Lesson 8: Introduction To Cryptarithms And Hill Cipher

                           BY LANAKI

                       February 22, 1996
                           Revision 0

                         COPYRIGHT 1996
                      ALL RIGHTS RESERVED

                           LECTURE 8



                          HILL CIPHER


In Lecture 8, we depart from the schedule for a real treat.
In the first part of this Lecture, we introduce Cryptarithms by
our guest lecturer LEDGE (Dr. Gerhard D. Linz).  LEDGE has
already produced one of our better references on beginning
cryptography [LEDG], and I appreciate his assistance in our
course.  The cryptarithms portion of this course will be
presented in three lectures and for the final book labelled
Lectures 20 - 23.

Following the Cryptarithms section we introduce the Hill

Our second guest lecturer is NORTH DECODER.  Dr. Jerry Metzger
and his team are presenting you with the Crypto Drop Box and
the ACA-L Listserver.  The Hill cipher has six GIF files
associated with it and can be found at the CDB.

Waiting in wings patiently for my resource materials is TATTERS
to present Cipher Exchange problems.


Here's the first of the Cryptarithm lectures.  It consists of a
general introduction to the genre including how to read the
problems. That's followed by an explanation of modulo
arithmetic. Then we look at how to identify the letters that
represent 0, 1 and 9, called digital characteristics. Then
there are two sections on making inferences, each demonstrating
a problem  solution. Finally, there's a section on extracting
square roots.

Next lecture LEDGE will give some aids for solving
multiplication problems and then go into base 11 and base 12
arithmetic.  Perhaps after that I can go to the more
complicated problems such as double key division.


DEFINITION: A cryptarithm is a mathematical problem, generally
in arithmetic, in which the numerical digits have been replaced
systematically by letters. The challenge of the problem is to
identify the digit for each letter and the key, if any.

    Rules: 1. Each digit is replaced by one and only one letter
              throughout the problem.
           2. All digits appear at least once in the problem.
           3. No letter represents more than one digit.
           4. The numerical base, if other than ten (decimal),
              is named.
           5. The highest order digit of a number cannot be

KEYS: A table consisting of each of the letters used in the
cryptarithm paired with its numerical equivalent constitutes
the key to the cryptarithm.  When the digits are arranged in
numerical order, either from smallest to largest or largest to
smallest or other logical order, the letter portion of the key
may spell out one or more words. The word or words are then
known as the keyword or keywords. Generally, the constructor of
the problem indicates the number of words or the fact that the
letters do not spell out words.

When the letter portion of the key consists of a word or
several words with no repeated letters (rule 3, above), the
digits are assigned in one of four ways:

       1. From 0 to 9 (0-9). Ex. L O G A R I T H M S
                                 0 1 2 3 4 5 6 7 8 9

       2. From 9 to 0 (9-0)      9 8 7 6 5 4 3 2 1 0

       3. From 1 to 0 (1-0)      1 2 3 4 5 6 7 8 9 0

       4. From 0 to 1 (0-1)      0 9 8 7 6 5 4 3 2 1

In the first and fourth case L represents 0; in the second it
represents 9; and in the third it represents 1, etc.  Higher
base arithmetic systems require additional digits according to
the size of the base. Undecimal is based on 11 digits rather
than 10. Generally the letter X or A is used to represent the
11th digit, or ten. Thus instead of a key for 0-9 we would have
a key for 0-X or 0-A.     Ex. B I G N U M E R A L S
                              0 1 2 3 4 5 6 7 8 9 X

Here the digit X (ten) will be replaced by S when it occurs.
In undecimal, 10 means eleven. If you do not understand the
concept of higher base arithmetic systems now, you will get an
extended treatment of this topic later in the course.

If no word is used, that fact will be stated as well as the
order in which letter equivalents are to be reported, e.g., No
word, (0-9), indicating that the letters for reporting purposes
are to be arranged starting with the letter representing 0,
followed by the letter for 1, then 2, etc., with the letter for
9 last. The letters will then appear in random order, generally
not alphabetical order.

ARITHMETIC: Knowledge of addition, subtraction, multiplication
and division of whole numbers in base 10 (decimal) system will
be assumed. Extraction of square and cube roots will be
explained later. While base 13 problems sometimes appear among
the numbered problems in the Cryptarithms section, they and
higher base problems are generally offered as specials.  More
esoteric operations, such as powers, magic squares, Pythagorean
equations, etc. are also offered as specials for those who like
extra challenges.

PROBLEM STATEMENT: In order to conserve space in the journal,
the problems in the Cryptarithms section are written
sequentially on one or more lines. I recommend rewriting the
problems in normal arithmetic format on every other line, so as
to have room for trial numbers. The process, without skipping
lines, will be illustrated with each of the normal type of
problems presented for solution.

The following sample problems to be rewritten are taken from
the September-October, 1993, issue of The Cryptogram:

C-1. Square root.  (Two words, 1-0) by EDNASANDE.
VO'TI'NG gives root VTO; - IN = NNTI; - NNNT = HONG; -UIGG =

         Rewritten:  {VO'TI'NG
                      NN TI
                         HO NG
                         NU FE

C-3. Division.  (Three words, 9-0) by LI'L GAMIN.

         Rewritten:  SHEEP/AUSSIE

C-6.  Subtractions.  (Two words, (0-9) by CAGEY KIWI.

         Rewritten:  LADIES     DAMES
                     -GENTS    -MALES
                     GNSDGS     NDGSS

Additions and equations (mixed additions and subtractions) are
rearranged the same way.

C-8. Multiplication.  (Three words, 0-9) by APEX DX.

         Rewritten:      OTTAWA

At this point you should understand the mechanics of the
presentation of the problems. You should also be ready to
construct cryptarithms of your own, although they may not be
suitable as yet for publication. To be suitable for
publication, the problem must conform to the rules listed on
page 1, and have a unique numerical solution. There must be one
and only one key that will solve the problem. If you have
understood the material thus far, you are ready to consider
ways of analyzing a problem to obtain the solution.

MODULO ARITHMETIC: Since we will be dealing with the ten
digits, 0 - 9, but sometimes adding or subtracting them to get
numbers that are either greater than 9 or less than 0 (in other
words negative numbers), we need a way of reducing those
results back to the digits mathematically. Modulo arithmetic is
that way. If you add 8 + 5, you get 13. If you want to talk
about only the units digit of the result, you could subtract 10
from the 13 and get that units digit, 3.  We say, then, that 13
= 3 (modulo 10).  The 10 comes from the fact that there are ten
digits in the decimal system.  When we learned addition, we
learned to carry the 10 to the next column on the left, thus
avoiding having to write a two digit number in a space where
there is room for only one:

             33 or 20 + 13 (8 + 5).

