In 1948, an anonymous codebreaker deciphered an encrypted message by British parapsychologist Robert Thouless. The solution is known. Can a reader find out how the successful attack worked?

Frequent readers of this blog certainly have heard of British parapsychologist Robert Thouless.

Thouless_Evans_m

In 1948, Thouless started an interesting experiment. He took a text, encrypted it and published the result (i.e., the ciphertext), while he kept the cleartext and the key secret. His plan was to communicate the key from the beyond after his death. If somebody received the correct key from the realm of the dead, which would lead to the cryptogram being solved, this would prove that there is a life after death and that the dead can communicate with the living.

Thouless’ first try failed: the message he published was broken by an anonymous person (not in a supernatural way, but with codebreaking techniques). More details about Thouless’ experiment are available here (English blog post) and here (German Telepolis article).  Thouless’ third attempt (also known as message C) is still unsolved.

Apart from the solution of Thouless’ third cipher message, there’s another question about this experiment that is still unanswered: how did the anonymous codebreaker decipher Thouless’ first message?

 

Thouless’ first message

Let’s look at the details. Here’s the cleartext of Thouless’ first message (it’s a Shakespeare quote):

BALM OF HURT MINDS GREAT NATURE’S SECOND COURSE CHIEF NOURISHER IN LIFE’S FEAST

The encryption method Thouless used is the Playfair cipher. The Playfair cipher substitutes letter pairs. So, we need to write the cleartext as a sequence of letter pairs:

BA LM OF HU RT MI ND SG RE AT NA TU RE SS EC ON DC OU RS EC HI EF NO UR IS HE RI NL IF ES FE AS T

The Playfair cipher requires that no letter pair consist of two equal letters. Therefore, Thouless added an X between the two Ss:

BA LM OF HU RT MI ND SG RE AT NA TU RE SX SE CO ND CO UR SE CH IE FN OU RI SH ER IN LI FE SF EA ST

If the number of letters in this cleartext were odd, another X would have to be added at the last position, but this is not necessary here. Next, Thouless chose a keyword: SURPRISE. Now, he set up a 5×5 matrix, which started with the keyword (repeating letters are omitted), followed by the remaining alphabet (I and J are considered equal in order to get an alphabet of 25 letters):

S U R P I
E A B C D
F G H K L
M N O Q T
V W X Y Z

Now, Thouless replaced the cleartext letter pairs (BA, LM, OF, HU, …) according to the three Playfair rules. Here are the rules in a diagram:

Playfair-diagram

Here are the Playfair rules as a text (I refer to the letter pair to be replaced as XY):

  1. If X and Y are not in the same column and not in the same row (this is the most frequent case), form a rectangle and replace the two letters by the other two corner letters (the upper cleartext letter is replaced by the other upper letter in the rectangle, the lower cleartext letter by the lower one). For instance, LM becomes FT.
  2. If the two letters stand in the same row, each one is replaced by its right neighbor. Here, BA becomes CB.
  3. If the two letters stand in the same column, each one is replaced by its lower neighbor. In our example, AN becomes GW.

When applying the Playfair rules on the 5×5 matrix above, Thouless’ Shakespeare quote encrypts to:

CB FT MH GR IO TS TA UF SB DN WG NI SB RV EF BQ TA BQ RP EF BK SD GM NR PS RF BS UT TD MF EM AB IM

Thouless published this cryptogram in the following way (the positions of the spaces is changed):

CBFTM HGRIO TSTAU FSBDN WGNIS BRVEF BQTAB
QRPEF BKSDG MNRPS RFBSU TTDMF EMA BIM

 

How was it broken?

As mentioned, Thouless first message was broken within a few weeks. The identity of the person who solved it is not known, neither is the codebreaking method he or she used. At least, it is clear that this person didn’t use the following two techniques:

  • Dictionary attack: Today, it is possible to break a Playfair cipher by guessing the keyword. The word SURPRISE is contained in virtually every English dictionary, so a computer that tests one keyword candidate after the other will sooner or later find it. However, in 1948, the anonymous codebreaker certainly had no computer available.
  • Hill climbing: Hill climbing is the current super-algorithm in historical codebreaking. However, in 1948, neither the algorithm nor the computer technology necessary to implement it existed.

There are several books that explain how a Playfair can be solved without computer support, for instance Helen Fouché Gaines’ Cryptanalysis and André Langie’s Cryptography. The concept is to guess a few words in the cleartext and to derive the 5×5  matrix based on the peculiarities of the Playfair cipher (for instance, if AB->XY then BA->YX).

However, breaking a Playfair cryptogram manually is pretty difficult, especially if the ciphertext is as short as here (the Thouless message consists of 66 letters). The examples described in the books mentioned above all refer to much longer messages. In addition, these books assume that a few words of the cleartext are known. Nevertheless, none of these books describes the complete Playfair codebreaking procedure – instead, most of the trial-and-error reckoning necessary is simply omitted.

All in all, this means that the anonymous solver of the first Thouless message did a great job. I am asking myself:

  • Which words did the anonymous codebreaker guess?
  • How did he or she reconstruct the matrix based on this knowledge?

