Tea, milk, no
sugar. Thanks

Stuart Rutter, a developer at Square Enix in London. Enjoys cryptography, search algorithms, competitive coding, and start-up ventures.


PHP 5.x

Objective-C (iOS)


Node JS



Adobe CS





Disclaimer: Howsoever expressed or interpereted, the opinions found herein do not represent those of my professional employer.

Pigeon message cipher identified

March 17th 2013

I was at the National Archives in Kew recently with the intention of researching the British WW2 cipher machine TypeX. Firstly to see what type of message indicator was used, and secondly to find out more about the structure of messages enciphered using a TypeX.

Furtunately WO 208/5109 came up with a few answers.

Bearing in mind that these are setup and usage instructions for the TypeX Mark VI - which was a portable hand-wound derivative of the TypeX.

before the message is commenced, a five-letter message setting on the scrambler, as indicated by the letters appearing at the windows in the cover of the scrambler, should be selected and the corresponding disguised indicator noted at the top of the message form.
Using the left-hand while turning the handle with the right, type the message exactly as it appears on the message form, giving the address, serial number, date and text of the message, the space key being depressed between every word of the plain language message. The message printer automatically spaces after every five letters of cypher have been printed. At the conclusion of the message sufficient letters must be added to the cypher message to make the last group into a complete five-letter group. Therefore note the counter reading and depress the space key, letters shift key, or figure shift key or a combination of the these until the last figure shown on the counter is either 5 or 0 (both coloured red). No use should be made of other keys for this purpose as their printing in the decyphered message might possibly lead to confusion. Finally, stick the tape on the pad and write the message setting in the manuscript as the first and final groups of the message.

The last bit of this extract is the important bit - it details that when constructing a cipher message using the TypeX, the first and last groups of the message are a five letter indicator. Just like we see in our pigeon message.

Preparation of message for transmission – Withdraw and detach the tape from the message printer and insert in manuscript, as the first group, the disguised message setting used at the commencement of the message. If the message is complete in one section write this disguised message setting and groups of five Q's must be inserted appropriately in the spaces left for that purpose. Each section must begin and end with the disguised message setting, in manuscript, appropriate to it. The tape should then be gummed to a message form so that there are ten groups in each line. This is done in order to facilitate the counting of the total number of groups.

So, I am fairly confident in saying that we are dealing with a message enciphered using a TypeX. What makes this all the more interesting is that I cannot find reference that the TypeX had ever been cracked by the enemy. So for someone to break this code, it would also carry the prize of being the first to crack a message enciphered using a TypeX.

At the very least, we can be happy about the fact that it is unlikely a one-time-pad cipher, because then we truly could presume it indecipherable.

comments powered by Disqus

TypeX Emulator in Javascript

March 13th 2013

This is a Javascript implementation of the British Rotor Cipher Machine - Typex.

The code for this I have put on GitHub, usage is as follows.


var demo1 = TypeX.init('01234', '00100', 'AOAKN', 'This is the string to be encoded');


var demo2 = TypeX.init('01234', '00100', 'AOAKN', 'KLHESNYNIMQAZHIZROBHDZHKWRQFFRTY');

TypeX.init() accepts the following parameters:

  1. Which rotors to use
  2. The orientation of the rotors. 1 = reversed
  3. The indicator key (the starting position for each rotor)
  4. Text to encipher / decipher

The majority of this code is based on that of the Enigma - their workings are very similar, with a few exceptions such as fixed position rotors (stators), and the rotors could be inserted in reverse.

Unfortunately the wirings of the Typex have never been disclosed or recovered. Unlike the Enigma the Typex had many more inserts which have mostly been destroyed, GCHQ have the only Typex insert collection that I know of from which the wirings could easily be recovered using a continuity tester. So, the wirings that I have used in this simulator are those of the Enigma as recovered by Rejewski.

WW2 Pigeon Code - a machine cipher? Quite likely..

March 1st 2013

I think that the biggest hint toward finding out which method of encryption had been used to encode our pigeon message is the five letter indicator group seen at the beginning and end of the cipher text. That along with a 26 letter alphabet would allow us to tentatively rule out some possibilities.