In subtraction, 5 - 8 = -3, but -3 is not in the range of the
positive digits. Here we could add 10 to -3: -3 + 10 = 7, or -3
= 7 (modulo 10). In a subtraction problem we get the 10 by
borrowing it from the next highest order digit in the
subtrahend: 25
          = 17 or 20 - 3 or 10 + (10 - 3)

The way we learned to subtract eliminates the negative numbers
by borrowing 10 from the 20 in 25. Modulo arithmetic is another
way of talking about the same process.

DIGITAL CHARACTERISTICS: Gaining an entry into a problem is
often expedited by being able to identify one or more of the
digits. Those most commonly identifiable with a little bit of
study of the problem are 0, 9, and 1.  Zero in particular has a
number of recognizable characteristics. Add zero to a number
and the sum is that number, i.e., A + 0 = A.  Similarly,
subtracting zero from a number yields that number, i.e., A -0 =
A.  Multiply a number by zero and you get zero. Subtract a
number from itself and you get zero, i.e., A - A = 0. Once
zero is identified, you will have the first or last letter of a
keyword, if any.

If 0 cannot be identified through any of the characteristics
enumerated above, it may yet be possible to discover the
candidates for it through a process of elimination.  Given a
number, we know that the highest order digit of that number
cannot be zero. So if we have a number, ABC, then A is not
zero.  Let's use that fact and any other inferences we can make
on the example multiplication problem, C-8, from page 3.


This problem has five different numbers with four different
beginning letters: O, H, I, and T. None of those can be zero.
The multiplier, ON, contains the digit N which, when
multiplying OTTAWA, produces a product not equal to zero.
Hence, N does not equal zero. When adding the two partial
products, E + I yields R not either E or I.  Hence neither E
nor I = zero. We have eliminated seven letters as candidates
for zero. So far, at least, L, W, or R could be zero. It will
take more detailed analysis to determine which one is actually

The number 9 has some interesting characteristics, one of which
mimics zero. When subtracting 9 from a number, you must borrow
from the next higher digit.  The difference between 9 and the
number is then one more than that number, i.e., 24 - 9 = 15
contains 4 -9 yielding 4 + 1 or 5.  The 2 in the original
number has been reduced by 1 because of the borrowing.

Let's look at another subtracting operation involving 9.: 247 -
         48 = 199 or 247
                   = 199

That example includes a digit that is subtracted from itself.

That operation normally would produce zero.  Here it produces 9
because of a borrowing necessitated by a previous subtraction,
namely 7 - 8. 4 - 4 becomes 3 -4 yielding 9 and reducing the 2
to 1. That sort of effect is not possible in the units place of
a number because there is no previous borrowing when dealing
with whole numbers. Thus, when given a problem that includes:


H could equal 0 or 9. More information is needed to resolve the
ambiguity. We have it here in the units place where E -E = J.
There is no ambiguity in that fact since there cannot have been
any previous borrowing.  So J = 0 and H = 9.

The number one can often be recognized as the highest order
digit of a number particularly when, in a subtraction problem,
it is not carried down to the answer line. Note that in the
previous example, A is the highest order of the subtrahend, the
number from which another number is to be subtracted.  It does
not appear in GHIJ, the difference between the two numbers.
Clearly, it must have disappeared in the process of borrowing.
D must be greater than B, thus B - D yields G, a number that is
greater than B and necessitating borrowing one from A, reducing
it to zero. Notice than when subtracting a larger digit from a
smaller one, the resulting difference is larger than the
subtrahend digit, e.g., 5 - 8 yields 7 or 15 - 8 = 7 > 5.  If
you now understand subtracting using modulo arithmetic, you
will recognize that 5 - 8 = -3 which = 7 (modulo 10).  In
modulo arithmetic we can add or subtract the base, here 10, as
many times as necessary to produce a number in the desired
range, here 0 to 9. (See page 3, "Modulo arithmetic," 1st

The number one can also be spotted in multiplication since one
times a number equals that number, i.e. A x 1 = A.  One times
one also yields one, making it one of three digits that when
squared or multiplied by itself yields a number whose unit
digit is the same as the number squared: 1 x 1 = 1, 5 x 5 = 25,
and 6 x 6 = 36. Once again, modulo arithmetic lets us know that
25 = 5  (modulo 10) and 36 = 6 (modulo 10).

MAKING INFERENCES: (Example 1). Once you have done what you can
to spot 0, 1 and 9, you will have to rely on your knowledge of
arithmetic to determine the possibilities of the other letters
and to make decisions about their values. To see how that
works, let's work on a simple problem, the division problem C-3
at the bottom of page 2. It's reproduced below:


Before reading on, see what you can do with this problem.
Remember, the key is three words, 9-0. When you are ready, read
on for the solution.

In the above problem, we are helped by being able to find all
three of the digits, 0, 1, and 9. In the first subtraction,
I - P = I. In the second subtraction, E - P = E. Both facts
make 0 = P. Note also that U x P = P and E x P = P, both
consistent with P = 0, but not sufficient to prove that P is
zero, since both of those equations, modulo 10, could be true
for P = 5,  e.g., 3 x 5 = 15 and 7 x 5 = 35, both ending in 5.
Next for the letter that represents one. U x SHEEP = SHEEP.
Hence, U must be 1. Note also in the second subtraction, U -P =
blank or zero. Since we know P to be zero, U must be 1.  These
chains of reasoning are typical in the solution of

Now let's find the letter for 9. In the first subtraction, note
that U - H = U. That could make H be zero or nine. In the
absence of other information, you could not be sure which of
those is true. Here you already know that zero is represented
by P. Thus, H = 9.

You now have a lot of useful information. Let's look at the
multiplications for more. U x SHEEP is 1 x SHEEP = SHEEP, not
much help there. E x SHEEP = SPIBHP. You can replace the
identified letters with their digital equivalents and get:
E x S9EE0 = S0IB90. E x 0 = 0, so far so good. E x E = 9
(modulo 10). What are the possible values of E. E could be 3,
as 3 x 3 = 9, or 7, since 7 x 7 = 49 or 9 (modulo 10).  Let's
try out each possibility. 3 x S9330 = ??7990 or ??IHHP, not
consistent with SPIBHP. So E is not 3. E must then be 7.  Let's
check that and see what else you can uncover. 7 x S9770 =
??8390 making I = 8 and B = 3. Now SPIBHP is S08390. 8 is
preceded by 0 so 7 x S must end in 4 since we are carrying a 6
from the multiplication of 7 x 9 and 6 + 4 = 0 (modulo 10).
Hence, S must be 2 as 7 x 2 = 14. SPIBHP becomes 208390. To
bring order out of all this in-formation, we need to
reconstruct as much of the key as we can.

