As the Playfair cipher was state-of-the-art at the end of the Civil War in 1865, I wondered how someone (even if portrayed as a well-known puzzle solver) would be able to perform a successful ciphertext-only attack within just one or two hours, not having any frequency tables at hand and given a ciphertext consisting of only 22 digraphs (= pairs of letters). The following article will explain the basic concepts (encryption, decryption and cryptanalysis) of the Playfair cipher using the example from National Treasure: Book of Secrets.

The Playfair cipher¹ was the first digraph substitution cipher in history, that is, letters are sequentially encrypted and decrypted in pairs. This scheme was invented in 1854 by Charles Wheatstone, but bears the name of Lord Playfair², who promoted the use of the cipher. The digraph substitution makes frequency-based cryptanalysis significantly harder as one has to deal with 600 possible digraphs³ rather than the 26 possible monographs. In effect, larger ciphertexts are necessary to perform a successful cryptanalysis compared to conventional monograph substitution ciphers. Due to this characteristic, the Playfair cipher was superior to many contemporary ciphers and as it was also relatively easy to use, the British forces even employed it as a field cipher during World War I, about 50 years after the American Civil War.

So how did the fictional character Thomas Gates manage to decrypt the following (rather short) ciphertext?

1
2
3
4

ME IK QO TX CQ
TE ZX CO MW QC
TE HN FB IK ME HA
KR QC UN GI KM AV

Most likely, he simply guessed the correct keyword “DEATH” by using the given hint “The debt that all men pay.” In that case, he would have constructed the corresponding 5×5 Playfair square by entering “DEATH”⁴ in the first row⁵ and filling the square up with the remaining letters of the alphabet⁶.

1
2
3
4
5

D E A T H
B C F G I
K L M N O
P Q R S U
V W X Y Z

The ciphertext can now be easily decrypted using the above Playfair square by applying the following four rules⁷ to all ciphertext digraphs:

1. If the two letters appear on the same row of the Playfair square, replace them with the letters to their immediate left respectively (wrapping around to the right side of the row if a letter in the original pair was on the left side of the row).
2. If the two letters appear on the same column of the Playfair square, replace them with the letters immediately above respectively (wrapping around to the bottom side of the column if a letter in the original pair was on the top side of the column).
3. If the letters are not on the same row or column of the Playfair square, replace them with the letters on the same row respectively but at the other pair of corners of the rectangle defined by the original pair. (The first encrypted letter of the pair is the one that lies on the same row as the first plaintext letter.)
4. Drop any extra “X” characters which don’t make sense in the final message.

Hence, the plaintext of the message which Thomas Gates successfully decrypted reads as follows:

1
2
3
4

LA BO UL AY EL
AD YW IL LX LE
AD TO CI BO LA TE
MP LE SO FG OL DX

If the superfluous “X” characters are dropped and the whitespaces are modified correctly, the resulting message is “Laboulaye lady will lead to Cibola temples of gold”. In the movie, this hint refers to the French Statue of Liberty, which is actually the sister statue of the American Statue of Liberty, whose intellectual creator was the French politican Édouard René de Laboulaye. Cíbola is one of the fantastic Seven Cities of Gold existing only in a myth that originated around the year 1150 when the Moors conquered Mérida, Spain. The legend of the seven cities of gold survived for many centuries and even drew the Conquistadors northward until they encountered the French colonists, who successfully resisted their further advance. In the movie National Treasure: Book of Secrets Thomas Gates’ descendant Ben Gates finally manages to rediscover the mythological temples of gold in a huge cave under Mount Rushmore.

However, the final question remains whether a ciphertext-only attack on the short ciphertext given in the movie would be feasible. The usual entry point for cryptanalysis relating the Playfair system is a frequency analysis of the ciphertext’s digraphs. Unluckily, the above plaintext doesn’t contain even one of the ten most frequent English digraphs: th, he, in, er, an, re, nd, at, on, nt. Another way of attacking the Playfair cipher is the fact that if a letter pair AB is encrypted to CD then the pair BA is always encrypted to DC. Thus finding such pairs in the ciphertext (e.g., “CQ … QC … QC”) may prove highly fruitful. But again, the corresponding plaintext digraphs “EL” and “LE” have relatively low frequencies in ordinary English texts, whereas the digraphs “TH” and “HT” are the most frequent English digraphs but don’t appear in the plaintext at all. An obvious weakness of the Playfair cipher (especially if the password is relatively short) is the fact that in many cases the Playfair square ends with “XYZ”. In the given example, the situation is even worse as the last line equals to the end of the alphabet “VWXYZ”. Another way of breaking the above ciphertext might be the so called shotgun hill climbing method in combination with the massive computation power of modern computers. This method takes an educated guess as the basis for the initial square (e.g., “VWXYZ” as the last line) and employs suitable metrics (e.g., frequency count) to find promising mutations of the Playfair square, which ultimately leads to an approximate solution. However, the unusual nature of the given plaintext “Laboulaye lady will lead to Cibola temples of gold” makes it very hard to choose good metrics and even promising ciphertext fragments like “ME IK … IK ME …” probably won’t lead anywhere if the cryptanalyst doesn’t have any initial idea about the cleartext’s content (e.g., “LA BO ul ay [e]” and “ci BO LA”).

