In Lecture 2, we expand our purview of substitution ciphers, drop the requirement for word divisions, solve a lengthy Patristocrat, add more tools for cryptanalysis, look at some historical variations and solve the assigned homework problems.
Recall from Lecture 1, that the fundamental difference between substitution and transposition ciphers is that in the former, the normal or conventional values of the letters of the PT are changed, without any change in the relative positions of the letters in their original sequences, whereas in the latter, only the relative positions of the letters of the PT in the original sequences are changed, without any changes to the conventional values for the letters.
I used the term uniliteral frequency distribution [UFD] (I also misspelled uniliteral as unilateral) to identify the simple substitution cipher. Three properties can be discerned from the UFD applied to CT of average length composed of letters: (1) Whether the cipher belongs to the substitution or transposition class; (2) If to the former, whether it is monoalphabetic or non-monoalphabetic in character, (3) If monoalphabetic, whether the cipher alphabetic is standard (direct or reversed) or mixed.
Because a transposition cipher rearranges the PT, without changing the identities of the PT, the corresponding number of vowels (A,E,I,O,U,Y), high frequency consonants (D,N,R,S,T), medium-frequency consonants (B,C,F,G,H,L,M,P,V,W) and especially, low-frequency consonants (J,Q,X,Y,Z) are exactly the same in the CT as they are in the PT. In a substitution cipher, the conventional percentage of vowels and consonants in the CT have been altered. As messages decrease in length there is a greater probability of departure from the normal proportion of vowels and consonants. As messages increase in length, there is lesser and lesser departure from normal proportions. At 1000 letters or more, there is practically no difference at all between actual and theoretical proportions. Friedman presents charts showing the normal expectation of vowels and high, medium, low and blanks for messages of various lengths. For example, for a message of 100 letters in plain English, there should be between 33 and 47 vowels (A,E,I,O,U,Y). Likewise, there will be between 28 and 42 high- frequency consonants (D,N,R,S,T); between 17 and 31 medium frequency consonants (B,C,F,G,H,L,M,P,V,W); between 0 and 3 low-frequency consonants (J,Q,X,Y,Z); and between 1 and 6 blanks theoretically expected in distribution of the PT. Cipher class is considered transposition if the above limits bound the CT message and substitution if the above expected limits are outside the chart limits for the message length in question. [FR1/ p32-39]
The uniliteral frequency distribution (UFD) may be used to indicate monoalphabeticity. The normal distribution shows marked crests and troughs by virtue of two circumstances. Elementary sounds which the symbols represent are used with greater frequency. This is one of the striking characteristics of every alphabetic language. With few exceptions, each sound is represented by a unique symbol. The one-to-one mapping correspondence between PT and CT will dictate a shifted UFD with different absolute positions of the crests and troughs from normal. A marked crest-and-trough appearance in the UFD for a given cryptogram indicates that a single cipher alphabet is involved and constitutes one of the tests for a mono- alphabetic substitution cipher.
The absence of marked crests and troughs in the UFD indicates that a complex form of substitution is involved. The flattened out appearance of the distribution is one of the criteria for rejection of a hypothesis of monoalphabetic substitution.
Friedman presents a chart supporting the LB^ test for blanks in English messages up to 200 letters. [FR1] Soloman Kullback derives the Lambda test and presents extensive probability data on English, French, German, Italian, Japanese, Portuguese, Russian and Spanish. [KULL] Statistical studies show that the number of blanks in a normal PT message is predictable. Friedman's chart shows that the plaintext limit, P and the random expectation, R limits are a function of message size. On his chart, random assortment of letters correspond to polyalphabetic CT. The number of alphabets used is large enough to approximate a UFD identical to a distribution of letters picked randomly out of a hat.
This test compares the observed value PHI(o) for the
distribution being tested with the expected value PHI(r) random
and the expected value of PHI(p) plain text. For English
military text:
PHI(r) = .0385N(N-1)
PHI(p) = .0667N(N-1)
where N is the number of elements in the distribution. The
constant .0385 is 1/26 decimal equivalent and constant .0667
is the sum of squares of the probabilities of occurrence of the
individual letters in English PT. [FR3]
Example 1 of the PHI test on the following cryptogram is:
O W Q W Z A E D T D Q H H O B A W F T Z W O D E Q
T U W R Q B D Q R O X H Q D A G T B D H P Z R D K
f: 3 3 7 2 1 1 4 1 4 1 6 3 4 1 5 1 3
CT: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
f(f-1): 6 6 42 2 0 0 12 0 12 030 6 12 0 20 0 6
N = number of letters = sum fi = 50
PHI(o) = sum [fi(fi-1)] = 154
PHI(r) = .0358N(N-1) = .0385x 50 x49 =94
PHI(p) = .0667N(N-1) = .0667x 50 x49 =163
Since PHI(o), 154, more closely approximates PHI(p) than does
PHI(r), we have mathematical corroboration of the hypothesis
that the CT is monoalphabetic.
Example 2: Given the frequency distribution of CT as:
f: 1 1 2 3 4 2 1 4 2 1 1 3
CT: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
f(f-1): 0 0 2 612 2 0 12 2 0 0 6
N = 25 letters
PHI(o) = 42
PHI(r) = 0.0385x25x24 = 23
PHI(p) = 0.0667x25x24 = 40
Since PHI(o) observed is closer to PHI(p), then this letter
distribution is monoalphabetic. But compare to example 3 with
25 letters:
f: 1 1 1 2 1 1 1 3 1 1 1 2 1 1 1 1 2 3
CT: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
f(f-1): 0 0 0 2 0 0 0 6 0 0 0 2 0 0 0 0 2 6
N = 25 letters
PHI(r) = 0.0385x25x24 = 23
PHI(p) = 0.0667x25x24 = 40
Since PHI(o) observed is closer to PHI(r), then this letter
distribution is non-monoalphabetic.