         9 8 7 6 5 4 3 2 1 0
         H I E       B S U P

The missing letters are A, L, and M, all found in the second
subtraction. Entering what is known now makes that subtraction


Remember, you can check a subtraction by adding the subtracter
and the difference to get the subtrahend. Here, 0 + 7 = 7;
9 + 9 = 18, carrying 1 to the next addition; 1 + 3 + 1(carried)
= 5, so A = 5. Since L and M are both less than 8, representing
as they do the two remaining unidentified digits, 6 and 4.  L +
8 = M (modulo 10), or 6 + 8 = 14 or 4 (modulo 10). So L
= 6 and M = 4. The key becomes HIELAMBSUP.

You could also have worked with the first subtraction, as it
contains the letters M and A. Try that now using the partially
reconstructed key above. The results should be the same.

MAKING INFERENCES: (Example 2). The multiplication example, C-
8, given on page 3 presents somewhat more difficulties than the
previous one, as none of 0, 1, or 9 can be initially
identified.  There are enough other clues, however, to make the
solution come through a straightforward series of inferences.
Before reading on, see what you can recover from that problem
on your own.  When you are in a thoroughly stuck place, read on
for some help, or the complete solution.

Here is the problem:


It was determined that zero is represented by L, W, or R. On
page 3 the key is stated to be three words, 0-9.  First, notice
that N time OTTAWA results in a 7-digit number and that O time
OTTAWA results in a 6-digit number, the same length as OTTAWA.
Examine the second product carefully. O x OTTAWA = IIIEHE. The
highest order I (first digit of IIIEHE) results from the
product O x O. O cannot = 1 for 1 x OTTAWA = OTTAWA. O
cannot be as large as 4, for 4 x 4 = 16, which would add a
seventh digit to the product. So O = 2 or 3. 3 x 3 = 9, which
would make I at least 9. Looking at the problem again, the
first I is added to H giving T, a digit, but adding anything
other than zero to 9 produces a two digit number. So I
cannot be 9 and O cannot be 3. So O = 2.

With O = 2, I must be 4 or 5 since O x O is 4 or could be 5 if
a 1 is carried from the previous multiplication (2 x T).
So we have the following multiplication: 2 x 2TTAWA = 444EHE
or 555EHE. We can divide each of those products by the
multiplier, 2, getting respectively 222??? and 277???. The
first quotient gives 222??? to represent OTTAWA - not possible
(it would be OOO???). The second quotient is consistent in
making T = 7 and I = 5. OTTAWA becomes 277AWA. IIIEHE = 555EHE.

Now let's look at the first product, N x 277AWA = HNN7LIL.  The
product must be less than 10 x OTTAWA and that makes its first
digit less than O. There is only one such digit, so H = 1.  You
could now divide 1NN7LIL by various values of N to find a
quotient that begins 277. It's easier, however, to look at the
addition of the two partial products as they contain N's.


Since 1 + 5 = 7 (highest order pair), N + 5 must be >
10. That would allow a carried 1 to be added to 1 + 5.
N + 5 + 1(carried from the previous N + 5) = 2 (modulo 10).
That makes N = 6. Let's pause to construct a partial key using
the information so far identified.

         The key table becomes:

         0 1 2 3 4 5 6 7 8 9
           H O     I N T

It's also possible to rewrite the problem substituting digits
for the identified letters:


The sums produce the following modulo 10 equation: E + 7 = 5;
L + 1 = 6; E + 5 = R. The equations ignore possible carries of
1 which you may have to supply. Accepting that contingency, the
first equation produces 8 as the only possible value of E.  The
third equation then makes R = 3 since there is no carry
possible. The second equation makes 4 and 5 possible values of
L, but 4 is the only available digit. Of the three letters that
could be zero only W is left unidentified. Only 9 is left for
A.  As a check, 9 x 6 = 4 or L and 9 x 2 = 8 or E, checking
out. The key has become WHORLINTEA as the solution.

EXTRACTING SQUARE ROOTS: Not understanding the following
algebraic analysis of the process of extracting a square root
is no barrier to understanding how to follow the method.  It is
included here for those who are interested in understanding how
it is that the method works.

When squaring a number, one doubles the number of digits of the
original number. If you square 9, you get 81, 2 digits.
Squaring 3 you get 09. Square 35 and you get 1225, 4 digits.
Square 12 and you get 0144. When extracting the square root of
a number,  you take cognizance of this fact by making a mark
after every   two numbers beginning from the decimal point in
both directions.  So 45678.96 becomes 4'56'78.96' with the
initial 4 being understood as 04. As many pairs 00 can be added
after the last mark without changing the value of the number.

The first trial root is the largest number whose square is
equal to or less than the initial pair of numbers.  We'll call
that trial root x. (One could use the largest number whose
square is equal to or less than the initial two or more pairs
of numbers.  That makes no theoretical difference although in
practice that's more difficult.) The square of x is then
subtracted from the first pair of numbers. The next pair of
numbers is appended to the difference as in a long division

Now there is room for a 2-digit root whose first digit is x.
If we call its second digit y, the root becomes 10x+y.
Multiplying that number by itself produces 100x} + 20xy +y}.
That can be factored to produce 100x} + y(20x + y). As x} has
already been subtracted from the highest order two digit number
of the  original number it remains to subtract y(20x + y) from
the current remainder to make sure that y is not too large and
to determine a new remainder.

Now let's extract the square root of 45678. First mark after
every second number starting at the decimal point.
             {4'56'78  The first pair of numbers is 04. The
                       square root of 4 is 2, a number we'll
                       place above the 4. We'll then square 2
                       getting 4 and placing it under the 4 in
                       the number and subtracting. Since the
                       remainder is zero we'll merely pull down
                       the next pair, 56, and produce our trial
                       divisor.  The work looks like:

                56     The trial divisor is produced by
                       multiplying the root we have, 2, by 20
                       making 40. 40 divides into 56 one time
                       (trial y) which is added to 40 making
                       41. The trial y, 1, is placed over the
                       second digit of the new pair, 6. 41 is
                       multiplied by y (1) and subtracted from
                       56. Then 78 is pulled down at the end of
                       the difference. The work looks like:

          41    56
                15 78   Again the root, now 21 is multiplied by
                        20 giving 420. 1578 divided by 420
                        gives 3, our new y which is added to
                        420 giving 423. 3 x 423 or 1269 is
                        then subtracted from 1578 giving a
                        remaider of 309. The 3 is put above the
                        8 of 78 making the new root 213 with a
                        remainder. If it were desired to extend
                        the calculation to the right of the
                        decimal point, a pair of zeroes could
                        be appended to the remainder and the
                        process repeated with a decimal point
                        placed in the root after the 3. The
                        work without going past the decimal
                        point becomes:

          41    56
         423    15 78
                 3 09
                        You can check that by squaring 213 (213
                        x 213) and adding 309.  You should get
                        45,678.  Practice by taking the square
                        root of another 5 or 6-digit number and
                        checking your outcome.  Solve C-1 on
                        page 2 for homework.