Nick Pelling has, as ever, been hot on the trail of such enciphering possibilities, and has come to the probable conclusion that it isn't a Slidex.

I am now under the impression, however, that a cipher machine had been used... for reasons I shall try and articulate below.

Cipher machines that used a 5 letter indicator are the American ECM Mark II, and British TypeX.

The M-209 possibly used a five letter indicator by using the first letter twice to set the first two rotors. In the Operating Instructions for CSP-1500 (aka M-209):

In choosing a message indicator the operator writes down a random selection of five letters, subject to the limitations of the letters actually present on the key wheels. Since the first of these five letters governs the setting of the first two wheels, counting from left to right, any letter from A to Z, except W, can be used as the first letter of the indicator. For the second letter, governing wheel number 3, the choice ranges from A to X, omitting W. For wheel number 4 (third letter) any letter front A to U may be selected, for wheel number 5 (fourth letter) any letter from A to S, and for wheel number 6 (fifth letter) any letter from A to Q. An example of such a message indicator would be HILQD and the wheels would be adjusted so that the letters HHILQD would be lined up along the bench mark.

From the operating instructions of the ECM Mark II:

The message indicator consists of five letters selected at random by the operator. Bona fide five-letter words will not be used as message indicators even though such words occur by chance. The message indicator will be different for each message or part. When it is necessary, as in the case of a service, to reencipher a particular message or part, or any portion thereof, a different message indicator will be selected. The message indicator is used to determine the message rotor alignment.

The TypeX was similar to the ECM in that it had five rotors, but the last two rotors (stators) did not advance, so it was in effect equivalent to a three rotor Enigma with the added complexity of variable stepping between rotors, and rotors could be inserted in reverse.

Image reference: Kew HS 7/71.

TypeX models (previous to 1941) didn't have a plugboard, instead the two stators served as this complexity. There were also portable versions for use in the field which were similar to the American M-209.

The TypeX was used by the British, similarly America had their ECM or SIGABA cipher machine, yet for Allied operations where the Allied Forces were to share intelligence there was no common cipher machine, one that could encode / decode each other's messages.

The British wanted the Americans to use their TypeX, yet the Americans didn't want to share their top secret ECM Mark II with the British. The ECM was never broken during WWII, which goes to stand why they were so protective of their cipher machine.

So to bridge the gap between the TypeX / ECM and as a way of sharing Allied intelligence another cipher machine was developed called the Combined Cipher Machine (CCM). The CCM was developed in America and was in use by the British and Allied forces by April 1944. CCM was therefore built to be compatible with both the British TypeX and American ECM via adaptations to their existing machines, borne the TypeX 23 and the ASAM 5.

An interesting snippet of information on the TypeX offered by the Offices of The Cypher Policy Board, which is a retrospect to the use of cipher machines during WWII (Kew HS 7/71):

“we have fought this war on one type of Cypher Machine only, namely, TypeX”

Unlike SOE agents, who relied heavily on WOK's, Playfair, and One-Time-Pads, it was imperative that the Army had quick methods of encoding and relaying information, one without the time consuming and error prone nature of these hand written substitution ciphers. Even the double transposition cipher fell under the category of being too cumbersome to be practical.

For low-grade ciphers like double transposition and Linex, a numerical indicator was used which referenced keys held by both parties, similarly a WOK, Playfair, and OTP used very different indicators than what we see in this message.

A five letter indicator such as AOAKN therefore fits the bill for a five rotor cipher machine quite nicely. This would indicate the initial rotor configuration (similar to that of ECM's message indicator above), and in combination with the time stamp seen at the end of the message which would be used by the receiver to look up the rotor orientation and rotor positions from a pre-compiled book of day keys.

The TypeX (or TypeX with CCM adaptation) is therefore a largely plausible candidate which could have been used to encode our message.

As the below image suggests (Kew HW 40/89), there could easily be added complexities to this message, e.g. a disguised indicator, or letter shifts. We also cannot be sure which model of TypeX this was encoded on.

D'Agapeyeff Cipher not solved, FACT!

January 4th 2013

The D'Agapeyeff cipher is a cryptography challenge set by Alexander D'Agapeyeff in First Editions of his book Codes and Ciphers. It has since been removed from later editions and is yet to be broken.