Before we think this test is perfect, the student should try the above PHI test on the phrase:
" a quick brown fox jumps over the lazy dog"
He will find that N=33, PHI(o)= 20 and PHI(r) = 41; PHI(p)=70.
Since the observed value is less than half of PHI random, this
would suggest that the letters of this phrase could not be
plain text in any language. Think about the cause of this
result. For a simplified derivation, see Sinkov [SINK]
Kullback gives the following tables for Monoalphabetic and Digraphic texts for eight languages:
Monoalphabetic Digraphic
Text Text
English 0.0661N(N-1) 0.0069N(N-1)
French 0.0778N(N-1) 0.0093N(N-1)
German 0.0762N(N-1) 0.0112N(N-1)
Italian 0.0738N(N-1) 0.0081N(N-1)
Japanese 0.0819N(N-1) 0.0116N(N-1)
Portuguese 0.0791N(N-1)
Russian 0.0529N(N-1) 0.0058N(N-1)
Spanish 0.0775N(N-1) 0.0093N(N-1)
Random Text
Monographic Digraphic Trigraphic
.038N(N-1) .0015N(N-1) .000057N(N-1)
Note that the English plain text value is slightly less than
Friedman's. [KULL] [SINK]
Friedman made famous the Index of Coincidence. It is another method of expressing the monoalphabeticity of a cryptogram. We compare the theoretical I.C. with the actual I.C. I.C. is defined as the ratio of PHI(o)/PHI(r). Thus, in example one the I.C. is 154/94 = 1.64. The theoretical I.C. for English is 1.73 or (.0667/.0385). The I.C. of random text is 1.00 or (.0385/.0385). Friedman wrote a paper entitled "The Index of Coincidence and Its Application in Cryptography", which is perhaps the most ground breaking treatise in the history of cryptography. [FR22]
Assuming a UFD that is monoalphabetic in character, we observe the crests and troughs of the distribution. If they occupy relative offset positions to the normal UFD, than the alphabet is most likely standard, (A, B, C,..). If not, the CT is prepared using a mixed alphabet. The direction the crests and troughs progress left to right or right to left tell us whether the alphabet is standard or reversed in direction.
fi 14 13 12 12 10 10 8 5 5 4 4 4 3 3 3 3 3 3 2 2 2 2
CT D Q I N O P A L X E R V C F H M S Y J K W Z
F= 127 letters = sum fi
The CT presented in columnar form and marked for low frequency
letters is:
c . c v . . v c c v
1. X W V I M S O Q P N V
s c o h a n t i
c v . c c . v . v c
2. Q I F E D Y I H O Q,
n o b l e w o m a n
. v . c v . v c c
3. Z I Y P I Y N Q L
o w t o w i n g
v . v c c v c v c v c c .
4. D K O L L D A O P D R E W ,
e x a g g e r a t e d l y
c v c . c v v v c
5. R N X M E D O X D R
d i s l e a e d
c v . v c v v c c
6. X I C D A D N L Q .
s o e r e i g n
. c v . v v v c v v c
7. M A I C I V O P N I Q
r o o e a t i o n
v c v c c v c v c v
8. N Q I A R N Q O P D ,
i n o r d i n a t e
. v c v c . . v c c
9. F O Q N X S H D Q P
a n i s h m e n t
v c c v c c c v . v c c v . c v
10. N Q V I Q P A I C D A P N F E D.
i n c o n t r o v e r t i b l e
v . c v c . v c .
11. O J P D A H O P S,
a f t e r m a t h
. v c c . v . v c
12. Z N Q L -J N K D A !!!
i n g f i x e r
We mark the cipher as we put forth the following thoughts.
Analysis of Column 2 in the above CT, shows that I appears
three times with 11 low frequency contacts. It is probably
a vowel but not "i." N appears twice with 5 low frequency
contacts and also in third end position 3 times. Probable
vowel, may be i as in ion. Q appears twice; no low frequency
contacts, follows probable vowels 7 times. Might be n.
i and n are placed in the CT. Word 7 yields I = o. Word 3
yields the L = g. [Word 6 may not fit though.] Word 7
also suggest that P =t for tion. P precedes N and I 4 times,
and follows O 3 times. D begins one word, ends 2, has high
frequency, and is scattered. Let D = e. O contacts 6 low
frequency, and precedes n 3 times, t 4 times and the t is
followed by e twice. We have the 'ate' trigram, so O=a. Note
that A reverses with D and contacts vowels 10 times. A=r.
Word 10 shows incontrovertible. Playing it thru with V=c,F=b, and E=l, word 2 becomes noblewoman, Y=w,h=m. Word 11 is aftermath giving two more PT equivalents of J=f, and S=h. Word 4 gives us the K=x, R=D, W=y. Word 6 is sovereign and yields the PT s. The balance of the CT can be found by check off and testing.
The message reads: Sycophantic noblewoman, kowtowing exaggeratedly, displeased sovereign. Provocation inordinate, banishment incontrovertible. Aftermath king-fixer!
I have experimented with the SHERLAC method. Even when the CT includes small words <= 4 letters, it seems to yield valuable data. Just line the CT (words 5 or more letters) in columns and ignore the shorter words. Then work back and forth with the shorter words for confirmations.