If you want more practice work, find divisions, square roots,
and multiplication problems in the two current issues of The
Cryptogram. Do the subtraction problem, C-6 on page 3 if you
wish. Discuss problems you may have with your mentor.  If you
have suggestions, questions, or other reactions you wish to
share with me, my address is

         Dr. Gerhard D. Linz
         2649 Tanglewood Road
         Decatur, GA 30033-2729.

         My e-mail address is fs01gdl@panther.gsu.edu.

I hope your pleasure in solving Cryptarithms is enhanced by
this presentation. Next time I'll respond to any concerns you
have. I also plan to give you some more tools for
multiplication and introduce counting systems based on 11 and

January 2, 1996


Dr. Andree gives us some hints on squares and square roots.

S-1  Squares end only in 0, 1, 4, 5, 6, or 9.

S-2  If (...S)**2 ends in ...S, then S=0,1, 5 or 6.

S-3  If (...S)**2 ends in B n.e. S, then S= 2,3,4,7,8 or 9
                                         B= 1, 4, 6 or 9

S-4  If (..X)**2 ends in   0     1    4    5    6     9
     then (...X) ends in   0    1,9  2,8   5   4,6  3,7

S-5 If N contains k digits, then N**2 contains either 2k-1 or
    2k digits.


There are two basic ways to prevent the tell-tale behavior
of plaintext letters from showing through in ciphertext. One
method is to vary the ciphertext letter that replaces a given
plaintext letter.  That is the solution offered by the Vigenere
and other polyalphabetic systems.  A second technique is to
encipher the plaintext in chunks of several letters at a time.
The Playfair system provides a compact method for enciphering
digraphs, that is, pairs of letters.  While the Playfair does
disguise the behavior of individual letters, even better would
be a system that operated on letters in groups of three letter
(or four or five or ...). It seems that no convenient pencil-
and-paper method for handling such trigraphic (or quadgraphic
or ...) encipherment has been devised.

In 1929, Lester Hill [HIL1, HIL2] described an algebraic
procedure that allows encipherment of plaintext letters n at a
time (that is, in n-graphs), where n can be any positive
integer 1,2,3,....  Hill's Cipher could be carried out by hand
probably without too much hardship for groups of letters up to
five.  After that, it would become a challenge to keep the
computations accurate.  However, on a computer it would
be feasible to work with large groups of letters, and it seems
that plaintext enciphered in such a system using say 10-graphs
would be difficult to crack.

The first step in using Hill's system is to assign numerical
values to the 26 letters of the alphabet.  There is nothing
sacred about 26 in the system.  The ideas work just as well for
alphabets of any size. So it would be possible to add a few
punctuation marks to the usual alphabet to get say 29 symbols,
or to work entirely with data in binary form with an alphabet
of just two symbols.  Also the numerical equivalents of the
letters of the alphabet could be assigned in some arbitrary
way, which would probably add to the security of the system.
For these notes, the 26 letter alphabet will be used, and
letters will be given their standard numerical equivalents,
namely  a = 00, b = 01, ..., z = 26. The encipherment of
plaintext is most neatly described using  matrix
multiplication.  A matrix is a rectangular array of numbers
such as:

                  | 1 5 3 |
              M = | 0 2 1 |

That particular matrix has 2 rows and 3 columns.  More briefly,
it is a 2 x 3 matrix.  In certain cases, the product of two
matrices can be computed.  The rule for multiplication requires
that the number of columns in the lefthand factor match
the number of rows in the righthand factor.  For example, if

                  | 2 5 0 1 |
             N =  | 7 6 1 3 |
                  | 3 3 0 1 |

Then the product MN can be formed since M has three columns and
N has three rows. On the other hand, the product NM is not
defined.  For these two matrices the product is

     | 1 5 3 |    | 2 5 0 1 |      | 46 44 5 19 |
MN = | 0 2 1 | X  | 7 6 1 3 |  =   | 17 15 2  7 |
                  | 3 3 0 1 |

The upper lefthand entry in the product matrix is produced
by multiplying each number in the first row of M by the
corresponding number in the first column of N, and adding the
results:(1)(2)+(5)(7)+(3)(3)=46.  That explains why the number
of columns in M must match the number of rows in N.  The second
number in the first row of the product is produced in the same
way by multiplying the first row of M times the second column
of N: (1)(5)+(5)(6)+(3)(3)=44.  And so on, the third number in
the first row of the product is produced by multiplying the
first row of M by the third column of N, and finally, the
fourth number in the first row of the product comes from
multiplying the first row of M by the fourth column of N.  To
produce the second row of the product, the second row of M is
used in place of the first row of M in the preceding
computations.  So, for example,(0)(2)+(2)(7)+(3)(3)=17 gives
the first number in the second row of the product matrix. If M
had more rows, each would be used in turn in the same way to
produce one more row in the product matrix.

If you think about the multiplication process described above,
you will see that the result of multiplying an r x s matrix and
an s x t matrix will be an r x t matrix.

In the application of matrix multiplication to the Hill Cipher
system, all arithmetic will be carried out modulo 26. In other
words, any time a number appears which is 26 or larger, it is
divided by 26, and the number is replaced by the remainder of
the division.   In the example above, the computation of the
top left number in the product of M and N could be written as
(1)(2)+(5)(7)+(3)(3) = 2 +35 + 9 = 2 + 9 + 9 = 20 (mod 26). The
symbol (mod 26) is added here just to indicate there is
funny arithmetic being used, namely that arithmetic is being
done modulo 26. If the alphabet had 29 symbols instead of 26,
operations would be carried out modulo 29. Since all the
examples here will be done modulo 26, the indicator (mod 26)
will be omitted from now on.  So we will write the example
above as:

          | 1 5 3 |    | 2 5 0 1 |     | 20 18 5 19 |
     MN = | 0 2 1 | X  | 7 6 1 3 |  =  | 17 15 2  7 |
                       | 3 3 0 1 |

To encipher the plaintext message "send more money", first the
message is rewritten in groups of letters of the selected
length.  For this example, length three will be used, so the
message becomes "sen dmo rem one ykz", where two nulls have
been added to fill out the last group.  Next an enciphering
matrix, or key, is selected.  If letter groups of size n are
being used, an n x n enciphering matrix will be needed.
For this example, the 3 x 3 matrix

                      | 1 7 22 |
                  E = | 4 9  2 |
                      | 1 2  5 |

will be used.  Notice that the numbers in the matrix might as
well be selected between 0 and 25 since all arithmetic will be
done modulo 26 anyway.  To encipher the first three letter
group of plaintext, it is written as a 3 x 1 matrix, say P, the
letters are replaced by their numerical equivalents, and the
matrix product EP is computed.

