 120 ALL- 109
EDE- 305 NDE- 211 ELE- 172 AIS- 137 REC- 119 ECE- 109
EME- 288 SDE- 210 ESA- 163 EMA- 137 AND- 118 UNE- 108
ATI- 287 DEL- 209 TDE- 163 IER- 136 ETA- 118 RAI- 106
LES- 284 PRE- 206 ITE- 162 NTS- 135 SEN- 118 RLE- 106
NTE- 282 OUR- 205 SSE- 160 TES- 135 PRO- 117 SSI- 106
TRE- 280 RAN- 196 ONT- 157 EQU- 133 ISE- 116 ENE- 105
MEN- 272 IRE- 191 ANC- 153 IQU- 131 REP- 116 SUR- 105

TRA- 105 TEN- 103 BLE- 101 ETE- 100 TAT- 100
ISS- 104 UEL- 102 QUA- 101 ERE- 100
INT- 103 ANS- 101 CES- 101 OMM- 100

Initial Trigraphs (The 20 trigraphs appearing 50 or more times

as initials of words in 10,748 French words):

CON- 213 COM- 129 FRA- 93 INT- 75 ETA- 69 SER- 61

POU- 144 PRO- 105 PAR- 87 CEN- 72 DAN- 68 TRA- 57
PRE- 135 ALL- 104 QUA- 80 NOU- 69 RED- 65 RES- 56

VOU- 56 FAI- 50

Tetragraphs (82 top tetragraphs based on 55,758 letters of

French plain text)

TION-431 CONS- 98 LEME-83 ERAL-71 EREN-58 RESS-55

MENT-251 EPAR- 98 QUEL-83 ERES-70 ESSE-58 IERE-53
ATIO-220 RESE- 96 LEMA-80 DANS-67 NOUS-58 IRES-53
IONS-208 ENTE- 95 PORT-80 OUVE-67 TRES-58 TEDE-53
EMEN-200 LLEM- 93 ENTS-78 EMAN-66 ENER-57 EQUE-52
POUR-136 FRAN- 91 EPRE-77 SENT-66 NDES-57 NDEL-52
IQUE-128 PRES- 91 EDES-76 ANDE-63 NSEI-57 ECOM-51
IOND-124 ENTA- 90 ESET-76 PART-62 NTDE-57 GENE-51
DELA-120 RANC- 90 INTE-75 SDES-62 CAIS-56 SEIL-51
AIRE-117 ANCE- 89 ALLE-75 ESEN-61 ESTI-56 ELES-50
ONDE-107 SION- 89 ANTE-75 RAIT-61 ITIO-55 ETAT-50
ECON-102 COMM- 88 MAND-75 ENTD-60 NEMA-55 ILLE-50
ESDE-102 ELLE- 84 CENT-74 SSIO-60 NERA-55 SQUE-50
ONSE-101 NTER- 84 QUES-72 ENCE-59

Look at the above groups. Realize how many apply to English.

Such words as economy, business, energy, genes, firmament, etc.

Average French Word Length = 5.2 letters

One-letter words: A (86%) Y(6%) O(2%)

Two-letter words: DE LA LE ET UN EN NE AU IL DU JE ON SI SE OU
SA MA ME CE VA

Three-letter words: LES QUE DES QUI EST PAS UNE AUX PAR DIT ONT
LUI PEU SON SUR CES CET MOT MON VIE BON CAR ILS PUR AMI VIE

Four-letter words: AVEC AVEZ BIEN CEUS COUP DANS DEUX DOIS DOIT
DONT DOUX FAIT FAUT LEUR LUNE MAIS MOIS NOUS PEUT PLUS POUR
QUEL SAIT SONT TOUS TRES TROP VOUS

Common Pattern Words - Three and Four letters: ETE ICI NON SES
TOT D'UN J'AI L'AI L'ON L'OR L'OS M'EN S'EN S'IL; CECI MEME
SAIS SANS SOUS SUIS TOUT ELLE MERE PERE IDEE C'EST D'UNE N'EST
QU'IL QU 'ON N'ONT

Common Initials with apostrophes: C' D' J' L' N'

Peculiarities: In three letter words, U is proceeded by Q and

followed by E or I (QUE, QUI) Four or five vowels may be found
in sequence. E seldom touches another vowel. D and M contact
E about 75% of the time. Four consonants in a row is the most,
we usually find ; where five consonants are found sequentially
the last is an S of a plural word.

AMCRAS has rearranged the French Frequency Table to:

18 8 8 7 7 7 7 6 6 5 4 3 3 3 2 1 1 1 1 1--
E A N R S I T U O L D C M P V B F G H JQZXY

Letters have many of the same characteristics as English, with

vowels contacting more freely. When LE LA DE etc precede a
word beginning with a vowel, the vowel is dropped; an
apostrophe is substituted. (C'est for Ce est). This is a big
help in finding vowels.

The apostrophe is not used for possession.

Nouns can be of any gender. Adjectives take the same gender as

their noun.

A, as a one-letter word, has two meanings. Not accented, it is

a verb, has. Accented (not in ciphers) is the preposition ,to.

Ne, pas. The usual way to express negation, is to put ne

before the verb, pas, after it. N'est pas means not.

When the masculine form, le or its plural les, is preceded by a

A, (to) or de (from), and is followed by a word beginning with
a consonant, a le is contracted to au (au pere, to the father);
a les, to aux; de le, to du; de les to des.

Some Short Words:

Y, there Ces, these Ceci, this Ce, cet,cette,this

Au, to the Est, is Cela, that Le,la,les the
De, of, from Lui,to him Dans, in Un,una,a,an,one
En, in, by Mon,my Elle,she Par, through,by
Et, and Non,no Fait, does Aller, go
Il, he it Oui,yes Leur, them Dire, say,tell
Je, I Peu,few Mais,but Donne, give
Me, me Que, that Nous,we Faire,make,do
On, people Qui, who Plus,more Lire, read
Ou, or where Son, his Pour, for Mourir, die
Se, himself Sur, on Tout, all Penser, think
Si, if Tot, soon Vous, you Respondre, answer

from [XEN1]

SOLUTION OF FRENCH ARISTOCRAT

FRE-1 [FIDDLE]

1 2 3 4 5
F' U O N Y O L M' Y M N Y Z Z I L W Y X Y Z U C L Y

6 7 8 9 10
O H W B I C R L U C M I H H Y Y N G Y N B I X C K O Y

11 12 13 14 15 16
X Y M G I N M F Y M J F O M O M C N Y M, F Y M

17 18 19 20 21
J F O M H Y W Y M M U C L Y M U F U W I H P Y L M U -

22 23 24 25
N C I H Y N U F U W I L L Y M J I H X U H W Y.

Set up the normal and cipher text alphabets as a cross check on

each other.

18 8 8 7 7 7 7 6 6 5 4 3 3 3 2 1 1 1 1 1--
E A N R S I T U O L D C M P V B F G H JQZXY
normal

21 16 10 9 8 8 8 7 7 7 6 3 3 3 2 2 1 1 1
Y M U I H L N C F O W J X Z B G K P R
cipher

The letters in the Normal table should be over or close to

their cipher equivalents, if the message is reasonably normal
wording.

Take the gimmes. The 1 letter word U=a (has,to) and the
repeated U F U should be a la (to the), so F=l. Y is the
highest frequency and most likely an E. M is most likely an
S from position and frequency. So FYM = les (the). XYM, es
may be either des or ces with X=d or c. Using the pattern
table above, word 2 should be s'est.

Words 3 and 8 give us another vowel because YZZI and IHHY

I is a vowel , probably U or O but not I. remember that Y=e
and I in word 8 follows an S. (maybe) Word 21 implies an
ending of t-o- which could be -tion ( a very popular ending
according to reference FRE2. So we may have H=n and C=i as
well as I=O. Let us look at our guesses in the xenocrypt.

FRE-1 [FIDDLE]

1 2 3 4 5
F' U O N Y O L M' Y M N Y Z Z I L W Y X Y Z U C L Y
l ' a t e s ' e s t e o e d e a i e
himself is of
6 7 8 9 10
O H W B I C R L U C M I H H Y Y N G Y N B I X C K O Y
n n i a i s u n n e e t e t o d i e
o and u c

11 12 13 14 15 16
X Y M G I N M F Y M J F O M O M C N Y M, F Y M
d e s u t s l e s l s s i t e s l e s
of the the the

17 18 19 20 21
J F O M H Y W Y M M U C L Y M U F U W I H P Y L M U -
l s n e e s s a i e s a l a o n e s a
to the u

22 23 24 25
N C I H Y N U F U W I L L Y M J I H X U H W Y.
t i o n e t a l a o e s o n d a n e
u and to the u u

where:

18 8 8 7 7 7 7 6 6 5 4 3 3 3 2 1 1 1 1 1--
E A N R S I T U O L D C M P V B F G H JQZXY
Y U H M C N I F X normal

21 16 10 9 8 8 8 7 7 7 6 3 3 3 2 2 1 1 1
Y M U I H L N C F O W J X Z B G K P R
e s a o n t i l d
u c cipher

Word 6 demands O to be a vowel; as a e i o are already

identified, O=u, for un (a,one). Word 14 and 17 are common
in French. It is plus (more). The first word is auteu
(author.) So L=r in terms of frequency. Word 8 is raisonne
(reasonably, rational). The word necessaires (necessary) also
becomes visible. The last word is correspondence (same in
English). P=v because we pick up on conversation in Word 21.

Z B G R are not identified. A run down of the remanding letters

or use of a dictionary gives us Word 5 as faire, (to make) and
Word 3 as efforce (force). Word 12 becomes mots (words) and
Word 7 = choix (choice).

The final solution is:

l'auteur s'est efforce de faire un choix raisonne methodique

des mots les plus usites, les plus necessaires a la
conversation et a la correspondence.

"An author forces himself to make a reasonable and methodical

choice of words most used, most necessary to conversation and
correspondence.

KERCKHOFF

Kerckhoff (aka Jean-Guillaume-Hubert-Victor-Francois-Alexandre-

Auguste Kerckhoffs von Nieuwenhof, Holland) was not French but
Flemish. His influence was cryptographically significant for
selecting usable field ciphers. Kerckhoff was first to
separate the general system from the specific key. He told us
about superimposition to solve polyalphabetic systems. He told
us about the symmetry of position to glean more plain text from
the cipher text. He invented the St-Cyr slide and named it
after the French national military academy where he studied.
"La Cryptographie militaire" gave the French a commanding lead
in cryptography in World War I. He was the impetus for those
that followed. [KERC] , [KAHN]

FRENCH INFLUENCES - VALERIO, de VIARIS, DELASTELLE, BAZERIES

Letter Frequencies for French, German, English, Russian,

Spanish, and Italian (page 9) given by General Givierge in his
Course In Cryptography [GIVI] differ from those presented in
[FRE2]. Friedman's work is more authoritative and based on
significantly more modern plain text. General Givierge
borrowed from Paul Louis Eugene Valerio, a captain of Artillery
who wrote in the Journal des Sciences militaires in 1892.
Valerio published a book called "De la cryptographie"
in 1895. The General also borrowed from de Viaris (aka Marquis
Gaetan Henri Leon Viarizio di Lesegno) who is famous for one of
the first printing cipher devices, in 1874. The General may
have included the work of Felix Marie Delastelle, who wrote
Traite Elementaire de Cryptographie in 1902. Delastelle's most
famous cipher is the bifid and will be covered at a later
lecture. Delastelle expanded Kerkhoff's symmetry of position
principles published in "La Cryptographie militarie" in 1883.
Lastly, Etienne Bazeries influence the General quite heavily.
Bazeries invented cylinder device for polyalphabetic
encipherment. de Viaris solved the Bazeries cylinder in 1893.
Bazeries was miffed to say the least. His device was accepted
for use by the U.S. Army in 1922 as a field cipher device.
[USAA], [BOWE], [DELA], [BAZE], [VIAR], [VIA1], [LEAU],
[VALE]

The French have brought us some talented Cryptographers.

[KAHN] tells us about the famous Rossignol and his English
counterpart. Problem FRE-4 is taken from reference [GIVI],
General Marcel Givierge classic "Cours De Cryptographie."
The reader can find many French cryptogram problems in it.

ROSSIGNOL

Rossignol served with swashbuckling facility in the Court of

Louis XIV. His cryptographic successes gave him access to
secrets of state and the court. The poet Boisrobert (who
originated the idea of 'Academie Francaise') wrote the first
poem ever written to a cryptologist entitled "Epistres en
Vers." He was the court cryptologist of France in the time
when Moliere was her dramatist, Pascal her philosopher, La
Fontaine her fabulist and the supreme autocrat of the world her
monarch. They were influenced accordingly. [MAVE], [MAGN]

Rossignol's technical improvements to the nomenclator systems

of the time were quite important. When Rossignol began his
career, nomenclators were one-part, listing both the plain and
the code elements in alphabetical order or numerical order if
the code was numerical. Plain and code paralleled each other.
This arrangement existed since the beginning of the
Renaissance. Rossignol destroyed the parallel arrangements and
mixed the code elements relative to the plain. Two lists were
required, one in which the plain elements were in alphabetical
order and the code elements were randomized. The second
facilitated decoding in which the code elements were
alphabetized and the plain equivalents were disarranged. The
two tables were called 'tables a chiffrer' and 'tables a
dechiffrer'. The two part codes are similar to a bilingual
dictionary. The two part construction spread rapidly to
others countries and the nomenclator systems grew in numbers
and size.

His son Bonaventure, and his grandson Antoine-Bonadventure

both carried on the tradition started by their father. Both
were raised from King's counselor to president of the Chamber
of Accounts. The Cabinet Noir, founded under Louvois, Frances
Minister of War, at the urging of Antoine Rossignol, took extra
ordinary precautions (switching systems, introducing 18 new
nomenclator series) was the start of Frances ironclad control
over the cipher business. It still has a tight access policy
today. [PERR], [BROG]

Actually it was a good policy. The Vienna Black Chamber -the

Geheime Kabinets - Kanzlei regularly read French ciphers up to
the cabinet level. [VAIL], [STIX]

WALLIS

England had its Black Chamber. John Wallis was Rossignol's

contemporary. He was first a mathematician, giving us the germ
of the binomial theorem, the symbol and concept of infinity, a
calculation of pi by interpolation and the beginnings of
calculus for Newton to do his thing with. John Wallis'
solution of Louis XIV of France letter of 9 June 1693 put in
the record books.

Their careers parallel each other. They were almost

contemporaries, Rossignol was 16 years older. Both made their
start on civil war ciphers in their twenties. Both had a
mathematical bent. Both were self-taught. Both lived into
their eighties. Both owed their worldly success to
cryptanalysis. Both became their countries' Fathers of
Cryptology in both the literal and figurative sense. But they
were different too. Rossignol worked at court while Wallis
worked at Oxford. Rossignol introduced new systems for the
French and supervised their use. Wallis apparently prescribed
only one English cipher and that was done
informally. [SMIH]

It is unlikely that these cryptologic experts ever clashed

cryptologically despite the contentious natures of both
countries. [WALL] , [NIC6]

ITALIAN - the language like music

ITALIAN DATA [ Based on 57,906 letters of text in FRE2]

Absolute Frequencies

A 6,771 G 1,168 L 3,592 Q 227 V 1,024

B 527 H 493 M 1,441 R 4,037 W 13
C 2,367 I 6,568 N 4.094 S 2,967 X 9
D 2,258 J 18 O 5,022 T 4,139 Y 14
E 6,784 K 28 P 1,616 U 1,547 Z 527
F 655 ======
57,906

Monographic Kappa Plain, Italian Language = 0.0745, I.C.= 1.94

Relative Frequencies, based on 57,906 letters of Italian plain

text referenced in FRE2 reduced to 1000 letters:

E 117 R 70 P 28 F 11 K -
A 117 L 62 U 27 B 11 J -
I 113 S 51 M 25 Z 9 Y -
O 87 C 41 G 20 H 9 W -
T 72 D 39 V 18 Q 4 X -
N 71 =======
1,000

Groups

Vowels: A, E, I, O, U, Y = 46.1%
High-Frequency Consonants: L, N, R, T = 27.4%
Medium-Frequency Consonants: C, D, G, M, P, S = 22.2%
Low-Frequency Consonants:B,F,H,J,K,Q,W,X,Z = 4.3 %
8 most frequent letters (E, A, I, O, T, N, R and L) = 70.8%
(descending order)
Note again that similarities of group frequencies for German,
French, English and Italian are statistically significant.

Initials ( based on 10,481 letters of Italian plain text, One

letter words have been omitted.)

D 1,381 L 500 T 337 U 217 J 13

C 1,041 R 403 G 333 Q 172 W 9
S 885 N 396 F 298 B 153 K 6
P 830 E 374 V 263 H 69 Y 3
A 822 M 371 O 235 Z 29 X 2
I 685 ======
10,481

Digraphs [Frequency Distribution of Digraphs based on 57,847

letters of Italian plain text reduced to 5,000 digraphs]

A B C D E F G H I J K L M
A 18 9 39 41 14 12 22 1 19 76 24
B 10 7 7 10 1
C 32 10 20 33 33 2
D 31 1 65 64
E 23 7 31 53 15 8 22 2 25 66 18
F 9 11 7 11 1
G 9 11 8 2 20 17
H 6 27 9
I 66 8 52 30 31 11 11 2 11 35 31
J
K
L 62 3 8 6 49 2 7 56 52 4
M 31 5 35 17 4
N 32 1 15 26 51 6 11 1 37 3 1
O 17 4 22 27 10 5 10 1 20 45 24
P 23 30 14 2
Q
R 64 1 8 8 71 1 7 63 4 13
S 20 15 1 32 2 45 2 3
T 83 1 65 1 59 1
U 12 2 4 3 15 1 3 10 6 3
V 26 23 23
W
X
Y
Z 13 4 20
Digraphs [Frequency Distribution of Digraphs based on 57,847
letters of Italian plain text reduced to 5,000 digraphs]

N O P Q R S T U V W X Y Z
A 78 5 24 4 57 36 63 6 24 12
B 4 4 2
C 64 1 5 6
D 23 2 9
E 73 6 22 4 96 62 27 6 17 4
F 10 6 3
G 8 9 11 6
H
I 62 44 20 3 20 48 45 15 16 7
J 1
K
L 2 21 5 1 3 6 15 7 3
M 18 13 2
N 10 50 4 5 2 11 66 8 4 11
O 86 4 25 2 55 40 14 3 18 2
P 28 11 23 7
Q 20
R 9 45 2 12 9 16 10 3 3
S 25 9 31 58 12 1
T 1 56 43 1 37 10
U 24 8 6 9 11 150 1
V 10 2 2 2
W
X
Y
Z 3 5

Digraphic Kappa plain, Italian = 0.0081, I.C. = 5.48

89 Digraphs comprising 75% of Italian plain text based on 5,000

digraphs arranged according to relative frequencies.

ER- 96 RI- 63 LL- 52 AC- 38 MA- 31 HE- 25 VE- 23

ON- 86 IA- 63 IC- 51 TT- 37 SS- 31 OP- 25 OC- 22
TA- 78 LA- 62 NE- 50 b)==== DA- 31 AM- 24 AG- 22
AN- 78 IN- 62 NO- 50 NI- 37 EC- 30 UN- 24 EG- 22
AL- 76 a)==== LE- 49 ME- 35 PE- 30 EI- 24 EP- 22
EN- 73 RA- 62 IS- 48 AS- 35 ID- 30 AV- 24 LO- 21
RE- 71 ES- 61 IT- 45 IL- 35 IE- 30 OM- 24 IP- 20
NT- 66 TI- 59 OL- 45 CH- 33 PO- 28 PA- 23 ZI- 20
DE- 65 ST- 58 RO- 45 CI- 33 OD- 27 DO- 23 SA- 20
TE- 65 AR- 57 SI- 44 RA- 32 ET- 27 VI- 23 CE- 20
EL- 65 TO- 56 IO- 43 SE- 32 VA- 26 AP- 23 QU- 20
DI- 64 LI- 56 TR- 43 CA- 32 ND- 26 PR- 23 GI- 20
CO- 64 OR- 55 OS- 40 IM- 31 SO- 25 EA- 23 =======
AT- 63 ED- 52 AD- 39 3,762
a) 18 digraphs (1,260 total count, above this line represent
25% of Italian plain

b) 43 digraphs (2,495 total count, above this line represent

50% of Italian plain

Frequent Digraph Reversals (based on table of 5,000 digraphs)

ER- 96 RE- 71 EL- 66 LE- 49 LI- 56 IL- 35

ON- 86 NO- 50 DE- 65 ED- 53 OR- 55 RO- 45
TA- 83 AT- 63 RA- 64 AR- 57 IC- 52 CI- 33
AN- 78 NA- 32 IN- 62 NI- 37 IS- 48 SI- 45
AL- 76 LA- 62 ES- 62 SE- 32 AD- 41 DA- 31
EN- 73 NE- 51 TI- 59 IT- 45 AC- 39 CA- 32

Rare Digraph Reversals (based on previous 5,000 digraphs)

NT- 66 TN- 1 ST- 58 TS- 1 CH- 33 HC-0

Doublets (based on previous 5,000 digraphs)

LL- 52 AA- 18 II- 11 NN- 10 FF- 7 MM- 4 VV - 2

TT- 37 EE- 15 PP- 11 GG- 8 ZZ- 5 OO- 4 DD - 1
SS- 31 RR- 12 CC- 10 BB- 7

Initial Digraphs (26 digraphs occurring 100 or more times based

on 10,481 Italian plain text words, according to absolute
frequencies:)

CO- 543 PE- 210 PR- 184 NO- 154 SE- 121 MA- 112 RE- 108
DE- 505 CH- 197 QU- 172 PA- 153 SO- 121 UN- 111 ES- 107
ST- 222 AL- 186 NE- 169 PO- 141 TR- 121 SU- 109 TE- 103
DI- 215 IN- 185 RI- 162 CA- 132 DA- 120

Trigraphs (top 90 based on 57,906 letters of Italian text)

DEL- 348 STA- 215 ERE- 169 ICA- 145 SSI- 130 ODI- 114
ENT- 348 ALI- 213 ZIO- 166 RAN- 145 NEL- 127 ORI- 114
ELL- 314 EDI- 212 ATO- 165 STR- 145 ACO- 125 RMA- 114
CON- 306 ALL- 201 NTI- 165 ALE- 144 ATI- 125 AME- 113
CHE- 276 ITA- 198 ANT- 163 IDI- 143 IDE- 123 ETT- 113
LLA- 274 ANO- 197 ERA- 163 COM- 139 ADI- 121 ODE- 113
ION- 265 OST- 196 TRA- 160 ECO- 137 AND- 121 PRE- 112
ONE- 247 ERI- 187 ESS- 158 LLE- 137 TEN- 120 NDO- 110
PER- 238 ARE- 186 ATT- 157 ONT- 136 ONO- 119 ONI- 110
EDE- 228 TAL- 184 NTO- 156 TER- 136 ARI- 117 AZI- 109
NTE- 227 LIA- 180 ADE- 155 TAT- 134 NTR- 117 ENE- 109
ICO- 216 IST- 174 EST- 151 TTA- 132 PAR- 116 ELA- 107
MEN- 216 CLI- 171 RES- 146 ATA- 130 TRO- 116 ERO- 107
ESI- 107
COR- 106
IAN- 106
TAN- 105
ATE- 104
NON- 103
VER- 103
ICA- 101
OLA- 101
STI- 101
OCO- 100
RIA- 100

Initial Trigraphs (The 19 trigraphs appearing 50 or more times

as initials of words in 10,481 Italian words):

DEL- 217 STA- 106 QUA- 83 PRE- 62 DAL- 57 PER- 55

CON- 195 ALL- 100 PRO- 75 NEL- 57 ANC- 56 RUS- 55
COM- 137 ITA- 94 QUE- 74

GRA- 53 STO- 51

Tetragraphs (57 top tetragraphs based on 57,906 letters of

Italian plain text)

DELL-209 ALIA- 99 ICON-74 AGLI-66 LIAN-59 OPER-56

MENT-188 CONT- 93 VANO-74 ICHE-66 TORI-59 RUSS-56
IONE-160 ADEL- 92 ECON-73 IDEL-64 ALLE-58 TATO-55
ELLA-150 OSTR- 88 IONI-71 ELLE-63 ANDO-58 TEDE-55
ZION-147 ENTO- 87 STAT-70 NELL-63 DALL-58 OCON-54
TALI-125 AMEN- 83 STRA-70 IMEN-61 NTRO-58 SION-53
AZIO-106 ALLA- 81 GLIA-69 ANTI-60 OCHE-58 TANT-53
EDEL-106 ENZA- 75 ISTA-68 ATTA-60 ANTE-57 STOP-52
ITAL-106 ONTR- 75 ODEL-68 PART-60 EPER-57 NOST-51
ENTE-105 ENTI- 74 ACON-66

Average Italian word length = 5.2 letters

One-letter words: E (56%) A (22%) I (14%) O (8%)

Two-letter words: DI LA UN IL SI LE DA MA IN AL VI SE HA NE
HO LO AD ED VA IO

Three-letter words: CHE UNA PER CON DEL PIU GLI NEL DEI MIA SIA
DUE ERA MIO MAI CHI;

Four-letter words: BUON COME COSA COSI DICE DIRE DOVE ERAN FARE
GREAN OGNI PERO QUEL VITA

Common Pattern Words - Three and Four letters: NON ; ALLA ANNI
ANO BENE ESSA ESSE MODO POCO SONO UOMO VEDE

Common Initials with apostrophes: D' I' L' S'

Common words with apostrophes: C'E CH' GL' OR' PO' EN' DOV'
VID' ALL' TIEN' DOV'E BUON' DELL' NELL'

Peculiarities: Vowels constitute about half of the language

letters. Highest contacts are with L N R T. H is preceded
by C or G. Q is followed by U and another vowel. See [XENO]
for additional rules. [SACC] gives data on consonant
sequences.

Consonant doubling is frequent: L T S C R G P N B M Z F V I D

Finals in order: O E A I; Rare R L D N

[SACC] gives us the following common consonant three letter

sequences: STR NTR LTR TTR NDR SCR NGL NFL NGR SPL NCH RCH SCH
MPR PPR FFR BBL MBR CCH

R S L may be found in any one of these groups, rarely H.

Common prepositions: A CON DA DI IN PER SU

The Italian Frequency Table rearranged:

18 12 11 9 7 6 6 6 5 5 3 3 3 3 2 2 1 1 1 1 -
E A I O L N R T S C D M P U V G Z F B H Q

SOLUTION OF ITALIAN ARISTOCRAT

ITA -1. MON NOM

1 2 3 4 5 6 7 8 9 10
YT GNLYJO *LSISVAS, KN JH TST JY MHOLYKEY IOY JHSY

11 12 13 14 15 16 17 18 19
GYBYY, JH AYTYLOY OI HRRYIYLN VSLS, ESUN HTS KEZYOGS

20 21 22 23 24
EZN HRRYIYKEN YV KHS QOILSTN.

Listing the short words:

YT KN JH-2 JY OI YV TST IOY EZN KHS HTS

Take a frequency count of finals:

Y-7 N-6 S-5 H-2 T-2 O I V -1

Since highest frequency finals are usually vowels, Y N S and H

may be vowels and word 6 TST could be NON. If this assumption
is correct then word 18 is UNO. Further YT = in and YY =ii in
word 11. Word YV = il.
Substituting our guesses:

1 2 3 4 5 6 7 8 9 10
YT GNLYJO *LSISVAS, KN JH TST JY MHOLYKEY IOY JHSY
in eri ro ol o se u non i u ris i i uoi

11 12 13 14 15 16 17 18 19
GYBYY, JH AYTYLOY OI HRRYIYLN VSLS, ESUN HTS KEZYOGS
i ii u inir i u i ire loro co e uno s hi o

20 21 22 23 24
EZN HRRYIYKEN YV KHS QOILSTN.
che u i is e il suo rone

Word 17 L=r for loro.

The initals are S or P. Word 23 is Suo or or Puo. But word 4

would be Se or Sa but not pe or pa. Try K=s. We should look
for CHE (that) and the likely candidate is EZN.

Substituting again in above we have four additional words.

OI and IOY suggest ad and dal. By frequency J=t.

The solution reads: In verita Rodolfo, se tu non ti guaristi

dai tuoi vizii, tu finirai ad ubbidire loro, come uno schiavo
che ubbidisce il suo padrone.

GENERAL LUIGI SACCO

One of Italy's most brilliant cryptographers, his manual gives

detailed solutions of various transposition, monoalphabetic and
polyalphabetic systems. His appendix details the equations
used for such interesting problems as de Viaris polyalphabetic
substitution, Kerckhoff's ciphers and the Hill algebraic
problem. [SACC] [The reading is difficult and a little
disorganized but the digging is rewarding. ]

SPANISH - The language of passion. [SPAN]

SPANISH DATA [ Based on 60,115 letters of text in [FRE2] and

[SPAN]

Absolute Frequencies

A 6,681 G 823 L 2,174 Q 346 V 602

B 799 H 367 M 1,740 R 4,628 W 36
C 3,137 I 4,920 N 4,823 S 4,140 X 127
D 2,687 J 190 O 5,859 T 3,180 Y 413
E 7,801 K 22 P 1,785 U 2,172 Z 182
F 481 ======
60,115
Monographic Kappa Plain, Spanish Language = 0.0747, I.C.= 1.94

Relative Frequencies, based on 60,115 letters of Spanish plain

text referenced in [FRE2] and [SPAN] reduced to 1000 letters:

E 130 S 69 U 36 V 10 J 3
A 111 T 53 P 30 F 8 Z 3
O 97 C 52 M 29 Y 7 X 2
I 82 D 45 G 14 H 6 W 1
N 80 L 36 B 13 Q 6 K -
R 77 =======
1,000

Groups

Vowels: A, E, I, O, U, Y = 46.3%
High-Frequency Consonants: N, R, S = 22.6%
Medium-Frequency Consonants: C, D, L, M, P, T = 24.5%
Low-Frequency Consonants:B,F,G,H,J,K,Q,V,W,X,Z = 6.6 %

7 most frequent letters (E, A, O, I, N, R, S) = 64.6%

(descending order)
Note that group frequencies between German and Spanish are
statistically similar.

Initials ( based on 10,129 letters of Spanish plain text, One

letter words have been omitted.)

P 1,128 L 435 Q 286 V 183 Y 27

C 1,081 R 425 I 281 F 177 W 19
D 1,012 M 403 H 230 O 169 Z 2
E 989 N 346 U 219 B 124 K 1
S 789 T 298 G 206 J 47 X
A 761 ======
10,129

Digraphs [Frequency Distribution of Digraphs based on 60,115

letters of Spanish plain text reduced to 5,000 digraphs]

A B C D E F G H I J K L M
A 12 14 54 64 15 5 8 4 10 8 41 30
B 11 5 14 1 12
C 39 5 17 8 80 3
D 32 1 2 84 1 30
E 20 5 47 26 17 8 21 6 9 3 44 26
F 2 9 12 1
G 12 12 5 1
H 15 3 5
I 43 8 42 29 40 5 8 1 14 16
J 4 5
K 1
L 44 5 5 35 1 3 28 9 5
M 32 10 42 30
N 41 2 33 37 41 10 6 2 28 1 5 4
O 19 17 28 26 16 6 5 5 4 1 22 33
P 30 1 16 5 8
Q
R 74 1 12 10 94 1 12 45 1 1 6 15
S 32 2 18 15 57 3 2 4 41 1 5 7
T 60 1 67 35
U 13 6 11 5 52 1 3 9 9 6
V 12 1 15 15
W 1 1
X 1 4
Y 5 1 3 2 5 1 1 1 1
Z 6 1 1

Digraphs [Frequency Distribution of Digraphs based on 60,115

letters of Spanish plain text reduced to 5,000 digraphs]
 N O P Q R S T U V W X Y Z
A 64 4 24 5 81 62 18 9 9 11 4
B 5 12 2 1 3
C 69 6 13 18
D 1 59 2 1 3 1 6 1
E 126 5 23 4 94 119 17 5 10 1 8 2 3
F 7 4 5
G 2 15 11 1 11
H 6 1
I 50 67 4 1 16 27 24 1 8 5
J 3 3
K
L 1 17 5 1 2 4 5 5 3 1
M 15 10 6
N 3 43 10 2 4 21 91 12 6 1 1
O 104 4 29 7 58 73 12 3 5 2 9 1
P 31 34 1 3 19
Q 29
R 11 43 7 3 10 10 15 9 6 1 1
S 5 22 26 4 6 10 57 23 2 4
T 56 34 11
U 34 1 3 9 10 4 1 2
V 7
W 1
X 3 2
Y 1 5 2 1 1 3 1 1
Z 3 2

Digraphic Kappa plain, Spanish = 0.0091, I.C. = 6.15

87 Digraphs comprising 75% of Spanish plain text based on 5,000

digraphs arranged according to relative frequencies.

EN- 126 TE- 67 IN- 50 NA- 41 MA- 32 IS- 27 EA- 20

ES- 119 AN- 64 EC- 47 IE- 40 SA- 32 EM- 26 OA- 19
ON- 104 a)==== RI- 45 b)==== PO- 31 SP- 26 PU- 19
ER- 94 AD- 64 EL- 44 CA- 39 MI- 30 ED- 26 SC- 18
RE- 94 AS- 62 LA- 44 ND- 37 PA- 30 OD- 26 AT- 18
NT- 91 TA- 60 RO- 43 TI- 35 AD- 30 AP- 24 CU- 18
DE- 84 DO- 59 NO- 43 LE- 35 DI- 30 IT- 24 EE- 17
AR- 81 OR- 58 IA- 43 TR- 34 ID- 29 EP- 23 OB- 17
CI- 80 SE- 57 IC- 42 UN- 34 QU- 29 SU- 23 CE- 17
RA- 74 ST- 57 ME- 42 PR- 34 OP- 29 SO- 22 ET- 17
OS- 73 TO- 56 AL- 41 OM- 33 LI- 28 OL- 22 LO- 17
CO- 69 AC- 54 SI- 41 NC- 33 NI- 28 NS- 21
IO- 67 UE- 52 NE- 41 DA- 32 OC- 28 EG- 22 =====
3,753

a) 15 digraphs (1,287 total count, above this line represent

25% of Spanish plain
b) 40 digraphs (2,513 total count, above this line represent
50% of Spanish plain

Frequent Digraph Reversals (based on table of 5,000 digraphs)

EN- 126 NE- 41 AR- 81 RA- 74 AS- 62 SA- 32 LA- 44

ES- 119 SE- 57 CI- 80 IC- 42 OR- 58 RO- 43 EL- 44
ON- 104 NO- 43 AN- 64 NA- 41 AC- 54 CA- 39 MA- 32
ER- 94 RE- 94 AD- 64 DA- 32 AL- 41 LE- 35 AM- 30

Rare Digraph Reversals (based on previous 5,000 digraphs)

NT- 91 TN- 0 ST- 57 TS- 0 ND- 37 DN-1 NC- 33 CN-0

IO- 67 OI- 4

Doublets (based on previous 5,000 digraphs)

EE- 17 AA- 12 RR- 10 SS- 10 LL- 9 CC- 5 OO - 4

NN- 3 DD- 2

Initial Digraphs 21 digraphs occurring 100 or more times based

on 10,129 Spanish plain text words, according to absolute
frequencies:

CO- 684 PR- 307 PA- 263 SE- 189 CA- 151 PE- 111 MA- 101
RE- 335 ES- 286 PO- 247 DI- 175 SI- 137 UN- 109 CU- 100
DE- 323 QU- 286 IN- 235 PU- 157 MI- 117 HA- 108 SO- 100

Trigraphs (top 105 based on 60,115 letters of Spanish text)

ENT- 596 ARA- 229 POR- 176 OSE- 147 ERO- 131 NDE- 121
ION- 564 ONE- 227 TER- 174 ONS- 144 ONT- 131 RAN- 121
CIO- 502 ESE- 202 ODE- 168 REC- 144 ANA- 130 STE- 119
NTE- 429 ADE- 293 ERE- 166 ORE- 143 ARE- 129 REN- 118
CON- 415 PAR- 190 ERA- 165 OCO- 142 UNT- 127 ARI- 117
EST- 355 CIA- 190 TRA- 165 EDE- 141 ANO- 127 TEN- 116
RES- 335 ENC- 188 AME- 165 ICI- 140 TAR- 126 OND- 115
ADO- 307 NCI- 184 ERI- 163 END- 139 ANT- 126 RIA- 115
QUE- 294 PRE- 183 MER- 162 SEN- 139 ESA- 126 ECI- 114
ACI- 277 DEL- 183 ELA- 159 TAD- 138 IER- 125 IST- 113
NTO- 270 NDO- 183 PRO- 158 ECO- 135 ADA- 125 ONA- 113
IEM- 267 NES- 183 ACO- 155 STR- 134 DEN- 124 DAD- 112
COM- 246 DOS- 182 ENE- 153 TOS- 133 AND- 123 INT- 112
ICA- 242 MEN- 181 UES- 151 IDA- 132 DES- 121 NTR- 112
STA- 240 NTA- 176 ESP- 149 SDE- 132 IDO- 121 ESI- 111

PER- 111
ASE- 109
CAN- 109
UNI- 108
OSI- 107
GEN- 105
NCO- 105
RIO- 105
ERN- 104
OMI- 104
SCO- 104
TES- 103
BIE- 101
NTI- 100
TOR- 100

Tetragraphs (86 top tetragraphs based on 60,115 letters of

Spanish plain text)

CION- 444 CONS- 104 ERNO- 79 AMER- 72 FORM- 62 EEST- 55

ACIO- 252 CONT- 99 IERN- 78 IEND- 72 SENT- 62 SCON- 55
ENTE- 233 PUNT- 95 OQUE- 78 IDAD- 71 ICIO- 61 SIDE- 55
ESTA- 174 ANDO- 91 IONA- 77 ENDO- 70 ONTR- 60 CIEN- 54
IONE- 159 TADO- 91 UEST- 77 ERIC- 70 SION- 60 NFOR- 54
MENT- 150 ACON- 90 BIER- 76 NTOS- 70 CCIO- 59 OPOR- 54
ONES- 146 ANTE- 89 ICAN- 76 MIEN- 69 GENT- 58 RESP- 54
IENT- 141 NTER- 85 RESE- 76 IOND- 67 COMA- 57 ARIO- 53
ENTO- 137 INTE- 84 GOBI- 75 MERI- 67 ESDE- 57 ESTR- 53
ENCI- 128 NTES- 82 OBIE- 75 NTRA- 67 ORES- 57 ARGE- 51
PARA- 117 ADOS 81 ECON- 74 DELA- 65 RECI- 57 ECTO- 51
ENTA- 115 AMEN- 81 RGEN- 73 ENTI- 64 AQUE- 56 PART- 51
NCIA- 115 OCON- 81 RICA- 73 NTIN- 64 IONP- 56 POSI- 51
PRES- 111 ESEN- 80 STAD- 73 COMI- 63 QUES- 56 EPRE- 50
UNTO- 111 ONDE- 80

Look at the above groups. Realize how many apply to English.

Such words as economy, business, energy, genes, firmament, etc.

Initial Trigraphs (The 19 trigraphs appearing 50 or more times

as initials of words in 10,129 Spanish words):

CON- 298 PAR- 154 PUN- 93 INT- 72 UNI- 55 CUA- 52

COM- 218 PRO- 139 PER- 80 RES- 72 DES- 53 TRA- 52
EST- 194 PRE- 114 GOB- 66 NUE- 66 INF- 53 REP- 51
ARG- 50

Average Spanish Word Length = 5.9 letters

One-letter words: Y(63%) A(32%) O(4%) N(1%) E

Two-letter words: DE LA EL EN ES UN NO SE SU LO LA HA MI ME AL
YO

Three-letter words: QUE LOS UNA POR DEL CON LAS MAS SON SER UNO
SIN HAY MIS SUS ESE

Initials: C P A S M E D T H V R U N I L B O F Q G
Finals: O A S E N R B D L I Z

Rearranged Frequency:

13 13 9 8 7 7 7 5 5 4 4 4 3 3 1 1 1 1 1 1 1 - - - - - - - -
E A O S R N I D L C T U M P G Y B Q V H F Z J X CH LL RR N^

The Spanish alphabet consists of 24 letters (sans K W rare)

plus four distinct ones: n^ (counted as n) ch, ll, rr. These
four additional are alphabetized as single letter consonants.
My keyboard does not have the appropriate symbol the tilde to
put over the n so I have used the hat symbol.

Peculiarities:

The apostrophe is not used.

The question and exclamation marks appear at the end of the

sentence, and are inverted at the beginning.

Q is followed by UE or UI.

The article the and pronouns he, she, it, they, are expressed
by: el=the, he; la=the, she; lo=the, it; los =the, they;las
=the, they (fem).

Some Short Words:

A. at, to, on, by, in, up,as, if, for, like, with of
E. and
O. or, repeated
U. before o or ho
Y. and
Ni. nor
Mas. but, yet, more, over
Como. How
Un, una. an, one.
Este, estos, estas, esta. this, these
Yo, I; mi=me; mia=my, mine
Usted. you
La, elle. she, the
Su. possesive pronoun
Ese,esa,eso. who
Quien. who, whom
Cual. which
Estar. to be
haber. to have

SOLVING SPANISH CRYPTOGRAMS

A good place to initially attack a Spanish cryptogram is

through short words that appear in the cryptogram, especially
single-letter and double letter words. A single letter word
will usually be A or Y with a rare O. Look at the frequencies.
Move on to the two and three letter words and cross reference
the plain text with the cipher text alphabet. Reference [SPAN]
has many practice cryptograms with hints. And now for our last
foray with Xenocrypts we look at Portuguese.

PORTUGUESE One of the world's toughest languages. [PORT]

PORTUGUESE DATA [ Based on 45,106 letters of text in FRE2]

Absolute Frequencies

A 5,362 G 724 L 1,245 Q 348 V 737

B 470 H 304 M 1,699 R 3,292 W 24
C 2,285 I 3,314 N 2,912 S 3,409 X 166
D 1,900 J 160 O 5,001 T 2,679 Y 22
E 5,441 K 17 P 1,377 U 1,491 Z 207
F 520 ======
45,106

Monographic Kappa Plain, Portuguese Language = 0.0746, I.C.=

1.940

Relative Frequencies, based on 45,106 letters of Portuguese

plain text referenced in FRE2 reduced to 1000 letters:

E 121 N 65 U 33 F 11 X 4
A 119 T 59 P 30 B 10 J 3
O 111 C 51 L 28 Q 8 W 1
S 76 D 42 V 16 H 7 Y -
I 73 M 38 G 16 Z 5 K -
R 73 =======
1,000

Groups

Vowels: A, E, I, O, U, Y = 45.8%
High-Frequency Consonants: N, R, S, =21.3%
Medium-Frequency Consonants: C, D, L, M, P, T= 24.8%
Low-Frequency Consonants:B,F,G,H,J,K,Q,V,W,X,Y,Z = 8.1 %

8 most frequent letters (E, A, O, S, I, R, N, and T) = 69.7%

(descending order)
Note that group frequencies between French, Spanish, Italian
and Portuguese are statistically similar.

Initials ( based on 7,058 letters of Portuguese plain text, One

letter words have been omitted.)

P 847 M 405 I 264 B 113 Z 14

C 731 T 348 F 222 G 111 W 11
E 608 R 316 Q 222 J 92 K 7
S 601 N 299 O 187 U 77 Y 4
A 597 V 271 L 143 H 60 X 2
D 506 ======
7,058

Digraphs [Frequency Distribution of Digraphs based on 45,106

letters of Portuguese plain text reduced to 5,000 digraphs]

A B C D E F G H I J K L M
A 11 11 52 60 15 9 14 2 18 2 38 36
B 11 1 10 5 2 1
C 60 2 30 4 39 5
D 45 61 33 1
E 15 5 48 22 11 11 23 1 27 6 1 31 44
F 9 14 13 1
G 15 14 4 1
H 10 8 3
I 42 3 34 31 6 7 9 1 16 22
J 7 2
K
L 24 1 4 4 24 1 5 9 21 2 4
M 41 10 3 4 51 1 26 1 1 2
N 31 29 35 14 7 8 12 18
O 21 9 32 25 27 10 7 3 20 4 20 36
P 26 2 25 2 4
Q 1
R 75 2 14 9 86 3 7 1 46 1 2 18
S 41 6 22 10 62 6 3 2 23 2 3 12
T 65 1 1 69 1 26
U 22 5 5 7 26 1 4 18 1 14 11
V 11 37 23
W 1
X 10 3 1 2
Y
Z 7 1 9 2 1

Digraphs [Frequency Distribution of Digraphs based on 45,106

letters of Portuguese plain text reduced to 5,000 digraphs]

N O P Q R S T U V W X Y Z
A 56 49 23 8 68 72 22 8 16 1 5
B 9 9 2 1 2
C 1 85 7 8 12
D 61 2 1 1 5
E 97 6 18 6 76 95 20 7 12 1 15 5
F 15 2 3
G 1 14 14 15
H 11 1
I 53 26 5 2 25 39 27 2 10 2 7
J 2 7
K
L 2 14 4 2 1 4 7 6 2
M 1 16 15 1 3 5 2 6 2
N 25 1 19 114 4 4 1
O 79 5 35 8 71 85 18 12 22 1 1 1 1
P 1 60 1 1 28 1 1 3
Q 37
R 8 34 7 3 11 8 18 4 6 1
S 5 23 35 7 4 40 47 18 5
T 1 88 33 1 13
U 17 2 4 7 9 6 11 1 2
V 9 1
W
X 3 1
Y
Z 1 1 1

Digraphic Kappa plain, Portuguese = 0.0084, I.C. = 5.68

91 Digraphs comprising 75% of Portuguese plain text based on

5,000 digraphs arranged according to relative frequencies.

NT- 114 TA-65 ST- 47 AM- 36 CE- 30 OD- 25 AT- 22

EN- 97 a)==== RI- 46 b)==== NC- 29 NO- 25 UA- 22
ES- 95 SE-62 DA- 45 ND- 35 PR- 28 LA- 24 GA- 21
TO- 88 DO-61 EM- 44 OP- 35 IT- 27 LE- 24 LI- 21
RE- 86 DE-61 IA- 42 SP 35 OE- 27 AP- 23 OL- 20
CO- 85 AD-60 MA- 41 RO- 34 EI- 27 EG- 23 ET- 20
OS- 85 PO-60 SA- 41 IC- 34 UE- 26 VI- 23 OI- 20
ON- 79 CA-60 SS- 40 TR- 33 MI- 26 SO- 23 NS- 19
ER- 76 AN-56 CI- 39 DI- 33 IO- 26 SI- 23 SU- 18
RA- 75 IN-53 IS- 39 OC- 32 PA- 26 OV- 22 RT- 18
AS- 72 AC-52 AL- 38 EL- 31 TI- 26 SC- 22 EP- 18
OR- 71 ME-51 VE- 37 ID- 31 PE- 25 IM- 22 UI- 18
TE- 69 AO-49 QU- 37 NA- 31 IR- 25 ED- 22 =====
AR- 68 EC-48 OM- 36 3,755

a) 15 digraphs (1,224 total count, above this line represent

25% of Portuguese plain

b) 42 digraphs (2,505 total count, above this line represent

50% of Portuguese plain

Frequent Digraph Reversals (based on table of 5,000 digraphs)

ES- 95 SE- 62 OR- 71 RO- 34 ME- 51 EM- 44
RE- 86 ER- 76 CA- 60 AC- 48 EC- 48 CE- 40
CO- 85 OC- 32 AD- 60 DA- 41 MA- 41 AM- 36
RA- 75 AR- 58 PO- 60 OP- 39 CI- 39 IC- 34
AS- 72 SA- 41 AN- 56 NA- 33 DI- 33 ID- 31

Rare Digraph Reversals (based on previous 5,000 digraphs)

NT- 114 TN- 1 ST- 47 TS- 0 ND- 35 DN-0

Doublets (based on previous 5,000 digraphs)

SS- 40 EE- 11 OO- 5 LL- 2 II- 1 PP- 1 TT - 1

AA- 11 RR- 11 CC- 2 MM- 2

Initial Digraphs 20 digraphs occurring 100 or more times based

on 6,803 Portuguese plain text words, according to absolute
frequencies:

CO- 464 RE- 276 IN- 188 PA- 143 MA- 130 ME- 111 TR- 103
PO- 386 DE- 259 ES- 173 NA- 133 PE- 122 MI- 105 DI- 102
SE- 333 QU- 220 PR- 169 TE- 132 VE- 115 NO- 104

Trigraphs (top 59 based on 45,106 letters of Portuguese text)

ENT- 474 TOS- 191 ERE- 150 IDA- 133 OSE- 126 ECE- 115
NTO- 457 EST- 186 CIA- 145 TER- 132 ARE- 125 NCI- 114
ONT- 303 ACA- 182 ADE- 143 OPO- 130 ESE- 124 REC- 113
NTE- 284 PES- 181 STA- 143 SPO- 130 OVE- 124 PAR- 112
CON- 255 QUE- 172 ICA- 142 ADA- 129 SSA- 124 ESS- 110
PON- 236 NTA- 167 OCO- 140 TRA- 129 DES- 123 DAD- 109
CAO- 227 POR- 159 ARA- 136 NDO- 127 ECO- 121 ORE- 108
ADO- 211 ACO- 158 DOS- 134 ENC- 126 ODE- 118 EDI- 107
MEN- 205 COM- 154 OES- 134

ASE- 105
ITO- 104
ELE- 103
ERI- 103
PRO- 102
AME- 101
OSS- 101
IME- 100

Initial Trigraphs (The 19 trigraphs appearing 50 or more times

as initials of words in 6,803 Portuguese words):

CON- 224 QUE- 109 PRO- 93 QUA- 83 TRA- 66 VEX- 53

PON- 213 EST- 105 POR- 88 DES- 71 MIL- 61 IND- 52
COM- 136 PAR- 93 NAO- 86 SER- 70 REF- 56 RES- 52

REC- 51

Tetragraphs (38 top tetragraphs based on 45,106 letters of

Portuguese plain text)

ONTO-233 ENTA- 97 AMEN-81 CONT-58 CONS-58 RENT-52

PONT-221 NCIA- 95 PARA-81 FORM-57 NTES-58 TELE-52
MENT-183 PORT- 87 COES-73 OCON-66 ANDO-57 EGRA-51
ENTO-173 DADE- 86 IDAD-71 ELEG-61 ANTE-57 NFOR-51
ENTE-147 ESTA- 85 CENT-70 ADOS-60 ORMA-54 OPON-51
ACAO-142 ENCI- 83 INTE-70 IMEN-60 VEXA-54 LEGR-50
NTOS-141 SPON- 83

Look at the above groups. Realize how many apply to English.

Such words as economy, business, energy, genes, firmament, etc.

Average Portuguese Word Length = 6.48 letters

One-letter words: A O E D'

Two-letter words: DE UM AS SE DO OS EM NA NO

Three-letter words: QUE NAO UMA COM POR TAO MAS MEU DAS ERA LHE
NEM NOS SER SIM SUA; ELE

Four-letter words: AZUL DIAS DUAS ESTA MAIS MEUS NOME PODE QUEM
TRES VIDA; SEUS SUAS COMO PARA TODO

Common Pattern Words - Three and Four letters:

Normal frequency rearranged:

14 13 12 8 8 6 6 5 5 5 4 4 4 3 2 2 1 1 1 1 1 - -
A E O R S I N D M T U C L P Q V F G H B J Z X

from [XENO]

Peculiarities:

The Portuguese language uses the standard Roman alphabet, but

the letters K W Y are used in foreign words. Like Spanish,
however the cion becomes cal, the ll goes to lh. Articles drop
the inital l; the Spanish las and los become as and os in
Portuguese.

Plurals end in -s; such as -es,-is, -oes, and -aes are common.
Adjectives carry the plural along with the noun they modify.

SOLUTION OF PORTUGUESE ARISTOCRAT

POR-1. (156) Flying very high. BARKER

1 2 3

P J G J R B P H G Y R G J I C W Q G B G B G A
3 4 5 6 7

U Y C G B C W Y X C B G W G P I C I P D J

8 9 10

Y G R C Q D R C J G I C B D Z G

11 12 13 14

W P H J R D R Y D G Y A G X B P Z G I G

15 16 17 18

Z C B J G R D Q D I G I C I G H G Z C C

19 20 21 22 23

A G D J Y A X G J J P X G B G G

24 25 26 27

W P H J R B Y W G P H P C J X G W P I C

28 29 30

Y A G C J R G W G P X C B A G H C H R C.

Set up the cross reference alphabets:

31 18 14 12 11 10 9 8 8 8 7 6 6 4 3 1 0
G C J P B R I Y W D H A X Z Q U EFKLMNOSTV
-Cipher
14 12 12 8 8 6 6 5 5 5 4 4 4 3 2 2 1 1 0
A E O R S I N D M T U C L P Q V F GHBJ ZX
-Normal

I made an assumption that the tip might refer to astronaut

or astronomy. Let G= a, J=s, C=e. On my worksheet I draw
lines between the normal and cipher alphabets to show
relationships between letters.

1 2 3
s a a a s e a a a
P J G J R B P H G Y R G J I C W Q G B G B G A

3 4 5 6 7
e a e e a a e s
U Y C G B C W Y X C B G W G P I C I P D J

8 9 10
a e e s a e a
Y G R C Q D R C J G I C B D Z G
 11 12 13 14
s a a a a
W P H J R D R Y D G Y A G X B P Z G I G

15 16 17 18
e s a a e a a e e
Z C B J G R D Q D I G I C I G H G Z C C

19 20 21 22 23
a s a s s a a a
A G D J Y A X G J J P X G B G G

24 25 26 27
s a e s a e
W P H J R B Y W G P H P C J X G W P I C

28 29 30
a e s a a e a e e
Y A G C J R G W G P X C B A G H C H R C.

Word two falls in line with my assumption = astronautas and

word 1 could be PJ= os. Word 30 might be permanente.
Other words appear uma, para, passo, espaco. Filling in the
blanks we have the following:

1 2 3
o s a s t r o n a u t a s d e c l a r a r a m
P J G J R B P H G Y R G J I C W Q G B G B G A

3 4 5 6 7
q u e a r e c u p e r a c a o d e d o i s
U Y C G B C W Y X C B G W G P I C I P D J

8 9 10
s a t e l i t e s a d e r i v a
Y G R C Q D R C J G I C B D Z G

11 12 13 14
c o n s t i t u i a u m a p r o v a d a
W P H J R D R Y D G Y A G X B P Z G I G

15 16 17 18
v e r s a t i l i d a d e d a n a v e e
Z C B J G R D Q D I G I C I G H G Z C C

19 20 21 22 23
m a i s u m p a s s o p a r a a
A G D J Y A X G J J P X G B G G

24 25 26 27
c o n s t r u c a o n o e s p a c o d e
W P H J R B Y W G P H P C J X G W P I C

28 29 30
u m a e s t a c a o p e r m a n e n t e
Y A G C J R G W G P X C B A G H C H R C.
Note the -cao endings

REVIEW OF LECTURES 1-7

We have studied the simple substitution case in detail. We

have focused on the similarities between languages - especially
the group frequencies. We have attempted to show a cultural
universality for cryptography and the learning of languages.
We have presented procedures to cryptanalyze most single
alphabet substitution systems, including the more difficult
variants. We have searched for historical significance as we
proceeded in our cryptographic tour.

WHAT'S NEXT?

Two guest lecturers NORTH DECODER and ESSAYONS will present

materials on the Hill Cipher, and ENIGMA 95. I shall open up
the polyalphabetic substitution case. Remember, that the trick
in solving a polyalphabetic substitution cipher is its
reduction to simpler terms, i.e. reduction to a series of one
or more mon-alphabetic sub-systems. The concept of periodicity
will be introduced. I will cross the lines and introduce
transposition ciphers. The most famous Playfair that saved a
U. S. Presidents life will be detailed. The resource section
will be improved again by about 100 solid references.

OTHER STUFF

By the way, our class as of this writing is 109! Four others

have requested access. I thank you all for your confidence and
support. Those who wish to present a special cipher or to have
your guest lecture included in this course need to contact me
soon, so that I can schedule them. If you want to construct a
few problems (based any material covered) for presentation in
the final "book", go for it. E-mail/snail mail them to me with
complete solutions and sources. Again thank you for your trust
and interest.

HOMEWORK FROM LECTURE 6

FRE-2. K2. (105) Another species. {sauvage,fp=ST] MELODE

P Q N X B M H Q I Q A B C I Q D K E X Q B Q O Q

P' W M R R Q; D K E X Q B Q O Q U Q I Q E Q Q M C

T E X R X B X D Q , X P Q A B K P' W M R R Q N Q

V C Q N W K B O Q U M C B B X Q E Q Q A B K C

N W K B A K C D K U Q.
FRE-3. K2. (87) (jamais, A=b) It's fun trying. GUNG HO

D G X Z Q N J D P M C J P U P L S U E' Z D

Z D H U Q J S E J S N P U Q E Z H Z D P M J H -

K N D P: G Z K U D I Q S N U , G Z H S P D L S U,

U Q G U P O Z H U P . * R J I Q U I U G G U

FRE-4. PAT from [GIVI] page 13.and ff. (130)

Solve and recover key(s).

YJXMG XBXUF JGECU JEBZD XAMNM ZDFLG FAFNJ OFNDJ

GVJXE FNNME VRJZJ KAFNB FNZAG NCUJE BNRUX OFNJG

NNXKX FELGF BJRVF NOFUI FXAAF GTFVR FAFKU FNBJE

NADXN VMXUF

ITA-2. K2. (88) ( ne, han, con) Thirty days hath September.
LABRONICUS

I D S A I K Q W P L A I K A L B S C M D S P L A

K E D W Z S, U W O U A L S R S I I S C M D S . Q W

B S A I L I I L P S A ' S O A L. I O I I W U Z W

K Z I D W A S V K A I D S A U I O A L.

ITA-3. K2. (117) (sulla, f=I). La frode necessaria. MICROPOD

G Z Q K E A F S Z L T K F Q A Q S F N F Q K G K Q

T G G Z P Z Q F R A T J Z E F N S Z M T Z J S A S

Z R A P T D A F F Q K G K Z L Z S S K E O F J F Q

Q T J K R A E Z F Q Z S S Z H F J S F M T F G G K

E O F L F J Q Z G A J X T S Z J D.

SPA-1. BARKER

Z K E P C U K Y T C Y D M S R V C T P E R A
Z P Z N D Z K G C T Y R Z K R N T D G R Y C V K

K S T P Q D P E R M K T C Y G R Z Y P Q P M P E K E

E C M K S C Z S K E R G R T C M U R U C Z S R.

SPA-2. K2. (96) (deseo, f=R) Musica. D. STRASSE

T I Z Q B J N A Z K J K T F Z N B P L T B B F

K N A G B N A G K T F P J G T P A O Z F M B F

S J G H N B R T B T I K T N Z G B I Q B

B P K J I Q Z I B J M P B B J N A Q G A O J M B

M Z I Y Z N.

SPA-3. (122) (-ulado, MZ=qk) Flight? LIFER

N S P Y K I X P U A K P Z D X P S P E X K R L K O

K A X T S P Q K D X R K R R S S I N K Y K R L A R

S D K T Q L D L P X K T A S Q X S P X P R S O S P

R X J K R K T O A S T S P Q X L S D O A X I S A E

C S D L R S C P V D L N L B A X O C D K R L.

POR-2. K2 (96) (tenta; gj=NQ) Machine Age? YO TAMBIEN

E P E J T X D U R T C J Z X G C V R J D J

X I N R S O C H C D T C V R P U C D V R J

Z J U D C T J H J D G X U M P C H J A X H X

O X T J T V R J A J U A C M C B J S X.

*O. *T R T M X I H *Q X U J D

POR-3. K1. (nossos va-) Letter to horseman? ZYZZ

U C U C G V C J F D E F W E O C B G C V S I H C L
I T I W F Y C V F U H F W F T L F R F B C H W F C

E S H I L F G I C D E G T I J H C V G R P C V C J

F V D E F W F H C V L F V F H J I S K I X J I Z U

I G V T I V V I V B C D E F G H I V V C I F Y K F

R F T W F V.

SOLUTIONS TO LECTURE 6 PROBLEMS

Thanks to GRAPE JUICE for the straightforward SOLS.

LAT-1 K2. (sallust) Wars and Victors? SCARLET (105/17)

FCDR JRBBQC OQCN TZUNBR, URPRMQC ZRHRMMQCR GRONDRMR.

NDUNKRMR UQNSNO, RPNZC NHDZSF BNURMR, GRKFDN, UQCS NUPFMRO
SRBNDP. *OZBBQOP [cum, bdghj=JGHIE]

Omne bellum sumi facile, ceterum aegerrume desinere. Incipere

cuivis, etiam ignavo licere, deponi, cum victores velint.
- Sallust

a b c d e f g h i j k l m n o p q r s t u v w x y z
Z J U G R T H I N E A B C D F K L M O P Q S V W X Y

K2 = JUGRTHINE

After placing the very generous tips, the solution was a simple
matter of filling in the key alphabet. Solution time about 5
minutes.

NOR-1. Cosmology. (verden) (*qwx) NIL VIRONUS (109/22)

IKPNH ERAMC KDAOA GPKMK NNKMK MEKOK MZLAG

GKQPH EVKMM KGKOK GPDAO VFIIK GHKRF DOIFV
FGNCF JPKRK MIKGN FEKGG KNCKP FDYKM PKAGN PKAG.

K2 = FYSIKK LOVA

Det som virkelig interesserer meg er ae inne ut om herren

egentlig hadde noe vagg da han skapte verden sa mennesket.
Albert Einstein

a b c d e f g h i j k l m n o p r s t u v y z aa ao ae
F Y S I K L O V A B C D E G H J M N P Q R T U W X Z

Letting e=K, there was only one position for VERDEN. This gave
the interesting pattern ERE??ERE at letter 18. Trying the
pattern ABaCcaba in my Norwegian word list gave the word
INTERESSERER. This in turn gave ERTEINSTEIN at the end of the
gram, which implied Albert Einstein. From that point on the
solution was a matter of filling in the key alphabet. Solution
time about 1 hour.
REFERENCES / RESOURCES [updated 3 February 1996]

[ACA] ACA and You, "Handbook For Members of the American

Cryptogram Association," ACA publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure

Communications", American Cryptogram Association,
1994.

[AFM] AFM - 100-80, Traffic Analysis, Department of the Air

Force, 1946.

[ALAN] Turing, Alan, "The Enigma", by A. Hodges. Simon and

Shuster, 1983.

[ALBA] Alberti, "Treatise De Cifris," Meister Papstlichen,

 Princton University Press, Princeton, N.J., 1963.

[ALKA] al-Kadi, Ibrahim A., Origins of Cryptology: The Arab

Contributions, Cryptologia, Vol XVI, No. 2, April 1992,
pp 97-127.

[ANDR] Andrew, Christopher, 'Secret Service', Heinemann,

London 1985.

[ANNA] Anonymous., "The History of the International Code.",

Proceedings of the United States Naval Institute, 1934.

[AS] Anonymous, Enigma and Other Machines, Air Scientific

Institute Report, 1976.

[AUG1] D. A. August, "Cryptography and Exploitation of Chinese

Manual Cryptosystems - Part I:The Encoding Problem",
Cryptologia, Vol XIII, No. 4, October 1989.

[AUG2] D. A. August, "Cryptography and Exploitation of Chinese

Manual Cryptosystems - Part II:The Encrypting Problem",
Cryptologia, Vol XIV, No. 1, August 1990.

[BADE] Badeau, J. S. et. al., The Genius of Arab Civilization:

Source of Renaissance. Second Edition. Cambridge: MIT
Press. 1983.

[BARB] Barber, F. J. W., "Archaeological Decipherment: A

Handbook," Princeton University Press, 1974.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and Essays,

London, 1928.

[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The

Simple Substitution Cipher with Word Divisions," Aegean
Park Press, Laguna Hills, CA. 1975.

[BAR2] Barker, W., ed., History of Codes and Ciphers in the

U.S. During the Period between World Wars, Part II,
1930 - 1939., Aegean Park Press, 1990.

[BAR3] Barker, Wayne G., "Cryptanalysis of the Hagelin

Cryptograph, Aegean Park Press, 1977.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.

[BARR] Barron, John, '"KGB: The Secret Work Of Soviet Agents,"

Bantom Books, New York, 1981.

[BAUD] Baudouin, Captain Roger, "Elements de Cryptographie,"

Paris, 1939.
[BAZE] Bazeries, M. le Capitaine, " Cryptograph a 20 rondelles-
alphabets," Compte rendu de la 20e session de l'
Association Francaise pour l'Advancement des Scienses,
Paris: Au secretariat de l' Association, 1892.

[BEES] Beesley, P., "Very Special Intelligence", Doubleday, New

York, 1977.

[BLK] Blackstock, Paul W. and Frank L Schaf, Jr.,

"Intelligence, Espionage, Counterespionage and Covert
Operations," Gale Research Co., Detroit, MI., 1978.

[BLOC] Bloch, Gilbert and Ralph Erskine, "Exploit the Double

Encipherment Flaw in Enigma", Cryptologia, vol 10, #3,
July 1986, p134 ff. (29)

[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th ed.,

Annapolis: U.S. Naval Institute, 1978.

[BODY] Brown, Anthony - Cave, "Bodyguard of Lies", Harper and

Row, New York, 1975.

[BOLI] Bolinger, D. and Sears, D., "Aspects of Language,"

3rd ed., Harcourt Brace Jovanovich,Inc., New York,
1981.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An

Introduction to Information Security," Hayden Books,
Rochelle Park, NJ, 1990.

[BOWE] Bowers, William Maxwell, "The Bifid Cipher, Practical

Cryptanalysis, II, ACA, 1960.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.

[BRAS] Brasspounder, "Language Data - German," MA89, THe

Cryptogram, American Cryptogram Association, 1989.

[BRIT] Anonymous, "British Army Manual of Cryptography", HMF,

1914.

[BROG] Broglie, Duc de, Le Secret du roi: Correspondance

secrete de Louis XV avec ses agents diplomatiques
1752-1774, 3rd ed. Paris, Calmann Levy, 1879.

[BRYA] Bryan, William G., "Practical Cryptanalysis - Periodic

Ciphers -Miscellaneous", Vol 5, American Cryptogram
Association, 1967.

[BURL] Burling, R., "Man's Many Voices: Language in Its

Cultural Context," Holt, Rinehart & Winston, New York,
1970.

[CAND] Candela, Rosario, "Isomorphism and its Application in

Cryptanalytics, Cardanus Press, NYC 1946.
[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight Letters
in Length, Aegean Park Press, Laguna Hills, CA 92654,
1986.

[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in Length,

Aegean Park Press, Laguna Hills, CA 92654, 1986.

[CASE] Casey, William, 'The Secret War Against Hitler',

Simon & Schuster, London 1989.

[CAVE] Cave Brown, Anthony, 'Bodyguard of Lies', Harper &

Row, New York 1975.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NJ, 1990.

[CHOI] Interview with Grand Master Sin Il Choi.,9th DAN, June

25, 1995.

[CHOM] Chomsky, Norm, "Syntactic Structures," The Hague:

Mouton, 1957.

[CHUN] Chungkuo Ti-erh Lishih Tangankuan, ed "K'ang-Jih

chengmien chanch'ang," Chiangsu Kuchi Ch'upansheh,
1987., pp993-1026.

[CI] FM 34-60, Counterintelligence, Department of the Army,

February 1990.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis Of The

Columnar Double Transposition Cipher, by Courville
Assoc., South Gate, CA, 1986.

[CLAR] Clark, Ronald W., 'The Man who broke Purple',

Weidenfeld and Nicolson, London 1977.

[COLF] Collins Gem Dictionary, "French," Collins Clear Type

Press, 1979.

[COLG] Collins Gem Dictionary, "German," Collins Clear Type

Press, 1984.

[COLI] Collins Gem Dictionary, "Italian," Collins Clear Type

Press, 1954.

[COLL] Collins Gem Dictionary, "Latin," Collins Clear Type

Press, 1980.

[COLP] Collins Gem Dictionary, "Portuguese," Collins Clear Type

Press, 1981.

[COLR] Collins Gem Dictionary, "Russian," Collins Clear Type

Press, 1958.

[COLS] Collins Gem Dictionary, "Spanish," Collins Clear Type

Press, 1980.

[COVT] Anonymous, "Covert Intelligence Techniques Of the Soviet

 Union, Aegean Park Press, Laguna Hills, Ca. 1980.

[CULL] Cullen, Charles G., "Matrices and Linear

Transformations," 2nd Ed., Dover Advanced Mathematics
Books, NY, 1972.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford

University Press, London, 1974.

[DAN] Daniel, Robert E., "Elementary Cryptanalysis:

Cryptography For Fun," Cryptiquotes, Seattle, WA., 1979.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The Cryptogram,

September-October, Vol XLII, No 5. 1976.

[DEAC] Deacon, R., "The Chinese Secret Service," Taplinger, New

York, 1974.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum," tr. by

Gilbert Watts, (1640) or tr. by Ellis, Spedding, and
Heath (1857,1870).

[DELA] Delastelle, F., Cryptographie nouvelle, Maire of Saint-

Malo, P. Dubreuil, Paris, 1893.

[DEVO] Devours, Cipher A. and Louis Kruh, Machine Cryptography

and Modern Cryptanalysis, Artech, New York, 1985.

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[EIIC] Ei'ichi Hirose, ",Finland ni okeru tsushin joho," in

Showa gunji hiwa: Dodai kurabu koenshu, Vol 1, Dodai
kurabu koenshu henshu iinkai, ed., (Toyko: Dodai keizai
konwakai, 1987), pp 59-60.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956.

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,

"ENIGMA95 - A Simulation of Enhanced Enigma Cipher
Machine on A Standard Personal Computer," for
publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
Ciphers," Ambassador Books, Toronto, Canada, 1956.

[EYRA] Eyraud, Charles, "Precis de Cryptographie Moderne'"

Paris, 1953.

[FL] Anonymous, The Friedman Legacy: A Tribute to William and

Elizabeth Friedman, National Security Agency, Central
Security Service, Center for Cryptological History,1995.
[FREB] Friedman, William F., "Cryptology," The Encyclopedia
Britannica, all editions since 1929. A classic article
by the greatest cryptanalyst.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR4] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part IV, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR5] Friedman, William F. Military Cryptanalysis - Part I,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR6] Friedman, William F. Military Cryptanalysis - Part II,

Aegean Park Press, Laguna Hills, CA, 1980.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FREA] Friedman, William F. , "Advanced Military Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FRAA] Friedman, William F. , "American Army Field Codes in The

American Expeditionary Forces During the First World
War, USA 1939.

[FRAB] Friedman, W. F., Field Codes used by the German Army

During World War. 1919.

[FR22] Friedman, William F., The Index of Coincidence and Its

Applications In Cryptography, Publication 22, The
Riverbank Publications, Aegean Park Press, Laguna
Hills, CA, 1979.

[FROM] Fromkin, V and Rodman, R., "Introduction to Language,"

4th ed.,Holt Reinhart & Winston, New York, 1988.

[FRS] Friedman, William F. and Elizabeth S., "The

Shakespearean Ciphers Examined," Cambridge University
Press, London, 1957.

[FUMI] Fumio Nakamura, Rikugun ni okeru COMINT no hoga to

hatten," The Journal of National Defense, 16-1 (June
1988) pp85 - 87.

[GARL] Garlinski, Jozef, 'The Swiss Corridor', Dent,

 London 1981.

[GAR1] Garlinski, Jozef, 'Hitler's Last Weapons',

Methuen, London 1978.

[GERM] "German Dictionary," Hippocrene Books, Inc., New York,

1983.

[GIVI] Givierge, General Marcel, " Course In Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1978. Also, M.
Givierge, "Cours de Cryptographie," Berger-Levrault,
Paris, 1925.

[GRA1] Grandpre: "Grandpre, A. de--Cryptologist. Part 1

'Cryptographie Pratique - The Origin of the Grandpre',
ISHCABIBEL, The Cryptogram, SO60, American Cryptogram
Association, 1960.

[GRA2] Grandpre: "Grandpre Ciphers", ROGUE, The Cryptogram,

SO63, American Cryptogram Association, 1963.

[GRA3] Grandpre: "Grandpre", Novice Notes, LEDGE, The

Cryptogram, MJ75, American Cryptogram Association,1975

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976

[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing

Discovery and Decipherment," Basic Books, New York,
1982.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[HAWA] Hitchcock, H. R., "Hawaiian," Charles E. Tuttle, Co.,

Toyko, 1968.

[HAWC] Hawcock, David and MacAllister, Patrick, "Puzzle Power!

Multidimensional Codes, Illusions, Numbers, and
Brainteasers," Little, Brown and Co., New York, 1994.

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For

Divided and Undivided Cryptograms," unpublished
manuscript, 1984.

[HIDE] Hideo Kubota, " Zai-shi dai-go kokugun tokushu joho

senshi." unpublished manuscript, NIDS.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic

Alphabet", The American Mathematical Monthly, June-July
1929.

[HINS] Hinsley, F. H., "History of British Intelligence in the

 Second World War", Cambridge University Press,
Cambridge, 1979-1988.

[HIN2] Hinsley, F. H. and Alan Strip in "Codebreakers -Story

of Bletchley Park", Oxford University Press, 1994.

[HISA] Hisashi Takahashi, "Military Friction, Diplomatic

Suasion in China, 1937 - 1938," The Journal of
International Studies, Sophia Univ, Vol 19, July, 1987.

[HIS1] Barker, Wayne G., "History of Codes and Ciphers in the

U.S. Prior to World War I," Aegean Park Press, Laguna
Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of Military
Ciphers," Aegean Park Press, Laguna Hills, CA, 1976.

[HOFF] Hoffman, Lance J., editor, "Building In Big Brother:

The Cryptographic Policy Debate," Springer-Verlag,
N.Y.C., 1995. ( A useful and well balanced book of
cryptographic resource materials. )

[HOM1] Homophonic: A Multiple Substitution Number Cipher", S-

TUCK, The Cryptogram, DJ45, American Cryptogram
Association, 1945.

[HOM2] Homophonic: Bilinear Substitution Cipher, Straddling,"

ISHCABIBEL, The Cryptogram, AS48, American Cryptogram
Association, 1948.

[HOM3] Homophonic: Computer Column:"Homophonic Solving,"

PHOENIX, The Cryptogram, MA84, American Cryptogram
Association, 1984.

[HOM4] Homophonic: Hocheck Cipher,", SI SI, The Cryptogram,

JA90, American Cryptogram Association, 1990.

[HOM5] Homophonic: "Homophonic Checkerboard," GEMINATOR, The

Cryptogram, MA90, American Cryptogram Association, 1990.

[HOM6] Homophonic: "Homophonic Number Cipher," (Novice Notes)

LEDGE, The Cryptogram, SO71, American Cryptogram
Association, 1971.

[HUNG] Rip Van Winkel, "Hungarian," The Cryptogram, March -

April, American Cryptogram Association, 1956.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,

Yorktown Heights, N.Y., 1971.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994.

[ITAL] Italian - English Dictionary, compiled by Vittore E.

Bocchetta, Fawcett Premier, New York, 1965.

[JAPA] Martin, S.E., "Basic Japanese Coversation Dictionary,"

Charles E. Tuttle Co., Toyko, 1981.

[JOHN] Johnson, Brian, 'The Secret War', Arrow Books,

 London 1979.

[KADI] al-Kadi, Ibrahim A., Cryptography and Data Security:

Cryptographic Properties of Arabic, Proceedings of the
Third Saudi Engineering Conference. Riyadh, Saudi
Arabia: Nov 24-27, Vol 2:910-921., 1991.

[KAHN] Kahn, David, "The Codebreakers", Macmillian Publishing

Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New

Cryptology," MacMillan Co., New York, 1983.

[KAH2] Kahn, David, "An Enigma Chronology", Cryptologia Vol

XVII,Number 3, July 1993.

[KAH3] Kahn, David, "Seizing The Enigma", Houghton Mifflin, New

York, 1991.

[KERC] Kerckhoffs, "la Cryptographie Militaire, " Journel des

Sciences militaires, 9th series, IX, (January and
February, 1883, Libraire Militaire de L. Baudoin &Co.,
Paris. English trans. by Warren T, McCready of the
University of Toronto, 1964

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KONH] Konheim, Alan G., "Cryptography -A Primer" , John Wiley,

1981, pp 212 ff.

[KOTT] Kottack, Phillip Conrad, "Anthropology: The Exploration

Of Human Diversity," 6th ed., Mcgraw-Hill, Inc., New
York, N.Y. 1994.

[KOZA] Kozaczuk, Dr. Wladyslaw, "Enigma: How the German

Machine Cipher was Broken and How it Was Read by the
Allies in WWI", University Pub, 1984.

[KULL] Kullback, Solomon, Statistical Methods in Cryptanalysis,

Aegean Park Press, Laguna Hills, Ca. 1976

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing Through

The Ages," Abelard-Schuman, London, 1973.

[LAKE] Lakoff, R., "Language and the Womans Place," Harper &
Row, New York, 1975.

[LANG] Langie, Andre, "Cryptography," translated from French

by J.C.H. Macbeth, Constable and Co., London, 1922.

[LATI] BRASSPOUNDER, "Latin Language Data, "The Cryptogram,"

July-August 1993.

[LAUE] Lauer, Rudolph F., "Computer Simulation of Classical

Substitution Cryptographic Systems" Aegean Park Press,
1981, p72 ff.
[LEAU] Leaute, H., "Sur les Mecanismes Cryptographiques de M.
de Viaris," Le Genie Civil, XIII, Sept 1, 1888.

[LEDG] LEDGE, "NOVICE NOTES," American Cryptogram Association,

1994. [ One of the best introductory texts on ciphers
written by an expert in the field. Not only well
written, clear to understand but as authoritative as
they come! ]

[LEWI] Lewin, Ronald, 'Ultra goes to War', Hutchinson,

London 1978.

[LEWY] Lewy, Guenter, "America In Vietnam", Oxford University

Press, New York, 1978.

[LEVI] Levine, J., U.S. Cryptographic Patents 1861-1981,

Cryptologia, Terre Haute, In 1983.

[LISI] Lisicki, Tadeusz, 'Dzialania Enigmy', Orzet Biaty,

London July-August, 1975; 'Enigma i Lacida',
Przeglad lacznosci, London 1974- 4; 'Pogromcy
Enigmy we Francji', Orzet Biaty, London, Sept.
1975.'

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret

Writing," David Kemp Co., NY 1936.

[MAGN] Magne, Emile, Le plaisant Abbe de Boisrobert, Paris,

Mecure de France, 1909.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and

Ciphers", Alexander Maclehose & Co., London, 1936.

[MARO] Marotta, Michael, E. "The Code Book - All About

Unbreakable Codes and How To Use Them," Loompanics
Unlimited, 1979. [This is a terrible book. Badly
written, without proper authority, unprofessional, and
prejudicial to boot. And, it has one of the better
illustrations of the Soviet one-time pad with example,
with three errors in cipher text, that I have corrected
for the author.]

[MARS] Marshall, Alan, "Intelligence and Espionage in the Reign

of Charles II," 1660-1665, Cambridge University, New
York, N.Y., 1994.

[MART] Martin, James, "Security, Accuracy and Privacy in

Computer Systems," Prentice Hall, Englewood Cliffs,
N.J., 1973.

[MAVE] Mavenel, Denis L., Lettres, Instructions Diplomatiques

et Papiers d' Etat du Cardinal Richelieu, Historie
Politique, Paris 1853-1877 Collection.

[MAYA] Coe, M. D., "Breaking The Maya Code," Thames and Hudson,
 New York, 1992.

[MAZU] Mazur, Barry, "Questions On Decidability and

Undecidability in Number Theory," Journal of Symbolic
Logic, Volume 54, Number 9, June, 1994.

[MEND] Mendelsohn, Capt. C. J., Studies in German Diplomatic

Codes Employed During World War, GPO, 1937.

[MILL] Millikin, Donald, " Elementary Cryptography ", NYU

Bookstore, NY, 1943.

[MM] Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A New

Dimension in Computer Data Security, " Wiley
Interscience, New York, 1982.

[MODE] Modelski, Tadeusz, 'The Polish Contribution to the

Ultimate Allied Victory in the Second World War',
Worthing (Sussex) 1986.

[MRAY] Mrayati, Mohammad, Yahya Meer Alam and Hassan al-

Tayyan., Ilm at-Ta'miyah wa Istikhraj al-Mu,amma Ind
al-Arab. Vol 1. Damascus: The Arab Academy of Damascus.,
1987.

[MYER] Myer, Albert, "Manual of Signals," Washington, D.C.,

USGPO, 1879.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog Signals for
the Navy with Brief Description of the Ardois Hight
System," In Proceedings of the United States Naval
Institute, Annapolis: U. S. Naval Institute, 1891.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts 1-3,"

ACA-L, August 24, 1995.

[NIC3] Nichols, Randall K., "2erman Reduction Ciphers Parts

1-4," ACA-L, September 15, 1995.

[NIC4] Nichols, Randall K., "Russian Cryptography Parts 1-3,"

ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F. Friedman",

NCSA FORUM, August 20, 1995.

[NIC6] Nichols, Randall K., "Wallis and Rossignol," NCSA

FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to

Cryptography,", in The Cryptogram, ND95, ACA, 1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down Morse
Code System," The Cryptogram, SO95, ACA publications,
 1995.

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM, March 10,
1995.

[NICX] Nichols, R. K., Keynote Speech to A.C.A. Convention,

"Breaking Ciphers in Other Languages.," New Orleans,
La., 1993.

[NICK] Nickels, Hamilton, "Codemaster: Secrets of Making and

Breaking Codes," Paladin Press, Boulder, CO., 1990.

[NORM] Norman, Bruce, 'Secret Warfare', David & Charles,

Newton Abbot (Devon) 1973.

[NORW] Marm, Ingvald and Sommerfelt, Alf, "Norwegian," Teach

Yourself Books, Hodder and Stoughton, London, 1967.

[NSA] NSA's Friedman Legacy - A Tribute to William and

Elizabeth Friedman, NSA Center for Cryptological
History, 1992, pp 201 ff.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[PERR] Perrault, Charles, Tallement des Reaux, Les

Historiettes, Bibliotheque del La Pleiade, Paris 1960,
pp 256-258.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,

Ventura, Ca. 93003.

[POPE] Pope, Maurice, "The Story of Decipherment: From Egyptian

Hieroglyphic to Linear B., Thames and Hudson Ltd., 1975.

[PORT] Barker, Wayne G. "Cryptograms in Portuguese," Aegean

Park Press, Laguna Hills, CA., 1986.

[POR1] Aliandro, Hygino, "The Portuguese-English Dictionary,"

Pocket Books, New York, N.Y., 1960.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &

C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &

C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G &

C. Merriam Co., Norman, OK. 1981.

[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,

Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.

Merriam Co., Norman, OK. 1982.

[REJE] Rejewski, Marian, "Mathematical Solution of the Enigma

Cipher" published in vol 6, #1, Jan 1982 Cryptologia pp
1-37.
[RHEE] Rhee, Man Young, "Cryptography and Secure Commun-
ications," McGraw Hill Co, 1994

[ROAC] Roach, T., "Hobbyist's Guide To COMINT Collection and

Analysis," 1330 Copper Peak Lane, San Jose, Ca. 95120-
4271, 1994.

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[ROHE] Jurgen Roher's Comparative Analysis of Allied and Axis

Radio-Intelligence in the Battle of the Atlantic,
Proceedings of the 13th Military History Symposium, USAF
Academy, 1988, pp 77-109.

[ROOM] Hyde, H. Montgomery, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[ROSE] Budge, E. A. Wallis, "The Rosetta Stone," British Museum

Press, London, 1927.

[RUNY] Runyan, T. J. and Jan M. Copes "To Die Gallently",

Westview Press 1994, p85-86 ff.

[RYSK] Norbert Ryska and Siegfried Herda, "Kryptographische

Verfahren in der Datenverarbeitung," Gesellschaft fur
Informatik, Berlin, Springer-Verlag1980.

[SADL] Sadler, A. L., "The Code of the Samurai," Rutland and

Tokyo: Charles E. Tuttle Co., 1969.

[SACC] Sacco, Generale Luigi, " Manuale di Crittografia",

3rd ed., Rome, 1947.

[SANB] Sanbohonbu, ed., "Sanbohonbu kotokan shokuinhyo." NIDS

Archives.

[SAPR] Sapir, E., "Conceptual Categories in Primitive

Language," Science: 74: 578-584., 1931.

[SASS] Sassoons, George, "Radio Hackers Code Book", Duckworth,

London, 1986.

[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," John Wiley and Sons,
1994.

[SCH2] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," 2nd ed., John Wiley and
Sons, 1995.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San

Francisco, 1994.

[SHAN] Shannon, C. E., "The Communication Theory of Secrecy

Systems," Bell System Technical Journal, Vol 28 (October
1949).
[SHIN] Shinsaku Tamura, "Myohin kosaku," San'ei Shuppansha,
Toyko, 1953.

[SIG1] "International Code Of Signals For Visual, Sound, and

Radio Communications," Defense Mapping Agency,
Hydrographic/Topographic Center, United States Ed.
Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound, and

Radio Communications," U. S. Naval Oceanographic
Office, United States Ed., Pub. 102, 1969.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.

[SISI] Pierce, C.C., "Cryptoprivacy," Author/Publisher, Ventura

Ca., 1995. (XOR Logic and SIGTOT teleprinters)

[SMIH] Smith, David E., "John Wallis as Cryptographer",

Bulletin of American Mathematical Society, XXIV, 1917.

[SMIT] Smith, Laurence D., "Cryptography, the Science of Secret

Writing," Dover, NY, 1943.

[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag Archipelago I-

III, " Harper and Row, New York, N.Y., 1975.

[SPAN] Barker, Wayne G. "Cryptograms in Spanish," Aegean Park

Press, Laguna Hills, CA., 1986.

[STEV] Stevenson, William, 'A Man Called INTREPID',

Macmillan, London 1976.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"

CRC Press, London, 1995.

[STIX] Stix, F., Zur Geschicte und Organisation der Wiener

Geheimen Ziffernkanzlei, Mitteilungen des
Osterreichischen Instituts fir Geschichtsforschung,
LI 1937.

[STUR] Sturtevant, E. H. and Bechtel, G., "A Hittite

Chrestomathy," Linguistic Society of American and
University of Pennsylvania, Philadelphia, 1935.

[SUVO] Suvorov, Viktor "Inside Soviet Military Intelligence,"

Berkley Press, New York, 1985.

[TERR] Terrett, D., "The Signal Corps: The Emergency (to

December 1941); G. R. Thompson, et. al, The Test(
December 1941 - July 1943); D. Harris and G. Thompson,
The Outcome;(Mid 1943 to 1945), Department of the Army,
Office of the Chief of Military History, USGPO,
Washington,1956 -1966.

[THEO] Theodore White and Annalee Jacoby, "Thunder Out Of

China," William Sloane Assoc., New York, 1946.
[TILD] Glover, D. Beaird, Secret Ciphers of The 1876
Presidential Election, Aegean Park Press, Laguna Hills,
Ca. 1991.

[TM32] TM 32-250, Fundamentals of Traffic Analysis (Radio

Telegraph) Department of the Army, 1948.

[TRAD] U. S. Army Military History Institute, "Traditions of

The Signal Corps., Washington, D.C., USGPO, 1959.

[TRAI] Lange, Andre and Soudart, E. A., "Treatise On

Cryptography," Aegean Park Press, Laguna Hills, Ca.
1981.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The Cipher
Dispatches, New York, 1879.

[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite de

Jean Tritheme ,Paris: Editions Traditionelles, 1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[TUKK] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[TUCM] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[USAA] U. S. Army, Office of Chief Signal Officer,

"Instructions for Using the Cipher Device Type M-94,
February, 1922," USGPO, Washington, 1922.

[VAIL] Vaille, Euggene, Le Cabinet Noir, Paris Presses

Universitaires de Frances, 1950.

[VALE] Valerio, "De La Cryptographie," Journal des Scienses

militares, 9th series, Dec 1892 - May 1895, Paris.

[VERN] Vernam, A. S., "Cipher Printing Telegraph Systems For

Secret Wire and Radio Telegraphic Communications," J.
of the IEEE, Vol 45, 109-115 (1926).

[VIAR] de Viaris in Genie Civil: "Cryptographie", Publications

du Journal Le Genie Civil, 1888.

[VIA1] de Viaris, "L'art de chiffre et dechiffre les depeches

secretes," Gauthier-Villars, Paris, 1893.

[VOGE] Vogel, Donald S., "Inside a KGB Cipher," Cryptologia,

Vol XIV, Number 1, January 1990.
[WALL] Wallis, John, "A Collection of Letters and other Papers
in Cipher" , Oxford University, Bodleian Library, 1653.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and Eleven

Letters in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and

Greater in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius," in

Tudor Studies, Longmans and Green, London, 1924.

[WEL] Welsh, Dominic, "Codes and Cryptography," Oxford Science

Publications, New York, 1993.

[WELC] Welchman, Gordon, 'The Hut Six Story', McGraw-Hill,

New York 1982.

[WHOR] Whorf, B. L., "A Linguistic Consideration of Thinking In

Primitive Communities," In Language, Thought, and
Reality: Selected Writings of Benjamin Lee Whorf, ed. J.
B. Carroll, Cambridge, MA: MIT Press, pp. 65-86., 1956.

[WINK] Winkle, Rip Van, "Hungarian: The Cryptogram,", March -

April 1956.

[WINT] Winterbotham, F.W., 'The Ultra Secret', Weidenfeld

and Nicolson, London 1974.

[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill Books,

NY, 1970.

[WOLF] Wolfe, Jack M., " A First Course in Cryptanalysis,"

Brooklin College Press, NY, 1943.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"

Crown Publishers, New York, 1990.

[XEN1] PHOENIX, "Xenocrypt Handbook," American Cryptogram

Association, 1 Pidgeon Dr., Wilbraham, MA., 01095-2603,
for publication March, 1996.

[YARD] Yardley, Herbert, O., "The American Black Chamber,"

Bobbs-Merrill, NY, 1931.

[YAR1] Yardley, H. O., "The Chinese Black Chamber," Houghton

Mifflin, Boston, 1983.

[YOKO] Yukio Yokoyama, "Tokushu joho kaisoka," unpublished

handwritten manuscript.

[YOUS] Youshkevitch, A. P., Geschichte der Mathematik im

Mittelatter, Liepzig, Germany: Teubner, 1964.

[YUKI] Yukio Nishihara, "Kantogan tai-So Sakusenshi," Vol 17.,

unpublished manuscript, National Institute for Defense
 Studies Military Archives, Tokyo.,(hereafter NIDS
Archives)

[ZIM] Zim, Herbert S., "Codes and Secret Writing." William

Morrow Co., New York, 1948.

[ZEND] Callimahos, L. D., Traffic Analysis and the Zendian

Problem, Agean Park Press, 1984. (also available
through NSA Center for Cryptologic History)

From [email protected] Jan 22 21:10:40 1996

Date: Mon, 15 Jan 1996 01:46:29 EST
From: "Randy Nichols, ACA President" <[email protected]>
Reply to: ACA-L <[email protected]>
To: Multiple recipients of list ACA-L <[email protected]>
Newsgroups: bit.listserv.aca-l
Subject: LECTURE 6

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI
January 13, 1996
Revision 0

LECTURE 6
XENOCRYPT MORPHOLOGY
Part II

SUMMARY

In Lecture 6, we continue our review of materials related to

ciphers created in languages other than English. In order to
augment PHOENIX's soon to be published ACA Xenocrypt Handbook,
we will focus on six diverse systems: Arabic, Russian, Chinese,
Latin, Norwegian, and Hungarian. Each offers a unique
perspective in deciphering communications and supports the
cultural universal concept presented in Lecture 5.

Lecture 7 will give practical language data for Xenocrypts

commonly published in the Cryptogram - French, Italian,
Spanish, Portuguese. [I will not cover either Esperanto
or Interlinguia. I consider both as useful as advanced Hittite
in modern communications.]

SHAREWARE

I have transmitted to the Crypto Drop Box word translation

software for Russian, Spanish, German, Danish and Portuguese.
Single use license is granted. Also, I have sent a Russian
tutorial program to NORTH DECODER to put on the Crypto Drop
ARABIAN CONTRIBUTIONS TO CRYPTOLOGY

A colleague of mine in Sweden sent me an interesting reminder

of the historical foundations of cryptology. He suggested that
I include in one of my lectures a discussion of Dr. Ibrahim A.
Al-Kadi's outstanding 1990 paper to the Swedish Royal Institute
of Technology in Stockholm regarding the Arabic contributions
to cryptology.

Dr. Al-Kadi reported on the Arabic scientist by the name of Abu

Yusuf Yaqub ibn Is-haq ibn as Sabbah ibn 'omran ibn Ismail Al-
Kindi, who authored a book on cryptology the "Risalah fi
Istikhraj al-Mu'amma" (Manuscript for the Deciphering
Cryptographic Messages) circa 750 AD. Al-Kindi introduced
cryptanalysis techniques, classification of ciphers, Arabic
Phonetics and Syntax and most importantly described the use of
several statistical techniques for cryptanalysis. [This book
apparently antedates other cryptology references by 300 years.]
[It also predates writings on probability and statistics by
Pascal and Fermat by nearly 800 years.]

Dr. Al-Kadi also reported on the mathematical writings of Al-

Khwarizmi (780-847) who introduced common technical terms such
as 'zero', 'cipher', 'algorithm', 'algebra' and 'Arabic
numerals.' The decimal number system and the concept of zero
were originally developed in India.

The Arabs translated in the early ninth century, Brahmagupta's

"Siddharta" from Sanscrit into Arabic. The new numerals were
quickly adopted through-out the Islamic empire from China to
Spain. Translations of Al-Khwarizmi's book on arithmetic by
Robert of Chester, John of Halifax and the Italian Leonardo of
Pisa, aka Fibonacci strongly advocated the use of Arabic
numerals over the previous Roman Standard Numerals
(I,V,X,C,D,M).

The Roman system was very cumbersome because there was no

concept of zero or (empty space). The concept of zero which we
all think of as natural was just the opposite in medieval
Europe. In Sanscrit, the zero was called "sunya" or "empty".
The Arabs translated the Indian into the Arabic equivalent
"sifr". Europeans adopted the concept and symbol but not name,
but transformed it into Latin equivalent "cifra" and
"cephirium" {Fibonnaci did this}. The Italian equivalent of
these words "zefiro", "zefro" and "zevero". The latter was
shortened to "Zero".

The French formed the word "chiffre" and conceded the Italian
word "zero". The English used "zero" and "Cipher" from the
word ciphering as a means of computing. The Germans used the
words "ziffer" and "chiffer".

The concept of zero or sifr or cipher was so confusing and

ambiguous to common Europeans that in arguments people would
say "talk clearly and not so far fetched as a cipher". Cipher
came to mean concealment of clear messages or simply
encryption. Dr. Al-Kadi concluded that the Arabic word sifr,
for the digit zero, developed into the European technical term
for encryption. [KADI], [ALKA], [MRAY], [YOUS], [BADE] ,
[NIC7]

NOTES ON RUSSIAN LANGUAGE

Reference [DAVI] gives one of the better breakdowns of the

modern Russian Alphabet (Soviet, post 1918) for solving Russian
Cryptograms in "The Cryptogram".

Friedman presents detailed Russian cryptographic data in

Volume 2 of his Military Cryptanalytics series. [FR2]

A prime difficulty for English speaking students of Russian is

the scarcity of linguistic cognates in the two languages.
Russian is more complex than other romantic languages which
have many common word derivatives. The highly inflected
Russian grammar aids rather than hinders the cryptographer by
supplying him with valuable tools for decrypting.

My keyboard and supporting software does not permit a

comfortable translation of the Cyrillic, so I refer you to the
September-October 1976 Cryptogram for a survey of Russian
and several Xenocrypt examples.

RUSSIAN KRIPTOGRAMMA COLLECTION

ELINT

Radio communications can be heard which vary in frequency from

below the broadcast band, to almost the upper edge of the radio
spectrum (Ku-band satellite communications.)

Common bands are:

VLF (Very Low Frequency): 3 to 30 kHz

LF (Low Frequency): 30 to 300 kHz
MF (Medium Frequency): 300 kHz to 3 MHz
HF (High Frequency): 3 to 30 MHz
VHF (Very High Frequency): 30 to 300 MHz
UHF (Ultra High Frequency): 300 to 3000 MHz

Whereas, VHF and UHF frequency ranges are occupied by cellular

phones, police, fire and government communications, the bulk of
HF region is devoted to COMINT signals. You should be able to
hear traffic from all over the globe, rather than the 50-75
mile limit on the VHF and UHF bands. Three types of HF radio
communications may be heard/intercepted: continuous wave
(CW/Morse Code), single side band (SSB), and radio teletype
(RTTY). The Cubans seem to favor the latter form of
communication, especially from their revitalized center at
Lourdes.

Tom Roach [ROAC] has been monitoring Russian messages for some
time. He uses a Watkins-Johnson HF-1000 receiver, a Rhombic
antenna, a Singer MT-5 Spectrum Analyzer, a Universal M-7000
decoder ( allows viewing the Russian in its native Cyrillic
alphabet) a Sony TCD-07 recorder, and Hitachi V-302F
Oscilloscope with X/Y tuning capability for RTTY
communications.

[ROAC] suggests that the best hunting grounds for Russian RTTY
traffic are:

4205.5 to 4207.0 kHz

6300.5 to 6311.5 kHz
8396.5 to 8414.5 kHz
12560.0 to 12576.5 kHz
16785.0 to 16804.5 kHz
18893.0 to 18898.0 kHz
22352.0 to 22374.0 khz
25193.0 to 25208.0 khz

and
6385 kHz (Morse) at around 1400 UTC

[ROAC] provides the reader with common abbreviations used

in Russian RTTY and Morse traffic. His book describes the
delicate art (and guess work required) in traffic analysis of
Russian Kriptogramma messages between ship to shore.

Roach has identified several types of Russian messages:

SESS KRIPTOGRAMMA - originated by Soviet Space Event Support

Ships (SESS).

KRIPTOGRAMMA NA PERFOLENTE - refers to a key additive

(originally a paper tape Vernam type series.)

KRIPTOGRAMMA KODA - code book transmissions.

KRIPTOGRAMMA ADMIN - Super enciphered communications.

Other types of messages [ROAC] identified DISP/1 to report

disposition of ships, PAGODA messages for weather reports,
MORE messages to report administrative and sea conditions,
Personal Itinerary, Fuel related, 10 slash, PARTI messages to
discuss status of ship's holds and bunkers.

RUSSKAYA KRIPTOLOGIA HISTORICA

Russian achievements in the art of cryptography rank first rate

to say the least. Three of my favorite cipher Russian systems
are: 1) Nihilist, 2) VIC - Disruption (aka straddling bipartite
monoalphabetic substitution super-enciphered by modified double
transposition) and 3) the One-Time Pad. Each of these systems
introduced tactical advantages for adverse communication and
had limited disadvantages for their service.

NIHILIST SUBSTITUTION
For some reason, Russian prisoners were not allowed computers
in their cells. Inmates were forbidden to talk, and to outwit
their jailers they invented a "knock" system to indicate the
rows and columns of a simple checkerboard (Polybius square at
5x5 for English or 6x6 for 35 Russian letters). For ex:

1 2 3 4 5

1 U N Ij T E
2 D S A O F KW=United States Of
3 M R C B G America
4 H K L P Q i/j = same cell
5 V W X Y Z repeats omitted

PT: g o t a c i g a r e t t e ?
CT: 35 24 14 23 33 13 35 23 32 15 14 14 15

Prisoners memorized the proper numbers and "talked" at about

10-15 words per minute. One of the advantages was that it
afforded communication by a great variety of media - anything
that could be dotted, knotted, pierced, flashed or indicate
numerals in any way could be used. The innocuous letter was
always suspicious. [KAH1]

Cipher text letters were indicated by the number of letters

written together; breaks in count by spaces in handwriting;
upstrokes, downstrokes, thumbnail prints, all subtly used to
bootleg secrets in and out of prisons. The system was
universal in penal institutions. American POW's used it in
Vietnam. [LEWY], [SOLZ]

Transposition of the KW provided a further mixed alphabet:

B L A C K S M I T H
D E F G N O P Q R U
V W X Y Z

taken off by columns:

B D V L E W A F X C G Y K N Z S O M P I Q T R H U

the Polybius square would be:

1 2 3 4 5

1 B D V L E
2 W A F X C
3 G Y K N Z
4 S O M P I
 5 Q T R H U

The Nihilists, so named for their opposition to the czarist

regime, added a repeating numerical KW . Making the cipher a
periodic similar to the Vigenere but with additional
weaknesses.

Let KW = ARISE 22 53 45 41 15

PT: bomb winter palace

NT: 11 42 43 11 21 45 34 52 15 53 44 22 14 22 25 15
Key: 22 53 45 41 15 22 53 45 41 15 22 53 45 41 15 22

CT: 33 97 88 52 36 67 87 97 56 68 66 75 59 63 40 37

or with bifurcation:

33978 85236 67879 75668 66755 96340 37774

nulls=774

NIHILIST TRANSPOSITION

A simpler form of the Nihilist was in double transposition.

The plain-text was written in by rows (or diagonals); a keyword
switched the rows; a same or different keyword switched the
columns, and the resulting cipher text was removed by columns
or by one of forty (40) or more routes out of the square.

ex: KW = SCOTIA or 524631

PT: let us hear from you at once concerning jewels xxxx

Transpose by Columns Transpose by Rows

S C O T I A
5 2 4 6 3 1 1 2 3 4 5 6

1 S E U H T L (let us h) S 5 E U J W T O
2 R A F O R E C 2 R A F O R E
3 A Y U T O M O 4 A N E B C O
4 A N E B C O T 6 X L X X S E
5 E U J W T O I 3 A Y U T O M
6 X L X X S E A 1 S E U H T L

X= bad choice for nulls

The resulting cryptogram:

E U J W T O R A F O R E A N E B C O X L X X S E A

Y U T O M S E U H T L.

(message length and 5th group are entries to solution)

Clues to cryptanalysis of the Nihilist systems were

reconstructing the routes, evenness of distribution of vowels,
period determination and digram/trigram frequency in cipher
text. The USA Army for many years used a similar system.
Reference [COUR] discusses the U.S. Army Double Transposition
Cipher in detail.

VIC-DISRUPTION CIPHER

The Vic-Disruption Cipher brought the old Nihilist Substitution

to a peak of perfection. It merged the straddling checkerboard
with the one-time key. It increased the efficiency of the
checkerboard by specifically giving the high frequency letters
(O,S,N,E,A; P,G ) the single digits (along with two low
frequency letters). The seven letters: 'snegopa' comprise
about 40% of normal Russian text. Let me focus on interesting
elements.

STRADDLING BIPARTITE MONOALPHABETIC SUBSTITUTION SUPER-

ENCIPHERED BY MODIFIED DOUBLE TRANSPOSITION or simply, VIC -
DISRUPTION or just "VIC."

The VIC algorithm is described as follows:

The plain text is encoded by a Substitution Table (ST). The

intermediate cipher text [ICT] is then passed through two (2)
transposition tables (TT1 and TT2), each performing a different
transposition on the ICT.

TT1 performs a simple columnar transposition: the ICT is placed

in TT1 by rows and removed by columns in the order of TT1's
columnar key and transcribed into TT2.

TT2 is vertically partitioned into Disruption , or D areas.

These partitions are formed by diagonals extending down the
table to the right boundary in columnar key order. The first D
area begins under column keynumber 1 and extends down to the
right border of TT2. A row is skipped. The second D area
starts under keynumber 2. The process continues for the entire
key. The number of rows in TT2 .ne. TT1 and is calculated by
dividing the number of cipher text input digits by the width of
the table.

The ICT from TT1 is inscribed into TT2 horizontally from left
to right skipping the D areas. When all the non D area is
filled , then the D areas are filled in the same way. The
cipher text is removed by column per key order without regard
to the D areas.

KEYS

The VIC system used four memorized keys. Key 1 - the date of
WWII victory over Japan - 3/9/1945; Key 2 - the sequence of 5
numbers like pi - 3.1415; Key 3 - the first 20 letters of the
"Lone Accordion", or famous Russian song/poem, and Key 4 - the
agent number, say 7. Key 1 was changed regularly. Key 4 was
changed irregularly.

DISRUPTION ALGORITHM

The keys were used to generate the keys for transposition and
the coordinates for a checkerboard for substitution through a
complex LRE (Left to right enumeration) logic. The process
injected an arbitrary 5 number group into the cipher text which
strongly influenced the end result. This group changed from
message to message, so the enciphering keys (and cipher text)
would bear no exploitable relationship to each other. Not only
did TT1 and TT2 keys differ but also the widths of the blocks
did as well.

The coordinates kept changing. The D areas prevented the

analyst from back derivation of the first TT1. The D areas
increased the difficulty of finding the pattern and the
straddling effect on the checkerboard increased the difficulty
of frequency counts. Although not impossible to break, in
practice a tough monkey indeed. The FBI failed for four years
to solve it.

KEY GENERATION

All arithmetic was done modulo 10, without carrying or

borrowing.

An English ST table might look like this:

4 9 1 6 0 8 5 2 3 7

R E A S O N b

2 B C D F G H J K L M

3 P Q I U V W X T Z 1

7 3 5 7 9 . , b $ % -

b = space character

top line are among most frequent English letters similar to

'SNEGOPAD' in Russian.
Ambiguity in decipherment is reduced because the last three
slots in the first row are empty and the first coordinate of
the two coordinate characters is unique.

[VOGE] gives a detailed look at the key generation recursion

mathematics for this cipher. It describes the LRE
(left to right enumeration) process in nauseating detail.

The TT1 and TT2 are built up on the recursion sequence

X(i+5) = X(i) + X(i+1) for i = 1,5 using mod 10 math. Key 1
was used to insert at end of message (5th unit in this
example). Key 1 was also the initial point for a series of
manipulations with Key 2,3,and 4.

RUSSIAN IMPROVEMENTS

Hayhanen incorporated some nasty refinements. Before

encipherment, the plain text was bifurcated and the two halves
switched so that the standard beginnings and endings could not
be identified. The ST contained a 'message starts' character.
The ST was extended to ASCII characters. The VIC encipherment
consisted of one round. After 1970, with the advent of
programmable hand calculators, a multiple round version was
produced.

MERITS

Consisting of simple enough elements, this cipher is one tough

monkey.

The complication in substitution was the straddling device on

the checkerboard. The irregular alternating of coordinates of
two different lengths makes it harder for cryptanalysis by
dividing the list into proper pairs and singletons.

The complication in the transposition was the Disruption areas.

D areas blocked the reconstruction of the first tableau. A
correct sorting of the columns is forestalled by the D areas.

The keying method is brutal on the agent in a hurry. Same with

his analyst counterpart. Key recovery does not permit direct
anagraming between messages. The four keys are mnemonics.

The cipher text is only 62% increased over plain text because
of the high frequency letters in the first row of the ST.

ONE-TIME PAD REVISITED

The One-Time Pad was covered in LECTURE 3 and we are reminded

that it is truly an unbreakable cipher system. There are many
descriptions of this cipher. Bruce Schneier's discussions are
quite relevant. [SCHN] , [SCH2]
FRESH KEY DRAWBACK

The One-Time Pad has a drawback - the quantities of fresh key

required. For military messages in the field (a fluid
situation) a practical limit is reached. It is impossible to
produce and distribute sufficient fresh key to the units.
During WWII, the US Army's European theater HQs transmitted,
even before the Normandy invasion, 2 million five (5) letter
code groups a day! It would of therefore consumed 10 million
letters of key every 24 hours - the equivalent of a shelf of 20
average books. [SCHN]

RANDOMNESS

The real issue for the One-Time Pad, is that the keys must be
truly random. Attacks against the One-Time Pad must be
against the method used to generate the key itself. Pseudo-
random number generators don't count; often they have nonrandom
properties. Reference [SCHN] Chapter 15, discusses in detail
random sequence generators and stream cipher. [SCHN], [KAHN],
[RHEE]

CHINESE CRYPTOGRAPHY

ENCIPHERING

Dr. August suggests that the Four Corner System and the Chinese
Phonetic Alphabet System lend themselves to manual
cryptographic treatment. His treatment of these two systems
is easier to understand than some military texts on the
subject. [AUG1]

Let a message in Chinese be X1, X2, X3.. Xn, where Xi

represents a character. The code for Xi is vector union of
three sets, v1, v2, and v3. v1 is a single digit code for tone
v2 is a four or five digit Four Corner representation code,
and v3 is a 6 digit phonetic code representing 3 phonetic
symbols each by two digits. [AUG2]

3
Xj = U v1 eq 1
1-3

This union is called an asymmetric code.

The Four Corner System encodes characters into several generic

shapes. Each character is broken into four (4) quadrants, and
assigned a digit to the generic shape that best corresponds to
the actual shape.

The Chinese Phonetic Alphabet is Pinyin with symbols instead of

English letters. Each symbol corresponds to one of 37 ordered
phonetic sounds. The 21 initial, 3 medial and 13 finals are a
unique ordered set - a true alphabet.

The strength of encryption of Chinese is dependent on the

specific Chinese encoding character schemes. Three cases are:
 1). Phonetic Alphabet Only: The cipher must include both a
transposition (to hide cohesion and positional
limitations) and a substitution (to hide the frequency
patterns.)

2) Four Corner System: The cipher can be based on ring

operations [performed on codewords rather than
characters, either on an individual basis or over the
whole message; the name comes from the algebraic
operations involving integers mod 10 or mod 37] which
super-encipher the encoded text.

3) Combination of Methods 1) and 2): A text encoded by a

combination of both methods will need a cipher employing
both transposition and substitution. The transposition
needs to mix up the symbols within codewords and the
message itself. This prevents a bifurcated analysis.
[AUG1], [AUG2]

CRYPTANALYSIS OF CHINESE CIPHERS

A) Phonetic Alphabet:

12.6 7 5.7 4.8 4.2 3.8 3.4 3 2.9 2.8 2.4 2.2
I U D ENG/E an/en SH X/ZH J/u G O ao H

2.1 2 1.9 1.8 1.6 1.4 1.3 1.2 1.1

ang a/b/ai/B/z ei Q ou/M ie L F R

0.8 0.7 0.6 0.3 0.1

t n/c ch k/s p/el

Initials: sh, d

Medials: i

Finals: e, en, eng, in, un, ing, ong

Phi for monalphabetic substitution = 0.051

(random text = 0.027)

Common Digraphs: ji, ieng, ueng, gu, de, ian, iie, li, ien,
qi, xi, uo, izh, zu, shi

Positional Limitations:

1. Initials follow a medial or final.

2. Finals follow an initial or medial.
3. [zh, ch, sh ] do not combine with i or u'.
4. [ j, q, x ] do not combine with a or e finals.
5. qa, qan = no but quan, qian, qia = yes
6. no double phonetics in a single codeword.
 7. medials double frequently.
8. 13 limits on combinations within a codeword.

Approximately 63% of characters require 2 phonetic symbols.

About 1/3 were three long, and about 4% are one symbol.

Tone indicator digits were about 22--23% likely.

B) Four Corner

Digital frequencies: 0 = .30

1 = .14
2 = .15
3 = .07
4 = .10
5 = .03
6 = .07
7 = .08
8 = .04
9 = .02

Phi value = 0.160 compared to random text value of 0.100

Dr. August presents a table of digraphs. [AUG2] Combinations

of Xn - Ym where n= 0-9 and m=0,1,2,3,4,7 showed highest
frequencies of text encoded with 5 digit scheme.

DEPENDENCE

In Chinese there is more dependence between encoding and

enciphering operations than in English. The choice of the
encoding system influences the type of enciphering operations.
Dr. August provides solved examples of the above systems.
[AUG2]

HISTORICAL PERSPECTIVES

China appears to have had a much delayed entry into the cipher
business. Partially because so many Chinese did not read or
write, and partially because the language was so complex,
Chinese cryptography was limited until the 19 century. But
there were seeds:

The Chinese strategist Sun Tzu (500 b.c.) recommended a true

but small code, which limited the plaintext to 40 elements
and assigned them to the first 40 characters of a poem, forming
a substitution table. Richard Deacon describes a method of
code encryption which the secret society Triads used in the
early 1800's. [DEAC] The Tong's in San Francisco used the
same system. This method limited the plaintext space and based
codewords on multiples of three.
The "Inner Ring" techniques taught to Sa Bu Nim's (teachers)
by the masters of Korean Tae Kwon Do (which came from the
Ancient Tae Kwan and before that Kung Fu) were passed on by
means of codeword transposition ciphers. [CHOI] In 1985, Sun
Yat-Sen used codes to transmit information by telegraph.
[TUKK]) During WWII, Herbert Yardley taught Kuomintang
soldiers to cryptanalyze Japanese ciphers. However, the
Japanese had already outpaced the Chinese in cryptanalytical
abilities.

Japan's Chuo tokujobu (Central Bureau Of Signal Intelligence)

was responsible for crypto-communication and signal
intelligence, including cryptanalysis, translation,
interception, and direction finding against the Soviet Union,
China and Britain. It began operations in 1921. [YUKI],[YAR1]

In May 1928, the Angohan (Codes and Ciphers Office) obtained

excellent results in intercepting and decoding Chinese codes
during the Sino-Japanese clash at Tsinan between Chiang
Kaishek's Northern Expeditionary Army and the IJA (Imperial
Japanese Army). [FUMI]

The warlord Chang Tso-lin was murdered in June 1928. Angohan

succeeded in decoding "Young Marshal" Chang Hsueh-liang's
secret communications and made a substantial contribution to
the understanding of the warlord politics of Manchuria. [SANB]

The Anjohan not only mastered the basics of Chinese codes and
ciphers but also broke the Nanking Government and the Chinese
Legation codes in Tokyo. [YOKO]

The Chinese codes in 1935 were called "Mingma". They were

basically made up of four digit numbers. The Chinese did not
encode the name of either the sender or receiver, nor the date
or the time of the message. The China Garrison Army's
Tokujohan office was able to disclose the composition,
strength, and activities of Chiang Kai-shek's branch armies,
such as those led by Sung Che-yuan and Chang Hseuh-liang. It
was not able to decode the Chinese Communist or Air Force
messages. [HIDE]

By the time of the 1937 Sino-Japanese War, Japanese

cryptanalytical experts had been able to greatly expand their
knowledge of the Chinese system of codes and ciphers, as well
as improve their decoding skills. About 80% of what was
intercepted was decoded. This included military and diplomatic
codes but not the Communist code messages. [EIIC]

Chinese Nationalists upgraded their Mingma codes in 1938. They

adopted a different system, called tokushu daihon (special code
book) in Japanese which complicated by mixing compound words.
By October, 1940, Chiang Kai-shek's main forces were using a
repeating key system. This stumped the Japanese cryptanalysts
for a short time, then they returned to a 75% decoding level
during the war. They continued to make great contributions to
major military operations in China. [HIDE]
The Japanese broke the Kuomintang codes during the Chungyuang
Operation in the Southern Shansi or Chungt'iao Mountain
Campaign. [CHUN] In February 1941, significant penetration
of Communist signal traffic was obtained. [YOKO]

The tokujo operations against the North China Area Army and the
Chinese Communist codes was tragic failure. [HISA] The IJA's
China experts held a highly negative image towards the Chinese.

This may have prejudiced their attitude towards intelligence

estimates of China and the Chinese which in turn adversely
affected their operational (crypto-intelligence) thinking on
China in general. [THEO]

When the Sian mutiny broke out and Chiang Kai-shek was
kidnapped in December 1936, Major General Isogai (IJA's leading
expert in COMINT for China) toasted (more like roasted) the
demise of Chiang. Colonel Kanji Ishiwara (Japan's chief
military strategist) deplored the incident because he felt
China was on the brink of unity because of Chiang Kai-shek's
efforts. He considered the ability to read Chiang's codes just
a matter of doing the business of war. [SHIN]

LATIN

BRASSPOUNDER gives us a good introduction to Latin in

Reference [LATI]. Until modern times Latin was a dominant
language in schools, churches, and state in Western Europe.
Professionals use Latin to confuse the general populace.
Latin is closely related to all of the Romance languages.

The Latin alphabet is the same as the English-language

alphabet, except that it has no equivalents for K, W, J, or U.
These have crept into current usage for their phonetic value.
The J replaced I as in hic jacet instead of the classical hic
iacet. The letter W has no equivalent. The letter U was the
Greek Y, and in classical times was written as a U. C is now
used to form the hard sound as in CEL instead of KEL. A double
UU approximated a W. Latin therefore is a 25 letter alphabet.

The order of frequency according to Kluber, reduced to

percentages, taken from reference [TRAI]:

I - 10.1 M - 3.4 V - 0.7

E - 9.2 C - 3.3 X - 0.6
U - 7.4 P - 3.0 H - 0.5
T - 7.2 L - 2.1 J - 0
A - 7.2 D - 1.7 K - 0
S - 6.8 G - 1.4 Y - 0
R - 6.8 Q - 1.3 Z - 0
N - 6.0 B - 1.2
O - 4.4 F - 0.9

Vowels: I E U A O
Consonants: T S R N M C P L D Q B F V X H

Initials: S I A P E Q C V M D N F H R T U L O G J
Finals: S E T M A I O N D R L C U

Doubled Letters: S L M P T C N R U Z

Vowel Combinations:
AE AU AI ; EA EI EO ; IA IO IE IAE ; OA OE OI OAE OIA ;
UA UE UI UO UU UAE UIA UIU
Consonant combinations:
NT ST ND SP PB CT SG NS NP LT

Frequent reversals:
UM EN ER NT TI TE ON RT RE ES IS ME IT TA US SE IC TU
ST IE PE CI RU

Digraph endings:

IS UM US AM AE TA NT EN RE OS AS UE ES RA AT IT ET IA IO
OB ST SE TE RI OR UR ER NI RI UI NO EL DI PE NA VA NS ED IN NE
SA MO SI SO RO

Trigraph word endings:

ERE QUE UNT RIS RUS IUM LIS LUM TIS UAM UOD NTA ARE IAM
NIS RAT NEM ROS TAS TES TIO ANT ATA CAE CUM ENT ITA IUS LAE NAM
NES NIA RUM URA VIS TEM TAE TUS

Favorite letter positions:

A H 2H 2E N 2E E
B H O 2H 2E
C H P H
D H E Q H 2H
E H 2H E R 2H 2E
F H S E H
G E H T E 2E H
H 2H E H U 2H 2E
I 3E 2E 2H V H
J H W (rare) H
K E X 2H 2E
L 2E 2H Y E 2H
M H Z 2E E H

H=head, first letter, 2H = second letter, E=last letter,

2E= next to last letter

Common short words:

IN ET AD SI PER UBI SED UNA VIA HIC PRO CUM QUI QUO QUOD
IPSE ATQUE QUARE QUIDEM

Pattern words:
NON BENE FERE QUISQUE

Vowel percentage: 44%

Vowel / consonant ratio: 8/10
Average word length: 7

One-letter words: A E I O

Two-letter words:
AB AC AD AB AT DA DE DO EA EI EN EO ES ET EX HI ID II IN IS IT
ME NE NI OB OS RE SI TE TU UT

Three letter words:

AGO ARA AUT AVE BIS COR CUM CUR DIU DUO DUX EGI EGO FIO HIC HOC
HUC IAM IBI IRA ITA IUS LEX LUX MOX MUS NAM NEC NIX NON NOX NUM
PAR PAX PER PES PRO QUA QUI QUO RES REX RUS SED SEX SIC SOL STO
SUM SUS TAM TUM UBI VAE VEL VIA VIR VIS VIX

Latin Bigram Table

Basis 10,000 letters and spaces from Reference [ALBE]

Second Letter

A E I O U B C D F G H K
- 156 145 146 36 60 11 99 65 39 7 35 4
A 113 77 8 20 42 15 58 6
E 197 27 7 7 1 5 26 18 4 11 1
I 89 43 12 6 59 68 51 60 34 12 26 4
O 61 1 3 10 37 19 1 2
U 8 73 61 50 22 2 17 2 11
B 15 12 26 33 3 22
C 29 49 28 31 68 3 4 3
F D 53 16 61 87 9 17 3 1
i F 3 7 9 23 11 9 5
r G 2 5 18 14 4 10 1
s H 23 3 14 8 4
t K 4 8
L 10 46 39 106 10 13 2 1
L M 248 28 33 28 22 23 1
e N 57 48 49 59 40 38 33 39 4 19
t P 2 12 34 12 43 14 1
t Q 4 167
e R 87 96 76 101 30 56 4 6 7 1 2 1
r S 276 14 64 83 30 47 34 1 2
T 191 96 125 142 20 91 6
V 3 7 42 24 27 1
X 28 1 2 7 2
Y 5
Z 1

L M N P Q R S T V X Y Z
53 36 79 113 92 36 151 46 68 3 1
A 63 89 62 12 4 59 45 81 4 2
E 18 78 85 11 21 175 84 93 3 35
I 25 49 143 24 9 10 137 113 3 4
O 13 27 134 6 4 65 46 13 5 2
 U 37 119 63 9 60 105 70 1
B 1 4 5
C 2 24 40 5
D 2 1 1 1 2 2
F 1 12
G 1 13 8
H
K
L 33 12
M 7 10 13 5 2
N 4 3 56 136 10
P 17 3 42 15 11
Q
R 1 6 1 3 2 2 9 26 3 1
S 7 5 11 39 72 3 7
T 19 23 35
V
X 6 1
Y
Z

NORWEGIAN

Norwegian is a beautiful language which consists of two forms,

Bokmal (Book Language) and Nynorsk. Book language is the
generally read form. Norwegian is similar to English with the
addition of three vowels AE, 0, A'. Foreign consonant letters
are C, Q, W, X and Z. Based on 5153 letters, a frequency
analysis reduced to 100 letters is:

16 8 7 6 5 4 2 1 - 0
E RNS T AI LDO GKM UVFHPA' JB0 Y AE C WXZQ

Average word length - 4.77 letters. Compound words are long.

IC = .0647

Vowels A, E I O - 33%
Consonants D L N R S T - 41% of letters

One- Letter Words:

I 81% A' 16% A 2% O A AE 0 1%

Two letter words:

OG 23% ER 14% EN 10% AV /DE 9% ET PA' AT FA' SA'
DA NA' OM VI JO SA JA MA' SE TO UT VE

Three letter words:

OPP 38% ENN 23% INN 15% OSS 15% ALL 8%

Four letter words:

OSGA' 15% BARE 12% ALLE 9% FOLK 9% HVEM SINE
STOR GATE GODT HVIS IDAG LAND MENS MIDT

Doubles:
 LL KK NN TT MM SS PP GG RR DD FF

Digraphs:
EN ER DE ET TE ST NE OR RE KE AN ME SE SK

Reversals:
EN ER DE ET ES EL LI AV GE

Initials:

S FM D HAENT BKV GI JLP RU A0

Finals:

E RT N G S KM A A'DLV IO BPYAE FHU0

Phoenix's soon to be published ACA Xenocrypt Handbook

gives further data on digraphs and trigraphs representing less
than 2% of totals.

HUNGARIAN

Hungarian (aka Magyar) is related to Finnish and Estonian.

Hungarian has 38 sounds based on a Latin alphabet. Reference
[HUNG] shows the full alphabet as a combination of letters.
There is no Q, W, or X in Hungarian. Only 23 Latin letters are
used. Reference [HUNG] also gives Xenocrypt examples.

Hungarian has four special characteristics:

1. It agglutinates - adjectives, possessives are expressed by

suffixes.

2. It has vowel harmony - they fall into high and low vowel
categories. High - E, I, OE, UE and Low- A O U. In a word
they are all either high or low.

3. It assimilates consonants - usually the third or fourth

letter from the end. Many doubles.

4. It has no gender differentiation.

Per cent letter frequencies based on 10,001 letters:

E - 16.04 K - 4.47 D - 1.93

A - 12.55 I - 4.29 B - 1.78
T - 8.35 M - 4.11 H - 1.42
O - 6.56 R - 3.48 J - 0.99
S - 6.56 G - 3.16 F - 0.94
L - 5.66 U - 2.33 C - 0.52
N - 5.49 Y - 2.03 P - 0.52
Z - 4.79 V - 1.94

Doubles (in 10,001 letter count):

TT 104 BB 25 RR 10
SS 42 KK 24 II 9
LL 35 NN 22 GG 7
AA 31 ZZ 11
EE 27 MM 11

Most frequent bigrams:

OE 229 AL 126 SA 94
EL 225 AS 123 KA 91
TA 219 LE 118 ZA 90
SZ 207 NE 110 LA 89
ES 201 UE 110 ZO 88
EN 185 EM 110 AK 87
EG 155 GY 108 KE 87
ET 151 AZ 101 AM 86
TE 149 EK 97 KO 86
AN 145 LA 96 EZ 80
AT 136 AR 95 MA 79
ER 133 SE 95 RE 79
ME 127 TO 95

Initials:
V E M K S A H T F N L B I O J C U P R G D

Finals:
T N K E A S I M L G Y Z R D O B U P C

Groups:
Vowels A E I O U 41.77 %
LNRST 29.54
JKQYZ 9.93
EATOS 50.06
EATOSLNZK 70.47
HJFCP 4.39

Simple words based on a count of 1,000 words:

ES - and (before vowels) 96

AZ - that 20
EGY - one 14
S - and 11
MEG - 6
EL - away 5
TE - thou 5
HA - if 4
ITT - here 3
A - one 68
EZ - this 17
NEM - no 6
 Hungarian Bigram Table

Basis 10,000 letters and spaces from Reference [HUNG]

Second Letter

A B C D E F G H I J K

A 31 41 4 22 15 22 56 55 33 28 87
B 57 25 52 1 3 1
C 6 3 5
D 28 1 1 3 48 3 3 15 1
E 28 26 3 47 27 21 155 19 19 21 97
F 7 21 3 25
G 40 9 46 4 7 11 13 3 6
F H 67 21 15
i I 34 7 6 16 9 1 26 2 9 5 59
r J 35 1 6 16 3 1
s K 91 6 3 1 87 6 4 2 38 1 24
t L 96 5 3 7 118 7 6 4 15 10 18
M 79 18 5 1 127 5 9 58 5 3
L N 59 7 8 40 110 7 9 2 18 1 38
e O 3 11 1 13 229 1 25 2 1 51
t P 7 16 3 3 3
t R 50 1 13 10 79 5 6 1 19 1 10
e S 94 3 1 5 95 5 1 8 18 5 22
r T 219 10 3 3 149 1 6 14 59 5 19
U 4 1 12 110 1 9 2 4 4 1
V 89 5 61 13
Y 41 1 1 1 43 1 5 18 2
Z 90 6 122 1 6 2 28 3 3

L M N O P R S T U V Y Z

A 126 86 145 1 18 95 123 136 3 27 101

B 5 3 3 14 5 5 1 3
C 3 1 34
D 1 9 1 41 3 1 15 13 6
E 225 110 185 1 18 133 201 151 37 80
F 18 19 1
G 4 7 1 15 7 6 6 7 12 108 4
H 1 37 1
I 18 7 56 1 7 9 71 35 10 28 13
J 1 22 3 7 1 3
K 4 21 6 86 9 9 14 28 4
L 35 31 15 57 4 6 7 73 6 13 24 6
M 6 11 7 35 2 17 9 14 8 2
N 6 11 22 22 3 19 72 11 12 57 15
O 65 33 62 1 1 41 37 49 4 26
P 1 11 1 2 2 2 1
 R 9 11 4 42 10 18 41 16
S 4 18 13 29 4 42 43 15 14 10 207
T 22 42 6 95 1 4 20 104 37 12 4
U 19 3 12 2 9 7 24 3 6
V 21 2 3
Y 6 15 3 14 2 2 16 6 23 3
Z 11 2 6 88 3 18 49 21 9 11

LECTURE 5 HOMEWORK ANSWERS

Ger-3. Kalenderblatt August. K2 (Sonne) BRASSPOUNDER

QV FHOHIC ICMPC KQM IXWWM QW KML WFMPM KMI

*IQLQHI, KMI *PHWKICMLWI, KFPML KQM "*PHWKIC-

FOMI," KQM AMKML VMWIJP WXJP CQMLM VXMOMW.

Kw= LICHT

Im August steht die Sonne in der Naehe des Sirius, des

Hundsterns daher die "Hundstages," die weder Mensch noch
Tiere moegen.

PT: a b c d e f g h i j k l m n o p q r s t u v w x y z
CT: F G J K M N O P Q R S U V W X Y Z L I C H T A B D E

After placing the crib at the 5th word, der, dess, and die
were immediately identified.

Ger-4. Ungerechtes Schicksal. Eng. K4 GEMINATOR

Kw's = question /unfair

Student besteht Pruefung zum zweiten mal nicht wieso fragt der
Freund Schicksalsschlag das selbe zimmer der selbe Professor
die selben fragen.

PT: z q u e s t i o n a b c d f g h j k l m p r v w x y
CT: U N F A I R B C D E G H J K L M O P Q S T V W X Y Z

IRFJA DRGAI RAMRT VFAKF DLUFS UXABR ADSEQ

DBHMR XBAIC KVELR JAVKV AFDJI HMBHP IEQII

HMQEL JEIIA QGAUB SSAVJ AVIAQ GATVC KAIIC

VJBAI AQGAD KVELA D. hints: (zum zw-; zimm-)

The three part crib can only be located in one position. A

first guess of ZIMMER gives der, die, and zweit. A guess of
FREUND yields much of the in the rest of the text.
Schicksalsschlag can be found in the dictionary.