When we remove the crutch of word divisions in the Aristocrat and present in standard telegraphic five letter groups, we have the "Patristocrat" or "undivided." S-TUCK gives a solution procedure for "undivideds" as well as Friedman. ELCY also discusses the Aristocrat without word divisions in her chapter 11. [TUCK], [FR1], [ELCY] Friedman's presentation is excellent and is summarized for the reader:
Given P-1:
SFDZF IOGHL PZFGZ DYSPF HBZDS GVHTF UPLVD FGYVJ VFVHT
GADZZ AITYD ZYFZJ ZTGPT VTZBD VFHTZ DFXSB GIDZY VTXOI
--- -------------
YVTEF VMGZZ THLLV XZDFM HTZAI TYDZY BDVFH TZDFK ZDZZJ
-------------------------------
SXISG ZYGAV FSLGZ DTHHT CDZRS VTYZD OZFFH TZAIT YDZYG
--------------
AVDGZ ZTKHI TYZYS DZGHU ZFZTG UPGDI XWGHX ASRUZ DFUID
---- -----
EGHTV EAGXX
There are two basic attacks on the Patristocrat. The first
method creates a triliteral frequency table and the second uses
the "probable word" as a wedge into the cryptogram. The first
attack follows many of the vowel - consonant splitting steps
that we have looked at previously.
Step 2: Prepare UFD and apply PHI tests.
8 4 1 23 3 19 19 15 10 3 2 5 2 0 3 5 0 2 10 22 5 16 1 8 14 35 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z PHI(p) = 3668 PHI(r) = 2117 PHI(o) = 3862 ft = 235The marked crests and troughs and the PHI test support the monoalphabetic hypothesis. Friedman advises that "the beginner must repress the natural tendency to place too much confidence in the generalized principles of frequency and to rely too much upon them. [i.e. setting Z=e, D=t ] It is far better to into effective use certain other data concerning normal plain text, such as digraphic and trigraphic frequencies."
Step 4: Prepare a Triliteral Frequency Distribution (TFD)
showing One Prefix and One Suffix Letter. Examine
the TFD for digraphs and trigraphs occurring two or
more times in the cryptogram. Note repeated digraphs
and trigraphs. For the above CT,
DZ = 9x, DF = 5x, DV = 2x ZDF = 4x, YDZ = 3x, BDV = 2x
Condensed Table Of Repetitions For P-1. Digraphs Trigraphs Polygraphs DZ - 9 TZ - 5 DZY - 4 HTZAITYDZY - 2 ZD - 9 TY - 5 HTZ - 4 BDVFHTZDF - 2 HT - 8 FH - 4 ITY - 4 ZAITYDZY - 3 ZY - 6 GH - 4 ZDF - 4 FHTZ - 3 DF - 5 IT - 4 AIT - 3 GZ - 5 VF - 4 FHT - 3 VT - 4 TYD - 3 ZF - 4 YDZ - 3 ZT - 4 ZAI - 3 ZZ - 4
IE ZF HV GI ZG SZ IY VG DU AX ZK YZ ZZ EH IY ZO FH WH HZ CZ ZF PD GT VY ZT VS TU GX HC ZZ DK ZH GU DH ZF VH DZ KI HZ BV DM YA FT IY YZ EV LZ FT HZ ZF DX YA HT UD AR ZH IZ VH SZ TH DX YD VE EG ZF YZ MZ FT HT RV VX XS BV VV BI MT AT FL HZ GV YZ DG TP TL XS IG VZ ZI AZ TU TA FT AT SG UG JX PV GV YD VF PH FY VT OY LV GT XB ZG ZI SG ZS VA ZG SV VT GD ZS HL DZ UL DG IY ZI ZD ZY DG ZI FZ FB AT ZZ TH PV FH XI SF SU YP HG GD HZ TD FZ TF SD OH GL FO VV FZ HP VG IG LZ ZS -F HF A B C D E F G H I J K L M N O P Q R S T 8 4 1 23 3 19 19 15 10 3 2 5 2 0 3 5 0 2 10 22 KD TD DY TE TA UD AD XD FT ST ZS ZT UF AF TZ GZ DG DF ZG DY YY LX TD TD ZT FM TZ TB GZ YT ZG JT DY YT X- ZB FJ TA DF GX TD DY OF TT HA IV ZA YD FI FH IW ZV DZ DR RZ JF SI ZF BD GD GP YJ VZ TD GD GY HZ LD TO GV PF ZJ FP GH XG FS DS DF DZ U V W X Y Z
Friedman's Table 7-B in Appendix 2 confirms that vowel combine differently from consonants. The top 18 digraphs compose about 25 per cent of English text. The letter E enters into 9 of the 18 digraphs: [FRE1]
ED EN ER ES NE RE SE TE VEThe remaining 9 digraphs are:
AN ND OR ST IN NT TH ON TO
None of the 18 digraphs is a combination of vowels. So E
combines with consonants more readily than with other vowels or
even itself. So if the letters of the highest frequency are
listed with the assume CT =e , those that show a high affinity
are likely N R S T and those that do not show any affinity are
likely A I O U. In P-1., Let Z = e because it is high
frequency and combines with several other high frequency
letters, D, F, G. The nine next highest frequency letters and
their combinatorial affinity with Z are:
Z as prefix 8 4 4 1 0
D(23) T (22) F(19) G(19) V(16)
Z as suffix 9 5 2 5 0
Z as prefix 0 6 0 0
H(15) Y(14) S(10 I(10)
Z as suffix 0 2 0 0
Vowels Consonants Z=e, V, H, S, I D, T, F, G, YFriedman's Table 6 in Appendix 2 gives us 10 most frequently occurring diphthongs: [FRE1]
Diphthong: io ou ea ei ai ie au eo ay ue
Frequency: 41 37 35 27 17 13 13 12 12 11
Also, O is usually the vowel of second highest CT frequency.
Looking at V, H, S, I not = i, can we find the CT equilvalent
of PT o?