The product is a 3 x 1 matrix, say C.  Its entries are
converted to letters,  and these give the ciphertext for the
first group.  Here are the details.

     | 1 7 22 |   | s |     | 1 7 22 |   |18 |  |20|  | U |
EP = | 4 9  2 | X | e |  =  | 4 9  2 | X | 4 |= | 4|= | E |
     | 1 2  5 |   | n |     | 1 2  5 |   |13 |  |13|  | N |

So the first three letters of ciphertext are UEN.  The second
trigraph is enciphered as

     | 1 7 22 |   | d |     | 1 7 22 |   | 3 |  | 5|  | F |
EP = | 4 9  2 | X | m |  =  | 4 9  2 | X |12 |= |18|= | S |
     | 1 2  5 |   | o |     | 1 2  5 |   |17 |  |19|  | T |

Continuing in this way, the ciphertext is found to be UEN FST
XYH LZI UCN, or, in traditional five letter groups, UENFS
TXYHL  ZIUCN.   Notice that in this example, repeated plaintext
letters are replaced by different ciphertext letters, and
repeated ciphertext letters represent different plaintext

Deciphering requires a second matrix that undoes the effects of
the enciphering matrix. For the enciphering matrix given above,
the deciphering matrix, or deciphering key, is

                 | 21 23 18 |
             D = |  6 23  6 |
                 |  9  7 15 |

and operating on the first ciphertext trigram UEN gives

    | U |     | 21 23 18 |   | 20 |   | 18 |   | s |
  D | E |   = |  6 23  6 | X |  4 | = |  4 | = | e |
    | N |     |  9  7 15 |   | 13 |   | 13 |   | n |

Operating on the remaining ciphertext trigram produces the rest
of the plaintext message.

The enciphering key matrix cannot be selected arbitrarily. For
example, the matrix

                   | 0 0 0 |
               Z = | 0 0 0 |
                   | 0 0 0 |

would convert every plaintext message into the ciphertext
AAAAAAAA.  To allow unique decipherment, an n x n enciphering
key matrix should convert different plaintext n-grams into
different ciphertext n-grams. An n x n matrix that behaves that
way is called nonsingular.

There are a number of more or less efficient tests for
nonsingularity.  Here is one test that involves the determinant
of an n x n matrix.  The determinant of a square matrix is a
number computed from the entries in the matrix.  The definition
builds up from small matrices to larger ones.  First the
determinant of any 1 x 1 matrix is defined to be the number
that is the entry in that matrix.  Thus det |7| = 7.  To
compute the determinant of a 2 x 2 matrix, step across the
entries in the first row of the matrix,  multiply each entry by
the determinant of the 1 x 1 matrix that appears when the row
and the column the entry appears in are eliminated from
the  matrix.  The numbers produced in this way are alternately
added and  subtracted to produce the determinant of the matrix.
Here's an example.

       | 4 3 |
   det | 8 2 | = (4) (det |2| ) -(3) ( det |8| ) =

                 4 x 2 - 3 x 8  = 8 - 24 = -16.

The determinant of a 3 x 3 matrix is produced in the same way:
step across the first row, multiply each entry by the
determinant of the 2 x 2 matrix that appears when the entry's
row and column are crossed out, and alternately add and
subtract the resulting numbers.  For the matrix of the earlier
example, the computations, carried out modulo 26 this time,
look like

    | 1 7 22 |           |9 2|           | 4 2 |
det | 4 9 2  | = 1 x det |2 5| - 7 x det | 1 5 |
    | 1 2 5  |

            | 4 9 |
 + 22 x det | 1 2 | =  1 x 41 - 7 x 18 + 22 x(-1) = 23

The computation of the determinant is extended to larger
square matrices in the same pattern.  More efficient ways to
compute determinants are discussed in textbooks on Linear

The importance of the determinant is that a matrix is
nonsingular (and so usable as an enciphering key matrix in
Hill's cipher) if and only if its determinant is relatively
prime to 26.  The matrix above has determinant 23 which is
relatively prime to 26, so it is a legal enciphering key.  More
generally, if the alphabet used for the plaintext is made up of
m symbols, then the usable enciphering matrices are those with
determinant relatively prime to m.  In the case of an alphabet
of 26 symbols, the determinant of a usable matrix must be odd
but not 13. Notice that if the size of the alphabet is
increased to 29 by adding a few punctuation symbols, many more
legal enciphering matrices will be available, both because
operations will now be carried out modulo 29, and also because
every number from 1 to 28 would be an acceptable value for the
determinant of an enciphering key matrix.

Once an enciphering key matrix has been selected, the companion
deciphering matrix needs to be computed.  There are some
reasonably efficient methods for finding the deciphering
matrix.  The method given here is easy to describe, but not
very efficient.  Check out a Linear Algebra text for better
methods to handle matrices larger than say 4 x 4.

The first step is the computation of the determinant of
the enciphering key E.  If det E = e, then a number d is needed
such that ed= 1 (mod 26).  For a relatively small modulus such
as 26, the d can be found by trial and error.  Simply compute e
times 1,3,5,7 ,9,11,15,17,19,21,23, and 25 until a product
equivalent to 1 modulo 26 appears.

For larger alphabets with say m letters, solving ed =1 (mod m)
can be carried out in a more sophisticated way using the
Euclidean Algorithm, for example.

Check a Number Theory text for details.  Set the number d aside
for a minute.

Second, each number in the enciphering key matrix is replaced
by the determinant of the matrix obtained when the element's
row and column are erased from the matrix.

Third, plus and minus signs are prefixed to each entry in the
new matrix in a checkerboard pattern starting with a plus sign
in the upper lefthand corner.

Next, the matrix is flipped over the diagonal from the upper
left corner to the lower right corner so that the first row be
comes the first column, the second rows becomes the second
column, and so on.

Finally, each entry in the matrix is multiplied by the d
computed in the first step.

The resulting matrix is D, the deciphering key matrix.

Here are the computations that produce the deciphering key D of
the example above.  The determinant of the enciphering key E
has already been computed: det E = 23. Since (17)(23) = 1 (mod
26), it follows that d = 17.  Next, the 1 in the upper left
handcorner of E is replaced by

    | 9 2 |
det | 2 5 | = (9)(5)-(2)(2) = 45 - 4 = 41 = 15 (mod 26).

where, in the last step, 41 has been reduced modulo 26.

