Some days ago, I saw a very interesting hand cipher called the “Grandpré cipher”. It is not interesting because it was very secure or original. It is interesting because the “keying process”, i.e. the search for words for usage as the key(s), was kind of tedious. In this blog article, I will explain the background of the cipher, how it works, and its keyspace size and unicity distance.

History of the Grandpré Cipher

The cipher is said to be first published by A. de Grandpré in his 1905 French book “Cryptographie pratique”. It was later named after the author. Unfortunately, I did not find any information on the author despite his (or her?) last name. So, I actually don’t know what the “A.” stands for. The description of the cipher itself can be found in the book on page 31. The chapter is named “Méthode de carre de 10×10”, which can be translated to “10×10 square method”. Grandpré defined the method for squares of 10×10, but squares with smaller sizes (9, 8, 7, 6) can also be used. We did also implement the cipher in a CrypTool 2 component. So if you want to try it by yourself, you may download CrypTool 2 to do so. Here, we show the original cover of Grandpré’s book:

Cryptographie pratique (1905) by A. de Grandpré

The American Cryptogram Association (ACA) has added the Grandpré cipher to its portfolio of “standard ciphers”. Their description of the cipher can be found here: https://www.cryptogram.org/downloads/aca.info/ciphers/Grandpre.pdf

The Grandpr´é cipher is a homophonic substitution cipher based on a keyword and several additional words. The cipher encrypts plaintext letters into two-digit ciphertext numbers. It uses a table to do so. We will discuss how this works in the next section.

Table Creation Based on Keyword and Words

First, we need to find 10 words (or less), depending on our selected table size. The table size depends on our chosen secret keyword. Let’s say our secret keyword is “VIMOUTIERS” as used by Grandpré in his book. This keyword has 10 letters, so our table has to be a 10×10-sized table.

Now, we have to find 10 more words, each starting with a letter of our secret keyword. So a word for “V”, let’s take “VOLUPTUEUX”, a word for “I”, let’s take “INQUIETUDE”, and so on. Of course, here, for the example, we used the same words which Grandpré used in his book. To create the table, we write the keyword in the first column and the additional words in the rows. Each word starts with one of the letters of the keyword. The final table looks like the one below. But besides adding only the words, we also add digit coordinates (from 1 to “keyword length”; 10 = 0) to the rows and columns:

10×10-table based on the keyword “VIMOUTIERS” as shown by Grandpré in his book

Encryption and Decryption

Now, we can use this table to encrypt a text. To encrypt a letter, we need to find it in the table. Then, we use the row R and column C to create our ciphertext symbol “RC”. Examples: E = “34”, A = “47”, E = “66”. Here, you can also see why the cipher is a homophonic substitution cipher. We have several options to choose from for most of the letters. But you can also see the drawback of the cipher. It is troublesome to find words for the table creation that contain all letters of our alphabet. Especially rarely used letters like Q and X are difficult to add to the table.

As an example, here is the encryption of the plaintext “HELLO WORLD”:

As you can see, we have several valid ciphertexts. Since the Grandpré cipher is a homophonic substitution cipher, we can use different homophones to create a variety of valid ciphertexts.

Clearly, the decryption of a given ciphertext is the inverse process. Here, you always take two digits and lookup the corresponding plaintext letter in the same table as used for encryption.

Keyspace Size and Unicity Distance

Here, we calculate the size of the keyspace and the unicity distance of the Grandpré cipher. We compute the largest possible keyspace obtained by using a 10×10 table.

For the 10 x 10 case, there are 10 ∙ 10 = 100 cells in the table. Thus, we have a total number of 26^100 = 2^470 tables. But we use English words and don’t use the complete “table space”. Thus, let’s consider English has about 2,000 10-letter words. Then, we would “only” have 2000^10 valide tables, which is about 2^110 different tables.

Now, based on the above computed keyspace, lets compute the unicitiy distance U. It is the minimum number of letters needed when cryptanalyzing a ciphertext which allows us to be able to obtain only one valid solution. Below this number, we can find multiple valid English texts. To compute the distance, we have to divide the entropy of the keyspace H(K) by the redundancy D of the English language:

We need a minimum of 35 letters to be able to obtain only a single valid solution through cryptanalysis. Clearly, a given ciphertext can be solved like any other digit-based homophonic substitution cipher :-).

