This was the first time I discovered factorials. If you ever need to know, factorials are calculated the following way: 3! = 3 × 2 × 1 and 5! = 5 × 4 × 3 × 2 × 1 and 13! = 13 × 12 × 11 × 10 × 9 × 8 × 7 × 6 × 5 × 4 × 3 × 2 × 1, and so on. It’s quite neat, actually. 100!, where all the numbers from 1 to 100 are multiplied together, gives a result bigger than the amount of atoms in the known universe. Anyway, as my grandfather explained, no one could check all those keys. It’s true: even a contemporary computer would take – yes – longer than the history of the known universe to perform a calculation like that (perhaps while figuring out all the possible configurations of Go pieces.)
Even after my grandfather explained factorials to me, I was ready to take up the challenge. ‘Go on, then,’ I said. ‘Create a random thingy alphabet, write a cipher in it and bet you I’ll crack it.’ He did, and I did, because the way you solve mono-alphabetic ciphers is never by trying to guess the key.
Say someone sends you a note written with a mono-alphabetic substitution cipher, and it says something like: QEPN BVQE C ASFN AXNYN GCZ C TSYU GXQ AXQBTXA ZXN PQBUH YNCH PSVXNYZ BEASU AXN HCK ZXN YNCUUK XCH AQ. You start in the following way. Is there a letter on its own? Yes. There’s a C, twice. Well, there are only two single-letter words in common usage in English: ‘I’ and ‘a’. So it’s going to be one of those. Then you look for the most common letters. In this cipher they are: N, which appears 9 times; X, which also appears 9 times; C, which appears 7 times; A, which appears 7 times; Q, which appears 5 times; Y, which appears 5 times; and U, which also appears 5 times, including its appearance in a repeated-letter digraph in the third from last word. A digraph is a combination of two letters. A trigraph is a combination of three letters. Digraphs can be useful when you are cracking mono-alphabetic ciphers, and only certain letters are commonly found in repeating pairs, the most common being ‘ss’, ‘ee’, ‘tt’, ‘ff’, ‘ll’, ‘mm’ and ‘oo’.
Think about what you already know about the English language. You know that E and T are the most common letters in all ‘normal’ texts. The most common letters in the ciphertext are N and X. Is one of these going to be E or T? The most common word in English is ‘the’. Are there any three-letter words in the text that look like they might be ‘the’? In order to crack a mono-alphabetic cipher without guessing the key, you have to be a word-detective. You have to look for the patterns. You have to start trying to put in letters you think you know and see if anything emerges. If you do this, you will be able to unscramble the message.
Alternatively, you could always use frequency analysis, which is particularly good when you have a ciphertext that is not conveniently broken into words. Frequency analysis involves noting down the frequencies of all letters in the ciphertext so you have a list of the first most popular letter, the second and so on right down to the least popular letter. Then you get a frequency table (there are lots out there and people even post them on the Internet now) of the frequencies of letters in common English usage. You take the most popular letter from your ciphertext and replace it with the most popular letter in English (according to your frequency table). Then you take the second most popular letter and replace that with the second most popular letter and so on. It is surprising how often this works with only very minor adjustments. This method will certainly usually give you enough to see what the message is yourself. If the pattern-recognition method is like a Sherlock Holmes style of detection, then this frequency method is more like a twenty-first-century forensic skill.