The replacement for the 7 in the first row and second column is

    | 4 2 |
 det| 1 5 | = (4)(5)-(2)(1) = 18 (mod 26).

The replacement for the 9 in the second row and second column

    | 1 22 |
 det| 1  5 | = (1)(5) - (22)(1) = - 17 = 9 (mod 26).

When all nine entries in E have been replaced, the matrix looks

     | 15 18 25 |
     | 17  9 21 |
     | 24 18  7 |

Adding the plus and minus signs in a checkerboard pattern
produces and replacing negative numbers by equivalent positive
numbers modulo 26  gives

      |  15 -18  25 |      |  15   8  25 |
      | -17  9  -21 | =    |   9   9   5 |
      |  24 -18   7 |      |  24   8   7 |

Flipping over the diagonal gives

              | 15  9 24 |
              |  8  9  8 |
              | 25  5  7 |

Finally, multiplying every entry of the last matrix by the
d=17 computed earlier, and reducing the entries modulo 26, the
result is

     | (17)(15) (17)(9) (17)(24) |   | 21 23 18 |
D =  | (17)( 8) (17)(9) (17)( 8) | = |  6 23  6 |
     | (17)(25) (17)(5) (17)( 7) |   |  9  7 15 |

Arithmetic done with matrices has a lot in common with
arithmetic done with ordinary numbers. The n x n matrix whose
entries are all 0 except for 1's down the diagonal from the
upper left to the lower right is called the identity matrix.
It plays a role in matrix multiplication similar to the role 1
plays in multiplication of numbers.  That is, for any number m,
(1)(m) = m, while for any n x k matrix M, it is easily checked
that IM= M. Moreover, for each number r (provided r is not
equal to 0), it is possible to find a number s so that sr=1.
The number s is called the multiplicative inverse of r, and is
written as r^(-1) (that is, r to the -1 power).   Likewise, for
each n x n matrix M (provided it is nonsingular), there is an
n x n matrix N for which MN=I.   The matrix N is called
the inverse of M, and is written as M^(-1).

The Hill Cipher system can be expressed compactly using some
algebraic notation.  To encipher a plaintext n-gram using the
Hill Cipher, a nonsingular n x n matrix M is selected.
The n-gram is written as an n x 1 matrix P, and the ciphertext
is the n x 1 matrix C determined by the equation

                    C = MP.

The deciphering matrix is the inverse of M.  When the
ciphertext C is multiplied by M^(-1), the plaintext is

          M^(-1) C = M^(-1) MP = IP = P.

Hill suggested that a good choice for an enciphering key matrix
M is one that turns out to be its own inverse.  If M = M^(-1),
Mi s called an involuntary matrix. The advantage gained is that
it is not necessary to compute the deciphering key.  There are
a number of methods that will automatically produce involuntary
matrices, so the process of finding involuntary matrices does
not have to proceed by trial-and-error. In any case, almost all
papers written about the Hill Cipher system following Hill's
time down to the present day assume the key is involuntary.

It seems that Hill and a partner (Weisner) filed a patent
(Message Protector, patent number 1,854,947) for a mechanical
version of the Hill Cipher in 1929, which, according to Kahn
[KAHN], used an involuntary matrix enciphering key so that the
same machine could be used to both encipher and decipher.

The Message Protector patented by Weisner and Hill provides
a mechanical means of doing matrix multiplication. The device
illustrated in the patent application is more accurately
described as authentication indicator rather than a
cryptographic mechanism.  The principle of operation is very
simple. The active component consists of three gears on an axle
which are connected to three accumulator gears by chains.  The
three accumulator gears all have the same number of teeth (101
in the patent), and they can rotate independently.  The three
gears on the axle have 101, 202 and 303 teeth.  As the axle is
turned through a certain amount, the accumulator gears turn
one, two and three times as far respectively.   The teeth on
the accumulator gears are numbered from 0 to 100, and small
gear on the axle also has its teeth numbered from 0 to 100.

Now suppose the three accumulator gears start in position
0,0,0.  If the axle turned through an amount that rotates its
small gear through 43 teeth, then accumulator gear one will
read 43, accumulator two will show 86 and accumulator three
will show 28.  The last value occurs since the third
accumulator wheel will have made more than one revolution. If
the starting position of the accumulator wheels had been
11,91,4, then the axle rotation through 43  teeth would leave
the accumulators showing  53,76,32.  In essence, the
accumulators are modulo 101.

On the actual devise, there are six axles, and their gears can
be  moved to engage the accumulator drive chain one axle at a
time.  The placement of the gears on the axles vary from one
axle to the next. On the illustrated machine in the patent,
the sequence is:

axle 1: 101,202,303
axle 2: 202,303,101
axle 3: 303,101,202
axle 4: 101,303,202
axle 5: 202,101,303
axle 6: 303,202,101

Suppose the accumulators begin showing 0,0,0.  Keeping track
for now of only the total on the accumulator that connects to
first gear on each axle, here is what happens as the axles are
turned as follows:

axle 1: 23,
axle 2: 10,
axle 3: 88,
axle 4: 17,
axle 5: 41,   and
axle 6: 51.

Initially, all the axles are disengaged from the accumulator
drive chain.  (Keeping in mind the number of teeth on the first
gear on each axle.) axle 1 is engaged, turned 23, and the
accumulator shows 23. Axle 1 is disengaged, axle 2 is engaged,
turned 10, and the accumulator shows 43. Axle 2 is disengaged,
axle 3 is engaged, turned 88 , and the accumulator shows 4.
Axle 4 is disengaged, axle 4 is engaged, turned 17, and the
accumulator shows 21.  Axle 4 is disengaged, axle 5 is
engaged, turned 41, and the accumulator shows 18.  Axle 5 is
disengaged, axle 6 is engaged, turned 51, and the accumulator
shows 70.  The final total on the on that accumulator
represents the computation

(1)(23)+(2)(10)+(3)(88)+(1)(17)+(2)(41)+(3)(51) = 70 (mod 101).

Likewise the value on the accumulator connected to the second
gear on each axle shows the result of the operation

(2)(23)+(3)(10)+(1)(88)+(3)(17)+(1)(41)+(2)(51) = 2 (mod 101).

Matrix notation can be used to express to whole operation
compactly as

                          | 23 |
                          | 10 |
       | 1 2 3 1 2 3 |    | 88 |    | 59 |
       | 2 3 1 3 1 2 |  . | 17 |  = | 55 |
       | 3 1 2 2 3 1 |    | 41 |    | 54 |
                          | 51 |

where arithmetic has been carried out modulo 101.