75628 28591 62916 48164 91748 58464 74748 28483 81638 18174 74826 26475 83828 49175 74658 37575 75936 36565 81638 17585 75756 46282 92857 46382 75748 38165 81848 56485 64858 56382 72628 36281 81728 16463 75828 16483 63828 58163 63630 47481 91918 46385 84656 48565 62946 26285 91859 17491 72756 46575 71658 36264 74818 28462 82649 18193 65626 48484 91838 57491 81657 27483 83858 28364 62726 26562 83759 27263 82827 27283 82858 47582 81837 28462 82837 58164 75748 58162 92000

Upon trawling the internet for clues and attempts at breaking this cipher, I was led to a blog article Alexander D'Agapeyeff Cryptogram is SOLVED, which to all intents and purposes seems like a reasonable attempt, however the author couldn't have been more wrong!

Here is an explanation of the authors workings and why it is ultimately flawed.

Firstly he has split the cipher digits into bigrams:

75 62 82 85 91 62 91 64 81 64 91 74 85 84 64 74 74 82 84 83 81 63 81 81 74 74 82 62 64 75 83 82 84 91 75 74 65 83 75 75 75 93 63 65 65 81 63 81 75 85 75 75 64 62 82 92 85 74 63 82 75 74 83 81 65 81 84 85 64 85 64 85 85 63 82 72 62 83 62 81 81 72 81 64 63 75 82 81 64 83 63 82 85 81 63 63 63 04 74 81 91 91 84 63 85 84 65 64 85 65 62 94 62 62 85 91 85 91 74 91 72 75 64 65 75 71 65 83 62 64 74 81 82 84 62 82 64 91 81 93 65 62 64 84 84 91 83 85 74 91 81 65 72 74 83 83 85 82 83 64 62 72 62 65 62 83 75 92 72 63 82 82 72 72 83 82 85 84 75 82 81 83 72 84 62 82 83 75 81 64 75 74 85 81 62 92 00 0

And then by doing a frequency count of the first and second digits we can see that:


  • 8 (80)
  • 6 (56)
  • 7 (41)
  • 9 (18)
  • 0 (4)


  • 2 (46)
  • 5 (45)
  • 4 (43)
  • 3 (39)
  • 1 (33)

I have listed these in frequency order, however the order used to construct a grid in the authors implementation was 8,6,7,9,0 and 2,4,5,1,3. I do not know what the reasoning behind this order was, but for the time being I'm going to roll with it.


Using this grid, we then take the original cipher and substitute the digit pairs for their corresponding letters in the grid (e.g. 7,5 = N):


Coincidentally (in my opinion), this generates a cipher text containing the keyword FACT. Tendentious as it may be, it seems like a genuine enough keyword, so lets go with it.

The next step of working was to overlay the word FACT with the above cipher text and extract the corresponding values (ignoring the first block of letters assumed to be N = null, followed by FACT the keyword):


I've not listed them all for the sakes of brevity. From this we can see that column F is: F, G, B.. Column A: T, T, G.. etc.

The next step is where this working is significantly flawed. By laying the keyword FACT on top of the alphabet and then transposing the corresponding letter from our columns F,A,C,T.


The author has then taken the columns F,A,C,T, and read the corresponding value from the above alphabet in a rather peculiar way:


F = A1st letter, 1st group G = E1st letter, 2nd group B = I1st letter, 3rd group


T = B2nd letter, 1st group T = F2nd letter, 2nd group G = J2nd letter, 3rd group


G = C3rd letter, 1st group M = G3rd letter, 2nd group M = K3rd letter, 3rd group


D = D4th letter, 1st group C = H4th letter, 2nd group M = L4th letter, 3rd group

When we reconstruct this it is no surprise that we then get the alphabet in return! Oh dear me.


Double Transposition Cipher

December 21st 2012

As used by the British Army and as instructed by the War Office on the 5th November 1943.

Apologies for the length of this post, I didn't want to sacrifice any key information by providing an abridged version, so here it is in its entirety. There is a working example of the Double Transposition Cipher at the end of this post.

The reference material used in this post can be found at the National Archives in Kew, WO 193/211 - Policy and Codes for Cipher Communications.