This is the key you will get if you decipher the message:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
c i p h n r t x s o m u f e q v w z y a b d g j k l
The first incarnation of my KidCracker pack came with an Alberti code-wheel, a Jefferson’s Wheel, a battery-operated mini-Enigma machine and a laminated Vigenère square. Alberti was a fifteenth-century architect, and is known as the true grandfather of contemporary Western cryptology. His code-wheel formed the basis for all forms of poly-alphabetic ciphers that came later, including Enigma. I worked with two young engineers from the Mechanical Design team at PopCo London to recreate these devices, which we did after researching many primary texts and objects at the British Library and various museums. As a result of this, my Age 9 to 12 code-breaking kit ended up containing miniature working models of some of the greatest cryptological devices ever invented. Originals of this kit now sell to collectors for almost a hundred times their initial selling price because of this, and have the same kind of appeal to adult cryptology enthusiasts as the famous Fischer Price Super 8 camera has for grown-up cinematographers. It probably also helps that my kit ended up being banned in various countries and had to be re-launched without the many interesting extras that were causing all the fuss. I thought I would be in all sorts of trouble for creating a toy that ended up being banned – and maybe I would have been if it hadn’t worked to our advantage. As it was, a couple of newspapers ran short pieces on it and the publicity just about undid the damage the ban had caused. I was, however, given a talking-to by Carmen the first, during which I was given tips on legal research and much anecdotal evidence of product launches gone wrong as a result of fuckwitted creatives (the launch of the Nova car in Spain being the most obvious example; Nova meaning, of course, ‘it doesn’t go’ in Spanish).
By the time the kit had been ‘adjusted’, all it contained was the Vigenère square. The Americans had made the most fuss over the original kit, saying that it contravened some law to do with preventing sophisticated encryption devices entering or leaving the country. (In fact, this is also why you can’t get full versions of some Internet browsers outside of the States, because it is illegal to export the encryption software that goes with them.) I thought it was amusing that my Vigenère square was still allowed through, however. Would a 9- to 12-year-old ever be able to actually use it to start a revolution or overthrow a government? Possibly. But the chapter on Vigenère is probably the one that all the kids actually skipped, because it really is far too complicated.
Vigenère ciphers, unlike mono-alphabetic ciphers, do usually require you to crack the key, although the ‘key’ for a Vigenère cipher is usually a simple word, rather than a whole, randomised alphabet. The cipher itself, however, is much more complicated and impossible to break down in the way you would approach a mono-alphabetic cipher.
Mono-alphabetic ciphers involve only one cipher alphabet. They are easy to crack because, once you know what ‘e’ and ‘t’ have been replaced with, the rest is just like completing an easy game of hangman. Poly-alphabetic ciphers, however, use several alphabets, at the same time. It’s hard to describe what a breakthrough it was when Alberti suggested as a possibility the use of several alphabets in one encipherment. Mono-alphabetic ciphers are always crack-able because of frequency analysis (even if the Sherlock Holmes method fails). But what if you could scramble the frequencies of letters by making different ciphertext letters stand for different plaintext letters throughout the message? This is what Alberti wondered. And he came up with a method that is, well, it’s genius really. You draw up a square made of twenty-six different versions of the alphabet, each one shifting by one letter each time (see table). Then you choose a short keyword, say RAIN. You write the keyword over and over again on the top of the plaintext to be enciphered like this:
R A I N R
h e l l o
R A I N R A I N R A I N R A I N R A I
t h e h a r d e s t o f t h e m a l l
You then use the letter of the keyword to determine which ‘line’ of the Vigenère square you will use to encipher the letter below it. The ‘h’ in ‘hello’ enciphered using line R will be Y. ‘E’ enciphered using line A will be E (anything on line A will always be enciphered as itself, which is why many keywords don’t have an A in them). ‘L’ enciphered on line I will be T. The next ‘l’, however, will be enciphered on line N, making it Y. So the first word, ‘hello’, will now read: YETYF, which does n
ot look like a mono-alphabetic version of ‘hello’ at all. There’s no clue to the ‘ll’ digraph any more, and ‘Y’ stands for two different letters.
The longer message from above is encrypted like this:
KHMURRLRJTWSKHMZRLT
You are never going to crack this with frequency analysis or guesswork. To crack this, you need to know that RAIN was used as the key. This is the only way into a Vigenère cipher. Sometimes keys can be arrived at by simple guesswork, of course. After the World Trade Centre attacks, one firm lost almost all its staff. The remaining few decided to try to keep the company going but were hindered by the fact that all the company passwords had been lost because everyone who knew them was now dead. The remaining employees then sat down and went through every aspect of their dead colleagues’ lives, noting down locations of holidays, pet names and so on until they actually cracked all the passwords. I was told this story by someone at work who’d been particularly touched by the company spirit shown by these people. I just thought it was one of the creepiest things I’d ever heard.