List the combinations of V, H, S, I and Z=e in the message. We examine the combinations they make among themselves and with Z = e.
ZZ = 4 VH = 4 HH = 1 HI = 1 IS = 1 SV = 1
Now, ZZ = ee. HH is oo, because aa, ii, uu are practically
non-existent. oo is the second highest frequency double vowel
next to ee. If H=o, then V =i, where VH occurs twice and io is
a high frequency diphthong in English. So our analysis results
(unconfirmed) so far are:
Z = e, H = o, V = i
So I and S should be a and u. Here we use another Friedman
tool to look at the possibilities. We define the alternative
PT diphthongs and add frequency values as a set.
1) either I = a and S = u, each digraph occurs 1x
2) or I = u and S = a.
HI = oa value = 7 HI = ou value = 37
SV = ui value = 5 SV = ai value = 17
IS = au value = 13 IS = ua value = 5
==== ====
Total 25 59
Alternative two seems more likely. A more precise method for
choosing between alternative groups of Digraphs by considering
logarithmic weights of their assigned probabilities, rather
than PT frequency values. These weights are given by Friedman
in [FRE2] Appendix 2. The method is detailed on pp 259-260.
Tables 8 and 9A - C give the data for 428 digraphs based on
50,000 words of text. See also [KULL].
HI = oa L224 = .48 HI = ou L224 = .79
SV = ui values= .42 SV = ai values= .64
IS = au = .59 IS = ua = .42
===== =====
Total Log base 1.49 1.85
224
Multiple occurrences of a digraph would be multiplied by its
log base 224 relative weight and added as a group.
So we now have Z = e , H = o, V =i, S = A, I = u
for vowel equivalents.
The consonants may be viewed from their combination with
suspected vowels. Since VH = io might infer sion or tion
tetragraphs we look at the CT and find
GVHT and FVHT
T most likely is the n and G or F could be s or t. Note that
the CT D is neither PT t or n or PT s. The reversal with Z
=e, suggests the letter r.
As an alternative, the Consonant-Line approach would yield:
B C E J K M O R W
-----------------------
Y
D D D D D vowel ?
S S S S vowel
G G G G G
Z Z Z Z Z Z Z Z vowel
H H H vowel
T T T
V V V V vowel
A
F F F vowel?
X X
I I vowel?
U
The general principles are repeated. Vowels distinguish
themselves from consonants as they are represented by:
1) high frequency letters
2) high frequency letters that do not contact each other
3) high frequency letters with great variety of contacts
4) high frequency letters with am affinity for low frequency
PT consonants
PT: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z CT: S Z V T H D G F I F GP-1 revisited and rewritten:
S F D Z F I O G H L P Z F G Z D Y S P F H B Z D S a t r e t u s o e t s e r a t o e r a s s t s t s G V H T F U P L V D F G Y V J V F V H T G A D Z Z s i o n t i r t s i i t i o n s r e e t s s t s t A I T Y D Z Y F Z J Z T G P T V T Z B D V F H T Z u n r e t e e n s n i n e r i t o n e s t s D F X S B G I D Z Y V T X O I Y V T E F V M G Z Z r t a s u r e i n u i n t s e e s t s t T H L L V X Z D F M H T Z A I T Y D Z Y B D V F H n o i e r t o n e u n r e r i t o s T Z D F K Z D Z Z J S X I S G Z Y G A V F S L G Z n e r t e r e e a u a s e s i t a s e s t t s t D T H H T C D Z R S V T Y Z D O Z F F H T Z A I T r n o o n r e a i n e r e t t o n e u n s s Y D Z Y G A V D G Z Z T K H I T Y Z Y S D Z G H U r e s i r s e e n o u n e a r e s o t t t Z F Z T G U P G D I X W G H X A S R U Z D F U I D e t e n s s r u s o a e r t u r s t t t s E G H T V E A G X X s o n i s t tI have left out the frequencies above the letters for editorial space only.
We can see from a first reading that PT words operations, nine prisoners, and afternoon come thru. G = t, F = s, B = p, L =f.
PT: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
CT: S U X Y Z L E A V N W O R T H B C D F G I J K M P Q
"Patties" in the CM usually come with a tip and are generally shorter than the above example. The tip constitutes a probable PT word or phrase and we search the CT for a pattern of CT letters that exactly match the probable word. The choice of probable words is aided or limited by the number and positions of repeated letters. Repetitions may be patent (visible externally) or latent ( made patent as a result of the analysis. For the example DIVISION with a repeated I or BATTALION with the reversible AT, TA help the cryptanalysis even though word divisions were removed. Friedman named what we call patterns as idiomorphs. [FRE2] gives many pattern lists for solution of substitution and Playfair ciphers. TEA computer program at the Crypto Drop Box is an automated pattern list to 20 words. [CAR1], [CAR2], [WAL1], [WAL2] give idiomorphic data. The process of superimposing the plain text word over the correct cipher text will effect the entry to the cryptogram. Other references include: [RAJ1], [RAJ2], [RAJ3], [RAJ4], [RAJ5], [HEMP], [LYNC].
Once the cryptogram has been solved and the keying alphabet reconstructed, subsequent messages which have been enciphered by the same means solve readily.
P- 2.
Suppose the following message is intercepted slightly later at the same station.
I Y E W K C E R N W O F O S E L F O O H E A Z X X
P - 1. reconstruction and arbitrarily set at L = a.
PT a b c d e f g h i j k l m n o p q r s t u v w x y z
CT L E A V N W O R T H B C D F G I J K M P Q S U X Y Z
Cryptogram I Y E W K C E R N W
Equivalents P Y B F R L B H E F
running down the sequence yields CLOSE YOURS as a generatrix.