Fre-1.

MON NOM square looks like this:

F G H I J K
A N E Z P I L
B S O T H U M
C B A R C D F
D G J K Q V W
E X Y - - - -

Split the cipher text after message group 13. Message reads:
Que Noel vous soit des plus agreables et l'an nouve aplein de
desirs accomplis.

HOMEWORK PROBLEMS

Lat-1 K2. (105) (sallust) Wars and Victors? SCARLET

F C D R J R B B Q C O Q C N T Z U N B R,

U R P R M Q C Z R H R M M Q C R G R O N D R M R.

N D U N K R M R U Q N S N O, R P N Z C N H D Z S F

B N U R M R , G R K F D N , U Q C S N U P F M R O

S R B N D P. * O Z B B Q O P [cum, bdghj=JGHIE]

Nor-1. K2 Cosmology. (*qwx, verden) NIL VIRONUS

I K P N H E R A M C K D A O A G P K M K N N K M K

M E K O K M Z L A G G K Q P H E V K M M K G K O K

G P D A O V F I I K G H K R F D O I F V F G N C F

J P K R K M I K G N F E K G G K N C K P F D Y K M

P K A G N P K A G.
REFERENCES / RESOURCES

[ACA] ACA and You, "Handbook For Members of the American

Cryptogram Association," ACA publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure

Communications", American Cryptogram Association,
1994.

[AFM] AFM - 100-80, Traffic Analysis, Department of the Air

Force, 1946.

[ALAN] Turing, Alan, "The Enigma", by A. Hodges. Simon and

Shuster, 1983.

[ALBA] Alberti, "Treatise De Cifris," Meister Papstlichen,

Princton University Press, Princeton, N.J., 1963.

[ALKA] al-Kadi, Ibrahim A., Origins of Cryptology: The Arab

Contributions, Cryptologia, Vol XVI, No. 2, April 1992,
pp 97-127.

[ANDR] Andrew, Christopher, 'Secret Service', Heinemann,

London 1985.

[ANNA] Anonymous., "The History of the International Code.",

Proceedings of the United States Naval Institute, 1934.

[AS] Anonymous, Enigma and Other Machines, Air Scientific

Institute Report, 1976.

[AUG1] D. A. August, "Cryptography and Exploitation of Chinese

Manual Cryptosystems - Part I:The Encoding Problem",
Cryptologia, Vol XIII, No. 4, October 1989.

[AUG2] D. A. August, "Cryptography and Exploitation of Chinese

Manual Cryptosystems - Part II:The Encrypting Problem",
Cryptologia, Vol XIV, No. 1, August 1990.

[BADE] Badeau, J. S. et. al., The Genius of Arab Civilization:

Source of Renaissance. Second Edition. Cambridge: MIT
Press. 1983.

[BARB] Barber, F. J. W., "Archaeological Decipherment: A

Handbook," Princeton University Press, 1974.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Course #201,
Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and Essays,

London, 1928.

[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The

Simple Substitution Cipher with Word Divisions," Aegean
 Park Press, Laguna Hills, CA. 1975.

[BAR2] Barker, W., ed., History of Codes and Ciphers in the

U.S. During the Period between World Wars, Part II,
1930 - 1939., Aegean Park Press, 1990.

[BAR3] Barker, Wayne G., "Cryptanalysis of the Hagelin

Cryptograph, Aegean Park Press, 1977.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean Park
Press, Laguna Hills, CA. 1973.

[BARR] Barron, John, '"KGB: The Secret Work Of Soviet Agents,"

Bantom Books, New York, 1981.

[BAUD] Baudouin, Captain Roger, "Elements de Cryptographie,"

Paris, 1939.

[BEES] Beesley, P., "Very Special Intelligence", Doubleday, New

York, 1977.

[BLK] Blackstock, Paul W. and Frank L Schaf, Jr.,

"Intelligence, Espionage, Counterespionage and Covert
Operations," Gale Research Co., Detroit, MI., 1978.

[BLOC] Bloch, Gilbert and Ralph Erskine, "Exploit the Double

Encipherment Flaw in Enigma", Cryptologia, vol 10, #3,
July 1986, p134 ff. (29)

[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th ed.,

Annapolis: U.S. Naval Institute, 1978.

[BODY] Brown, Anthony - Cave, "Bodyguard of Lies", Harper and

Row, New York, 1975.

[BOLI] Bolinger, D. and Sears, D., "Aspects of Language,"

3rd ed., Harcourt Brace Jovanovich,Inc., New York,
1981.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An

Introduction to Information Security," Hayden Books,
Rochelle Park, NJ, 1990.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and Sons,
NY, 1982.

[BRAS] Brasspounder, "Language Data - German," MA89, THe

Cryptogram, American Cryptogram Association, 1989.

[BRIT] Anonymous, "British Army Manual of Cryptography", HMF,

1914.

[BRYA] Bryan, William G., "Practical Cryptanalysis - Periodic

Ciphers -Miscellaneous", Vol 5, American Cryptogram
 Association, 1967.

[BURL] Burling, R., "Man's Many Voices: Language in Its

Cultural Context," Holt, Rinehart & Winston, New York,
1970.

[CAND] Candela, Rosario, "Isomorphism and its Application in

Cryptanalytics, Cardanus Press, NYC 1946.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight Letters

in Length, Aegean Park Press, Laguna Hills, CA 92654,
1986.

[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in Length,

Aegean Park Press, Laguna Hills, CA 92654, 1986.

[CASE] Casey, William, 'The Secret War Against Hitler',

Simon & Schuster, London 1989.

[CAVE] Cave Brown, Anthony, 'Bodyguard of Lies', Harper &

Row, New York 1975.

[CCF] Foster, C. C., "Cryptanalysis for Microcomputers",

Hayden Books, Rochelle Park, NJ, 1990.

[CHOI] Interview with Grand Master Sin Il Choi.,9th DAN, June

25, 1995.

[CHOM] Chomsky, Norm, "Syntactic Structures," The Hague:

Mouton, 1957.

[CHUN] Chungkuo Ti-erh Lishih Tangankuan, ed "K'ang-Jih

chengmien chanch'ang," Chiangsu Kuchi Ch'upansheh,
1987., pp993-1026.

[CI] FM 34-60, Counterintelligence, Department of the Army,

February 1990.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis Of The

Columnar Double Transposition Cipher, by Courville
Assoc., South Gate, CA, 1986.

[CLAR] Clark, Ronald W., 'The Man who broke Purple',

Weidenfeld and Nicolson, London 1977.

[COLF] Collins Gem Dictionary, "French," Collins Clear Type

Press, 1979.

[COLG] Collins Gem Dictionary, "German," Collins Clear Type

Press, 1984.

[COLI] Collins Gem Dictionary, "Italian," Collins Clear Type

Press, 1954.

[COLL] Collins Gem Dictionary, "Latin," Collins Clear Type

Press, 1980.
[COLP] Collins Gem Dictionary, "Portuguese," Collins Clear Type
Press, 1981.

[COLR] Collins Gem Dictionary, "Russian," Collins Clear Type

Press, 1958.

[COLS] Collins Gem Dictionary, "Spanish," Collins Clear Type

Press, 1980.

[COVT] Anonymous, "Covert Intelligence Techniques Of the Soviet

Union, Aegean Park Press, Laguna Hills, Ca. 1980.

[CULL] Cullen, Charles G., "Matrices and Linear

Transformations," 2nd Ed., Dover Advanced Mathematics
Books, NY, 1972.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford

University Press, London, 1974.

[DAN] Daniel, Robert E., "Elementary Cryptanalysis:

Cryptography For Fun," Cryptiquotes, Seattle, WA., 1979.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The Cryptogram,

September-October, Vol XLII, No 5. 1976.

[DEAC] Deacon, R., "The Chinese Secret Service," Taplinger, New

York, 1974.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum," tr. by

Gilbert Watts, (1640) or tr. by Ellis, Spedding, and
Heath (1857,1870).

[DEVO] Devours, Cipher A. and Louis Kruh, Machine Cryptography

and Modern Cryptanalysis, Artech, New York, 1985.

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,

Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
registered version and available as shareware under
CRYPTM.zip on CIS or zipnet.

[EIIC] Ei'ichi Hirose, ",Finland ni okeru tsushin joho," in

Showa gunji hiwa: Dodai kurabu koenshu, Vol 1, Dodai
kurabu koenshu henshu iinkai, ed., (Toyko: Dodai keizai
konwakai, 1987), pp 59-60.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

1956.

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,

"ENIGMA95 - A Simulation of Enhanced Enigma Cipher
Machine on A Standard Personal Computer," for
publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
Ciphers," Ambassador Books, Toronto, Canada, 1956.

[EYRA] Eyraud, Charles, "Precis de Cryptographie Moderne'"

Paris, 1953.
[FL] Anonymous, The Friedman Legacy: A Tribute to William and
Elizabeth Friedman, National Security Agency, Central
Security Service, Center for Cryptological History,1995.

[FREB] Friedman, William F., "Cryptology," The Encyclopedia

Britannica, all editions since 1929. A classic article
by the greatest cryptanalyst.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean Park
Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR4] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part IV, Aegean Park Press,
Laguna Hills, CA, 1995.

[FR5] Friedman, William F. Military Cryptanalysis - Part I,

Aegean Park Press, Laguna Hills, CA, 1980.

[FR6] Friedman, William F. Military Cryptanalysis - Part II,

Aegean Park Press, Laguna Hills, CA, 1980.

[FRE] Friedman, William F. , "Elements of Cryptanalysis,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FREA] Friedman, William F. , "Advanced Military Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1976.

[FRAA] Friedman, William F. , "American Army Field Codes in The

American Expeditionary Forces During the First World
War, USA 1939.

[FRAB] Friedman, W. F., Field Codes used by the German Army

During World War. 1919.

[FR22] Friedman, William F., The Index of Coincidence and Its

Applications In Cryptography, Publication 22, The
Riverbank Publications, Aegean Park Press, Laguna
Hills, CA, 1979.

[FROM] Fromkin, V and Rodman, R., "Introduction to Language,"

4th ed.,Holt Reinhart & Winston, New York, 1988.

[FRS] Friedman, William F. and Elizabeth S., "The

Shakespearean Ciphers Examined," Cambridge University
Press, London, 1957.
[FUMI] Fumio Nakamura, Rikugun ni okeru COMINT no hoga to
hatten," The Journal of National Defense, 16-1 (June
1988) pp85 - 87.

[GARL] Garlinski, Jozef, 'The Swiss Corridor', Dent,

London 1981.

[GAR1] Garlinski, Jozef, 'Hitler's Last Weapons',

Methuen, London 1978.

[GERM] "German Dictionary," Hippocrene Books, Inc., New York,

1983.

[GIVI] Givierge, General Marcel, " Course In Cryptography,"

Aegean Park Press, Laguna Hills, CA, 1978. Also, M.
Givierge, "Cours de Cryptographie," Berger-Levrault,
Paris, 1925.

[GRA1] Grandpre: "Grandpre, A. de--Cryptologist. Part 1

'Cryptographie Pratique - The Origin of the Grandpre',
ISHCABIBEL, The Cryptogram, SO60, American Cryptogram
Association, 1960.

[GRA2] Grandpre: "Grandpre Ciphers", ROGUE, The Cryptogram,

SO63, American Cryptogram Association, 1963.

[GRA3] Grandpre: "Grandpre", Novice Notes, LEDGE, The

Cryptogram, MJ75, American Cryptogram Association,1975

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,

Iowa, 1976

[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing

Discovery and Decipherment," Basic Books, New York,
1982.

[HA] Hahn, Karl, " Frequency of Letters", English Letter

Usage Statistics using as a sample, "A Tale of Two
Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug
1994.

[HAWA] Hitchcock, H. R., "Hawaiian," Charles E. Tuttle, Co.,

Toyko, 1968.

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For

Divided and Undivided Cryptograms," unpublished
manuscript, 1984.

[HIDE] Hideo Kubota, " Zai-shi dai-go kokugun tokushu joho

senshi." unpublished manuscript, NIDS.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic

Alphabet", The American Mathematical Monthly, June-July
1929.

[HINS] Hinsley, F. H., "History of British Intelligence in the

Second World War", Cambridge University Press,
 Cambridge, 1979-1988.

[HIN2] Hinsley, F. H. and Alan Strip in "Codebreakers -Story

of Bletchley Park", Oxford University Press, 1994.

[HISA] Hisashi Takahashi, "Military Friction, Diplomatic

Suasion in China, 1937 - 1938," The Journal of
International Studies, Sophia Univ, Vol 19, July, 1987.

[HIS1] Barker, Wayne G., "History of Codes and Ciphers in the

U.S. Prior to World War I," Aegean Park Press, Laguna
Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of Military
Ciphers," Aegean Park Press, Laguna Hills, CA, 1976.

[HOFF] Hoffman, Lance J., editor, "Building In Big Brother:

The Cryptographic Policy Debate," Springer-Verlag,
N.Y.C., 1995. ( A useful and well balanced book of
cryptographic resource materials. )

[HOM1] Homophonic: A Multiple Substitution Number Cipher", S-

TUCK, The Cryptogram, DJ45, American Cryptogram
Association, 1945.

[HOM2] Homophonic: Bilinear Substitution Cipher, Straddling,"

ISHCABIBEL, The Cryptogram, AS48, American Cryptogram
Association, 1948.

[HOM3] Homophonic: Computer Column:"Homophonic Solving,"

PHOENIX, The Cryptogram, MA84, American Cryptogram
Association, 1984.

[HOM4] Homophonic: Hocheck Cipher,", SI SI, The Cryptogram,

JA90, American Cryptogram Association, 1990.

[HOM5] Homophonic: "Homophonic Checkerboard," GEMINATOR, The

Cryptogram, MA90, American Cryptogram Association, 1990.

[HOM6] Homophonic: "Homophonic Number Cipher," (Novice Notes)

LEDGE, The Cryptogram, SO71, American Cryptogram
Association, 1971.

[HUNG] Rip Van Winkel, "Hungarian," The Cryptogram, March -

April, American Cryptogram Association, 1956.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,

Yorktown Heights, N.Y., 1971.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994.

[JAPA] Martin, S.E., "Basic Japanese Coversation Dictionary,"

Charles E. Tuttle Co., Toyko, 1981.

[JOHN] Johnson, Brian, 'The Secret War', Arrow Books,

London 1979.
[KADI] al-Kadi, Ibrahim A., Cryptography and Data Security:
Cryptographic Properties of Arabic, Proceedings of the
Third Saudi Engineering Conference. Riyadh, Saudi
Arabia: Nov 24-27, Vol 2:910-921., 1991.

[KAHN] Kahn, David, "The Codebreakers", Macmillian Publishing

Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New

Cryptology," MacMillan Co., New York, 1983.

[KAH2] Kahn, David, "An Enigma Chronology", Cryptologia Vol

XVII,Number 3, July 1993.

[KAH3] Kahn, David, "Seizing The Enigma", Houghton Mifflin, New

York, 1991.

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KONH] Konheim, Alan G., "Cryptography -A Primer" , John Wiley,

1981, pp 212 ff.

[KOTT] Kottack, Phillip Conrad, "Anthropology: The Exploration

Of Human Diversity," 6th ed., Mcgraw-Hill, Inc., New
York, N.Y. 1994.

[KOZA] Kozaczuk, Dr. Wladyslaw, "Enigma: How the German

Machine Cipher was Broken and How it Was Read by the
Allies in WWI", University Pub, 1984.

[KULL] Kullback, Solomon, Statistical Methods in Cryptanalysis,

Aegean Park Press, Laguna Hills, Ca. 1976

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing Through

The Ages," Abelard-Schuman, London, 1973.

[LAKE] Lakoff, R., "Language and the Womans Place," Harper &
Row, New York, 1975.

[LANG] Langie, Andre, "Cryptography," translated from French

by J.C.H. Macbeth, Constable and Co., London, 1922.

[LATI] BRASSPOUNDER, "Latin Language Data, "The Cryptogram,"

July-August 1993.

[LAUE] Lauer, Rudolph F., "Computer Simulation of Classical

Substitution Cryptographic Systems" Aegean Park Press,
1981, p72 ff.

[LEDG] LEDGE, "NOVICE NOTES," American Cryptogram Association,

1994. [ One of the best introductory texts on ciphers
written by an expert in the field. Not only well
written, clear to understand but as authoritative as
they come! ]
[LEWI] Lewin, Ronald, 'Ultra goes to War', Hutchinson,
London 1978.

[LEWY] Lewy, Guenter, "America In Vietnam", Oxford University

Press, New York, 1978.

[LEVI] Levine, J., U.S. Cryptographic Patents 1861-1981,

Cryptologia, Terre Haute, In 1983.

[LISI] Lisicki, Tadeusz, 'Dzialania Enigmy', Orzet Biaty,

London July-August, 1975; 'Enigma i Lacida',
Przeglad lacznosci, London 1974- 4; 'Pogromcy
Enigmy we Francji', Orzet Biaty, London, Sept.
1975.'

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret

Writing," David Kemp Co., NY 1936.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and

Ciphers", Alexander Maclehose & Co., London, 1936.

[MARO] Marotta, Michael, E. "The Code Book - All About

Unbreakable Codes and How To Use Them," Loompanics
Unlimited, 1979. [This is a terrible book. Badly
written, without proper authority, unprofessional, and
prejudicial to boot. And, it has one of the better
illustrations of the Soviet one-time pad with example,
with three errors in cipher text, that I have corrected
for the author.]

[MARS] Marshall, Alan, "Intelligence and Espionage in the Reign

of Charles II," 1660-1665, Cambridge University, New
York, N.Y., 1994.

[MART] Martin, James, "Security, Accuracy and Privacy in

Computer Systems," Prentice Hall, Englewood Cliffs,
N.J., 1973.

[MAYA] Coe, M. D., "Breaking The Maya Code," Thames and Hudson,
New York, 1992.

[MAZU] Mazur, Barry, "Questions On Decidability and

Undecidability in Number Theory," Journal of Symbolic
Logic, Volume 54, Number 9, June, 1994.

[MEND] Mendelsohn, Capt. C. J., Studies in German Diplomatic

Codes Employed During World War, GPO, 1937.

[MILL] Millikin, Donald, " Elementary Cryptography ", NYU

Bookstore, NY, 1943.

[MM] Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A New

Dimension in Computer Data Security, " Wiley
 Interscience, New York, 1982.

[MODE] Modelski, Tadeusz, 'The Polish Contribution to the

Ultimate Allied Victory in the Second World War',
Worthing (Sussex) 1986.

[MRAY] Mrayati, Mohammad, Yahya Meer Alam and Hassan al-

Tayyan., Ilm at-Ta'miyah wa Istikhraj al-Mu,amma Ind
al-Arab. Vol 1. Damascus: The Arab Academy of Damascus.,
1987.

[MYER] Myer, Albert, "Manual of Signals," Washington, D.C.,

USGPO, 1879.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog Signals for
the Navy with Brief Description of the Ardois Hight
System," In Proceedings of the United States Naval
Institute, Annapolis: U. S. Naval Institute, 1891.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts 1-3,"

ACA-L, August 24, 1995.

[NIC3] Nichols, Randall K., "German Reduction Ciphers Parts

1-4," ACA-L, September 15, 1995.

[NIC4] Nichols, Randall K., "Russian Cryptography Parts 1-3,"

ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F. Friedman",

NCSA FORUM, August 20, 1995.

[NIC6] Nichols, Randall K., "Wallis and Rossignol," NCSA

FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to

Cryptography,", in The Cryptogram, ND95, ACA, 1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down Morse
Code System," The Cryptogram, SO95, ACA publications,
1995.

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM, March 10,
1995.

[NICX] Nichols, R. K., Keynote Speech to A.C.A. Convention,

"Breaking Ciphers in Other Languages.," New Orleans,
La., 1993.

[NORM] Norman, Bruce, 'Secret Warfare', David & Charles,

Newton Abbot (Devon) 1973.

[NORW] Marm, Ingvald and Sommerfelt, Alf, "Norwegian," Teach

Yourself Books, Hodder and Stoughton, London, 1967.
[NSA] NSA's Friedman Legacy - A Tribute to William and
Elizabeth Friedman, NSA Center for Cryptological
History, 1992, pp 201 ff.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,

Office of Chief of Naval Operations, Washington, 1941.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,

Ventura, Ca. 93003.

[POPE] Pope, Maurice, "The Story of Decipherment: From Egyptian

Hieroglyphic to Linear B., Thames and Hudson Ltd., 1975.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &

C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &

C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G &

C. Merriam Co., Norman, OK. 1981.

[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,

Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.

Merriam Co., Norman, OK. 1982.

[REJE] Rejewski, Marian, "Mathematical Solution of the Enigma

Cipher" published in vol 6, #1, Jan 1982 Cryptologia pp
1-37.

[RHEE] Rhee, Man Young, "Cryptography and Secure Commun-

ications," McGraw Hill Co, 1994

[ROAC] Roach, T., "Hobbyist's Guide To COMINT Collection and

Analysis," 1330 Copper Peak Lane, San Jose, Ca. 95120-
4271, 1994.

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[ROHE] Jurgen Roher's Comparative Analysis of Allied and Axis

Radio-Intelligence in the Battle of the Atlantic,
Proceedings of the 13th Military History Symposium, USAF
Academy, 1988, pp 77-109.

[ROOM] Hyde, H. Montgomery, "Room 3603, The Story of British

Intelligence Center in New York During World War II",
New York, Farrar, Straus, 1963.

[ROSE] Budge, E. A. Wallis, "The Rosetta Stone," British Museum

Press, London, 1927.

[RUNY] Runyan, T. J. and Jan M. Copes "To Die Gallently",

Westview Press 1994, p85-86 ff.

[RYSK] Norbert Ryska and Siegfried Herda, "Kryptographische

 Verfahren in der Datenverarbeitung," Gesellschaft fur
Informatik, Berlin, Springer-Verlag1980.

[SADL] Sadler, A. L., "The Code of the Samurai," Rutland and

Tokyo: Charles E. Tuttle Co., 1969.

[SACC] Sacco, Generale Luigi, " Manuale di Crittografia",

3rd ed., Rome, 1947.

[SANB] Sanbohonbu, ed., "Sanbohonbu kotokan shokuinhyo." NIDS

Archives.

[SAPR] Sapir, E., "Conceptual Categories in Primitive

Language," Science: 74: 578-584., 1931.

[SASS] Sassoons, George, "Radio Hackers Code Book", Duckworth,

London, 1986.

[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," John Wiley and Sons,
1994.

[SCH2] Schneier, Bruce, "Applied Cryptography: Protocols,

Algorithms, and Source Code C," 2nd ed., John Wiley and
Sons, 1995.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San

Francisco, 1994.

[SHAN] Shannon, C. E., "The Communication Theory of Secrecy

Systems," Bell System Technical Journal, Vol 28 (October
1949).

[SHIN] Shinsaku Tamura, "Myohin kosaku," San'ei Shuppansha,

Toyko, 1953.

[SIG1] "International Code Of Signals For Visual, Sound, and

Radio Communications," Defense Mapping Agency,
Hydrographic/Topographic Center, United States Ed.
Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound, and

Radio Communications," U. S. Naval Oceanographic
Office, United States Ed., Pub. 102, 1969.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.

[SISI] Pierce, C.C., "Cryptoprivacy," Author/Publisher, Ventura

Ca., 1995. (XOR Logic and SIGTOT teleprinters)

[SMIT] Smith, Laurence D., "Cryptography, the Science of Secret

Writing," Dover, NY, 1943.

[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag Archipelago I-

III, " Harper and Row, New York, N.Y., 1975.
[STEV] Stevenson, William, 'A Man Called INTREPID',
Macmillan, London 1976.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"

CRC Press, London, 1995.

[STUR] Sturtevant, E. H. and Bechtel, G., "A Hittite

Chrestomathy," Linguistic Society of American and
University of Pennsylvania, Philadelphia, 1935.

[SUVO] Suvorov, Viktor "Inside Soviet Military Intelligence,"

Berkley Press, New York, 1985.

[TERR] Terrett, D., "The Signal Corps: The Emergency (to

December 1941); G. R. Thompson, et. al, The Test(
December 1941 - July 1943); D. Harris and G. Thompson,
The Outcome;(Mid 1943 to 1945), Department of the Army,
Office of the Chief of Military History, USGPO,
Washington,1956 -1966.

[THEO] Theodore White and Annalee Jacoby, "Thunder Out Of

China," William Sloane Assoc., New York, 1946.

[TILD] Glover, D. Beaird, Secret Ciphers of The 1876

Presidential Election, Aegean Park Press, Laguna Hills,
Ca. 1991.

[TM32] TM 32-250, Fundamentals of Traffic Analysis (Radio

Telegraph) Department of the Army, 1948.

[TRAD] U. S. Army Military History Institute, "Traditions of

The Signal Corps., Washington, D.C., USGPO, 1959.

[TRAI] Lange, Andre and Soudart, E. A., "Treatise On

Cryptography," Aegean Park Press, Laguna Hills, Ca.
1981.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The Cipher
Dispatches, New York, 1879.

[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite de

Jean Tritheme ,Paris: Editions Traditionelles, 1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[TUKK] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.

[TUCM] Tuckerman, B., "A Study of The Vigenere-Vernam Single

and Multiple Loop Enciphering Systems," IBM Report
RC2879, Thomas J. Watson Research Center, Yorktown
Heights, N.Y. 1970.
[VERN] Vernam, A. S., "Cipher Printing Telegraph Systems For
Secret Wire and Radio Telegraphic Communications," J.
of the IEEE, Vol 45, 109-115 (1926).

[VOGE] Vogel, Donald S., "Inside a KGB Cipher," Cryptologia,

Vol XIV, Number 1, January 1990.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and Eleven

Letters in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and

Greater in Length, Aegean Park Press, Laguna Hills, CA
92654, 1993.

[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius," in

Tudor Studies, Longmans and Green, London, 1924.

[WEL] Welsh, Dominic, "Codes and Cryptography," Oxford Science

Publications, New York, 1993.

[WELC] Welchman, Gordon, 'The Hut Six Story', McGraw-Hill,

New York 1982.

[WHOR] Whorf, B. L., "A Linguistic Consideration of Thinking In

Primitive Communities," In Language, Thought, and
Reality: Selected Writings of Benjamin Lee Whorf, ed. J.
B. Carroll, Cambridge, MA: MIT Press, pp. 65-86., 1956.

[WINK] Winkle, Rip Van, "Hungarian: The Cryptogram,", March -

April 1956.

[WINT] Winterbotham, F.W., 'The Ultra Secret', Weidenfeld

and Nicolson, London 1974.

[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill Books,

NY, 1970.

[WOLF] Wolfe, Jack M., " A First Course in Cryptanalysis,"

Brooklin College Press, NY, 1943.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"

Crown Publishers, New York, 1990.

[XEN1] PHOENIX, "Xenocrypt Handbook," American Cryptogram

Association, 1 Pidgeon Dr., Wilbraham, MA., 01095-2603,
for publication March, 1996.

[YARD] Yardley, Herbert, O., "The American Black Chamber,"

Bobbs-Merrill, NY, 1931.

[YAR1] Yardley, H. O., "The Chinese Black Chamber," Houghton

Mifflin, Boston, 1983.

[YOKO] Yukio Yokoyama, "Tokushu joho kaisoka," unpublished

handwritten manuscript.

[YOUS] Youshkevitch, A. P., Geschichte der Mathematik im

 Mittelatter, Liepzig, Germany: Teubner, 1964.

[YUKI] Yukio Nishihara, "Kantogan tai-So Sakusenshi," Vol 17.,

unpublished manuscript, National Institute for Defense
Studies Military Archives, Tokyo.,(hereafter NIDS
Archives)

[ZIM] Zim, Herbert S., "Codes and Secret Writing." William

Morrow Co., New York, 1948.

[ZEND] Callimahos, L. D., Traffic Analysis and the Zendian

Problem, Agean Park Press, 1984. (also available
through NSA Center for Cryptologic History)

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

13 NOVEMBER 1996
Revision 0

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 19

PASSWORDS, PRIVACY, DATA PROTECTION

SUMMARY

For the last 18 lectures of our course, we have looked

at Classical Cryptography from the 'what' and 'how'
viewpoints. We now look at the 'why' as pertains to
passwords, privacy issues, and legal aspects of business
and personal data protection. Cryptography is a common
security theme for each of these issues. We need to
expand our purview to modern or applied cryptography to
understand the importance and worldwide scope of
cryptography.

I will start with a presentation of Klein's excellent

work on password vulnerability. [VACC] We will look at
the issue of privacy - and the bundle of rights
associated with it. [KENN], [HOFF], [ROSL] [HUTT] We
will survey data protection legislation in the business
and personal arenas -especially E-Mail systems. [ICC],
[BIGE] We will enter the labyrinth of the ITAR and find
that recreational and classical cryptography is exempt
from ITAR regulations on at least three counts. [NIST],
[ITAR] Lastly, I will briefly survey some applied
cryptography themes.

PASSWORD VULNERABILITY

We remind ourselves that cryptography is the science of

secret writing. Therefore, cryptography is used to
protect our vital datafiles and records. It is estimated
that more than 85% of all U.S. business, financial and
personal records are stored in computer systems. We use
passwords (keywords) to enter the maze of security
levels to gain access to the various files, records,
programs that affect our daily lives. These passwords
are cryptographically treated after they are presented
to the computer system and stored in that form. Next
time you go to your favorite ATM machine, realize that
it is cryptography protecting yours and the banks money.
The principles that have been presented in this course
are used in the same manner on more rigorous algorithms
to provide cryptosecurity to modern day machines.

We live in an age of international - no boundary -

computer networks capable of performing huge amounts of
coordinated work to breach the security of our computer
systems and pry open the secrets of lives. But how
secure are our systems by virtue of their encrypted
passwords? What is the weak link of the cryptosystem -
the algorithm, the key or the key management?

Daniel V. Klein of LoneWolf Systems, Pittsburg, Pa.

performed a study in 1989 using data from clients in
both U.S. and Great Britain that would imply that the
key (password) and its management is the weak link. He
outlined some of the problems of current password
security and demonstrated the ease with which individual
accounts may be broken. [VACC] Although his study
centered around the UNIX system, his results and
conclusions were most general in nature and can not be
ignored by users and system administrators of every type
of computer system in the country.

UNIX VULNERABILITY

Forgetting for the moment that CPU speeds, computer

architectures, and storage capabilities are more than 2
magnitudes of order faster and better in 1996 than what
was available when Klein's work was performed in 1989.
Klein was interested in the security of accounts and
passwords on the UNIX system. Early Unix versions used
a password encryption algorithm based on the M-209 U.S.
Army cipher machine. The M-209 cipher machine exploits
many of the security features we have discussed under
aperiodic systems in Lecture 13. On a PDP-11/70, each
encryption took approximately 1.25 ms, so that it was
possible to check 800 passwords per second. Armed with
a dictionary of 250,000 words, crackers could compare
encryptions with all those stored in the password file
in a little more than 5 minutes. This was a security
hole that could be (and was exploited) on government and
non-government machines all over the country.

After 1976, versions of UNIX, DES (Data Encryption

Standard - to be discussed in a later lecture in detail)
was used to encrypt passwords. The user's password was
used as the DES key, and the algorithm was used to
encrypt a constant. The algorithm was iterated 25 times,
with the results being an 11-character string plus a
2 character "salt." This method was more rigorous and
difficult to decrypt. It was complicated through the
introduction of one of 4,096 possible salt values and
was slower to execute than its predecessor. On a VAX-II
machine, a single encryption required about 280 ms, so
that the determined cracker could only check about 3.6
encryptions per second. Checking the same 250,000 word
dictionary would take 19 hours of CPU time. This
reduced the "payoff ratio" for cracking a single
password. Checking the passwords on a system with 50
accounts would take , on average, 40 CPU days because of
the random selection of salt values practically
guarantees that each user's password would be encrypted
with a different salt, with no guarantee of success.

In the last 5 years three developments have pushed the

problem of password security back into the forefront:

1. CPU speeds are lightning fast and readily available

as desktop workstations. Special boards can be made
to optimize the password comparisons.
With internetworking, many sites have hundreds of
individual workstations connected together, and
enterprising crackers are discovering that the
"divide and conquer" algorithm can be extended to
multiple processors, especially at night when those
processors are not otherwise being used.

2. New implementations of the DES algorithm have been

developed, so that the time it takes to encrypt a
password and compare the encryption against the
stored value in a password file has dropped below the
1ms mark. Our 250,000 word dictionary can be
processed in less than 5 minutes and by dividing the
work across multiple workstations, the time required
to encrypt these words against all 4,096 salt values
is less than an hour. DES has been put into hardware
implementation and the time for encryption is further
reduced. This means the same dictionary can be
cracked in only 1.5 seconds.

3. A study of passwords cracked showed that the user did

not readily choose tough passwords but ones that he
could remember. Furthermore, surveys show that the
user is not concerned with system security but
personal privacy. They are not aware that their
terminal may become an entry point for a malicious
cracker.

COLLECTION

Crackers have been using the same techniques for some

time to acquire the password files on UNIX and VAX
machines (all open system machines are susceptible):

1. They acquire a copy of the site's /etc/passwd file,

 either through an unprotected uucp link, well known
holes in sendmail or via FTP or tpf or outright
theft.

2. They apply the standard or sped up version of DES or

the known password encryption algorithm to a
collection of words, typically /usr/dict/words, plus
some permutations on account and user names, and
compare the encrypted results to those found in the
purloined /etc/passwd file.

3. If a match is found (and often their are more than

one), the cracker has access to the targeted machine.
This modus operandi has been known for some time,
defended, and still presents a viable alternative for
the 'bad guys' for more than 50 per cent of the
computers on the market.

KLEIN'S SURVEY

Klein built up a database of approximately 15,000

entries from U.S. and Great Britain of /etc/passwd
files in order to try to crack the passwords. Each of
the account entries was tested by a number of intrusion
strategies. The possible passwords that were tried were
based on the users name or account number, taken from
numerous dictionaries (including some containing foreign
words, phrases, patterns of keys on the keyboard, and
enumerations) and from permutations and combinations of
words in those dictionaries. After nearly 12 CPU-months
of rather exhaustive testing, approximately 25 percent
of the passwords have been guessed! 21 percent of the
passwords (nearly 3000 passwords) were guessed in the
first week and in the first 15 minutes of testing, 368
passwords (or 2.7 percent) had been cracked using what
experience had shown would be the most fruitful line of
attack (using the user or account names as passwords.)

These statistics are nothing less then frightening. On

an average system with 50 accounts in the /etc/passwd
file, one could expect the first account to be cracked
in under two minutes, with 5 to 15 accounts being
cracked by the end of the first day. Even though the
root account might not be cracked, all it takes is one
account being compromised for the cracker to have a
toehold in the system. After that is done, any number of
other well-known security loopholes ( many of which are
published on the network) can be used to access or
destroy any information on the machine.

The results did not indicate what all the uncracked

passwords were. Rather it showed that users are likely
to use words that are familiar to them as their
passwords. What new information it did provide,
however, was the degree of vulnerability of the systems
in question, as well as developing a basis for a
proactive password checker. Passwords that can be
derived from a dictionary are clearly a bad idea.
There are hackers and companies in the business of
developing this line of attack on computer systems.
I recently downloaded some files in Russian from a
site in Moscow that would indicate that others have
known this principle too.

SAFE PASSWORDS?

Klein found three classes of 'safer' passwords. One

class of more secure passwords was the word pair, where
the password consists of two words, separated by a
punctuation character. Compuserve uses this technique
for their CIS network, but relies on too few punctuation
marks too make this an effective deterrent to the clever
cracker. Even considering words of only 3 - 5 lowercase
characters, /usr/dict/words provide 3000 words for
pairing. When a single intermediate punctuation
character is introduced, the resulting sample size of
90,000,000 possible passwords is, in theory, rather
daunting.

We know from our course that this is not true. Cipher

text patterns carry through and are recognizable when
using a known algorithm. The 'key space' that must be
tested is substantially smaller with a smart dictionary
of targeted information. A 'smart' brute force attack
will be effective against the fixed length of the
password, especially if the number of salt values and/or
the number of punctuation marks are limited.

A second type of password introduces upper and lowercase

characters into the password to raise the search set
size to a magnitude that is more difficult to crack.

The third safe password is one constructed from the

initial letters of any easily remembered, but not
common, phrase. For example, the phrase "UNIX is a
trademark of Bell Laboratories" could give rise to the
password UiatoBL. This essentially creates a password
that is a random string of upper and lowercase letters.
Exhaustively searching this list at 1,000 tests per
second with only 7-character passwords would require
about 32 CPU-years - a very difficult task.

METHOD OF ATTACK

A number of techniques were used on the accounts in

order to determine whether the passwords used for them
could be compromised. To speed up the testing, Klein
grouped all passwords with the same salt value together.
This way, one encryption per password per salt value
could be performed, with multiple string comparisons to
test for matches. Rather than 15,000 accounts, the
problem was reduced to 4,000 salt values. [VACC]
The password tests were as follows:

1. Name Variations

Try using the users name, initials, account name,

and other relevant personal information as a
possible password. All in all, up to 130 different
passwords were tried, based on this information.

For the account name klone with a user named "David

V. Klein," some of the password tried were: klone,
klone0, klone1, klone123, dvk, dvkdvk, dklein,
Dklein, leinad, nielk, dvklein, danielk, DvkkD,
DANIEL-KLEIN, (klone), KleinD, and so on.

2. Dictionaries

Try using words from various dictionaries. These

included lists of women's and men's names (some
16,000 in all); places (including permutations, so
that "spain," "spanish," and "spaniard" would be
considered); names of famous people; cartoons and
cartoon characters; titles, characters and
locations of films and science fiction stories;
mythical creatures (garnered from Bulfinch's
mythology and dictionaries of mythical beasts);
sports (including team names, nicknames, and
specialized terms); numbers both as numerals -
"2001" and written out - "twelve"); strings of
letters and numbers ("a", "aa," "aaa," and so on);
Chinese syllables (from the Pinyin Romanization of
Chinese, an international standard system of
writing Chinese on an English keyboard); the King
James Bible; biological terms; common and vulgar
phrases (such as "ibmsux" and "deadhead"); keyboard
patterns (such as "QWERTY", "asdf" and "zxcvbn");
abbreviations (such as "roygbiv" - the colors in
the rainbow, and "ooottafagvah" - a mnemonic for
remembering the 12 cranial nerves); machine names
(acquired from the /etc/hosts); characters, plays,
and locations from Shakespeare; common Yiddish
words; the names of asteroids; and a collection of
words from various published technical papers.
60,000 separate words were considered per user (
with the inter and intradictionary duplicates being
discarded.

3. Permutations of Item 2

Try various permutations on the words from step 2.

Make the first letter uppercase or a control
character, make the entire word uppercase,
reversing the word(with and without the capital-
ization), changing the letter o to the digit 0, so
the word scholar becomes sch0lar, performing
similar manipulations on letter z to digit 2,
letter s to digit 5. Make the word plural, so
dress becomes dresses. Add suffixes of -ed -er -ing
to transform words like phase to phased. These 14
 to 17 additional tests per word added another
1,000,000 words to the list of possible passwords
that were tested for each user.

4. Capitalization

Try various capitalization permutations on the

words in step 2. This included all single-letter
capitalization permutations (so that michael would
be checked as mIchael, miChael, and so forth,)
double letter capitalization (MicHael) and triple
letter capitalization (MIchAel). This added 400,000
more words to be tested for single-letter,
1,500,000 for double-letter and 3,000,000 more
words for three-letter capitalization checks.

5. Foreign Words

Try foreign words on foreign language users. Klein

used Chinese words on users with Chinese names.
Klein made exhaustive one-,two-,three syllable word
tests on all 398 Chinese symbols for about
16,158,404 additional tests.

6. Word Pairs.

Try word pairs. The magnitude of this test was

staggering. Klein simplified the test to include
words three and four characters in length from
usr/dict/words. The number of words was order of
magnitude 10**7 X 4096 possible salt values.

Klein used four linked DECstation 3100's to perform 3000

comparisons a second. The study ran for 20 CPU-months.
The bulk of the effort was complete in the first 12 CPU-
months.

SUMMARY OF RESULTS

The problem with using passwords that are derived

directly from obvious words is that when users think
"Hah, no one will ever guess this permutation," they are
invariably wrong. Klein found a match on the "fylgjas,"
(guardian creature from Norse mythology. No matter what
words or permutations thereof are chosen for a password,
if they exist in some dictionary, they are susceptible
to direct cracking. Table 19-1 shows the breakdown of
passwords cracked in a sample size of 13,797 accounts.

Klein suggests four solutions for the 'key challenge':

1) use a proactive password checker; 2) eradicate easy-
to- guess passwords ( the user will normally defeat this
approach); 3) Assign passwords - nonsense words or
random characters (the user dislike this approach also);
and 4) use smart cards which respond to electronic
challenges from the computer security system.
 TABLE 19-1

Passwords Cracked for Sample Set of 13,797 Accounts

Type Dictionary Duplicates Search Number Percent Cost

of Size Eliminated Size of of Benefit
Password Matches Total Ratio
--------------------------------------------------------------------
User/
Account 130+ - 130 368 2.7% 2.830
Name
--------------------------------------------------------------------
Character
Sequences 866 0 866 22 0.2% 0.025
--------------------------------------------------------------------
Numbers 450 23 427 9 0.1% 0.021
--------------------------------------------------------------------
Chinese 398 6 392 56 0.4% 0.143
--------------------------------------------------------------------
Place
Names 665 37 628 82 0.6% 0.131
--------------------------------------------------------------------
Common 2,268 29 2,239 548 4.0% 0.245
Names
--------------------------------------------------------------------
Female
Names 4,955 675 4,280 161 1.2% 0.038
--------------------------------------------------------------------
Male
Names 3,901 1,035 2,866 140 1.0% 0.049
--------------------------------------------------------------------
Uncomm-
on 5,559 604 4,955 130 0.0% 0.026
Names
--------------------------------------------------------------------
Myths
and 1,357 111 1,246 66 0.5% 0.053
Legends
--------------------------------------------------------------------
Shakes-
pearean 650 177 473 11 0.1% 0.023
--------------------------------------------------------------------
Sports
Terms 247 9 238 32 0.2% 0.134
--------------------------------------------------------------------
Science
Fiction 772 81 691 59 0.4% 0.085
--------------------------------------------------------------------
Movies
and
Actors 118 19 99 12 0.1% 0.121
--------------------------------------------------------------------
Cartoons 133 41 92 9 0.1% 0.098
--------------------------------------------------------------------
Famous
People 509 219 290 55 0.4% 0.190
--------------------------------------------------------------------
Phrases
and
Patterns 998 65 933 253 1.8% 0.271
--------------------------------------------------------------------
Surnames 160 127 33 9 0.1% 0.273
--------------------------------------------------------------------
Biology 59 1 58 1 0.0% 0.017
--------------------------------------------------------------------
/usr/
dict/
words 24,474 4,791 19,683 1,027 7.4% 0.052
--------------------------------------------------------------------
Machine
Names 12,983 3,965 9,018 132 1.0% 0.015
--------------------------------------------------------------------
Mnemonics 14 0 14 2 0.0% 0.143
--------------------------------------------------------------------
King
James
Bible 13,062 5,537 7,525 83 0.6% 0.011
--------------------------------------------------------------------
Misc
Words 8,146 4,934 3,212 54 0.4% 0.017
--------------------------------------------------------------------
Yiddish
Words 69 13 56 0 0.0% 0.000
--------------------------------------------------------------------
Asteroids 3,459 1,052 2,407 19 0.1% 0.007
--------------------------------------------------------------------
Total 86,280 23,553 62,727 3,340 24.2% 0.053

Table Notes

1. The number of matches is the total number of matches

given for the particular dictionary, irrespective of
the number of permutations that user applied to it.

2. Duplicate names were eliminated.

3. In all cases, the cost/benefit ratio is the number

of matches divided by the search size. The more
words that needed to be tested for a match, the
lower the cost/benefit ratio.

4. The dictionary used for user/account names checks

naturally changed for each user. Up to 130 different
permutations were tried for each.

5. Although monosyllabic Chinese passwords were tried

for all users (with 12 matches) polysyllabic
 Chinese passwords were tried only for users with
Chinese names. The percentage of matches was 8.0% -
a greater hit ratio than any other method but the
dictionary size is 16 X 10**6, though, and the
cost/benefit ratio is infinitesimal.

Klein's work is a professional success - if we are in

the cracking business and a disheartening insight if you
are in the security business.

The total size of the dictionary was only 62,727 words

(not counting various permutations). This is much
smaller than the 250,000-word dictionary postulated at
the beginning of this lecture. Yet armed with even this
small dictionary, nearly 25% of the passwords were
cracked. It is easy to see how a professional
organization could increase the dictionary and funding
on the machinery and up the cost/benefit ratio
significantly.

Table 19-2 shows the length of the cracked passwords.

TABLE 19-2

Length Count Percentage

------------------------------------------------
1 Character 4 0.1%
------------------------------------------------
2 Characters 5 0.2%
------------------------------------------------
3 Characters 66 2.0%
------------------------------------------------
4 Characters 188 5.7%
------------------------------------------------
5 Characters 317 9.5%
------------------------------------------------
6 Characters 1160 34.7%
------------------------------------------------
7 Characters 813 24.4%
------------------------------------------------
8 Characters 780 23.4%
------------------------------------------------

The results of the word-pair tests are not included in

either of the two tables. They represent another 0.4%
of the passwords cracked in the sample.

PRIVACY REFERENCES/RESOURCES

When I started my research on this topic, I thought that

there would be a lot of well-organized material
available. In my opinion, only the first part of this
wish was true. There a fair amount of history, an
exciting growth of technology and a legal system that
can not keep pace with the issues that have arisen
because of the new technology. It would seem that only
the money interests have been able to present their
cases in the priority list. However, there is plenty of
excellent material to work with.

Lance Rose gives a reasonable description of the laws

applying to systems operators and on-line owners. [ROSL]
Lance J. Hoffman has edited a superior group of papers
which define some of the sides of the cryptographic
debate. [HOFF] Professor Chandler, et. al. in
cooperation with Martin Marietta Energy Systems, Inc.
have produced a strong review of the U.S. Laws,
Regulations, and Case Law pertaining to commercial
encryption products. [CHAN] Charles E. H. Franklin
has edited the summary work by ICC on business and
private data protection legislation - worldwide. [ICC]

The National Computer Association has 21 proactive

forums devoted to current computer security, encryption,
privacy, government and civil liberties, legal and other
issues. Hult et. al. have produced the definitive
Computer Security Handbook; of special value is
Professor Robert P. Bigelow's treatment of privacy laws
and Dr. Diane E. Levine's treatment of data encryption.

Professor Bigelow discusses the legal aspects of

computer privacy in the U.S. He covers a wide variety of
topics: databases, state laws, 'The Public's Attitude',
the Privacy Act of 1974, social security laws, The
Computer Matching Act, Internal Revenue Service, privacy
studies, employee privacy -drug testing and E-mail
systems, monitoring and surveillance, taxpayer privacy,
telecommunications privacy, and caller ID to name just a
few. [HUTT], [BIGE]

John Vacca and Derek Atkins, et. al. have produced two
of the best internet security books. [VACC], [NEWR]
Bruce Schneier has produced the modern reference on
professional cryptography algorithms. [SCH2] But James
Nechvatal's State of the Art Survey on Public-Key
Cryptography for NIST and NCSL is terrific. [NIST90].
Privacy Law and Practice, a three volume treatise edited
by Professor George Trubow of John Marshall Law School,
is probably the leading source in the United states.
ACA's RENARD is a contributor and a very modest expert
in the field of intellectual property rights law. NCSA
provides an up to date source of information on the
encryption legislation. Appendix 2 gives two of the most
recent issues of interest: the Bernstein Case and the 56
bit key recovery proposal by the White House. There are
other organizations like ACLU, EFF, EPIC and EDUPAGE
that update the net regularly regarding privacy. Any
netbrowser will find them. Don't forget that the
government agencies CIA, NSA, DIA, DOD all have home
pages as does the White House and various government-
wide security consultants like SAIC.
INTRODUCTION TO PRIVACY ISSUES

Cryptography permits the private citizen to keep his

life private. The national debate over cryptographic
policy was captured by a speech delivered well before
the personal computer was ever invented. In April,
1968, Thomas J. Watson Jr., Chairman of the Board of
IBM, was discussing privacy in computer systems in an
address to the Commonwealth Club of California.

"... the problem of privacy in the end is nothing more

and nothing less than the root problem of the relation
of each one of us to our fellow men.

What belongs to the citizen alone?

What belongs to society?

Those, at bottom, are the questions we face -

timeless questions on the nature and place and
destiny of man..."

These questions work equally well for cryptography.

Professor Robert P. Bigelow says that "we have computer

security to protect us from people and people to protect
us from computers." [HUTT] Caroline Kennedy points out
that the word "privacy" does not appear in the United
States Constitution. Yet ask anyone and they will tell
you that they have a fundamental right to privacy. They
will also tell you that privacy is under siege. [KENN]
Professor Hoffman explains that the notion of privacy
developed by the Courts grew as a natural process in
support of the Bill Of Rights.

The notion that information can be kept secret to any

degree vanished with the no territorial limits of
cyberspace. Most important, computers assure that
whatever is out there is assessable. No more roaming
file-to-file. A kid can get in an access your
information. What's more, because information exists in
cyberspace rather than real space, it can be stolen
"copied" without your knowing it. And someday soon,
the whole universe of information about you -credit
report, insurance records, medical history, employment
history, you-name-it may be recorded on "smart cards"
that will fit in your wallet. Brave New World surpassed.

Perhaps the biggest threat to our privacy comes in the

area know as "information privacy." Information about
all of us is collected not only by the old standbys, the
IRS and FBI, but also by the MIB, NCOA, and NCIC, as
well as credit bureaus, credit unions, credit card
companies, mortgagers, banks and employers. We now have
cellular phones, (not cordless or real phones), E-mail,
Fax, voice mail, talking cars, talking elevators, and
even junk mail on something called the Internet.
Computers have changed our notion of privacy.

MIB

Actually , there has always been a lot of personal

information about ourselves 'out there' but it was the
computer that made this information readily available.
The chip can store whole books of information for a very
long time. The kinds of data are endless (and market-
able. ) Your medical history is likely to be in your
doctors files, insurance companies files, laboratory
files, and possibly the Medical Information Bureau (MIB)
which collects medical data on some 15 million Americans
and makes it available to insurance companies. [KENN]

NCOA

When you fill out a change-of-address card, the U.S.

Post Office adds the information to its National Change
Of Address (NCOA) database. The Post Office then
helpfully passes on the list to list brokers, who
license the information to certain direct marketers.

NCIC

The National Crime Information Center (NCIC) database

contains over 23 million records identifying people and
vehicles sought by the police. NCIC information is
available by computer to approximately 71,000 local,
state, and federal agencies across the country.

The above are just three examples of the more than 2000
databases that destroy our collective privacy. The
Internet is a global network of databases. Our personal
profiles are so complete and available, it is like
having another self living in a parallel dimension; its
a self you can't see, but effects your life just the
same. Even if you don't own a computer, you have joined
the revolution.

>From the privacy point of view, we are in the most

unsettling period in this revolution. Technology is way
ahead of the laws. Those well versed in computers
already protect their communications with encryption.
Many corporations do the same. For every means to
secure privacy, we have generated methods to invade it.

The government (especially the FBI) is concerned that if

criminals begin communicated electronically and
scrambling their messages with cryptography, police
cannot just tap in (like the wiretaps used against
organized crime.) The government's solution was to come
up with Clipper Chip, an approved method of encryption
that requires trusted key escrow and permits law
enforcement to decode with a warrant and then make the
methodology standard in the industry. Privacy advocates
are not happy, nor software companies, nor civil
libertarians and Internet freedom advocates.

The animating principle of cyberspace is the free flow

of information. It is the ultimate democracy, where
principles of open records and unfettered speech
prevail. This presents a problem to law enforcement,
national security interests and intelligence operations.

PRIVACY AND OTHER PERSONAL RIGHTS

The law of privacy originally developed as a protection

against individuals private affairs being reported in
the press and against the exploitation of their names
and pictures for advertising purposes. [HUTT], [BIGE]

The concept of computer informational privacy developed

quickly after a proposal by the Bureau of the Budget
(circa 1965) to establish a Federal Data Center to
receive and store machine readable data in the
possession of many branches of the federal government -
approximately 30,000 computer tapes and 100 million
punched cards. Congress at that time represented the
people fairly well. There reaction was to hold hearings
on whether such a center could protect individual
privacy, since information from the IRS, the Census, the
Bureau of Labor Statistics and Social Security might all
be included.

Thomas J. Watson, Jr. then Chairman of the board of IBM

(the major player in the field for many years) stated:

" Today the Internal Revenue Services has our tax

returns. The Social Security Administration keeps a
running record on our jobs and our families. The
Veterans Administration has medical records on many of
us, and the Pentagon our records of military service.
So in this scatteration lies our protection. But put
everything in one place, computerize it, and add to it
without limit, and a thieving electronic blackmailer
would have just one electronic safe to crack to get a
victims complete dossier, tough as that job may be. And
a malevolent Big Brother would not even have to do that:
he could sit in his office, punch a few keys and arm
himself with all he needed to know to crush any citizen
who threatened his power. Therefore, along with the
bugged olive in the martini, the psychological tests,
and the spiked microphone, the critics have seen "data
surveillance" as an ultimate destroyer of the individual
American citizen's right to privacy- his right to call
his soul his own. "

Think about the abuses of this type of power under

Nixon; the hackers who can develop a detailed dossier on
you within minutes by phone and modem; the new crime of
stealing your "virtual" identity and charging thousands
of dollars against your 'new' account at some immediate
credit stores. Can you see where encryption would hinder
this process abuse?

The public's concern with privacy has been rising

steadily over the years. A Lou Harris poll on Americans
concern about threats to personal privacy found that in
1970 34 percent were concerned. By 1993 83 percent were
very concerned. [Privacy and American Business, October
1993, p3.]

THE FEDERAL PRIVACY ACT

Opposition to the federal data bank, spearheaded by IBM,

was responsible for the fact that we do not have such a
database (per se) today. With the help of under
secretaries Elliot L. Richardson and Casper Weinberger
of HEW, and sponsored by Senator Ervin of Watergate
fame, and signed by President Ford on 1 January, 1975,
The Privacy Act of 1974, P.L. 93-579 became law.

There is a basic rule that government files are open to

the public, unless there is a specific reason, enacted
by the legislature, saying that certain files are not
available. At the federal level, this principle is
demonstrated by the Freedom Of Information Act (FOIA)
5 U.S.C. sec. 552, under which a citizen or organization
can obtain most governmental records. The Privacy Act,
most of which is codified at 5 U.S.C. sec 552a, applies
only to records maintained by certain branches of the
federal government, specifically executive departments,
independent regulatory agencies, government
corporations, and government-controlled corporations
such as the Federal Reserve Banks. It is not applicable
to Congress (of course) or to the District of Columbia.
When corporations do business under federal agency
contracts, the contractors employees are subject to the
same rules under the Privacy Act, including criminal
penalties for failure to comply with the act.

The act defines a "record" that is subject to it very

broadly:

"Any item, collection, or grouping of information about

an individual that is maintained by an agency,including,
but not limited to , his education, financial
transactions, medical history, and criminal or
employment history and that contains his name, or
identifying number, symbol, or other identifying
particular assigned to the individual, such as a finger
or a voice print or a photograph."

Agencies can maintain information about individuals only

when it is relevant and necessary to accomplish the
agency's purpose. The act prohibits the disclosure of
any record except within the agency maintaining it
unless the individual makes a written request for the
data; there are exceptions. The agency must give public
notice of the existence of each record system, (The 1993
listing of records systems of just the DOD consumed 935
pages of the Federal Register.) including any proposal
to match the record against those of another federal or
state agency, keep track of certain disclosures, and
establish rules of conduct for those who design, and
operate the systems. [58 Fed Reg. 10002-10935, 22
February 1993] [The Computer Matching and Privacy Act
of 1988, P.L. 100-503, added subsections (0) to 5 U.S.C.
sec. 552a.]

The act also states:

"{agency must} establish appropriate administrative,

technical, and physical safeguards to ensure the
security and confidentiality of records and to protect
against any anticipated threats or hazards to their
security or integrity which could result in substantial
harm, embarrassment, inconvenience, or unfairness to any
individual on whom information is maintained."
[subsection (e)(10)] [HUTT]

Investigative records maintained by CIA, FBI and other

law enforcement agencies as well as national defense
secrets are completely except from the act's operation.

If an individual proves that an agency intentionally or

willfully violated the Privacy Act, fines up to $5,000
per individual violation may be recovered as damages.

The act also established specific rules prohibiting any

federal, state or local governmental agency from denying
an individual benefits or privileges because he/she
refused to disclose a Social Security Number. [P.L. 93-
579, sec. 7. requires the governmental agency asking for
the SSN to "inform that individual whether that
disclosure is mandatory or voluntary, by what statutory
or other authority such number is solicited, and what
uses will be made of it."] This also shows what
significance is put on the SSN as a entry key to most
federal databases. It also gives you the prime target of
data or ID thieves. A effective countermeasure would be
to encrypt the information. The notable exception to
the rule is the requirement for SSN's for drivers
licenses.

Out of this act has come a Privacy Protection Commission

to make recommendations to Congress. (most not passed!)
and an outgrowth called privacy implications of the
National Information Infrastructure Superhighway system.
Vice President Al Gore is currently leading the charge
on this one. The OMB has published an interesting
report on protecting intellectual property and privacy
called "National Information Infrastructure:Draft
Principles for Providing and Using Personal Information
and Commentary," 60 Fed. Reg. 4362, 20 January, 1995.

STATE ACTS AND REGULATIONS

Like the FOIA, most states have Public Records Acts
modelled after it and whose basic thrust is to make all
records available to the citizen, subject to exceptions
for law enforcement, trade secrets, and the like.
Several states have enacted Fair Information Practices
Acts regulating the information that state agencies
could maintain about individuals. several states have
enacted Uniform Information Practices Code and one
municipality, Berkeley, California has enacted a
citywide ordinance on privacy.

EMPLOYEE RIGHTS

In addition to the legal protections against discrim-

ination available to all employees, and the right to
advance warning in layoff situations, serious problems
have arisen from electronic E-Mail and drug testing.
With respect to E-mail ( hence a push for PGP and PEM
cryptosystems to protect the mail) invasion of privacy
claims for employees have been for the most part
unsuccessful. Drug testing suits have been partially
successful against the employer.

INTERNATIONAL PRIVACY

A number of European countries also have privacy acts

covering both governmental and private corporate
records. Most of the laws apply to computerized data
banks, which must be licensed by a governmental
authority.

The rules of disclosure are quite strict, and there are

particular prohibitions against the transfer of
information in these databanks across national
boundaries. [ICC: this reference is the 'bible' of
business and data protection legal requirements in
foreign countries.]

A DEEPER LOOK AT ELECTRONIC MAIL

Federal law prohibits the intentional interception of

wire, oral or electronic communications. This does not,
however, require that telephone companies offering
cellular service provide for the encryption of such
conversations, even though they can be intercepted.
[Shubert v Metrophone, Inc., 898 F. 2d 401 (3d Cir
1990)] The Electronic Communications Privacy Act of
1980, (47 U.S.C. 551) is strictly interpreted; in one
case the disclosure by an attorney to the district
attorney and to the court of illegal acts of police
officers, as shown by their intercepted telephone calls,
resulted in his being fined $20,000. [Rodgers v Wood.
910F. 2d 444 (7th Cir. 1990)]

It is not yet clear whether this law applies to the

intentional reading by those in control of a bulletin
board or a company's electronic mail of the messages
sent over the system. In Thompson v Predaina [S.D.
Indiana, #88-93C, dismissed voluntarily August 10, 1988]
plaintiff, a law student, alleged that the defendant, a
bulletin board operator, saved and distributed messages
that the plaintiff had ordered deleted. The complaint
includes counts under 18 U.S.C. 2520 and 2707. [Detail
analysis 41 Fed Comm. L.J. 17 (November 1988)] It has
been held that the operator of an electronic bulletin
board is not liable for defamation absent actual
knowledge of the allegedly defamatory statement. [Cubby
v Compuserve, Inc. F. Supp. 3 CCH Comp. Cas. para 46,547
(S.D.N.Y. 1991)]

In March 1990 Alana Shoars sued her former employer,

Epson America, alleging that her supervisor read and
printed out her electronic mail (and that of other
employees), and she was fired when she complained. A
class action suit was filed in July, 1990. [The damages
were $75,000,000. The case was widely covered in the
trade press. see BIGE or HUTT]. A similar action against
Nissan was file in January, 1991 and a suit has been
filed against the FBI to determine whether it is
monitoring the bulletin boards of political organ-
izations. [HUTT] Suit has been threatened against the
Prodigy network as a bulletin board to complain against
the rate increase to cover monitoring of offensive
language and denial of service to those who use it or
send insults.

DATA PROTECTION AND DATA ENCRYPTION: A VIEW OF MODERN

CHALLENGES

The previous section on E-Mail shows that people get

angry when their mail is intercepted - who owns the mail
system or on-line service doesn't matter. It is not
surprising that encryption of E-Mail has grown to major
proportions. With the advent of the computer and
telecommunications, the most effective means of
secreting messages is through the use of cryptology or a
cryptosystem. We know that. We have studied classical
cryptosystems for the last several months. The focus has
been on private key (password; keyword) systems. These
are also known as symmetric key or private key systems.

Trusted Information Systems

Cryptography is big business. Trusted Information

Systems (TIS) conducted a survey of companies making
products that employ cryptography both within and
outside the U.S. Appendix 1 presents companies and
countries reported in their survey as of June 1996. TIS
identified 1262 products worldwide. The TIS survey is
summarized by company and location.

The detailed products listing and company contact

information may be found at:

http://www.tis.com/crypto/
This is not a static list. TIS updates it weekly. I read
in the (11 November 1996) Edupage that Phelps Dodge
plans to market in Japan a scrambler/decoder that works
on 128 bit keys. Since 40 bits is the maximum (56 bits
under the temporary position of the White House
proposal) under ITAR regulations, and the government
supports a trusted third party key escrow via the
Clipper chip, I suspect that Phelps may have a challenge
on its hands. Since I have brought up the subject of
ITAR, lets take a brief side trip.

CLASSICAL CRYPTOGRAPHY / RECREATIONAL CRYPTOGRAPHY

The U.S. International Trade in Arms Regulations (ITAR)

All modern cryptography is subject to the famous ITAR

regulations that put cryptography on the munitions list
and requiring licensing prior to export. A license is
required regardless of the manner in which the technical
data is transmitted, whether the transfer is in person,
by telephone, through correspondence or electronically.
[22 C.F.R. para 125.2] Appendix 3 presents some of the
pertinent sections. The entire ITAR file of 125 pages
has been transmitted to the Crypto Drop Box for the
student to download. Appendices 2 and 4 illustrate
current issues in the debate about modern cryptography.
The export license is required for the export of
unclassified technical data. Category XIII (b) 1 of the
Munitions Control List covers cryptographic equipment.

ITAR EXCEPTIONS

ITAR govern what products can and cannot be subjected to

export controls. These regulations clearly define a set
of conditions in which information considered to be in
the "public domain" can not be subject to these
controls. In the ITAR itself, public domain is defined
as information published and that is generally
accessible or available to the public:

o through sales at bookstores

o at libraries

o through patents available at the patent office, and

o through public release in any form after approval by

the cognizant U.S. Government department or agency.

Recreational and Classical Cryptography, i.e. everything

taught in my class, falls under the first two and last
exception to the ITAR regulations. [ITAR], [HOFF]
PURPOSE OF ENCRYPTION

Recall from Lecture 1 that in a cryptosystem plaintext

is acted upon by a known algorithm (set of mathematical
rules to determine the transformation process to cipher-
text) and a key which controls the encryption / decrypt-
ion algorithm to transform the data into cipher-text.
In a system using a key, the message cannot be trans-
formed without the key. Two types of key systems exist:
symmetric or private key systems and asymmetric, or
public key systems.

The basic purpose of encryption (beyond enjoyment for

some of us as in ACA recreational cryptography) is to
protect sensitive data from unauthorized disclosure.
When computer systems are involved, this data can be
data stored within the system or data transmitted across
insecure public carriers.

A sender authorizes a transmission medium to carry a

message to a receiver. The message is exposed during the
transmittal and subject to possible eavesdropping and
/or alteration. Any intruder who intercepts the message
might be able to interrupt it or modify it (which
includes possibly fabricating a false but authentic -
looking message.)

The availability of the message is affected if the

intruder successfully interrupts the transmission. The
confidentiality, or secrecy, of the message is affected
when it is intercepted because the intruder can read it,
know its intentions, plan countermeasures or modify the
message for his own advantage. If the authentic- looking
but false message is successful substituted, then we
have an integrity issues as well.

Modern encryption methods are used to prevent the

exposures previously defined and offer desirable
features such as:

Data Confidentiality, or Secrecy, since messages must be

decrypted in order for information to be understood.

Data Integrity because some algorithms additional

protect against forgery or tampering.

Authentication of Message Originator, if the key has not

been compromised and remains secret.

Authentication of System User takes place by the user

performing a cryptographic function with a unique
cryptographic key.

Electronic Certification and Digital Signature, using

cryptographic algorithms to protect against unauthorized
modification and forgery of electronic documents.
Nonrepudiation, using secret key where either the sender
alone or only the sender and recipient can generate
"signed" messages. This is very important in the making
of electronic contracts.

MODERN CRYPTOGRAPHY: USING PRIVATE AND PUBLIC

CRYPTOGRAPHIC KEYS

Classical Cryptography Course, Volume I and II con-

centrate on symmetric ciphers of increasing levels of
difficulty. The two basic types of encryption are
substitution and transposition. We have studied cases
where both are applied to the cipher to increase its
security.

Most complex ciphers do not use either simple

substitutions or permutations (transpositions), relying
instead on a secret key (K) which controls a long
sequence of complicated substitutions and permutations.
The ciphertext message then depends on both the
plaintext message and the key value, as demonstrated by
equation 1:

C = E(K, P) eq. 1

The key (K) modifies the specific encryption algorithm

(E), which is then applied to transform the plaintext
(P) into ciphertext (encrypted message) (C).

Use of a key provides additional security because its

value, as well as the encryption algorithm, is required
in order to decrypt information. Two types of systems
use keys: private key and public key systems.

Private key systems (symmetric) use a single key to both

encrypt and decrypt information. A separate key is
needed for each pair of users. Security depends on
protection and secrecy of the key. The best known
private key system is the Data Encryption Standard,
first introduced to the public in 1977.

Public key systems, (asymmetric) or two-key, systems use

a public and a private key. The public key is publicly
known, even published, but the user must keep the
private key completely secret. The best known public key
system is the Rivest, Shamir, and Adelman (RSA)
algorithm.

In public key systems, the public and private keys are

mathematically related. Messages may be encrypted with
the public key, but only can be decrypted by the
recipient using the private key. great care must be
exerted in protecting the keys because we always assume
that the algorithm is known to a system perpetrator.
DATA ENCRYPTION STANDARD (DES)

DES is a private key 56-bit algorithm. The DES algorithm

is published by the National Institute of Standards and
Technology as Federal Information Processing Standard
(FIPS) 46-2. (download from our CDB) It is the only
published secret key system approved for protection of
Federal unclassified information and adopted by
American National Standards Institute (ANSI) for
commercial applications. In 1986, the ISO organization
recommended the use of DES as an international standard
called DEA-1. The recommendation was withdrawn soon
after. DES is widely used in financial applications to
protect trillions of dollars of electronic funds
transfers weekly. The key is a sequence of 8 bytes, each
containing 7 key bits and one parity bit; it is crucial
that the key remain secret.

DES uses substitution and transposition techniques

applied alternatively. When DES encrypts a single block,
the characters are scrambled 16 times ("rounds"), under
control of the key, and this results in 64 bits of
ciphertext. DES accommodates about 72 quadrillion key
combinations.

DES is embedded in many commercial products and is

popular with both government agencies and private
companies. NSA publishes a list of evaluated endorsed
DES products (NEDESPL). [HUTT]

KEY DISTRIBUTION DRAWBACK

A major problem with encryption is the secure distrib-

ution of encryption keys to multiple users across
networks. Two parties using a secret key system have to
agree on the key. Because it is not safe to transmit the
key over the communication channel, the parties have to
meet personally to agree on the key or exchange keys via
a courier. There are vulnerabilities in both of these
techniques. Alternatively, if the key itself is
encrypted using a different (public key) algorithm, the
key may be transmitted over a communications link.

RIVEST, SHAMIR, AND ADLEMAN ALGORITHM (RSA)

The best known public key algorithm is RSA. The keys are
generated mathematically, in part by combining prime
numbers. Each user has a public and a private key.
Devised in 1978 at MIT, this system has 512 bit, and
1024 bit ( in some commercial versions higher) keys and
provides authentication in addition to encryption.

Typically, the sender encrypts his message using a

secret-key algorithm. Next, the sender uses a public-key
system to encrypt the secret key with the receiving
party's public key. The sender transmits both the
encrypted message and the encrypted key across the
communication channel. The recipient decrypts the secret
key first, by using his public key. Once the secret key
has been decrypted, the recipient uses it to decrypt the
main message. This type of cryptographic system is a
hybrid.

With public-key cryptography, any party can use any

public key to send an encrypted message. However, that
message can only be decrypted by a party having the
corresponding private key. [LEVD], [HUTT]

CRYPTOGRAPHIC NETWORKS

To form a cryptographic network, each network user

should be provided with the same algorithm but with
different keys so that messages sent by one node in the
network can only be deciphered by the intended recipient
node. Figures 19-1 to 19-3 show three different
cryptographic networks. Each Kn represents a different
key.

Figure 19-1
A Fully Connected End-To-End Network

ZDDD? K6 ZDDD?
3 2 3 <----------> 3 4 3DDDD? K4
@DDDYD? @DDDY 3
3K1 @?K2 3 K5 3
3 @DDDDDD? 3 3
ZDDD? K3@DDDDDZDDD? 3
3 1 3 <-----------> 3 3 3 3
@DBDY @DDDY 3
@DDDDD<DDDDDD>DDDDDDDDDDDDDY

When end-to-end encryption is used, both the sender and

receiver must be equipped with compatible hardware.
After validating each other, the two units exchange
encryted data. Messages are encrypted by the sender and
decrypted only at the final destination.

Figure 19-2
A Link Encrypted Network

ZDD? K1 ZDD? K2 ZDD? K3 ZDD?

31 3 <DDDDDD> 32 3 <DDDDDD> 33 3 <DDDDDD> 3 43
@DDY @DDY @DDY @DDY
Link encryption involves a series of nodes, each of
which decrypts, reads, and then re-encrypts the message
as it is transmitted through the network. With link
encryption, both source and the destination remain
private, and no synchronization of special equipment is
required. However, more nodes = more possibilities of
the message being intercepted and/ or modified.

Figure 19-3
A Hybrid Network

ZDD? K1 K5 ZDD?
32 3 >DDD? ZDD<36 3
@DDY 3 3 @DDY
3 3
ZDD? K2 ZDD? K4 ZDD? K6 ZDD?
31 3 DDDDDDD> 33 3 <DDDDDD-> 35 3 <DDDDDDD 3 73
@DDY @BDY @DDY @DDY
3 3
ZDD? 3 3 ZDD?
34 3 >DDDY @DD<38 3
@DDY K3 K7 @DDY

In a hybrid network, there is communication between a

large number of secondary stations and a single main
station all using separate master keys. A few stations
intercommunicate with each other.

Figure 19-4
A Central Key Distribution Facility

ZDD?
ZDDDDDDDD 32 3 DD DD D?
@DDY 3
3 3
3 K1 3
3 3
ZDD? 3
3 31 3
@DDY 3
3 3
3 3
3 3
ZDD? K2 3 K3 ZDD?
 34 3 D D D DAD D D DD 33 3
@DDY @DDY

It would seem that preferable to use a public-key system

for cryptography, because of its versatility, it is
slower that the equivalent private key cryptosystems, by
order of 10,000 times or more. The new t3-100 Cray
machine can do 3 trillion operations a second! Think
how that will effect cryptographic searches in the
future. The hybrid system uses the best of both kinds of
systems. The speed advantage of the private key
cryptography is used for encrypting and transmitting.
Public key transactions are for the smaller transm-
issions. A typical combination (for a hybrid) is to
employ a public dual key for encryption and for the
distribution of the private keys, and the private-key
system for bulk data.

The central key facility is useful when it is

undesirable to entrust individual stations with control
of cryptographic keys. Two stations wishing to
communicate request a session key from the central
station. The key generated at the central station is
sent to both stations encrypted in each stations master
key. The master key list is known only to the central
station. [HUTT] (LEVD)

PRETTY GOOD PRIVACY (PGP)

This system is a public-key system invented by Phillip

Zimmerman and draws upon the International data Standard
(IDEA) and RSA algorithms. By far the defacto standard
for the Internet and public. NSA has not endorsed it.
Amateurs swear by it. It appears to be out of the legal
hassle mode. More on this system in a future lecture.

PRIVACY ENHANCED MAIL (PEM)

A system that uses both message encryption and digital

signatures, PEM encrypts messages and authenticates
senders of E-mail. PEM was a child of DARPA and uses DES
on the front-end for encryption and RSA for sender
authentication. Trusted Information Systems introduced
it commercially. The federally funded Clipper/Skipjack
is now recommended as a substitute for PEM. [LEVD]

KEY MANAGEMENT AND DISTRIBUTION

Key management involves the secure generation,

distribution, storage, journaling, and eventual disposal
of encryption keys. The adequacy of key management is a
significant factor in using encryption as a security
method. Keys can be either distributed via escorted
courier, magnetic media, or via master keys that are
then used to generate additional keys.
Cryptographically protected data is dependent on the
protection of the encryption keys. The entire system can
be compromised by the theft, loss or compromising of a
key. Standards for key management have been developed by
ISO, ANSI, federal government and the American Banking
Association. Key management is crucial to maintaining
good, cost-effective, and secure communications between
a large number of users.

IMPLEMENTATION CONSIDERATIONS

Media

Cryptography can take place in software, hardware, or

firmware. The least efficient and cheapest media is
software.

Configurations

In-line, off-line, embedded, and stand-alone are four

different types of configurations, each with its own
requirements, need to considered when implementing
cryptosystems.

1. Inline. The communications equipment is external to

the cryptosystem. The handoff occurs after encryption
to the communications device.

2. Off-line. The source controls all encryption,

storage, and communications facilities.

3. Embedded. Configurations may be off or on line. The

main requirement is that the cryptographic module be
embedded or contained within the computer and the
interface with that computer.

4. Stand-alone. These require that the cryptographic

module is separately enclosed outside of the host
and physically secured.

NIST FIP's 140-1 is entitled "Security Requirements in

Cryptographic Modules," describes four levels of
security ranging from commercial grade security to
penetration/tamper resistant.

ONE-TIME CIPHER KEYS

Discussed in Volume I in detail.

DIGITAL SIGNATURES AND NOTATIONS

RSA and DSA are the best known digital signature

algorithms. The latter was invented by NSA and approved
for government use. NIST has supported the DSA
algorithm. Both are tools for authenticating the user
and origin of the message and the identity of the
sender. A digital signature is unforgeable, verifies
the signer, is not reusable, cannot be repudiated and
proves that the sender did not sign an altered document.
DSA is based on the SHA (Secure Hashing Algorithm) and
is described in FIPS PUB 180 "Secure Hash Standard."

CARTE A MEMOIR (Memory Card)

The French invented the smart card which contains a chip

to process information in protected memory. They are
used for access control and for end-to-end encryption
schemes.

CYBER NOTARIES

The American Bar Association has developed rules for

electronic notaries for commerce that incorporate
digital signatures. Ben Wright of NCSA is the leading
authority on this kind of commerce.

KERBEROS

Among the commercial authentication systems, the most

popular is Kerberos. Developed at MIT, it verifies the
user and incorporates unique session keys for client
/server communications via a ticket-granting server.
Scientific American described the system accurately and
vividly in August 1994.

TEMPEST

This program was established in 1950's to shield

electronic equipment from electromagnetic radiations
(Van Ek emissions) that could be intercepted and "read".
TEMPEST is an entire vendor evaluation program for the
equipment that contains emanations via a special shield.

THE CLIPPER/SKIPJACK CHIP CONTROVERSY

In October 1985, NSA announced plans to phase out DES in

favor of the technique of "embedding" cryptography into
electronic communications within the United States.

The Clipper Chip, renamed Skipjack because of a

trademark conflict, is a U.S. Government-sponsored
tamper resistant chip for voice encryption that employs
a classified algorithm and a key escrow facility.
Capstone, which uses the Skipjack algorithm, is a data
encryption chip that adds digital signatures and key
exchange enhancements. Each chip contains an 80-bit key
that is split into two parts immediately following
manufacture. Each half of the key is deposited into
custody of a trusted "escrow agent." NSA designed it
during the Reagan Administration and proposed it in
April 1993 for both government and public use.

Once installed in telephones, by use of a secret

military algorithm, the chip would turn the telephones
into gibberish for everyone but the speaker and the
intended listener. [Similar to the STU-III secure system
in some ways.] The uniqueness and the controversy of
Skipjack lies in the LEAF (law enforcement access field)
that allows law enforcement, with cooperation of the two
parties, to listen under certain circumstances and to
decipher Clipper-encrypted traffic. Any government
agency desiring to legally listen to the owner of a
communications device that contains the chip, the
government agency would present evidence of lawful
authority to the escrow holders, who would then reveal
the key pairs that the agency would join in order to
begin listening to the conversations. Notification of
the target (subject) is not necessary.

When Clipper Chip was announced, it was stated that

there was no plan to legislate Clipper as the only means
to protect telecommunications. However, Clipper
Skipjack can only achieve its stated objectives if
everyone uses it. Manufacture of the chips would be
closely controlled with "trusted" companies.

Mykotonx was chosen to program the chips, VLSI was

chosen to manufacture the chips, and NSA would design
the algorithms and protocols. Additional points of
compromise would be the trusted facilities, which hold
the keys, and the FBI, which actually decrypts the
Clipper traffic.

The American public, EFF (Electronic Frontier

Foundation) and a consortium of companies DEC, HP, IBM,
SUN, MCI, Microsoft, Apple, and AT&T opposed the Clipper
Chip and submitted 118 questions to the White House.

The NIST, on July 30, 1993 issued a request for public

comments on its proposal to establish Clipper/Skipjack
as a FIP. Clipper/Skipjack can not be implemented in
software, which closed out more of the commercial
market. RSA data security had more than a million
packages licensed by 1992 and another million expected
because of the Macintosh OS and Novell Netware 4.0
deals.

There was such a controversy over Clipper/Skipjack that

by July 1994, the government announced that it was no
longer seeking to make this the standard form of
encryption, although NIST officials do not intend to
issue the DES standard again in its current form.

The Clinton Administration has taken up the cause and

issued numerous trial balloons to force the issue.
See Appendix 4 for a recent balloon.

When separated from the government's proposed

implementation of Clipper/Skipjack, the concept of key
escrow cryptography does have applicability for
commercial use. Business managers fear possible
extortion by unsavory employees who would hold corporate
data for ransom by withholding encryption keys. Key
escrow cryptography could eliminate this problem, but in
addition to the friction created by the government's
proposed implementation, there appear to be too many
vulnerabilities involved with the Clipper/Skipjack to
make the system acceptable in its current form.

LECTURE 18 SOLUTIONS
18-1. Unidecimal square root. (Three words 0-E) MARSHEN

LO'SE gives root it; - KF = EKSE; - ERRE = EWH

Answer: HE WORKS LIFT

18-2. Duodecimal division. (Two words, 0-E) CODEX

BRIDGE / CLUBS = CC; - DUHRE = BRHEE; - DUHRE = BOLO

Answer: ORCHID BUGLES

Appendix 1
 TIS Worldwide Survey of Cryptographic Products

Crypto Survey - Domestic Products:Summary listing of

domestic cryptographic products as of 7/25/96
-----------

2010 Software Corp.

3Com Corp.
ADT Security Systems
ASC Systems
ASD Software, Inc.
AT&T Bell Laboratories
AT&T Datotek, Inc.
Acma
Adobe Systems, Inc.
Advanced Encryption Systems
Advanced Engineering Concepts, Inc.
Advanced Micro Devices, Inc.
Advanced Network Services, Inc.
Aladdin Software Security, Inc.
Alcatel TITN Inc.
Alsoft, Inc.
American Computer Security
Antelope Production, Inc.
Apple Computer
Applied Software, Inc.
Argus Systems Group Inc.
Arkansas Systems, Inc.
Arkhon Technologies, Inc.
Ashton Tate
Atalla Corp.
Atemi Corporation
Automated Design Systems Inc.
Axent Technologies
BCC
BOE Corp.
Bankers Trust Company
Banyan Systems Inc.
Bellcore
Bi-Hex Co.
Bill Dorsey, Pat Mullarky, and Paul Rubin
Borland
Braintree Technology
Burroughs
CDSM Inc.
COGON Electronics, Inc
COM & DIA, L.L.C.
Casady and Greene
Centel Federal Systems, Inc.
Central Point Software
Certus International
Cettlan Corp.
CheckPoint Software Technologies
Cincinnati Microwave Communications, Inc.
Clarion
Codex Corp.
Cohesive Systems
Collins Telecommunications Products Division
Comm Touch Software Inc.
Command Software Systems
Commcrypt
Communication Devices, Inc.
Complan
Computer Associates International, Inc.
Connect, Inc.
Cordant
Cray Communications, Inc.
Cryptall
Cyber-Safe
CyberSafe Corporation
Cybernetics
Cycomm Corp.
Cylink Corp.
Cyno Technologies Inc.
Cypress Data Systems
DSC Communications
DataEase International
Datakey, Inc.
Datamedia Corporation
Datawatch, Triangle Software Division
Digital Crypto
Digital Delivery, Inc.
Digital Enterprises, Inc.
Digital Equipment Corp.
Digital Pathways
Digital Secured Networks Technology Inc.
Dolphin Software
Dowty Network Systems
E-Systems
Eave Stopper
Enigma Logic, Inc.
Enterprise Integration Technology
Enterprise Solutions Ltd.
Ergomatrix
Everett Enterprises
Software Corporation
Fairchild Semiconductor
Fifth Generation Systems, Inc.
Fischer International
Front Line Software
Funk Software
Gemplus Card International
General Electric Company
General Kinetics, Inc.
General Magic
Gerald J. DePyper
Glenco Engineering
Group Technologies
Harcom Security Systems Corp.
Harris Computer Systems Corporation
Hawkeye Grafix, Inc.
Helpful Programs, Inc.
Hilgraeve, Inc.
Hughes Aircraft Company
Hughes Data Systems, Inc.
Hughes Network Systems - Maryland
Hydelco, Inc.
Ilex Systems Inc.
Info Security Systems
Info Tel Corp.
Info-ZIP
InfoNow Corporation
Information Resource Engineering (IRE)
Information Security Associates, Inc.
Information Security Corp.
Innovative Communications Technologies, Inc.
Inside Technologies, Inc.
Intel
Intelligent Security System Inc.
Inter-Tech Corp.
International Business Machines, Inc. (IBM)
International Micro Industries (IMI)
Interscan Corp.
Isocor
J.G. Van Dyke & Associates, Inc.
John E. Holt and Associates
John Walker
Jones Futurex
KarlNet, Inc.
Kensington Microware Ltd.
Kent Briggs
Kent Marsh Ltd.
Key Concepts
Kinetic Corp.
Kommunedata
Lassen Software, Inc.
Lattice, Inc.
Lexicon, ICOT Corporation
Litronic Industries (Information Systems Division)
Livermore Software Laboratories, Inc. (LSLI)
Lockheed Martin Advanced Technology Laboratories
Lotus Development Corp.
MARX International, Inc.
MCTel
Maedae Enterprises
Magna
Marathon Computer Press
Marcor Enterprises
Mark Riordan
Massachusetts Institute of Technology (MIT)
Matsushita Electronic Components Co.
Mergent International
Merritt and Colstan
Micanopy MicroSystems, Inc.
Micro Card Technologies, Inc.
Micro Security Systems, Inc.
Microcom Inc. (Utilities Product Group)
Microlink Technologies, Inc.
Microrim
Microsoft
Mike Ingle
Morning Star Technologies
Morse Security Group, Inc.
Motorola
Mykotronx, Inc.
National Semiconductor
NetPro Computing Inc.
Netscape Communications Corporation
Network Systems Corporation
Network-1, Inc.
Networking Dynamics Corp.
Nixdorf Computer Corporation
Norton
Novell, Inc.
Open Commerce
Open Computing Software Group, Inc. (OCSG)
Open Software Foundation
Optimum Electronics, Inc.
Oracle
Otocom Systems, Inc.
PC Dynamics, Inc.
PC Guardian
PC Plus, Inc.
PKWARE Inc.
PMC Electronics
Pacific Communication Sciences, Inc.
Paradyne Corporation
Paralon Technologies
Personal Computer Card Corp.
Pinon Engineering, Inc.
Premenos
Pretty Good Privacy, Inc.
Prime Factors
Qtrain Corporation
RSA Data Security, Inc.
Racal-Guardata
Radix2 Software Engineering
Rainbow Technology
Raptor Systems, Inc.
Raxco
Retix
Ross Engineering, Inc.
Rothenbuhler Engineering
Rudaw/Empirical Software Products Ltd.
S Squared Electronics
SCO
SOS Corporation
SPRY/CompuServe
SVC
Safe Call
Safetynet
Samna Corp.
Scrambler Systems Corp.
Scrambler Technologies, Inc.
Sector Technology
Secur-Data Systems, Inc.
Secura Technologies
Secure Computing Corporation
Secure Systems Group International, Inc.
SecureWare, Inc.
Security Microsystems, Inc.
Semaphore Communications Corporation
Sentry Software
Sentry Systems, Inc.
Silver Oak Systems
SmartDisk Security Corp. (SDSC)
Smartstuff Software
Software Directions, Inc.
Software Solutions, Inc.
Solid Oak Software
So phCo, Inc.
Sota Miltope
Spyrus, Inc.
StarNine Technologies, Inc.
Stellar Systems, Inc.
Sterling Software Inc. (System SW Mktg. Div.)
Sterling Software Interchange Software Division
Steven Ryckman
Sun Microsystems, Inc.
SunSoft
Symantec
Techmar Computer Products, Inc.
Techmatics, Inc.
Technical Communications Corp. (TCC)
Tecsec, Inc.
Telenetics Corporation
Telequip Corp.
Telos Corp.
Terisa Systems
Terry Ritter
Texas Instruments, Inc.
The Exchange
Thumbscan, Inc.
Titan Linkabit
Tracor Aerospace Inc.
Tracor Ultron
TradeWave
Transcrypt International
TriTeal Corp.
Trigram Systems
Triton Systems
Trusted Information Systems, Inc.
UNISYS Corp.
UTI-MACO
UUNet Technologies, Inc.
United Software Security
UsrEZ Software, Inc.
V-ONE Virtual Open Network Enviroment Corp.
VLSI Technology, Inc.
Vasco Data Security, Inc.
Verdix Corp. (Secure Products Division)
VeriSign, Inc.
ViaCrypt
Visionary Electronics
WRQ, Inc.
WTShaw
Wang Laboratories
Wells Fargo Security Products
Western DataCom Co., Inc.
Western Digital Corporation
Will Price
WordPerfect Corp
XTree
Xetron Corp.
Zoomit International
ZyXE L

Crypto Survey - Foreign Products Summary listing of

foreign cryptographic products as of 7/25/96
----------------

ARGENTINA
Hugo D. Scolnik
Newnet S.A.

AUSTRALIA
Cybanim Pty Ltd.
Eracom Pty Ltd.
Eric Young
Microlock
Mosaic Industries
News Datacom
Randata

AUSTRIA
Siemens AG Austria

BELGIUM
CNET
Highware, Inc.
Lintel Security
UTI-MACO Belgium

CANADA
Border Network Technologies, Inc.
CRYPTOCard Corporation
Certicom
Chrysalis ITS
Compression Technologies, Inc.
FSA
Isolation Systems
Micro Tempus, Inc.
Milkyway Networks Corporation
Northern Telecom Canada Ltd. (Data Comm. Products)
Northern Telecom Canada Ltd. (Secure Networks)
Okiok Data
Queen's University
Secured Communications Inc. (SCI)
Sierra Wireless
The Enigma Group
TimeStep Corporation
Tundra Semiconductor Corp.
Zoomit Corporation

CZECH REPUBLIC
Decros spol. s r .o.

DENMARK
Aarhus University, Computer Science Department
CryptoMathic
GN Datacom
LSI Logic/Dataco AS

FINLAND
Antti Louko
Jetico, Inc.
SSH Communications Security Oy

FRANCE
ActivCard
Atlantis
Digital Equipment Corp. (DEC), Paris Research Lab
Hewlett Packard France
Philips Communication Systems

GERMANY
Andreas Kupries
Baller & Huwig
CE Infosys GmbH
Celticon
DataSafe
EZI GmbH
FAST ComTec GmbH
GMD
Gliss & Herweg
Jurgen Meyer, Frank Gadegast
Karl Huwig
KryptoKom
SIT
Siemens-Nixdorf
Stefan D. Wolf
TeleSecurity Timmann
Telenet Kommunikation Systeme
UTI-MACO GmbH

HONG KONG
Triple D Ltd.

INDIA
Bharat Electronics Ltd.
Chenab Info Technology

IRAN
Communications Industries Group
IRELAND
Baltimore Technologies Ltd.
Eurologic Systems, Ltd.
Systemics Ltd.

ISRAEL
Aladdin Knowledge Systems, Ltd.
Algorithmic Research Ltd.
Aliroo Ltd.
Carmel Software Engineering Ltd.
Elementrix Technologies Ltd.
EliaShim Microcomputers Ltd.
Secure Network Systems, Ltd.

ITALY
AMTEC SPA
CERT-IT
Eutron Spa

JAPAN
Fujitsu Labs Ltd.

MEXICO
The King of Hearts

NETHERLANDS
Concord Eracom Nederland BV
DigiCash
Incaa Datacom BV
Philips Crypto B.V.
Pijnenburg
Verspeck & Soeters b.v.

NEW ZEALAND
LUC Encryption Technology, Ltd. (LUCENT)
Peter Gutmann

POLAND
Enigma Information Security Systems

RUSSIA
Ancort
Askri
Elias Ltd.
INFORM -RTG
LAN Crypto
ScanTech
TELECRYPT, Ltd.

SOUTH AFRICA
Denel Informatics
NetSec
Sentera

SWEDEN
AU-System Communication AB
Ardy Elektronics
Business Security AB
COST Computer Security Technologies International
DynaSoft
Henry Padilla
SECTRA AB
SONNOR Crypto AB
Stig Ostholm

SWITZERLAND
ASCOM Tech AG
Crypto AG
Gretacoder Data Systems AG
Omnisec AG
Safeware AG

UK
Apricot Computers, Ltd.
Avant Guardian Ltd.
British Telecom
Data Innovation Ltd.
DataSoft International Ltd.
Digital Crypto
Finansa
GEC-Marconi Secure Systems
Global CIS Ltd.
ICL Secure Systems
IQ International
International Data Security, Ltd.
J.R.Ward Computers Ltd.
J.S.A. Kapp
JPY Associates Ltd.
Jaguar Communications Ltd.
Microft Technology Ltd.
PC Security Ltd.
Plessy Crypto
Plus 5 Engineering Ltd.
Portcullis Computer Security Ltd.
Protection Systems Ltd.
Racal Airtech Computer Security
S&S International PLC
Sophos Ltd.
University College London
Zergo, Ltd.
Zeta Communications Ltd.

Appendix 2

BERNSTEIN v UNITED STATES CRYPTO CASE

The complexity of the constitutional privacy issues

are demonstrated by the current Bernstein Case.

Case Background

While a graduate student at the University of California

at Berkeley, Bernstein completed development of an
encryption equation (an "algorithm") he called
"Snuffle." Bernstein wished to publish a) the algorithm,
(b) a mathematical paper describing and explaining the
algorithm, and (c) the "source code" for a computer
program that incorporates the algorithm. Bernstein also
wished to discuss these items at mathematical con-
ferences, college classrooms and other open, public
meetings. The Arms Export Control Act and the Intern-
ational Traffic in Arms Regulations (the ITAR regulatory
scheme) required Bernstein to submit his ideas about
cryptography to the government for review, to register
as an arms dealer, and to apply for and obtain from the
government a license to publish his ideas. Failure to
do so would result in severe civil and criminal
penalties. Bernstein believed this was a violation of
his First Amendment rights and sued the government.

In the first phase of this litigation, the government

argued that since Bernstein's ideas were expressed, in
part, in source code, they were not protected by the
First Amendment. On April 15, 1996, Judge Marilyn Hall
Patel in the Northern District of California rejected
that argument and held for the first time that computer
source code is protected speech for purposes of the
First Amendment.

Because of its far-reaching implications, the Bernstein

case is being watched closely by privacy advocates, the
computer industry, the export and cryptography comm-
unities, and First Amendment activists. In fact,
several members of these communities provided declar-
ations that were submitted in support of Bernstein's
motion.

On 26 July 1996, Bernstein filed a motion for partial

summary judgment in his suit against the State
Department that could strengthen his claim that
government restrictions on information about crypt-
ography violate the First Amendment's protections for
freedom of speech. In his 45-page memorandum in support
of his motion, Bernstein set forth several First
Amendment arguments:

Legal Arguments

* Any legal framework that requires a license for

First Amendment protected speech, which may be granted
or withheld at the discretion of a government official,
is a prior restraint on speech. In order for this
framework to be acceptable, the government has the
burden of showing that publication will "surely result
in direct, immediate, and irreparable damage to our
Nation or its people" and that the regulation at issue
is necessary to prevent this damage. The government has
not met this burden regarding the ITAR legal framework.
* Because restrictions on speech about cryptography
are content-based, the court must apply a strict
scrutiny test in determining whether individuals can be
punished for engaging in this speech. A strict scrutiny
test requires that a regulation be necessary to serve a
compelling state interest and that it is narrowly drawn
to achieve that end. The ITAR regulatory scheme has
adopted the *most* restrictive approach by prohibiting
all speech in the area of cryptography.

* The ITAR regulatory framework lacks the necessary

procedural safeguards. Grants of administrative
discretion must be limited by clear standards, and
judicial review must be available. "Quite simply, the
ITAR Scheme allows its administrative agencies to make
inconsistent, incorrect and sometimes incomprehensible
decisions censoring speech, all without the protections
of judicial review or oversight."

* The ITAR framework is unconstitutionally vague.

The government doesn't even seem to know what its
regulations include and exclude! Here, the lack of
standards has allowed the government to misuse a statute
aimed at commercial, military arms sales to limit
academic and scientific publication.

* The ITAR regulatory scheme is overbroad. In an

internal memo written almost 20 years ago, the govern-
ment's own Office of Legal Counsel concluded that the
ITAR's licensing standards "are not sufficiently
precise to guard against arbitrary and inconsistent
administrative action." The OLC specifically warned
that the coverage was so broad it could apply to
"communication of unclassified information by a
technical lecturer at a university or to the conver-
sation of a United States engineer who meets with
foreign friends at home to discuss matters of
theoretical interest." This is exactly what is
happening here, and it is unconstitutional.

Full text Available

The legal arguments expressed above in the Bernstein

case are taken from material available from the
Electronic Frontier Foundation (EFF) online archives.
Full text of the lawsuit and other paperwork filed in
the case is available from EFF's online archives:

http://www.eff.org/pub/EFF/Policy/Crypto/
ITAR_export/Bernstein_case/ ftp.eff.org,
pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case
/ gopher.eff.org,
1/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
 Appendix 3

FEDERAL REGISTER
VOL. 58, No. 139
Rules and Regulations
DEPARTMENT OF STATE
Bureau of Politico-Military Affairs
22 CFR Parts 120, 121, 122, 123, 124, 125, 126, 127,
128, and 130
[Public Notice 1832]
Amendments to the International Traffic in Arms
Regulations
Part II
 58 FR 39280

DATE: Thursday, July 22, 1993

ACTION: Final rule.

SUMMARY: This rule amends the regulations implementing

section 38 of the Arms Export Control Act, which governs the
import and export of defense articles and services. The rule
clarifies existing regulations and reduces the regulatory
burden on exporters of defense articles and services.
Although this is a final rule public comment is welcome and
will be taken into account to the extent possible.

EFFECTIVE DATE: This final rule is effective July 22, 1993.

FOR FURTHER INFORMATION CONTACT: Information regarding this

notice may be obtained from James Andrew Lewis, U.S.
Department of State, Bureau of Politico- Military Affairs
(202-647-4231), Mal Zerden or Allan Suchinsky, U.S.
Department of State, Office of Defense Trade Controls (703-
875-6644).

SUPPLEMENTARY INFORMATION: The regulations implementing

section 38 of the Arms Export Control Act were last revised
substantially in November 1984. A proposed rule was published
on May 7, 1992 (57 FR 19666), for public comment. This Final
Rule clarifies and simplifies the current regulations.
Certain sections are consolidated while others are revised in
the interests of clarity and consistency. To the extent
possible, related sections are cross-referenced. In amending
the regulations, public comments and suggestions from
industry and other U.S. agencies have been considered and in
many cases incorporated into the regulations.

The most significant changes are an increase in the

validity period of a license from three to four years and a
revision of the policy used by the Department for designating
defense articles that takes into account civil application
and functional equivalence. Several new exemptions from
licensing requirements are also established. These exemptions
will cover exports under approved manufacturing or technical
assistance agreements; spare parts valued at $ 500 or less;
intra-company transfers of components being sent abroad for
assembly; temporary imports for repair and servicing; and
items which were previously licensed for temporary export to
trade shows.

Other changes include a clarification of the commodity

jurisdiction process, which establishes a review period and
specifies the appeal process. The definition of public domain
is expanded and clarified. An exception allows for the re-
export of certain U.S.-origin components to the Governments
of NATO countries, and the Governments of Japan and Australia
without prior U.S. approval for components which are not
significant military equipment or controlled for purposes of
the Missile Technology Control Regime and do not require
Congressional notification.
 PART 121-THE UNITED STATES MUNITIONS LIST

Category XIII-Auxiliary Military Equipment

(a) Cameras [including space cameras] and specialized

processing equipment therefor, photointerpretation,
stereoscopic plotting, and photogrammetry equipment which are
specifically designed or modified for military purposes, and
components specifically designed or modified therefor;

(b) Information Security Systems and equipment, cryptographic

devices, software, and components specifically designed or
modified therefor, including:

(1) Cryptographic (including key management) systems,

equipment, assemblies, modules, integrated circuits,
components or software with the capability of maintaining
secrecy or confidentiality of information or information
systems, except cryptographic equipment and software as
follows:

(i) Restricted to decryption functions specifically

designed to allow the execution of copy protected
software, provided the decryption functions are not
user-accessible.

(ii) Specially designed, developed or modified for use in

machines for banking or money transactions, and
restricted to use only in such transactions.
Machines for banking or money transactions include
automatic teller machines, self-service statement
printers, point of sale terminals or equipment for
the encryption of interbanking transactions.

(iii) Employing only analog techniques to provide the

cryptographic processing that ensures information
security in the following applications:

(A) Fixed (defined below) band scrambling not exceeding 8

bands and in which the transpositions change not more
frequently than once every second;

(B) Fixed (defined below) band scrambling exceeding 8

bands and in which the transpositions change not more
frequently than once every ten seconds;

(C) Fixed (defined below) frequency inversion and in which

the transpositions change not more frequently than
once every second;

(D) Facsimile equipment;

(E) Restricted audience broadcast equipment;

(F) Civil television equipment.

Note: Special Definition. For purposes of this
subparagraph, fixed means that the coding or compression
algorithm cannot accept externally supplied parameters
(e.g., cryptographic or key variables) and cannot be
modified by the user.

(iv) Personalized smart cards using cryptography

restricted for use only in equipment or systems
exempted from the controls of the USML.

(v) Limited to access control, such as automatic teller

machines, self-service statement printers or point of
sale terminals, which protects password or personal
identification numbers (PIN) or similar data to
prevent unauthorized access to facilities but does not
allow for encryption of files or text, except as
directly related to the password of PIN protection.

(vi) Limited to data authentication which calculates a

Message Authentication Code (MAC) or similar result
to ensure no alteration of text has taken place, or
to authenticate users, but does not allow for
encryption of data, text or other media other than
that needed for the authentication.

(vii) Restricted to fixed data compression or coding

techniques.

(viii) Limited to receiving for radio broadcast, pay

television or similar restricted audience
television of the consumer type, without digital
encryption and where digital decryption is limited
to the video, audio or management functions.

(ix) Software designed or modified to protect against

malicious computer damage, (e.g., viruses).

Note: A procedure has been established to facilitate the

expeditious transfer to the Commodity Control List of mass
market software products with encryption that meet
specified criteria regarding encryption for the privacy of
data and the associated key management. Requests to
transfer commodity jurisdiction of mass market software
products designed to meet the specified criteria may be
submitted in accordance with the commodity jurisdiction
provisions of S 120.4.

Questions regarding the specified criteria or the

commodity jurisdiction process should be addressed to the
Office of Defense Trade Controls. All mass market
software products with cryptography that were previously
granted transfers of commodity jurisdiction will remain
under Department of Commerce control. Mass market software
governed by this note is software that is generally
available to the public by being sold from stock at retail
selling points, without restriction, by means of over the
counter transactions, mail order transactions, or
telephone call transactions; and designed for installation
 by the user without further substantial support by the
supplier.

(2) Cryptographic (including key management) systems,

equipment, assemblies, modules, integrated circuits,
components or software which have the capability
of generating spreading or hopping codes for spread
spectrum systems or equipment.

(3) Cryptanalytic systems, equipment, assemblies, modules,

integrated circuits, components or software.

(4) Systems, equipment, assemblies, modules, integrated

circuits, components or software providing certified
or certifiable multi-level security or user isolation
exceeding class B2 of the Trusted Computer System
Evaluation Criteria (TCSEC) and software to certify
such systems, equipment or software.

(5) Ancillary equipment specifically designed or modified

for paragraphs (b) (1), (2), (3), (4) and (5) of this
category;

Appendix 4

CLINTON'S ENCRYPTION PLAN WITH KEY RECOVERY SYSTEM

The New York Times reported in its section C1, on 1

October 1996, that:

-- Attempting to compromise with critics of its "key

escrow" approach to data encryption, the Clinton
Administration now plans to begin allowing U.S.
computer companies to export software using powerful
encryption codes (or "keys") up to 56 bits long.
However, the government will require those companies to
develop, within two years, a "key recovery" system
allowing U.S. law enforcement or anti-terrorist groups
armed with a search warrant to get the key from the
several third-party companies, each of which would hold
one part of the key. IBM and some other large companies
are supporting the plan, but other companies are
expected to oppose it. The system will be successful
only if the Administration can convince other countries
to adopt the same kind of system.

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

28 NOVEMBER 1996
Revision 0

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 20

CODES

SUMMARY

Lecture 20 covers historical use of codes and code

systems. We will trace their development and look at
some examples of famous code systems. We will develop
our subject with the help of several expert references.
[FR8 ], [OAKL], [KAHN], [DEVO], [WEBE], [DEV3], [ELLI],
[ACME], [LINC] [SIG2], [DAGA], [TRIT], [MACB], [COLE],
[NICH], [MANS], [MAN1], [WEBE]

CODE SYSTEMS

A code system is a highly specialized form of substit-

bution. The basic principle underling code systems is
the replacement of entire words, long phrases, or
complete sentences constituting the plain text of a
message by arbitrarily selected equivalents having
little or no relation to the elements they replace;
these equivalents may be other words, groups of letters,
groups of figures, or combinations thereof. [FR8 ]

This replacement process is rarely applied to elements

smaller than whole words and when this is done the
elements are single letters, groups of letters, or
syllables. In a codebook, the words, phrases, and
sentences are listed in a systematic manner and
accompanied by their code equivalents; correspondents
must possess identical copies of the document in order
to be able to communicate with each other. An ordinary
dictionary may serve the purpose of code communication,
so far as single words are concerned, but as a rule a
specially prepared document containing the words,
phrases, and sentences suited to particular types of
correspondence is used. In the U.S. they are called
codebooks or codes. Other names come from different
locations: repertories, word books, and cipher
dictionaries.
TRITHEIM CODE BOOK

One of the earliest code books was developed by the

Benedictine Abbot, John Tritheim. He collected many of
the ciphers used in the European courts. He was familiar
with the occult and proposed a code based on cabalistic
words wherein he tried to hide the real meaning under
cover of a mysterious language. The courts burned his
book "Polygraphia" in great pomp and ceremony. John was
lucky that he didn't go with the fire. The first edition
was published in Latin in 1518, a French translation in
1541, followed by a German translation.

Part one of Polygraphia consisted of a number of code

words for each letter of the alphabet, but arranged in
such a manner that if each letter of the message was
replaced by a code word, the result was a complete
sentence having an innocent meaning. (Something akin to
the three column management techno-babble matrix that
was popular in the 80's - pick a word from columns A, B
and C, put them together and you have a clever sounding
and totally bogus phrase like "computer redundancy
equivalents'.) Table 20-1 shows the fourteen coded
alphabets illustrating the way they were meant to be
used:

Table 20-1

TRITHEIM'S CODE ALPHABETS

1st 2nd 3rd 4th

A Jesus Immortal Producing Angels

B God Omnipotent Saving Archangels
C Saviour Compassionate Illuminating Saints
D King Ineffable Conferring Spheres
E Pastor Universal Moderating Heavens
F Author Almighty Expressing Sea
G Redempter Magnificent Governing Earth
H Prince Puissant Disposing(of) World
IJ Maker Just Dominating Men
K Conservator Sempiterneal Creating Sun
L Governor Celestial Cognising Moon
M Emperor Divine Guiding All
N Moderator Excellent Blessing Hierarchies
O Rector Triumphant Constituting Bodies
P Judge Clement Confirming Spirits
Q Illustrator Peaceful Conducting Souls
R Illuminator Pacific Sanctifying Times
S Consolator Invisible Honouring Humanity
T Sire Eternal Ministrating Ages
UVW Dominator Invincible Exorcising Eternity
X Creator Benign Elevating Firmaments
Y Psalmist Pitiable Sustaining Stars
Z Sovereign Incomprehensible Vilifying Air
& Protector Excellent Ordering Cosmos
 5th 6th 7th 8th

A Gives (Tothe) Christians Eternal Life

B Delivers Requiring (needy) Perpetual Joy
C Attributes Faithful Infinite Joyousness
D Increases Attendants Angelic Glory
E Presents Righteous Immortal Consolation
F Renders Penitents Enduring Felicity
G Remits Good Incomprehensible Beatitude
H Renders Supplicants Incorruptible Jubilation
IJ Envoys Hopeful Durable Tranquility
K Transmits Patient Permanent Amenity
L Administers Afflicted Ineffable Recreation
M Permits All Celestial Clarity
N Inspires Tormented Divine Union
O Retributes Perturbed Interminable Peace
P Orders Desolated Perfect Light
Q Contributes Mortals Sincere Glorification
R Frees Humans Pure Benediction
S Confers Languishing Glorious Security
T Manifests Repentant Supernatural Favours
UVW Reveals Catholics Indicible Fruition
X Maintains In the World Peaceful Happiness
Y Admits Sinners Happy Light
Z Agitates Charitables Excellent Exultation
& Develops Virtuous Uplifting Pleasures

9th 10th 11th 12th

A (Together with in Heavens Majesty Incomprehen-

his Saints) sible
B Servants Ever and Ever Goodness God
C Loved Without end Kindliness Creator
D Saved In one Infinity Sapience Favour
E Beatified Perpetuity Charity Jesus
F Elected Sempiternity Power Transformator
G Confessors Enduring Infinity Dominator
H Apostles Incessantly Sublimity Preservator
IJ Evangelists Irreversible Benignity Immortal
K Martyrs Eternally Commiseration Supreme
L Angels In Glory Excellence Mighty
M Archangels In the Light Pity Omnipotent
N Dominions In Paradise Clemency Ineffable
O Proselytes Always Mercy Redemtor
P Disciples In divinity Divinity Sempiternal
Q Deified In Deity Deity Governor
R Ministers In felicity Omnipotence Rector
S Sanctified In his reign Virtue Sovereign
T Predestined in His Kingdom Love Invincible
UVW Preferred in beatitude Perfection Puissant
X Prophets in his vision Force Merciful
Y Patriarches in his magnif- Magnificence All Powerful
cence
Z Cherubs to the Throne Grandeur Magnificent
& Professors in all Eternity Favour Sanctified
 13th 14th

A Sincerely Preached
B Really Announced
C Saintly Published
D Evangelically Revealed
E Devotedly Denounced
F Intelligibly Acclaimed
G Evidently Exalted
H Publicly Sermoned
IJ Faithfully Interpreted
K Ardently Reported
L Constantly Narrated
M Sagely Served
N Carefully Praised
O Virtuously Recited
P Catholically Pronounced
Q Cordially Repeated
R Reverently Treated
S Theologically Speculated
T Justly Collated
UVW Divinely Spread
X Learnedly Cognitized
Y Entirely Recognized
Z Studiously Contemplated
& Spiritually Produced
Amen

Example:

Plain text: 'Do not use bearer.'

D O N O T U S E B E A R E R
1 2 3 4 5 6 7 8 9 10 11 12 13 14

Cipher text:

(The) King Triumphant Blessing (the) Bodies Manifests

(to the) Catholics Pure Consolation (together with)
His Servants (in) Perpetuity The Majesty (of the)
Rector Devotedly Treated. Amen.

Look under D in the first alphabet = King, 'O' under the

2nd alphabet = Triumphant, etc.

Note the interesting and rich language in the above 14

alphabets. The unfortunate thing about Tritheim's codes
was that coded messages required as many words as there
were letters in the plain text, which made for a long
cryptogram. Note also that some of the words were
duplicated which might have caused some confusion.

FROM LLOYD TO MARCONI

In 1688 Edward Lloyd ran a coffee-house in Tower Street,
London. An enterprising man, he found that several
brokers used to discuss their business over coffee. To
sell more coffee, he decided he must make things easier
for them. He instituted a blackboard, and then a weekly
bulletin of shipping information. More independent
brokers came and consumed his coffee while doing their
business. He later moved his coffee house to Lombard
street, in the very center of the old city of London
frequented by merchants of the highest class. It was
not until 1774, with the rapid increase of marine
insurance business, a committee was set up and a
constitution formed which has remained practically
unaltered to the present day. There is no longer a
Lloyds' coffee-house, yet the name is preserved, and
Lloyds'is known all over the world as the center of the
Marine Insurance business.

Lloyds devised a method of signalling between sea and

shore, so that advance news of ships and cargoes might
be received. A primitive projector was set up and a
system of light signals based on the Polybius' system
was started. It was this that gave rise later on to the
use of codes for commercial purposes; and apart from the
Venetian merchants in the eighteenth century, Lloyds
signals were the first to come into general use.

In 1794 in Europe, a system of rapid communications

known as ' aerial telegraphy', employing semaphores on
high towers visible at considerable distances, was
instituted. Whole phrases or sentences could be
expressed by one group of signals.

In 1825 codes employing figure groups were in common

use. In 1845 the Telegraphic Vocabulary Code was used
between Liverpool and Holyhead for the semaphore
telegraph. In this code there appear words, phrases,
long sentences, each represented by groups of one to
four digits.

In England the earliest practical trial of electric

telegraphy was made in 1837 on the London and North
Western Railway, and the first public line, under
Wheatstone and Coke Patents, was laid from Paddington to
Slough on the Great Western railway in 1843. [DAGA]

In New York, in 1860, Brewell published his Mercantile

Cipher for condensing telegrams, in which English
dictionary words were employed, and in which we find a
fairly complete vocabulary, arranged under captions.

The ABC code, also based on dictionary words, first

appeared in 1874. (Refer to Table 20-2.) Up to 1872 the
telegraph companies, by international agreement, charged
pronounceable code language words as plain text; the
higher tariff applied only to cipher or numeral
language. These were charged for at a rate of five
characters per word; and in 1875, at St. Petersburg, the
maximum length was fixed for either plain text or code
words at seven syllables. This led to abuse, such as
words as Chinesiskslutningsdon - 21 letters, but only 6
syllables - were used by coders. [DAGA]

The rule was changed to apply to European or Latin words

but not artificial words. In 1903, code words of ten
characters were allowed. They had to be pronounceable to
be authorized for transmission at the cost of plain text
words.

ABC CODE

Table 20-2

Example of ABC Code Page

Code No. Half Code Meaning

Word

00000 ABAAA 'ABC' CODE

00001 ABADE Please use 'ABC' Code 6th
edition
00002 ABAEF Please use 'ABC' Code 6th
edition and Code ---- (s)
00003 ABAFG Please Use 'ABC' Code 6th
edition and private Code
00004 ABAGH Using 'ABC' Code 6th edition
00005 ABAHI Using 'ABC' Code 6th edition
and Code -----------
00006 ABAIJ Abandon
00007 ABAJK Abandon altogether
00008 ABAKL Abandon for the present
00009 ABALM Abandon or (---)
00010 ABAMN Abandon the action

In 1904 Whitelaw's Telegraph Ciphers appeared with 400

million pronounceable words. Not really a code book, it
was a list of 'artificials' used for private codes.
These code words were composed of five letter only, for
example FORAB, LUFFA, LOZOJ, etc. as are all words used
in commercial codes today. Twenty-thousand words of five
letters each were given, and since each was pronoun-
ceable, and any two of these words could be joined
together to form a chargeable according to telegraph
regulations as one word, so 20,000 **2 gave the total of
potential words as 400 million.

In 1906 Bentley's code appeared, a compact phrase book

based on five-letter groups, applicable to business
affairs in general. It cut the cost of international
transmissions by half.

MORSE CODE
Samuel Finley Breese Morse was born in 1791 in
Charlestown, Mass. His invention of the electrical
telegraphy was second only to the famous 'Morse Code'.
He based his Morse Code on the frequencies of letters
calculated on quantities of type found in the printing
office. Since his frequency tables are an enormous help
in deciphering every code, lets compare here the
original calculation made by Morse with the Normal
Frequency and the Telegraph Frequency. (See Table 20-3)

For the letters which were most frequent he used the

simplest combination of dots and dashes, which an
automatic contrivance of the electric current
alternately transmitted and suspended during longer or
shorter intervals and reproduced at the other end of the
wire on strips of paper. The experienced operator knew
the 'fist' of the sender as well as the differences
between the dots and the dashes.

Table 20-3

Comparative Table of Order Of Morse's Count with

Telegraph Frequencies

Actual number of Order of

letters found by Normal
Morse at his printers Frequency
[NICH]

E 1st 12,000 1st

T 2nd 9,000 2nd
A 3rd 8,000 3rd
I 3rd 8,000 6th
N 3rd 8,000 5th
O 3rd 8,000 4th
S 3rd 8,000 8th
H 4th 6,400 9th
R 5th 6,200 7th
D 6th 4,400 11th
L 7th 4,000 10th
U 8th 3,400 13th
C 9th 3,000 12th
M 9th 3,000 16th
F 10th 2,500 15th
W 11th 2,000 17th
Y 11th 2,000 18th
G 12th 1,700 20th
P 12th 1,700 14th
B 13th 1,600 19th
V 14th 1,200 21st
K 15th 800 22th
Q 16th 500 23rd
J 17th 400 25th
X 17th 400 24th
Z 18th 200 26th

Comparative Table of Order of Morse's Count with

 Telegraph Frequencies

Order 1 2 3 3 3 3 3 4 5 6 7 8 9 9
Morse: E, T, A,I,N,O,S, H,R,D,L,U, C,M
Telegraph: E, O, A, N, I, R, S, T, D, H, L, U

Order 10 11 12 13 14 15 16 17 18
Morse: F, W,Y, G,P, B, V, K, Q, J,X, Z
Telegraph: C, M, P, Y, F, G, W, B, V, K, X, J, Q, Z

This comparison is remarkable. The normal frequency

order corresponds to LANAKI's data presented in Lecture
1. [NICH]

The Morse code was not only used in telegraphy but also
in signalling by flags, by flashes of lights, by long
and short blasts from a whistle, and for some of us
knocks on the wooden cages to fellow prisoners in Viet
Nam.

The Army used to allow 10 days for recruit signalmen to

learn Morse code. Morse presents a simple method that
he invented in Table 20-4. This table presents a short
list of words, one for each letter of the alphabet, the
long and short syllables indicating dashes and dots.

Table 20-4

Learning Morse Code

(Invented by Morse)

Morse Phonetic

A Ag-ainst . - dit dah

B Bar-ba-ri-an -... dah dit dit dit
C Cont-in-ent-al -.-. dah dit dah dit
D Dah-li-a -.. dah dit dit
E (short) . dit
F Fu-ri-ous-ly ..-. dit dit dah dit
G Gal-lant-ly --. dah dah dit
H Hu-mi-li-ty .... dit dit dit dit
I I-vy .. dit dit
J Ju-ris-dic-tion .--- dit dah dah dah
K Kan-ga-roo -.- dah dit dah
L Le-gis-la-tor .-.. dit dah dit dit
M Moun-tain -- dah dah
N Nob-le -. dah dit
O Off-ens-ive --- dah dah dah
P Pho-tog-rapher-er .--. dit dah dah dit
Q Queen Kath-er-ine --.- dah dah dit dah
R Re-bec-ca .-. dah dit dah
S Sev-er-al ... dit dit dit
T Tea - dah
U Un-i-form ..- dit dit dah
V Ve-ry Var-ied ...- dit dit dit dah
W Wa-ter-loo .-- dit dah dah
X Ex-hi-bi-tion -..- dah dit dit dah
Y Youth-ful and Fair -.-- dah dit dah dah
Z (two long,
two short) --.. dah dah dit dit

The famous message SOS = SAVE OUR SHIP = ... --- ... =
dit dit dit dah dah dah dit dit dit.

Observe that each of these words contains as many

syllables as there are dots and dashes in the
corresponding Morse alphabet; but owing to the
difficulty of finding suitable words, it was assumed
that vowels followed by two or more consonants are long
and those by single ones short. In the words Katherine
and offensive, for instance, the final syllable must be
considered long. Morse put together the following
memorization aid:

GALLANTLY and FURIOUSLY he fought AGAINST the foe at

WATERLOO.

IVY creeping along the ground suggests HUMILITY.

The JURISDICTION of the NOBLE LEGISLATOR was OFFENSIVE

to the BARBARIAN.

A PHOTOGRAPHER saw SEVERAL KANGAROOS on the MOUNTAIN.

U. S. COAST GUARD DISCONTINUES MORSE CODE

Cipher history takes strange turns. It was with some

sadness that I read the 31 March 1995 announcement by
the USCG that Morse code equipment would shut down after
more than 83 years of monitoring telegraph distress
calls such as the 1912 Titanic collision with an
iceberg. Switchoff occurred at USCG communication
centers in Boston, Honolulu, Hawaii, Miami, New Orleans,
San Francisco, and Kodiak, Alaska. Even private
listening posts will cease service.

Samuel Morse invented the code to carry messages on the

telegraph machine he patented in 1840. Morse cipher
systems followed soon after that. USCG operators were
a breed apart because they could send and receive
international language at 20-35 wpm or more. Radio hams
know the meaning of "personal touch" as keyed dots and
dashes bounce off the atmosphere. WWII vets know that
the radioman's "fist" was more identifiable than
passwords.

I took my radio training via USCGA SAR. I know the

feeling of listening to 11 radios concurrently.
Sometimes a May Day could be heard only once and action
had to be decisive. Morse has been replaced by automatic
equipment to link with Global Maritime Distress and
Safety Systems via satellite relayed signals with
location fixes.
The ending of the Chesapeake USCG Atlantic COM Center
for Morse at 1919 hours EST is the ending of a great
era.

I went to my closet today. My USCG web belt still fits.

I couldn't bring myself to pull out my old uniform. I
just don't look like Arnold Schwartznegger anymore.

COMMERCIAL CODES

Historically, commercial codes were used not so much

used for secrecy as for saving money on long telegrams.
Authorized, pronounceable words of maximum length of ten
letters being used to cover several sentences. The code
words used were entirely fictitious, and followed each
other in alphabetical order, being made up of five
letters each, so that two codewords can be sent by
telegraph for the price of a half word. [Note that
modern day E-mail on the Net has completely made this a
non-issue. In any one day, I may write to classmates in
England, Germany, Italy, Japan and Spain and in less
than 30 minutes have answers, with attachments, and be
charged a flat rate for the service on this end!] Other
codes constructed on these principles were Bentley's and
Webster's. They allow two words, or even short
sentences, to be formed into one telegraph word of ten
letters. There are commercial codes today with
equivalent translations into every European language, so
that English, German, or Italian business men, without
knowing each other's languages, can exchange telegrams
(or FAXS).

MARCONI CODE

Senator Guglielmo Marconi was devoted to an idea - the

sending and receiving of wireless signals through space.
His wireless inventions are legendary. Marconi also
invented and perfected the Marconi Codes. The complete
Marconi code consists of four volumes comprising
English, Spanish, Japanese, Russian, Italian,
Portuguese, German and Dutch equivalents. The English
text is alphabetical, and every other language has a
complete index of all the words. The code is divided
into two parts - one containing general phrases and the
other a numerical system.

Again, the chief aim of standard code was to save cost

of cable charges and the cost of time required to code
the messages. Upwards of 17,050 combinations could be
obtained by the Marconi code. A checking system was used
to ensure accuracy.

The code words were composed of five letters each,

corresponding to a word or sentence used in trade or
business. The codewords could be combined to for a
telegraph word of ten letters by the International
Telegraph regulations.
There were some differences with codes such as the ABC
code. Each code word has a two-letter difference from
each other code word. This two-letter difference ensured
that no two words would have the same four letters in
the same position. A code word like BOPEZ would
eliminate codewords like COPEZ, DOPEZ and also such
forms as BAPEZ and BEPEZ. (see below)

The Marconi Numerical System was arranged so that a

range of figures in combination with some of the most
commonly used qualifying phrases, together with an
efficiency check, could be transmitted in one complete
pronounceable word of ten letters. The first syllable in
this section consisted of two consonants, thereby
distinguishing it from a phrase section in which none of
the code words began win two consonants. As the code
words in the numerical section were only two letters
long, five words or phrases could be included in one
telegraph word of ten letters.

The Marconi arrangement was as follows (Refer to Table

20-5):

1st Syllable provided for a variety of phrases which

were employed in combination with the figures or phrases
in the following syllables, describing as 'qualifying
phrases'; e.g. 'TH' = remit by cable, 'TW' = ship
immediately.

2nd Syllable provides for an extensive variety of

phrases descriptive of the following weights and
measures; i.e. 'OM' =pounds, 'WG' = tons.

3rd Syllable provides for figures from factions to 100.

4th Syllable provides for more figures to be used in

conjunction with the third syllable. If unnecessary a
blank must be used here, or short phrase to qualify,
such as 'ZA' = per month.

5th Syllable provides for a further series of phrases to

be used in conjunction with the foregoing; e.g. 'AL' =
for immediate shipment. It also supplies a check for the
whole coded word.

The checking system is very simple. The check numbers

given in brackets on each code syllable are added
together for the four syllables used; tens are dis-
regarded, and for the fifth syllable the letters are
chosen from the column bearing the same number as the
total arrived at from the addition of the first four
syllables.
Compare the ABC code Table 20-2 with the Marconi code in
Table 20-5.
 Table 20-5
The First part of the Marconi Code. General
Phrases Code words, five letters

Numerical System. Code word of two letters.

No. Code English French Spanish

Word

00000 ABABA A or an un, une un,uno,una

00001 ABAHB A1 at Lloyds A1 chez A1 en el
Lloyds registro de
Lloyd

00002 ABALC Abandon(s) Abandonn(r) Abandona(r)

(z) (u)

00003 ABAND Abandon all Abandonne Abandona

claims toutes rec- todas las
lamations reclamaciones

00004 ABAPE Abandon neg- Abandonne Abandona las

otiations les negocia- negociaciones
tions

00003 ABARF Abandon pro- Abandonne Abandona

ceedings les demar- los proced-
ches imientes

1st Syllable.

Check Code English French Spanish

No in Syll-
Red able

(0) BL Blank or At Blanc ou A Blanco o A

(5) BR Bid (they) Ils offrent ofrecen
(8) CH Bid (we) Nous offrons ofrencemos
(1) CL Bought (we Nous avons Hemos comp-
have) achete rado
(6) CR Breadth (or Largeur (ou Anchura (o
thickness) epaisseur) espesura)

2nd Syllable.

(5) AB Blank Blanc Blanco

(6) AC Acre(s) Acre(s) Acre(s)
(7) AD Ampere(s) Ampere(s) Amperio(s)
(8) AF Anna(s) Anna(s) Anna(s)
(9) AG Ante Mere- Matin, avant Antes de
dian (A.M.) midi mediodia
(A.M.)

3rd Syllable.

(5) AB Blank Blanc Blanco

(6) AC 0 0 0
(7) AD 1/16 1/16 1/16
(8) BI 1 1 1
(7) BO 1/14 1/14 1/14

4th Syllable.

(9) YA 000 000 000

(0) YB 100 100 100
(1) YC 200 200 200
(1) YM per annum par an por ano
(2) YN per cent- par cent- por cent-
imeter metre metro

5th Syllable. Control of check.

0 1 2 3 4 5 6 7 8 9

Blanc AR EN BU HI JA NA OY TO VA YG
Anout AC EP BY HO JE NE OZ TU YE YH
Average AD ER CA HU JI NI PA TY VI YI
C.I.F. AF ES CE HY JO NO PE WB VO YJ
(Cost
Insurance
Freight)
each AG ET CI IB JU NU PI UC VU YK

NON-SECRET CODES

Various codes are suited to particular types of

correspondence. Many large commercial firms have their
own private codes. For example, an early commercial
codebook was made by ACME Commercial Code Company in the
1930's. (See Tables 20-2a&b) Most industries have highly
specialized technical language (part of the defense of
mystique in every industry or profession -Latin for
doctors and lawyers, female terms and mathematics for
engineers, ISO 9000 terms for quality managers, snake
oil terms for computer types, plus a whole bevy of terms
for cryptographers, etc). The purposes of many these
codebooks are brevity and compression not secrecy. The
military and diplomatic applications call for security,
and speed of communications, especially for front-line
communications.

The PKZIP program, which is used so widely on the net,

is a compression 'codebook'. It provides economy of
transmission and minimal crypto-security. The power of
the program lies in the ability to delineate and hold
entire directories and then to create an indexed tree
of the coagulated sum of files. PKZIP is an example of a
non-secret code. Compression is more valuable than
secrecy. The condensing power of a code is dependent on
its vocabulary. When we add the goal of secrecy to
economy, we then have a secret code. Actually, code
transmissions save money because of the lowers number of
characters to be transmitted over the channel.

ACME SEVEN DIGIT CODEBOOK

In 1934, the ACME Code Company, with offices in London,

New York and San Francisco, developed a codebook for
condensation 7 figures into 5 figure groups for
international business cables. The transoceanic
standard for code language was issued 1 January 1934,
and superseded the category 'B' regulation (CDE) five
letter code words without vowel restrictions. Category B
service was cheaper on short coded messages that the
category cable A intercontinental transmissions.

I have codebook number 6015. It is laid out in three

tables on each page. Table 1 is for 1st and 2nd Figures,
First and Second Letters; Table 2 is for 3rd, 4th and
5th Figures, Third and Fourth letters; Table 3 is for
6th and 7th Figures, fifth letters. The conversion
(condensation) of 7 Figures into a five letter code
word and visa versa is accomplished on one page, in a
single operation. Numbers 0000000 to 9999999 are
included in the codebook. The condenser is used for :

14 Figure codes (2 Five Letter code words)

21 Figure codes (3 Five Letter code words)
28 Figure codes (4 Five Letter code words)
etc.

It can be used in conjunction with any numbered code,

catalogue, parts list, steamer list, etc.

Encoding

To encode the figures 4732651 into a five

letter code word, we divide the 7 figures into three
groups:

47 - 326 - 51

The 3rd, 4th, and 5th figures determine the page from
which we apply the condensation codes. 326 is found on
page 3 of the codebook. (Table 20-6a&b reproduces part
of the pages.)

Alongside the figures 326 are the two letter groups YM,
YN, YO, YP, which gives us the 3rd and 4th letters of
the codeword we will form.
To determine the group to use, we look at the 6th and
7th figures table and find the fifth letter. The figures
51 are in the same column as YP and the letter alongside
of 51 is M. Thus we have the 3rd, 4th, and 5th letters
of our codeword YPM.

To get the 1st and 2nd letters of the codeword, we refer

to the table covering the 1st and 2nd figures, on the
same page and is found that for 47 are FR. The entire
codeword is then FRYPM.

