Instructions for Code Switching in a Set of Codes in English (1792)

I uploaded a new article "Specimens from Papers of Francis Willes".
Of the motley of materials presented, the most interesting to me is a set of four codes in English (1792). The instructions prescribe that the codes could be switched even in one letter. Such code switching is what I observed in French diplomatic correspondence about that time ("Code Switching in French Diplomatic Correspondence and Intercepted Letter of Barbé-Marbois (1782)").

Codebreaking without Command of the Language

Suppose we have a ciphertext in a letter in, say, Spanish. Can we break it without command of Spanish? The answer is yes. Back in 2019, I gave a quotation from 1737 to this effect in "Is Codebreaking Possible without Knowing the Language?".
I saw similar observations in two books I recently read.

Elonka Dunin and Klaus Schmeh, Codebreaking: A Practical Guide, which I reviewed yesterday:
"Experience shows that breaking an encrypted message does not necessarily require command of the language used."
(p.76 in Japanese, p.74 in English)

Liza Mundy, Code Girls: The Untold Story of the American Women Code Breakers of World War II, which I mentioned last month:
"What Friedman had also taught them during their training is that you can break a foreign cipher without understanding the language, as long as you know how the letters in that language behave."
(p.138 in Japanese)

Japanese Edition of Codebreaking: A Practical Guide by Elonka Dunin and Klaus Schmeh

Codebreaking: A Practical Guide is now available in Japanese! The book is by Elonka Dunin and Klaus Schmeh and was first published in UK in 2020 (as I reported before). In US, a new expanded edition was published in September 2023 (announced here). The translation is based on the 2020 version, with additional appendices for reprint: Appendix D for the solution of the famous Zodiac killer cryptogram Z340, released right after the first publication plus Appendix E showing the Morse table. According to the translator's preface, the translation project started soon after the initial publication.

Although I'm mentioned as one of contributors to the original English version (p.16 of the translation), I believe the following is not too partial.

Use of the polite style in Japanese (cf. Hiragana Times), as well as presenting personal names in the original roman alphabet, is, I believe, the style commonly adopted in textbooks/manuals in the field of computing and cybersecurity where the expertise of the translator belongs.

The translator, who accepted the offer of this project after seeing the high rating of the original edition abroad and endorsements by experts, got absorbed in classical cryptography through reading the book. The numerous translator's notes inserted between paragraphs attest to the zeal to help beginners understand the content. Sometimes, the translator's note runs half of a page (e.g., p.229). Given the evident zeal, it could have been better but for the occasional typos and a few relevant errors.
The translator's notes are more than just a guide for beginners. I myself found useful the explanation of the very first steps of CrypTool 2 on p.7-8! At times, additional information is given, like the solution of the Silk Dress cryptogram in 2024 (p.153). I found interesting the episode of a Lorenz machine being sold on eBay for 9.5 pounds in 2016! (The news received media coverage at the time: NPR, BBC, The Guardian).

With so many topics about paper-and-pencil ciphers with many worked-out examples, numbering the sections adopted in the Japanese verion (including in the running head) is convenient for referencing and navigating. I never thought such a voluminous work (nearly 500 pages) can be published in Japanese at such an affordable price (3,480 yen before tax).
I enjoyed re-reading this book in Japanese, with occasional reference to the original in English.
Congratulations to the authors on the publication!

A Great Cipher Left Undeciphered by William Blencowe

An intercepted letter from the French foreign minister Torcy to French ministers sent to the peace talk at Geertruidenberg, dated 3 April 1710, is endorsed "M Blencow cannot decypher them."
Filed with it is another letter from Marshal Villars to the Abbé de Polignac, dated 1 June 1710. This also seems to be undeciphered.
I uploaded a new article "A Great Cipher Left Undeciphered by William Blencowe" describing BL Add MS 61575 including these. I also added references to these undeciphered pieces in "Unsolved Historical Ciphers"

Frederick I of Prussia's Transposition Cipher

I noticed three transposition ciphertexts (two of which are attributed to King Frederick I of Prussia) in DECODE. Two appeared to be non-decrypted, and I could solve them without much difficulty.
See my new article "Frederick I of Prussia's Transposition Cipher". I also listed them in "Unsolved Historical Ciphers."

Cardinal Richelieu Used a Porta-like Pairing Cipher?

Just as I wrote about the outage of the British Library's online services the other day, another important source, Internet Archive, went down about 10 October because of a DDoS attack. It's a sad realization that online services we take for grated may be attacked anytime and the attackers may have success sometimes.

Thankfully, it seems Internet Archive (at least archive.org that I need) appears to be working now.
Thus, I could access Wits Interpreter (1, 2), attributed to John Cotgrave (Wikipedia), which I learned printed Richelieu's cipher the other day. (Somehow, at that time, before the attack on Internet Archive, my search could not find this on Internet Archive.)
The cipher attributed to Richelieu (p.491) is a Porta-like pairing-based cipher. But the other ciphers following this all seem to be taken from Porta's book. So, a more reliable source is needed to confirm Richelieu really used this cipher. (After writing this, I noticed the section on Richelieu in "French Ciphers during the Reign of Louis XIII" already mentions Wits Interpreter from a secondary source.)

 

Some Ciphers from Henry IV's Time

When I was searching about the French ambassador Bordeaux in writing the post the other day, I ran across Dupuy 63. I added several ciphers from this volume:
ciphers of Seguier, Buzanval, and an informant to Henry IV (1601) in "French Ciphers during the Reign of Henry IV of France"; and
Francesco Guicciardini's Cipher (1597) in "Florentine Ciphers of Guicciardini (ca.1590-1593)".
It is notable that the three ciphers used in 1601 are of different nature. Buzanval (ambassador in The Hague) employed a symbol cipher with a seemingly large nomenclature in symbols. Seguier (ambassador to Venice) employed a symbol cipher, but his nomenclature was in Arabic figures with diacritics. The cipher of the king's informant employs Arabic figures both in the substitution table and the nomenclature, the character reminiscent of a cipher used with the Landgrave of Hesse-Cassel.

Two French Ciphers (ca.1643) in English Archives

French ciphers are sometimes found in English (and probably other) archives. I wrote about the Prince of Conde's cipher and one other the other day. Now, I added mention of two French ciphers (M. de Boisivon, Prince Harcourt) in "Ciphers Early in the Reign of Louis XIV". Although these were shared with English royalists, they are similar to contemporary French ciphers.

A Bundle of Ciphers of Lord Digby

It's almost a year since the British Library's computer system was disrupted by a cyber-attack (ransomware) in October 2023, but my links to BL materials do not work yet. It seems rebuilding the whole system to replace the previous patchwork of many legacy systems is taking time to fully recover their services (BL, detailed report as of March 2024 (pdf)). At least, I'm hopeful for future recovery because they say they have secure copies of all the digital collections and related metadata.

I was reminded of this when I saw volumes I studied some years ago in the DECODE database.
One of them is BL Add MS 72438 (a majority of no.8619-no.8645 in DECODE), which I found at https://www.bl.uk/manuscripts/FullDisplay.aspx?index=3&ref=Add_MS_72438 back in 2021, but the URL does not work now.
This volume contains "Cipher-keys and intercepted royalist correspondence from the papers of Georg Rudolph Weckherlin, government official, 1625-1647."
Georg Rudolph Weckherlin served Charles I in drafting, deciphering, and translating official correspondence, but after the Civil War broke out, he worked for the Parliament (DNB). In particular, he deciphered intercepted royalist letters (cf. n.36 in Philip Beeley, "Breaking the Code. John Wallis and the Politics of Concealment"). When Lord Digby's papers were captured after his defeat at Sherburn in October 1645, the cipher letters were delivered to Weckherlin (and a Mr. Frost), as I quoted in "Charles I's Ciphers".
F.1-f.24 are intercepted royalist letters (some are endorsed by or are in the hand of Weckherlin).
F.25-f.99 are cipher keys captured from Lord Digby's papers in October 1645. This includes the original of what I call "Third Cipher between Charles I and Henrietta-Maria (and Ministers) in Paris (Summer 1644-June 1645)" (f.67-68, DECODE R8687). F.100-101 (R8723) is its partial key (apparently by a codebreaker).
F.110-150 are ciphers used by Weckherlin while he was in the service of Charles I (ca. 1623-1641), partly in Latin and French.
I added two from Add MS 72438 which I believe are undeciphered in "Unsolved Historical Ciphers".

Another volume familiar to me is BL Add MS 18982 (DECODE (R8428-R8454)), which was at https://www.bl.uk/manuscripts/FullDisplay.aspx?index=0&ref=Add_MS_18982 when I found it before. It contains "Royalist correspondence, primarily addressed to Prince Rupert, 1645-1658."
Most of the undeciphered ciphertexts can be read by using already deciphered letters or with known keys. I added one from Add MS 18982 in "Unsolved Historical Ciphers".

Chinese Enciphered Code Analyzed in Arlington Hall

I wrote something about Chinese enciphered codes in "Chinese Cryptography: 1871-1945", but the materials available are relatively scanty. Now, I learned in Liza Mundy, Code Girls that a Chinese enciphered code was among those analyzed in Arlington Hall during WWII:
"There was a French code called Jellyfish, a Chinese enciphered code they called Jabberwocky, another they called Gryphon." (p.154 of the Japanese edition)
The source given is a weekly report (RG 0457, 9032 (A1), Box 1114, "Signal Security Agency Weekly Reports, Jan to Oct 1943", Weekly Report for Section B-III, July 9, 1943). I wonder whether the original materials are not preserved.

How about a Puzzle in Latin?