I Y E W K C E R N W
P Y B F R L B H E F
Q Z C G S M C I F G
R A D H T N D J G H
S B E I U O E K H I
T C F J V P F L I J
U D G K W Q G M J K
V E H L X R H N K L
W F I M Y S I O L M
X G J N Z T J P M N
Y H K O A U K Q N O
Z I L P B V L R O P
A J M Q C W M S P Q
B K N R D X N T Q R
*** C L O S E Y O U R S
D M P T F Z P V S T
E N Q U G
F O R V H
G P S W I
H Q T X
I R U Y
J S V Z
K T W A
L U X B
M V Y C
N W Z D
O X A E
Set the cipher component against the normal at C = i.
PT a b c d e f g h i j k l m n o p q r s t u v w x y z
CT F G I J K M P Q S U X Y Z L E A V N W O R T H B C D
Solving: Close your station at two PM.
[FRE1] discusses keyword recovery processes on pp 85 -90. Also see [ACA].
Louis Mansfield introduced the concept of a vowel substitution
cipher in 1936. [MANS] In the vowel cipher the key
alphabet is written into a square with j=i, like this:
COLUMN
A E I O U
-----------------
A a b c d e
E f g h i/j k
I l m n o p
ROW
O q r s t u
U v w x y z
Enciphering is row by column or t = OO ; h = EI ;
and e = AU.
The entire CT message enciphered is a succession of vowels. The CT will be exactly twice as long as the PT. This method is not more difficult to crack than the standard Aristocrat but our focus is on the frequency of vowel combinations in the CT. The PT equivalents do not have to be in standard order. Try this example.
VV-1.
1 2 3 4 5
OUOE OUAE OUIUIAAIUIUUOEOUAOAI OEEOUUOE OEEOAI
6 7 8
UOEUUEUEAIAEOE OOAIOEUUOUUEAE EEUO
9 10 11 12 13
UUUEUE OEUIEEEEIA IUEEAOAIIUAIOAOEAE IOAI EIUUUI-
14 15 16
AIUOEUUEUEEA EIEEIUIAOUUEAIOO UUOAOO AEAIOAOE
17 18 19
OEEE EUAE UIAIIIEUUEUUUIUEEA.
To solve this cipher we list the various combinations of two
vowels:
AA EA (2) IA (4) OA (3) UA
AE (6) EE (6) IE OE (11) UE (10)
AI (11) EI (2) II (1) OI UI (5)
AO (2) EO (2) IO (1) OO (3) UO (3)
AU EU (4) IU (4) OU (6) UU (7)
AI and OE appear 11 times and often as finals. Either might be
the "e". OE appears as an initial. WE try OE as t and AI as
e. Word 5 becomes 'the.' Word 4 confirms as 'that.' UU =
a. UE = l. The normal procedure of test and confirm gives us
the message: It is imperative that the fullest details of all
troop movements be carefully compiled and sent to us regularly.
The partial keying square is:
A E I O U
--------------------------
A s e v
E y o c h u
I p g b m
O n t d i
U l r f a
Comte de Mirabeau (1749 - 1791) was one of the great orators in the National Assembly, the body that governed France during the early phases of the French Revolution. He was a political enemy of Robespierre. He developed a simple substitution variant to relay his court messages to Louis XVI (who rejected his moderate advise). His father, the Marquis de Victor Riqueti Mirabeau imprisoned his son for failure to pay debts. He devised this system during his stay in debtors prison.
The Mirabeau system of ciphering letters of the alphabet are
divided into five groups of five letters each. Each letter is
numbered according to its position in the group. The group is
also numbered. The key alphabet is arranged as follows:
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
I S U W B K T D Q R X L P A E
6 8 4
1 2 3 4 5 1 2 3 4 5
G O Y V F Z M C H N
7 5
Encipherment of the phrase ' the boy ran' would
be 82.54.45, 65.72.73, 85.44.55 where the t is
referenced by group 8,letter2. Solution of messages
is clearly by frequency analysis, the key being reconstructed
from the message. Mirabeau experimented by reversing number
order in this positional number system and adding nulls to
confuse the interloper. One of the interesting complications
added by Mirabeau was to express the CT as a fraction with
group number as numerator and position number as denominator.
Other figures were added to foil decipherment. In such a case
the alphabet is grouped into fives as before, but the groups
and positions are each numbered with the same five figures.
So:
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
O A G P U T C N H Y X M F I S
1 2 3
1 2 3 4 5 1 2 3 4 5
L Q W B V R E K Z D
4 5
Enciphering 'the boys run' :
2 2 5 4 1 2 3 5 1 2
- - - - - - - - - -
1 4 2 4 1 5 5 1 5 3
Adding numerals 6, 7, 8, 9, 0 as non-values both above and
below the line increase the security slightly. Or:
29 27 50 48 17 29 39 56 10 28
-- -- -- -- -- -- -- -- -- --
71 64 92 74 94 85 65 91 75 83
The recipient reads the message by cancelling the non-values
and using the others. A key to recognition of this cipher is
that the non-values (nulls) are never employed as group or
position numbers.
The complicated form of the Mirabeau is solved by preparing a
Fractional Bigram sheet and reducing out the non-values.
Suppose we encipher the phrase 'we have been here':
2 1 4 5 4 5 5 2 1 5 5 5
- - - - - - - - - - - -
4 2 5 2 4 2 2 3 4 2 1 2
Using non-values (6,7,8,9,0) as:
62 10 40 65 47 57 75 62 27 58 57 85
-- -- -- -- -- -- -- -- -- -- -- --
48 62 95 20 84 27 92 30 49 62 19 29
The five 'e' s which occur are different each time.
65 57 75 58 85
-- -- -- -- --
20 27 92 62 29
The fractional group sheet proceeds like a Bigram analysis.
