The British “Typex” Cipher Machine Explained

The Typex is a cipher machine used by the British during World War II. It is, similar to the German Enigma cipher machine, an elector-mechanical rotor encryption machine. In contrast to the Enigma, the Typex was not broken during WWII. The Germans believed that Enigma is unbreakable and since Typex is very similar, they did not even attempt to break the machine.

I recently wrote a new CrypTool 2 component that implements the Typex cipher machine. If you are interested in testing the component (and the machine) yourself, you should download the latest nightly build of CrypTool 2.

History and Usage of the Typex

The Typex machine was used for
a) Encryption of the own communication
b) Deciphering German Enigma messages

It was developed by Wing Commander Oswyn G.W. Lywood, Flight Lieutenant Coulson, Mr. E. W. Smith, and Sergeant Albert Lemon.

This image here shows Oswyn George William Gifford Lywood; a photo by Walter Stoneman; bromide print, February 1945; NPG x186070 © National Portrait Gallery, London.

There were several different versions of Typex including: Typex Mark I up to Mark VIII, Mark 22 and Mark 23.

A very nice and more detailed overview of the history of Typex can be found here: https://typex.virtualcolossus.co.uk/typex.html

The Typex Components

In the following, we have a look at the machine’s components. The Typex machine consists of:

Components of Typex
Typex machine with marked components
Logical overview of Typex components

When pressing a key on the keyboard, the plaintext letter is printed by the plaintext printer. Also, current flows through the plugboard, the two stators, the three rotors and is then reflected by the reflector. Then it flows back through the three rotors and the two stators as well as the plugboard. Finally, the ciphertext letter is printed by the ciphertext printer.

Clearly, every time a key is pressed, between one and all three rotors move (Stators of course don’t move). In contrast to Enigma, a Typex rotor moves much more often. This is because the rotors have between 4 and 7 notches, while Enigma rotors had at most two notches.

The Typex Plugboard

The Typex plugboard is the first (and last) component (despite the printers), which current is lead through after a key is pressed on the keyboard. It allows to “plug” letters, creating an initial monoalphabetic substitution.

Typex plugboard

The plugboard is not reciprocal (like the Enigma‘s plugboard. With Enigma, if we have letter X to letter Y, then we would also have letter Y to letter X). It, thus, offers a larger keyspace than Enigma’s plugboard.

The Typex Rotors/Stators

Typex consists of two stators and three rotors. A rotor has more „notches“ than Enigma rotors (in CrypTool 2’s Typex implementation between 4 and 7). A rotor’s electrical contacts are doubled to improve reliability. Unfortunately, the original rotors are not published and still kept secret, thus, the simulators use no official rotor definitions.

Typex rotor

The Typex Reflector

The Typex reflector “reflects” the current coming from the rotors back through the rotors. In later Typex versions the reflector was replaced by an additional plugboard which allowed to change the reflector’s wiring easily.

Typex reflector

Keyspace Size and Unicity Distance

Since no original rotor definitions are known, the computation of keyspace size and unicity distance is based on the “CyberChef” Typex simulator written and published by GCHQ (see https://gchq.github.io/CyberChef/).

With this implementation, we have to choose 5 rotors (3 actual rotors and 2 stators) from a set of 8 rotors. Since a rotor can be put into the machine in forward or reversed position, they basically doubled the amount of usable rotors to 16. Here, we assume that we can use each rotor as many times as we like in parallel. Thus, the “rotor keyspace size” is:

Typex rotor keyspace size (“CyberChef” version)

We have to set the rotor start positions. We have five rotors (3 actual rotors and 2 stators). Each rotor can be in one of 26 different positions (A-Z). Thus, we have a total “start position keyspace” of:

Typex start position keyspace size

The plugboard is basically a simple monoalphabetic substitution cipher. That means, for the first letter we have 26 different letters to choose from, for the second letter, we have 25 different remaining letters to choose from,…
Thus, the “plugboard keyspace” is:

Typex plugboard keyspace size

To compute the overall keyspace size, we have to multiply all “sub-keyspace” sizes:

Total keyspace size of the Typex (“CyberChef” version)

To compute the unicity distance U, we have to divide the entropy of the keyspace by the redundancy of the (English) language:

Typex unicity distance U (“CyberChef” version)

This means, we need a minimum of 42 letters to be able to obtain a single valid solution when we perform cryptanalysis of a Typex message.