Or did the anonymous solver find a completely different way to break Thouless’ Playfair message? Any comments about this mystery are welcome.


Further reading: The Top 50 unsolved encrypted messages: 43. The Rayburn murder cryptogram

Linkedin: https://www.linkedin.com/groups/13501820
Facebook: https://www.facebook.com/groups/763282653806483/

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Kommentare (10)

  1. #1 George Lasry
    Israel
    15. März 2018

    Klaus:

    Would you like to propose a challenge with a short Playfair cryptogram, with (say) only 60 letters?

    More specifically to your story – there is a story about a US cryptanalyst solving a very short cryptogram (30 letters), by taking advantage of the fact the key was derived from a keyword. https://www.amazon.com/Solution-Playfair-cipher-Alf-Monge%C3%8C%C2%81/dp/B00085D3GU
    I think the story is documented somewhere in Friedman collection at the NSA site.

  2. #2 Klaus Schmeh
    15. März 2018

    Mark Romo via Facebook:
    How did he come up with the keyword SURPRISE?

  3. #3 Klaus Schmeh
    15. März 2018

    @George:
    >Would you like to propose a challenge with a short
    >Playfair cryptogram, with (say) only 60 letters?
    I could certainly do this. However, such a message might be solved quickly with a dictionary attack or Hill Climbing.

  4. #4 Rich SantaColoma
    http://proto57.wordpress.com/
    15. März 2018

    I admit I am more of a skeptic… a cynic… and so when I see some elements in such a story, I tend to become somewhat suspicious. Perhaps that is uncalled for, but that won’t stop me from offering my opinion!

    If a solution is anonymous and also unexplained, perhaps there is a hoax involved… that the solution was known somewhere, and since there was no method of description offered, that there never was any method used one to begin with. Adding to this is the understanding that it would be admittedly difficult.

    Secondly, there is an unsolved message, too… this raised the Beale flag for me: For if one has several ciphers, and reveals the solution to one or more of them, it adds (unwarranted?) veracity to the remaining one… whether or not that one is actually a genuine cipher, that does not matter. What happens, though, is that interest and “hope” is peaked, because we are shown it is possible, by the realized examples.

    Thirdly… and I apologize in advance to any one with an interest or belief in any of the “para” sciences… when I see that this story involves a “parapsychologist”, all my alarms go off, and I call the story into question… points one and two above notwithstanding.

    Signed, Hopeless Cynic and Curmugeon

  5. #5 Thomas
    15. März 2018

    Alf Monge’s article “Solution of a Playfair Cipher” from 1936 is indeed very interesting. It’s part of the collection “Articles on Cryptography and Cryptanalyis”, page 135, and available online as pdf on the NSA website which contains Friedman’s copy of that book. Monge managed to break a 30 letter Playfair challenge which didn’t have any reversed digraph (Thouless’s cipher has four of them).

  6. #6 George Lasry
    15. März 2018

    @Klaus: If the keyword is composed of random letters, then hill climber is not good enough for short messages (<100). Simulated annealing is more effective, but will only sporadically solve messages with < 70-80.

    @all: I think the entry point might have been the repetitions and reverse digrams:

    CB FT MH GR IO TS (TA) UF (SB) DN WG NI (SB) RV (EF) (BQ) (TA) (BQ) RP (EF)
    BK SD GM NR PS RF (BS) UT TD MF EM AB IM

    especially that most occur very closely – so that would make things easy if you make a good guess
    (TA) UF (SB) DN WG NI (SB) RV (EF) (BQ) (TA) (BQ) RP (EF)

  7. #7 Thomas
    15. März 2018

    Monge’s 30 letter cryptogram was a very special case, so that his method can’t be applied generally: The 5th line in a Playfair square most likely contains V W X Y Z. As a first step Monge could fill in also the 4th line: He guessed that the cipher digraphs OQ and QM represented the frequent plaintext digraphs ON and OU, this yielded due to rule 2 the letters of the 4th line: MNOQU. Unfortunately this doesn’t work here: In Thouless’s cryptogram there aren’t cipher/ plaintext digraph pairs that derive only from the 4th line (MNOQT).

  8. #8 Thomas
    16. März 2018

    In his article “A Test of Survival” Toulness gave the hint that the cryptogram is “an extract of one of Shakespeare´s plays”. The solution was figured out within two weeks. That should have been enough time to sift through a quotation book looking for the digraph pattern shown by George #7.

  9. #9 Thomas
    16. März 2018

    E.g. here the quote can be found on page 113: https://books.google.de/books?id=P3NZAAAAcAAJ&pg=PA113. So the codebreaker could not only find the solution, but also brush up his Shakespeare.

  10. #10 Klaus Schmeh
    16. März 2018

    @George:
    > If the keyword is composed of random letters, then hill
    >climber is not good enough for short messages (<100).
    >Simulated annealing is more effective, but will only
    >sporadically solve messages with < 70-80. Great idea, I will put this on my topics list.