George Lasry has found an interesting collection of challenge ciphers, probably used to train codebreakers during the early Cold War. Today, I’m going to present one of these challenges.

Two weeks ago, on the day before the NSA Symposium on Cryptologic History started, I went to the National Archives and Records Administration (NARA) in College Park near Washington, D.C. Together with Israeli codebreaker George Lasry …

Source: Klaus Schmeh

… I combed through thousands of documents related to cryptography, mainly from the Second World War and the early Cold War. We found a lot of interesting stuff, including information about US encryption machines George can use for his research work. We spent an interesting day at NARA, but it was also exhausting to deal with such a huge amount of information.

Of course, George knows that I’m always looking for historical cryptograms I can publish on my blog. While he was skimming through one of the files he had ordered, he said: “I have found something interesting for you. This might provide enough material to write about on your blog for a whole year.”

What George had discovered was a collection of challenge ciphers, probably from the Cold War. Unfortunately, the file was not properly labeled, so we don’t know exactly where these ciphertexts come from. Apparently, they were used for training US cryptologists, approximately in the 1950s.

The collection consists of several dozens of cipher problems, starting with MASCs (monoalphabetical substitutions), then getting more and more difficult. Among others, polyalphabetic and turing grille cryptograms are contained. The solutions are not provided.

 

A bigram substitution

Some of the challenges George found are headlined “Digraphic Substitution”. The first one (problem VIIIa) is reproduced in the following.

A digraphic substitution (also known as bigram substitution) replaces letter pairs. There are numerous variants of this method, but only two of these have found widespread use:

  • The general bigram substitution is based on a table that provides a replacement (usually another bigram) for every existing bigram. If we are dealing with an alphabet of 26 letters, such a table has 676 columns. The shortest general bigram ciphertext ever broken has 1000 letters. This record was set by Jarl Van Eicke and Louie Helm only a few days ago.
  • The Playfair cipher is defined by a set of simple rules. It is much easier to handle than a general bigram substitution, but less secure. The shortest Playfair cryptogram ever solved (not counting a few special cases) consists of 30 letters. This record was set by Magnus Eckhall earlier this year.

Considering that problem VIIIa has some 250 letters, it is unlikely that it was created with a general bigram substitution (at least, if we assume that it is meant to be solvable). So, my guess is that a Playfair cipher was used. However, this is only a guess, other options (i.e., less popular bigram substitutions) are possible, as well.

Can a reader find out which method was used to encrypt this ciphertext? And can somebody decipher it? If so, please let us know.


Further reading: A cryptographic challenge from the German TV show “TV total”

Linkedin: https://www.linkedin.com/groups/13501820
Facebook: https://www.facebook.com/groups/763282653806483/

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Kommentare (12)

  1. #1 Nils Kopal
    Krefeld
    3. November 2019

    Transcription:
    UH KZ KN SY KP JP CR QQ GL HO IY SF JI LN TK UY BB SD
    BX AV LB CG EU LY KI FF HG QK BB CG BL NN RW CF ZC NR
    ZC NR LS GQ NE EU WX MG SU CA CF JL TT WR MI DG EH MC
    DG NE EF JN MT OR GW AG EA SD JI SQ OR HG YU RW LC GL
    LS CQ NE EH SK LT YJ MD GL BU SO KY HS GQ BE HV MN CT
    ST AS CF JL TT WR JM IW FF JN NI XG NJ HG NC KK PM TZ RN SO
    CG NJ SP BB SO KL EF NG KJ PM TZ RN SY NR KZ JT CT BA KS JO

  2. #2 Nils Kopal
    Krefeld
    3. November 2019

    Don’t think its Playfair since you have 26 different letters. And with Playfair you have I = J, meaning, 25 letters 🙂

  3. #3 Bill Briere
    Wyoming, USA
    3. November 2019

    Someone can surely make quick work of this sans computer.

    Here’s a crib that might get it started: Looks like a four-square, probably with 2 direct standard alphabets and 2 very gently keyword-mixed alphabets, making “ZC NR ZC NR” likely “ZE RO ZE RO.”

    Alternate the use of I and J or of U and V. If this puzzle’s still here tomorrow, I’ll take a stab at it myself!

  4. #4 TWO
    iSLA JIMENEZ
    3. November 2019

    Ok I’ll give it a go but dont laugh too much please.

  5. #5 George Lasry
    3. November 2019

    Klaus, maybe you could provide the full page, as there are several messages, and they could be related.