A YouTube Video about Typex and a Web-Based Simulator

I also created a YouTube video about the Typex cipher machine. Here, I discuss the machine as well as its keyspace size and unicity distance. Also, I show how to use the Typex component in CrypTool 2:

Finally, if you want to “play” with a really nice simulator (and also want to learn much more about the Typex), you should have a look at the “Virtual Typex”: https://typex.virtualcolossus.co.uk/Typex/

The usage of the simulator is also shown in the above linked YouTube video :-).

Screenshot of the “Virtual Typex”

The GRANIT / 160 Cipher – A GDR Stasi Hand Cipher for Spies

The GRANIT / 160 cipher is a hand cipher which was used for communication between the GDR’s “Ministerium für Staatssicherheit” (Engl. Ministry for State Security) or MfS or Stasi and their agents in West Germany. The Stasi’s “Geheime Dienstvorschrift” (Engl. secret service regulation) GVS 1064/59 and GVS 1065/59 describe its usage. Copies of the original (German) service regulations can be found on Jörg Drobicks’s homepage.

The logo of the “Ministerium für Staatssicherheit”(Engl. Ministry for State Security) or MfS aka Stasi – Source Wikipedia

The GRANIT cipher is a variant of the “Doppelwürfel” (= double columnar transposition cipher). The Stasi communicated with their agents in West Germany via numbers stations: The agent had to turn on a radio and wait for his call sign. Then, the agent notes down the spoken numbers and after that he decrypts the received message using the GRANIT cipher.

The West German “Zentralstelle für das Chiffrierwesen” (Engl. Central Office
for Ciphering) was able to capture and decipher messages, because they could guess some of the used keys.

The Günter Guillaume Case – An East German Spy Near Willy Brandt

Günter Guillaume and his wife Christel Guillaime were East German spies deployed in West Germany. Günter Guillaume became officer in the economic, financial and social policy department of German Chancellor Willy Brandt. The Guillaume couple used the GRANIT cipher for communication with the Stasi. But the West German “Zentralstelle für das Chiffrierwesen” was able to decipher some of their messages.

Willy Brandt and Günter Guillaume (right) in Düsseldorf. Image ~ 1973 – Source Wikipedia

Matching birthday date wishes and well wishes for the birth of a son were found in a deciphered message. The Guillaumes were finally caught and arrested in 1974. Ironically, mentioned birthday dates of the Guillaumes were their “agent fake birth dates”…

Despite having good evidence police raided his home but Guillaume instantly confessed being a Stasi spy when approached by police. More about the story can be read (in German) on Klaus Schmeh’s blog.

How the GRANIT / 160 Cipher Works

The GRANIT / 160 cipher is a hand cipher and consists of five steps:

  1. Create a straddling checkerboard based on a keyword
  2. Encrypt the plaintext using the straddling checkerboard
  3. Create two rectangles for a double columnar transposition based on two key phrases
  4. Encrypt the numbers (result of step 2) using the first rectangle
  5. Encrypt the numbers (result of step 4) using the second rectangle

Clearly, the Stasi defined how to create the keys, how to create message indicators so that the receiver of a message is able to decrypt, etc. The details of these procedures and the details of the actual cipher can be seen in the video below :-).

A YouTube Video about the Details of the Cipher

If you want to know, how the details of the GRANIT cipher work, please watch my YouTube video on “Cryptography for everybody” about the GRANIT cipher:

Deciphering Mary Stuart’s Lost Letters – A Talk Given on YouTube by George Lasry

Over 50 undeciphered letters of Mary Stuart were found and deciphered by George Lasry, Norbert Biermann, and Satoshi Tomokiyo

It is probably one of, or even THE, greatest new cryptographic and historical sensation of recent years. My colleagues George Lasry, Norbert Biermann, and Satoshi Tomokiyo found over 50 previously undeciphered letters from Mary Queen of Scots, which she wrote to Michel de Castelnau Mauvissière, the French ambassador to England. All found in the collections of the Bibliothèque nationale de France (BnF) in Paris. The researchers successfully deciphered all of the letters and published their results in a stunning research article in the journal Cryptologia.

