Nihilist cipher
From Wikipedia, the free encyclopedia
In the history of cryptography, the Nihilist cipher is a manually operated symmetric encryption cipher originally used by Russian Nihilists in the 1880s to organise terrorism against the czarist regime. The term is sometimes extended to several improved algorithms used much later for communication by Moscow Centre with its spies.
Contents |
[edit] Description
First the encipherer constructs a Polybius square using a mixed alphabet. This is used to convert both the plaintext and a keyword to a series of two digit numbers. These numbers are then added together in the normal way, with the key numbers repeated as required.
[edit] Example
Consider the Polybius square created using the keyword ZEBRAS:
1 | 2 | 3 | 4 | 5 | |
1 | Z | E | B | R | A |
2 | S | C | D | F | G |
3 | H | I | K | L | M |
4 | N | O | P | Q | T |
5 | U | V | W | X | Y |
with a plaintext of "DYNAMITE WINTER PALACE" and a key of NARODNIK. This expands to:
PT: 23 55 41 15 35 32 45 12 53 32 41 45 12 14 43 15 34 15 22 12 KEY: 41 15 14 42 23 41 32 33 41 15 14 42 23 41 32 33 41 15 14 42 CT: 64 70 55 57 58 73 77 45 94 47 55 87 35 55 75 48 75 30 36 54
[edit] Nihilist cryptanalysis
Because each symbol in both plaintext and key is used as a whole number without any fractionation, the basic Nihilist cipher is little more than a numerical version of the Vigenère cipher, with multiple-digit numbers being the enciphered symbols instead of letters. As such, it can be attacked by very similar methods. An additional weakness is that the use of normal addition (instead of non-carrying addition) leaks further information. For example, (assuming a 5 × 5 square) if a ciphertext number is greater than 100 then it is a certainty that both the plaintext and key came from the fifth row of the table. Also, if the last digit is 0, both must have come from the fifth column, and so on.
[edit] Later variants or derivatives
During World War II, several Soviet spy rings communicated to Moscow Centre using two ciphers which are essentially evolutionary improvements on the basic Nihilist cipher. A very strong version was used by Max Clausen in Richard Sorge's network in Japan, and by Alexander Foote in the Lucy spy ring in Switzerland. A slightly weaker version was used by the Rote Kapelle network.
In both versions, the plaintext was first converted to digits by use of a straddling checkerboard rather than a Polybius square. This has the advantage of slightly compressing the plaintext, thus raising its unicity distance and also allowing radio operators to complete their transmissions quicker and shut down sooner. Shutting down sooner reduces the risk of the operator being found by enemy radio direction finders. Increasing the unicity distance increases strength against statistical attacks.
Clausen and Foote both wrote their plaintext in English, and memorised the 8 most frequent letters of English (to fill the top row of the checkerboard) through the mnemonic (and slightly menacing) phrase "a sin to err" (dropping the second "r"). The standard English straddling checkerboard has 28 characters and in this cipher these became "full stop" and "numbers shift". Numbers were sent by a numbers shift, followed by the actual plaintext digits in repeated pairs, followed by another shift. Then, similarly to the basic Nihilist, a digital additive was added in, which was called "closing". However a different additive was used each time, so finally a concealed "indicator group" had to be inserted to indicate what additive was used.
Unlike basic Nihilist, the additive was added by non-carrying addition (addition modulo 10), thus producing a more uniform output which doesn't leak as much information. More importantly, the additive was generated not through a keyword, but by selecting lines at random from almanacs of industrial statistics. Such books were deemed dull enough to not arouse suspicion if an agent was searched (particularly as the agents' cover stories were as businessmen), and to have such high entropy density as to provide a very secure additive. Of course the figures from such a book are not actually uniformly distributed (there is an excess of "0" and "1", and sequential numbers are likely to be somewhat similar), but nevertheless they have much higher entropy density than passphrases and the like; at any rate, in practice they seem never to have been successfully cryptanalysed.
The weaker version generated the additive from the text of a novel or similar book (at least one Rote Kapelle member actually used The Good Soldier Schweik, which may not have been a good choice if one expected to be searched by Nazis!) This text was converted to a digital additive using a technique similar to a straddling checkerboard.
The ultimate development along these lines was the VIC cipher, used in the 1950s by Reino Hayhanen. By this time, most Soviet agents were instead using one-time pads. However, despite the theoretical perfection of the one-time pad, in practice they were broken, while VIC was not.
[edit] See also
[edit] References
- The Codebreakers, David Kahn 1968, 1974 edition Redwood Burn Ltd. pp344, 368.
Classical cryptography
|
---|
Rotor machines: CCM | Enigma | Fialka | Hebern | HX-63 | KL-7 | Lacida | M-325 | Mercury | NEMA | OMI | Portex | SIGABA | SIGCUM | Singlet | Typex |
Ciphers: ADFGVX | Affine | Alberti | Atbash | Autokey | Bifid | Book | Caesar | Four-square | Hill | Keyword | Nihilist | Permutation | Pigpen | Playfair | Polyalphabetic | Polybius | Rail Fence | Reihenschieber | Reservehandverfahren | ROT13 | Running key | Scytale | Solitaire | Straddling checkerboard | Substitution | Tap Code | Transposition | Trifid | Two-square | VIC cipher | Vigenère |
Cryptanalysis: Frequency analysis | Index of coincidence |
Misc: Cryptogram | Bacon | Polybius square | Scytale | Straddling checkerboard | Tabula recta |
History of cryptography | Cryptanalysis | Cryptography portal | Topics in cryptography |
Symmetric-key algorithm | Block cipher | Stream cipher | Public-key cryptography | Cryptographic hash function | Message authentication code | Random numbers |