Vigenère square
However, considering it is unlikely that you know the key word for a message someone does not want you to read, you have to proceed in a logical fashion and look for patterns in the message that will give you a clue to what the keyword might have been. Most messages would be vastly more complicated than any example. However, in our example, we can start to find patterns.
KHMURRLRJTWSKHMZRLT
The same trigraph, it seems, has been repeated in the message, implying one of two things. Either this is simply a random result of the encipherment, in which case it can’t help us, or perhaps it means that the same plaintext word has appeared under the same letters of the keyword and has been enciphered in the same way twice – in which case it will help us immeasurably.
It took a good 300 years after Alberti’s initial ideas for someone to work out how to crack Vigenère ciphers in this way. Charles Babbage, the crazy and brilliant inventor of the Difference Engine (the first computing machine), turned his attention to it after a bizarre argument with someone who thought he had invented poly-alphabetic ciphers for the first time.
‘I have invented a new, unbreakable code!’
‘Well, actually, it’s not that new. It’s been around for …’
‘I tell you, my code is unbreakable!’
‘That’s as may be – but you did not invent it.’
‘Are you challenging me?’
‘Well, yes, all right then, you imbecile.’
‘Let’s see you crack it, then!’
So Babbage, who could not resist a challenge from someone so obviously brain-dead, even if the challenge was absurd, eventually supplied us with our method. Babbage was a bit like this. As well as inventing the Difference Engine, he also invented the speedometer, the cowcatcher (a device fitted to trains to clear cattle from the tracks) and the basis of the modern postal system, where a letter can be sent anywhere in the country for the same price. He noted that if you could find patterns in a cipher like the one above, say the two instances of the trigraph KHM, you should then proceed the following way. Assuming you had a much longer piece of ciphertext, you would find as many instances as possible of repeated clusters of letters. Then you would count the letters from the beginning of each cluster to the beginning of the next. In our example above you would find twelve letters between the first K and the next one. What this tells you is that the keyword (the one that is written repeatedly above the plaintext during encipherment) must have a number of letters that is a factor of twelve i.e. 12, 6, 4, 3, 2 or 1, these being the numbers that divide into twelve. This makes sense, as we are assuming that the same letters repeat after twelve characters, in both the keyword and the plaintext message, resulting in the repeated cluster in the ciphertext. A two-letter key would have repeated six times before starting again; a twelve-letter key only once. With a longer piece of text it would be possible, usually, to narrow down the factors until the length of the word was obvious.
What happens next is rather complicated. If you had discovered that your keyword was four letters long, you would go through and label each letter in the ciphertext with a 1, 2, 3 or 4, depending on whether it would have been enciphered using the first, second, third or fourth letter of the keyword. Then you would perform frequency analysis on each set of letters; so for the letters marked with a 1, you would come up with a distinct frequency table which you could then compare with a list of normal frequencies. You would proceed the same way for each set of letters until you had each letter of the keyword, at which point you would decipher your message.
But this is not how I do it.
What I do is as follows. First of all I proceed the same way as Babbage would have done, trying to guess the length of the keyword by counting and factorising the letters between repeated clusters. But then I would be trying to find a short cut, being quite a fan of short cuts and not so much a fan of doing things the ‘right’ way, or going the long way around in general. So what I always do next is look for every repeated trigraph in the text and then go through trying each one as ‘the’. I would be lucky with the sample above, as the first word is, of course, ‘the’. I would work the letters KHM back using the Vigenère square (if K equalled ‘t’, then the line of encipherment would have been R; if H equalled ‘h’, the line of encipherment would have been A and so on) and rather quickly come up with the following to work from: I would have a keyword that has a number of letters that is a factor of twelve and which possibly begins with the letters RAI. Intuition immediately tells me this could be the word RAIN. In fact, when I check in my dictionary I find other words that would fit as well: RAID, RAIL, and RAISIN, each being a word beginning with RAI and having a number of letters that is a factor of twelve. So what I do next is simply try them all. And of course, when I put the letters of the word RAIN repeating above the ciphertext, it unscrambles nicely.