In this video, my friend George Lasry talks about how they found the letters, how they deciphered the letters, and what they found in the plaintexts of the deciphered letters. They broke the code with the help of cryptanalysis algorithms (which we also have implemented in CrypTool 2) as well as a lot of manual work, which took them more than a year.

Many thanks to George Lasry who provided the talk and gave permission to upload it to my YouTube channel (see video below).

Resources:

George Lasry’s Talk in a Video on YouTube

The Bazeries Cipher Explained – A Classical Cipher Based on Substitution and Transposition

The Bazeries cipher was invented by and named after Étienne Bazeries, a French cryptographer. Bazeries was active between 1890 and the First World War.

Étienne Bazeries (Source: Wikipedia)
(21st August 1846 – 7th November 1931)

Bazeries is probably most famously known for the “Bazeries Cylinder”, a cipher device similiar to the Jefferson Disk or the M-94 cipher. Bazeries was a good code breaker: He solved messages encrypted with the official French military transposition system (lead to improvements of the ciphers). He further exposed weaknesses in French cipher systems. He assisted in solving German military ciphers during World War I, after he retired from the army. And in the 1890s he broke the famous nomenclator system called the “Great Cipher”, created by the Rossignols in the 17th century.

How Does the Cipher Work?

The cipher is a combination of substitution and transposition. For encryption, Bazeries only used a single number key, e.g. 123. In the following, we encrypt an example plaintext (“HELLOWORLD”).

We create two Polybius squares. In the first square, we put the Latin alphabet (I=J; filled from left to right and top to bottom row-wise). In the other square, we write a text representation of the number key, e.g. ONEHUNDREDTWENTYTHREE, followed by the remaining unused letters of the Latin alphabet. We fill the second square from top to bottom and left to right column-wise:

Two Polybius squares for a Bazeries cipher

To encrypt a plaintext, we first substitute it using the two created Polybius squares. We look for the plaintext letter in the left square and use the corresponding letter of the right square for the ciphertext (For eample A->O, B->D, etc.). When we encrypt HELLOWORLD, we obtain BQEELYLWEI.

Then, we transpose the intermediate ciphertext using the digits of the number key. We split the text into blocks of sizes defined by the digits of the number key. Then, we reverse each of these blocks to create the final ciphertext:

Bazeries cipher transposition

So our final ciphertext here is BEQYLELWEI. Of course, the decryption is the inverse process of the above shown steps :-).

Keyspace Size and Unicity Distance

Here, we compute the keyspace size as well as the unicity distance (https://en.wikipedia.org/wiki/Unicity_distance). In the original version, as written above, Bazeries created the second Polybius square using the same key as he used for transposition. So for e.g. a maximum number key length of four digits, we compute:

  • For a 4-digit key, we have 10^4=10,000 different keys
  • For a 3-digit key, we have 10^3=1,000 different keys
  • For a 2-digit key, we have 10^2=100 different keys
  • For a 1-digit key, we have 10^1=10 different keys

Then, we have to add all these number. Thus, we have a toal keyspace size of 11,110

If we consider that the encrypter uses an independent (other) key for the Polybius square creation, we would have to compute 26! ≈ 2^88.4 for the number of possible different Polybius squares. In this case, we have to compute for the “complex” Bazeries cipher 11,110 ∙ 2^88.4 which is about 2^101.8.

To compute the unicity distance (of the complex case), we have to divide the entropy of the keyspace with the redundancy of the language:

Unicity distance of the more complex case of the Bazeries cipher

So we would need a ciphertext with a minimum length of 32 letters to obtain only one valid (and the correct) solution via cryptanalysis.