Addressed to the Allied Forces, 21st Army, and the British Armed Forces in general.

In order to ensure smooth and rapid co-operation of formations and units transferred from one theatre to another, or between forces of different theatres which effect a junction during operations, the provisions of a standard Low Grade Cipher for use throught the Army, at any one time, is considered essential. This is borne out by experience during recent operations.

It has, therefore, been decided to adopt the Low Grade Cipher. The neccessary documents are being issued to all commands concerned at the earliest possible date, and the cipher will be taken into use in each theatre as soon after this as practicable, bearing in mind that in all units which require to hold this Cipher at least on officer and four other ranks will require to be conversant with its use.

No other Low Grade Cipher will be used without previous reference to the War Ofiice, but this will not proclude the use of such codes as the Map Reference and Slidex codes etc as may be authorised from time to time for communications other than those which require to be wholly enciphered.

This Low Grade Cipher will be used by the headquarters of all units and formations, not possessing a common higher grade cipher, for tactical messages dealing with operations, movements and administrative plans likely to be effective in the near future. Those messages dealing wth plans or operations scheduled to take effect after more than 48 hours will not be sent by wireless unless a medium or hgh grade cipher is available.

Whilst in actual contact with the enemy, when speed is of more importance than security, messages dealing with the immediate future may be passed by forward units in clear, but in this event formations and units will invariably be referred to by their code signs.

Provisional Instructions for the use of Army Low Grade Cipher

(Double Transposition)

  1. "Double Transposition" uses the actual letters of the message to be enciphered , simple letter-equivalents being substituted for figures and punctuation before enciphering is begun. The order of the letters is then changed in a complex manner, according to a definite plan, by the encipherer and restored in due course, using the same plan, to its original form by the decipherer. It is simple but demands painstaking accuracy as the only sure check that enciphering is correct is the complete decipherment of the cryptogram. If it is used correctly, this cipher provides sufficient security for the type of traffic it is intended to carry.

  2. The method is demonstrated below.

    1. Enciphering

      1. Under a row of numbers in a pre-arranged jumbled order, called a "transposition key", write the clear text, say "Intense enemy artillery bombardment", row by row.


      2. Count the number of letters (32 in this case).

      3. Now take out the letters vertically, column by column taking column header 1 first, then column headed 2, and so on and write the results horizontally, row by row, under a second pre-arranged transposition key.


      4. Count the number of letters. This must agree with the count in (ii) above.

      5. Finally, take out the letters vertically, column by column, as in state (ii) and write the result in groups of five letters, this:-


      6. Count the numer of letters. This must agree with the counts made in (ii) and (iv) above.

      7. If the last cipher group contains less than five letters it will on no account be completed to a five-letter group.

    2. Deciphering
      1. Write out the second transposition key and construct beneath it a "cage" that will exactly hold the letters of the cryptogram. This is done by dividing the number of letters in the text by the key length of the transposition key. The "quotiant" is the number of complete rows required and the "remainder" is the number of squares required in the bottom line. The unwanted squares MUST BE BLOCKED OUT. In the example given the key length is 7 and there 32 letters in the cryptogram. A cage of four complete rows and the four left had squares in the fifth row (the remaining three square being blocked out) is therefore required. In this cage write the cryptogram vertically column by column beginning with column headed 1, then column headed 2 etc, in the order given by the transposition key unitl all the letters of the cryptogram have been written in the cage.

      2. Write out the first transposition key and construct beneath it a cage to hold 32 letters. The key length being 9, three complete rows and the first five squares of the fourth row are required, the last four squares being blocked out. In this write out the rows of letters from the cage in (i) vertically column by column beginning with column headed 1, then column headed 2 etc, in the order given by the transposition key until all the letters of the cryptogram have been written in the cage.


        The clear text can now be read off horizontally row by row.

      Note. Counting the letters at every stage is the only possible check of accuracy and it must never be ommitted.

    3. Both enciphering and deciphering will normally be carried out on squared paper (2" squares) which will be issued in pads for the purpose. As a temporary expedient, however, any thin foolscap paper can be used if it is laid over a "master sheet" made of stout paper ruled int 2" squares with heavy ink lines.