Table 20-6a
page 3

3rd, 4th, and 5th Figures

Third and Fourth Letters

326 YM YN YO YP
327 YQ YR YS YT
328 YU YV YW YX
329 YY YZ ZA ZB
330 ZC ZD ZE ZF

. . . .
39 J
6th and 43 K
7th 47 L
Figures 51 M
Fifth 55 N
Letter 59 O
. . . . .
.. ..
45 FP
46 FQ
47 FR 1st and 2nd
48 FS Figures
49 FT First and
50 FU Second Letters
.. ..

The codeword then is FRYPM.

Decoding

To decode the codeword STROW we break it down:

ST - RO - W

The first and second letters determine the page from

which you will decode your full seven figures. In this
instance the First and Second letters ST, they will be
found on page 6, alongside of which we find the 1st and
2nd figures "87".
You then look on the same page for RO, in the table
covering the third and fourth letters. It is found that
RO means "782," thus giving you the 3rd, 4th and 5th
figures.

W being the final letter, we refer to the table for 6th

and 7th figures. In the same column as RO appear and on
the same line that the letter W is found, we find the
6th and 7th figures 84. Our final product is
87-782-84. STROW = 8778284.

Table 20-6b
page 6

3rd, 4th, and 5th Figures

Third and Fourth Letters

782 RO RP RQ RR
783 RS RT RU RV
784 RW RX RY RZ
785 SA SB SC SD
786 SE SF SG SH
. . . .

6th and 84 85 86 87 W
7th 88 89 90 91 X
Figures 92 93 94 95 Y
Fifth 96 97 98 99 Z
Letter .. .. .. .. .

.. ..
85 SR
86 SS
87 ST 1st and 2nd
88 SU Figures
89 SV First and
90 SW Second Letters
.. ..

ACME also produced a Commodity and Phrase Code

Supplement which was just as much fun? [ACME]

BREVITY CODES

In military cryptography, the greatest degree of

condensation is afforded by 'prearranged-message codes,'
or 'brevity codes.' A prearranged-message code is a
tactical code adapted to the use of units requiring
special or technical vocabularies; it is comprised
almost exclusively of groups representing complete or
nearly complete messages and is intended for shortening
messages and concealing their content. The police '10'
codes fall into this category. A brevity code has as its
sole purpose the shortening of messages. A field code
is a small tactical code which contains a large number
of code groups representing words and a few common short
phrases, from which sentences can be composed; a
syllabary, which is a list of code groups representing
individual letters, combinations of letters, or
syllables, is used for spelling out proper names and .
numerical tables, or list of code groups representing
numbers, dates, and jargon. The Army Special Forces
Codes fall into this category. A jargon code is a very
short code in which bona fide dictionary words,
baptismal names, rivers, lakes, etc are used as code
groups. Lincoln's war time codes fall into this
category. [LINC] A voice code or recognition code
is used for transmission by small radio-telephone sets
used in combat. Other names are combat code or operat-
ions code. [TEC] The Navy has a special brand of codes
used for protection of marine traffic. An example of
this code system is the International Code of Signals
(1969 edition, revised 1981 INTERCO ) [SIG2]

INTERNATIONAL CODE OF SIGNALS FOR VISUAL, SOUND AND

RADIO COMMUNICATIONS (INTERCO)

The Defense Mapping Agency, Hydrographic/Topographic

Center issued in 1969 and again in 1981, their
Publication No. 102, "International Code of Signals
For Visual, Sound, and Radio Communications," United
States Edition. This code was adopted by the Fourth
Assembly of the intergovernmental Maritime Consultative
Organization in 1965. The document was prepared in nine
languages: English, French, Italian, German, Japanese,
Spanish, Norwegian, Russian and Greek.

This is very good example of the brevity and non-secret

codes that had wide distribution for ocean going
vessels. Modern day vessels use uplinks to satellites in
geo-synchronous orbits to navigate and communicate.

The INTERCO was designed to communicate for situations

relating to the safety of navigation and persons,
especially when language difficulties arise. It is
suitable for transmission by all means of communication
including radiotelephony and radiotelegraphy. The
INTERCO embodies the principle that each signal has a
complete and distinct meaning.

The INTERCO is broken into four parts: 1) Signal

Instructions, 2) General Signal Code, 3) Medical Signal
Code, and Distress and Lifesaving Signals and Radio
Procedures. The appendix includes a National Identity
Signals for Ships and Aircraft, plus US/USSR
Supplementary Signals for Naval Vessels.

General Signal Code includes sections on: Distress,

Emergency, Casualties, Damages, Aids to Navigation,
Hydrography, Maneuvers, Cargo, ballast, Meteorology,
Communications and Sanitary Regulations. [SIG2] See
Table 20-7 for sample entries. In Table 20-7, capital-
ized headings represent major topics, predominantly
lower case headings represent subtopics. You can see
from the small sample in Table 20-7, that the INTERCO
deals with serious situations. I was assigned to a U.S.
Coast Guard Radio Room and I can tell you that listening
to 11 radios at the same time can be very intense. A
MAYDAY maybe heard only once and rarely in calm voice.
Sending the cutter is serious business. The USCG does
their job exceptionally well.

Table 20-7
Sample Entries from INTERCO Codebook

Distress - Emergency

Code Meaning

ABANDON

AD I am abandoning my vessel which has suffered

a nuclear accident and is a possible source of
radiation danger.

Accident

SB I am proceeding to the position of the

accident.

GC 2 I have searched area of accident but have

found no trace of derelict or survivors.

Doctor

AM Have you a doctor on board?

AP I have ... (number) casualties.

ASSISTANCE

Required

CB I require immediate assistance.

CB 1 I require immediate assistance; I have a
dangerous list.
CB 6 I require immediate assistance; I am on fire.

Given-Not Given

CN 1 You should give immediate assistance to pick

up survivors
CO 1 I cannot give the assistance required (or
vessel/aircraft indicated)

DISABLED-DRIFTING-SINKING

DS I have sighted disabled aircraft in lat ...

long ... at time indicated.
DX I am sinking.
 SEARCH AND RESCUE

Proceeding To Assistance

FE I am proceeding to the position of the

accident at full speed. Expect to arrive at
time indicated.

Position of Distress or Accident

FF I have intercepted SOS/MAYDAY from vessel

(name or identity signal or aircraft) in pos
lat ... long ... at time indicated.

Results of Search

GJ 1 Wreckage is reported in lat .. long ... No

survivors appear to be in vicinity.

ICEBREAKER

WC 1 Icebreaker is being sent to your assistance.

SEA

WY The state of the sea is ... (Complements 0-9

corresponding to following table):

Height
In Meters In Feet

0 Calm (glassy) 0 0
1 Calm (rippled) 0 - 0.1 0 - 1/3
2 Smooth (wavelets) 0.1 - 0.5 1/3 - 1 2/3
3 Slight 0.5 - 1.25 1 2/3 - 4
4 Moderate 1.25 - 2.5 4 - 8
5 Rough 2.5 - 4 8 - 13
6 Very Rough 4 - 6 13 - 20
7 High 6 - 9 20 - 30
8 Very High 9 - 14 30 - 45
9 Phenomenal over 14 over 45

MEDICAL

Diseases of Respiratory System

MIF Patient is coughing up blood.

MIM Patient has blueness of face.

Special Treatment

MRW Give frequent gargles one teaspoon

of salt in a tumblerful of water.

RECEPTION OF SAFETY MESSAGES

MAYDAY Indicates that the ship, aircraft,
or(Distress) other vehicle is
threatened by grave and imminent
danger and requests immediate
assistance.

PAN Indicates the calling station has a

(Urgency) very urgent message to transmit
concerning the safety of a ship,
aircraft or other vehicle, or the
safety of a person.

SECURITE Indicates that the station is about

(Safety) to transmit a message concerning the
safety of navigation or giving
important meteorological warnings.

To indicate DISTRESS:

1. If possible transmit ALARM SIGNAL (i.e. two tone

signal) for 30 seconds to one minute, but do not
delay the message if there is insufficient time in
which to transmit the Alarm Signal.

2. Send the following DISTRESS CALL:

MAYDAY MAYDAY MAYDAY. This is ...(name or call sign

of ship spoken three times).

3. Then send the DISTRESS MESSAGE composed of:

MAYDAY followed by the name or call sign of the

ship;
Position of ship;
Nature of distress;
And if necessary, transmit nature of the aid
required and any other information which will help
the rescue.

USE PLAIN LANGUAGE WHENEVER POSSIBLE or send the word

INTERCO to indicate that the message will be in the
International Code of Signals.

example:

MAYDAY MAYDAY MAYDAY ... ( name of ship spoken three

times, or call sign of ship spelled using Phonetic
Alphabet in Table 20-8); MAYDAY ... (name or call sign
of ship) Position 54 25 North 016 33 West I am on Fire
and require immediate assistance.

Table 20-8
Phonetic Alphabet used with INTERCO

Letter/ Word Pronounced

Number

A Alfa AL FAH
B Bravo BRAH VOH
C Charlie CHAR LEE or SHAR LEE
D Delta DELL TAH
E Echo ECK OH
F Foxtrot FOKS TROT
G Golf GOLF
H Hotel HOH TELL
I India IN DEE AH
J Juliett JEW LEE ETT
K Kilo KEY LOH
L Lima LEE MAH
M Mike MIKE
N November NO VEM BER
O Oscar OSS CAR
P Papa PAH PAH
Q Quebec KEH BECK
R Romeo ROW ME OH
S Sierra SEE AIR RAH
T Tango TANG GO
U Uniform YOU NEE FORM or OO NEE FORM
V Victor VIK TAH
W Whiskey WISS KEY
X Xray ECKS RAY
Y Yankee YANG KEE
Z Zulu ZOO LOO

0 NADAZERO NAH-DAH-ZAY-ROH
1 UNAONE OO-NAH-WUN
2 BISSOTWO BEES-SO-TOO
3 TERRATHREE TAY-REE-TREE
4 KARTEFOUR KAR-TAY-FOWER
5 PANTAFIVE PAN-TAH-FIVE
6 SOXISIX SOK-SEE-SIX
7 SETTESEVEN SAY-TAH-SEVEN
8 OKTOEIGHT OH-TAY-AIT
9 NOVENINE NO-VAY-NINER
. DECIMAL DAY-SEE-MAL

BASICS OF CODE CONSTRUCTION

The encoding and reverse procedure of decoding is

accomplished by replacing various words, phrases,
sentences, and numbers by their code equivalents. The
code text is built up from code units each representing
the longest possible plaintext unit the code book
affords. Encoding the phrase "enemy force estimated at
one battalion," and the codebook has phrases "enemy
force," and "estimated at," as well as the individual
words, we would write down the phrase equivalents.

The elements of which code groups are composed may be

one or more of the following:

1. Bona fida words - real words from Dutch, English,

French, German, Italian, Latin, Portuguese and
 Spanish.

2. Artificial words - groups of letters without

meaning with vowels and consonants arranged to
appear like real words.

3. Random groups of letters.

4. Groups of Arabic figures.

5. Intermix groups, ie. call signs for stations K2KAA,

or W5AZZ.

6. All the above.

PARALLEL SETS

A code may contain two or more parallel sets of code

groups of different types. In many commercial codes and
some military codes, there is one series of code groups
of the bona fide type or artificial word type and
another series of the figure-group type, both applying
to the same series of words phrases, and sentences of
the code. In parts of the world where English letters
are used for writing, letters possess greater advantages
in accuracy of reading than figures - especially for
telegraph or radio transmissions. For communications to
China and Russia or obscure ports, Arabic figures are
well accepted and code groups composed of figures are
used. The main reason for this is assurance of the
correct transmission and reception of messages in all
parts of the world. Another reason is that certain
methods of enciphering code messages for the sake of
greater secrecy, figure groups often form the basis for
encipherment more readily than do letter groups.

The greatest advantage possessed by letter groups over

figure groups lies in the availability of a far greater
number of permutations, or interchanges, of letter
groups, because there are 26 letters which may be
permuted to form letter groups compared to 10 digits for
figure groups (assumes base 10 historical use). If code
groups of five letters are used, then there are 26 ** 5
or 11,881,376 groups of five letters versus 10 ** 5, or
100,000 groups of five figures. Letter code groups are
usually constructed to reduce error in transmission.

The length of code groups used, whether the groups

consist of two, three, four, or five elements, depends
upon the size of the code. This applies almost
exclusively to field military or naval codes, where
transmission is through a governmental agency; in
commercial messages or governmental communications
transmitted over privately operated lines, five-letter
or five letter groups are the standard. [FR8]

Code groups of modern codes are constructed by the use

of tables which permit more-or less automatic and
systematic construction in the form desired. These are
called permutation tables. Because they may be used to
correct most errors made in transmission or writing,
such tables are usually included in the code book and
are called mutilation tables, garble tables, error
detector charts, etc.

TWO-LETTER DIFFERENTIAL

The average telegraph or radio operator did not work

without error. One letter different code groups like
ABABA and ABABE were easy to mistake and the message
could be made unintelligible by only a few transmission
errors. If however, every code group in the code book
is distinguished from all other code groups in the same
code by a difference of at least two letters, then
there would have to be two errors in a single group and
these two errors would have to produce a code group
actually present in the code before a wrong meaning
would be conveyed. The principle of making code groups
differ by a minimum of two letters is called the two-
letter differential. The two-letter differential
reduces the possibilities for constructing letter code-
groups from 26 ** 5 to 26 ** 4 (456,976) but considering
the advantages, the sacrifice was worthwhile.
Permutation tables for construction of figure-code
groups are similar in nature and purpose to tables for
construction of letter-coded groups. Because of a more
limited number of characters available for permutations,
the maximum number of 2-figure difference groups
possible in a 5-figure code is 10 ** 4, or 10,000. (This
does not account for ASCII code derivations.)

TYPES

In their construction or arrangement, codes are

generally of two types:

(1) One-part, or alphabetical codes. The plaintext

groups are arranged in alphabetical order
accompanied by their code groups in alphabetical
or numerical order. Such a code serves for decoding
as well as encoding.

(2) Two-part or randomized codes. The plaintext groups

are arranged in alphabetical order accompanied by
their code groups in a non-systematic order. The
code groups are assigned to the plaintext groups at
random by drawing the code groups out of a box in
which they have been thoroughly mixed. Such a list
serves for encoding. For decoding, another list must
be provided in which the code groups are arranged in
 alphabetical or numerical order and are accompanied
by their meanings as given in the encoding section.
Another name for the two-part code is cross-
reference codes. Here are extracts from typical one-
part and two-part codes.
(Tables 20-9 and 20-10.)

Table 20-9

One-part code

ABABD A
ABACF Abaft
ABAHK Abandon
ABAJL .....it
ABALN Abandoned
ABAMP .....by
ABAWZ Abandoning
ABBAD Abandonment
......................
......................
ZYZYZ Zero

Table 20-10
Two-part code

Encoding Section Decoding Section

GAJVY A ABABD Obstructed

TOGTY Abaft ABACF Term
FEHIL Abandon ABAHK Zero
BAYLT .....it ABAJL If it has not
ZYZYZ Abandoned ABALN To be sent by
NYSYZ .....by ABAMP Acceding
IFWUZ Abandoning ABAWZ Building
RUMGO Abandonment ABBAD Do not attempt
...................... ......................
...................... ......................
ABAHK Zero ZYZYZ Abandoned

Between the two extremes are codes which have features

of both; that is complete sections may be arranged in
random sequence, but within each section the contents
are arranged in some logical order.

When a strict alphabetic arrangement is used in the

sequence of the phrases, the code is said to be a
strictly alphabetical code. When the phrases are
listed under separate headings based upon the principal
word or idea in the whole expression, the code is called
a caption code. (Tables 20-11 and 20-12)

Table 20-11
Caption code
 Assistance
Give assistance
Require assistance
No assistance
Assistance has been sent
Assistance for
Assistance from
Assistance to
Assistant
Assisted

Table 20-12
Strictly-alphabetical

Assistance
Assistance for
Assistance from
Assistance has been sent
Assistance to
Assistant
Assisted
.........................

Give
Give assistance
.........................
No
No assistance required
.........................
Require
Require assistance

More precise and economical coding is possible with a

caption code than with an alphabetical code. With a
caption code it is easier to assemble an extended
variety of expressions and shades of meaning under
specific headings than with alphabetical code. On the
other hand, the use of a caption code involves more time
and labor in encoding.

Two-part codes are used by many governments for their

secret diplomatic, military and naval communications
because of the advantages they offer over one part
codes. Some disadvantages include twice as large in
context, printing and distribution costs, compilation is
four times greater because of the requirement of
accurate cross references. The advantages of two-part
codes are greater security and greater accuracy.

In some commercial code messages there is sometimes

encountered the practice of mixing plaintext and code
text. In governmental and naval communications such
intermixtures are rare and present an abysmal ignorance
of the fundamental rules of cryptographic security.
Because the plaintext words give definite clues to the
meaning of the adjacent code groups, even though the
former convey no meaning in themselves (such words as
and, but, by, comma, for, in, period, stop, that, the,
etc) constitutes a fatal danger to the message security.

ENCIPHERED CODE SYSTEMS

Sometimes the code groups of a code message undergo a

further process of encipherment; the resulting crypto-
gram constitutes an enciphered code message. Both
transposition and substitution may be used to encipher
the code. Enciphered code is used under the following
circumstances:

(1) When the code has a wide distribution and may fall
into enemy hands,

(2) to improve the security of commercial codes and non-

secret codes, and

(3) when increased security is necessary for highly

classified communications.

Transposition methods are generally used within code

groups, such as rearranging or shifting about the
letters or figures composing them. A common method is
keyed columnar transposition with special matrices with
nulls. All the substitution methods previously studied
may be used for "super-encipherment" of the code. The
most effective methods of enciphering code are
arithmetical methods.

If the code groups are numerical, the addition (usually

mod 10) of an arbitrarily selected number (called the
additive ) to each code group message constitutes a
simple form of encipherment. The additive may be fixed.

Additive methods may actually be weak cryptographically

if the basic code book and code groups embody
limitations in construction. Instead of adding a fixed
number in encipherment, the latter is subtracted, in
which case , in decipherment, the fixed number must be
added to the enciphered code groups as received. Such a
group (called subtractive or subtractor ) in decipher-
ment the group becomes an additive. A third method used
commonly is the minuend method. It involves the
subtraction of the plain code group from the key to
yield the enciphered code group in encipherment, and the
subtraction of the enciphered code group in from the key
in decipherment. Addition and subtraction of a fixed
numerical group may be alternated within the same
message such as +200, +100 +400 as a cycle or +200, -
100, +400, -200 etc. Instead of a fixed additive, it is
possible to employ a repeating large key.
When special tables are employed as the source of the
additives or subtractors for enciphered code, a much
more secure system is provide. These tables are called a
key book or an additive book or a subtractor book. by
applying identifying symbols called indicators to the
pages, as well as to the rows and columns on each page
of the key book, it is possible to provide for secure
encipherment of a large volume of traffic. All
corespondents must have the same key books. In
employing the key book, the indicators tell the
recipient of the message what key groups were used and
where to begin the decipherment of the enciphered code.

In actual practice, indicators are often disguised or

encrypted by a special key or set of keys; this
procedure may add considerably to the security of the
system.

Table 20-13 shows a page from a typical key book. It

contains two sets of 100 4-digit key groups, disposed in
numbered blocks each containing 10 rows and 10 columns
of groups. To designate a group as the initial one to be
employed in encipherment or decipherment, we give the
block number, the row and column numbers of the group.
For example, 0116 is the indicator for the group 8790.
It is usual to take the successive groups in the normal
order of reading. Some keys books consist of 50 + pages
containing 200 + groups making 10,000 in all. The
digits in each block are random numbers. [FR8 ]
If the key book is used once and only once, security of
the system approaches the one-time pad. The messages are
one time system secure even if the enemy has basic code
book. Friedman discusses indicators in much more detail
in [FR8 ].

Table 20-13
Indicators and Key Blocks

Block 00

1 2 3 4 5 6 7 8 9 0

1 0378 9197 3260 3607 2699 9053 9733 1844 6622 4213

2 7185 0135 6091 2387 4957 3113 7284 0750 3501 1945

3 5037 3365 1294 8261 2149 0718 3678 2510 7238 5268

4 8004 5199 3859 1293 5311 3550 9915 0512 1518 3776

5 9282 6893 4229 9736 0927 1418 1930 9864 0090 8974

6 7259 9399 0769 3144 9801 1378 4732 5134 1435 5282

7 2878 9963 7943 4519 3404 9810 1090 4467 7069 5348

8 1620 5879 0218 1064 9560 5732 6661 0883 1883 2619
9 3868 1905 2500 6654 0824 3710 3875 6332 1503 7259

0 4319 3298 7819 8721 1549 6630 6301 5701 3586 1907

Block 01

1 2 3 4 5 6 7 8 9 0

1 9328 1135 3871 1549 0839 8790 1771 8251 3274 1173

2 2297 9550 5033 0102 6817 5579 0847 4038 1200 2949

3 3640 3984 3299 1181 3811 8844 2500 4557 4133 0487

4 1256 9614 5520 8372 1941 2417 1098 4039 3943 8282

5 1751 4254 8479 8647 2684 5511 8680 4660 2315 4857

6 4587 5968 2568 1254 0258 1254 3568 2548 4521 8795

7 1258 6241 0125 2458 4587 5632 2589 1548 1235 1458

8 1254 2548 0004 4561 2565 2437 7849 1245 3265 4879

9 4582 1546 2589 2145 7854 7895 4589 6369 3698 1254

0 1255 1544 7850 2569 9989 8754 2548 1220 0387 0589

DICTIONARY CODES

Dictionary codes are highly specialized forms of

substitution systems. Code books (modified dict-
ionaries) used by the Department of State and military
represent a greater condensation of words than comm-
ercial systems - a single code group may represent a
long phrase. The average condensation of a diplomatic
code is 1:5 while a commercial code is only 1:3. [DAGA]
By way of comparison, modern PKZIP compression is 1:3 -
1:4 on normal text. I recently experimented with PKZIP
on the TEA program library for eight words and up and
found an average compression of 1:2.5. These groups
are all pronounceable artificial words. For example, we
might have ABACA in commercial code, EXA in diplomatic
code and occasionally syllables as BA in Marconi code.

It is difficult to safeguard against the loss of

codebooks which have to be printed in fair numbers.
Macbeth reports on an interesting story about Ottoman
Field-Marshal Osman Pasha during the Russo-Turkish war
in 1877. Pasha entrusted one of his generals, Selim
Pasha with a confidential mission. Selim was the officer
in charge of ciphers and codes and always kept the code
book on his person. Selim departed so promptly on his
mission that he forgot to leave the volume with his
chief. And the latter, during the whole time of the
Adjutant's absence, saw a pile of ciphered messages from
Constantinople accumulate on the table without being
able to read or reply to them. [DAGA]

Codes used in conjuction with ciphers (superencipher-

ment) can be very difficult to break; but the work and
time involved in making this combination can be
significant (if done by hand in the field.) Computers
reduce the legwork significantly.

The typical dictionary code protocol is as follows:

1) Agree with the recipient on the exact edition of the

diction to be used, i.e. Concise Oxford Dictionary,
current edition, by Fowler and Le Mesurier.

2) Use the number of the page, and the number of the

word down the page to encipher:

Given Plain: " Reunion Berlin Tomorrow"

Code:

1006 (page no.), 12(word no) = Reunion

0104 (pages with fewer than four numbers would have a 0
added in front to keep to the uniformity), 17 (word no.)
= Berlin
1291 - 08 (on the same principles) = To-morrow

Ciphertext:

100612 010417 129108

These figures, if greater secrecy is required, could

again be enciphered and thus converted into letters by
means of an agreed upon cipher.

3) Prepare for superencipherment by dividing the figures

into pairs and then convert them into letters by
means of a table such as Table 20-14.

Table 20-14

Digraphic Equivalents for Superencipherment

1 3 5 2 4 9 7 8 6 0
9 AN DA HN JT MB KC GF ES BZ ZA
2 CK AO DB HO JS GE ER BY FR YB
7 IR CJ AP DC GD EQ BT FQ LH VA
4 MC IY CI AR DD BS FP LI NL VB
8 MA KB GC CG AS DF HP JU OB VC
1 KA GB EP BR CE AT DG HQ JQ TZ
5 GA EO BP FO IX CC AX DH HR TY
3 EN BO FN LJ NK IZ CB AY DJ SB
6 BN FM LK NJ OA OC IV CB AZ QA
0 XY YA BY YB XC XE YD YE YX QC

Nulls: WA WE W, to end message in groups of fove

letters.

The numbers enciphered into letters:

TZYXBR XYXCDG BRANYE

and the cryptogram for transmission:

TZYXB RXYXC DGBRA NYEWA

The suggested cipher can easily be arranged to make

pronounceable words suitable for telegraph or
radiotelegraph transmission.

Certain dictionaries have been issued which give two

columns on each page with words directly opposite to
each other. Then it is possible to give the word
opposite the one we really mean, or a word which is 5 or
3 or 10 places either above or below the one we want to
encode. Codes of this kind can be solved readily.

CRYPTANALYSIS OF A SIMPLE DICTIONARY CODE

An Australian criminologist named Mansfield presented

some interesting principles for solving dictionary
codes. He calculated dictionary progressive lists,
giving numbers of words beginning with any two letters
in dictionaries of 10,000 - 100,000 words. [DAGA]

Given:

55381 42872 35284 44381 45174 56037 55381 46882

23171 44234 55366 55381 00723 12050 61571 36173
55381 56442

We rearrange the list from lowest numbers to highest.

00723 42872 55381 (5 times)

12050 44234 56037
23171 45174 56442
35284 46882 61571
36173 55366

Words beginning with XYZ are seldom used, so we can take

it that the highest number indicates a word beginning
with a W or a T. [ Mansfield made big assumptions about
nulls and standardization of the dictionary. Lectures 2
and 3 showed how we can rip this assumption to shreds.]
But the list of bigram frequencies (from Lecture 1)
gives us the commonest initial group as TH or THE, and
if we fix any repetition of such nature, then we may
have the T in that dictionary. Naturally, we start with
55381 occurring five times and assume it is THE.

The highest number after that is 61571, so that it could

indicate a word beginning with a W. This gives us a
clue to the probable number of words in the dictionary
used for the code. It cannot be over 65,000 words as XYZ
words are very few, seldom more than 3,000. [This part
of Manfield's analysis is an extraordinary jump of faith
-what is more extraordinary is that it will work more
than 60% of the time on simpler dictionary codes.]

According to Mansfield's Progressive Dictionary Lists,

we attempt to fix the probable first two letters of each
word in the code. For instance the 2nd group 12050 will
be between 11646 (terminating words beginning with DA)
and 12850 (terminating words beginning with DE), so that
it is probable to be a word beginning with DE. [DAGA]
[MANS], [MAN1]

Using Mansfield's lists we obtain:

THE RE--- OF THE RO--- TO- THE SE- -HA - RE- TH- THE
RE- DE- - WA- OV- THE TO-

We locate in the dictionary the word THE (55381) and

count back twenty words for 55366 (th). This gives us
an area covering words THANE, THANK, THAT, THATCH. We
try the most likely THAT. We note the two words
starting with letters TO- 56037 and 56442. Words
beginning with TO start at 56037 and stop at 56466, so
that it is reasonable guess to assume the first is TO
and the second (56442), we count twenty words back to
find the word TOWN.

The R group is: -RE- (42872) and RE- (44234) and RO-
(45174). RE stands 300 words from the end of the RA's
which stop at 42573, according to Mansfield's tables.
This gives us the following words to select from:
RECLINE, RECOMMEND, RECOMPOSE, RECONNAISSANCE, RECOUP,
and RECOVER. We choose RECONNAISSANCE. The next look at
our cipher is:

THE RECONNAISSANCE OF- THE ROUTE TO THE SE- HAS-

REVEALED THAT THE AE- DE- WA- OV- THE TOWN.

We apply the same process to the AE- 00723 and get

airplane, while the DE- 12050 occurring one-quarter of
the way from the end of the DA to the end of the DE
brings us to DEF, limited by DEFACE and DEFY, where only
DEFEAT, DEFENSE, DEFEND, and DEFENSIVE are probable. We
select airplane defensive us near the mark.

SE- should be sea 46882 and OVER for OV- 36173. The of-
is in fact OF, and the HA- is has, and the WA- is was.
The complete message reads:

THE RECONNAISSANCE OF THE ROUTE TO THE SEA HAS

REVEALED THAT THE AIRPLANE DEFENSIVE WAS OVER THE
TOWN.
[MANS] tells us that the real message was off by two
words. Instead of AIRPLANE DEFENSIVE, it was AIR
DEFENSES, but the meaning was essentially the same.

What Mansfield did show us in 1936 was that the laws of

probability work with dictionary codes. The search in
the area of possible words will give us the root of the
plain text so that we may deduce the whole meaning of
the code.

DIPLOMATIC CODES

One of the best references on historical codes (1775-

1938) in the United States was written by Professor
Ralph Weber. [WEBE] He describes one interesting code
used in 1867 by the State Department known as WE029.
(Refer to Table 20-15) It used a simple substitution
masking procedure, eliminated the use of the letter W
because it was not used in European or Latin nations,
focused on 24 letters of the alphabet and assigned them
to the 24 most common parts of speech such as articles
and other words (s= plural; a = THE; e = AND, etc.)
Other ordinary words were assigned to the approximately
600 combinations of 2 of the letters. Three letters were
used for the remainder of the vocabulary required for
common diplomatic usage; a fourth letter was added for
plurals, participles and genitives. When encoding the
plural, genitive, or participle of a 2-letter word, the
third letter would be placed apart in order to avoid
confusion. Code symbols were prepared for principal
countries and cities in the world, for states, major
cities, and territories of the United States, and for
proper names of men in English. A cipher table was to be
used for those words not on the list. The first 74
pages of the code was the encode section, and contained
the words in alphabetical order together with the code
symbols; for example the very first word was Aaron with
the symbol ABA, the last word of the first page was
Acknowledge with a symbol of EA. The decode section (3-
letter symbols) was not published in one sequential
alphabet and was time consuming. Transmission of the
code by cable was awkward because number of characters
was not standard. It was not until 1876 that the 5 digit
form became standard in the American ciphers. This code
became the secret communication mask for American
ministers in foreign legations in the years to 1876.
Table 20-16 is a chart of the number of encoded lines
sent from American ministers in seven major nations
using this code.

Table 20-15
1/3 Sample page WE029

ekf Lamentation
elf Language
emf Languid
enf Languidly
eof Languish
epf Languishing
eqr Lapse
erf Large
esf Largely
etf Lasting
euf Lastly
evf Late
exf Latent
eyf Latently
ezf Latin
faf Latitude
fbf Later
fcf Laugh
fdf Launch
fef Lavish
fff Lavishly
fgf Lawyer
fhf Lawful
fif Lawfully
fjf Lawfulness
fkf Lawless
flf Lawlessly
fmf Lawlessness
fnf Lax
fof Laxity
fpf Laxly
fqf Laxness
frf Lay
fsf Laziness
ftf Lazy
fuf Leader
fvf League
fxf Leak
fzf Lean
gaf Leap
gbf Learning
gcf Leave
gdf Lecture
gef Lecturer
gff Left
ggf Legal
ghf Legally
gif Legibility

Table 20-16

Russia Netherlands Great Britain Mexico

1866 11
1867
1868 38
1869 122
1870 6 184
1871 259 61
1872 3 189
1873 1
1874 17
1875 20
1876
Total 305 606

France Spain Germany

1866 33
1867
1868 7
1869 26
1870 27 52 11
1871 5 40
1872 31 10
1873 1 34 6
1874 20 2
1875 25 46
1876 13
Total 71 170 115

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

25 DECEMBER 1996
Revision 0

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 21

CRYPTANALYSIS OF THE NAVY CSP 1500 CIPHER MACHINE

[ HAGELIN C-38 FAMILY ]

SUMMARY

Lecture 21 looks, in some detail, at an early cipher

machine, the Navy CSP 1500 cipher machine, which is the
equivalent of the Hagelin cipher machine, type C-38,
to illustrate some of the interesting cryptographic
principles surrounding the era of cipher machines and
the famous engineer Hagelin. We develop our subject via
a select group of references. [FR8 ], [NICH], [BARK],
[DOW], [KULL]

MACHINE CIPHER SYSTEMS

Cryptographic principles or methods which are too

complicated for hand operation may nonetheless be
readily mechanized and become highly practical.
Electrical and electromechanical cipher machines have
been developed which are capable of producing crypto-
grams of great complexity; these cipher machines are to
be differentiated from cipher devices, which are
relatively simple mechanical contrivances for encipher-
ment and decipherment, usually hand-operated or
manipulated by the fingers, such as sliding strips or
rotating disks. [ Who would have guessed that we would
equip SEALS with hand sets to access satellites via
encrypted channels and that the newest CRAY system will
perform 3 Trillion calculations per second - a
cryptographers dream computer.]

Back to history circa 1930. Machine cipher systems may

be classed into two broad categories: (1) literal
systems, in which the plaintext and ciphertext symbols
produced or accepted are alphabetical characters and
digits; and (2) nonliteral systems, designed for the
transmission of data in which the symbols or signals
produced or accepted are other than the normal alphabet
and the digits (e.g. teleprinter, ciphony, cifax,
civision, etc.) Furthermore, literal cipher machines may
be divided into two general classes of key generators
and alphabet generators, or a combination of the two;
nonliteral machines are usually of the key generator
class. [FR8 ]

TRANSPOSITION CIPHER MACHINES

Transposition machines are rarely encountered although

they do exist. Rudolf Zschweigert was granted a patent
on 12 November 1920 in Germany on the first trans-
position cipher machine. The problems of letter
storage, and automatic transposing of letters within
lines and the irregular displacements of the key are not
were not easily accomplished.

SUBSTITUTION CIPHER MACHINES

Substitution methods lend themselves much more readily

to automatic encipherment than do transposition methods.
The substitution principle lends itself ideally to
mechanization by cipher machines; these cipher machines
range from the most primitive types which afford only
monoalphabetic substitution to very complex types in
which the number of alphabets and the length of the
keying cycle run into the millions. If the encipherment
is monoalphabetic for a succession of 20 or more letters
before alphabet changes, the cryptosecurity is low,
especially if the various alphabets are interrelated as
a result of their derivation from a limited number of
primary components. In some cipher machines the number
of secondary alphabets is quite limited, or the manner
in which the mechanism operates to bring cipher
alphabets into play is so ingenious that the solution of
cryptograms produced by means of the machine is
exceedingly difficult. [FR8 ]

Other things being equal, the manner of shifting about

or varying the cipher alphabets contributes more to the
cryptosecurity than does the number of alphabets
involved, or their type. It is possible to employ 26
direct standard alphabets in such an irregular sequence
as to yield greater security than is afforded by use of
a 1000 or more different random-mixed alphabets in a
regular way or an easily ascertained method. inventors
sometimes forget this principle. [FR8 ]

In the following paragraphs we will discuss the CSP 1500

which is the U.S. Navy version of the Hagelin C-38
cipher machine as a typical key generator.

HAGELIN C-38 CIPHER MACHINE FAMILY

Historically - in the United States the Hagelin Crypto-

graph is probably best known as the U.S. Army's M-209 or
the U.S. Navy's CSP-1500. [Later versions were design-
ated by Hagelin as C-48 but I will focus on the C-38
plain vanilla machine.] This machine is one of an array
of ingenious machines invented and manufactured by a
Swedish engineer by the name of Boris Caesar Wilhelm
Hagelin. The C-38 (CSP 1500 or M-209A) is a small,
compact, hand-operated, tape-printing, mechanical cipher
machine, weighing 6 pounds, with overall dimensions 7.25
" x 5.50 " x 3.5 ".

The cryptographic principle embodies polyalphabetic

substitution, employing a complex mechanical arrangement
to generate a long running key which is used in
conjuction with reversed standard alphabets for the
primary components. In encipherment, the machine in
effect subtracts (mod 26) each 0p from the key to yield
the 0c, and subtracts each 0c from the key to yield the
0p. Actually, the machine adds the key to the complem-
ents of the plain or of the cipher. Remember that I
used the designation of "theta", i.e. 0c, 0p, 0k for the
cipher, plain and key, to represent characters or
letters without indicating its identity. So rather than
"any letter of the plain text," we use the symbol 0p and
so forth. Because of the subtraction feature , the C-38
and machines of similar genre have been called "letter
subtractor machines."

PICS

References with pictures of the Hagelin C-38 [C36/C48]

include: Friedman's "Military Cryptanalytics Part II -
Volume 2," page 463, published by Aegean Park Press, C-
45, 1985; Barker's "Cryptanalysis of the Hagelin Crypt-
ograph," C-17, by Aegean Park Press, 1978; [BARK -pages
1, 124,127,131] ; "Operating Instructions for Converter
M-209," U.S. Army, Technical Manual 11-380, 17 March
1944; Oakley, "The Hagelin Cryptographer - Model C-38,
Converter M-209: Reconstruction of Key Elements," 12 May
1950; Kahn's "The Codebreakers," Macmillan Co., page
429, 1967; Deavours, Cipher A. and Louis Kruh, "Machine
Cryptography and Modern Cryptanalysis, Artech House,
1985. Several excellent Cryptologia articles have
pictures of the Hagelin machines.

I recently sent a DOC file with a picture of the outside

of CSP 1500 machine to our CDB. It is readable in WORD
6. Thanks to both PHOENIX and MEROKE for the CSP 1500
DOC picture file. A copy of page 463 from [FR8 ] has
been sent to all my non-Internet students.

WHEELS OR ROTORS

The CSP 1500 has six wheels or rotors of identical

diameters; these wheels have individual periods of
26, 25, 23, 21, 19, and 17. Equidistant around the
peripheries of the wheels are engraved the following
sequences of letters:

Rotor I or "26 wheel": ABCDEFGHIJKLMNOPQRSTUVWXYZ

Rotor II or "25 wheel": ABCDEFGHIJKLMNOPQRSTUVXYZ
Rotor III or "23 wheel": ABCDEFGHIJKLMNOPQRSTUVX
Rotor IV or "21 wheel": ABCDEFGHIJKLMNOPQRSTU
Rotor V or "19 wheel": ABCDEFGHIJKLMNOPQRS
Rotor VI or "17 wheel": ABCDEFGHIJKLMNOPQ

At each lettered position there is associated a small

pin near the edge of the wheel, which pin may be pushed
to the left (or "inactive position") or to the right
(or "active position"). The six wheels of the CSP 1500
move one step with each encipherment or decipherment; If
they are initially aligned at AAAAAA, the second
alignment will be BBBBBB, the 18th will be RRRRRA, and
the 27th will be ABDFHJ. The formal name of these wheels
is "variable pin rotors," to distinguish them from
"fixed pin rotors" used in some types of cipher
machines, and from "wired rotors used in electrical
cipher machines.

Since the number of wheels are relatively prime to each

other, the cycle of the machine will be the product
(26x25x23x21x19x17) or 101,405,850; in other words, the
wheels will not return to their initial position until
after this number of letters has been enciphered.

THE SQUIRREL-CAGE

Just behind the six wheels is a revolving drum something

like a squirrel-cage, composed of two circular retaining
plates holding 27 horizontal bars, on each of which are
two lugs, one or both of which may be set at six
effective positions (corresponding to the six wheels) on
the bar, or to neutral positions. The retaining plates
actually had 29 slots, and in some models were equipped
with 29 bars. The pins, when in the active position on a
specific wheel, serve to engage those lugs which have
been set opposite that wheel causing the particular bars
to be displaced slightly to the left; these displaced
bars act as teeth of a gear wheel, displacing the
reversed standard alphabets a corresponding number of
positions. In reality, an 'active' pin, when it reaches
the sensing or 'reading' position, pushes back a key-
wheel lever situated behind its wheel, and it is this
lever that engages the lugs in that wheel position and
causes the bars to move to the left; a lever in the
forward position does not come into contact with lugs.
If Rotors I-VI are aligned at the apparent or 'window'
setting of AAAAAA on the bench mark, the reading or
effective positions of the six wheels will be at PONMLK.

The number of lugs in the path of a particular wheel is

known as the kick of that wheel; the total kick or key
is the sum of all the kicks contributed at a given
position of the six key wheels, as governed by those
key-wheel levers which are in a position to contact the
lugs on the drum. When both lugs on a bar have been set
to effective positions, the activity of either one or
both of the wheels involved will still contribute only
one kick for that bar, since the bar acts as one tooth
of a gear. This situation is known as the double lug
effect, and the amount of overlap (i.e, the number of
displaced bars having two effective lugs) must be
subtracted from the total number of lugs actuated at a
given setting to ascertain the actual total key; for
example, if wheels with kicks of 1, 4, and 7 are the
only ones at a given position with effective kicks, and
if among the bars displaced there is an overlap of 2,
the total key is (1+4+7) -2 =10.

LETTER ENCIPHERMENT

The encipherment (or decipherment) of a letter is

accomplished by obtaining the sum mod 26 of the key and
the complement of the letter. For example, assuming the
juxtaposition of the reversed standard alphabets to be
fixed as:

Plain : ZYXWVUTSRQPONMLKJIHGFEDCBA
Cipher: ABCDEFGHIJKLMNOPQRSTUVWXYZ

I R(plain) is enciphered at a setting of the machine

where the total key is 5, the cipher equivalent is N
(cipher), measured 5 intervals to the right of the
complement, I: if the key were six, E (plain) would be
enciphered as B (cipher); etc. In the operation of the
CSP 1500, the kick imparted to the type wheel is in the
order of the ascending alphabet, whereas the sequence on
the indicating disk moves in the reverse direction. The
relative juxtaposition of the reverse standard alphabets
may be varied by what is known as a slide , which has
the effect of adding a constant to all the elements of
key being generated by the machine. The slide is brought
about mechanically by adjusting the relative disp-
lacement of the type wheel and the indicating disk. In
the example above, the slide was really A=Z (=0,mod
26). If instead of K - P = C we express the Hagelin
formula as P(bar) + (K + S) = C, where P (bar) is the
complement (The complement of a number a, mod m, is
m-a). of the plain and S is the slide, and if we use the
mod 26 scale:
A B C D E F G H I J K L M N O P Q R S T U
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

V W X Y Z
22 23 24 25 0

It can be seen that if R (plain) is enciphered with a

kick of 7 and a slide of 22, then:

R(bar-plain) +(7 +22) = (26-18) +(7+22) = 37

= (11, mod 26) = K (cipher)

Since the CSP 1500 employs reciprocal alphabets, the

operations of encipherment and decipherment are
complementary; therefore the decipherment formula is
C (bar) + (K + S) = P, as is shown by the example

K(bar-cipher) +(7 + 22) = (26-11) +(7+22) = 44

= (=18, mod 26) = R (plain)
AN EXAMPLE OF KEY GENERATION IN THE CSP 1500

As an illustration of the generation of key in the CSP

1500, let us assume that the six wheels have the
following pattern of active (x) pins and inactive (.)
pins:

Rotor I : ABCDEFGHIJKLMNOPQRSTUVWXYZ
..xxx.x.x x...xx.xxxx..x.x

Rotor II : ABCDEFGHIJKLMNOPQRSTUVXYZ
.x.x.x..x.x....xxxx.xxxx.

Rotor III: ABCDEFGHIJKLMNOPQRSTUVX

.x.xx.x..x..xxxx.x.x.xx

Rotor IV : ABCDEFGHIJKLMNOPQRSTU
xx.x.x.x.xxx....x...x

Rotor V : ABCDEFGHIJKLMNOPQRS
..xxxx.x.x..x...xxx

Rotor VI : ABCDEFGHIJKLMNOPQ
x..xxxx...x...x.x

Let us also assume that the lugs have been set up

against their respective wheels as shown below (with the
overlap distributed as is indicated by the brackets):

I II III IV V VI
|--2--| |-----1------|
8 9 4 1 6 2

The sum of the kicks of the individual wheels is 30;

this number minus the three overlaps shows that 27 bars
have been used. With this particular overlap pattern,
when wheels I and II are effective, their combined kick
is 15; when II and V are effective, their combined kick
is 14: and when wheels I, II, and V are effective, their
combined kick is 20. If the rotors are aligned so the
effective setting is at HHGNKF (so the apparent setting
in this case would be SSQBSM) and if the slide is o, (if
the slide were any value than 0, the total key would be
increased by a constant equal to the amount of the
slide) the generation of the first 30 key elements is
shown in the following diagram: [The brackets in the
individual key streams mark the cycle of the respective
key wheels in terms of the initial alignment.]

1 2 3 4 5 6 7 8 9 10 11 12 13 14
--------------------------------------------
--- I . 8 . 8 . . . 8 8 . 8 8 8 8
2
--- II . 9 . 9 . . . . 9 9 9 9 . 9
---
III 4 . . 4 . . 4 4 4 4 . 4 . 4

IV . . . 1 . . . 1 1 1 . 1 . 1
1
--- V . . 6 . . . 6 6 6 . . 6 6 6

VI 2 2 . . . 2 . . . 2 . 2 2 .

Total 6 17 6 20 0 2 10 19 25 16 15 27 16 25
Key

15 16 17 18 19 20 21 22 23 24 25 26
---------------------------------------------
--- I . . 8 . 8 . . 8 8 8 . 8]
2
--- II 9 9 9 . . 9 . 9 . 9 .] .
---
III . 4 4 . 4 . 4 4 .] 4 . .

IV . 1 . 1 1 1 .] . . . 1 .
1
--- V 6 . 6 . 6 . . 6 . . . 6

VI . 2 2] 2 2 . . . 2 . . .

Total 14 16 26 3 21 10 4 24 10 19 1 14
Key

27 28 29 30
-------------
--- I . 8 . 8
2
--- II 9 . 9 .
---
III 4 . . 4

IV . . 1 1
1
--- V 6 6 . .

VI 2 . 2 2

Total 20 14 12 15
Key

If the first word of a message was ADVANCE, it would be

enciphered as EMJSLYE with the keys 6 17 6 20 0 2 10.
Note in the diagram above, that the key of 26 in column
17 is equivalent to 0, and the key of 27 in column 12 is
equivalent to 1. Also note that there are several ways
to obtain certain keys, such as a key of 10 in columns
7, 20, and 23. There are 64 possible combinations of
six things, and since there are only 26 different
displacements possible of the primary components, there
is of necessity a considerable duplication of key
elements. With this particular lug arrangement, there
are 7 key values (2,3,4,5,23,24,25) that can occur in
only one way, since 26 = 0 and 27 =1, 6 key values that
can occur in four ways, and 1 key value 15 that can
occur in five ways. With some lug arrangements, certain
key values may be impossible to produce.

MESSAGE ENCIPHERMENT

The following are detailed steps performed in the

encipherment of a message with the CSP 1500:

(1) First, the pins and lugs are set up according to the
key for the particular date. A slide is selected and
is set on the machine. An initial message rotor
alignment is chosen and recorded for future use. The
slide and the initial alignment will be incorporated
as indicator groups which are usually included with
the final cryptogram. These indicator groups are
usually not sent in the clear. The letter counter is
reset to a multiple of 5 and recorded; the knob is
set to "C" for cipher position.

(2) The first letter of the message plain text is now

set on the indicating disk against a bench mark and
the drive knob is given a clockwise turn. This
causes the drum to make a complete revolution,
imparting a kick to the print-wheel assembly equal
to the number of bars which have been displaced by
the action of the pins against the key-wheel levers,
and the enciphered letter is printed on the tape at
 the end of the operating cycle. The six key wheels
have moved one step each during the process, and new
pins have come into contact with the key-levers to
set up the key for the encipherment of the next
letter.

(3) The succeeding plaintext letters are treated in the

same fashion; at the end of every word a fixed
letter (usually Z or K) may be enciphered as a word
separator. After the encipherment of every 5th
letter the machine causes the tape to advance
another space, so that the final cryptogram is in 5
letter groups ready for transmission.

(4) In decipherment, the pins and lugs of the machine

are set up according to the key, and the slide and
the message rotor alignment for the particular
message are established from the indicators. The
encipher-decipher knob is set to the "D" position,
and the first letter of the cipher message is set on
the indicating disk against the benchmark; when the
drive knob is operated, the decipherment is printed
on the tape. The "D" position also suppress the Z
plain word separator.

The Hagelin C-38 was used during World War II by the

United States armed forces as a low-echelon cipher
machine, under the nomenclature of M-209 in the Army and
CSP 1500 in the Navy; the U.S. machines, however, where
not generally equipped with a settable slide: the
reversed standard alphabets were set at A=Z. [FR8 ]

CRYPTANALYSIS OF THE CSP 1500

Colonel Barkers' cryptanalysis of the Hagelin

Cryptograph represents a clear way to illustrate the
process. [BARK] Message encipherment and decipher-
ment on the CSP 1500 are performed mechanically. We must
consider the equivalent "on paper" processes of the
cryptographic machine.

The first basic rule is given any two elements of the

following: ciphertext, plaintext, key; the third element
may be found. Thus, during encipherment, plaintext
enciphered with key results in ciphertext. The reverse
process is true during decipherment. However, important
from the viewpoint of the cryptanalyst, given ciphertext
with the plaintext known, the key may be recovered.

The CSP 1500 is based on the Beaufort Tableau shown in

Table 21-1. The Beaufort Tableau provides the relation-
ship between the ciphertext, plaintext and key. Note
that the numerical key is runs from 0-27; and that 1 and
27 are equivalent, as are the numbers 0 and 26.
 Table 21-1
C-38 Hagelin Cipher Machine (CSP1500)
Beaufort Tableau

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0/26 Z Y X W V U T S R Q P O N M L K J I H G F E D C B A
1/27 A Z Y X W V U T S R Q P O N M L K J I H G F E D C B
2 B A Z Y X W V U T S R Q P O N M L K J I H G F E D C
3 C B A Z Y X W V U T S R Q P O N M L K J I H G F E D
4 D C B A Z Y X W V U T S R Q P O N M L K J I H G F E
5 E D C B A Z Y X W V U T S R Q P O N M L K J I H G F
6 F E D C B A Z Y X W V U T S R Q P O N M L K J I H G
7 G F E D C B A Z Y X W V U T S R Q P O N M L K J I H
8 H G F E D C B A Z Y X W V U T S R Q P O N M L K J I
9 I H G F E D C B A Z Y X W V U T S R Q P O N M L K J
10 J I H G F E D C B A Z Y X W V U T S R Q P O N M L K
11 K J I H G F E D C B A Z Y X W V U T S R Q P O N M L
12 L K J I H G F E D C B A Z Y X W V U T S R Q P O N M
13 M L K J I H G F E D C B A Z Y X W V U T S R Q P O N
14 N M L K J I H G F E D C B A Z Y X W V U T S R Q P O
15 O N M L K J I H G F E D C B A Z Y X W V U T S R Q P
16 P O N M L K J I H G F E D C B A Z Y X W V U T S R Q
17 Q P O N M L K J I H G F E D C B A Z Y X W V U T S R
18 R Q P O N M L K J I H G F E D C B A Z Y X W V U T S
19 S R Q P O N M L K J I H G F E D C B A Z Y X W V U T
20 T S R Q P O N M L K J I H G F E D C B A Z Y X W V U
21 U T S R Q P O N M L K J I H G F E D C B A Z Y X W V
22 V U T S R Q P O N M L K J I H G F E D C B A Z Y X W
23 W V U T S R Q P O N M L K J I H G F E D C B A Z Y X
24 X W V U T S R Q P O N M L K J I H G F E D C B A Z Y
25 Y X W V U T S R Q P O N M L K J I H G F E D C B A Z

Note the beautiful diagonal letter symmetries. (You can

see what this course is doing to me. Instead of thinking
about say Michelangelo' paintings or a desert sunset, I
am defining beauty as a diagonal letter group.)

Barker's analysis is cumulative. He starts with the

mythical 'one wheel effective' CSP 1500 and builds up to
the six wheel CSP 1500.
WORD SPACING WITH THE LETTER Z

In order to obtain spacing between words - making the

plaintext more easily readable - the CSP 1500 is
designed so that the plaintext letter Z prints as a
space. For example the following plaintext:

HELPZNEEDEDZONZHILLZSSIXZONEZZEROZZERO

is read from the tape:

HELP NEEDED ON HILL SIX ONE ERO ERO

The letter Z actually does occur in the message text,

and appears as a space as designed, so it must read into
the text. Some Hagelin machines used a K instead of the
Z.

Because the Z is hardwired in the CSP 1500 to produce a

space, the enciphered plaintext is particularly
"unusual" or "rough" statistically. So non-normal in
fact is Hagelin plaintext that the mathematical approach
in the general solution can easily be described as
extremely effective. The statistical tests used in
matching distributions, such as the Chi test, are
decidedly more accurate than if the text were simply
normal English text without the letter "Z" between
words.

Based on a distribution of 50,000 letters of English

military text in some 9,619 words with the letter "Z"
being used as a space between words, the average
frequencies per 1000 letters are the following [BARK]:

A - 62 J - 1 S - 51
B - 8 K - 2 T - 77
C - 26 L - 31 U - 22
D - 35 M - 21 V - 13
E - 109 ** N - 67 W - 13
F - 24 O - 63 X - 4
G - 14 P - 22 Y - 16
H - 28 Q - 3 Z - 162 **
I - 62 R - 64

By examining these expected frequencies of letters in

Hagelin plaintext, it will be seen that the two letters
E and Z comprise over 25% of the text! The six letters,
E, N, O, R, T, and Z, comprise over 50% of the text. The
normal text is obviously skewed. Thus with the abnormal
high-frequency of the letter Z especially, one can
understand that the statistical tests used in analyzing
the CSP 1500 traffic, such as the Chi test, for example,
are very successful in matching distributions even when
the amount of available text was limited.
Let's give ourselves some quick Table 21-1 experience.

1) Given the keying sequence " 5 26 12 19 0 27 6 5 0 21

8 4 0 5 13" and ciphertext, we read the plain: "Return
to base."

5 26 12 19 0 27 6 5 0 21 8 4 0 5 13
N V S Y I N G L L V G D H A N
R E T U R N Z T O Z B A S E Z

2) Given the key "0 6 6 0 0 0 6 0 6 0 0 6 6 0 6 0 6 6 0

6", we decipher the following ciphertext to read:
"Furnish information."

0 6 6 0 0 0 6 0 6 0 0 6 6 0 6 0 6 6 0 6
U L O M R H Y A X M U R O N F G X R M G
F U R N I S H Z I N F O R M A T I O N Z

3) Given the plaintext "SEND MORE SUPPLIES," we recover

the key used to encipher the following message:

S E N D Z M O R E Z S U P P L I E S Z Z
H D M W I N T I D I H N K S O Z D P A I
0 8 0 0 8 0 8 0 8 8 0 8 0 8 0 8 8 8 0 8

ANALYSIS OF A SINGLE-WHEEL CSP 1500 CIPHER MACHINE

The cryptographic security basically inherent in the

Hagelin family of machines is provided principally by
the manner in which key is generated.

Recognize that the single wheel Hagelin is a "mythical"

machine, as are the two, three and even four wheel
varieties. In each case the remaining wheels would have
to be in a non-effective position.

We know that each wheel has a given length with given

number of pin positions. As letters are enciphered (or
deciphered), the wheels simultaneously revolve step-by-
step, one position to the next. A 17 position, or pins,
wheel, after encipherment of 17 letters will have
returned to its original position.

The two mechanical variables set prior to encipherment

(or decipherment) by the cryptographic clerk in the CSP
1500 are lug-settings and pin-settings. Both of these
affect key generation.

First, the number of lugs may be made effective for each

wheel. The number of lugs on a wheel may be
1,2,3,..12,..etc. If no lugs are set to effective
position, than the wheel is in non-effective condition.
Again, the number of lugs in the path of a particular
wheel is known as the kick of that wheel; the total kick
or key is the sum of all the kicks contributed at a
given position of the six key wheels, as governed by
those key-wheel levers which are in a position to
contact the lugs on the drum.
Second, each position of the wheel may be made effective
or non-effective by pushing a pin to the right or the
left. If a pin is pushed to the left, it is non-
effective; if a pin is pushed to the right, the position
is effective (contributes to the key).

Third, when a position on the wheel is effective, when

its "pin" is to the right, the key generated by the
wheel will be equal to its kick or equal to the number
of "lugs" set on the wheel. When a position on the wheel
is non-effective, the key will be 0. For example, the
key generated from a wheel of 17 positions might look
as follows:

0 8 8 8 0 0 8 0 8 0 8 0 0 8 8 0 8] 0 8 8 8 0 0 8 0 8 ...

It can be seen that in this generated keying sequence

the number of lugs set on the wheel is eight; the first
position is in non-effective (left) position; in the
next three position's, the pins are effective (right).
The bracket shows that after 17 numbers of the key, the
keying sequence, repeats.

For a single wheel case, the generated keying sequence

always consists of a combination of but two numbers, one
being 0, representing a "pin" in a non-effective
position.

Consider the following cryptogram enciphered with a

single-wheel:

Y V X L M G A L U V C G X A N P F V Q R

W A C V N L H H P I B A W B A X G B K A

W Y Z C H D R W G H C T A P G A M H J S

W A Q A A.

Rather than the trial-and-error approach, lets take

advantage of the 'Z' word-spacer at the final group of
the message. Assume that the letter 'Z' was used as a
null to complete the last five-letter group of the
message. Examining the last group:

cipher: W A Q A A
assumed plain : Z Z Z Z Z
resulting key : 22 0 16 0 0

We can disregard the W, for it most likely is the last

letter of the message; but the last four letters appear
to represent Z's. The generated key probably consists of
the numbers 0 and 16.
Testing our theory on the cryptogram for the first 20
letters the possibilities are:

ciphertext : Y V X L M G A L U V C G X A N P F V Q R
if key = 0 : B E C O N T Z O F E X T C Z M K U E J I
if key = 16 : R U S E D W P E V U N K S P C A K U Z Y

We use the letter Z to show the probable spaces between

words.

B E C O N T Z O F E X T C Z M K U E J I
R U S E D W P E V U N K S P C A K U Z Y

yields

B E C O N T O F E X T C M K U E I
R U S E D W E V U N K S C A K U Y

The plaintext is evident:

B E C O N T O F E X T C M K U E I
R U S E D W E V U N K S C A K U Y

or

RECENT EVENTS MAKE I(T)...

ANALYSIS OF A TWO-WHEEL CSP 1500 CIPHER MACHINE

The two-wheel CSP 1500 is highly unlikely, but can be

duplicated by making all the remaining wheels non-
effective by either (1) putting all the pins of the
remaining wheels to the left or (2) by failing to put
any lugs on the remaining wheels.

Lets consider two keying sequences produced by a 17

letter wheel and a 19 letter wheel respectively.

Key 1 '17' = 2 0 2 0 2 2 0 2 0 2 0 2 2 0 2 2 0]2 0

Key 2 '19' = 0 3 0 3 3 0 0 3 0 3 3 3 0 0 3 0 3 0 3
Resultant Key 2 3 2 3 5 2 0 5 0 5 3 5 2 0 5 2 3 2 3]

2 0 2 0 2 2 0 2 0 2 0 2 2 0 2]2 0 2 0
0 3 0 3 3 0 0 3 0 3 3 3 0 0 3 0 3 0 3]
2 3 2 3 5 2 0 5 0 5 3 5 2 0 5 2 3 2 3

Note that the resultant key consists of four different

numbers, 0,2,3,and 5, the latter is the sum of 2 and 3.
The brackets show the length of one revolution of the
wheels.

We say the generated key consists of four numbers, 0, x,

y, and z, where x = y = z.

The resulting key sequence will not repeat until the

lowest common multiple of the lengths of the two wheels
is reached, in this case 323 letters. the lowest common
multiple of 17 and 19.

Let us turn to the analysis of a cryptogram produced

from keying sequence generated from two wheels in the
above fashion.

Given:

Begins "TO"

Q P G D V W V I J O K H T B K S G L X M
A N V F W W Z C A E L P O A T B O U F W
K M H V A R X L N R W Z E A G

>From the first word we have the first three keying

letters:

plain : T O Z
cipher: Q P G
recovered key : 10 4 6

The recovered key , 10, 6, 4 follows the property

4+6=10. Indeed, with the known 0 in the keying sequence,
we may know all the numbers which comprise the
resultant, generated key: 0, 4, 6, and 10. We set up the
four possible plaintext equivalents for each ciphertext
letter in the following form:

Q P G D V W V I J O K H T B K S G L X M A N V F
-----------------------------------------------
0: J K T W E D E R Q L P S G Y P H T O C N Z M E U
4: N O X A I H I V U P T W K C T L X S G R D Q I Y
6: P Q Z C K J K X W R V Y M E V N Z U I T F S K A
10: T U D G O N O B A V Z C Q I Z R D Y M X J W O E

W W Z C A E L P O A T B O U F W K M H V A R X L
-----------------------------------------------
0: D D A X Z V O K L Z G Y L F U D P N S E Z I C O
4: H H E B D Z S O P D K C P J Y H T R W I D M G S
6: J J G D F B U Q R F M E R L A J V T Y K F O I U
10: N N K H J F Y U V J Q I V P E N Z X C O J S M Y

N R W Z E A G
-------------
0: M I D A V Z T
4: Q M H E Z D X
6: S O J G B F Z
10: W S N K F J D

We again use the spacer letter 'Z' between words to

identify word lengths. We note that three Z's fall in
the last three columns, strong confirmation that the
four numbers of the keying sequence selected are
correct.

The plaintext becomes evident:

TO GENERAL SMITH SIX WOUNDED FOUR KILLED TWO MISSING

The complete recovery process is diagramed: Ciphertext

-> Plaintext -> Key -> Pin Settings -> Length of Wheels.

With the plaintext now known, the keying sequence can be

recovered:

Cipher: Q P G D V W V I J O K H T B K S G L X M
Plain: T O Z G E N E R A L Z S M I T H Z S I X
Key: 10 4 6 10 0 10 0 0 10 0 10 0 6 10 4 0 6 4 6 10

Cipher: A N V F W W Z C A E L P O A T B O U F
Plain: Z W O U N D E D Z F O U R Z K I L L E
Key: 0 10 10 0 10 0 4 6 0 10 0 10 6 0 4 10 0 6 10

Cipher: W K M H V A R X L N R W Z E A G
Plain: D Z T W O Z M I S S I N G Z Z Z
Key: 0 10 6 4 10 0 4 6 4 6 0 10 6 4 0 6

With the keying sequence now recovered, the final step

is to determine the "pin settings" of the two CSP 1500
wheels; and at the same time to determine the lengths of
the two wheels involved.

With the four numbers 0,4,6, and 10, we know:

(1) that a 0 results when both wheels are in a non-

effective position.

(2) that when a 4 results, the position of the wheel

containing four lugs is active, and the other with
six lugs is non-effective.

(3) that when a 6 results, the position of the wheel

containing six lugs is active, and the other with
four lugs is non-effective.

(4) that when a 10 results, the positions, or pins of

both wheels are effective.

Key: 10 4 6 10 0 10 0 0 10 0 10 0 6 10 4 0 6 4 6 10
Wheel 1: 6 0 6 6 0 6 0 0 6 0 6 0 6 6 0 0 6 0 6 6
Wheel 2: 4 4 0 4 0 4 0 0 4 0 4 0 0 4 4 0 0 4 0 4
Key: 0 10 10 0 10 0 4 6 0 10 0 10 6 0 4 10 0 6 10
Wheel 1: 0 6 6 0 6 0 0 6 0 6 0 6 6 0 0 6 0 6 6
Wheel 2: 0 4 4 0 4 0 4 0 0 4 0 4 0 0 4 4 0 0 4

Key: 0 10 6 4 10 0 4 6 4 6 0 10 6 4 0 6
Wheel 1: 0 6 6 0 6 0 0 6 0 6 0 6 6 0 0 6
Wheel 2: 0 4 0 4 4 0 4 0 4 0 0 4 0 4 0 0

Examination of the pin settings determined for the two

wheels reveals that Wheel #1 is repeating every 19
letters and Wheel #2 is repeating every 21 letters.
Thus, the two wheels and their individual keying
sequences are as follows:

Wheel 1: 6 0 6 6 0 6 0 0 6 0 6 0 6 6 0 0 6 0 6
Wheel 2: 4 4 0 4 0 4 0 0 4 0 4 0 0 4 4 0 0 4 0 4 0

OVERLAP

The CSP 1500 has an additional security element known as

overlap. An overlap of lug setting exists between two
wheels, when both wheels are effective, the effective
sum of the lugs (kick) from each wheel is reduced by the
amount of the overlap. For the above example, Wheel #1
with six lugs and Wheel #2 with four lugs , if there was
an overlap of one lug, with both wheels effective the
sum of the lugs between the two wheels is 9 not 10.
So our equation becomes z <= x + y.

ANALYSIS OF A THREE-WHEEL CSP 1500 CIPHER MACHINE

Given the cryptogram below and the known beginning

MESSAGE followed by a number, with known wheels of 17,
19, and 21:

U B I M G Z V M H Z H O A H M L A T H Z
T V B I H H A R Q A I M R S Z P M S C F
L H H B Z N N B Q B G T S Q V T B H G H

We start with the word MESSAGE, and Z's at end of

cryptogram.

plain : m e s s a g e Z - z z z z
cipher : U B I M G Z V M T B H G H
key : 7 6 1 5 7 6 0 12 - 1 7 6 7

We also know that the number of the message is 16, so:

plain : s i x t e e n z
cipher : H Z H O A H M L
key : 0 8 5 8 5 12 0 11

We have identified eight numbers comprising the keying

sequence: 0 1 5 6 7 8 11 12. We can deduce that one
wheel has numbers 0 1, another 0 5 and the third wheel 0
7. It appears that there is an overlap of one lug
between the wheel with five lugs and the wheel with
seven lugs; thus 5 + 7= 11 and 1 + 5 + 7 = 12 fitting
perfectly the actual key. We show the overlap as:

|-1-|
1 5 7

To complete the solution we must still:

(1) Determine to which wheel the known lug settings

apply.

(2) Determine the pin-settings of the three wheels.

(3) Read the text.

We "lay out" the message showing the overlaps and

wheels:

Plain : m e s s a g e z s i x t e e n z
Cipher : U B I M G Z V M H Z H O A H M L A T
Key : 7 6 1 5 7 6 0 12 0 8 5 8 5 12 0 11
----------------------------------------
Wheel 17: ]
Wheel 19:
Wheel 21:
----------------------------------------
1 2 3 4 5 6 7 8 9 10 . . . . 15 . . 18

H Z T V B I H H A R Q A I M R S Z P M S C F L

---------------------------------------------
Wheel 17: ]
Wheel 19: ] ]
Wheel 21: ]
----------------------------------------------
. 20. . . . 25. . . . 30. . . . . 35. . . 40 .

Z Z Z
H H B Z N N B Q B G T S Q V T B H G H
7 6 7
-------------------------------------
Wheel 17: ]
Wheel 19:
Wheel 21: ] ]
-------------------------------------
. . .45 . . . .50 . . . . 55 . . . . 60

The brackets show the repeats for the wheels. Now, we

see that pins 1-3 and 58-60 have been enciphered with
the same pins of wheel 19. Letters in positions 1,18,35,
and 52 have been enciphered with the key generated with
the same pin of wheel length 17.
Position 3, with the key of 1, position 60 with its key
of 7 provide evidence that wheel length 19 must have
five lugs because:

(1) Positions 3 and 60 of Wheel length 19 are enciphered

with the same pin; there is a multiple of 19
positions between them.

(2) The pin of Wheel length 19 in both positions 3 and

60 must be non-effective, since an effective pin
could not contribute to both a 1 and a 7 generated
key; so keys of 1 and 7 can only arise from two
different single effective wheels, in one case a
single wheel with one lug and in the other case a
different single wheel with seven lugs.

(3) Since wheel length 19 is non-effective in position

3, then either wheel length 17 or 21 but not in
both, must be effective with one lug in order to
give rise to a key of 1 in that position.

(4) Same thing is true at position 60, either wheel

length 17 or wheel length 21 but not both must be
effective with seven lugs to give rise to the key of
seven in this position.

(5) Logically, with wheel lengths of one and seven

divided between wheel 17 and 21, wheel length 19
must contain five lugs.

This type of reasoning works to find the number of lugs

on wheels 17 and 21:

(1) Positions 7 and 58 are enciphered with the same pin

of wheel length 17.

(2) That pin must be ineffective because the total

generated key in position 7 is 0.

(3) Since the pin in 58 is ineffective, and wheel length

19 has 5 lugs, the key for 7 in position 58 can only
come from wheel length 21 being effective with 7
lugs.

(4) Since wheel length 19 having five lugs and the wheel
length 21 has seven lugs, wheel length 17 must
contain one lug.

We now know the number of lugs on each wheel known, the

effectiveness of the pins recovered generated key can be
determined as follows:

Plain : m e s s a g e z s i x t e e n z
Cipher : U B I M G Z V M H Z H O A H M L A T
Key : 7 6 1 5 7 6 0 12 0 8 5 8 5 12 0 11
----------------------------------------
Wheel 17: 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 0 ]
Wheel 19: 0 5 0 5 0 5 0 5 0 0 5 0 5 5 0 5
Wheel 21: 7 0 0 0 7 0 0 7 0 7 0 7 0 7 0 7
----------------------------------------
1 2 3 4 5 6 7 8 9 10 . . . . 15 . . 18

H Z T V B I H H A R Q A I M R S Z P M S C F L

---------------------------------------------
Wheel 17: ]
Wheel 19: ] ]
Wheel 21: ]
---------------------------------------------
. 20. . . . 25. . . . 30. . . . . 35. . . 40.

Z Z Z
H H B Z N N B Q B G T S Q V T B H G H
7 6 7
--------------------------------------
Wheel 17: ] 0 1 0
Wheel 19: ]0 5 0
Wheel 21: ] 7 0 7
--------------------------------------
. . .45 . . . .50 . . . . 55 . . . .60

The logic holds that generated keys can only arise if a

certain wheel or wheels are effective and other wheels
are non-effective. Remember there is an overlap effect
between wheels lengths 19 and 21. If both wheels are
effective, their joint effectiveness is 5 + 7 -1 =11.
When all three wheels are effective, the resulting keys
is 1 + 5 + 7 - 1 = 12.

With the effectiveness of the pins determined, we mark

the message:

Plain : m e s s a g e z s i x t e e n z (a)(r)
Cipher : U B I M G Z V M H Z H O A H M L A T
Key : 7 6 1 5 7 6 0 12 0 8 5 8 5 12 0 11
----------------------------------------
Wheel 17: 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 0 ]0
Wheel 19: 0 5 0 5 0 5 0 5 0 0 5 0 5 5 0 5
Wheel 21: 7 0 0 0 7 0 0 7 0 7 0 7 0 7 0 7
----------------------------------------
1 2 3 4 5 6 7 8 9 10 . . . . 15 . . 18

(t)(i)(L)L E R Y Z F I R E Z S T I L L Z ? E A S
H Z T V B I H H A R Q A I M R S Z P M S C F L

---------------------------------------------
Wheel 17: 1 1 0 0 1 0 1 0 1 0 1 0 1 0 0 -]0 1 1 0 0 1 0
Wheel 19: ]0 5 0 5 0 5 0 5 0 0 5 0 5 5 0 5 ? ? ?]0 5 0
Wheel 21: ]7 0 0 0 7 0 0 7 0 7 0 7 0 7 0 7 ? 7 0 7
---------------------------------------------
 . 20. . . . 25. . . . 30. . . . . 35. . . 40.

E Z E A S T Z O F Z R I V E R Z Z Z
H H B Z N N B Q B G T S Q V T B H G H
7 6 7
--------------------------------------
Wheel 17: 1 0 1 0 1 0 1 0 0 1]0 1 1 0 0 1 0 1 0
Wheel 19: 5 0 5 0 5 0 0 5 0 5 5 0 5 0 5 -]0 5 0
Wheel 21: -]7 0 0 0 7 0 0 7 0 7 0 7 0 7 0 7 0 7
--------------------------------------
. . .45 . . . .50 . . . . 55 . . . .60

At this point, identified pins fill most of the spaces

in the subject message. The student needs to confirm the
above and fill in the rest.

ANALYSIS OF A FOUR-WHEEL CSP 1500 CIPHER MACHINE

We now turn our attention to the use of frequency

considerations rather that the probable word method or
use of a stereotyped beginning. I will bypass the
standard five letter groupings and write the sample
cryptogram in a period of 17 columns. Each column
represents those letters enciphered with the same pin
setting of wheel length 17. We assume that the 770
letter cryptogram is 128 words long with word sizes
about 6 letters long. The pin of wheel length 17 is
either effective or non-effective. Thus the 17 columns
in effect represent two classes of columns, those
columns with effective pins on wheel length 17 and those
columns with non-effective pins on wheel length 17
[Hereafter designated group a and group b.]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

N G A P Y Z A T P X H C I R F S P
B K M F J R M H J O F C N J E V V
O Q D M W E T Q P V Q T B Q I M L
G O M J H D A U G V I A X V N H K
W H O B E S V B I Q I E N I X A T
C H H R D R L G V M X X J N M G U
A B D V I H B R D M B N D R M F A
W X V I Z V O C F I M L X S Q O P
Q U X D K W V W I R R R A C L O W
A R P X B A T Y B D T Z J F A T R
X V D Z K I M O N N X Y P U R Z W
G L R C S B R M L W I T J F R O K
A X D K Q A S D H X U T W B W J N
Q A Y A F B H Q P D P S F G S H Q
H A O I D N J F G Z D T Y U D A J
F A R L Z P W L H N I Q I H I O Q
J N F C M G Q L D J C E O O P Y Q
R U P R L V V Q K Y D H J N S E Q
F Y X D L E V K J M Q O E B C O J
G M I T Y I P H P N O F C P N V I
A K U J R H X U M M O P B G N Y Z
X A P M X V F W G I C G N J I V X
A M E M Q W Y F B R H D A V E J E
R V S Y V A L W X S J L P R W A A
O L L L H P Y L V Y I L U K O B Z
M K U Y D H H J I D D Z T A Z T G
K Q H A R H L Q F Y E Y V T M H P
I Y W O J Q U M D S X L S B W K N
K I U L W K J Y H S N M N H I C J
N L M F D F J U R D Q S P Z Y J E
U N W L U G S M I D X Y D Y J L I
P V X I T S K B V D C D N M Y B C
P U N X R Z Q V Z B K Y L A J C X
R A B X V X F V D M J U Y U U A O
U E Q O U A G J R T Q D S D E D A
M K N P V L B V D P M Y H T A Q H
B Z V Y N B M V K B Y N M J L R I
T W Y E M R C A Q A I R O J T M B
P D I V J Q U A G L S V V L U O J
M W R L M W J D U U K I N O A M C
H P T N S E L L J E O L F K I O B
I G K R T R B J U S H U F A Y B B
A S D V J B V Y Q D Q E C J C A F
E K T Z M A H E I D D S H P C X B
G V H L M L D E G T M E Z L I B N
V P D N D.

MONOALPHABETS

We see the pattern of monoalphabetic substitutions which

combine as we increase the number of wheels:

Number of Number of Monoalphabetic

Wheels Substitutions which Combine

1 2
2 4
3 8
4 16
5 32
6 64

Of the 16 alphabets that are available with four wheels,

we have two distinct types:

(1) Letters within columns where the pins of wheel

length 17 are non effective are enciphered as the
result of the other three wheels generating 8
Beaufort cipher alphabets. For these letters wheel
length 17 doesn't exist.
(2) Letters within columns where the pins of wheel
length 17 are effective are enciphered as the
result of the other three wheels generating 8
Beaufort cipher alphabets plus a constant
effectiveness of wheel length 17.

Remembering our statistics Lecture 15, by matching

frequency distributions of each of the 17 columns we
attempt to divide the columns into their two classes.
Success depends on a sufficient number of letters within
the column to provide the differentiation required
between polyalphabeticity within one class of eight
alphabets and a different eight alphabets of another.
The frequency distributions of each column are straight
forward and are left for my students, if required.

Our key test is the Chi test, or cross product sum test
defined by Solomon Kullback. [KULL] As a refresher,
I will use the first two distributions:

A B C D E F G H I J K L M
-------------------------
Frequency Distribution #1 6 2 1 1 2 4 2 2 4 2 3
Frequency Distribution #1 5 1 1 1 2 2 1 5 3 2
-------------------------
30 2 1 8 4 2 10 6

N O P Q R S T U V W X Y Z
-------------------------
2 2 3 2 3 1 2 1 2 2
2 1 2 2 1 1 3 4 3 2 1 1
-------------------------
4 2 6 4 3 6 4 6 4

Chi test (#1 and #2) = Sum of cross-products

---------------------
N1 x N2

= 102 / 2116 = 0.048

where:
N1 x N2 = 46 x 46 = 2116
Sum of cross-products =
30+2+1+8+4+2+10+6+4+2+6+4+3+6+4+6+4 = 102

Likewise, we can make Chi tests on each pair of

frequency distributions -- the partial results are as
follows:

#1 + #2 = 0. 048 #1 + #3 = 0.037 #1 + #4 = 0.034

#1 + #5 = 0. 030 #1 + #6 = 0.048 #1 + #7 = 0.036
#1 + #8 = 0. 036 #1 + #9 = 0.042 #1 + #10= 0.030
#1 + #11= 0. 037 #1 + #12= 0.026 #1 + #13= 0.037
#1 + #14= 0. 043 #1 + #15= 0.039 #1 + #16= 0.045
#1 + #17= 0. 044
-------------------------------------------------------
#2 + #3 = 0. 039 #2 + #4 = 0.040 #2 + #5 = 0.037
#2 + #6 = 0. 048 #2 + #7 = 0.043 #2 + #8 = 0.044
#2 + #9 = 0. 039 #2 + #10= 0.034 #2 + #11= 0.031
#2 + #12= 0. 032 #2 + #13= 0.033 #2 + #14= 0.039
#2 + #15= 0. 035 #2 + #16= 0.039 #2 + #17= 0.040

and so forth for all the columns. [BARK]

The above 17(17-1) /2 = 136 Chi test results indicate

the degree of likelihood that matched pairs of frequency
distributions are from the same class of "eight-alphabet
polyalphabeticity". The larger the value of the result,
the more likely the pair of distributions come from the
same class; the lower the result, the less likely it is
that the pairs are of the same class.

[BARK] presents a tabulation of the results:

(1) the three lowest results are 0.026, 0.027, and

0.028.

(2) the three highest results are 0.054, 0.057, and

0.058.

(3) the average or median result is 0.039.

Based on these results, we can say that a result less

than 0. 039 is more likely to be an incorrect match, and
a result larger than 0.039 is likely to be a correct
match. We will assume the validity of (1) and (2).

We start off with the following results:

Correct Match Incorrect Match

------------- ---------------
#7 + #8 = 0.054 #1 + #12= 0.026
#5 + #10= 0.057 #12+ #17= 0.027
#3 + #10= 0.058 #10+ #17= 0.028

We conclude that:

(1) #7 and #8 are in the same class.

(2) #1 and #17 are in the same class.
(3) #3, #5, #10 and #12 are in the same class.
(4) #1 and #17 are not in the same class #3, #5, #10,
and #12.

We label the first group as Class A and the second as

Class B.
We compare frequency distributions across the board and
find quickly the following separations:

Class A Class B

1 3
2 4
6 5
7 10
8 11
14 12
16 15
17

In some of the cases, it was necessary to compute an

average Chi test for each class and compare the "closer"
frequency distributions to it as well as the outlying
statistics. We are able to divide 15 of 17 pins on
wheel length 17 into two arbitrary classes A and B. One
of the classes represents the effective pins and the
other represents the non-effective pins. Using a
lowercase 'a' and 'b' we return to the cryptogram and
identify the individual letters. Here is the
tabulation:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Na Ga Ab Pb Yb Za Aa Ta P Xb Hb Cb I Ra Fb Sa Pa
Ba Ka Mb Fb Jb Ra Ma Ha J Ob Fb Cb N Ja Eb Va Va
Oa Qa Db Mb Wb Ea Ta Qa P Vb Qb Tb B Qa Ib Ma La
Ga Oa Mb Jb Hb Da Aa Ua G Vb Ib Ab X Va Nb Ha Ka
Wa Ha Ob Bb Eb Sa Va Ba I Qb Ib Eb N Ia Xb Aa Ta
Ca Ha Hb Rb Db Ra La Ga V Mb Xb Xb J Na Mb Ga Ua
Aa Ba Db Vb Ib Ha Ba Ra D Mb Bb Nb D Ra Mb Fa Aa
Wa Xa Vb Ib Zb Va Oa Ca F Ib Mb Lb X Sa Qb Oa Pa
Qa Ua Xb Db Kb Wa Va Wa I Rb Rb Rb A Ca Lb Oa Wa
Aa Ra Pb Xb Bb Aa Ta Ya B Db Tb Zb J Fa Ab Ta Ra
Xa Va Db Zb Kb Ia Ma Oa N Nb Xb Yb P Ua Rb Za Wa
Ga La Rb Cb Sb Ba Ra Ma L Wb Ib Tb J Fa Rb Oa Ka
Aa Xa Db Kb Qb Aa Sa Da H Xb Ub Tb W Ba Wb Ja Na
Qa Aa Yb Ab Fb Ba Ha Qa P Db Pb Sb F Ga Sb Ha Qa
Ha Aa Ob Ib Db Na Ja Fa G Zb Db Tb Y Ua Db Aa Ja
Fa Aa Rb Lb Zb Pa Wa La H Nb Ib Qb I Ha Ib Oa Qa
Ja Na Fb Cb Mb Ga Qa La D Jb Cb Eb O Oa Pb Ya Qa
Ra Ua Pb Rb Lb Va Va Qa K Yb Db Hb J Na Sb Ea Qa
Fa Ya Xb Db Lb Ea Va Ka J Mb Qb Ob E Ba Cb Oa Ja
Ga Ma Ib Tb Yb Ia Pa Ha P Nb Ob Fb C Pa Nb Va Ia
Aa Ka Ub Jb Rb Ha Xa Ua M Mb Ob Pb B Ga Nb Ya Za
Xa Aa Pb Mb Xb Va Fa Wa G Ib Cb Gb N Ja Ib Va Xa
Aa Ma Eb Mb Qb Wa Ya Fa B Rb Hb Db A Va Eb Ja Ea
Ra Va Sb Yb Vb Aa La Wa X Sb Jb Lb P Ra Wb Aa Aa
Oa La Lb Lb Hb Pa Ya La V Yb Ib Lb U Ka Ob Ba Za
Ma Ka Ub Yb Db Ha Ha Ja I Db Db Zb T Aa Zb Ta Ga
Ka Qa Hb Ab Rb Ha La Qa F Yb Eb Yb V Ta Mb Ha Pa
Ia Ya Wb Ob Jb Qa Ua Ma D Sb Xb Lb S Ba Wb Ka Na
Ka Ia Ub Lb Wb Ka Ja Ya H Sb Nb Mb N Ha Ib Ca Ja
Na La Mb Fb Db Fa Ja Ua R Db Qb Sb P Za Yb Ja Ea
Ua Na Wb Lb Ub Ga Sa Ma I Db Xb Yb D Ya Jb La Ia
Pa Va Xb Ib Tb Sa Ka Ba V Db Cb Db N Ma Yb Ba Ca
Pa Ua Nb Xb Rb Za Qa Va Z Bb Kb Yb L Aa Jb Ca Xa
Ra Aa Bb Xb Vb Xa Fa Va D Mb Jb Ub Y Ua Ub Aa Oa
Ua Ea Qb Ob Ub Aa Ga Ja R Tb Qb Db S Da Eb Da Aa
Ma Ka Nb Pb Vb La Ba Va D Pb Mb Yb H Ta Ab Qa Ha
Ba Za Vb Yb Nb Ba Ma Va K Bb Yb Nb M Ja Lb Ra Ia
Ta Wa Yb Eb Mb Ra Ca Aa Q Ab Ib Rb O Ja Tb Ma Ba
Pa Da Ib Vb Jb Qa Ua Aa G Lb Sb Vb V La Ub Oa Ja
Ma Wa Rb Lb Mb Wa Ja Da U Ub Kb Ib N Oa Ab Ma Ca
Ha Pa Tb Nb Sb Ea La La J Eb Ob Lb F Ka Ib Oa Ba
Ia Ga Kb Rb Tb Ra Ba Ja U Sb Hb Ub F Aa Yb Ba Ba
Aa Sa Db Vb Jb Ba Va Ya Q Db Qb Eb C Ja Cb Aa Fa
Ea Ka Tb Zb Mb Aa Ha Ea I Db Db Sb H Pa Cb Xa Ba
Ga Va Hb Lb Mb La Da Ea G Tb Mb Eb Z La Ib Ba Na
Va Pa Db Nb Db.

We now examine Wheel length 19. We keep the designations

of class throughout our investigation and rewrite the
cryptogram 'in depth' of wheel length 19.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

Na Ga Ab Pb Yb Za Aa Ta P Xb Hb Cb I Ra Fb Sa Pa Ba Ka
Mb Fb Jb Ra Ma Ha J Ob Fb Cb N Ja Eb Va Va Oa Qa Db Mb
Wb Ea Ta Qa P Vb Qb Tb B Qa Ib Ma La Ga Oa Mb Jb Hb Da
Aa Ua G Vb Ib Ab X Va Nb Ha Ka Wa Ha Ob Bb Eb Sa Va Ba
I Qb Ib Eb N Ia Xb Aa Ta Ca Ha Hb Rb Db Ra La Ga V Mb
Xb Xb J Na Mb Ga Ua Aa Ba Db Vb Ib Ha Ba Ra D Mb Bb Nb
D Ra Mb Fa Aa Wa Xa Vb Ib Zb Va Oa Ca F Ib Mb Lb X Sa
Qb Oa Pa Qa Ua Xb Db Kb Wa Va Wa I Rb Rb Rb A Ca Lb Oa
Wa Aa Ra Pb Xb Bb Aa Ta Ya B Db Tb Zb J Fa Ab Ta Ra Xa
Va Db Zb Kb Ia Ma Oa N Nb Xb Yb P Ua Rb Za Wa Ga La Rb
Cb Sb Ba Ra Ma L Wb Ib Tb J Fa Rb Oa Ka Aa Xa Db Kb Qb
Aa Sa Da H Xb Ub Tb W Ba Wb Ja Na Qa Aa Yb Ab Fb Ba Ha
Qa P Db Pb Sb F Ga Sb Ha Qa Ha Aa Ob Ib Db Na Ja Fa G
Zb Db Tb Y Ua Db Aa Ja Fa Aa Rb Lb Zb Pa Wa La H Nb Ib
Qb I Ha Ib Oa Qa Ja Na Fb Cb Mb Ga Qa La D Jb Cb Eb O
Oa Pb Ya Qa Ra Ua Pb Rb Lb Va Va Qa K Yb Db Hb J Na Sb
Ea Qa Fa Ya Xb Db Lb Ea Va Ka J Mb Qb Ob E Ba Cb Oa Ja
Ga Ma Ib Tb Yb Ia Pa Ha P Nb Ob Fb C Pa Nb Va Ia Aa Ka
Ub Jb Rb Ha Xa Ua M Mb Ob Pb B Ga Nb Ya Za Xa Aa Pb Mb
Xb Va Fa Wa G Ib Cb Gb N Ja Ib Va Xa Aa Ma Eb Mb Qb Wa
Ya Fa B Rb Hb Db A Va Eb Ja Ea Ra Va Sb Yb Vb Aa La Wa
X Sb Jb Lb P Ra Wb Aa Aa Oa La Lb Lb Hb Pa Ya La V Yb
Ib Lb U Ka Ob Ba Za Ma Ka Ub Yb Db Ha Ha Ja I Db Db Zb
T Aa Zb Ta Ga Ka Qa Hb Ab Rb Ha La Qa F Yb Eb Yb V Ta
Mb Ha Pa Ia Ya Wb Ob Jb Qa Ua Ma D Sb Xb Lb S Ba Wb Ka
Na Ka Ia Ub Lb Wb Ka Ja Ya H Sb Nb Mb N Ha Ib Ca Ja Na
Na La Mb Fb Db Fa Ja Ua R Db Qb Sb P Za Yb Ja Ea Na Wb
Lb Ub Ga Sa Ma I Db Xb Yb D Ya Jb La Ia Pa Va Xb Ib Tb
Sa Ka Ba V Db Cb Db N Ma Yb Ba Ca Pa Ua Nb Xb Rb Za Qa
Va Z Bb Kb Yb L Aa Jb Ca Xa Ra Aa Bb Xb Vb Xa Fa Va D
Mb Jb Ub Y Ua Ub Aa Oa Ua Ea Qb Ob Ub Aa Ga Ja R Tb Qb
Db S Da Eb Da Aa Ma Ka Nb Pb Vb La Ba Va D Pb Mb Yb H
Ta Ab Qa Ha Ba Za Vb Yb Nb Ba Ma Va K Bb Yb Nb M Ja Lb
Ra Ia Ta Wa Yb Eb Mb Ra Ca Aa Q Ab Ib Rb O Ja Tb Ma Ba
Pa Da Ib Vb Jb Qa Ua Aa G Lb Sb Vb V La Ub Oa Ja Ma Wa
Rb Lb Mb Wa Ja Da U Ub Kb Ib N Oa Ab Ma Ca Ha Pa Tb Nb
Sb Ea La La J Eb Ob Lb F Ka Ib Oa Ba Ia Ga Kb Rb Tb Ra
Ba Ja U Sb Hb Ub F Aa Yb Ba Ba Aa Sa Db Vb Jb Ba Va Ya
Q Db Qb Eb C Ja Cb Aa Fa Ea Ka Tb Zb Mb Aa Ha Ea I Db
Db Sb H Pa Cb Xa Ba Ga Va Hb Lb Mb La Da Ea G Tb Mb Eb
Z La Ib Ba Na Va Pa Db Nb Db.

Each of the above 19 columns represent letters which are

enciphered with the same pin-setting of Wheel length 19.
8 different alphabets are represented. We have ident-
ified two groups. In any column, all letters followed by
an a have been enciphered with both the same pin setting
of wheel length 19 causing these letters to result from
only 4 alphabets. The same holds true of letters with
the 'b' designation. Note that the polyalphabeticity
comes from the remaining two wheels of lengths 21 and
23.

We repeat the process of making frequency distributions

of the columns (in this case length 19), then using the
Chi test we re-divide the 19 columns into two groups, a
Class C and Class D. [BARK] describes a shortcut using
the sum of the cross products and lesser tests. I do not
agree with the procedure because it lacks the rigor of
the full Chi test.

The results show that wheel 19 has at minimum 10

identified distributions:

Class C Class D
1 3
2 4
5 9
6
7
8
10

LUGS

Consider the multiple alphabets generated by four wheels

with respective lug-settings, for example, of 5, 4, 3,
and 1:

Wheel No of Lugs Different keys Generated

----- ---------- ------------------------
1 5 0 5
2 4 0 5 + 4 9
3 3 0 5 4 9 + 3 8 7 12
4 1 0 5 4 9 3 8 7 12 + 1 6 5 10 4
8 13

The plus sign represents the additional keys generated

by the additional wheel.
Consider the Class A and B sets on the Wheel 17.
One class of the two pairs of alphabets must have a 0
for the non-effectiveness pin. The second set of eight
alphabets is the same as the first plus a number
representing the number of lugs on the wheel.

We know that the ciphertext letters A and V represent Z

and E and the class with the number 0 will have a higher
frequency distribution. In our example, class A has a
large number of A's and V's. We can superimpose the
class B distribution over the A distribution to get the
number of lugs because Class A + the number of lugs
equals Class B. Our shift was three spaces to the right
representing 3 lugs on wheel 17.

The same analysis and superimposition holds true for

wheel 19. The four classes have the following keys:

A = 0 5 4 9 + 3 8 7 12
B = 1 6 5 10 + 4 9 8 13
C = 0 5 4 9 + 1 6 5 10
D = 3 8 7 12 + 4 9 8 13

An unknown ciphertext letter, if found to be in both

Class A and Class C, its key will be one of the four, 0
5 4 9. Similarly, a ciphertext letter known to be in
Class B and Class D will have keys of 4 9 8 13.

ANALYSIS OF A SIX-WHEEL CSP 1500 CIPHER MACHINE

Barkers analysis of the five-wheel CSP 1500 does not add

to our knowledge but confirms that the computer is
required for further resolution of the 32 alphabets
presented. He also details the lug logic demonstrated in
the previous case. [BARK]

We have at last arrived at the problem of solving a six-

wheel Hagelin Cryptograph. Before we discuss the general
solution, we will look at two common "assists" that
occurred in the field in WWII. In Special Case 1, we
will have the advantage of knowing the initial wheel-
settings of the messages. In Special Case 2, we will
take advantage of a 'stagger'. We first looked at the
'stagger' in Lecture 12.

Special Case 1 - Indicators are Unenciphered.

>From unenciphered indicators we shall derive exactly

what portion of the keying sequence, running from 1 to
101405850, have been used to encipher given messages.

Given: 3 messages selected from a large traffic base,

starting with the word Message, followed by a number and
the word STOP.

We also know that the first two five-letter groups are

the indicator groups where:

(1) The first six letters represent the unenciphered

initial settings of the six Hagelin wheels used to
encipher the message.
(2) The seventh through tenth letters indicate the
number of letters in the message, where A=1, B=2,
C=3, etc.; in message 1 the letters are J J I E,
or 0 0 9 5, meaning the message 1 count is 95
letters.

No. 1

J Y B T M H J J I E A I W I Z U Q I Y Q
E W A R N S A U Y Q D U L J M V O H B L
H K R M I L W G Z W F C V F Q F O T G K
F O Y G R P M Z I Z M J W Z T W I B C L
F X X E S M V S S A H F X X P B J D H R
A J B Q P.

No. 2

O E J I F E J J G J R M S U E P T E G B
N R Q X Q R P A Y U G Y A F R Y J E M M
M U A F M X T I M Q P W P H W P K J X J
F L H F D J R X P T J E Z G S R C G W K.

No. 3

W L O L G D J J I E E N R W T K F S Q D
F W Q G X D V Z L X W X F N K E H F V F
L U L C I V Y P O M X A F R J Y R M V J
N F X E K T K K O C W B Y G N J U H F E
H D B E W M S O U W W P C D G S R D W L
A Z E A A.

The message indicators representing the initial wheel

settings of the messages are:

No. 1 - J Y B T M H
No. 2 - O E J I F E
No. 3 - W L O L G D

The first letter of the indicator represents the wheel-

setting of Wheel Length 26, the second letter represents
the wheel-setting of wheel 25, etc.

The six wheel lengths of 26, 25, 23, 21, 19 and 17

represent 26 x 25 x 23 x 21 x 19 x 17 = 101,405,850
possible different starting points for the encipherment
(decipherment) of messages. Each starting point is
represented by different initial setting of the six
wheels; and as the six wheels turn in progression,
letters are enciphered (or deciphered) at progressive
points along the generated key which is 101,405,850
positions in length.

First, we convert the above literal indicators into

successive numerical indicators; that is, we want to
convert the wheel-setting AAAAAA, for example into 1,
the wheel setting BBBBBB into 2, CCCCCC into 3...ZZXUSQ
into 101,405,850. We are looking for the successive
numerical indicators along the total generated key for
the messages enciphered.

The process (which is easily computerized) is:

(1) Replace the letters with there positional

equivalents below -

Wheel Length

26 25 23 21 19 17
-- -- -- -- -- --
A = 1 A = 1 A = 1 A = 1 A = 1 A = 1
B = 2 B = 2 B = 2 B = 2 B = 2 B = 2
C = 3 C = 3 C = 3 C = 3 C = 3 C = 3
D = 4 D = 4 D = 4 D = 4 D = 4 D = 4
E = 5 E = 5 E = 5 E = 5 E = 5 E = 5
F = 6 F = 6 F = 6 F = 6 F = 6 F = 6
G = 7 G = 7 G = 7 G = 7 G = 7 G = 7
H = 8 H = 8 H = 8 H = 8 H = 8 H = 8
I = 9 I = 9 I = 9 I = 9 I = 9 I = 9
J = 10 J = 10 J = 10 J = 10 J = 10 J = 10
K = 11 K = 11 K = 11 K = 11 K = 11 K = 11
L = 12 L = 12 L = 12 L = 12 L = 12 L = 12
M = 13 M = 13 M = 13 M = 13 M = 13 M = 13
N = 14 N = 14 N = 14 N = 14 N = 14 N = 14
O = 15 O = 15 O = 15 O = 15 O = 15 O = 15
P = 16 P = 16 P = 16 P = 16 P = 16 P = 16
Q = 17 Q = 17 Q = 17 Q = 17 Q = 17 Q = 17
R = 18 R = 18 R = 18 R = 18 R = 18
S = 19 S = 19 S = 19 S = 19 S = 19
T = 20 T = 20 T = 20 T = 20
U = 21 U = 21 U = 21 U = 21
V = 22 V = 22 V = 22
W = 23 X = 23 X = 23
X = 24 Y = 24
Y = 25 Z = 25
Z = 26

The three indicators become:

No. 1 - J Y B T M H = 10 24 2 20 13 8
No. 2 - O E J I F E = 15 5 10 9 6 5
No. 3 - W L O L G D = 23 12 15 12 7 4

(2) We multiply each number obtained by a constant, for

each position of the indicator and obtain the sum of
the multiplications, as follows:

No. 1

10 x 89705175 = 897051750
24 x 56787276 = 1362894624
2 x 92587950 = 185175900
20 x 82090450 = 1641809000
13 x 42697200 = 555063600
8 x 41755350 = 334042800
----------
4976037674

No. 2

15 x 89705175 = 1345577625
5 x 56787276 = 283936380
10 x 92587950 = 925879500
9 x 82090450 = 738814050
6 x 42697200 = 256183200
5 x 41755350 = 208776750
----------
3759167505

No. 3

23 x 89705175 = 2063219025
12 x 56787276 = 681447312
15 x 92587950 = 1388819250
12 x 82090450 = 985085400
7 x 42697200 = 298880400
4 x 41755350 = 167021400
----------
5584472787

The constants used for multiplication apply only to the

Model Type CSP 1500. A machine with other wheels will
have different constants. Determining these constants is
an exercise in solving simultaneous congruences. Chapter
V of "Recreations in the Theory of Numbers - The Queen
of Mathematics Entertains" by Albert H. Beiler (Dover)
1977 presents a good elementary overview of the theory
involved.

(3)

The third step to obtain the desired successive

numerical indicators is to divide the sums of the
multiplications by 26 x25 x 23 x 21 x 19 x 17 =
101405850. The remainders of the divisions will be the
successive numerical indicators.

No. 1

4976037674
---------- = 49 + 7151024 No. 1 = 7151024
101405850

No. 2
 3759167505
---------- = 37 + 7151055 No. 2 = 7151055
101405850

No. 3

5584472787
---------- = 55 + 7151037 No. 3 = 7151037
101405850

Since the above successive indicators are so close

together, we immediate suspect that we are fortunate
enough to have what is termed as an overlap. An overlap
exists when two messages have been enciphered with the
same generated key. In this example we have three
messages overlapping.

STRIPPING OFF THE GENERATED KEY

We prepare a worksheet with the messages "in depth", and

knowing that the messages start with the word MESSAGE,
we are able to "strip off" some of the generated key as
follows:

Pos: 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
Key: 13 13 15 1* 0* 1* 21 8 17 18 10 15 20 17 10 18
No.1: A I W I Z U Q I Y Q E W A R N S A U Y Q D
m e s s a g e z z e r o z s t o

No. 3: E N R W T K F S
m e s s a g e z

-------------------------------------------------------------------
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
4 17 11 13 5 22 24 4
U L J M V O H B L H K R M I L W G Z W F C V F Q
t z y e t z r e

No. 2: R M S U E P T E G B N R Q X
m e s s a g e z

Q D F W Q G X D V Z L X W X F N K E H F V F L U
s t o p z i n z

-----------------------------------------------------------------------
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92

F O T G K F O Y G R P M Z I Z M J W Z T W I B C
Q R P A Y U G Y A F R Y J E M M M U A F M X T I

L C I V Y P O M X A F R J Y R M V J N F X E K T

*In the generated key a 0 might also be a 26; and a 1 might be a 27.

----------------------------------------------------------------------

93 94 95 96 97 98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16

L F X X E S M V S S A H F X X P B J D H R A J B

M Q P W P H W P K J X J F L H F D J R X P T J E

K K O C W B Y G N J U H F E H D B E W M S O U W

-----------------------------------------------------------------------

17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Q P.

Z G S R C G W K.

W P C D G S R D W L A Z E A A.

-----------------------------------------------------------------------

In is evident that the messages are correctly aligned "in depth"

and portions of the generated key so far recovered or "stripped off"
are correct. We can try probable words in one message and confirm the
text in another message. Message No. 3 numbers will occur in positions
45 through 54; numbers also will follow the word Message in message No.
2.

PIN AND LUG SETTINGS

It is instructive to attempt a further solution by rec-

overing the pin and lug settings as follows:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
13 13 15 1 0 1 21 8 - - - - 0 17 18 10 15 20 17 10 18 10 11 23 1
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
21 6 12 17 0 25 4 17 11 13 5 22 24 4 25 10 11 17 10 20 5 17 8 20 13

51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75
10 6 12 15 5 22 12 14 17 11 12 13 14 20 6 15 8 19 7 17 10 15 15 9 22

76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
12 15 7 18 9 21 5 22 12 10 19 6 16 12 10 19 10 8 21 15 11 22 6 6 22

101 102 103 104 105 106 107 108

10 23 5 9 21 9 0 0

We look for the wheel with the most lugs. We start with
wheel 17 and write it out in length 17.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
--------------------------------------------------
13 13 15 1 0 1 21 8 - - - - 0 17 18 10 15
20 17 10 18 10 11 23 1 21 6 12 17 0 25 4 17 11
13 5 22 24 4 25 10 11 17 10 20 5 17 8 20 13 10
6 12 15 5 22 12 14 17 11 12 13 14 20 6 15 8 19
7 17 10 15 15 9 22 12 15 7 18 9 21 5 22 12 10
19 9 16 12 10 19 10 8 21 15 11 22 6 6 22 10 23
5 9 21 9 0 0

Note column 14. If wheel 17 contains seven lugs, with a

total of 25 in the column, the pin of wheel length 17 is
effective, and there must be a total of 5 within the same
column, so there cannot be more than 5 lugs on wheel 17.
We can look at wheel 19.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
-------------------------------------------------------
13 13 15 1 0 1 21 8 - - - - 0 17 18 10 15 20 17
10 18 10 11 23 1 21 6 12 17 0 25 4 17 11 13 5 22 24
4 25 10 11 17 10 20 5 17 8 20 13 10 6 12 15 5 22 12
14 17 11 12 13 14 20 6 15 8 19 7 17 10 15 15 9 22 12
15 7 18 9 21 5 22 12 10 19 9 16 12 10 19 10 8 21 15
11 22 6 6 22 10 23 5 9 21 9 0 0

Columns 2 and 3 suggest that wheel length 19 has 7 lugs

+ or - 2. Making this assumption, we can identify the
effective (+) and non-effective pins (-) based on the
assumption that < 7 is non-effective and > than 22
is certainly effective. The ambiguous columns are
resolved. We have:

- + - - + - + - + - - - + +
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
-------------------------------------------------------
13 13 15 1 26 1 21 8 - - - - 0 17 18 10 15 20 17
10 18 10 11 23 1 21 6 12 17 0 25 4 17 11 13 5 22 24
4 25 10 11 17 10 20 5 17 8 20 13 10 6 12 15 5 22 12
14 17 11 12 13 14 20 6 15 8 19 7 17 10 15 15 9 22 12
15 7 18 9 21 5 22 12 10 19 9 16 12 10 19 10 8 21 15
11 22 6 6 22 10 23 5 9 21 9 26 0
 In a similar fashion, we do the other 4 wheels. We find that
wheel 17 contains no more than 5 lugs; wheel 19 contains
7 lugs - 14 of 19 pins are identified; wheel 21 contains
5 lugs; wheel 23 contains eight lugs with 17 pins identified;
wheel 25 contains 1 lug; wheel 26 contain s up to 5 lugs.

The final efforts are derived from the same layout of the
recovered key:

Key: 13 13 15 1 26 1 21 8 - - - - 0 17 18 10 15 20 17
-------------------------------------------------------
17: 0 0 0 0 ]
19: 0 7 0 0 7 0 7 0 0 7 0 0 0 7 7]
21: 0 0 0 0 0
23: 8 0 0 8 0 0 8 0 8 0 0 8 8 0 8 0
25: 1 0 1 0 0
26: 0 0 0
--------------------------------------------------------
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

and so forth for the balance of the recovered key. Not the
non-effective pins in position 8.

ENCIPHERED INDICATORS

Initial wheel settings are rarely encountered in the

clear. We face several challenges when the initial wheel
indicators are enciphered.

(1) Attempts to put the messages "in depth" or equate the

messages by their indicators may be successful only if
the enciphering method for the indicators is weak
cryptographically.

(2) Recovery of a solved message does not mean that we can

"read' all the additional traffic as easily as the
correspondents.

(3) Table 21-2 shows the important relationship between

the wheel settings as viewed on the face of the CSP
1500 and the "effective" pin positions internally
within the machine that actually effect the operations
of the machine:

Table 21 -2

Wheel 26

Letter Shown: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Internal Pin: P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

Wheel 25
Letter Shown: A B C D E F G H I J K L M N O P Q R S T U V X Y Z
Internal Pin: O P Q R S T U V W X Y Z A B C D E F G H I J K M N

Wheel 23

Letter Shown: A B C D E F G H I J K L M N O P Q R S T U V X
Internal Pin: N O P Q R S T U V X A B C D E F G H I J K L M

Wheel 21

Letter Shown: A B C D E F G H I J K L M N O P Q R S T U
Internal Pin: M N O P Q R S T U A B C D E F G H I J K L

Wheel 19

Letter Shown: A B C D E F G H I J K L M N O P Q R S
Internal Pin: L M N O P Q R S A B C D E F G H I J K

Wheel 17

Letter Shown: A B C D E F G H I J K L M N O P Q
Internal Pin: K L M N O P Q A B C D E F G H I J

Special Case 2 - Operator Error and Stagger

It is actually a blessing when an enemy cryptographer

makes the mistake of enciphering the same message twice,
makes a one or two letter mistake, or a second
cryptographer uses the same settings to encrypt the
message again. All of these situations may give rise to
a great find known as the 'stagger.'

In Lecture 12, we found that the stagger procedure

applies to a periodic cryptogram which contains a long
passage repeated in its plain text, the second
occurrence occurring at a point in the keying cycle
different from the first occurrence. If the passage is
long enough, the equivalencies from the two
corresponding sequences may be chained together to yield
an equivalent primary component. In effect, we by-pass
the solution by frequency analysis or making assumptions
in the plain text of a polygraphic cipher.

Given two CSP 1500 messages transmitted within one hour

of each other:

No. 1

B G K T D W Z V N P M R E V W W W R M G
T U K R G K B U E C J J I P R P V T K P
U T T I U N F G N U A F Z W U J R G A W
F O M B J B X Q S F I W V D W B S C G V
S E G R K A J B Y M E Q H G L U H P Y B
 W E W X Q V D W W H V Q V G U U W V V N
L O A U A D W N H Y Q V V T V J Y L S T
X I N V K F P K T K T M L G Z L D A B W.

No. 2

B G K T D W Z V N P M R E G F W T X K T
L O H I F J V O B F V V Q V K X D E E G
R I R N G W F H R L V N Q T Z V Y R U X
T N U U P G M A T B S L G X X P D L M W
C Y J J H O L B K Z O U R H H T B W X G
V U S M F W N Q R Z C V M L T H K U N E
D V Z W J W M K V Z L U X Q N S N M W U
R T H U H N C A H P A Q L H I X C U B W.

Note that the first two letters and the last two letters
are the same. The lengths of the messages are the same.
The conclusion: the internal plaintext of the messages
is the same; and the generated key of the CSP 1500 could
well be the same.

Lets find out. From the point where the two messages
differ the next 20 letters may be put "in depth" as
follows:

Pos. 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
Key:
No. 1: V W W W R M G T U K R G K B U E C J J I

No. 2: G F W T X K T L O H I F J V O B F V V Q

We expect that the key of both messages is the same; and

that the messages are correctly "in depth." We also expect
that the plaintext is the same, except that at position 14
(where the ciphertext differs) either a letter was added or
deleted from one of the messages.

We assume that the key in position 14 to be 0. The resulting

plaintext letters will be:

Pos. 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
Key: 0
No. 1: V W W W R M G T U K R G K B U E C J J I
e

No. 2: G F W T X K T L O H I F J V O B F V V Q
t

From this point on there are two possibilities:

 (1) The plaintext of message No. 1 from position 14
on is the same as that as message No. 2 or

(2) The plaintext of message No. 2 from position 14

is the same as that of message No. 1 from position
15 on.

For possibility (1), the plaintext for both messages is:

Pos. 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
Key: 0 10 10 7 8 1 8 13 8 21 19 7 10 21 8 15 16 9 21 2
No. 1: V W W W R M G T U K R G K B U E C J J I
e n n k q o b t n k b a z t n k n z l t

No. 2: G F W T X K T L O H I F J V O B F V V Q
t e n n k q o b t n k b a z t n k n z l

If we consider possibility (2):

Pos. 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
Key: 0 16 7 7 5 20 16 16 25 21 5 3 8 0 25 15 16 20 8 21
No. 1: V W W W R M G T U K R G K B U E C J J I
e t k k n h j w e k n w x y e k n k y m

No. 2: G F W T X K T L O H I F J V O B F V V Q
t k k n h j w e k n w x y e k n k y m e

Neither possibility is right based on the initial key

being 0. Actually, the key could be any number from 0 - 25.
We return to the use of the "completing the plain component
rundown" that we used in Lectures 12 -13. Our attempt with
possibility (1) will fail. Possibility (20) has better results:

e t k k n h j w e k n w x y e k n k y m
f u l l o i k x f l o x y z f l o l z n
g v m m p j l y g m p y z a g m p m a o
h w n n q k m z h n q z a b h n q n b p
i x o o r l n a i o r a b c i o r o c q
j y p p s m o b j p s b c d j p s p d r
k z q q t n p c k q t c d e k q t q e s
l a r r u o q d l r u d e f l r u r f t
m b s s v p r e m s v e f g m s v s g u
n c t t w q s f n t w f g h n t w t h v
o d u u x r t g o u x g h i o u x u i w
p e v v y s u h p v y h i j p v y v j x
q f w w z t v i q w z i j k q w z w k y
r g x x a u w j r x a j k l r x a x l z
s h y y b v x k s y b k l m s y b y m a
t i z z c w y l t z c l m n t z c z n b
u j a a d x z m u a d m n o u a d a o c
v k b b e y a n v b e n o p v b e b p d
w l c c f z b o w c f o p q w c f c q e
x m d d g a c p x d g p q r x d g d r f
y n e e h b d q y e h q r s y e h e s g
z o f f i c e r z f i r s t z f i f t h ***
a p g g j d f s a g j s t u a g j g u i
b q h h k e g t b h k t u v b h k h v j
 c r i i l f h u c i l u v w c i l i w k
d s j j m g i v d j m v w x d j m j x l

The correct recovered key "in depth" is:

Pos. 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
Key: 21 11 2 2 0 15 11 11 20 16 0 24 3 21 20 10 11 15 3 16
No. 1: V W W W R M G T U K R G K B U E C J J I
z o f f i c e r z f i r s t z f i f t h

No. 2: G F W T X K T L O H I F J V O B F V V Q
o f f i c e r z f i r s t z f i f t h z

The difference between the two messages is a single word

spacer 'Z' omitted at position 14.

The cryptanalyst must be alert to find the stagger and

the find is well worth the effort. There is a mistaken
belief that re-enciphering the same text twice with the
same wheel settings is not a blunder - however, as you
see, it is a big one.

GENERAL SOLUTION OF SIX-WHEEL CSP 1500 CIPHER MACHINE

The general solution of the CSP 1500 has been described

in principle under the subtitle "Analysis of a Four-
Wheel CSP 1500 Cipher Machine." Given a cryptogram of
sufficient length (the more the better) the first step
is to analyze the text of the cryptogram divided into
the period of the shortest wheel length so that the
maximum amount of text per wheel-pin is obtained. In the
case of the CSP 1500 (or the C-38 or M209), the shortest
is wheel-length 17. The 17 distributions are initially
obtained from the cryptogram, each representing every
17th letter of ciphertext.

For any given number of wheels, there will result

ciphertext which will be a combination of a given number
of different monoalphabetic substitutions. The simplest
case is that of one wheel which results in ciphertext
which is a combination of two monoalphabetic
substitutions, one being the text resulting when the pin
of the wheel is in a non-effective position (key = 0)
and the other being the text resulting when the pin is
in the effective position (key = the number of lugs on
the wheel). We know that resulting ciphertext for a six
wheel CSP 1500 is a combination of 64 different
monoalphabetic substitutions. In the case of the 17
distributions initially obtained from the cryptogram,
the letters within a single distribution are the result
of the other five wheels and represent a combination of
32 monoalphabetic substitutions. That is the text within
a single distribution represents a combination of 32
different alphabetic substitutions. More specifically,
Class A represents one set of 32 different monoalph-
abetic substitutions and Class B represents another set
of 32 different monoalphabetic substitutions.
We must think of the concept of the "degree of
randomness". A combination of 32 monoalphabetic
substitutions is not purely random, though more random,
than if only 16 monoalphabetic substitutions were
combined. A single monoalphabetic distribution provides
ciphertext that clearly not random, (demonstrated in
many ways between Lectures 1-14). As we increase the
number of monoalphabetic substitutions in the
combination process, the ciphertext does become more
random. But not perfectly random. In the case of the 17
distributions , we were able to delineate the
distributions into two classes, where one class consists
of text resulting from one set of 32 different monoalph-
abetic substitutions and the other class consists of
text resulting from another set of 32 different
monoalphabetic distribution.

When four wheels were engaged, we matched distributions

that resulted from eight monoalphabetic substitutions.
Since in the six wheel case we are dealing with 32
monoalphabetic distributions, it is obvious that we need
more text to successfully differentiate between the two
classes of text. Our mathematical computations are much
larger and require computer augmentation to match the
distributions.

After successfully dividing the 17 distributions into

two classes, in effect we will have found the effective
and non-effective pins of wheel length 17, though we
still do not know which class represents the effective
pins and which the non-effective pins,

We again use the computer to combine all the distrib-

utions of each class separately. We next shift one of
the combined distributions through each of 26 positions,
we attempt to find the number of lugs on wheel 17.

After initial success with wheel length 17, we turn to

wheel length 19, and divide the pin settings again into
two classes to find the pin settings on wheel length 19.
We continue with the procedure for the wheel lengths of
21, 23, 25 and finally 26.

It is possible to combine several shorter cryptograms in

order to obtain sufficient text for the general
solution. However, this is not a simple add/subtract
procedure. It is necessary to use the computer to match
the 17 distributions of one cryptogram against the 17
distributions of another cryptogram by shifting the
distributions of one of the cryptograms through the 17
possible shifts until the total 17 distributions of one
message match the total 17 distributions of the other
message. At this point wheel 17 of both cryptograms
will be in the same effective position; and for the
purpose of pin settings of wheel 17, separating the 17
distributions into two classes, the two cryptograms may
be combined.
in summary, the general solution follows the procedures
described under the four wheel analysis.

*****************************************************

[NB: This lecture contains several different fonts to

account for the table widths. As a ASCII file this
may be a problem for some e-mail systems. I will also
send a DOC file from WORD to the CDB for those who need
it. ]

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

September 9, 1996

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 17

HEADLINE PUZZLES, PLAYFAIR, FOURSQUARE

FRACTIONATION AND DELASTELLE SYSTEMS

SUMMARY

I think this lecture is both interesting and perhaps

difficult. We start off with PHOTON's Headliner Cipher
which combines many of the principles found in Lectures
1 and 10 - 12 of this course. We then shift into
Digraphic systems with the Playfair and Foursquare
Ciphers. We develop the theory of fractionation and
illustrate it with difficult classical systems known as
the Bifid and Trifid ciphers. Both of these latter
cipher systems were invented by the French cryptographer
Delastelle. We develop our lecture with the help of the
following references: [ELCY], [BOW1], [BOW2], [BOW3],
[BOW4], [HITT], [LEWI], [NICH] and [PHOT]. At the end
of my lecture is a special note regarding Diophantine
equations, a subject which is a bit esoteric and has
interested several of our class.

HEADLINE PUZZLES (PHOTON)

Thirty years ago, Paul Derthick began publishing the

HEADLINE PUZZLE in the NSA monthly newsletter for
professional cryptologists. Paul is no longer with us,
but his puzzles continue to be written monthly by Larry
Gray to challenge and frustrate his successors. We
thank PHOTON for exposing us to this wonderful cipher.
I have condensed his soon to be published paper. [PHOT]

Headline Puzzles demonstrate a variety of cryptographic

principles. Each puzzle contains five headlines from
recent daily newspapers. Each of the five is a different
monoalphabetic substitution, and all five are derived
from the same mixed alphabet at different settings
against itself. A complete solution includes recovering
the headlines, the key, the setting and the hat.

In Paul's words, "The use of headlines was a happily

malicious thought. It permits the inclusion of
outrageous proper names, and has the tendency to exclude
the commonest words." But even though the five headlines
may include some tough problems, finding the three words
(key, setting and hat) needed for a complete solution
may be even more challenging.

WALKING THROUGH A SOLUTION

Given:

1. AMHXZLX ALXNSTXO APYBX NLJXHXK LI ZJL AHWHMHBX

BHUAUBIZ;

2. GHDMRJGB MCGHE CKXCDMCQH SP RLCEE OSEE, ZHMCGHE MSU

DJCC EOSM;

3. WYNAJSM PYXMKANWAJKANB VNYLXPA MAFN-VANWAPK CXMLNAL

LYQQFN IJQQB;

4. XOAJRH DOHU XFNIRA MPS GRNC RBQTSPBIRBHNF FNG

RBMPSDRIRBH;

5. FRHRXIQ ALVTURXF RQX. VALPPF SI VXCMRLP XLVJ LPFPVLXU

The general outline of solution is to: 1) solve any two

headlines and use them to find a mixed alphabet that
solves all five headlines; 2) solve the rest of the
headlines and use all five to recover the setting; 3)
recover the key block and the sequence of transposition;
4) recover the original mixed alphabet by decimation;
and 5) finally, recover the hat (the word whose
alphabetic sequence of letters determines the
transposition sequence from the keyblock).

Step 1:SOLVE ANY TWO HEADLINES

Since the initial step is to solve any two headlines, we

look for nice wedges in any two. The first probable
wedges to catch my eye in this example are the long
pattern words in headlines 3 and 4. The 14 letter word
in headline 3. has the pattern ABCDEFGHFIEFGJ, yielding
"counterfeiters" from the pattern word dictionary.
Substituting the letters in the headline produces a nice
wedge! Then a little trial and error produces, "Foreign
counterfeiters produce near-perfect hundred dollar
bills":

forei n counterfeiters ro uce ne r- erfect un re

3. WYNAJSM PYXMKANWAJKANB VNYLXPA MAFN-VANWAPK CXMLNAL
ABCDEFGHFIEFGJ

o r i s
LYQQFN IJQQB

The 13 letter pattern word in headline 4. has the

pattern ABCDEFBGABHIJ, yielding "environmental" from the
pattern word dictionary. Substituting the letters in the
headline also produces a nice wedge; not as nice, but
good enough to produce "Budget cuts blamed for weak
environmental law enforcement":

et t lame or ea environmental la
4. XOAJRH DOHU XFNIRA MPS GRNC RBQTSPBIRBHNF FNG
ABCDEFBGABHIJ
en or ement
RBMPSDRIRBH

Solving the first two headlines is seldom this easy; but

as you can see, long pattern words make nice wedges when
they are available. We assume that the reader knows how
to solve monoalphabetic ciphers with word divisions
(Aristocrats - see chapter 1 in [NICH]).

The current recovery of plain-text to cipher-text is:

a b c d e f g h i j k l m n o p q r s t u v w x y z
1.
2.
3. F I P L A W S C J Q M Y V N B K X
4. N X D A R M J T C F I B P S U H O Q G
5.

Figure 17-1.

Step 2:FIND A MIXED ALPHABET THAT SOLVES ALL FIVE

HEADLINES

The columns in Figure 17-1 are arranged alphabetically

by the plain letters for ease in building chains. Each
vertical column is fixed, regardless of the sequence of
the columns because each plain letter stands for only
one cipher letter in each of the headlines. The purpose
of chaining is to find an alphabetic sequence for the
fixed columns that is the same in each row. The sequence
we derive from chaining will not necessarily be the
original mixed sequence; but it will solve all five
headlines when the rows are set against themselves.
For the rest of this section we will refer to the mixed
alphabet derived from chaining as an equivalent
alphabet.

Note that the equivalent alphabet is not unique. There

are 6 equivalent alphabets which are odd decimations of
the original (e.g. every third letter, every fifth
letter etc. in a 26 letter cycle), 6 odd decimations
that are the same as the first six, but in the reverse
order; 6 even decimations that give two cycles of
thirteen letters each (rather than a single cycle of 26
letters); 6 even decimations that are the same as the
first six even decimations, but reversed; and a single
decimation with the same two letters repeated 13
times. Only the 26-letter cycles are useful results from
chaining, so we will look only for odd decimations when
recovering the keyblock and the original mixed alphabet.

Chaining capitalizes on the symmetry of letter positions

in the fixed columns and their relative distances apart
in related alphabets. For example: if plain A equals
cipher F in line 3, and plain F equals cipher W, then
the distance between plain A and plain F is the same as
the distance between cipher F and cipher W in their
respective alphabets. A two-dimensional chain combines
the relationships of the plain alphabet and two
different cipher alphabets. In this example, we put
line 3. cipher-text letters vertically under the plain-
text letters; and put line 4. cipher-text letters
horizontally to the right of the plain-text letters. In
that way we generate a two-dimensional interactive chain
with the same equivalent alphabet in each vertical line,
and a different equivalent alphabet in each horizontal
line. Please refer to Figures 17-2 and 17-3 for what
the display looks like on graph paper.

Arbitrarily starting with the plain A and cipher F (line

3) gives me part of the vertical chain (A over F ). Then
looking at plain F over cipher W adds W to the chain
(under the F). Looking at plain W, however, shows that
no cipher letter has been identified in line 3 for plain
W, so we show "." as a place-filler. Returning to cipher
A (line 3), we find cipher A under plain E, but no
cipher E to continue the chain, so we show "." as a
place-filler. See the diagram in Figure 17-2 for the
vertical chain fragment EAFW.

Then we make a horizontal chain on each of the letters

of the vertical chain, using the plain alphabet and
cipher line 4. The first horizontal line is from cipher
R to the right of plain E, cipher S to the right of
plain R, etc. giving the horizontal chain fragment
ERSUOP. Similarly, completing the next three horizontal
fragments looks like the matrix in Figure 17-2.

.
. E R S U O P .
. K C D A N B X .
. L F M I T H .
 . W G J .
.

Figure 17-2

Continuing to expand the chains shows quickly that the

horizontal chain repeats with a 13 letter cycle,
indicating that it is from an even decimation (and
therefore not useful a this time). The vertical chain,
however, contains a full 26 letter mixed alphabet,
indicating a useful decimation. The result looks like
the matrix in Figure 17-3 after only a few iterations.

I
J
U
X
T
K
O
Y
H
C
P
V
.
D
L
Y V Q W G J K C D A N B X Y V (13 LETTER CYCLE)
I T H E R S U O P L F M I T H (13 LETTER CYCLE)
J K C D A N B X Y V
P L F M I T H .
Q W G J K C D A N B X
E R S U O P
C D A N B X Y V
M
G
S
B
I

Figure 17-3

Note how the chain fragments grow interactively, with

the horizontal chain providing letters for the vertical
chain and visa versa. Also note that all the vertical
segments are parts of the same equivalent alphabet. When
an overlap is discovered, the chain can be expanded by
inspection. Look, for example, at the bottom vertical
segment NMGSBI and see how it came from combining
segments from the two columns to its right. Similarly,
the horizontal chain segments are, by chance, part of
two independent 13 letter cycles which can be expanded
to other horizontal chains by inspection.

Only one letter eluded detection by two-dimensional

chaining; so it isn't hard to identify it and fill in
the "Z". There is no need to activate a third dimension
or solve another aristocrat in this example. We have
been able to find a complete 26-letter alphabet with
only two solved headlines in almost every case. The
equivalent alphabet in this example is:

I J U X T K O Y H C P V Z D L Q E A F W R N M G S B

Step 3: RECOVER THE SETTING AND THE INDEX LETTER

Any of the equivalent alphabets will solve the remainder

of the headlines, so we'll use this one instead of
waiting until recovery of the original alphabet. Now
that we have an alphabet to slide against itself, we
simply write out the alphabet on a sheet of graph paper,
and write it twice on a second sheet that we slide along
the first. Then we attack the unsolved headlines at
their shortest (usually two letter) words. Recognizing
that one of those letters will be a vowel, we simply try
all the vowels on one letter until the second letter
makes a good word. Then we keep that slide position and
try another word to verify it. R. MASTERTON observes
another type wedge, in "Solving Cipher Problems"; "You
would be amazed at the number of times the second word
ends with S and the third is a short word such as TO."

Attacking headline 1. with the slide setting in Figure

17-4 shows that LI = of (verified with ZJL = two), and
the whole headline reads. "Clinton condemns Cuban
downing of two civilian aircraft".

i j u x t k o y h c p v z d l q e a f w r n m g s b
O Y H C P V Z D L Q E A F W R N M G S B I J U X T K O Y

H C . .

Figure 17-4

After applying the same technique to headlines 2 (SP =

of) and 5 (SI = to), the setting for each headline is
shown in Figure 17-5. The setting word "SHARP" shows
clearly under the index letter "e". We'll need both the
setting and the index later.

i j u x t k o y h c p v z d l q e a f w r n m g s b
---------------------------------------------------
1. H C P V Z D L Q E A F W R N M G S B I J U X T K O Y
2. F W R N M G S B I J U X T K O Y H C P V Z D L Q E A
3. J U X T K O Y H C P V Z D L Q E A F W R N M G S B I
4. T K O Y H C P V Z D L Q E A F W R N M G S B I J U X
5. R N M G S B I J U X T K O Y H C P V Z D L Q E A F W

Setting = SHARP Index = E

Figure 17-5
Note: The setting might read up the column, rather than
down, or be derived from plain-text alphabets under a
single cipher-text alphabet, rather than cipher-text
alphabets under a single plain-text alphabet.

Step 4:RECOVER THE KEY BLOCK

The literature suggests that we examine the equivalent

alphabet looking for sequences of letters (like ABC in
this example). Then examine the alphabet to see if
another sequence is a uniform distance from each letter
(viz: L is 3 before A, M is 3 before B, O is 3 before C)
and decimate by the uniform distance. That works, but
it's not always obvious (to me). So we force the display
to show me sequences by aligning the equivalent alphabet
vertically in strips. For convenience we order them
across the middle in alphabetic sequence (similar to the
sequence of unused letters in a keyblock). Then the
appropriate decimation is much more obvious. See Figure
17-6. Sometimes the key is in plain view. We made the
matrix in Figure 17-6. by hand the first couple of
times; and then wrote a short computer program to do the
drudgery. The rows and columns are numbered for
convenience in referring to them.

Since we look for the key word and for alphabetic

sequences of unused letters in the key block, and for
them horizontally in Figure 17-6. The highest
concentration of alphabetic sequences are in rows -6, -
3, 3 and 6 indicating that a decimation of three might
be a good choice. We call this a goodness test in the
computer program; and it has always led me to the right
decimation. The "goodness" column from PHOTON'S
computer program is merely the sum of alphabetically
adjacent letters in a horizontal row - indicating
likelihood of finding significant pieces of the unused
letters in a keyblock.

-12 k d g j t o v m l q w u p c r s x h z f e b y a n i
-11 o l s u k y z g q e r x v p n b t c d w a i h f m j
-10 y q b x o h d s e a n t z v m i k p l r f j c w g u
-9 h e i t y c l b a f m k d z g j o v q n w u p r s x
-8 c a j k h p q i f w g o l d s u y z e m r x v n b t
-7 p f u o c v e j w r s y q l b x h d a g n t z m i k
-6 v w x y p z a u r n b h e q i t c l f s m k d g j o
-5 z r t h v d f x n m i c a r j k p q w b g o l s u y
-4 d n k c z l w t m g j p f a u o v e r i s y q b x h
-3 l m o p d q r k g s u v w f x y z a n j b h e i t c
-2 q g y v l e n o s b x z r w t h d f m u i c a j k p
-1 e s h z q a m y b i t d n r k c l w g x j p f u o v
Ref A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 f i p l a w s c j u o q g m y v e n b k x z r t h d
2 w j v q f r b p u x y e s g h z a m i o t d n k c l
3 r u z e w n i v x t h a b s c d f g j y k l m o p q
4 n x d a r m j z t k c f i b p l w s u h o q g y v e
5 m t l f n g u d k o p w j i v q r b x c y e s h z a
 6 g k q w m s x l o y v r u j z e n i t p h a b c d f
7 s o e r g b t q y h z n x u d a m j k v c f i p l w
8 b y a n s i k e h c d m t x l f g u o z p w j v q r
9 i h f m b j o a c p l g k t q w s x y d v r u z e n
10 j c w g i u y f p v q s o k e r b t h l z n x d a m
11 u p r s j x h w v z e b y o a n i k c q d m t l f g
12 x v n b u t c r z d a i h y f m j o p e l g k q w s
13 t z m i x k p n d l f j c h w g u y v a q s o e r b

1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6

Figure 17-6

Note in column 1, for example, that the alphabetic

sequence reading up the column from the reference line
to -3 and -6 is ALV, and in column 2 it is BMW, and in
column 3 it is COX (all in alphabetic sequence). So the
apparent order of the key block is up the columns. Since
we wrote the equivalent alphabets down the columns, the
decimation must be in the opposite (minus) direction.
Figure 17-7. shows the likely keyblock lines arranging
from top to bottom for ease in reading.