A YouTube Video about the Bazeries Cipher

I also created a YouTube vide about the Bazeries cipher:

The Four-Square Cipher Explained

This is the third cipher of Félix-Marie Delastelle, a French hobby cryptographer, which I implemented in CrypTool 2. Delastelle published the four-square cipher in his book “Traité Élémentaire de Cryptographie“. He wrote the book in 1901 but it was published after Delastelle’s death in 1902.

The four-square cipher is a bigraphic monoalphabetic substitution cipher. Bigraphic means, that it always encrypts two plaintext letters at the same time. The cipher uses four Polybius squares, two of which are created using keywords.

Key Generation – Preparing the Four Polybius Squares

First, you have to prepare the four polybius squares. Let’s assume our keywords are “secret” and “keyword”:

Four-square polybius squares based on keywords “secret” and “keyword”

Here, we created the second and third polybius squares using the previously chosen keywords. To create one of these polybius squares, the corresponding keyword is first written into the square from left to right and top to bottom. Here, if a letter occurs more than once, we omit it. In our example, we do not write the second “E” of “secret” again in the square. After writing the keyword, we fill the rest of the square with the remaining alphabet letters, which we did not already use for the keyword. After we created the second and third square, we fill the first and fourth square just with the alphabet. Since all the squares have only 25 positions, our alphabet consists of only 25 letters. Delastelle used “I” = “J” and did not include a “J” in his alphabet.

How Encryption works

Now, we can encrypt a plaintext using our four polybius squares. Here, for example we want to encrypt “HELLOWORLD”. To do so, we search the letter “H” in the first square and the letter “E” in the fourth square:

Four-square cipher: search plaintext and ciphertext letters

We create a connected “rectangle” where “H” is the upper corner and “E” is the lower corner. Now, we find our ciphertext letters in the two other corners of the so-created rectangle. Here, we encrypt the “H” by “G” and the “E” by “Y”. We continue encrypting our plaintext using this method to obtain the complete ciphertext:

Four-square encryption of “HELLOWORLD”

To decrypt a given ciphertext, we just reverse the process. We look up the ciphertext letters (pair-wise) in the second and third square and find our plaintext letters in the first and fourth square.

Keyspace Size and Unicity Distance Computation

We compute the keyspace size by k = 25! * 25! = 2^167.36. This is, because we have to fill two polybius squares and a single polybius square has 25! possibilities to be filled with 25 letters.

We compute the unicity distance U by

Four-square cipher unicity distance

Here, H(k) is the entropy of the keyspace and D is the redundancy of the language (here English). From the English Wikipedia: “In cryptography, unicity distance is the length of an original ciphertext needed to break the cipher by reducing the number of possible spurious keys to zero in a brute force attack”. In our case, we need more than 53 letters to be able to obtain only one valid plaintext.

A YouTube Video about the Four-Square Cipher

I also created a YouTube video about the four-square cipher (and how you can use it in CrypTool 2). Watch it here:

Discord Server for “Cryptography for Everybody” YouTube Channel and CrypTools

Discord logo

I have recently set up a brand new Discord server for the “Cryptography for everybody” YouTube channel and the CrypTool projects.

Thus, I would like to very cordially invite everyone who wants to discuss classical and modern cryptology, CrypTools, as well as crypto challenges in a friendly chat environment to join our new Discord community server here: https://discord.gg/8JeTZd8EpT

The Bifid and Trifid Cipher Explained

I recently made two videos about two interesting classical ciphers invented by Félix Marie Delastelle. Delastelle wrote a book on cryptography in 1901. Unfortunately, he died before his book was published in 1902. In his book, he describes several ciphers he invented. This blog post is about two of them: the bifid cipher and the trifid cipher.