The additions reported yesterday include two unsolved ciphers (Bishop of Worcester, Serno Gilino). Both are in letters written in Latin (probably to Cardinal Wolsey) in the 1520s and both employ superscript digits (but they are clearly different ciphers).
For Worcester's cipher, I could identify symbols for single letters and some syllables. But when I apply these to undeciphered letters, I can only see some short fragments (e.g., "hu-n-c me-a-m", "no-n", "o-m-ni?-a") and the few long sequences of known symbols are incoherent to me (e.g., "...ri-s-tu-m-ri-po-r-ta-re-s-pe-re-n-t"). (I can see "riportare" but cannot think of words ending in "ristum" or beginning with "sperent".) For those versed in Latin, filling the blanks may be an interesting puzzle.
The relevant sections are now added in "Unsolved Historical Ciphers". See Ciphers during the Reign of Henry VIII for details.

An Early English Cipher Used by Cuthbert Tunstall (1517)

Cipher was already in routine use in the first years of the reign of Henry VIII. I now added one used by Cuthbert Tunstall in 1517 in "Earliest English Diplomatic Ciphers". It is used in the context of "the new treatie of Cambray". (In the treaty of Cambray signed on 11 March 1517, Francis I, Henry VIII, and the Emperor agreed on a crusade against the Turks (Sanderson Beck).)
I also added several specimens from 1526-1529 (Edward Lee, Bishop of Worcester, Francis Poynts, Sylvester Darius, Serno Gilino) in "Ciphers during the Reign of Henry VIII".

Two Syllabic Challenges (1653, 1654)

The volume I mentioned yesterday (ADD MS 4200) includes two letters that appear to be undeciphered: a letter of Bordeaux, French ambassador in London (1653) and a letter of the Prince of Condé (1654). I included sections for these in "Unsolved Historical Ciphers".
Both employ Arabic figures with diacritics and probably involve symbols representing syllables.

The ambassador's cipher would be similar to other French diplomatic ciphers having fairly regular assignment of syllables to numbers.
The Prince of Condé was in the Spanish Netherlands and fought the French at that time. If his cipher in 1654 was similar to the known cipher from 1655, it would involve non-trivial assignment of syllables to numbers.

The Prince of Condé's Cipher with his Agent in London

The cipher used in the correspondence from 1655 between the Prince of Condé and Barriere, his agent in London, (Add MS 4200) is better than contemporary French ciphers in that single letters, syllables, other words and names, and nulls share diacritics. For example, single letters may be represented by figures with a circumflex (^) or an umlaut (¨) (or other symbols based on Roman letters), while some syllables and words are also represented with figures with a circumflex or an umlaut.
At the time, Condé was in exile in the Spanish Netherlands and was fighting the French troops. It may be speculated that he might have had his source of cipher other than the king's court.
See the new section in the updated article, "Ciphers Early in the Reign of Louis XIV".

A Syllabic Cipher of Cardinal Gualterio Reconstructed Manually

I uploaded a new article "A Syllabic Cipher of Cardinal Gualterio Reconstructed Manually (ca.1715)", in which I demonstrate manual reconstruction of symbols representing syllables used in letters of Abbé D'Estées, given assignment of symbols for single letters.
The letters record real-time reactions to historical events such as James Edward's expedition to Scotland (December 1715), Prince Eugene's victory over the Turks (August 1716), Spanish invasion of Sardinia (August 1717), and the Triple Alliance (January 1717). Actually, these are mentioned in cleartext. Hopefully, the ciphertext contains even more interesting contents. (I don't know whether the plaintext is in the archives.)

Parliament's Ban on Ciphers during the English Civil War

Use of cipher was prohibited during the English Civil War by an order passed by the Parliament in April 1643: "That all such should be punished as Spyes and Enemies of the State, who hereafter should send any Letters or Papers written with Cyphers, or any other unknowne Characters." (Nadine Akkerman, "Enigmatic Culture of Cryptology" in Daybel et al. (ed.) (2016), Cultures of Correspondence in Early Modern Britain).

But the ban was only selectively enforced, at least in the view of the royalists. The Mercurius Aulicus (21 October 1643), a weekly royalist news pamphlet, accused the parliamentarians of the partisan application of the rule and printed an intercepted cipher letter subscribed by a Parliamentarian, a Matthew Durbun, pointing out that the parliamentarians "when they please can practice it, without the least transgression of their order, which it seems was made only for the punishment of the Kings friends but not for such innocent Rebels as they are."

How long the ban was in effect is not known for sure. While it was natural for the royalists to continue using ciphers (see "King Charles I's Ciphers"), we know that under John Thurloe (head of intelligence from July 1653), informants used ciphers (see "Codes and Ciphers of Thurloe's Agents"). Akkerman points out John White's A Rich Cabinet with Variety of Inventions (1653) promoted use of cipher when writing love letters and John Cotgrave's The Wits Interpreter (1655; 1662; 1671) described one of Cardinal Richelieu's cipher keys and recipes for secret ink. By these days, ciphers as well as steganographic techniques such as secret ink became quite common even among ordinary people.

Duke of Nevers' Variable-Length Figure Cipher (1571)

From my renewed interest in variable-length figure ciphers I mentioned the other day, I uploaded my transcription of a ciphertext from an undeciphered letter in Italian from Lodovico Birago to the Duke of Nevers (1571) in "Unsolved Historical Ciphers".
Although the ciphertext is relatively short, once the continuous stream of figures can be broken into tokens (cipher symbols), homophonic solvers may readily decipher this.

A Second Copy of Music Cipher to Charles II Acquired by the British Library (ca.2018)

Sheet music concealed a secret message to Prince Charles (later Charles II) fleeing after the defeat in the Battle of Worcester: "Conceal yourself. Your foes look for you." Another version concealing the same message is said to be for another Prince Charles, Jacobites' Charles III known as the Young Pretender. Both of these have a plausibly sounding story of their provenance. I wrote about these in "Musical Notes Concealing A Warning to Fleeing Prince Charles" back in 2015.
What I didn't know then is that the cipher to Charles II quoted in my article is in the British Library (Add MS 45850, f.68), but its provenance through the Port family I found in googling is about another copy, which the British Library newly acquired (as of February 2018) (Add MS 89288). I learned of this in the British Library's blog article, "'Conceal yourself, your foes look for you': revealing a secret message in a piece of music" (20 February 2018).

I was reminded of this topic when reading Nadine Akkerman and Pete Langman (2024), Spycraft, which refers to Nadine Akkerman (2018), Invisible Agents (the BL's blog also mentions forthcoming publication of this book). Akkerman discusses the nineteenth century copy in BL Add MS 45850 and considers it a hoax. Her dismissal of Jane Lane as the author based on the latter's literacy level is convincing. Even if we assume other authorship, it is hard to think of circumstances in which this kind of cipher came into play ("it is not as if Charles Stuart did not know his enemies were searching for him" etc.).

Use of Diacritics/Exponents/Vowel Indicators in Milanese Ciphers

Some years ago, I noticed the vowel indicator system characteristic of Spanish ciphers in the reign of Philip II had been in use from Charles V's time and similar symbols were also used in Milanese and other ciphers ("Tracing the Origin of Vowel Indicators in Spanish Ciphers").
I now see Milanese ciphers used combined symbols with diacritics or exponents as early as the mid fifteenth century but syllables were not formed systematically as with vowel indicators. I now added a section about this: "Use of Exponents/Diacritics/Vowel Indicators in Milanese Ciphers (1450s-1530s)."
It seems systematic vowel indicators are a degenerated form of such ciphers, but dating of the ciphers in the archives is necessary to assess such a hypothesis.

Constantijn Huygens Jr.'s Secret in Simplistic Concealment Cipher

Constantijn Huygens Jr. (1628-1697), a brother of the physicist Christiaan Huygens, used a cipher in some part of his journals. In late twentieth century, it was found out that encrypted words can be read by simply ignoring odd-numbered letters. For example, b.mregtvelennphnōdesr reads met een hoer ("with a prostitute") (there is one extra letter, which may be an error). The cipher typically concealed such embarrassing privacy of the diarist. I learned of this in Christopher Joby (2014), The Multilingualism of Constantijn Huygens (1596-1687) p.282.

Constantijn Jr. was secretary of Prince of Orange William III (my favoutie historical character) since the latter became stadtholder in 1672. He records his personal experience in participating in major events such as William's campaings to oppose the French invasion, the expedition to England (the Glorious Revolution), and the Irish campaign to prevent the return of James II. Joby (2014) includes some quotes from these (p.284 ff.), and more would be found in Rudolf M. Dekker (2013), Family, Culture and Society in the Diary of Constantijn Huygens Jr, Secretary to Stadholder-King William of Orange. His journals seem interesting in describing historical events from a personal point of view. For example, the day after William III's coronation, from which he was absent, he wrote, "In the early afternoon I was with the king, who asked me where I had watched the coronation. I said that I had been busy deciphering the resolution of the States General, received in cipher, about the alliance with the Emperor, because I thought that the king would want to read this quickly. He asked me if I had received a coronation badge, and I answered no, without receiving much of a response." (ibid. p.40)

Codebreaker Constantijn Huygens

I've heard that Constantijn Huygens Sr. (1596-1687; the father of the famous physicist, Christiaan Huygens) did codebreaking, but it was only recently that I learned that he regularly served in that capacity in Chapter 2 of Nadine Akkerman and Pete Langman (2024), Spycraft (p.153-156). According to this book, he studied cryptanalysis at the University of Leiden in 1616 and even got a pay raise while serving as a secretary to Prince of Orange Frederick Henry since 1624. The authors translate his proud words about his achievements in his autobiography: "At every siege, I proved my skills, anticipating the tricks of the enemy by means of my own knowledge of deceit ...." Particular reference was made to his contribution to the siege of Breda (1637) when requesting a pay raise.

His first achievement in the field appears to have been during Frederick Henry's siege of 's-Hertogenboschin 1629, when he was asked to decipher intercepted Spanish letters in cipher by using his knowledge of Spanish (Christopher Joby (2014), The Multilingualism of Constantijn Huygens (1596-1687), p.78).

