Recently, the skeleton of a carrier pigeon was found in a chimney in Surrey, England, with a message canister still attached. The canister contained an encoded message of 27 groups of five letters, that has “stumped” code-breaking experts. Here’s a link to the article.
It’ll never be cracked.
It’s not that today’s code-breakers aren’t up to speed, or that the codes of WWII were that sophisticated. It’s that the key space exceeds the message space.
This type of code is almost certainly a substitution cypher. In other words, each group of five letters is probably a simple substitution cypher, in that each letter is a substitution for a different letter. Substitution cyphers could be changed on a regular basis, even daily, by agents in the field, using information contained in dates and a simple algorithm. As they can be cracked using statistics, particularly when the message is long enough, it’s only intention would be to have hidden what lay beneath. The good news is that if what’s underneath is gobbledygook, it can’t be cracked by statistical means.
But that’s not why this will never be cracked. If the only thing at play here were a simple substitution cypher, any laptop could crack it in minutes, if not seconds. However, if the underlying message is itself scrambled in a different manner, the NSA’s best supercomputer could work on it for decades and find nothing but gobbledygook.
In addition to the substitution, the encryption almost certainly includes transposition algorithms, again, capable of being memorized by agents in the field. These would be more complex, however, and would probably not have been tied to dates. These transposition algorithms may very well have been agent-specific, meaning that if any individual agent was compromised, messages encoded by other agents would have remained safe. This is not unlike modern RPK systems, whereby each individual has a public key they share with others to encrypt messages, only the intended recipient’s private key can decrypt them. RPK systems are most widely used in securing e-mail.
But that’s not why this will never be cracked! A third layer of encryption again goes back to substitution, but it’s not a substitution cypher. Instead, it involves the use of code words, such as using “apple” instead of “Arnheim,” or “to” instead of “from.” Thus, “Sally sells seashells by the seashore” might initially be encoded as “horses run planters under the stars.” Contrary to popular misconception, no supercomputer in the world can decode this simple use of codewords, not without a boatload of additional information, including a bunch of other similarly-encoded messages and loads of historical operational data. As with the substitution cypher portion, each agent probably had his or her own “dictionary,” that set of tables or code book with which they encoded the message and substitution cyphers.
Naturally, all of this becomes incredibly complicated back home, except for one thing: They had ways of knowing which agent sent the message. That may have been something as simple as an apparently random set of letters in, say, the 13th block, which may have been “siuev” three weeks ago, but has rotated every week, perhaps by one letter in the first digit, three letters in the second, two in the third, five in fourth, and four in the fifth, so that this week the 13th block reads “uoicd.” Next month, all agents might be using the 11th block. Who knows? The folks at Bletchley Park knew.
The reason this worked so well is quite simple: If each agent in the field has their own code book, transposition algorithm, and substitution cypher, it would have taken the best cryptologists months, if not years, to decode the message, and only then if they also had both the operational data and were able to make the suspected agent talk. Yet an agent capable of decent memorization could learn these techniques, including their personal substitution cypher and code book in a week or two of intensive study.
So, the next time you see some secret agent at the movies crack a code in minutes with a computer, remember this: “If the algorithm is unknown, it can’t be cracked,” as well as it’s corollary: “Even if the algorithm is known, provided the key space is larger than the message, it can’t be cracked.” And by “can’t” I don’t mean “in a reasonable period of time.” I mean “ever.”
Some of you may be wondering, “How can I encode my messages today?” Well, you can either invent your own encoding algorithm, which might be fun, but unless you’re an expert, will probably not be very secure. Alternatively, some third-party e-mail systems such as Mozilla’s Firefox (my favorite) have third-party plugins such as Enigmail which do a fair job of securing your messages from prying eyes. Enigmail uses triple-DES, which is decent, but child’s play for the NSA computers due to some inherent flaws in the DES standard. Thunderbird also includes the ability to use certificates for both authentication and encryption, which is good enough for securing corporate communications, and the latest versions include the ability to use AES (Advanced Encryption Standard). If implemented properly, the security is on par with that used by the DoD for material up to and including Top Secret.