Nihilist cipher
Encyclopedia
In the history of cryptography
, the Nihilist cipher is a manually operated symmetric encryption
cipher originally used by Russia
n Nihilist
s in the 1880s to organize terrorism
against the czarist regime. The term is sometimes extended to several improved algorithms used much later for communication by the First Chief Directorate
with its spies
.
using a mixed alphabet. This is used to convert both the plaintext
and a keyword to a series of two digit numbers. These numbers are then added together in the normal way to get the ciphertext, with the key numbers repeated as required.
with a plaintext of "DYNAMITE WINTER PALACE" and a key of RUSSIAN.
This expands to:
PT: 23 55 41 15 35 32 45 12 53 32 41 45 12 14 43 15 34 15 22 12
KEY: 14 51 21 21 32 15 41 14 51 21 21 32 15 41 14 51 21 21 32 15
CT: 37 106 62 36 67 47 86 26 104 53 62 77 27 55 57 66 55 36 54 27
, the basic Nihilist cipher is little more than a numerical version of the Vigenère cipher
, with multiple-digit numbers being the enciphered symbols instead of letters. As such, it can be attacked by very similar methods. An additional weakness is that the use of normal addition (instead of modular addition
) leaks further information. For example, (assuming a 5 × 5 square) if a ciphertext number is greater than 100 then it is a certainty that both the plaintext and key came from the fifth row of the table.
, several Soviet spy rings communicated to Moscow Centre using two ciphers which are essentially evolutionary improvements on the basic Nihilist cipher. A very strong version was used by Max Clausen in Richard Sorge
's network in Japan
, and by Alexander Foote
in the Lucy spy ring
in Switzerland
. A slightly weaker version was used by the Rote Kapelle network.
In both versions, the plaintext was first converted to digits by use of a straddling checkerboard
rather than a Polybius square. This has the advantage of slightly compressing the plaintext, thus raising its unicity distance
and also allowing radio operators to complete their transmissions quicker and shut down sooner. Shutting down sooner reduces the risk of the operator being found by enemy radio direction finder
s. Increasing the unicity distance increases strength against statistical attacks.
Clausen and Foote both wrote their plaintext in English, and memorized the 8 most frequent letters of English (to fill the top row of the checkerboard) through the mnemonic (and slightly menacing) phrase "a sin to err" (dropping the second "r"). The standard English straddling checkerboard has 28 characters and in this cipher these became "full stop" and "numbers shift". Numbers were sent by a numbers shift, followed by the actual plaintext digits in repeated pairs, followed by another shift. Then, similarly to the basic Nihilist, a digital additive was added in, which was called "closing". However a different additive was used each time, so finally a concealed "indicator group" had to be inserted to indicate what additive was used.
Unlike basic Nihilist, the additive was added by non-carrying addition (digit-wise addition modulo 10), thus producing a more uniform output which doesn't leak as much information. More importantly, the additive was generated not through a keyword, but by selecting lines at random from almanacs of industrial statistics. Such books were deemed dull enough to not arouse suspicion if an agent was searched (particularly as the agents' cover stories were as businessmen), and to have such high entropy density as to provide a very secure additive. Of course the figures from such a book are not actually uniformly distributed (there is an excess of "0" and "1" (see Benford's Law
), and sequential numbers are likely to be somewhat similar), but nevertheless they have much higher entropy density than passphrases and the like; at any rate, in practice they seem never to have been successfully cryptanalysed.
The weaker version generated the additive from the text of a novel or similar book (at least one Rote Kapelle member actually used The Good Soldier Schweik
, which may not have been a good choice if one expected to be searched by Nazis!) This text was converted to a digital additive using a technique similar to a straddling checkerboard.
The ultimate development along these lines was the VIC cipher
, used in the 1950s by Reino Häyhänen
. By this time, most Soviet agents were instead using one-time pad
s. However, despite the theoretical perfection of the one-time pad, in practice they were broken
, while VIC was not.
History of cryptography
The history of cryptography begins thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids...