The Bifid Cipher

The bifid cipher is a cipher which combines a Polybius square with transposition, and uses fractionation:

1. First, we use a keyword to create a 25-letter Polybius square
For example: “SECRET KEYWORD”:

Polybius square

2. Then, we encrypt the plaintext using the square, by writing the coordinates of the square below the plaintext. Example:

Bifid example plaintext conversion to numbers

3. After that, we write the digits (transposed/fractionated) in a single row:

Bifid digits single row

4. Finally, we decrypt the digits using the square to obtain the ciphertext:

Bifid final decryption (To create ciphertext)

The decryption is the reverse process. It is also possible to not encrypt the plaintext in one go. Instead, you can encrypt the ciphertext in blocks of n (n for example being 5).

The keyspace size and unicity distance (minimal number of letters needed in a ciphertext that allows having only a single valide solution) can be computed as follows:

Keyspace size k and unicity distance U

The Trifid Cipher

The trifid cipher was invented by Félix Marie Delastelle as an extension of the above shown bifid cipher.

1. First, we use a keyword to create three 9-letter Polybius squares. For example: “SECRET KEYWORD”

Trifid polybius squares

2. Then, we encrypt the plaintext using the squares, by writing the number of the used square number and the coordinates below the plaintext. Example:

Trifid example plaintext conversion to numbers

3. After that, we write the digits (transposed/fractionated) in a single row

Trifd digits single row

4. Finally, we decrypt the digits using the three squares:

Bifid final decryption (To create ciphertext)

The decryption is the reverse process. It is also possible to not encrypt the plaintext in one go. Instead, you can encrypt the ciphertext in blocks of n (n for example being 5).

The keyspace size and unicity distance (minimal number of letters needed in a ciphertext that allows having only a single valide solution) can be computed as follows:

Keyspace size k and unicity distance U

YouTube Videos about the Bifid and Trifid Ciphers

I made a YouTube video about the Bifid cipher. Here, you can also see how to use the bifid cipher component of CrypTool 2:

I also made a YouTube video about the Trifid cipher. Here, you can also see how to use the trifid cipher component of CrypTool 2:

The Book Cipher Explained

A book cipher is a cipher where the plaintext letters (or words) are encrypted using a book (or other text document) as a kind of lookup table. Sender and receiver of encrypted messages can agree to use any book or other publication available to both of them. A book cipher has a considerable advantage for a spy in enemy territory since it does not raise suspicion (like e.g. a code book). The main strength of a book cipher is the key, because only being in possession of the original “book” allows the decryption.

Famous Examples of Book Ciphers

Cover of The Beale Papers (source Wikipedia)
  1. The most famous book ciphers are probably the “Beale ciphers”
    • The Beale ciphers are three encrypted documents
    • Only one of the documents has been successfully deciphered (using the United States Declaration of Independence as key)
    • The two other messages are still unsolved… (it is unclear, how these were encrypted)
  2. The “Arnold Cipher” was a book cipher used by John André and Benedict Arnold in 1780 during the American Revolutionary War
    • The book used as a key to the cipher was either “Commentaries on the Laws of by William Blackstone or Nathan Bailey’s Dictionary
    • The cipher consisted of a series of three numbers separated by periods:
    page number . Line number . word number
  3. The “Cicada 3301 online puzzle” series also contained book ciphers

The Book Cipher

First, the sender and the receiver have to agree on the (exact) same “book”. They also have to agree on an “encoding scheme”:
1. Encode single letters
2. Encode complete words


Also, they need to know “what” is encoded:
1. Page
2. Line
3. Word


1. Single Letter Scheme:
In the following, we show an example of a book cipher with the “single letter scheme”. It uses this sample text as key:

Example “book” used as key for encryption in the “single letter scheme”

To encrypt a plaintext, take a random word from the “book” above which starts with the plaintext letter you want to encrypt. Then, write the position of the word into the ciphertext. Go on, until you have encrypted the complete plaintext. In the following are two examples, how to encrypt plaintexts:

Example 1 (Write the offset of the word into the ciphertext):
H E L L O W O R L D –> 6 37 100 42 56 72 12 53 42 52

Example 2 (Write the line number and position of the word in the particular line into the ciphertext):
H E L L O W O R L D –> 09.04 04.08 12.03 05.08 05.09 08.06 06.03 07.07 12.03 06.09

Hint: With a real book, we could also prepend the page number.