In forming the keyblock, the columns must stay intact to

maintain the integrity of the mixed alphabet, but the
rows can be rearranged because the horizontal alphabetic
sequence was artificially created to get a sense of
order. The key word will be on the top line of the
keyblock, perhaps wrapped around onto the second line.

3 r u z e w n i v x t h a b s c d f g j y k l m o p q
Ref A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
-3 l m o p d q r k g s u v w f x y z a n j b h e i t c
-6 v w x y p z a u r n b h e q i t c l f s m k d g j o

1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6

Figure 17-7

Figure 8. shows the result of developing the keyblock

from the information in Figure 17-7. Look at line -3 in
Figure 17-7. and strike through the columns that were
not in alphabetical sequence (columns 5, 8, 9, 14, 20,
21, 22, 23, 24, and 26). Then we looked at what remained
in row 3, and saw the word "zenith". Noticing that the
letter C was in the reference row under the Z in zenith,
Terminate the first row at B. The resulting perfect
keyblock confirms the decimation of minus three.

z e n i t h a b
c d f g j k l m
o p q r s u v w
x y

KEY =ZENITH
 Figure 17-8

Step 5:RECOVER THE MIXED ALPHABET

The original alphabet in Figure 17-9 can now be read

directly from Figure 17-6 by starting with the index
letter "e" and reading every third letter vertically in
any column:

E D P Y T J S N F Q Z C O X I G R A L V H K U B M W

Figure 17-9

Step 6:RECOVER THE HAT

Two essential elements are needed to recover the hat.

First, the transposition sequence of reading columns
from the keyblock. And second, the relationship between
the words used for the setting, the key and the hat. The
transposition sequence is the alphabetic sequence of
letters in the hat word. The relationship of the hat to
the setting and the key comes from your determination of
the relationship between the setting and the key alone.
The transposition sequence from the keyblock to the
mixed alphabet can be read directly. From the original
alphabet in Figure 17-9, refer to the keyblock in
Figure 17-8. Start with the index letter "E", read down
EDPY, then down TJS, then down NFQ etc. The full
sequence is shown in Figure 17-10.

4 1 3 5 2 7 6 8
---------------
Z E N I T H A B
C D F G J K L M
O P Q R S U V W
X Y

Figure 17-10

And now we know that the alphabetic sequence of letters

in the hat word is 4 1 3 5 2 7 6 8; and that the word is
related to the key word (ZENITH) and to the setting word
(SHARP).

There are at least two ways to find the hat. The method
illustrated in Figure 17-11 uses the alphabetic sequence
of each letter position in the hat and defines the
limits for each position. In the first text line of
Figure 17-11 the letter A could be at positions 1 and 2,
but not at the other position. Only position 3 could
have a letter as low as B, positions 4, 5 and 7 could
have letters as low as C, depending on the letter in
position, positions 7 and 8 could have letters as
low as D, depending on the values above. Likewise at
the high end, only positions 7 and 8 could have a letter
as high as Z etc.

4 1 3 5 2 7 6 8
C A B C A D C D
D B C D B E D E
E C D E C F E F
F D E F D G F G
G E F G E H G H
H F G H F I H I
I G H I G J I J
J H I J H K J K
K I J K I L K L
L J K L J M L M
M K L M K N M N
N L M N L O N O
O M N O M P O P
P N O P N Q P Q
Q O P Q O R Q R
R P Q R P S R S
S Q R S Q T S T
T R S T R U T U
U S T U S V U V
V T U V T W V W
W U V W U X W X
X V W X V Y X Y
Y W X Y W Z Y Z

Figure 17-11

In each of the HEADLINE PUZZLES, research on the

relationships recovers the hat faster and with more
enjoyment than working the positional possibilities.
Relating the words SHARP and ZENITH suggests manu -
facturers of electronic stuff like computers and radios
and television sets. So we examined the names of other
manufacturers, like Toshiba, Panasonic, Motorola,
Magnavox, Pioneer, Hitachi etc. only MAGNAVOX matches
the length and alphabetic sequence. The name "HAT" came
from the position of the transcription word on top of
the keyblock.

M A G N A V O X Hat = MAGNAVOX
4 1 3 5 2 7 6 8
Z E N I T H A B Key = ZENITH
C D F G J K L M
O P Q R S U V M Setting =SHARP
X Y

e d p y t j s n f q z c o x I g r a l v h k u b m w
---------------------------------------------------
1. S N F Q Z C O X I G R A L V H K U B M W E D P Y T J
2. H K U B M W E D P Y T J S N F Q Z C O X I G R A L V
3. A L V H K U B M W E D P Y T J S N F Q Z C O X I G R
4. R A L V H K U B M W E D P Y T J S N F Q Z C O X I G
5. P Y T J S N F Q Z C O X I G R A L V H K U B M W E D
 Figure 17-12

Now that we've completed the solution, it's interesting

to confirm that the original mixed alphabet in Figure
17-12 gives the same solution to the headlines as the
equivalent alphabet developed earlier in Figure 17-5.

Step 7:Complete Solution:

1. CLINTON CONDEMNS CUBAN DOWNING OF TWO CIVILIAN

AIRCRAFT;

2. KENTUCKY TAKES ADVANTAGE OF UMASS LOSS, RETAKES TOP

NCAA SLOT;

3. FOREIGN COUNTERFEITERS PRODUCE NEAR-PERFECT HUNDRED

DOLLAR BILLS;

4. BUDGET CUTS BLAMED FOR WEAK ENVIRONMENTAL LAW

ENFORCEMENT;

5. SILICON GRAPHICS INC. AGREES TO ACQUIRE CRAY RESEARCH

Setting = SHARP Key = ZENITH Hat = MAGNAVOX

Along with Paul Derthick's notes, "Introduction to the

HEADLINE PUZZLE", other references are: [LEWI], [NICH],
[ELCY], [SINK], [FRE1] [FRE2]. The HEADLINE PUZZLES
in this section are used with permission of PHOTON and
the NSA monthly newsletter.

DIGRAPHIC CIPHERS: PLAYFAIR

Perhaps the most famous cipher of 1943 involved the

future president of U.S., J. F. Kennedy, Jr. [KAHN]
On 2 August 1943, Australian Coastwatcher Lieutenant
Arthur Reginald Evans of the Royal Australian Naval
Volunteer Reserve saw a pinpoint of flame on the dark
waters of Blackett Strait from his jungle ridge on
Kolombangara Island, one of the Solomons. He did not
know that the Japanese destroyer Amagiri had rammed and
sliced in half an American patrol boat PT-109, under
the command of Lieutenant John F. Kennedy, United States
Naval Reserve. Evans received the following message at
0930 on the morning of the 2 of August 1943:

29gps

KXJEY UREBE ZWEHE WRYTU HEYFS

KREHE GOYFI WTTTU OLKSY CAJPO
BOTEI ZONTX BYBWT GONEY CUZWR
GDSON SXBOU YWRHE BAAHY USEDQ

/0930/2
Translation:

PT BOAT ONE ONE NINE LOST IN ACTION IN BLACKETT

STRAIT TWO MILES SW MERESU COVE X CREW OF TWELVE
X REQUEST ANY INFORMATION.

The coastwatchers regularly used the Playfair system.

Evans deciphered it with the key ROYAL NEW ZEALAND NAVY
and learned of Kennedy's fate. Evans reported back to
the coastwatcher near Munda, call sign PWD, that Object
still floating between Merusu and Gizo, and at 1:12 pm,
Evans was told by Coastwatcher KEN on Guadalcanal that
there was a possibility of survivors landing either on
Vangavanga or near islands. That is what Kennedy and
his crew had done. They had swum to Plum Pudding Island
on the Southeastern tip of Gizo Island.

Several messages passed between PWD, KEN and GSE

(Evans). The Japanese made no attempt to capture Kennedy
even though they had access to the various messages. The
importance to them was missed even though many P-40's
were spotted in the Search and Rescue (SAR) attempt.
maybe the Japanese didn't want to waste the time or men
because the exact location of the crew was not
specified. A Japanese barge chugged past Kennedy's
hideout. On 0920 a.m. on Saturday morning 7 August 1943,
two natives found the sailors, who had moved to Gross
Island, and had reported to find Evans. He wrote a brief
message: Eleven survivors PT boat on Gross Is X Have
sent food and letter advising senior come here without
delay X Warn aviation of canoes crossing Ferguson RE.
The square Evans used was based on the key PHYSICAL
EXAMINATION :

P H Y S I
C A L E X
M N T O B
D F G K Q
R U V W Z

The encipherment did not split the doubled letters as is

the rule:

XELWA OHWUW YZMWI HOMNE OBTFW

MSSPI AJLUO EAONG OOFCM FEXTT
CWCFZ YIPTF EOBHM WEMOC SAWCZ
SNYNW MGXEL HEZCU FNZYL NSBTB
DANFK OPEWM SSHBK GCWFV EKMUE

There were 335 letters in 5 messages, in the same key

beginning XYAWO GAOOA GPEMO HPQCW IPNLG RPIXL
TXLOA NNYCS YXBOY MNBIN YOBTY QYNAI ..., for
Lieut. Kennedy considers it advisable that he pilot PT
boat tonight X ... These five messages detailed the
rescue arrangements, which offered the Japanese a chance
to not only get the crew (and change all history!) and
the force coming out to save it. The Japanese failed to
solve what an experienced crypee could solve in one
hour. At 1000 hours that same day Kennedy and his crew
was rescued.

Digraphic substitution refers to the use of pairs of

letters to substitute for other pairs of letters. The
Playfair system was originated by the noted British
scientist, Sir Charles Wheatstone (1802 - 1875) but, as
far as known, it was not employed for military or
diplomatic use during his lifetime. About 1890 it was
adopted for use by the British Foreign Office on the
recommendation of Lord Lyon Playfair (1818-1898) and
thereafter identified with its sponsor.

Encipherment

The Playfair is based on a 25 letter alphabet (omit J)

set up in a 5 X 5 square. A keyword is written in
horizontally into the top rows of the square and the
remaining letters follow in regular order. So for the
key = LOGARITHM, we have:

L O G A R
I T H M B
C D E F K
N P Q S U
V W X Y Z

In preparation for encipherment, the plaintext is

separated into pairs. Doubled letters such as SS or NN
are separated by a null.

For example, "COME QUICKLY WE NEED HELP" we have

CO ME QU IC KL YW EN EX ED HE LP

There are three rules governing encipherment:

1. When the two letters of a plain text pair are in

the same column of the square, each is enciphered
by the letter directly below it in that column. The
letter at the bottom is enciphered by the letter at
the top of the same column.

Plain Cipher
OP TW
IC CN
EX QG

2. When the two letters of a plain text pair are in

 the same row of the square, each is enciphered by
the letter directly to its right in that row. The
letter at the extreme right of the row is enciph-
ered by the letter at the extreme left of the same
row.

Plain Cipher
YW ZX
ED FE
QU SN

3. When two letters are located in different rows and

columns, they are enciphered by the two letters
which form a rectangle with them, beginning with
the letter in the SAME ROW with the first letter of
the plaintext pair. (This occurs about 2/3 of the
time.)

Plain Cipher
CO DL
ME HF
KL CR
LP ON

Decipherment, when the keyword is known, is accomplished

by using the rules in reverse.

Identification Of The Playfair

The following features apply to the Playfair:

1. It is a substitution cipher.

2. The cipher message contains an even number of

letters.

3. A frequency count will show no more than 25 letters.

(The letter J is not found.)

4. If long repeats occur, they will be at irregular

intervals. In most cases, repeated sequences will be
an even number of letters.

5. Many reversals of digraphs.

Peculiarities

1. No plaintext letter can be represented in the cipher

by itself.

2. Any given letter can be represented by 5 other

letters.

3. Any given letter can represent 5 other letters.

4. Any given letter cannot represent a letter that it
combines with diagonally.

5. It is twice as probable that the two letters of any

pair are at the corners of a rectangle, than as in
the same row or column.

6. When a cipher letter has once been identified as a

substitute for a plaintext letter, their is a 20%
chance that it represents the same plaintext letter
in each other appearance.

The goal of recovery of the 5 X 5 square and various

techniques for accomplishing this are the focus for
solving the Playfair. Colonel Parker Hitt describes
Lieutenant Frank Moorman's approach to solving the
Playfair which addresses the keyword recovery logically.
[HITT]. Other writers [ELCY], [BOW2], [FRE4], and
[MAST] do an admirable job of discussing the process.
However, W. M. Bowers Volume I on Digraphic Substitution
presents the easiest protocol for students. [BOWE]

PLAYFAIR CRYPTANALYSIS

Our preliminary step is to perform individual letter

frequency and digraphic counts. The former because high
frequency ciphertext letters follow closely the high
frequency letters they represent and will be located in
the upper rows; similarly, low frequency letters follow
their plain counterparts (UVWXYZ) and may be located at
the last row of the square. A digraph count is useful
because cipher digraphs follow closely the frequency of
their plaintext digraphs. i.e. TH = HM. The frequency of
HM must be high for a normal length message. Also
tetragraphs may be tested THAT, TION, THIS for
corresponding their frequencies in the square.

All the authors agree that a probable word is need for

entry into the Playfair. Due to its inherent
characteristics, Playfair cipher words will follow the
same pattern as their plaintext equivalents; they carry
their pattern into the cipher.

Given: Tip "er one day entere" Hampian. 10/1952

EU SM FV DO VC PB FC GX DZ SQ DY BA AQ OB
ZD AC OC ZD ZC UQ HA FK MH KC WD QC MH DZ
BF NT BP OF HA SI KE QA KA NH EC WN HT CX
SU HZ CS RF QS CX DB SF SI KE FP (106)

We set up a combined frequency tally with letters to the

right and left of the reference letter shown:

K Q H H B . A . Q C
D O P . B . A F P
 E Q K Z O A F V . C . X S X
W Z Z . D . O Z Y Z B
K K . E . U C
S R O B . F . V C K P
. G . X
N M M . H . A A T Z
S S . IJ.
F . K . C E A E
. L .
S . M . H H
W . N . T H
D . O . B C F
F B . P . B
U A S . Q . C A S
. R . F
Q C . S . M Q I U F I
H N . T .
S E . U . Q
F . V . C
. W . D N
C C G . X .
D . Y .
H D D . Z . D D C

This particular message has no significant repeats.

Cipher GX DZ SQ DY BA AQ OB ZD AC
Plain .. ER ON ED AY EN TE RE ..

Note the first and last pair reversal.

It is necessary to take each set of these pair

equalities and establish the position of the four
letters with respect to each other. They must conform to
the above three rules for row, column, and rectangle.

The six different sets of pairs of know equalities are

set up:

1 2 3 4 5
er = DZ on = SQ ed = DY ay = BA en = AQ
------ ------- ------ ------- -------
E D R Z O S N Q E D Y Y A B E A N Q
D S D A A
R E D N O S Y B N E A
Z Z R Q Q N Q Q N

6
te = OB
-------
T O E B
O
E T O
B B E

The three possible relations of the letters are labeled

Vertical (v), Horizontal (h), Diagonal (d). Our object
is to combine the letters in each of the set of pairs.
Combine 1 and 3: E R D Z Y

1/v - 3/v 1/h - 3/h 1/d - 3/h

--------- --------- ---------
E E D Y R Z E D Y
D Z R
Y
R
Z

Combine 2 and 5: O N S Q E A

2/h - 5/d 2/d - 5/h 2/d - 5/d

--------- --------- ---------
O S N Q E A N Q S O
A E S O N Q
A E

Note that all the equalities hold for all letters.

Set number 6 combines only with the last combination: T

E O B N S Q A

2/d - 5/d - 6/v 2/d - 5/d - 6/d

---------------- ---------------
T S O T
S O N Q
A E A E B
B
N Q

which we now combine with 4:

2/d - 5/d - 6/d - 4/h

---------------------
S T O
Y A E B (rearranged and
N Q equalities hold)

only one combination of 1 and 3 will combine with the

above: S T O Y A B E D N Q Z R

1/d - 2/d - 3/h - 4/h - 5/d - 6/d

---------------------------------
S T O
Y A E B D
N Q
Z R

Arranged in a 5 X 5 square:

. . S T O
 D Y A B E
. . . . .
. . N . Q
R . . . Z

We see that O is in the keyword, the sequence NPQ

exists, the letters S T Y are in the keyword, and three
of the letters U V W X are in needed to fill the bottom
row.

----------
. . S T O| C
D Y A B E|
. . . . .|
. . N P Q|
R . . . Z| U V W X

With the exception of F G H I K L M which must in order

fill up the 3rd and 4th rows, the enciphering square is
found as:

C U S T O
D Y A B E
F G H I K
L M N P Q
R V W X Z

Our plaintext message starts off: YOUNG RECRUIT DRIVER

ONE DAY ENTERED STORE ROOM ....

SERIATED PLAYFAIR

Perhaps the best known variation of the Playfair system,

and one which adds greatly to its security, is called
the Seriated Playfair.

The plain text is written horizontally in two line

periodic groups as shown below in period six

C O M E Q U E N E E D H M E D I A T
I C K L Y W (X)E L P I M E L Y T O M

The vertical pairs are formed and enciphered by the

regular Playfair rules. Based on the keyword LOGARITHM,
the above message is enciphered:

L O G A R Cipher:
I T H M B N L B C S P Q Q C D C M H C F T R H
C D E F K C D F G X Z G C G Q T B F G W H G B
N P Q S U
V W X Y Z
we take the ciphertext off horizontally by the same
route by which the plain text was written in for
encipherment:

NLBCS PCDFG XZQQC DCMGC GQTBH CFTRH FGWHG B.

Solution of Seriated Playfair:

We assume a period of 4 - 10 which fits most of the

cases encountered. Of prime importance is determination
of the period. We test the various periods and eliminate
any test where we find a vertical pair consisting of two
appearances of the same letter.

If the message enciphered above is tested this way, in

all periods from 4 - 10, it will be found that period 6
is correct. All others will show a doubled vertical
pair.

Charles A. Leonard [PLAf] detailed a method to determine

impossible periods mathematically:

S2
------- = Q & R
S2 - S1

where: S2 - S1 = Period, Q = quotient, R = remainder

Substituting known S values in this formula and solving

for Q and R, a doubled vertical pair will occur in
period S2 - S1 in the following cases:

1. When Q is an odd number and R is greater than

zero;
2. When Q is an even number and R is zero.

Cipher letter position numbers in our message are:

A B C D E F G H I K L etc.
3 4 8 9 10 25 2
24 7 16 27 19 30
36 15 31 21 34
17 32
20 35
26

Period Letter S2 - S1 Q R Result

4 F 31 - 27 7 3 Eliminated-Case 1
5 C 20 - 15 4 0 Case 2
6 C 26 - 20 4 2 possible
7 H 34 - 30 Eliminate-last gp
8 D 16 - 8 2 0 Case 2
 9 C 26 - 17 2 8 possible
G 19 - 10 2 1 possible
H 34 - 25 3 7 Case 1
10 C 17 - 7 1 7 Case 1

When a periodic group S2 - S1 does not occur in message

the last group is inspected. If it is shorter than the
regular groups of the period being tested, a double
vertical pair may show at S2- S1 value equal to the
length of this final group. If so, eliminate.

The mono and digraphic frequency counts are made.

Plaintext high frequency digraphs and tetragraphs do not
carry their identity over into the cipher and are not
recognizable. Entry must be made with a probable word.
Patterns do carry over to the two line groups and will
repeat.

The placing of the probable word is important. Given a

cipher text slice with period 6 found using the Leonard
procedure:

HKILVP PBVBAA BHRPOU TBITFE UCEVZK

RNFTZU HZWVFR UDTKBD UIBYNS EXBZAR

and the probable phrase "is destined to", the word

destined could be in any of the following positions when
enciphered in period 6:

DESTIN .DESTI ..DEST ...DES ....DE

ED.... NED... INED.. TINED. STINED

The DE = ED reversal in all arrangements is noted and

found in the cipher text portion:

BHRPOU TBITFE UCEVZK

UDTKBD UIBYNS EXBZAR
.desti
ned..

adding the additional information:

BHRPOU TBITFE UCEVZK

UDTKBD UIBYNS EXBZAR
. sdesti
i nedto.

we develop several equations:

ed = IB
-I = UD, sn = TU, de = BI, ST = TY, to =FN, I- =ES

these translate to the following equalities:

1 2 3 4 5
SN = TU DE = BI ST = TY TO = FN I- = ES
------- ------- ------ ------- -------
S T N U D B E I S T Y T F O N I E - S
T B T F E
N S T E D B Y O T F - I E
U U N I I E N N O S S -

6 7
-I = UD ED = IB
------- -------
- U I D E I D B
U I
I - U D E I
D D I B B D

After some work (and with some assumptions to be tested

we develop a tentative square for the system:

1/d-2/d -3/h-4/v- 5/h -6/h

--------------------------
-
O U N
I E
D B
F S T Y

check:
TO=FN+ + = yes
SN=TU+
ST=TY+ letters left: A C E G H K
I-=ES -=t IT =ES L M P Q R V
DE=BI+ W X Z
ED=IB+
-I=UD+

from here we need to expand on the cipher text or choose

another probable word.

DELASTELLE SYSTEMS - FOURSQUARE CIPHER

The enigmatic Frenchman, Felix Delastelle created

several nasty but very interesting cipher systems.
We will discuss three of his systems. They are the
Foursquare, Bifid, and Trifid. [DELA]

The Four Square employs four 25-letter alphabets set up

in four 5 X 5 squares. The alphabets in the upper left
and lower right squares are straight alphabets sans J.

Plaintext letters are found in these two alphabets when

the message is enciphered. The opposite squares are used
for ciphertext.

Encipherment follows only one rule. The plaintext

letters are divided into pairs. The first letter is
found in square 1, 2nd in square three. The two cells
are thought of as opposite corners of diagonals of an
imaginary rectangle. The first cipher letter is found
in square 2 and the 2nd is found in square 4. The
operation continues until all letters are enciphered.

For example, given:

1 2
.....................
A B C D E . G R D L U
F G H I K . E Y F N V
L M N O P . O A H P W
Q R S T U . M B I Q X
V W X Y Z . T C K S Z
.....................
L I C N V . A B C D E
O T D P W . F G H I K
G H E Q X . L M N O P
A M F S Y . Q R S T U
R B K U Z . V W X Y Z
.....................
4 3

Plain CO ME QU IC KL YW EN EE DH EL PX
Cipher LE WI XA FN EX CU DX UV DP GX HZ

Decipherment, when keywords are known is the reverse.

Using GEOM(E)TRY and LOGARITHM squares for the following
cipher text:

Plain XF WX PO DY DG GN AH
Cipher SU PP LI ES AN DA MM

Identification of the Four Square

1. It is a substitution cipher.
2. It has an even number of letters.
3. Frequency count of 25 letters without J.
4. Doubled letters may occur eliminating a Playfair.
5. Long repeats occur at irregular intervals. Even
sequences are most frequent.
6. Few reversals in comparison to Playfair.

Peculiarities of the Four Square

1. A plaintext can be represented by itself in the

cipher.
2. Any ciphertext letter can be represented by five
letters.
3. Any given plaintext letter can be represented by five
ciphertext letters.
4. A cipher letter can represent itself or the other
letter of the pair.
5. Every cell frequency is known or can be calculated
because of the straight alphabets.
6. The fixed locations of the letters in squares 1 and 3
makes it possible to spot the location of probable
words which form a pattern when enciphered by the
Four Square.

Cell Frequencies

Bower and Meaker have derived the probabilities of the

normal ciphertext based on the normal distributions for
the straight alphabets in 1 and 3 based on 100
diagraphs. [BOWE]

1 2
.....................
A B C D E . 5 5 8 8 4
F G H I K . 2 1 4 5 2
L M N O P . 4 4 4 8 5
Q R S T U . 2 2 8 8 5
V W X Y Z . 1 1 1 2 1
.....................
4 5 8 5 5 . A B C D E
2 2 4 8 2 . F G H I K
4 2 4 8 5 . L M N O P
4 2 5 8 8 . Q R S T U
1 1 1 1 1 . V W X Y Z
.....................
4 3

The Four Square follows the normal distribution of

letters:

High
Letter E T A O N I R S H
Normal frequency 13 9 8 8 7 7 7 6 6

Normal 4-square freq.8 8 8 8 8 5 5 5 5 5

Square 2 cell 44 14 13 34 43 12 45 24 11 35
Square 4 cell 13 44 34 24 45 14 12 15 43 35

Medium Low
L D C U P F M W Y B G V K Q X Z
4 4 3 3 3 3 2 2 2 1 1 1 0 0 0 0

Square 2 cell = A
Square 4 cell = B

4 4 4 4 4 2 2 2 2 2 1 1 1 1 1
A=31 33 32 23 15 25 41 21 42 54 22 55 53 51 52
B=31 41 23 33 11 22 32 42 21 25 54 51 55 53 52

The figures represent row X column frequencies.

Bowers presents an interesting Four Square problem known

as the Stock Exchange Cipher. It supposedly is a message
to a broker. The investor sold 'rails' and probable
words such as Texas Eastern, Consolidated, and Columbia.
The message deciphered represents the process fairly
well:

UL RQ GW FO WQ CF PF FG EA GX LH DI OP MM LA LT
OF YQ CD HU GA LA FO EW EA VT YP QS UF WF RI CF
YQ QD LN QI WP YF OY MY AX FO WQ CF PF WF RC HQ
BT GW AQ SY QI WP GB BW HR WB EO EX GT LV PX OO
FO BQ HQ UM QS HE LT TM YM PN QI WP LB LO QO DP
SY BP QI YL LI MP DI OD NM UT ZH GT YM LQ HP HQ
QE IE XO MI.

Start with the frequency analysis:

2nd letter 1st letter

frequency frequency

5 E L G L E .A. X Q 2
3 L W G .B. T W Q P 4
1 R .C. F D F F 4
4 O O Q C .D. I P I 3
3 I Q H .E. A W A O X 5
10 W P C Y C W U O P C .F. O G O O O 5
1 F .G. W X A W B T T 7
2 Z L .H. U Q R Q E P Q 7
9 M D L Q Q Q Q R D .I. E 1
0 .K. 0
2 Y U .L. H A T A N V T B O I Q 11
6 Y N Y T U M .M. M Y P I 4
2 P L .N. M 1
8 X Q L F E F F F O. P F Y D D 5
9 H M B D W W W Y O P. F F X N 4
11H L H B A H W Y Y W R .Q. S D I I S I O I E 9
1 H .R. Q I C 3
2 Q Q .S. Y Y 2
7 G U L G B V L .T. M 1
1 H .U. L M F T 4
1 L .V. T 1
4 B G E G .W. Q F P Q F P B P 8
4 P E A G .X. O 1
4 S S M O .Y. Q P Q F M L M 7
0 .Z. H 1
100 100

Long Sequences Repeated Digraphs

FO WQ CF PE -2 FO-4 CF-3
QI WP -3 QI-4 HQ-3
WP-3

Compare to normal square frequencies:

1st letter
L Q W G H Y E F O B C M P U D R A S I N T V X Z K
Frequency square #2
119 8 7 7 7 5 5 5 4 4 4 4 4 3 3 2 2 1 1 1 1 1 1 0
Normal
88 8 8 8 5 5 5 5 5 4 4 4 4 4 2 2 2 2 2 1 1 1 1 1
Frequency square #4
11109 9 8 7 6 5 4 4 4 4 3 3 2 2 2 2 1 1 1 1 1 0 0
2nd letter
Q F I P O T M A D W X Y B E H L N S C G R U V K Z

Lets assume the word CONSOLIDATED.

Plain CO NS OL ID AT ED
Cipher LH DI OP MM LA LT
* * *

1 2
.....................
A B C D E . - - - L -
F G H I K . - - - M -
L M N O P . O - D - -
Q R S T U . - - - - -
V W X Y Z . - - - - -
.....................
- - - M T . A B C D E
- - - - - . F G H I K
- - H P - . L M N O P
A - I - - . Q R S T U
- - - - - . V W X Y Z
.....................
4 3

LM and HI imply that the keywords have been written in

vertically. Check against frequencies.

Square #2 Square #4
Cell 14 24 31 43 15 24 33 34 41 43
Norm 8 5 4 8 5 8 4 8 4 5
Cipher L M O D T M H P A I
Freq. 11 4 5 3 7 6 2 9 5 9

The check works. Additional plaintext found:

Cipher Plaintext
LI ct
MP io
MI ht
DP on

Insert the new values into the cipher.

Cipher QI WP LB LO QO DP SY BP QI YL LI MP DI OD NM
Plain ON CT IO NS
This might imply 'directions' or 'instructions'.

Since O is in the keyword for cipher square 2, the

letter after LM must be N P or Q.

>From our frequency chart:

N P Q R S T U
1 4 9 3 2 1 4

Tentatively, lets put P in cell 32 and Q in 34 giving us

the new ciphertext pair QI =ST; the QIWP is repeated
three times and might be the word STOP. We add to our
partially filled in matrix.

1 2
.....................
A B C D E . - - - L -
F G H I K . - - - M -
L M N O P . O - D P W
Q R S T U . - - - Q -
V W X Y Z . - - - - -
.....................
- - - M T . A B C D E
- - - - - . F G H I K
- - H P - . L M N O P
A - I - - . Q R S T U
- - - - - . V W X Y Z
.....................
4 3

So:

Cipher QI WP LB LO QO DP SY BP QI YL LI MP DI OD NM
Plain ST OP DI TI ON ST CT IO NS

Cell 53 of square 4 is K. QO =ti, LO = di.

>From here it is not a far stretch to fill in the blanks:

Cipher QI WP LB LO QO DP SY BP QI YL LI MP DI OD NM
Plain ST OP DI TI ON ST CT IO NS
ad al in ru

Back to the Four Square to place additional values.

1 2
.....................
A B C D E . S - - L -
F G H I K . - - B M -
L M N O P . O - D P W
 Q R S T U . - - F Q Y
V W X Y Z . - - - - Z
.....................
B - - M T . A B C D E
- - - - - . F G H I K
Y - H P - . L M N O P
A L I Q - . Q R S T U
- - K R - . V W X Y Z
.....................
4 3

A righteous guess would be STOCK and BUY AND SELL for

keywords. But we return to our analysis.

Cipher FO WQ CF PF FG EA GX LH DI OP MM LA LT
Plain th ou co ns ol id at ed
'F' in 13 nd
'G' in 23 sh
probable th ou sa nd sh ar es co ns ol id at ed

Putting these in confirm our guess as to the keywords:

1 2
.....................
A B C D E . S E G L U
F G H I K . T X B M V
L M N O P . O H D P W
Q R S T U . C A F Q Y
V W X Y Z . K N I R Z
.....................
B D F M T . A B C D E
U S G O V . F G H I K
Y E H P W . L M N O P
A L I Q X . Q R S T U
N C K R Z . V W X Y Z
.....................
4 3

Keywords= STOCK EXCHANGE; BUY AND SELL

Cipher starts off: UL RQ GW
Bu yt en

Observations

1. Nulls are not required as in Playfair.

2. Probable position of letters can be spotted
through cell frequency.
3. Probable words can be definitely placed if they
produce a pattern.

There is no reason why all the squares can not be mixed

for additional security. This destroys the frequency
distribution attack; but digraphic and longer repeats
will still show through to the ciphertext. The most
reliable attack on the Four Square is via a probable
word.
DELASTELLE SYSTEMS - BIFID CIPHER

Friedman, Bowers and Lewis discuss the intricacies of

the Bifid cipher. [FRE4], [BOWE], [MAST] You will find
many references to the Bifid cipher in the Cryptographic
Resources Section, many of them developed from ACA
materials. Dr. Linz (LEDGE) covers the BIFID in some
detail. [LEDG]

The Bifid and Trifid ciphers represent a new and tougher

breed of classical cipher - Fractionated Ciphers. The
process of fractionation, whereby the substitute unit is
1/2 or 1/3 or 1/part for each letter represents a more
involved problem for analysis that some of the ciphers
presented to date. What we do is combine substitution
and transposition processes to produce a clever mixed
cipher. Modern ciphers do the same thing many times
over (called rounds or S-Boxes in DES).

Method of Encipherment By Bifid

The secretive Delastelle designed the Bifid to use a

checkerboard square with 25 letters, sans J. We start
with a keyworded square:

1 2 3 4 5
1 M A N Y O
2 T H E R S
3 B C D F G
4 I K L P Q
5 U V W X Z

Key = MANY OTHERS

The encipherment process is periodic and the number of

letters in each group is usually an odd number. Even
Bifids are actually easier to solve than odd. We will
focus on the odd Bifid to illustrate the process. Period
lengths of 7, 9, 11, or 13 are those most frequently
employed.

Encipherment is a combination of substitution and

transposition which is best shown by example. We will
encipher the message COME QUICKLY WE NEED HELP in period
7.

Step 1: Period Length.

First divide the plaintext message into groups of 7

letters. Write the numerical equivalents for row and
column vertically under the plaintext letters.

C O M E Q U I C K L Y W E N E E D H E L P
Row 3 1 1 2 4 5 2 3 4 4 1 5 2 1 2 2 3 2 2 4 4
Col 2 5 1 3 5 1 1 2 2 3 4 3 3 3 3 3 3 2 3 3 4
Step 2: Horizontal Transposition and Take Off

The next step is a form of transposition, wherein the

numerical substitutes are taken off horizontally by
pairs. In each individual group this take-off continues,
without interruption, through the two rows of numbers.
The last number of the top row pairs with the first
number of the bottom row. The first number of each
horizontal pair indicates the row of a cipher letter and
the second number of the pair indicates the column of
that cipher letter.

Step 3:

Find the cipher letters in the square using the new row
X column coordinates.

Plain C O M E Q U I
Row 3 1 1 2 4 5 4
Col 2 5 1 3 5 1 1
Cipher B A Q K U G M

31 = B; 12 = A; 45 = Q; 42 = K; 51= U; 35 = G; 11 =M

The process might be more clear if we look at the

encipherment this way:

Row Column
C O M E Q U I C O M E Q U I
3 1 1 2 4 5 4 2 5 1 3 5 1 1
B A Q K U G M

We see that cipher 'B"' has the same row 3 as 'C' row
and 'B' column (1) has the same number as O row (1).
This reasoning holds for the second and third cipher
letters 'A' and 'Q'. The fourth cipher letter 'K' has
the same row (40 as plain 'I' and the same column number
(2) as plain 'C', which are the last and first letters
of the group. The fifth, sixth and seventh cipher
letters are derived the same way, except that we deal
with columns. The fifth cipher letter 'U', is the result
of 'U' row (5) and 'M' column (1).

Each cipher letter results from the some combination of

half values of the two plaintext letters. Due to this
characteristic, the Bifid (and Trifid with thirds) is
classified as Fractional Substitution.

Deciphering the Bifid with Known Elements:

Step 1: Fractionate the cipher letters into their row

and column components.

Step 2: Write into two rows horizontally of periodic

length.
Step 3: Write the numerical values into the two
horizontal rows below the fractionated letters.

Step 4: Recover Plain text letters vertically.

Cipher Fractionated Br Bc Ar Ac Qr Qc Kr
Kc Ur Uc Gr Gc Mr Mc
--------------------
Plaintext Row 3 1 1 2 4 5 4
Plaintext Column 2 5 1 3 5 1 1
Plaintext C O M E Q U I

Identification of the Bifid

1. It is a substitution cipher with substitution units =

to 1/2 of the cipher letter, represented by row or
column index.

2. Frequency count of 25 letters (J omitted) but not

more for 5 X 5 Bifid. MASTERTON describes a 6 X 6
Bifid with letters and symbols included. [LEWI]

3. Long repeats occur at irregular intervals.

4. Repeated patterns dependent upon the length of the

repeated sequence and the period, ex.:

AB .. D A .. CD
AB .. DE AB . CD

5. A frequency count will show a flat profile compared

to normal plaintext.

Peculiarities of the Bifid

1. When the cipher letters are set up in the correct

period a few 'naturals' will occur. A natural is the
term for a vertical cipher pair, arranged row-column
order, in which both components are the same letter.
When this happens the plaintext letter is revealed.
This is not true when the cipher letters are column-
row unless the letter happens to be one of the five
on the diagonal of the square running from 1-1 to
5-5.

For:
1 2 3 4 5
1 M A N Y O
2 T H E R S
3 B C D F G
4 I K L P Q
5 U V W X Z

Cipher Hr hc Ar Ac Hr
Hc Cr Cc Ar Ac
--------------
Plain H E A T H
*

The first plaintext letter H is a natural but the T on

the fourth is not. The great majority of naturals will
be high frequency plaintext letters. If low frequency
plaintext letters appear as naturals, it is almost a
certainty that the cipher message is set up in an
incorrect period.

2. Half-naturals occur quite frequently, when the cipher

is set up in the correct period. One of the letters
of the vertical pair, in row-column order, is the
same as the plaintext letter it represents.

Cipher Tr Tc Qr Qc Sr
Sc Wr Wc Er Ec
--------------
Plain S O L V E
* *

The probability that one of the letters in row-column

pair is a half-natural is 8 in 25, or 32% The
probability of a half-natural in column-row order (along
the diagonal) is 1/5 of 32% or 6.4% Half naturals are a
function of the expected appearances of the plain text
letter. For instance, in a cipher of 100 letters, we
find 10 'E's and 10 'Z's.

Cipher Letter E = 10 X 0.32 = 3.2 half-naturals

Cipher Letter Z = 10 X 0.32 = 3.2 half-naturals

but the E is 13 times more likely than the Z. So the E

is expected to appear 13 times in 100 letters so the 3-4
half-naturals is possible but the Z will occur only 1
time in 100, so we may expect no half-naturals.

3. Half-naturals are the Bifid's most vulnerable

feature because it plays a large part in spotting
probable words.

4. The Bifid, fractionated for decipherment, engenders

two separate and different alphabets. One applies to
odd numbered vertical pairs, found in the basic
square and the other applies to even vertical pairs
in each periodic group.

5. Repeated plaintext sequences produce patterns as long

as the repeat starts in the same relative location in
the group as of its first appearance.

Odd Even
1 3 5 7 2 4 6
Plain H O M E I S A A H O M E I S
2 1 1 2 4 2 1 1 2 1 1 2 4 2
 2 5 1 3 1 5 2 2 2 5 1 3 1 5
------------- -------------
Cipher T A K A U B V A M R H S N O

Odd Even
1 3 5 7 2 4 6
Plain G O H O M E N T H E H O M E
3 1 2 1 1 2 1 2 2 2 2 1 1 2
5 5 2 5 1 3 4 1 2 3 2 5 1 3
------------- -------------
Cipher B T A O V U F H H M A E S N

The spacing for repeated cipher letters varies for

different periods. For four letter repeats it is:

Odd Even
Period 5 T A . U M . S N
7 T A . . U M . . S N
9 T A . . . U M . . . S N
11 T A . . . . U M . . . . S N

Repeats of the other lengths generate their own

individual patterns. For period 7 these are:

Odd Even
3 letter repeats A . . . D U . . X
4 A B . . D U . . X Y
5 A B . . D E U V . X Y
6 A B C . D E U V . X Y Z

The search for repeated patterns is the first step to

finding the correct period for solution of the Bifid.
Patterns are formed by plaintext components which serve
to make up complete cipher pairs. It does not make any
difference what letters may be in other places of the
group, the same patterns will always show for the word
in question, whenever it is enciphered in the same
period. For example, for period 9:
Odd Even
1 3 5 7 9 2 4 6 8
Plain . . b i f i d . . . b i f i d . . .
. . 3 4 3 4 3 . . . 3 4 3 4 3 . . .
. . 1 1 4 1 3 . . . 1 1 4 1 3 . . .
----------------- -----------------
Cipher . F F . . . Y N . . L L . . M I . .

THE THREE SQUARE TECHNIQUE

There are two basic ways to cryptanalyze the Bifid. One

involves placing of a probable word after determination
of the correct period and manipulating the rows and
columns of the Bifid decipherment square until it is
fully recovered or the keyword is found. Friedman
discusses this method in detail. [FRE4] Bowers also
covers this approach but introduces the reader to a more
comfortable method for solution using the square itself
as a indicator of the letter indexes. Developed by
William A Lee (TONTO) in June, 1945, it uses three
squares to eliminate the requirement for numerical
indices.

The setup is as follows:

. . . . . . .
. E S C L V . Top Square
. N I D O W . Row used as
. T A F P X . Column
. H M G Q Y . Indicators
. U B K R Z .
. . . . . . . . . . . . .
. E S C L V . E N T H U .
Left Square . N I D O W . S I A M B . Basic Square
Column used . T A F P X . C D F G K . Normal
as row . H M G Q Y . L O P Q R . row and column
indicator . U B K R Z . V W X Y Z .
. . . . . . . . . . . . .

Rules for encipherment and decipherment under three

square approach

We are always starting with fractions of two letters and

searching for the single letter that it represents by
these half values.

For encipherment, pairs will be fractionated like this:

SrXr SrXc ScXc

For decipherment, the fractionated pairs will be:

SrXc ScXr

1. When one or both of the fractions is in the true

position in a pair, it/they are found in the Basic
Square.

SrXc - both in basic

SrXr S in basic
ScXc X in basic

2. When one of the fractional letters of the pair

indicates that its row designates a column of the
letter it is to represent, then it will be found in
the top square.

SrXr - X in top square

ScXr X in top square

3. When one of the fractional letters of the pair

indicates that its column designates the row of the
letter it is to represent, then it is found in the
left square.
 ScXc - S in left square
ScXr S in left square

Using the word SOLVE we visualize:

Sr Or Lr Vr Er
Sc Oc Lc Vc Ec

--- ---- -
S O L V E
- --- ----

SrOr - S row (basic); Orow as col (top),= M (basic)

LrVr -L row (basic); Vrow as col(top), = R "
ErSc -E row (basic); Scol (basic) = E "
OcLc- O col as row(left); L col (basic) = S "
VcEc - Vcol as row(left);E col(basic) = E "

The same rules apply in reverse when the vertical pairs

are fractionated and the plain text equivalents are
found at the intersections.

CHI-SQUARE

Karl Pearson's Chi-Square test, which we described

previously, was adapted by D. Morgan in 1946 to
determine the period of a Bifid. Excluding middle
letters, letters fall into one of two families, the row
and column. Chi-Square tests the dissimilarity of
probable groups of different lengths. The periodic
length for which the difference is the greatest
represents the correct period. We calculate D**2/S,
where S equals the sum of the appearances in both row
and column families of any letter. D equals the
difference between the family appearances of any letter.

When D**2/S is calculated for every letter, these values

are summed and their sum is the Chi-Square value for
period under consideration.
If we were to find the following:

Period Chi-Square
5 19.2
7 19.4
9 28.0
11 12.0

Our choice would be period 9. Morgan's article in the

JJ 1946 Cryptogram details the procedure. [BIF3]

Lets try to solve an Odd period Bifid.

Given: The Master Spy Cipher - Concerning espionage,

and the man who was Hitler's Chief of Intelligence
during WWII.

FRIEN ILOSV FDYAE MWDAH IALTN IBLVY EQATP TNTTI

XLPNP HIVIR TDZKK LVNDE ASBTI CWDNH YLZZK LOEPE
ARFSI VHILT ZRKRS ENTWE ONXEN CITOI VRPMP ENLEY
FQTLK HZHIN IPKHT TLBDT TPBOZ OTKTD SBTLF TLRIW
YIHKV DZPXT FIIZ.

Inspection of this message reveals a repeat in the form

of A B . . . C D. This 5 letter repeat at the odd
position is in period 9. The fractionated cipher letters
would be located as shown, depending on the starting
position.

1st position 3rd position 5th position

K K L L . . . . . . . K K L L . . . . . . . K K L L .
. E E A A . . . . . . . E E A A . . . . . . . E E A A
x x x x x x x x x x x x x x x

The first appearance of the repeat starts at letter 55

and the second at the letter 75.

55 / 9 = 6 plus 1
75 / 9 = 8 plus 3

Hence in period 9, the first repeat starts in group 7,

position 1 and the second in group 9, position 5.

We accept the period and rewrite the ciphertext. Using

the skip hit form of the three square, eliminate the
even vertical pairs, recognizing that they are column -
row pairs and that they may be visualized as a diagonal
from the top letter to next bottom letter in the two
rows.

F R I E N | V F D Y A | A H I A L |
N I L O S | A E M W D | L T N I B |

L V Y E Q | N T T I X | H I V I R |
Q A T P T | X L P N P | R T D Z K |

K L V N D | T I C W D | Z Z K L O |
D E A S B | D N H Y L | O E P E A |

R F S I V | Z R K R S | E O N X E |
V H I L T | S E N T W | E N C I T |

O I V R P | L E Y F Q | Z H I N I |
P M P E N | Q T L K H | I P K H T |

T L B D T | Z O T K T | L F T L R |
T T P B O | T D S B T | R I W Y I |
 H K V D Z | I I
Z P X T F | I Z .

We have four naturals present: E-T-T-I.

We know from the pattern repeat that:

K L Vr and K L Or
Dc E A Pc E A
---------- ---------

represent the same five plaintext letters, so D and P

are co-column and V and O are co-row. we start the
recovery of the basic square.

D . . . .
P . . . .
. V O . .
. . . . .
. . . . .

we test the probable word ESPIONAGE.

Locations E S P I O N A G E
1-4 x x x
2-3 x x
5-7 x x
6-4 x x
9-3 x x x ***
10-4 x x
10-9 x x
12-1 x x
12-9 x x

Z K L O | R F
E P E A | V H
---------------------
E S P I O N A G E
* * *

3 half-naturals!

5 letter repeat: P I O N A and 3 half-naturals. Wow.

Good hit.

Compare to location 6-8 (group and position):

I R | K L V N
Z K | D E A S
--------------------
E S P I O N A G E

Combine both into one three square diagram:

. - - - - - .
. H - - L - .
. P E R O - .
 . I Z S V - .
. K N G A - . - - - D -
. . . . . . . . . . . . .
. - - R L I . E - Z N - .
. - - - - N . O L V - - . A - - - -
. - - V Z G . S R G - - .
. - E S O K . K I - - - . - P H - -
. - - - - - . - - - - - .
- - - - - - D - - -
- - - P D
- - - - H
- - - - A

When filling in the squares, we start with the even

numbered pairs to fill in the left and top squares
quickly. We then write in the known odd pairs. we write
the odd pairs into unallocated rows and columns and then
consolidate them.

Plaintext can be recovered which leads to new ciphertext

square letters being recovered. The phrase FOR NINE
YEARS at Groups 1 and 2; The Name HITLER in groups
17 and 18; the phrase FOR HITLERS THIRD REICH in groups
10-11-12.

Placed in our squares:

Y D Q C X .
. H T F L M .
. P E R O U . Master
. I Z S V B . Spy
. K N G A W .
. . . . . . . . . . . . .
. W T R L I . E T Z N D .
. B C H F N . O L V C A .
. U Y V Z G . S R G F Q .
. X E S O K . K I Y H P .
. M Q A P D . X W U B M .

The entire message can be read. The letters which fall

on the diagonal are known because they are repeated in
the left square in the same long row and in the top
square in the same long column. These letters can be
shifted along the diagonal, but cannot be moved away
from it. Doing so we have the enciphering square and the
true transposition that generated it.

C A L V O
B M W U X
N D T Z E
F Q R G S
 H P I Y K

from:

C O U N T E R S P Y
A B - D - F G H I K
L M - - - Q - - - -
V W X - Z

The complete message reads:

F R I E N|V F D Y A|A H I A L
N I L O S|A E M W D|L T N I B
----------------------------------------------------
f o r n i n e y e a r s a d m i r a l w i l h i l m c

L V Y E Q|N T T I X|H I V I R
Q A T P T|X L P N P|R T D Z K
-----------------------------------------------------
a n a r i s d i r e c t e d t h e m i l i t a r y e s

K L V N D|T I C W D|Z Z K L O
D E A S B|D N H Y L|O E P E A
-----------------------------------------------------
p i o n a g e a n d t h e c o u n t e r e s p i o n a

R F S I V|Z R K R S|E O N X E
V H I L T|S E N T W|E N C I T
-----------------------------------------------------
g e f o r h i t l e r s t h i r d r e i c h n o w i t
O I V R P|L E Y F Q|Z H I N I
P M P E N|Q T L K H|I P K H T
-----------------------------------------------------
a p p e a r s t h a t t h e s s o f t g p o k e n l i

T L B D T|Z O T K T|L F T L R
T T P B O|T D S B T|R I W Y I
-----------------------------------------------------
t t l e m a n b e t r a y e d h i t l e r a t e v e r

H K V D Z|I I
Z P X T F|I Z
-----------------------
y o p p o r t u n i t y

The Even period Bifid is covered in copious detail in

Bowers. [BOWE]

DELASTELLE SYSTEMS - TRIFID CIPHER

Both Bowers and Linz covers the Trifid in detail. [BOW2]

[LEDG] Bowers covers the Trifid in detail. Topics
include Keyword Block recovery, periodic group
structure, Trifid patterns, pattern uncertainty,
tetragraphic patterns and part naturals.

We know that P = n**r represents the permutations with

repetitions, n = number of different things, r = number
of things used at a time. The normal Bifid square shown
below, thought of as a 5 X 5 block with external
coordinates.

1 2 3 4 5
1 B I F D A
2 L P H E T
3 C G K M N
4 O Q R S U
5 V W X Y Z

But 5 x 5 block is also 5 x 5 = n**2, the right hand

portion of the formula. Look at it a new way:

r=2
-----------------------------------------------------
Row 1 2 3 4 5
Col 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
B I F D A L P H E T C G K M N O Q R S U V W X Y Z
-----------------------------------------------------
P = 25

In the case of the Trifid, the block takes the same form
with an additional dimension.

r=3
-------------------------------------------------------
1 1 2 3
2 1 2 3 1 2 3 1 2 3
3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3
T R I F D A L P H B E C G J K M N O Q S U V W X Y Z #
-------------------------------------------------------
P = 27

I like to work with compact matrices so here is another

way to show the structure in three directions:

2nd Comp

1 1 1 2 2 2 3 3 3
-----------------
1 T R I F D A L P H
1st Comp 2 B E C G J K M N O
3 Q S U V W X Y Z #
-----------------
1 2 3 1 2 3 1 2 3

3rd Comp

For the purpose of this lecture, the Trifid setup will

be shown as a 27 X 3 block containing all possible
changes in order of the three numbers 1-2-3, taken three
at a time and arranged in ascending order. The numbers
within the block, when read vertically, serve as
components of the letters of the alphabet which is
added, externally, to the block. So:

Comp
| T R I F D A L P H B E C G J K M N O Q S U V W X Y Z #
| -----------------------------------------------------
1|1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 3
2|1 1 1 2 2 2 3 3 3 1 1 1 2 2 2 3 3 3 1 1 1 2 2 2 3 3 3
3|1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3
------------------------------------------------------

The fact that 27 letters are required for the Trifid is

a weak feature of the system. we can use a ZA and ZB to
represent the 27 letter and the true Z respectively.
A scrambled alphabet is always used to prevent some
letters being represented all the time by the same
combination. Based on keyword COUNTERSPY:

1 2 3 4 5 6 7 8 9 10
-------------------
C O U N T E R S P Y
A B D F G H I J K L
M Q V W X Z #
-------------------

The letters are taken off vertically in order of

columns. We set up two tables:

Deciphering Table

C A M O B Q U D V N F W T G X E H Z R I # S J P K Y L
-----------------------------------------------------
|1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 3|
|1 1 1 2 2 2 3 3 3 1 1 1 2 2 2 3 3 3 1 1 1 2 2 2 3 3 3|
|1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3|
------------------------------------------------------

Enciphering Table

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #
-----------------------------------------------------
|1 1 1 1 2 2 2 2 3 3 3 3 1 2 1 3 1 3 3 2 1 1 2 2 3 2 3|
|1 2 1 3 3 1 2 3 1 2 3 3 1 1 2 2 2 1 2 2 3 3 1 2 3 3 1|
|2 2 1 2 1 2 2 2 2 2 1 3 3 1 1 3 3 1 1 1 1 3 3 3 2 3 3|
------------------------------------------------------

Method of Encipherment

Encipherment follows the same general pattern as the

Bifid. the plaintext is divided into groups of a chosen
periodic length and the numerical components are written
vertically below each letter. Periods of multiples of
3+1 are popular such 7 -10- 13 , with 10 being the most
popular. For example, with period = 10:

Plain C O M E Q U I C K L|Y I N E E D H E L P
-------------------|-------------------
1 1 1.2 1 1.3 1 3.3|3 3 2.2 2 1.2 2 3.3
1 2.1 3 2.3 1 1.3 3|3 1.1 3 3.3 3 3.3 2
1.1 3 1.3 1 2.1 1 3|2.2 1 1.1 2 2.1 3 3
---------------------------------------
Cipher C N # I D R K U I M|Y T X K V L J N B V

The first letter C is represented by vertical 111; plain

O by 121; M by 113; etc.

The first cipher letter C is derived by the horizontal

take off 111. The dot represents the break between
trigraphic units. Note that the C is derived from the
1st three components from COM. The fourth cipher letter
I derives from the first component of the tenth letter L
and the 2nd 2 components of CO. We go to the end of the
row and back to the first letter on the second row, to
the end and drop down to the third row first letter.

Decipherment

The decipherment process reverses that of encipherment,

in that the numerical components of the cipher letters
are written horizontally in three rows of periodic
length and are then read vertically to produce the
plaintext.
Identification of the Trifid

1. It is a substitution (fractionated) cipher with 27

letters.

2. If long repeats occur, they will be at irregular

intervals.

3. Repeated patterns will occur:

for period 10:

6 letters A D . . C . . B . .
5 letters A . . . C . . B . .
4 letters A . . . . . . B . .

Peculiarities of the Trifid

1. Naturals, similar to those of the Bifid, are

extremely rare.

2. Each plaintext letter can be represented by 729 (**3)

different arrangements of fractions of itself and
other letters.

3. The table of numerical components is inflexible. Any

given digit - 1 - 2 -3 must appear 1st, 2nd, and 3rd
component for nine letters - no more, no less.
4. Not more than three letters can have the same two
components identical; and for these three letters the
other component must be a different figure in each
case. This is a good rule for cryptanalysis.

5. Repeated plaintext sequences produce patterns that

are recognizable. Bower devotes a substantial chapter
to this rule. [BOWE] The surest way to determine
the period is through repeat patterns.

6. Repeated cipher patterns do not always represent the

same plaintext letters. The period is key.

SOLUTION OF A TRIFID WHEN PLAINTEXT WORDS ARE GIVEN

Solution of a Trifid cipher requires that the individual

trio of numerical components having the correct
arrangement of the components must be determined for
each letter of the alphabet. Sacco advises that a
probable word is essential. [SACC]

Given: Trifid, "The first" starts message and repeats at

RQOTUILR.

HRNGQ SSXDI TSIZB BZBZB TUPRE IMQYS

BJPKV RQOTU ILRSI MKZBI RUXPS OGWQQ
FMKIC ISXOY BSFVP HGHLZ AOQEU CRMNJ
BZBVO LCUJB AZBGL FVUDH AMYHK VMRGZ
BRTID XUJQN IZBIL CUFSF FHDJZ BHSCM
KECEF QOMKY PNSSV GHFSB BBOUJ SQAXX
DWJMU ZBBTX HHRHV ZAZBB PTEGY NHZBI
BRWNO VODZA TAJVL KKIVZ A.

The triple repetition of ZB, in groups of three and

four. So set ZB = # and ZA = Z. We place the tip and
repeat.

HRNGQ SSXDI TSI# B## TUPRE IMQYS BJPKV

thefi rst

KVRQO TUILR SIMK# IRUXP SOGWQ

the first

We see a 6 letter repeat in period 10:

Letter 12: S I # B # # T U P
Letter 41: S I M K # I R U X
* * * *

We accept the period as 10 and set up the message as

such.

An accepted method of setting-up a Trifid for solution

is to write the cipher message on quadrille paper
leaving a minimum of five blank rows between the lines
of letters. These are written horizontally in continuous
order, limiting the number of letters in each row to a
multiple of the periodic length.
HRNGQSSXDI TSI#B##TUP REIMQYSBJP
---------- ---------- ----------
---------- ---------- ----------
---------- ---------- ----------
thefirst
---------- ---------- ----------
KVRQOTUILR SIMK#IRUXP SOGWQQFMKI
---------- ---------- ----------
---------- ---------- ----------
---------- ---------- ----------
thefirst
---------- ---------- ----------

We now fractionate the letters that we know to be

present and then set-up chains of equivalents. Like
Bifid, having two separate alphabets to contend with,
the Trifid has three separate alphabets to recovery
piece by piece. We must tabulate our known values.

The fractionated plaintext letters are to be vertically

aligned and the fractionated cipher letters must be in
horizontal alignment.

T1 H1 E1 F1 I1 R1 S1 T1 . .
T2 H2 E2 F2 I2 R2 S2 T2 . .
T3 H3 E3 F3 I3 R3 S3 T3 . .

H1 H2 H3 R1 R2 R3 N1 N2 . .
G2 G3 Q1 Q2 Q3 S1 S2 S3 . .
S3 X1 X2 X3 D1 D2 D3 I1 . .

. . K3 V1 V2 V3 R1 R2 R3 Q1
. . O1 O2 O3 T1 T2 T3 U1 U2
. . I2 I3 L1 L2 L3 R1 R2 R3

Set Chain of Equivalents

(a) T1 H1 K3 N2 Q1 Q2 F2 E2 O3 H2 V1 G3 O2

(b) T2 G2 O1 S3 U2 Q3 I2 T3 I1 R3 R2 R1 D2 S1 D3
N1 F1 V3

(c) H3 X1 I3 E1 V2 D1 L3

(d) E3 X2 L1

(e) F3 X3 L2
(f) S2 U1

All the above fractions are equivalent to each other.

There are six separate sets of equivalents, which means
three are duplicates and equal to each other. Set (a)
and (b) are not equal. The latter contains R1 R2 R3 and
Q3 ; while (a) contains Q2 Q3. If both sets were equal
to each other they would violate the rule governing the
same identical numerical components, an impossible
condition. We can give both sets numerical values of 1
and 2 arbitrarily, then check the assignment as we fill
in the holes.

Enciphering Table

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #
------------------------------------------------------
2 1 2 2 2 1 2 2 1 1
2 1 1 2 1 2 1 1 1 2 2 2
2 1 1 1 2 2 2 2 2
------------------------------------------------------

Having established a few values, set (c) cannot have

the value 1 because rule 4 for E1 and V1. Also it cannot
have the value 2 because of a conflict with the letter D
=222 which is already in use by T.

We set (c) with a value of 3 and add the fractions to

our table.

Enciphering Table

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #
------------------------------------------------------
3 3 2 1 2 2 2 1 2 2 1 3 1 3
2 1 1 2 1 2 1 1 1 2 3 2 2 3
2 1 3 3 1 3 1 2 2 2 2 2
------------------------------------------------------

Further determinations are possible:

O = 211 , F is 212 or 213

N is 212 or 213

Rule 4 prevents S2 to be 1 since FNO are 21.

S2 cannot be 2 because it conflicts with R ; S2 =3.

So the (f) takes on the value 3 and U1 = 3; F3 = 2 or 3;

D = 322 implies that U3 = 1 or 3. We set a decipher
table with known and derived values. Letters are added
externally.
 Deciphering Table

Q H T V O R I S D
-----------------------------------------------------
|1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 3|
|1 1 1 2 2 2 3 3 3 1 1 1 2 2 2 3 3 3 1 1 1 2 2 2 3 3 3|
|1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3|
------------------------------------------------------
? G F F G E E E G
N N U U

We substitute know values in the message and recover

more plain text.

Group 12 and 13 gives us the word RIVERS, which yields

some new values.

L = 123 E = 311
F = 212 U = 323
N = 213 X = 3?2

Additional values are added to both tables.

Deciphering Table

Q H T L V O F N R I S E D U
-----------------------------------------------------
|1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 3|
|1 1 1 2 2 2 3 3 3 1 1 1 2 2 2 3 3 3 1 1 1 2 2 2 3 3 3|
|1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3|
------------------------------------------------------
? G G X G X

Enciphering Table

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #
------------------------------------------------------
3 3 2 1 2 1 2 2 1 2 2 1 3 1 3
2 1 1 2 1 2 2 1 1 1 2 3 2 2 3
2 1 2 1 3 3 1 3 3 1 2 2 2 2 3 2 2
------------------------------------------------------

We next look for the trigram THE. We hit a possible

bonanza with groups 6,7, 9,11, 14, 17, 19, 21:

We are looking for the 1 1 3 components.

2 1 1
2 3 1
-----
t h e
Group 7 tends to be the clincher with the words THE
DIFFERENCE. We accept new values of B=131, C=332, P=
3??, Y=121 and W=1??. The word BETWEEN is logical for
group 8. When placed we find G=321, P=313, W=133, Z=111.
Only a few letter components are unknown and they fall
when the known values are placed in the quadrille.

Deciphering Table

Z Q H Y T L B V W O F N # R I K S J E X P G D U M C A
-----------------------------------------------------
|1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 3|
|1 1 1 2 2 2 3 3 3 1 1 1 2 2 2 3 3 3 1 1 1 2 2 2 3 3 3|
|1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3 1 2 3|
------------------------------------------------------
? G G X G X

Enciphering Table

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #
------------------------------------------------------
3 1 3 3 3 2 3 1 2 2 2 1 3 2 2 3 1 2 2 1 3 1 1 3 1 1 2
3 3 3 2 1 1 2 1 2 3 3 2 3 1 1 1 1 2 3 2 2 3 3 1 2 1 2
3 1 2 2 1 2 1 3 3 3 1 3 1 3 1 3 2 2 2 2 3 2 3 2 1 1 1
------------------------------------------------------

The first part of our message in detail reads:

HRNGQSSXDI TSI#B##TUP REIMQYSBJP

1132222133 1222322232 2223112233
2111223223 2113122122 3111212123
2312322223 1122323313 2131233313
thefirstda yofspringi sonethinga

The full message reads:

The first day of spring is one thing and the first

spring day is another. The difference between them is
sometimes as great as a month period. It is with rivers
as it is with people, the greatest are not always the
most agreeable nor the best to live with. Henry Van
Dyke.

Keyword Recovery

A little inspection of the letters reveals that the take

off method is reverse and decimates as follows:

A C M U D G P X E J S K I R # N F O W V B L T Y H Q Z
 we see:

V -- W -- X -- Z

-DV -FW - GX -HZ - I#

F G B C H I
O P and L M and Q R
W X T U Z #

which yields:

V A N D Y K
B C F G H I
L M O P Q R
T U W X Z #

and finally;

6 1 5 2 7 4 3
V A N D Y K E
B C F G H I J
L M O P Q R S
T U W X Z #

So we have just a small glimpse at the Trifid. Read Linz

and Bowers for a significantly better picture of this
cipher. There are whole issues surrounding period, part-
naturals, patterns and tetragraphic equivalents. [LEDG],
[BOWE]. The Resources section has many ACA articles
regarding the Trifid. Lastly, the reprints of three of
Delastelle's books are the most interesting (in French)
pertaining to the Trifid. Delastelle did not consider
the 27th letter an issue. (Maybe in French it was not.)
[DELA], [DEL1], [DEL2]
LECTURE 16 ANSWERS

1. Complete columnar transposition.

WKAII GLFGA TEYHN ONSOH LGIRI IAAIR LGAMO

IMHSF IDFGW NNEYH NEFNH SLNSE THS. (63)

ANS: ENGRAVE; A MAN WHO THINKS HE'S REALLY FLYING

HIGH IS IN DANGER OF MELTING OFF HIS WINGS.

2. Nihilist transposition.

UCTEO UAMAA LTDMI SUDDS SISNU OLNNH AALTA

EYELB NEANU NRAPH SNENX ESTAE ASJH.
ANS: 16384257; UNUSUAL PUNISHMENT ..

3. Incomplete columnar

IENOR RENHR NAITI ETTEC FCOIP TREYA RCHTH

SPOAL YONCW SNARL TEESN TOYEL ERSOL UAIOE
VEPOR LNRTS HIMIM E. (relatively)

ANS: 64287153; SHALL I CONTINUE WITH ..

4. Myszkowski. Battlefield.

YIITU HSATS OIRLF TSTFD NCUAW WGSUS NYATO

EBEHR GIPNP OUSOM ELEPO YOONR AYOIO URTES
UTNAA ILWIR EAEAN RAADP E.

ANS: APPETITE ; ....

5. Amsco.

HENTI DAHOS CLOSN PRNSA FENTT TIOAM LROTE RTLEI

ANCSC RCISO EMGRI YOUIT EMTAC AIAME ILIVI SPAEW
 AMIFA. (propaganda)

ANS: 4162375; MOST VIOLENT ANTISEMITE..

6. Tramp.

CGHES NOONE NAETT SHTIA NEQCB AWRSI LTAOH

OAUEY OCENA TOMRT HAEFO ROEAU PLNSD STHIG.
(QCTCLYAPMQQ)

ANS: CAN YOU PLACE EIGHT QUEENS .

7. Cadenus.

IRHRC GRETR ESDEE OFOWN ETLNS EOTIG IMNEI

TSONH LTIID DVLTS NIADS LSRAM TSORU HSCNE
DNIHU EAGCD IGIRS WSLSH BITNI IHNNH DNICD
ACGEV NGOEL YBADY OALOS. (circles)

ANS: ANDES; IN FLIGHT THE CONDOR

8. Railfence.

TOEYC SOEFO MSAHH RMOYU LDTAC LATYA LFLME

EBGOP VIPRV IEEVS ALUDO WTGIG THILL CONT.

ANS: TELEVISED FOOTBALL GAMES ..

9. Redefence. Astronomic improbability.

tip = THE MOON TO

REOEN IOFGS AITWE UMTBA PITNP ACOUH OTICN

SAGFP TRLEE HTREN MROOH LEORN SIVSE ONTAC
SRSEL TUERS HDTRO AGYAH TRAON LE.

ANS: 6 - RAILS; THERE ARE NO ATMOSPHERIC

10. Turning grille.

TIP = the most serious and; NQEJPGUU

STTAH IRNED GSERL GEOGM AETON ENBIE DOTNH

EAEOS MSTFI LSOCI OEHST SNIER CNTEN SHTEC
SOIOS LHOAU SUSIS EANWA TMNER BOECD OSKRC
MSILT EONMB TLAEA CTNID DIEKD OFNMF AXVEF
ESEU.

ANS: THE LEGEND OF LOCH NESS HAS

11. Swagman. Agreeable toil.

NNWTI HYORS TEKKR IENII VNLSN LOTOO SLAVT

RETSI ROSIM KSCFR SEEAO OMTAC HETTI IWEVO
RHEII N.

ANS: WORK IS NOT IRKSOME WHEN I ..

LECTURE 17 PROBLEMS

17-1 Headline Puzzle

Paul Derthick's HEADLINE PUZZLE . by Larry Gray

The following are all headlines from a recent daily

newspaper. Each of the five is a different mono -
alphabetic substitution, and all five are derived from
the same mixed alphabet at different settings against
itself.

1. PXYWFXKLJE DFYMJYV VGHKJ `DFYM-US' GF ZYFGJVG

PJEJYHW VLXGEFDS;

2. JUBHFGO EUHKEOF HR WEUDBGO, FHSJF DKD RO ZGI YRE

FUNROI HUED;

3. NEZZY AEZYVKU AEVP NFUVLKY LR ALVVKU JLBPV ECKU

AWGBKV;

4. ZEHCGOL LZCCOMMSS WEMSAQ MZALD AFB AZFMS MZ DZBZA

MDZAGS;

5. PTQQU WQRKWCQBSD WQEKLLQUBX BZOKWEQ MKW ENJWSQX JUB

BZ

In case you'd like to confirm your solution of this

example, but not be influenced by seeing the answers
beforehand, the setting, key and hat are provided here
in a Caesar cipher, offset by 6.

Setting = GTURK Key = MKIQU Hat = INGSKRKUT

17-2 Playfair. While Rome Burns. BARRISTER: ON44:CE17

Tip= "ers are"
OCMAF ZDAPZ BYPGY BOKYT BYVMT AVIBY PVGPP RBCFH
XEAPI VTCPV VBKGV MEWCB IEGMQ PPBOL ENRHZ MRFSC
DRNAI ZEITN SUNA.

TWO HINTS: The title is significant and does not follow

LANAKI's Red Herring rule and look for naturals such as
PO = QP or OPQ. A Natural is a cipher digraph not in
the keyword whose letters because of the standard
alphabetical relationships stay in the natural
alphabetical order in the cipher square.

17-3 Foursquare 'anasonly' ZEMBIE

UB XB MS SF SQ MS TH DE UB HM GL NL BW GB LW NQ NF UB FM
QH EM BW BI GT LD UQ IG WM CF TQ ET CT NF IP LS UQ FK UH
IZ UQ YF TN XP NS FF UV HV NF HI CE NQ UO UQ GK ET HT ND
PV BI BE ND BD YM DE LX UB GA CX ET XT DE PE NL BF PY IQ
NG QW IS NC CK XB TF GK ED LA EL LE RW MI EX SF MS UP XQ
NF EV FF BI KK NA MX.
17-4 Short Bifid. Clue - DIAMONDS is there somewhere and
the text talks about them being HIDDEN. Period = 7.

ETIALIG LDMNITV NFEMISI EEIDGEI

HPCEDUT PINOFLW INDLEEK
SPECIAL NOTE RE: DIOPHANTINE EQUATIONS

For some time now, Dr. Michael Anshel of CCNY and I have been
following the development of crypto from some early roots.
Here are short excerpts from our correspondence. Jump in if
you can help us:

==============================================================

>From Michael to LANAKI:

Let me thank you for your very detailed answer. John

Wallis was involved in solving certain diophantine problems
particularly the Fermat-Pell equation, which in turn led to the
study on continued fractions, and ultimately to the study of
automatic sequences which are of interest to contemporary
cryptographers. Were these very gifted 17th century
cryptographers aware of this possibility? - Michael Anshel.

===========================================================

To Michael from LANAKI:

In RE WALLIS:

"Arithimetica Infinitorium" and Opera mathematica (Oxoniae,

1699), III 674,687,688,693 and 695 give solutions to
nomenclators based on pre-calculus theory. Wallis' "Letter-
Book" gives some of his important papers (Smith op cit, p32,
p499)

Samuel Pepys Notes, Sir Christopher Wren's Discourses, Mr.

Robert Hookes' Diary, and Dr. William Holder's notes all praise
his mathematical ability and scholarly side but seem to put
Wallis as a "extremely greedy of glorie, steales feathers from
other to adorne his own cap." They do not give us a clue as to
what Wallis might have in his hip pocket regarding diophantine
problems.

In RE DIOPHANTINE EQUATIONS:
I did find some interesting references on this subject in my
library.

>From the Seminaire de Theorie des Nombres, Paris 1980-81,

Marie-Jose Bertin, ed.:

1) C. L. Stewart, "On some Diophantine Equations and Related

Linear Recurrence Sequences." Univ. of Waterloo,
Ontario, Canada.

2) R. Tijdeman, "Exponential Diophantine Equations" Proc.

Intern. Congress Math., Helsinki (1978) p381-387.

3) T. N Shorey et al., "Applications of the Gel'fond-Baker

method to Diophantine equations, Transcendence Theory;
Advances and Applications," Academic Press, 1977.

plus 13 lesser references p321.ff. and,

>From the Seminaire de Theorie des Nombres, Paris 1984-85,

Catherine Goldstein, ed.: Serge Lang {in FRENCH}: "Varietes
Hyperboliques et Analyse Diophantienne," Univ of California,
Berkley, 1986.

4) Kobayashi et T. Ochiai, "Meromorphic mappings into compact

complex spaces of general type," Invent. Math. 31 (1975), 7-
16.

5) S. Lang. - "Hyperbolic and Diophantine analysis,

aparaitre," Bull. AMS, 1986.

6) D. Riebensehl, "Hyperbolische Komplex Raume und die

Vermutung von Mordell," Math Ann. 257, (1981), 99-110.

plus 19 ancillary references.

=========================================

Further To Michael after intervening letters:

I have continued my search and found additional links in

history to answer your question:

DIOPHANTUS

Diophantus of Alexandria (ca. 250) wrote three works that

influenced greatly the later European number theorists.
"Arithmetica", (6 out of 13 extant), "On Polygonal Numbers",
(fragments survived), and "Porisms" which was lost.
Translations of Arithmetica were made first by Xylander in 1575
[aka Dr. Wilhelm Holtzman at the Univ. Heidelberg] and then by
Frenchman Bachet de Meziriac in 1621. A second carelessly
printed edition in 1670 became historically important because
it contained Fermat's famous marginal notes which stimulated
extensive number theory research. Indeterminate algebraic
problems where one must find only the rational solutions were
named after him. Modern usage implies the restriction to
integers. Diophantus did not originate problems of this sort
but did originate the algebraic notation in the form of
stenographic abbreviations.

FERMAT

Fermat (1601 -1665), of his varied contributions to

mathematics, the most outstanding is the founding of the modern
theory of numbers. He possessed nothing less than
extraordinary intuition. Many of his contributions appear as
marginal notes in Bachet's translation, including his last
theorem that n>2 there do not exist positive integers x,y,z
such that x**n +y**n = z**n. Fermat's famous "little theorem"
regarding primes was dictated to Frenicle de Bessey, dated Oct.
18, 1640. It was not proved until 1736 by Euler. By 1770,
Fermats theorems on prime numbers were proved by Euler and
Lagrange.

Gauss conjectured the prime number theorem (distribution of

primes) from both Fermat and Eulers work. J. H Rabin in 1659
published extensive factor tables for numbers up to 24,000 and
in 1668 John Pell of England extended the table up to 100,000.

WALLIS

Wallis (1616-1703) was Newtons predecessor. His work with

conics in "Arithmetica Infinatorum" was hailed for more than a
century. His "De algebra tractatus, historicus & practicus",
written in 1673 and published in 1685 was a serious attempt at
the history of mathematics in England. Wallis edited parts of
famous Greek mathematicians works for the Royal Society - one
of which was our friend Diophantus. His contributions to the
theory of integration are historic.

BARROW

Isaac Barrow ( 1630 - 1677) used Wallis' work to develop the

theory of differentiation. He published his work in "Lectiones
Opticae et geometricae." Wallis was a reviewer.

Newton (1642 - 1727) read Euclid's "Elements", Descartes' "La

Geometrie", Oughtred's "Clavis", works by Kepler and Viete and
the famous "Arithmetica infinitorum" by our boy Wallis. From
his "Principia" has come much of our modern day math and
physics.

ROSSIGNOL

Rossignol (1600 -1682) may have been familiar with Rene

Descarte's ( 1596 - 1650) work on geometry and knew Pascal
(1623 - 1662) from court and was aware of Pascal's letter to
Fermat suggesting a solution to a problem proposed by Chevalier
de Mere regarding the theory behind gambling. The
correspondence between Pascal and Fermat regarding the "problem
of points" laid the foundations of the science of probability.
Rossignol used this theory for his cryptographic finds.
Remember though it was the legendary William Friedman who did
the pioneering work in the statistical side of crypto in the
1930's.
CONCLUSION

This historical tour leads me to believe that Wallis was aware

of the preliminary implications of diophantine problems and
that Rossignol was aware of the potential of probability in
terms of cryptographic solutions. Could they have seen beyond
the Fermat - Pell's work is difficult to prove.

REFERENCES

1) Meschkowski, H., "Ways of Thought of Great Mathematicians,

tr by John Dyer-Bennet. San Francisco: Holden-Day 1948.

2) Ore, Oystein, Number Theory and Its History, New York:

McGraw-Hill, 1948.

3) Pollard, H. The Theory of Algebraic Numbers, Carus

Mathematical Mono., No. 9, New York: John Wiley, 1950.

4) Turnbull, H. W., The Great Mathematicians, New York: NYU

Press, 1961.

5) Bell, E. T., Men of Mathematics, New York: Simon and

Schuster, 1937.

6) David, F. Games, Gods and Gambling, New York: Haftner,

1962.

7) MacFarlane, A. Lectures on Ten British Mathematicians of

the Nineteen Century, Math. Mono. No 17, New York: John
Wiley, 1916.

8) Eve's H, Introduction to the History of Mathematics, 4th

ed., New York: Holt, Rinehart and Winston, 1964.

============================================================

>From Michael to LANAKI

Subj: Diophantine revisited

There are several more threads in this search. What needs to

be done is to trace back from contemporary (20th) century
researchers to see what lines of work emerged. Lets see what
can be found regarding D. E. Littlewood the prominent British
mathematician and associate of G. H. Hardy and S. Ramanujan.
The nineteenth century had Charles Babbage. The Willes family
was prominent over several centuries but I do not know if
Andrew Wiles is in this family tree. Tracing the men (women)
and their methods around the Cambridge-Oxford researchers
should reveal new information. Are their ACA members in
England who could help? - Michael

===============================================================

BINO, FOOT, G4EGG and THE DOC were suggested as possible

contacts. Amazing where the links of cryptography spread.
Like a giant spider. LANAKI
REFERENCES AND CRYPTOGRAPHIC RESOURCES

Volume II References were sent to the Crypto Drop Box

(CDB) on 6 September 1996. They may be downloaded from
there.

From [email protected] Aug 23 07:12:18 1996

Date: Fri, 23 Aug 1996 00:04:43 EDT
From: "Randy Nichols, ACA President (1994-1996)" <[email protected]>
Reply to: ACA-L <[email protected]>
To: [email protected]
Subject: LECTURE 16 TRANSPOSITION

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

August 22, 1996

COPYRIGHT 1996
ALL RIGHTS RESERVED

LECTURE 16

TRANSPOSITION

SUMMARY

Lecture 16 considers a whole range of Transposition (or

displacement) ciphers. We develop our subject using the
following references: [BAR2], [FRE4], [KULL], [OP20],
[MAST], [COUR], [LEDG], [BOW1], [ELCY].

SIMPLE ROUTE TRANSPOSITIONS (TRAMPS)

Transposition ciphers have been defined as that type of

cipher in which the elements or units of the plain text,
whether one is dealing with individual letters or groups
of letters, retain their original identities but undergo
some change in their relative positions or sequences so
that the message becomes unintelligible. The majority
of transposition methods involve the use of a design or
geometric figure, such as a square, rectangle, triangle,
trapezoid, etc., in which the letters of the plain text
are first inscribed or written into the design according
to a previously agreed upon direction of writing and
then transcribed or taken off according to another and
different previously agreed-upon direction, to form the
text of the cryptogram.

In their simplest form, TRAMPS may take any of the

following routes when employing rectangles or squares
for transposing text of a message as illustrated below.
The plain-text message is assumed to be merely the
normal sequence from A to X, for ease in following the
route.

Any geometrical form can be used, but it must be full

block; if the letters of a message do not complete the
assigned block, nulls (arbitrary letters) must be added.

a) Simple Horizontal:

ABCDEF FEDCBA STUVWX XWVUTS

GHIJKL LKJIHG MNOPQR RQPONM
MNOPQR RQPONM GHIJKL LKJIHG
STUVWX XWVUTS ABCDEF FEDCBA

b) Simple Vertical:

AEIMQU DHLPTX UQMIEA XTPLHD

BFJNRV CGKOSW VRNJFB WSOKGC
CGKOSW BFJNRV WSOKGC VRNJFB
DHLPTX AEIMQU XTPLHD UQMIEA

c) Alternate Horizontal:

ABCDEF FEDCBA XWVUTS STUVWX

LKJIHG GHIJKL MNOPQR RQPONM
MNOPQR RQPONM LKJIHG GHIJKL
STUVWX STUVWX ABCDEF FEDCBA

d) Alternate Vertical:

AHIPQX DELMTU XQPIHA UTMLED

BGJORW CFKNSV WROJGB VSNKFC
CFKNSV BGJORW VSNKFC WROJGB
DELMTU AHIPQX UTMLED XQPIHA

e) Simple Diagonal:

ABDGKO GKOSVX OKGDBA XVSOKG

CEHLPS DHLPTW SPLHEC WTPLHD
FIMQTV BEIMQU VTQMIF UQMIEB
JNRUWX ACFJNR XWURNJ RNJFCA

ACFJNR JNRUWX RNJFCA XWURNJ

BEIMQU FIMQTV UQMIEB VTQMIF
DHLPTW CEHLPS WTPLHD SPLHEC
GKOSVX ABDGKO XVSOKG OKGDBA

f) Alternate Diagonal:

ABFGNO GNOUVX ONGFBA XVUONG

CEHMPU FHMPTW UPMHEC WTPMHF
DILQTV BEILQS VTQLID SQLIEB
JKRSWX ACDJKR XWSRKJ RKJDCA

ACDJKR JKRSWX RKJDCA XWSRKJ

BEILQS DILQTV SQLIEB VTQLID
FHMPTW CEHMPU WTPMHF UPMHEC
GNOUVX ABFGNO XVUONG ONGFBA
g) Spiral, Clockwise:

ABCDEF LMNOPA IJKLMN DEFGHI

PQRSTG KVWXQB HUVWXO CRSTUJ
OXWVUH JUTSRC GTSRQP BQXWVK
NMLKJI IHGFED FEDCBA APONML

h) Spiral, Counterclockwise:

APONML NMLKJI IHGFED FEDCBA

BQXWVK OXWVUH JUTSRC GTSRQP
CRSTUJ PQRSTG KVWXQB HUVWXO
DEFGHI ABCDEF LMNOPA IJKLMN

Example 1 - Let the message be (military text):

At fourteen hundred sighted submarine bearing two

three five degrees true. (63)

Suppose we agree to use a completely filled square

of eight rows by eight columns, then we must add 1 null
to give us a multiple of eight (64). We agree that
alternate diagonals will be used for inscription.

1 2 3 4 5 6 7 8
1 A T R T R E M A
2 F U E D D B R O
3 O E N S U I W T
4 N U I S N T H E
5 H G D E G R D G
6 H E B N E E R R
7 T E I E V E T U
8 A R F I E S E N

Next the letters are taken off by simple vertical to

form the cryptogram:

AFONH HTATU EUGEE RRENI DBIFT DSSEN

EIRDU NGEVE EBITR EESMR WHDRT EAOTE
GRUN

To decipher the cryptogram, the process is reversed.

The total number of letters in the cipher text is used
to reconstruct the rectangle. Then the cryptogram is
inscribed by the agreed upon route and the plain text is
taken off by the other agreed upon route.

OTHER GEOMETRICAL FIGURES

We are not limited to the square or rectangle. The

routes indicated above work for other geometrical
designs with minor modifications.

(a) Trapezoidal design:

A T F O U
R T E E N H
 U N D R E D S
I G H T E D S U
B M A R I N E M P

(b) Triangular design:

A T F O U R
E T
E D S I G
E H
B M A R
N T
C M I
H E
P N
U D
E
N S
D U
B
The cryptograms resulting from figure (a) taken off
according to an alternate vertical route is:

BIURA TTNGM AHDEF OERTR IEENU HDDNE SSUMP

That resulting from figure (b) taken off according to a

diagonal route is:

AEBCP EURTD MMNSB FSAID NOIRE UUGTH RHNTE E.

SOLUTION HINTS FOR TRAMPS

When but one cryptogram is available, the solution of a

tramp is largely trial and error. There are some
shortcuts. Use:

a) The beginning and end of the cryptogram will follow

the most frequent initials (T A W O B I C S D H) and
finals (E T S D N R Y O F L ). Words may be assumed
which contain these initial or final letters
near the beginning or end of the cryptogram.

b) The interval between the letters of expected words,

high frequency digraphs, QU and vowel.

c) Long groups of vowels or consonants show up when

English is written horizontally and transcribed
vertically; these may be assumed to be adjacent.

d) The presence of parts of words are found with certain

routes such as spirals and helps to identify the
route.

e) Use the total number of letters to suggest the

geometric design and fill in the arbitrary figure
with the ciphertext to give further clues

NUMERICAL KEYS

A numerical key can be derived from a literal key as we

saw in substitution problems:

A M E R I C A N
 1 6 4 8 5 3 2 7

or can be used as a guided for transposing letters like:

7 2 4 5 3 6 1 7 2 4 5 3 6 1 7 2 4 5
R E P O R T N O O N P O S I T I O N

The letters are take off the above groups and

transcribed into standard groups of five letters, all
letters marked 1 being taken first, then all those
marked 2, etc giving:

NIEOI ROPNO OPNTS ROT

MISCELLANEOUS TRANSPOSITION METHODS

Transposition ciphers come in several simple varieties.

The oldest form may be reversed writing. The reversing

process may be applied to regular or irregular groups of
plain text letters:

Let the plain text be: Bridge destroyed at eleven pm.

Words Reversed:

E G D I R B D E Y O R T S E D T A N E V E L E M P

Words Reversed and Regrouped into False Lengths:

E G D I R B D E Y O R T S E D T A N E V E L E M P

Text Reversed and Regrouped into Fives:

MPNEV ELETA DEYOR TSEDE GDIRB

Text Reversed and Regrouped into Fives With Nulls every

Fifth Position:

TRIMM PNEVP ELETA ADEYR ORTSL EDEGU DIRBM

Columnar by Bigraph:

or
B S B R
R T I D
I R G E
D O D E
G Y S T
E E R O
D D Y E
E D

Cipher Text:
 B S R T I R D O G Y E E D D E , or
B I G D S R Y D R D E E T O E

or let the new plain be "Prepare to get underway":

Digraphs Reversed :

Plain PREPA RETOG ETUND ERWAY

Cipher RPPER ATEGO TENUE DWRYA

RAIL FENCE CIPHER

Just as the name implies, the Rail Fence Cipher

resembles an old rail fence found in many parts of New
England today; with its zig-zag appearance.

Plain: Prepare to get underway.

P E A E O E U D R A
R P R T G T N E W Y

Ciphertext is taken off horizontally:

PEAEO EUDRA RPRTG TNEWY

It may be composed of any number of rails ( or letters

in depth) which may be written up or down, coming from a
point and then reversing the direction to the end of the
message, either filling the final stroke or being short
a letter or more.

Any message may be written in with the normal sequence

up and down, or visa versa, or it may be written into
the points first, and then into successive horizontal
rows. It is then taken out by the alternate process.

Table 16-1 shows the total length of a Rail Fence cipher

versus the various peaks plus extra letters from 2-10
rails. There is no technical way to solve this cipher,
however Table 16-1 can help look at possibilities.

Example:

TAOET NMFOA TNEHM NHWKS POIDI SLFMU HSOBE ALEEW

AUFHE ASNES P. (51)

Scanning Table 16-1, for 2 rails there are 26 peaks; 3

rails, 13 peaks plus two extra letters (..); 4 rails, 9
peaks plus two extra letters; 5 rails, 7 peaks plus two
extra letters, and so forth. We use the digit which
falls directly under the message length; if no digits
are shown, take the digit to the left and add for the
extra letters the dots.

For a 3-depth, set up a pattern:

1 5 9 13
2 4 6 8 10 12 14
3 7 11 15

The cipher text looks like this:

T T O
A E N F A ( improbable)
O M T

We try to write in the cipher text at the points and

follow through to the second row:

T A O
H M N H ( good plain text)
E E

TABLE 16 - 1
Total Length of Cipher versus Various Peaks plus extra
Letters of Rails from 2-10

3 5 7 9 11 13 15 17 19 21 23 25 27 29
2 2 3 4 5 6 7 8 9 10 11 12 13 14 15
3 2 .. 3 .. 4 .. 5 .. 6 .. 7 .. 8
4 2 .. .. 3 .. .. 4 .. .. 5 .. ..
5 2 .. .. .. 3 .. .. .. 4 .. ..
6 2 .. .. .. .. 3 .. .. .. ..
7 2 .. .. .. .. .. 3 .. ..
8 2 .. .. .. .. .. .. 3
9 2 .. .. .. .. .. ..
10 2 .. .. .. .. ..

31 33 35 37 39 41 43 45 47 49 51 53 55
2 16 17 18 19 20 21 22 23 24 25 26 27 28
3 .. 9 .. 10 .. 11 .. 12 .. 13 .. 14 ..
4 6 .. .. 7 .. .. 8 .. .. 9 .. .. 10
5 .. 5 .. .. .. 6 .. .. .. 7 .. .. ..
6 4 .. .. .. .. 5 .. .. .. .. 6 .. ..
7 .. .. .. 4 .. .. .. .. .. 5 .. .. ..
8 .. .. .. .. .. .. 4 .. .. .. .. .. ..
9 .. 3 .. .. .. .. .. .. .. 4 .. .. ..
10 .. .. .. 3 .. .. .. .. .. .. .. .. 4

57 59 61 63 65 67 69 71 73 75 77 79 81
2 29 30 31 32 33 34 35 36 37 38 39 40 41
3 15 .. 16 .. 17 .. 18 .. 19 .. 20 .. 21
4 .. .. 11 .. .. 12 .. .. 13 .. .. 14 ..
5 8 .. .. .. 9 .. .. .. 10 .. .. .. 11
6 .. .. 7 .. .. .. .. 8 .. .. .. .. 9
7 .. .. 6 .. .. .. .. .. 7 .. .. .. ..
8 5 .. .. .. .. .. .. 6 .. .. .. .. ..
9 .. .. .. .. 5 .. .. .. .. .. .. .. 6
10 .. .. .. .. .. .. .. .. 5 .. .. .. ..

83 85 87 89 91 93 95 97 99 101 103 105

2 42 43 44 45 46 47 48 49 50 51 52 53
3 .. 22 .. 23 .. 24 .. 25 .. 26 .. 27
4 .. 15 .. .. 16 .. .. 17 .. .. 18 ..
5 .. .. .. 12 .. .. .. 13 .. .. .. 14
6 .. .. .. .. 10 .. .. .. .. 11 .. ..
7 .. 8 .. .. .. .. .. 9 .. .. .. ..
8 .. 7 .. .. .. .. .. .. 8 .. .. ..
9 .. .. .. .. .. .. .. 7 .. .. .. ..
10 .. .. .. .. 6 .. .. .. .. .. .. ..

107 109 111 113 115 117 119

2 54 55 56 57 58 59 60
3 .. 28 .. 29 .. 30 ..
4 .. 19 .. .. 20 .. ..
5 .. .. .. 15 .. .. ..
6 .. .. 12 .. .. .. ..
7 .. 10 .. .. .. .. ..
8 .. .. .. 9 .. .. ..
9 .. .. .. 8 .. .. ..
10 .. 7 .. .. .. .. ..

REDEFENCE

The railfence cipher may be made more secure when a

numerical key is used in addition to the initial
transposition. For example:

2 T L G E
4 H R Y D E H W
1 E A B R T T O M
3 E I S R

Cipher: EABRT TOMTL GEEIS RHRYD EHW

Key = 2413

Solution is similar to railfence with the help of a tip.

FOUR WINDS CIPHER

R R G N W
P -|- E A -|- E O -|- E U -|- D R -|- A
P T T E Y

Taken off clockwise from left to right:

Cryptogram:

RRGNW PEAEO EUDRA PTTEY

HEDGES

R O E P E W R U Y

P T D E G R A T A E N

(Base jumps over two letters) Link P to R to E.

Cryptogram:

ROEPE WRUYP TDEGR ATAEN

DIAMOND

Friedman in [FRE4] describes solution to an unusual

diamond design that looks like this:

1
2 3 4
5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23 24 25
26 27 28 29 30 31 32 33 34 35 36
37 38 39 40 41 42 43 44 45 46 47 48 49
50 51 52 53 54 55 56 57 58 59 60
61 62 63 64 65 66 67 68 69
70 71 72 73 74 75 76
77 78 79 80 81
82 83 84
85

The numbers indicate the method of encipherment. The

cipher is taken off vertically by column.

The foregoing examples would indicate that almost any

figure can be used for this type of transposition,
including stars, polygons and irregulars. It is merely
necessary to agree on the figure and the starting points
for inscription and transcription processes.

CIVIL WAR MESSAGES

David Kahn gives us an interesting look at Civil War

Cryptography. If there was a reason why the North won,
it had to be superior cryptography. Anson Stager
first superintendent of the Western Union Telegraph
Company, was charged by Major General B. McClellan with
drawing up a military cipher along the lines that he had
devised for Governor Dennison of Ohio. [KAHN]

Stager complied. Soon McClellan was relying on the

cipher to protect his communications during his
successful campaign in West Virginia. One of the first
users was Allan Pinkerton, founder of the agency that
bears his name and bodyguard to President Lincoln. The
key was very short, it was dependable and was used by
the Union forces throughout the Civil War. It was used
extensively because the Civil War first employed the
telegraph on a large scale. Communications from
Washington could take 10 days to their troops depending
on weather, health of the telegrapher operators and
availability of lines (which sometimes took a circuitous
route). During Sherman's march to the sea, the Union
had to rely on Southern newspapers for accounts of his
slash and burn campaign.

So effective was the Stager cipher that those same

Southern newspapers advertised for help from anyone who
recognized or could break the Yankee cipher.

Stager's cipher was a word transposition. Stager's

telegraphic experience evidently led him to a system in
which the ciphertext consisted - as in the new telegraph
codes - of ordinary words, which are far less subject to
dangerous garbles than groups of incoherent letters.
[There is a funny story how one of the Rebel commanders
could not read the cipher message sent to him by one of
his forward patrols - prior to Gettysburg no less - so
he sent a messenger to the forward post to get a
clarification of the cryptogram received. The messenger
returned to find his commander under arrest. The
message was a warning of a Union trap. The lines were
effected by rain that particular day.]

The Stager cipher was appealing because of its

simplicity: the plaintext was written out in lines and
transcribed by columns, up some and down others in a
specified order. His cipher was improved by adding
nulls, mazed routes of diagonals and interrupted columns
through larger rectangles and per Samuel H. Beckwith,
Grants cipher operator, important terms were represented
by codewords which were carefully chosen to minimize
telegraph error. The cipher expanded from one listed on
a single card to that by the end of the war, required 12
pages to list routes and 36 for the 1,608 codewords.
This was Cipher 4, the last of a series of 12 that the
North employed at various times.

A good example of the system is given by encipherment of

the message by President Lincoln on 1 June 1863: For
Colonel Ludlow. Richardson and Brown, correspondents of
the Tribune , captured at Vicksburg, are detained in
Richmond. Please ascertain why they are detained and get
them off if you can. The President. Cipher No 9 was in
use and provided for the following codeword substit-
utions: VENUS for colonel, WAYLAND for captured, ODOR
for Vicksburg, NEPTUNE for Richmond, ADAM for President
of U.S. and NELLY for 4:30 pm time of dispatch. The
keyword of GUARD set the size of the rectangle and
routes. Nulls were added to the end of each column.
The encipherer chose to write out the message in seven
lines of five words each with three nulls to complete
the rectangle. The plaintext was:

For VENUS Ludlow Richardson and

Brown correspondents of the Tribune
WAYLAND at ODOR are detained
at NEPTUNE please ascertain why
they are detained and get
them off if you can
ADAM NELLY THIS FILLS UP

Ciphertext: [up the first column,(kissing=null),down

second,(turning=null),up fifth,(times=null),down fourth,
(belly=null), up third column]

GUARD ADAM THEM THEY AT WAYLAND BROWN FOR KISSING VENUS

CORRESPONDENTS AT NEPTUNE ARE OFF NELLY TURNING UP CAN
GET WHY DETAINED TRIBUNE AND TIMES RICHARDSON THE ARE
ASCERTAIN AND YOU FILLS BELLY THIS IF DETAINED PLEASE
ODOR OF LUDLOW COMMISSIONER.

Confederate cryptography centered around the Vigenere

which we have previously studied. The south employed
only three keywords: MANCHESTER BLUFF, COMPLETE VICTORY
and COME RETRIBUTION. Known also as the Vicksburg cipher
the team of Tinker, Chandler and Bates, very early
yuppies, were able to read a whopping 90% of the
Confederates messages and report them to Lincoln.
For example, Grant's troops intercepted a message on
eight captured rebels at Vicksburg trying to slip into
Vicksburg with 200,000 percussion caps.

The ciphertext message read:

Jackson, May 25, 1863

Lieutenant General Pemberton: My XAFV. USLX WAS VVUFLSJP
by the BRCYAJ. 200000 VEGT. SUAJ. NERP. ZIFM. It will be
GFOECSZOD as they NTYMNX. Bragg MJTPHINZG a QRCMKBSE.
When it DDZGJX. I will YOIG. AS. QHY. NITWM do you YTIAM
the IIKM. VFVEY. How and where is the JSQMLGUGSFTVE.
HBFY is your ROEEL.
J. E. Johnston.

Note the flow of the message and hints along the way.
The word separators, the clear text leads you into the
next word. The size of the words is known and might be
guessed.

The Plaintext based on the Keywords MANCHESTER BLUFF is:

Lieutenant General Pemberton: My last note was captured
by the picket. 200000 caps have been sent. It will be
increased as they arrive. Bragg is sending a division.
When it joins I will come to you. Which do you think the
best route? How and where is the enemy encamped? What is
your force?

J. E. Johnston.

CRYPTANALYSIS OF THE SINGULAR COLUMNAR TRANSPOSITION

CIPHER

Colonel W. Barker has perhaps the best description for

cracking the single columnar transposition problem.
[BAR3] (a tad better than the master himself.)

Encipherment

Lets start with the plaintext message:

NEED SUPPLIES AT ONCE STOP REQUEST REPLY IMMEDIATELY.

with Literal key: SUMMER TIME

Step 1: Derive the numerical key from literal key.

810 4 5 1 7 9 3 6 2
S U M M E R T I M E

Step 2: Write the plain text beneath the numerical key:

810 4 5 1 7 9 3 6 2
S U M M E R T I M E
---------------------
| N E E D S U P P L I |
| E S A T O N C E S T |
| O P R E Q U E S T R |
| E P L Y I M M E D I |
| A T E L Y|----------|
----------

Note we are starting off with the more difficult

incomplete rectangle. Technically this is called a
matrix and is addressed by its rows and columns. There
are two kinds of columnar matrices to be considered, the
completely filled matrix and the in-completely filled
matrix. The length of the message in a completely filled
matrix is a multiple of the key- length which greatly
simplifies the solution.
Terminology

The size or dimensions of any matrix depends on two

things:

(1) The length of the key.

(2) The length of the message.

Given these two things, we can determine the type of

matrix we are dealing with, the number of long and short
columns, and the number of letters in each type of
column. Graphically we have in our example:

Key length
*-------10--------*
810 4 5 1 7 9 3 6 2
S U M M E R T I M E
---------------------
Length of * | N E E D S U P P L I | *
long | | E S A T O N C E S T | | Length of short
column is | | O P R E Q U E S T R | | column = 4
5 | | E P L Y I M M E D I | *
* | A T E L Y|----------|
---------- * - - - *
* - - - * Number of short
Number of columns is 5
long columns
is 5

Step 3: Take the columns out in numerical order. Thus

the first column out is 1 or S O Q I Y, then I T R I
etc.

The cipher text is:

SOQIY ITRIP ESEEA RLEDT EYLLS TDUNU MNEOE APCEM

ESPPT

Note that the original plain text has not been changed
but merely rearranged or transposed by a numerical key.

Decipherment

Consider the decipherment of the following:

UNCKO MNHTA NSEOT NMIEG OFPER NMAWO OLTGA SFHDO

OLLEN YINRI SIECY COTOR FETNN TSGOR IPTHT NOETX
ISENW ICXMI NREUE T. (96)

With Keyword: APPLE BLOSSOMS

Step 1: Derive the numerical key from the literal.

1 910 4 3 2 5 71112 8 613

A P P L E B L O S S O M S
Step 2: Determine the size of the matrix used in
encipherment. This step is the most important step in
decipherment.

Since the key is 13 and the message length is 96, we

divide the key-length into the message length to give:

_7_
13|96
91
--
5

where 13 is length of key, 96 is length of the message,

7 is the length of the short columns, and 5 is the
number of long columns. Since the length of the short
column is 7, the length of the long column is 1 more or
8. And, the number long columns is 5, so the number of
short columns is the key-length minus the number of long
columns (13-5) = 8. Now we have the size of the matrix.

Key length is 13

1 910 4 3 2 5 71112 8 613

A P P L E B L O S S O M S
----------------------------
| U T |
| N A | Length of
Length of | C N | short columns
Long | K S | is 7
column is 8 | O E |
| M O |
| N T |
| H ---------------
------------|
Number of Number of short
long columns columns is 8
is 5

Step 3. Place the columns back into the matrix according

to the numerical key. The plain text can now be read
horizontally from left to right, top to bottom within
the matrix.

1 910 4 3 2 5 71112 8 613

A P P L E B L O S S O M S
----------------------------
| U R G E N T L Y N E E D I |
| N F O R M A T I O N C O N |
| C E R N I N G N E W Y O R |
| K T I M E S A R T I C L E |
| O N P A G E S I X C O L U |
| M N T W O O S I X T E E N |
| N T H O F T H I S M O N T |
| H S T O P ----------------
------------|

Cipher Text reads:

URGENTLY NEED INFORMATION CONCERNING NEW YORK TIMES
ARTICLE ON PAGE SIX COLUMN TWO OF SIXTEENTH OF THIS
MONTH STOP.

Comparing the steps:

Step Encipherment Decipherment

1 Derive numerical key Derive numerical key

2 Write plain text Determine size of

beneath key matrix from key-length
and message length.

3 Take columns out of Put columns into matrix

matrix in numerical in numerical order
order

As an introduction to cryptanalysis, we start with

special cases and work up to the general solution.

Case 1: Plain Text beginning of a Message Longer than

the Key-Length

Given the cipher text message known to be a single

columnar transposition:

TTDTI TIIIH NNOBT ERNOO IGSRY SVIAA XNAFN

ASMMR IE.

We suspect that the words TRANSMIT INFORMATION is at the

beginning of this message.

We begin our solution by writing the ciphertext without

group divisions. We then make a biliteral frequency
distribution. ( The bigram frequency distribution will
be 1 less than the total frequency because the last
letter does not have a partner.)

T T D T I T I I I H N N O B T E R N O O I G S R Y
S V I A A X N A F N A S M M R I E.

and,

A - A X F S X - N
B - T Y - S
C - Z -
D - T
E - R
F - N
G - S
H - N
I - T I I H G A E
J -
K -
L -
 M - M R
N - N O O A A
O - B O I
P -
Q -
R - N Y I
S - R V M
T - T D I I E
U -
V - I
W -

Write out the first few letters of known plain-text

beginning horizontally and then horizontally written
letters are written the succeeding letters of the given
plain text as follows:

T R A N S M HITS
-----------
R A N S M I 1
A N S M I T 2
N S M I T I 0
S M I T I N 0
M I T I N F 1
I T I N F O 2
T I N F O R 3
I N F O R M 6
N F O R M A 1
F O R M A T 0
O R M A T I 1
R M A T I O 1
M A T I O N 0

We use the biliteral distribution to determine the key

length as follows. We start in column 'T' and note that
T occurs 5 times in the cipher message with 4 different
letters (T, D, I, and E). We specify as a hit (or
circle, or mark in someway) any of those letters in the
first column. Column 1 has 3 hits - I T I. in column
2 we mark the three letters N, Y, and I as noted from
the biliteral frequency distribution. We note the above
figure shows the final results. The word inform has 6
hits and is below the word segment TRANSM. For this to
have happened the key-length has to be eight (count down
the rows) and the beginning within the matrix will look
as follows:

T R A N S M I T
-----------
I N F O R M A T
-----------
I O N

We now see why the cipher text letter T is followed by

I. They are both from the first column to the left in
the matrix. Since the ending is I O N falls in the third
horizontal row of the matrix; the first column is T I I
and that is found in group two of the cipher text.

Since the key is 8, and the number of letters in the

message is 42, we can easily determine the size of the
matrix used in encipherment. Dividing 8 into 42 gives
40 with 5 as the length of the short, 6 the length of
the long and 2 (remainder) being the number of long
columns and (8-2) = 6 short columns after them.

We set up the enciphering matrix and write in the known

plaintext.

2 4
-----------------
| T R A N S M I T |
| I N F O R M A T |
| I O N |
| I O |
| H I |
| N G ------------
-----|

2 4
TTDTI TIIIH NNOBT ERNOO IGSRY SVIAA XNAFN
ASMMR IE.

The TII is a giveaway that this column was the second

column (length 6) to be taken out of the matrix during
encipherment. The entire column is T I I I H N. We
note that R N O O I G is the 4th column (long) with all
others being short. The rest of the columns are easily
identified and the plain is read horizontally.

2 4 7 3 5 8 6 1
-----------------
| T R A N S M I T |
| I N F O R M A T |
| I O N B Y R A D |
| I O A T S I X T |
| H I S E V E N I |
| N G ------------
-----|

Plain reads:

TRANSMIT INFORMATION BY RADIO AT SIX THIS EVENING.

Note that our solution has yielded the numerical key

(which may have been derived as a result of many literal
keys). The numerical key is used to read other messages
by the same source, collectively called traffic. The
trivial issue is that the solution was possible because
the known plain was longer than the keyword and hence,
set up adjacent vertical letters to identify in the
cipher text.

The Analytic Matrix or Hat Diagram

The Analytic matrix (aka Hat Diagram) is a fundamental
tool to solve all columnar transposition cipher systems.
You only need the keylength and the cipher text itself.

Given the cryptogram:

EIPEI EUFSS ETODE ERTJR OOSCL NTPLH EDGRF TEEEE

SAOIT SNULP VONPT ADAEL YVLT. (64)

with Key length = 10.

Step 1: Determine the size of the enciphering matrix.

Key of 10 into 64 = 6 as the length of the short, 7 as

the length of the long columns, 4 as the number of long
columns and 10 - 4 = 6 short columns.

or in shorthand 64 = 4 - 7's
6 - 6's

Check: 4 x 7 =28 + 6 x 6 = 36 = 64

Step 2: Divide ciphertext into long and short columns

starting with long columns at the head of the message
and the short columns at the tail of the message.

EIPEI EU / FSS ETOD / E ERTJR O / OSCL NTP / L

H EDGR / F TEEEE / SAOIT S / NULP VO / NPT ADA / EL
YVLT. (64)

Step 3: Write down vertically from left to right these

divided columns, keeping the bottoms of the columns on
the same line. Thus:

1 2 3 4 5 6 7 8 9 10
E F E O
I S E S L F S N N E
P S R C H T A U P L
E E T L E E O L T Y
I T J N D E I P A V
E O R T G E T V D L
U D O P R E S O A T
*-4-- * * ----6---*
long short

These letters represent the foundation of the hat

diagram.

Step 4: Extend the tops of the columns from right to

left such that the long columns come at the tail of the
message and the short columns at the head of the
message.

We begin by drawing a line across the top of the of the

present columns:

_______
E F E O|__________A
I S E S L F S N N E
P S R C H T A U P L
E E T L E E O L T Y
I T J N D E I P A V
E O R T G E T V D_L
U D O P R E S O A T

We start with the short columns on the right, we extend

this column and make it long by adding one letter from
the column previous to it. We move to the left and make
that column long by adding 2 letters from the adjacent
column and place on top of the line. We mark the bottom
of the letters for the 'borrowed letters' to help us
determine the length of the column extended over the top
border.

_______ V
E F E O|________O_A
I S E S L F S N N E
P S R C H T A U P L
E E T L E E O L T Y
I T J N D E I P_A V
E O R T G E T V D_L
U D O P R E S O A T

We extend two more short columns making a total of four

extended to long columns.

E
E I
_______ E T V
E F E O|____E_S_O_A
I S E S L F S N N E
P S R C H T_A U P L
E E T L E E O_L T Y
I T J N D E I P_A V
E O R T G E T V D_L
U D O P R E S O A T

At this point, still going from right to left, we extend

the balance of the columns as short columns (six in
all). Above the line is extend only to the length of
the short column.

E E
D E I
_______ G E T V
E F E O|__R_E_S_O_A
I S E S L F S N N E
P S R C H_T_A U P L
 E E T L E E O_L T Y
I T J N D E I P_A V
E O R T G E T V D_L
U D O P R E S O A T

The final hat diagram looks like this:

1 2 3 4 5 6 7 8 9 10
J L E E
O R N D E I
__U_D_O T G E T V
E F E O|P_R_E_S_O_A
I S E S L F S N N E
P S R C_H_T_A U P L
E E T_L E E O_L T Y
I T_J N D E I P_A V
E_O R T G E T V D_L
U D O P R E S O A T

Note the lengths of the columns -above the drawn lines

at the bottoms of the columns - are from right to left
the four long columns and the six short columns.

What does the hat matrix represent?

It represents the columns of the enciphering matrix in

numerical order from left to right. Because we do not at
this stage know which columns are actually long and
short, the hat matrix contains some superfluous letters
from the adjacent column. However, regardless of how
long and short columns are arranged in the actual
enciphering matrix, the columns of the hat matrix will
contain all the letters of the columns as found in the
actual enciphering matrix.

Case 2: Plain Text Longer than the Key-Length Anywhere

in the Message.

Given Cipher Text:

BIEEH VHBSR UAHEE OREBE ECOWV NTETM TAQZT TDRNI

EESNE ELOLO EOERL NINNF R. (61)

Key length unknown.

Step 1: Make a biliteral frequency distribution (from

left to right.) [ie. B has 3 contacts I, S, E in that
order]

A - H Q N - T I E I N F
B - I S E O - R W L E E
C - O P -
D - R Q - Q
E - E H E O B E C T E S E L O R R - U E N L
F - R S - R N
G - T - E M A T D
 H - V B E U - A
I - E E N V - H N
J - W - V
K - X -
L - O O N Y -
M - T Z - T

Step 2: "Complete the Plain" text for first few letters

of known plaintext and apply biliteral frequency
distribution. In the columns thus extended, note the
'hits' which follow the top column letter in the
biliteral frequency distribution.

Q U E E N HITS
---------
1 U E E N E 2
2 E E N E L 1
3 E N E L I 3
4 N E L I Z 1
5 E L I Z A 0
6 L I Z A B 0
7 I Z A B E 2
8 Z A B E T 5 KEY LENGTH =8
9 A B E T H 2

For Z A B E T to have fallen directly under queen, the

key-length must be 8, so:

Q U E E N E L I
Z A B E T H

Step 2: Determine size of matrix, columns and construct

the hat diagram.

Key of 8 into 61 message length gives 7 as the short

length, 8 as the long length, 5 for the number of long
columns, and (8-5) 3 short columns. The Hat diagram
looks like this:

1 2 3 4 5 6 7 8
C M
E O T R
_B_O_W_A_N E
* B S R V Q I_L_R
I R E N Z E O L *
long | E U B T T E L N |
column 8 E A E E T S O I 7 short
= 8 | H H E_T_D_N E N | column = 7
V E_C M R E_O N
H_E O T N E E_F
* B O W A I L R R *
*---5---* *-3-*
long short
Step 3: Juxtapose the known plain text with the hat
diagram information and rearrange the columns.

Start with the Q found in the 5th column of hat. The U

Z A
is relatively easy to find in column 2.

5 2
M B
T S
A R
Q U E E N E L I
Z A B E T H
T H
T E
D E
R O
N
I

In a similar manner the remaining columns are easily

identified and added to the juxtaposition:

5 2 3 6 4 1 7 8
C
M B E R O B E R
T S O N W I L L
A R R I V E O N
Q U E E N E L I
Z A B E T H O N
T H E S E V E N
T E E N T H O F
D E C E M B E R
R O O E T R
N W L A
I

Inspection tells us that the 61 letters lie within the

juxtaposition as follows:

5 2 3 6 4 1 7 8
C
M B E*R O B E R
T S O N W I L L
A R R I V E O N
Q U E E N E L I
Z A B E T H O N
T H E S E V E N
T E E N T H O F
D E C E M B E R*
R O O E T R
N W L A
I

We eliminate the superfluous letters, and shift column 6

to the beginning of the message. The result is the
original enciphering matrix and numerical key:

5 2 3 6 4 1 7 8
_______________
R O B E R T S O
N W I L L A R R
I V E O N Q U E
E N E L I Z A B
E T H O N T H E
S E V E N T E E
N T H O F_D_E_C
E_M_B_E_R

The plain text message is:

ROBERTSON WILL ARRIVE ON QUEEN ELIZABETH ON THE

SEVENTEENTH OF DECEMBER.

Proper juxtaposition of columns of the analytic matrix

depends not only upon the known plain text portion of
the enciphering matrix, but also upon plain text
appearing on the horizontal rows. This solution is a
little more general as it does not depend on the
location of the known plain text.

COMPLETELY COLUMNAR TRANSPOSITION - SOLUTION GIVEN KEY-

LENGTH AND A COMPLETELY FILLED MATRIX

The completely filled columnar matrix is a simpler

problem because we are dealing with only one column
length. There is no problem of determining the long and
short columns.

Column Matching:

Given the cipher text:

GLLEF PLUOT HERPI RDEBC NLGEE NNBAR SETHO TEYWP

EHIAO LIRMC SERTS VIIEH EALPO OEAFW TX. (72)

KEY LENGTH = 6

Step 1: Determine size of rectangle.

72 = 6 KEY LENGTH X 12 ROWS

1 2 3 4 5 6
G R E E M E
L P N Y C A
L I N W S L
E R B P E P
F D A E R O
P E R H T O
L B S I S E
U C E A V A
O N T O I F
T L H L I W
H G O I E T
 E E T R H X

This is the hat diagram with just one column length.

Solution depends now on merely rearrangement of these
six columns into numerical order. There are two ways to
do this: 1) Anagraming and 2) column matching.

Anagraming

The cryptanalyst may anagram expected combinations of

letters. Finding a Q, we look for a U and a vowel next
to it. These could be in the same row. We then
juxtaposition the columns or match them for QU_ or
combinations like THE or THAT, CK, ING, ION and so
forth.

Matching columns based on Validity Weighting

We select a single column at random from the analytic

matrix above:

1
G
L
L
E
F
P
L
U
O
T
H
E

Unless by chance that our choice (1/6 chance) is the

right hand column, one of the remaining columns will
stand to the left of our chosen column. There are 5
juxtapositions:

VW VW VW VW VW
12 13 14 15 16
GR 2 GE 2 GE 2 GM 0 GE 2
LP 0 LN 0 LY 3 LC 0 LA 2
LI 2 LN 0 LW 0 LS 1 LL 2
ER 2 EB 0 EP 1 EE 0 EP 1
FD 0 FA 1 FE 1 FR 1 FO 2
PE 2 PR 2 PH 1 PT 1 PO 2
LB 0 LS 1 LI 2 LS 1 LE 3
UC 1 UE 1 UA 1 UV 0 UA 1
ON 3 OT 2 OO 1 OI 1 OF 3
TL 0 TH 4 TL 0 TI 3 TW 1
HG 0 HO 2 HI 2 HE 4 HT 1
EE 0 ET 0 ER 2 EH 0 EX 3
--- --- --- --- ---
12 15 16 12 23
where: VW = validity weight for individual bigrams and
total column validity weight.

To answer the question, which one of the 5 possibilities

is the best fit, we can use Barker's "Letter Contact
Weight Chart," Figure 16-2 to match and evaluate the
column interactions. [BAR3]

To find the weight of a bigram in Figure 16-2, the first

letter of the bigraph is found in the vertical column
on the left side of the chart and the second letter is
found in the horizontal row of letters along the top of
the Figure. The intersection of these two letters is the
weight of the bigraph in question. For example QU has a
weight of 5, WH has a weight of three. The weights given
in Figure 16-3 are of a general nature for English but
are roughly dependent upon the expected frequency of
occurrence of the bigraphs plus the concept of 'good'
bigraphs like QU, LY, CK, TH, etc. Since each of the 5
columns has 12 bigrams to evaluate, we look at the sum
of these individual weights as a column validity weight
to determine the best column match. The highest column
validity weight represents the best fit.

We can speed up the process by using the anagraming

approach in addition to the column matching attack.
We find the bigram LL in the 16 column combination.
LL is usually proceeded by a vowel. Looking at the
analytic matrix above at the same row as LL, only column
2 fits the bill. We then place column 2 in front of
columns 1 and 6 and check the bigrams, trigrams for
impossibilities.

2 1 6
R G E
P L A
I L L
R E P
D F O
E P O
B L E
C U A
N O F
L T W
G H T
E E X

The last jump to the final juxtaposition is not a big

step:
3 5 4 2 1 6
E M E R G E
N C Y P L A
N S W I L L
B E P R E P
A R E D F O
R T H E P O
S S I B L E
E V A C U A
T I O N O F
 H I L L T W
O E I G H T
T H R E E X

The message reads:

EMERGENCY PLANS WILL BE PREPARED FOR THE POSSIBLE

EVACUATION OF HILL TWO EIGHT THREE X

As a general rule, the longer the columns the more

reliable the use of Figure 16-2 for matching columns.
Generally speaking, a random bigram has a validity
weight of 1. Thus a mismatched pair of columns of length
10 will have a total validity weight of 10. A validity
bigram has a weight of 1.5. So the same example of 10
bigrams will have on average a validity weight of 15.

FIGURE 16-2
LETTER CONTACT WEIGHT CHART

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A 2 2 1 1 1 1 1 1 2 1 3 2 2 2 2 2 1 1 1
B 1 1 4 1 2 1 1 2 1
C 2 2 2 1 2 1 2 1 1 1
D 2 1 2 1 2 1 1 1 1 1 1
E 2 1 2 1 1 1 1 2 1 2 2 2 1 1 3
F 1 1 1 1 1 2 1 1 1
G 1 2 2 1 1 2 2 1
H 3 4 2 2 1
I 1 1 2 1 1 2 1 2 2 1 3 2 1 2 2 2 2
J 1 1 2 1
K 1 3 2 1 1 1 1
L 2 2 3 2 1 2 2 1 1 1 3
M 3 1 3 2 1 2 1 1
N 1 1 2 1 2 1 1 1 1 1 1 2 1 1 1 1
O 1 1 1 1 3 1 1 2 1 2 3 1 2 2 1 2 3 2 2 1
P 2 2 1 1 2 2 2 1 1
Q 5
R 1 1 2 1 1 1 1 1 1 1 1 1
S 2 2 2 2 1 1 1 1 2 2 1 1 3 2 1
T 2 2 4 3 3 1 1 2 2 1
U 1 1 1 1 1 1 1 1 2 1 2 2 2
V 2 4 2 2
W 2 2 3 2 1
X 1 1 1 1 1 1 1
Y 1 1 2
Z 3 2

IDENTIFICATION OF THE COMPLETELY FILLED MATRIX

There is a valuable test for determining if a complete

filled columnar matrix is in play. Table 16-1 is an
extensive table of Key Lengths and Column-Lengths of
Completely Filled Matrices - Given their Message Length.
Table 16-1 covers message lengths from 15 to 300
letters. The key lengths considered are from 3 to 25.
In reading the expressions to the right of the various
message lengths, the first number is the key length and
the second number is the column length. So for 22 X 9
following message length 198, the key length is 22 and
the column length is 9. Many message lengths may be the
result of several sizes of the completely filled
matrices. These various sizes are listed within the
limits of the Table 16-1. We use this table to
determine whether or not a particular message might have
been enciphered with a completely filled matrix. Table
16-1 shows that about 30% of all lengths cannot have
resulted from completely filled matrices.

Let's examine the following message:

URIRT PEGRV ATEPI AFZSS ITLFU MAHKI ECOLT CWVAW

PEYLO RAESL ERETO M. (56)

Key-Length = unknown

>From Table 16-1, we find at 56 message length four

possibilities for a completely filled matrix exist. The
key lengths 4, 7, 8 and 14.

We test each of these possibilities without actually

reading the message and obtain reliability or validity
of each of the particular key-lengths. Normal plain-text
contains approximately 40% letters as vowels and that
these vowels are evenly distributed throughout the text.
We use the number of vowels in message X 100./number of
letters in the message = % of vowels in message. We
compute the per row number of vowels, mean difference
from normal, expected mean and validity value for the
matrix under consideration.

Number of Mean
(7 x 8) Vowels Difference
1 2 3 4 5 6 7
U R F U O P S 3 0.2
R V Z M L E L 1 1.8
I A S A T Y E 5 2.2
R T S H C L R 0 2.8
T E I K W O E 4 1.2
P P T I V R T 1 1.8
E I L E A A O 6 3.2
G A F C W E M 2 0.8
--- ----
22 14.0 / 8 = 1.80

Expected Mean =22/8 =2.8

Number of Mean
(14 X 4) Vowels Difference
1 2 3 4 5 6 7 8 9 1011121314
U T R E F I U K O W P O S E 7 1.5
R P V P Z T M I L V E R L T 2 3.5
I E A I S L A E T A Y A E O 11 5.5
R G T A S F H C C W L E R M 2 3.5
--- ----

22 14.0
Expected Mean = 22/4 = 5.5
Validity Value= 14/4 = 3.50

Four rows, and if this is a valid analytic matrix there

should be 24/4 = 5.5 vowels on each row. This is the
expected mean for the each row. We tabulate the
individual row mean differences and sum them for the
matrix. The total of the mean differences is
proportional to the number of rows, by dividing this
total by the number of rows we obtain the Validity value
for this matrix. Table 16-2 shows the interpretation of
the validity values. It shows that less than or equal
to 0.75 (or closer to it in the indefinite range) the
more likely we are dealing with a completely filled
matrix with correct ley length. Above 1.10 the more
likely it is that the matrix is incorrect.

Number of Mean
(8 X 7) Vowels Difference
1 2 3 4 5 6 7 8
U G I T K C Y L 3 .1
R R A L I W L E 3 .1
I V F F E V O R 3 .1
R A Z U C A R E 4 .9
T T S M O W A T 2 1.1
P E S A L P E O 4 .9
E P I H T E S M 3 .1
--- ---
22 3.3

Expected Mean = 22/7 =3.1 3.3/7 = 0.47

Validity Value

The rows are too short (6 or less) for individual

analysis, so we combined them for analysis.

Number of Mean Difference

Vowels
(4 X 14)
1 2 3 4
-------
U I K Y 5 1.9
R A I L
-------
I F E O
R Z C R 3 .1
-------
T S O A
P S L E 3 .1
------
E I T S
G T C L 2 1.1
-------
R L W E
V F V R 1 2.1
-------
A U A E
T M W T 4 .9

-------
E A P O
P H E M 4 .9
--- ---
22 7.1

Expected mean = 22/7 combined rows = 3.1

Validity value = 7.1 / 7 = 1.01 ( indefinite)

The results indicate that key length = 8 is the correct

length.

Key Length Validity Value

of Matrix

14 3.5
8 0.47
7 1.80
4 1.01

Solution proceeds by anagraming and juxtaposition. The

CK indicates a possible in the first row. Try the word
LUCKY and see how that fits.

(8 X 7)
* * * * *
1 2 3 4 5 6 7 8
U G I T K C Y L
R R A L I W L E
I V F F E V O R
R A Z U C A R E
T T S M O W A T
P E S A L P E O
E P I H T E S M
becomes:
* * * * *
8 1 6 5 7 4 3 2
L U C K Y T I G
E R W I L L A R
R I V E O F F V
E R A C R U Z A
 T T W O A M S T
O P P L E A S E
M E E T S H I P

Key = 81657432

Plaintext: LUCKY TIGER WILL ARRIVE OFF VERA CRUZ AT TWO

AM STOP PLEASE MEET SHIP.