I look down at my notebook, in which I have written the following:
XYCGKNCJYCJZSDSPPAGHDFTCRIVXU??????????? CJ and CJ?? Repetition too soon.
The message is simply too short to have any useful patterns. Not that many short phrases actually contain convenient repetitions of the word ‘the’ or ‘and’ anyway. I yawn. Why has someone sent me this? Do they want me to read it or not? I sit there, listening to the noises outside in the dark, thinking how stupid this whole thing is. Why send a message with no key? I mean, it’s not as if I intercepted this – it was sent to me!
I am staring at the piece of paper so intently that it starts to blur beneath my eyes. The letters of the code merge and smudge together with the PopCo logo in the top left-hand corner and the With Compliments lettering in the middle. And then I suddenly wonder: is the key in fact here, with the message? Vigenère used the concept of a ‘priming key’: could there be one here too?
With my heart playing fast percussion, and my brain suddenly alert, I write the ciphertext out on my pad again, cleanly, and write the letters POPCO repeating on top of it. My makeshift Vigenère square, which I have drawn on a piece of paper, gives me the following result:
P O P C O P P P P O P O P C O P O P C O P O P C O P O P C
X Y C G K N C J Y C J Z S D S P P A G H D F T C R I V X U
i k n e w y o u w o u l d b e a b l e t o r e a d t h i s
I knew you would be able to read this. What kind of message is that? And who has sent it to me? I don’t like this very much, and the late-at-night factor doesn’t really help. I can’t relax now, so I pace the room smoking roll-ups until it is calm-ocean blue outside and only then do I get into bed.
Part Two
Bertrand Russell once shared a dream with G. H. Hardy. Russell dreamt he was on ‘the top floor of the University Library, about A.D. 2100’, said Hardy. ‘A library assistant was going around the shelves carrying an enormous bucket, taking down book after book, glancing at them, restoring them to the shelves or dumping them into the bucket. At last he came to the three large volumes which Ru
ssell could recognise as the last surviving copy of Principia Mathematica. He took down one of the volumes, turned over a few pages, seemed puzzled for a moment by the curious symbolism, closed the volume, balanced it in his hand and hesitated …’
From The Man Who Loved Only Numbers by Paul Hoffman
Chapter Ten
It’s hard trying to cook dinner for yourself when you are nine.
For one thing, it’s actually impossible for me to reach the grill unless I stand on a chair. I wasn’t allowed to do this before my father left; am I allowed to do it now? No. If I slip and fall now there’ll be no one to look after me or go to the phone box to ring for an ambulance. I have to be more careful now, like the way I’m being careful not to cry. Anyway, things you use the grill for, like sausages, are too complicated and I can’t afford sausages any more. Today, for the third day in a row, I am making porridge with water from the tap and the big box of oats in the cupboard. I haven’t told anyone what has happened. I haven’t told my best friend Yvonne, who isn’t talking to me anyway, and I haven’t told a teacher or a grown-up friend. I can look after myself.
Ten days ago I came home from school to find that my father had simply gone. There was a note: Sorry. Had to go. Ring your grandparents and they will look after you. Why haven’t I rung them? I don’t know. Perhaps it’s something to do with being so angry with my father that I can’t bear to follow his stupid instructions. Anyone knows that you don’t leave a nine-year-old child on her own. And maybe it’s something else, too: a vague sense that, if I can just hang on and weather this storm of unreality, the big waves of loneliness, fear and uncertainty will pass and things will just steady themselves back to normal. Dad will return from wherever he has gone, kiss me on the top of the head and apologise. However angry with him I am, my rationale is that I have to give him that chance. Phoning my grandparents would be tantamount to telling tales on him; I mean, if they knew he had left me here alone they would go ballistic. They’ve been complaining lately about me being what they call a ‘latchkey kid’, something to do with the fact that until my father stopped working, I used to let myself in when I came home from school. I have a feeling they will view this much, much more seriously than that.