2. Complete word scheme:
The “complete word scheme” is described in my YouTube video about the book cipher (see below). Also, I explain how to use a book cipher in CrypTool 2.

A YouTube Video About the Book Cipher

Three Years “Cryptography for everybody” YouTube Channel

The “Cryptography for Everybody” YouTube channel, which is my YouTube channel about cryptography and cryptanalysis, is now three years old. On the October 8th, 2019 I started my channel as “CrypTool 2”, which I later rebranded to its current name. Early, I created my channel trailer, which image you can see here:

The old channel trailer

First idea of my channel was: Make videos about “CrypTool 2 Development”
– First series of the channel
– Today: Total of 10 development videos

My second idea was then: Make videos about CrypTool 2
– First video: “Break a Caesar Cipher” 🙂
– Today: Total of 40 videos about classical ciphers

Soon I got my next idea: Make a video series about cryptology
– First video: Part 1 (Cryptography – Terminology & Classical Ciphers)
– Today: Total of 25 videos about cryptology

Finally, I developed my YouTube channel to a channel about classic and modern cryptology (= cryptography and cryptanalysis). Here is an image of the new channel trailer with the rebranded design 🙂

The new channel trailer

A few facts of my YouTube channel:
Total Subscribers: 4,290 (2022-10-16)
Views: ≈ 280,000
Watch time: 16,910 ℎ𝑜𝑢𝑟𝑠 ≈ 705 𝑑𝑎𝑦𝑠 ≈1.93 𝑦𝑒𝑎𝑟𝑠 ≈2^19.95 𝑠𝑒𝑐𝑜𝑛𝑑𝑠
Uploaded videos: 138

A YouTube Video about the Three Years

I recorded a YouTube video and present much more history and channel facts. Watch it here 🙂

The Syllabary Cipher Explained

In the linguistic study of written languages, a syllabary is a set of written symbols that represent the syllables or (more frequently) moras (basic timing unit in the phonology of some spoken languages) which make up words.

William F. Friedman and Lambros D. Callimahos present in “Military Cryptanalytics –  Part 1” a Syllabary cipher or Syllabary square on page 250. The American Cryptogram Association (ACA) also defines the Syllabary cipher as part of their list of ciphers:

Image of a „Syllabary square“ Source: Military Cryptanalytics – Part 1, Chapter XI,
April 1956, by Friedman and Callimahos

Klaus Schmeh mentions a cipher he calls Crypto Number Table and also presents a challenge on his online blog. The crypto number table is in fact the Syllabary cipher.

How does the Cipher Work?

The Syllabary cipher uses a 10×10 table that contains letters, syllables from a given language, and digits:

Original Friedman scheme (for English)

Basic ideas of the cipher are to suppress letter frequencies and to remove word patterns by different spellings of same plaintext words in the ciphertext.

To encrypt a plaintext, the text is replaced by digits  (coordinates) found on the top and left side of the table. Examples:

HELLO WORLD 1 → 53 65 65 74 06 77 65 31 12

You can find different ciphertexts encrypting the same plaintext:

SECRET  → 88 35 25 81 35 93
SECRET  →  89 25 83 93

To decrypt a ciphertext, you have to look up the plaintext element using the ciphertext symbol as coordinates.

Keying Schemes

There are three different keying schemes (also defined by ACA):

1. Keep table and modify digits on top and on the left of the table (based on a digit key, e.g.  10293847568475610293)
2. Keep digits on top and left of the table but  reorder table (based on a keyword, e.g. 8SECRET1KEYWORD5)
3. Modify digits (based on a key) and reorder table (e.g. based on keyword)

Digits and table changed (Scheme 3)

A YouTube Video About the Cipher

I created a YouTube video about the cipher that you can watch here:

References

A blog post from Klaus Schmeh about the cipher: https://scienceblogs.de/klausis-krypto-kolumne/2018/09/01/can-you-break-the-crypto-number-table-challenge/

Friedman, William Frederick, and Lambros D. Callimahos. Military cryptanalytics. Vol. 2. Aegean Park Press, 1985.