TABLE 16-2
VALIDITY VALUES

<-------------> 0.75 <----------> 1.10 <------------>

Valid Indefinite Incorrect

Matrix Matrix

TABLE 16-1
Table of Key Lengths and Column Lengths of Completely
Filled Matrices - Given The Message Length

15 3 X 5, 5 X 3
16 4 X 4, 8 X 2
17
18 3 X 6, 6 X 3, 9 X 2
19
20 4 X 5, 5 X 4 10 X 2
21 3 X 7, 7 X 3
22 11 X 2
23
24 3 X 8, 4 X 6, 6 X 4, 8 X 3, 12 X 2
25 5 X 5
26 13 X 2
27 3 X 9, 9 X 3
28 4 X 7, 7 X 4, 14 X 2
29
30 3 X 10, 5 X 6, 6 X 5, 10 X 3, 15 X 2
31
32 4 X 8, 8 X 4, 16 X 2
33 3 X 11, 11 X 3
34 17 X 2
35 5 X 7, 7 X 5
36 3 X 12, 4 X 9, 6 X 6, 9 X 4, 12 X 3, 18 X 2
37
38 19 X 2
39 3 X 13, 13 X 3
40 4 X 10, 5 X 8, 8 X 5, 10 X 4, 20 X 2
41
42 3 X 14, 6 X 7, 7 X 6, 14 X 3, 21 X 2
43
44 4 X 11, 11 X 4, 22 X 2
45 3 X 15, 5 X 9, 9 X 5, 15 X 3
46 23 X 2
47
48 3 X 16, 4 X 12, 6 X 8, 8 X 6, 12 X 4, 16 X 3, 24 X 2
49 7 X 7
50 5 X 10, 10 X 5, 25 X 2
51 3 X 17, 17 X 3
52 4 X 13, 13 X 4
53
54 3 X 18, 6 X 9, 9 X 6, 18 X 3
55 5 X 11, 11 X 5
56 4 X 14, 7 X 8, 8 X 7, 14 X 4
57 3 X 19, 19 X 3
58
59
60 3 X 20, 4 X 15, 5 X 12,, 6 X 10, 10 X 6,12 X 5,
15 X 4, 20 X 3
61
62
63 3 X 21, 7 X 9, 9 X 7, 21 X 3
64 4 X 16, 8 X 8, 16 X 4
65 5 X 13, 13 X 5
66 3 X 22, 6 X 11, 11 X 6, 22 X 3
67
68 4 X 17, 17 X 4
69 3 X 23, 23 X 3
70 5 X 14, 7 X 10, 10 X 7, 14 X 5
71
72 3 X 24, 4 X 18, 6 X 12, 8 X 9, 9 X 8,12 X 6, 18 X 4,
24 X 3
73
74
75 3 X 25, 5 X 15, 15 X 5, 25 X 3
76 4 X 19, 19 X 4
77 7 X 11, 11 X 7
78 3 X 26, 6 X 13, 13 X 6
79
80 4 X 20, 5 X 16, 8 X 10, 10 X 8, 16 X 5, 20 X 4
81 3 X 27, 9 X 9
82
83
84 3 X 28, 4 X 21, 6 X 14, 7 X 12, 12 X 7, 14 X 6,
21 X 4
85 5 X 17, 17 X 5
86
87 3 X 29
88 4 X 22, 8 X 11, 11 X 8, 22 X 4
89
90 3 X 30, 5 X 18, 6 X 15, 9 X 10, 10 X 9, 15 X 6,
18 X 5
91 7 X 13, 13 X 7
92 4 X 23, 23 X 4
93 3 X 31
94
95 5 X 19, 19 X 5
96 3 X 32, 4 X 24, 6 X 16, 8 X 12, 12 X 8, 16 X 6,
24 X 4
97
98 7 X 14, 14 X 7
99 3 X 33, 9 X 11, 11 X 9
100 4 X 25, 5 X 20, 10 X 10, 20 X 5, 25 X 4
101
102 3 X 34, 6 X 17, 17 X 6
103
104 4 X 26, 8 X 13, 13 X 8
105 3 X 35, 5 X 21, 7 X 15, 15 X 7, 21 X 5
106
107
108 3 X 36, 4 X 27, 6 X 18, 9 X 12, 12 X 9, 18 X 6
109
110 5 X 22, 10 X 11, 11 X 10, 22 X 5
111 3 X 37
112 4 X 28, 7 X 16, 8 X 14, 14 X 8, 16 X 7
113
114 3 X 38, 6 X 19, 19 X 6
115 5 X 23, 23 X 5
116 4 X 29
117 3 X 39, 9 X 13, 13 X 9
118
119 7 X 17, 17 X 7
120 3 X 40, 4 X 30, 5 X 24, 6 X 20, 8 X 15, 10 X 12,
15 X 8, 20 X 6 , 24 X 5
121 11 X 11
122
123 3 X 41
124 4 X 31
125 5 X 25, 25 X 5,
126 3 X 42, 6 X 21, 7 X 18, 9 X 14, 14 X 9, 18 X 7,
21 X 6
127
128 4 X 32, 8 X 16, 16 X 8
129 3 X 43
130 5 X 26, 10 X 13, 13 X 10
131
132 3 X 44, 4 X 33, 6 X 22, 11 X 12, 12 X 11, 22 X 6
133 7 X 19, 19 X 7
134
135 3 X 45, 5 X 27, 9 X 15, 15 X 9
136 4 X 34, 8 X 17, 17 X 8
137
138 3 X 46, 6 X 23, 23 X 6
139
140 4 X 35, 5 X 28, 7 X 20, 10 X 14, 14 X 10, 20 X 7
141 3 X 47
142
143 11 X 13, 13 X 11
144 3 X 48, 4 X 36, 6 X 24, 8 X 18, 9 X 16, 12 X 12,
16 X 9, 18 X 8, 24 X 6
145 5 X 29
146
147 3 X 49, 7 X 21, 21 X 7
148 4 X 37
149
150 3 X 50, 5 X 30, 6 X 25, 10 X 15, 15 X 10, 25 X 6
151
152 4 X 38, 8 X 19, 19 X 8
153 3 X 51, 9 X 17, 17 X 9
154 7 X 22, 11 X 14, 14 X 11, 22 X 7
155 5 X 31
156 3 X 52, 4 X 39, 6 X 26, 12 X 13, 13 X 12
157
158
159 3 X 53
160 4 X 40, 5 X 32, 8 X 20, 10 X 16, 16 X 10, 20 X 8
161 7 X 23, 23 X 7
162 3 X 54, 6 X 27, 9 X 18, 18 X 9
163
164 4 X 41
165 3 X 55, 5 X 33, 11 X 15, 15 X 11
166
167
168 3 X 56, 4 X 42, 6 X 28, 7 X 24, 8 X 21, 12 X 14,
14 X 12, 21 X 8, 24 X 7
169 13 X 13
170 5 X 34, 10 X 17, 17 X 10
171 3 X 57, 9 X 19, 19 X 9
172 4 X 43
173
174 3 X 58, 6 X 29
175 5 X 35, 7 X 25,25 X 7
176 4 X 44, 8 X 22, 11 X 16, 16 X 11, 22 X 8
177 3 X 59
178
179
180 3 X 60,4 X 45, 5 X 36, 6 X 30, 9 X 20, 10 X 18,
12 X 15, 15 X 12, 18 X 10, 20 X 9
181
182 7 X 26, 13 X 14, 14 X 13
183 3 X 61
184 4 X 46, 8 X 23, 23 X 8
185 5 X 37
186 3 X 62, 6 X 31
187 11 X 17, 17 X 11
188 4 X 47
189 3 X 63, 7 X 27, 9 X 21, 21 X 9
190 5 X 38, 10 X 19, 19 X 10
191
192 3 X 64, 4 X 48, 6 X 32, 8 X 24, 12 X 16, 16 X 12,
24 X 8
193
194
195 3 X 65, 5 X 39, 13 X 15, 15 X 13
196 4 X 49, 7 X 28, 14 X 14
197
198 3 X 66, 6 X 33, 9 X 22, 11 X 18, 18 X 11, 22 X 9
199
200 4 X 50, 5 X 40, 8 X 25, 10 X 20, 20 X 10, 25 X 8
201 3 X 67
202
203 7 X 29
204 3 X 68, 4 X 51, 6 X 34, 12 X 17, 17 X 12
205 5 X 41
206
207 3 X 69, 9 X 23, 23 X 9
208 4 X 52, 8 X 26, 13 X 16, 16 X 13
209 11 X 19, 19 X 11
210 3 X 70, 5 X 42, 6 X 35, 7 X 30, 10 X 21, 14 X 15,
15 X 14, 21 X 10
211
212 4 X 53
213 3 X 71
214
215 5 X 43
216 3 X 72, 4 X 54, 6 X 36, 8 X 27, 9 X 24, 12 X 18,
18 X 12, 24 X 9
217 7 X 31
218
219 3 X 73
220 4 X 55, 5 X 44, 10 X 22, 11 X 20, 20 X 11, 22 X 10
221 13 X 17, 17 X 13
222 3 X 74, 6 X 37
223
224 4 X 56, 7 X 32, 8 X 28, 14 X 16, 16 X 14
225 3 X 75, 5 X 45, 9 X 25, 15 X 15, 25 X 9
226
227
228 3 X 76, 4 X 57, 6 X 38, 12 X 19, 19 X 12
229
230 5 X 46, 10 X 23, 23 X 10
231 3 X 77, 7 X 33, 11 X 21, 21 X 11
232 4 X 58, 8 X 29
233
234 3 X 78, 6 X 39, 9 X 26, 13 X 18, 18 X 13
235 5 X 47
236 4 X 59
237 3 X 79
238 7 X 34, 14 X 17, 17 X 14
239
240 3 X 80, 4 X 60, 5 X 48, 6 X 40, 8 X 30, 10 X 24,
12 X 20, 15 X 16, 16 X 15, 20 X 12, 24 X 10
241
242 11 X 22, 22 X 11
243 3 X 81, 9 X 27
244 4 X 61
245 5 X 49, 7 X 35
246 3 X 82, 6 X 41
247 13 X 19, 19 X 13
248 4 X 62, 8 X 31
249 3 X 83
250 5 X 50, 10 X 25, 25 X 10
251
252 3 X 84, 4 X 63, 6 X 42, 7 X 36, 9 X 28, 12 X 21,
14 X 18, 18 X 14, 21 X 12
253 11 X 23, 23 X 11
254
255 3 X 85, 5 X 51, 15 X 17, 17 X 15
256 4 X 64, 8 X 32, 16 X 16
257
258 3 X 86, 6 X 43
259 7 X 37
260 4 X 65, 5 X 52, 10 X 26, 13 X 20, 20 X 13
261 3 X 87, 9 X 29
262
263
264 3 X 88, 4 X 66, 6 X 44, 8 X 33, 11 X 24, 12 X 22,
22 X 12, 24 X 11
265 5 X 53
266 7 X 38, 14 X 19, 19 X 14
267 3 X 89
268 4 X 67
269
270 3 X 90, 4 X 54, 6 X 45, 9 X 30, 10 X 27, 15 X 18,
18 X 15
271
272 4 X 68, 8 X 34, 16 X 17, 17 X 16
273 3 X 91, 7 X 39, 13 X 21, 21 X 13
274
275 5 X 55, 11 X 25, 25 X 11
276 3 X 92, 4 X 69, 6 X 46, 12 X 23, 23 X 12
277
278
279 3 X 93, 9 X 31
280 4 X 70, 5 X 56, 7 X 40, 8 X 35, 10 X 28, 14 X 20,
20 X 14
281
282 3 X 94, 6 X 47
283
284 4 X 71
285 3 X 95, 5 X 57, 15 X 19, 19 X 15
286 11 X 26, 13 X 22, 22 X 13
287 7 X 41
288 3 X 96, 4 X 72, 6 X 48, 8 X 36, 9 X 32, 12 X 24,
16 X 18, 18 X 16, 24 X 12
289 17 X 17
290 5 X 58, 10 X 29
291 3 X 97
292 4 X 73
293
294 3 X 98, 6 X 49, 7 X 42, 14 X 21, 21 X 14
295 5 X 59
296 4 X 74, 8 X 37
297 3 X 99, 9 X 33, 11 X 27
298
299 13 X 23, 23 X 13
300 3 X 100, 4 X 75, 5 X 60, 6 X 50, 10 X 30, 12 X 25
15 X 20, 20 X 15, 25 X 12

SOLUTION GIVEN KEY LENGTH PLUS A PROBABLE WORD IN THE

TEXT

Given the key-length, we are able to construct the hat

diagram; and the analytically juxtapositioning of the
matrix columns is facilitated greatly by a probable
word.

Given:

RCRKA LPTNA TALMO IDFNV TRTIN FLEFR IONOI WOPIE

CGOAF RDCUH OIAIT ELLPR IRPSN EYRRC IHITI OTWUO
IDSPF SOIEK GMN. (93)

Probable word = NEW YORK Key length = 9

Perform a monoalphabetic frequency distribution.

NEW YORK
652 1992
The Y is a gimme. Draw up the hat diagram based on key
length = 9.

1 2 3 4 5 6 7 8 9
T I C O I
T R O G I R H
R A T N O A P I S
C L I O A I S T P
R M N I F T N I F
K O F W R E E O S
A I L O D L Y T O
L D E P C L R W I
P F F I U P R U E
T N R E H R C O K
N V I C O I I I G
A T O G I R H D M
T R N O A P I S N

>From column 7 with the Y and column 1 with the K:

7 1
I
R
P
S R
N C
E R
N E W Y O R K
R A
R L
C P
I T
H N
I A
T

We add column 3 with the N, followed by 5 with the R, 6

matches the E, 4 the W, and 8 brings out RICHMOND.

2 3 6 4 7 9 5 1 8
I
O I R C H
T I O P S G I
T R A N S P O R T
A T I O N F A C I
L I T I E S F R O
M N E W Y O R K T
O F L O R I D A W
I L L P R E C L U
D E P I C K U P O
F F R E I G H T I
N R I C H M O N D
V I R G I N I A S
T O P

O A T
 R N

The message is read horizontally:

TRANSPORTATION FACILITIES FROM NEW YORK TO FLORIDA WILL

PRECLUDE PICKUP OF FREIGHT IN RICHMOND, VIRGINIA. STOP.

Barker presents two more special cases leading to the

General solution but the basic concepts have been
presented in this lecture. [BAR3]

DOUBLE COLUMNAR TRANSPOSITION CIPHER

Courville, Friedman and the Army Extension Course Text

No 166 discuss double transposition in copious detail.
Cryptanalysis of the double transposition is covered in
detail. Essentially the encipherment is polyphase and
the decryption hinges on sizing the matrices correctly -
especially the first transposition matrix. [COUR],
[FRE4], [ARMY]

AMSCO

The AMSCO Cipher is another type of incomplete columnar

transposition. Its column-letters are not limed to a
column of single letters, but rather alternating single,
double, single, double throughout the plain text length.
A numerical key is employed. For example:

3 1 4 2 5 2 4 6 1 5 3
TH E WE A RI T HE W EA R IN
N GO F DE C GO F DE C OR A
OR A TI V EM T IV E M ED AL
E DA L SW A SW A SC O MM O
SC O MM O NI N IN E NG L AN
N EN G LA N DD U RI N GT H
DD U RI N GT E RE I GN O FH
H ER E IG N EN R YT H EE I
OF H EN R YT G HT H
H EE I GH T
HX 1-2-1-2-1-2
2-1-2-1-2-1
2-1-2-1-2 1-2-1-2-1-2
1-2-1-2-1 2-1-2-1-2-1
2-1-2-1-2 1-2-1-2-1-2
1-2-1-2-1 2-1-2-1-2-1
2-1-2-1-2 1-2-1-2-1-2
1-2-1-2-1 2-1-2-1-2-1
2-1-2-1-2 1-2-1
1-2-1-2-1
2-1-2-1-2
1-2-1-2-1
2 (B)
(A)

In matrix (A) the alternating pattern of 2-1-2-1 follows

from one end of one line to the next line; but in matrix
(B) it is possible to have two 1's or two 2's in the
continuation from one line to the next. This is a
pecularity of this cipher. Solution is done similarly
to the incomplete columnar. Use of a probable word is
important for this cipher. Columns are extracted in
numerical order.

Example: Tip = PRECIOUS

NTTIN OENOE NTUSD PRTTE RIUUN TOLIV EDSIS ORDEW

LLTIL STSII CRTOL NKOOU XHKIG NALHE ENEOL ESERY
GSPDL SRWIO ANSWI AAENS LEIFS RHPSA FIHRR (115)

Solution:

Divide tip into alternative patterns.

-P RE C IO U S- PR E CI O US;

The ciphertext hits RE = none, IO at 89; PR at 16, CI at

33, US at 13. Accept 2'nd pattern with three hits.
Write in the ciphertext on both sides of the known pairs
to the extent of 8 - 9 letters.

UN IN
T O
OL EN
I O
VE EN
D T
PR E CI O US
S D
OR PR
D T
EW TE
L R
LT IU

We lightly cross out the used letters as we go along.

The existence of PR here, shows that the PR of PRECIOUS
- appearing just once in the cipher can not be used here
so our original assumption is wrong. Therefore the tip
is found on two lines.

We test the O's using the alternate pattern 1-2-1-2-1,

whenevr an O occurs and see what is plausible. O-54: O
LN K OO U XH gives CIOUS SLN*; O-58: O OU X HK gives
CIOUS SOUND OXPR*; O-59: O UX H KI gives CIOUS SUX*; O-
90: O AN S WI A gives CIOUS SAND; ORSPR DWIT EWATE,
which looks good so we write in the column. After EWATE,
the rows go bad indicating the bottom of the block.
Remember the first letter of the cipher of this type
will be found somewhere in the top row of the plaintext.
We extend our columns up to the first letter.

The final message is:

O RI E NT A LL
 UX U RY T EN T
H UN G IN S IL
KI T SP O L ES
G OL D EN I TS
NA I LS O FS I
L VE R EN R IC
HE D WI T HP R
PR E CI O US S TO
NE S AN D AF L
O OR S PR I NK
LE D WI T HR O
S EW A TE R --

Note the PR was not a bigraph but broken up -P R in the

line above.

MYSZKOWSKI

(Named after the famous flying Myszkowski family circus

high-wire act) is another incomplete columnar
transposition with an erratic method of taking out the
ciphertext letters. Keywords with repeated letters are
allowed and taken out in left to right order for the
repeated letters. In ciphertext 2-, 3- and even 4-
decimations are evidenced. A 3-decimation, 3 letters in
the keyword are repeated would give rise to every third
letter being at issue.

Solution is by period and probable word.

Keying examples:

F I C T I O N P A P I L L A
2 3 1 6 3 5 4 4 1 4 2 3 3 1
A M O O S E I A M O O S E I
S S O C A L L S S O C A L L
E D A S T H E E D A S T H E
W O R D I S S W O R D I S S
A I D T O M E A I D T O M E
A N C R O P P A N C R O P P
E R O R T R I E R O R T R I
M M E R F R O M M E R F R O
M T H E A N I M T H E A N I
M A L S H A B M A L S H A B
I T O F F E E I T O F F E E
D I N G O N T D I N G O N T
R E E B R A N R E E B R A N
C H E S - - - C H E S - - -
(A) (B)

Cipher (A)

OOARD COEHL ONEEA SEWAA EMMMI DRCMS SADTO IIONO

RTMFT AAHTF IOERH ILESE PIOIB ETNEL HSMPT RNAEN
AOCSD TRRRE SFGBS (95)

Cipher (B)
MISLD EOSIE NPRIM OTIAB TEITE NHOCO DTRRR ESFGB
SSEAL THISO MOPTR FRANH AFEON RAAOS OEAWR ADACE
OMEMH MLIOD NRECE (95)

Compare the keyword mixings for both ciphers and pick up

the decimation intervals.

As a partial example of the process:

Given: Keyword = ERMEDICAL, PERIOD = 6

UEIES OCOSH IEIDF AIPLH MLCAU SSRTT OTMUE NRAAN

NROSA XSREF KPNEL OINEN OCMII FOAGZ NADEM CLPRO
SITOM RMCYS NIIAA AKEFT OSINL ATTSQ ESHON YLETD
RTNEF TUESE BEMGA AICRT PONHG OEPAA HOARD RRAFR
NET (163)

Block size is known and may be drawn up as 6 X 27, plus

1.

O R I
N T E
N T O
C O M
I T I Trigraphs off these
F M A possibilities:
O U G
Z E N N T E (R)
A N D (I)NTO
E R M E D I C O M (M)
C A L I T I (ION)
P A R OUG (HT)
O N S (A or I) - ZEN
I N T PAR(T)
O R M
R O M
C S Y

The final key is: 3 5 4 1 3 2

Non repeated columns are removed exactly previously

discussed. Repeated letter columns give rise to the 2-
or 3- or 4- decimations, so look at adjacent letters for
plain text.

CADENUS

The Cadenus is a double transposition type, employing a

keyword, as in columnar transposition, to shift the
order of the columns and in addition, to shift the
starting point of each column using the same key. The
second shift is accomplished by attaching a letter of
the alphabet to each row during construction. V and W
used together. The block must be complete and 25
letters long in each column.

Example:

EASY AESY
2134 1234
ASEV A SYST
EREL B RETO
IMIT C MTAT
ATIO D TLUS
NONT E OATL
HEUS F EEES
EFUL G FIYH
NESS H EASD
OFTH I FNMS
ECAD J CHBH
ENUS K NEUV
ISTH L SNPM
ATEV M TOFA
ERYM N RENU
ESSA O SEIE
GEMU P EIEL
STBE Q TARL
AMUL R MENT
TIPL S IEET
EOFT T OGEV
WENT U ESIT
YFIV VW FAIS
ELET X LTNG
TERS Y EEUV
LONG Z OWUL

Cipher:

SYSTR ETOMT ATTLU SOATL etc

Solution procedure:

1. Count the number of letters, divide by 25 = number of

columns.

2. Write the cipher into the block by horizontals.

3. Write the probable word and examine the cipher block

for correct letters. Anagram.

4. When the entire block has been constructed, find the

beginning of the plain text and rewrite the block.
Place the alphabet at one edge of the block and note
the keyword.

AUTO-TRANSPOSITION

The auto transposition cipher is a multiple trans-

position by groups with a keyword controlling the first
cipher group. The letters of each group in turn are
converted into a numerical sequence. In some cases,
anagraming is an aid, but not always.
To encipher, select a keyword of any length and write in
the plaintext under it. Skip a line and repeat the
plaintext with the first group under the keyword. Then
assign numbers to the keyword's letters in their order
of the normal alphabet. Using this resulting numerical
sequence apply it to the first group of the plaintext.
Continue in this manner through each consecutive group.

key:

F R A G I L E*W H E N M E M*B E R S O F A*N O R G A N I

3 7 1 4 5 6 2*7 3 1 6 4 2 5*2 3 6 7 5 4 1*4 6 7 2 1 5 3

Plain:
W H E N M E M*B E R S O F A*N O R G A N I*Z A T I O N G

Cipher:
E M W N M E H*A R B F S E O*O R N I A G N*I N G A Z O T
1 5 7 6 4 2 3 1 6 2 4 7 3 5 ...

The complete cipher may be written in either groups of

five or its true period length. A tip is essential.
Placing the tip is an easy exercise and recovering the
text after the tip is straightforward but not before it.
Anagramming is essential to the solution.

Given: Period = 6, Tip = EIGHTEENEIGHTYSEVE(N)

RHEPTE SCDESE ROOFTO ACYDOS UMREPT WASASS TTTIAS

LIMCAA NICEIH NENEVT BTDOUA GEIHET EGEIHN TEYVSE
RSONUF IENCMO ILNPGI IHUENT TETASD ESECNT GUFSSE
(150)

The tip is found in groups 12, 13 and part of 14.

Cipher

G E I H E T E G E I H N T E Y V S E
1 5 3 4 6 2 1 6 2 5 3 4
Plain
E I G H T E E N E I G H T Y S E V E
1 5 3 4 6 2 1 6 2 5 3 4 4 6 3 1 5 2

Cipher text is:

THE PREDESSOR OF TODAYS COMPUTERS WAS A MACHINE INVENTED

ABOUT EIGHTEEN EIGHTY SEVEN FOR USE IN COMPILING THE
UNITED STATES CENSUS.

Example of the mechanism is:

7 3 1 6 4 2 5
B E R S O F A Plain
1 2 3 4 5 6 7

= A R B F S E O Cipher
GRILLE / TURNING GRILLE

Friedman, Masterton, Bowers, LEDGE, Elcy as well as OP-

G-20 cover the Grille in detail. [FRE4], [OP20],
[MAST], [LEDG], [BOW1], [ELCY].

The grille is an ingenious transposition which the

'stuff that spy used in the field' are made of.
Cryptographic grilles are stencils cut with holes for
the purpose of uncovering a small part of the paper that
the plain text is written on. Generally, both
correspondents have identical grilles and know the
routes in and out of the grille to inscribe / transcribe
the plain /cipher text.

There are eight positions that the grille can be turned,

two sides and four 90 degree turns.

Lets illustrate with a 6 X ^ square and the message

SORTIE WILL COMMENCE AT MIDNIGHT FOUR JUNE

Let open apertures be shown as O and closed be shown by

X.

GRILLE 1st Position

1 2 3 4 5 6 1 2 3 4 5 6
1 O O 1 S O
2 O 2 R
3 O O 3 T I
4 O 4 E
5 O O 5 W I
6 O 6 L

2nd Position 3rd Position

1 2 3 4 5 6 1 2 3 4 5 6
1 L 1 A
2 C O 2 T M
3 3 I
4 M M E 4 D N
5 N 5 I
6 C E 6 G H

4th Position Complete Inscription

1 2 3 4 5 6 1 2 3 4 5 6
1 T F 1 A S T O L F
2 O 2 R C T O M O
3 U R J 3 U I R T J I
4 4 D M N M E E
5 U N 5 U W N I N I
6 E 6 C E G E H L

Cipher may be taken out by any route.

ASTOL FRCTO MOUIR TJIDM NMEEU WNINI CEGEH L.

To decipher we reverse this process. We may anagram the
letters to form another sequence of letters that are
intelligible. We assign numbers to the cipher text to
facilitate the process. We look for our invariable
combinations like QU and CK. These form a good starting
point. Grille positions are 180 degrees reciprocals. We
can write the grille message out and then reverse the
message under it to have reciprocal positions in the
square line up vertically.

Problem:
ARUDU CSCIM WETTR NNGOO TMIEL MJENH FOIEI L

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
A R U D U C S C I M W E T T R N N G O O T
L I E I O F H N E J M L E I M T O O G N N

22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
M I E L M J E N H F O I E I L
R T T E W M I C S C U D U R A

Each anagram formed with letters on one of these lines

corresponds with the reversal of the other plain text
formed on the other line. The partial recovery of the
plain by anagraming might proceed as follows.
(only correct trials are shown)

34 17 22 34 17 22 34 17 6 25 8 32 10 22 34 17 6 24
E N M E N M E N C L C O M M E R C E -->
U O R U O R U O F E N U J R U O F T <--

The plain text will break after just nine letters,

because the grille used was of that capacity.
When one fourth of the total number of letters in the
cipher text have been anagrammed without a break in the
plain text on either line, the letters which were
originally inscribed in reciprocal positions of the
grille have been found.

The grille used in this problem may be reconstructed by

numbering the cells of the square of 6 x 6 in the normal
manner and then cutting out the cells numbered according
to the series found 25-8-32-10-22-34-17-6-24.

SWAGMAN / LAZY SWAGMAN TRANSPOSITION

An Australian version of the Tramp, the Swagman uses a

keying square composed of somewhat random arrangement of
digits between 4 - 8 wide wherein the digits have no
repeats within either row or column.

3 2 1 4 5
1 5 3 2 4
2 4 5 3 1
5 3 4 1 2
 4 1 2 5 3

The plain text is written horizontally to form a

rectangle commensurate with the width selected - here 5
X 5. If necessary, nulls are added to complete the last
letters of the rectangle, which must be a multiple of
the width of the square.

Suppose we have a short "message" and a corresponding 4-

width box:

T H I S I S A N E X 2 3 1 4
A M P L E O F T H E 3 2 4 1 4 X 10
S W A G M A N T R A 4 1 3 2
N S P O S I T I O N 1 4 2 3

The first column of each box is rearranged according to

the first column of the square - thus T is put to the
2nd row (as I and E of the other boxes will be) A is put
on the third, S on the fourth, and N on the first. Then
H(and S and X) get put on the third row, M on the
second, W on the first, and S on the fourth - since the
second column of our digital box is 3 2 4 1 . And so on
to form the intermediate version:

N W I L S A A T O A
T M P G I O T T E E
A H A O E S N I H X
S S P S M I F N R N

The final cipher is taken off vertically:

NTASW MHSIP APLGO SSIEM AOSIA TNFTT INOEH RAEXN

Lets look at a problem:

POGTC VEEIO AIROR LLDLE NOWGP AIAAN FNGTA THATL

ICTPN HUEAX YGELA DIDAN EUNMB ILANT RRICM EAMIG
LAMPA RTASR POOOA LUPDO BROAS ESELA NSNQL ODUHC
EIAAS CGDSO ORREM BTOWI SOUS.

The crib is Caesar UXPFMP which is TWOELO.

POGTC VEEIO AIROR LLDLE NOWGP AIAAN FNGTA THATL

o ee ll o
ICTPN HUEAX YGELA DIDAN EUNMB ILANT RRICM EAMIG

LAMPA RTASR POOOA LUPDO BROAS ESELA NSNQL ODUHC

EIAAS CGDSO ORREM BTOWI SOUS.

t w o
Since there are only a couple of W's, we look for all
the other letters of the crib in ORDER around that area,
find them. We come up with a width which puts each
letter in consecutive columns. The unique TW and final
O narrow things down.

The break is at position 138, or one position removed.

138 is a factor of 6. We find as we put one letter in
each several consecutive boxes , we prepare a worksheet
of cipher text 6 deep.

P E R L P F H T A A E L I I A P U O I L E G R W
O E O E A N A P X D U A C G R O P A A O I D E I
G I R N I G T N Y I N N M L T O D S N D A S M S
T O L O A T L H G D M T E A A O I E S U A O B O
C A L W A A I U E A B R A M S A B S N H S O T U
V I D G N T C E L N I R M P R L R E Q C C R O S

One row of the key must be 2 1 5 4?? and the key row
above it must be ????51.

The message is about an elphant. GARGANTUAN MAMMALIAN

HERBIFORE PACHYDERMATOUS QUADRUPED WITH PLANT I GRADE
LOCOMOTION, A FLEXIBLE PROBOSCIS, TWO LONGATED INCISORS,
ALSO OSCILLATING AURAL APPENDAGES.

3 5 1 6 4 2
6 4 3 2 1 5
1 2 6 5 3 4
5 3 4 1 2 6 KEY
4 6 2 3 5 1
2 1 5 4 6 3

ZIMMERMAN AND CIPHER 0075

Arthur Zimmermann, the German foreign minister sent a

message to Mexico that put the US in a fury. German
cryptographers used a cipher known to them as 0075. The
message sent was:

C:CTLTZ EMRTH IERSI TNAII WETXC AAMOR OXCEA ATWOA

AONIZ NEETN MXASA LDINF ESZRC ATEIO GZFXA LAEIR
AOMBI OWEWW. (90)

Unfortunately for Zimmermann and the Mexicans, British

intelligence cracked 0075 and wired U.S. President
Woodrow Wilson the following information (paraphrased
here):

CONTENTS OF ZIMMERMANN CABLE FOR YOUR INSPECTION:

P:" CONFIRM THAT MEXICO WILL BE AWARDED TITLE TO ARIZONA

TEXAS NEW MEXICO IF MEXICO ENTER WAR AGAINST USA AZ AZ
AZ"

Encipherment:
The key = 0075 was used in a simple equation to obtain a
control key.

K=19999 +Key
---------- = Control Key
97

K=19999 +0075
----------- = 206.948536
97

All 10 digits are used and the period is ignored.

K= 2069484536

This series of digits is ranked according to the value

of each digit and its place in the series. Zero = 10.

K = 2 0 6 9 4 8 4 5 3 6 control key
K = 1 10 6 9 3 8 4 5 2 7 ranked control key

The plaintext is written below the ranked control key ,

ten letters to the line, but are written into as
opposed to out according to the ranked control key.

K = 1 106 9 3 8 4 5 2 7
C A R H N T F I O M (C O N F I R M T H A)
T L C I E W X I M O
L D A E E D A W B R
T I T R T A L E I O
Z N E S N A A T O X
E F I I M O E X W C
M E O T X N I C E E
R S G N A I R A W A
T Z Z A S Z A A U A
1 2 3 4 5 6 7 8 910 (RE-RANKED KEY)

Next we re-rank below the columns the control key, in

this case a straight series 1...10. We take out the
columns by this new order and divide into groups of 5.

Ciphertext:

CTLTZ EMRTH IERSI TNAII WETXC AAMOR OXCEA ATWOA

AONIZ NEETN MXASA LDINF ESZRC ATEIO GZFXA LAEIR
AOMBI OWEWW. (90)

We have a double transposition. The primary drawback is

that the plain text is out in the open (albeit
scrambled). In the above cryptogram, the probable word
MEXICO with the X is a good start.

SOLUTIONS FOR LECTURE 15 PROBLEMS - Taken from OP- 20 -G

course:
15-1. Naval Text. Recover Keys.

J Z S S W B P D Z Z L F O M E K Q P D J H C K U M C

A B C O O X M Y S I I G B S G G Y V D S W A J O Q E

K U P W K N J K C C H W O Z Q Q B P Y N V J J O Q E

K U C D S L R W C F Q I A V M S R S I X Y T P O P G

D H U V N K V K C Y Y A L R Q O O Q D N Z C G L R E

K F H Q R N J B.

The text appears in lines of 26 letters, which was

determined as the key length by factoring. This is an
example of a regular progressive cipher. We reconstruct
the cipher component from symmetrical sequences. The
symmetrical sequences found, with their space
relationships in the cipher component are:

(K U) M C A B C O O X M Y S I I - 5
(U P) W K N J K C C H W O Z Q Q

S S W B P D Z Z - 7
Y Y A L R Q O O

C D S L R W C (F Q I) - 22
R E K F H Q R (N J B)

The letters in parentheses are assumed to belong to the

symmetrical sequences but must be checked.

The reconstruction progresses through stages to give:

1234567891011121314151617181920212223242526 Interval
O Z 7
Y O C K S Z 5
H R C 22
H X 5
P R 7
-------------------------------------------
PY H OR C K S XZ (combined)
P K U 5
B J L (assumed)
NB FIJ L Q W 22
A N M W 5
D Q 7
E D Q 22
-------------------------------------------
PY(T)HA(G)OREN BCDFIJKLMQSU(V)WXZ (combined)

The cryptogram is then converted to the basis of one

cipher alphabet. This conversion process makes use of
the known shift between components of the cipher
alphabet, reducing each letter to is equivalent value
had the components not been shifted during encipherment.
The shift is done based on the square table.

Similar to a Viggy:

1 PYTHAGORENBCDFIJKLMQSUVWXZ
2 YTHAGORENBCDFIJKLMQSUVWXZP
3 THAGORENBCDFIJKLMQSUVWXZPY
4 HAGORENBCDFIJKLMQSUVWXZPYT for additional sliding
. ..... sequences
.
.
.

Line 1
J Z S S W B P D Z Z L F O M E K Q P D J H C K U M C
Converted
J X M L Q G S G L K R T S G S Y H N S V N K S X S D
Plain
M Y P O S I T I O N L A T I T U D E T W E N T Y T H

Line 2
A B C O O X M Y S I I G B S G G Y V D S W A J O Q E
Converted
A N N H T Q D S D G A S X R L K C G S Y H N Q N U N
Plain
R E E D A S H T H I R T Y L O N G I T U D E S E V E

The primary cipher alphabet for this problem is

Plain
Q U A D R I C L B E F G H J K M N O P S T V W X Y Z
Cipher
P Y T H A G O R E N B C D F I J K L M Q S U V W X Z

These sequences are constructed from the words

quadricular and pythagorean, both names for the square
table used for Viggy and other encipherments.

15-2. Naval Text.

A U V Z I S Z F B F Y E I R B I O W A O Y J L B L D
A T T W E N T Y T W O T W E N T Y F I V E O P E N E

D G K U I T T Z B D B E Q I O C J R F W X D Y H G M
D F I R E O N S T U R T E V A N T A N D D I C K I N

S P P I S W Y P F V S Y G G S H Q K L A L Z A Q F N
S O N F O R S I X M I N U T E S A T T H R E E T H O

U T C Q H D G Y L B Z P D V C S J N W G N T P T M S
U S A N D Y A R D S P E R I O D T W E N T Y T W O T

H J T W C K O C M X Z P Z R R U Y I W H H M E Z F L
H I R T Y F I V E O P E N E D F I R E O N R I C H M

O C F I S W L P D N W T Z H H T I R L Y I P N Q F N
O N D F O R F I V E M I N U T E S A T F O U R T H O

U T C Q H D G Y L B Z P D V C S J N W G N T P T M E
U S A N D Y A R D S P E R I O D T W E N T Y T W O F

O S V B W J B L V X Z P Z R R U Y I W H H P L P F T
O U R T Y S E V E N O P E N E D F I R E O N U P S H

R B P G X B U L V N W J P R H I H F Q X L N B L P S
U R A N D T W O E N E M Y D E S T R O Y E R S F O R

H J T W I J T T Q W E E Q F O I I Z P M B J Q P Y M
H I R T E E N M I N U T E S A T S I X T H O U S A N

D U Q W A T Z O W D C L Z Q M P U K.
D T O T W O T H O U S A N D Y A E T

LECTURE 16 PROBLEMS

1. Complete columnar transposition.

WKAII GLFGA TEYHN ONSOH LGIRI IAAIR LGAMO

IMHSF IDFGW NNEYH NEFNH SLNSE THS. (63)

2. Nihilist transposition.

UCTEO UAMAA LTDMI SUDDS SISNU OLNNH AALTA

EYELB NEANU NRAPH SNENX ESTAE ASJH.

3. Incomplete columnar

IENOR RENHR NAITI ETTEC FCOIP TREYA RCHTH

SPOAL YONCW SNARL TEESN TOYEL ERSOL UAIOE
VEPOR LNRTS HIMIM E. (relatively)

4. Myszkowski. Battlefield.

YIITU HSATS OIRLF TSTFD NCUAW WGSUS NYATO

EBEHR GIPNP OUSOM ELEPO YOONR AYOIO URTES
UTNAA ILWIR EAEAN RAADP E.

5. Amsco.

HENTI DAHOS CLOSN PRNSA FENTT TIOAM LROTE

RTLEI ANCSC RCISO EMGRI YOUIT EMTAC AIAME
ILIVI SPAEW AMIFA. (propaganda)

6. Tramp.

CGHES NOONE NAETT SHTIA NEQCB AWRSI LTAOH

OAUEY OCENA TOMRT HAEFO ROEAU PLNSD STHIG.
(QCTCLYAPMQQ)

7. Cadenus.
 IRHRC GRETR ESDEE OFOWN ETLNS EOTIG IMNEI
TSONH LTIID DVLTS NIADS LSRAM TSORU HSCNE
DNIHU EAGCD IGIRS WSLSH BITNI IHNNH DNICD
ACGEV NGOEL YBADY OALOS. (circles)

8. Railfence.

TOEYC SOEFO MSAHH RMOYU LDTAC LATYA LFLME

EBGOP VIPRV IEEVS ALUDO WTGIG THILL CONT.

9. Redefence. Astronomic improbability.

tip = THE MOON TO

REOEN IOFGS AITWE UMTBA PITNP ACOUH OTICN

SAGFP TRLEE HTREN MROOH LEORN SIVSE ONTAC
SRSEL TUERS HDTRO AGYAH TRAON LE.

10. Turning grille.

TIP = the most serious and; NQEJPGUU

STTAH IRNED GSERL GEOGM AETON ENBIE DOTNH

EAEOS MSTFI LSOCI OEHST SNIER CNTEN SHTEC
SOIOS LHOAU SUSIS EANWA TMNER BOECD OSKRC
MSILT EONMB TLAEA CTNID DIEKD OFNMF AXVEF
ESEU.

11. Swagman. Agreeable toil.

NNWTI HYORS TEKKR IENII VNLSN LOTOO SLAVT

RETSI ROSIM KSCFR SEEAO OMTAC HETTI IWEVO
RHEII N.

REFERENCES AND RESOURCES

(I will append to a future lecture.)

From [email protected] Jan 5 08:24:57 1997

Date: Sun, 5 Jan 1997 02:51:51 EST
From: "Randy Nichols, ACA President (1994-1996)" <[email protected]>
Reply to: ACA-L <[email protected]>
To: [email protected]
Subject: LECTURE 22

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

04 JANUARY 1996
Revision 0

COPYRIGHT 1997
ALL RIGHTS RESERVED

LECTURE 22

CIPHER MACHINES II
 HEBERN'S "COMMERCIAL PORTABLE CODE" MACHINE AND
THE ELECTRONIC CIPHER MACHINE MARK II (ECM MARK II
or SIGABA)

SUMMARY

Lecture 21 opened up a hornet's nest. Lecture 22 (in

response to student E-mail) covers cipher machine
history and specifically, two more cipher machines -
both electric rotor designs at different ends of the
cryptosecurity scale : the simple one rotor Hebern
"Commercial Portable Code Machine" and the Navy ECM Mark
II (for Electronic Code Machine Version II designated
SIGABA by Army) machine to illustrate further
cryptographic principles surrounding the era of cipher
machines. We develop our subject via a select group of
references and assistance from the National Maritime
Museum Association. [DEVO], [FR8 ], [NICH], [DAWS],
[KULL] We will look at the ECM Mark II within the
purview of the USS Pampanito (SS-383) and her place at
war.

ACKNOWLEDGMENTS

Special acknowledgments for material excerpted in this

lecture are made to Dr. Richard Pekelney, Dr. Cipher A.
Deavours, Dr. Louis Kruh, Donald Dawson, U.S. National
Archives and Records Administration (NARA), National
Maritime Museum Association (NMMA), USS PAMPANITO
(SS-383) and Director, NSA Cryptological Museum.

INTRODUCTION TO MACHINE CRYPTOGRAPHY

If we examine the 1,769 cryptography related patents

issued between 1861 - 1980, we find that the 1920s were
the most productive era. Six inventors shined. They were
Arvid Gerhard Damm, Edward Hugh Hebern, Hugo Alexander
Koch, Arthur Scherbius, Willi Korn, and Alexander von
Kryha. 22 US patents are credited to this group during
the decade. William F. Friedman's name joined the list
in the 1930s. Herbern was the most prolific being
credited with 9 US patents.

The first cryptographs produced under Damm's patent were

clumsy and unreliable. The most important of Damm's
cryptographic ideas was a rotor invention under US
patent 1,502,376, July 22, 1924, but was never able to
exploit fully.

The rotor principle was, in one form or another, the

most widely used method of machine cryptography. The
rotors took two forms: pinwheel rotors and wired rotors.
We have looked at the pinwheel variety with 'active' and
'inactive' projecting positions in Lecture 21. The
wired code-wheel is a disk constructed of some non-
conducting material having on each face, a series of
equally spaced contact studs which are interconnected so
that the current entering on one face will be switched
to exit from a different position on the other face of
the rotor. Each face may have 26 studs (26 letters). The
rotor acts as an electrical commutator (i.e. switch) and
essentially causes a monoalphabetic substitution. By
moving the rotors or employing a cascade of rotors,
repeated substitutions can be obtained and varied to
produce polyalphabetic ciphers of great complexity.

Boris Caesar Hagelin, an employee of Damm's, created the

B-211 cryptograph which used two electrical rotors in
conjunction with four pinwheel rotors to sell the first
commercially successful cryptograph.

By the WWI, the wired rotor was an idea whose time had
come. Without knowledge of each other, Damm and three
others conceived of using the wired rotor for crypto-
graphic machines. In 1917, Edward H. Hebern created his
famous Electronic Code machine under patent 1,510,441
awarded on September 30, 1924. This machine influenced
greatly the America cryptosecurity systems throughout
WWII. Hebern's rotors had the 26 contact A-Z sequence.
To Hebern must also go credit for the idea of wiring
rotors according to the "interval method". Up to Hebern,
designers randomly connected the contacts to each face
of the their rotors. Hebern chose his wiring to produce
as flat a polyalphabetic frequency distribution as
possible. The interval method of wiring rotors was used
in the ECM.

An example of the interval procedure of wiring a rotor

is:

Given:

Input Contact:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Output Contact:

G A D B O C T K N U Z X I W H F Q Y J V P M E L S R

The displacement which is defined for any input contact,

measures the shift taken by the current traversing the
rotor. So:

AG 06 BA 25 CD 01
DB 24 EO 10 FC 23
GT 13 HK 03 IN 03
JU 11 KZ 15 LX 12
MI 22 NW 09 OH 19
PF 16 QQ 00 RY 07
SL 17 TV 02 UP 21
VM 17 WE 08 XL 14
YS 20 ZR 18

Of the 26 possible displacements values, 0 to 25, every

displacement occurs in this set except 4, while
displacement 17 occurs twice. This is the construction
of the Hebern rotors.

The rotor machine destined to be the most famous of all

time was fathered by Koch and Scherbius. It was named
"Enigma." The machine attained its real potential in
patents held by Korn. Korn explicitly set forth the idea
of interchangeable rotors and allowed for reversability
of the rotor turning. On October 29, 1929, Korn received
US patent 1,733,886, which provided for a feed check
apparatus to ensure correct rotor positioning and
movement. In 1933 two more patents were issued for the
Enigma in final form. (See Lecture 9)

During the same period, German cryptographers were

altering Korn's commercial Enigma into a more secure
form. In England, the British modified the Enigma for
military use and called it the Typex. William F.
Friedman started development on a tactical level rotor
machine based on the Enigma. Friedman's machine, M-325
failed to work well under field conditions and was not
accepted. [ This is William F. Friedman's only failure.]

The Enigma was such a commercial success that many

countries bought the machine for use and study. The
Japanese Enigma known as GREEN machine had rotors
mounted on the top of the machine with characteristic
Japanese design eccentricity.

Probably the most mechanically and cryptographically

complex wired rotor machine was the American top-level
machine, known as the ECM Mark II or SIGABA (also known
as the M-134-C) in the Army and CSP - 888/889 in the
Navy. The devise was based on an idea by Frank Rowlett
and was considered insolvable, and that it was.

In 1924, Alexander von Kryha of Germany invented a

simple spring driven arrangement of concentric disks
which became widely used for 2 decades thereafter.
European interests used many of the Kryha machines in
banking, industrial and transportation industries.

During WWII, the Germans used the Kryha machine and the
US cryptographic teams successfully analyzed intercepted
diplomatic traffic. When proposed to be used in the US
Army, Friedman, Rowlett, Kullback, and Sinkov, solved an
untypically long test message of 1,135 letters to demon-
strate the weakness of the machines ciphers. Statistical
analysis was used extensively in the solution. ( See
Lecture 15.)

The Japanese actively pursued the development of machine

ciphers during the 1920s and 1930s. Their RED ORANGE and
PURPLE series were wired rotor machines based on the
Hebern machine and German Enigma. Their RED machine had
the distinction of being the first electromechanical
cipher device to be broken by the American crypt-
analysts.
While the German Enigma dominated the wired rotor
market, Hagelin designed a series of machines first for
the French and Russian Armies, the B-211, and then up
with the idea for using variable pin rotors in conjunc-
tion with a cage of horizontal bars containing lugs to
develop a new series of machines known as the 'C'
machines whose variations and elaborations are still
debated today. The most famous was the C-38 ( the number
indicates the year of release) which became the standard
low echelon cryptograph for both the Army (M-209) and
Navy (CSP1500).

During 1941-42, the Germans penetrated the C-38 traffic

successfully in North Africa. This is why the Americans
failed to maintain the tactical advantage in the earlier
battles. After WWII Hagelin ran Damm's old Swedish
organization and moved it to Switzerland under the name
Crypto AG. Hagelin's lug and pin machines were very
commonly used in embassies everywhere.

After 1931 the German's developed a series of cipher

teleprinters dubbed the Geheimschreiber (secret writer).
The story of the Polish attack -then British - then
American attack on the Enigma has been well documented.
The English expanded Friedman's coincidence calculations
publishes decades earlier to attack the Enigma. (See
Lecture 9).

In general, Axis code-breakers never scored regular

penetration of the C-36 or M-209 systems. The Americans
and British did a better job day-to-day on the details
of cryptographic security. It has been demonstrated that
failure to observe routine procedures in messages,
changing keys, all pointed to disaster. The machine
ciphers of the 1930s and 1940s were often more than
adequate to defeat normal cryptanalysis if used with
care. Even against today's computers, many of these
machines could still prevail.

The role of computing technology in cryptanalysis has

often been to aid in the rapid location of encipherment
blunders in intercepted enemy traffic. The most fruitful
cryptanalysis against the Russians in the 1980s and 90s
has resulted from this approach rather than from any
great conceptual advances caused by the development of
computers. [NICH]

By 1950, the increasing appropriations and diminishing

success of the US cryptanalytic effort in penetrating
high level Soviet and Eastern bloc cryptosystems forced
a reorganization of the communications intelligence
(COMINT) activities. At that time there were four
principal US cryptanalytical agencies: the Army Security
Agency (ACA), the Naval Security Group, the Air Force
security Services, and the Armed Forces security Agency
(AFSA). In practice all these groups worked
independently.
President Harry S. Truman directed the Secretary of
Defense to establish a committee to survey COMINT
activities in the US and to recommend actions.
Based on this committees report the National Security
Agency was formed via a secret executive order of
October 24, 1952. The NSA was given clear responsi-
bility over all US COMINT activities. The NSA has a
military Director and a civil deputy Director.

Cryptography is virtually all electronic in the US.

There is a tendency for our newer "sci.crypt" gurus to
believe that faster and faster machines and larger
storage devices could change the fundamental problems
facing cryptanalysts after WWII. They tend to forget
that the Third World's mail is the raison d'entre on
NSA. These systems are usually easier to crack than
those of the major powers and reveal much more
information of highest priority and importance. That
fact that cryptography is micro-computer based does not
take away some of the conflicting system design aims
just as decades ago.

HEBERN COMMERCIAL PORTABLE CODE MACHINE

The cryptanalysis of the one wire rotor Hebern machine

follows along the lines of that discused in the CSP1500
in Lecture 21. There are some interesting differences.
First of all, the setting up of the Rotor Generatrix
Tableau is based on diagonalization of a sparse matrix
rather than a horizontal or vertical solution.

Lets start with a one of Hebern's original rotors:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
---------------------------------------------------
F T Q J V A X M W D N S H L R U C O K B P E I G Z Y
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
---------------------------------------------------
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

The output wiring is the straight A-Z sequence.

As the plaintext letter S is entered from the keyboard
(top), the electrical current enters the rotor at the
19th position of row two, which is wired to the 11
position, or to the letter K. This determines the output
letter. Row two represents the permutation device. Thus
if the rotor remains stationary, a simple substitution
cipher is produced. For example, the plaintext SEND MORE
AMMUNITION becomes KVLJ HROV FHHPLWBWRL.

To increase security, the rotor turns one position

toward the operator before encipherment. In the diagram,
rows two and three, simulating the rotor, shift one
position to the right producing a second simple
substitution cipher alphabet. Both row one and four
never move during the encipherment process. The shift
looks like this:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
--------------------------------------------------
T Q J V A X M W D N S H L R U C O K B P E I G Z Y F
B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
---------------------------------------------------
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

This time the letter S plain enters the keyboard row 1

and the electrical current enters the rotor at the 19
position which is now the letter B. the currents
permutes to position 1 on row three. This results in
letter A. We now have a polyalphabetic substitution
problem because the rotor moves one position prior to
entering the letter for each plaintext letter.
The message SEND MORE AMMUNITION becomes:

S E N D M O R E A M M U N I T I O N
E <- D E Y V L H X J J V L R O T H V A C B
I <- H X C W G N G M M M S D S S O Y D J I
Q <- P G N I P D I P W B O H D S K C G J I
U <- Q N D H I U M O Z O R Y T V N L F P O
A <- Z K Z S U Y W A G O V Y P M R Y R F E

S E N D
D -> E E
E -> F Y
F -> G V
G -> H L

M O R E

H -> I H
I -> J X
J -> K J
K -> L J

L -> M V
M -> N L
N -> O R
O -> P O
P -> Q T
Q -> R H
R -> S V
S -> T A
T -> U C
U -> V B

The real problem is to reduce the rotor ciphertext to

monoalphabetic terms. Dawson (in a very badly edited
book) describes the interesting procedure of matching
diagonal alphabets or in chemical engineering
optimization terms matrix reduction by diagonalization.
The problem is easier if it is a sparse matrix. [NICH],
[DAWS]

Lets look at the Dawson procedure:

Given the following cryptogram generated from a single
rotor Hebern machine: ( I have rewritten the original
groups of 5 into 26 character lines "in depth")

XFSDOXIZYHSMDNJNJILAFINJLS
RZYTKIKQLVQFKKVLEJFDHIKIKR
AJPYLBTENHWCDESCLHXWTRIBJP
LWYUOEBLNSHRHHTPTJAETDOZQG
LMLJSIGLNNWAJHBLEOEMTVAEVD
XGGCZYWZNSLXYAHLLODDTDXCNJ
CKFLPIEZGZWCOGRHTEOXTDDGSN
LLQBLUAPQNQXPENHPSRXTDDGUS
XOMCJNWZSQFXIHVXPQLWYIEANL
DOWSSNPPTEEWJHZYRWZXITPUSZ
XUYISIGFVBCFIUBNJOVBSRAIGG
XXXLPHZLNSQXUKELTJAGKOYUSC
ROWHPYZDYUCAUBPPZARKFZDHSS
YXHIUDTYVZWFKQVJHZOMTVDHSS
GLTEZDKSOQFXEUEDTIAQVRTDZP
LLSEPHNDAQEXWMQSTEABFXKAIS
XHLPVPLPWHNDJUODMJOQHOOCGM
GLTQIHOLVNBMHORLRWRCFYPHQJ
CKGMZHZALMAWJBXXEQDATDMZNS
CRFGWHJSBKQHOARGBOULWVAJTX
UUEZPQKSBQEXMRPLWYGAURAASN
SXGGBBTBPNYMDXHHMIVDRRWAVZ
RHXDRNHZEHSXIKOAZUAGTLRGQK
LEADOZTBLHRWSIRPIZAGCXASGM
XFLDUHTSENIXUIRWUEOQTLMHTF
ZXEZUPAZXVCIOUTYRHKDTDOVWJ
SGMGBLTUPRWXONBDKNEUEYAEZJ
SEOYOPUZSLEPMTHDROSQFONJLW
OKYRDZTIVKAIPJRGYEATRTKITY
ZDSJUDTBZXFFRHTWTODDFIOATZ
MQPEAYGCGHPTIJUDKWDMBTUWVU
XKTIUIWZWVMXMPQPZPOXHLUNQL
QHZLPIJQNVRZPJHPZPOXHLUZVX
LWTJUBQQWSQWUYOPZPOXHLUZVX
YSPYOTNZTSBIPJHOZFKMWOOBZC
ZXQCXXNDWYNPOPXZBWBAQTXNFC
XHPCUDTGUGTRONUVNOFKJSXBNW
XFSBRLZUETHREEVWVYOVJRUCJF
XXPYOWGTGGLMBIHTEZLATYDGJJ
SKYISCTUVFNIMETYVYGXHJAINS
SKYISCTLNSQXIETPKWKYFXXMVA
GLTTOBNDGPNAPUUBZOZSFCMGGN
POQGLNNPYSWFNUNAWDMWHIAEIS
OQTBRLZDVKWCDUHPZSRZYOOGUS
DJTDUDTGYZVXDHTLUWFTFHRDBS
YJTRKILLVTTDEIHLUWZEFQBAFZ
UXMCBQTMLUTIOBPNHZALWVNGQC
ODYPIVIPZFEVJOKYRTRIFIIDIS
XUGVHXWZEHGXPKOARGRCYNAUSS
RXDCWHGQBFYAWKTNGNRETOXZVX
TXGCBAZABQTDCQVJASRJJJMUSZ
LEQBLEILLSRIYTHZXINYTTUGQL
MTSOXHAPYUQAWPXTZOVDJPIANA
RXQYRPJSFUACSOH
Each column therefore was enciphered by the same rotor
position, implying monoalphabeticity.

Step 1: Rewrite the ciphertext into columns matching the

turn-over position of the rotor movement. In the case
the rotor alphabet is known to be English and therefore
has a length of 26. If this information was unknown, we
would use the PHI test (Lecture 15) to determine the
length of the rotor alphabet. We verify:

Letter frequencies:

A 56 E 50 I 57 M 33 Q 47 U 58 Y 48
B 42 F 37 J 45 N 54 R 52 V 41 Z 68
C 33 G 52 K 36 O 62 S 66 W 52
D 60 H 63 L 67 P 61 T 81 X 72

Letters = 1393
Phi Values:
Observed = 77058
Random = 74653
Non-Random = 132621

Columns Phi(o) E(random) E(plain)

23 140.1 138.9 246.8

24 141.1 127.5 226.5
25 115.4 117.4 208.6
26 205.0 108.5 192.7
27 104.4 100.5 178.6
28 99.0 93.4 165.6
29 85.8 87.0 154.5

Step 2: The Frequency Tableau

First we take a frequency count of each column. Part A:

If the ciphertext was created by one of the Viggy's or
variants, we can skip part B. we would start matching
the columns based on the Viggy alphabets and
relationships. In the case of a single rotor machine,
this is not the case.
Part B: Match alphabets instead of matching columns (as
in the CSP1500 solution). We use diagonal alphabets for
the matching. The single rotor cipher machine generate
progressive alphabet sequences in the direction which
the rotor turns. Some single rotor devices can reverse
the direction of the turning rotor, in which case we
would generate diagonals in downward sloping form.
For third problem we will describe the standard rotor
rotation which develops upward sloping diagonals.

In order to make each of the 26 diagonal alphabets, the

frequency count in the form of an upward sloping
diagonals are used in place of the column frequency
count. See Figure 22.1.

Figure 22-1
Col A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

1 1 0 3 2 0 0 3 0 0 0 0 7 2 0 3 1 1 5 5 1 2 0 012 3 3
2 0 0 0 2 3 3 2 4 0 3 6 5 1 0 4 0 2 1 1 1 3 0 210 0 1
3 1 0 0 1 2 2 5 1 0 0 0 3 3 0 1 5 5 0 5 8 0 0 2 2 7 1
4 0 4 7 5 3 0 5 1 5 2 0 3 1 0 1 2 1 2 1 2 1 1 0 0 5 2
5 1 4 0 1 0 0 0 1 2 1 2 4 0 0 7 6 0 4 5 0 8 1 2 2 0 3
6 1 4 2 5 2 0 0 8 7 0 0 3 0 4 0 4 2 0 0 1 1 1 1 3 3 2
7 3 1 0 0 1 0 4 1 3 3 3 2 0 5 1 1 1 0 014 1 0 4 0 0 6
8 2 3 1 5 1 1 3 0 1 0 0 7 1 0 0 6 4 0 5 0 3 0 0 0 110
9 1 4 0 0 4 1 3 0 0 0 0 5 0 7 1 2 1 0 2 3 1 7 4 1 5 2
10 0 1 0 0 1 3 2 7 0 0 3 1 1 5 0 1 5 1 8 2 4 4 0 1 1 3
11 3 2 3 0 5 3 1 2 1 0 0 2 1 4 0 1 7 3 2 4 0 1 7 0 2 0
12 5 0 4 3 0 5 0 1 6 0 0 0 4 0 0 2 0 3 0 1 0 1 414 0 1
13 0 1 1 5 3 0 0 2 5 5 2 0 4 1 7 6 0 1 2 0 4 0 3 0 2 0
14 2 3 0 0 5 0 1 6 4 4 5 0 1 3 3 3 2 1 0 2 7 0 0 1 1 0
15 0 3 0 0 2 0 010 0 1 1 0 0 2 4 3 2 6 1 7 3 5 0 3 0 1
16 3 1 1 5 0 0 2 3 0 2 0 8 0 4 1 8 0 0 1 2 0 1 3 2 4 2
17 1 2 0 0 4 0 1 2 1 2 3 2 2 1 0 2 0 6 0 6 3 2 2 1 1 9
18 1 0 0 1 4 1 1 2 4 4 0 0 0 2 9 3 2 0 3 1 1 0 7 0 3 4
19 8 1 0 4 2 3 2 0 0 0 3 3 1 1 8 0 0 8 1 0 1 3 0 1 0 3
20 5 2 2 6 3 0 3 0 1 1 2 2 4 0 0 0 4 0 1 2 1 1 3 7 2 1
21 0 1 1 0 111 0 7 1 4 1 0 0 0 0 0 1 3 113 1 1 3 0 3 0
22 0 0 1 6 0 0 0 1 6 2 0 5 0 1 6 1 1 5 1 6 0 4 0 3 3 1
23 9 1 0 5 1 0 0 0 3 0 3 0 4 3 6 2 0 2 0 1 6 0 1 5 1 0
24 7 3 3 3 3 0 8 4 4 3 0 0 1 2 0 0 0 0 1 0 4 1 1 0 0 5
25 0 1 0 0 0 2 4 0 3 3 1 2 0 6 0 0 6 0 8 4 2 7 1 0 0 3
26 2 0 4 1 0 2 2 0 0 5 1 3 2 3 0 2 0 112 0 1 0 2 4 1 5

For example, the diagonal row one would consist of the

frequency of letter A from column 1, the frequency of
letter B in column 26, the frequency of letter C in
column 25, and onward to letter Z in column 2. This new
frequency distribution for the first row is shown in
Figure 22-2. The second diagonal row will begin with
the frequency of the letter B of the first column. Then
the frequencies for the rest of the second alphabetic
frequency distribution follows the upward slope as did
the first row. The same procedure is followed for all
balance of the frequency distributions.

Figure 22-2

Col A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

1 1
2 1
3 7
4 0
5 2
6 1
7 1
8 0
9 2
10 1
11 7
12 2
13 7
14 3
15 0
16 8
17 3
18 4
19 0
20 0
21 0
22 0
23 1
24 3
25 0
26 0

We can reevaluate the Phi values for each new diagonal

alphabet:

Diagonal Row #1 letter frequencies:

A 1 E 1 I 0 M 0 Q 7 U 1 Y 7
B 0 F 0 J 4 N 3 R 1 V 1 Z 1
C 0 G 0 K 3 O 7 S 2 W 2
D 3 H 0 L 8 P 2 T 0 X 0

Letters = 54
Phi Values:
Observed = 218
Random = 110
Non-Random = 195

letter count and Phi values for 26 diagonal alphabets:

Row # of letters Actual Phi

1 54 218
2 54 196
3 41 74
4 56 196
5 52 138
6 53 220
7 76 318
8 46 150
9 56 294
10 52 196
11 37 78
12 52 168
13 47 144
14 58 286
15 51 134
16 49 154
17 59 238
18 51 232
19 59 230
20 55 196
21 37 100
22 63 272
23 59 228
24 57 254
25 54 228
26 65 388

Step 3: Match the diagonal alphabets

The next step is to match the diagonal frequency

distributions. Several factors are considered in
determining the base or stationary alphabet. We examine
the Phi values and find the highest observed value
occurs at alphabet 26 with a value of 388. This is
usually the best place to begin, we check the observed
Phi versus the observed Phi.

E(0r) = 0.0385 (65) (64) = 160

E(0p) = 0.0683 (65) (64) = 284

The observed Phi for this diagonal alphabet is

noticeably higher than the expected value for a normal
English plaintext alphabet. This is not as odd as it
seems for a diagonal alphabet. The number of letters
will vary from 37 to 73 letters and this makes the
numbers skew somewhat high or low for observed values.
We might copy the base alphabet into a 27th position and
match all the remaining diagonal alphabets against it.

To match all the rest of the alphabets to the base, we

select the next highest matching diagonal alphabet and
combine their frequencies.

We start with the second highest observed Phi value and

compute values for comparison. The observed value for
row 7 is 318.
So:

E(0r) = 0.0385 (76) (75) = 219

E(0p) = 0.0683 (76) (75) = 389

The observed Phi is approximately the midpoint of these

two. We also take the third value from row 9 and
calculate its Phi values.

E(0r) = 0.0385 (56) (55) = 118

E(0p) = 0.0683 (56) (55) = 210

The observed value of Phi is 294 is higher than the

expected Phi for English text. Therefore this is a
better choice (row 9) and is made the first alphabet to
match to the base alphabet.

We can confirm this choice with the X test from Lecture

15. We match alphabets 27 vs 7 and 27 vs 9 for all 26
positions:
 27 vs 7
A 168 N 156
B 185 O 136
C 147 P 165
D 227 Q 182
E 167 R 241
F 192 S 178
G 353 T 207
H 166 U 202
I 180 V 266
J 228 W 238
K 169 X 136
L 169 Y 178
M 155 Z 149

E(Xr) = 190
E(Xp) = 337

27 vs 9
A 128 N 131
B 173 O 169
C 100 P 130
D 128 Q 136
E 365 R 183
F 137 S 195
G 134 T 152
H 200 U 190
I 110 V 114
J 81 W 103
K 141 X 99
L 86 Y 154
M 48 Z 53

E(Xr) = 140
E(Xp) = 248

The results confirm that diagonal alphabet 9 is the best

alphabet to join the base alphabet, which is the copy of
the 26th alphabet. The base alphabet will remain
stationary throughout the matching process. The results
of the combined frequencies are as follows:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
26- 2 1 3 5 011 3 0 4 2 0 0 1 1 0 1 5 0 514 1 1 0 2 0 3
E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
9 0 0 5 4 0 5 1 0 4 1 0 0 0 0 0 2 3 0 314 2 3 1 3 0 5
======================================================
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
27: 2 1 8 9 016 4 0 8 3 0 0 1 1 0 3 8 0 828 3 4 1 5 0 8

Total letters = 121 Random Phi = 559

Observed Phi = 1412 Plain phi = 993

We add the frequencies of the individual letters to get

a new total base component. As the total letters
increases the probability of a correct match increases.
The matching process continues for every letter in the
diagonal alphabets. The next addition would be row 7 and
the best letter to match is G:

old A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
27- 2 1 8 9 016 4 0 8 3 0 0 1 1 0 3 8 0 828 3 4 1 5 0 8
G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
7 3 0 3 3 3 5 0 0 8 3 0 0 1 2 4 1 7 1 510 3 4 0 5 2 3
======================================================
new A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
27: 5 11112 321 4 016 6 0 0 2 3 4 415 11338 6 8 110 211

Total letters = 197 Random Phi = 1486

Observed Phi = 3062 Plain phi = 2641

and so on for the balance of the diagonal alphabets.

Step 4: Construct the Reduction Tableau

The next step involves the construction of the reduction

tableau from the results of matching the diagonal
alphabets. We write out the base alphabet into the
tableau starting at letter A and continuing in an upward
sloping manner. All the other diagonal alphabets are
written in the same way beginning with the matching
letter to the base alphabet letter A. If the reversing
rotor was used than the slope of the alphabet lines
would be right and down. This tableau is the basis for
reducing the polyalphabetic single rotor ciphertext into
monoalphabetic terms. See Figure 22-3.

Figure 22-3

1 2 3 4 5 6 7 8 9 10 15 20 26
Col A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

1 V A W T R O M I M H F D A Q Z V S Q N L T J G E C Z
2 Z V S Q N L H L G E C Z P Y U R P M K S I F D B Y U
3 U R P M K G K F D B Y O X T Q O L J R H E C A X T Y
4 Q O L J F J E C A X N W S P N K I Q G D B Z W S X T
5 N K I E I D B Z W M V R O M J H P F C A Y V R W S P
6 J H D H C A Y V L U Q N L I G O E B Z X U Q V R O M
7 G C G B Z X U K T P M K H F N D A Y W T P U Q N L I
8 B F A Y W T J S O L J G E M C Z X V S O T P M K H F
9 E Z X V S I R N K I F D L B Y W U R N S O L J G E A
10 Y W U R H Q M J H E C K A X V T Q M R N K I F D Z D
11 V T Q G P L I G D B J Z W U S P L Q M J H E C Y C X
12 S P F O K H F C A I Y V T R O K P L I G D B X B W U
13 O E N J G E B Z H X U S Q N J O K H F C A W A V T R
14 D M I F D A Y G W T R P M I N J G E B Z V Z U S Q N
15 L H E C Z X F V S Q O L H M I F D A Y U Y T R P M C
16 G D B Y W E U R P N K G L H E C Z X T X S Q O L B K
17 C A X V D T Q O M J F K G D B Y W S W R P N K A J F
18 Z W U C S P N L I E J F C A X V R V Q O M J Z I E B
19 V T B R O M K H D I E B Z W U Q U P N L I Y H D A Y
20 S A Q N L J G C H D A Y V T P T O M K H X G C Z X U
21 Z P M K I F B G C Z X U S O S N L J G W F B Y W T R
22 O L J H E A F B Y W T R N R M K I F V E A X V S Q Y
23 K I G D Z E A X V S Q M Q L J H E U D Z W U R P X N
24 H F C Y Z D W U R P L P K I G D T C Y V T Q O W M J
25 E B X C Y V T Q O K O J H F C S N X U S P N V L I G
26 A W B X U S P N J N I G E B R A W T R O M U K H F D

Note the diagonal symmetries.

The reduction tableau is used in a different manner than

say a Viggy square. In the Viggy square, the
intersections of the columns and rows are the ciphertext
equivalents. This is not true for the rotor reduction
tableau of Figure 22-3. Instead, the intersection of the
diagonals and the columns are used to locate the
ciphertext. For example, the letter E in the 25th row of
column A is actually the letter E from the 21st row and
the fifth column. While the V in the first row of column
A is actually the letter V of the 6th row and the 22nd
column. The actual work of reducing a single rotor
ciphertext letter into a monoalphabetic letter is not
the same.

The most important part of this tableau is the first

letter in each diagonal alphabetic sequence of the first
column labeled A. The is especially true in the case of
a reversing rotor.

Step 5 . Monoalphabetic ciphertext

The value of each ciphertext letter needs to be

clarified. Each letter contains two distinct values. The
first value is known as the positional value and is
based on the position of each letter in the alphabetic
sequence, A=1, B=2...Z=26.

The second value is the displacement value and

represents the distance from the first letter in the
alphabetic sequence. D has a positional value of four
and a displacement of three. Displacement values range
from 0 - 25 in English. See Figure 22-4.

Figure 22-4

Positional Letter Displacement

Value Value

1 A 0
2 B 1
3 C 2
4 D 3
5 E 4
6 F 5
7 G 6
8 H 7
 9 I 8
10 J 9
11 K 10
12 L 11
13 M 12
14 N 13
15 O 14
16 P 15
17 Q 16
18 R 17
19 S 18
20 T 19
21 U 20
22 V 21
23 W 22
24 X 23
25 Y 24
26 Z 25

When addition or subtraction is performed during the

reduction operation, it modulus 26. These two values
along with modular (complete cycle) arithmetic, is used
to find which diagonal alphabet is being used for the
monoalphabetic equivalent. The correct selection of the
diagonal alphabet is based on the position of the rotor
and the letter's displacement value.

d = (r + cd) (mod 26) forward rotor eq 22-1

d = (r - cd) (mod 26) reverse rotor eq 22-2

Now the first letter in the cryptogram is X.

Substituting the values from Figure 22-4.

d = (r + cd) (mod 26)

= (1 + 23) (mod 26)
= 24

The letter at the head of the 24th alphabet is H and has

a positional value of 8. Next, follow this sloping
diagonal alphabet up to the letter X to obtain the
proper intersecting column which is Q at the head of the
column.

This is also true by the following equation:

mp = (1 - D(dp) ) + cp) (mod 26) eq 22-3

where: D(dp) is the positional value of the letter in

row d, and cp is the positional value in the ciphertext
letter in the text.
 mp = (1 - 8 + 24) (mod 26) = 17 = Q

This equation also works for the reversing rotor.

We repeat this step until all the ciphertext letters are

replaced by their monoalphabetic letters. A new
frequency distribution and Phi test is calculated to
verify the results.

letter frequencies:

A 31 E 28 I 109 M 17 Q 154 U 58 Y 22
B 14 F 121 J 42 N 18 R 11 V 94 Z 71
C 45 G 27 K 1 O 31 S 93 W 0
D 93 H 0 L 1 P 39 T 195 X 71

Letters = 1393
Phi Values:
Observed = 136660
Random = 74653
Non-Random = 132621

You might guess that the T = E and the Q = T ?

Figure 22-5 shows the first three ciphertext lines

converted:

CT X F S D O X I Z Y H S M D N J N J I L A F I N J L S
MT Q Z T X T D X T S F Y F X S C T J I V I F S P D N T
P T H E R E A R E N O B O R N D E C I S I O N M A K E

Where CT = ciphertext, MT = reduced to monoalphabetic

terms, P = plain.

CT S E O Y O P U Z S L E P M T H D R O S Q F O N J L W
MT X V M Z T Q Z T X M T U I N T I Q F X S F Q P D N I
P R S W H E T H E R W E L I K E I T O R N O T M A K I

CT R Z Y T K I K Q L V Q F K K V L E J F D H I K I K R
MT S E D J Z F I J T I V D A D X Q F O Y T I S E Z G P
P N G A C H O I C E I S A P A R T O F B E I N G H U M

I leave the rest to the student to solve.

HISTORY OF THE ECM MARK II

The ECM Mark II (also known in the Navy as CSP-888/889

or SIGABA by the Army) is a cipher machine used for
sensitive communications. According to the National
Maritime Museum, it was used aboard USS Pampanito to
encipher messages from plain text into cipher text under
the control of a key (encipherment). A cryptographic
system consists of the combination of cipher machine,
operating procedures and management of keys. If the
system is well designed and implemented correctly,
cipher text can only be converted back to plain text
(deciphered) by someone with all three elements of the
system.

In early September 1944 U.S. Fleet Radio Unit Pacific

(FRUPAC) in Hawaii recorded a Japanese cipher radio
message that originated from Singapore. Unknown to the
Japanese, U.S. forces had analyzed many Japanese
messages and as a result of much brilliant and hard work
were able to cryptanalyze their enemy's inadequately
designed and implemented cryptographic system. FRUPAC
deciphered the message that announced the route of an
important Japanese convoy from Singapore to Japan. The
timing and expected path of the convoy from the message
was enciphered on an ECM in Hawaii and sent to Pampanito
where it was deciphered on an ECM. Although Pampanito's
crew did not know how FRUPAC got its information, they
were able to go directly to the convoy's path and attack
with great efficiency. Pampanito's attack was kept
secret by the superior U.S. cryptographic system that
revolved around the ECM Mark II.

The ECM Mark II based cryptographic system is not known

to have ever been broken by an enemy and was secure
throughout WWII. The system was retired by the U.S.
Navy in 1959 because it was too slow to meet the demands
of modern naval communications. Axis powers (primarily
Germany) did however periodically break the lower grade
systems used by Allied forces. Early in the war (notably
during the convoy battle of the Atlantic and the North
Africa campaign) the breaking of Allied systems
contributed to Axis success. [Refer to my Lecture 9 for
more details.]

In contrast, the Allies were able to break Axis

communications for most of the war supplying many of the
targets attacked by Pampanito. Intercepted messages
provided not only the location of potential targets, but
often insight into the thinking of enemy commanders. In
the Pacific, this information was critical to success in
the battles of Midway and the Coral Sea in 1942.

However, intelligence, including cryptanalysis, can be a

double-edged sword. The intercepted message that
directed Pampanito to attack the convoy during September
1944 did not indicate that 2000 Australian and British
P.O.W.s were aboard the Japanese ships. The full story
of this attack and Pampanito's rescue of 73 P.O.W.s is
found in the Third War Patrol Report in Appendix 1.

The combination of secure U.S. cryptographic systems and

vulnerable Axis systems directly contributed the success
of the Allied powers during WWII thereby shortening the
war by years and saving countless human lives.

TWO VIEWS OF THE ECM MARK II'S DEVELOPMENT:

This account is taken from the National Maritime Museum

Association material:

The ECM Mark II's critical cryptographic innovation (the

Stepping Maze) over Hebern's and other precursors was
created by Army cryptologists Frank B. Rowlett and
William F. Friedman shortly before 15 Jun 1935. During
October and November of 1935 Friedman disclosed the
details of the "Stepping Maze" to the Navy's cryptolo-
gists including Lt. Joseph N. Wenger. Aside from filing
secret patent application No. 70,412 on 23 March 1936
little additional development was performed by either
the Army or Navy until Lt. Wenger discussed the patent
with Cmdr. Lawrence Safford during the winter of 1936-
37. Cmdr. Safford recognized the potential of the
invention and the Navy began sponsoring and financing a
new machine including the "Stepping Maze".

Additional innovations by Cmdr. Safford, Cmdr. Seiler

and the Teletype Corporation including Mr. Reiber and
Mr. Zenner added to the security, reliability and
manufacturability of the ECM Mark II. Prototypes were
soon delivered, and in February 1940 the machine's
details were disclosed to the Army. Amazing as it may
seem, the Navy had kept its continuing development of
the machine secret from the Army. With minor changes
suggested by the Army the machine was accepted as the
primary cipher machine for use by both Army and Navy.

The joint Army-Navy ECM Mark II cryptographic system

became effective on 1 Aug 1941, and the two services had
the common high-security cryptographic system in place
and in use prior to the attack on Pearl Harbor. The use
of a common system was of great military value, part-
icularly during the early stages of the war when the
distribution of machines and codewheels was incomplete.
By 1943, over 10,000 machines were in use. The
"Stepping Maze" and use of electronic control were a
generation ahead of the systems employed by other
countries before and after WWII. No other country is
known to have ever broken the ECM Mark II cryptographic
system.

[DEVO] has a slightly different take on the subject as

taken from pages 78-80:

"While the US Army had Friedman, a cryptographic

superstar, the Navy had the less flamboyant Lawrence F.
Stafford, who in 1924 laid the foundations for the
wartime Navy's excellent but underrated cryptologic
organization Op-20-G. The Navy experimented with
numerous cryptographic machines, many based on the
Hebern's original machine, beginning about 1925.
It was soon appreciated that 'to produce a more varied
course of code wheel movement than any now known' was an
imperative in the design of both wired rotor machines
and Baudot tele-enciphers. In addition, numerous design
features: ac/dc operation, ball point rotor contacts,
weather resistance, reliable rotor positioning, and
stepping, were of prime importance for a field machine,
which no matter how cryptographically sound, was useless
unless it operated well under adverse conditions.

After the modified Hebern machine was shown to be less

secure than thought, a new cryptograph was designed and
developed by the Navy during the years 1932-34. This
wired rotor machine had five rotors each of whose
movement was controlled by a pinwheel of 25 pins each
set to 'active' or 'inactive' position. Further a small
plugboard, which transferred control among the five
rotors, was suitably plugged.

During operation, one or more rotors would 'step' one

position for each letter enciphered. At each encipher-
ment the rotor's corresponding pinwheel would advance
one step. When an active pin was sensed opposite the
moving rotor, then that rotor ceased to move and control
was passed to the rotor indicated by the plugboard
connections. A rotor could pass control to itself if
desired. All in all, it was a clever design which could
be highly secure provided enough rotors were in use (The
Navy used five chosen from a set of ten), and the
pinwheel settings were selected with care. This machine
was designated the Electronic Cipher Machine (ECM) Mark
I and would be the main high level Naval cryptograph
during WWII had not the Mark II version been developed.
At this point, Navy cipher machine design was showing
quite a bit of sophistication. The Mark I would have
provided adequate security for the US communications
during the wartime era.

The Navy was also instrumental in pushing for the

development of what became the US's top-level cipher
machine of the 1940's era, the ECM Mark II, or simply,
ECM for short (designated SIGABA by the Army). The
original idea for the ECM had come from Friedman's
assistant, Frank Rowlett {ACA member} and resulted in a
secret patent application filed by Friedman and Rowlett.

The Navy, with plenty of funds for cipher machine

development, and the Army, with its skilled machine
cryptanalysts, working closely together achieved the
early development of a production design of a highly
secure cipher machine which would fully satisfy the
requirements of both services for enciphering their most
secret communications. This was a most fortunate
circumstance, because the ECM Mark II could not have
possibly have become operational by the advent of
America's entry into WWII without the full cooperation
of the two services, nor would the high degree of
cryptographic security required for both services and
the reliability of supply so essential for such a
vitally important equipment have been attained." [DEVO]

NAVY SYSTEMS

The Navy commenced WWII with three principle crypto-

graphic systems (besides codes): The ECM ( for high
level communications); a Hagelin machine adapted from
the C-36 (1936), the CSP 1500 (for medium level
communications); and a strip cipher (for tactical level
communications and sometimes higher level signals). The
ECM was in use during Corregidor when immense quantities
of enciphered poems, baseball scores, et cetera, were
sent to provide artificially high traffic levels to
confuse the Japanese.

ARMY SYSTEMS

The Army used the ECM (SIGABA) and the five rotor wired
wheel M-134-A (SIGMYK), which was driven by a one-time
Baudot tape to control its rotor movements. The two-tape
Vernam system was also used, being later replaced by the
M-228 (SIGCUM), a five rotor teletype machine. The
Hagelin C-38 (1938) (M-209) was used for tactical
communications along with a variety of hand systems. The
strip system was used extensively for all levels of
communications. [DEVO]

COMBINED US - BRITISH SYSTEM - CSP1700

During the war communication between US and British was

paramount in importance. Don Seiler of the Navy designed
the adaptor system for the British Typex and the US ECM.
It was called the CSP1600.
The hybrid machine was designated the CCM for Combined
Cipher Machine or CSP1700. At the conclusion of WWII,
the CSP1700 was adopted by the US State Department for
its highest level ciphers. [DEVO] It stayed in place for
more than 10 years. [NICH]

DESTRUCTION OF A NATIONAL TREASURE

After newer, faster cryptographic systems replaced the

ECM Mark II the machines were systematically destroyed
to protect the secrets of their design. Today only a few
ECM's still exist. The National Cryptologic Museum (a
part of the National Security Agency) has 4 machines,
one of which is on display in their Fort George Meade,
MD museum. The U.S. Naval Security Group has 2
machines, one of which is displayed aboard Pampanito in
San Francisco, CA. When recently contacted the US Army
historians did not believe they had any machines.

USS PAMPANITO (SS-383)

USS Pampanito (SS-383) was a World War II Balao class

Fleet submarine that has been preserved as a National
Historical Landmark located at San Francisco's
Fisherman's Wharf. Pampanito made six patrols in the
Pacific during World War II and sank six Japanese ships
and damaged four others. It is operated by the National
Maritime Museum Association.

The USS Pampanito was featured in the 1955 film Down

Periscope. A self-guided tour is narrated by Captain
Edward L. Beach, noted historian and author of the
submarine classic Run Silent, Run Deep. The USS
Pampanito has its own web site where you can take a
closer look at the many issues involved in managing a
tactical submarine:

http://www.maritime.org

The ECM Mark II aboard Pampanito is on loan from the

Naval Security Group. After cleaning, lubrication and
minor repair it was put on display in July of 1996. It
is currently the only fully operable ECM Mark II in
existence. This machine was built in June of 1943 as a
CSP-889, and sometime circa 1950 it was modified into a
CSP-889-2900. The minor modifications added one switch
and a knob that allow operation compatible with CSP-889
machines, or enhanced security when operated as
a CSP-2900.

CIPHER EQUIPMENT ABOARD PAMPANITO DURING 1944:

A Channel is the combination of all the equipment,

instructions, key lists, etc. that are needed for two
parties to communicate in a cipher system.

Before leaving on each war patrol, one officer and one

enlisted man armed with a machine gun would draw the
cipher equipment from its secure storage. There were two
lists of cipher equipment and manuals, List A included
an ECM Mark II and associated documents (Channel 105),
List B did not include the ECM. For most patrols List A
was used, if the patrol was particularly dangerous and
in shallow waters List B was used. The CSP-1500 (Channel
110) would also be added as needed to either the List
A or List B. The lists below was used by submarines in
the Pacific during 1944.

Channel 105

CSP-888/889 = ECM Mark II = M-134-C = SIGABA. This was

the high grade, electro-mechanical, rotor
wheel cipher machine and the physical
component of the primary cryptographic system
used by the United States. High grade
cryptographic systems are those that we
believe cannot be broken by an enemy in a
useful period of time even if they are in
possession of the physical elements of the
system, provided the other elements of the
system are preserved (i.e. keys are kept
secret, operating procedures are well designed
and followed, number and size of messages per
key are small, etc.)
 The first 651 units built were the CSP-888
model that lacked plugs necessary for tandem
operation, but were otherwise identical to the
later CSP-889 model.

CSP-890 = CSP-890(A) = SIGHEK Plugboard rotor for use in

the CSP-888/889.
CSP-1100 ECM Instructions
CSP-1122 ECM Wheels
CSP-1190 ECM Key Lists.
CSP-1941 SIGLUR-1 Instructions for CSP-890
ENG-108 Print unit for a CSP-889.
ENG-109 ECM spare parts kit.
Metal Safe Locker Type #8 - Special safe built
into the radio room for CSP-889

Channel 108

CSP-845 M138A = CSP-1088. This was a low-medium grade,

paper strip cryptographic system that was used
by U.S. Submarines when they were on such
dangerous missions that they could not risk
the capture of an ECM, or if the ECM broke
down. It was also used to communicate with
forces that did not have an ECM. Medium grade
cryptographic systems can be read by an enemy
in possession of the physical elements of the
system, even if the other elements of the
system are preserved. The related CSP-488
system was used until mid 1943 by Naval
forces.

CSP-847 Instructions for use of CSP-845 strip cipher.

CSP-1247/8 Key lists for use with strip cipher.

Channel 135

CSP-1403/4 Key lists.

Channel 143

CSP-1286 Two card style authentication cipher. CSP-1521

Authentication Instructions.

Channel 144

CSP-1270 SIGMEN = SIGYAP Chart style authentication

cipher.
CSP-1272 Instructions for CSP-1270.

Channel 171

CSP-1524 Call sign instructions.

CSP-1525/26 Emergency use call sign instructions.
CSP-1750 Call device MK 2 Call sign cipher. CSP-1751
are CSP-1750 instructions.
CSP-1756 Strip cipher compatable with CSP-1750. Made of
mahogany.
CSP-1752 Key lists.
Channel Weather

CSP-1300 Weather cipher.

CSP- Weather Handbook for Submarines.

Channel 110

CSP-1500 M-209 = C-38. This was a low-medium grade,

Hagelin derivative, mechanical cryptographic
system. Over 140,000 of these were used by
Allied forces during the war and they were
regularly broken by the enemy, primarily when
the instructions for use were not followed.
Pampanito would have used this to communicate
with forces that did not have an ECM. Low
grade cryptographic systems can be broken by
an enemy by purely cryptanalytical means
without possession of any parts of the system.

"CSP" stands for Code and Signal Publication, its usage

started during WW I. Refer to Appendix 3 for other
cryptographic indicators.

DETAILS OF THE ECM MARK II CIPHER UNIT:

Prior to the ECM Mark II many cipher machines

incorporated encipherment by means of an electric
current passing through a series of cipher wheels or
rotors. A character is typed on a keyboard, passed
through the rotors and either printed or displayed in a
light board for the operator. The rotors are thin disks
with contacts on each side that are wired at random to
the other side one wire per contact.

Typically a rotor will have 26 contacts on each side,

each contact representing a letter of the alphabet. A
current passing through the rotor disk might enter in
the position of letter B and exit in the position of
letter G. Encipherment occurs by passing the current
through several rotors that are side by side and
rotating one or more of the rotors between each
character enciphered. If the deciphering machine starts
with rotors of the same design and in the same positions
as the enciphering machine, it will repeat the motion of
the rotors thereby deciphering the text. The most
important difference between previous machines and the
ECM is how the enciphering rotors are stepped.

The "Stepping Maze" uses rotors in cascade formation to

produce a more random stepping of the cipher rotors than
existed on previous electromechanical cipher machines.
The rotor on left was a Cipher or Control rotor, and on
right it was an Index rotor.

The ECM has fifteen rotors arranged in three rotor

banks. The five rotors in the rear are the cipher rotors
that convert a plain-text letter into a cipher-text
letter as they are irregularly stepped. Electrical
currents passing first through the control (middle)
rotor bank and then through the index (front) rotor bank
determine which cipher rotor(s) step. The center three
of five control rotors step in a metered fashion.
Control rotor 3 is the fast rotor and steps once for
each character typed. Control rotor 4 is the medium
rotor and steps once each time control rotor 3 completes
a full rotation. Control rotor 2 is the slow rotor and
steps once each time control rotor 4 completes a full
rotation. Control rotors 1 and 5 do not step. The index
rotors are positioned once each day and do not move
while operating. The 10 cipher and control rotors are
large 26 contact rotors that may be used interchangeably
in the cipher or control bank and are reversible. The
five smaller, 10 contact, index rotors are only used in
the index bank. Four contacts are energized on the
first rotor of the control rotor bank. The connections
between the last rotor of the 26 contact control bank
and the first rotor of the 10 contact index bank are in
9 groups of between 1 and 6 wire(s) each. One of the
index bank contacts is not used. The 10 outputs of the
last index rotor are attached in pairs to 5 magnets that
step cipher rotors when energized. Between 1 and 4
cipher rotors are stepped for each character
enciphered.

To properly encipher a message, the three banks of

rotors must be arranged and aligned in such a way that
they can be reproduced by the deciphering operator. The
particular arrangement and alignment of the rotors
selected by the enciphering operator and transmitted to
the deciphering operator in disguised form constitutes
the keying instructions.

The design of the ECM limited the erratic stepping so

that at least 1, and not more than 4 cipher rotors step
at a time. Even so, a crude, exhaustive search would
require an enemy to check around 10 to the 14th perm-
utations of code, index and control rotor starting
positions. The combination of modern algorithms and the
availability of high speed computers mean this system is
no longer secure, but during its term of service it
provided an unprecedented level of security.

SIGABA GROUPING OF OUTPUT FROM CONTROL ROTORS TO INDEX

ROTORS

Wiring from the keyboard and to the printer used the

normal alphabet, from A-Z around the 26-contact rotors
instead of the QWERTY...NM. However pressing the Z
actually sent an X, and pressing the space bar, sent the
real Z. This provided for word spacing.

As reported by researcher John Savard: the grouping of

the output from the control rotors to the index rotors
differed for two models of the SIGABA.
For the CSP-889, the grouping was:

1- B
2- C
3- DE
4- FGH
5- IJK
6- LMNO
7- PQRST
8- UVWXYZ
9- A

For the CSP-2900, the grouping was:

0- UV
1- B
2- C
3- DE
4- FGH
5- IJK
6- LMNO
7- ST
8- WXYZ
9- A

The SIGABA stepped from 1 to 4 of the five cipher

rotors, the five 26-contact rotors through which the
plaintext traveled. There were usually four live
contacts entering the five 26-contact control rotors.
This resulted in four of the 26 output being live.

After these outputs are grouped, the index rotors which

take two of the groups to the mechanism that moves one
of the five cipher rotors.

If every one of the four live contacts on the output

control rotors goes to a different group, and each of
these groups is taken to a different cipher rotor by the
index rotor setting, which does not change during
encipherment, then four cipher rotors move.

In the CSP-889, the only way that fewer than four rotors
will move is when the one live output goes either to the
same group, or to two groups connected by the index
rotors to one cipher rotor's movement mechanism.

Some groups connect together as many as six outputs from

the control rotors, and as few as one.

A bad index rotor setting might connect inputs 7 and 8

to the index rotors to one cipher rotor, and inputs 1
and 2 to another. Then the first cipher rotor,
connected to 11 control rotor outputs would be moving
most of the time - it might be the only rotor moving.
The second cipher rotor is connected to 2 control rotor
outputs. Thus, it can never be the only rotor moving.

The CSP-2900 corrects this problem. Since three of the

control rotor outputs are discarded -only three- there
may be as few as one live input. Therefore, any rotor
can be the only one to move. The number of control
rotor outputs connected to the index rotor input still
varies.

The actual wirings used for the 10 contact rotors were:

7591482630 3810592764 4086153297 3980526174

6497135280

For the CSP-2900, P, Q, and R were not connected in the

groups. The steppers of the five cipher rotors are
connected to the ten outputs of the index rotors as
follows:

1 : 0,9
2 : 7,8
3 : 5,6
4 : 3,4
5 : 1,2

Appendices 1 - 5 contain detail working information on

the ECM MARK II.
 APPENDIX 1

USS PAMPANITO (SS-383)

THE THIRD WAR PATROL
AUGUST 17 - SEPTEMBER 28, 1944

On August 17, 1944 USS Pampanito was ready for sea. She
had rendezvoused three weeks earlier with the submarine
tender USS Proteus (AS-19) at Midway Island for repairs
and supplies. During the standard refit period, which
followed each war patrol, Pampanito was modified and
repaired by the tender. Improvements included the
installation of a radio key in the SJ radar circuit, a
surface search device (so that the radar could also be
used for communications), and the placement of charging
equipment in the forward torpedo room which allowed the
firing of Mark 18 electric torpedoes from the six
forward tubes, an ability she already had in the after
room. The brushes were replaced in all four of the 1600-
horsepower electric main propulsion motors, and gaskets
were replaced on the conning tower hatch, the main air
induction valve, and the newly converted Fuel Ballast
Tank #4A. Then final preparations were made for getting
underway. Pampanito took on provisions, fuel, ammun-
ition, and torpedoes.

Pampanito departed Midway again under the command of Lt.

Commander Paul E. Summers and headed for her assigned
patrol area in the Luzon Strait north of the Philippine
Islands. This area was code named "Convoy College"
because of the large number of Japanese convoys that
converged there as they traveled north to Japan.

Unlike her first two patrols when she operated alone,

this time Pampanito traveled as part of a wolfpack which
included USS Growler (SS-215), and USS Sealion II (SS-
315). Wolfpacks became more common in the Pacific War
as Japanese convoys became better organized and
protected. Skippers used their radios sparingly,
preferring to rendezvous regularly at pre-selected times
using signal lights or megaphones instead. The structure
of this pack, nicknamed "Ben's Busters" after tactical
leader Commander T.B. "Ben" Oakley, included Oakley in
Growler, Commander Eli T. Reich, second senior officer,
in Sealion, and Summers in Pampanito.

En route to the patrol area the three boats exchanged

recognition signals and tested communications via VHF
radio. On August 19, Summers noted in his patrol report
that he was having difficulty reaching Growler when the
range exceeded 8,000 yards. He expressed doubts that
successful communications could be maintained during a
coordinated attack.

When "Ben's Busters" attacked a Japanese convoy in Bashi

Channel off the southern tip of Formosa on August 30,
they operated with another wolf-pack, "Ed's
Eradicators". This group was comprised of tactical
commander Captain Edwin Swineburne in USS Barb (SS-220),
skippered by Commander Eugene Fluckey, and Commander
Charles Loughlin in Queenfish (SS-393). While the two
packs attacked the convoy, sinking seven ships and
damaging others, Pampanito lookouts reported distant
explosions and a burning ship over the moonlit horizon,
followed by distant depth charges. No contact report was
received from the two attacking wolfpacks, and Summers
searched in vain for the remnants of the scattered
convoy. Summers blamed communications problems for
Pampanito's lack of participation in the attack.

During the next few days Pampanito developed a serious

and perplexing mechanical problem. A loud air squeal had
been heard up forward during a dive, and the diving
officer reported 2000 pounds of water in the forward
trim tank. No explanation could immediately be found
because the noise was coming from inside the tank. On
the night of September 4, Lt. Howard Fulton and Motor
Machinist E.W. Stockslader, hoping to locate the source
of the problem, volunteered to be sealed into the leaky
tank while the boat dove. A signal system was set up,
and Pampanito went down to 60 feet, yet the men in the
tank found nothing. Summers took her deeper, to 200
feet, before the leak was finally found. The seal around
the operating rod to torpedo tube #5 leaked as it passed
through the forward bulkhead of the tank. The boat
remained submerged during daylight hours for the next
two days while blue prints were studied. Pampanito
surfaced at night to allow the leak to be repaired.
First Class Gunners Mate Tony Hauptman, an amateur
diver, volunteered to perform the repair. He used
shallow water diving apparatus to get below the
waterline under the superstructure. During repeated
dives, Hauptman fixed the noisy leak using a specially
made wrench. Pampanito was then again able to maneuver
silently while submerged, allowing the war patrol to
resume without having to turn back to Midway for repair.

Pete Summers celebrated his thirty-first birthday at sea

on September 6, 1944 , the same day an ill fated enemy
convoy left Singapore bound through "Convoy College" to
Japan. The convoy carried war production materials such
as rubber and oil. It also carried over two thousand
British and Australian prisoners of war being
transported from Southeast Asia following the completion
of the Burma-Thailand railroad.

This infamous "Railway of Death", as it became known,

was used by the Japanese to move troops and supplies 250
miles through the mountainous jungles of Thailand and
Burma connecting with other lines running through
Southeast Asia and out to the South China Sea. The
railway had been built at a huge cost of human life.
An estimated 12,000 British, Australian, and many times
that number of Asian prisoners died from jungle
diseases, lack of medical care, starvation, abuse and
overwork. The fittest of the railway survivors, known
as the "Japan Party", were being relocated to work as
forced labor in the copper mines of Japan. The POWs
were openly worried about the likelihood of being
torpedoed en route by American submarines and made what
slim preparations they could for that strong possib-
ility. Some formed teams and planned escape routes off
the ship; others stockpiled meager rations or tested the
effects of drinking small amounts of sea water. The
Japanese could have requested safe passage for the
transfer of prisoners, but no such request was received.

FRUPAC, the Fleet Radio Unit Pacific, intercepted and

decoded a Japanese message detailing the course and
estimated noon positions of the convoy along the route
to Japan. On the night of September 9, the "Busters"
were ordered to rendezvous on September 11, and to
intercept the convoy. Later that night, the
"Eradicators" were ordered to act as backstop and to
move in on the convoy, as well. Growler, first to arrive
at the meeting point on the night of the 11th, found
light overcast and calm seas with rain on the horizon.
Sealion surfaced nearby around 2000 hours, having just
returned from Midway where her torpedoes, fired
during the August 30th attack were replaced. Pampanito
moved in an hour and a half later. The boats exchanged
recognition signals with the SJ radar and moved within
100 yards of Growler to receive vocal instructions for
the attack. The wolfpack moved to the expected position
of the approaching convoy.

At 0130 on the morning of September 12, Pampanito's ace

radar technician, George Moffett, picked up several pips
on the screen at a range of over fifteen miles. A few
minutes later, a contact report was received from
Growler, but the message was garbled and could not be
decoded. Summers went flank speed to maneuver ahead of
the convoy and into attack position. Growler approached
from the west and fired on the ships, causing the
convoy's escorts to fan out in all directions.
Growler's attack was a first and last in US submarine
history. Oakley had been picked up on radar by the
Japanese destroyer Shikinami as he moved in to attack.
The destroyer charged the sub. Instead of diving his
boat and taking evasive measures Oakley faced the
oncoming escort bow to bow, firing three torpedoes at
the vessel from a range of just over 1000 yards. The
first torpedo hit, causing a violent explosion. The
destroyer, listing badly, charged ahead, coming so close
to Growler that Oakley felt the heat from the burning
ship. Shikinami finally went under, sinking only 200
yards from Growler. This controversial bow to bow
surface attack on a charging destroyer has never been
successfully repeated and is considered to be
unnecessarily dangerous. However, Growler escaped and
went on to damage two other ships before moving out of
range to reload her torpedo tubes.

A bright quarter moon had risen and, at 0230, Summers

moved to the dark side of the scattered convoy. Sealion
pulled back to repair a jammed automatic gyro setter, a
device which is used to set the angle of the torpedo
run. Growler lost the track of the convoy temporarily,
and "Ed`s Eradicators", Queenfish and Barb, were 80
miles to the north; since they had not received the
contact reports alerting them to the battle taking place
to the south. Pampanito and Sealion tracked the convoy
for the remainder of the night, both boats moving into
attack range just before dawn.

As Summers prepared to fire from a perfect position,

Pampanito was jolted by a series of violent explosions
which occurred as Sealion, to the west, fired two salvos
of three torpedoes each at the convoy. The first salvo
scored three hits on a large, heavily laden tanker which
erupted into flames so bright they illuminated the
second target, the transport Rakuyo Maru.

Rakuyo Maru was a 477-foot Japanese-built passenger-

cargo vessel carrying a load of raw rubber and, unknown
to the crews of the submarines, also carried over 1300
Allied prisoners of war. Two of Sealion's torpedoes hit
the POW ship, one amidships and one in the bow. It took
12 hours for Rakuyo Maru to sink, which allowed the
surviving POWs some time to make rafts and search the
doomed ship for food and water. The Japanese guards had
left the ship immediately after the attack using most of
the lifeboats.

Sealion went deep to avoid the depth charging that

followed the attack. The other two subs tracked the
convoy as it zig-zagged radically to avoid being
attacked. Growler caught up with and sank another
Japanese escort, the frigate Hirado. The POWs, who were
now in the water clinging to wreckage, had mixed
feelings as the small escort instantly sank. Some
cheered another score against their captors; others saw
all chances of rescue sink with that ship. Tragically,
many survivors of the initial attack were killed or
badly wounded by shock waves caused by the explosions of
Hirado's sinking, and the following depth charge attack
on Sealion.
Pampanito again picked up the convoy on high periscope
(using the periscope fully extended while on the surface
to increase viewing range) at noon the next day, and
tracked it westward. Just after dark, Summers moved in
for a surface attack, but had to pull the sub back when
he learned that the torpedo in tube #4 had moved forward
in the tube and had a "hot run" (the torpedo engine was
running inside the tube at high speed being held back by
the closed outer door). Although the warhead of a
torpedo was designed to be unarmed until it had run
through the water for a few hundred feet, the crew knew
that torpedoes could be temperamental.

Pampanito was pulled back to disengage a jammed gyro

setter caused by the hot run. Summers then quickly moved
in again to setup the attack with the dud torpedo still
in tube #4. A few minutes later the boat was once again
in position.

" 2240 Fired five torpedoes forward; three at large

transport and two at large AK.... Swung hard right and
at 2243 Fired four stern tubes; two at each of the two
AK's in the farthest column. Saw three hits in large AP,
two hits in large AK (Targets no. 1 and 2) and one hit
in AK (farthest column) heard and timed, hit in fourth
AK (leading ship in farthest column).... In all, seven
hits out of nine torpedoes. From the bridge we watched
both the large AP and the large AK (the one with two
hits) sink within the next ten minutes, and saw the
after deck house of the third ship, on which we saw one
hit, go up into the air with the ship smoking heavily.
The fourth ship could not be observed because of much
smoke and haze in that direction. A short interval after
the seven hits, the escorts started dropping depth
charges at random, but for once we didn't mind."

Pampanito had sunk a 524 foot transport Kachidoki Maru,

a captured American vessel built in New Jersey in 1921.
First owned by the United States Ship Line, and later
the Dollar Line, she had originally been named Wolverine
State. After having been sold to American President
Lines, she was renamed President Harrison. When captured
off the China coast by the Japanese, she was given the
name Kachidoki Maru. Like the Rakuyo Maru, the ship had
been carrying raw materials to Japan. Also aboard were
900 Allied POWs.

Following the attack, Pampanito pulled away to eject the

hot run torpedo and reload all tubes. An hour later, in
another attack, Summers missed with three shots fired at
a destroyer escort. He also observed two small ships,
one of which had stopped, apparently to pick up
survivors of the earlier attack. He decided they were
too small to waste time and a torpedo on, and he moved
on to rejoin the pack on the following night. No
immediate attempt was made to track down the remaining
stragglers from the convoy.
The wolfpack rendezvoused the night of September 13th.
Growler moved south while Sealion and Pampanito spent
the next day in vain looking for the rest of the convoy,
then headed east toward the area of the September 12th
attack on Rakuyo Maru. After diving to avoid a plane
late in the afternoon of the 15th Pampanito surfaced to
find much debris and floating wreckage.

" 1605 A bridge lookout sighted some men on a raft, so

stood by small arms, and closed to investigate.
1634 The men were covered with oil and filth and we
could not make them out. They were shouting but we
couldn't understand what they were saying, except made
out words "Pick us up please." Called rescue party
on deck and took them off the raft. There were about
fifteen (15) British and Australian Prisoner of War
survivors on this raft from a ship sunk the night of 11-
12 September, 1944. We learned they were enroute from
Singapore to Formosa and that there were over thirteen
hundred on the sunken ship."

These men were survivors of Rakuyo Maru, sunk earlier by

Sealion. After four days of drifting on makeshift rafts
they were in extremely bad shape. Most were covered with
oil from the sunken tanker, and had long since used up
what little food and water they had with them. Slowly,
the story of what had occurred was unveiled by the
survivors brought aboard Pampanito. Summers radioed
Sealion, and Reich also moved in to pick up survivors.
Again from the patrol reports:

"1634 As the men were received on board, we stripped

them and removed most of the heavy coating of oil and
muck. We cleared the after torpedo room and passed them
below as quickly as possible. Gave all men a piece of
cloth moistened with water to suck on. All of them were
exhausted after four days on the raft and three years
imprisonment. Many had lashed themselves to their
makeshift rafts, which were slick with grease; and had
nothing but lifebelts with them. All showed signs of
pellagra, beri-beri, malaria, immersion, salt water
sores, ringworm, etc. All were very thin and showed the
results of under nourishment. Some were in very bad
shape.... A pitiful sight none of us will ever forget.
All hands turned to with a will and the men were cared
for as rapidly as possible.

1701 Sent message to Sealion for help.

1712 Picked up a second raft with about nine men aboard.
1721 Picked up another six men.
1730 Rescued another six men.
1753 Picked up about eleven men.
1824 ...about six men.
1832 ...about five men.
1957 Light fading rapidly as we picked up a single
survivor.
2005 Completely dark as we took aboard the last group of
about ten men. Had made a thorough search of our
vicinity with high periscope and kept the true
 bearings of all rafts sighted. Felt we had everyone
in sight and knew we had all we could care for if
not more. When finally we obtained an exact count,
the number of survivors on board was 73. These
together with 79 members of our crew plus 10
officers make us a little cramped for living space.
2015 Made final search and finding no one else set
course for Saipan at four engine speed."

The crew of Pampanito spent four hours rescuing as many

survivors as could be found. Under the direction of
torpedo officer Lt. Ted Swain, volunteer teams were
formed to get the almost helpless men aboard. Some of
Pampanito's crew dove into the water with lines to
attach to the rafts so hey could be brought in close
enough for others, on deck and on the saddle tanks to
carefully lift the men aboard. Among those crew members
who swam out to rescue the former POWs, leaving the
relative safety of the sub and risking being left behind
if the boat had to dive, were Bob Bennett, Andrew
Currier, Bill Yagemann, Gordon Hooper, Jim Behney, and
Tony Hauptman. It was a tense and emotional moment as
the shocked crew worked to save as many of the oil
soaked survivors as possible. During the rescue many of
the crew came topside to help. If a Japanese plane
attacked at that time they would have been left on deck
as Pampanito dove to avoid attack.

Personal cameras were not allowed on submarines.

However, it was fortunate that a couple of contraband
cameras were produced by the crew. Electrician Mate
First Class Paul Pappas, Jr. was able to document the
historic rescue with an amazing series of photographs
and a 16mm film using the ship's movie camera.

During the five-day trip to Saipan, the nearest Allied

port, the survivors were berthed in the crew's quarters
amidships and on the empty torpedo skids and bunks in
the after torpedo room where they were cared for by the
crew. Some of the survivors were critically ill and in
need of medical attention. Submarines carried no doctor
on board, so the monumental task of treating these men
became the responsibility of the only man on board with
training in medicine, Pharmacist Mate First Class
Maurice L. Demmers. With the help of crew members who
fed the men and donated clothing, Demmers worked around
the clock. Of the survivors, Britisher John Campbell,
was the most seriously ill. Demmers worked continually
in an attempt to save the delirious Campbell, but he
died the next day, September 16. He was buried at sea
following a somber ceremony; Paul Pappas read a
heartfelt prayer. At one point, as Demmers tried to get
a few hours sleep, several of the survivors took a turn
for the worse, and he had to be awakened. Demmers
continued his grueling work until he came dangerously
close to total exhaustion. However, his efforts were
rewarded; Campbell was the only casualty.

In a letter written after the war Demmers said "...as I

examined and treated each one I could feel a deep sense
of gratitude, their faces were expressionless and only a
few could move their lips to whisper a faint 'thanks'.
It was quite gratifying to see the happy expressions on
their faces when they left the ship."

Before leaving for Saipan, Summers sent off a message to

Pearl Harbor relaying what had happened, and requested
that more subs be called in to continue the rescue. The
only other boats in the area were Queenfish and Barb;
they were ordered in as soon as possible. Both boats
were 450 miles west in pursuit of a convoy, but when
they received the new orders they dropped the track and
headed full speed to the rescue area.

During the night of September 16th they encountered a

convoy of large tankers and, among the escorts, a small
aircraft carrier. The subs attacked the convoy and Barb
quickly sank the carrier Unyo and an 11,000-ton tanker.
After which they continued on to the rescue area.

Queenfish and Barb arrived at 0530 on the 17th to begin

their search for rafts among the floating debris. Just
after 1300 they located several rafts and began to pick
up the few men still alive. They only had a few hours to
search before a typhoon moved in, sealing the fate of
those survivors not picked up in time. Before the storm
hit, Queenfish found 18 men, and Barb found 14. The
boats headed on to Saipan after a final search following
the storm revealed no further survivors.

Of the 1,318 POWs on the Rakuyo Maru sunk by Sealion,

159 had been rescued by the four submarines; 73 on
Pampanito, 54 on Sealion, and the 32 found by Queenfish
and Barb. It was later learned that the Japanese had
rescued 136 for a total of 295 survivors. Of the 900
POWs on the Kachidoki Maru sunk by Pampanito, 656 were
rescued by the Japanese and taken to prison camps in
Japan. Over 500 of these men were released by American
troops in August, 1945 at the close of the war.

On September 18th, as Pampanito traveled to Saipan, she

was met by the USS Case (DD 370) and took aboard a
pharmacist mate, medical supplies, and a doctor. Yet,
Maurice Demmers, who had saved so many lives, continued
to care for the former POWs. On the morning of the 20th,
Pampanito was met by the USS Dunlap (DD-84) which
escorted Pampanito into Tanapag Harbor, Saipan, where
she docked alongside the submarine tender USS Fulton
(AS-11). Fresh fruit and ice cream were brought aboard
for the survivors as preparations were made for off-
loading them to the Fulton. The transfer was complete by
1100 that morning as Pampanito's crew bid farewell to
the grateful and much improved former POWs.

Pampanito took on fuel and provisions and left for

Hawaii at 1600 that afternoon. Pampanito arrived for
refit at Submarine Base, Pearl Harbor on the 28th of
September at 1000 hours. Summers and his crew were given
high praises for their unprecedented rescue, unique in
submarine history, and for a successful war patrol which
had earned the combat insignia. The combined total
tonnage sunk of the two wolfpacks was the highest to
date in the war. Pampanito was credited with sinking
three ships. Summers was awarded the Navy Cross, as
were skippers Loughlin, Fluckey, Reich, and Swineburn.
Fluckey went on to become the most highly decorated
submariner of the war. The Navy and Marine Corps Medal
was awarded to those who swam out during the rescue, as
well as to pharmacist mate Demmers. The three men
involved in the repair at sea of the leaky trim tank
received Letters of Commendation.
 APPENDIX 2

Replica Operating Instructions for ASAM 1 (a.k.a. ECM

Mark II)

--------------------------------------------------------

Below is a replica of the instructions for operating the

ECM Mark II as written by the Army in 1949.

By 1949 the designation of the ECM Mark II by the Army

was ASAM 1/1. The names of several of its parts were
renamed as well, but these are generally obvious in
their use. The normal keying shown here is essentially
compatible with the final wartime keying. The emergency
keying is not the same, during the war a CSP-890 was
carried and it was used for emergency keying.

--------------------------------------------------------

CONFIDENTIAL Reg. No. 30

Registered Cryptodocument

DEPARTMENT OF THE ARMY

WASHINGTON

ASAM 1/1

CRYPTO-OPERATING INSTRUCTIONS
FOR ASAM 1

DECLASSIFIED per SEC 3,4 E.O. 12958

by Director, NSA/Chief CSS
J.B. date 4-15-96

This document consists of

27 numbered pages and cover

Verify upon receipt

1
--------------------------------------------------------

ASAM 1/1

DEPARTMENT
OF THE
ARMY
Washington
25, D. C.
1 October
1949

1. This document, ASAM 1/1, "Crypto-operating

Instructions for ASAM 1," is published for the
information and guidance of all concerned.

2. Comments or recommendations concerning the

instructions contained herein are invited and may be
submitted to the Chief, Army Security Agency, The
Pentagon, Washington 25, D. C., Attn: CSGAS-83.
Direct communication for this purpose is authorized.

(AG 311.5 (30 Oct 43) OB-S-B)

BY ORDER OF THE SECRETARY OF THE ARMY:

OMAR N. BRADLEY
Chief of Staff

OFFICIAL:
EDWARD F. WITSELL
Major General
The Adjutant General

--------------------------------------------------------

RECORD OF CHANGES

Change No. Date Entered Entered By

1 1 Nov 1949 M. Fishbow

--------------------------------------------------------

(BLANK)
4

--------------------------------------------------------

TABLE OF CONTENTS

Paragraphs Pages
Section I. General
1-4 5-8
II. Description
5-8 7-8
III. Keying Instructions
9-15 9-12
IV. Operating Procedure
16-18 13-14
V. Special Instructions
19-20 15-16
VI. Aids for Deciphering
Garbled Messages 21-23 17-23

VII. Operation in an Emergency

24-29 24-27

CRYPTO-OPERATING INSTRUCTIONS FOR ASAM 1

SECTION I
GENERAL

Introduction 1
Distribution 2
Accounting and Disposal 3
Effective Date 4

1. Introduction.

a. This document, ASAM 1/1, "Crypto-operating

Instructions for ASAM 1," is CONFIDENTIAL and
registered, and will be handled accordingly. It
contains basic instructions for the operation of ASAM
1, formerly Converter M-134-C (short title: SIGABA).
Cryptosystems employing ASAM 1 are Category A.

b. Instructions concerning the processing of classified

messages in a cryptocenter and information regarding
general cryptographic procedures are contained in the
 document ASAG 2, "Cryptographic Operations."

c. No persons will be permitted to operate ASAM 1 unless

they have been properly cleared for cryptographic
duties in accordance with the provisions of current
directives and have either read this document and
ASAG 2 or been instructed by authorized personnel.

d. The document SIGKKK-2 should be consulted for

detailed information relative to maintenance and
power requirements of the machine and identification
of mechanical parts.

2. Distribution.-This document is issued to holders of

cryptosystems employing ASAM 1 with ASAM 1A as
designated by the Department of the Army.

3. Accounting and Disposal.-Reports of possession,

transfer, or destruction of this document will be
forwarded as RESTRICTED correspondence, listing the
document by the title ASAM 1/1 and register number
only, to one of the following, whichever is
applicable: (A) the Chief, Army Security Agency, The
Pentagon, Washington 25, D. C., Attn: CSGAS-82, (B)
the Chief, Army Security Agency, Europe, Pacific, or
Hawaii, or (C) the Signal Officer of the major

--------------------------------------------------------

command headquarters which has been authorized by the

Chief, Army Security Agency, Department of the Army,
to act as command issuing office for this document in
accordance with existing procedures Reports of loss
or compromise will be made in accordance with the
provisions of Chapter Five of the document ASAG 2.
Instructions for the eventual disposal of this
document will be issued at an appropriate time by the
Chief, Army Security Agency, Washington D. C.

4. Effective Date.-This document is effective 1 October

1949 and at that time supersedes "Crypto-operating
Instructions for Converter M-134-C" (short title:
SIGQZF-3). One month after the effective date of this
publication, SIGQZF-3 will be destroyed by burning
and report of the destruction forwarded to the
appropriate office of issue.

--------------------------------------------------------
SECTION II
DESCRIPTION

Description and Use 5

Component Parts 6
Rotors 7
Power Requirements 8

5. Description and Use.-ASAM 1 is an electromechanical,

transportable cipher machine to be used for
automatically enciphering and deciphering messages,
both tactical and administrative, with speed,
accuracy, and security. The machine is CONFIDENTIAL
and registered.

6. Component Parts.-The operator is directly concerned

with the following component parts.

a. The keyboard resembles a typewriter keyboard and can

be operated at a maximum speed of 45 to 50 words per
minute (40 words per minute in tandem operation); if
this speed is exceeded, characters may fail to print.
The keyboard consists of 26 alphabet keys, 10 numeral
keys, a "Repeat" key, a "Blank" key, a "Dash" key, a
space bar and a dummy key. The "Blank" key permits
advancing of the rotors without causing any resultant
to be printed. The "Repeat" key permits continuous
operation of the machine with or without printing.

b. The positions of the controller and their effect on

the operation of the machine are as follows:

(1) Off Position ("O").-The power supply line is open

and no current is supplied to the machine.

(2) Plain-text Position ("P").-All keys of the keyboard

(except the dummy key) and the space bar are
operative, and the machine will print plain text
exactly as typed. The rotors remain motionless
during typing.

(3) Reset Position ("R").-Only the numeral keys 1 to 5,

inclusive, and the "Blank" and "Repeat" keys are
operative. The rotors may be zeroized with the
controller in this position and the zeroize-operate
key in the "Zeroize" position (see par. 12a(3)).
The tape will not feed while the controller is at
"R." When the controller is moved to or through the
"R" position, the tape-feed ratchet resets so that
 printing will begin on the first letter of a five-
letter cipher group. Therefore, the tape may
advance as many as five spaces.

(4) EnCipher Position ("E").-The alphabet, "Blank," and

"Repeat" keys and the space bar are operative.
Numeral and "Dash" keys are inoperative. The machine
enciphers the letters struck on the keyboard and
prints then resulting cipher text.

(5) Decipher Position ("D").-The alphabet, "Blank," and

"Repeat" keys are operative. Numeral and "Dash" keys
and the space bar are inoperative. The machine
deciphers the letters struck on the keyboard and
prints the resulting plain text.

--------------------------------------------------------

c. The key located on the left front of the machine is

the zeroize-operate key. The key is positioned at
"Zeroize". when it is desired to align automatically
all alphabet and stepping control rotors to the
letter "0." The key is positioned at "Operate " at
all other times.

d. The cipher unit ASAM 1A is detachable and consists of

six upright bakelite separators which form a support
for three rotor shafts. The unit supports the index,
stepping control, and alphabet rotors in such
relative positions that electrical circuits are
formed through each row of rotors. The cipher unit,
exclusive of rotors, is CONFIDENTIAL and registered.

e. The cipher unit ASAM lB is detachable and consists of

six upright bakelite separators which form a support
for one rotor shaft. Positions for five rotors are
thus provided. The cipher unit, exclusive of rotors,
is CONFIDENTIAL and registered; Instructions for the
operation of ASAM 1 with cipher unit ASAM lB are
contained in ASAM 5/1, "Crypto-operating Instructions
for ASAM 5." The ASAM 1 with ASAM lB is referred to
as the Combined Cipher Machine.

7. Rotors.

a. Sets of ten large rotors are issued for use with

cryptosystems employing ASAM 1. The rotors are SECRET
and registered. Each set of rotors is identified by
a title and a number. In addition, each rotor is
identified as belonging to a specific series by means
of a letter-number pattern stamped on the rotor,
usually opposite the letter "0." The pattern consists
of any letter or any two-letter combination plus the
numbers 1-10, 11-20, 21-30, etc. Each rotor bears a
 complete alphabet engraved in normal sequence on its
periphery. The large rotors are all interchangeable
and reversible.

(1) Five rotors are arranged in the middle row of the

cipher unit and are known as the stepping control
rotors. The two end rotors remain stationary during
encipherment and decipherment.

(2) Five rotors are arranged in the rear row of the

cipher unit and are known as they alphabet rotors.
All five rotors advance in an irregular manner
during encipherment and decipherment.

b. The five small rotors positioned in the front row of

the cipher unit are known as index rotors. These
rotors are a permanent part of the cipher unit and
can be moved manually only. Each of the index rotors
bears engraved on its periphery a sequence of
numbers. One rotor is marked with the sequence 10 to
19 inclusive; another, the sequence 20 to 29
inclusive, etc. The complete set of five index rotors
is numbered from 10 to 59 inclusive. The index rotors
are always used in a fixed order in the five rotor
positions (10-19, 20-29, 30-39, etc.). The index
rotors are classified CONFIDENTIAL.

8. Power Requirements.-The machine is normally operated

from a 105-125-volt a. c. (50 or 60 cycle) or d.c.,
power supply. Interchangeable motors are provided to
utilize either type of power.

--------------------------------------------------------

SECTION III
KEYING INSTRUCTIONS

Paragraph
Key List 9
Rotor Arrangement 10
Alignment of Index Rotors 11
26-30 Check 12
System Indicator 13
Message Indicator 14
Message Rotor Alignment 15

9. Key List.-A key list, prepared in monthly editions

and containing data essential to operation of ASAM 1,
is used with each cryptosystem. The key list
 contains the following information:

a. Arrangement of the stepping control and alphabet

rotors for each day of the month.

b. Alignment of index rotors for SECRET, CONFIDENTIAL,

and RESTRICTED messages for each day of the month.

c. 26-30 check groups for SECRET, CONFIDENTIAL, and

RESTRICTED classifications.

d. System indicators for SECRET, CONFIDENTIAL, and

RESTRICTED messages.

Day | ROTOR ARRANGEMENT | SECRET

of | (for all classifications) | | 26-30
Month | Stepping Control | Alphabet | Index(Front) | Check
| (Middle) | (Rear) | Alignment | Group

1 | 0R 4 6 2R 7 | 1 8 5 9 3R | 10 23 31 49 5 | R N H V C
2 | 2 3R 9R 1 5 | 6 4R 8 7 0 | 14 25 33 46 59| S E M N O

Figure 1.-Sample Key List

Day | CONFIDENTIAL | RESTRICTED

of | | 26-30 | | 26-30
Month | Index(Front) | Check | Index(Front) | Check
| Alignment | Group | Alignment | Group

1 | 12 28 31 44 53 | P W V M T | 17 25 36 43 58 | M C S D T
2 | 15 20 32 48 56 | E H E W B | 10 27 34 42 56 | R S T H H

Figure 2.-Sample Key List

--------------------------------------------------------

10. Rotor Arrangement.-The ten rotors used each day are

arranged in the middle and rear positions of the
cipher unit in accordance with the key list
applicable to the cryptosystem. (See sample key list
in fig. 1.) Single-digit numbers in the ROTOR
ARRANGMENT column of the key list refer to the units
digit of the number on the periphery of the rotors.
The number 1 indicates that rotor number 1 (or 11 or
21, etc.) is to be used; the number 5, rotor number
 5 (or 15, or 25, or 35, etc.); the number 0, rotor
number 10 (or 20, or 30, etc.). The letter "R"
appearing after a rotor number in the key list
indicates that the rotor so designated is to be
inserted in a reversed position, i. e., with the
letters on the rotor appearing upside down to the
operator as he faces the machine. Arrangement of the
rotors may be illustrated by means of an example: In
the sample key list, the rotor arrangement for the
2d of the month is 2 3R 9R 1 5 for the stepping
control rotors and 6 4R 8 7 0 for the alphabet
rotors. Rotors marked 2, 3, 9, 1, and 5
(disregarding the tens digits) will be inserted in
the control position in that order, from left to
right, as the operator face the converter, with
rotors number 3 and 9 reversed. The remaining five
rotors marked 6, 4, 8, 7, and 0 will be inserted in
the alphabet position in that order from left
to right, with rotor number 4 reversed.

CAUTION: Do not touch rotor contacts when arranging the

rotors.

11. Alignment of Index Rotors.- The sets of numbers in

the key list under INDEX (FRONT) ALIGNMENT designate
the alignment of the index rotors. In three separate
columns, each headed INDEX. (FRONT) ALIGNMENT,
the key list give the daily alignment of the index
rotors for each classification. The alignment of the
index rotors is determined by the classification of
the message and the day of the month. The index
alignment for SECRET messages will also be used for
messages classified TOP SECRET. Example: According
to the sample key list (fig. 1), on the first day of
the month the numbers of the index rotors should be
aligned from left to right on the white reference
mark at 10 23 31 49 50 for SECRET message; at 12 28
31 44 53 for CONFIDENTIAL messages; and at 17 25 36
43 58 for RESTRICTED messages.

12. 26-30 Check.-The key list contains 26-30 check

groups by which the correctness of each rotor
arrangement and index alignment and the operation of
the machine are checked.

a. The 26-30 check is accomplished in the following

manner:

(1) Insert the rotors according to the rotor arrangement

for the specific date.

(2) Align the index rotors in accordance with the

security classification and the specific date.

(3) Zeroize the rotors. This is accomplished by

switching the zeroize-operate key to "Zeroize,"
turning the controller to "R," then pressing down
 the "Blank" and "Repeat" keys simultaneously until
the letter "0" on each stepping control and alphabet
rotor comes to rest at the reference mark.

(4) Set the stroke counter at zero.

(5) Switch the zeroize-operate key to "Operate" and turn

the controller to "E."

(6) Press down the "Repeat" and "A" keys simultaneously

and hold until 30 letters are printed.

(7) Compare the 26th through the 30th letters of the

resultant encipherment with the appropriate 26-30
check group in the key list. For example, assume
that the rotors of an appropriate set had been
arranged and aligned in accordance

10

--------------------------------------------------------

with the sample key list (fig. 2) for CONFIDENTIAL

traffic for the second day of the month. If the 26-
30 check procedure is followed correctly and the
machine is operating properly, the 26th, 27th, 28th,
29th, and 30th letters will be E H E W B. Any
deviation from the check group in the key list
necessitates a complete recheck of the above
procedure.

b. If the 26-30 check cannot be obtained, an error in

the rotor arrangement, dirty contacts, or faulty
mechanical operation may be the cause. If it appears
that the error is caused by faulty mechanical
operation, the machine should be checked by trained
maintenance personnel.

NOTE : Care should be exercised whenever rotors are

aligned to insure that the letter to be aligned on each
rotor is directly in line with the white reference mark.
If a rotor is off center, i. e., aligned halfway between
two letters, the machine may not operate or
monoalphabetic substitution encipherment may result.

c. The 26-30 check will be accomplished :

(1) After each change of the rotor arrangement.
(2) After each change of the index alignment.
(3) Each time the cipher unit is inserted in the machine
prior to encipherment or decipherment.

13. System Indicator.-System indicators are the five-

letter groups indicated in the key list for SECRET,
CONFIDENTIAL, and RESTRICTED classifications. The
system indicator identifies the specific ASAM 1
cryptosystem used to encipher a message, the
classification of the message, and thereby the rotor
 arrangement and index rotor alignment to be used.
The SECRET system indicator will also be used for
messages classified TOP SECRET. The abbreviation
TOPSEC will be buried near the beginning of the
plain text during encipherment. The system indicator
is never enciphered.

14. Message Indicator.-The message indicator consists of

five letters selected at random by the operator.
Bona fide five-letter words will not be used as
message indicators even though such words occur by
chance. The message indicator will be different for
each message or part. When it is necessary, as in
the case of a service, to reencipher a particular
message or part, or any portion thereof, a different
message indicator will be selected. The message
indicator is used to determine the message rotor
alignment as shown in paragraph 15.

15. Message Rotor Alignment.-The alignment of the

stepping control and alphabet rotors at the
beginning of encipherment or decipherment
constitutes the message rotor alignment. The message
rotor alignment is derived by the following
procedure:.

a. Select five letters at random. The five letters will

be the message indicator. Letters of the alphabet in
proximity to the letter "O" i.e., L, M, N, or P, Q,
R, will not be deliberately or consistently selected
in the message indicator merely to reduce the number
of steps required to align the letters of the message
indicator on the stepping control rotors as explained
below.

b. Zeroize the rotors(see par. 12a(3)).

c. Leave the controller at "R" and switch the zeroize-

operate key to "Operate."

11

--------------------------------------------------------

d. Strike the numeral "1" key the number of times

required to align the first stepping control rotor
(next to the left-end plate) to the first
letter of the message indicator. The first stepping
control rotor will advance one letter each time the
"1" key is depressed.

e. Align the second stepping control rotor by striking

the numeral "2" key, the third by striking the
numeral "3" key, etc., until all five stepping
control rotors are aligned to the five letters of the
message indicator. The alphabet rotors will advance
in an irregular manner with each operation of the
 numeral keys.

NOTE : If the letter "0" is to be aligned on any of the

five stepping control rotors, it will be necessary to
advance that rotor 26 times when setting up the message
indicator.

f. If any rotor is advanced past the correct letter or

if the rotors are not aligned in proper sequence, the
entire process must be repeated from the zeroize
position. Do not use the "Repeat" key with the
numeral keys in aligning the message indicator and
avoid a sharp, quick touch of the numeral keys. It is
possible to strike the numeral keys too quickly so
that the alphabet rotors will advance but the
stepping control rotors will not, thus resulting in
an incorrect alignment.

g. After the stepping control rotors have been aligned,

check the alignment of the alphabet rotors to insure
that all five are not aligned to the letter "0." The
alphabet rotors should advance in an irregular
manner while the stepping control rotors are being
aligned. If all of the alphabet rotors remain aligned
to the letter "O" it is an indication that the
machine is not functioning properly or that the
procedure outlined herein has not been followed
correctly.

12

--------------------------------------------------------

SECTION IV
OPERATING PROCEDURE

Division into Parts 16

Sequence of Operations in Encipherment 17
Sequence of Operations in Decipherment 18

16. Division into Parts.-If the enciphered text of a

message will exceed 350 five-letter groups, the
plain text will be divided into parts so that no
part will exceed 350 cipher- text groups. A
different message indicator will be selected for
each part.

17. Sequence of Operations in Encipherment.-After the

message has been divided into parts, if necessary,
and bisected, it will be enciphered according to the
following sequence of operations.

a. Prepare the machine for operation in accordance with

 paragraphs 10, 11, and 12, referring to the
appropriate effective key list to determine the
correct rotor arrangement, the index rotor alignment
for the classification of the message, and the 26-30
check.

b. Select at random the message indicator and determine

the message rotor alignment in accordance with
paragraph 15.

c. With the controller at "P," type the message heading,

space several times, and type the system indicator
and the message indicator. Phoneticize the message
indicator.

d. With the rotors aligned to the message rotor

alignment, turn the controller to "E" and set the
stroke counter at zero.

e. Type the message text to be enciphered, employing

variable spacing. If the last group of cipher text
does not contain five letters, strike the space bar
once and, if necessary, type enough different letters
to complete the group.

f. Turn the controller to "P" and type the system

indicator.

g. Press the right tape release marked "PRESS" and

withdraw the tape until all printing has cleared the
tape chute. Tear off the tape.

18. Sequence of Operations in Decipherment.

a. Prepare the machine for operation in accordance with

paragraphs 10, 11, and 12, referring to the effective
key list as designated by the system indicator for
the correct rotor arrangement, the index rotor
alignment for the classification of the message, and
the 26-30 check.

b. Determine the message rotor alignment in accordance

with paragraph
15.

c. With the rotors aligned to the message rotor

alignment, turn the controller to "D" and set the
stroke counter at zero.

d. Type the cipher text of the message, exclusive of

indicators. Disregard spaces between groups; the
space bar is inoperative while the controller is at
"D." The

13

--------------------------------------------------------
 plain text will be printed on the tape in normal word
lengths except where variable spacing was employed in
encipherment. Note that X will always be printed in
the place of Z, e.g:, ZERO will decipher as XERO,
ZONE as XONE. In the event the deciphered text is
garbled either from the beginning or after some plain
text has been printed, attempt to determine the cause
of the trouble by employing the procedure described
in section VI.

e. After the cipher text has been completely deciphered,

press the right tape release marked "PRESS" and
withdraw the tape, until all printing has cleared the
tape chute. Tear off the tape.

NOTE: Every message that has been enciphered by means of

ASAM 1 will be edited and appropriately marked before
delivery to the addressee.

14

--------------------------------------------------------

SECTION V
SPECIAL INSTRUCTIONS

Paragraph
Hand Operation 19
Tandem Operation 20

19. Hand Operation.

a. If the main power supply fails, or other

circumstances make motor operation impossible, the
machine can be operated by use of the hand lever. A
power supply of 24 volts d. c. is needed to operate
the necessary magnets. Sixteen BA-23 cells in series,
or equivalent, may be used for emergency power.

b. To shift from power operation to hand operation,

proceed as follows:

(1) With the main power lead disconnected, interchange

the positions of the motor plug (marked a. c. or d.
c.) and the dummy plug so that the pointer of the
dummy plug "24v."

(2) Raise the hand-lever pawl and slip the ring from
under the pawl. Release the pawl to engage the
hand-lever pinion.
(3) Connect the main power lead to any source of 24-volt
d.c. If the voltage falls below 18, the magnet
action will be unreliable; if more than 26 volts are
used, injury to the magnets may result.

(4) After striking any key or the space bar, depress the
hand lever fully and allow it to return completely
to the top of its travel.

(5) To encipher or decipher a message, observe the

normal operating procedures with the following
exceptions:

(a) Zeroizing of the rotors can be accomplished with

greater speed by moving the rotors manually to the
"0" position.

(b) In determining the message rotor alignment, it is

mandatory that each numeral key (1 through 5) be
individually held in a depressed position until the
downward motion of the hand lever has been
completed. Failure to observe this requirement will
prevent the stepping control rotors from advancing.

20. Tandem Operation.-Tandem operation provides an

immediate automatic check of the encipherment of the
message, a check on the operation of the enciphering
machine, and an exact copy of the plain text of the
message.

a. The machines have been provided with input and

output tandem plug receptacles at the rear for
tandem operation. Two machines can be connected so
that one automatically deciphers the enciphered text
produced by the other. When two machines are
connected in tandem, errors will occur if only one
machine is operated at a time or if the enciphering
machine is operated faster than 40 words per minute.
Tandem operation cannot be employed when emergency
hand operation is used.

b. Two lengths of tandem cables are available. By using

the longer cable it is possible to connect two
machines in tandem after they have been installed in
Chests CH-76

15

--------------------------------------------------------

if the upper shelves are fully extended. When the

shelf of a CH-76 is fully extended, a support should
be placed under the front edge of the shelf to
prevent its possible collapse.

c. The machines will be prepared for tandem operation as

follows:
(1) Determine which machine has the slower speed. This
may be accomplished by preparing the two machines
for individual operation and turning the controller
to the same position on both; i.e., if one machine
is set at "P," set the second machine at "P" also.
Set the stroke counter on each machine at zero.
Press simultaneously the "Repeat" and "Blank" keys
of both machines, holding them down approximately
one minute. Release the keys simultaneously and note
the counter readings. The machine showing the higher
reading should be chosen as the deciphering machine
and should be placed at the right of the other. The
SLOWER machine will be the enciphering machine.

