Taking the five rows, five columns, and ten diagonals of the left half of the first table, “?” can be encrypted into one of the following 20 groups:

QuG SLH onI Wdv Mlr QoM jaT unl fsi GIr
Qnr jsM uIT fol Gai QsT jIl uoi far GnM

The plaintext CATS AND DOGS can be encrypted as follows (many other substitutions are possible):

The ciphertext is:


As can be seen, Handycipher can encrypt the same plaintext into a large number of different ciphertexts. Nevertheless, decryption leads back to a unique plaintext.


Adding null characters

So far we have only used the left half of the first table. The right half can be used to make the encryption more secure. Its purpose is to add meaningless letters (so-called nulls) to the ciphertext. A null generated the same way as a ciphertext letter, with the only difference that the right half of the first table is used.

As null can be easily distinguished from ciphertext letters, if one knows the key, the encipherer can include as many nulls as he wants and put them where he wants. However, the specification of Handycipher is much more restrictive. It defines a random-based method that interweaves the ciphertext with a sequence of nulls. For details, please refer to the specification.


How secure and convenient is it

It certainly requires some practicing to use the Handycipher. However, for a trained user it should be possible to encrypt a plaintext with Handycipher in an acceptable speed. But is it secure? I will present a few security considerations, including a number of challenges, in my next blog post.

Further reading: Bigram substitution: An old and simple encryption algorithm that is hard to break

Linkedin: https://www.linkedin.com/groups/13501820
Facebook: https://www.facebook.com/groups/763282653806483/

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

1 / 2

Kommentare (12)

  1. #1 Dichter
    1. Juni 2017

    secure or convenient, that’s the question.
    secure probably not, but easy to learn.
    For beginners only.

  2. #2 Thomas
    1. Juni 2017


    “ten diagonals”:
    There are only two diagonals of length 5 in one square. How do you get the groups 12 (‘jsM’) to 19 (‘far’)?

  3. #3 Moritz
    1. Juni 2017

    Stupid question perhaps, but how is this actually uniquely decryptable? For example, the letter L could stand for 00100 in the second row, or for 01000 in the third column. So in our example it could be the encryption of “,” or of “L”. Am I missing something? Are single letters always considered in rows?
    Also, I think there is an additional limitation: When you write the ciphertext without spaces, as intended, you have to be careful not to use the same row/column/diagonal twice in a row. (Otherwise, again, unique decryption is impossible: oasI could decrypt to 11011 or 11000 00011 or 10000 01000 00010 00001 or many other combinations.This is especially difficult, again, if one of them is a single letter. Then it cannot be in the same row/column/diagonal used in the one before or in the same row/column/diagonal used in the one after it. For example, if you encrypt 31 as SNLqH and wish to follow up with 8, it mustn’t be encrypted as S, N, L or q. H would be possible, since there is no confusion there, but still… I’ll have to read up the specification more closely.

  4. #4 George Lasry
    1. Juni 2017

    If there is only one bit on (e.g. 01000 = 8 or 00100 = 4) then only columns are allowed.
    See Section 2, step 1.2.1 (rows) and 1.3 (diagonals)
    ξK(m) != 1, 2, 4, 8, or 16


  5. #5 George Lasry
    1. Juni 2017

    To Moritz (the previous post was also and answer to you).
    For your second point:
    See 3.1
    (3.1) The first character of σ(m) must not lie in the line used to encrypt (the previous) m

    ‘line’ is used collectively to describe a row, column or diagonal.

  6. #6 Moritz
    1. Juni 2017

    Ah, yes, that makes sense. Thanks for clearing that up. Do you also know why the “^”-symbol is part of the key? Wouldn’t we get more or less the same situation if the key consisted only of the 50 letters and we just substituted in the “^” like the other extra symbols, for example instead of “f”?

  7. #7 Moritz
    1. Juni 2017

    @Thomas I think you receive the additional diagonals by imagining that the square stretches on in all four directions. Additional diagonals might be jLsvM, fHoFl or rFLaW.

  8. #8 George Lasry
    1. Juni 2017

    The primary key (51 elements) is further translated into two subkeys:
    1) The rectangle with 50 element, from which ^ was removed.
    2) The substitution key, from which ^ is NOT removed.

    So you need ^ in the (primary) key.

  9. #9 George Lasry
    1. Juni 2017

    Note that you can find a simulator here:

    Click on
    “Click here to download the additional file of the challenge.”

  10. #10 Thomas
    1. Juni 2017

    Thanks, now I see. Quite confusing.

  11. #11 Bruce Kallick
    2. Juni 2017

    Regarding Moritz’s comment #7, it’s perhaps more helpful to say that the eight additional diagonals are regarded as “wrapping around” the left and right edges of the square.
    Also, rFLaW is not correct (it should be rfLaW).

    Reading from top to bottom, there are five left-to-right diagonals {QNnxr, jLsvM, uqIWT, fHoF1, GSadi} and five right-to-left diagonals {QHsdT, jSIx1, uNovi, fLaWr, GqnFM}. (I’ve typed 1 here for the lower-case L to distinguish it from the upper-case I.)

  12. #12 Girkov Arpa
    25. September 2018

    This is neither convenient nor secure. It’s just an extremely cumbersome homophonic cipher. Having to memorize the first 30-something binary numbers (or even write them down) is extremely time consuming. If you want something that’s ACTUALLY convenient and secure, check out the Hutton cipher.