To use the machine to authenticate a check for example, six
numbers, between 0 and 101, are selected from the check.
Perhaps the dollar amount of $1230.45 could be split up as 12
and 30 and the cents could be ignored. The check number of say
22131 might contribute three more numbers, 2, 21, and 31.
Finally, the date of the check, maybe January 25, 1996 might
contribute a sixth number, say 25.  Of course, people must
agree on how these numbers are selected.  The check writer runs
the six values through the Message Protector as described
above, and the resulting triple of values is stamped on the
check.  The bank, before cashing the check, operates on the
same six numbers with its Message Protector, and makes sure
that the numbers produced on the accumulators matches the ones
stamped on the check, thus being sure that none of the
important figures on the check have been changed.

Although the Message Protector is a clever engineering
construction, there are certainly many obvious mechanical
shortcomings as well as weaknesses in the cryptographic system
which probably explains why the machine never became popular.
In fact, it's not clear if any were actually constructed. It
would take a good salesman to get people to spend money on a
machine to multiple 3 x 6 and 6 x 1 matrices.  There did not
seem to be and reasonable way to change the gear sizes. If a
key matrix with entries besides 1, 2, and 3 were wanted, the
number of teeth on the gears would soon become so large that
the structure would have to be made pretty large, instead of
the shoebox size Weisner and Hill diagrammed.

Weisner and Hill also explain how the Message Protector could
be modified to act as a cryptographic devise.   First of all,
the numbers on the various gears would be replaced by letters,
and the number of teeth on the accumulator gears would be 26 so
that the arithmetic operations would be carried out modulo 26.
Next, the axles would now carry six gears each, with the number
of teeth on each gear being a multiple of 26. There would be
six accumulators, so that six plaintext are converted to six
ciphertext letters.  They say that the number of teeth on
the various gears "have to be selected according to certain
mathematical principles".    What they mean, of course, is the
6 x 6 matrix, each entry of which gives the multiple of 26 that
gives the number of teeth on the corresponding gear, has to be
non-singular modulo 26. It is suggested that the matrix may be,
but does not have to be, selected to be involuntary.

The gearing in the devise cannot be changed easily, and
certainly cannot be changed arbitrarily, so it seems the
gearing set was intended to be selected once and for all. Since
that pretty much makes the device cryptographically pointless,
the inventors proposed that a plaintext message first be
converted to a preliminary ciphertext according to so system
left unspecified, but they probably had something like a
Playfair in mind.  The resulting ciphertext is then passed
through the 6 x 6 Message Protector, to yield an intermediate
ciphertext which is then passed through a third and final
encipherment using another unspecified cipher system.  The
final ciphertext is transmitted, and the authorized recipient
reverses each of the three encipherments to recover the
original plaintext.  It's not very clear how much additional
security has been introduced passing the text through the
Message Protector.

Nearly all discussions of cryptanalysis of Hill enciphered
messages begin with the fairly generous assumptions that the
cryptanalyst knows that an involuntary key matrix of known size
has been used, and also knows the numerical values assigned to
the alphabet letters. The only unknown is the particular key
matrix used to encipher the message. For a key matrix of size
2 x 2, a brute force attack is feasible since there are only
736 2 x 2 involuntary matrices.   As the size of the key grows,
a brute force attack is no longer practical.   For larger key
sizes, no specific cryptanalytic approaches have been
published.  But, several authors given more or less detailed
descriptions of cryptanalysis, with examples for small key size
(2 x 2,  3 x 3) using the classic probable word or crib
technique.  That is, a piece of plaintext is assumed to appear
in the message, and it is tried in each possible position.
At each test location, a number of equations must be true if
the crib is to generate the ciphertext at that spot. It turns
out that even with a relatively modest crib (3 letters for a
2 x 2 key, and 4 for a 3 x 3 key), most positions can be
eliminated as impossible by applying a few principles of linear
algebra.  Each possible crib location will produce a candidate
matrix key.  A trial decipherment of the ciphertext is made.
If recognizable plaintext results, the cryptogram is broken. If
not, the crib is moved along to the next possible spot, and the
process is repeated.   For details on see on cryptanalysis of
the Hill Cipher, see [LEV1], [LEV2], [LEV3], [SINK], [MELL].

NORTH DECODER advises that the Hill cipher patent diagrams (GIF
format) scanned in reasonable well into the CDB.  If you would
like to look at them, the files they are at the CDB in


There is a freeware gif file viewer at the CDB in



FRE-2. K2. (105) Another species. {sauvage,fp=ST]   MELODE

P Q   N X B M H Q I   Q A B   C I Q   D K E X Q B Q    O Q

P' W M R R Q;  D K E X Q B Q   O Q U Q I Q E Q Q    M C

T E X R X B X D Q ,   X P    Q A B    K   P' W M R R Q   N Q

V C Q   N W K B   O Q   U M C B B X Q E Q   Q A B    K C

N W K B   A K C D K U Q.

Solution reads:  (PRIMITIVE) Le citoyen est une variete de
l'homme; vavariete degeneree ou primitive, il est a l'homme ce
que chat de gouttiere est au chat sauvage.

FRE-3. K2. (87) (jamais, A=b)  It's fun trying.    GUNG HO

D G    X   Z   Q N J D P    M C J P U P   L S U   E' Z D

Z D H U    Q J S E J S N P    U Q    E Z H Z D P    M J H -

K N D P:   G Z   K U D I Q S N U ,   G Z   H S P D L S U,

U Q   G U P   O Z H U P .    * R J I Q U I U G G U

Solution reads: (AMOUR) Il  y a trois choses que j'ai aime
toujours et jamais compris: La peinture, la musique, et les
dames.  Fontenelle.

FRE-4.  PAT from [GIVI] page 13.and ff.   (130)

Solve and recover key(s).






ITA-2.  K2.  (88) ( ne, han, con) Thirty days hath September.

I D S A I K   Q W    P L A I K   A L B S C M D S   P L A

K E D W Z S,   U W O U A L    S    R S I I S C M D S .   Q W

B S A I L I I L   P S   A ' S   O A L.   I O I I W    U Z W

K Z I D W    A S    V K A    I D S A U I O A L.

Solution reads: (CALANDRIO) Trenta di contra Novembre con
Aprile, giugno e Settembre. Di ventotto ce n'e uno.  Tutti gli
altri ne han trentuno.

ITA-3.  K2. (117) (sulla, f=I). La frode necessaria. MICROPOD

G Z Q K E   A F S Z L   T K F Q A   Q S F N F   Q K G K Q

T G G Z P   Z Q F R A   T J Z E F   N S Z M T   Z J S A S

Z R A P T   D A F F Q   K G K Z L   Z S S K E   O F J F Q

Q T J K R   A E Z F Q   Z S S Z H   F J S F M   T F G G K

E O F L F   J Q Z G A   J X T S Z  J D.