, the Nihilist cipher is a manually operated symmetric encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
cipher originally used by Russia
Russia
Russia or , officially known as both Russia and the Russian Federation , is a country in northern Eurasia. It is a federal semi-presidential republic, comprising 83 federal subjects...
n Nihilist
Nihilist movement
The Nihilist movement was a Russian movement in the 1860s which rejected all authorities. It is derived from the Latin word "nihil", which means "nothing"...
s in the 1880s to organize terrorism
Terrorism
Terrorism is the systematic use of terror, especially as a means of coercion. In the international community, however, terrorism has no universally agreed, legally binding, criminal law definition...
against the czarist regime. The term is sometimes extended to several improved algorithms used much later for communication by the First Chief Directorate
First Chief Directorate
The First Chief Directorate , of the Committee for State Security , was the organization responsible for foreign operations and intelligence collection activities by the training and management of the covert agents, intelligence collection management, and the collection of political, scientific and...
with its spies
Cold War espionage
Cold War espionage describes the intelligence gathering activities during the Cold War between NATO and the Warsaw Pact. Because each side was preparing to fight the other, intelligence on the opposing side's intentions, military, and technology was of paramount importance. To gather this...
.
Description
First the encipherer constructs a Polybius squarePolybius square
In cryptography, the Polybius square, also known as the Polybius checkerboard, is a device invented by the Ancient Greek historian and scholar Polybius, described in , for fractionating plaintext characters so that they can be represented by a smaller set of symbols.-Basic form :The original square...
using a mixed alphabet. This is used to convert both the plaintext
Plaintext
In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties....
and a keyword to a series of two digit numbers. These numbers are then added together in the normal way to get the ciphertext, with the key numbers repeated as required.
Example
Consider the Polybius square created using the keyword ZEBRAS:| 1 | 2 | 3 | 4 | 5 | |
| 1 | Z | E | B | R | A |
| 2 | S | C | D | F | G |
| 3 | H | I | K | L | M |
| 4 | N | O | P | Q | T |
| 5 | U | V | W | X | Y |
with a plaintext of "DYNAMITE WINTER PALACE" and a key of RUSSIAN.
This expands to:
PT: 23 55 41 15 35 32 45 12 53 32 41 45 12 14 43 15 34 15 22 12
KEY: 14 51 21 21 32 15 41 14 51 21 21 32 15 41 14 51 21 21 32 15
CT: 37 106 62 36 67 47 86 26 104 53 62 77 27 55 57 66 55 36 54 27
Nihilist cryptanalysis
Because each symbol in both plaintext and key is used as a whole number without any fractionationFractionation
See also: Fractionated spacecraftFractionation is a separation process in which a certain quantity of a mixture is divided up in a number of smaller quantities in which the composition changes according to a gradient. Fractions are collected based on differences in a specific property of the...
, the basic Nihilist cipher is little more than a numerical version of the Vigenère cipher
Vigenère cipher
The Vigenère cipher is a method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution....
, with multiple-digit numbers being the enciphered symbols instead of letters. As such, it can be attacked by very similar methods. An additional weakness is that the use of normal addition (instead of modular addition
Modular Addition
Modular additions are usually side and 2nd story additions to homes that are pre-fabricated at the facilities. General characteristics of a modular home apply. For a 2nd story modular addition the existing house should have a sound structure as modular rooms are 30%+ heavier than the same stick-built...
) leaks further information. For example, (assuming a 5 × 5 square) if a ciphertext number is greater than 100 then it is a certainty that both the plaintext and key came from the fifth row of the table.
Later variants or derivatives
During World War IIWorld War II
World War II, or the Second World War , was a global conflict lasting from 1939 to 1945, involving most of the world's nations—including all of the great powers—eventually forming two opposing military alliances: the Allies and the Axis...
, several Soviet spy rings communicated to Moscow Centre using two ciphers which are essentially evolutionary improvements on the basic Nihilist cipher. A very strong version was used by Max Clausen in Richard Sorge
Richard Sorge
Richard Sorge was a German communist and spy who worked for the Soviet Union. He has gained great fame among espionage enthusiasts for his intelligence gathering during World War II. He worked as a journalist in both Germany and Japan, where he was imprisoned for spying and eventually hanged....
's network in Japan
Japan
Japan is an island nation in East Asia. Located in the Pacific Ocean, it lies to the east of the Sea of Japan, China, North Korea, South Korea and Russia, stretching from the Sea of Okhotsk in the north to the East China Sea and Taiwan in the south...