Instead of letters we use fractions.
The first fraction would be noted in four different ways, e.g.,
6 6 2 2
- - - -
4 8 4 8
65 6 6 5 5
the group -- would be catalogued - - - -
20 2 0 2 0
5
The fraction - (which is the real e) will eventually assume
2
Its normal frequency and thus display its identity. Armed with
the fact that 5/2 represents e, we cancel out all the
non-values which occur with this fraction. Each time we
cancel out a non-value, we do so for the entire cryptogram.
Even if the 5/2 represents another letter, such as t, the
uniliteral frequency distribution will be present in the CT.
Hardly a cipher, but a modern substitution system effecting 10
million brokerage customers is the Charles Schwab Telephone
Automated Customer Service System. The telephone is used for
the enciphering of literal and numerical data to the Schwab
computer system. So:
1 -
2 - A B C
3 - D E F
4 - G H I
5 - J K L
6 - M N O
7 - P R S NO Q use 99
8 - T U V
9 - W X Y NO Z use 98
* -
0 -
# -
J F M A M J JU A S O N D
CALLS A B C D E F G H I J K L
PUTS M N O P Q R S T U V W X
STRIKE PRICE CODES
A B C D E F G H I J K L
5 10 15 20 25 30 35 40 45 50 55 60
105 110 115 120 125 130 135 140 145 150 155 160
205 210 215 220 225 230 235 240 245 250 255 260
305 310 315 320 325 330 335 340 345 350 355 360
M N O P Q R S T U V W X
65 70 75 80 85 90 95 100 7.5 12.5 17.5 22.5
165 170 175 180 185 190 195 200
265 270 275 280 285 290 295 300
365 370 375 380 385 390 395 400
Other combinations of the above indicate special actions.
10 = accept. 90 = reject. * = return, end, # - account
terminator. Note that 1 number represents 3 equivalents.
Schwab uses the position to indicate the letter similar to the
ancient Masonic Cipher. For example, Janus Enterprise Fund
symbol is JAENX = 51-21-32-62-92.
An order to buy 750 shares JAENX at a limit price of 23.5 plus
a MAY call for 100 shares of BAX at strike price 25 might
include the following entries in the electronic order:
18002724922, 61702554#, xxxx#, 1, 1, 750, 5121326292, 54,
23*50, *, 1, 1, 100, 222192, 32, 32, 10, *
Which represents the telephone number of Charles Schwab,
account number and PIN, order codes, limit code, transfer
codes, menu response items. Other codes would allow you to
move around your account and monitor the order.
[Schw]
Note also that the basis telephone code is a 12 by 3 matrix.
1 2 3
1 - b b b
2 - A B C
3 - D E F
4 - G H I
5 - J K L b - represents available
6 - M N O information slot
7 - P R S
8 - T U V i.e. 9 = W X Y, but 93 = Y
9 - W X Y only
10 * - b b b
11 0 - b b b
12 # - b b b
It is easy to see how this process could be expanded to larger
and larger keyspaces. See references [BOSW], [KOBL] and [WEL].
for a fair discussions of the numerical requirements involved.
A good discussion of the Information Theory is found in
reference [RHEE]. A look at modern design criteria for bank
fund transfer and similar PIN systems in found in Meyer and
Matyas. [MM]
Dr. Caxton C. Foster who wrote "Cryptanalysis for Micro- computers, while at the University of Massachusetts, has generously donated his computer programs on substitution and transposition to the class. I have sent an updated disk to our CDB. [CCF] GWEGG has Cryptodyct on disk written in DbaseIV. Contact him for a copy.
A review of the entire field of applied cryptography is presented in Bruce Schneier's book. Most of the material is beyond the scope of this class, however a PC source / program diskette is included with his book. There are ITAR limitations associated with his disk. We will cover some of the historic symmetric algorithms such as Vigenere and Playfair ciphers. [SCHE]
Pd-1. Daniel
H Z K L X A L H X P N C I N Z X F L I X G N W Q X
P N Z K T L N K X O L X N I Z X G I N X P N E Z K
X W Q X P Z X L H X P N C I N Z X S N Q N T X W Q
X P N W V S N I K L K H B L X N W Q L X H F Z I L
N X A Z K S B W E N I.
Pd-2. Join the army. Daniel
F L B B A O I A F Q E A O M Z U I L O N R Z O Q A
O P I L O M O L S F P F L I P F L B B A O E R I C
A O Q E F O P Q B L O W A V H Z O W E A P X Z Q Q
G A P Z I V V A Z Q E G A Q E F H T E L G L S A P
L R O W L R I Q O U F I E F P E A Z O Q Z I V I L
Q T F Q E E F P G F M P L I G U B L G G L T H A.
First assume that only English is involved in all 5 problems. (This may not be true third round.) My thanks to both WALRUS and SNAIL PACE for detailed solutions.
Problem A-1. can be solved by the Pattern Word method.
A-1. Bad design. K2 (91) AURION
1 2 3 4 5 6
V G S E U L Z K W U F G Z G O N G M V D G X Z A J U =
7 8 9 10
X U V B Z H B U K N D W V O N D K X D K U H H G D F =
11 12 13 14
N Z X U K Y D K V G U N A J U X O U B B S
15 16 17 18
X D K K G B P Z K D F N Y Z B U L Z .
Lots of two and three letter words. One of the three letter
words most likely 'the'. The GON GM combination is a possible
wedge. Note that N = 6/91 = 6.6% of CT, Z = 8/91 = 8.9% and
V = 5/91 = 5.5% of CT. Word 10 pattern is (556) 291 on 12L
word = disappointed. Note the 'ted' ending fits with word 17
t_e = the. so Y=h. Word 16 confirms DF = in.