(2) Disconnect the power lead of the deciphering machine

and tape or tie it so that it cannot accidentally be
plugged into a source of power, but leave the ground
clip connected. Should both machines be connected
to a source of power while operating in tandem,
fuses may be blown and damage may result.

(3) Check fuses in the master machine and replace with

10-ampere if equipped with 5-ampere. Five-ampere
fuses are insufficient to start both motors at once.

(4) Using the tandem cable supplied, connect from the

output on the enciphering machine to the input of
the deciphering machine. Plugs are so constructed
that they will fit only one way. The plugs must be
completely inserted or improper operation may
result. Care must be exercised in connecting the
tandem cable in order to prevent bending the
plug contacts or breaking the fiber insulators on
either the tandem cable or the receptacles of the
machine. A twisting motion should not be used in
either inserting the plugs or removing them. A light
coat of oil on the contacts will facilitate
insertion and removal of plugs without interfering
with the operation of the machines.

d. Tandem operation is accomplished as follows:

(1) Turn the controller of the enciphering machine to

"R" and the deciphering machine to "P." Determine
the message rotor alignment for the enciphering
machine in accordance with paragraph 15.

2) Turn the controller of the enciphering machine to

"P" and the deciphering machine to "R" and align the
rotors to the same message rotor alignment in
accordance with paragraph 15.

(3) Turn the controller of the deciphering machine to

"P" and type the necessary plain text, the system
indicator, and the message indicator.

(4) Set the enciphering machine at "E" and the

deciphering machine at "D." Proceed in accordance
 with normal operating procedure The enciphering
machine will print the enciphered text, while the
second machine will print the decipherment of the
enciphered text, i.e., a duplicate of the plain text
as typed.

16

--------------------------------------------------------

SECTION VI
AIDS FOR DECIPHERING GARBLED MESSAGES

Paragraph
Introductory Information 21
When No Plain Text Appears 22
When Some Plain Text Appears 23

21. Introductory Information.

a. A detailed explanation of certain errors which may

occur in messages enciphered by means of ASAM 1 is
listed below in paragraphs 22 and 23 under the
headings "When No Plain Text Appears" and "When Some
Plain Text Appears." The errors are listed according
to the frequency of their occurrence and the time
necessary to correct them. Corrective measures
are given for each error below the listing of the
error. It is suggested that the corrections be tried
in the order in which they are listed. Before trying
any of the suggestions given below, the deciphering
operator should check his own work to see that he has
not deviated from prescribed procedure or made
careless errors.

b. All errors, except typing errors, should be brought

to the attention of the crypto-security officer.

22. When No Plain Text Appears.

a. Missing or additional groups at the beginning of the

message.

CORRECTION PROCEDURE.-If checking the group count given

in the message heading against the actual number of
groups indicates that one or more groups are missing, or
have been added, align the rotors to the message rotor
alignment.

(1) If one or more groups are missing, turn the

controller to "D" and advance the rotors by striking
the "Blank" key as many times as there are missing
 letters. Decipher, beginning with the first group of
the message.

(2) If one or more groups have been added, omit the

indicated number of letters and decipher.

b. Wrong system.

CORRECTION PROCEDURE.

(1) Try deciphering the message using any other ASAM 1

cryptosystem held in common with the enciphering
station.

c. Failure to zeroize and realign if a rotor is

advanced beyond the proper alignment in aligning the
message rotor alignment.

CORRECTION PROCEDURE.

(1) Zeroize the machine.

17

--------------------------------------------------------

(2) When beginning to realign the rotors, advance the

first rotor 26 characters beyond the letter to which
it should be aligned, i.e., if the letter "B" has
been selected as the first letter of the message
indicator, advance that rotor until "B" appears on
the white reference mark a second time and proceed
to decipher. (The other four rotors will be aligned
to normal positions.)

(3) If plain text does not result, zeroize the machine

again and continue the process, advancing each
rotor, in turn; an extra cycle. Four of the rotors
must always be aligned correctly.

d. Message received with wrong date-time group or

without date-time group.

CORRECTION PROCEDURE.

(1) Try the rotor arrangement and the index alignment

for the date preceding and the date following the
date appearing in the message.

(2) If no date appears in the message, try to decipher

the message using the rotor arrangement and index
alignment for the date following and the date
preceding the date of receipt.

(3) Try the rotor arrangement and index alignment for

the same day of the month preceding and the month
following the current one.
(4) If the date appearing in the message is different
from the date of receipt, try the date of receipt
(if not tried in (1) above).

e. Failure to align to message indicator.

CORRECTION PROCEDURE-Zeroize the machine and begin

decipherment without aligning the rotors to the
indicator.

f. Transposition of letters of message indicator in the

alignment of rotors.

Examples:
LEFLU aligned LEFUL
LKMNS aligned MKLNS
ALIFE aligned FAILE

(The enciphering operator is likely to exchange the

position of two letters when the result forms a
pronounceable group or when the two letters are often
seen in reverse.)

CORRECTION PROCEDURE.

(1) Transpose adjacent letters in the message indicator

and attempt to decipher the message.

(2) Transpose letters separated by only one letter and

attempt to decipher. For example, transpose the 1st
and 3d letters of the indicator and attempt to
decipher.
(3) Try aligning the rotors to various other
arrangements of the letters in the indicator

g. Incorrect alignment of index rotors.

CORRECTION PROCEDURE.

(1) If the system indicator is for CONFIDENTIAL

messages, try the SECRET index rotor alignment, and
then the RESTRICTED index alignment. Use the same
idea for messages of other classifications.

(2) Use the index rotor alignment for the date preceding
and the date following the date appearing in the
message.

18

--------------------------------------------------------
h. Incorrect alignment of stepping control and alphabet
rotors.

CORRECTION PROCEDURE.

(1) Decipher, using the system indicator as the message

indicator.

(2) Decipher, using the 26-30 check group as the message

indicator.

(3) If the message is divided into parts, use as the

beginning alignment the reading left on the machine
after decipherment of the previous part.

(4) If the letter "0" is to be aligned, do not advance

the rotor 26 times in aligning the message indicator

(5) Align stepping control rotors to letters of message

indicator which might have been misread, e.g., Q and
0, N and M, W and M (reversed).

(6) Align stepping control rotors to letters which are

adjoining letters of message indicator.

i. Incorrect rotor arrangement, the operator having

failed to make the 26-30 check.

CORRECTION PROCEDURE

(1) Check the daily rotor arrangement table for "R"

(reverse) designations which are faint enough to be
overlooked.

(2) Try consecutively each of the reversed rotors in the

normal position; then all of the reversed rotors in
the normal position.

(3) Exchange positions of the 6 and 9 rotors.

(4) Exchange the positions of the last two alphabet

rotors on the right.

j. Additional groups at the beginning of the message

when group count checks. (This sometimes occurs when
the operator makes an enciphering error and realigns
to the message indicator without tearing off the
cipher letters already printed on the tape.)

CORRECTION PROCEDURE.

(1) Align the stepping control rotors to the message

indicator and decipher, dropping the 1st, 4th, and
7th groups, etc., through approximately the 28th
group.

(2) When plain text results, realign the rotors to the

indicator and decipher, omitting the same number of
groups dropped in the above procedure.
k. An incomplete group or complete groups lost at the
beginning of the message when the group count
checks.

CORRECTION PROCEDURE.

(1) Align the stepping control rotors to the message

indicator; strike the "Blank" key once and decipher
the first three groups; strike the "Blank" key again
and decipher the 4th, 5th, and 6th groups; strike
the "Blank" key and continue this process up to the
13th group. Check the tape for plain text. The
number of blanks required to obtain plain text
represents the number of missing letters.

(2) If no plain text results from the above procedure,

without realigning the rotors, decipher the next
group (13th) six or eight times. Check for plain
text after each decipherment of the group and if
in doubt decipher the next group (14th); if plain
text still does not appear, decipher the 14th group
six or eight times, checking for plain text.

19

--------------------------------------------------------

l. Alignment of index rotors displaced.

CORRECTION PROCEDURE.

(1) Turn the index rotors forward one position, one at a

time, and attempt to decipher the message each time
a rotor is moved. (Four of the rotors will remain in
the original position.)

(2) If the above procedure does not result in plain

text, turn the index rotors backward one at a time
and follow the same procedure

m. Index rotor off center.

(This will result in monoalphabetic substitution
cipher text and should be reported to the
cryptosecurity officer immediately.)

CORRECTION PROCEDURE.- Place any index rotor in a

halfway position, i.e., halfway between two numbers.
Align the message indicator and decipher the
message. The alphabet rotors will not advance

n. Overstepping of an alphabet rotor.

CORRECTION PROCEDURE.

(1) With the rotors aligned to the message rotor

alignment, advance the 1st alphabet rotor one
 position and decipher the first one or two groups.
Check the tape for plain text.

(2) If plain text does not result, retard the 1st rotor
one position and advance the 2d rotor one position;
decipher the next two groups.

(3) If plain text still does not appear, follow the same
procedure for the 3d, 4th, and 5th rotors.

(4) When plain text results, realign the rotors to the

message rotor alignment, advance the correct rotor,
and decipher.

o Failure of stepping control rotor to advance when a

key is depressed during alignment of message indicator
on enciphering machine.

CORRECTION PROCEDURE.- Align the rotors to the message

rotor alignment, and then advance the alphabet rotors
one at a time and in all possible combinations. Each
time, decipher one or two groups. Check the tape
for plain text.

23. When Some Plain Text Appears.

a. Deletion of one or more groups.

CORRECTION PROCEDURE.

(1) Check the actual number of groups in the message

against the group count appearing in the message
heading. Realign to the message rotor alignment.
With the controller at "D," advance the rotors to
the point of garble by means

20

--------------------------------------------------------

of the "Blank" key. Record the rotor alignment and

counter reading. Strike the "Blank" key the same
number of times as there are missing letters, and
then continue with the decipherment of the message.

(2) If the above procedure does not result in plain

text, align the alphabet and control rotors manually
to the alignment at the point of garble as recorded
in (1) above. With the controller at "D," decipher
the group following the point of garble as many
times as necessary (without realigning the rotors)
until plain text appears, checking for plain text
after each decipherment. For example, if the garbled
text starts at a counter reading of 95 (19 groups),
decipher the 20th group as many times as necessary
(without realigning the rotors) until plain
text appears.
b. Added or repeated groups.

CORRECTION PROCEDURE.

(1) If a check of the group count shows that one or more

groups have been added or repeated, realign to the
message rotor alignment. With the controller at "D,"
advance the rotors to the point of garble by means
of the "Blank" key. Record the rotor alignment and
counter reading. Omit the indicated number of groups
and continue to decipher.

(2) If the above procedure does not result in plain

text, decipher the 11th group following the garble
as many times as necessary (without realigning the
rotors) until plain text appears. Check each
decipherment of the group for readable text. For
example, if the recorded letter count at the point
of garble is 205 (41 groups), decipher the 52d group
as many times as necessary (without realigning the
rotors) until plain text appears. If there are not
11 groups following the point of garble, decipher
the next to the last group of the message (exclusive
of indicators) as many times as necessary (without
realigning rotors) until plain text appears. (3) The
number of extra groups can be determined by
subtracting from 11 the number of times the 11th
group was deciphered to produce plain text.

c. One letter of a six-letter group (made by defective

spacing of the machine) is lost in handling.

CORRECTION PROCEDURE.-Realign to the message rotor

alignment. With the controller set at "D," advance the
rotors to the point of garble, strike the "Blank" key
once to replace the missing letter, and then decipher
normally.

d. Cipher group consisting of only four letters.

CORRECTION PROCEDURE.-Record the rotor alignment and

counter reading immediately before deciphering the four
letter group. Strike the "Blank" key once to replace
the missing letter, and then continue to decipher.

NOTE: In case an important word remains garbled in C or

d above, realign to the point immediately preceding the
group yielding garbles and decipher, striking the
"Blank" key in a different position until a logical word
is obtained. If necessary, consult a Morse error chart
for two-letter combinations commonly transmitted as one
letter. Substitute such letters in the cipher text and
decipher.

e. Cipher group consisting of six letters. (Occasionally

a six letter group will be printed because of a
machine fault, in which case all six letters will be
required to get plain text.)
21

--------------------------------------------------------

CORRECTION PROCEDURE.

(1) Record the rotor alignment and counter reading

immediately before deciphering the six letter group;
then decipher all six letters of the group and continue
to decipher several groups. If the result is a garble,
decipher only the first five letters of the group,
dropping the 6th, and continue to decipher several
groups. If there is still a garble, drop other letters
of the group one at a time until plain text results.

(2) Consult a Morse chart, if applicable, for single

letters commonly transmitted as two letters, and
substitute in the cipher. text.

f. Two or more letters garbled in transmission causing

an important word to be partially garbled.

CORRECTION PROCEDURE.

(1) Consult a Morse error chart or a teletypewriter

garble table for letters commonly garbled in
transmission. Substitute such letters in the cipher
text and decipher.

(2) Realign the rotors to the message rotor alignment.

Set the counter at zero and the controller at "E,"
and by means of the "Blank" key, advance the rotors
to the point of garble; then encipher the assumed
word, Compare the result with the cipher text
received. If the difference is justified by common
transmission errors, the assumed word is probably
correct. (In this event the operator must deliver to
the officer in charge of the cryptocenter the text
which was actually deciphered as well as the
correction.)

g. One hand of the enciphering operator misplaced on the

keyboard. (Note that words when deciphered retain
their correct length even though garbled) Example:
AIRCRAFT REOIRTED IOERATUBG IVER SOUTHERN AREA. (In
this example the right hand of the enciphering
operator was placed one position over from the
correct position.)

CORRECTION PROCEDURE.-Observe the text as it appears on

the tape. Fit in probable plain-text words and try to
justify them by a particular incorrect position of the
operator's hand.
h. One hand of teletypewriter operator misplaced on
keyboard in transmission. (Note that words do not
necessarily retain their correct length.) Example:
BOMBED AIRCLJFTWR GCBRTXDWOPERMXHJTYION GIAVER
SOUTHERN AREA.

CORRECTION PROCEDURE.- Assume a specific incorrect

position of the operator's hand. Replace the incorrect
cipher letters with the assumed correct ones and
decipher the result.

i. Stepping control rotors advancing incorrectly on the

enciphering machine.

CORRECTION PROCEDURE. - Realign the rotors and decipher

slowly, at the point of garble, observing the stepping
of the rotors. As "0" on the 3d stepping control rotor
passes the white reference mark, the 4th rotor should
advance once; as "0" on the 4th rotor passes the white
reference mark, the 2d rotor should advance once. In
case one of these rotors fails to advance at the proper
time move it forward by hand before striking the next
key. Then proceed to decipher the message.

22

--------------------------------------------------------

j. Stepping control rotors advancing incorrectly on the

enciphering machine.

CORRECTION PROCEDURE.

(1) If the 2d, 3d, and 4th stepping control rotors

advance at the point of garble, move back the 2d
rotor one position, and continue decipherment. If
plain text does not result, realign, move back the
2d and 4th rotors when they advance, and continue
decipherment. Then realign, move back all three
rotors one position, and continue decipherment.

(2) If only the 3d and 4th rotors advance at the point

of garble, move back the 4th rotor one position and
decipher. Then realign, if necessary, move back both
the 3d and 4th rotors one position, and decipher.

(3) If only the 3d rotor advances at the point of

garble, realign the rotors. Advance the rotors to
the last letter yielding plain text; record the
alignment of the rotors. Move back the 3d control
rotor one position and decipher, beginning with the
last correct letter. Check the tape for plain text.

(4) If plain text does not result, return to the

recorded alignment, advance the 4th rotor one
position and decipher; if plain text still
does not appear, follow the same procedure for the
 2d, 1st, and 5th rotors.

k. One alphabet rotor missing a step.

CORRECTION PROCEDURE.-To check for this fault on the

enciphering machine, realign the rotors and at the point
of garble move back the 1st alphabet rotor one position
and decipher three groups. If no plain text results,
advance the 1st alphabet rotor one position and move
back the 2d alphabet rotor one position . Then decipher
three more groups. If no plain text results, repeat this
process for each of the five alphabet rotors. (If the
last good letter of the text can be determined, only the
alphabet rotors which advance during the decipherment of
that letter need be tried.)

l. Overstepping of an alphabet rotor on the enciphering

machine.

CORRECTION PROCEDURE.-Repeat the process outlined in

paragraph 23k above, but this time advance the rotors
one at a time and attempt to decipher. (If the last good
letter of the text can be determined, only the alphabet
rotors which did not advance during the decipherment of
that letter need be tried.)

23

--------------------------------------------------------

SECTION VII
OPERATION IN AN EMERGENCY

Paragraph
General 24
Notification of Compromise 25
Emergency Key Phrase 26
Use of the Emergency Key Phrase 27
Emergency Message 28
Normal Traffic 29

24. General.-The procedure for operation of ASAM 1

during an emergency created by the compromise of all
keying materials in use or held in reserve by individual
holders is described in paragraphs 25 through 29. The
procedure provides a method whereby the data normally
contained in the key list is supplied to each holder by
a classified message in order that normal communications
may be maintained until uncompromised key lists and
rotors can be distributed.

25. Notification of Compromise.

a. Upon determination of a compromise the Chief, Army
Security Agency, The Pentagon, Washington 25, D. C.,
or the Chief, Army Security Agency, Europe, Pacific,
or Hawaii, whichever is applicable, will inform each
holder of ASAM 1 of the compromise by means of an
emergency message which will contain keying data for
a period of five days. The emergency message will be
identified by a special indicator reserved for that
purpose only.

b. The emergency message will be enciphered with the

currently effective rotors of the system. However,
the rotor arrangement and index rotor alignment used
will be based upon the emergency key phrase in effect
at the time of the compromise.

26. Emergency Key Phrase.

a. Emergency key phrase will be supplied each holder of

ASAM 1 in a sealed envelope which will not be opened
before the date indicated on the envelope. Each
emergency key phrase will be effective for a period
of two months, at the end of which time a new phrase
will become effective. The emergency key phrase will
be used only in connection with the encipherment and
decipherment of the emergency message. It will be
used to determine for that message:

(1) The stepping control and alphabet rotor arrangement.

(2) The index rotor alignment.

b. After the sealed envelope is opened, the emergency

key phrase will be memorized and the letter containing
it will be destroyed. No report of destruction is
required. To insure knowledge of the phrase at all
times, it will be memorized by the crypto-security
officer and each trick chief. Under no circumstances
will the emergency key phrase be recorded nor will the
letter be retained. Written evidence of the phrase would
defeat the purpose of the emergency system.

24

--------------------------------------------------------

27. Use of the Emergency Key Phrase.-The emergency key

phrase will be used for arranging and aligning the
rotors as follows:

a. Each key phrase will be at least 16 letters in

length, e.g., CAPTAIN JOHN SMITH

b. The first 10 letters will be numbered 1 through 0

according to their relative sequence in the normal
alphabet. Thus,
3 1 9 0 2 5 7 6 8 4
C A P T A I N J O H N S M I T H

Note that repeated letters, such as A in this example,

are numbered according to the order of their occurrence
in the key, from left to right. The last letter to be
numbered becomes 0, denoting the rotor numbered 0 in the
set.

c. Stepping control (middle) rotors will be arranged in

the cipher unit according to the first five numbers
of the key. Any number associated with a vowel (A, E,
I, 0, or U) indicates a "reversed" rotor. In this
example, the arrangement of the stepping control
rotors would be: 3, 1R, 9, 0, 2R.

d. The alphabet (rear) rotors will be arranged in the

cipher unit according to the sixth through tenth
numbers of the key. Any number associated with a
vowel indicates a "reversed" rotor. In this example,
the arrangement of the alphabet rotors would be: 5R,
7, 6, 8R, 4.

e. The index (front) rotor alignment will be derived by

taking the alternate numbers in the key, beginning
with the second number and proceeding through the
tenth. In this example, the numbers are 1 0 5 6
4. The numbers indicate the "units" digit of the number
to be aligned on each index rotor. Thus the index
alignment in this example would be 11, 20, 35, 46,
54.

f. After arranging and aligning the rotors as described

above, normal operating procedure for ASAM 1 will be
observed in enciphering and deciphering the emergency
message.

28. Emergency Message.

a. An emergency message, enciphered according to the

above outlined procedure, will be sent to all holders
of the compromised system. It will contain keying
data for a five-day period and will bear three
indicators, as follows:

(1) A special indicator which will indicate that it is

an emergency message. This indicator will be KINSL.

(2) The system indicator for the SECRET classification

of the compromised system.

(3) The message indicator.

b. The message will include the following items:

(1) Identification of the compromised system.

(2) Keying data arranged in the following order: date of
the month; stepping control rotor arrangement;
 alphabet rotor arrangement; SECRET index rotor
alignment and 26-30 check; CONFIDENTIAL index rotor
alignment and 26-30 check; RESTRICTED index rotor
alignment and 26-30 check.

c. A sample emergency message is illustrated below.

"REV" appearing after a rotor number indicates that
rotor is to be inserted in a reversed position.

SYSTEM NINE SIX FIVE THREE COMPROMISED PD FIFTEENTH

MIDDLE FIVE TWO SIX NINE ZERO REAR SEVEN ONEREV EIGHT
FOUR THE SEC

24

--------------------------------------------------------

FOUR EIGHT FIVE ZERO ONE CHECK MIKE KING LOVE OBOE
CHARLIE CONF THREE SEVEN FIVE FOUR ONE CHECK NAN GEORGE
TARE VICTOR ZEBRA RESTR FOUR EIGHT TWO ZERO SEVEN CHECK
DOG GEORGE OBOE WILLIAM YOKE PD SIXTEENTH MIDDLE TWOREV
NINE SEVEN FOUR ONE REAR THREE FIVE SIXREV EIGHT ZERO
SEC FOUR TWO EIGHT SEVEN ONE CHECK CHARLIE BAKER FOX
WILLIAM VICTOR CONF EIGHT TWO SIX FIVE THREE CHECK TARE
UNCLE OBOE PETER KING RESTR ZERO NINE TWO EIGHT SIX
CHECK QUEEN ZEBRA FOX UNCLE NAN PD SENTEENTH MIDDLE
ONEREV SEVEN NINE FOURREV TWO REAR EIGHT THREE SIXREV
FIVE ZERO SEC SEVEN FIVE TWO ONE SIX CHECK GEORGE VICTOR
BAKER JIG QUEEN CONF ONE FIVE ZERO EIGHT TWO CHECK TARE
SUGAR UNCLE OBOE DOG RESTR FIVE TWO NINE THREE SEVEN
CHECK OBOE FOX CHARLIE KING PETER PD EIGHTEENTH MIDDLE
FOUR SEVENREV TWO FIVE ZERO REAR THREE NINE SIX EIGHT
ONE SEC TWO THREE EIGHT ZERO FOUR CHECK HOW YOKE FOX
CHARLIE JIG CONF FIVE NINE TWO ONE ZERO CHECK GEORGE
WILLIAM PETER OBOE ITEM RESTR SEVEN ONE FIVE EIGHT NINE
CHECK DOG ITEM KING ROGER BAKER PD NINETEENTH MIDDLE SIX
TWOREV EIGHTREV ONE FOURREV REAR FIVE ZERO SEVEN THREE
NINE SEC NINE FOUR SEVEN ZERO ONE CHECK JIG HOW DOG FOX
ITEM CONF SEVEN ZERO FIVE THREE EIGHT CHECK LOVE GEORGE
MIKE PETER EASY RESTR NINE THREE SIX ONE FIVE CHECK MIKE
LOVE HOW GEORGE LOVE

d. The enciphered message, including the indicators,

will be arranged as follows:

EXAMPLE: KINSL RLMCR DOG TARE JIG XRAY LOVE MRWTX .....
GDLJC
1 2 3 4

l. Special indicator for Key-changing message.

2. System indicator for SECRET classification of the
compromised system.
3. Message indicator.
4. Text.

e. The emergency message will always contain keying data

for the day on which it is sent, regardless of the
time.

f. The keying data derived from the emergency key phrase

will not be employed for enciphering or deciphering
any other message. After deciphering the emergency
message, each holder will prepare the ASAM 1 for
operation using the data supplied in the message in
conjunction with the currently effective rotors of
the compromised system.

g. The deciphering copy of the emergency message will be

retained in the cryptocenter where it will be
safeguarded in the manner prescribed for registered
SECRET material. It will be destroyed five days after
the last date for which the keying data is contained
therein. In the event that an emergency destruction
of crypto- material is necessary, the plain text of
the emergency message will be the first item
destroyed.

h. In the event that replacement key lists and rotors

cannot be distributed to all holders within five
days, additional keying data will be supplied each
holder by classified message. This message will
resemble a normal message and will be enciphered by
means of the keying data supplied for the last date
in the emergency message.

24

--------------------------------------------------------

29. Normal Traffic.

a. The system indicators contained in the key list will

be used for all ASAM 1 traffic enciphered during the
emergency period. The special indicator KINSL is
reserved for the original emergency message only.

b. Operation of the ASAM 1 employing the keying data

supplied in the emergency message will conform to the
normal operating procedure for the machine.

DECLASSIFIED per SEC 3,4 E.O. 12958

by Director, NSA/Chief CSS
J.B. date 4-15-96
 APPENDIX 3

KEYING (OPERATING) THE ECM MARK II

This outline of the June 1945 (SIGQZF-2) keying

procedure describes how key lists were used to assemble
and align the rotors before enciphering a message. The
first instructions from July 1941 (SIGQZF) were changed
in June 1945 (SIGQZF-2) and again November 1945 (SGIQZF-
3). For example, SIGQZF-3 uses a totally different
method of determining message indicators that eliminated
the need for a daily rotor alignment of the control and
cipher rotors. Changes were made to minimize operator
errors, enhance security and speed up the operation. A
sample Army manual from 1949 is available online.

Although the index rotors were reassembled (changing the

order of the rotors) once a day during most of the war
(SIGQZF), starting with SIGQZF-2 they were kept in a
fixed order not requiring daily reassembly. The
operator consults the secret daily keylist and aligns
(rotates) the index rotor wheels differently for secret,
confidential and restricted messages. The index rotor
alignment is only changed when either the day ends, or
the classification of message to be encrypted changes.

Control and cipher rotors are also reassembled once a

day from the secret daily keylist, their alignment
however, was changed with each message. After the daily
assembly of all rotors and the alignment of the index
rotors, a check group is used to verify the initial-
ization and operation of the machine before any real
messages are encrypted. The rotors are zeroized, (cipher
and control rotors positioned on "O") and the letter A
is repeatedly encrypted until 30 cipher text characters
are printed. Then the 26th-30th letters are matched
with the check group supplied in the secret daily keys.

For each message, the secret daily keylist is consulted,

and the control and cipher rotors are aligned to an
initial position depending on the classification of the
message. Now the operator selects a group of any five
letters, except Z, at random to be the internal message
indicator. This internal message indicator is then
enciphered and the external message indicator
(enciphered internal message indicator) is printed on
the tape and transmitted with the message. The control
and cipher rotors are then aligned without printing to
the internal message indicator. The rotors are never
aligned to the external message indicator (the letters
printed on the tape), but always to the internal message
indicator. Now the body of the message may be enciphered
and transmitted with the external message indicator. If
the plain text exceeds 350 5-letter groups, the plain
text must be divided into 2 or more equal parts so
that no part exceeds 350 groups. For each part a new
internal message indicator is selected.
APPENDIX 4

COMPLIANCE WITH OPERATING PROCEDURES:

The security of a cryptographic system relies as much on

the operation of the cipher machine as the machine
itself. During WWII the U.S. created organizations to
formally train operators and to monitor U.S. operators
compliance with procedure. When an error was found the
first response was often a memorandum such as the one
replicated below. It provides a list of the most common
errors that could compromise the security of the
cryptographic system.

Navy Department
Office of Chief of Naval Operations
Washington, D.C.

CLASSIFICATION: CONFIDENTIAL Date: 27 Dec 1943

MEMORANDUM
COMMUNICATION IMPROVEMENT ITEM

From: Director Naval Communications

To: Commandant, Twelfth Naval District

The principles of communication security cannot be

overstressed, for such security is vital to the success
of operations. Errors which seem minor in themselves
may, when accumulated, offer to the enemy an entering
wedge for the eventual compromise of a system. The
object of this memorandum is to enlist your cooperation
in protecting our cipher systems and hence our national
security.
THE PRICE OF SECURITY IS ETERNAL VIGILANCE.

A communication such as COM 112 222105 DECEMBER may

endanger our interests because it appears to violate
security principles in the following respect(s):

DRAFTING: Plain language reference to encrypted

dispatches.

No reply to this memorandum is necessary, but your

cooperation in suppressing dangerous communication
practices is earnestly solicited.

CARELESS COMMUNICATIONS COST LIVES

The following is a list of some of common violations of

security principles:

DRAFTING:

Unnecessary word repetition

Unnecessary or improper punctuation
Plain language reply to encrypted dispatch
Classification too high
Precedence too high
Cancellation in plain language of an encrypted dispatch

ENCRYPTION:

"XYX" or "X"'s for nulls

"XX" & "KK" to separate padding from text
Same letters at both ends to separate padding from text
Continuity of padding
Seasonal and stereotyped padding
Repetition of generatrices (Ed. Note: CSP-845)
Systematic selection of generatrices (CSP-845)
Using plain text column for encryption (CSP-845)
Proper strips not eliminated as prescribed by internal
indicator (CSP- 845)
Improper set-up according to date
Using system not held by all addressees
Failing to use system of narrowest distribution

CALLS:

Enciphering indefinite call sign

Enciphering call signs of shore activities

CODRESS might have been used

TRANSMISSION:

Classified dispatch transmitted in plain language by

wire or radio, when not specifically authorized.
Dispatch might have gone to some or all addressees by
mail.
 APPENDIX 5

ECM MARK II SPECIFICATIONS

Input: Keyboard or electric via tandem plug.

Output: Printed tape or electric via tandem plug.
Speed: 45 to 50 Words per minute.
Power Supply: 40/70 cycle, 105-125 VAC or 105-125 VDC or
24 VDC 2 amps at 120 volts AC or DC, 3 amps at 24
VDC.

Approximate Size:
In operation: 15" x 19.25" x 12" or 2.1 cubic feet
In carrying case: 17.125" x 23" x 15.5" or 3.5 cubic
feet
Packed for long term: 19.5" x 27.5" x 18" or 5.6 cubic
feet

Approximate Weight:
In operation: 93.5 lbs.
In carrying case: 133.5 lbs.
Packed for long term: 195 lbs.

Cost:
By 1943, 10, 060 ECM Mark II's were purchased at an
estimated cost of $2,040 a piece. This does not include
the cost of spare parts; additional code wheel sets,
code wheel wiring that was done by the military;
modifications and upgrades, precursor machine
development, etc.
ADDITIONAL REFERENCES

[ASSA] Army Signal Security Agency (1946) History Of

Converter M-134-C (Sigaba) Vol I, II And III:
available from the US National Archives and
Records Administration (NARA); NSA Historical
Collections 190/37/7/1, Box 799, F: 2292, pp 468.

[ASA] Army Security Agency (1948) Historical and

Cryptologic Summary of Cryptosystems; ASAG 23;
Vol 1.

[DOA1] Department of the Army (1945) Crypto-Operating

Instructions for Converter M-134-C (short title:
SIGQZF-2)

[DOA2] Department of the Army (1946) Crypto-Operating

Instructions for Converter M-134-C (short title:
SIGQZF-3)

[DOA3] Department of the Army (1949) ASAM 1/1 Crypto-

Operating Instructions for ASAM 1. Note the new
designation of ASAM 1 for the ECM Mark II after
the war.

[OCNO] Office of Chief of Naval Operations (1943)

Memorandum Communication Improvement Item.
available from the NARA, Pacific Sierra Regional
Archive, RG 181-58-3224, 12th ND Commandants
Office General Correspondence, A6-2(1) Complaints
-Discrepancies, Security-etc.

[SAS-] Descriptions of the Authentication Systems may be

found in: Survey Of Authentication Systems 1942-
45 (1945), NARA; NSA Historical Collections
190/37/7/1, NR 3526 CBRK24 12960A 19420728.
[SAFF] Safford, L.F. (1943) History of Invention And
Development of the Mark II ECM (Electric Cipher
Machine) available from NARA. SRH-360 in RG 0457:
NSA/CSS Finding Aid A1, 9020 US Navy Records
Relating to Cryptology 1918- 1950 Stack 190 Begin
Loc 36/12/04 Location 1-19. In Feb 1996 the
version at NARA was redacted, but the full
document is now declassified.

[SFUS] Submarine Force U.S. Pacific Fleet (1944)

Cryptographic Aids Check-Off List: available from
NARA, Pacific Sierra Regional Archive, 181-58-
3201, S1313, S372, A6-3/N36 Cryptographic Aids.

[USNA] US Naval Administration in WW II, History of

Naval Communications, 1939-1945. Op-20A-asz, A12,
Serial 00362P20, 7 Apr 1948. available from the
Naval Historical Center; WW II Command File CNO;
Communications History; Microfiche No. F3561.

[WDO ] War Department Office of The Chief Signal Officer

(1941) Operating Instructions for Converter M-
134-C (short title: SIGBWJ)

[WDO1] War Department Office of The Chief Signal Officer

(1941) Operating Instructions for Converter M-
134-C (short title: SIGLVC) Department of the
Army (1941) Crypto-Operating Instructions for
Converter M-134-C (short title: SIGQZF)

[WDM1] War Department (1942) Maintenance Instructions

for Converter M-134-C (short title: SIGKKK)

[WDM2] War Department (1945) Maintenance Instructions

for Converter M-134-C (short title: SIGKKK-2)
SIGQZF, SIGBWJ, SIGLVC, SIGKKK, SIGKKK-2 are
available from NARA; NSA Historical Collections
190/37/7/1, NR 2292 CBLL36 10622A 19410300.

[WDG1] War Department (1945) General Instructions For

Converter M-134-C (short title: SIGBRE-1)
available from NARA; NSA Historical Collections
190/37/7/1, NR 4588 ZEMA35 13909A 19450600

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

20 March 1997
Revision 0

COPYRIGHT 1997
ALL RIGHTS RESERVED

LECTURE 24

SPECIAL TOPICS
COURSE NOTES

Lecture 24 will be devoted to special topics and will

present additional cryptograms for solution. I will
update and restructure my Volume II references and
resources file. Lecture 24 will constitute my final
efforts. Updated Volume II references will replace
Lecture 25.

Those students interested in course participation

certificates please advise me by e-mail, so I have an
idea how many to order.

Volume II of our textbook is available through RAGYR and

Aegean Park Press. You are encouraged to buy a copy.
All of the corrections presented to me by our capable
class are included in the book. Those interested in
signed copies please advise by private E-mail, and I
will maintain a small inventory for that purpose.

SUMMARY

I want to clean up some loose ends in the Transposition

area and then shift to a review of some of the more
popular ciphers presented in Lectures 1-20. I will
present more problems, not so much for a "final exam" as
for a chance to improve/enjoy our cryptographic skills.
I also want to present some additional legal information
regarding Defamation on the Net (an expansion on my
Privacy Lecture).

UBCHI

The Ubchi (the U is umlauted) is a double columnar

transposition cipher used by the Germans during WWI. It
was broken by the French thanks to in part to a radio
message sent in unprotected cleartext early in the
conflict.

The Ubchi had a keyphrase that was represented by

numerals according to the position of its letters. Two
identical letters were labeled consecutively if they
appeared in the same keyphrase. For example,

5 3 7 8 9 2 6 1 4 10
Keyword: h e r r s c h a f t

For the plaintext: First army X Plan five activated X

Cross Marne at set hour.

Ciphertext key block 1:

5 3 7 8 9 2 6 1 4 10
 h e r r s c h a f t
-------------------
F I R S T A R M Y X
P L A N F I V E A C
T I V A T E D X C R
O S S M A R N E A T
S E T H O U R

The ciphertext was taken off by columns in numerical

order of the keyword columns:

1 2 3 4 5 6 7
Ciphertext: MEXE AIERU ILISE YACA FPTOS RVDNR RAVST

8 9 10
SNAMH TFTAO XCRT.

(Note the 5 letters groups not observed.)

These groups were then transcribed horizontally into

another block beneath the same number sequence:

5 3 7 8 9 2 6 1 4 10
h e r r s c h a f t
-------------------
M E X E A I E R U I
L I S E Y A C A F P
T O S R V D N R R A
V S T S N A M H T F
T A O X C R T(Z)

The next step was to add as many Null letters as there

are words in the Keyphrase or Keyword. One null Z was
added after the last letter in the last row, T.

The German encipherer once more took these letters from

the block by columns in the same numerical sequence and
separated into standard groups of five letters each:

1 2 3 4 5 6 7 8 9
RARHZ IADAR EIOSA UFRTM LTVTE CNMTX SSTOE ERSXA YVNCI

10
PAF.

To decipher the message, the recipient first had to

discern the size of the transposition rectangle in order
to learn how long the columns were. This was accomp-
lished by dividing the total number of key numbers into
the total number of letters into the message (48 / 10).
The quotient was the number of complete rows. The
remainder 8 was the number of letters in the incomplete
columns. The succeeding steps reversed the corre-
sponding steps in the enciphering process.
Note the similarity with the U.S. Army Double Trans-
position Cipher System. Barker gives a detailed
breakdown of this type of cipher in his book. [BARK]
It is not coincidental that the two countries at war
had very similar cipher systems in play.

U. S. ARMY DOUBLE TRANSPOSITION CIPHER

One of the more interesting transposition ciphers is the

double transposition cipher. One of the guru's in this
area is Colonel Wayne Barker. His "Cryptanalysis of the
Double Transposition Cipher" is enjoyable reading. I
thank him for his liberal permission to excerpt from his
reference. [BARK2]

In its most effective form the double transposition

cipher is based upon two incompletely filled rectangles
with two different length keywords. Nulls must be added
before encipherment, not to the end after encipherment.
In the deciphering process, we must determine the exact
dimensions of the enciphering rectangles R-1 and R-2 by
keywords K-1 and K-2, respectively.

The process of encipherment is relatively straight

forward. The plain text is read into R-1 by rows, taken
out by columns in the order of K-1, transcribed into R-2
in rows and removed from R-2 by columns as dictated by
K-2. The ciphertext is then separated into the standard
groups of 5 letters for transmission.

The difficulty in decipherment occurs when we must

determine the exact dimensions of R-1 and R-2 as well as
the sequence and width of K-1 and K-2. Recall that we
can use the division of the message length by the key
length to give us the number of long columns and length
of the short columns. For example, for message length
99 with keylength of 13, we have:

7 - length of short column

------
keylength =13 | 99 - message length
91
--
8 - number of long columns

The length of the long columns is 1 more than short or

8. The number of short columns is 13 - 8 = 5.

This is Step 1.

To decipher the double transposition cipher, the

ciphertext letters are inscribed within R-2, whose
dimensions have been determined in Step 1, following the
column order of K-2. Thereafter, the horizontal letters
within R-2 are inscribed within R-1 following the column
order of K-1. The resulting plaintext is read horizont-
ally within R-1. So there we have Steps 2 and 3.

Messages In Depth

Regardless of how complex a transposition system may be,

the resulting ciphertext messages may be put in depth,
superimposed one above the other, the resulting columns
may potentially be matched against one another to
produce plaintext. Messages must be the same length.
This is not a difficult requirement, especially when
nulls are added to get an even number letters in groups
of 5.

In essence we construct a giant single columnar

transposition cipher of message length L. The problem
is reduced to juxtaposing (matching the columns) so that
the plaintext is readable.

Given the following six messages at L = 115 letters:

1 1 1 1 1 1 1 1 1 1 2
1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0

Message 1: T L R N T A H I I O D F Y N P T R I E A
Message 2: P E U L N R B Q T L C R L E W E X B O I
Message 3: T H N N I N U A T O T E E I S S X I O E
Message 4: T E N G I R A E E O R E E I L I X E E A
Message 5: O I E O L T I L W U V U R T O E O C R P
Message 6: T A F H E R N A D O S I I I T E H Y F W

2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 3 3 4
1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0

Message 1: O E E B T Y E I P O S V I V A E X R F T
Message 2: T E A Y A X J T N P W E I R W D X S E E
Message 3: V P O T H X G G I D O S R N E P X T I P
Message 4: V T D R E X P G R D S S R U E S X E I H
Message 5: R C R O A P E S U I I A W E N N X R O R
Message 6: G S W P I X C G R D E R U E G V X K I P

4 4 4 4 4 4 4 4 4 5 5 5 5 5 5 5 5 5 5 6
1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0

Message 1: I S R T W M B U F F O D R E E A E U S H
Message 2: S V E E O T O Y U A E A C P O R X W I E
Message 3: T S P N S N B N N N R I W T G U S S D T
Message 4: T G P E S U L T R N O I P T I T S V D E
Message 5: V I I U R T E S E N S H R Y Y R T N Y L
Message 6: D E P O S Y E I L N O H S T S C T E R Y

6 6 6 6 6 6 6 6 6 7 7 7 7 7 7 7 7 7 7 8
1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0

Message 1: E T E S R C C I R R T R Y E S N I S F S
Message 2: E O S E T Y W X N U R I N D T E L S R E
Message 3: E R R C T G S I O O R A F O O M K L O S
Message 4: E P H C S G T I N T L W O A A M N L T S
Message 5: S L A R E A P A L T A Y O N Y S M E U I
Message 6: H E Y C U O T E E A N E V E O M T R W M

1
8 8 8 8 8 8 8 8 8 9 9 9 9 9 9 9 9 9 9 0
1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0

Message 1: L S R F I A I O O C T Q O G D R U P E O
Message 2: C A S O A C M W S Y T R E S O E E T P L
Message 3: E O G L O O R R O D M O A M O A S N I R
Message 4: Y C C V O O R S O E A N E M N A S N Q S
Message 5: N P D W P S N T L A H E A O O D Q E C S
Message 6: E E R U O A C C N D R M E M L E H T A O

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
0 0 0 0 0 0 0 0 0 1 1 1 1 1 1
1 2 3 4 5 6 7 8 9 0 1 2 3 4 5

Message 1: E O A O I N A N R S R L S T U
Message 2: U P R O G E W K E E N E N S E
Message 3: T S A T R A O I A I L N W F F
Message 4: M E A E R U O R U E S N L F O
Message 5: I E I E E Y F O T N C T A R E
Message 6: L R A Y I D O T T S W N R T A

We look for letters of low frequency such as Q or QU

combinations. We may assume that the messages end in
X(s) for nulls. We start with this fact.

17 26 37 57 68
- - - - -
R Y X E I
X X X X X
X X X S I
X X X S I
O P X T A
H X X T E

Column 37 is the last, 26 is before it, and 17 with

three X's is the antepenultimate column.

17 26 37
- - -
R Y X
X X X
X X X
X X X
 O P X
H X X

Putting column 57 in the group gives us (QU)ERY and

(S)TOP. We might work back from this point with maybe
GENERAL SMITH for the last message. We can hook up the
QU's for breaks in the middle of the messages.

92 48 57 17 26 37
- - - - - -
Q U E R Y X
R Y X X X X
O N S X X X
N T S X X X
E S T O P X
(S) M I T H X X

Solve the rest.

Key Recovery After Anagramming

The next step in the process is to recover the keys.

Given 4 messages of L = 85 letters, and their anagramed

equivalent:

7 7 7 2 6 2 6 6 6 5 5 4 5 3 4 4 1 3 1 3
9 6 2 5 3 2 0 9 6 1 7 2 4 9 8 5 9 6 0 3

Message 1: M E S S A G E S I X O N E S T O P O U R
Message 2: W E A R E R U N N I N G I N T O H E A V
Message 3: T O C O M M A N D I N G O F F I C E R T
Message 4: O P E R A T I O N S O R D E R S I X T E

0 1 1 3 0 8 0 8 2 2 6 7 7 7 7 5 5 4 6 5
7 6 3 0 4 4 1 1 7 4 2 8 4 5 1 9 6 1 8 3

Message 1: A D V A N C E H A S B E E N S L O W E D
Message 2: Y M I N E F I E L D S S T O P W E U R G
Message 3: H I R D B A T T A L I O N S T O P H A V
Message 4: E N I S B E I N G S E N T Y O U B Y C O

6 5 3 3 0 4 2 4 1 0 0 8 1 3 1 2 8 7 7 2
5 0 8 5 9 7 1 4 8 6 3 3 5 2 2 9 0 7 3 6

Message 1: B Y H E A V Y M O R T A R F I R E S T O
Message 2: E N T L Y N E E D E N G I N E E R P E R
Message 3: E R E P R E S E N T A T I V E Y O U R U
Message 4: U R I E R S T O P A D V I S E B Y R A D
 6 2 6 7 6 5 5 4 5 4 4 4 2 3 1 3 0 1 1 3
4 3 1 0 7 2 8 3 5 0 9 6 0 7 1 4 8 7 4 1

Message 1: P W E N E E D C O U N T E R F I R E S T
Message 2: S O N N E L T O R E M O V E M I N E S S
Message 3: N I T H E R E T O M O R R O W F O R M E
Message 4: I O W H E N Y O U H A V E R E C E I V E

0 8 0 8 2
5 5 2 2 8

Message 1: O P X X X
Message 2: T O P X X
Message 3: E T I N G
Message 4: D I T X X

The C -> P sequence is also known as the anagram key.

Given the anagram keys we can recover the keys K-1 and
K-2.

The anagram key of the above ciphertext example is:

79 76 72 25 63 22 60 69 66 51 57 42 54 39 48 45 19 36 10
33 07 16 13 30 04 84 01 81 27 24 62 78 74 75 71 59 56 41
68 53 65 50 38 35 09 47 21 44 18 06 03 83 15 32 12 29 80
77 73 26 64 23 61 70 67 52 58 43 55 40 49 46 20 37 11 34
08 17 14 31 05 85 02 82 28

We can index the anagram key as follows:

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19
79 76 72 25 63 22 60 69 66 51 57 42 54 39 48 45 19 36 10

20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
33 07 16 13 30 04 84 01 81 27 24 62 78 74 75 71 59 56 41

39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
68 53 65 50 38 35 09 47 21 44 18 06 03 83 15 32 12 29 80

58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
77 73 26 64 23 61 70 67 52 58 43 55 40 49 46 20 37 11 34

77 78 79 80 81 82 83 84 85
08 17 14 31 05 85 02 82 28

The indexed version is known as the P -> C sequence. It

is also called the encipher key. Inverting the encipher
key index gives us the encipher key derived from the
recovered anagram key:

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19
27 83 51 25 81 50 21 77 45 19 75 55 23 79 53 22 78 49 17
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
73 47 06 62 30 04 60 29 85 56 24 80 54 20 76 44 18 74 43

39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
14 70 38 12 68 48 16 72 46 15 71 42 10 66 40 13 69 37 11

58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
67 36 07 63 31 05 61 41 09 65 39 08 64 35 03 59 33 34 02

77 78 79 80 81 82 83 84 85
58 32 01 57 28 84 52 26 82

The anagram key is the order of the ciphertext letters

to produce plaintext, and the encipher key is the order
of the plaintext letters to produce ciphertext.

>From the encipher key we derive the Interval Key. The

interval key provides the intervals both positive and
negative, between successive terms of the encipher key.:

+56 -32 -26 +56 -31 -29 +56 -32 -26 +56 -20 -32 +56 -26
-31 +56 -29 -32 +56 -26 -41 +56 -32 -26 +56 -31 +56 -29
-32 +56 -26 -34 +56 -32 -26 +56 -31 -29 +56 -32 -26 +56
-20 -32 +56 -26 -31 +56 -29 -32 +56 -26 -27 +56 -32 -26
+56 -31 -29 +56 -32 -26 +56 -20 -32 +56 -26 -31 +56 -29
-32 +56 -26 +01 -32 +56 -26 -31 +56 -29 +56 -32 -26 +56

We start at identifying K-1 length. There are three

lengthy repetitions in the interval key starting with
+56 and ending with -26. We look at the terms that give
rise to these repetitions.

27 83 51 25 81 50 21 77 45 19 75 55 23 79 53 22 78 49 17
20 76 44 18 74 43 14 70 38 12 68 48 16 72 46 15 71 42 10
-------------------------------------------------------
07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07

20 76 44 18 74 43 14 70 38 12 68 48 16 72 46 15 71 42 10
13 69 37 11 67 36 07 63 31 05 61 41 09 65 39 08 64 35 03
-------------------------------------------------------
07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07

The common difference is the length of K-1.

Setting up R-1:

-------------------
01 02 03 04 05 06 07
08 09 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31 32 33 34 35
 36 37 38 39 40 41 42
43 44 45 46 47 48 49
50 51 52 53 54 55 56
57 58 59 60 61 62 63
64 65 66 67 68 69 70
71 72 73 74 75 76 77
78 79 80 81 82 83 84
85

Using the derived encipher key, the first column is

27 83 51 25 81 50 21 77 45 19 75

We start by reconstructing R-2. We know that its

horizontal rows come from the vertical columns of R-1
and its vertical columns come from the terms of the
encipher key.

1
6 13 20 27 34 41 48 55
62 69 76 83 02 09 16 23
30 37 44 51
25
81
50
21

Knowing the width of R-2 gives the dimensions of R-2.

85 = 3 - 10's
5 - 11's

The reconstruction of R-2 continues as we discover the

order of columns in R-1 entering R-2. This is done by
knowing the vertical terms in R-2, which are successive
terms of the encipher key.

The reconstruction of R-1 and R-2 with keys identified

are:

04 02 06 03 07 01 05 K-1 =7
-------------------
01 02 03 04 05 06 07
08 09 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31 32 33 34 35
36 37 38 39 40 41 42
43 44 45 46 47 48 49
50 51 52 53 54 55 56
 57 58 59 60 61 62 63
64 65 66 67 68 69 70
71 72 73 74 75 76 77
78 79 80 81 82 83 84
85

3 6 4 1 8 7 5 2
----------------------
6 13 20 27 34 41 48 55
62 69 76 83 02 09 16 23
30 37 44 51 58 65 72 79
04 11 18 25 32 39 46 53
60 67 74 81 01 08 15 22
29 36 43 50 57 64 71 78
85 07 14 21 28 35 42 49
56 63 70 77 84 03 10 17
24 31 38 45 52 59 66 73
80 05 12 19 26 33 40 47
54 61 68 75 82

Solution where known plaintext occurs at any point

within the message.

Barker describes solution of several special "crib"

situations. He uses stereotyped beginnings, endings and
shows the process of overlaying the crib into R-1 and
converting it into R-2. Of more interest is the solution
when the plaintext crib is anywhere in the message.

Consider the following problem:

DTHIS ERTRS OUEST RRTER NMNCT ODANO TOCFO ARTPN

OEXOS VWMUW ODPOD ECNEQ APTIT AMIIF CAENA SWMCC
AILAO OIMOT DAJLG NRFOZ SPUOO RTTEO EBRRO INNE.
(119)

Known plaintext: ROAD JUNCTION QUEBEC FOXTROT TWO FIVE

EIGHT ZERO

K-1 = 9

Analysis:

The first step is to number the positions of the letters

in the ciphertext and make a bilateral frequency
distribution.

D-1 T-2 H-3 I-4 S-5 E-6 R-7 T-8 R-9 S-10
O-11 U-12 E-13 S-14 T-15 R-16 R-17 T-18 E-19 R-20
N-21 M-22 N-23 C-24 T-25 O-26 D-27 A-28 N-29 O-30
T-31 O-32 C-33 F-34 O-35 A-36 R-37 T-38 P-39 N-40
O-41 E-42 X-43 O-44 S-45 V-46 W-47 M-48 U-49 W-50
O-51 D-52 P-53 O-54 D-55 E-56 C-57 N-58 E-59 Q-60
A-61 P-62 T-63 I-64 T-65 A-66 M-67 I-68 I-69 F-70
C-71 A-72 E-73 N-74 A-75 S-76 W-77 M-78 C-79 C-80
A-81 I-82 L-83 A-84 O-85 O-86 I-87 M-88 O-89 T-90
D-91 A-92 J-93 L-94 G-95 N-96 R-97 F-98 O-99 Z-100
S-01 P-02 U-03 O-04 O-05 R-06 T-07 T-08 E-09 O-110
E-11 B-12 R-13 R-14 O-15 I-16 N-17 N-18 E- 119
(119)

A 28 36 61 66 72 75 81 84 92
B 112
C 24 33 57 71 79 80
D 01 27 52 55 91
E 06 13 19 42 56 59 73 109 111 119
F 34 70 98
G 95
H 03
I 04 64 68 69 82 87 116
J 93
K
L 83 94
M 22 48 67 78 88
N 21 23 29 40 58 74 96 117 118
O 11 26 30 32 35 41 44 51 54 85 86 89 99 104 105 110 115
P 39 53 62 102
Q 60
R 07 09 16 17 20 37 97 106 113 114
S 05 10 14 45 76 101
T 02 08 15 18 25 31 38 63 65 90 107 108
U 12 49 103
V 46
W 47 50 77
X 43
Y
Z 100

Now on to K-1 at length 9, we write in the known

plaintext:

1 2 3 4 5 6 7 8 9
-----------------
R O A D J U N C T
I O N Q U E B E C
F O X T R O T T W
O F I V E E I G H
T Z E R O

Focus on column 4 with the infrequent letters of Q and

V. We can establish this as a row in R-2. We locate
two columns that fit the pattern.

P P
 O N
D O
E E
C X
N O
E S
D Q T V R
A W
P M
T U
I W
T O
A D
M P

The column added to R-2 come directly from the

ciphertext. Lets analyze the positional information to
reconstruct R-2.

Q and V occur in positions 46 and 60. We can expect the

length of of K-2 will be a multiple of 14 because the
difference is 14. Letters occurring in the same column
of R-1 which occupy the same row of R-2 will be
separated in the ciphertext by a multiple of R-2 column
lengths. This is a multiple of the key. We might expect
that R-2 is 14 for a column length. Two rectangle widths
give rise to a column length of 14 for L = 119.

K-2 = 8
1] 119 = 7 - 15's
1 - 14

K-2 = 9
2] 119 = 2 - 14's
7 - 13's

Look at letters H and W:

H= 03

W = 47 50 77 --> distances of 44 47 74 which is

consistent with column length of 15 and 14 for K-2 =8.

So the width of R-2 is 8. We construct a analytical

matrix of width 8:

1 2 3 4 5 6 7 8

T O S Q A T
D R T V A S D O
T R O W P W A R
 H T C M T M J T
I E F U I C L T
S R O W T C G E
E N A O A A N O
R M R D M I R E
T N T P I L F B
R C P O I A O R
S T N D F O Z R
O O O E C O S O
U D E C A I P I
E A X N E M U N
S N O E N O O N
T O S Q A T O E

Using the DQTVR as the starting column, we locate

columns 5 and 4 of R-1:

8 3 6 1 5 7 4 2
O T A D Q T V R
R O S T A D W T
T C W H P A M E
T F M I T J U R
E O C S I L W N
O A C E T G O M
E R A R A N D N
B T I T M R P C
R P L R I F O T
R N A S I O D O
O O O O F Z E D
I E O U C S C A
N X I E A P N N
N O M S E U E O
E S O T N O Q

We mark off the known plaintext and work up and down

from the starting row to get the solution with K-1 =9:

1 2 3 4 5 6 7 8 9
-----------------
- O U R F O R W A
R D C O M M A N D
P O S T I S N O W
L O C A T E D A T
R O A D J U N C T
I O N Q U E B E C
F O X T R O T T W
0 F I V E E I G H
T Z E R O S T O P
R E A R C O M M A
N D P O S T R E M
A I N S I N P R E
S E N T L O C A T
I O N - - - - - -
Wayne's Contribution To Cryptography - Solution that
Requires No Known Plaintext Crib.

Colonel Barker found that any double transposition

cipher can be expressed as an equivalent single
transposition cipher.

Consider the following double transposition

encipherment:

3 2 1 5 4 K-1 = 5
--------------
1 2 3 4 5
6 7 8 9 10
11 12 13 14 15
16 17 18 19 20
R-1 21 22 23 24 25
26 27 28 29 30
31 32 33 34 35 13 X 5 matrix
36 37 38 39 40
41 42 43 44 45
46 47 48 49 50
51 52 53 54 55
56 57 58 59 60
61 62 63 - -

63 = 3 @ 13 long
2 @ 12 short

and

3 2 4 1 K-2 =4
-----------
03 08 13 18
23 28 33 38
43 48 53 58
63 02 07 12
17 22 27 32
37 42 47 52 16 X 4 matrix
57 62 01 06
R-2 11 16 21 26
31 36 41 46 63 = 3 @ 16 long
51 56 61 05 1 @ 15 short
10 15 20 25
30 35 40 45
50 55 60 04
09 14 19 24
29 34 39 44
 49 54 59 -

Ciphertext:

18 38 58 12 32 52 06 26 46 05 25 45 04 24 44
08 28 48 02 22 42 62 16 36 56 15 35 55 14 34
54 03 23 43 63 17 37 57 11 31 51 10 30 50 09
29 49 13 33 53 07 27 47 01 21 41 61 20 40 60
19 39 59 (63)

Note that where the plaintext is a straight numerical

sequence, the resulting ciphertext is the encipher key.
Exactly the same ciphertext or encipher key will result
from the following single columnar transposition cipher:

18 07 11 05 04 03 17 06 15 14 13 02 16 10 09 08 12 01 20 19
-----------------------------------------------------------
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
61 62 63

Ciphertext:

18 38 58 12 32 52 06 26 46 05 25 45 04 24 44
08 28 48 02 22 42 62 16 36 56 15 35 55 14 34
54 03 23 43 63 17 37 57 11 31 51 10 30 50 09
29 49 13 33 53 07 27 47 01 21 41 61 20 40 60
19 39 59 (63)

matrix = 4 X 20

63 = 3 long @ 4
17 short @ 3

Very simply, the results of using the two double

transposition keys 3-2-1- 5-4 and 3-2-4-1 to encipher
message L = 63 can be duplicated by using the single
transposition key: 18-7-11-5-4-3-17-6-15-14-13-2-16-10-
9-8-12-1-20-19. This result does not surprise the pure
mathematicians in the group. The equivalent key, Keqv,
reflects K-1, K-2 and the message length.

K-1 (length) X K-2 (length) = Keqv (length of single

transposition key)

To successfully attack the Keqv problem, the length of

the message, L must be longer than the key.
Plaintext:

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
52 53 54 55 56 57 58 59 60 61 62 63

Ciphertext:

18 38 58 12 32 52 06 26 46 05 25 45 04 24 44
08 28 48 02 22 42 62 16 36 56 15 35 55 14 34
54 03 23 43 63 17 37 57 11 31 51 10 30 50 09
29 49 13 33 53 07 27 47 01 21 41 61 20 40 60
19 39 59 (63)

K-1: 3-2-1-5-4

K-2: 3-2-4-1

Equivalent Single
Transposition Key:

Col 1 | Col 2 | Col 3 | Col 4

18-7-11-5-4-3-17-6-15-14-13-2-16-10-9-8-12-1-20-19

Two points: 1) Given two double transposition keys,

there are multiplicity of single columnar transposition
keys, each depending upon the length of the plaintext
being enciphered, and 2) Given a particular single
transposition key, there are only two specific double
transposition keys which will give rise to the single
transposition key; and both keys K-1 and K-2 may be
recovered regardless of the message length L. Keqv can
be considered a rotating matrix.

18 03 13 08 3
07 17 02 12 2
11 06 16 01 1 K-1
05 15 10 20 5
04 14 09 19 4

3 2 4 1
K-2

The rotating matrix will be in the form of a complete

rectangle and the correct rectangle can be recognized by
each of its rows containing a single, different term of
K-1. There are several symmetrical relations with
respect to this rotating matrix:
1. The row terms of the matrix are equal to each other
when considered (MOD n), where n = length K-1.

Modulus five for the above rotating matrix is:

(mod 5)

18 03 13 08 3 3 3 3
07 17 02 12 2 2 2 2
11 06 16 01 1 1 1 1
05 15 10 20 5 5 5 5
04 14 09 19 4 4 4 4

2. There is a difference relationship between row terms.

18 - 03 = +15
03 - 13 = -10
13 - 08 = +05
08 - 18 = -10

for the entire matrix, we have:

+15 -10 +05 -10

-10 +15 -10 +05
+05 -10 +15 -10
-10 +05 -10 +15
-10 +05 -10 +15

The differences are the same, only rotated. If we

renumber the values in each row as 'indicators' we have
the following row identifications:

4 1 3 2
2 4 1 3
3 2 4 1
1 3 2 4
1 3 2 4

The row of the matrix containing 1 will not rotate. It

will always reflect the value of K-2. The remaining rows
will rotate with the rotation depending on the length of
the message L. Each row in effect identifies one term of
the key K-1. If 2 occurs in a particular row, we know
that the position of that row will indicate the position
of 2 in K-1. If we can identify a particular letter of
the ciphertext as part of a column, we can identify one
of the terms in the rotating matrix. The value of that
term (mod n), will provide one of the terms of K-1. It
is related to all the terms in its row mod n.

The solution of ciphertext problems follows the same

lines as discussed previously on a single transposition
rectangle. Barker gives three interesting examples.
[BARK2] GUNG HO has also addressed the solution of
double transposition ciphers. [GUNG]
THE AUGUSTUS CIPHER

The Augustus Cipher is closely related to the Viggy, and

is attributed (possibly erroneously) to Emperor
Augustus. The rumor is that he used a passage from
Homer as the key to encrypt his messages. The key is
equal to the length of the plaintext. He used as much
keytext as required to meet the message size.

To encrypt the Mth letter of the plaintext, select the

Mth letter of the keytext; the position of this letter
in the alphabet determines the shift for the plaintext
letter. If the Mth plaintext letter is O and the Mth
key text letter is C, the shift is three, because C is
the 3rd letter in the alphabet, and thus O is replaced
by the R, which is 3 places further along in the
alphabet. The process is Mod 26. So, the plaintext
letter W encrypted by the key letter F (shift = 6) would
result in the ciphertext letter C.

Example:

Plain: London calling Moscow with urgent message.

Key Phrase: To be or not to be that is the question
whether

Plain: L O N D O N C A L L I N G M
Key Text: T O B E O R N O T T O B E T
Shift: 20 15 2 5 15 18 14 15 20 20 15 2 5 20
Cipher: F D P I D F Q P F F X P L G

Plain: O S C O W W I T H U R G E N T
Key Text: H A T I S T H E Q U E S T I O
Shift: 8 1 20 9 19 20 8 5 17 21 5 19 20 9 15
Cipher: W T W X P Q Q Y Y P W Z Y W I

Plain: M E S S A G E
Key Text: N W H E T H E
Shift: 14 23 8 5 20 8 5
Cipher: A B A X U O J

The Vigenere Tableau can be used to assign letters

similar to the standard Viggy. The main difference is
the Key text can be long and no repeating. The Augustus
cipher can be attacked by dictionary type attacks or
by high frequency letters is groups to identify small
parts of the text.

SCI.CRYPT CHALLENGE VIGGY

This challenge was issued by Howard Liu of U. C. Davis:

FWNGF XSMCK JSVGK WOGWZ FSJJP QIMJR ESIIM GFMIM GOGIU

DSDRX VFVTG GRDRR NOWCI KBOLZ EVVWV ACPLZ FSOVR PGAMX
WFVXZ QBNXY QINEE FGJJK JSHQF XSHIE VCACF WFZCV DFJAJ
OOFIJ GOMXY SIVOV.

ACA 's AAHJU (Larry Mayhew) solved this Viggy right

away. Try it.

HEADLINE PUZZLE

RIDDLER throws this Headliner from the Wall Street

Journal out for us to play with:

1. VJZ UXYMP LJQMG EKJR WMJVIMC'S JXYM XZ WIM

VKJGGCPPQ?

2. PNRO UN SWIODLSWJO OAYDBZUWNA OHZNDUM WM

CASWGOSB UN MOUUSO VWQTUM NROD ZDWRLYB.

3. FKOFMKS FKSZ THGUMKS ULDGU SLR NKQQKFMTSZ KX

YODEKXF OHFKHT JKHU.

4. QPKSYKE=CHKRZE FYHKG BKEKSPQ HEKSPQ ZU XYZJUEKJ

KJB YPBQFZJP.

5. EUAHBZTLB EU ZPEB NJUS IEDPZ JBH DCEUB ZT QJG

ZPH QLTTRYGU.

Solve the headlines; recover hat, setting and key.

ARISTOCRATS

With the help of FLORDELIS, here are a few Risties to

wet the appetite:

1. Naughty Words. K2

NF CH FXUS XE TDSSRHU HT EASSQW UHDS

ADSQXHGE FWNC JWSC N UNC WXFE WXE FWGUP
JXFW N WNUUSD. *UNDEWNOO *OGUERSC.

2. Be Flexible. K1

INPG NV: QCE FNSW, UYWNM, VECM SWNQ GNTSW,

SWNHWF CMWP GC FWNG WOXYG MWCMSW, YOPXW YCSVF
GYWB QOEBSK OP MSNUW.

3. Crackerjack. K?

DXYUV HLOCT LNBFAR MOBQC, ABDUT XBQC TXBS,

QBPUT MLQC HXUA RLNC, SYQCT OBQC, EFYQCOJ
SLQCT TDBQC YA CALSTLQC.

4. How's that again? K?

 PTUKAKDKNA NU "QBNALT": RA TGBRAQKJYT
RJQNOBDKNA ZNPEYT QTAQKDKFT DN PKUUTOTADKRY
ZNYTSEYRO DTAQKNAQ.

5. Gone with the wind. K?

KZDFLVYEAT DZBPVJSKX OXSKD FSKDLVYQGW.

KZDBLIYQGF LSGTQF. OZYF GXZBPVL GWSDBLV
OEATVPSYDL. DZBPVYGYQ JXZBPV QDFL.

SIMPLE VARIANTS

Here are a few "change-ups" to consider:

1. The way to get to nowhere.

SRE NR OCYNA MOOTG NI TTUCYLB AB ORP

SISE LCRIC NI DNU ORA GNIOGFLESM IH
SDN IFOH WYDO BYNA.

2. NKWO HWRY PIAV WNNI LKWE SABA ELOT LSEE

FPRO WTNE YTEY RANS NOOE HFSI ENGI BHRO
HSDA SAET ERPO ALEY R.

3. Value System.

FIUOY ACPSN NEPAD RECEF LTSUY LESSE FARET

ONINO ANREP EFLTC UYLES SEAMS NNYRE UOVAH
LERAE ENOHD TWILO EV.

Solve.

PATRISTOCRATS

Here are three fun Patristocrats for solution and key

recovery:

1. Sir Galahad to the Rescue.

IYAIS FWZBU BJLAX WVJAX OBLYB VNSJN DJSNY

ISJZP UUBVQ WVYBT IYVAA ISQAM BMQPL YFAJA
IVBIS JNFWR AVBMB QWTAV JSYNY FWRAV ATXPU UAI.

2. Orderly Words.

PHKWR HWMIA FDAYH JADUJ PUGXG HRXQI UJDQL

FDTXA UYDQH WMXWD WXDTI AXSUH KIDTI AXJAU
HKIDW IXJUH KIDJM PDYXA UHKI.

3. Oratory.

RFKRW UCQVK SYRFA UEKHC QVYDA HKIOK WAYAR

FIRRF KWKYA RUUEC DFVKJ TRFRU RFKYW AHKKD
FKAIJ XJURK JUCTF XKHRF.
KEY PHRASE

I don't recall discussing the Key Phrase cipher in much

detail. It is a regular cryptogram with a few new
twists: 1) a letter may represent itself; 2) a cipher
letter may represent more than one plaintext letter;
3) The key word is a 26 letter key phrase rather than a
disarranged alphabet.

Edgar Allen Poe like this particular cipher. Example:

Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: FORTITERINRESUAVITERINMODO

The Latin Key phrase fortiter in re, suaviter in modo -

"strongly in deed, gently in manner."

In Poe's example, the word GAMES would be enciphered

EFSIE.

Note that letters may be missing from the cipher key. To

solve a key phrase we start with a crib, and work back
and forward between the key sentence and the the
cryptogram. Remember that one cipher letter may stand
for several plaintext, but each plaintext letter has but
one substitute.

Try these two Key Phrase ciphers and recover their

phrases:

1. Evelyn Wood for drivers?

VET EETTA SERSEVSRT SA DOTTE ATSETER TD VESV

TV TESWUTD TSE VS ATREAT SEV VET EUSRTAUTSA
DTRED TE VTST.

2. Handsome salary.

ABE BAAV AEV VPEH EETE ABE VPEH EBEL EANT

BTEPAEHA PRREAEAL EPH AA EPTL ABE HPEPTE EAN
OPLLAA EENE AL LAE.

ROMANTIC FRENCH KEYPHRASE

Corinne Bure sent me a fun little challenge from France

(to her from her boyfriend).

Ciphertext:

11 10 02 08 21 23 30 04 06 09 01 07 12 16 21 23 30 21 24
10 02 03 05 21

Give it a try then see the answer.

NULL

The only way to attack Null ciphers is to try

everything. Here are four. The last in this group is a
Doosey.

1. Business advice.

We are soon to enlarge night operations. Temporary

workers all now transferred. Notify our trainees.

2. Daddy was a crypee. He rearranged his son's French

lesson:

aigle
conversation
printemps
dehors
entendre
tuyau
parler
premier
ouvert
pied
voyager
ferme
vite
casuel
vert
oreille
acheter
apporter
chien
secret
quelque
savant
sale
profond
liste
violon
citron

3. It's also Golden.

dashing brainy also Aesop giant fact maestro haggle

jail avenue aerie case menace aorta implant bashful
aegis brand swat.

4. The Key To Escape.

Sir John Trevanion was imprisoned in Colchester Castle

in England during the days of Cromwell. He received this
message and deciphered it rather quickly. Sir John was
in prison for only a short period before making his dash
for freedom. How long would it have taken you?
Worthie Sir John:-Hope, that is ye best comport of ye
afflictyd, cannot much, I fear me, help you now. That I
wolde saye to you, is this only: if ever I may be able
to requite that I do owe you, stand not upon asking of
me. 'Tis not much I can do; but what I can do, bee verie
sure I wille. I knowe that, if dethe comes, if ordinary
men fear it, it frights not you, accounting it for a
high honour, to have such a rewarde of your loyalty.
Pray yet that you may be spared this soe bitter, cup. I
fear not that you will grudge any sufferings; only if it
bie submission you can turn them away, 'Tis the part of
a wise man. Tell me, an if you can, to do for you any
things that you would have done. The general goes back
on Wednesday. Restinge your servant to command. R. T.

BACONIAN

Recall the 5 part substitute for each letter of the

Baconian Cipher:

A - AAAAA N - ABBAA
B - AAAAB O - ABBAB
C - AAABA P - ABBBA
D - AAABB Q - ABBBB
E - AABAA R - BAAAA
F - AABAB S - BAAAB
G - AABBA T - BAABA
H - AABBB U/V - BAABB
I/J - ABAAA W - BABAA
K - ABAAB X - BABAB
L - ABABA Y - BABBA
M - ABABB Z - BABBB

Any two dissimilar groups can be used to make a Baconian

cipher.

Try these two.

1. Carpenters Rule.

IXAPR IOBEE AEIOU POOOX BAYFG MAYOE EAGOA

TOAZI YAFQP LOAIO OLEOA IOACY EESAA AOIEZ
OEFAA EILOG AHWOK POOIE OABEO AEIRA VOEZB
DEOPA FYYSO OHEOE EKQEA OOBME ATREQ ENNAO
AEOCY OAMEA.

2. Tried and true.

1 2 1 1 1 1 1 1 4 2 2 1 1 2 5
1 5 1 3 2 5 3 3 1 5 1 6 1 6 1 2 1 2 1 3 2 2 1 1
ADFGX CIPHERS

The ADFGX cipher was invented by a skilled German

cryptographer during World War I. In the original ADFGX
cipher, there were three stages of encipherment, which
added to the difficulty. The alphabet square permitted
the enciphering alphabet to be inscribed in various
ways: vertically, horizontally, circular, etc. Anyway
that a Tramp could be defined, the cipher alphabet could
be used. A crib was usually necessary to expedite the
solution.

Here are three forms of the same cipher:

E B O N Y
a d f g x S P A C E B R O W N
--------- --------- ---------
a |A F L Q V C |A B C D E W B |A B C D E
d |B G M R W O |F G H I K H L |F G H I K
f |C H N S X M |L M N O P I A |L M N O P
g |D I O T Y E |Q R S T U T C |Q R S T U
x |E K P U Z T |V W X Y Z E K |V W X Y Z

Try these on for size:

1. Cashless. [WALLET]

EO EE PN PO EE NY PM PN SO EE PM EM DE EN PO NN DM
SM DY PN PM DN NN NY DM PO SO DM EM EM DY PO PN NO
NY SO DY PE DY EO EE SM DY DE EE PM PE DN PE DY DE
NO PO DN DM PE DE PN.

2. Four-Legged Creatures. [CALLED]

EE IE TO TS EH GS TE GE ES IH TE GR GR TO IO EE IE
TO TH TO TR TS TE TE IE EH TS ES TO EE GH IS TO TS
TR TO IH TE RH ES TO EH IR GH EE ES ES EE TS GH EO
TO ES.

3. About this cipher.

aa ff gf gg fd xa dg ff aa df xa ad gf dg gg fd gd
fg fa gd xf fd xa dg gd fg gg fd xa fa fd xa fa xd
xa dg da gf aa dg ga.

COLUMNAR TRANSPOSITIONS

These complete columnar transpositions should be easy:

1. Political Logic?
WSCCC SRTTE TIWTR EACFK HHTHH YDROT OPAAU USGOR
CEILO RYORW MONIN IOELE ELSMT NHTOC OOIOE ITDNH

2. They spit in your face too.

LEARM ENOAC AWMSG STYUH OESHL RVIUA UUMAR IAYEO

SNSGE METSY ETXHL FDSAO AYAYA IATET LHAHR IETAO
RLMNV HUDNU HSSYR PETCN IGTEA EEMRE TAMNL HRHLU.

NIHILIST TRANSPOSITIONS

I have always enjoyed the Nihilist ciphers. Basically it

is a square columnar which is written in by rows, and
removed by columns. We rearrange the rows and columns by
the same numerical (keyworded) sequence. For example:
1. Imported.

ISRSE EULCL SGRVT TESIU AOAEN HITHR YHEHN

FINOE DHANE TAUCS NYTPS NPRET MEHSI OEUER
AINIF CTCYI R.

2. Open 10 to 5.

IOINS YSKIL FSTAT DEIEO UATIF OAEOE OTSRT

AFSMS RTHSI NLCFH GNOTL WOEER NEMOU ORMHU
FTDIA ASCDN IIETC NPOTO CBFPK SIDCY.

DEFAMATION ON THE NET

Law on the net is way behind the technology. There is a

particular danger and risk in the area of Defamation and
Privacy. Assume that every thing you write on the net
can be read and disseminated to millions of readers,
without delay. This is particularly true if the
material is "juicy." This week the Supreme Court must
take up the questions of indecency and pornography on
the net. Do they hold that their jurisdiction is world
wide? Do they permit anyone to say anything - no matter
how bad - no matter how true - in favor of the First
Amendment Freedom of Speech provisions?

The cards are stacked the wrong way. A person defames

another when he or she makes a false statement about
that person that injures his or her reputation. This
includes both libel and slander.

It is possible for a person to go to a national

provider, like AOL, Free, upload 1,000,000 bytes of pure
trash about you or your family, their medical, sexual,
financial behavior - all being fiction! - to a common
bulletin board, and then drop the service, leaving
behind material that is perused by 1000's of people
a day using "search engines". In the real world,
reputation can be injured in public discussion, loss of
job opportunity, or professional contact. This is
especially true if one's circle of business and friends
is well connected to the cyber world. Defamation suits
involve big money - about $100,000 up front and
$150/hour against time spent.

Why? A statement only defames if it is untrue. If a

reasonable jury would say "so what if he called you..
how were you hurt?," then your case is not strong.
Even when your case is strong, system operators have
strong protection from liability. A major defense is the
public figure exception. Online services qualify for
this exception as both publishers and distributors of
information. The private figure is given more
protection. For practical purposes, a plaintiff can look
forward to many depositions to harass before he will get
his case before the jury. Amicus curiae briefs from all
sorts of groups will surface to stop any restriction on
the ability to defame your neighbor.

Even accusations detailing instances of dishonesty,

disloyalty, distasteful sexual practices, and other
reputation - staining events that never happened give
rise to defamation claims. Even if an online service
prints a retraction, how do you know that EVERY person
who saw the lies will get the retraction? in Europe? In
Africa? etc. The real problem created by defamations
is the set of unpleasant associations created by the
false accusations. Even when retracted, the negative
image is carried in the mind for years. "Mere opinion"
is protected speech as well as satirical and political
commentary. Look at the attacks on the President.

A violation of Privacy may arise from publishing

messages on an online service about a person's private
affairs that a "reasonable person" would find highly
offensive, and that are not part of the publics
legitimate concern. As a practical matter the
disclosure must be major and cause great pain and
embarrassment to lead to legal justification for
substantial money damages.

Privacy claims don't apply to events that occur in

public, are a matter of public record, or can be claimed
as newsworthy.

There is a variation on the standard right of privacy

called "false light" privacy. A false light claim arises
when someone reports something about someone else in a
misleading context that injures that person. The false
light claim needs to be offensive to the average reader
or viewer.

Another privacy-related right is that of publicity. It

prevents people from exploiting your name or image for
profit without consent through licensing arrangements
with the owner of the right.

The Daniel v Dow Jones, (520NYS2d 334) case relieved the

online provider from giving out erroneous information
that may injure another. The court stated, " The First
Amendment precludes the imposition of liability for
nondefamatory, negligently untruthful news." The only
exception to this is when a "special relationship"
existed with the systems operator.

Lance Rose has written an authoritative book on your

online rights called: "Netlaw," The Guidebook to the
Changing Legal Frontier, Osborne Mcgraw-Hill, NY, 1995.
[ROSL]

I feel that cryptography is our way of limiting the

damage - At least our E-mail can be safe from prying
eyes. We may not be able to stop the loose cannons, but
most of us have integrity and can protect our privacy
with the appropriate use of cryptographic tools.

ANSWERS TO LECTURE 24 PROBLEMS ****

Liu's Challenge Viggy:

Key = COVER.

Discovery: The actual side of your face never revealed

being trapped in a Labyrinth. I chase you. Hide
transfigurations - thousands of them. Movement of your
eyebrows make earthquake.

RIDDLER'S Headliner:

1. Can video games play teacher's aid in the classroom?

2. Move to liberalize encryption exports is unlikely to

settle fights over privacy.

3. Circuit City lawsuit shows the difficulty in proving

racial bias.

4. Seagram=Viacom trial damages images of Bronfman and

Redstone.

5. Investors in this fund might use gains to buy the

Brooklyn Bridge.

Key -- MEGAZORD
Setting -- MORPH
Hat -- RANGERS

5 1 4 3 2 6 7
R A N G E R S

M E G A Z O R
D B C F H I J
K L N P Q S T
U V W X Y Z
 E B L Y Z H Q Y A F P X G C N W M D K U O I S R J T
M M D K U O I S R J T E B L Y Z H Q Y A F P X G C N W
O O I S R J T E B L Y Z H Q Y A F P X G C N W M D K U
R R J T E B L Y Z H Q Y A F P X G C N W M D K U O I S
P P X G C N W M D K U O I S R J T E B L Y Z H Q Y A F
H H Q Y A F P X G C N W M D K U O I S R J T E B L Y Z

Aristocrats

1. At no time is freedom of speech more precious than

when a man hits his thumb with a hammer. Marshall
Lumsden.

2. Want ad: for sale, cheap, drop leaf table, leaves

open to seat eight people, hinge holds them firmly
in place.

3. Thief walks around block, notes lock shop, comes

back when dark, picks lock quickly, packs stock in
knapsack.

4. Definition of Sponge: an expansible absorption

module sensitive to differential molecular tensions.

5. Windstruck nightfowl blown downstream. windspread

soked. Bird alights amongst buckthorns, nightmare
flight ends.

Simple Variants

1. Backwards. Anybody who finds himself going in circles

is probably cutting too many corners.

2. Reverse each pair of letters. Know why Rip Van Winkle

was able to sleep for tenty years? None of his
neighbors had a stereo player.

3. Reverse the first two letters,then the next three in

sequence. If you can spend a perfectly useless
afternoon in a perfectly useless manner you have
learned to live.

Patristocrats

1. The tip of a lance borne by a charging knight in full

armor had three times as much penetrating power as a
modern high-powered bullet.

2. Four words that contain five vowels in alphabetical

order are abstemious, abstentious, arsenious and
facetious.

3. The trouble with some public speakers is that there

is too much length to their speeches and not enough
depth.

Key Phrase Ciphers

1. Sweet are the uses of adversity. The chief advantage
of speed reading is that it enables you to figure out
the cloverleaf signs in time.

2. Proverb. Better late than never. The good old days

were the days when your greatest ambition was to earn
the salary you cannot live on now.

Romantic French Keyphrase:

Use the French Phrase " L' essentiel est invisible pour
les yeux."

Invert the order and number sequentially.

L E S S E N T I E L E S T I N V I S I
33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15

B L E P O U R L E S Y E U X
14 13 12 11 10 09 08 07 06 05 04 03 02 01

The Plaintext converts to:

POUR TES YEUX L'EST EST L'OUEST" = For your eyes the
East is the West.

Nulls

1. Ist letters. Waste not want not.

2. Up the third column. To solve ciphers try everything.

3. After the letter A. Silence is golden.

4. Third letter after each punctuation mark. Panel at

east end of chapel slides.

Baconian

1. Vowels = A; consonants = B. Measure thrice before

cutting once.

2. Numbers represent how many times a letter is repeated

before it changes. Old friends are best.

ADFGX

1. SPEND; MONEY. Alt. Horizontals. Most of us wouldn't

have such fat wallets if we removed our credit
cards.

2. TIGER; HORSE. Straight horizontals. The Romans

 called the zebra a horse-tiger because of its
stripes.

3. Straight verticals. Another name for this cipher is

the checkerboard.

Columnar Transpositions

1. 8 x 10. How come those politicians who claim the

country is ruined try so hard to get control of the
wreck?

2. 10 x 12. Llamas are very shy, yet have great

curiosity and must examine anything unusual. Although
of the same order as camels they are smaller with no
hump.

Nihilist Transpositions

1. 321867594. A group of Russian Nihilists in the late

nineteenth century may have used this cipher for
secrecy.

2. 35976428110. The most difficult task of the medical

profession nowadays is to train patients to become
sick during office hours only.

ON A PERSONAL NOTE

Our course is complete. Together, we have made a

special contribution to the science of cryptography. We
have brought a new group of interested souls to the ACA.
We have revitalized the very outlook of the ACA. As we
move into the Millennium, we have accomplished our
professional goals and improved our skills.

It has meant a lot to me to be your class facilitator.

Please remember me when you write my VALE. Explain to
Y-ME that the two years that we have been in cipher-
space together was worth her patience.

Lastly, Classical Cryptography Course Volumes I and II

represent our best efforts to leave a lasting reference
in the study of the science of cryptography. Please
buy them, put them in your cryptographic library and
help us preserve a great legacy. Send me your comments,
solutions and questions, as you complete the various
lectures. So that I can order the correct amount, I
need to know how many of you want me to send you a class
participation certificate. It is not necessary to have
completed all the problems to be eligible. If you
enjoyed the effort and learned something along the way,
then I am happy to include your NOM.
If you have enjoyed my course in classical cryptography,
then Tell the EB, or write MICROPOD, FIZZY, QUIPOGAM,
SCRYER or PHOENIX. They will appreciate your comments. I
also would like to have your comments and evaluations so
that I can improve the material should I attempt a rerun
of this course at a later date.

My best to you and your families. Again, I am deeply

honored to have been your teacher / facilitator for this
course.

LANAKI
20 March 1997

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

30 JANUARY 1997
Revision 0

COPYRIGHT 1997
ALL RIGHTS RESERVED

LECTURE 23

DATA ENCRYPTION STANDARD (DES)

COURSE NOTES

DES represents the technological completion point of our

classical cryptography course. I originally designed
this course to meet ACA member needs and to cover the
various types of cryptographic systems that might be
found in the ACA bimonthly publication "The Cryptogram."
I believe that I have met and exceeded that goal.

DES is outside of the ACA purview. DES is also a

marvelous example of putting many of the principles of
our course into practice. For those interested, Schneier
presents a detailed discussion of more advanced
cryptosystems. He builds upon the DES theory discussed
in this Lecture. [SCH2] Also, reference [NIST90] is a
state-of-the-art discussion of modern cryptosystems and
is highly recommended.

Lecture 24 will be devoted to special topics and will

present additional cryptograms for study and solution.
I will update and restructure my Volume II references
and resources file. It along with solutions to Lecture
24's special topics problems will constitute my final
Lecture 25. As with every Tae Kwon Do form, there is a
birth and death of each movement; each movement having
its time, beauty, place and purpose. So too, I have
tried to create a course that has birth and death in
each Lecture and terminates with the appropriate
material. My gift is complete, only the packing is left.

Those students interested in course participation

certificates please advise me by e-mail, so I have an
idea how many to order.

Volume II of our textbook should be out of the editing

mode and into publication by Aegean Park Press in
February, 1977 (I think). I will make an announcement
as soon as it is available. Those interested in signed
copies please advise by private E-mail, and I will
maintain a small inventory for that purpose. (On a
personal note, I consider the signing of Volume I at our
convention quite an honor and I thank you' ll for the
recognition. Also thanks again to Dave Kennedy of NCSA
and MEROKE for their excellent book reviews.)

SUMMARY

Since its official introduction in 1977 by the National

Bureau of Standards, perhaps no other encryption
standard has been dissected by researchers and customers
as closely as the Data Encryption Standard (DES). DES
brings together much of the work that we have studied in
the past 22 lectures and adds some interesting new
principles such as Involution, Work Factor, Data
Dependency and Iterated Cryptosystems. There is a
wealth of resources describing DES. Many of the earlier
texts espoused that DES was unbreakable. Computer
technology has changed the machinery and that
assumption. The brilliant researchers, Biham and Shamir
in their "Differential Cryptanalysis," proved that the
DES was by itself not unbreakable and that the system
could be broken in its weaker forms on a personal
computer. [DIFF]

In 1997, NIST requested public comment on the AES or

Advanced Encryption Standard to replace their old
workhorse DES. It is amazing (and a testament to its
founders) that DES in its various forms has lasted for
so many years as a viable cryptographic package.

RESOURCES

There are several good references describing DES, its

variants and cryptanalytical attacks against it. [MEYE],
[KONH], [DENN], [KATZ], [STIN], [RHEE], [BIHA], [KOBL],
[SCHN], [SEBE], [WALS], [RYSK], [SCH2] and [HOFF]. I
will draw from most of these texts to describe DES and
its demise.

INTRODUCTION

In my opinion, DES represents the turning point from

classical cryptography into modern day cryptography.
Actually, DES is nothing more than a complex combination
of the substitution and transposition systems we have
previously studied. We need to define some new concepts
to understand why the DES combination of simpler systems
makes for such a strong cryptosystem in situ.

Due to the invention of computer systems and the

introduction of nation-wide computer networks, the
twentieth century has drastically changed the range of
data protection issues. As we move into the twenty-first
century, our concerns for data protection center around
protection of communication channels which not only
connect terminals to computers but create communication
networks among the host computers. Due to the natural
attributes of any channel, we have a communication
medium that is accessible to eavesdroppers so physical
security is useless. Cryptosystems are used to enforce
protection in communication channels.

BACKGROUND THEORY

1. INVERTIBLE TRANSFORMATIONS

Encryption is the key (the Australian's call it

"primitive") operation at the disposal of cryptography.
It is a special computation that operates on messages,
converting them into representation that is meaningless
for all parties other than the intended receiver.
Transformations effected on messages are so intricate
that it is beyond the means of the interloper to undo
the process. Almost without exception all modern
cryptosystems rely upon the difficulty of reversing the
encryption transformation as a basis for a secure
communication.

The encryption algorithm is chosen from a family of

invertible transformations known as the general system,
or cryptosystem. The parameter that selects the
particular transformation from the family is called the
enciphering key. The cryptosystem may take any of
several forms, say a set of instructions, a piece of
hardware or a program, one of which is selected by the
enciphering key.

Public key schemes are based on a class of functions

known as one-way trapdoor functions, derived from a
class of computationally difficult problems termed NP
(non-deterministic polynomial) problems. Private secret
key schemes, in contrast, rely on a series of complex
substitution and transposition operations, called
involution, which are very hard to analyze
mathematically. [STIN]

Formally, a cryptosystem is a single parameter family of

invertible transformations,

Ek ; K n K
where K is the keyspace, which is of finite length, with
elements K1,K2...Kn. If M is the message space and C is
the cryptogram or ciphertext space, then the system must
have the following properties:

o enciphering algorithm

Ek: M -> C

for any fixed encryption key K n K, is an invertible

transformation of the message space into the cryptogram
space, i.e. Ek(M) = C, where M n M and C n C;

_1
o there is an inverse algorithm Ek = Dk called the
decryption algorithm

Dk: C -> M, such that Dk(C) = Dk[Ek(M)] = M ;

o the keys uniquely define the enciphered message,

Ek1(M) .ne. (not =) Ek2(M) if K1 .ne. K2

Modern Cryptography deals with the design and analysis

of systems that provide secure communications or resist
cryptanalysis. A system is said to be compromised via
cryptanalysis if it is possible to recover the original
message, plaintext, from the ciphertext, without
knowledge of the key used in the encryption algorithm.
Cryptanalysis draws from such disciplines as probability
theory, number theory, statistics and algebra, topology,
chaos theory, matrix theory, non linear calculus,
algorithms, communication language, and redundant
properties of the language being investigated.

Cryptanalysis is a system identification problem and the

goal of cryptography is to build systems that are hard
to identify. An ideal system is one that has a flat
distribution for all statistical properties of the
cipher, implying that the redundant qualities of the
natural language have been obscured.

In 1948, Shannon characterized the two main methods of

uniformly distributing the redundant characteristics of
a natural language. [SHAN] First through diffusion ,
which spreads the correlations and dependencies of the
messages over substrings as long as feasible so as to
maximize the unicity distance (see section item 2). The
second approach is confusion, where the functional
dependencies of the related variables are mad as complex
as possible so as to increase the time needed to analyze
the system. DES takes maximum advantage of both of
these approaches.
The 'noisy channel' problem is analogous to the problem
of secure communication in cryptography - the noise
corresponding to the enciphering transformation and the
received message as the ciphertext. The role of the
sender, though, is to make the recovery of the original
message as difficult as possible, if not impossible.
Cryptographers seek to devise encryption techniques that
produce ciphertext that cannot be distinguished from
purely random bit strings by the opponent. [SEBE]

Figure 21-1
Noisy Channel

noise
|
|
M ----------+------------> M'
sender receiver

George Simmon's points out that the statistical

communication channel of the coding/decoding model has
been replaced by a game theoretic channel; nature has
been replaced by an intelligent opponent. Game theory is
a mathematical theory (and a political and relationship
[I'm ok - you're not] theory) that deals with the
general features of competitive situations, placing
particular emphasis on the decision-making process of
adversaries. [SIMM]

It is not sufficient that a cryptosystem be able to

thwart cryptanalysis alone. It should frustrate any and
all aims of unauthorized parties attempting to subvert
the integrity of a supposedly secure channel.

2. OPPONENT ATTACKS AGAINST A CRYPTOSYSTEM

Seberry identifies the typical aims of an opponent as

follows:

a. to determine the content of the message M;

b. to alter message M to M' and have M' accepted by the
receiver as a message from transmitter of M;
c. to initiate communications to a receiver and have the
interloper posing as an authorized transmitter. This
is also called 'spoofing'.

Traditionally, the first of these aims, known as the

privacy problem, has been our interest for about 22
lectures. Electronic communications has acquired a more
ubiquitous presence in public and private spheres. The
latter two aims have become more important in systems
design. Foiling these aims are known as the problem of
authentication and the problem of dispute. [SEBE]
3. DENNING MODEL

A cipher is considered breakable if it is possible to

determine the plaintext or key from the ciphertext, or
to determine the key from plaintext-ciphertext pairs.
Dr. Denning defines four basic methods of attack to
determine the adequacy of a prospective cryptosystem:
ciphertext-only, known-plaintext, chosen-plaintext, and
chosen-ciphertext.

Under a ciphertext-only attack, a cryptanalyst must

determine the key solely from the intercepted
ciphertext, through the method of encryption, the
plaintext language, the subject matter of the
ciphertext, and certain probable words may be known.

Under a known plaintext attack, a cryptanalyst knows

some plaintext-ciphertext pairs. Knowledge of probable
words allows a close approximation to the known
plaintext attack. Encrypted programs are particularly
vulnerable because of the appearance of keywords - e.g.
begin, end, var, procedure, if, then. Even if the
positions of these words are not known, reasonable
guesses may be made.

Under a chosen plaintext attack, a cryptanalyst is able

to acquire the ciphertext corresponding to selected
plaintext. This is the most favorable condition for the
cryptanalyst. A database system may be particularly
vulnerable to this type of attack if users can insert
elements into the database, and then observe the changes
in the stored ciphertext. Bayer and Metzger call this
the planted record problem. [BAYE]

Public-key systems have introduced a fourth kind of

attack: a chosen-ciphertext attack. Although the
plaintext is not likely intelligible, the key may be
deduced.

A cipher is unconditionally secure if, no matter how

much ciphertext is available or intercepted, there is
not enough information in the ciphertext to determine
the plaintext uniquely. With one exception, the one-
time pad, all ciphers are breakable given unlimited
resources, so we are more interested in ciphers that are
computationally infeasible to break. A cipher is
computationally secure or strong if it cannot be broken
by systematic analysis with available resources.

4. THREATS TO DATA STORED IN COMPUTER SYSTEMS

Information transmitted over electronic lines is

vulnerable to passive wiretapping, which threatens
secrecy, and to active wiretapping, which threatens
authenticity. Passive wiretapping (eavesdropping) refers
to the interception of messages, usually without
detection. Active wiretapping (tampering) refers to
deliberate modifications made to the message stream.
Encryption protects against message modification and
injection of false messages by making it infeasible for
the opponent to create ciphertext that deciphers into
meaningful plaintext. Note that whereas it can be used
to detect message modification, it can not prevent it.

Encryption does not protect against replay , because an

opponent could simply replay the previous ciphertext.
Protocols requiring acknowledgments normally prevent
against intentional message deletion.
Data in computer systems is subject to similar threats.
Threats to secrecy include: browsing, leakage and
inference. Browsing refers to searching through main
memory or storage for information and confidential
programs. If access controls are not employed,
ciphertext searching for identical information pairs may
be effective. Leakage refers to the transmission of
data to unauthorized persons by processes with
legitimate access to the data. Inference refers to the
deduction of confidential data about a particular
individual by correlating released statistics about
groups of individuals.

Threats to authenticity include tampering and accidental

destruction. Tampering with data in computer systems is
analogous to active wiretapping on communication
channels. Accidental destruction refers to the
unintentional overwriting or deletion of data. Norton
Utilities has been a great help in this area.

Computer systems are also vulnerable to another problem:

masquerading or spoofing. If an intruder can gain
access to a system under another users account, he has
access to all the information within that users domain.
Digital signatures provide a means to authenticate users
and processes.

5. INFORMATION THEORY - SHANNON'S CONCEPTS

Security is directly related to the difficulty assoc-

iated with the inverting encryption transformation(s) of
a cryptosystem. The protection afforded by the
encryption procedure can be evaluated by the uncertainty
facing an opponent in determining the permissible keys
used. Shannon [SHAN] characterized a system that has
perfect security with the following property: if an
opponent knows E (the encryption transformation) and has
an arbitrary amount of cipher, he/she is still left with
a choice between all messages from the message space
when attempting to recover the corresponding plaintext
for some ciphertext.

Let Pc(M) be the probability that a message M was sent

given that C was received, with C = E(M).

Perfect security is defined as:

 Pc(M) = P(M)

where P(M) is the probability that message M will occur.

Let Pm(C) be the probability of receiving ciphertext C
given that M was sent. Then Pm(C) is the sum of the
probabilities P(K) of the keys that encipher M as C:

K
Pm(C) = d P(K)
K,Ek(M) = C

where the bold K means across the space of keyspace K.

Usually there will only be one key K that satisfies

Ek(M) = C

A necessary and sufficient condition for perfect secrecy

is that for every C,

Pm(C) = P(C)

This means that the probability of receiving ciphertext

C is independent of encrypting it with plaintext M.
Perfect secrecy can only be assured if the length of the
key is as long as the message sent, and the cardinality
of the key space is the same as that of the message
space. These conditions ensure that the uncertainty of
the key and cipher are maintained and maximized.
Ciphers that could not be shown to have perfect secrecy
but did not disclose sufficient information to allow the
key to be determined, Shannon called ideally secret. By
not revealing more information than the unicity
distance, these systems were effectively unbreakable.

The opponent is faced with at least as much uncertainty

with respect to the message as he is with the key. The
only system that fits this definition is the one time
pad. The key used is a non-repeating stream of random
bits, and is discarded after each transmission. A
separate key is used for each transmission as two
ciphertexts encrypted with the same key could be
correlated. Being in possession of C adds no information
to the task of recovering M = Dk(C). Systems based on
Shannon's equivocation are unconditionally secure,
meaning the system will resist cryptanalysis even in the
presence of infinite computing power. The security of
the system is derived from statistical uncertainty. If
Hc(K), the entropy of the key, never approach zero for
any message length, then the cipher is considered
unconditionally secure.

Shannon assumed in devising his perfect ciphers that

opponents has access to unlimited computing power. It is
far from unreasonable though, to believe that any single
opponent, or cartel of opponents, except NSA, is in
possession of inexhaustible computing resources. Such
security measures as warranted by Shannon would appear
excessive, for what they are guarding against is not a
tangible threat. Modern cryptosystems look beyond
uncertainty and unicity distances to establish a basis
of security and, in particular, the work factor, the
ratio of the complexity of cryptanalyzing a system to
decryption, is taken as a strong indication of a
system's security. Security can be cited in terms of the
number of person/computer years needed to break the
system. The subtle distinction can be drawn between
perfect secrecy and cryptosecrecy, the first being
asymptotically defined while the latter appeals to the
concept of intractability. There does really exist a
general method to prove a cryptosystem is cryptosecure.
Designers have come to rely upon certification by
cryptanalysts, who with considerable zest attempt to
compromise the system using ad hoc and heuristic
measures, as an indication of a system's security.
History has repeatedly shown that systems purported to
be unbreakable by their inventors were demonstrated to
be far less secure than thought after being scrutinized
by cryptanalysts.

We have described the four basic attacks on a

cryptosystem. The systems security does not depend on
the concealment of its encryption transformation or
algorithm. Kerchkhoff's principle provides that the
algorithm is available for all to examine and study.
When E is revealed, a very difficult or inefficient
method is also revealed to compute the inverse of E.
Given the ciphertext C, the cryptanalyst can examine the
message space exhaustively until M is found such that
E(M) = C. This method is also called brute force.
Whenever a key of finite length is employed, it can
always be compromised by direct search methods. The
success of such an attack depends upon the work factor
associated with the cipher, i.e. the minimal number of
computations needed to invert the system. It should be
noted that the unicity distance indicates the number of
characters needed to determine the key, but it makes no
comment on the complexity of this task. A system can
disclose more ciphertext than its unicity distance
considers safe but still may remain cryptosecure.

A system is considered computationally secure if the

task of inverting E is computationally infeasible or
intractable. You might recognize this as similar to
the properties of NP (Non deterministic polynomial)
problems.

6. ENTROPY AND EQUIVOCATION

Information theory measures the amount of information in

a message by the average number of bits (binary digits
in 0, and 1's for a computer) needed to encode all
possible messages in an optimal encoding. For example
the Sex field in a personnel database, contains only one
bit of information because a 0 can represent a Male and
a 1 can represent a Female. We could spell the words out
, take up more space, but not yield more information. In
computer systems, programs and text files are usually
encoded in 8-bit ASCII codes, regardless of the amount
of information in them. Furthermore, text files can be
compressed by about 40% without losing any information.

The amount of information in a message is formally

measured by the entropy of the message. The entropy is a
function of the probability distribution over the set of
all possible messages.

Let X1, ..., Xn be n possible messages occurring with

probabilities of p(X1),......p(Xn), where:

n
d p(Xi) = 1
i=1

The entropy of a given message is defined by the

weighted average:

n
H(x) = - d p(Xi) log2 p(Xi)
i=1

If we write this sum over all messages X:

1
H(x) = - d p(X) log2 [-----]
X p(X)

In the example above, with the p(male) = p(female) = 1/2

H(X) = 1/2 log2 (2) + 1/2 log2 (2) = 1/2 + 1/2 =1

which confirms our observation that only 1 bit of

information is required in the sex field of the
database.

Intuitively, each term log2 ( 1/p(X) ) represents the

number of bits needed to encode message X in an optimal
encoding - that is it minimizes the expected number of
bits transmitted over a channel. The weighted average
H(X) gives the expected number of bits in the optimally
encoded message.

Because 1/p(X) decreases as p(X) increases, an optimal

encoding uses short codes for frequently occurring
messages at the expense of using longer ones for
infrequent messages. Morse code applies this principle.
The most frequent letters use the shortest codes.

The entropy of a message H(M), also measures its

uncertainty, in that it indicates the number of bits of
information that must be required to recover a message
distorted by a noisy channel or concealed through
ciphers. The uncertainty of a message cannot exceed
log2n bits, where n is the possible number of messages.

The rate of language for messages of length k is defined

as:

r = H(X)/k

which denotes the average number of bits of information

in each character. For English, when k is large, r has
been estimated to lie between 1.0 bits/letter and 1.5
bits/letter. The absolute rate of a language is the
maximum number of bits of information that could be
encoded in each character assuming all combinations of
characters are equally likely. If there are K letters
in the language, then the absolute rate is given by

R = log2K

which is the maximum entropy of the individual

characters. For English, this is 4.7 bits/letter. The
actual rate of English (3.2 bits/letter) is much less as
it is highly redundant, like all natural languages.
Redundancy stems from the underlying structure of a
language, in particular certain letter and combinations
of letter occur frequently, while others have a
negligible likelyhood of occurring (e.g. the letters
E, T, A, I, N and O occur very frequently, as do digrams
TH and EN, while Z and X are infrequent). The redundancy
of a language with rate r is defined as D = R - r. When
r =1 and R = 4.7, the ratio D/R shows that English is
about 79% redundant!

We note that the more redundant a language is, the

stronger the statistical relations between the letters
in a sequence. On the other hand, if a language has no
redundancy then occurrences of subsequent letters are
statistically independent.

We can easily calculate the entropy of a single letter

H1(M). Also the entropy H2(M) of two-letter words can be
found relatively easily. Unfortunately, the amount of
calculation for Hn(M) grows exponentially as a function
of n. The practical redundancy of a language is
expressed as:

rl = limit Hn(M)/n
n ->l

l = infinity
Equivocation, defined as the conditional entropy of
message M given that ciphertext C has occurred, is:

_ _
| 1 |
Hc(M) = d P(C) d Pc (M) log2 | ---- |
C M |_ Pc(M) _|

where Pc(M) is the conditional probability of message M

given ciphertext C has occurred. Shannon measured the
secrecy of a cipher with respect to its key
equivocation, Hc(K); for ciphertext C and key K, it may
be interpreted as the degree of uncertainty in K given
C, and expressed as;

_ _
| 1 |
Hc(K) = d P(C) d Pc (K) log2 | ---- |
C K |_ Pc(K) _|

where Pc(K) is the probability of K given C. If Hc(K) is

zero then there is no uncertainty in the cipher, making
it unbreakable.

The unicity distance of a cipher is defined as the

minimum message length that forces Hc(K) to approximate
zero. So, the unicity distance of a cipher is the
amount of ciphertext needed to uniquely determine the
key. Intuitively, as the length of the ciphertext
increases, the equivocation of the cipher decreases.

Seberry presents an interesting discussion of the

equivocation of a simple cryptographic system. [SEBE]
The results show that the calculation of equivocation
become more complex as the number of messages and keys
grow. She shows that the unicity distance of a cipher
may be calculated or estimated, but, unfortunately, we
may not be able to use this knowledge to break the
cipher. Based on unicity, she divides all ciphers into
two classes:

o the class of ciphers whose unicity distances exist

and are finite;

o the class of ciphers whose unicity distances are

infinite. Ciphers of this class are unbreakable
(so-called ideal ciphers).

Shannon defined the unicity distance of a cipher in

order to be able to get some quantitative measure of:

1. the security of the cipher (if the unicity distance

of a code is small then the cipher is insecure); and

2. an indication of the amount of ciphertext, N needed

to break the cipher.

It is given by:

H(K)
N w ------
D

where D is the redundancy of the language (3.2 bits per

letter for English) and H(K) is the information content
of the key.

7. SYMMETRIC ALGORITHMS - PRODUCT CIPHER

A product cipher E is the composition of t functions

(ciphers) F1,...,Ft where each Fi may be a substitution
or a transposition. Rotor machines are product ciphers,
where Fi is implemented by rotor Ri, 1s i s t. See
Lectures 21 and 22.

The famous ENIGMA (Lecture 9) machine used by Germany,

Japan, and their allies were of the multiple rotor type.
A variation, the Hagelin machine was used extensively by
diplomatic posts for many years. [KAHN]

These machines use symmetric algorithms - the same

secret key must be known to both the sender and
receiver.

8. MIXING TRANSFORMATIONS

Shannon proposed composing different kinds of functions

to create "mixing transformations", which randomly
distribute the meaningful messages uniformly over the
set of all possible cipher text messages. [SHAN]

Mixing transformations could be created, for example, by

applying a transposition followed by an alternating
sequence of substitutions and simple linear operations.
An algorithm (formal set of mathematical procedures or
steps to accomplish a goal) embodying this approach was
known as LUCIFER and was designed by IBM in the early
'70's. LUCIFER used a transformation that alternately
applied substitutions and transpositions. Figure 23-1
shows how the principle works with some small blocks (in
practice much longer blocks are used.) Figure 23-1 gives
a minute illustration of how substitutions and then
permutation may be used to encipher using involutions
only. The first three letters are substituted by
removing one to the right in the alphabet and the second
three letters are moved two to the right.
This can be deciphered by reversing the order of the
operations and applying the inverse of each substitution
and permutation.

Figure 23-1
Involution Example

A B C D E F
S1 B C D F G H
P1 H F G C D B
S2 I G H E F D
P2 G I E H D F

9. ITERATED CRYPTOSYSTEMS

We define an Iterated Cryptosystem as part of a family

of cryptographically strong functions based on iterating
a weaker function n times. Each iteration is called a
round and the cryptosystem is called a n-round
cryptosystem. The round-function is a function of output
of the previous round and a sub-key which is a key
dependent value calculated via a key-scheduling
algorithm. The round-function is usually based on lookup
tables (also known as S Boxes), bit permutations,
arithmetic operations and the exclusive-or operation
(usually denoted in most texts by a circle with a plus
sign in it - in my ASCII lecture I will use an alt-241
character (q) enclosed in parentheses to mean the
exclusive-or operation.)

LUCIFER was introduced in section 8. The round-function

of LUCIFER has a combination of non-linear S boxes and a
bit permutation. The input bits are divided into groups
of four consecutive bits. Each group is translated by a
reversible S box giving a four bit result. The output
bits of all the S boxes are permuted in order to mix
them when they become input to the following round. In
LUCIFER only two fixed S boxes (S0 and S1) were chosen.
Each S box can be used at any S box location and the
choice is key dependent. For a block size of 128 bits
and a 16 round cryptosystem there are 512 S box entries
for which 512 key bits are needed (for the eight round
variants 256 key bits are needed). A key expansion
algorithm that repeats each key bit four times reduces
the key size to 128 bits. Decryption is accomplished by
running the data backwards using the inverse of each S
box.

10. DATA ENCRYPTION STANDARD (DES)

The Data Encryption Standard (DES) is an improved

version of LUCIFER. DES is not, as my HAZMAT friend
suggests " a synthetic estrogen, diethylstilbestrol used
as a growth stimulant in food animals. Residues in meat
are thought to be carcinogenic."

DES is based on concepts described in Sections 1-9. It

was developed by IBM, scrutinized by NSA, and adopted by
the U.S. National Bureau of Standards (NBS) in 1977. For
a time it was the de-facto world encryption standard.

The Data Encryption Standard (DES) is a mathematical

algorithm used for the cryptographic protection of
computer data. The algorithm is designed for use with
binary-coded data and uses a 64-bit key to encipher 64
bits of information. The 64-bit key is of prime
importance since a unique key results in the crypto-
graphic generation of a unique set of 64-bits of
cipher text from 64 bits of plain text. Since the
algorithm is known to the general public, the
cryptographic security of the DES is dependent on the
security used to protect the key. Encrypted information
can be transformed into the original plain text through
a reversal of the algorithm process using the same key
that was employed for encryption.

The Data Encryption Algorithm (DEA) was designed so that

56 bits of the 64 bit key are used for the encryption
process and the remaining 8 bits are used only for
parity error-detecting bits. The key is divided into
eight 8-bit bytes (8 bits = 1 byte). In an 8-bit byte, 7
bits are used by the algorithm and the eight bit can be
used to maintain odd parity. From a complete 64-bit
block of plain text enciphered with a 56-bit key.

11. OVERVIEW OF THE DEA

DEA incorporates the following steps to encipher a 64-

bit message (block of data) using a 64-bit key:

1. A transposition operation, referred to as the initial

permutation (IP). This transposition does not use the
64-bit key and operates solely on the 64 data bits.

2. A complex key-dependent product transformation that

uses block ciphering to increase the number of
substitution and reordering patterns.

3. A final transposition operation, referred to as the

inverse initial permutation (IP-1), which is an
actual reversal of the transformation performed in
the first step.
 Figure 23-2
Overview of Enciphering process

Plaintext [ 64 data bits ] Input

|
|
|
ZDDDDDDDDDDDDDDDDDDDDDDDD?
3 Initial Permutation, IP3
@DDDDDDDDDDDDDDDDDDDDDDDDY
Standard |
Data |
Encryption |
Algorithm ZDDDDDDDDDDDDDDDDDD?
3 Product 3
DEA 3 Transformation 3
@DDDDDDDDDDDDDDDDDDY
|
|
|
ZDDDDDDDDDDDDDDDDDDD?
3 Inverse Initial 3
3 Permutation 3
3 IP -1 3
@DDDDDDDDDDDDDDDDDDDY
|
|
|

Ciphertext [ 64 data bits ] Output

The three major steps for DEA are shown in Figure 23-2.
The IP and IP-1, are simple bit transpositions; the
product transformation is fairly complex. Product
transformations are successive applications of
substitution and transposition ciphers. Large blocks of
data are transformed as a unit, providing the advantage
of increasing the number of substitution and reordering
patterns. This is also called block ciphering.

In the product ciphering step of DEA, the block cipher

substitutions are under the control of a cipher key
while transpositions are performed according to a fixed
sequence. Figure 23-3 depicts one iteration of the
product transformation, which includes the following
operations:

1. The 64-bit block of plaintext is divided into two 32-

bit blocks, denoted by Li and Ri for the left and
right halves, respectively.

2. The rightmost 32 bits of the input block become the

 leftmost 32 bits of the output block.

3. The rightmost 32 bits of the input block, Ri-1, goes

through a selection process yielding 48-bit data
block. This is a fixed selection and is it not key
dependent. We call this an expansion permutation.

4. The 64-bit key is used to generate a 48-bit subkey

Kn, where 1 s n s 16. Each Ki is unique and
corresponds to the ith iteration of the product
transformation.

5. The 48-bit subkey is added (modulo 2) to the output

of step 3 yielding a 48-bit result. This is also
called XORed (q).

6. The 48-bit output of step 5 is divided into eight 6-

bit groups, that are each subjected to a unique
substitution cipher that yields eight 4-bit groups,
that are concatenated to form a 32-bit output.

7. The 32-bit output of step 6 is permuted by simple

transposition to produce a 32-bit block.

8. The 32-bit output of step 7 is added modulo 2 to the

left-most 32 bits of the input block, denoted Li-1,
yielding Ri, which is the rightmost 32 bits of the
64-bit output block.

Steps 1 - 8 are repeated 16 times; this constitutes the

major part of the product transformation. The last step
is a block transformation (i.e. exchange) of the left
and right halves of the output of the last iteration.
The deciphering process is the exact reversal of the
encipherment process, in reverse order, K16 to K1.

Figure 23-3
One Iteration of DEA
ZDDDDDDDDDDDDDDDD? ZDDDDDDDDDDDDDDDD?
3 Li-1 3 3 Ri-1 3
@DDDDDDDDDDDDDDDDY @DDDDDDDDDDDDDDDDY
1,2,3 ..3 32 1,2,3 ...3 32
3 3
3 3
ZDD? ZDD? 3
3 q3<-------3 f3<-------- o
@DBY @DDY 3
3 ZDDDDDDDDDDDDDDDDDDDDY
3- 3---------------------o
ZDDDDDDDDDDDDDDDD? ZDDDDDDDDDADDDDDDDDDDD?
3 3 3 3
3 Li = Ri-1 3 3 Ri=Li-1(q)f(Ri-1,K1)3
@DDDDDDDDDDDDDDDDY @DDDDDDDDDDDDDDDDDDDDDY
1,2,3 ..3 32 1,2,3 ... 3 32
3 3
~ ~
12. COMPONENTS OF THE DATA ENCRYPTION ALGORITHM
Lets dissect the algorithm:

There are 6 components that make up the DEA:

1. The key schedule calculations, which generate 16

subkeys,

2. The XOR or modulo-2 addition [we use alt241 to

represent this (q)],

3. The cipher function, which comprises the main

operations in the product transformation,

4. The block transposition that yields the "preoutput

block" which serves as input to the inverse initial
permutation,

5. The initial permutation described as a selection

table,

6. The inverse initial permutation described as a

selection table.

13. KEY SCHEDULE CALCULATIONS

The key schedule calculations generate 16 subkeys,

referred to as Kn, required for enciphering and
deciphering processes. Each Kn is 48 bits long and is
derived through the use of permutation, selection, and
shifting operations.

The bits are numbered 1 - 64, going from left to right.

Parity bits are numbered 8,16,24,32,40,48,56, and 64
leaving the following bits for key schedule
computations:

1 through 7
9 through 15
17 through 23
25 through 31
33 through 39
49 through 55
57 through 63

The key schedule calculations are executed as follows:

1. The non-parity bits in the key go through a

permutation operation yielding two 28 bit blocks
denoted by C0 and D0. This is the starting point for
computing the subkeys.

2. C0 and D0 are circularly left shifted one place

yielding C1 and D1

3. Selected bits from C1 and D1 are tapped off yielding

subkey K1.

4. C1 and D1 are circularly left shifted one place

 yielding C2 and D2

5. Selected bits from C2 and D2 are tapped off yielding

subkey K2.

6. The process continues for subkeys K3 through K16.

Each Ci and Di is obtained from the preceding value
after a prescribed number of circular left shifts.

The key schedule calculations are summarized in Figure

23-4. Each subkey, denoted by Ki, is obtained through a
selection operation from Ci and Di. Ci and Di are
obtained from Ci-1 and Di-1, respectively, through
prescribed shift operations.

Figure 23-4
Key Schedule Calculations

[64-bit Key]
|
|
(permuted choice 1)
ZDDDDDDDDDDDDDDDDDDDDDDDDDDDD?
ZDDDDADDDD? ZDDDDADDDD?
3 C0 3 3 D0 3
@DDDDDDDDDY @DDDDDDDDDY
| |
[circular left [circular left
shift 1 place] shift 1 place]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C1 3 3 D1 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
| | choice 2)
| | @DD>K1
| |
[circular left [circular left
shift 1 place] shift 1 place]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C2 3 3 D2 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
| | choice 2)
| | @DD>K2
| |
[circular left [circular left
shift 2 places] shift 2 places]
| |

ZDDDDDDDDD? ZDDDDDDDDD?
3 C3 3 3 D3 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
 | | choice 2)
| | @DD>K3
| |
[circular left [circular left
shift 2 places] shift 2 places]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C4 3 3 D4 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
| | choice 2)
| | @DD>K4
| |
| |
[circular left [circular left
shift 2 places] shift 2 places]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C5 3 3 D5 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
| | choice 2)
| | @DD>K5
| |
| |
[circular left [circular left
shift 2 places] shift 2 places]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C6 3 3 D6 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
| | choice 2)
| | @DD>K6
| |
| |
[circular left [circular left
shift 2 places] shift 2 places]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C7 3 3 D7 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
| | choice 2)
| | @DD>K7
| |
| |
[circular left [circular left
shift 2 places] shift 2 places]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C8 3 3 D8 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
 | | choice 2)
| | @DD>K8
| |
| |
[circular left [circular left
shift 1 place ] shift 1 place ]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C9 3 3 D9 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
| | choice 2)
| | @DD>K9
| |
| |
[circular left [circular left
shift 2 places] shift 2 places]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C10 3 3 D10 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
| | choice 2 )
| | @DD>K10
| |
| |
[circular left [circular left
shift 2 places] shift 2 places]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C11 3 3 D11 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
| | choice 2 )
| | @DD>K11
| |
| |
[circular left [circular left
shift 2 places] shift 2 places]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C12 3 3 D12 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
| | choice 2 )
| | @DD>K12
| |
| |
[circular left [circular left
shift 2 places] shift 2 places]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C13 3 3 D13 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
 | -------------------------|-------->(permuted
| | choice 2 )
| | @DD>K13
| |
| |
[circular left [circular left
shift 2 places] shift 2 places]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C14 3 3 D14 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
| | choice 2 )
| | @DD>K14
| |
| |
[circular left [circular left
shift 2 places] shift 2 places]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C15 3 3 D15 3
@DDDDDDDDDY @DDDDDDDDDY
| | | |
| -------------------------|-------->(permuted
| | choice 2 )
| | @DD>K15
| |
| |
[circular left [circular left
shift 1 place ] shift 1 place ]
| |
ZDDDDDDDDD? ZDDDDDDDDD?
3 C16 3 3 D16 3
@DDDDDDDDDY @DDDDDDDDDY
| |
---------------------------------->(permuted
choice 2 )
@DD>K16

Initially CO and DO are obtained from the 64-bit key

through the use of permuted choice 1, which is
summarized in Table 23-1.

Figure 23-5
Permuted Choice 1
to calculate C0 & D0

[ cipher key (64-bits ]

 1 2 3 ... | 63 64

| |
| leftmost rightmost |
| bits bits |

(permuted choice 1)

| |

57 49 41 33 25 17 9 63 55 47 39 31 23 15
1 58 50 42 34 26 18 7 62 54 46 38 30 22
10 2 59 51 43 35 27 14 6 61 53 45 37 29
19 11 3 60 52 44 36 21 13 5 28 20 12 4

| |
| |
[ CO (28 bits) ] [ D0 (28 bits) ]
1 2 3 27 28 1 2 3 27 28

The cipher key active bits used to determine C0 are

57,49...36 etc. Similarly, the bits of D0 are
respectively bits 63,55..4 of the cipher key.

Permuted choice 2 is used to select a particular key Kn

from the concatenation of Cn and Dn. Cn and Dn are 28
bits long so that CnDn combined has bits that run from
1-56.

Figure 23-6
( Compression Permutation )

Permuted Choice 2
calculation of subkey Ki

<- 56 bits ->

<- 28 bits -> | <- 28 bits ->

--------------------------------------
| Ci | Di |
--------------------------------------
1 2 3 .. 55 56

| |
|----------o-----------|
|
|
14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32
 |
|

[ Ki ]
1 2 3 48

<-48 bits->

The number of circular left shifts for each iteration in

the key schedule calculation are:

Iteration # of circular left shifts

1 1
2 1
3 2
4 2
5 2
6 2
7 2
8 2
9 1
10 2
11 2
12 2
13 2
14 2
15 2
16 1

14. XOR - MODULAR- 2 ADDITION

A bit-by-bit addition modular 2 operation is used in

many steps of DEA; We denote it by q and define it as
follows:

q 0 0
---------
0 | 0 1
1 | 1 0

so for example: 1 0 0 1 0 1 1 0
q 1 1 0 1 0 0 1 1
---------------
= 0 1 0 0 0 1 0 1
15. CIPHER FUNCTION

The cipher function comprises the main operations in the

product transformation, f(A,Kn) where A is a string of
32 data bits representing Ri for encryption or Li for
decryption, and Kn is a 48 bit subkey determined by the
key schedule.

The cipher function combines the following operations:

1. A selection operation E that operates on the argument
A of 32 bits and produces a 48 bit result.

2. A XOR addition which adds the result of the selection

operation E and the 48 bit key Kn on a bit by bit
basis yielding a 48 bit results.

3. A unique set of selection functions Si that converts

the 48 bit result of step 2 to a set of 32 bits.

4. A permutation operation P that operates on the result

of step 3 and produces a 32 bit result.

Figure 23-7
Cipher Function

<-32 bits->
[ A ]

|
|

+
+
<-48 bits-> <-48 bits->
[ result ] [ Kn ]

3 3
3 3
@DDDDDDDDDDD q DDDDDDDDDDDY

|
|

ZDDDDDDD?
3 Si 3
3 S Box 3
@DDDDDDDY
|
<-32 bits-> <-32 bits->
[ A ] [ result ]

|
|

|
|

( f(A, Kn )
<- 32 bits ->
The selection function E, in Figure 23-8, yields a 48-
bit result wherein the bits of the result are
respectively 32,1,2,...1,.etc of the symbolic argument
A which may represent Ri or Li depending on the
function.

Figure 23-8
E Operation
(Expansion Permutation)

< -32 bits - >

[ A ]

|
|

32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1

|
|

[ E result ]
<- 48 bits ->

16. S BOXES

The unique set of selection functions Si take a 6-bit

block as input and yield a 4 bit result. A selection
function represented by a 4 X 16 matrix of numbers used
in a prescribed manner.

Input to the unique S Boxes 1-8 (selection functions Si)

is a 48-bit block, denoted symbolically as
B1B2B3B4B5B6B7B8.
Each Bi contains 8 bits. S1 is used for B1, etc.
The result of the selection of Si with Bi as an argument
Si(Bi) is computed:

1. The first and lasts bits of Bi represent a binary

number in the range of 0 - 3 denoted m.

2. The middle four bits of Bi represent a binary number

in the range of 0 - 15 denoted n.

3. Using zero-origin indexing, the number located in the

mth row and nth column of the Si's matrix is selected
 as a four bit binary block.

4. The result of step 3 is the output of the selection

function Si.

The output of a complete set of selection functions, is

a bit string IS:

S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8)

each of the Si's are 4 bit outputs.

For example:

Input to S1

1 0 1 1 0 0
---
=2

-------
= 6

use row 2, column 6 of S1

Table 23-1 gives the matrices corresponding to the

selection function S1 through S8.

Table 23-1

S BOX MATRICES

Matrices for the Selection functions S1 through S8

S1

14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

S2

15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10
3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5
0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15
13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9

S3

10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8
13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1
 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7
1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12

S4

7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15
13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9
10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4
3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14

S5

2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9
14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6
4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14
11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3

S6

12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11
10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8
9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6
4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13

S7

4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1
13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6
1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2
6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12

S8

13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7
1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2
7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8
2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11

The output of the set of eight selection functions, S1

through S8 is a string of 32 bits. This 32-bit output
goes through a permutation operation P which yields a
32-bit result and completes the cipher function. P does
not complete the algorithm, but only the cipher function
denoted by f(A, Kn). This final permutation in the
cipher function is given in Figure 23-9. The permutation
operation P yields a 32-bit result wherein the bits of
the result are 16, 7, ... etc of the 32-bit result of
the set of selection functions.

Figure 23-9
P Operation
Permutation Operation P of the Cipher Function

Output of Selection Functions

< -32 bits - >

 [ A ]

|
|

16 7 20 21
29 12 28 17
1 15 23 26
5 18 31 10
2 8 24 14
32 27 3 9
19 13 30 6
22 11 4 25

|
|

[ Result of Cipher Function ]

<- 32 bits ->

17. PREOUTPUT BLOCK

The output of the last iteration in the product

transformation goes through a block transformation
yielding a 64-bit result called the preoutput block. See
Figure 23-10. It is a simple exchange of R16 and L16.
The bits of R16 are followed by the bits of L16 and
constitutes a 64-bit block, with bits numbered from 1 -
64 from left to right.

Figure 23-10
Preoutput Block

<- 32 bits -> <- 32 bits ->

[ L16 ] [ R16 ] Output
of
|........................| Cipher
Function
|
|
|
(Block Transformation)
 |
|
Preoutput
[ R16 | L16 ] block
<-- 64 bits -->

18. IP

The initial permutation is the first step in the

standard data encryption algorithm and is a key-
independent permutation as shown in Figure 23-11.
The output of the IP are respectively, bits 58, 50,...2
etc. of the plain text input to the block. The result of
the IP is a 64-bit block. The leftmost 32 bits
constitute L0 and the rightmost 32 bits constitute R0.
L0 and R0 are the initial input blocks to the product
transformation.

Figure 23-11

IP

<-- 64 bits -->

[ Plain Text Input ]
1,2,3.. 63,64

|
|

58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8 IP
57 49 41 33 25 17 9 1 matrix
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7

|
|

<-- 64 bits --> Result of

[ Plain Text Input ] IP
1,2,3.. 63,64

| |

<- 32 bits -> <- 32 bits ->

[ L0 ] [ R0 ]
1,2,3..... 32 33,34..... 64

>> Input to cipher function

19. IP -1 INVERSE INITIAL PERMUTATION

The output of the product transformation is the
preoutput block, which is subjected to a permutation
which is the inverse of the IP. The IP-1 is shown in
Figure 23-12. The output of IP-1, which is synonymously,
the cipher text output of the algorithm, is bits 40,
8...to 25 of the preoutput block.

The 64-bit cipher text output of the DEA can be used as

a string of data bits for transmission or storage, or
may be converted back into BCD characters for further
processing.

Figure 23-12

IP-1

<-- 64 bits -->

[ Preoutput Block ]
1,2,3.......... 63,64

|
|

40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29 IP-1
36 4 44 12 52 20 60 28 matrix
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25

|
|

<-- 64 bits --> Result of

[ Cipher Text ] IP-1
1,2,3.. 63,64

19. THE ENCIPHERING PROCESS

The enciphering process can be summarized symbolically.

Given two blocks L and R and using the convention that
LR denotes the block consisting of bits of L followed by
bits of R, the initial permutation (IP) is specified as:

L0R0 <--- IP (<64-bit input block>)

Let KS denote the key schedule calculations, where the

function KS yields a 48-bit subkey Kn for arguments n
and KEY, where Key is a 64-bit cipher key, it follows
that:

Kn <-- KS(n, KEY)

denotes the calculation of subkey Kn.

The 16 iterations in the product transformation that

use the cipher function are then represented
symbolically as:

Ln <-- Rn-1
Rn <-- Ln-1 (q) f(Rn-1, Kn)

(where: alt 241 = (q) is the symbol for XOR w/o the
circle around it as published elsewhere. XOR denotes a
bit-by-bit modulo-2 addition.)

and f is the cipher function. Ln and Rn are computed as

n goes from 1 -16. The preoutput block is R16L16 and the
result of the DEA is specified as:

<64-bit cipher text> <-- IP-1 (R16L16)

20. THE DECIPHERING PROCESS

The process of deciphering a 64-bit ciphertext message

block involves the same algorithm as encipherment, as
stated in FIPS publication 46 (Data Encryption
Standard, U.S. Department of Commerce, National Bureau
of Standards, FIPS publication 46, 1977 January 15,
p.10):

.....to decipher it is only necessary to apply the

very same algorithm to an enciphered message block,
taking care that at each iteration of the computation
the same block of key bits K is used during decipher-
ment as was used during the encipherment of the block.

This is precisely the case because the IP and IP-1 are

by definition inverses of each other.

Applying the notation given above, the result of the

initial permutation (IP) is:

R16L16 <-- IP(<64-bit cipher text>)

where the expression takes the final block

transformation into consideration. The 16 iterations in
the product transformation are represented:

Rn-1 <-- Ln
Ln-1 <-- Rn (q) f(Ln,Kn)

where the Ln and Rn are computed as n goes from 16 - 1.

The result of the decipherment is then specified:

<64-bit plain text> <-- IP-1 (L0R0)

21. DETAILED BIT-BY-BIT EXAMPLE

Both Katzan and Meyer present detailed (and I mean
detailed - both encipherment and decipherment) examples
of DES. [KATZ], [MEYE] All the references cited
previously give examples of DES in varying levels of
detail.

22. AVALANCHE CRITERIA

We have seen that in the E operation (expansion

permutation) the right half of the data Ri is expanded
from 32 bits to 48 bits. Because this operation changes
the order of the bits as well as repeating certain bits,
it is a true expansion permutation. This operation has
two purposes: it makes the result the same size as the
key for the XOR operation, and it provides a longer
result that can be compressed during the substitution
operation.