He was not always successful. At one time in 1634, he said ciphers of the king of Spain were "more difficult to conquer than" the king himself. (Akkerman and Langman, p.154)

While his library contained many books on cryptography, ciphers he designed for royalists during the English Civil War were simple homophonic substitution ciphers albeit with an extensive nomenclator (ibid. p.156). (I'm inclined to think such ciphers were the most practical after all. John Wallis also proposed a simple Caesar cipher when asked for an "easy cipher", as noted in "John Wallis and Cryptanalysis".)

(By the way, Joby (2014) discusses "code switching", which has nothing to do with cryptography and may be broadly understood as switching to different languages when quoting etc.)

A Second "More Ample" Babington Cipher

Chapter 2 of Nadine Akkerman and Pete Langman (2024), Spycraft details on the undoing of Mary, Queen of Scots, in the Babington Plot and points out many facts which should have been apparent from well-known sources.

(1) The famous cipher used in Mary's fatal letter of 17 July 1586 to Anthony Babington was a very simple one. (The first letter from Mary to Babington dated 25 June 1586 (Pollen (1922) p.15) was also in the same cipher, as I noted in "Ciphers of Mary, Queen of Scots". The 17 July letter was a reply to Babington's response to this first letter.) When one learns that Mary used more elaborate ciphers with other correspondents (as seen in the collection of keys in SP53/22, SP53/23), one cannot help wondering why such a simple cipher was used in this important correspondence.

The authors point out (p.133) that new correspondents were given a simple cipher at first and a fuller one later. Indeed, the 17 July letter ends with "I have commanded a more ample alphabet to be made for you, which herewith you will receive" (cf. Pollen (1922), p.26 ff., esp. p.45).

According to the authors (p.138), such a "mature" cipher was actually used by Babington in his reply dated 3 August 1586 (Pollen (1922) p.46-47, printed from SP53/19 no.10), but the key was intercepted by the authorities and the letter was readily deciphered by Phelippes. Phelippes attests "The new Alphabet sent to be used in time to come between that Queen and Babington ... is of Nau's hande" (I have not checked the cited SP53/19 no.85, which is Phelippes' record of the secretaries' testimony from 4 September, to see whether "in time to come" really refers to the 3 August letter).
[(8/14/2024) Nau's argument is printed in Tytler's History of Scotland. It says "The new alphabet sent to be used in time to come between that Queen and Babington, accompnying the bloody despatch, is of Nau's hand." So the cipher was attached to the 17 July letter (consistent with Mary's wording "herewith") and it may well have been used in the 3 August letter. Curle's cover letter to Barnaby enclosing the 17 July letter says "Giuen hereiwth is the addition to this alphabet" (Pollen (1922) p.25). If this does not refer to an update to the Mary-Babington cipher, such an update may well have been enclosed at the same time.]

(2) Another observation of the authors interesting from a cryptologic viewpoint (p.134-135) is that the well-known copy of the Mary-Babington Cipher in SP12/193/54 is a copy from the original, rather than a product of Phelippes' codebreaking. This can be seen from the nomenclature entries such as "your name" and "myne."

On the other hand, before concurring with the authors' conclusion that Phelippes did not break the Mary-Babington cipher at this time because he already had the key, we may need to assess whether it was feasible to associate a particular intercepted key to Babington (for example, if the three keys on SP12/193/54 were the only keys sent out around June 1586, the authentic key could have been used by Phelippes).

Codebreaker John Somer in the 1580s

An Engilsh Codebreaker, John Somer, was active in the 1560s and the 1570s, as noted in "Ciphers during the Reign of Queen Elizabeth I". On the other hand, the name "John Somer" is often mentioned in 1584-1585 as a secretary to Ralph Sadler, keeper of Mary, Queen of Scots in captivity. I have long wondered whether these are the same person, but now the question is affirmatively answered by Nadine Akkerman and Pete Langman (2024), Spycraft, which induced me to reexamine a little bit. I now added a section "John Somer in the 1580s."

(2024/09/08) I remembered my article on Mary's ciphers mentions Walsingham's forwarding Mary's letter to be deciphered by Somer in October 1582. I now added a mention of this.

Bolton's Telegraph Code (1871) Adopted by Japanese Foreign Ministry

I recently learned the Japanese Foreign Ministry adopted Bolton's Telegraph Code (1871) in 1880. It was about the time when major cities in Japan came to be connected by telegraphy.
I added this note to "Nonsecret Code: An Overview of Early Telegraph Codes" and "日本の電信暗号".
According to John McVey's website, a copy of the codebook is in the British Library.

Three Unknown Chinese Codebooks (ca. 1905)

I came across a reference to three Chinese codebooks used around 1905: 「密電秘鑰」（Midian Miyao）、「中国密電簡明表」（Zhongguo Mi dian Jianming Biao）、「行軍電報」（Xingjun Dianbao）. Their format seems to be similar to that of known codebooks. I added a note on this in "中国の暗号：1871-1945" and its abridged version in English: "Chinese Cryptography: 1871-1945".

Ciphertext-only Attack on Classical Ciphers by Using AI

Even Chat GPT-4 could not tell me about papers about codebreaking with AI, but once I came across one paper (see the previous post), googling with its title returns a number of relevant papers. (That is, my question did not include relevant key words.)

My interest is in a ciphertext-only attack on homophonic ciphers or syllabic ciphers, which are the most common ciphers in the early modern period. Although I have not found a work on neural network approach on these, two (also cited by Closa (2023) mentioned in the previous post) are interesting in dealing with ciphertext-only attack on the Caesar (shift) cipher, the Vigenere cipher, and (monoalphabetic) substitution cipher.

Focardi et al. (2018) claims to be the first to provide a ciphertext-only attack on substitution ciphers based on neural networks (Abstract). It assumes a weakness of the cipher is given and the neural network exploits it.
(i) In the case of the Caesar cipher (a.k.a. the shift cipher), the key is a single number (e.g., up to 26). The frequencies of symbols generally reflects the frequency of letters (e.g. of English-language text). Thus, a neural network is trained to predict a key from the frequencies. The trained neural network can "recognize" the key without actually trying shifts to see whether readable text is obtained.
(ii) For the Vigenere cipher, a key length (m) is assumed and the Caesar classifier is applied to subtexts composed of symbols taken from the ciphertext at distance m. This is like a conventional method by using brute force but employs the Caesar classifier from (i).
(iii) For general (monoalphabetic) substitution ciphers, an overall framework is similar to conventional hill climbing. Starting from a random key, a "goodness" value is computed. After changing the key a little bit, the "goodness" value is computed again. If it has improved, the change is kept; otherwise the change is discarded. By iteration, the key is improved step by step. Again, the authors' method does not need to actually try intermediate keys to see whether a plausible plaintext is obtained. Instead, a neural network is trained with 3-grams of both plaintexts and ciphertexts. Although they "have no guratantees that this will provide a good classifier which is able to tell 'how' similar is a text to a plaintext and, consequently, how good is a key, but experimental results have confirmed that the method is effective." It will be interesting to see whether this works for homophonic ciphers or syllable ciphers.

Ahmadzadeh et al. (2021) seems to achieve what I thought impossible: training with plaintext/ciphertext pairs (Table 4) allows deciphering a ciphertext with an unknown key. The decryption function is learned "regardless of the cipher complexity or key length" (IV D). While experiments were done with Caesar, Vigenere, and (monoalphabetic) substitution, the authors consider their approach "has the potential to crack modern ciphers" (IV H).
To learn the decryption function from the plaintext/ciphertext pairs, they used an attention-based LSTM encoder-decoder model (Fig. 3). To quickly recall the terminology, a class of neural networks that can have "memory" is a recurrent neural network (RNN). A class of RNN that solves its problem (vanishing gradients in deep networks: "A small gradient value does not contribute very much to learning") is LSTM. A problem with LSTM ("a lengthy input sequence causes LSTM to forget important information along the sequence") is solved by an attention mechanism, which allows "dynamically highlighting important features of the input data" (III A).
As a prerequisite, they assume the ciphertext has "punctuation" and can be readily parsed into words (Fig. 4). It will be interesting to see whether their work can be generalized to ciphertext without punctuation.

References:
Riccardo Focardi and Flaminia L. Luccio (2018), "Neural Cryptanalysis of Classical Ciphers", Italian Conference on Theoretical Computer Science (ICTCS 2018), Urbino, Italy, September 18-20, 2018 (CEUR-WS.org).
Ezat Ahmadzadeh, Hyunil Kim, Ongee Jeong, and Inkyu Moon (2021), "A Novel Dynamic Attack on Classical Ciphers Using an Attention-Based LSTM Encoder-Decoder Model", IEEE Access, 2021, vol.9, pp.60960-60970, DOI: 10.1109,ACCESS.2021.3074268 (IEEE Xplore)

Codebreaking with AI

In 2016, the public was made aware of how AI (artificial intelligence) dramatically improved the quality of machine translation (Google's release in Japanese). It naturally raises a question: is codebreaking possible with AI?
For a long time, I couldn't find a positive answer to this question. Although my search was half-hearted, even Copilot with Chat-GPT-4 did not give a relevant answer to my question: "Are there papers about codebreaking by using AI?" Then, I noticed a poster abstract in HistoCrypt 2024: Oriol Closa, "Polyalphabetic cipher decryption function learning with LSTM networks", which seems to be based on her master thesis, Closa Oriol (2023), "LSTM-attack on polyalphabetic cyphers with known plaintext: Case study on the Hagelin C-38 and Siemens and Halske T52" (KTH). It teaches that "the application of Machine Learning to extract key information from intercepts is not a well researched area yet." (Abstract) and there are even "many authoritative opinions within the field" against utility of machine learning in classical cryptography (p.57).