Plugging in A-1, we have:
A-1. Bad design. K2 (91) AURION
1 2 3 4 5 6
b o y a e s a n o e o u t o b i o d e g r a
V G S E U L Z K W U F G Z G O N G M V D G X Z A J U =
7 8 9 10
d a b l e p l a t i b u t i s d i s a p p o i n
X U V B Z H B U K N D W V O N D K X D K U H H G D F =
11 12 13 14
t e d a s h i s b o a t g r a d u a l l y
N Z X U K Y D K V G U N A J U X O U B B S
15 16 17 18
d i s s o l e s i n t h e l a e
X D K K G B P Z K D F N Y Z B U L Z .
Words 11, 12 show: as his. Word 6 looks like biodegradable,
and V confirms as a b in boat (word 13). Word 8 becomes but.
Word 14 ends ally. The messages reads: Boy makes canoe out of
biodegradable plastic but is disappointed as his boat gradually
dissolves in the lake. The keyword recovered is MAYDAYCALL.
Note that the tip was useless. One 12 letter pattern word
opens her up like a clam.
A-2. Not now. K1 (92) BRASSPOUNDER
K D C Y L Q Z K T L J Q X C Y M D B C Y J Q L : " T R
H Y D F K X C , F Q M K X R L Q Q I Q H Y D L
M K L D X C T W R D C D L Q J Q M N K X T M B
P T B M Y E Q L K F K H C Y L Q Z K T L T C . "
Solve A-2 by eyball method. One letter word = a, look for you
.. your combination, the word to in the first four words
before quotation. The message reads: Auto repairmen to
customer: " If you want, we can freeze your car until future
mechanics discover a way to repair it."
A-3. Ms. Packman really works! K4 (101) APEX DX
* Z D D Y Y D Q T Q M A R P A C , * Q A K C M K
* T D V S V K . B P W V G Q N V O M C M V B : L D X V
K Q A M S P D L V Q U , L D B Z I U V K Q F P O
W A M U X V , E M U V P X Q N V , U A M O Z
N Q K L M O V ( S A P Z V O ) .
APEX DX always sends an interesting con. Vowel splitting
yields V, D, M, Q, P. Word 7 suggests that M=i. Words 15 and
16 look like video game, the word fridge comes to bear.
The message reads: Kuujjuaq airport, Arctic Quebec. So few
amenities: huge caribou head, husky decal on fridge, video
game, drink machine (broken). Kw = chimo; FORT.
A-4. Money value. K4 (80) PETROUSHKA
D V T U W E F S Y Z C V S H W B D X P U Y T C Q P V
E V Z F D A E S T U W X Q V S P F D B Y P Q Y V D A F S ,
H Y B P Q P F Y V C D Q S F I T X P X B J D H W Y Z .
Using the consonant-line method:
CEHZAUIXP
-----------
TTTT T VOWEL
VV VVV VOWEL
YY YY
Q QQQ
DDDD DD
WW WWWW
SS S
F FFFFF VOWEL
BBB
P P
J can be wrongly assumed to be a consonant. Digraph HW and rt
/tr reversal fails but st/ts reversal gives information. The
word merchants can be found in a non-pattern word list. The ch
combination fits CT HW. The message reads: Neighborly
merchants glimpse beyond bright personal splendor, clasp solemn
profit staunchly. Kw(s)= sprightly; BEHAVIOR.
A-5. Zoology lesson. K4 (78) MICROPOD
A S P D G U L W , J Y C R S K U Q N B H Y Q I X S P I N
O C B Z A Y W N = O G S J Q O S R Y U W , J N Y X U
O B Z A ( B C W S D U R B C ) T B G A W U Q E S L.
* C B S W
Note the entry B C W S... *C B S W. Try also.. LAOS. The
consonant line yields S, U, Y, B as vowels. The message is;
Koupreys, wild oxen having tough blackish=brown bodies, white
back (also pedal) marks enjoy Laos. Kws = undomestic; BOVINE.