, and by Alexander Foote
Alexander Foote
In World War II, Allan Alexander Foote was a radio operator for a Soviet espionage ring in Switzerland. Foote was originally from Yorkshire in England, and had spent some time in Spain working for the Republican side during the Civil War in the '30s...
in the Lucy spy ring
Lucy spy ring
In World War II espionage, the Lucy spy ring was an anti-German operation that was headquartered in Switzerland. It was run by Rudolf Roessler, a German refugee and ostensibly the proprietor of a small publishing firm, Vita Nova...
in Switzerland
Switzerland
Switzerland name of one of the Swiss cantons. ; ; ; or ), in its full name the Swiss Confederation , is a federal republic consisting of 26 cantons, with Bern as the seat of the federal authorities. The country is situated in Western Europe,Or Central Europe depending on the definition....
. A slightly weaker version was used by the Rote Kapelle network.
In both versions, the plaintext was first converted to digits by use of a straddling checkerboard
Straddling checkerboard
In cryptography, a straddling checkerboard is a device for converting an alphabetic plaintext into digits whilst simultaneously achieving fractionation and data compression relative to other schemes using digits...
rather than a Polybius square. This has the advantage of slightly compressing the plaintext, thus raising its unicity distance
Unicity distance
In cryptography, unicity distance is the length of an original ciphertext needed to break the cipher by reducing the number of possible spurious keys to zero in a brute force attack. That is, after trying every possible key, there should be just one decipherment that makes sense, i.e...
and also allowing radio operators to complete their transmissions quicker and shut down sooner. Shutting down sooner reduces the risk of the operator being found by enemy radio direction finder
Radio direction finder
A radio direction finder is a device for finding the direction to a radio source. Due to low frequency propagation characteristic to travel very long distances and "over the horizon", it makes a particularly good navigation system for ships, small boats, and aircraft that might be some distance...
s. Increasing the unicity distance increases strength against statistical attacks.
Clausen and Foote both wrote their plaintext in English, and memorized the 8 most frequent letters of English (to fill the top row of the checkerboard) through the mnemonic (and slightly menacing) phrase "a sin to err" (dropping the second "r"). The standard English straddling checkerboard has 28 characters and in this cipher these became "full stop" and "numbers shift". Numbers were sent by a numbers shift, followed by the actual plaintext digits in repeated pairs, followed by another shift. Then, similarly to the basic Nihilist, a digital additive was added in, which was called "closing". However a different additive was used each time, so finally a concealed "indicator group" had to be inserted to indicate what additive was used.
Unlike basic Nihilist, the additive was added by non-carrying addition (digit-wise addition modulo 10), thus producing a more uniform output which doesn't leak as much information. More importantly, the additive was generated not through a keyword, but by selecting lines at random from almanacs of industrial statistics. Such books were deemed dull enough to not arouse suspicion if an agent was searched (particularly as the agents' cover stories were as businessmen), and to have such high entropy density as to provide a very secure additive. Of course the figures from such a book are not actually uniformly distributed (there is an excess of "0" and "1" (see Benford's Law
Benford's law
Benford's law, also called the first-digit law, states that in lists of numbers from many real-life sources of data, the leading digit is distributed in a specific, non-uniform way...
), and sequential numbers are likely to be somewhat similar), but nevertheless they have much higher entropy density than passphrases and the like; at any rate, in practice they seem never to have been successfully cryptanalysed.
The weaker version generated the additive from the text of a novel or similar book (at least one Rote Kapelle member actually used The Good Soldier Schweik
The Good Soldier Švejk
The Good Soldier Švejk , also spelled Schweik or Schwejk, is the abbreviated title of a unfinished satirical/dark comedy novel by Jaroslav Hašek. It was illustrated by Josef Lada and George Grosz after Hašek's death...
, which may not have been a good choice if one expected to be searched by Nazis!) This text was converted to a digital additive using a technique similar to a straddling checkerboard.
The ultimate development along these lines was the VIC cipher
VIC cipher
The VIC cipher was a pencil and paper cipher used by the Soviet spy Reino Häyhänen, codenamed "VICTOR".It was arguably the most complex hand-operated cipher ever seen, when it was first discovered...
, used in the 1950s by Reino Häyhänen
Reino Häyhänen
Reino Häyhänen, was an ethnic Finn Soviet Lieutenant Colonel who defected to the United States.-Birth and education:...
. By this time, most Soviet agents were instead using one-time pad
One-time pad
In cryptography, the one-time pad is a type of encryption, which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key of the same length as the plaintext, resulting...
s. However, despite the theoretical perfection of the one-time pad, in practice they were broken
Venona project
The VENONA project was a long-running secret collaboration of the United States and United Kingdom intelligence agencies involving cryptanalysis of messages sent by intelligence agencies of the Soviet Union, the majority during World War II...
, while VIC was not.