Lakehead University Theory of Cryptology Math{3375 The ADFGVX Cipher Wilson Poulter & Justin Kulp, Lakehead University he ADFGVX cipher is a private-key en- as cryptanalytic security [2]. cryption method that uses a Polybius At the time, the French army had a dedicated Tsquare to encrypt a plaintext message cryptanalysis group known as the Bureau du Chiffre, once, it then uses a keyword to transpose let- or Cipher Bureau. By April 4, 1918, Lieutenant ters of the singly encrypted text, adding ad- Georges Painvin, a member of the Bureau, was able ditional difficulty for cryptanalysis. to identify two messages with identical strings and orderings of text, indicating plaintext with the same History beginning and keys. This, and other clues led to a systematic and statistical breakdown of the Ger- On the frontline of trench warfare during the First man scheme during times of heavy communication. World War (1914-1918), communication was an in- However, the Allies never did develop an univer- tegral part of daily activities. In order to carry sal method for decrypting ADFGVX ciphers. The out an effective offensive, messages containing bat- largest success of Painvin was on June 3, 1918, when tle plans had to be transmitted along the kilome- he intercepted and decrypted the (translated) mes- tres of trench networks to commanding officers. The sage \Rush munitions Stop Even by day if not seen," obvious method for accomplishing this task at the which was later confirmed, and prepared the French time was through the use of radio telegraphy. By army for an attack on June 7 [2]. these means, operators could send messages using Morse code to other operators located far away. Al- Method though this was the only practical way of sending messages at the time, the use of radio had the draw- The ADFGVX cipher first employs a 6 × 6 Poly- back that one could not control who the message bius square to encrypt plaintext monographs into was sent to. Thus, enemy operators could intercept digraphs and then applies a single columnar trans- virtually every message sent, providing them with a position on the modified text. Simply put, the plain- tactical advantage. In order to protect the content text letters are substituted by digraphs and are then of messages even after they had been intercepted, transposed in columns by the use of a keyword [3]. cryptographers from all countries began to develop This combination of fractionation and transposition ciphers that would protect their messages even if makes the cipher especially difficult for cryptanaly- they were intercepted [1]. sis [1]. The ADFGX cipher originally came into use on March 5, 1918, and later evolved into the more com- Polybius Square plicated ADFGVX cipher to include numbers. The method was invented by the German Colonel Fritz To accomplish the first step of encryption, plain- Nebel and was chosen by a conference of German text characters are substituted using a 6 × 6 Poly- cipher specialists to be used during the war. It was bius square. The Polybius square is a checkerboard designed to optimize radio operator success as well scheme that uses the letters A, D, F, G, V, and X, Page 1 of 5 Lakehead University Theory of Cryptology Math{3375 A D F G V X from the keyword, moving down to a new row when A O K Z P 4 G all letters from the keyword have been used. D J 3 R 5 H I As an example, using the keyword MATHEMAT- F 8 W V C T Y ICS, which becomes MATHEICS, we would write G 1 S D 2 E X out (1) as follows, V B M 0 A F L X 7 U N 9 Q 6 MATHEICS FGDFFXAG (2) Table 1: A sample ADFGVX Polybius Square FVAAAXDF VGAGDVFX in order, as column and row identifiers, which forms Thus the characters of the digraphs form columns a grid where each element of the grid can be identi- underneath the letters of the keyword. × fied by its row and column header [3]. In this 6 6 The keyword's letters are then rearranged in al- scheme, the English alphabet and the digits 0{9 are phabetical order, with their corresponding columns randomly placed within the grid and each of these rearranged in the same order simultaneously. In our characters maps to an unique pair of letters. Using previous example MATHEICS would be rearranged the sample Polybius square in Table 1, we get that to read ACEHIMST, and (2) would become, the number 8 encrypts to the pair FA, and the pair AD decrypts to the letter K. ACEHIMST In the original ADFGX cipher, one uses a 5 × 5 GAFFXFGD (3) Polybius square, with each letter mapping to one of VDAAXFFA the 25 different digraphs. Of course, since there are GFDGVVXA 26 letters in the English alphabet, one traditionally To complete the encryption, the left-most column would merge the letters i