Machine "learns" by finding a best parameter set for a model, which is like a very complex filter that receives an input and produces an output. In an example of machine translation, the input is a sequence of words in English and the output is a sequence of words in Japanese. In order to train a machine in this example, bilingual corpus of corresponding texts in the two languages is fed to the computer, whereby the computer learns an English-Japanese translation model. Given a new text in English, the trained computer can apply the model (filter) on the input to produce a text in Japanese as an output.

By analogy, given a corpus of ciphertext/plaintext pairs, AI may learn to decipher a new ciphertext into a plaintext. However, it should be limited to the case where the new ciphertext is based on the same cipher key used for training -- that's what I thought. But the thesis taught me machine learning can do more than that. (The key is included in the training data (p.39).)
Remember that the output of a trained model need not be similar to the input. For example, when the input is a text in English, the output may be some classification or labelling of the text rather than a text in another language. In Oriol (2023), in my understanding, the input is ciphertext, a crib (known plaintext, presumably corresponding to the ciphertext), and a null key (a placeholder in the input vector), and the output is plaintext (which should match the crib and is included only for analysis) and the extracted key (p.34). Thus, this seems to receive a maching ciphertext/plaintext pair to produce its key ("extract the external key given a combination of plaintext and ciphertext without the use of the internal setting" p.51).

The thesis deals with four ciphers: Vigenere, Playfair, Hagelin C-38, and Siemens and Halske T52 with LSTM networks (a kind of neural network). Main differences among them are the decipher function reflecting the cipher scheme (I guess this means the cipher algorithm is known and only the key is to be found out), the crib length (e.g., 15, 25), and the size of the hidden layer (e.g., 256, 2048) (p.33, 40). The author says LSTM networks can extract key information given a crib (in my understanding, this is a matching plaintext/ciphertext pair) for Vigenere, Hagelin C-38, and Siemens and Halske T52, but not Playfair.

(16 July 2024) Ajeet Singh, Kaushik Bhargav Sivangi, and Appala Naidu Tentu (2024), "Machine Learning and Cryptanalysis: An In-Depth Exploration of Current Practices and Future Potential", Journal of Computing Theories and Applications (JCTA, DOI: https://doi.org/10.62411/jcta.9851), Vol. 1 No. 3 (2024) also says "the integration of machine learning, and specifically deep learning, into cryptanalysis has been relatively unexplored."

George Lasry's Paper on Syllabic Cipher Released

Last year, I reported George Lasry's solution of syllabic ciphers. Syllabic ciphers are ciphers with many symbols for syllables as well as those for single letters.
Details of his algorithm are now published in George Lasry, "Deciphering Historical Syllabic Ciphers" (HistoCrypt 2024).

One might be tempted to say extension of a homophonic solver to a syllabic solver only involves enlarging the search space for, say, 25 letters of the alphabet by adding variables for 25*25=625 syllables. However, since last year, I've been wondering how to design a scoring function for intermediate decipherments. In typical homophonic solvers, 4-grams or 5-grams are used in computing a score. For example, if an intermediate decipherment abounds in plausible 5-grams (e.g., "ISION", "EMENT", "ETLES" for the French language), it receives a high score. But when symbols represent syllables such as "SI", "ON", "EM" "EN", just random assignment of these syllables might result in a relatively high score.
The answer to my year-long question turned out to be very simple. The scoring function is based on 4-grams, composed of not only single letters but also syllables. Thus, a 4-gram may be "E-S-T-A" or "CO-N-TRO-L" (p.177).

While it is easy to say this, it is quite another to implement it, because this involves re-constructing the whole language model. A language model represents frequency characteristics of all possible 4-grams (or 5-grams etc.) in a large corpus of text in the language in question. For a language model for conventional homophonic solvers, creating a language model amounted to simply counting letter groups. For a syllabic solver, it is necessary to first break text in the corpus into syllables, but there can be many ways to split a word. For example, the word ESTABLISHED may be broken into E-S-TA-B-LI-S-HE-D (using only CV syllables), ES-TA-B-LI-S-H-ED (using CV and VC), E-STA-BLI-S-HE-D (allowing also CCV), or the like (p.174). Naturally, success of the algorithm depends on the choice of the set of syllables used and the decomposition scheme, which required "extensive trial-and-error to fine tune" (p.176, 179).
And of course, the more than ten-fold increase in the number of variables (which more than exponentially expands the search space) means "extensive computing power" is required. George used a 64-core Windows 10 Pro PC with 256 Gbytes of RAM memory (p.176), whereas one commercial PC I see on the web has 4-core and up to 3.40 GB of memory.

His groundbreaking new scheme has proven its merits by breaking ten ciphertexts (including five with known keys).

Reconstructed Ciphers related to Mary, Queen of Scots, preserved in Scottish Catholic Archives (SCA)

Fourteen ciphers used in the correspondence of James Beaton, Archbishop of Glasgow, and reconstructed by Bishop Kyle in the nineteenth century are preserved in the Scottish Catholic Archives (SCA). I now added mention of these in "Ciphers of Mary, Queen of Scots".

Early French Figure Ciphers

An early specimen of a French figure cipher (digit cipher, numerical cipher) is discussed in Camille Desenclos and George Lasry, "An early French digit cipher: deciphering a letter from the King of France to the Duke of Nevers (1592)" (HistoCrypt 2024).
It is used in a letter from Henry IV to Duke of Nevers, 12 September 1592 (BnF fr.3620, f.70-71)(p.47). The cipher employs variable-length figures written continuously, but the authors could parse the ciphertext into cipher symbols by assuming three-digit figures always start with "1" (p.48; see also my articles from 2017-2019 and 2018-2019). After the key was reconstructed, the authors found the original cipher table among Nevers' collection of keys in BnF fr.3995, fol.140 (p.49).
Many cipher letters between Henry IV and the Duke of Nevers have been known but they used conventional symbol ciphers in BnF fr.3995, fol.67 rather than numerical ciphers (p.49-50, 46; see also my article). The authors point out that the 1592 letter in question is countersigned by Martin Ruzé de Beaulieu, while all the other letters in cipher from the king to the duke from 1591 to 1594 are counstersigned by Louis Potier de Gesvres (p.49-50). The 1592-cipher was also used in letters in 1591 to Henry IV (two from Duke of Biron, one from sieur de Guitry, baron de Salagnac, and marquis de Pisani) (p.51).
The papers is also valuable in citing many examples of exclusively digit ciphers in the 1580s/1590s (p.50; see also other figure ciphers mentioned in my articles: Henry III etc., Buzenval).

(5 July 2024) I now remembered another French ciphertext in variable-length figures (1, 2, or 3 digits) written continuously (ca.1620?) is discussed in here.

(24-25 August 2024) The paper points out at least 23 letters sent to the Duke of Nevers in 1589-1591 use only digits (p.50). To this list may be added another ciphertext in digits continuously written without break (since it is not deciphered, we cannot tell whether it employs variable-length symbols). The ciphertext is in an Italian letter from Lodovico Birago to the Duke of Nevers, 13 November 1571 (BnF fr.3251, f.119), which I mentioned here some years ago.

Cross-Cipher Errors - A New Modality of Communication Analysis

Errors in ciphertext may be caused by another cipher concurrently in use. The phenomenon, called cross-cipher errors, is discussed in our new coauthored paper: Norbert Biermann, Satoshi Tomokiyo, and George Lasry, "What Encryption Errors Can Reveal: Cross-Cipher Errors in Mary Queen of Scots' Letters" (HistoCrypt2024). When a ciphertext includes a significant amount of systematic errors, it may be worthwhile to look for a cipher causing the errors. It can reveal that correspondence in that other cipher was going on at the time, even if no letters are extant. This can be a new modality of traffic analysis.

Some Updates on Correspondence between Philip II and Vargas Mexia

Back in 2020, I pointed out there are undeciphered letters from Philip II to Juan de Vargas Mexia, his ambassador in France, and identified four ciphers used therein (see "Finding the Keys to Philip II's Cipher Letters to Juan de Vargas Mexia"). While re-reading Leader (1880), Mary Queen of Scots in captivity some weeks ago, I noticed Vargas Mexia's letters are printed in Teulet (1862). Now I could have the time to check it and confirmed the letters in BnF es. 132 are not printed in Teulet. (My comparison was based on the dates and correspondents. Although I found two letters with the matching dates and correspondents, the contents do not seem to match.)

I also found further undeciphered letters from Vargas Mexia are catalogued in BL Add MS 28421.

I added these under the section "(Additional Note, 23 June 2024)."

Early Japanese Syllabary Table in Milanese Archives

Vigenère's Traicté des chiffre printed a Japanese syllabary in the addenda. A similar printed Japanese syllabary table is found in Milanese archives. Although it is filed with ciphers from the second half of the fifteenth century, I think it is contemporary with Vigenere. (If it were from the period of the Sforzas, it would be a sensational discovery, because standard history teaches that Japan had no direct contact with the western world until the 1540s.) I now added a section "Kana Syllabary in Milanese Archives" in "Vigenere's Introduction of Japanese Characters in Europe".

Korean Telegraphic Code

Hangul is an artificial alphabet created in the fifteenth century as a script for Korean. It is interesting because graphic units for consonants and vowels are combined horizontally or vertically to form syllable symbols. Because of this system, I think substitution cipher is not possible in Hangul script.
Once characters are encoded into digits or roman letters, encryption methods including substitution and transposition are applicable. Today's computer can of course handle Hangul characters. But in the early years of telegraphy, telegrams in Korea had to be in Chinese characters or Latin letters.
So, a telegraph codebook for Chinese characters were used in Korea.
I have seen a Korean version (『漢電』) of a Chinese telegraph codebook.
Even after WWII, it appears a telegraph codebook with similar content was used, in view of an edition adapted for use by those who could not read Chinese characters (Korean Telegraphic Code Book, with characters arranged by sounds in English alphabetic order according to the McCune-Reischauer system of transliteration).

These are already covered in 電碼――中国の文字コード, dealing with Chinese telegraph codes, in which I now made small corrections.