[ACA] ACA and You, Handbook For Members of the American Cryptogram Association, 1995. [BARK] Barker, Wayne G., "Cryptanalysis of The Simple Substitution Cipher with Word Divisions," Aegean Park Press, Laguna Hills, CA. 1973. [BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The Simple Substitution Cipher with Word Divisions," Aegean Park Press, Laguna Hills, CA. 1975. [BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An Introduction to Information Security," Hayden Books, Rochelle Park, NJ, 1990. [B201] Barker, Wayne G., "Cryptanalysis of The Simple Substitution Cipher with Word Divisions," Course #201, Aegean Park Press, Laguna Hills, CA. 1982. [BP82] Beker, H., and Piper, F., " Cipher Systems, The Protection of Communications", John Wiley and Sons, NY, 1982. [CAR1] Carlisle, Sheila. Pattern Words: Three to Eight Letters in Length, Aegean Park Press, Laguna Hills, CA 92654, 1986. [CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in Length, Aegean Park Press, Laguna Hills, CA 92654, 1986. [CCF] Foster, C. C., "Cryptanalysis for Microcomputers", Hayden Books, Rochelle Park, NJ, 1990. [DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford University Press, London, 1974. [DAN] Daniel, Robert E., "Elementary Cryptanalysis: Cryptography For Fun," Cryptiquotes, Seattle, WA., 1979. [DOW] Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111, Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for registered version and available as shareware under CRYPTM.zip on CIS or zipnet. [ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York, 1956. [EPST] Epstein, Sam and Beryl, "The First Book of Codes and Ciphers," Ambassador Books, Toronto, Canada, 1956. [GIVI] Givierge, General Marcel, " Course In Cryptography," Aegean Park Press, Laguna Hills, CA, 1978. [GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion, Iowa, 1976 [GORD] Gordon, Cyrus H., " Forgotten Scripts: Their Ongoing Discovery and Decipherment," Basic Books, New York, 1982. [FR1] Friedman, William F. and Callimahos, Lambros D., Military Cryptanalytics Part I - Volume 1, Aegean Park Press, Laguna Hills, CA, 1985. [FR2] Friedman, William F. and Callimahos, Lambros D., Military Cryptanalytics Part I - Volume 2, Aegean Park Press, Laguna Hills, CA, 1985. [FR3] Friedman, William F. and Callimahos, Lambros D., Military Cryptanalytics Part III, Aegean Park Press, Laguna Hills, CA, 1995. [FR4] Friedman, William F. and Callimahos, Lambros D., Military Cryptanalytics Part IV, Aegean Park Press, Laguna Hills, CA, 1995. [FRE] Friedman, William F. , "Elements of Cryptanalysis," Aegean Park Press, Laguna Hills, CA, 1976. [FR22] Friedman, William F., The Index of Coincidence and Its Applications In Cryptography, Publication 22, The Riverbank Publications, Aegean Park Press, Laguna Hills, CA, 1979. [HA] Hahn, Karl, " Frequency of Letters", English Letter Usage Statistics using as a sample, "A Tale of Two Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug 1994. [HEMP] Hempfner, Philip and Tania, "Pattern Word List For Divided and Undivided Cryptograms," unpublished manuscript, 1984. [INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994. [KOBL] Koblitz, Neal, " A Course in Number Theory and Cryptography, 2nd Ed, Springer-Verlag, New York, 1994. [KULL] Kullback, Solomon, Statistical Methods in Cryptanalysis, Agean Park Press, Laguna Hills, Ca. 1976 [LAFF] Laffin, John, "Codes and Ciphers: Secret Writing Through The Ages," Abelard-Schuman, London, 1973. [LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.," Aegean Park Press, Laguna Hills, CA, 1977. [MANS] Mansfield, Louis C. S., "The Solution of Codes and Ciphers", Alexander Maclehose & Co., London, 1936. [MM] Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A New Dimension in Computer Data Security, " Wiley Interscience, New York, 1982. [NIC1] Nichols, Randall K., "Xeno Data on 10 Different Languages," ACA-L, August 18, 1995. [NIC2] Nichols, Randall K., "Chinese Cryptography Part 1," ACA- L, August 24, 1995. [OP20] "Course in Cryptanalysis," OP-20-G', Navy Department, Office of Chief of Naval Operations, Washington, 1941. [PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive, Ventura, Ca. 93003. [RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G & C. Merriam Co., Norman, OK. 1977. [RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G & C. Merriam Co., Norman, OK. 1980. [RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G & C. Merriam Co., Norman, OK. 1981. [RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books, Norman, OK. 1982. [RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C. Merriam Co., Norman, OK. 1982. [RHEE] Rhee, Man Young, "Cryptography and Secure Comm- unications," McGraw Hill Co, 1994 [ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941. [SCHN] Schneier, Bruce, "Applied Cryptography: Protocols, Algorithms, and Source Code C," John Wiley and Sons, 1994. [SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The Mathematical Association of America, NYU, 1966. [SMIT] Smith, Laurence D., "Cryptography, the Science of Secret Writing," Dover, NY, 1943. [STIN] Stinson, D. R., "Cryptography, Theory and Practice," CRC Press, London, 1995. [SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San Francisco, 1994. [TUCK] Harris, Frances A., "Solving Simple Substitution Ciphers," ACA, 1959. [WAL1] Wallace, Robert W. Pattern Words: Ten Letters and Eleven Letters in Length, Aegean Park Press, Laguna Hills, CA 92654, 1993. [WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and Greater in Length, Aegean Park Press, Laguna Hills, CA 92654, 1993. [WEL] Welsh, Dominic, "Codes and Cryptography," Oxford Science Publications, New York, 1993. [WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages," Crown Publishers, New York, 1990. [ZIM] Zim, Herbert S., "Codes and Secret Writing." William Morrow Co., New York, 1948.
I expect to cover the following subjects in my next lecture: Variant Substitution Systems o Simple Numerical Ciphers o Multiliteral Substitution with Single Equivalent Cipher Alphabets o Baconian Cipher o Hayes Cipher o Trithemian Cipher o Other historical variants. LECTURE 4 We will cover recognition and solution of XENOCRYPTS (language substitution ciphers) in detail. LECTURE 1 ERRATA The Parker Hitt distribution of letters is per 20,000 letters. The phrase "aa a" should have been "as a". I will correct others that I have been advised of and retransmit them to our CDB. CLASS NOTES Our class seems to have leveled off at 86 students! This may be a record size for any public cryptography class offered to date. I thank you for your confidence. Please send homework solutions to me at my 5953 Long Creek Drive, Corpus Christi, TX 78414 or E-mail to 75542.1003@ compuserve.com. NORTH DECODER, in addition to running the ACA-L list server and Crypto Drop Box superbly, has taken it upon himself to act as my grammarian. I appreciate his help finding the late night "additions/subtractions." TATTERS has volunteered as an assistant with LEDGE. Thank you. TATTERS, in addition to making available his microcomputer crypto programs to the class has agreed to assist on the Cipher Exchange lectures at the beginning of 1996. Thank you. LEDGE will be assisting on the Cryptarithms Lectures. Thank you. My typing fingers thank you both! Text converted to HTML on April 25, 1998 by Joe Peschel.Any mistakes you find are quite likely mine. Please let me know about them by e-mailing:
jpeschel@aol.com.Thanks.
Joe Peschel