and j into a single letter. is now written as a string of characters horizontally, Whereupon the correct letter would be chosen con- with the topmost letters of the column becoming the textually when decrypting [1]. leftmost in the string, the bottommost becoming the Since, in each case, a single plaintext character rightmost. This is then repeated for the second col- is mapped to more than one ciphertext character, umn, etc., until the last column [3]. This transforms the ADFGVX and ADFGX ciphers are examples of (3) into the final, encrypted, string: fractionating ciphers. As an example, using Table 1, the plaintext mes- GVGAD FFADF AGXXV FFVGF XDAA: (4) sage CRYPTOGRAPHY will result in the cipher- text: Now the ciphertext may now be sent with some degree of confidence that it will not be decrypted by FGDFF XAGFV AAAXD FVGAG DVFX: (1) someone without a key. Columnar Trasposition Strengths To make this cipher even stronger, our already once encrypted text is encrypted again using columnar The ADFGVX cipher was designed to not only be transposition, or in other words, by moving around a strong cipher, but also to be a relatively simple groups of the ciphertext via some keyword. cipher to use. The major advantage of this cipher To elaborate, suppose we have some keyword (in in the context of the First World War had to do the language the message is written in), we eliminate with the substituted Polybius square. The Polybius all the duplicate letters of the keyword, preserving square generally uses the digits 1{5 to act as column the leftmost letters. For example, if the keyword is headers and row identifiers, which was suited for its ZYXY we write ZYX, rather than ZXY [1]. With original method of encoding (knocks or light flashes), the remaining ordered characters, the message is ar- however as mentioned above, these messages were ranged so that the encoded message can be read being encoded using Morse code. Thus it is most \correctly" (that is, so that if it were decrypted it sensible to use characters which have Morse equiv- would be a readable message) from left to right, and alents that are all very distinct from one another, from top to bottom. Then each character of the these being the letters A, D, F, G, V, and X. Ex- encrypted message is placed directly under a letter amples of the International Morse symbols for the Page 2 of 5 Lakehead University Theory of Cryptology Math{3375 A · | assuming that each character maps to only one di- D | ·· graph and vice-versa, since monographs are simply F ·· | substituted with digraphs. For this same reason if G | | · an index of coincidence calculation was performed V ··· | on the encrypted text of 36 digraphic combinations, X | ·· | the index of coincidence would remain the same. It is when this method of substituting monographs Table 2: International Morse Symbols for ADFGVX with digraphs is coupled with the columnar transpo- sition described above, that the ADFGVX cipher be- letters A, D, F, G, V, and X can be seen in Table comes strong [3]. By the process of columnar trans- 2. By using these distinct letters, one may assume position, each of the two singular characters from ev- operator accuracy would increase [2]. ery digraph is re-associated with the character above As previously mentioned, the ADFGVX and re- it or below it in its column, or the character at the lated schemes act as a fractionating cipher since they top or bottom of the row next to it (right for top, left map each character to more than one letter, as a for bottom). In the general case, the frequency of result of the usage of the Polybius square. Addition- every digraph should be changed to something that ally, the underlying concept of the Polybius square is more reflective of a polyalphabetic cipher, since can be modified, adding additional dimensions, by two of the same digraphs may no longer correspond the example of the ADFGVX cipher, to aid in en- to the same plaintext letter. For 36 characters, the coding an alphabet of any length. Although, if the index of coincidence for a uniform distribution of length of the alphabet cannot be factored into di- text is 1=36 ' 0:027778. Using Table 1 and the key- mensions to form a Polybius square (or modified word WARIOPNCES to encrypt the text used to \Polybius rectangle"), then either some letters will compute (5), and then computing the new index of have to map to a non-unique digraph (one letter coincidence leads to the following, appears in more than one position in the square), 36 ( ) or certain digraphs will have to map back to a non- X n 2 IC ' i ' 0:032469 (6) unique plaintext letter (more than one letter appears new N in one position of the square).