# Playfair cipher: Is it unbreakable, if the message has only 50 letters?

The Playfair cipher is an encryption method from the 19th century. Some say that a Playfair-encrypted message of 50 or less letters is still secure today, if the method is used properly. Let’s put this claim to the test.

Designing a purely manual cipher that is both secure and convenient is extremely difficult, if not impossible – especially if such a cipher shall withstand modern cryptanalysis.

The Double Column Transposition (DCT, also known as double cube) is considered one of the best manual ciphers. Blog reader George Lasry has suggested the World War I cipher ADFGVX as another interesting candidate, provided that the second step of this method (a transposition) is carried out twice. Others have designed encryption algorithms that use unsuspicious aids, such as Rubik’s cube encryption and Solitaire (uses a deck of cards). Elsiefour and Handycipher are other new manual cipher designs. However, none of these algorithms is secure and fool-proof at the same time.

The Playfair cipher, a method invented by Charles Wheatstone in the 19th century, is simpler than all the ciphers mentioned above. However, it can be broken with hill climbing, provided that the ciphertext is long enough or that the keyword is not too complex. George Lasry, …

… who is one of the world’s leading experts in breaking historical ciphers, has pointed out that a Playfair message with less than 70-80 characters might be very difficult to break:

So, I  decided to create a Playfair challenge that is shorter than 70-80 characters and to publish it on this blog …

### How the Playfair works

The Playfair cipher substitutes letter pairs. So, the cleartext needs to be written as a sequence of letter pairs (the following cleartext is a Shakespeare quote taken from Robert Thouless’ life-after-death experiment):

BA LM OF HU RT MI ND SG RE AT NA TU RE SS EC ON DC OU RS EC HI EF NO UR IS HE RI NL IF ES FE AS T

The Playfair cipher requires that no letter pair consist of two equal letters. Therefore, we add an X between the two Ss:

BA LM OF HU RT MI ND SG RE AT NA TU RE SX SE CO ND CO UR SE CH IE FN OU RI SH ER IN LI FE SF EA ST

If the number of letters in the cleartext was odd, another X would have to be added at the last position, but this is not necessary here. Next, we choose a keyword: SURPRISE. Now, we set up a 5×5 matrix, which starts with the keyword (repeating letters are omitted), followed by the remaining alphabet (I and J are considered equal in order to get an alphabet of 25 letters):

```S U R P I
E A B C D
F G H K L
M N O Q T
V W X Y Z```

Now, we replace the cleartext letter pairs (BA, LM, OF, HU, …) according to the three Playfair rules. Here are the rules in a diagram:

Here are the same rules as a text (I refer to the letter pair to be replaced as XY):

1. If X and Y are not in the same column and not in the same row (this is the most frequent case), form a rectangle and replace the two letters by the other two corner letters (the upper cleartext letter is replaced by the other upper letter in the rectangle, the lower cleartext letter by the lower one). For instance, LM becomes FT.
2. If the two letters stand in the same row, each one is replaced by its right neighbor. Here, BA becomes CB.
3. If the two letters stand in the same column, each one is replaced by its lower neighbor. In our example, AN becomes GW.

When we apply the Playfair rules on our cleartext with our 5×5 matrix, we get the following ciphertext:

CB FT MH GR IO TS TA UF SB DN WG NI SB RV EF BQ TA BQ RP EF BK SD GM NR PS RF BS UT TD MF EM AB IM

### How to solve a Playfair encryption

Using a computer, there are two ways to attack a Playfair cipher:

• Dictionary attack: It is possible to break a Playfair cipher by guessing the keyword. The word SURPRISE is contained in virtually every English dictionary, so a computer that tests one keyword candidate after the other will sooner or later find it.
• Hill climbing: Hill climbing is the current super-algorithm of historical codebreaking. As George Lasry pointed out, hill climbing (enhanced with simmulated annealing) can break a Playfair cipher of more than 80 letters.

There are several books that explain how a Playfair can be solved without computer support – for instance Helen Fouché Gaines’ Cryptanalysis and André Langie’s Cryptography. The concept is to guess a few words in the cleartext and to derive the 5×5  matrix based on the peculiarities of the Playfair cipher (for instance, if AB->XY then BA->YX). However, breaking a Playfair cryptogram manually is pretty difficult, especially if the ciphertext is short (the examples described in these books refer to messages of several hundred letters). In addition, these books assume that a few words of the cleartext are known. Nevertheless, none of these books describes the complete Playfair codebreaking procedure – instead, most of the trial-and-error reckoning necessary is simply omitted.

### A Playfair challenge

Here is a Playfair-encrypted text I created:

MQVSKPEVISBAWKTPKPPNAUNUNEGLUZTYUZLYGCTZKNKUSTAGCTNQ

Can a reader break this challenge? Here are the details:

• The cleartext has exactly 50 letters (spaces not included). It is written in English.
• I used the software CrypTool 2 for encryption. As far as I know, CrypTool implements the Playfair cipher exactly the way it is explained above.

• The keyword is a random transposition of the alphabet. So, a dictionary attack won’t work.

As mentioned, this challenge might be a pretty hard one, as the ciphertext is so short. Can a reader solve it anyway?

Further reading: A mird in the hand is worth two in the mush: Solving ciphers with Hill Climbing

## Kommentare (15)

1. #1 George Lasry
Israel
7. April 2018

@Klaus: Thanks for the challenge. Question: Is the key derived from a sentence/word, or a random square?

Since your last post on Playfair (and my comment), I have been working on an improved Simulated Annealing version using hexagrams, which seems to give good results, for 60 and above. Let’s see how it performs with 50 🙂

2. #2 Klaus Schmeh
7. April 2018

I was thinking of some attacks that would probably work against this today. Going to write them soon. Thanks for posting.

3. #3 Klaus Schmeh
7. April 2018

@George:
> Is the key derived from a sentence/word, or a
>random square?
The key is a random square. It’s not derived from anything.

4. #4 George Lasry
7. April 2018

@Klaus: I think I am very close :-). Could you kindly verify that in the ciphertext, the pair “IS” is correct. With it, the name of the city is garbled at decryption. I think it should be “UK”. Then the city is decrypted correctly.

5. #5 Thomas
7. April 2018

@Klaus
Is it right that the plaintext has 50 letters: If I’m not wrong, the ciphertext has 52 letters = 26 bigrams (repetitions: bigrams 3 and 9 (KP) and bigrams 15 and 17 (UZ)).

6. #6 Klaus Schmeh
7. April 2018

@George:
Yes, IS appears in the cleartext.

7. #7 Klaus Schmeh
7. April 2018

@Thomas:
>Is it right that the plaintext has 50 letters: If I’m
>not wrong, the ciphertext has 52 letters
Yes, the plaintext has 50 letters. CrypTool added two Xs.

8. #8 George Lasry
7. April 2018

@Klaus: Thanks, but I was asking about the ciphertext. According to what I have,
MQVSKPEVIS….
should be
MQVSKPEVUK……
otherwise, the name of the city is garbled in decryption (it shows a K instead of an R in the name of the city ??K?? instead of ??R??).

I think I have the solution, just waiting for your confirmation that IS should be replaced with US in the ciphertext.

9. #9 Klaus Schmeh
7. April 2018

@George: I’m afraid, you’re right. Sorry for this mistake.

10. #10 Thomas
7. April 2018

Oh, I see. The cleartext has double letters in two places which had to be split up with “X”, because Playfair cannot encipher double letters in one bigram.

11. #11 Klaus Schmeh
7. April 2018

@Thomas: Yes, either there is a doubled letter or the length of the text is odd.

12. #12 George Lasry
7. April 2018

@Klaus: Many thanks, so I think my solution is correct:

Key:
XBHQY
NKZRE
LSGFT
DAOUC
VIMWP

I obtained a very close solution using Simulated Annealing with fixed temperature, and log hexagrams (6-grams).

I then manually fixed the errors, and used the correct plaintext as a crib to obtain the correct key.

But I couldn’t correct the wrong PAKIS to PARIS, unless I changed the ciphertext 🙂

Thanks for this very interesting challenge!.

13. #13 Klaus Schmeh
7. April 2018

@George: Congratulations! The solution is correct. Sorry for the spelling mistake.
As it seems, I need to post a new challenge now – perhaps, a Playfair message with 30 letters 😉

14. #14 Thomas
7. April 2018

Congratulations, George!

15. #15 George Lasry
7. April 2018

Many thx!. Maybe 40?