  3. Transposition Key Book

    The pair of keys will be varied for each message and will be taken from the Transposition Key Book (BX 790) issued by the War Office. This book will contain 1,000 different keys numbered serially from 000 to 999. Each key will contain between 26 and 25 numbers. The first hundred keys will contain 26 numbers each, the next hundred 27 numbers and so on. The layout of the book is shown in Appendix B.

  4. Transposition Key Indicator List

    It is necessary to give each message an indicator to show the decipherer which pair of keys has been used. This indicator is a four-figure number, which will be written in clear, (it must NOT be enciphered), at the beginning of the cipher text and repeated at the end of the cipher text as a check, also in clear. The indicator for each message and the corresponding pair of keys to be used will be taken from one of the two columns of the Transposition Key Indicator List also issued by the War Office, a specimen of which is given in Appendix C. It will be seen that this document consists of columns of four-figure indicators followed by a two-letter combination on one of two columns headed "Army" and "Divisional" respectively. Those two letters, when looked up in the Daily Key Allocation List, give the pair of transposition keys to be used from the "Transposition Key Book".

    Divisions, and units and formations under their command, will use indicators having their equivalent letters in the "Divisional" column to encipher messages, other users will take indicators having their equivalent letters in the "Army" column. The Chier Cipher Officer in the theatre may, however, vary this arrangement at his discretion.

    Every indicator used, whether for enciphering or deciphering, will be marked and must on no account be used again for enciphering on the same day. Indicators will be chosen at random and NOT used in sequence.

  5. Daily Key Allocation List

    The pair of keys to be used for a given indicator will be changed daily by means of a Daily Key Allocation List a specimen of which is given at Appendix D. This will be used to translate the pairs of letters taken from the Transposition Key Indicator List into keys from the Transposition Key Book in the following way. (The appendices have been used to illsutrate the method). Suppose the Indicator 7928 is choden from the "Divisional" column of the Transposition Key Indicator List for a message enciphered on 1st September. The corrsesponding letters are SQ. In the Daily Key Allocation List, in the column headed 1 Sep, find the number corresponding to S and the number corresponding to Q: these are 002 and 996 respectively. Then key number 002 from the Transposition Key Book will be used for the first transposition of the message and key number 996 for the second transposition of the message. For a message enciphered on 6th September with the same indicator the keys used would be number 336 and number 763 respectively.

  6. "Daily Key Allocation Lists" will be produced by (a) all divisional Cipher Officers and, (b) suhc other Cipher Officers as the Chief Cipher Officer of the theatre may order, for the use of their own offices and those formations and units for which they are responsible. Each list will normally contain allocations for the not more than seven days, but in forward areas it should be limited to three days, if possible. At least one spare list containing allocations for seven days will be kept in readiness for immediate issue in case of an emergency. The list which is to be taken into use immediately after the current one may be held at brigade or equivalent headquarters.

  7. Details of an emergency method of using this cipher will be issued in due course. In the interim, cipher officers who issue Daily Allocation Key Lists will also issue to all holders for whom they are responsible an Emergency Key Allocation List which will contain allocations for two days. This list will be issued in a sealed envelope bearing instructions that it will be kept apart from all other lists and will not be opened until orders are recieved that the emergency list is to be taken into use. The method by which emergency lists are to be brught into use will be laid down by the senior cipher officer of the force.
  8. Concealed Addresses

    The address "from", date-time of origin, addresses "to" (both "action" and "information"), the originator's number and any reference number quoted which immediately follows it will be enclosed within brackets and will be inserted at a convenient point in the text (not at the beginning or end) and enciphered at that point. THe decipherer wll restore these details to their correct places on the message form. "Action" addresses will be separated from "Info" addresses by "rptd" (repeated).

  9. Stereotyped beginnings and endings

    Beginnings such as "situation", "sitrop", "following", "reference" and endings such as "ack" and "all informed" are dangerous. Sterotyped beginnings will be enciphered with the concealed addess between the last item of the concealed address and the closing bracket and restored to their correct place by the decipherer. In the same way sterotyped endings will be placed in brackets, near, but not at, the end of the message before enciphering is begun and restored to their correct places by the decipherer.