Neither of those is its main cryptographic purpose,

though. By allowing one bit to affect two substitutions,
the dependency of the output bits on the input bits
spreads faster. This is called the avalanche criteria.
Much of DES's design revolves around reaching as quickly
as possible the condition of having every bit of the
ciphertext depend on every bit of the plaintext and
every bit of the key. Meyer and Matyas and Konheim
discuss this principle in detail. [MEYE], [KONH] Meyer
notes that statistical output dependency is reached
after just five rounds of DES. [MEYE] Konheim's data
suggests eight rounds are required to reach full output
dependency of the data.

23. MODES OF DES

DES can be used for encryption in several officially

defined modes. Some are more secure than others. ECB
(electronic codebook) mode simply encrypts each 64-bit
block of plaintext one after another under the same 56-
bit DES key. In CBC (cipher block chaining) mode, each
64-bit plaintext block is XORed with the previous
ciphertext block before being encrypted with the DES
key. Thus the encryption of each block depends on
previous blocks and the same 64-bit plaintext block can
encrypt to different ciphertext depending on its context
in the overall message. CBC mode helps protect against
certain attacks, although not against exhaustive search
or differential cryptanalysis. CFB (cipher feedback)
mode allows one to use DES with block lengths less than
64 bits. Detailed descriptions of the various DES modes
can be found in [SCH2]

In practice, CBC is the most widely used mode of DES,

and is specified in several standards. For additional
security, one could use triple encryption with CBC, but
since single DES in CBC mode is usually considered
secure enough, triple encryption is not often used.

24. HARDWARE AND SOFTWARE IMPLEMENTATIONS OF DES

As of this writing the recordholder for the fastest DES
chip is a prototype developed at DEC. It supports ECB
and CBC modes and is based on a GaAs gate array of
50,000 transistors. Data can be encrypted and decrypted
at a rate of 1 gigabit per second, which translates to
16.8 million blocks per second. This is impressive!

VLSI's 6868 "gatekeeper chip" performs DES encryption in

only 8 clock cycles or less, but does DES ECB triple
encryption in 25 clock cycles, and the OCB or CBC
triple-DES in 35 clock cycles.

A software implementation of DES on the IBM 3090

mainframe can perform 32,000 DES encryptions per second.
Table 23-2 details some of the commercial DES chips and
computer implementations of DES.

Table 23-2a
Commercial DES Chips

Manufacturer Chip Year Clock Data Rate

AMD Am9518 1981 3 Mhz 1.3 MBytes/s
AMD Am9568 1981 4 Mhz 1.5 MBytes/s
AMD Amz8086 1982 4 MHz 1.7 MBytes/s
ATT T7000A 1985 4 Mhz 1.9 MBytes/s
CE-Infosys C003 1992 20 Mhz 12.5 MBytes/s
CE-Infosys C003a 1994 30 Mhz 20.0 MBytes/s
Cryptech 12C102 1989 20 Mhz 2.8 MBytes/s
Newbridge 20C03a 1991 25 Mhz 3.6 MBytes/s
Newbridge 20C03w 1992 8 Mhz 0.6 MBytes/s
Newbridge 95C68-09 1993 33 Mhz 14.7 MBytes/s
Pijnenburg PCC100 1993 25 Mhz 2.5 MBytes/s
Semaphore 284 1993 40 Mhz 35.5 MBytes/s
Communications
VLSI Technology VM007 1993 32 Mhz 200.0 MBytes/s
VLSI Technology VM009 1993 33 Mhz 14.0 MBytes/s
Vlsi Technology 6868 1995 32 Mhz 64.0 MBytes/s
Western Digital 2001 1984 3 Mhz 0.2 MBytes/s

Table 23-2b
DES Speeds

Processor Speed (MHz) DES Blocks per second

8088 4.7 370
68000 7.6 900
80286 6 1,100
68020 16 3,500
68030 16 3,900
80386 25 5,000
68030 50 10,000
68040 25 16,000
68040 40 23,000
80486 66 43,000
Sun ELC 26,000
HyperSparc 32,000
RS6000-350 53,000
Sparc 10/52 84,000
DEC Alpha -
 4000/610 154,000
HP9000/887 125 196,000

25. SECURITY OF DES

DES is a secret-key, symmetric cryptosystem: when used

for communication, both sender and receiver must know
the same secret key, which is used both to encrypt and
decrypt the message. DES can also be used for single-
user encryption, such as to store files on a hard disk
in encrypted form. In a multi-user environment, secure
key distribution may be difficult; public-key crypto-
graphy was invented to solve this problem. DES operates
on 64-bit blocks with a 56-bit key. It was designed to
be implemented in hardware, and its operation is
relatively fast (previous section). It works well for
bulk encryption, that is, for encrypting a large set of
data.

NIST has recertified DES as an official U.S. government

encryption standard every five years; DES was last
recertified in 1993, by default. NIST has indicated,
however, that it may not recertify DES in 1997. Since
NIST has asked for public submissions/comment on
development of the Advanced Encryption Standard (AEC), I
suspect that DES is on its last hurrah.

DES has never been officially been ``broken'', despite

the efforts of many researchers over many years. The
obvious method of attack is brute-force exhaustive
search of the key space; this takes 2^{55} steps on
average. Early on it was suggested that some country
could build a special-purpose computer capable of
breaking DES by exhaustive search in a reasonable amount
of time. Later, Hellman demonstrated a time-memory
trade-off that allows improvement over exhaustive search
if memory space is plentiful, after an exhaustive
precomputation. These ideas fostered doubts about the
security of DES. There were accusations that the NSA
had intentionally weakened DES. Despite these
suspicions, no feasible way to break DES faster than
exhaustive search was discovered. in 1991, the cost of a
specialized computer to perform exhaustive search was
estimated by Wiener at one million dollars. In 1997
dollars and technology, this figure is closer to
$100,000, a figure well within a small corporation's
economics.

The first attack on DES that is better than exhaustive

search was announced by Eli Biham and Adi Shamir using a
new technique known as differential cryptanalysis. This
attack requires encryption of 2^{47} chosen plaintexts,
i.e., plaintexts chosen by the attacker. Although a
theoretical breakthrough, this attack is not practical
under normal circumstances because it requires the
attacker to have easy access to the DES device in order
to encrypt the chosen plaintexts. Another attack, known
as linear cryptanalysis, does not require chosen
plaintexts. Both of these attacks are described in
Schneier's book. [SCH2], [RSA2]

The consensus is that DES, when used properly, is secure

against all but the most powerful players. In fact,
triple encryption DES may be secure against anyone at
all. Biham and Shamir have stated that they consider DES
secure. It is used extensively in a wide variety of
cryptographic systems, and in fact, most implementations
of public-key cryptography include DES at some level.

How secure is DES today? Tough question. If we consider

just key length, a brute-force DES-cracking machine can
find a key in an average of 3.5 hours in 1993. This
figure has been reduced by an order of magnitude in
1996. [NICH]

Winn Scwartau writes that the NSA had built a massively

parallel DES-cracking machine as early as the mid-
1980's. [SCHW] Harris Corporation built a machine using
the Cray Y-MP as a front-end. Supposedly, the problem is
reduced by several orders of magnitude. Both contextual
and statistical attacks can reduce the DES effective key
size. Schneier reports as a "rumor" that NSA routinely
cracks DES in 3 to 5 minutes, depending on the amount of
preprocessing, at a cost of $50,000 per machine! NSA may
also have giant databanks of plain and ciphertext to
perform the statistical calculations on and then go out
to an array of optical disks and retrieve the key.
[SCH2]

26. RSA CHALLENGE

On Tuesday, 28 January, my machine had just started

cracking when this message came over the net:

"EXPORTABLE CRYPTOGRAPHY TOTALLY INSECURE: CHALLENGE

CIPHER BROKEN IMMEDIATELY "

January 28, 1997 - Ian Goldberg, a UC Berkeley graduate

student, announced today that he had successfully
cracked RSA Data Security Inc.'s 40-bit challenge cipher
in just under 3.5 hours.

RSA challenged scientists to break their encryption

technology, offering a $1000 award for breaking the
weakest version of the code. Their offering was
designed to stimulate research and practical experience
with the security of today's codes.

The number of bits in a cipher is an indication of the

maximum level of security the cipher can provide. Each
additional bit doubles the potential security level of
the cipher. A recent panel of experts recommended
using 90-bit ciphers, and 128-bit ciphers are commonly
used throughout the world, but US government regulations
restrict exportable US products to a mere 40 bits.
Goldberg's announcement, which came just three and a
half hours after RSA started their contest, provides
very strong evidence that 40-bit ciphers are totally
unsuitable for practical security. "This is the
final proof of what we've known for years: 40-bit
encryption technology is obsolete," Goldberg said.

The US export restrictions have limited the deployment

of technology that could greatly strengthen security on
the Internet, often affecting both foreign and domestic
users. "We know how to build strong encryption; the
government just won't let us deploy it. We need strong
encryption to uphold privacy, maintain security, and
support commerce on the Internet -- these export
restrictions on cryptography must be lifted," Goldberg
explained. Fittingly, when Goldberg finally unscrambled
the challenge message, it read: "This is why you should
use a longer key."

Goldberg used UC Berkeley's Network of Workstations

(known as the NOW) to harness the computational
resources of about 250 idle machines. This allowed
him to test 100 billion possible "keys" per hour --
analogous to safecracking by trying every possible
combination at high speed. This amount of computing
power is available with little overhead cost to students
and employees at many large educational institutions and
corporations.

Goldberg is a founding member of the ISAAC computer

security research group at UC Berkeley. In the Fall of
1995, the ISAAC group made headlines by revealing a
major security flaw in Netscape's web browser.

On 29 January 1997, Conrad Schlundt reported that

another successful attack on RC5 (40 bit) had been made
by Germano Caronni to the challenge at:

http://www.rsa.com/rsalabs/97challenge/

Quote:

"Some of you may remember my mail calling for CPU power

Tuesday evening. Thank you for all donations. We broke
the challenge, and got the key (F043F18131), and the
message: 'This is why you should use a longer key.'

A group of persons having access to the student clusters

of German and Swiss universities, joined by several
researchers, assistants and other students in the last
minute, collected voluntary access to > 1160 CPUs.
966 different machines were involved. We used these
machines for one evening (local time) to attack the 40
bit challenge of RC5, and succeeded after about 4
hours.
The machines that joined in ranged from 486/33 PC's to
Alphas and heavy multiprocessor machines such as 40
processor SUNs and SGIs. A significant fraction of the
whole computing power came from Ultra Sparcs and
Pentiums.

At 09:05 AM PST we finally gained access to the RSA DSI

challenge page, and our search took us until 12:54 PM
PST, about 4 hours.

Starting point in the key space was 00 00 00 00 00 and

we had to progress to the MSB of 81, thus we actually
searched half of the key space. 558098542641 keys were
computed in 13798 seconds, this are about 40.4 million
keys per second. An average machine has thus calculated
42000 keys per second. Now, this is not top performance,
especially if you compare it to the performance the
other known contestant (Ian Goldberg) could muster.
[100 mio. keys per second, 3.5 hours to solution].

Due to a severe bug in our server (which I have to say

is entirely my fault), our rate is much lower than the
one possible. We had about 1000 machines at our best
point, and 800 for the sustained attack.

But assume you just get a campus with 150 Ultra Sparc
stations, where each can to 156250 keys per second. Any
student can then crack that 40 bit key in 23812 seconds
(on average), or otherwise said *in one night*. I can't
help but repeat: 40 bit keys are *worse* than no
encryption at all, as they give you a false feeling of
security. "

27. PRACTICAL CONSIDERATIONS

When using DES, there are several practical consid-

erations that can affect the security of the encrypted
data. One should change DES keys frequently, in order to
prevent attacks that require sustained data analysis. In
a communications context, one must also find a secure
way of communicating the DES key to both sender and
receiver. Use of RSA or some other public-key technique
for key management solves both these issues: a different
DES key is generated for each session, and secure
key management is provided by encrypting the DES key
with the receiver's RSA public key. RSA, in this
circumstance, can be regarded as a tool for improving
the security of DES (or any other secret key cipher).

If one wishes to use DES to encrypt files stored on a

hard disk, it is not feasible to frequently change the
DES keys, as this would entail decrypting and then re-
encrypting all files upon each key change. Instead,
one should have a master DES key with which one encrypts
the list of DES keys used to encrypt the files;
one can then change the master key frequently without
much effort.

A powerful technique for improving the security of DES

is triple encryption, that is, encrypting each message
block under three different DES keys in succession.
Triple encryption is thought to be equivalent to
doubling the key size of DES, to 112 bits, and should
prevent decryption by an enemy capable of single-key
exhaustive search. Of course, using triple-encryption
takes three times as long as single-encryption DES.

It has been frequently asked whether DES encryption is

closed under composition; i.e., is encrypting a
plaintext under one DES key and then encrypting the
result under another key always equivalent to a single
encryption under a single key? Algebraically, is DES a
group? If so, then DES might be weaker than would
otherwise be the case; for a more complete discussion.
However, the answer is no, DES is not a group; this
issue was settled only recently, after many years of
speculation and circumstantial evidence. This result
seems to imply that techniques such as triple encryption
do in fact increase the security of DES. [SCHN], [RSA2]

28. EXPORT RESTRICTIONS

Export of DES, either in hardware or software, is

strictly regulated by the U.S. State Department and the
NSA. The government rarely approves export of DES,
despite the fact that DES is widely available overseas;
financial institutions and foreign subsidiaries of
U.S. companies are exceptions.

29. WEAK KEYS

Because of the way the initial key is modified to get a

subkey for each round of the algorithm, certain keys are
weak keys. Since the original DES key is split in half,
and each half is shifted independently, if all the bits
are 0's or 1's, then the key used for any cycle is the
same for all cycles: K1 = K2 = K3 =Ki =Kn. Additionally,
some pairs of keys encrypt plaintext to the identical
ciphertext. This is due to the key generation mechanism
in DES. Instead of generating 16 different subkeys,
these keys generate only two different subkeys. Each of
these subkeys is used eight times in the algorithm. We
label these semi-weak keys. A similar problem occurs
when some keys only produce only four subkeys and used
only four times in the algorithm. These are possibly
weak keys. Before we get uptight and say that DES is
condemned to algorithm Hell, the total number of
possibly weak keys is 64 out of 72,057,594,037,927,936
possible keys. Selecting a random key, the odds of
picking one out of the 64 are worse than winning the
Texas lottery
twice in a month.
 Table 23-3
DES Weak Keys in Hex

Weak Key Value Actual Key

(with parity bits)
0101 0101 0101 0101 0000000 0000000
1F1F 1F1F 0E0E 0E0E 0000000 FFFFFFF
E0E0 E0E0 F1F1 F1F1 FFFFFFF 0000000
FEFE FEFE FEFE FEFE FFFFFFF FFFFFFF

DES Semiweak Key Pairs

01FE 01FE 01FE 01FE and FE01 FE01 FE01 FE01

1FE0 1FE0 0EF1 0EF1 and E01F E01F F10E F10E
01E0 01E0 01F1 01F1 and E001 E001 F101 F101
1FFE 1FFE 0EFE 0EFE and FE1F FE1F FE0E FE0E
011F 011F 010E 010E and 1F01 1F01 0E01 0E01
E0FE E0FE F1FE F1FE and FEE0 FEE0 FEF1 FEF1

30. LENGTH OF THE KEY

IBM's original submission to NBS had a 112-bit key. When

DES became a standard, that was reduced to 56 bits.
Hellman presented an argument in 1980 against small key
size: by trading memory space for time, it would be
possible to speed up the searching process. By
computing 2**56 possible results of encrypting a single
plaintext block under every possible key. Then to break
an unknown key. all that would be required would be to
insert the plaintext block into the encryption stream,
recover the resulting ciphertext, and look the key up.
By 1987 hips performing 512,000 encryptions per second
were being developed, and a version capable of checking
over a million keys per second was feasible. In 1993,
Michael Wiener designed a $1 million machine that could
complete a brute-force attack on DES in an average of
3.5 hours. In 1990 Biham and Shamir discovered
differential cryptanalysis, a technique that puts to
rest the question of key length.

31. NUMBER OF ITERATIONS

Why 16 rounds? After 5 rounds every ciphertext bit is a

function of every plaintext bit and every key bit. After
eight rounds the ciphertext is essentially a random
function of every plaintext bit and key but.

Answer: because it could be broken. Biham and Shamir's

differential cryptanalysis technique works well on every
number of rounds fewer than 16, using a known plaintext
attack. In each case, differential cryptanalysis was
more efficient than a brute force attack.

32. DIFFERENTIAL CRYPTANALYSIS and LINEAR CRYPTANALYSIS

Schneier presents a detailed discussion of both
differential cryptanalysis and linear cryptanalysis.
[SCH2]. [BIHA] is the definitive reference on the
subject of differential cryptanalysis. Both attacks on
DES can be performed in less interations than a brute-
force attack. The subject is fascinating and beyond the
scope of this lecture.

CLASSICAL CRYPTOGRAPHY COURSE

BY LANAKI

20 MARCH 1997
Revision 3

COPYRIGHT 1997
ALL RIGHTS RESERVED

ANNOTATED CRYPTOGRAPHIC RESOURCES

AND REFERENCES

-----------

Notes:

o Some cipher families are referenced as a group

(ex. [TRAN] for Transposition Ciphers:
Columnar, Incomplete Columnar, Tramp, Skipping
Tramp, etc.)

o The Cryptogram, is the bimonthly publication of

the American Cryptogram Association. These
references are both scholarly and cipher
specific. I have updated them through 1996.
They are available through the ACA Treasurer at
the address in the front of this book or Volume
I of my course.

o Cryptographic resources presented explore all

phases of involvement with cryptography:
cryptanalysis, history, legal, social,
classical, modern, NSA, mathematical
techniques, recreational, intelligence,
tactical, strategic, nuclear, National Defense,
INFOSEC: Offensive and Defensive, Hardware, and
Software. Enjoy.

o Public - Key Cryptography references have

additional annotations and may have some
overlap with reference [NIST90], Lecture 19 on
Law and Lectures 20 - 25 on modern issues
surrounding cryptography. These references
represent state-of the-art 1990 -1993.
 o About 100 web links to cryptographic sources
have been added under the section Web Sources.
A wealth of information on all levels is
available.

o Pertinent cases involving cryptographic issues

are cited by primary court.

o Senate and House bills are referenced by year

and number, if appropriate.

----------

[3627] H. R. 3627, "A Bill to Amend the Export

Administration Act of 1979 with respect to the
control of computer and related equipment," 1993.

[ABRA] Abrams, F., 1993, Big Brother's Here and --Alas

-- We Embrace Him, New York Times Magazine, March
21, 1993, pp. 36-37.

[ABA ] American Bankers Association, 1979, Management

and Use of Personal Identification Numbers, ABA
Bank Card Statement, ABA, Catalog No. 207213,
1979.

[ACA] ACA and You, "Handbook For Members of the

American Cryptogram Association," ACA
publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure

Communications", American Cryptogram Association,
1994.

[ACME] "ACME Complete Seven Figure Code", Acme Code Co.,

507 West 33 rd St., NYC, NY. No 6015, 1 January
1934.

[ACLU] Statement of the American Civil Liberties Union

in "Cryptographic Issue Statements Submitted to
the Computer System Security and Privacy Advisory
Board," by NIST, 27 May 1993, pp. 195-199.

[ACM] Association For Computing Machinery, "Codes, Keys

and Conflicts: Issues in U.S. Crypto Policy,"
Report of a Special Panel of ACM U. S. Public
Policy Committee (USACM), June 1994.

[AD79] L. Adleman, "A subexponential algorithm for the

discrete logarithm problem with applications to
Cryptography," in 20th Annual Symposium on
Foundations of Computer Science, San Juan, Puerto
Rico, October 29-31, 1979, pp. 55-60. Silver
Spring, MD: IEEE Computer Society Press, 1979.

[AD82] L. M. Adleman, "On breaking the iterated Merkle-

 Hellman public-key cryptosystems," in D. Chaum,
R. L. Rivest, and A. T. Sherman, Eds., Advances
in Cryptology: proceedings of CRYPTO 82, a
Workshop on the Theory and Application of
Cryptographic Techniques, Santa Barbara, CA,
August 23-25, 1982,
pp. 303-308. New York: Plenum Press, 1983.

[AD86] L. M. Adleman and K. S. McCurley, "Open problems

in number theoretic complexity," in D. S.
Johnson, T. Nishizeki, A. Nozaki, and H. S.
Wilf, Eds., Discrete Algorithms and Complexity,
proceedings of the Japan-US Joint Seminar, Kyoto,
Japan, June 4- 6, 1986, pp. 237-262. Orlando, FL:
Academic Press, 1987.

[AD83] L. M. Adleman, C. Pomerance, and R. S. Rumely,

"On distinguishing prime numbers from composite
numbers," Annals of Mathematics, Vol. 117, 1983,
pp. 173-206.

[ADFG] ASTROLABE, "ADFGVX Cipher - The German Field

Cipher of 1918," AS53, The Cryptogram, American
Cryptogram Association, 1953.

[AFM] - 100-80, Traffic Analysis, Department of the Air

Force, 1946.

[AK83] S. G. Akl, "Digital signatures: a tutorial

survey," Computer, Vol. 16, No. 2, February 1983,
pp. 15-24.

[AK84] S. G. Akl and H. Meijer, "A fast pseudo random

permutation generator with applications to
cryptology," in G. R. Blakley and D. Chaum,
Eds., Lecture Notes in Computer Science Vol. 196:
Advances in Cryptology: Proceedings of CRYPTO 84,
a Workshop on the Theory and Application of
Cryptographic Techniques, Santa Barbara, CA,
August 19-22, 1984, pp. 269-275. Berlin/New
York: Springer- Verlag, 1985.

[ALAN] Turing, Alan, "The Enigma", by A. Hodges. Simon

and Schuster, 1983.

[ALBA] Alberti, "Treatise De Cifris," Meister

Papstlichen, Princeton University Press,
Princeton, N.J., 1963.

[ALEX] Alexander, D. A., "Secret codes and Decoding,"

Padell Book Co., New York, 1945.

[ALGE] MINIMAX, "Introduction To Algebraic

Cryptography," FM51, The Cryptogram, American
Cryptogram Association, 1951.

[ALKA] al-Kadi, Ibrahim A., Origins of Cryptology: The

Arab Contributions, Cryptologia, Vol XVI, No. 2,
 April 1992, pp. 97-127.

[ALP1] PICCOLA, "Lining Up the Alphabets," AM37, The

Cryptogram, American Cryptogram Association,
1937.

[ALP2] PICCOLA, "Recovering a Primary Number Alphabet,"

JJ37, The Cryptogram, American Cryptogram
Association, 1937.

[ALP3] CLEAR SKIES, "Method For Recovering Alphabets,"

AM46, The Cryptogram, American Cryptogram
Association, 1946.

[ALP4] PICCOLA, "Lining Up the Alphabets," AM37, The

Cryptogram, American Cryptogram Association,
1937.

[ALP5] MACHIAVELLI,"Recovery of Incomplete Cipher

Alphabets," SO78, The Cryptogram, American
Cryptogram Association, 1978.

[ALP6] BOZO,"Recovery of Primary Alphabets I," JJ35, The

Cryptogram, American Cryptogram Association,
1935.

[ALP7] BOZO,"Recovery of Primary Alphabets II," AS35,

The Cryptogram, American Cryptogram Association,
1935.

[ALP8] ZYZZ,"Sinkov - Frequency-Matching," JA93, The

Cryptogram, American Cryptogram Association,
1993.

[AMS1] RED E RASER,"AMSCO," ON51, The Cryptogram,

American Cryptogram Association, 1951.

[AMS2] PHOENIX,"Computer Column: Amsco Encipherment,"

SO84, The Cryptogram, American Cryptogram
Association, 1984.

[AMS3] PHOENIX,"Computer Column: Amsco Decipherment,"

MA85, The Cryptogram, American Cryptogram
Association, 1985.

[AMS4] PHOENIX,"Computer Column: Amsco Decipherment,"

MJ85, The Cryptogram, American Cryptogram
Association, 1985.

[AMS5] PHOENIX,"Computer Column: Amsco Decipherment,"

JA85, The Cryptogram, American Cryptogram
Association, 1985.

[AMS6] GUNG HO,"Solving the Amsco," MJ92, The

Cryptogram, American Cryptogram Association,
1992.

[AN85] American National Standard X9.17-1985, Financial

 Institution Key Management (Wholesale), American
Bankers Association, Washington, DC, 1985.

[AN87] M. Annaratone, E. Arnould, T. Gross, H. T. Kung,

M. Lam, O. Menzilcioglu, and J. A. Webb, "The
Warp computer: architecture, implementation and
performance," IEEE Transactions on Computers,
Vol. C-36, No. 12, December 1987, pp. 1523-1538.

[ANDE] D. Andelman, J. Reeds, On the cryptanalysis of

rotor and substitution-permutation networks. IEEE
Trans. on Inform. Theory, 28(4), 578--584, 1982.

[ANDR] Andrew, Christopher, "For The President's Eyes

Only," Harper Collins, New York, 1995.

[ANGL] D. Angluin, D. Lichtenstein, Provable Security in

Crypto-systems: a survey. Yale University,
Department of Computer Science, #288, 1983.

[AND1] Andree, Josephine, "Chips from the Math Log," Mu

Alpha Theta, 1966.

[AND2] Andree, Josephine, "More Chips from the Math

Log," Mu Alpha Theta, 1970.

[AND3] Andree, Josephine, "Lines from the O.U.

Mathematics Letter," Vols. I,II,III, Mu Alpha
Theta, 1971, 1971, 1971.

[AND4] Andree, Josephine and Richard V., "RAJA Books: a

Puzzle Potpourri," RAJA, 1976.

[AND5] Andree, Josephine and Richard V., "Preliminary

Instructors Manual for Solving Ciphers," Project
CRYPTO, Univ of Oklahoma, Norman, OK, 1977.

[AND6] Andree, Josephine and Richard V., "Teachers

Handbook For Problem Solving and Logical
Thinking," Project CRYPTO, Univ of Oklahoma,
Norman, OK, 1979.

[AND7] Andree, Josephine and Richard V., "Preliminary

Instructors Manual for Cryptarithms," Project
CRYPTO, Univ of Oklahoma, Norman, OK, 1976.

[AND8] Andree, Josephine and Richard V., "Sophisticated

Ciphers: Problem Solving and Logical Thinking,"
Project CRYPTO, Univ of Oklahoma, Norman, OK,
1978.

[AND9] Andree, Josephine and Richard V., "Logic Unlocs

Puzzles," Project CRYPTO, Univ of Oklahoma,
Norman, OK, 1979.

[ANDR] Andrew, Christopher, 'Secret Service', Heinemann,

 London 1985.

[ANFI] "American National Standard for Financial

Institution Key Management (Wholesale)," ANSI
X9.17, Washington Publishing Company, P.O. Box
203, Chardon, OH 44024-0203, telephone (800) 334-
4912.

[ANK1] Andreassen, Karl, "Cryptology and the Personal

Computer, with Programming in Basic," Aegean Park
Press, 1986.

[ANK2] Andreassen, Karl, "Computer Cryptology, Beyond

Decoder Rings," Prentice-Hall 1988.

[ANNA] Anonymous., "The History of the International

Code.", Proceedings of the United States Naval
Institute, 1934.

[ANN1] Anonymous., " Speech and Facsimile Scrambling and

Decoding," Aegean Park Press, Laguna Hills, CA,
1981.

[AO93] Administrative Office of the United States

Courts, 1993, Report on Applications for Orders
Authorizing or Approving the Interception of
Wire, Oral, or Electronic Communications (Wiretap
Report) 1993.

[ARI1] OZ,"The Construction of Medium - Difficulty

Aristocrats," MA92, The Cryptogram, American
Cryptogram Association, 1992.

[ARI2] HELCRYPT,"Use of Consonant Sequences for

Aristocrats," ON51, The Cryptogram, American
Cryptogram Association, 1951.

[ARI3] HELCRYPT,"Use of Tri-Vowel Sequences for

Aristocrats," JJ52, The Cryptogram, American
Cryptogram Association, 1952.

[ARI4] AB STRUSE, "Equifrequency Crypts," JF74, The

Cryptogram, American Cryptogram Association,
1974.

[ARI5] HOMO SAPIENS,"End-letter Count for Aristocrats,"

FM45, The Cryptogram, American Cryptogram
Association, 1945.

[ARI6] S-Tuck, "Aristocrat Affixes," ON45, The

Cryptogram, American Cryptogram Association,
1945.

[ARNE] Arnell, A. (1990). "Handbook of Effective

Disaster Recovery Planning: A Seminar Workshop
Approach". McGraw-Hill (New York). ISBN 0-07-
 002394-8. xxix + 333. Index.

[ASA ] "The Origin and Development of the Army Security

Agency 1917 -1947," Aegean Park Press, 1978.
Collections 190/37/7/1, Box 799, F: 2292, pp 468.

[ASA1] Army Security Agency (1948) Historical and

Cryptologic Summary of Cryptosystems; ASAG 23;
Vol 1.

[ASSA] Army Signal Security Agency (1946) History Of

Converter M-134-C (Sigaba) Vol I, II And III:
available from the US National Archives and
Records Administration (NARA); NSA Historical

[ASHT] Ashton, Christina, "Codes and Ciphers: Hundreds

of Unusual and Secret Ways to Send Messages,"
Betterway Books, 1988.

[ASIR] Anonymous, Enigma and Other Machines, Air

Scientific Institute Report, 1976.

[ATKI] Atkins, Derek, et. al., "Internet Security:

Professional Reference," New Riders,
Indianapolis, 1996.

[AUG1] D. A. August, "Cryptography and Exploitation of

Chinese Manual Cryptosystems - Part I:The
Encoding Problem", Cryptologia, Vol XIII, No. 4,
October 1989.

[AUG2] D. A. August, "Cryptography and Exploitation of

Chinese Manual Cryptosystems - Part II:The
Encrypting Problem", Cryptologia, Vol XIV, No. 1,
August 1990.

[AUT1] PICCOLA,"Autokey Encipherment,"DJ36, The

Cryptogram, American Cryptogram Association,
1936.

[AUT2] PICCOLA,"More about Autokeys,"FM37, The

Cryptogram, American Cryptogram Association,
1937.

[AUT3] ISKANDER,"Converting an Autokey to a Periodic,"

"JJ50, The Cryptogram, American Cryptogram
Association, 1950.

[AUT4] UBET,"Auto-Transposition Cipher," SO62, The

Cryptogram, American Cryptogram Association,
1962.

[AUT5] BARGE,"Decrypting the Auto-Transposition Cipher,"

ND63, The Cryptogram, American Cryptogram
Association, 1963.
[Ban ] Banisar, D., 1993, Statistical Analysis of
Electronic Surveillance, presentation at the
National Institute of Standards and Technology,
Computer System Security and Privacy Advisory
Board, June 3, 1993.

[BA82] S. K. Banerjee, "High speed implementation of

DES," Computers & Security, Vol. 1, No. 3,
November 1982, pp. 261-267.

[BA63] T. C. Bartee and D. I. Schneider, "Computation

with Finite Fields," Information and Control,
Vol. 6, 1963, pp. 79-98.

[BA80] K. E. Batcher, "Design of a massively parallel

processor," IEEE Transactions on Computers, Vol.
C-29, No. 9, September 1980, pp. 836-840.

[BAC1] SHMOO,"Quicker Baconian Solutions," ND80, The

Cryptogram, American Cryptogram Association,
1980.

[BAC2] XERXES,"Sir Francis Bacon Cipher," AS36, The

Cryptogram, American Cryptogram Association,
1936.

[BAC3] AB STRUSE,"Solving a Baconian," JJ48, The

Cryptogram, American Cryptogram Association,
1948.

[BAC4] B.NATURAL,"Tri-Bac Cipher," JA69, The Cryptogram,

American Cryptogram Association, 1969.

[BAC5] Anonymous, "Numerical Baconian," JF62, The

Cryptogram, American Cryptogram Association,
1962.

[BAC6] FIDDLE,"Extended Baconian," SO69, The Cryptogram,

American Cryptogram Association, 1969.

[BADE] Badeau, J. S. et. al., The Genius of Arab

Civilization: Source of Renaissance. Second
Edition. Cambridge: MIT Press. 1983.

[BAMF] Bamford, James, "The Puzzle Palace: A Report on

America's Most Secret Agency," Boston, Houghton
Mifflin, 1982.

[BANI] Banisar, Dave. CPSR Alert. 13 Jan.1994: n.p.

USENET: comp.society.privacy.

[BARL] Barlow, John Perry. "Bill O' Rights." Mondo

2000. January, 1994:17-19.

[BARB] Barber, F. J. W., "Archaeological Decipherment: A

Handbook," Princeton University Press, 1974.
[B201] Barker, Wayne G., "Cryptanalysis of The Simple
Substitution Cipher with Word Divisions," Course
#201, Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and

Essays, London, 1928.

[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis

of The Simple Substitution Cipher with Word
Divisions," Aegean Park Press, Laguna Hills, CA.
1975.

[BAR2] Barker, W., ed., History of Codes and Ciphers in

the U.S. During the Period between World Wars,
Part II, 1930 - 1939., Aegean Park Press, 1990.

[BAR3] Barker, Wayne G., "Cryptanalysis of the Hagelin

Cryptograph, Aegean Park Press, 1977.

[BAR4] Barker, Wayne G., "Cryptanalysis of the

Enciphered Code Problem - Where Additive Method
of Encipherment Has Been Used," Aegean Park
Press, 1979.

[BAR5] Barker, W., ed., History of Codes and Ciphers in

the U.S. Prior To World War I," Aegean Park
Press, 1978.

[BAR6] Barker, W., " Cryptanalysis of Shift-Register

Generated Stream Cipher Systems," Aegean Park
Press, 1984.

[BAR7] Barker, W., ed., History of Codes and Ciphers in

the U.S. During the Period between World Wars,
Part I, 1919-1929, Aegean Park Press, 1979.

[BAR8] Barker, W., ed., History of Codes and Ciphers in

the U.S. During World War I, Aegean Park Press,
1979.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple

Substitution Cipher with Word Divisions," Aegean
Park Press, Laguna Hills, CA. 1973.

[BARK2] Barker, Wayne G., "Cryptanalysis of The Double

Transposition Cipher," Aegean Park Press, Laguna
Hills, CA. 1995.

[BARR] Barron, John, '"KGB: The Secret Work Of Soviet

Agents," Bantom Books, New York, 1981.

[BATE] Bates, R. J., Jr (1992). "Disaster Recovery

Planning: Networks, Telecommunications, and Data
Communications". McGraw-Hill (New York). ISBN 0-
07-004128-8. 156 + xv. Index, glossary.
[BAT1] Bates, R. J., Jr (1994). "Disaster Recovery for
LANs: A Planning and Action Guide". McGraw-Hill
(New York). ISBN 0-07-004194-6. x + 254.
Index.

[BAUD] Baudouin, Captain Roger, "Elements de

Cryptographie," Paris, 1939.

[BAZE] Bazeries, M. le Capitaine, " Cryptograph a 20

rondelles-alphabets," Compte rendu de la 20e
session de l' Association Francaise pour
l'Advancement des Scienses, Paris: Au secretariat
de l' Association, 1892.

[BAZ1] Bazeries, les chiffrees secrets devoiles, Paris,

1901.

[BAZ1] OZ,"Bazeries Cipher," MA59, The Cryptogram,

American Cryptogram Association, 1959.

[BAZ2] ALII KIONA,"Bazeries Cipher," F35, The

Cryptogram, American Cryptogram Association,
1935.

[BAZ3] ZANAC,"A Poker Player's Method to Solve Bazeries

Ciphers," JF82, The Cryptogram, American
Cryptogram Association, 1982.

[BAZ4] HI-FI,"Bazeries Ciphers Revisited," SO64, The

Cryptogram, American Cryptogram Association,
1964.

[BAZ5] MACHIAVELLI,"Bazeries Cipher - Dutch," ND71, The

Cryptogram, American Cryptogram Association,
1971.

[BAZ6] MACHIAVELLI,"Bazeries Cipher - English," JF71,

The Cryptogram, American Cryptogram Association,
1971.

[BAZ7] MACHIAVELLI,"Bazeries Cipher - French," JF71, The

Cryptogram, American Cryptogram Association,
1971.

[BAZ8] MACHIAVELLI,"Bazeries Cipher - German," MA71, The

Cryptogram, American Cryptogram Association,
1971.

[BAZ9] MACHIAVELLI,"Bazeries Cipher - Italian," JA71,

The Cryptogram, American Cryptogram Association,
1971.

[BAZA] MACHIAVELLI,"Bazeries Cipher - Portuguese," SO71,

The Cryptogram, American Cryptogram Association,
1971.
[BAZB] MACHIAVELLI,"Bazeries Cipher - Spanish," MJ71,
The Cryptogram, American Cryptogram Association,
1971.

[BAZC] MACHIAVELLI,"Bazeries Cipher - Unknown Language,"

MJ72, The Cryptogram, American Cryptogram
Association, 1972.

[BAZD] HANO,"Bazeries Cipher - Swedish," JA81, The

Cryptogram, American Cryptogram Association,
1981.

[BAZE] D. STRASSE,"Bazeries Cipher - Esperanto," SO74,

The Cryptogram, American Cryptogram Association,
1974.

[BAZ5] MACHIAVELLI, "Equivalents of 'e' in the Bazeries

Cipher" SO72, The Cryptogram, American Cryptogram
Association, 1972.

[BDKM] Brickell, E., Denning, D., Kent, S., Maher, D.

and Tuchman, W., 1993,``SKIPJACK Review: Interim
Report, The SKIPJACK Algorithm,'' July 28, 1993,
available electronically from cpsr.org.

[BEA1] S-TUCK, "Beaufort Auto-key," JJ46, The

Cryptogram, American Cryptogram Association,
1946.

[BEA2] PICCOLA, "Beaufort Ciphers," JJ36, The

Cryptogram, American Cryptogram Association,
1936.

[BEA3] LEDGE, "Beaufort Fundamentals (Novice Notes),"

ND71, The Cryptogram, American Cryptogram
Association, 1971.

[BEA4] SI SI, "Comparative Analysis of the Vigenere,

Beaufort and Variant Ciphers," JA80, The
Cryptogram, American Cryptogram Association,
1980.

[BEA5] O'PSHAW, "Porta, A special Case of Beaufort,"

MA91, The Cryptogram, American Cryptogram
Association, 1991.

[BECK] Becket, Henry, S. A., "The Dictionary of

Espionage: Spookspeak into English," Stein and
Day, 1986.

[BEKE] H. Beker, F. Piper, Cipher Systems. Wiley, 1982.

[BEES] Beesley, P., "Very Special Intelligence",

Doubleday, New York, 1977.

[BELL] Bell, E. T., Men of Mathematics, New York: Simon

and Shuster, 1937.

[BENN] Bennett, William, R. Jr., "Introduction to

 Computer Applications for Non-Science Students,"
Prentice-Hall, 1976. (Interesting section on
monkeys and historical cryptography)

[BEN1] John Bennett, Analysis of the Encryption

Algorithm Used in the WordPerfect Word Processing
Program. Cryptologia 11(4), 206--210, 1987.

[BERG] H. A. Bergen and W. J. Caelli, File Security in

WordPerfect 5.0. Cryptologia 15(1), 57--66,
January 1991.

[BERN] Bernstein, T., A. B. Bhimani, E. Schultz, & C. A.

Siegel (1996). "Internet Security for Business".
John Wiley & Sons (New York). ISBN 0-471-13752-
9. xii + 452. Index.

[BERN] Berners-Lee, T. "Hypertext Markup Language

(HTML)", draft-ieft-iiir-html-01, June 1993.
(expired working draft)

[BERY] BERYL,"The Turning Grille," ND92, The Cryptogram,

American Cryptogram Association, 1992.

[BER1] BERYL,"The Diagrafid Cipher - Part II," ND93, The

Cryptogram, American Cryptogram Association,
1993.

[BETH] T. Beth, Algorithm engineering for public key

algorithms. IEEE Selected Areas of
Communication, 1(4), 458--466, 1990.

[BFS] Beth, T., Frisch, M. and Simmons, G. (Eds.),

1992, Public Key Cryptography: State of the Art
and Future Directions, Lecture Notes in Computer
Science, No. 578, Springer-Verlag, 1992.

[BIF1] ESP, "4-Square Method for C. M. Bifid," SO92, The

Cryptogram, American Cryptogram Association,
1992.

[BIF2] GALUPOLY, "6X6 Bifid," JA62, The Cryptogram,

American Cryptogram Association, 1962.

[BIF3] DR. CRYPTOGRAM, "Bifid and Trifid Cryptography,"

MJ59, The Cryptogram, American Cryptogram
Association, 1959.

[BIF4] TONTO, "Bifid Cipher," JJ45, The Cryptogram,

American Cryptogram Association, 1945.

[BIF5] GOTKY, "Bifid Cipher with Literal Indices Only,"

FM47, AM47, The Cryptogram, American Cryptogram
Association, 1947.

[BIF6] SAI CHESS, "Bifid-ian Timesaver," ON48, The

Cryptogram, American Cryptogram Association,
 1948.

[BIF7] LABRONICUS, "Bifid Period by Pattern," ND89, The

Cryptogram, American Cryptogram Association,
1989.

[BIF8] TONTO, "Bifid recoveries," ON50, The Cryptogram,

American Cryptogram Association, 1950.

[BIF9] GIZMO, "Bifid Period Determination Using a

Digraphic Index of Coincidence," JF79, The
Cryptogram, American Cryptogram Association,
1979.

[BIFA] GALUPOLY, "Bifid with Conjugated Matrices," JF60,

The Cryptogram, American Cryptogram Association,
1960.

[BIFB] XAMAN EK, "Bifid Workshop, Part 1 - Encoding a

Bifid," MA93, The Cryptogram, American Cryptogram
Association, 1993.

[BIFC] XAMAN EK, "Bifid Workshop, Part 2 - Problem

Setup," MJ93, The Cryptogram, American Cryptogram
Association, 1993.

[BIFD] XAMAN EK, "Bifid Workshop, Part 3 - Tip

Placement," JA93, The Cryptogram, American
Cryptogram Association, 1993.

[BIFE] XAMAN EK, "Bifid Workshop, Part 4 - Solving a

Bifid," SO93, The Cryptogram, American Cryptogram
Association, 1993.

[BIFF] DUBIOUS and GALUPOLY, " Chi-Square Test for

Bifids," JA60, The Cryptogram, American
Cryptogram Association, 1960.

[BIFG] FIDDLE, "C. M. Bifid, Simplified Solution," MJ73,

The Cryptogram, American Cryptogram Association,
1973.

[BIFH] ZYZZ, "Conjugated Matrix Bifid, Modified Solving

Technique," SO92, The Cryptogram, American
Cryptogram Association, 1992.

[BIFI] X.GOTKY, "Delastelle Bifid Cipher," AS45, The

Cryptogram, American Cryptogram Association,
1945.

[BIFJ] D.MORGAN, "Finding the Period in a Bifid," JJ46,

The Cryptogram, American Cryptogram Association,
1946.

[BIFK] S-TUCK, "Finding the Period in a Bifid," AM46,

The Cryptogram, American Cryptogram Association,
1946.
[BIFL] S-TUCK, "Finding the Period in Bifids," ON44, The
Cryptogram, American Cryptogram Association,
1944.

[BIFM] ROGUE, "General Probabilities of Part Naturals in

Bifid, Trifid" JA70, The Cryptogram, American
Cryptogram Association, 1970.

[BIFN] B.NATURAL, "In Line Bifid Method," MA62, The

Cryptogram, American Cryptogram Association,
1962.

[BIFO] ABC, "Short Cut in a Bifid," SO61, The

Cryptogram, American Cryptogram Association,
1961.

[BIFP] ROGUE, "Specific Probabilities of Part Naturals

in Bifid, Trifid" SO70, The Cryptogram, American
Cryptogram Association, 1970.

[BIFQ] ROGUE, "Split Half Method For Finding A Period

of Bifid," MA71, The Cryptogram, American
Cryptogram Association, 1971.

[BIFR] ABC, "Twin Bifids - A Probable Word Method,"

JA62, The Cryptogram, American Cryptogram
Association, 1962.

[BIFS] GALUPOLY, "Twin Bifids," MJ60, JA60, The

Cryptogram, American Cryptogram Association,
1960.

[BIGR] PICCOLA, "Use of Bigram Tests" AS38, The

Cryptogram, American Cryptogram Association,
1938.

[BIGE] Bigelow, Robert P., Legal Issues in Computer

Security 1995 by Robert P. Bigelow.

[BIHS] E. Biham and A. Shamir, Differential

cryptanalysis of DES-like cryptosystems. Journal
of Cryptology, vol. 4, #1, 3--72, 1991.

[BiSh] Biham, E. and Shamir, A., 1993, Differential

Cryptanalysis of the Data Encryption Standard,
Springer-Verlag 1993.

[BISH] E. Biham, A. Shamir, Differential cryptanalysis

of Snefru, Khafre, REDOC-II, LOKI and LUCIFER. In
Proceedings of CRYPTO '91, ed. by J. Feigenbaum,
156--171, 1992.

[BL84] I. F. Blake, R. Fuji-Hara, R. C. Mullin, and S.

A. Vanstone, "Computing logarithms in finite
fields of characteristic two," SIAM Journal on
Algebraic and Discrete Methods, Vol. 5, No. 2,
June 1984, pp. 276-285.
[B84b] I. F. Blake, R. C. Mullin, and S. A. Vanstone,
"Computing logarithms in GF(2n)," in G. R.
Blakley and D. Chaum, Eds., Lecture Notes in
Computer Science Vol. 196: Advances in
Cryptology: Proceedings of CRYPTO 84, a Workshop
on the Theory and Application
of Cryptographic Techniques, Santa Barbara, CA,
August 19-22, 1984, pp. 73-82. Berlin/New York:
Springer-Verlag, 1985.

[BLAZ] Blaze, Matt. "Notes on key escrow meeting with

NSA." 2Feb. 1994. USENET: alt.privacy.clipper.

[BL83] G. R. Blakley, "A computer algorithm for

calculating the product AB modulo M," IEEE
Transactions on Computers, Vol. C-32, No. 5, May
1983, pp. 497-500.

[Blaz] Blaze, M., 1994, ``Protocol Failure in the

Escrowed Encryption Standard,'' May 31, 1994.

[Blum] Blum, H., 1993, Gangland: How the FBI Broke the
Mob, Simon & Schuster, New York 1993.

[BL84] M. Blum and S. Micali, "How to generate crypto-

graphically strong sequences of pseudo-random
bits," SIAM Journal on Computing, Vol. 13, No. 4,
November 1984, pp. 850-864.

[BLK] Blackstock, Paul W. and Frank L Schaf, Jr.,

"Intelligence, Espionage, Counterespionage and
Covert Operations," Gale Research Co., Detroit,
MI., 1978.

[BLOC] Bloch, Gilbert and Ralph Erskine, "Exploit the

Double Encipherment Flaw in Enigma", Cryptologia,
vol 10, #3, July 1986, p134 ff. (29)

[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th

ed., Annapolis: U.S. Naval Institute, 1978.

[BODY] Brown, Anthony - Cave, "Bodyguard of Lies",

Harper and Row, New York, 1975.

[BOLI] Bolinger, D. and Sears, D., "Aspects of

Language,"
3rd ed., Harcourt Brace Jovanovich,Inc., New
York, 1981.

[BOLO] Bologna, J. (1993). "Handbook on Corporate

Fraud: Prevention, Detection, Investigation".
Butterworth-Heinemann (Boston). ISBN 0-7506-
9243-X. xii + 308. Index.

[BORI] BORIQUA, " The Langosta Cipher," ND59, The

Cryptogram, American Cryptogram Association,
1959.

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers:

 An Introduction to Information Security," Hayden
Books, Rochelle Park, NJ, 1990.

[BOWE] Bowers, William Maxwell, "The Bifid Cipher,

Practical Cryptanalysis, II, ACA, 1960.

[BOW1] Bowers, William Maxwell, "The Trifid Cipher,"

Practical Cryptanalysis, III, ACA, 1961.

[BOW2] Bowers, William Maxwell, "The Digraphic

Substitution," Practical Cryptanalysis, I, ACA,
1960.

[BOW3] Bowers, William Maxwell, "Cryptographic ABC'S:

Substitution and Transposition Ciphers,"
Practical Cryptanalysis, IV, ACA, 1967.

[BOWN] Bowen, Russell J., "Scholar's Guide to

Intelligence Literature: Bibliography of the
Russell J. Bowen Collection," National
Intelligence Study Center, Frederick, MD, 1983.

[BO81] K. S. Booth, "Authentication of signatures using

public key encryption," Communications of the
ACM, Vol. 24, No. 11, November 1981, pp. 772-774.

[BOYA] J. Boyar, Inferring Sequences Produced by Pseudo-

Random Number Generators. Journal of the ACM,
1989.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
Protection of Communications", John Wiley and
Sons, NY, 1982.

[BR75] D. K. Branstad, "Encryption protection in

computer data communications," in Proceedings of
the 4th Data Communications Symposium, October 7-
9, 1975, pp. 8.1 -8.7. IEEE.

[BR79] G. Brassard, "A note on the complexity of

cryptography," IEEE Transactions on Information
Theory, Vol. IT-25, No. 2, March 1979, pp. 232-
233.

[B83a] G. Brassard, "Relativized cryptography," IEEE

Transactions on Information Theory, Vol. IT-29,
No. 6, November 1983, pp. 877- 894.

[BR88] G. Brassard, Lecture Notes in Computer Science

Vol. 325: Modern Cryptology: a Tutorial.
Berlin/New York: Springer-Verlag, 1988.

[BR83] R. P. Brent and H. T. Kung, "Systolic VLSI arrays

for linear-time GCD computation," in F. Anceau
and E. J. Aas, Eds., VLSI 83, proceedings of the
IFIP TC 10/WG 10.5 International Conference on
VLSI, Trondheim, Norway, August 16-19, 1983, pp.
145- 154. Amsterdam /New York: North-Holland,
 1983.

[B83b] R. P. Brent, H. T. Kung, and F. T. Luk, "Some

linear-time algorithms for systolic arrays," in
R. E. A. Mason, Ed., IFIP Congress Series Vol.
9: Information Processing 83, proceedings of the
IFIP 9th World Congress, Paris, France, September
19-23, 1983, pp. 865-876. Amsterdam/New York:
North-Holland, 1983.

[BRIC] Brickell, E., et al., "SKIPJACK Review Interim

Report: The SKIPJACK Algorithm", 28 July 1993,
Posted on sci.crypt.

[Broa] Broad, W., 1992, ``Evading the Soviet Ear at Glen

Cove,'' Science, Vol. 217 (3), September, 1982,
pp 910-911.

[BR82] E. F. Brickell, "A fast modular multiplication

algorithm with application to two key
cryptography," in D. Chaum, R. L. rivest, and A.
T. Sherman, Eds., Advances in Cryptology:
proceedings of CRYPTO '82, a Workshop on the
Theory and Application of Cryptographic
Techniques, Santa Barbara, CA, August 23-25,
1982, pp. 51-60. New York: Plenum Press, 1983.

[B83c] E. F. Brickell, "Solving low density knapsacks,"

in D. Chaum, Ed., Advances in Cryptology:
proceedings of CRYPTO 83, a Workshop on the
Theory and Application of Cryptographic
Techniques, Santa Barbara, CA, August 22-24,
1983, pp. 25-37. New York: Plenum Press, 1984.

[BR84] E. F. Brickell, "Breaking iterated knapsacks," in

G. R. Blakley and D. Chaum, Eds., Lecture Notes
in Computer Science Vol. 196: Advances in
Cryptology: Proceedings of CRYPTO 84, a Workshop
on the Theory and Application of Cryptographic
Techniques, Santa Barbara, CA, August 19-22,
1984, pp. 342-358. Berlin /New York: Springer-
Verlag, 1985.

[BR89] E. F. Brickell, "A survey of hardware

implementations of RSA," in G. Brassard, Ed.,
Lecture Notes in Computer Science Vol. 435:
Advances in Cryptology -Proceedings of CRYPTO
'89, pp. 368- 370. Berlin/New York: Springer-
Verlag, 1990.

[BR88] E. F. Brickell and A. M. Odlyzko, "Cryptanalysis:

a survey of recent results," Proceedings of the
IEEE, Vol. 76, No. 5, May 1988, pp. 578-593.

[BR76] H. S. Bright and R. L. Enison, "Cryptography

using modular software elements," in S. Winkler,
Ed., AFIPS Conference Proceedings Vol. 45:
 National Computer Conference, New York, NY, June
7-10, 1976, pp. 113-123. Montvale, NJ: AFIPS
Press, 1976.

[BRAG] G. Brassard, Modern Cryptology: a tutorial.

Spinger-Verlag, 1988.

[BRAS] Brasspounder, "Language Data - German," MA89, The

Cryptogram, American Cryptogram Association,
1989.

[BREN] Brennecke, J., "Die Wennde im U-Boote-

Krieg:Ursachen und Folgren 1939 - 1943," Herford,
Koehler, 1984.

[BRIK] E. Brickell, J. Moore, M. Purtill, Structure in

the S-boxes of DES. In Proceedings of CRYPTO '86,
A. M. Odlyzko ed., 3--8, 1987.

[BRIG] Brigman,Clarence S., "Edgar Allan Poe's

Contribution to Alexander's Weekly Messenger,"
Davis Press, 1943.

[BRIT] Anonymous, "British Army Manual of Cryptography",

HMF, 1914.

[BROG] Broglie, Duc de, Le Secret du roi: Correspondance

secrete de Louis XV avec ses agents diplomatiques
1752-1774, 3rd ed. Paris, Calmann Levy, 1879.

[BROO] Brook, Maxey, "150 Puzzles in Cryptarithmetic,"

Dover, 1963.

[BROP] L. Brown, J. P ieprzyk, J. Seberry, LOKI - a

cryptographic primitive for authentication and
secrecy applications. In Proceedings of AUSTCRYPT
90, 229--236, 1990.

[BROW] Brownell, George, A. "The Origin and Development

of the National Security Agency, Aegean Park
Press, 1981.

[BRO1] L. Brown, A proposed design for an extended DES,

Computer Security in the Computer Age. Elsevier
Science Publishers B.V. (North Holland), IFIP, W.
J. Caelli ed., 9--22, 1989.

[BRYA] Bryan, William G., "Practical Cryptanalysis -

Periodic Ciphers -Miscellaneous", Vol 5, American
Cryptogram Association, 1967.

[Bupc] Burrows, J. (Director, National Computer and

Telecommunications Laboratory, National Institute
of Standards and Technology), 1994, private
communication, March 11, 1994.

[BUGS] Anonymous, "Bugs and Electronic Surveillance,"

Desert Publications, 1976.
[BUON] Buonafalce, Augusto, "Giovan Battista Bellaso E
Le Sue Cifre Polialfabetiche," Milano, 1990

[BURL] Burling, R., "Man's Many Voices: Language in Its

Cultural Context," Holt, Rinehart & Winston, New
York, 1970.

[BWO] "Manual of Cryptography," British War Office,

Aegean Park Press, Laguna Hills, Ca. 1989.
reproduction 1914.

[Caba] Caba, S., 1994, ``FBI Nets Stanfa in Mob Sweep,''

Philadelphia Inquirer, March 18, 1994, Sec. A.

[CA87] T. R. Caron and R. D. Silverman, "Parallel

implementation of the quadratic scheme," Journal
of Supercomputing, Vol. 1, No. 3, 1987.

[CAD1] NIP N. BUD,"Cadenus - A Lesson in Practical

Cryptography," SO55, The Cryptogram, American
Cryptogram Association, 1955.

[CAD2] BERYL,"Cadenus Xenocrypt Note," SO91, The

Cryptogram, American Cryptogram Association,
1991.

[CAD3] PHOENIX,"Computer Column :Cadenus," SO89, The

Cryptogram, American Cryptogram Association,
1989.

[CAEL] H. Gustafson, E. Dawson, W. Caelli, Comparison

of block ciphers. In Proceedings of AUSCRYPT '90,
J. Seberry and J. Piepryzk eds., 208--220, 1990.

[CAMP] K. W. Campbell, M. J. Wiener, Proof the DES is

Not a Group. In Proceedings of CRYPTO '92, 1993.

[CAMN] Campen, A. D., D. H. Dearth, & R. T. Goodden,

eds. (1996). "Cyberwar: Security, Strategy, and
Conflict in the Information Age". AFCEA
International Press (Fairfax, VA). ISBN 0-
916159-26-4. vii + 296.

[CAND] Candela, Rosario, "Isomorphism and its

Application in Cryptanalytics, Cardanus Press,
NYC 1946.

[CARJ] John Carrol and Steve Martin, The Automated

Cryptanalysis of Substitution Ciphers.
Cryptologia 10(4), 193--209, 1986.

[CARL] John Carrol and Lynda Robbins, Automated

Cryptanalysis of Polyalphabetic Ciphers.
Cryptologia 11(4), 193--205, 1987.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight

Letters in Length, Aegean Park Press, Laguna
Hills, CA 92654, 1986.
[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in
Length, Aegean Park Press, Laguna Hills, CA
92654, 1986.

[CASE] Casey, William, 'The Secret War Against Hitler',

Simon & Schuster, London 1989.

[CAVA] Cavazos, E. & G. Morin (1996). "Cyberspace and

the Law: Your Rights and Duties in the On-Line
World". MIT Press (Cambridge, MA). ISBN 0-262-
53123-2. 220 pp. Index.

[CCF] Foster, C. C., "Cryptanalysis for

Microcomputers", Hayden Books, Rochelle Park, NJ,
1990.

[CHAN] Chandler, J., D. Arrington, and L. Gill, "Issues

Regarding the Use of Cryptographic Technologies
in the Commercial Sector," George Washington
University, National Law Center, 1993.

[CHA1] Chandler, J., D. Arrington, and L. Gill,

"Foreign Encryption Technology Controls," George
Washington University, National Law Center, 1993.

[CHAP] Chapman, D. B. & E. D. Zwicky (1995). "Building

Internet Firewalls". O'Reilly & Associates
(Sebastopol, CA). ISBN 1-56592-124-0. xxvi +
517. Index.

[CHAU] Chaum, D., 'Achieving Electronic Privacy,'

Scientific American vol. 267, no. 2 (August
1992): 96-101.

[CHES] Cheswick, W. & S. Bellovin (1994). "Firewalls

and Internet Security: Repelling the Wily
Hacker". Addison Wesley (Reading, MA). ISBN 0-
201-63357-4. xiv + 306. Index.

[CHE1] ABAKUSAN, " A tip for Checkerboard Solution,"

AS40, The Cryptogram, American Cryptogram
Association, 1940.

[CHE2] X.GOTSKY, " On the Checkerboard, AS44,The

Cryptogram, American Cryptogram Association,
1944.

[CHE3] QUARTERNION, "Straddling Checkerboard, " MA76,

The Cryptogram, American Cryptogram Association,
1976.

[CHE4] PICCOLA, "The Checkerboard Alphabet, " DJ34, The

Cryptogram, American Cryptogram Association,
1934.

[CHE5] SI SI, "The Hocheck Cipher Examined, " JA90, The

Cryptogram, American Cryptogram Association,
 1990.

[CHE5] SI SI, "The Checkerway Cipher Examined, " MJ90,

The Cryptogram, American Cryptogram Association,
1990.

[CHE6] GEMINATOR, "The Homophonic Checkerboard, " MA90,

The Cryptogram, American Cryptogram Association,
1990.

[CHE6] GEMINATOR, "The Checkerway Cipher, " JF90, The

Cryptogram, American Cryptogram Association,
1990.

[CHEC] CHECHEM,"On the Need for a Frequency Counter,"

AM48, The Cryptogram, American Cryptogram
Association, 1948.

[CHIP] "Chipping Away At Privacy?" Washington Post. 30

May, 1993 H1,H4. USENET: alt.security.clipper.

[CHOI] Interview with Grand Master Sin Il Choi.,9th DAN,

June 25, 1995.

[CHOM] Chomsky, Norm, "Syntactic Structures," The Hague:

Mouton, 1957.

[CROC] Crocker, S., 'Internet Privacy Enhanced Mail,'

The Third CPSR Cryptography and Privacy
Conference Source Book, 7 June 1993.

[CHUN] Chungkuo Ti-erh Lishih Tangankuan, ed "K'ang-Jih

chengmien chanch'ang," Chiangsu Kuchi
Ch'upansheh, 1987., pp. 993-1026.

[CCIT] CCITT, Draft Recommendation X.509: The Directory

-Authentication Framework. Gloucester, November
1987.

[CI] FM 34-60, Counterintelligence, Department of the

Army, February 1990.

[Cinq] Cinquegrana, A., 1989, ``The Walls (and Wires)

Have Ears: The Background and First Ten Years of
the Foreign Intelligence Surveillance Act of
1978,'' 137 University of Pennsylvania Law Review
793, 814-815 (1989).

[CO87] H. Cohen and A. K. Lenstra, "Implementation of a

new primality test," Mathematics of Computation,
Vol. 48, No. 177, January 1987, pp. 103-121.

[CO84] H. Cohen and H. W. Lenstra, Jr., "Primality

testing and Jacobi sums," Mathematics of
Computation, Vol. 42, No. 165, January 1984, pp.
297-330.

[CO80] Control Data Corporation, CDC CYBER 200 Model 205

Computer System. Minneapolis, MN, 1980.
[COP4] D. Coppersmith, "Fast evaluation of logarithms in
fields of characteristic two," IEEE Transactions
on Information Theory, Vol. IT-30, No. 4, July
1984, pp. 587-594.

[COP5] D. Coppersmith, "Another birthday attack," in H.

C. Williams, Ed., Lecture Notes in Computer
Science Vol. 218: Advances in Cryptology -
CRYPTO '85, proceedings of a Conference on the
Theory and Applications of Cryptographic
Techniques, Santa Barbara, CA, August 18-22,
1985, pp. 14-17. Berlin/New York: Springer-
Verlag, 1986.

[CO87] D. Coppersmith, "Cryptography," IBM Journal of

Research and Development, Vol. 31, No. 2, March
1987, pp. 244-248.

[CO86] D. Coppersmith, A. M. Odlyzko, and R. Schroeppel,

"Discrete logarithms in GF(p)," Algorithmica,
Vol. 1, No. 1, 1986, pp. 1-15.

[COBB] Cobb, S. T. (1995). "NCSA Guide to PC and LAN

Security". McGraw-Hill (New York). ISBN 0-07-
912168-3. xviii + 717. Index.

[CONS] S-TUCK and BAROKO, "Consonant-Line and Vowel-Line

Methods," MA92, The Cryptogram, American
Cryptogram Association, 1992.

[CONT] F.R.CARTER,"Chart Showing Normal Contact

Percentages," AM53, The Cryptogram, American
Cryptogram Association, 1953.

[CON1] S-TUCK."Table of Initial and Second-Letter

Contacts," DJ43, The Cryptogram, American
Cryptogram Association, 1943.

[COMM] Communications Security Establishment (1993).

"The Canadian Trusted Computer Product Evaluation
Criteria" Version 3.0e. Canadian System Security
Centre, CSE. Available from Criteria Coordinator
/ S5B InfoSec Standards and Evaluations /
Communications Security Establishment / P.O. Box
9703 Terminal / Ottawa K1G 3Z4. Tel. 613-991-
7331; fax 613-991-7323; e-mail
[email protected]

[COM1] Communications Security Establishment (1992).

"Trusted Systems Environment Guideline".
 CID/09/17 (Ottawa). iii + 38.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis

Of The Columnar Double Transposition Cipher, by
Courville Associates., South Gate, CA, 1986.

[CLAR] Clark, Ronald W., 'The Man who broke Purple',

Weidenfeld and Nicolson, London 1977.

[COLE] Collier, Jacot de Boinod et, "Marconi Master of

Space," 1935.

[COLF] Collins Gem Dictionary, "French," Collins Clear

Type Press, 1979.

[COLG] Collins Gem Dictionary, "German," Collins Clear

Type Press, 1984.

[COLI] Collins Gem Dictionary, "Italian," Collins Clear

Type Press, 1954.

[COLL] Collins Gem Dictionary, "Latin," Collins Clear

Type Press, 1980.

[COLP] Collins Gem Dictionary, "Portuguese," Collins

Clear Type Press, 1981.

[COLR] Collins Gem Dictionary, "Russian," Collins Clear

Type Press, 1958.

[COLS] Collins Gem Dictionary, "Spanish," Collins Clear

Type Press, 1980.

[COPP] Coppersmith, Don.,"IBM Journal of Research and

Development 38, 1994.

[CONJ] ZYZZ,"Conjugated Matrix Bifid: Modified Solving

Techniques," SO92, The Cryptogram, American
Cryptogram Association, 1992.

[COVT] Anonymous, "Covert Intelligence Techniques Of the

Soviet Union, Aegean Park Press, Laguna Hills,
Ca. 1980.

[CR80] Cray Research, Inc., Cray 1-S Series Hardware

Reference Manual. Mendota Heights, MN, June 1980.

[CR85] Cray Research, Inc., Cray X-MP Series of Computer

Systems. Mendota Heights, MN, August 1985.

[CREM] Cremer, Peter E.," U-Boat Commander: A Periscope

View of The Battle of The Atlantic," New York,
Berkley, 1986.

[CROC] Crocker, S., 'Internet Privacy Enhanced Mail,'

The Third CPSR Cryptography and Privacy
Conference Source Book, 7 June 1993.

[CRON] Cronin, D. J. (1986). "Microcomputer Data

 Security: Issues and Strategies for Business".
Brady Books, Prentice-Hall (New York). ISBN 0-
89303-672-2. xvii + 281. Index.

[CROT] Winter, Jack, "Solving Cryptarithms," American

Cryptogram Association, 1984.

[CRO1] CROTALUS, "The Sidewinder Cipher," SO92, The

Cryptogram, American Cryptogram Association,
1992.

[CRYP] "Selected Cryptograms From PennyPress," Penny

Press, Inc., Norwalk, CO., 1985.

[CRY1] NYPHO'S ROBOT, "Cryptometry Simplified," DJ40,

FM41, AM41, The Cryptogram, published by the
American Cryptogram Association, 1940, 1941,
1941.

[CRY2] AB STRUSE, "Non-Ideomorphic Solutions," AM51, The

Cryptogram, published by the American Cryptogram
Association, 1951.

[CRY3] MINIMAX, "Problems in Cryptanalysis - A

Transposition that cannot be Anagrammed," MA60,
The Cryptogram, published by the American
Cryptogram Association, 1960.

[CRY4] FAUSTUS, "Science of Cryptanalysis," AS32, The

Cryptogram, published by the American Cryptogram
Association, 1932.

[CRY5] FAUSTUS, "Science of Cryptanalysis,The " JA91,

The Cryptogram, published by the American
Cryptogram Association, 1991.

[CRY6] BEAU NED, "Semi-Systems in Crypt-Cracking," FM36,

The Cryptogram, published by the American
Cryptogram Association, 1936.

[CRY7] Y.NOTT, "Systems Of Systems," ON35, The

Cryptogram, published by the American Cryptogram
Association, 1935.

[CULL] Cullen, Charles G., "Matrices and Linear

Transformations," 2nd Ed., Dover Advanced
Mathematics Books, NY, 1972.

[CUNE] CHECHACO, "The Decipherment of Cuneiform," JJ33,

The Cryptogram, published by the American
Cryptogram Association, 1933.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers,"

Oxford University Press, London, 1974.

[DALT] Dalton, Leroy, "Topics for Math Clubs," National

Council of Teachers and Mu Alpha Theta, 1973.
[DAN] Daniel, Robert E., "Elementary Cryptanalysis:
Cryptography For Fun," Cryptiquotes, Seattle,
WA., 1979.

[DATA] Datapro, Inc., Datapro Report on Encryption

Devices, Delran, NJ, March 1993.

[DAVA] David, F. Games, Gods and Gambling, New York:

Haftner, 1962.

[DA83] D. W. Davies, "Applying the RSA digital signature

to electronic mail," Computer, Vol. 16, No. 2,
February 1983, pp. 55- 62.

[DA80] D. W. Davies and W. L. Price, "The application of

digital signatures based on public key
cryptosystems," NPL Report DNACS 39/80, National
Physics Laboratory, Teddington, Middlesex,
England, December 1980.

[DA83] J. A. Davis and D. B. Holdridge, "Factorization

using the quadratic sieve algorithm," in D.
Chaum, Ed., Advances in Cryptology: proceedings
of CRYPTO 83, a Workshop on the Theory and
Application of Cryptographic Techniques, Santa
Barbara, CA, August 22-24, 1983, pp. 103-113. New
York: Plenum Press, 1984.

[DA84] J. A. Davis, D. B. Holdridge, and G. J. Simmons,

"Status report on factoring," in T. Beth, N. Cot,
and I. Ingemarsson, Eds., Lecture Notes in
Computer Science Vol. 209: Advances in
Cryptology: Proceedings of EUROCRYPT 84, a
Workshop on the Theory and Application of
Cryptographic Techniques, Paris, France, April 9-
11, 1984, pp. 183-215. Berlin/New York: Springer-
Verlag, 1985.

[DAVE] Davies, D. W. & W. L. Price (1989). "Security for

Computer Networks: An Introduction to Data
Security in Teleprocessing and Electronic Funds
Transfer, 2nd edition". Wiley (New York). ISBN
0-471-92137-8. xx + 377. Index.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The

Cryptogram, September-October, Vol XLII, No 5.
1976.

[DAVJ] M. Davio, J. Goethals, Elements of cryptology. in

Secure Digital Communications, G. Longo ed., 1--
57, 1983.

[DAWS] Dawson, Donald A., "Cryptanalysis of the Single

Rotor Cipher Machine," C-73, Aegean Park Press,
1996.

[DE83] R. DeMillo and M. Merritt, "Protocols for data

security," Computer, Vol. 16, No. 2, February
1983, pp. 39-51.
[DE79] D. E. Denning, "Secure personal computing in an
insecure network," Communications of the ACM,
Vol. 22, No. 8, August 1979, pp. 476-482.

[D83a] D. E. Denning, "Protecting public keys and

signature keys," Computer, Vol. 16, No. 2,
February 1983, pp. 27-35.

[DE81] D. E. Denning and G. M. Sacco, "Timestamps in key

distribution protocols," Communications of the
ACM, Vol. 24, No. 8, August 1981, pp. 533-536.

[DE83] D. E. R. Denning, Cryptography and Data Security.

Reading, MA: Addison-Wesley, 1983.

[DDKM] Delaney, D., Denning, D., Kaye, J. and McDonald,

A., 1993, ``Wiretap Laws and Procedures: What
Happens When the U.S. Government Taps A Line,''
Sept. 23, 1993, available electronically from
cpsr.org.

[Denn] Denning, D., 1994, ``Encryption and Law

Enforcement,'' Feb. 21, 1994, available
electronically from cpsr.org.

[DEN1] Denning, D., 'To tap or not to

tap?'Communications of the ACM, vol. 36, no. 3
(March 1993): 25-44.

[DGBB] Denning, D., Godwin, M., Bayse, W., Rotenberg,

M., Branscomb, L., Branscomb, A., Rivest, R.,
Grosso, A. and Marx, G., 1993, ``To Tap or Not
to Tap,'' Communications of the ACM, Vol. 36 (3),
March 1993 , pp. 24-44.

[DEAC] Deacon, R., "The Chinese Secret Service,"

Taplinger, New York, 1974.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum,"

tr. by Gilbert Watts, (1640) or tr. by Ellis,
Spedding, and Heath (1857,1870).

[DELA] Delastelle, F., Traite' Elementaire de

Cryptographie, Mathematiques appliquees,
gauthier-Villars, Paris, 1902.

[DEL1] Delastelle, F., Cryptographie nouvelle assurant

l'inviolabilite' absolue des correspondances
chiffrees Maire of Saint-Malo, P. Dubreuil,
Paris, 1893.

[DEL2] Delastelle, F., Cryptographie universelle, Paris,

1893.

[DENN] Denning, Dorothy Elizabeth Robling. "The Clipper

Chip Will Block Crime."Newsday:
USENET:alt.privacy.clipper.
[DENN] Denning, Dorothy E. R.," Cryptography and Data
Security," Reading: Addison Wesley, 1983.

[DERN] Dern, D. P. (1994). "The Internet Guide for New

Users". McGraw-Hill (New York). ISBN 0-07-
016511-4. xxvii + 570. Index.

[DESM] Desmedt, Y., Y. Frankel, and M. Yung, "A

Scientific Statement on the Clipper Chip
Technology and Alternatives," paper distributed
at the Clipper session of the 16th National
Computer Security Conference, 21 September 1993.

[DEVO] Deavours, Cipher A. and Louis Kruh, Machine

Cryptography and Modern Cryptanalysis, Artech,
New York, 1985.

[DEV1] Deavours, C. A., "Breakthrough '32: The Polish

Solution of the ENIGMA," Aegean Park Press,
Laguna Hills, CA, 1988.

[DEV2] Deavours, C. A. and Reeds, J.,"The ENIGMA,"

CRYPTOLOGIA, Vol I No 4, Oct. 1977.

[DEV3] Deavours, C. A.,"Analysis of the Herbern

Cryptograph using Isomorphs," CRYPTOLOGIA, Vol I
No 2, April, 1977.

[DEV4] Deavours, C. A., "Cryptographic Programs for the

IBM PC," Aegean Park Press, Laguna Hills, CA,
1989.

[DEVR] HOMO SAPIENS, "De Vries Cipher," SO60, The

Cryptogram, The American Cryptogram Association,
1960.

[DIG1] DENDAI, "Digrafid, A Footnote to Tip Placement,"

SO84, The Cryptogram, The American Cryptogram
Association, 1984.

[DIG2] B. NATURAL, "Digrafid, Cipher solution," MJ61,

The Cryptogram, The American Cryptogram
Association, 1961.

[DIG3] KNUTE, "Digrafid Cipher," SO60, The Cryptogram,

The American Cryptogram Association, 1960.

[DIG4] THE RAT, "The Buzzsaw, an Enhanced Digrafid,"

JA83, The Cryptogram, The American Cryptogram
Association, 1983.

[DIG5] BERYL, "Digrafid, Cipher," SO93, The Cryptogram,

The American Cryptogram Association, 1993.

[DI82] W. Diffie, "Conventional versus public key

cryptosystems," in G. J. Simmons, Ed., Secure
Communications and Asymmetric Cryptosystems, pp.
 41-72. Boulder, CO: Westview Press, 1982.

[DI84] W. Diffie, "Network security problems and

approaches," Proceedings of the National
Electronics Conference, Vol. 38, 1984, pp. 292-
314.

[DI86] W. Diffie, "Communication security and national

security business, technology, and politics,"
Proceedings of the National Communications Forum,
Vol. 40, 1986, pp. 734-751.

[DI88] W. Diffie, "The first ten years of public-key

cryptography," Proceedings of the IEEE, Vol. 76,
No. 5, May 1988, pp. 560-577.

[DI76] W. Diffie and M. E. Hellman, "Multiuser

cryptographic techniques," in S. Winkler, Ed.,
AFIPS Conference Proceedings Vol. 45: National
Computer Conference, New York, NY, June 7-10,
1976, pp. 109-112. Montvale, NJ: AFIPS Press,
1976.

[D76b] W. Diffie and M. E. Hellman, "New directions in

cryptography," IEEE Transactions on Information
Theory, Vol. IT-22, No. 6, November 1976, pp.
644-654.

[DF87] W. Diffie, B. O'Higgins, L. Strawczynski, and D.

Steer, "An ISDN secure telephone unit,"
Proceedings of the National Communications Forum,
Vol. 41, No. 1, 1987, pp. 473-477.

[DI79] W. Diffie, M. Hellman, Privacy and

Authentication: An introduction to cryptography.
IEEE proceedings, 67(3), 397--427, 1979.

[Di78] Diffie, W., 1978, ``Data Security for EFT and

Automated Business,'' New Problems - New
Solutions, San Jose, California, SBS Publishing,
1978.

[Di82] Diffie, W., 1982, ``Cryptographic Technology:

Fifteen Year Forecast,'' in Gustavus J. Simmons,
Secure Communications and Asymmetric
Cryptosystems, AAAS Selected Symposium No. 69,
Westview Press, 1982.

[D83d] Y. Desmedt, J. Vandewalle, and R. J. M. Govaerts,

"A critical analysis of the security of knapsack
public key algorithms," IEEE Transactions on
Information Theory, Vol. IT-30, No. 4, July
1984, pp. 601-611.

[DOA1] Department of the Army (1945) Crypto-Operating

Instructions for Converter M-134-C (short title:
SIGQZF-2)

[DOA2] Department of the Army (1946) Crypto-Operating

 Instructions for Converter M-134-C (short title:
SIGQZF-3)

[DOA3] Department of the Army (1949) ASAM 1/1 Crypto-

Operating Instructions for ASAM 1. Note the new
designation of ASAM 1 for the ECM Mark II after
the war.

[DoCB] Department of Commerce Briefing re Escrowed

Encryption Standard, 1994, Department of
Commerce, February, 4, 1994, Washington, DC.

[DoJB] Department of Justice Briefing re Escrowed

Encryption Standard, 1994, Department of
Commerce, February, 4, 1994,Washington, DC.

[DONI] Donitz, Karl, Memoirs: Ten Years and Twenty Days,

London: Weidenfeld and Nicolson, 1959.

[DOUB] TIBEX, " A Short Study in doubles ( Word

beginning or ending in double letters)," FM43,
The Cryptogram, published by the American
Cryptogram Association, 1943.

[DO81] J. D. Dixon, "Asymptotically fast factorization

of integers," Mathematics of Computation, Vol.
36, No. 153, January 1981, pp. 255-260.

[DO81] D. Dolev and A. C. Yao, "On the security of

public key protocols," in 22nd Annual Symposium
on Foundations of Computer Science, Nashville,
TN, October 28-30, 1981, pp. 350-357. Silver
Spring, MD: IEEE Computer Society Press, 1981.

[DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box

1111, Nashua, NH. 03061-1111, (603) 880-6472,
Cost $15 for registered version and available as
shareware under CRYPTM.zip on CIS or zipnet.

[DOW1] Diffie, W., van Oorschot, P. and Wiener, M.,

1992, ``Authentication and Authenticated Key
Exchanges,'' in , Designs, Codes, and
Cryptography, Volume 2, Number 2, 1992, pp. 107--
125.

[DPSW] Digital Privacy and Security Working Group, white

paper on key escrow encryption technology, 30
September 1993.

[DU90] S. R. Dusse and B. S. Kaliski, Jr., "A

cryptographic library for the Motorola DSP
56000," presented at EUROCRYPT '90, Aarhuis,
DEnmark, May 21-24, 1990.

[EDUC] OZ, "Educational Cryptography," MA89, The

Cryptogram, The American Cryptogram Association,
1989.
[EELL] Eells, Richard, and P. Nehemkis, "Corporate
Intellegence and Espionage," Macmillian, London,
1984.

[EFF ] Electronic Frontier Foundation. EFF Announces Its

Official Policy onCryptography and Privacy.
N.p.: EFF, 8 Dec. 1993. ftp.eff.org file.

[EFF1] Electronic Frontier Foundation. General

Information About the Electronic Frontier
Foundation. N.p.: EFF, ftp.eff.org file.

[EFF2] Electronic Frontier Foundation. EFF Wan ts You

(to add your voice tothe crypto fight!) N.p.:
EFF, 7 Feb. 1994, USENET:alt.privacy.clipper.

[ERMA] Erman, M. David, et al. Computers, Ethics, and

Society. OxfordUniversity Press, 1990.

[EH78] W. F. Ehrsam, S. M. Matyas, C. H. Meyer, and W.

L. Tuchman, "A cryptographic key management
scheme for implementing the Data Encryption
Standard," IBM Systems Journal, Vol. 17, No. 2,
1978, pp. 106-125.

[EIIC] Ei'ichi Hirose, ",Finland ni okeru tsushin joho,"

in Showa gunji hiwa: Dodai kurabu koenshu, Vol 1,
Dodai kurabu koenshu henshu iinkai, ed., (Toyko:
Dodai keizai konwakai, 1987), pp 59-60.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New

York, 1956. [ A text that every serious player
should have!]

[ELLI] Carl M. Ellison, A Solution of the Hebern

Messages. Cryptologia, vol. XII, #3, 144-158,
Jul 1988.

[EL85] T. ElGamal, "A public key cryptosystem and a

signature scheme based on discrete logarithms,"
IEEE Transactions on Information Theory, Vol. IT-
31, No. 4, July 1985, pp. 469-472.

[E85b] T. ElGamal, "On computing logarithms over finite

fields," in H. C. Williams, Ed., Lecture Notes in
Computer Science Vol. 218: Advances in Cryptology
-CRYPTO '85, proceedings of a Conference on the
Theory and Applications of Cryptographic
Techniques, Santa Barbara, CA, August 18-22,
1985, pp. 396-402. Berlin/New York: Springer-
Verlag, 1986.

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,

"ENIGMA95 - A Simulation of Enhanced Enigma
Cipher Machine on A Standard Personal Computer,"
for publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes

 and Ciphers," Ambassador Books, Toronto, Canada,
1956.

[EQUI] THE OAK, "An Equi-Frequency Cipher System," JA55,

The Cryptogram, The American Cryptogram
Association, 1955.

[ERSK] Erskine, Ralph, "Naval Enigma: The Breaking of

Heimisch and Triton," Intelligence and National
Security 3, Jan. 1988.

[EVEN] S. Even, O. Goldreich, DES-like functions can

generate the alternating group. IEEE Trans. on
Inform. Theory, vol. 29, #6, 863--865, 19 83.

[EVES] Eve's H, Introduction to the History of

Mathematics, 4th ed., New York: holt, rinehart
and winston, 1964.

[EYRA] Eyraud, Charles, "Precis de Cryptographie

Moderne'" Paris, 1953.

[FARR] Farrow, R. (1991). "UNIX Systems Security: How

to Protect Your Data and Prevent Intruders".
Addison-Wesley (Reading, MA). ISBN 0-201-57030-
0. vii + 278. Index.

[F186] FIPS 186, "Digital Signature Standard (DSS)",

specifies a Digital Signature Algorithm
appropriate for applications requiring a digital
rather than a written signature.

[F185] FIPS 185, "Escrowed Encryption Standard (EES)",

specifies a voluntary technology available for
protecting telephone communications (e.g., voice,
fax, modem).

[F180] FIPS 180, "Secure Hash Standard (SHS)", specifies

a Secure Hash Algorithm (SHA) for use with the
Digital Signature Standard. Additionally, for
applications not requiring a digital signature,
the SHA is to be used whenever a secure hash
algorithm is required for federal applications.

[F462] FIPS 46-2, "Data Encryption Standard (DES)",

provides the technical specifications for the
DES.

[F113] FIPS 113, "Computer Data Authentication",

specifies a Data Authentication Algorithm, based
upon the DES, which may be used to detect
unauthorized modifications to data, both
intentional and accidental. The Message
Authentication Code as specified in ANSI X9.9 is
computed in the same manner as the Data
Authentication Code as specified in this
standard.
[F140] FIPS 140-1, "Security Requirements for
Cryptographic Modules", establishes the physical
and logical security requirements for the design
and manufacture of modules implementing NIST-
approved cryptographic algorithms.

[F171] FIPS 171, "Key Management Using ANSI X9.17",

adopts ANSI X9.17 and specifies a particular
selection of options for the automated
distribution of keying material by the federal
government using the protocols of ANSI X9.17.

[FE87] U. Feige, A. Fiat, and A. Shamir, "Zero knowledge

proofs of identity," in Proceedings of the
Nineteenth Annual ACM Symposium on Theory of
Computing, New York, NY, May 25-27, 1987, pp.
210- 217. New York: ACM, 1987.

[FEI1] H. Feistel, Cryptography and Computer Privacy.

Scientific American, 228(5), 15--23, 1973.

[FEI2] H. Feistel, H, W. Notz, J. Lynn Smith. Some

cryptographic techniques for machine-to-machine
data communications, IEEE proceedings, 63(11),
1545--1554, 1975.

[FISA] Foreign Intelligence Surveillance Act, 50 U.S.C.

Sec. 1801 , et seq.

[FI86] A. Fiat and A. Shamir, "How to prove yourself:

practical solutions to identification and
signature problems," in A. M. Odlyzko, Ed.,
Lecture Notes in Computer Science Vol. 263:
Advances in Cryptology -CRYPTO '86, proceedings
of a Conference on the
Theory and Applications of Cryptographic
Techniques, Santa Barbara, CA, August 11-15,
1986, pp. 186-194. Berlin/New York: Springer-
Verlag, 1987.

[FIBO] LOGONE BASETEN, "Use of Fibonacci Numbers in

Cryptography," JF69, The Cryptogram, published by
the American Cryptogram Association, 1969.

[FIDD] FIDDLE, (Frederick D. Lynch, Col.) "An Approach

to Cryptarithms," ACA Publications, 1964.

[FID1] FIDDLE, " The International Chess Cable Code,"

MJ55, The Cryptogram, American Cryptogram
Association, 1955.

[FING] HELCRYPT, "Cryptography in Fingerprinting," FM51,

The Cryptogram, published by the American
Cryptogram Association, 1951.

[FIRE] FIRE-O, "A Tool for Mathematicians:

Multiplicative Structures," The Cryptogram, Vol.
XXXVI, No 5, 1977.
[FISH] Fisher, R. P. (1984). "Information Systems
Security". Prentice-Hall (Englewood Cliffs, NJ).
ISBN 0-13-464727-0. viii + 240. Index.

[FL78] R. Flynn and A. S. Campasano, "Data dependent

keys for a selective encryption terminal," in S.
P. Ghosh and L. Y. Liu, Eds., AFIPS Conference
Proceedings Vol. 47: National Computer
Conference, Anaheim, CA, June 5-8, 1978, pp.
1127-1129. Montvale, NJ: AFIPS Press, 1978.

[FL] Anonymous, The Friedman Legacy: A Tribute to

William and Elizabeth Friedman, National Security
Agency, Central Security Service, Center for
Cryptological History,1995.

[FLI1] Flicke, W. F., "War Secrets in the Ether - Volume

I," Aegean Park Press, Laguna Hills, CA, 1977.

[FLIC] Flicke, W. F., "War Secrets in the Ether - Volume

II," Aegean Park Press, Laguna Hills, CA, 1977.

[FLIC] Flicke, W. F., "War Secrets in the Ether," Aegean

Park Press, Laguna Hills, CA, 1994.

[FM34] Field Manual 34-40-2 "Basic Cryptanalysis",

Department of Army, GPO 1990-729/952, 13
September, 1990. (Authored by ACA member Walt
Howe)

[FOOT] George FOOT,"An Introduction to Modern

Cryptography ," SO96, The Cryptogram, American
Cryptogram Association, 1996.

[FORE] DELAC, "Solving a Foreign Periodic by Lining Up

the Alphabets," JJ46, The Cryptogram, published
by the American Cryptogram Association, 1946.

[FOR1] VULPUS, "Four-Square Cipher," JA63, The

Cryptogram, The American Cryptogram Association,
1963.

[FOR2] FIDDLE, "Further Comments on Solution of Four-

Square Ciphers by Probable Word Method," FM50,
The Cryptogram, The American Cryptogram
Association, 1950.

[FOR3] GALUPOLY, "Numerical Four-Square Cipher," MA62,

MJ62, The Cryptogram, The American Cryptogram
Association, 1962.

[FOR4] SAI CHESS, "Sharpshooting the Four-Square

Cipher," AM49,JJ49, The Cryptogram, The
American Cryptogram Association, 1949.

[FOR5] B. NATURAL, "Solution of Type II-X Four-Square

Cipher," MJ62, The Cryptogram, The American
 Cryptogram Association, 1962.

[FOR6] FIDDLE, "Solutionof Four-Square Ciphers by

Probable Word Method," DJ49, The Cryptogram, The
American Cryptogram Association, 1949.

[FORS] Forester, T. & P. Morrison (1990). "Computer

Ethics: Cautionary Tales and Ethical Dilemmas in
Computing". MIT Press (Cambridge, MA). ISBN 0-
262-06131-7. vi + 193. Index.

[FORT] Forester, T., ed. (1991). "Computers in the Human

Context: Information Technology, Productivity and
People". MIT Press (Cambridge, MA). ISBN 0-262-
56050-X. xii + 548. Index.

[FOWL] Fowler, Mark and Radhi Parekh, " Codes and

Ciphers, - Advanced Level," EDC Publishing, Tulsa
OK, 1994. (clever and work)

[FRAA] Friedman, William F. , "American Army Field Codes

in The American Expeditionary Forces During the
First World War, USA 1939.

[FRAB] Friedman, W. F., Field Codes used by the German

Army During World War. 1919.

[FRAN] Franks, Peter, "Calculator Ciphers," Information

Associates, Champaign, Il. 1980.

[FRA1] SI SI, "Analysis and Optimization of the

Fractionated Morse Cipher," ND81, The Cryptogram,
The American Cryptogram Association, 1981.

[FRA2] B. NATURAL, "Elementary Study of the Fractionated

Morse Cipher," AS51, The Cryptogram, The American
Cryptogram Association, 1951.

[FRA3] X.GOTKY, "Fractionated Morse Cipher," AM50, The

Cryptogram, The American Cryptogram Association,
1950.

[FRA4] CROTALUS, "Fractionated Morse Frequencies

Reissued," MA93, The Cryptogram, The American
Cryptogram Association, 1993.

[FRA5] RIG R. MORTIS, "Fractionated Morse Keyword

Recovery," MA60, The Cryptogram, The American
Cryptogram Association, 1960.

[FRA6] LAMONT CRANSTON, "Fractionated Morse Made Easy,"

JA92, The Cryptogram, The American Cryptogram
Association, 1992.

[FRA7] MOOJUB, "General Break For Fractionated Morse,"

AS51, The Cryptogram, The American Cryptogram
 Association, 1951.

[FRA8] FIDDLE, "Periodic Fractionated Morse," AS54, The

Cryptogram, The American Cryptogram Association,
1954.

[FRAK] Franklin, Charles E. H., "Business Guide to

Privacy and Data Protection Legislation," ICC
Publishing, Kluwer Law International, The Hague,
1996.

[FRE] Friedman, William F. , "Elements of

Cryptanalysis," Aegean Park Press, Laguna Hills,
CA, 1976.

[FREA] Friedman, William F. , "Advanced Military

Cryptography," Aegean Park Press, Laguna Hills,
CA, 1976.

[FREB] Friedman, William F. , "Elementary Military

Cryptography," Aegean Park Press, Laguna Hills,
CA, 1976.

[FREC] Friedman, William F., "Cryptology," The

Encyclopedia Britannica, all editions since 1929.
A classic article by the greatest cryptanalyst.

[FRSG] Friedman, William F., "Solving German Codes in

World War I, " Aegean Park Press, Laguna Hills,
CA, 1977.

[FR1] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 1, Aegean
Park Press, Laguna Hills, CA, 1985.

[FR2] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part I - Volume 2, Aegean
Park Press, Laguna Hills, CA, 1985.

[FR3] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part III, Aegean Park
Press, Laguna Hills, CA, 1995.

[FR4] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part IV, Aegean Park
Press, Laguna Hills, CA, 1995.

[FR5] Friedman, William F. Military Cryptanalysis -

Part I, Aegean Park Press, Laguna Hills, CA,
1980.

[FR6] Friedman, William F. Military Cryptanalysis -

Part II, Aegean Park Press, Laguna Hills, CA,
1980.

[FR7] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part II - Volume 1,
 Aegean Park Press, Laguna Hills, CA, 1985.

[FR8] Friedman, William F. and Callimahos, Lambros D.,

Military Cryptanalytics Part II - Volume 2,
Aegean Park Press, Laguna Hills, CA, 1985.

[FR22] Friedman, William F., The Index of Coincidence

and Its Applications In Cryptography, Publication
22, The Riverbank Publications, Aegean Park
Press, Laguna Hills, CA, 1979.

[FRS6] Friedman, W. F., "Six Lectures On Cryptology,"

National Archives, SRH-004.

[FR8] Friedman, W. F., "Cryptography and Cryptanalysis

Articles," Aegean Park Press, Laguna Hills, CA,
1976.

[FR9] Friedman, W. F., "History of the Use of Codes,"

Aegean Park Press, Laguna Hills, CA, 1977.

[FRZM] Friedman, William F.,and Charles J. Mendelsohn,

"The Zimmerman Telegram of January 16, 1917 and
its Cryptographic Background," Aegean Park Press,
Laguna Hills, CA, 1976.

[Freh] Freeh, L., 1994, Written Statement before the

Subcommittee on Technology and the Law of the
Committee of the Judiciary, United States Senate
and the Subcommittee on Civil and Constitutional
Rights of the Committee on the Judiciary, House
of Representatives, March 18, 1994, Washington,
DC.

[FROM] Fromkin, V and Rodman, R., "Introduction to

Language," 4th ed.,Holt Reinhart & Winston, New
York, 1988.

[FRS] Friedman, William F. and Elizabeth S., "The

Shakespearean Ciphers Examined," Cambridge
University Press, London, 1957.

[FUMI] Fumio Nakamura, Rikugun ni okeru COMINT no hoga

to hatten," The Journal of National Defense, 16-1
(June 1988) pp85 - 87.

[GA79] M. R. Garey and D. S. Johnson, Computers and

Intractability. New York: W. H. Freeman, 1979.

[GALL] Gallery, S. M., ed. (1987). "Computer Security:

Readings from `Security Management' Magazine".
Butterworths (Boston). ISBN 0-409-90084-2. xvi
+ 301. Index.

[GAJ] Gaj, Krzysztof, "Szyfr Enigmy: Metody zlamania,"

Warsaw Wydawnictwa Komunikacji i Lacznosci, 1989.

[GAR1] Gardner, Martin, "536 Puzzles and Curious

Problems," Scribners, 1967.
[GAR2] Gardner, Martin, "Mathematics, Magic, and Mystery
," Dover, 1956.

[GAR3] Gardner, Martin, "New Mathematical Diversions

from Scientific American," Simon and Schuster,
1966.

[GAR4] Gardner, Martin, "Sixth Book of Mathematical

Games from Scientific American," Simon and
Schuster, 1971.

[GARL] Garlinski, Jozef, 'The Swiss Corridor', Dent,

London 1981.

[GAR1] Garlinski, Jozef, 'Hitler's Last Weapons',

Methuen, London 1978.

[GAR2] Garlinski, Jozef, 'The Enigma War', New York,

Scribner, 1979.

[GARF] Garfinkel, S. & G. Spafford (1991). "Practical

UNIX Security". O'Reilly & Assoc (Sebastopol,
CA). ISBN 0-937175-72-2. xxvii + 481. Index.
Available from the NCSA.

[GARO] G. Garon, R. Outerbridge, DES watch: an

examination of the sufficiency of the Data
Encryption Standard for financial institutions in
the 1990's. Cryptologia, vol. XV, #3, 177--193,
1991.

[GASS] Gasser, M. (1988). "Building a Secure Computer

System". Van Nostrand Reinhold (New York). ISBN
0-442-23022-2.

[GE] "Security," General Electric, Reference manual

Rev. B., 3503.01, Mark III Service, 1977.

[GERH] Gerhard, William D., "Attack on the U.S.,

Liberty," SRH-256, Aegean Park Press, 1981.

[GERM] "German Dictionary," Hippocrene Books, Inc., New

York, 1983.

[GI77] J. Gill, "Computational complexity of

probabilistic Turing machines," SIAM Journal on
Computing, Vol. 6, No. 4, December 1977, pp.
675-695.

[GILE] Giles, Herbert A., "Chinese Self-Taught," Padell

Book Co., New York, 1936?

[GIVI] Givierge, General Marcel, " Course In

Cryptography," Aegean Park Press, Laguna Hills,
CA, 1978. Also, M. Givierge, "Cours de
Cryptographie," Berger-Levrault, Paris, 1925.
[GLEN] Gleason, Norma, "Fun With Codes and Ciphers
Workbook," Dover, New York, 1988.

[GLE1] Gleason, Norma, "Cryptograms and Spygrams,"

Dover, New York, 1981.

[GLEA] Gleason, A. M., "Elementary Course in Probability

for the Cryptanalyst," Aegean Park Press, Laguna
Hills, CA, 1985.

[GLOV] Glover, D. Beaird, "Secret Ciphers of the 1876

Presidential Election," Aegean Park Press, Laguna
Hills, CA, 1991.

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct,"

Marion, Iowa, 1976

[GOOD] I. J. Good, Good Thinking: the foundations of

probability and its applications. University of
Minnesota Press, 1983.

[GOOE] Goodell, J. (1996). "The Cyberthief and the

Samurai: The True Story of Kevin Mitnick--and the
Man Who Hunted Him Down". Dell (New York). ISBN
0-440-22205-2. xix + 328.

[GO84] S. Goldwasser and S. Micali, "Probabilistic

encryption," Journal of Computer and System
Sciences, Vol. 28, No. 2, April 1984, pp. 270-
299.

[GO89] S. Goldwasser, S. Micali, and C. Rackoff, "The

knowledge complexity of interactive proof
systems," SIAM Journal on Computing, Vol. 18, No.
1, February 1989, pp. 186-208.

[GO88] S. Goldwasser, S. Micali, and R. L. Rivest, "A

digital signature scheme secure against adaptive
chosen-message attacks," SIAM Journal on
Computing, Vol. 17, No. 2, April 1988, pp. 281-
308.

[G84b] J. Gordon, "Strong RSA keys," Electronics

Letters, Vol. 20, No. 12, June 7, 1984, pp. 514-
516.

[GO84] J. A. Gordon, "Strong primes are easy to find,"

in T. Beth, N. Cot, and I. Ingemarsson, Eds.,
Lecture Notes in Computer Science Vol. 209:
Advances in Cryptology: Proceedings of EUROCRYPT
84, a Workshop on the Theory and Application of
Cryptographic Techniques, Paris, France, April 9-
11, 1984, pp. 216-223.
Berlin/New York: Springer-Verlag, 1985.

[GR88] J. Grollman and A. L. Selman, "Complexity

measures for public-key cryptosystems," SIAM
Journal on Computing, Vol. 17, No. 2, April
 1988, pp. 309-335.

[GORD] Gordon, Cyrus H., " Forgotten Scripts: Their

Ongoing Discovery and Decipherment," Basic
Books, New York, 1982.

[GORE] Gore, Al. Interview. By Lawrence J. Magid.

Microtimes 8 Feb. 1994:26-31.

[GOR1] Gore, Al. Remarks (as prepared). Royce Hall.

University of CaliforniaLos Angeles. 11 Jan.
1994. ftp.eff.org file.

[GOR2] Gore, Al. Statement of the Vice President. White

House: Office of the Vice President. 4, Feb.
1994. ftp.eff.org file .

[Gold] Goldman V. United States, 316 U.S. 129, 1942.

[GRA1] Grandpre: "Grandpre, A. de--Cryptologist. Part 1

'Cryptographie Pratique - The Origin of the
Grandpre', ISHCABIBEL, The Cryptogram, SO60,
American Cryptogram Association, 1960.

[GRA2] Grandpre: "Grandpre Ciphers", ROGUE, The

Cryptogram, SO63, American Cryptogram
Association, 1963.

[GRA3] Grandpre: "Grandpre", Novice Notes, LEDGE, The

Cryptogram, MJ75, American Cryptogram
Association,1975

[GRAH] Graham, L. A., "Ingenious Mathematical Problems

and Methods," Dover, 1959.

[GRAN] Grant, E. A., "Kids Book of Secret Codes, Signals

and Ciphers, Running Press, 1989.

[GRAP] DR. CRYPTOGRAM,"The Graphic Position Chart (On

Aristocrats)," JF59, The Cryptogram, American
Cryptogram Association, 1959.

[GREU] Greulich, Helmut, "Spion in der

Streichholzschachtel: Raffinierte Methoden der
Abhortechnik, Gutersloh: Bertelsmann, 1969.

[GRI1] ASAP,"An Aid For Grille Ciphers," SO93, The

Cryptogram, American Cryptogram Association,
1993.

[GRI2] DUN SCOTUS,"Binary Number Grille," JA60, The

Cryptogram, American Cryptogram Association,
1960.

[GRI3] S-TUCK,"Grille Solved By the Tableaux Method,"

DJ42, The Cryptogram, American Cryptogram
Association, 1942.
[GRI4] The SQUIRE,"More About Grilles," ON40,DJ40, The
Cryptogram, American Cryptogram Association,
1940, 1940.

[GRI5] OMAR,"Rotating Grille Cipher," FM41, The

Cryptogram, American Cryptogram Association,
1941.

[GRI6] S-TUCK,"Solving The Grille. A New Tableaux

Method," FM44, The Cryptogram, American
Cryptogram Association, 1944.

[GRI7] LABRONICUS,"Solving The Turning Grille," JF88,

The Cryptogram, American Cryptogram Association,
1988.

[GRI8] BERYL,"The Turning Grille," ND92, The Cryptogram,

American Cryptogram Association, 1992.

[GRI9] SHERLAC and S-TUCKP,"Triangular Grilles," ON45,

The Cryptogram, American Cryptogram Association,
1945.

[GRIA] SHERLAC,"Turning Grille," ON49, The Cryptogram,

American Cryptogram Association, 1949.

[GRIB] DUN SCOTUS,"Turning (by the numbers)," SO61, The

Cryptogram, American Cryptogram Association,
1961.

[GRIC] LEDGE,"Turning Grille (Novice Notes)," JA77, The

Cryptogram, American Cryptogram Association,
1977.

[GRO1] DENDAI, DICK," Analysis of Gromark Special,"ND74,

The Cryptogram, American Cryptogram Association,
1974.

[GRO2] BERYL," BERYL'S Pearls: Gromark Primers by hand

calculator," ND91, The Cryptogram, American
Cryptogram Association, 1991.

[GRO3] MARSHEN," Checking the Numerical Key,"JF70, The

Cryptogram, American Cryptogram Association,
1970.

[GRO4] PHOENIX," Computer Column: Gronsfeld -> Gromark,"

"MJ90, The Cryptogram, American Cryptogram
Association, 1990.

[GRO5] PHOENIX," Computer Column: Perodic Gromark," MJ90

The Cryptogram, American Cryptogram Association,
1990.

[GRO6] ROGUE," Cycles for Gromark Running Key," JF75,

The Cryptogram, American Cryptogram Association,
 1975.

[GRO7] DUMBO," Gromark Cipher," MA69, JA69, The

Cryptogram, American Cryptogram Association,
1969.

[GRO8] DAN SURR," Gromark Club Solution," MA75, The

Cryptogram, American Cryptogram Association,
1975.

[GRO9] B.NATURAL," Keyword Recovery in Periodic

Gromark," SO73, The Cryptogram, American
Cryptogram Association, 1973.

[GROA] D.STRASSE," Method For Determining Term of Key,"

MA75, The Cryptogram, American Cryptogram
Association, 1975.

[GROB] CRUX," More On Gromark Keys," ND87, The

Cryptogram, American Cryptogram Association,
1987.

[GROC] DUMBO," Periodic Gromark ," MA73, The Cryptogram,

American Cryptogram Association, 1973.

[GROD] ROGUE," Periodic Gromark ," SO73, The Cryptogram,

American Cryptogram Association, 1973.

[GROE] ROGUE," Theoretical Frequencies in the Gromark,"

MA74, The Cryptogram, American Cryptogram
Association, 1974.

[GRON] R.L.H., "Condensed Analysis of a Gronsfeld,"

AM38, ON38,The Cryptogram, American Cryptogram
Association, 1938,1938.

[GRON] Groner, J., 'When it Comes to Software, U.S.

Sees Military Hardware; Concern over Spread of
Encryption Codes Hurts Exports,' The Connecticut
Law Tribune, 21 December 1992, p. 12.

[GROU] Groueff, Stephane, "Manhattan Project: The Untold

Story of the Making of the Atom Bomb," Little,
Brown and Company,1967.

[GRN1] CHARMER, "Gronsfeld," AS44, The Cryptogram,

American Cryptogram Association, 1944.

[GRN2] PICCOLA, "Gronsfeld Cipher," ON35, The

Cryptogram, American Cryptogram Association,
1935.

[GRN3] S-TUCK, "Gronsfeld Cipher," AS44, The Cryptogram,

American Cryptogram Association, 1944.

[GSA] General Services Administration, 1992, Offices of

Congressional Affairs, Memo of May 5, 1992, in ,
The Third CPSR Cryptography and Privacy
Conference Source Book, June 7, 1993, Washington,
 DC.

[GUNG] GUNG HO, (Courville, J. B.), Manual for

Cryptanalysis of the Columnar Double Transp-
osition Cipher, South Gate, CA, 1986.

[GUST] Gustave, B., "Enigma:ou, la plus grande 'enigme

de la guerre 1939-1945." Paris:Plon, 1973.

[GYLD] Gylden, Yves, "The Contribution of the

Cryptographic Bureaus in the World War," Aegean
Park Press, 1978.

[GYL1] Gylden, Yves, "Chiffrebyraernas insatser i

varldskriget till lands," Stockholm, 1931.

[HA88] J. Hastad, "Solving simultaneous modular

equations of low degree," SIAM Journal on
Computing, Vol. 17, No. 2, April 1988, pp. 336-
341.

[HA87] S. Hawkinson, "The FPS T Series: a parallel

vector supercomputer," in W. J. Karplus, Ed.,
Multiprocessors and Array Processors, pp. 147-
155. San Diego: Simulation Councils Inc., 1987.

[HA86] J. P. Hayes, T. Mudge, Q. F. Stout, S. Colley,

and J. Palmer, "A microprocessor-based hypercube
supercomputer," IEEE Micro, Vol. 6, No. 5,
October 1986, pp. 6-17.

[HA88] M. E. Haykin and R. B. J. Warnar, "Smart card

technology: new methods for computer access
control," NIST Special Publication 500-157,
September 1988.

[HA] Hahn, Karl, " Frequency of Letters", English

Letter Usage Statistics using as a sample, "A
Tale of Two Cities" by Charles Dickens, Usenet
SCI.Crypt, 4 Aug 1994.

[HAFT] Haftner, Katie and John Markoff, "Cyberpunk,"

Touchstine, 1991.

[HAFN] Hafner, K. & J. Markoff (1991). "Cyberpunk:

Outlaws and Hackers on the Computer Frontier".
Touchstone Books, Simon & Schuster (New York).
ISBN 0-671-77879-X. 368. Index.

[HAGA] Hagamen,W. D. et. al., "Encoding Verbal

Information as Unique Numbers," IBM Systems
Journal, Vol 11, No. 4, 1972.

[HAGH] Hahn, H. & R. Stout (1995). "The Internet Yellow

Pages, Second Edition". Osborne McGraw-Hill
(Bereley, CA). ISBN 0-07-882098-7. xxxvi + 812.
Index.
[HARR] Harris, Zellig, "A Grammar of English on
Mathematical Principles," John Wiley, 1992.

[HASS] Hassig, L. & J. W. Shanks (1986), eds. "Computer

Security". One of the series, "Understanding
Computers". TIME-LIFE (541 North Fairbanks Court
/ Chicago, IL 60611). ISBN 0-8094-5670-2. 128
pp. Index.

[HAUG] Haugh, J. J., R. E. Burney, G. L. Dean & L. H.

Tisch (1992). "Toll Fraud and Telabuse: A
Multibillion Dollar National Problem".
Telecommunications Advisors Inc (Portland, OR).
ISBN 0-9632634-2-0. 399 + 431 pp.

[HAWA] Hitchcock, H. R., "Hawaiian," Charles E. Tuttle,

Co., Toyko, 1968.

[HAWC] Hawcock, David and MacAllister, Patrick, "Puzzle

Power! Multidimensional Codes, Illusions,
Numbers, and Brainteasers," Little, Brown and
Co., New York, 1994.

[HE81] P. S. Henry, "Fast decryption algorithm for the

knapsack cryptographic system," Bell System
Technical Journal, Vol. 60, No. 5, May-June
1981, pp. 767-773.

[HE64] I. N. Herstein, Topics in Algebra. Waltham:

Blaisdell, 1964.

[HEBR] COMET, "First Hebrew Book (of Cryptology)," JF72,

The Cryptogram, published by the American
Cryptogram Association, 1972.

[HELD] Gilbert, "Top Secret Data Encryption Techniques,"

Prentice Hall, 1993. (great title..limited use)

[HELL] M. Hellman, The mathematics of public key

cryptography. Scientific American, 130--139,
1979.

[HEMP] Hempfner, Philip and Tania, "Pattern Word List

For Divided and Undivided Cryptograms,"
unpublished manuscript, 1984.

[HEPP] Hepp, Leo, "Die Chiffriermaschine 'ENIGMA'", F-

Flagge, 1978.

[HEW] HEW Advisory Committee on Automated Personnel

Data Systems, Records, Computers and the Rights
of Citizens, 1973, Washington, DC.

[HI85] D. Hillis, The Connection Machine. Cambridge, MA:

MIT Press, 1985.
[HIDE] Hideo Kubota, " Zai-shi dai-go kokugun tokushu
joho senshi." unpublished manuscript, NIDS.

[HIER] ISHCABIBEL, "Hieroglyphics: Cryptology Started

Here, MA71, The Cryptogram, American Cryptogram
Association, 1971.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic

Alphabet", The American Mathematical Monthly,
June-July 1929.

[HIL1] Hill, L. S. 1929. Cryptography in an Algebraic

Alphabet. American Mathematical Monthly. 36:306-
312.

[HIL2] Hill, L. S. 1931. Concerning the Linear

Transformation Apparatus in Cryptography.
American Mathematical Monthly. 38:135-154.

[HINS] Hinsley, F. H., "History of British Intelligence

in the Second World War", Cambridge University
Press, Cambridge, 1979-1988.

[HIN2] Hinsley, F. H. and Alan Strip in "Codebreakers -

Story of Bletchley Park", Oxford University
Press, 1994.

[HIN3] Hinsley, F. H., et. al., "British Intelligence in

The Second World War: Its Influence on Strategy
and Operations," London, HMSO vol I, 1979, vol II
1981, vol III, 1984 and 1988.

[HISA] Hisashi Takahashi, "Military Friction, Diplomatic

Suasion in China, 1937 - 1938," The Journal of
International Studies, Sophia Univ, Vol 19, July,
1987.

[HIS1] Barker, Wayne G., "History of Codes and Ciphers

in the U.S. Prior to World War I," Aegean Park
Press, Laguna Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of

Military Ciphers," Aegean Park Press, Laguna
Hills, CA, 1976.

[HO81] R. W. Hockney and C. R. Jesshope, Parallel

Computers: Architecture, Programming and
Algorithms. Bristol: Adam Hilger, 1981.

[HO78] E. Horowitz and S. Sahni, Fundamentals of

Computer Algorithms. Rockville: Computer Science
Press, 1978.

[HODG] Hodges, Andrew, "Alan Turing: The Enigma," New

York, Simon and Schuster, 1983.
[HOFF] Hoffman, Lance J., editor, "Building In Big
Brother: The Cryptographic Policy Debate,"
Springer-Verlag, N.Y.C., 1995. ( A useful and
well balanced book of cryptographic resource
materials. )

[HOF1] Hoffman, Lance. J., et. al.," Cryptography

Policy," Communications of the ACM 37, 1994, pp.
109-17.

[HOF3] Hoffman, L. J. (1990), ed. "Rogue Programs:

Viruses, Worms, and Trojan Horses". Van Nostrand
Reinhold (NY). ISBN 0-442-00454-0. xii+384.
Index.

[Hof4] Hoffman, L. J., 'Clipping Clipper,'

Communications of the ACM vol. 36, no. 9
(September 1993): 15-17.

[HOLM Holmes, W. J., "Double-Edged Secrets: U.S. Naval

Intelligence Operations in the Pacific During
WWII", Annapolis, MD: Naval Institute Press,
1979.

[HOM1] Homophonic: A Multiple Substitution Number

Cipher", S-TUCK, The Cryptogram, DJ45, American
Cryptogram Association, 1945.

[HOM2] Homophonic: Bilinear Substitution Cipher,

Straddling," ISHCABIBEL, The Cryptogram, AS48,
American Cryptogram Association, 1948.

[HOM3] Homophonic: Computer Column:"Homophonic Solving,"

PHOENIX, The Cryptogram, MA84, American
Cryptogram Association, 1984.

[HOM4] Homophonic: Hocheck Cipher,", SI SI, The

Cryptogram, JA90, American Cryptogram
Association, 1990.

[HOM5] Homophonic: "Homophonic Checkerboard," GEMINATOR,

The Cryptogram, MA90, American Cryptogram
Association, 1990.

[HOM6] Homophonic: "Homophonic Number Cipher," (Novice

Notes) LEDGE, The Cryptogram, SO71, American
Cryptogram Association, 1971.

[HUGH] Hughes, L. J., Jr (1995). "Actually Useful

Internet Security Techniques". New Riders
Publishing (Indianapolis, IN). ISBN 1-56205-508-
9. xv + 378. Index.

[HUNT] D. G. N. Hunter and A. R. McKenzie, Experiments

with Relaxation Algorithms for Breaking Simple
Substitution Ciphers. Computer Journal 26(1),
1983.
[HUTT] Hutt, A. E., S. Bosworth & D. B. Hoyt, editors
(1995). "Computer Security Handbook, Third
Edition". John Wiley & Son (New York). ISBN 0-
471-01907-0.

[HW84] K. Hwang and F. A. Briggs, Computer Architecture

and Parallel Processing. New York: McGraw-Hill,
1984.

[HYDE] H. Montgomery Hyde, "Room 3603, The Story of

British Intelligence Center in New York During
World War II", New York, Farrar, Straus, 1963.

[IAB-90] IAB Privacy and Security Research Group,

"Privacy enhancement for Internet electronic
mail: Part I: Message encipherment and
authentication procedures," RFC 1113B, December
18, 1990.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,

Yorktown Heights, N.Y., 1971.

[ICOV] Icove, D., K. Seger, W. VonStorch (1995).

"Computer Crime: A Crime Fighter's Handbook."
Eugene Spafford, editor. O'Reilly & Associates
(Sebastopol, CA). ISBN 1-56592-086-4.

[IC1 ] GIZMO, "Bifid Period Determination Using a

Digraphic Index of Coincidence, JF79, The
Cryptogram, American Cryptogram Association,
1979.

[IC2 ] PHOENIX, "Computer Column: Applications of the

Index of Coincidence, JA90, The Cryptogram,
American Cryptogram Association, 1990.

[IC3 ] PHOENIX, "Computer Column: Digraphic Index of

Coincidence, ND90, The Cryptogram, American
Cryptogram Association, 1990.

[IC4 ] PHOENIX, "Computer Column: Index of Coincidence

(IC), JA82, The Cryptogram, American Cryptogram
Association, 1982.

[IC5 ] PHOENIX, "Computer Column: Index of Coincidence,

(correction) MA83, The Cryptogram, American
Cryptogram Association, 1983.

[IFTS] Information Infrastructure Task Force, The

National Information Infrastructure: Agenda for
Action, Department of Commerce, 15 September
1993.

[IMPE] D'Imperio, M. E, " The Voynich Manuscript - An

Elegant Enigma," Aegean Park Press, Laguna Hills,
CA, 1976.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA,

 1994.

[INDU] Industry Canada (1994). "Privacy and the

Canadian Information Highway". Available from
Distribution Services / Industry Canada / Room
208D, East Tower / 235 Queen Street / Ottawa K1A
0H5. Tel. 613-954-5716; fax 613-954-6436.
PW/GSC catalog #C2-229/1-1994. ISBN 0-662-61370-
8. SIT PU 0025-94-03.

[IRD ] International Resource Development, Data, Fax,

and Voice Encryption Equipment Worldwide, Report
#782 (December 1991), New Canaan, CT, pp. 267-
271.

[Irvi] Irvine v. California, 347 U.S. 128, 1954.

[ISO-87] International Organization for Standards, Draft

International Standard ISO/DIS 7498-2,
Information processing systems - Open Systems
Interconnection Model - Part 2: Security
Architecture, 1987.

[ITAL] Italian - English Dictionary, compiled by Vittore

E. Bocchetta, Fawcett Premier, New York, 1965.

[ITAR] International Traffic in Arms Regulation (ITAR),

22 CFR 120-130.

[JAPA] Martin, S.E., "Basic Japanese Conversation

Dictionary," Charles E. Tuttle Co., Toyko, 1981.

[JAPH] "Operational History of Japanese Naval

Communications, December 1941- August 1945,
Monograph by Japanese General Staff and War
Ministry, Aegean Park Press, 1985.

[JOH0] Johnson, Brian, 'The Secret War', Arrow Books,

London 1979.

[JOHN] Johnson, D.B., Matyas, S.M., Le, A.V., Wilkins,

J.D., "Design of the Commercial Data Masking
Facility Data Privacy Algorithm," Proceedings 1st
ACM Conference on Computer & Communications
Security, November 1993, Fairfax, VA., pp. 93-96.

[JU82] R. R. Jueneman, "Analysis of certain aspects of

output feedback mode," in D. Chaum, R. L. Rivest,
and A. T. Sherman, Eds., Advances in Cryptology
- proceedings of CRYPTO 82, a Workshop on the
Theory and Application of Cryptographic
Techniques, Santa Barbara, CA, August 23-25,
1982, pp. 99-127. New York: Plenum Press, 1983.

[JU86] R. R. Jueneman, "A high speed manipulation

detection code," in A. M. Odlyzko, Ed., Lecture
Notes in Computer Science Vol. 263: Advances in
Cryptology -CRYPTO '86, proceedings of a
Conference on Theory and Applications of
 Cryptographic Techniques, Santa Barbara, CA,
August 11-15, 1986, pp. 327-346. Berlin/New
York: Springer-Verlag, 1987.

[KABA] Kabay, M. E. (1996). "The NCSA Guide to

Enterprise Security: Protecting Information
Assets". McGraw-Hill (New York). ISBN 0-07-
033147-2. 388 pp. Index.

[KALI] Kaliski, B. "The MD2 Message-Digest Algorithm",

RFC1319, April 1992

[KADI] al-Kadi, Ibrahim A., Cryptography and Data

Security: Cryptographic Properties of Arabic,
Proceedings of the Third Saudi Engineering
Conference. Riyadh, Saudi Arabia: Nov 24-27, Vol
2:910-921., 1991.

[KAHN] Kahn, David, "The Codebreakers", Macmillian

Publishing Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New

Cryptology," MacMillan Co., New York, 1983.

[KAH2] Kahn, David, "An Enigma Chronology", Cryptologia

Vol XVII,Number 3, July 1993.

[KAH3] Kahn, David, "Seizing The Enigma: The Race to

Break the German U-Boat Codes 1939-1943 ",
Houghton Mifflin, New York, 1991.

[KAMD] J. Kam, G. Davida, A structured design of

substitution-permutation encryption networks.
IEEE Trans. Information Theory, 28(10), 747--
753, 1978.

[KAPO] Kapor, Mitchell. Testimony. "Telecommunications

InfrastructureLegislation And Proposals."
Telecommunications And Finance HouseEnergy And
Commerce Commi ttee. Washington DC, 24Oct. 1991.
ftp.eff.org file.

[KARA] Karalekas, Anne, "History of the Central

Intelligence Agency," Aegean Park Press, Laguna
Hills, CA, 1977.

[KASI] Kasiski, Major F. W. , "Die Geheimschriften und

die Dechiffrir-kunst," Schriften der
Naturforschenden Gesellschaft in Danzig, 1872.

[KAS1] Bowers, M. W., {ZEMBIE} "Major F. W. Kasiski -

Cryptologist," The Cryptogram, XXXI, JF, 1964.

[KAS2] ----, "Kasiski Method," JF64,MA64, The

Cryptogram, American Cryptogram Association,
1964.

[KAS3] PICCOLA, "Kasiski Method for Periodics,"

JJ35,AS35, The Cryptogram, American Cryptogram
 Association, 1935, 1935.

[KAS4] AB STRUSE, "Who was Kasiski?" SO76, The

Cryptogram, American Cryptogram Association,
1976.

[KATZ] Katzen, Harry, Jr., "Computer Data Security,"Van

Nostrand Reinhold, 1973.

[Katz] Katz v United States, 389 U.S. 347, 1967.

[KENN] Ellen Alderman and Carolyn Kennedy, The Right To

Privacy, Knopf Publishing, New York, 1995.

[KENT] Sherman Kent, "Strategic Intelligence for

American World Policy" Princetone University
Press, Princeton, NJ 1966.

[Kent] Kent, S., 1993, ``Internet Privacy Enhanced

Mail,'' Communications of the ACM, Vol. 36 (8),
pp. 48-59, August 1993.

[KERC] Kerckhoffs, "la Cryptographie Militaire, "

Journel des Sciences militaires, 9th series, IX,
(January and February, 1883, Libraire Militaire
de L. Baudoin &Co., Paris. English trans. by
Warren T, McCready of the University of Toronto,
1964

[KEY0] S-TUCK, " 5X5 Key Squares and How to Solve Them"
AS44, The Cryptogram, American Cryptogram
Association, 1944.

[KEY1] S-TUCK, " Mixed Squares...Columnar Takeout From

Keyword Block" DJ46, The Cryptogram, American
Cryptogram Association, 1946.

[KEY2] S-TUCK, " Recovery of a 5X5 Keyword Square" ON46,

The Cryptogram, American Cryptogram Association,
1946.

[KEY3] ARACHNE, " Square Dealing: The Polybius Square,

Part I- Introduction and History," JF93, The
Cryptogram, American Cryptogram Association,
1993.

[KEY4] ARACHNE, " Square Dealing: The Polybius Square,

Part II-Tri Square Application," MA93, The
Cryptogram, American Cryptogram Association,
1993.

[KEY5] ARACHNE, " Square Dealing: The Polybius Square,

Part III-Bifid Application," MJ93, The
Cryptogram, American Cryptogram Association,
1993.
[KEY6] ARACHNE, " Square Dealing: The Polybius Square,
Part IV-Reconstruction of Phillips Squares,"
JA93, The Cryptogram, American Cryptogram
Association, 1993.

[KH79] L. G. Khacian, "A polynomial algorithm in linear

programming," Dokl. Akad. Nauk. SSSR 244, pp.
1093-1096. English translation in Soviet Math.
Dokl. 20, pp. 191-194.

[Kinz] Kinzer, S., 1992, ``East Germans Face Their

Accusers,'' New York Times Magazine, April 12,
1992.

[KINN] P. Kinnucan, Data encryption gurus: Tuchman and

Meyer. Cryptologia, vol. II #4, 371--XXX, 1978.

[KING] King and Bahler, Probabilistic Relaxation in the

Cryptanalysis of Simple Substitution Ciphers.
Cryptologia 16(3), 215--225, 1992.

[KINB] King and Bahler, An Algorithmic Solution of

Sequential Homophonic Ciphers. Cryptologia 17(2),
in press.

[KL79] C. S. Kline and G. J. Popek, "Public key vs.

conventional key encryption," in R. E. Merwin,
Ed., AFIPS Conference Proceedings Vol. 48:
National Computer Conference, June 4-7, 1979, New
York, NY, pp. 831-837. Montvale, NJ: AFIPS
Press, 1979.

[KN81] D. E. Knuth, The Art of Computer Programming,

Vol. 2: Seminumerical Algorithms. Reading, MA:
Addison-Wesley, 1981.

[K78b] L. M. Kohnfelder, "On the signature reblocking

problem in public-key cryptosystems,"
Communications of the ACM, Vol. 21, No. 2,
February 1978, p. 179.

[KP1 ] PICCOLA, "The Key Phrase Cipher," ON37, The

Cryptogram, American Cryptogram Association,
1937.

[KP2 ] S-TUCK, "The Key Phrase Cipher," ON43, The

Cryptogram, American Cryptogram Association,
1943.

[KP3 ] LEDGE, "The Key Phrase Cipher," JF75, The

Cryptogram, American Cryptogram Association,
1975. [Novice Notes]

[KP4 ] TRIODE, "Thought on the The Key Phrase Cipher,"

JF69, The Cryptogram, American Cryptogram
Association, 1969.
[KP5 ] DE SAURAIS, "Stamp out Cockneyed Key Phrase
Cipher," JA69, The Cryptogram, American
Cryptogram Association, 1969.

[KNUT] D. E. Knuth, The Art of Computer Programming,

volume 2: Seminumerical Algorithms. Addison-
Wesley, 1981.

[KOBI] Kobayashi et T. Ochiai, "Meromorphic mappings

into compact complex spaces of general type,"
Invent. Math. 31 (1975), 7-16.

[KOBL] Koblitz, Neal, " A Course in Number Theory and

Cryptography, 2nd Ed, Springer-Verlag, New York,
1994.

[KOCH] Martin Kochanski, A Survey of Data Insecurity

Packages. Cryptologia 11(1), 1--15, 1987.

[KOCM] Martin Kochanski, Another Data Insecurity

Package. Cryptologia 12(3), 165--177, 1988.

[KOHL] Kohls, D., and Lance J. Hoffman, "TurboTrade: A

National Information Infrastructure
Cost/Risk/Benefit Model," Report GWU-IIST-93-17,
Department of Electrical Engineering and Computer
Science, The George Washington University,
Washington, D. C., September 1993.

[KOHL] Kohl, J., and Neuman, C., "The Kerberos

Authentication Service (V5)", RFC1510, September
1993.

[KONH] Konheim, Alan G., "Cryptography -A Primer" , John

Wiley, 1981, pp 212 ff.

[KORD] Kordemsky, B., "The Moscow Puzzles," Schribners,

1972.

[KOTT] Kottack, Phillip Conrad, "Anthropology: The

Exploration Of Human Diversity," 6th ed., McGraw-
Hill, Inc., New York, N.Y. 1994.

[KOZA] Kozaczuk, Dr. Wladyslaw, "Enigma: How the German

Machine Cipher was Broken and How it Was Read by
the Allies in WWI", University Pub, 1984.

[KOZC] W. Kozaczuk, Enigma. University Publications of

America, 1984 ov, Elementary Cryptanalysis.
Math. Assoc. Am. 1966.

[KO78] L. M. Kohnfelder, "A method for certification,"

MIT Laboratory for Computer Science, Cambridge,
MA, May 1978.

[KO81] A. G. Konheim, Cryptography: a Primer. New York:

John Wiley & Sons, 1981.
[KO85] J. Kowalik, Ed., Parallel MIMD Computation: the
HEP supercomputer and its Applications.
Cambridge, MA: MIT Press, 1985.

[Krav] Kravitz, D., Digital Signature Algorithm, U.S.

Patent Number 5231668, applied for July 26, 1991,
received July 27, 1993.

[KR86] E. Kranakis, Primality and Cryptography.

Chichester/New York: John Wiley & Sons, 1986.

[KRAI] Kraitchek, "Mathematical Recreations," Norton,

1942, and Dover, 1963.

[KROL] Krol, E. (1992). "The Whole Internet User's

Guide & Catalog". O'Reilly & Associates
(Sebastopol, CA). ISBN 1-56592-025-2. xxiv +
376. Index.

[KOZA] Kozaczuk, Wladyslaw, "ENIGMA," How the German

Machine Cipher was Broken, and How It was Read by
the Allies in World War Two," Ksiazka i Wiedza,
Warsaw, 1984.

[KU82] H. T. Kung, "Why systolic architectures,"

Computer, Vol. 15, No. 1, January 1982, pp. 37-
46.

[KU78] H. T. Kung and C. Leiserson, "Systolic arrays

(for VLSI)," in I. S. Duff and G. W. Stewart,
Eds., Sparse Matrix Proceedings, pp. 245-282.
Philadelphia: SIAM, 1978.

[KU82b] S. Y. Kung, K. S. Arun, R. J. Gal-Ezer, and D.

V. B. Rao, "Wavefront array processor:
language, architecture, and applications," IEEE
Transactions on Computers, Vol. C-31, No. 11,
November 1982, pp. 1054-1066.

[KULL] Kullback, Solomon, Statistical Methods in

Cryptanalysis, Aegean Park Press, Laguna Hills,
Ca. 1976.

[KUL1] Soloman Kullback, Information Theory and

Statistics. Dover, 1968.

[Ladn] LADNER System, 1984, , Operation and Maintenance

Manual, Part No. ON332500, Prepared for Maryland
Procurement Office, Ft. George G. Meade, MD,
December 1, 1984.

[Land] Landau, S., 1988, ``Zero Knowledge and the

Department of Defense,'' , Notices of the
American Mathematical Society (Special Article
Series), Vol. 35, No. 1 (1988), pp.5-12.
[LaOd] LaMacchia, B. and Odlyzko, A., 1991, Computation
of Discrete Logarithms in Prime Fields, in ,
Design, Codes, and Cryptography, Vol. 1, 1991,
pp. 47-62.

[LA84] J. C. Lagarias, "Performance analysis of Shamir's

attack on the basic Merkle-Hellman knapsack
system," in J. Paredaens, Ed., Lecture Notes in
Computer Science Vol. 172: Automata, Languages
and Programming: 11th Colloquium, Antwerp,
Belgium, July 16-20, 1984, pp. 312-323.
Berlin/New York: Springer-Verlag, 1984.

[LA83] J. C. Lagarias and A. M. Odlyzko, "Solving low-

density subset sum problems," in 24th Annual
Symposium on Foundations of Computer Science,
Tucson, AZ, November 7-9, 1983, pp. 1-10. Silver
Spring, MD: IEEE Computer Society Press, 1983.
Revised version in Journal of the Association for
Computing Machinery, Vol. 32, No. 1, January
1985, pp. 229-246.

[LA83] S. Lakshmivarahan, "Algorithms for public key

cryptosystems: theory and application," Advances
in Computers, Vol. 22, 1983, pp. 45-108.

