The Chaocipher Clearing House

Progress Report #4

Moshe Rubin (
Last updated: 11 March 2009

My current Chaocipher hypothesis

Based on the case I made (in Progress Report #3) for a 13- or 26-letter blocking factor (in Progress Report #3) I'd like to list my current hypothesis about Chaocipher (incorporating Greg Mellen's original hypothesis) based on Exhibit 1:

How is key management handled for Chaocipher?

In "Silent Years" (page 283) Byrne writes about Exhibit #4:

"This encipherment is distinguished from the other three in that it bears within itself full and complete instructions to an initiate for its decipherment".

Byrne is apparently referring to a key management question: upon receiving a message, how does an initiate know what the machine settings should be to decipher the message?  This is a well-known term in cryptography related to the generation, exchange, safeguarding, use, and replacement of keys.  The recipient of a message needs to know how to set up the machine before commencing decipherment.

There are two types of ciphers: symmetric- and asymmetric-key algorithms.  Symmetric-key algorithms use trivially related, often identical, cryptographc keys for both decryption and encryption.  Asymmetric-key algorithms (i.e. public-key cryptography), on the other hand, use a different key for enciphering and deciphering.

It is safe to assume that Chaocipher is a symmetric-key algorithm.  In this case both the sender and the recipient must know the identical key.  So what did Byrne mean by "... it bears within itself full and complete instructions to an initiate for its decipherment"?  Two possibilities come to mind:
  1. The machine setting is enciphered using a base machine setting
    1. The parties have an agreed-upon base machine setting (called BASE).
    2. When sending a new message the sender defines a new machine setting (called NEW).
    3. A textual form of NEW is enciphered using BASE producing NEW-prime.
    4. The message being sent is enciphered using NEW.
    5. NEW-prime is inserted at a predetermined position in the final ciphertext.
    6. The recipient extracts NEW-prime, uses BASE to get NEW, and sets up the machine with NEW to decipher the message.
  2. The key is placed in the ciphertext in-the-clear.
The method of encoding the message's setting with a base machine setting is not new -- this is how the Germans enciphered their Enigma message settings.  If this is what Byrne did then it's a bit too much for me at this stage.  Let's examine the second possibility that the settings are embedded in the ciphertext.

I assumed that part of the key would be the plaintext and cipher slide component alphabets.  To this end I wrote a script to determine whether any non-encrypted alphabets were embedded in Exhibit #4.  An alphabet could be inserted in one of the following two ways:
  1. An entire alphabet on N letters (e.g., N=26) is mixed and then inserted into the ciphertext stream.
  2. N-1 letters of an alphabet are mixed and inserted.  The Nth letter of the alphabet can be left off since it is implictly known when the other N-1 letters are extracted.
There was another complication to consider.  Suppose the sender wants to transmit two or more mixed alphabets.  He could send them consecutively, or send the first letters of all the alphabets first, followed by all the second letters, etc.

Here are some examples to clarify the point.  For the demonstration let's assume the sender wants to transmit three mixed alphabets (e.g., corresponding to the plaintext, ciphertext, and keying alphabets):


(a)   Sending all three alphabets sequentially, all 26 letters

(b) Sending all three alphabets sequentially, only 25 letters


(c) Sending all i-th letters together, i=1...26


The script has to handle all of these cases. I wrote a Perl script,, to do the dirty work.  You can download the script from here.

Conclusion: No alphabets were embedded in this fashion within Exhibit #4.

Update (9 March 2009): Comment from Jeffrey Hill

On 9 March 2009 I received an e-mail from Jeffrey Hill with the following comment:

In PR #4, as far as what Byrne has to say about Exhibit 4, i.e. "... it bears within itself full and complete instructions to an initiate for its decipherment", I am more inclined to believe that he is referring to the title of Exhibit 4, "A Glimpse of Chaos", which could be transformed in various ways to produce key alphabets.  Providing the key in this way would likely be a one-time, special event to tantalize any would-be solvers of Exhibit 4 rather than a standard procedure.  An Initiate would not only know the correct way to transform the Key Phrase, "A Glimpse of Chaos", into one or more keys, he would also have a Chaocipher Device on which to make the settings specified by the keys.  Byrne, therefore, did not risk anything by providing the Key Phrase.

Jeff's idea regarding the title of Exhibit #4 being the key phrase for generating the settings is perfectly logical.  With so much unknown about the cipher mechanism  there seems little we can do to capitalize on this hypothesis.  It will have to wait as a different post-solution project -- determining how Byrne communicated the key.

Copyright (c) 2009 Moshe Rubin

Return to the home page