  10. Short Messages

    No cryptogram of a message (or part of a message sent as a separate cryptogram) will contain less than 40 letters. Messages containing fewer letters will be made up to more than forty by adding vowels (A, E, I, O or U) at the end of the clear text, before the enciphering is begun. The insertion of these vowels after enciphering will render the whole message undecipherable. The vowels must be added in jumbled order and the practice of making up a message to exactly 40 letters will be avoided. The whole message, including the added vowels will then be enciphered in the normal way.

  11. Long Messages

    Not more than 300 letters will be enciphered on one pair of keys. If a message requires more than 300 letters it will be divided into convenient parts, each containing less than 300 letters and each part will be enciphered as if it were a separate message with a new indicator and the corresponding keys. The addresses and date-time of origin will be enciphered in the first part only as laid down in para 10. Near, but not at, the end of the first part, "Part two follows" will be inserted within brackets and enciphered with the rest of the message. In succeeding parts the reference number, date-time or origin and "part …" will be inserted, within bracets, near, but not at, the beginning of the part and "part … follows" will be inserted, within brackets, near, but not at, the end of the part. These two items will then be enciphered with the part. The last part will be identified by the addition of the words "and last" after the part number.

  12. At the end of the cryptogram, immediately after the repeated indicator, the number of letters in the message (or message part) will be written followed by the day of the month on which enciphering was begun. The two numbers will be separated by an oblique strike, e.g. 179/12 will indicate that there should be 179 letters in the cryptogram and that enciphering began on the 12th day of the month. Before the deciphering of a message is begun the number of letters stated will be checked by a count of the numbers of letters actually in the cryptogram.

  13. Numbers and punctuation

    0 (ZERO) and the numbers from 1 to 10 inclusive when they occur singly will be spelt out. For all other numbers the figures will be replaced by two-letter groups, using the table given below, before enciphering is begun.

    0 BG 5 SX 1 JR 6 WF 2 KL 7 DQ 3 TC 8 PV 4 NH 9 ZM

    When it is necessary, in order to prevent confusion, to separate two numbers which have been encoded using this table, e.g. pt 76 3582, the word SPACE will be inserted in the appropriate place, thus:- DQWFSPACETCSXPVKL.

    Punctuation will be replaced by the groups given below before enciphering is begun.

    Full stop SSS Dash or Hyphen NNN Bracket RRR Oblique Stroke TTT

    It will be seen from the above that no figures or punctuation signs will appear in the cipher text.

  14. Security

    The following security precautions will be observed.

    1. Each sheet of square paper will be marked "SECRET" as soon as it is taken into use for either enciphering or deciphering.

    2. Indicators from the Transposition Key Indicator List, their two-letter equivalents and key serial numbers from the Transposition Key Book will NOT be written on the squared paper nor on any other pieces of loose paper.

    3. Sheets of squared paper on which enciphering or deciphering has been carried out will be carefully safeguarded until there is no likelihood of a "check and repeat" and then burnt. No sheet will be retained for more than 24 hours. These sheets will on no account be allowed to accumulate.

    4. Daily Key Allocation Lists will be destroyed column by column. As soon as a column is 48 hours out of date it will be cut from the sheet and burnt.

    5. The compromise, or suspected compromise of any documents used for Low Grade Cipher (Double Transposition) will be reported immediately to the issuing authority who will take the necessary steps to restore security.

    6. If a situation develops in which there is a possibility that Low Grade Cipher (Double Transposition) documents will fall into enemy hands, they will be burnt in the following order AND NO OTHER.

      1. All Daily Allocation Lists
      2. All used sheets of squared paper
      3. Sealed envelopes containing Emergency Key Allocation Lists
      4. All Transposition Key Indicator Lists
      5. All Transposition Key Books
  15. An illustration of the enciphering of a message follows. The indicator and the equivalent transposition keys used are taken from Appendices B, C, and D, and have already been used as an example in para 5.

Example usage of Double Transposition Cipher

Clear Message

Warning Order(.) 2 KOSB at 12 hrs notice move to conc area WEST of SLEEPY HOLLOW J7163(.) Details route and timings follow(.) Bn rep will report this HQ immediately(.) ACK

First Stage


Second Stage


Cipher Version