In conclusion, the short length of the given ciphertext would have made it virtually impossible for the fictional character Thomas Gates to break the encryption by classical means in 1865. Nowadays, the possibility to perform attacks like the shotgun hill climbing method on powerful computers allow for feasible attacks even in case of short and unusual plaintexts. If you want to give it a try yourself, I recommend using the free software CrypTool, which is not only a great learning environment for cryptographic concepts but also provides many useful tools to attack classical ciphers.

Finally, it might be interesting to know that officials found a Vigenère tableau⁸ in the room of the historical John Wilkes Booth after he had shot Abraham Lincoln. As the Confederacy used the Vigenère cipher in conjunction with cipher disks during the Civil War⁹, the prosecution in the trial against eight Southern sympathizers sought to show that Booth’s Viginère tableau proved the Confederacy government’s involvement in Lincoln’s assassination.

Most likely, someone who wants to get hold of your encrypted data will neither try to break the encryption algorithm nor its implementation. Instead, he will try to defeat the authentication mechanism by eavesdropping your password (“what you know”) or stealing your physical key (“what you have”). In its initial version, BitLocker forced you to choose between TPM¹ only, TPM + PIN, TPM + USB Key or USB Key only. So it was either something you knew (your PIN) or something you had (your USB key) which protected your data and made BitLocker decrypt your volumes on the fly as you booted your computer.

To the great relief of any paranoid encryption junkie, Microsoft decided to add another mode, which requires TPM + PIN + USB Key to start up your computer. This feature was introduced with Service Pack 1 for Vista and makes it really hard for an attacker to get hold of your authentication details if you don’t write your PIN on your USB stick or get “questioned” by someone with a blow torch and a pair of pliers.

So how does it work? Well, although there is no GUI option for this new mode, it’s surprisingly simple to activate:

1. Click on the Vista logo / start button.
2. Type cmd in the search box and do NOT hit enter.
3. Right-click on the command prompt item (cmd.exe) and select “Run as administrator” from the context menu.
4. Enter cscript manage-bde.wsf -on c: -rp -rk d: -tpsk -tp 1234567 -tsk e: and hit enter.
   (“c:” is the drive which you want to encrypt / your OS volume; “d:” is the drive where the recovery key will be stored at; “1234567” is your secret PIN, which can consist of up to 20 digits; “e:” is your USB key.)
5. Write down the recovery password and hide it at a SAFE location (e.g., under your keyboard ).
6. Type exit and hit enter.
7. DONE!

That’s it! I’d strongly recommend leaving your computer in peace until BitLocker has finished encrypting your drive, although the manual states that you can even reboot without causing any trouble. Well, I’m not exactly sure that an accidental BSOD (Blue Screen of Death) caused by your favorite first-person shooter won’t interfere with the encryption process…

Upon the next reboot, you will be asked for your secret PIN and the USB key, providing you with the maximum level of authentication-based security which BitLocker has to offer at the moment.

I am optimistic that the stage of initial installations and bug fixes has come to an end now, so that from this point on, I can exclusively focus on what this blog is really about: cryptology! On my desk, there are already some drafts about the Playfair cipher, which was extensively referred to in the blockbuster “National Treasure: Book of Secrets” (2007), and the Japanese code JN-25, which played a decisive role in WWII’s Battle for the Pacific. So please stay tuned for what’s to come in the near future!

So far, so good. But when I tried to access wp-login.php, which is located in Wordpress’ base folder, I had to realize that it uses two CSS files from the folder wp-admin/css. As wp-login.php and the two CSS files should be accessible to any visitor of my blog, I needed to find a way to exclude the subfolder wp-admin/css from the Basic Authentication protecting wp-admin. Unluckily, it seems that there is no specific command for that purpose.

After crawling Google for approximately two hours I finally managed to find a solution, which needs only three lines of code to bypass the Basic Authentication of the parent directory. Simply create a new .htaccess file in the subfolder you want to exclude from the authentication and add the following lines:

1
2
3

Order Deny,Allow
Allow from all
Satisfy any

“Allow from all” will grant any IP address access to this folder. But the decisive line is ”Satisfy any”, which tells the server to require either a correct Basic Authentication or the satisfaction of the “Deny/Allow” properties (the standard is “Satisfy all”, which requires both). As “Allow from all” gives access to anyone, this effectively neutralizes the Basic Authentication inherited from the parent folder.

That’s how almost any beginner’s guide to programming starts, so it’s probably a good line to begin my first public blog with. Hopefully, you’ll find many useful facts and intersting stories about cryptography and relating topics at this place very soon. Please grant me some time to develop my personal “blogging style” and support me by making extensive use of the available rating and comment possibilities!

Have fun,
Matt