My readers have shown that a Playfair cryptogram consisting of only 40 letters can be broken. Here’s a Playfair challenge with only 30 letters. Can you break it, too?

The Playfair cipher, invented by Charles Wheatstone in the 19th century, is one of the more secure manual ciphers. Nevertheless, the Playfair can be broken with Hill Climbing (which works even better if Simulated Annealing is included), provided that the ciphertext is long enough.

Last year, George Lasry, …

Lasry-01

Source: Schmeh

… who is one of the world’s leading experts in breaking historical ciphers, solved a Playfair cryptogram consisting of only 50 letters I had introduced on this blog. As far as I know, this success set a new world record in breaking a Playfair with a random matrix (US cryptanalyst Alf Monge broke a 30 letter Playfair in the 1930s, but this one was based on a matrix created with a keyword, which made things easier).

In order to check if if is possible to do better, I published another Playfair challenge. This one was based on a ciphertext with only 40 letters. Again, one of my readers solved it. This time, it was Nils Kopal.

Source: Bonavoglia

Nils wrote: “We broke it with CrypTool 2 and George Lasry’s Playfair analysis algorithm (based on simulated annealing). The plaintext popped up during the analysis but disappeared since others had a higher score. After we applied the beginning, which we saw popping up, as a crib, it always finds the solution.”

Now, Nils Kopal was the new holder of the Playfair world record.

 

How the Playfair works

The Playfair cipher substitutes letter pairs. So, the cleartext needs to be written as a sequence of letter pairs (the following cleartext is a Shakespeare quote taken from Robert Thouless’ life-after-death experiment):

BA LM OF HU RT MI ND SG RE AT NA TU RE SS EC ON DC OU RS EC HI EF NO UR IS HE RI NL IF ES FE AS T

The Playfair cipher requires that no letter pair consist of two equal letters. Therefore, we add an X between the two Ss:

BA LM OF HU RT MI ND SG RE AT NA TU RE SX SE CO ND CO UR SE CH IE FN OU RI SH ER IN LI FE SF EA ST

If the number of letters in the cleartext is odd, another X needs to be added at the last position, but this is not the case here. Next, we set up a 5×5 matrix containing the letters of the alphabet in a random order (we identify the J with the I, in order to get a 25 letter alphabet):

S U R P I
E A B C D
F G H K L
M N O Q T
V W X Y Z

As you might have noticed, the letter order in the matrix has been derived with the keyword SURPRISE. It would be more secure to use a completely random order of the letters.

Now, we replace the cleartext letter pairs (BA, LM, OF, HU, …) according to the three Playfair rules. Here are the rules in a diagram:

Playfair-diagram

Here are the same rules in text form (I refer to the letter pair to be replaced as XY):

  1. If X and Y are not in the same column and not in the same row (this is the most frequent case), form a rectangle and replace the two letters by the other two corner letters (the upper cleartext letter is replaced by the other upper letter in the rectangle, the lower cleartext letter by the lower one). For instance, LM becomes FT.
  2. If the two letters stand in the same row, each one is replaced by its right neighbor. Here, BA becomes CB.
  3. If the two letters stand in the same column, each one is replaced by its lower neighbor. In our example, AN becomes GW.

When we apply the Playfair rules on our cleartext with our 5×5 matrix, we get the following ciphertext:

1 / 2 / Auf einer Seite lesen

Kommentare (7)

  1. #1 Enigma
    16. April 2019

    neandlythewantorethithatrestonaf

  2. #2 Max Baertl
    16. April 2019

    outagedbyearinthenasandtheshowmy

  3. #3 Klaus Schmeh
    16. April 2019

    Sorry, both solutions are not correct.

  4. #4 Magnus Ekhall
    Borensberg
    16. April 2019

    You mention that the ciphertext has exactly 30 letters (as well as the cleartext). However, the ciphertext is 32 letters.
    Is there a typo so that the cleartext is 30 and the corresponding ciphertext is 32 characters?

  5. #5 Klaus Schmeh
    16. April 2019

    @Magnus:
    Sorry, you are right. The plaintext has 30 letters, but the ciphertext has 32 (because CrypTool added two filling letters to avoid doubled letters and/or an odd number of letters).

  6. #6 George Lasry
    17. April 2019

    Sorry, this is outside the limits of the attack we integrated into CrypTool. 40 letters could be solved because we were lucky to see the solution for a few seconds.

    Maybe you want to contribute some crib?

  7. #7 Thomas
    17. April 2019

    @George Lasry:
    As Max’s “solution #2 shows, fitness functions based on n-grams can yield correct words, but – esp. with very short cryptograms – no phrases that make sense. What about a fitness function that additionally scores the (correct) word order regarding word classes? For example: preposition, article, adjective, noun – high score, scrambled word order – low score.