(By the way, I wrote the above ten days ago, but I couldn't upload it because my smartphone failed and I couldn't pass the two-factor authentication for logging into the blog.)

William Blencowe's "Safest and Most Expeditious" Cipher

I uploaded a new article "William Blencowe's "Safest and Most Expeditious" Cipher". Blencowe was a grandson of the celebrated mathematician and codebreaker, John Wallis.
The example ciphertext consists of an interesting mix of single letters and bigrams:

a.c.e.o.t.ds,th.al,th.an,th,es,an,my,be,m.n.t.o.nd,jo.H.sh,y,in.y.
A.w.n,th,e.de.in.pi.sa.I.A.g.su.r.to,ye,ho.e,th.c.wth,de.re,en.t.at,
r.il,ti.A.n.nb.te.sts,nd,ri.rm.ot,re,d,n.m.m.r.ar,nd,ar,ty,us.i.m.c
in,a.e,d,h,ro.to,y.ig.&,of,to,ou,a.b.d.g.f.p,no,n.is,d,a.p,k.
ye,b.th.th.of,u.m.n.hl.th.t.S.t.n.e.ye,xt,u.w.A.ho,en.o.w.Ja.I
th,l.F.pe,n.e,h,hi.rs,ar,ty,la.ki.a.r.in,e.fo.to.m,w.tw.th.nd,ng,Sr,
no.le,at,ey,th.gh,ar.ed,an.e.w.co.h.n,h,a.n.e.E.ey,pa.ou.d,an,is,as.
r.p.m,g.f.c,a.n.do,ll,b.m,d.g.b.d.m,p.q.b,s.r,d.c,a.n

After all, however, this is essentially a columnar transposition cipher with some additional twists. Using bigrams may mislead the codebreaker at first, but once transposition is suspected, they would help codebreaking rather than prevent it.

Can a Lost Encoding Format be Recovered by Analysis?

It's now a decade ago that I read in a newspaper article that data obtained on Mars by Viking spacecraft could not be read 25 years after the landing because the format was lost (The Asahi Shimbun, 20 January 2014). The case is also mentioned in a report on long-term data preservation by a Japanese think tank, CRDS (CRDS-FY2012-WR-07).
The source seems to be a news release of the University of Southern California (Spaceflight Now):

"The data were on magnetic tapes, and written in a format so old that the programmers who knew it had died," Miller said.
Eventually, NASA was able to recover the data from printouts, luckily preserved by Levin and Straat - and so, Miller was able to pore over the numbers.

After all, the issue is not about loss of a data encoding scheme but physical format of the magnetic tapes.

I got interested in this news because I was wondering whether "codebreaking" is possible for media data encoded on, say, DVD without knowing the format. (The compromise of the encryption system (Wikipedia) of DVD assumes knowledge of the format, and is thus another matter.) Considering the sheer number of pages of format documentation, I think it is near impossible. But of course, relying on secrecy of the scheme is not a good idea for cryptographic security. Security should rest on the key being kept secret (Kerchoff's principle).

By the way, the Viking data recovered in the 1990s was used to claim finding evidence of an organism on Mars (Miller's site, Levin's site). But the result is not established (Wikipedia).

Two More English Ciphers from the 1650s

I've been going through my notebook file these days, and uploaded some materials I left unfinished before. Now, I added two ciphers (Richard Browne, John Bramhall) in "King Charles II's Ciphers during Exile".

J.F.W. Herschel's Cipher Puzzle

I've been interested in ciphers that allow multiple readings (a Venetian example).
So, I took a note when I read about a ciphertext that yields two readings, posted by tonybaloney at:
http://www.aerobushentertainment.com/crypto/index.php?topic=36.60
(now it seems the link has changed).
The ciphertext (A) and the two readings (B,C) are as follows:

(A)Xabnsly ngpwpdetlews tbbbtzl aobl stheingdnxmccvv
(B)Several philosophers observe that chloroplatinate
(C)Sing, Celestial Muse, the destroying

(A)hclzepsf xo qskxybbbbui
(B)solution on silverplate
(C)wrath of Achilles,

(A)Egtubatjkh fba lwipizix eqjbnasv nfvj yjcin
(B)reproduces the luminous spectrum with great
(C)Peleus’ son, what myriad woes it

(A)cjzvekzxy gf nbyr gzrefcwxianst
(B)vividness in blue fluorescences,
(C)heaped on the Grecians,

(A)Jxkivu v xcnukwcxpv ifnnszp't tpdvm
(B)whilst a coppersalt insolated might
(C)Many a valiant hero’s soul

(A)lqaauuqrauaqqvso up mfijtxyz.
(B)photographically be coloured.
(C)dismissing to Hades.

Now, I find this ciphertext was posted by Klaus Schmeh on his blog Cipherbrain back in 2016: Wer knackt die Verschlüsselung des Astronomen John Herschel?. The article shows the source: The Photographic News, 5 January 1866 and identifies the author of the ciphertext as J.F.W. Herschel (1792-1871) (Wikisource). The blog readers found out additional information.
The weekly magazine (Google) carried the puzzle on 5 January 1866 (p.5-6), the solution (B) provided by a reader the next week (p.23), and Herschel's correct solution (C) the next week thereafter (p.35). After all, the reading (B) was wrong, and this cipher is not about double reading.
The readers of Cipherbrain worked out the general principle of this cipher: schorsch pointed out the first two words can be explained by word-by-word Caesar cipher, Norbert demonstrated this works for every word, and Thomas found the shift, counted in reverse direction, is the number of letters in the word plus 1, 2, 3, 4, ....
In the following, (a) is the ciphertext, (b) is the number of letters in the (deciphered!) word plus 1, 2, 3, 4, ..., (c) is the result of reverse-shifting, and (d) is the plaintext word.

(a)Xabnsly ngpwpdetlews tbbbtzl aobl  stheingdnxmccvv
(b)4+1=5   9+2=11       4+3=7   3+4=7 10+5=15
(c)Svwingt cvelestiatlh muuumse thue  desptyroyixnngg
(d)Sing,   Celestial    Muse,   the   destroying

(a)hclzepsf xo    qskxybbbbui
(b)5+6=11   2+7=9 8+8=16
(c)wraotehu of    acuhilllles
(d)wrath    of    Achilles,

(a)Egtubatjkh fba     lwipizix eqjbnasv nfvj    yjcin
(b)6+9=15     3+10=13 4+11=15  6+12=18  4+13=17 2+14=16
(c)Prefmleuvs son     whtatkti myrjviad woes    itmsx
(d)Peleus'    son,    what     myriad   woes    it

(a)cjzvekzxy gf      nbyr    gzrefcwxianst
(b)6+15=21   2+16=18 3+17=20 8+18=26=0
(c)hoeajpecd on      thex    gzrefcwxianst
(d)heaped    on      the     Grecians,

(a)Jxkivu  v       xcnukwcxpv ifnnszp't tpdvm
(b)4+19=23 1+20=21 7+21=28=2  5+22=27=1 4+23=27=1
(c)Manlyx  a       valsiuavnt hemmryo's socul
(d)Many    a       valiant    hero's    soul

(a)lqaauuqrauaqqvso up        mfijtxyz.
(b)10+24=34=8       2+25=27=1 5+26=31=5
(c)dissmmijsmsiinkg to        hadeost
(d)dismissing       to        Hades.

What remains unknown is (i) how the decipherer can know the number of letters in the deciphered word and (ii) how the decipherer can identify the letters to be discarded. The latter may be left to the decipherer's insight, but (i) is indispensable to allow proper deciphering.
Herschel presented this cipher as a challenge to believers of "an axiom that there is no cipher which cannot be read." I guess that in trying to make the puzzle more difficult, he forgot that the scheme need to be (difficult but) invertible.

A Cipher between Emperor Charles V and Young Prince Philip (1545)

A letter with a ciphered paragraph from Charles V to Prince Philip (1545) is presented on Spanish Ministry of Culture's website (pdf) and PARES' facebook page. The cipher turned out to be the same as the one broken by George Lasry and Carlos Köpte independently in 2023. So, I promoted the cipher as "Charles V-Prince Philip Cipher (1545)" in "Ciphers during the Reign of Emperor Charles V".

Variable-length Figure Cipher Used by Gilbert Gifford?

Speaking of variable-length figure cipher mentioned yesterday, I found in my notebook file a possibly relevant record:

"The words in italics are in cipher, only partly deciphered. The cipher for the most part consists of figures which run on without a break, and are thus capable of various solutions, according as they are taken as single or double numbers; and this sometimes prevents the deciphering of one passage by the aid of another."
From: 'Appendix: January 1588', Calendar of State Papers Foreign, Elizabeth, Volume 21, Part 1: 1586-1588 (1927), pp. 661-671. URL: http://www.british-history.ac.uk/report.aspx?compid=74826&strquery=cipher Date accessed: 06 May 2013.

This note belongs to a letter from Stafford to Walsingham from January 1588, but may refer to an enclosed letter from Gilbert Gifford (under the pseudonym of Francis Hartley) to Thomas Phelippes (M. Wilsdon).
Inspection of the original manuscript is desired.

Variable-length Figure Cipher used by Duke of Lorraine (ca.1620?)

I succeeded in reconstructing a cipher used in a letter to the Duke of Lorraine (ca.1620?) and uploaded it in a new article, "Variable-Length Figure Cipher of Duke of Lorraine (ca.1620?)". I abandoned this before, but I took it up again and this time, two occurrences of the word "temperament" provided a first clue. Unexpectedly, the cipher employed variable-length symbols. That is, code symbols consist of one to three symbols. Since the figures are written without a break, there was some difficulty in identifying code symbols corresponding to plaintext segments.
This kind of variable-length symbols written continuously without a break are often seen in Vatican ciphers. It is yet to be studied how this system came to be used by the Duke of Lorraine's correspondence.