  6. #6 Magnus Ekhall
    Borensberg
    6. November 2019

    I agree with George – from the photo it looks like exercise VIII (a) consists of several messages, with only the first one (serial #1) being visible in the photo.
    So the original exercise was probably meant to be solved with all messages available to the solver.

    The transcription Nils provided has a few typos in it. Here is my attempt to correct them:
    UH KZ KN SY KP JC CR QQ GL HP IY SF JI LN TK UY BB SD
    BX AV LB CG EU LY KI FF HG QX BB CG BL NN RW CF ZC NR
    ZC NR LS GQ NE EU WX MG SU CA CF JL TT WR MI DG EH MC
    DG NE EF JN MT OR GW AG EA SD JI SQ OR HG YU RW LC GL
    LS GQ NE EH SK LT YJ MD GL BU SO KY HS GQ BE HV MN CT
    ST AS CF JL TT WR JM IW FF JN NI XG NJ HG NC KK PM TZ RN SO
    CG NJ SP BB SO KL EF NG KJ PM TZ RN SY NR KZ JT CT BA KS JO

  7. #7 George Lasry
    6. November 2019
  8. #8 Magnus Ekhall
    Borensberg
    6. November 2019

    Thank you George.

    I see that some repeats (underlined) extends to only one character in a bigram. For example: SP K in “SP KT”, “SP KA”, “SP KD” and “SP KP”.

    If this is a digraphic substitution cipher, what does this effect say about the selected cipher?

  9. #9 Richard Bean
    Brisbane
    8. November 2019

    It can’t be standard Playfair because of the doubled letters in the ciphertext. Perhaps the underlined repeats with just one of two characters indicate seriation, with some contrived long repeats in there across the line pairs. Then if you have enough ciphertext to work with, you can guess the seriation width and start filling in your key squares/rectangles. There are lots of variants and an obvious one is to combine I/J and U/V like Bill said and use 4×6 rectangles.

  10. #10 Richard Bean
    Brisbane
    8. November 2019

    Second message

    NE MD YF NR HB KY HG GQ SP RF TK RI IK NR WZ VJ KH SA
    JF SP KT RN SL KI NH SP KA RB LT JB JN GV LN UQ UR AS SE
    TS NX MD JQ JH EH ZC NR EH FX SF BL LN NX YF RN SU RF AV
    SE BX AV LV KL FO JH EH KL ST GL SK FF JJ SG NE SE JI SN
    JE IW OR HH GF JN BD CL JO KI JM WX BL SP ML TS AQ BD BA
    SF EK KK SP CF SW SP RP EF HA NN TT RF FQ GQ WR MI DY HX
    CQ KI JO SV SN JM RV JE AG VJ KH SU YX SP KD GL JM NE SI
    SP KP JC CR QG RK MW SD SQ RN SP SD CF CQ KI JR KI NX SF
    GE LN NX YS GV JN CU KT SQ SV SN LS GQ NE EN

  11. #11 Rossignol
    Paris, France
    10. November 2019

    Imho these cryptograms are encrypted with a large (26×26) table of bigrams.
    For military cryptography, a good reference is Milirary Cryptanalytics by Friedman and Callimahos.
    There are some examples of such tables page 153 et seq.
    https://archive.org/details/41748189078749/page/n163

    I think the purpose of the exercise is the use of word lists:
    https://archive.org/details/41748189078749/page/n349
    pattern word lists:
    https://archive.org/details/41748189078749/page/n367
    and digraphic idiomorphs:
    https://archive.org/details/41748189078749/page/n387

    For instance, for the two words KK PM TZ RN S* and KJ PM TZ RN S*
    with the table https://archive.org/details/41748189078749/page/n363
    we obtain
    DETRAINED – ENTRAINED
    DECREASED – INCREASED
    DEFENSIVE – OFFENSIVE
    DETENTION – RETENTION – INTENTION – ATTENTION
    …etc
    A lot of cases to test.

    It’s old school cryptography: a sheet of paper, a pencil and a big big eraser!

    Note that, with the bigrams of the two cryptograms, the index coincidence for the
    first letters is 0.067 against 0.041 for the second letters.
    The distribution of the first letters seems monoalphabetic.

  12. #12 Thomas
    10. November 2019

    These idiomorph tables for solving four square ciphers were later extended in the Field manual: https://archive.org/details/Fm3440.2BasicCryptAnalysis/page/n281