[LA71] B. A. Laws, Jr. and C. K. Rushforth, "A cellular-

array multiplier for GF(2m)," IEEE Transactions
on Computers, Vol. 20, No. 12, December 1971,
pp. 1573-1578.

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing

Through The Ages," Abelard-Schuman, London, 1973.

[LAI] Lai, Xuejia, "On the Design and Security of Block

Ciphers," ETH Series in Information Processing 1,
1992. (Article defines the IDEA Cipher)

[LAI] Lai, X. "On the Design and Security of Block

Ciphers," ETH Series in Information Processing,
v. 1, Konstanz: Hartung-Gorre Verlag, 1992.
(Article defines the IDEA Cipher)

[LAIM] Lai, Xuejia, and James L. Massey, "A Proposal for

a New Block Encryption Standard," Advances in
Cryptology -Eurocrypt 90 Proceedings, 1992, pp.
55-70.

[LAKE] Lakoff, R., "Language and the Women's Place,"

Harper & Row, New York, 1975.

[LAKS] S. Lakshmivarahan, Algorithms for public key

cryptosystems. In Advances in Computers, M.
Yovtis ed., 22, Academic Press, 45--108, 1983.

[LAN0] Lang., S., - "Hyperbolic and Diophantine

 analysis, a paraitre," Bull. AMS, 1986.

[LANG] Langie, Andre, "Cryptography," translated from

French by J.C.H. Macbeth, Constable and Co.,
London, 1922.

[LAN1] Langie, Andre, "Cryptography - A Study on Secret

Writings", Aegean Park Press, Laguna Hills, CA.
1989.

[LAN2] Langie, Andre, and E. A. Soudart, "Treatise on

Cryptography, " Aegean Park Press, Laguna Hills,
CA. 1991.

[LATI] BRASSPOUNDER, "Latin Language Data, "The

Cryptogram," July-August 1993.

[LAUE] Lauer, Rudolph F., "Computer Simulation of

Classical Substitution Cryptographic Systems"
Aegean Park Press, 1981, p72 ff.

[Lewi] Lewis, P., 1994, ``IRS Tries On-Line Filing,''New

York Times, February 19, 1994, Sec. D.

[LE82] D. J. Lehman, "On primality tests," SIAM Journal

on Computing, Vol. 11, No. 2, May 1982, pp. 374-
375.

[LE76] D. H. Lehmer, "Strong Carmichael numbers,"

Journal of the Australian Mathematical Society,
Vol. 21 (Series A), 1976, pp. 508- 510.

[LE79] A. Lempel, "Cryptology in transition," ACM

Computing Surveys, Vol. 11, No. 4, December 1979,
pp. 285-303.

[LE82] A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovasz,

"Factoring polynomials with rational
coefficients," Mathematische Annalen, Vol. 261,
1982, pp. 515-534.

[LE90] A. K. Lenstra, H. W. Lenstra, Jr., M. S. Manasse,

and J. M. Pollard, "The number field sieve."

[LE89] A. K. Lenstra and M. S. Manasse, "Factoring by

electronic mail," to appear in proceedings of
EUROCRYPT '89.

[LE83] H. W. Lenstra, Jr., "Integer programming with a

fixed number of variables," Mathematics of
Operations Research, Vol. 8, No. 4, November
1983, pp. 538-548.

[LE86] H. W. Lenstra, Jr., "Primality testing," in J. W.

de Bakker et al., Eds., Mathematics and Computer
Science, CWI Monographs, I, pp. 269-287.
Amsterdam/New York: North-Holland, 1986.
[LE87] H. W. Lenstra, Jr., "Factoring integers with
elliptic curves," Annals of Mathematics, Vol.
126, 1987, pp. 649-673.

[LE81] H. R. Lewis and C. H. Papadimitriou, Elements of

the Theory of Computation. Englewood Cliffs, NJ:
Prentice-Hall, 1981.

[LEAR] Leary, Penn, " The Second Cryptographic

Shakespeare," Omaha, NE [from author] 1994.

[LEA1] Leary, Penn, " Supplement to The Second

Cryptographic Shakespeare," Omaha, NE [from
author] 1994.

[LEAU] Leaute, H., "Sur les Mecanismes Cryptographiques

de M. de Viaris," Le Genie Civil, XIII, Sept 1,
1888.

[LEDG] LEDGE, "NOVICE NOTES," American Cryptogram

Association, 1994. [ One of the best
introductory texts on ciphers written by an
expert in the field. Not only well written,
clear to understand but as authoritative as they
come! ]

[LED1] LEDGE, "Basic Patterns in Base Eleven and Twelve

Arithmetic (Part 1) ," The Cryptogram, American
Cryptogram Association, Vol XLIII, No. 5, 1977.

[LED2] LEDGE, "Basic Patterns in Base Eleven and Twelve

Arithmetic (Part 2) ," The Cryptogram, American
Cryptogram Association, Vol XLIII, No. 6, 1977.

[LEMP] A. Lempel, Cryptology in transition, Computing

Surveys, 11(4), 285--304, 1979.

[LENS] Lenstra, A.K. et. al. "The Number Field Sieve,"

Proceedings of the 22 ACM Symposium on the Theory
of Computing," Baltimore, ACM Press, 1990, pp
564-72.

[LEN1] Lenstra, A.K. et. al. "The Factorization of the

Ninth Fermat Number," Mathematics of Computation
61 1993, pp. 319-50.

[LEVY] Levy, Steven. "Crypto Rebels." WIRED May-June

1993: 54-61.

[LEWF] Lewis, Frank, "Problem Solving with Particular

Reference to the Cryptic (or British) Crossword
and other 'American Puzzles', Part One," by Frank
Lewis, Montserrat, January 1989.

[LEW1] Lewis, Frank, "The Nations Best Puzzles, Book

Six," by Frank Lewis, Montserrat, January 1990.

[LEWI] Lewin, Ronald, 'Ultra goes to War', Hutchinson,

 London 1978.

[LEWN] Lewin, Ronald, 'The American Magic - Codes,

ciphers and The Defeat of Japan', Farrar Straus
Giroux, 1982.

[LEWY] Lewy, Guenter, "America In Vietnam", Oxford

University Press, New York, 1978.

[LEVI] Levine, J., U.S. Cryptographic Patents 1861-

1981, Cryptologia, Terre Haute, In 1983.

[LEV1] Levine, J. 1961. Some Elementary Cryptanalysis

of Algebraic Cryptography. American Mathematical
Monthly. 68:411-418

[LEV2] Levine, J. 1961. Some Applications of High-

Speed Computers to the Case n =2 of Algebraic
Cryptography. Mathematics of Computation.
15:254-260

[LEV3] Levine, J. 1963. Analysis of the Case n =3 in

Algebraic Cryptography With Involuntary Key
Matrix With Known Alphabet. Journal fuer die
Reine und Angewante Mathematik. 213:1-30.

[LINA] Anonomous, "Decrypment of Minoan Linear A," MJ64,

The Cryptogram, American Cryptogram Association,
1964.

[LI89] J. Linn and S. T. Kent, "Privacy for DARPA-

Internet mail," in Proceedings of the 12th
National Computer Security Conference, Baltimore,
MD, October 10-13, 1989, pp. 215-229.

[Link] M/A-COM LINKABIT Corporation, 1983, , LC76 DES

Data Encryption/Decryption Unit: Product
Brochure, August, 1983.

[LINN] Linn J. "Privacy Enhancement for Internet

Electronic Mail: Part I: Message Encryption and
Authentication Procedures", RFC1421, Feb 1993.

[LISI] Lisicki, Tadeusz, 'Dzialania Enigmy', Orzet

Biaty, London July-August, 1975; 'Enigma i
Lacida',
Przeglad lacznosci, London 1974- 4; 'Pogromcy
Enigmy we Francji', Orzet Biaty, London, Sept.
1975.'

[LION] LIONEL,"A Tool for Patristocrat Tip Placement ,"

JA95 3, The Cryptogram, American Cryptogram
Association, 1995.

[LITT] Littman, J. (1996). "The Fugitive Game: Online

with Kevin Mitnick--The Inside Story of the Great
 Cyberchase". Little, Brown and Company (Boston).
ISBN 0-316-5258-7. x + 383.

[LUBY] C. Rackoff, M. Luby, How to construct

psuedorandom permutations from psuedorandom
functions. SIAM Journal of Computing, vol. 17,
#2, 373--386, 1988.

[LUCK] Michael Lucks, A Constraint Satisfaction

Algorithm for the Automated Decryption of Simple
Substitution Ciphers. In CRYPTO '88. 598--605,
1979.

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"

Aegean Park Press, Laguna Hills, CA, 1977.

[LYN1] Lynch, Frederick D., "An Approach To

Cryptarithms," ACA, 1976.

[LYND] Lynch, D. C. & M. T. Rose (1993). "Internet

System Handbook". Addison-Wesley Publishing Co.
(Reading, MA). ISBN 0-201-56741-5. xxxii + 790.
Index.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret

Writing," David Kemp Co., NY 1936.

[MA81] D. MacMillan, "Single chip encrypts data at 14

Mb/s," Electronics, Vol. 54, No. 12, June 16,
1981, pp. 161-165.

[MA88] J. L. Massey, "An introduction to contemporary

cryptology," Proceedings of the IEEE, Vol. 76,
No. 5, May 1988, pp. 533-549.

[MA78] S. M. Matyas and C. H. Meyer, "Generation,

distribution, and installation of cryptographic
keys," IBM Systems Journal, Vol. 17, No. 2,
1978, pp. 126-137.

[MACB] Macbeth, J. C. H., "The Marconi International

Code," 1920. - "Secret Ciphering for the Marconi
International Code," 1920.

[MACF] MacFarlane, A. Lectures on Ten British

Mathematicians of the Nineteen Century, Math.
Mono. No 17, New York: John Wiley, 1916.

[MACI] Macintyre, D., "The Battle of the Atlantic," New

York, Macmillan, 1961.

[MADA] Madachy, J. S., "Mathematics on Vacation,"

Scribners, 1972.

[MAGN] Magne, Emile, Le plaisant Abbe de Boisrobert,

Paris, Mecure de France, 1909.

[MANN] Mann, B.,"Cryptography with Matrices," The

 Pentagon, Vol 21, Fall 1961.

[MANS] Mansfield, Louis C. S., "The Solution of Codes

and Ciphers", Alexander Maclehose & Co., London,
1936.

[MAN1] Mansfield, L.C.S, "One Hundred Problems in

Cipher. London, 1936.

[MARO] Marotta, Michael, E. "The Code Book - All About

Unbreakable Codes and How To Use Them,"
Loompanics Unlimited, 1979. [This is a terrible
book. Badly written, without proper authority,
unprofessional, and prejudicial to boot. And, it
has one of the better illustrations of the Soviet
one-time pad with example, with three errors in
cipher text, that I have corrected for the
author.]

[MARS] Marshall, Alan, "Intelligence and Espionage in

the Reign of Charles II," 1660-1665, Cambridge
University, New York, N.Y., 1994.

[MASS] J. Massey, An introduction to contemporary

cryptology, IEEE proceedings, 76(5), 533--549,
1988.

[MART] Martin, James, "Security, Accuracy and Privacy

in Computer Systems," Prentice Hall, Englewood
Cliffs, N.J., 1973.

[MAST] Lewis, Frank W., "Solving Cipher Problems -

Cryptanalysis, Probabilities and Diagnostics,"
Aegean Park Press, Laguna Hills, CA, 1992.

[MATS] Matsui, M., 1993, ``Linear Cryptanalysis of DES

Cipher,'' in Proceedings Eurocrypt 1993.

[MATT] Matthews, T., Shadows Dancing: Japanese Espionage

Against the West, 1939-1945, St. Martins, Press,
New York, 1993.

[MAU] Mau, Ernest E., "Word Puzzles With Your

Microcomputer," Hayden Books, 1990.

[MAVE] Mavenel, Denis L., Lettres, Instructions

Diplomatiques et Papiers d' Etat du Cardinal
Richelieu, Historie Politique, Paris 1853-1877
Collection.

[MAYA] Coe, M. D., "Breaking The Maya Code," Thames and

Hudson, New York, 1992.

[MYSZ] Myszkowski, E., Cryptographie Indechiffrable,

Paris, 1902.

[MAZU] Mazur, Barry, "Questions On Decidability and

 Undecidability in Number Theory," Journal of
Symbolic Logic, Volume 54, Number 9, June, 1994.

[MC89] K. S. McCurley, "The discrete logarithm problem,"

preprint.

[MC78] R. J. McEliece, "A public-key cryptosystem based

on algebraic coding theory," DSN Progress Report
42-44, Jet Propulsion Laboratory, 1978, pp. 114-
116.

[ME78] R. C. Merkle, "Secure communications over

insecure channels," Communications of the ACM,
Vol. 21, No. 4, April 1978, pp. 294-299.

[ME82] R. C. Merkle, Secrecy, Authentication, and Public

Key Systems. Ann Arbor: UMI Research Press, 1982.

[ME82b] R. C. Merkle, "Protocols for public key

cryptosystems," in G. J. Simmons, Ed., Secure
Communications and Asymmetric Cryptosystems, pp.
73-104. Boulder, CO: Westview Press, 1982.

[ME89] R. C. Merkle, "One way hash functions and DES,"

preprint.

[M78b] R. C. Merkle and M. E. Hellman, "Hiding

information and signatures in trapdoor
knapsacks," IEEE Transactions on Information
Theory, Vol. 24, No. 5, September 1978, pp. 525-
530.

[MELL] Mellen G. 1981. Graphic Solution of a Linear

Transformation Cipher. Cryptologia. 5:1-19.

[MEND] Mendelsohn, Capt. C. J., Studies in German

Diplomatic Codes Employed During World War, GPO,
1937.

[MERK] Merkle, Ralph, "Secrecy, Authentication and

Public Key Systems," Ann Arbor, UMI Research
Press, 1982.

[MER1] Merkle, Ralph, "Secure Communications Over

Insecure Channels," Communications of the ACM 21,
1978, pp. 294-99.

[MER2] Merkle, Ralph and Martin E. Hellman, "On the

Security of Multiple Encryption ," Communications
of the ACM 24, 1981, pp. 465-67.

[MER3] Merkle, Ralph and Martin E. Hellman, "Hiding

Information and Signatures in Trap Door
Knapsacks," IEEE Transactions on Information
Theory 24, 1978, pp. 525-30.

[MER4] R. Merkle, Fast software encryption functions. In

 Proceedings of CRYPTO '90, Menezes and Vanstone
ed., 476--501, 1991.

[MESC] Meschkowski, H., "Ways of Thought of Great

Mathematicians, tr by John Dyer-Bennet. San
Francisco: Holden-Day 1948.

[MEYE] C. Meyer and S. Matyas, Cryptography: A new

dimension in computer security. Wiley, 1982.

[MEYR] C. Meyer, Ciphertext/plaintext and ciphertext/key

dependence vs. number of rounds for the Data
Encryption Standard. AFIPS Conference
proceedings, 47, 1119--1126, 1978.

[MI76] G. L. Miller, "Riemann's hypothesis and tests for

primality," Journal of Computer and System
Sciences, Vol. 13, No. 3, December 1976, pp.
300-317.

[MI88] V. M. Milutinovic, Computer Architecture:

Concepts and Systems. New York: North-Holland,
1988.

[MICR] MICROPOD,"The Solution of a Two Square," JA95,

The Cryptogram, American Cryptogram Association,
1995.

[MICA] Micali, S., Fair Cryptosystems, Report

MIT/LCS/TR-579.b, MIT Laboratory for Computer
Science, Cambridge, Mass, November 1993.

[MILL] Millikin, Donald, " Elementary Cryptography ",

NYU Bookstore, NY, 1943.

[MIL0] Miller, C. (1993). "Information Technology

Security Handbook". PW/GSC, catalog #P35-
73/1993. ISBN 0-662-59922-5.

[MIL1] Miller, C. (1993). "Microcomputer and LAN

Security". PW/GSC, catalog #P35-72/1993. ISBN
0-662-59921-7.

[MILE] Miller, S. E. (1996). "Civilizing Cyberspace:

Policy, Power and the Information Superhighway".
ACM Press by Addison-Wesley (Reading, MA). ISBN
0-201-84760-4. xvii + 413. Index.

[Mint] Mintz, J., 1992, ``Intelligence Community in

Breach with Business,'' Washington Post, April
30, 1992, Sec. A.

[MINT] Mintz J., and J. Schwartz, "Encryption Program

Draws Fresh Attacks," The Washington Post, 18
September 1993, p. C1.

[MO85] P. L. Montgomery, "Modular multiplication without

trial division," Mathematics of Computation, Vol.
44, No. 170, April 1985, pp. 519-521.
[MO88] J. H. Moore, "Protocol failures in
cryptosystems," Proceedings of the IEEE, Vol. 76,
No. 5, May 1988, pp. 594-602.

[MO75] M. A. Morrison and J. Brillhart, "A method of

factoring and the factorization of F7,"
Mathematics of Computation, Vol. 29, No. 129,
January 1975, pp. 183-205.

[MODE] Modelski, Tadeusz, 'The Polish Contribution to

the Ultimate Allied Victory in the Second World
War', Worthing (Sussex) 1986.

[MOOR] Moore, D. T., and M. Waller, "Cloak and Cipher,"

Bobbs-Merrill, New York, 1962.

[MORB] EUREKA, "A Bit More To the Morbit Cipher," MJ64,

The Cryptogram, American Cryptogram Association,
1964.

[MORB] EUREKA, "A Bit More To the Morbit Cipher," MJ64,

The Cryptogram, American Cryptogram Association,
1964.

[MOR1] THE BRUIN, "A Pollux/Morbit Hybrid Cipher," MA88,

The Cryptogram, American Cryptogram Association,
1988.

[MOR2] NIP N. BUD, "Comments on Breaking the Morbit

Cipher," MA64, The Cryptogram, American
Cryptogram Association, 1964.

[MOR3] CROATULUS, "Entering the Morbit with Plaintext

H," SO68, The Cryptogram, American Cryptogram
Association, 1968.

[MOR4] EUREKA, "Morbit Cipher," JF64, The Cryptogram,

American Cryptogram Association, 1964.

[MOR5] CRUX, "Morbit Diagraph Analysis," MA90, The

Cryptogram, American Cryptogram Association,
1990.

[MOR6] LEDGE, "Morbit Cipher," SO75, The Cryptogram,

American Cryptogram Association, 1975.

[MOR7] MARSHEN, "On Morbit Variants," ND64, The

Cryptogram, American Cryptogram Association,
1964.

[MOR8] THE DOC, "Pollux/Morbit Challenge Solved," SO88,

The Cryptogram, American Cryptogram Association,
1988.
[MORS] FIDDLE, "Morse Code in Three Languages,
International, ," DJ53, The Cryptogram, American
Cryptogram Association, 1953.

[MOR1] LAMONT CRANSTON,"Fractionated Morse," JA92, The

Cryptogram, American Cryptogram Association,
1992.

[MRAY] Mrayati, Mohammad, Yahya Meer Alam and Hassan al-

Tayyan., Ilm at-Ta'miyah wa Istikhraj al-Mu,amma
Ind al-Arab. Vol 1. Damascus: The Arab Academy of
Damascus.,
1987.

[MULL] Mulligan, Timothy," The German Navy Examines its

Cryptographic Security, Oct. 1941, Military
affairs, vol 49, no 2, April 1985.

[Myer] Myers, F., 1979, ``A Data Link Encryption

System,'' National Telecommunications Conference,
Washington, D.C. November 27-29, 1979, pp.
43.5.1-43.5.8.

[MYER] Myer, Albert, "Manual of Signals," Washington,

D.C., USGPO, 1879.

[MYSK] PHOENIX, "Myszkowski Deciphering Program," JA87,

The Cryptogram, American Cryptogram Association,
1987.

[MYS1] PHOENIX, "Myszkowski Deciphering Program-

Conclusion," ND87, The Cryptogram, American
Cryptogram Association, 1987.

[MYS2] QUINCE, "Redefence al la Myszkowski," JF92, The

Cryptogram, American Cryptogram Association,
1992.

[MYS3] DELAC, "Myszkowski Transposition," AS46, The

Cryptogram, American Cryptogram Association,
1946.

[MYS4] S-TUCK, "Myszkowski Transposition," AM52, The

Cryptogram, American Cryptogram Association,
1952.

[MYS5] B.NATURAL, "Simplifing the Myszkowski," JF59, The

Cryptogram, American Cryptogram Association,
1959.

[MYS6] AB STRUSE, "Solving the Myszkowski," AM48, The

Cryptogram, American Cryptogram Association,
1948.

[MYS7] CROTALUS, "Railfence and Redefence as Special

Cases of the Myszkowski," JA80, The Cryptogram,
American Cryptogram Association, 1980.

[MYSZ] Myszkowski, Emile V.T., "Cryptographie

 indechiffrable basee sur de nouvelles
combinaisons rationelles." Paris 1902. 69 pg 8
vol.,NN, DLC, Boston Public Library, John Crerar
Library, Great Britian War Office Library,
Belgium War Library, BN.

[NA77] National Bureau of Standards, Federal Information

Processing Standards Publication 46: Data
Encryption Standard, January 15, 1977.

[NA80] National Bureau of Standards, Federal Information

Processing Standards Publication 81: DES Modes of
Operation, December 2, 1980.

[NA81] National Bureau of Standards, Federal Information

Processing Standards Publication 74: Guidelines
for Implementing and Using the NBS Data
Encryption Standard, April 1, 1981.

[NBS] National Bureau of Standards, "Data Encryption

Standard," FIPS PUB 46-1, 1987.

[NBS] National Bureau of Standards, 1977, Data

Encryption Standard, Federal Information
Processing Standard 46,
January 1977, Washington, DC.

[NCSS] National Computer Security Center (1983-).

"Rainbow Series" (so-called). Monographs on many
aspects of information systems security. For an
excellent summary of the series and its topics,
see Appendix E of Russell & Gangemi (below), p.
359 ff.

[NE78] R. M. Needham and M. D. Schroeder, "Using

encryption for authentication in large networks
of computers," Communications of the ACM, Vol.
21, No. 12, December 1978, pp. 993-999.

[Neu ] Neumann, P., 1994 , Computer-Related Risks, ACM

Press (Addison-Wesley), 1994.

[NIXX] National Institute of Standards and Technology,

1991, Publication XX: Announcement and
Specifications for a Digital Signature Standard
(DSS), August 19, 1991, Washington, DC.

[N185] National Institute of Standards and Technology,

1994, Federal Information Processing Standards
Publication 185, Escrowed Encryption Standard},
February 9, 1994, Washington, DC.

[N186] National Institute of Standards and Technology,

1994, Federal Information Processing Standards
Publication 186: Digital Signature Standard
(DSS), May 19, 1994, Washington, DC.

[NI94] National Institute of Standards and Technology,

 1994, Approval of Federal Information Processing
Standards Publication 185, Escrowed Encryption
Standard, Federal Register, Vol. 59, No. 27,
February 9, 1994, Washington, DC.

[NISA] National Institute of Standards and Technology

and National Security Agency, 1989, Memorandum of
Understanding between the Director of the
National Institute of Standards and Technology
and the Director of the National Security Agency
concerning the Implementation of Public Law 100-
235, March 24, 1989, Washington, DC.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog

Signals for the Navy with Brief Description of
the Ardois Hight System," In Proceedings of the
United States Naval Institute, Annapolis: U. S.
Naval Institute, 1891.

[NICO] PHOENIX, "Nicodemus," ND88, The Cryptogram,

American Cryptogram Association, 1988.

[NICa] BERYL, "How to Finish Deciphering a Nicodemus,"

SO92, The Cryptogram, American Cryptogram
Association, 1992.

[NICb] S-TUCK, "Decrypting the Nicodemus," AM52, The

Cryptogram, American Cryptogram Association,
1952.

[NICc] FIDDLE, "Method for Solving the Nicodemus," JF60,

The Cryptogram, American Cryptogram Association,
1960.

[NICd] DELEC, "Nicodemus Cipher," AS49, The Cryptogram,

American Cryptogram Association, 1949.

[NICe] LEDGE, "Nicodemus Cipher," SO72, The Cryptogram,

American Cryptogram Association, 1972.

[NICH] Nichols, Randall K., " Classical Cryptography

Course, Volume I," Aegean Park Press (C-74),
ISBN: 0-89412-263-0, Softbound, 8.38 x 10.75 in,
xii + 301 pp.

Mr. Nichols (aka LANAKI) is the outgoing

President of the American Cryptogram Association
(ACA). In his truly great book, he covers the
following:

Volume I covers such diverse topics as

Aristocrats (the king of puzzles found in the
daily paper), Patristocrat (single language
Aristocrats without word divisions), Xenocrypts
(language ciphers other than English),
Transposition ciphers, Military Ciphers,
Cryptarithms, Polyalphabetics, Cipher Machines
such as the ENIGMA (with simulation disk
available) and special ciphers used in history,
 as well as their modern day equivalents. Ciphers
and cryptanalytic techniques for solution are
presented.

[NIC~] Nichols, Randall K., " Classical Cryptography

Course, Volume II," Aegean Park Press (C-76),
ISBN: 0-89412-264-9, Softbound, 8.38 x 10.75 in,
xii + 400 pp. 1996, $40.00.

Volume II presents Lectures 11 - 20 (of a total

of twenty five) from Mr. Nichols' extremely
successful course in Classical Cryptography
taught in 1995 and 1996 to 358 students via the
Internet and regular mail.

Volume II covers polyalphabetic substitutions

ciphers in the Vigenere family (Viggy, Variant,
Beaufort, Porta, Gronsfeld, Portax, Gromark),
decimation, principles of symmetry, isologs and
superimposition solution techniques. Volume II
describes the difficult aperiodic cipher systems
(Interrupted key, Autoclave, Progressive, Running
Key used in cipher machines) and their analysis
by isomorphs, and repetitions. Cryptarithm
solutions for extended bases are presented. The
theory of coincidences and statistical attacks
(kappa, chi, phi) that are derived from this
important theory are detailed.

Transposition theory and a variety of

transposition ciphers are solved (Columnar,
Amsco, Myszkowski, Cadenus, Grille, Swagman,
Auto-Transposition). Volume II has two chapters
on the difficult cipher systems invented by the
famous French cryptographer Delastelle:
Foursquare, Bifid and Trifid. Volume II ends
with a chapter on passwords, law and data
protection. Volume II is a potpourri of advanced
topics in classical cryptography.

Volume II includes over 1600 Cryptographic

Resources and References covering all phases of
cryptography: cryptanalysis, history, legal,
social, classical, modern, NSA, mathematical
techniques, recreational, intelligence, tactical,
strategic, national defense, INFOSEC: offensive
and defensive, hardware, software, standards,
public key cryptography, web sources, and
applicable Senate and House bills. Readers are
encouraged to expand their knowledge in the many
directions possible to them through this section.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different

Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts

1-3," ACA-L, August 24, 1995.
[NIC3] Nichols, Randall K., "German Reduction Ciphers
Parts 1-4," ACA-L, September 15, 1995.

[NIC4] Nichols, Randall K., "Russian Cryptography Parts

1-3," ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F.

Friedman", NCSA FORUM, August 20, 1995.

[NIC6] Nichols, Randall K., "Wallis and Rossignol,"

NCSA FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to

Cryptography,", in The Cryptogram, ND95, ACA,
1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down

Morse Code System," The Cryptogram, SO95, ACA
Publications, 1995.

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM,

March 10, 1995.

[NICX] Nichols, R. K., Keynote Speech to A.C.A.

Convention, "Breaking Ciphers in Other
Languages.," New Orleans, La., 1993.

[NICK] Nickels, Hamilton, "Codemaster: Secrets of Making

and Breaking Codes," Paladin Press, Boulder, CO.,
1990.

[NIHL] PHOENIX," Computer Column: Nihilist

Substitution," MA88, The Cryptogram, American
Cryptogram Association, 1988.

[NIH1] PHOENIX," Computer Column: Nihilist

Substitution," MJ88, The Cryptogram, American
Cryptogram Association, 1988.

[NIH2] PHOENIX," Computer Column: Nihilist

Substitution," JA88, The Cryptogram, American
Cryptogram Association, 1988.

[NIH3] PHOENIX," Computer Column: Nihilist

Substitution," JA89, The Cryptogram, American
Cryptogram Association, 1989.

[NIH4] FIDDLE and CLEAR SKYS," FIDDLE'S slide for

Nihilist Number Substitution," ON48, The
Cryptogram, American Cryptogram Association,
1948.

[NIH5] RIG R. MORTIS," Mixed Square Nihilist," JA60, The

Cryptogram, American Cryptogram Association,
1960.

[NIH6] PICCOLA," Nihilist Number Cipher," AS37, The

Cryptogram, American Cryptogram Association,
 1937.

[NIH7] PICCOLA," Nihilist Transposition," DJ38, The

Cryptogram, American Cryptogram Association,
1938.

[NIST90] PUBLIC-KEY CRYPTOGRAPHY, James Nechvatal

Security Technology Group National Computer
Systems Laboratory National Institute of
Standards and Technology Gaithersburg, MD 20899

[NORM] Norman, Bruce, 'Secret Warfare', David & Charles,

Newton Abbot (Devon) 1973.

[NORW] Marm, Ingvald and Sommerfelt, Alf, "Norwegian,"

Teach Yourself Books, Hodder and Stoughton,
London, 1967.

[NRC ] National Research Council (1991). "Computers at

Risk: Safe Computing in the Information Age".
National Academy Press (Washington, DC). ISBN 0-
309-04388-3. xv + 302. Available from the NCSA.

[NSA] NSA's Friedman Legacy - A Tribute to William and

Elizabeth Friedman, NSA Center for Cryptological

[NSA1] Masked Dispatches: Cryptograms and Cryptology in

American History, 1775 -1900. Series 1, Pre World
War I Volume I, National Security Agency, Central
Security Service, NSA Center for Cryptological
History, 1993.

[NULL] PICCOLA, "Null Cipher," ON34, The Cryptogram,

American Cryptogram Association, 1934.

[NUL1] ISHCABIBEL, "Null Cipher," JJ45, The Cryptogram,

American Cryptogram Association, 1945.

[NUL2] HELLCRYPT, "Nullifing the Null Cipher," ON49, The

Cryptogram, American Cryptogram Association,
1945.

[NUL3] BUNYIP, "NULLX: The Patristocrat Null Cipher,"

SO91, The Cryptogram, American Cryptogram
Association, 1991.

[NWCS] National Commission for the Review of Federal and

State Laws relating to Wiretapping and Electronic
Surveillance, 1976, Commission Studies,
Washington, 1976, Washington, DC.

[OD84] A. M. Odlyzko, "Cryptanalytic attacks on the

multiplicative knapsack cryptosystem and on
Shamir's fast signature scheme," IEEE
Transactions on Information Theory, Vol. IT-30,
No. 4, July 1984, pp. 594-601.
[OD8b] A. M. Odlyzko, "Discrete logarithms in finite
fields and their cryptographic significance," in
T. Beth, N. Cot, and I. Ingemarsson, Eds.,
Lecture Notes in Computer Science Vol. 209:
Advances in Cryptology: Proceedings of EUROCRYPT
84, a Workshop on
the Theory and Application of Cryptographic
Techniques, Paris, France, April 9-11, 1984, pp.
224-314. Berlin/New York: Springer- Verlag, 1985.

[OHAV] OHAVER, M. E., "Solving Cipher Secrets," Aegean

Park Press, 1989.

[OHA1] OHAVER, M. E., "Cryptogram Solving," Etcetera

Press, 1973.

[OKLA] Andre, Josephine and Richard V. Andree,

"Cryptarithms," Unit One, Problem Solving and
Logical Thinking, University of Oklahoma, Norman,
Ok. Copy No: 486, 1976.

[OKLI] Andre, Josephine and Richard V. Andree, "

Instructors Manual For Cryptarithms," Unit One,
Problem Solving and Logical Thinking, University
of Oklahoma, Norman, Ok. Copy No: 486, 1976.

[Olm] Olmstead v. United States, 277 U.S. 438, 1928.

[OPS] Office of the Press Secretary, The White House,

1993, statement on the Clipper Chip Initiative,
April 16, 1993, Washington, DC.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy

Department, Office of Chief of Naval Operations,
Washington, 1941.

[OPSH] O'PSHAW,"Bifid Statistical Period Determination

Using a Contingency Table Chi-Square," JA95, The
Cryptogram, American Cryptogram Association,
1995.

[OR86] G. A. Orton, M. P. Roy, P. A. Scott, L. E.

Peppard, and S. E. Tavares, "VLSI implementation
of public-key encryption algorithms," in A. M.
Odlyzko, Ed., Lecture Notes in Computer Science
Vol. 263: Advances in Cryptology - CRYPTO '86,
proceedings of a Conference on the Theory and
Applications of Cryptographic Techniques, Santa
Barbara, CA, August 11-15, 1986, pp. 277-301.
Berlin/New York: Springer-Verlag, 1987.

[ORAN] The ``Orange Book'' is DOD 520 0.28-STD,

published December 1985 as part of the ``rainbow
book'' series. Write to Department of Defense,
National Security Agency, ATTN: S332, 9800 Savage
Road, Fort Meade, MD 20755-6000, and ask for the
Trusted Computer System Evaluation Criteria. Or
 call 301-766-8729. The ``Orange Book'' will
eventually be replaced by the U.S. Federal
Criteria for Information Technology Security (FC)
online at the NIST site [FTPNS], which also
contains information on other various proposed
and active federal standards.

[ORE ] Ore, Oystein, Number Theory and Its History, New

York: McGraw-Hill, 1948.

[OCNO] Office of Chief of Naval Operations (1943)

Memorandum Communication Improvement Item.
available from the NARA, Pacific Sierra Regional
Archive, RG 181-58-3224, 12th ND Commandants
Office General Correspondence, A6-2(1) Complaints
-Discrepencies, Security-etc.

[OTA] "Defending Secrets, Sharing Data: New Locks and

Keys for Electronic Information," Office of
Technology Assessment, 1988.

[OTA1] OTA (1993). "Protecting Privacy in Computerized

Medical Information". U.S. Congress Office of
Technology Assessment. U.S. Government Printing
Office #OTA-TCT-576 (Washington, DC). ISBN 0-16-
042074-1. viii + 157. Index.

[OZK ] OZ,"Variation in Letter Frequency with Cipher

Length or Where Did All Those K's Come From? ,"
SO59, The Cryptogram, American Cryptogram
Association, 1959.

[P235] Computer Security Act of 1987, Public Law 100-235

(H.R. 145), 101 Stat. 1724-1730.

[PA87] W. Patterson, Mathematical Cryptology for

Computer Scientists and Mathematicians. Totowa,
NJ: Rowman & Littlefield, 1987.

[Park] Parker, D., 1983, Fighting Computer Crime,

Charles Scribner's, New York, 1983.

[PATR] PICCOLA, "Patristocrat: A method for Finding

Repeated Sequences," JF92, The Cryptogram,
American Cryptogram Association, 1992.

[PAT1] PICCOLA, "Patristocrat: Vowel Spotting and

Digraphs ," ND91, The Cryptogram, American
Cryptogram Association, 1991.

[PAT2] PICCOLA, "Patristocrat: Finding Repeated

Sequences," AM34, The Cryptogram, American
Cryptogram Association, 1934.

[PAT3] PICCOLA, "Patristocrat: Vowel Spotting and

Digraphs ," FM34, The Cryptogram, American
Cryptogram Association, 1934.
[PAT4] FLEETFOOT, "Patristocrat: Column Insight," SO90,
The Cryptogram, American Cryptogram Association,
1990.

[PAT5] AECUS, "Patristocrat Tip Placement," SO90, The

Cryptogram, American Cryptogram Association,
1990.

[PAT6] LAMONT CRANSTON, "Patristocrat: Rookie Guide To

Solving," JA91, The Cryptogram, American
Cryptogram Association, 1991.

[PAT7] MICROPOD, "Solution of a K2 Patristocrat," MJ91,

The Cryptogram, American Cryptogram Association,
1991.

[PAT8] FAUSTUS, "Patristocrat: Solution of Straight

Substitution Crypts ," ON32, SO91, The
Cryptogram, American Cryptogram Association,
1932,1991.

[PATT] Wayne Patterson, Mathematical Cryptology for

Computer Scientists and Mathematicians. Rowman &
Littlefield, 1987.

[PCSG] Public Cryptography Study Group, 1981, Report of

the Public Cryptography Study Group, American
Council on Education, February 1981.

[PE86] R. C. Peralta, "A simple and fast probabilistic

algorithm for computing square roots modulo a
prime number," IEEE Transactions on Information
Theory, Vol. 32, No. 6, November 1986, pp. 846-
847.

[PEAR] "Pearl Harbor Revisited," U.S. Navy

Communications Intelligence, 1924-1941, U.S.
Cryptological History Series, Series IV, World
War II, Volume 6, NSA CSS , CH-E32-94-01, 1994.

[PECK] Peck, Lyman C., "Secret Codes, Remainder

Arithmetic, and Matrices," National Counsil of
Teachers of Mathematics, Washington, D.C. 1971.

[PELE] S. Peleg and A. Rosenfeld, Breaking Substitution

Ciphers Using a Relaxation Algorithm. CACM
22(11).

[PERI] Y.KNOTT, "Aid For Solving Periodic Ciphers, JJ42,

The Cryptogram, American Cryptogram Association,
1942.

[PER1] S-TUCK, "Finding the Period in Periodic Ciphers,

AS44, The Cryptogram, American Cryptogram
Association, 1944

[PER2] SCHMOO, "Refinement for Simple Periodic Ciphers,

MJ80, The Cryptogram, American Cryptogram
 Association, 1980.

[PER3] LEANDER and PICCOLA, "Some Odds and Ends On

Periodic Ciphers, AM40, The Cryptogram, American
Cryptogram Association, 1940.

[PER4] R.E. GILMAN, "To Find the Period in Any Periodic

Ciphers, JJ43, The Cryptogram, American
Cryptogram Association, 1943.

[PERR] Perrault, Charles, Tallement des Reaux, Les

Historiettes, Bibliotheque del La Pleiade, Paris
1960, pp 256-258.

[PETE] Peterson, I., 'Encrypting Controversy,' Science

News, 19 June 1993, 394-396.

[PFLE] Pfleeger, C. P. (1989). "Security in Computing".

Prentice-Hall (Englewood Cliffs, NJ). ISBN 0-13-
798943-1. xxi + 538. Index.

[PGP] Garfinkel, Simson, "PGP: Pretty Good Privacy,"

O'reilly and Associates, Inc. Sebastopol, CA.
1995.

[PHL ] PHIL,"System Identification by General

Frequencies," AM48, The Cryptogram, American
Cryptogram Association, 1948.

[PHIL] K. SEA, "Comments On The Phillips Cipher," AM51,

The Cryptogram, American Cryptogram Association,
1951.

[PHI1] PHOENIX, "Phillips Crib Dragging," JA91, The

Cryptogram, American Cryptogram Association,
1991.

[PHI2] O'PSHAW "Mechanization of the Phillips Cipher,"

ND90, The Cryptogram, American Cryptogram
Association, 1990.

[PHI3] LEDGE, "More on the Phillips Cipher," JA72, The

Cryptogram, American Cryptogram Association,
1972.

[PHI4] CALIMAR, "Phillips Cipher," MA84, The Cryptogram,

American Cryptogram Association, 1984.

[PHI5] GLENDALE, "The Phillips Cipher," ON47, The

Cryptogram, American Cryptogram Association,
1947.

[PHI6] O.G. WIZ, "Phillips System," AS32, The

Cryptogram, American Cryptogram Association,
1932.

[PHI7] B.NATURAL, "Phillips Cipher with Mixed square,"

AM50, The Cryptogram, American Cryptogram
Association, 1950.
[PHI8] LEDGE, "Phillips," MJ72, The Cryptogram, American
Cryptogram Association, 1972.

[PHIP] Phillips, H., "My Best Puzzles in Logic and

Reasoning," Dover, 1961.

[PHOT] PHOTON, "Headline Puzzles by Paul Derthick," for

publication, 1 September, 1996. (With permission
of NSA and Mr. Derthick's estate))

[Pil ] Piller, C., 1993, ``Privacy in Peril,''

MacWorld,July 1993, pp. 8 - 14.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol

Drive, Ventura, Ca. 93003, 1994.

[PIE1] Pierce, Clayton C., "Privacy, Cryptography, and

Secure Communication ", 325 Carol Drive, Ventura,
Ca. 93003, 1977.

[PLAY] ZEMBIE, "Playfair Cipher: Anyone For," JF68, The

Cryptogram, American Cryptogram Association,
1968.

[PLA1] SCHMOO, "Asymetrical Playfair Cipher," MJ88, The

Cryptogram, American Cryptogram Association,
1988.

[PLA2] PHOENIX, "Playfair Square," MJ84, The Cryptogram,

American Cryptogram Association, 1984.

[PLA3] PHOENIX, "Playfair Square Reconstruction," JA84,

The Cryptogram, American Cryptogram Association,
1984.

[PLA4] PHOENIX, "Seriated Playfair ," SO88, The

Cryptogram, American Cryptogram Association,
1988.

[PLA5] S-TUCK, "First Principles of Playfair Cipher,"

JJ49, The Cryptogram, American Cryptogram
Association, 1949.

[PLA6] MI TAI TAI, "FracFair Cipher," JA66, The

Cryptogram, American Cryptogram Association,
1966.

[PLA7] SCRYER, "Key Reconstruction for Asymetric

Playfair Cipher," JA89, The Cryptogram, American
Cryptogram Association, 1989.

[PLA8] THE SQUIRE, "Mixed Sequence Playfairs," DJ41, The

Cryptogram, American Cryptogram Association,
1941.

[PLA9] MARSHEN, "More On George Ashton's Playfair Cipher

," JA68, The Cryptogram, American Cryptogram
Association, 1968.
[PLAa] S-TUCK, "New Layout for the Playfair Cipher,"
JJ42, The Cryptogram, American Cryptogram
Association, 1942.

[PLAb] THE RAT, "Octafair Cipher -Version of Playfair

Cipher ," MA91, The Cryptogram, American
Cryptogram Association, 1991.

[PLAc] PICCOLA, "Playfair Cipher," ON38, The Cryptogram,

American Cryptogram Association, 1938.

[PLAd] LEDGE, "Playfair Cipher," SO74, The Cryptogram,

American Cryptogram Association, 1974.

[PLAe] AB STRUSSE, "Playfair Symposium," SO84, The

Cryptogram, American Cryptogram Association,
1984.

[PLAf] Leonard, C.A., "Seriated Playfair ," JF38, The

Cryptogram, American Cryptogram Association,
1938.

[PO78] S. C. Pohlig and M. E. Hellman, "An improved

algorithm for computing logarithms over GF(p) and
its cryptographic significance," IEEE
Transactions on Information Theory, Vol. IT-24,
No. 1, January 1978, pp. 106-110.

[PO84] C. Pomerance, "The quadratic sieve factoring

algorithm," in T. Beth, N. Cot, and I.
Ingemarsson, Eds., Lecture Notes in Computer
Science Vol. 209: Advances in Cryptology:
proceedings of EUROCRYPT 84, a Workshop on the
Theory and Application of Cryptographic
Techniques, Paris, France, April 9-11, 1984, pp.
169- 182. Berlin/New York: Springer-Verlag, 1985.

[PO86] C. Pomerance, "Fast, rigorous factorization and

discrete logarithm algorithms," in D. S. Johnson,
T. Nishizeki, A. Nozaki, and H. S. Wilf, Eds.,
Discrete Algorithms and Complexity, proceedings
of the Japan-US Joint Seminar, Kyoto, Japan, June
4- 6, 1986, pp. 119-143. Orlando, FL: Academic
Press, 1987.

[PO88] C. Pomerance, J. W. Smith, and R. Tuler, "A

pipeline architecture for factoring large
integers with the quadratic sieve algorithm,"
SIAM Journal on Computing, Vol. 17, No. 2, April
1988, pp. 387-403.

[PO78] G. J. Popek and C. S. Kline, "Encryption

protocols, public key algorithms and digital
signatures in computer networks," in R. A.
DeMillo, D. P. Dobkin, A. K. Jones, and R. J.
 Lipton, Eds., Foundations of Secure Computation,
pp. 133-153. New York: Academic Press, 1978.

[PO79] G. L. Popek and C. S. Kline, "Encryption and

secure computer networks," ACM Computing Surveys,
Vol. 11, No. 4, December 1979, pp. 331-356.

[PODE] Podesta, J., White House memo to Jerry Berman,

Digital Privacy and Security Working Group, on
Key Escrow Encryption Technology, July 29, 1993.

[POLL] Pollard, H. The Theory of Algebraic Numbers,

Carus Mathematical Mono., No. 9, New York: John
Wiley, 1950.

[POLU] PHOENIX, "Pollux Cipher Separators," SO83, The

Cryptogram, American Cryptogram Association,
1983.

[POLa] MEROMA, "Locating the X's in the Pollux Cipher ,"

MJ75, The Cryptogram, American Cryptogram
Association, 1975.

[POLb] B.NATURAL, "Pollux Cipher," SO74, The Cryptogram,

American Cryptogram Association, 1974.

[POLc] DUN SCOTUS, "Pollux Cipher," JF68, The

Cryptogram, American Cryptogram Association,
1968.

[POLd] FLORDELIS "How to Solve the Pollux Cipher," JA83,

The Cryptogram, American Cryptogram Association,
1983.

[POLI] CRYPTOGRAPHY: POLICY AND TECHNOLOGY TRENDS,

Hoffman, Lance, Faraz A. Ali, Steven L.
Heckler,Ann Huybrechts, December 1, 1993 ,Revised
January 30, 1994, under contract DE-AC05-
84OR21400

[POLL] L. Harris and Associates, Harris-Equifax Consumer

Privacy Survey 1992, New York: Louis Harris and
Associates, 1992.

[POLY] Polya, G., "Mathematics and Plausible Reasoning,"

Princeton Press, 1954.

[POL1] Polya, G., "How To Solve It.," Princeton Press,

1948.

[POPE] Pope, Maurice, "The Story of Decipherment: From

Egyptian Hieroglyphic to Linear B., Thames and
Hudson Ltd., 1975.

[PORG] Barker, Wayne G. "Cryptograms in Portuguese,"

Aegean Park Press, Laguna Hills, CA., 1986.
[PORT] AB STRUSE, "Breaking the Porta Auto-Key Cipher,"
ON49, The Cryptogram, American Cryptogram
Association, 1949.

[POR1] SOLDJER C, "Easier Porta ," MA89, The Cryptogram,

American Cryptogram Association, 1989.

[POR2] CODEX, "Keyed Alphabet Porta," MJ85, The

Cryptogram, American Cryptogram Association,
1985.

[POR3] O'PSHAW, "Porta Cipher- Special Case of the

Beaufort," MA91, The Cryptogram, American
Cryptogram Association, 1991.

[POR4] X.GOTKY, "Porta Auto-Key Cipher," AM44, The

Cryptogram, American Cryptogram Association,
1944.

[POR5] LEDGE, "Porta Cipher," MA72, The Cryptogram,

American Cryptogram Association, 1972.

[POR6] X.GOTKY, "Short Cut For Lining up Porta

Alphabets," AS46, The Cryptogram, American
Cryptogram Association, 1946.

[POR7] X.GOTKY, "ShortCuts For Lining up Porta

Alphabets," FM43, The Cryptogram, American
Cryptogram Association, 1943.

[POR8] PICCOLA, "Some Odds and Ends On the Porta

Cipher," JJ40, The Cryptogram, American
Cryptogram Association, 1940.

[PORa] Aliandro, Hygino, "The Portuguese-English

Dictionary," Pocket Books, New York, N.Y., 1960.

[PORX] RED E. RASER, "Portax Cipher," JJ53, The

Cryptogram, American Cryptogram Association,
1953.

[POX1] LEDGE, "Portax Cipher," JF73, The Cryptogram,

American Cryptogram Association, 1973.

[POX2] S-TUCK, "Portax Cipher Period Finding," FM50, The

Cryptogram, American Cryptogram Association,
1950.

[POST] Postman, N. (1992). "Technopoly: The Surrender

of Culture to Technology." Vintage Books
Division of Random House (New York). ISBN 0-679-
74540-8. xii + 222. Index.

[POUN] Poundstone, William, "Biggest Secrets," Quill

Publishing, New York, 1993. ( Explodes the Beale
 Cipher Hoax.)

[PRIC] Price, A.,"Instruments of Darkness: the History

of Electronic Warfare, London, Macdonalds and
Janes, 1977.

[PRI1] W. Price, D. Davies, Security for computer

networks. Wiley, 1984.

[PRIV] Privacy Commissioner of Canada (1994). Annual

Report. Canada Communication Group (Ottawa).
ISBN 0-662-61245-0. iv + 69.

[PROT] "Protecting Your Privacy - A Comprehensive Report

On Eavesdropping Techniques and Devices and Their
Corresponding Countermeasures,"
Telecommunications Publishing Inc., 1979.

[PT10] Annonomous, "PT109 Cipher Message (President

Kennedy)," SO62, The Cryptogram, American
Cryptogram Association, 1962.

[QU87] M. J. Quinn, Designing Efficient Algorithms for

Parallel Computers. New York: McGraw-Hill, 1987.

[QU82] J.-J. Quisquater and C. Couvreur, "Fast

decipherment algorithm for RSA public-key
cryptosystem," Electronics Letters, Vol. 18, No.
21, October 14, 1982, pp. 905-907.

[QUAG] QUINCE, "Quagmire Cipher:A Personal Attack,"

JA92, The Cryptogram, American Cryptogram
Association, 1992.

[QUA1] MACHIAVELLI, "Alphabet Recovery in K4 Quagmire

Ciphers," SO59, The Cryptogram, American
Cryptogram Association, 1959.

[QUA2] DUBIOUS, "Cipher text Alphabets of Quagmire

Ciphers ," JASO59, The Cryptogram, American
Cryptogram Association, 1959.

[QUA3] CALIMER, "Double Quagmire Cipher," JF81, The

Cryptogram, American Cryptogram Association,
1981.

[QUA4] B.NATURAL, "Filling in the Quagmire Block with

the Least Amount of Values and Yet Finding the
Keywords(s)," SO58, The Cryptogram, American
Cryptogram Association, 1958.

[QUA5] O'PSHAW, "Double Quagmire Recovery of Non

Consecutive Key Alphabet," MJ88, The Cryptogram,
American Cryptogram Association, 1988.

[QUA6] BARGE, "Five by Five Quagmires," JF70, The

Cryptogram, American Cryptogram Association,
 1970.

[QUA7] RED E. RASER, "Impressions on Quagmire III

Cipher," ON47, The Cryptogram, American
Cryptogram Association, 1947.

[QUA8] MACHIAVELLI, "Keyword IV: Its Use and Recovery in

Quagmires," MA69, The Cryptogram, American
Cryptogram Association, 1969.

[QUA9] DUBIOUS, "Mechanical Substitution for Quagmire

Ratios, " JA58, The Cryptogram, American
Cryptogram Association, 1958.

[QUAa] TONTO, "More about Theory of Substitutions in

Quagmire Ciphers," FM49, The Cryptogram, American
Cryptogram Association, 1949.

[QUAb] PHOENIX, "Quagmire Alphabet Merging and Ratios ,"

ND87, The Cryptogram, American Cryptogram
Association, 1987.

[QUAc] LEDGE, "Quagmire I and II Ciphers," SO73, The

Cryptogram, American Cryptogram Association,
1973.

[QUAd] LEDGE, "Quagmire III Ciphers," ND73, The

Cryptogram, American Cryptogram Association,
1973.

[QUAe] LEDGE, "Quagmire IV Ciphers," JF74, The

Cryptogram, American Cryptogram Association,
1974.

[QUAf] SCRYER, "Quagmire with Paper Strips," JF88, The

Cryptogram, American Cryptogram Association,
1988.

[QUAg] THE DOC, "Solution of Quagmire I without Tip,"

JA92, The Cryptogram, American Cryptogram
Association, 1992.

[QUAh] BOB O' LYNQUE, "Start on Quagmire Type III,"

FM54, The Cryptogram, American Cryptogram
Association, 1954.

[QUAi] TONTO, "Theory of Substitutions in Quagmire

Ciphers," FM48, The Cryptogram, American
Cryptogram Association, 1948.

[QUAj] S-TUCK, "Symmetry of Letter Positions in Key

Frame and recovery of the Keyword in Quagmire
Type III Ciphers," ON43 The Cryptogram, American
Cryptogram Association, 1943.

[QUAk] S-TUCK, "Symmetry of Letter Positions Quagmire

Frames ," ON50 The Cryptogram, American
Cryptogram Association, 1950.
[RA76] M. O. Rabin, "Probabilistic algorithms," in J. F.
Traub, Ed., Algorithms and Complexity: New
Directions and Recent Results, proceedings of a
Symposium, Pittsburgh, PA, April 7-9, 1976, pp.
21-39. New York: Academic Press, 1976.

[RA78] M. O. Rabin, "Digitalized signatures," in R. A.

DeMillo, D. P. Dobkin, A. K. Jones, and R. J.
Lipton, Eds., Foundations of Secure Computation,
pp. 155-168. New York: Academic Press, 1978.

[RA79] M. O. Rabin, "Digitalized signatures and public-

key functions as intractable as factorization,"
MIT Laboratory for Computer Science, Technical
Report LCS/TR-212, January 1979.

[RA80] M. O. Rabin, "Probabilistic algorithms for

testing primality," Journal of Number Theory,
Vol. 12, 1980, pp. 128-138.

[RA64] H. Rademacher, Lectures on Elementary Number

Theory. New York: Blaisdell, 1964.

[RAG1] PHOENIX, "Ragbaby Decipherment," ND84, SO85,

JF86, The Cryptogram, American Cryptogram
Association, 1984, 1985, 1986.1950.

[RAG2] DR. CRYPTOGRAM, "Ragbaby Cipher,", JA55, The

Cryptogram, American Cryptogram Association,
1955.

[RAG3] LEDGE, "Ragbaby ," ND72, The Cryptogram, American

Cryptogram Association, 1972.

[RAG4] TEX TREMUS, "Ragbaby Redundancy," MJ92, The

Cryptogram, American Cryptogram Association,
1992.

[RAG5] FRINKUS, "Ragbaby Shaking Out," ND61, The

Cryptogram, American Cryptogram Association,
1961.

[RAG6] B. NATURAL, "Ragbaby-Without a Known Starting

Point, " ND60, The Cryptogram, American
Cryptogram Association, 1960.

[RAG7] B.NATURAL, "Rag-baby Cipher," MJ59, The

Cryptogram, American Cryptogram Association,
1959.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6

Letters," G & C. Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8

Letters," G & C. Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10

Letters," G & C. Merriam Co., Norman, OK. 1981.
[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA
Books, Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G

& C. Merriam Co., Norman, OK. 1982.

[RAIL] MACHIAVELLI, "Railfence: Method of Solving,"

MA61, The Cryptogram, American Cryptogram
Association, 1961.

[RAI1] SNAIL PACE, "More Simplification in Solving the

Railfence," JA84, The Cryptogram, American
Cryptogram Association, 1984.

[RAI2] FIDDLE, "Railfence: Calculus of," AM50, The

Cryptogram, American Cryptogram Association,
1950.

[RAI3] LEDGE, "Railfence," ND74, The Cryptogram,

American Cryptogram Association, 1974.

[RAI4] RIG R MORTIS, "Railfence, Sidelights of," JA59,

The Cryptogram, American Cryptogram Association,
1959.

[RAI5] TEEPEE, "Railfence, Solving a Normal," MA66, The

Cryptogram, American Cryptogram Association,
1966.

[RAI6] SNAIL PACE, "Simplification in Solving the

Railfence," MA84, The Cryptogram, American
Cryptogram Association, 1984.

[RAND] Randolph, Boris, "Cryptofun," Aegean Park Press,

1981.

[REDE] FRINKUS, "Redefence Cipher," JA65, The

Cryptogram, American Cryptogram Association,
1965.

[RED1] MACHIAVELLI, "Redefence Solving," MJ70, The

Cryptogram, American Cryptogram Association,
1970.

[RED2] SI SI, "Simplified Railfence and Redefence

Construction and Solving," JF83, The Cryptogram,
American Cryptogram Association, 1983.

[RB1] Friedman, William F., The Riverbank Publications,

Volume 1," Aegean Park Press, 1979.

[RB2] Friedman, William F., The Riverbank Publications,

Volume 2," Aegean Park Press, 1979.

[RB3] Friedman, William F., The Riverbank Publications,

Volume 3," Aegean Park Press, 1979.

[RCMP] RCMP (1992). "Small Systems Security

Guidelines". PW/GSC catalog #BT32-36/7-1992.
 ISBN 0-662-59297-2. ISSN 1188-6315.

[RCM1] RCMP (1992). "Technical Security Standards for

Information Technology (TSSIT)". PW/GSC catalog
#BT32-36/6-1992. ISBN 0-662-59120-8.

[REED] J. Reeds, `Cracking' a Random Number Generator.

Cryptologia 1(1), 20--26, 1977.

[REE1] J. A. Reeds and P. J. Weinberger, File Security

and the UNIX Crypt Command. AT&T Bell
Laboratories Technical Journal, Vol. 63 #8, part
2, 1673--1684, October, 1984.

[REJE] Rejewski, Marian, "Mathematical Solution of the

Enigma Cipher" published in vol 6, #1, Jan 1982
Cryptologia pp 1-37.

[RELY] Relyea, Harold C., "Evolution and Organization of

Intelligence Activities in the United States,"
Aegean Park Press, 1976.

[RENA] Renauld, P. "La Machine a' chiffrer 'Enigma'",

Bulletin Trimestriel de l'association des Amis de
L'Ecole superieure de guerre no 78, 1978.

[RHEE] Rhee, Man Young, "Cryptography and Secure

Communications," McGraw Hill Co, 1994

[RIEB] Riebensehl, D., "Hyperbolische Komplex Raume und

die Vermutung von Mordell," Math Ann. 257,
(1981), 99-110.

[RIVE] Rivest, Ron, "Ciphertext: The RSA Newsletter 1,

1993.

[RI84] R. L. Rivest, "RSA chips (past/present/future),"

in T. Beth, N. Cot, and I. Ingemarsson, Eds.,
Lecture Notes in Computer Science Vol. 209:
Advances in Cryptology: proceedings of EUROCRYPT
84, a Workshop on the Theory and Application of
Cryptographic Techniques, Paris, France, April 9-
11, 1984, pp. 159-165. Berlin/New York:
Springer-Verlag, 1985.

[RI90] R. L. Rivest, "The MD4 message digest algorithm,"

February 1990.

[RIV1] Rivest, R. "The MD5 Message-Digest Algorithm",

RFC1321, April 1992

[RI78] R. L. Rivest, A. Shamir, and L. Adleman, "A

method for obtaining digital signatures and
public-key cryptosystems," Communications of the
ACM, Vol. 21, No. 2, February 1978, pp. 120-
127.
[RI82] R. L. Rivest and A. T. Sherman, "Randomized
encryption techniques," in D. Chaum, R. L.
Rivest, and A. T. Sherman, Eds., Advances in
Cryptology: Proceedings of CRYPTO 82, a Workshop
on the Theory and Application of Cryptographic
Techniques, Santa Barbara, CA, August 23-25,
1982, pp. 145-163. New York: Plenum Press, 1983.

[RIV1] Rivest, Ron, Shamir, A and L. Adleman, "A Method

for Obtaining Digital Signatures and Public Key
Cryptosystems," Communications of the ACM 21,
1978.

[Rive] Rivest, R., 1992, ``Responses to NIST's

Proposal,'' Communications of the ACM, Vol. 35
(7), July 1992, pp. 41-47.

[ROAC] Roach, T., "Hobbyist's Guide To COMINT Collection

and Analysis," 1330 Copper Peak Lane, San Jose,
Ca. 95120-4271, 1994.

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[ROHE] Jurgen Rohwer's Comparative Analysis of Allied

and Axis Radio-Intelligence in the Battle of the
Atlantic, Proceedings of the 13th Military
History Symposium, USAF Academy, 1988, pp 77-109.

[ROHW] Rohwer Jurgen, "Critical Convoy Battles of March

1943," London, Ian Allan, 1977.

[ROH1] Rohwer Jurgen, "Nachwort: Die Schlacht im

Atlantik in der Historischen Forschung, Munchen:
Bernard and Graefe, 1980.

[ROH2] Rohwer Jurgen, et. al. , "Chronology of the War

at Sea, Vol I, 1939-1942, London, Ian Allan,
1972.

[ROH3] Rohwer Jurgen, "U-Boote, Eine Chronik in Bildern,

Oldenburs, Stalling, 1962. Skizzen der 8 Phasen.

[ROOM] Hyde, H. Montgomery, "Room 3603, The Story of

British Intelligence Center in New York During
World War II", New York, Farrar, Straus, 1963.

[ROSE] Budge, E. A. Wallis, "The Rosetta Stone," British

Museum Press, London, 1927.

[ROSL] Rose, L. J. (1994). "NetLaw: Your Rights in the

Online World". Osborne/McGraw-Hill (New York).
ISBN 0-07-882077-4. xx + 372. Index.

[ROSN] Rosenblatt, K. S. (1995). "High-Technology

Crime: Investigating Cases Involving Computers".
KSK Publications (P.O. Box 934, San Jose, CA
95108-0934; tel. 408-296-7072). 603 pp +
diskette.
[Ro89] Rotenberg, M., 1989, Testimony on Military and
Security Control of Computer Security, Before the
Subcommittee on Legislation and National Security
of the House Committee on Government Operations,
101st Congress, 1st Session 80, May 4, 1989,
Washington, DC.

[Ro93] Rotenberg, M., 1993, ``Communications Privacy:

Implications for Network Design,'' Communications
of the ACM, Vol. 36 (8), August 1993, pp. 61- 68.

[RSA] RSA Data Security, Inc., "Mailsafe: Public Key

Encryption Software Users Manual, Version 5.0,
Redwood City, CA, 1994

[RSA1] RSA Data Security, Inc. "Cryptographic Message

Syntax Standard", PKCS-7, Nov 1, 1993.

[RUEP] R. Rueppel, Design and Analysis of Stream

Ciphers. Springer-Verlag, 1986.

[RUNY] Runyan, T. J. and Jan M. Copes "To Die

Gallently", Westview Press 1994, p85-86 ff.

[RUSS] Russell, D. & G. T. Gangemi Sr (1991). "Computer

Security Basics". O'Reilly & Assoc (Sebastopol,
CA). ISBN 0-937175-71-4. xx + 448. Index.

[RYP1] A B C, "Adventures in Cryptarithms (digital

maze)," JA63, The Cryptogram, published by the
American Cryptogram Association, 1963.

[RYP2] CROTALUS "Analysis of the Classic

Cryptarithm,"MA73, The Cryptogram, published by
the American Cryptogram Association, 1973.

[RYP3] CLEAR SKIES "Another Way To Solve

Cryptarithms,"DJ44, The Cryptogram, published by
the American Cryptogram Association, 1944.

[RYP4] CROTALUS "Arithemetic in Other Bases (Duodecimal

table),"JF74, The Cryptogram, published by the
American Cryptogram Association, 1974.

[RYP5] LEDGE, "Basic Patterns in Base Eleven and Twelve

Arithmetic,"SO77, ND77, The Cryptogram, published
by the American Cryptogram Association,
1977,1977.

[RYP6] COMPUTER USER, "Computer Solution of

Cryptarithms," JF72, The Cryptogram, published by
the American Cryptogram Association, 1972.

[RYP7] PIT, "Cryptarithm Crutch," JA80, The Cryptogram,

published by the American Cryptogram Association,
1980.

[RYP8] DENDAI, DICK, "Cryptarithm Ccub root," ND76, The

 Cryptogram, published by the American Cryptogram
Association, 1976.

[RYP9] S-TUCK, "Cryptarithm in Addition," AM44, The

Cryptogram, published by the American Cryptogram
Association, 1944.

[RYPA] APEX DX, "Cryptarithm Line of Attack," ND91, The

Cryptogram, published by the American Cryptogram
Association, 1991.

[RYPB] HUBBUBBER and CROTALUS, "Cryptarithm

Observations," ND73, The Cryptogram, published by
the American Cryptogram Association, 1973.

[RYPC] CROTALUS, "Cryptarithms and Notation," JF73, The

Cryptogram, published by the American Cryptogram
Association, 1973.

[RYPD] JUNKERL, "Cryptarithms: The digital root method,"

AS43, The Cryptogram, published by the American
Cryptogram Association, 1943.

[RYPE] CROTALUS, "Divisibility by Eleven," ND89, The

Cryptogram, published by the American Cryptogram
Association, 1989.

[RYPF] S-TUCK, "Double Key Division," JJ43, The

Cryptogram, published by the American Cryptogram
Association, 1943.

[RYPG] NEOTERIC, "Duo-Decimal Cryptarithms," AM40, The

Cryptogram, published by the American Cryptogram
Association, 1940.

[RYPH] QUINTUPLEX, "Duo-Decimal Cryptarithms," JJ40, The

Cryptogram, published by the American Cryptogram
Association, 1940.

[RYPI] FIDDLE, "Exhausitive for Three," JF59, The

Cryptogram, published by the American Cryptogram
Association, 1959.

[RYPJ] ---, "Finding the Zero In Cryptarithms," DJ42,

The Cryptogram, published by the American
Cryptogram Association, 1942.

[RYPK] FILM-D, "Greater than Less than Diagram for

Cryptarithms," DJ51, The Cryptogram, published by
the American Cryptogram Association, 1951.

[RYPL] MI TI TI, "Introduction To Cryptarithms," SO63,

The Cryptogram, published by the American
Cryptogram Association, 1963.

[RYPM] FORMALHUT, "Leading Digit Analysis in

Cryptarithms," JA91, The Cryptogram, published by
 the American Cryptogram Association, 1991.

[RYPN] CROTALUS, "Make Your Own Arithmetic Tables In

Other Bases," MJ89, The Cryptogram, published by
the American Cryptogram Association, 1989.

[RYPO] BACEDI, "Method for Solving Cryptarithms," JF78,

The Cryptogram, published by the American
Cryptogram Association, 1978.

[RYPP] SHERLAC, "More on Cryptarithms," DJ44, The

Cryptogram, published by the American Cryptogram
Association, 1944.

[RYPQ] FIRE-O, "Multiplicative Structures," MJ70, The

Cryptogram, published by the American Cryptogram
Association, 1970.

[RYPR] CROTALUS, "Solving A Division Cryptarithm," JA73,

The Cryptogram, published by the American
Cryptogram Association, 1973.

[RYPS] CROTALUS, "Solving A Multiplication Cryptarithm,"

MJ73, The Cryptogram, published by the American
Cryptogram Association, 1973.

[RYPT] PHOENIX, "Some thoughts on Solving Cryptarithms,"

SO87, The Cryptogram, published by the American
Cryptogram Association, 1987.

[RYPU] CROTALUS, "Square Root Cryptarithms," SO73, The

Cryptogram, published by the American Cryptogram
Association, 1973.

[RYPV] FIDDLE, "Theory of Duplicated Digital Figures,"

JJ53, The Cryptogram, published by the American
Cryptogram Association, 1953.

[RYPW] FIDDLE, "Theory of Three Unlike Digital Figures,"

AS52, The Cryptogram, published by the American
Cryptogram Association, 1952.

[RYPX] CROTALUS, "Unidecimal Tables," MJ73, The

Cryptogram, published by the American Cryptogram
Association, 1973.

[RYSK] Norbert Ryska and Siegfried Herda,

"Kryptographische Verfahren in der
Datenverarbeitung," Gesellschaft fur Informatik,
Berlin, Springer-Verlag1980.

[SADL] Sadler, A. L., "The Code of the Samurai," Rutland

and Tokyo: Charles E. Tuttle Co., 1969.

[SACC] Sacco, Generale Luigi, " Manuale di

Crittografia", 3rd ed., Rome, 1947.

[SALE] Salewski, Michael, "Die Deutscher

 Seekriegsleitung, 1938- 1945, Frankfurt/Main:
Bernard and Graefe, 1970-1974. 3 volumes.

[SALO] A. Saloma, Public-key cryptography. Springer-

Verlag, 1990.

[SANB] Sanbohonbu, ed., "Sanbohonbu kotokan shokuinhyo."

NIDS Archives.

[SAPR] Sapir, E., "Conceptual Categories in Primitive

Language," Science: 74: 578-584., 1931.

[SAFF] Safford, L.F. (1943) History of Invention And

Development of the Mark II ECM (Electric Cipher
Machine) available from NARA. SRH-360 in RG 0457:
NSA/CSS Finding Aid A1, 9020 US Navy Records
Relating to Cryptology 1918- 1950 Stack 190 Begin
Loc 36/12/04 Location 1-19. In Feb 1996 the
version at NARA was redacted, but the full
document is now declassified.

[SAS-] Descriptions of the the Authentication Systems

may be found in: Survey Of Authentication Systems
1942-45 (1945), NARA; NSA Historical Collections
190/37/7/1, NR 3526 CBRK24 12960A 19420728.

[SFUS] Submarine Force U.S. Pacific Fleet (1944)

Cryptographic Aids Check-Off List: available from
NARA, Pacific Sierra Regional Archive, 181-58-
3201, S1313, S372, A6-3/N36 Cryptographic Aids.

[SASS] Sassoons, George, "Radio Hackers Code Book",

Duckworth, London, 1986.

[SAWI] Sawicki, E. (1992). "LAN Desktop Guide to

Security, Netware Edition". SAMS (Div. of
Prentice-Hall, Carmel, IN). ISBN 0-672-30085-0.
xxix + 351. Index.

[SCHN] Schneier, Bruce, "Applied Cryptography:

Protocols, Algorithms, and Source Code C," John
Wiley and Sons, 1994.
[SCH2] Schneier, Bruce, "Applied Cryptography:
Protocols, Algorithms, and Source Code C," 2nd
ed., John Wiley and Sons, 1995.

[SCHU] Schuh, fred, "Master Book of Mathematical

Recreation," Dover, 1968.

[SCHB] Schwab, Charles, "The Equalizer," Charles Schwab,

San Francisco, 1994.

[Sc89] Schnorr, C., Procedures for the Identification of

Participants as well as the Generation and
Verification of Electronic Signatures in a
Digital Exchange System, German Patent Number
9010348.1, patent applied for February 24, 1989,
patent received August 29, 1990.
[Sc90] Schnorr, C., 1989, ``Efficient Identification and
Signatures for Smart Cards,'' Advances in
Cryptology --Crypto '89, Springer-Verlag, New
York, 1990, pp. 239-251.

[Sc9b] Schnorr, C., Method for Identifying Subscribers

and for Generating and Verifying Electronic
Signatures in a Data Exchange System, U.S. Patent
Number 4995082, patent applied for February 23,
1990, patent received February 19, 1991.

[SCHW] Schwartau, W. (1991). "Terminal Compromise"

(novel). Inter.Pact Press (Seminole, FL). ISBN
0-962-87000-5. 562 pp.

[SCH1] Schwartau, W. (1994). "Information Warfare:

Chaos on the Electronic Superhighway". Thunder's
Mouth Press (New York). ISBN 1-56025-080-1. 432
pp. Index.

[SCH2] Schwartau, W. (1997). "Information Warfare"

2nd Edition. Thunder's Mouth Press (New York).
600 pp. Index.

[SC82] B. P. Schanning, "Applying public key

distribution to local area networks," Computers &
Security, Vol. 1, No. 3, November 1982, pp. 268-
274.

[SC80] B. P. Schanning, S. A. Powers, and J. Kowalchuk,

"MEMO: privacy and authentication for the
automated office," in proceedings of the 5th
Conference on Local Computer Networks,
Minneapolis, MN, October 6-7, 1980, pp. 21-30.
Silver Spring, MD: IEEE Computer Society Press,
1980.

[SC84] C. P. Schnorr and H. W. Lenstra, Jr., "A Monte

Carlo factoring algorithm with linear storage,"
Mathematics of Computation, Vol. 43, No. 167,
July 1984, pp. 289-311.

[SE87] H. Sedlak, "The RSA Cryptography Processor," in

D. Chaum and W. L. Price, Eds., Lecture Notes in
Computer Science Vol. 304: Advances in
Cryptology - EUROCRYPT '87, a Workshop on the
Theory and Applications of Cryptographic
Techniques, Amsterdam, The Netherlands, April 13-
15, 1987, pp. 95-105. Berlin/New York: Springer-
Verlag, 1988.

[SE85] C. L. Seitz, "The Cosmic Cube," Communications of

the ACM, Vol. 28, No. 1, January 1985, pp. 22-33.

[SEBE] Seberry, Jennifer and Joseph Pieprzyk,

"Cryptography: An Introduction to Computer
Security," Prentice Hall, 1989. [CAREFUL! Lots
of Errors - Basic research efforts may be flawed
 - see Appendix A pg 307 for example.]

[SHIM] Shimomura, T. & J. Markoff (1996). "Takedown:

The Pursuit and Capture of Kevin Mitnick,
America's Most Wanted Computer Outlaw--by the Man
Who Did It". Hyperion (New York). ISBN 0-7868-
6210-6. xii + 324. Index.

[SHAF] Shafi Goldwasser, Silvio Micali, Probabilistic

Encryption and How To Play Mental Poker Keeping
Secret All Partial Information. Proceedings of
the Fourteenth Annual ACM Symposium on Theory of
Computing, 1982.

[SHAN] Shannon, C. E., "The Communication Theory of

Secrecy Systems," Bell System Technical Journal,
Vol 28 (October 1949).

[SHAN] C. Shannon, Communication Theory of Secrecy

Systems. Bell System Technical Journal 28(4),
656--715, 1949.

[SHEM] B. Kaliski, R. Rivest, A. Sherman, Is the Data

Encryption Standard a Group. Journal of
Cryptology, vol. 1, #1, 1--36, 1988.

[SHIM] A. Shimizu, S. Miyaguchi, Fast data encipherment

algorithm FEAL. EUROCRYPT '87, 267--278, 1988.

[SHIN] Shinsaku Tamura, "Myohin kosaku," San'ei

Shuppansha, Toyko, 1953.

[SHOR] Shorey, T. N., et al., "Applications of the

Gel'fond-Baker method to Diophantine equations,
Transcendence Theory; Advances and Applications,"
Academic Press, 1977.

[SHUL] Shulman, David, "An Annotated Bibliography of

Cryptography," Garland Publishing, New York,
1976.

[SHUS] Shulsky, A. N., "Silent Warfare: Understanding

The World of Intelligence", Brassey's (US),New
York, 1991.

[SHIR] K. Shirriff, C. Welch, A. Kinsman, Decoding a

VCR Controller Code. Cryptologia 16(3), 227--234,
1992.

[SHTP] E. Rescorla, E., and A. Schiffman, INTERNET-

DRAFT, "The Secure HyperText Transfer Protocol,"
Enterprise Integration Technologies, December
1994

[SH79] A. Shamir, "On the cryptocomplexity of knapsack

systems," in proceedings of the Eleventh Annual
ACM Symposium on Theory of Computing, Atlanta,
GA, April 30 -May 2, 1979, pp. 118-129. New York:
 ACM, 1979.

[SH84] A. Shamir, "Identity-based cryptosystems and

signature schemes," in G. R. Blakley and D.
Chaum, Eds., Lecture Notes in Computer Science
Vol. 196: Advances in Cryptology: Proceedings of
CRYPTO 84, a Workshop on the Theory and
Application of Cryptographic Techniques, Santa
Barbara, CA, August 19-22, 1984,
pp. 47-53. Berlin/New York: Springer-Verlag,
1985.

[S84a] A. Shamir, "A polynomial-time algorithm for

breaking the basic Merkle-Hellman cryptosystem,"
IEEE Transactions on Information Theory, Vol. IT-
30, No. 5, September 1984, pp. 699-704.

[SH90] M. Shand, P. Bertin, and J. Vuillemin, "Hardware

speedups in long integer multiplication,"
presented at the Second ACM Symposium on Parallel
Algorithms and Architectures, Crete, July 2- 6,
1990.

[Silv] Silverman v. United States, 365 U.S. 505, 1961.

[SI90] "Number field sieve produces factoring

breakthrough," SIAM News, Vol. 23, No. 4, July
1990.

[SI87] R. D. Silverman, "The multiple polynomial

quadratic sieve," Mathematics of Computation,
Vol. 48, No. 177, January 1987, pp. 329-339.

[SI79] G. J. Simmons, "Symmetric and asymmetric

encryption," ACM Computing Surveys, Vol. 11, No.
4, December 1979, pp. 305-330.

[SI88] G. J. Simmons, "How to ensure that data acquired

to verify treaty compliance are trustworthy,"
Proceedings of the IEEE, Vol. 76, No. 5, May
1988, pp. 621-627.

[SIMM] G. Simmons (ed.), Contemporary Cryptology: the

Science of Information Integrity. IEEE press,
1991.10.4. Reference articles

[SIC1] S.I. Course in Cryptanalysis, Volume I, June

1942, Aegean Park Press, Laguna Hills , CA.
1989.

[SIC2] S.I. Course in Cryptanalysis, Volume II, June

1942, Aegean Park Press, Laguna Hills , CA.
1989.

[SIG1] "International Code Of Signals For Visual, Sound,

and Radio Communications," Defense Mapping
Agency, Hydrographic/Topographic Center, United
 States Ed. Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound,

and Radio Communications," U. S. Naval
Oceanographic Office, United States Ed., Pub.
102, 1969.

[SIMM] Simmons, G. J., "How To Insure that Data Acquired

to Verify Treaty Compliance are Trustworthy, " in
"Authentication without secrecy: A secure
communications problem uniquely solvable by
asymmetric encryption techniques.", IEEE EASCON
79, Washington, 1979, pp. 661-62.

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The

Mathematical Association of America, NYU, 1966.

[SLAT] Slatalla, M. & J. Quittner (1995). "Masters of

Deception: The Gang that Ruled Cyberspace".
HarperCollins (New York). ISBN 0-06-017030-1.
225 pp.

[SmBr] Smid, M. and Branstad, D., 1988, ``The Data

Encryption Standard: Past and
Future,''Proceedings of the IEEE}, Vol. 76 (5),
pp. 550-559, May, 1988.

[SM81] M. E. Smid, "Integrating the data encryption

standard into computer networks," IEEE
Transactions on Computers, Vol. COM-29, No. 6,
June 1981, pp. 762-772.

[SM88] M. E. Smid and D. K. Branstad, "The Data

Encryption Standard: past and future,"
Proceedings of the IEEE, Vol. 76, No. 5, May
1988, pp. 550-559.

[SMIH] Smith, David E., "John Wallis as Cryptographer",

Bulletin of American Mathematical Society, XXIV,
1917.

[SMIT] Smith, Laurence D., "Cryptography, the Science of

Secret Writing," Dover, NY, 1943.

[SMIV] Smith, G. (1994). "The Virus Creation Labs: A

Journey into the Underground". American Eagle
Publications (Tucson, AZ). ISBN 0-929408-09-8.
172 pp.

[SO85] Salomaa, "Cryptography," in A. Salomaa,

Encyclopedia of Mathematics and its Applications
Vol. 25: Computation and Automata, pp. 186-230.
Cambridge, UK: Cambridge University Press, 1985.

[SOLS] Solms, Von S., and D. Naccache, "On Blind

Signatures and Perfect Crimes," Computers and
Security vol. 11, no. 6 (October 1992): 581- 583.
[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag
Archipelago I-III, " Harper and Row, New York,
N.Y., 1975.

[SORK] A. Sorkin, LUCIFER: a cryptographic algorithm.

Cryptologia, 8(1), 22--35, 1984.

[SO77] R. Solovay and V. Strassen, "A fast Monte-Carlo

test for primality," SIAM Journal on Computing,
Vol. 6, No. 1, March 1977, pp. 84-85. Erratum:
Ibid., Vol. 7, No. 1, February 1978, p. 118.

[SPAN] Barker, Wayne G. "Cryptograms in Spanish," Aegean

Park Press, Laguna Hills, CA., 1986.

[SPIL] R. Spillman et al., Use of Genetic Algorithms in

Cryptanalysis of Simple Substitution Ciphers.
Cryptologia 17(1), 31--44, 1993.

[SP94] Software Publishers Association, Trusted

Information Systems and Hoffman Business
Associates, 1994, Encryption Products Database
Statistics, March 1994.

[SP93] Software Publishers Association, 1993,Foreign

Text, File, Data Encryption Programs and Products
Identified by the SPA, October 9, 1993.

[SSSC] System Security Study Committee, 1991 Computers

at Risk: Safe Computing in the Information Age,
National Academy Press, 1991.

[ST86] L. K. Steiner, "The ETA-10 supercomputer system,"

in Proceedings of the 1986 IEEE International
Conference on Computer Design, Port Chester, NY,
October 6-9, p. 42. Washington, DC: IEEE
Computer Society Press, 1986.

[STAL] Stallings, William, "Protect Your Privacy: A

Guide for PGP Users," Prentice Hall PTR, 1995.

[STA1] Stallings, W. (1995). "Network and Internetwork

Security: Principles and Practice". Prentice
Hall (Englewood Cliffs, NJ). ISBN 0-02-415483-0.
xiii + 462. Index.

[STAN] Stang, D. J. & S. Moon (1993). "Network Security

Secrets". IDG Books Worldwide Inc. (San Mateo,
CA). ISBN 1-56884-021-7. xxxiii + 1166. Index.

[STER] Sterling, B. (1992). "The Hacker Crackdown: Law

and Disorder on the Electronic Frontier". Bantam
Doubleday Dell (New York). ISBN 0-553-08058-X.
xiv + 328. Index.
[STEV] Stevenson, William, 'A Man Called INTREPID',
Macmillan, London 1976.

[STEW] Stewart, "C. L., On some Diophantine Equations

and Related Linear Recurrence Sequences." Univ.
of Waterloo, Ontario, Canada. 1980.

[STIN] Stinson, D. R., "Cryptography, Theory and

Practice," CRC Press, London, 1995.

[STIX] Stix, F., Zur Geschicte und Organisation der

Wiener Geheimen Ziffernkanzlei, Mitteilungen des
Osterreichischen Instituts fir
Geschichtsforschung,
LI 1937.

[STOL] Stoll, C. (1989). "The Cuckoo's Egg: Tracking a

Spy Through the Maze of Computer Espionage".
Pocket Books (Simon & Schuster, New York). ISBN
0-671-72688-9. viii + 356.

[STUR] Sturtevant, E. H. and Bechtel, G., "A Hittite

Chrestomathy," Linguistic Society of American and
University of Pennsylvania, Philadelphia, 1935.

[SURV] Austin, Richard B.,Chairman, "Standards Relating

To Electronic Surveillance," American Bar
Association Project On Minimum Standards For
Criminal Justice, Tentative Draft, June, 1968.

[SUVO] Suvorov, Viktor "Inside Soviet Military

Intelligence," Berkley Press, New York, 1985.

[TA81] A. S. Tanenbaum, Computer Networks. Englewood

Cliffs, NJ: Prentice-Hall, 1981.

[TERR] Terrett, D., "The Signal Corps: The Emergency (to

December 1941); G. R. Thompson, et. al, The Test(
December 1941 - July 1943); D. Harris and G.
Thompson, The Outcome;(Mid 1943 to 1945),
Department of the Army, Office of the Chief of
Military History, USGPO, Washington,1956 -1966.

[THEO] Theodore White and Annalee Jacoby, "Thunder Out

Of China," William Sloane Assoc., New York, 1946.

[THE1] Marie-Jose Bertin, ed.:Seminaire de Theorie des

Nombres, Paris 1980-81.

[THE2] Catherine Goldstein, ed.: Serge Lang {in FRENCH}:

Seminaire de Theorie des Nombres, Paris 1984-85,

[THOM] Thompson, Ken, "Reflections on Trusting Trust,"

Communications of the ACM 27, 1984.

[TIII] Title III of the Omnibus Crime Control and Safe

Streets Act, 18 U.S.C. Sec. 2510 , et seq.
[TIJD] Tijdeman, R., "Exponential Diophantine Equations"
Proc. Intern. Congress Math., Helsinki (1978)
p381-387.

[TILD] Glover, D. Beaird, Secret Ciphers of The 1876

Presidential Election, Aegean Park Press, Laguna
Hills, Ca. 1991.

[TM32] TM 32-250, Fundamentals of Traffic Analysis

(Radio Telegraph) Department of the Army, 1948.

[TORR] Torrieri, Don J., "Principles of Military

Communication Systems," Artech, 1981.

[TRAD] U. S. Army Military History Institute,

"Traditions of The Signal Corps., Washington,
D.C., USGPO, 1959.

[TRAN] SI SI, "Analysis of the Skipping Tramp Cipher -

Part 1," MA80, The Cryptogram, published by the
American Cryptogram Association, 1980.

[TRA1] SI SI, "Analysis of the Skipping Tramp Cipher -

Part 2," MJ80, The Cryptogram, published by the
American Cryptogram Association, 1980.

[TRA2] PICCOLA, "Another method for Finding Key-Length

for Columnar Transposition," AS39, The
Cryptogram, published by the American Cryptogram
Association, 1939.

[TRA3] PICCOLA, "Columnar Transposition - Random

Approach," ON39, The Cryptogram, published by the
American Cryptogram Association, 1939.

[TRA4] PHOENIX, "Complete Columnar Transpositon," MJ86,

The Cryptogram, published by the American
Cryptogram Association, 1986.

[TRA5] PHOENIX, "Complete Columnar Transpositon," JA86,

The Cryptogram, published by the American
Cryptogram Association, 1986.

[TRA6] PHOENIX, "CRUX Columnar Transpositon," SO86, The

Cryptogram, published by the American Cryptogram
Association, 1986.

[TRA7] PHOENIX, "Incomplete Columnar Transpositon: Crib

Breaking," MA87, The Cryptogram, published by the
American Cryptogram Association, 1987.

[TRA8] PHOENIX, "Incomplete Columnar Transpositon-

Revisited," SO87, The Cryptogram, published by
the American Cryptogram Association, 1987.

[TRA9] PHOENIX, "Incomplete Columnar Transpositon,"

ND86, The Cryptogram, published by the American
Cryptogram Association, 1986.
[TRA0] PHOENIX, "Incomplete Columnar Transpositon,"
JF87, The Cryptogram, published by the American
Cryptogram Association, 1987.

[TRAa] PHOENIX, "Incomplete Columnar Transpositon,"

MJ87, The Cryptogram, published by the American
Cryptogram Association, 1987.

[TRAb] SI SI, "Dissociative Coding" JA81, The

Cryptogram, published by the American Cryptogram
Association, 1981.

[TRAc] SI SI, "Double Transposition," MA87, The

Cryptogram, published by the American Cryptogram
Association, 1987.

[TRAd] NEOTERIC, "Geometric Forms for Transpositon,"

AS41, The Cryptogram, published by the American
Cryptogram Association, 1941.

[TRAe] TRYIT, "Observations about Transpositions," JJ41,

AS41 The Cryptogram, published by the American
Cryptogram Association, 1941.

[TRAf] ___, "Patterns of Route Transpositions," AM53,

The Cryptogram, published by the American
Cryptogram Association, 1953.

[TRAg] AB STRUSE, "Penny Tramp Cipher,"SO79, The

Cryptogram, published by the American Cryptogram
Association, 1979.

[TRAh] SI SI, "Penny Tramp Cipher," JF80, The

Cryptogram, published by the American Cryptogram
Association, 1980.

[TRAi] TATTERS, "Skipping Tramp Cipher," JF80, The

Cryptogram, published by the American Cryptogram
Association, 1980.

[TRAj] TATTERS, "Skipping Tramp Cipher," MA80, The

Cryptogram, published by the American Cryptogram
Association, 1980.

[TRAk] GUNG HO, "Solving the Complete Columnar Single

Transposition Cryptogram, Succeed Every Time!,"
SO88, The Cryptogram, published by the American
Cryptogram Association, 1988.

[TRAl] DAN SURR, "Solving the skipping Tramp Cipher,"

MJ80, The Cryptogram, published by the American
Cryptogram Association, 1980.

[TRAm] SI SI, "Transpositon Algorithms and Equivalent

Linear Permutations," JA87, The Cryptogram,
published by the American Cryptogram Association,
1987.
[TRAn] GENIAL, "Transposition Ciphers with Identical
Plain Text Ends," FM40, AM40, The Cryptogram,
published by the American Cryptogram Association,
1940.

[TRAo] SCRYER, "Tromping the Penny Tramp Cipher," JF80,

The Cryptogram, published by the American
Cryptogram Association, 1980.

[TRAj] GUNG HO, "Validating the Solution of a Single

Columnar Double Transposition Cryptogram, " ND88,
The Cryptogram, published by the American
Cryptogram Association, 1988.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The

Cipher Dispatches, New York, 1879.

[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite

de Jean Tritheme ,Paris: Editions Traditionelles,
1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution

Ciphers," ACA, 1959.

[Tuer] Tuerkheimer, F., 1993, ``The Underpinnings of

Privacy Protection,'' Communications of the ACM,
Vol. 36 (8), August 1993, pp. 69-73.

[TUKK] Tuckerman, B., "A Study of The Vigenere-Vernam

Single and Multiple Loop Enciphering Systems,"
IBM Report RC2879, Thomas J. Watson Research
Center, Yorktown Heights, N.Y. 1970.

[TURB] Turnbull, H. W., The Great Mathematicians, New

York: NYU Press, 1961.

[TURN] Turn, Rein, "Advances in Computer Security,"

Artec House, New York, 1982. [Original papers on
Public Key Cryptography, RSA, DES]

[UBAL] Ubaldino Mori Ubaldini, "I Sommergibili begli

Oceani: La Marina Italian nella Seconda Guerra
Mondiale," vol XII, Roma, Ufficio Storico della
Marina Militare, 1963.

[UDoT] U.S. Department of Treasury, 1985, Criteria and

Procedures for Testing, Evaluating, and
Certifying Message Authentication Devices for
Electronic Funds Transfer Use, May, 1, 1985,
Washington, DC.

[USAA] U. S. Army, Office of Chief Signal Officer,

"Instructions for Using the Cipher Device Type M-
94, February, 1922," USGPO, Washington, 1922.
[USAH] Gilbert, James L. and John P. Finnegan, Eds. "U.
S. Army Signals Intelligence in World War II: A
Documentary History," Center of Military
History, United States Army, Washington, D.C.
1993

[USC] U.S. Congress, Office of Technology Assessment,

1987, Defending Secrets, Sharing Data: New Locks
and Keys for Electronic Information, OTA-CIT-310,
Washington, D.C: Government Printing Office,
October, 1987, Washington, DC.

[USDJ] United States. Dept. of Justice. Authorization

Procedures For Release Of Encryption Key
Components. Washington, DC: N.p., 4Feb. 1994.
USENET: alt.privacy.clipper.

[USGA] United States General Accounting Office, 1992,

``Advanced Communications Technologies Pose
Wiretapping Challenges,' Briefing Report to the
Chairman, Subcommittee on Telecommunications and
Finance, Committee on Energy and Commerce, House
of Representatives, July 1992, Washington, DC.

[USHR] House Report 100-153, 1987, Part 2, the Committee

on Government Operations' Report on the Computer
Security Act of 1987, Washington, DC.

[US92] Hearing before the House Judiciary Subcommittee

on Economic and Commercial Law, May 7, 1992,
Washington, DC.

[USNA] US Naval Administration in WW II, History of

Naval Communications, 1939-1945. Op-20A-asz, A12,
Serial 00362P20, 7 Apr 1948. available from the
Naval Historical Center; WW II Command File CNO;
Communications History; Microfiche No. F3561.

[USS] United States Senate, 1974, Final Report of the

Select Committee to Study Governmental Operations
with respect to Intelligence Activities, April,
26, 1974, Washington, DC.

[USSF] "U.S. Special Forces Operational Techniques," FM

31-20, Headquarters Department Of The Army,
December 1965.

[US4] United States. Fourth Amendment, ftp.eff.org

file.

[USTF] ------. Testimony. Subcommittee on Economic

Policy, Trade and Environment Committee on
Foreign Affairs U.S. House of Representatives.
Washington DC, 12 Oct. 1993. ftp.eff.org file.
[USOT] "U.S. Special Forces Recon Manual," Elite Unit
Tactical Series, Lancer, Militaria, Sims, ARK.
71969, 1982.

[VACC] Vacca, John, "Internet Security Secrets," IDG

Books, New York, 1996.

[VAIL] Vaille, Euggene, Le Cabinet Noir, Paris Presses

Universitaires de Frances, 1950.

[VALE] Valerio, "De La Cryptographie," Journal des

Scienses militares, 9th series, Dec 1892 - May
1895, Paris.

[VAND] Van de Rhoer, E., "Deadly Magic: A personal

Account of Communications Intilligence in WWII in
the Pacific, New York, Scriber, 1978.

[VARI] ----,"Varietes Hyperboliques et Analyse

Diophantienne," Univ of California, Berkley,
1986.

[VERN] Vernam, A. S., "Cipher Printing Telegraph

Systems For Secret Wire and Radio Telegraphic
Communications," J. of the IEEE, Vol 45, 109-115
(1926).

[VIAR] de Viaris in Genie Civil: "Cryptographie",

Publications du Journal Le Genie Civil, 1888.

[VIA1] de Viaris, "L'art de chiffre et dechiffre les

depeches secretes," Gauthier-Villars, Paris,
1893.

[VIGE] BASSETT, "Vigenere:Auto-encipherment, Letter

Frequencies ," MJ70, The Cryptogram, published by
the American Cryptogram Association, 1970.

[VIG1] SI SI, "Vigenere:Comparative Analysis of the

Vigenere, beaufort, and variant Ciphers," JA80,
The Cryptogram, American Cryptogram Association,
1980.

[VIG2] SAI CHESS, "Discard your old Vigenere Charts and

Strips," AS51, The Cryptogram, the American
Cryptogram Association, 1951.

[VIG3] LEDGE, "Vigenere:Fundamentals," ND71, The

Cryptogram, American Cryptogram Association,
1971.

[VIG4] AB STRUSE, "Half-Vigenere Cipher," MA69, The

Cryptogram, published by the American Cryptogram
Association, 1969.

[VIG5] S-TUCK, "Introduction to the Vigenere Family,"

JJ44, The Cryptogram, American Cryptogram
Association, 1944.
[VIG6] EDNASANDE, "Vigenere:Making a Cipher Disk," SO79,
The Cryptogram, American Cryptogram Association,
1979.

[VIG7] X.GOTKY, "Short Cuts for Lining Up the Alphabets

in the Vigenere Family Type Ciphers," JJ47, The
Cryptogram, American Cryptogram Association,
1947.

[VIG8] CONTRACTUS, "Sigma Test for Keyword Letters in

the Vigenere," FM43, The Cryptogram, published by
the American Cryptogram Association, 1943.

[VIG9] PICCOLA, "Solving a Vigenere," AM35, The

Cryptogram, American Cryptogram Association,
1935.

[VIG0] S-TUCK, "Solving a Vigenere," FM45, The

Cryptogram, American Cryptogram Association,
1945.

[VIGa] TRYIT, "Solving Vigeneres by Trigram Method,"

JJ43, The Cryptogram, American Cryptogram
Association, 1943.

[VIGb] KOHOP, "Procedure for Solving Vigenere Type of

Periodic in an Unknown Language with Non-Roman
Alphabet," MA55, The Cryptogram, American
Cryptogram Association, 1955.

[VIGc] PICCOLA, "Vigenere Cipher," FM35, The Cryptogram,

American Cryptogram Association, 1935.

[VIGd] LEDGE, "Vigenere Family ," JF72, The Cryptogram,

American Cryptogram Association, 1972.

[VIGe] TONTO, "Vigenere Family ," JJ54, The Cryptogram,

American Cryptogram Association, 1954.

[VIGf] S-TUCK, "Vigenere Family ," FM46, The Cryptogram,

American Cryptogram Association, 1946.

[VIGg] LEDGE, "Vigenere, Variant, Beaufort, and

Grionsfield Ciphers," JA87, The Cryptogram,
American Cryptogram Association, 1987.

[VIGd] PICCOLA, "Vigenere with Running Key," ON36, The

Cryptogram, American Cryptogram Association,
1936.

[VOGE] Vogel, Donald S., "Inside a KGB Cipher,"

Cryptologia, Vol XIV, Number 1, January 1990.

[VN] "Essential Matters - History of the Cryptographic

Branch of the Peoples Army of Viet-Nam, 1945 -
1975," U.S. Cryptological History Series, Series
V, NSA CSS, CH-E32-94-02, 1994.
[WA84] N. R. Wagner and M. R. Magyarik, "A public-key
cryptosystem based on the word problem," in G. R.
Blakley and D. Chaum, Eds., Lecture Notes in
Computer Science Vol. 196: Advances in Cryptology
- Proceedings of CRYPTO 84, a Workshop on the
Theory and Applications of Cryptographic
Techniques, Santa Barbara, CA, August 19-22,
1984, pp. 19-36. Berlin/New York: Springer-
Verlag, 1985.

[WA85] C. C. Wang, T. K. Truong, H. M. Shao, L. J.

Deutsch, J. K. Omura, and I. S. Reed, "VLSI
architectures for computing multiplications and
inverses in GF(2m)," IEEE Transactions on
Computers, Vol. C-34, No. 8, August 1985, pp.
709-717.

[WDO ] War Department Office of The Chief Signal Officer

(1941) Operating Instructions for Converter M-
134-C (short title: SIGBWJ)

[WDO1] War Department Office of The Chief Signal Officer

(1941) Operating Instructions for Converter M-
134-C (short title: SIGLVC) Department of the
Army (1941) Crypto-Operating Instructions for
Converter M-134-C (short title: SIGQZF)

[WDM1] War Department (1942) Maintenance Instructions

for Converter M-134-C (short title: SIGKKK)

[WDM2] War Department (1945) Maintenance Instructions

for Converter M-134-C (short title: SIGKKK-2)
SIGQZF, SIGBWJ, SIGLVC, SIGKKK, SIGKKK-2 are
available from NARA; NSA Historical Collections
190/37/7/1, NR 2292 CBLL36 10622A 19410300.

[WDG1] War Department (1945) General Instructions For

Converter M-134-C (short title: SIGBRE-1)
available from NARA; NSA Historical Collections
190/37/7/1, NR 4588 ZEMA35 13909A 19450600

[WAL0] "Arithimetica Infinitorium" and Opera

mathematica (Oxoniae, 1699), III 674,687,688,693
and 695 give solutions to nomenclators based on
pre-calculus theory. Wallis' "Letter-Book" gives
some of his important papers (Smith op cit, p32,
p499)

[WALL] Walling, V. C., Jr., D. B. Parker, and C. C.

Wood, "Impacts of Federal Policy Options for
Nonmilitary Cryptography," SRI International
Research Report 32, April 1981, Menlo Park, CA.

[WALL] Wallis, John, "A Collection of Letters and other

Papers in Cipher" , Oxford University, Bodleian
Library, 1653.
[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and
Eleven Letters in Length, Aegean Park Press,
Laguna Hills, CA 92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters

and Greater in Length, Aegean Park Press, Laguna
Hills, CA 92654, 1993.

[Walk] Walker, S., 1993, Testimony for Subcommitte on

Economic Policy, Trade and Environment, Committee
on Foreign Affairs, U.S. House of
Representatives, October 12, 1993, Washington,
DC.

[WARN] "Warner Amendment" systems (10 U.S.C. 2315 and 44

U.S.C. 3502[2]) applies to digital signatures.

[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius,"

in Tudor Studies, Longmans and Green, London,
1924.

[WAY] Way, Peter, "Codes and Ciphers," Crecent Books,

1976.

[WAYN] Wayner, P, Statement in "Cryptographic Issue

Statements Submitted to the Computer System
Security and Privacy Advisory Board," by NIST, 27
May 1993, pp. 13-17.

[WEBE] Weber, Ralph Edward, "United States Diplomatic

Codes and Ciphers, 1175-1938, Chicago, Precedent
Publishing, 1979.

[WEIS] Weissman, C., 'A national debate on encryption

exportability,' Communications of the ACM vol.
34, no. 10 (October, 1991): 162.

[WELH] D. Welsh, Codes and Cryptography. Claredon

Press, 1988.

[WELS] Welsh, Dominic, "Codes and Cryptography," Oxford

Science Publications, New York, 1993.

[WELC] Welchman, Gordon, 'The Hut Six Story', McGraw-

Hill, New York 1982.

[WELS] Welsh, Dominic, "Codes and Cryptography," Oxford

Science Publications, New York, 1993.

[WHIT] Whiteside, T. (1978). "Computer Capers: Tales

of Electronic Thievery, Embezzlement and Fraud."
Mentor Executive Library published by The New
American Library (New York). ISBN 0-145-62080-1.

[WHOR] Whorf, B. L., "A Linguistic Consideration of

 Thinking In Primitive Communities," In Language,
Thought, and Reality: Selected Writings of
Benjamin Lee Whorf, ed. J. B. Carroll,
Cambridge, MA: MIT Press, pp. 65-86., 1956.

[Wie] Wiener, M., 1993, ``Efficient DES Key Search,''

presentation at Rump Session of Crypto (August,
1993), Santa Barbara, CA. Available as TR-244,
School of Computer Science, Carleton University,
Ottawa, Canada, May 1994.

[WI68] M. V. Wilkes, Time-Sharing Computer Systems. New

York: Elsevier, 1968.

[WI80] H. C. Williams, "A modification of the RSA

public-key encryption procedure," IEEE
Transactions on Information Theory, Vol. IT-26,
No. 6, November 1980, pp. 726-729.

[WI87] H. C. Williams and M. C. Wunderlich, "On the

parallel generation of the residues for the
continued fraction factoring algorithm,"
Mathematics of Computation, Vol. 48, No. 177,
January 1987, pp. 405-423.

[WIGG] Wiggins, R. W. (1995). "The Internet for

everyone: A guide for users and providers". J.
Ranade Workstation Series (McGraw-Hill, New
York). ISBN 0-07-067019-6. xvi + 655. Index.

[WILL] Williams, Eugenia, "An Invitation to

Cryptograms," Simon and Schuster, 1959.

[WIL1] Williams, P., OSISEC Introduction and Overview,

University College, London, 15 April 1993.

[WILD] Wildman, Ted, "The Expendables," Clearwater Pub.,

1983

[WINJ] Winton, J., " Ultra at Sea: How Breaking the Nazi
Code Affected Allied Naval Strategy During WWII,"
New York, William Morror, 1988.

[WINK] Winkle, Rip Van, "Hungarian: The Cryptogram,",

March -April 1956.

[WINF] Winterbotham, F.W., 'The Ultra Secret',

Weidenfeld and Nicolson, London 1974.

[WINR] Winter, Jack, "Solving Cryptarithms," ACA, 1984.

[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill

Books, NY, 1970.

[WOLF] Wolfe, Jack M., " A First Course in

Cryptanalysis," Brooklin College Press, NY, 1943.
[WOOD] Wood, C. C. (1994). "Information Security
Policies Made Easy: A Comprehensive Set of
Information Security Policies". Version 4.
BASELINE Software (Sausalito, CA). ISBN 1-
881585-01-8. 109 pp. Diskette available.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret

Languages," Crown Publishers, New York, 1990.

[WROB] Wrobel, L. A. (1990). "Disaster Recovery

Planning for Telecommunications." Artech House
(Boston, MA). ISBN 0-89006-460-1. xi + 112.

[WROE] Wrobel, L. A. (1993). "Writing Disaster Recovery

Plans for Telecommunications Networks and LANs."
Artech House (Boston, MA). ISBN 0-89006-694-7.
xiii + 138. Index.

[WU83] M. C. Wunderlich, "Factoring numbers on the

Massively Parallel computer," in D. Chaum, Ed.,
Advances in Cryptology -proceedings of CRYPTO 83,
a Workshop on the Theory and Applications of
Cryptographic Techniques, Santa Barbara, CA,
August 22-24, 1983,
pp. 87-102. New York: Plenum Press, 1984.

[WU85] M. C. Wunderlich, "Implementing the continued

fraction factoring algorithm on parallel
machines," Mathematics of Computation, Vol. 44,
No. 169, January 1985, pp. 251-260.

[XAMA] XAMAN EK,"Bifid Workshop," ND93, The Cryptogram,

American Cryptogram Association, 1993.

[XAM1] XAMAN EK,"Bifid Workshop- Part II," MJ93, The

Cryptogram, American Cryptogram Association,
1993.

[XEN1] PHOENIX, "Xenocrypt Handbook," American

Cryptogram Association, 1 Pidgeon Dr., Wilbraham,
MA., 01095-2603, for publication March, 1996.

[YA82] A. C. Yao, "Theory and applications of trapdoor

functions," in 23rd Annual Symposium on
Foundations of Computer Science, Chicago, IL,
November 3-5, 1982, pp. 80-91. IEEE Computer
Society Press, 1982.

[YAOA] A. Yao, Computational Information Theory. In

Complexity in Information Theory, ed. by Abu-
Mostafa, 1988.

[YARD] Yardley, Herbert, O., "The American Black

Chamber," Bobbs-Merrill, NY, 1931.

[YAR1] Yardley, H. O., "The Chinese Black Chamber,"

Houghton Mifflin, Boston, 1983.

[YAR2] Yardley, H. O., "Yardleygrams", Bobbs Merrill,

 1932.

[YAR3] Yardley, H. O., "The Education of a Poker Player,

Simon and Schuster, 1957.

[YOKO] Yukio Yokoyama, "Tokushu joho kaisoka,"

unpublished handwritten manuscript.

[YOUS] Youshkevitch, A. P., Geschichte der Mathematik im

Mittelatter, Liepzig, Germany: Teubner, 1964.

[YUKI] Yukio Nishihara, "Kantogan tai-So Sakusenshi,"

Vol 17., unpublished manuscript, National
Institute for Defense Studies Military Archives,
Tokyo.,(hereafter NIDS Archives)

[ZIM] Zim, Herbert S., "Codes and Secret Writing."

William Morrow Co., New York, 1948.

[ZEND] Callimahos, L. D., Traffic Analysis and the

Zendian Problem, Agean Park Press, 1984. (also
available through NSA Center for Cryptologic
History)

[ZERZ] Zerzan, J. & A. Carnes, eds. (1988).

"Questioning Technology: A Critical Anthology".
Freedom Press (London). ISBN 0-900-384-44-1.
222. Index.

[ZYZZ] ZYZZ,"Sinkov's Frequency Matching," JA93, The

Cryptogram, American Cryptogram Association,
1993.

[ZYZ1] ZYZZ,"Nihilist Substitution," ND94, The

Cryptogram, American Cryptogram Association,
1994.

[ZYZ2] ZYZZ,"Solving Twin Bifids," JA94, The Cryptogram,

American Cryptogram Association, 1994

[ZYZ3] ZYZZ,"Bring Home the Baconian!," MA94, The

Cryptogram, American Cryptogram Association,
1994.

[ZYZ4] ZYZZ,"Xenocrypt Solving for Neophytes," JF96, The

Cryptogram, American Cryptogram Association,
1996.

ANNOTATED WEB SOURCES

Digital Privacy

http://www-leland.stanford.edu/~phillin /red_paper.gif

The Ethics of Encryption

http://www-pcd.stanford.edu/gifs/button.key.gif
http://www.ecst.csuchico.edu/~rodmur/docs/USConstitution
.html http://draco.centerline.com:8080/~franl/privacy/
http://www.house.gov/Constitution/Constitution.html
http://draco.centerline.com:8080/~franl/clipper/about-
clipper.html
Electronic Frontier Foundation
Electronic Frontier Foundation http://www-
leland.stanford.edu/~phillin/
http://rescomp.stanford.edu/~p weston/ptw.html
http://www.eff.org/

White House

http://www.whitehouse.gov/White_House/EOP/OVP/html
/GORE_Home.html

PGP
Phillip R. Zimmerman:
[email protected]
http://draco.centerline.com:8080/~franl/pgp/pgp-2.6.2-
doc1.html
http://draco.centerline.com:8080/~franl/pgp/

RIPEN

http://www.cs.indiana.edu/ripem/dir.html

Fourth Amendment

http://www.io.com/sjgames"

Free Speech
http://mirrors.yahoo.com/eff/speech.html

Senate Bill S.1587 - Encrypted Communications Privacy

Voters Telecommunications Watch

http://www.vtw.org/

Cryptographic Algorithms
http://www.cs.hut.fi/ssh/crypto/algorithms.html

Professor Ron Rivest

http://theory.lcs.mit.edu/~rivest/crypto-security.html

Terry Ritter's papers on Dynamic Substitution and

Dynamic Transposition ciphers

http://www.io.com/~ritter/

Michael Paul Johnson Thesis

ftp://ftp.csn.net/mpj/public/

K-Theory
http://www.math.uiuc.edu/K-theory/

DES
ftp://ftp.uu.net/pub/security/des"
Complexity Theory & Cryptography

http://dimacs.rutgers.edu/SpecialYears/1990_1991/index
.html

Random Numbers
http://www.cs.berkeley.edu/~daw/netscape-
randomness.html
http://www.clark.net/pub/cme/html/ranno.html
http://www.cis.ohio-state.edu/htbin/rfc/rfc1750.html
http://www.ddj.com/ddj/1994/1994.11/index.htm

Netscape Hole
http://www.ddj.com/ddj/1996/1996 01/wagner.htm

Cryptography Policy & Algorithms Conf: Australia 95

ftp://ftp.cl.cam.ac.uk:/users/rja14/queensland.ps.Z

U. of Cambridge
http://www.cl.cam.ac.uk:80/users/rja14/

Elliptical Curves
http://www.ama.caltech.edu/resources.html
ftp://ftp.mcs.com/mcsnet.users/eh.crypto
ftp://csua.berekely.edu/pub/cypherpunks/ciphers
ftp://ftp.datashopper.dk/pub/users/pethern/file/curve_e
ncrypt_22.sea.hqx
ftp://ftp.dsi.unimi.it/pub/security/crypt/code/curve_en
crypt_22.sea.hqx

quantum cryptography -use of quantum indeterminacy for

encryption & data security
http://www.iro.umontreal.ca/people/crepeau/Biblio-
QC.html

Bibliography on Quantum Cryptography by Gilles Brassard:

http://www.iro.umontreal.ca/labs/theorique/index_en.htm
l

http://vesta.physics.ucla.edu/~smolin/

http://eve.physics.ox.ac.uk/QCresearch/cryptoanalysis/q
c.html
http://eve.physics.ox.ac.uk/QChome.html

USS Pampanino

http://www.maritime.org/ecm2.shmtl

Wavelets for Compression

http://www.mat.sbg.ac.at/~uhl/wav.html
ftp://sable.ox.ac.uk/pub/math/README

ftp://sable.ox.ac.uk/pub/math/cunningham/README

Primes
ftp://sable.ox.ac.uk/pub/math/primes">tables

Lenstra's Large Integer Package

"ftp://sable.ox.ac.uk/pub/math/freelip/

University/Country Ref's
ftp://sable.ox.ac.uk/pub/math/primesrsa129/
ftp://furmint.nectar.cs.cmu.edu/security
http://weber.u.washington.edu/~phantom/cpunk/index.html
ftp://ftp.funet.fi/pub/crypt/cypherpunks
ftp://ftp.psy.uq.oz.au/pub/Crypto
ftp.psy.uq.oz.au/pub/Crypto
ftp://ftp.wimsey.bc.ca/pub/crypto
http://clipper.uvic.ca/crypt
ftp://pgp.rasip.fer.hr
ftp://ftp.datashopper.dk/pub/users/pethern

ftp://ftp.funet.fi/pub/crypt
ftp://garbo.uwasa.fi/pc/security
http://www.cs.hut.fi/ssh/crypto
http://www.cnam.fr/Network/Crypto
ftp://ftp.darmstadt.gmd.de/pub/crypto

ftp://ftp.informatik.uni-hildesheim.de/pub/security/
ftp://ftp.uni-stuttgart.de/pub/doc/security/crypto/
http://www.thur.de/ulf/krypto/index.html
ftp://ftp.informatik.uni-hamburg.de/pub/pgp
ftp://ftp.informatik.uni-hamburg.de/pub/crypt
http://www.cert.dfn.de/eng
ftp://ftp.kfki.hu/pub/packages/security
ftp://ftp.dsi.unimi.it/pub/security/crypt
ftp://utopia.hacktic.nl/pub/replay/pub/disk/
ftp://ftp.unit.no/pub/unix/security
ftp://ftp.kiae.su/unix/crypto
ftp://ftp.sunet.se/pub/security/tools/crypt
ftp://ftp.ox.ac.uk/pub/crypto

ftp://FTP.CSN.ORG/mpj/README

http://www.eff.org/pub/ Net_info/Tools/Crypto/
ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/

RIPEM
ftp://ripem.msu.edu/pub/
ftp://ftp.infonexus.com/pub/
http://ftpsearch.unit.no/ftpsearch/

Bibliographies

http://mnementh.cs.adfa.oz.au/htbin/bib_lpb
http://glimpse.cs.arizona.edu/bib/

http://glimpse.cs.arizon a.edu/cgi-bin/biblio?
query1=cryptography&query2 =&query3=&case=on&error
s=0&maxfiles=200&maxlines=5000

http://liinwww.ira.uka.de/bibliograph y/index.html"

ftp://ftp.doc.ic.ac.uk/computing/bibliographies/Karlsru
 he/index.html

http://liinwww.ira.uka.de/bibliography/Theory/crypto.se
curity.html

"ftp://ftp.doc.ic.ac.uk/computing/bibliographies
/Karlsruhe/Theory/computational.number.theory.html

http://theory.lcs.mit.edu/~rivest/homepage.html
http://theory.lcs.mit.edu/~rivest/crypto.bib
http://theory.lcs.mit.edu/~rivest/algorithms2.bib

Cryptography Technical Reports Server

http://www.itribe.net/CTRS

Crypto Reports
http://www.cs.waikato.ac.nz/~sirvine
http://bibd.unl.edu/~stinson/acbib.html
http://bibd.unl.edu/~stinson/ssbib.html

http://triode.apana.org.au:8080/~cskinner/cybanim.html
http://www.isse.gmu.edu/~csis/bibliography/ref_essays.ht
ml
http://www.cs.purdue.edu/coast/archive/data/category_in
dex.html

ftp://coast.cs.purdue.edu/pub/doc/cryptography/
http://www.cs.purdue.edu/coast/archive/data/categ12.html
http://ww w.zblmath.fiz-karlsruhe.de/cgi-bin/LNCS-500-
1000" http://www.zblmath.fiz-karlsruhe.de/cgi-
bin/LNCS-500-1000??
au=&ti=&co=&so=&bi=cryptography&M=40
http://avalon.ira.uka.de/eiss/EISS-Reports/index.html

European Institute for System Security, Univ. Karlsruhe,

Germany

http://avalon.ira.uka.de/eiss/indexe.html
http://www.ens.fr/~grecc/papers.html
http://www.ens.fr/~grecc/index_en.html

http://www.ul b.ac.be/di/scsi/defscsi.html

Brussels Free University, Belgium

http://www.informatik.uni-hildesheim.de/~sirene/lit/
sirene.lit.html http://www.informatik.uni-
hildesheim.de/~sirene/index.html
http://www.swcp.com/~iacr/jofc/jofc.html

Designs, Codes and Cryptography

http://www.isse.gmu.edu/~csis/jcs.html

http://www.tis.com/Home/DataSecurityLetter.html

http://www.byte.com/
http://www.quad ralay.com/www/Crypt/General/crypto-
journals.html
http://www.itd.nrl.navy.mil/ITD/5540/iee e/cipher/
http://www.computer.org

Security & Privacy - Books and Publishers

http://www.cl.cam.ac.uk/users/rja14/#SR

ftp://ftp.cl.cam.ac.uk/users/rja14/

http://www.rsa.com/rsalabs/cryptobytes
http://www2.indigo-net.com/Indigo/Indigo.html
http://www.privacy.org/alert/

gopher://ns1.infor.com/
gopher://ns1.infor.com/77/.bin/s_kw?cryptography
http://www.aegeanpress.com/books/
http://www.wiley.com/
http://www.openmarket.com/info/cryptography/applied_cry
ptography.html

http://www.crcpress.com/PRODS/8521.HTM
http://www.crcpress.com/

http://bibd.unl.edu/~stinson/ssbib.html
http://bibd.unl.edu/~stinson/acbib.html

http://www-mitpress.mit.edu/mitp/recent-books/comp/pgp-
source.html
http://www-mitpress.mit.edu/

http://www.springer-ny.com/

Coonferences: (Crypto, EuroCrypt, AsiaCrypt, etc.)

http://www.bookwire.com/index/publishers.html
http://julmara.ce.chalmers.se/stefan/WWW/sec_bib
_search.html

http://julmara.ce.chalmers.se/Security/
http://theory.l cs.mit.edu/~dmjones/hbp/

http://www.cs.indiana.edu/cstr/search
http://www.kreonet.re.kr/AC96/AC96.html

[email protected]

http://www.cl.cam.ac.uk/users/rja14/ihws.html

http://www.informatik.uni-
hildesheim.de/~sirene/conf/Programme/96051216.Eurocrypt9
6

http://www.cl.cam.ac.uk/users/rja14/cp.html

http://www.cl.cam.ac.uk/users/rja14/fse.html
http://www.rsa.com/rsa/conf96/brochure.htm

http://www.cl.cam.ac.uk/users/rja14 /ini.html
ftp://ftp.cl.cam.ac.uk:/users/rja14/queensland.ps.Z

http://www.isse.gmu.edu/~csis/acsac/acsac96-cfp.html
http://www.cci.de/its/cfp-ifip96.html
http://www.itd.nrl.navy.mil/ITD/5540/acm/new-
paradigms.html

http://newark.rutgers.edu/~atluri/atma.html

http://www.isse.gmu.edu/~csis/acsac/acsac95.html

http://csrc.ncsl.nist.gov/ events/
Advanced Surveillance Technologies
http://www.privacy.org/pi/conference/
http://www.cs.pdx.edu/SP96
Intellectual Property Protection in the Global
Information Infrastructure

http://www.nla.gov.au/gii/oecdconf.html

http://www.privacy.org/pi/conference/

proposed export criteria for encryption software

http://csrc.ncsl.nist.gov/keyescrow/
http://www.clark.net/pub/cme/html/in-out.html
http://www.eskimo.com/~joelm
http://www.eskimo.com/~joelm /criteria.txt
http://www.isse.gmu.edu/~pfarrell/nistmeeting.html

FBI Ban
http://www.epic.org/crypto/ban/fbi_dox/

Laws
http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm
http://www.epic.org/cr ypto/legislation/s1587.html

http://www.vtw.org/
http://www.epic.org/crypto/legislation/s1587_analysis.ht
ml http://www.law.miami.edu/~froomkin/personal-u se.txt"
ftp://ftp.cygnus.com/pub/export/itar.in.full
http://www.pls.com:8001/his/usc.html
http://www.epic.org/crypto/
http://www.eff.org/pub/Privacy/ITAR_export/
http://www.qualcomm.com/people/pkarn/export/index.html
http://ssdc.ucsd.edu/gpo/"
http://www.io.org/~samwise/crypto/Introduction.html

http://www.us.net/~steptoe/
http://world.std.com/~franl/crypto.html

authentication protocols http://www.cis.ohio-

state.edu/hypertext/faq/usenet/kerberos-f
aq/user/faq.html
ftp://athena-dist.mit.edu/pub/kerberos
Computer Security & Industrial Cryptography Group
http://www.esat.kuleuven.ac.be
http://www.kuleuven.ac.be
http://www.dice.ucl.ac.be/crypto/crypto.html
http://www.iro.umontreal.ca/labs/theorique/index_en.html
http://www.ens.fr/~grecc/index_en.html
http://lix.polytechnique.fr/~morain/Crypto/crypto.engl
 ish.html"
http://www.polytechnique.fr/edu/DEAP/algo.html
http://www.inf.ethz.ch/department/TI/um/group.html

Government
http://ana.arc.nasa.gov/usps/
http://www.cse.dnd.ca/
http://www.itd.nrl.navy.mil/ITD/">NRL-ITD
http://infosec.nosc.mil/infosec.html">Navy INFOSEC
http://hightop.nrl.navy.mil/rainbow.html
http://www.users.interport.net/~sagal/ajax.html
http://www.fbi.gov/
DECA program: (Development of Espionage, Counterin
telligence & Counterterrorism Awareness) deals with
economic, industrial, and technological intelligence
gathering

"http://www.fbi.gov/deca.htm

Also see Cryptolog.html on NCSAFORUM Section 6 for many

other Crypto links.

ON-LINE COURSES

The best course on the INTERNET by far is LANAKI's. It

is 25 Lectures long covering all phases of classical
cryptography. The textbooks are [NICH] Nichols, Randall
K., " Classical Cryptography Course, Volume I," Aegean
Park Press (C-74), ISBN: 0-89412-263-0, Softbound, 8.38
x 10.75 in, xii + 301 pp. Professor Nichols (aka LANAKI)
is the retiring President of the American Cryptogram
Association (ACA) 1994-1996. Classical Cryptography
Volume II was released in February, 1997. [NIC~]
Nichols, Randall K., " Classical Cryptography Course,
Volume II," Aegean Park Press (C-76), ISBN: 0-89412-264-
9, Softbound, 8.38 x 10.75 in, xii + 400 pp. 1996,
$40.00.

Volume I presents the first ten Lectures (of twenty

five) from Mr. Nichols' 1995 and 1996 on-going Classical
Cryptography Course taught to 461 students at all levels
of expertise. Volume I covers such diverse topics as
Aristocrats (the king of cipher puzzles found in many
daily papers), Patristocrats (Aristocrats without word
divisions), Xenocrypts (language ciphers other than
English), Transpos-ition Ciphers, Military Ciphers,
Cryptarithms, the famous German ENIGMA Cipher Machine
(with simulation program disk available),
Polyalphabetics, and special historical ciphers.
Ciphers and their cryptanalytic techniques for solution
are presented. Extensive foreign language data is
supplied.

Classical Cryptography Course Volume I represents the

best in intellectual stimulation - better than chess,
bridge, and couch potatohood combined.

-----------------
Volume II presents Lectures 11 - 20 (of a total of
twenty five) from Mr. Nichols' extremely successful
course in Classical Cryptography taught in 1995 and 1996
to 461 students via the Internet and regular mail.

Volume II covers polyalphabetic substitutions ciphers in

the Vigenere family (Viggy, Variant, Beaufort, Porta,
Gronsfeld, Portax, Gromark), decimation, principles of
symmetry, isologs and superimposition solution
techniques. Volume II describes the difficult aperiodic
cipher systems (Interrupted key, Autoclave, Progressive,
Running Key used in cipher machines) and their analysis
by isomorphs, and repetitions. Cryptarithm solutions
for extended bases are presented. The theory of
coincidences and statistical attacks (kappa, chi, phi)
that are derived from this important theory are
detailed.

Transposition theory and a variety of transposition

ciphers are solved (Columnar, Amsco, Myszkowski,
Cadenus, Grille, Swagman, Auto-Transposition). Volume
II has two chapters on the difficult cipher systems
invented by the famous French cryptographer Delastelle:
Foursquare, Bifid and Trifid. Volume II ends with a
chapter on passwords, law and data protection. Volume
II is a potpourri of advanced topics in classical
cryptography.

Volume II includes over 1600 Cryptographic Resources and

References covering all phases of cryptography:
cryptanalysis, history, legal, social, classical,
modern, NSA, mathematical techniques, recreational,
intelligence, tactical, strategic, national defense,
INFOSEC: offensive and defensive, hardware, software,
standards, public key cryptography, web sources, and
applicable Senate and House bills.

The course is free to ACA members. Two BBS, one

netserver, and the Crypto Drop Box are maintained with a
wealth of information, lectures and computer programs
for the serious student. Professor Nichols shares his 32
years of experience to about 358 students worldwide.
Nothing better on the net for the pricetag. Be prepared
to work and enjoy yourself.

(and permit me a couple of personal plugs)....

BOOK REVIEWS

REVIEW OF CLASSICAL CRYPTOGRAPHY COURSE, VOLUME I

By the honorable Louis Kruh, Editor/Founder CRYPTOLOGIA,
October 1996, Volume XX Number 4.

Nichols, president of the American Cryptogram

Association, 1994-1996, began a course in classical
cryptography in 1995 via the Internet and regular mail.
Presently, at its midpoint, the course is an over-
whelming success with more than 300 participants and
this volume, the first of two, consists of the first ten
lectures. Nichols' goals are to teach the basic
cryptanalytic tools for solving different types of
ciphers while providing some understanding of the
historic context and importance of cipher systems to
communications.

Volume I covers simple substitution, substitution with

variants including complicated types of cipher
alphabets, multiliteral substitutions, Xenocrypts
(substitution ciphers in languages other than English)
cryptarithms, Hill's algebraic cipher, German Enigma
machine, and part I of polyalphabetic substitution
systems.

In a clearly written style, Nichols describes how to

solve each cipher, often with step-by-step examples,
using various techniques. These include position and
frequency tables, vowel selection method, pattern word
attack, consonant-line method, Phi test, Index of
Coincidence, probable words, anagraming, frequency
distribution data, and common digraphs, trigraphs
and tetragraphs for foreign languages, Kasiski method
for periodic ciphers, known word method, symmetry
principles and other techniques.

A minor criticism is the use of three chapters or 1/3 of

the book for Xenocrypts. This is disproportionate by
any measure and additional editing and use of an
appendix for language data would provide a better
balance. Similarly, the Chapter on the German Enigma
stands out like plaintext in the middle of an encrypted
message. The information is interesting but out of
place; it belongs in an appendix.

Another criticism is the decision to have two volumes

instead of one, for no apparent reason. This will
require a second index and another list of references,
which adds to the basic inconvenience of having two
volumes when only one is necessary.

Despite these faults, Nichols has produced an out-

standing contribution to the literature of cryptology.
By way of comparison, in 1939, the American Cryptogram
association sponsored publication of Elementary Crypt-
analysis by Helen F. Gaines. This was the first
comprehensive textbook on the subject published in the
United States and, almost 60 years later, it is still in
print because no other book has come close to its
standard. Now, however, Nichols' book, or at least the
first volume, compares favorably and in some ways is
even better!

REVIEW OF CLASSICAL CRYPTOGRAPHY COURSE, VOLUME I

By the Honorable David Kennedy, Director of Research,
NCSA.
 Classical Cryptography Course, Volume I. By
Randall K. Nichols; published by Aegean Park Press,
(714) 586-8811 (phone) (714) 586-8269 (fax); (800) 736 -
3587; 301 pages (with index); $34.80 (American
Cryptogram Association members receive a 20% discount
through ACA or NCSA Members receive a 10% discount if
purchased from the NCSA Bookstore)

In Classical Cryptography Course, Volume I, author

Randall K. Nichols has created a benchmark for serious
students of the science of cryptography. This is a
text. It is for learning, and with it one cannot help
but learn about the foundations of the science. An
outgrowth of Nichols' admitted "labor of love" in the
online Cryptography Courses he teaches over the
Internet, Volume I creates the foundation for
understanding the development of the science.

The ten chapters of this volume lead the student

through simple substitutions, substitutions with
variants, multiliteral substitutions, xenocrypts
(foreign language substitutions), cryptarithms, the
Enigma machine (separate Enigma95 program disk available
direct from the author) and finally to polyalphabetic
substitutions. Seven chapters conclude with problems;
solutions and discussions are provided in an appendix.
The text is indexed with twenty-four pages of references
for further study.

I found Nichols' sense of the history of

cryptography particularly noteworthy. The volume is
liberally salted with citations from history with
applications of the methods developed in the text. From
Revolutionary France through the American Civil War, the
Tammany Hall scandal, Revolutionary Soviet ciphers and
Japanese successes against Chinese codes prior to Pearl
Harbor, the text provides touchstones for student to
understand and relate to.

Phil Zimmermann observed in the documentation to

his Pretty Good Privacy Program to "Beware of Snake
Oil." Among his arguments is this anecdote:

I remember a conversation with Brian Snow, a highly

placed senior cryptographer with the NSA. He said he
would never trust an encryption algorithm designed by
someone who had not "earned their bones" by first
spending a lot of time cracking codes.

Where Schneier's Applied Cryptography is a crash

course in some encryption protocols and algorithms in
use today, Nichols' text begins the teaching of Snake
Oil detection and prevention.

Learning the fundamentals, developed throughout the

text, brings a richer understanding of the science,
it's history and insight into it's possibilities and
some vulnerabilities lurking for the unwary.

Nichols plans for release Volume II in the series

with advanced material on from the online course which
includes statistical attacks and transposition in
February, 1997.

Reviewer: Dave Kennedy, CISSP, is Director of Research

for the National Computer Security Association,
Carlisle, PA. He is a retired Army military police
officer and member of NCSA, ASIS, ISSA and the Computer
Security Institute.

-----------------
For orders or Information Contact: Aegean Park Press,
P.O. Box 2837, Laguna Hills, Ca. 92654. Telephone: 1-
800-736-3587; Fax: 1-714-586-8269. Group discounts
available. WWW Web site: http://www.halcyon.com/books/

Online orders may be made directly to LANAKI at

[email protected] or RAGYR at aol.com. Volume
I sells for US $28.50 and Volume II sells for US $38.00.
Surface mailing costs are included, as well as, course
discounts. Add $8.00 to each book for overseas costs.
Orders to LANAKI will be signed by the author.