Codebreaking of Sir Robert Southwell during the Popish Plot

The Popish Plot may refer to "a period of extraordinary political tension that took hold in England in 1678" (Fictitious treasons: 'The Popish Plot') instigated by revelation of a fictitious plot known by this name.
My notebook included a reference to Sir Robert Southwell's deciphering during this period since 2009, but I have not known whether this involved codebreaking or used a key obtained in a non-cryptographical way. The other day, I found Southwell himself wrote this was "without a key", which makes it interesting enough to be included in an additional section in "Ciphers of Coleman's Correspondence Discovered in the Popish Plot".
It's a pity it is not known specifically what cipher was broken by Southwell.

Duke of Ormond's Ciphers during the 1660s

I added a section "Marquis of Ormond's Correspondence" in "English Ciphers during the Restoration Period". It covers some reconstructed ciphers used by the Duke of Ormond, the Earl of Anglesey, the Earl of Arran, and the Earl of Longford.
The Ormond-Anglesey Cipher used in 1663-1664 appears to be based on a printed template of DECODE R433. This shows the template was used as early as 1663.

Cryptiana is now HTTPS-Enabled

Belatedly, I enabled HTTPS in Cryptiana. The other day, I happened to access Cryptiana on my mobile phone, and got a warning message that it's not secure because it is not in https. I found only one click is needed to enable HTTPS. Hopefully, mobile users have one less concern in using Cryptiana. It seems old links beginning with "http" are automatically redirected to "https" URLs.

Ciphers Used in Letters of Oliver Cromwell, Henry Cromwell, and Others

I updated an old article "Codes and Ciphers of Thurloe's Agents" for the first time since 2012. The original article was based on Thurloe State Papers in print, but I noticed the original manuscript is in Add MS in the British Library, based on which I added a new section "BL Add MS 4166". Although the title of the article refers to "Thurloe's Agents", ciphers used in letters of Cromwell (Add MS 4166, f.87-91) and his generals and ambassadors are also covered.
One scheme interesting for me is a kind of polyalphabetic cipher for Henry Cromwell (1656), in which a plaintext letter is represened by a pair of figures, of which the difference indicates the letter (Add MS, f.77-78, 118-119).

"A new Book of Cyphers" ... about Intertwined Initials

I came across a book, William Parsons' A new Book of Cyphers (1704)(Google) during a web search. For a moment, I expected it was about an invention of a cryptographic method, as in Samuel Morland's A New Method of Cryptography (1666), which I descrbied in "Samuel Morland's "New Method" Used for Charles II's Ambassadors". 

Actually, the "cipher" of this book refers to a symbol design made of intertwined initials. 

Such "ciphers" (or chiffres in French) are quite common and I mentioned them in "Great Ciphers of Napoleon's Grande Armée" (in the context of Empress Marie-Louise), "ウイリアム・ブレア「暗号」（1807）（『リース百科事典』）" (quoting from a definition of "cipher", "a kind of enigmatical character, composed of several letters interwoven together, fancifully" from Rees' Cylopaedia), and possibly others. Searching for "elizabeth cipher" (without quotes) on Google gives a Wikipedia page "Royal cypher" before my article about Elizabethan codes and ciphers.

Ciphers between Mazarin and Abbe Fouquet

I added some reconstructed ciphers in "Cardinal Mazarin and Ciphers". Thus far, the article mentioned "BnF fr.23202, which I have not seen" at one place, but recently I noticed it is available online.
One of the reconstructed ciphers is used in many letters in the period overlapping Mazrin's two exiles (1651, 1652).

Reading Scrolls Carbonized in Ancient Vesuvius Eruption without Unwrapping

PC's newsfeed made me aware of deciphering of text on carbonized ancient scrolls without unwrapping (NBC News). (This "deciphering" has nothing to do with cryptography.)
A whole library of an ancient villa survived centuries under the earth, carbonized by the heat of the volcanic eruption of Mount Vesuvius in AD 79, which engulfed Pompeii and Herculaneum, where the villa was located. The library contained more than 1800 papyrus scrolls, of which some were presented to Britain and France in the nineteenth century (Wikipedia).

Early attemps to read the content were a destructive study, breaking the carbonized scrolls into pieces ("The Library of the Villa dei Papiri at Herculaneum", reviewing David Sider (2005), The library of the Villa dei Papiri at Herculaneum; "Twelve Books at Herculaneum That Could Change History" by Richard Carrier).
In 2011, Brent Seales et al. reported "virtual unrolling" of a Herculaneum scroll (Brent Seales et al., "Analysis of Herculaneum Papyri with X-ray Computed Tomography" (NDT, Semantic Scholar)). Virtual unrolling or virtual unwrapping is a non-destructive modality and begins by scanning a scroll with X-ray tomography (as in a CT scan) to produce a 3D volumetric image of the scroll, in which single layers are identified by intensive manual labour ("segmentation"). Once layers are segmented, they can be mapped onto planar images.
At this stage, Seales could not detect any text because carbon-based ink could not be contrasted from carbonized papyrus with his X-ray scan. In 2016, Seales succeeded in revealing text of a scroll found at En-Gedi, Israel, that had been charred in a fire, in which the ink contained lead readily identifiable with X-rays.
Detection of carbon-based ink was achieved by using X-ray phase-contrast tomography, whereby a slight difference in thickness caused by the presence of ink can be detected in phase difference of X-rays. With this method, successful decoding of some fragments of two Herculaneum scrolls (PHerc. 375 and PHerc. 495) was reported in 2016 (Bukreeva et al. (2016), "Virtual unrolling and deciphering of Herculaneum papyri by X-ray phase-contrast tomography" (Scientific Reports), Stabile et al. (2021), "A computational platform for the virtual unfolding of Herculaneum Papyri" (NIH)).
Seales' team adopted an approach that combines scanning with high-energy X-rays with identifying ink by machine learning trained with image data with visible text in ink (The Guardian).
Seales' work inspired the Vesuvius Challenge, launched in March 2023 by Nat Friedman, Daniel Gross, and Brent Seales. It offered a Grand Prize for recovering 4 passages of 140 characters as well as smaller prizes for contributions on the way. It was reccognized that the task was not easy, and the organizers hired a segmentation team to manually identify and label the papyrus surface in the volumetric data (PHerc.Paris. 4) and provide the flattened segments as an open source. It led to discovery of "the first directly visible evidence of ink and letters" by Casey Handmer (his blog) and close collaboration between the in-house segmenters and contestants drove the work (Vesuvius Challenge 2023 Grand Prize awarded).
In October 2023, Luke Farritor won First Letters Prize, a progress prize that required finding at least 10 letters in a 4 cm² area. He used machine learning to find ink patterns. Detected patterns were fed back for training the machine learning model, which thereby learned to detect letters that cannot be recognized with his eyes. In his discovery, papyrologists on the organizing team could immediately recognize a word "porphyras" (First word discovered in unopened Herculaneum scroll by 21yo computer science student). Youssef Nader won a second-place prize for independently finding the same word shortly later.
In February 2024, the Grand Prize was awarded to a team of Youssef Nader, Luke Farritor, and Julian Schilliger. They achieved much more than required for the prize, revealing more than 2000 characters in total.
Still, about 95% of the scroll are yet to be read, and the Vesuvius Challenge offers further prizes for 2024!

Encryption for Security of Satellites

Thousands of satellites are orbiting the Earth. Naturally, they are wirelessly controlled with signals from a terrestrial station. Malicious control signals from an unauthorized entity might result in serious consequences ("Cybersecurity Principles for Space Systems" (2020)). Frequencies used in communication with satellites are not disclosed and messages are encrypted. But hackers might access such information, or might simply hack the ground station (車も衛星もハッキングされる時代！？注目が集まる衛星のサイバーセキュリティ (2021)). There are reported instances of actual hacking of satellites ("Hack a Satellite while it is in orbit" (2007), "AsiaSat accuses Falungong of hacking satellite signals" (2004) cited in Wikipedia).

CCSDS (Consultative Committee for Space Data System), an international standardization body since 1982, has a security work group, which has issued documents such as "Green Book on use of security in CCSDS" and "CCSDS Encryption Algorithms and authentication algorithms" among others (CCSDS Overview by NASA, p.14).
The encryption scheme specified for controlling satellites is, as expected, AES (Advanced Encryption Standard), a symmetric block cipher adopted for the US government in 2001 as a replacement for DES (Data Encryption Standard). The Green Book "CCSDS Cryptographic Algorithms" (2023) prescribes "AES is the sole symmetric encryption algorithm that is recommended for use by all CCSDS missions and ground systems." (The same expression is found at least as early as the 2014 version, but not in a 2012 Blue Book).
What was used before AES was recommended by CCSDS? One might think it was DES, but actually, "at first security was thought of as not required for civilian space missions by CCSDS", according to the 2008 Green Book "Encryption Algorithm Trade Survey". Indeed, one patent document JP 2000-341190 A1 says communication with satellites needs to be encrypted "for artificial satellites for specific purposes." Even today, researchers point out security measures for satellites are no more than "security by obscurity" ("Satellites Are Rife With Basic Security Flaws" (2023)).

Japanese Cipher Machine Green (Not Japanese Enigma)

Japanese cipher machines include RED, ORANGE, PURPLE, JADE, etc. Relatively unknown of the series is GREEN. Some sources say GREEN is a US codename for 3-Shiki Kaejiki (三式換字機), known as the Japanese Enigma, but the picture on the book that seems to be the source of this association shows it is not the GREEN machine as recorded by US cryptanalysts. GREEN is a codename for a cipher machine, 1-Shiki 1-Go Injiki (一式一号印字機), of the Imperial Japanese Army captured at Baguio in the Philippines in May 1945.
I learned all these from Chris Christensen, whose new paper, "The Japanese Green Machine" in Cryptologia is now published online. I believe this is the first detailed account of the real Japanese Green machine.

Dutch Windmill Code?