A YouTube Video About the Cipher

I also made a YouTube video about the Grandpré cipher. You can watch it here 🙂

This is the third cipher of Félix-Marie Delastelle, a French hobby cryptographer, which I implemented in CrypTool 2. Delastelle published the four-square cipher in his book “Traité Élémentaire de Cryptographie“. He wrote the book in 1901 but it was published after Delastelle’s death in 1902.

The four-square cipher is a bigraphic monoalphabetic substitution cipher. Bigraphic means, that it always encrypts two plaintext letters at the same time. The cipher uses four Polybius squares, two of which are created using keywords.

Key Generation – Preparing the Four Polybius Squares

First, you have to prepare the four polybius squares. Let’s assume our keywords are “secret” and “keyword”:

Here, we created the second and third polybius squares using the previously chosen keywords. To create one of these polybius squares, the corresponding keyword is first written into the square from left to right and top to bottom. Here, if a letter occurs more than once, we omit it. In our example, we do not write the second “E” of “secret” again in the square. After writing the keyword, we fill the rest of the square with the remaining alphabet letters, which we did not already use for the keyword. After we created the second and third square, we fill the first and fourth square just with the alphabet. Since all the squares have only 25 positions, our alphabet consists of only 25 letters. Delastelle used “I” = “J” and did not include a “J” in his alphabet.

How Encryption works

Now, we can encrypt a plaintext using our four polybius squares. Here, for example we want to encrypt “HELLOWORLD”. To do so, we search the letter “H” in the first square and the letter “E” in the fourth square:

We create a connected “rectangle” where “H” is the upper corner and “E” is the lower corner. Now, we find our ciphertext letters in the two other corners of the so-created rectangle. Here, we encrypt the “H” by “G” and the “E” by “Y”. We continue encrypting our plaintext using this method to obtain the complete ciphertext:

To decrypt a given ciphertext, we just reverse the process. We look up the ciphertext letters (pair-wise) in the second and third square and find our plaintext letters in the first and fourth square.

Keyspace Size and Unicity Distance Computation

We compute the keyspace size by k = 25! * 25! = 2^167.36. This is, because we have to fill two polybius squares and a single polybius square has 25! possibilities to be filled with 25 letters.

We compute the unicity distance U by

Here, H(k) is the entropy of the keyspace and D is the redundancy of the language (here English). From the English Wikipedia: “In cryptography, unicity distance is the length of an original ciphertext needed to break the cipher by reducing the number of possible spurious keys to zero in a brute force attack”. In our case, we need more than 53 letters to be able to obtain only one valid plaintext.

A YouTube Video about the Four-Square Cipher

I also created a YouTube video about the four-square cipher (and how you can use it in CrypTool 2). Watch it here:

I recently made two videos about two interesting classical ciphers invented by Félix Marie Delastelle. Delastelle wrote a book on cryptography in 1901. Unfortunately, he died before his book was published in 1902. In his book, he describes several ciphers he invented. This blog post is about two of them: the bifid cipher and the trifid cipher.

The Bifid Cipher

The bifid cipher is a cipher which combines a Polybius square with transposition, and uses fractionation:

1. First, we use a keyword to create a 25-letter Polybius square
For example: “SECRET KEYWORD”:

2. Then, we encrypt the plaintext using the square, by writing the coordinates of the square below the plaintext. Example:

3. After that, we write the digits (transposed/fractionated) in a single row:

4. Finally, we decrypt the digits using the square to obtain the ciphertext:

The decryption is the reverse process. It is also possible to not encrypt the plaintext in one go. Instead, you can encrypt the ciphertext in blocks of n (n for example being 5).

The keyspace size and unicity distance (minimal number of letters needed in a ciphertext that allows having only a single valide solution) can be computed as follows:

The Trifid Cipher

The trifid cipher was invented by Félix Marie Delastelle as an extension of the above shown bifid cipher.

1. First, we use a keyword to create three 9-letter Polybius squares. For example: “SECRET KEYWORD”

2. Then, we encrypt the plaintext using the squares, by writing the number of the used square number and the coordinates below the plaintext. Example:

3. After that, we write the digits (transposed/fractionated) in a single row

4. Finally, we decrypt the digits using the three squares:

The decryption is the reverse process. It is also possible to not encrypt the plaintext in one go. Instead, you can encrypt the ciphertext in blocks of n (n for example being 5).

