and consequently, significantly more data must be collected before the statistical information can rise above the noise.
As late as World War II, codebooks were in widespread use. Cryptographers realized that these ciphers were subject to statistical attack, so codebooks needed to be periodically replaced with new codebooks. Since this was an expensive and risky process, techniques were developed to extend the life of a codebook. To accomplish this, a so‐called additive was generally used.
Suppose that for a particular codebook cipher, the codewords are all five‐digit numbers. Then the corresponding additive book would consist of a long list of randomly generated five‐digit numbers. After a plaintext message had been converted to a series of five‐digit codewords, a starting point in the additive book would be selected and beginning from that point, the sequence of five‐digit additives would be added to the codewords to create the ciphertext. To decrypt, the same additive sequence would be subtracted from the ciphertext before looking up the codeword in the codebook. Note that the additive book—as well as the codebook itself—is required to encrypt or decrypt a message.
Often, the starting point in the additive book was selected at random by the sender and sent in the clear (or in a slightly obfuscated form) at the start of the transmission. This additive information was part of the message indicator, or MI. The MI included any non‐secret information needed by the intended recipient to decrypt the message.
If the additive material was only used once, the resulting cipher would be equivalent to a one‐time pad and therefore, provably secure. However, in practice, the additive was reused many times—any messages sent with overlapping additives would have their codewords encrypted with the same key, where the key consists of the codebook and the specific additive sequence. Therefore, any messages with overlapping additive sequences could be used to gather the statistical information needed to attack the underlying codebook. In effect, the additive book dramatically increased the amount of ciphertext required to mount a statistical attack on the codebook, which is precisely the effect that cryptographers had hoped to achieve.
Modern block ciphers use complex algorithms to generate ciphertext from plaintext (and vice versa), but at a higher level, a block cipher can be viewed as a codebook, where each distinct key determines a distinct codebook. That is, a modern block cipher consists of an enormous number of codebook ciphers, with the codebooks indexed by the key. The concept of an additive also lives on, in the form of an initialization vector, or IV, which is often used with block ciphers (and sometimes with stream ciphers as well). Modern block ciphers are discussed in detail in the next chapter.
2.4 Classic Crypto in History
The trouble with quotes on the Internet is that it's difficult to determine whether or not they're real.
—Abraham Lincoln
In this section, we take a brief look at three instances where classic ciphers played a role in historical events. First, we look at a weak cipher that was used during the controversial U.S. presidential election of 1876. Then we consider the Zimmermann Telegram, which played a pivotal role in World War I. The Zimmermann Telegram was encrypted with a classic codebook cipher. Finally, we discuss the VENONA messages, where Soviet spies in the United States used one‐time pad encryption. This system was used over a long period of time, but most notably for atomic espionage in the 1940s.
2.4.1 Ciphers of the Election of 1876
The U.S. presidential election of 1876 was a virtual dead heat. At the time, the Civil War was still fresh in people's minds, Radical Reconstruction was ongoing in the former Confederacy, and the nation was still bitterly divided.
The contestants in the election were Republican Rutherford B. Hayes and Democrat Samuel J. Tilden. Tilden had obtained a slight plurality of the popular vote, but it is the Electoral College that determines the winner of the presidency. In the Electoral College, each state selects a delegation and for almost every state, the entire delegation is supposed to vote for the candidate who received the largest number of votes in that particular state.5
In 1876, the Electoral College delegations of four states6 were in dispute, and these held the balance. A commission of 15 members was appointed to determine which state delegations were legitimate, and thus determine the presidency. The commission decided that all four states should go to Hayes and he became president of the United States. Tilden's supporters immediately charged that Hayes’ people had bribed officials to turn the vote in his favor, but no evidence was forthcoming.
Some months after the election, reporters discovered a large number of encrypted messages that had been sent from Tilden's supporters to officials in the disputed states. One of the ciphers used was a partial codebook together with a transposition on the words. The codebook was only applied to important words and the transposition was a fixed permutation for all messages of a given length. The allowed message lengths were 10, 15, 20, 25, and 30 words, with all messages padded to one of these lengths. A snippet of the codebook appears in Table 2.2.
Table 2.2 Election of 1876 codebook
| Plaintext | Ciphertext |
|---|---|
| Greenbacks | Copenhagen |
| Hayes | Greece |
| votes | Rochester |
| Tilden | Russia |
| telegram | Warsaw |
|
|
|
The permutation used for a message of 10 words was
One actual ciphertext message was
which was decrypted by undoing the permutation and substituting telegram for Warsaw to obtain
The cryptanalysis of this weak cipher was relatively easy to accomplish [45]. Since a permutation of a given length was used repeatedly, many messages were in depth—with respect to the permutation as well as the codebook. A cryptanalyst could therefore compare all messages of the same length, making it relatively easy to discover the fixed permutation, even without knowledge of the partial codebook. Of course, the analyst first had to be clever enough to consider the possibility that all messages of a given length