Windmill Code Used by Dutch Resistance?

Windmills are part of the Dutch landscape. According to Wikipedia, the positions of sails of Dutch windmills were "used to signal the local region during Nazi operations in World War II, such as searches for Jews." If this text (present from the first version of 2 March 2023) was taken from Goleta Valley Historical Society) (present as early as in August 2022), the paragraph break in the latter suggests that the signalling was made by one specific position of the sails. If so, the information conveyed would have been no more than an on/off alarm.
According to Traces of War, the windmill Vrijheid in Beesd "was used in World War II by the resistance to sent messages by the position of the wings. To commemorate this, the hitherto unnamed mill was named "The Freedom (De Vrijheid)" after the renovation in 1968." According to machine translation of the explanation board, the position of the sails was indeed used to pass on information, and the name "de Vrijheid" was given in commemoration of the efforts to regain freedom during the war, but the connection between the passing of information and war-time efforts is not clear. But Wikipedia confirms "During World War II, the mill was used to send signals to the Dutch resistance. This was done by the position that the sails were set at."

Traditional Meaning of Windmill Positions at Rest

At least, it seems certain that the position of the sails of a windmill at rest has been traditionally used to convey some meaning, though there is discrepancy among sources about the specific meaning. According to one source, a position slightly tilted to the left means joy; a position slightly tilted to the right means mourning; a straight position like "+" means a short rest (no operation for a few days); a diagonal position like "x" means a long rest (no operation for weeks), etc. (Olie Molen de Passiebloem). The same image (reproduced below) is posted on many websites (Google).
This form of expression was actually used in some public occasions. Windmills were placed in "mourning position" when many Dutch people were killed in a Malaysian aircraft shot down in 2014 (CNN quoted in Wikipedia) as well as when Prince Friso died in 2013 because of a skiing accident (PresReader, wind mill sign language in Holland).

Long Distance Communication like Optical Telegraphy

Regarding communication more than a simple expression of some meaning, apart from Wikipedia, the magazine Popular Mechanics (June 1908), p.365 (Google) reports the Dutch government's experiment to use windmill signaling for military purposes between mills some miles distant. It says secret code had been used "from generation to generation of millers." (The idea is similar to the optical telegraphy known from the eighteenth century.)

Use by German Agents?

According to Cathleen Small, Code Breakers and Spies of World War II (Google), p.13, during the First World War, German agents used starts/stops of the sails of Dutch windmills to transmit messages in Morse code.

English Ciphers during the Restoration Period

Many English ciphers from the Restoration Period are preserved in TNA SP106/6 and BL Add MS 40677. I uploaded a new article "English Ciphers during the Restoration Period" about these.
Some of these ciphers use printed templates, which are already discussed in another article, which is now a bit supplemented and renamed as "Diplomatic Codes after the Glorious Revolution and Use of Printed Templates".

Preconcerted Code Words Used by Secretary of Mary, Queen of Scots

Mary, Queen of Scots, is known to have used various ciphers, including very simple ones as well as ones with quite a few code symbols. I recently learned Gilbert Curll, her Scottish secretary, also used preconcerted language (code words) such as "the merchant of London" (Queen of England). I added it to "Ciphers of Mary, Queen of Scots".

What Code Was Used when Nisho Maru Oil Tanker Broke Blockade of the Royal Navy?

The Nissho Maru Incident (日章丸事件) (Wikipedia) was a 1953 incident in which the Japanese oil tanker Nissho Maru broke an embargo on Iranian oil posed by Britain. The mission required utmost secrecy, and coded messages played a role.

When in 1951 Iran nationalized the Anglo-Iranian Oil Company (AIOC), which had been drawing off most of the profits from oil business in Iran, Britain imposed economic sanctions on Iran and, in July 1952, the Royal Navy seized the Italian tanker Rose Mary, claiming that its oil was stolen property. However, seeing that the nationalization was being accepted internationally (『ペルシャ湾上の日章丸』p.53-54, 61, 148-149, etc.), the Japanese petroleum firm Idemitsu Kosan acted quickly to purchase the Iranian oil before other companies in the world still dared not challenge the British blockade.
The Nissho Maru set sail on 23 March 1953, purportedly for Saudi Arabia. When cruising in the Indian Ocean, a radio message from the home office revealed the real purpose of the voyage was to receive petroleum at Abadan, Iran. The sealed packet entrusted with the captain contained a message to the crew from the president of the firm, declaring his resolution to have a direct access to the oil resources without interference from the monopolozing major oil companies (ibid. p.152-155). After this, the Nissho Maru kept radio silence until 30 April, when it came back as far as the East China Sea. The Nissho Maru received a hero's welcome when she safely arrived at Kawasaki, Japan, on 9 May 1953 (ibid. p.172). No less welcome awaited her on her second, no longer secret, visit to Abadan in June (ibid. p.211-217).

Where does code come in?
The crucial message revealing the real destiation as Abadan is said to have been a coded message (NIKKEIリスキリング). The conclusion of a contract with Iran had been reported in code (『ペルシャ湾上の日章丸』p.138). When the Nissho Maru was returning to Japan, the home office sent a coded message to tell her to lower speed so as to arrive at noon on Saturday, 9 May 1953, because then even if AIOC requested seizure of cargo, a provisional disposition of the court would not be issued at least until Monday.
A businessman, Takeshi Hotoku (宝徳健), notes on his blog that it was his mother who actually operated sending of the coded messages. It appears the coded messages are preserved in Idemitsu Kosan.

I have not found detailed description of the code.
The reporting of the contract may have been sent by telegram. Telegrams were commonly sent by using a codebook. It was also common for businesses to use their proprietary codebooks. Radio messages to/from ships at sea were commonly sent by Morse code until about 1978 (Idemitsu Tanker). The radio messages to/from the Nissho Maru could have been encrypted with some special codebook or cipher.

I first learned of this episode in relation to a best selling novel, A Man Called Pirate (海賊と呼ばれた男) by Naoki Hyakuta (百田尚樹) (Wikipedia). Although his writing tends to have many historical inaccuracies, his description about coded messages in the novel may be of some interest. (The names in the novel are pseudonyms.)

『海賊とよばれた男』下　より
p.130
「翌日は帰国予定だったが，数日ずらすことにし，本社にその旨を電報で送った．今回，正明らと本社のやりとりは，通信の秘匿のためにすべて暗号を使用していた．暗号文を知らされているのは限られた者だけだった．この暗号を作ったのは武知と元ラジオ部の部長である藤本壮平である．旧中野学校の教官であった武知にとって暗号はお手のものだった．かつてラジオ修理を持ち込んで国岡商店に入った藤本も元海軍大佐である．二人は専門家でなくても使える便利な暗号を作った．」
イラン行きの文脈．

p.172
四月五日正午，日章丸がセイロンの南，コロンボ沖にさしかかったとき，国岡本社から無電が入った．日本を出て十三日目のことだった．
「SAKUR NXRQT LPRDX BFNOW TXKPJ」
通信長は意味のわからない無電に首を傾げながら，船長の新田に電文を持ってきた．
新田は「とうとう来たな」と思った．これは事前に打ち合わせておいた暗号電だった．彼はすぐに手帳の暗号解読表を見て電文を読み解いた．
そこにはこう書かれていた．
「アバダンへ行け」

p.205
日章丸は川崎に到着すると聞かされていた徳山の従業員たちは驚いた．慌てて，九州からも助っ人を要請してタンクの清掃に取り掛かった．
にわかに徳山が日本中の注目を浴びた．報道記者たちも続々と徳山に集まった．
しかしこれは鐡造の陽動作戦だった．彼は前もって，日章丸に向けて，暗号電文で次の指令を送っていたのだ．
「川崎において差し押さえの懸念あるにつき，九日午後より揚荷開始の予定．九日正午，検疫錨地に入港するよう適宜考慮して航海せよ」
初めから鐡造は九日に日章丸を川崎港に入港させるつもりだった．九日にこだわったのは，その日が土曜日だったからだ．

Mary Stuart's Ciphers in Papers of Earl of Moray

When I browsed the stack of papers in my study, I came across a photocopy of an old book about ciphers of Mary, Queen of Scots. I looked for this when I uploaded "Ciphers of Mary, Queen of Scots", but I couldn't find it at the time because it was put in a wrong folder.
I had to go to a university library in Tokyo to make the photocopy, but now the book is available on line.
Now, I added a section "Ciphers in Papers of Earl of Morray" in the above article.

Venetian Ciphers with Superscripts in ASVe

I'm collecting specimens of ciphers with superscript figures or letters in "Venetian Ciphers with Superscripts". I made additions about materials preserved in the State Archives of Venice (ASVe) by consulting the DECODE database and Paolo Bonavoglia's papers.
I launched this page hoping to find a clue to solve unsolved ciphers from the 1520s (see the section "Older Use"), but the added materials are from the second half of the century, and do not seem to help.

Specimens of Caselle Cipher

The caselle cipher (cifra delle caselle) is a Venetian cipher with superencryption, adopted in 1578 and used for almost two decades by the ambassadors to Germany, France, Spain, and Constantinople (Paolo Bonavoglia (2021), "The ciphers of the Republic of Venice an overview", Cryptologia).
Related materials are in the DECODE database.

The four grids used for superencryption are in R1788 (State Archives of Venice [ASVe], "IT ASVe 0045 010 (Serie) Busta 4 Reg. 8"). This is quoted as "ASVe, CX Cifre, chiavi e scontri di cifra, busta 4, reg.8" in Figure 6 of Bonavoglia (2021).
I noted three specimens in this cipher in DECODE.
R1844 ("Busta 11 f.114-115") enciphered with the key Franza (or Francia). Hieronimo Sippomano[?], Paris, 13 October 1578.
R1848 ("Busta 13 f.142-143") enciphered with the key Germania. Prague, 11 October 1578. This is the same as the specimen in Figure 6 of Bonavoglia (2021) cited as "ASVe, CCX, Dispacci degli ambasciatori, busta 13, c.142." [CX=the Council of Ten, CCX=Chiefs of the Council of Ten]
R1863 ("Busta 28 f.83-85") enciphered with the key Francia. 22[?] January 1580.

