# A crypto mystery from 1948

In 1948, an anonymous codebreaker deciphered an encrypted message by British parapsychologist Robert Thouless. The solution is known. Can a reader find out how the successful attack worked?

Frequent readers of this blog certainly have heard of British parapsychologist Robert Thouless.

In 1948, Thouless started an interesting experiment. He took a text, encrypted it and published the result (i.e., the ciphertext), while he kept the cleartext and the key secret. His plan was to communicate the key from the beyond after his death. If somebody received the correct key from the realm of the dead, which would lead to the cryptogram being solved, this would prove that there is a life after death and that the dead can communicate with the living.

Thouless’ first try failed: the message he published was broken by an anonymous person (not in a supernatural way, but with codebreaking techniques). More details about Thouless’ experiment are available here (English blog post) and here (German Telepolis article).  Thouless’ third attempt (also known as message C) is still unsolved.

Apart from the solution of Thouless’ third cipher message, there’s another question about this experiment that is still unanswered: how did the anonymous codebreaker decipher Thouless’ first message?

### Thouless’ first message

Let’s look at the details. Here’s the cleartext of Thouless’ first message (it’s a Shakespeare quote):

BALM OF HURT MINDS GREAT NATURE’S SECOND COURSE CHIEF NOURISHER IN LIFE’S FEAST

The encryption method Thouless used is the Playfair cipher. The Playfair cipher substitutes letter pairs. So, we need to write the cleartext as a sequence of letter pairs:

BA LM OF HU RT MI ND SG RE AT NA TU RE SS EC ON DC OU RS EC HI EF NO UR IS HE RI NL IF ES FE AS T

The Playfair cipher requires that no letter pair consist of two equal letters. Therefore, Thouless added an X between the two Ss:

BA LM OF HU RT MI ND SG RE AT NA TU RE SX SE CO ND CO UR SE CH IE FN OU RI SH ER IN LI FE SF EA ST

If the number of letters in this cleartext were odd, another X would have to be added at the last position, but this is not necessary here. Next, Thouless chose a keyword: SURPRISE. Now, he set up a 5×5 matrix, which started with the keyword (repeating letters are omitted), followed by the remaining alphabet (I and J are considered equal in order to get an alphabet of 25 letters):

```S U R P I
E A B C D
F G H K L
M N O Q T
V W X Y Z```

Now, Thouless replaced the cleartext letter pairs (BA, LM, OF, HU, …) according to the three Playfair rules. Here are the rules in a diagram:

Here are the Playfair rules as a text (I refer to the letter pair to be replaced as XY):

1. If X and Y are not in the same column and not in the same row (this is the most frequent case), form a rectangle and replace the two letters by the other two corner letters (the upper cleartext letter is replaced by the other upper letter in the rectangle, the lower cleartext letter by the lower one). For instance, LM becomes FT.
2. If the two letters stand in the same row, each one is replaced by its right neighbor. Here, BA becomes CB.
3. If the two letters stand in the same column, each one is replaced by its lower neighbor. In our example, AN becomes GW.

When applying the Playfair rules on the 5×5 matrix above, Thouless’ Shakespeare quote encrypts to:

## Kommentare (10)

1. #1 George Lasry
Israel
15. März 2018

Klaus:

Would you like to propose a challenge with a short Playfair cryptogram, with (say) only 60 letters?

More specifically to your story – there is a story about a US cryptanalyst solving a very short cryptogram (30 letters), by taking advantage of the fact the key was derived from a keyword. https://www.amazon.com/Solution-Playfair-cipher-Alf-Monge%C3%8C%C2%81/dp/B00085D3GU
I think the story is documented somewhere in Friedman collection at the NSA site.

2. #2 Klaus Schmeh
15. März 2018

How did he come up with the keyword SURPRISE?

3. #3 Klaus Schmeh
15. März 2018

@George:
>Would you like to propose a challenge with a short
>Playfair cryptogram, with (say) only 60 letters?
I could certainly do this. However, such a message might be solved quickly with a dictionary attack or Hill Climbing.

4. #4 Rich SantaColoma
http://proto57.wordpress.com/
15. März 2018

I admit I am more of a skeptic… a cynic… and so when I see some elements in such a story, I tend to become somewhat suspicious. Perhaps that is uncalled for, but that won’t stop me from offering my opinion!

If a solution is anonymous and also unexplained, perhaps there is a hoax involved… that the solution was known somewhere, and since there was no method of description offered, that there never was any method used one to begin with. Adding to this is the understanding that it would be admittedly difficult.

Secondly, there is an unsolved message, too… this raised the Beale flag for me: For if one has several ciphers, and reveals the solution to one or more of them, it adds (unwarranted?) veracity to the remaining one… whether or not that one is actually a genuine cipher, that does not matter. What happens, though, is that interest and “hope” is peaked, because we are shown it is possible, by the realized examples.

Thirdly… and I apologize in advance to any one with an interest or belief in any of the “para” sciences… when I see that this story involves a “parapsychologist”, all my alarms go off, and I call the story into question… points one and two above notwithstanding.

Signed, Hopeless Cynic and Curmugeon

5. #5 Thomas
15. März 2018

Alf Monge’s article “Solution of a Playfair Cipher” from 1936 is indeed very interesting. It’s part of the collection “Articles on Cryptography and Cryptanalyis”, page 135, and available online as pdf on the NSA website which contains Friedman’s copy of that book. Monge managed to break a 30 letter Playfair challenge which didn’t have any reversed digraph (Thouless’s cipher has four of them).

6. #6 George Lasry
15. März 2018

@Klaus: If the keyword is composed of random letters, then hill climber is not good enough for short messages (<100). Simulated annealing is more effective, but will only sporadically solve messages with < 70-80.

@all: I think the entry point might have been the repetitions and reverse digrams:

CB FT MH GR IO TS (TA) UF (SB) DN WG NI (SB) RV (EF) (BQ) (TA) (BQ) RP (EF)
BK SD GM NR PS RF (BS) UT TD MF EM AB IM

especially that most occur very closely – so that would make things easy if you make a good guess
(TA) UF (SB) DN WG NI (SB) RV (EF) (BQ) (TA) (BQ) RP (EF)

7. #7 Thomas
15. März 2018

Monge’s 30 letter cryptogram was a very special case, so that his method can’t be applied generally: The 5th line in a Playfair square most likely contains V W X Y Z. As a first step Monge could fill in also the 4th line: He guessed that the cipher digraphs OQ and QM represented the frequent plaintext digraphs ON and OU, this yielded due to rule 2 the letters of the 4th line: MNOQU. Unfortunately this doesn’t work here: In Thouless’s cryptogram there aren’t cipher/ plaintext digraph pairs that derive only from the 4th line (MNOQT).

8. #8 Thomas
16. März 2018

In his article “A Test of Survival” Toulness gave the hint that the cryptogram is “an extract of one of Shakespeare´s plays”. The solution was figured out within two weeks. That should have been enough time to sift through a quotation book looking for the digraph pattern shown by George #7.

9. #9 Thomas
16. März 2018

E.g. here the quote can be found on page 113: https://books.google.de/books?id=P3NZAAAAcAAJ&pg=PA113. So the codebreaker could not only find the solution, but also brush up his Shakespeare.

10. #10 Klaus Schmeh
16. März 2018

@George:
> If the keyword is composed of random letters, then hill
>climber is not good enough for short messages (<100).
>Simulated annealing is more effective, but will only
>sporadically solve messages with < 70-80. Great idea, I will put this on my topics list.