The keyspace size and unicity distance (minimal number of letters needed in a ciphertext that allows having only a single valide solution) can be computed as follows:

YouTube Videos about the Bifid and Trifid Ciphers

I made a YouTube video about the Bifid cipher. Here, you can also see how to use the bifid cipher component of CrypTool 2:

I also made a YouTube video about the Trifid cipher. Here, you can also see how to use the trifid cipher component of CrypTool 2:

A book cipher is a cipher where the plaintext letters (or words) are encrypted using a book (or other text document) as a kind of lookup table. Sender and receiver of encrypted messages can agree to use any book or other publication available to both of them. A book cipher has a considerable advantage for a spy in enemy territory since it does not raise suspicion (like e.g. a code book). The main strength of a book cipher is the key, because only being in possession of the original “book” allows the decryption.

Famous Examples of Book Ciphers

1. The most famous book ciphers are probably the “Beale ciphers”
   • The Beale ciphers are three encrypted documents
   • Only one of the documents has been successfully deciphered (using the United States Declaration of Independence as key)
   • The two other messages are still unsolved… (it is unclear, how these were encrypted)
   
2. The “Arnold Cipher” was a book cipher used by John André and Benedict Arnold in 1780 during the American Revolutionary War
   • The book used as a key to the cipher was either “Commentaries on the Laws of by William Blackstone or Nathan Bailey’s Dictionary
   • The cipher consisted of a series of three numbers separated by periods:
   page number . Line number . word number
   
3. The “Cicada 3301 online puzzle” series also contained book ciphers

The Book Cipher

First, the sender and the receiver have to agree on the (exact) same “book”. They also have to agree on an “encoding scheme”:
1. Encode single letters
2. Encode complete words

Also, they need to know “what” is encoded:
1. Page
2. Line
3. Word

1. Single Letter Scheme:
In the following, we show an example of a book cipher with the “single letter scheme”. It uses this sample text as key:

To encrypt a plaintext, take a random word from the “book” above which starts with the plaintext letter you want to encrypt. Then, write the position of the word into the ciphertext. Go on, until you have encrypted the complete plaintext. In the following are two examples, how to encrypt plaintexts:

Example 1 (Write the offset of the word into the ciphertext):
H E L L O W O R L D –> 6 37 100 42 56 72 12 53 42 52

Example 2 (Write the line number and position of the word in the particular line into the ciphertext):
H E L L O W O R L D –> 09.04 04.08 12.03 05.08 05.09 08.06 06.03 07.07 12.03 06.09

Hint: With a real book, we could also prepend the page number.

2. Complete word scheme:
The “complete word scheme” is described in my YouTube video about the book cipher (see below). Also, I explain how to use a book cipher in CrypTool 2.

A YouTube Video About the Book Cipher

In the linguistic study of written languages, a syllabary is a set of written symbols that represent the syllables or (more frequently) moras (basic timing unit in the phonology of some spoken languages) which make up words.

William F. Friedman and Lambros D. Callimahos present in “Military Cryptanalytics –  Part 1” a Syllabary cipher or Syllabary square on page 250. The American Cryptogram Association (ACA) also defines the Syllabary cipher as part of their list of ciphers:

Klaus Schmeh mentions a cipher he calls Crypto Number Table and also presents a challenge on his online blog. The crypto number table is in fact the Syllabary cipher.

How does the Cipher Work?

The Syllabary cipher uses a 10×10 table that contains letters, syllables from a given language, and digits:

Basic ideas of the cipher are to suppress letter frequencies and to remove word patterns by different spellings of same plaintext words in the ciphertext.

To encrypt a plaintext, the text is replaced by digits  (coordinates) found on the top and left side of the table. Examples:

HELLO WORLD 1 → 53 65 65 74 06 77 65 31 12

You can find different ciphertexts encrypting the same plaintext:

SECRET  → 88 35 25 81 35 93
SECRET  →  89 25 83 93

To decrypt a ciphertext, you have to look up the plaintext element using the ciphertext symbol as coordinates.

Keying Schemes

There are three different keying schemes (also defined by ACA):

1. Keep table and modify digits on top and on the left of the table (based on a digit key, e.g.  10293847568475610293)
2. Keep digits on top and left of the table but  reorder table (based on a keyword, e.g. 8SECRET1KEYWORD5)
3. Modify digits (based on a key) and reorder table (e.g. based on keyword)

A YouTube Video About the Cipher

I created a YouTube video about the cipher that you can watch here:

References

A blog post from Klaus Schmeh about the cipher: https://scienceblogs.de/klausis-krypto-kolumne/2018/09/01/can-you-break-the-crypto-number-table-challenge/

Friedman, William Frederick, and Lambros D. Callimahos. Military cryptanalytics. Vol. 2. Aegean Park Press, 1985.