Figure 2 of Paolo Bonavoglia (2022), "The Enigma of Franceschi's Falso Scontro", HistoCrypt2022, presents another specimen with the Germania key, dated Prague, 23 January 1581, by Venetian ambassador A. Badoer, cited as "ASVe CCX Lettere degli Ambasciatori in Germania, b.12 c.155."

Double Reading Caused by Omission of Breaks

Two pre-war Japanese telegram cipher tables are presented in a blog (痩田肥利太衛門残日録その二). They are simple substitution ciphers for kana from 1923 and 1938 and are for internal use by the staff of Sendai Communication Office (serving both as a post office and a telegraph office).
The example message in the illustration of the blog is a famous double-reading message in Japanese.
The message:
kaneokuretanomu
is to be parsed as
Kane Okure. Tanomu. (Send money, please.)
but may also be parsed as
Kane Okureta. Nomu. (Money delayed. I'll drink.)
Whether enciphered or not, telegrams without punctuation are prone to this kind of parsing errors.

This reminded me of another example of such double reading I read when I was in elementary school.
A note in a clinic:
kokodehakimonowonuidekudasai.
should be read as:
Kokode Hakimono-wo Nuide Kudasai. (Take off your shoes here.)
but may also be parsed as
Kokode-ha Kimono-wo Nuide Kudasai. (Take off your clothes here.)

Such multiple possibilities of reading tend to occur in deciphering. One such example is given in my coauthored paper, "Deciphering Mary Stuart's lost letters from 1578-1584" (Cryptologia) (note 344). When introducing a codename for a secret messenger, Mary, Queen of Scots, writes:
"Le porteur s'appellera cy a present Renous Banque" (The bearer will now be called "Renous Banque").
But this passage, known from contemporary decipherment and printed in Labanff, v, p.479, seems to be a decipherment error. It would make better sense if parsed as
"Le porteur s'appellera cy-apres entre nous Banque" (The bearer from now on will be called between us "Banque")

There is always a possibility of this kind of double reading when deciphering a ciphertext without word breaks.

A Cipher of Margret of Austria?

A cipher used in the correspondence of Margaret of Austria, Governor of the Habsburg Netherlands in 1507-1515, 1519-1530, is preserved in Archives départementales du Nord (Un jour, une œuvre : un code secret aux Archives départementales!, 1 June 2022).
I believe the third image posted, if any, belongs to Margaret of Austria. It is a short list of symbols for names. Historians will be able to date it from entries such as
Soliciteur
de Zorn
de Bure
de fiennes
de Sempy
de Silstein
Brossart de fauquemont
Paule de Lichtein

The first image shows a simple substitution cipher alphabet which assigns numbers to the letters A-Z plus J at the end, with homophones for A, E, I, O, S, V. The syllable section assigns number to some (fa is enciphered as 35, fe is 36, etc.), but substitutes syllables for others (da is enciphered as fa, de is fe, etc.). Such mixed ciphers are known from Spanish ciphers in the 17th century (e.g., Cp.59, Cp.64, for which see my article).

The second image is part of a nomenclature, assigning numbers 266 to 614 to letters, syllables, words, names, and some functions. The entry of Queen Christina clearly shows it is no earlier than 1632. The following shows some entries of interest, from which I guess this is from 1682-1689.

269,313,357 chifre nul
270,314,358 annulle le chifre qui suit
271 Mr le Dauphin
276 Mr De Croissy *Colbert de Croissy, who assumed the title in 1662 and died in 1696
280 le Roy de Hongrie
299 Elect^r Palatin
300 la maison de B[r]aunswic et Lunebourg
303 la Reyne de Dannemark
328 Ill.[?] de Sreues[?]
365 La P^cesse d'Orange *Mary, Princess Royal (holding the title 1647-1650, died 1660)? or Amalia of Solms-Braunfels (holding the title 1625-1647, died in 1675 as dowager) or Mary of York (holding the title 1677-1694)
371 lEl^r de Mayences
373 le Card^l de furstenbourg
392 le Roy de Suede *Queen Christina (see below), not King, reigned 1632-1654.
396 Versailles *Court of Louis XIV from 1682.
411 Mr de Benting *William Bentinck (1649-1709, created Earl of Portland in 1689)
434 Republique
436 lEvesq. de Munster
439 le Mar^al d'humieres *Marechal d'Humieres, created in 1668 and died in 1694
440 le Card^l Cibo *Innocenzo Cybo was cardinal 1513-1550. Alderano Cibo was cardinal 1645-1700
443 M-r de Lauardin[?]
445 ce chifre est nul
455 M^r Diekvelt *Everard van Weede van Dijkvelt (1626 - 1702)?
484 le Car^dl D'Estree *Cesar d'Estrees (1628-1714)?
487 le Pro^ce de Groninge
489 chifre nul
495 M^r le Peletier
528 Les Provinces unies *1581-1795
530 La Reyne christine *reigned 1632-1654, died in 1689
533 annule le precedent
586 M^r Heinsius *Daniel Heinsius (1580-1655)?? or Anthonie Heinsius (1641-1720)
589 Le Con^el de Vienne

British Codebreakers' Keys of French Ciphers during the War of American Revolution

Back in 2015, I reported use of four codes by the French during the American Revolutionary War in "Code Switching in French Diplomatic Correspondence and Intercepted Letter of Barbé-Marbois (1782)". (By the way, code switching, the theme of the article, was also prescribed during the reign of Louis XIV, as reported by Jörg Ulbert, quoted in "Code Switching in French Diplomatic Correspondence during the Peace Negotiation at Rijswijk (1696-1697)").
To facilitate identifying the four codes, labelled A-D in my article, the letter "E" is assigned the following numbers according to my reconstruction:
Code A: E=94, 395, 709, 865, 1043
Code B: E=302, 461, 590, 871
Code C: E=164
Code D: E=51, 475, 485

I noticed related keys are among the collection in BL, Add MS 32263:
f.220-225 (DECODE* R7681)
f.226-227 (DECODE R7682)
f.228-229 (DECODE R7683)
f.230-231 (DECODE R7684)
f.234-235 (DECODE R7687)
Of these, the "left" key in R7687 matches Code C and the "left" key in R7683 matches Code D. I was hoping the British codebreakers' keys might shed light on the indication system for code switching, but I have not been able to find a clue. (In particular, I thought "867" might be an indicator for Code D, but I find nothing to support it.)

As a starting point for future search, the following describes these items.
R7682, R7683, R7684, and R7687 are the British codebreakers' key worksheets, with printed numbers 1 - 1100. It seems to cover two different codes, one written left to the number and the other written right to the number.

R7682

Endorsed "... Luzerne a Verg[enne]s April 1780 ..."

R7683

The "left" key matches Code D.
Endorsed "De La Luzerne a Montmorin, Nov^r 1780" In a different hand, "Vergennes" is written above the name, and "Luz-ne a Vergennes Dec^re[?] 1783.

R7684

Endorsed "C^te de Rochambeau avec la Chevalier de la Luzerne, July 1781"

R7687

Endorsed "Luzerne et Marbois au Marquis de Castiris 1782"
The left key corresponds to Code C.

R7681

Endorsed "Oct. 1780 Luzerne à Verg[ennes] Philad[elphia]"
This includes many substitution alphabets (but Codes A-D are not among them). The following lists the working title (?) and the "E" section. (It should be noted that sometimes it is not clear which lines belong to the section. In the first place, the same number occurs multiple times, and the meaning of the list is not completely clear.)


"587 la" 272 270 -- 135 187
705 718 -- 24 17

"361 de" 17 634 -- 267 270
817 533 -- 402 250 116 339 -- 616 522
267 87 -- 211 185
"250 l" 361 402 -- 740 135

"607 le" 587 240 -- 305 801
211 185 -- 817 303
"794 de" 961 632 -- 951 449

"816 C" [None. Though "e" is the most frequent letter, it often occurs in syllables and so it is possible that "e" does not occur in a short specimen.]

"1125 de" 28 386 -- 451
"144 Ameriq" 985 401 -- 285 751

"377 B" [None.]

"670 de la" 119_ 767 -- 430 486 342 139 -- 207 49
672 900 -- 588 869

"223" 369_ 1021 -- 290 119_

"342" 143 1070 -- 315 439
903 869 -- 139 670

"103 de" 1 767 -- 516 426
293 591 -- 903 869

"767 gs[?]" 162 1133 -- 802 63
290 119_ -- 670 430
481 1 -- 103 516
799 898 -- 253 369

"297" [None]

"812 des" [None]

*DECODE
Héder, M ; Megyesi, B. The DECODE Database of Historical Ciphers and Keys: Version 2. In: Dahlke, C; Megyesi, B (eds.) Proceedings of the 5th International Conference on Historical Cryptology HistoCrypt 2022. Linkoping, Sweden : LiU E-Press (2022) pp. 111-114. , 4 p. [pdf] Megyesi Beáta, Esslinger Bernhard, Fornés Alicia, Kopal Nils, Láng Benedek, Lasry George, Leeuw Karl de, Pettersson Eva, Wacker Arno, Waldispühl Michelle. Decryption of historical manuscripts: the DECRYPT project. CRYPTOLOGIA 44 : 6 pp. 545-559. , 15 p. (2020) [link] Megyesi, B., Blomqvist, N., and Pettersson, E. (2019) The DECODE Database: Collection of Historical Ciphers and Keys. In Proceedings of the 2nd International Conference on Historical Cryptology. HistoCrypt 2019, June 23-25, 2019, Mons, Belgium. NEALT Proceedings Series 37, Linköping Electronic Press. [pdf]