Analyzing the Spanish strip cipher by combining combinatorial and statistical methods

ABSTRACT

According to historical reports, many telegrams that date from the Spanish Civil War (1936–1939) still remain undisclosed. It is believed that these telegrams were encrypted with a cryptosystem called the “Spanish Strip Cipher” (SSC).

During this civil war, SSC was the most used cryptographic algorithm. This method corresponds to a homophonic substitution cipher in which a plaintext letter can map to between three and five ciphertext symbols.

By means of cryptanalysis, the authors detect a weakness in the encryption process of the SSC. In this article, they describe how this vulnerability is exploited to efficiently reconstruct a plaintext from a relatively short ciphertext. The attack is based on combinatorial and statistical methods, and it is divided into three phases: homophones-table analysis, letter-frequency analysis, and dictionary search.

The attack was implemented in Java and tested on a laptop with an i7 processor and 4 GB of RAM. The tests were carried out with several real telegrams from the Spanish Civil War. In this article, the authors provide the results of one test that was successfully performed only using the first 201 ciphertext symbols of a Spanish telegram.

KEYWORDS:

• cryptanalysis
• combinatorial and statistical methods
• homophonic substitution cipher
• monoalphabetic substitution cipher
• Spanish Civil War
• Spanish strip cipher

Notes

¹GATO in Spanish means cat.

Additional information

Notes on contributors

Luis Alberto Benthin Sanguino

Luis Alberto Benthin Sanguino is researcher at Fraunhofer FKIE in the department of Cyber Analysis and Defense, and a PhD student at the University of Bonn, Germany. In 2013, he obtained the MSc at the Ruhr University Bochum, and in 2008, he graduated as a system engineer at the University of Aquino, Bolivia. His interests include the areas of malware analysis, Honeypots, and Botnet.

Gregor Leander

Gregor Leander is currently a researcher at the Ruhr University Bochum. He received his PhD from the Ruhr University Bochum in 2004 and has been an associate professor at the Technical University Denmark until 2012. His research interests include symmetric cryptography and Boolean functions.

Christof Paar

Christof Paar has the Chair for Embedded Security at Ruhr University Bochum, Germany, and is an affiliated professor at the University of Massachusetts Amherst. He co-founded, with Cetin Koc, the CHES (Cryptographic Hardware and Embedded Systems) conference. His research interests include highly efficient software and hardware realizations of cryptography, physical security, penetration of real-world systems, trusted systems, and cryptanalytical hardware. Christof has over 150 peer-reviewed publications and is co-author of the textbook Understanding—Cryptography (Springer, 2009). He has given invited talks at MIT, Yale, Stanford University, IBM Labs, Intel, and Sun Labs. He is a Fellow of the IEEE.

Bernhard Esslinger

Bernhard Esslinger teaches IT security and cryptography at the University of Siegen in Germany. He is also the lead of the open-source project CrypTool since the beginning in 1998. His main interests are primes and applied IT security. He helps people and companies to understand and use, for instance, risk-based countermeasures like secure e-mail, and to raise awareness. Prior to that, he was the CISO of SAP SE.

Ingo Niebel

Ingo Niebel is a historian and freelance journalist living and working in Germany. Since 1996, he is also a member of Eusko Ikaskuntza, the Society of Basque Studies. He has published several books in German and Spanish about the Basque Country and intelligence during the Spanish Civil War (1936–1939). He contacted Prof. Christof Paar during his research because he found some encoded telegrams that could not be read by even the authorities of that time since the keys had been lost.