Solution reads: (PERFIDO) La sicieta puoesister esolo sulla
basediunacerta quantitadibugie esolo apatto che
nessunodicaesattamente quello che pensalinyutang.

SPA-1.                                    BARKER

Z K E P C   U K Y   T C Y D M S R    V C T P E R    A

Z P Z N D Z K   G C T Y R Z K   R   N T D G R   Y C   V K

K S T P Q D P E R   M K    T C Y G R Z Y P Q P M P E K E

E C M    K S C Z S K E R    G R T    C M    U R U C Z S R.

Partial solution: no key. TADI MAS RESULTO HERIDO Y

SPA-2. K2. (96) (deseo, f=R)  Musica.        D. STRASSE

T I Z    Q B J N A Z    K J K T F Z N    B P    L T B   B F

K N A G B N    A G K T F P J    G T P A O Z F    M B F

S J G H N B   R T B   T I   K T N Z G B I Q B

B P K J I Q Z I B J     M P B B J   N A Q G A O J   M B

M Z I Y Z N.


SPA-3.  (122) (-ulado, MZ=qk)  Flight?           LIFER

N S P Y K   I X P U A   K P Z D X   P S P E X   K R L K O

K A X T S   P Q K D X   R K R R S   S I N K Y   K R L A R

S D K T Q   L D L P X   K T A S Q   X S P X P   R S O S P

R X J K R   K T O A S   T S P Q X   L S D O A   X I S A E

C S D L R   S C P V D   L N L B A    X O C D K   R L.


POR-2. K2 (96) (tenta; gj=NQ) Machine Age?    YO TAMBIEN

E P E J T X D   U R T C   J Z X G C    V R J   D J

X I N R S O C   H C D   T C V R P U C D   V R J

Z J U D C T   J   H J D G X U M P C   H J   A X H X

O X T J T   V R J   A J U A C    M C B J S X.

*O.   *T R T M X I H   *Q X U J D

Solution reads: (VIDAREL)  Vivemos numa epoca que se orgulha
das maquinas que pensam e desconfia de todo homen que tenta
fazelo. H. Mumford Jones.

POR-3. K1. (nossos va-)  Letter to horseman?     ZYZZ

U C U C G    V C J F D    E F W E O   C B G C V    S I H C L

I T I W F    Y C V F U    H F W F T   L F R F B    C H W F C

E S H I L    F G I C D    E G T I J   H C V G R    P C V C J

F V D E F    W F H C V    L F V F H   J I S K I    X J I Z U

I G V T I    V V I V B    C D E F G   H I V V C    I F Y K F

R F T W F    V.

Partial Solution reads: (VAQUEIRO): Papai sabe que tu.


C-1   Give two solutions to:  (BE)**2 = ARE

C-2   Square root:  [OKLA] [OKLI]

            R, A, T, S
          |Q  UA  RT  ET
           T  UA
          -T  SI
               U  RT
              -A  UT
               E  AO  ET
              -E  ES  UB
                    R  AR

>From Sinkov [SINK] two Hill system problems:


Decipher the message:  YITJP  GWJOW  FAQTQ  XCSMA  ETSQU

Use the deciphering matrix   | 5  1 |
                             | 2  7 |


Decipher the message: MWALO  LIAIW  WTGBH  JNTAK  QZJKA  ADAWS

Use the deciphering matrix   | 2  23 |
                             | 21  7 |

REFERENCES / RESOURCES    [updated 22 February 1996]

[ACA]  ACA and You, "Handbook For Members of the American
       Cryptogram Association," ACA publications, 1995.

[ACA1] Anonymous, "The ACA and You - Handbook For Secure
       Communications", American Cryptogram Association,

[ACM]  Association For Computing Machinery, "Codes, Keys and
       Conflicts: Issues in U.S. Crypto Policy," Report of a
       Special Panel of ACM U. S. Public Policy Committee
       (USACM), June 1994.

[AFM]  AFM - 100-80, Traffic Analysis, Department of the Air
       Force, 1946.

[ALAN] Turing, Alan,  "The Enigma", by A. Hodges. Simon and
       Schuster, 1983.

[ALBA] Alberti, "Treatise De Cifris," Meister Papstlichen,
       Princeton University Press, Princeton, N.J., 1963.

[ALKA] al-Kadi, Ibrahim A., Origins of Cryptology: The Arab
       Contributions, Cryptologia, Vol XVI, No.  2, April 1992,
       pp 97-127.

[AND1] Andree, Josephine, "Chips from the Math Log," Mu Alpha
       Theta, 1966.

[AND2] Andree, Josephine, "More Chips from the Math Log," Mu
       Alpha Theta, 1970.

[AND3] Andree, Josephine, "Lines from the O.U. Mathematics
       Letter," Vols I,II,III, Mu Alpha Theta, 1971,1971,1971.

[AND4] Andree, Josephine and Richard V., "RAJA Books: a Puzzle
       Potpourri," RAJA, 1976.

[ANDR] Andrew, Christopher, 'Secret Service', Heinemann,
       London 1985.

[ANNA] Anonymous., "The History of the International Code.",
       Proceedings of the United States Naval Institute, 1934.

[AS]   Anonymous, Enigma and Other Machines, Air Scientific
       Institute Report, 1976.

[AUG1] D. A. August, "Cryptography and Exploitation of Chinese
       Manual Cryptosystems - Part I:The Encoding Problem",
       Cryptologia, Vol XIII, No. 4, October 1989.

[AUG2] D. A. August, "Cryptography and Exploitation of Chinese
       Manual Cryptosystems - Part II:The Encrypting Problem",
       Cryptologia, Vol XIV, No. 1, August 1990.

[BADE] Badeau, J. S. et. al.,  The Genius of Arab Civilization:
       Source of Renaissance.  Second Edition.  Cambridge: MIT
       Press. 1983.

[BAMF] Bamford, James, "The Puzzle Palace: A Report on
       America's Most Secret Agency," Boston, Houghton Mifflin,

[BARB] Barber, F. J. W., "Archaeological Decipherment: A
       Handbook," Princeton University Press, 1974.

[B201] Barker, Wayne G., "Cryptanalysis of The Simple
       Substitution Cipher with Word Divisions," Course #201,
       Aegean Park Press, Laguna Hills, CA. 1982.

[BALL] Ball, W. W. R., Mathematical Recreations and Essays,
       London, 1928.

[BAR1] Barker, Wayne G., "Course No 201, Cryptanalysis of The
       Simple Substitution Cipher with Word Divisions," Aegean
       Park Press, Laguna Hills, CA. 1975.

[BAR2] Barker, W., ed., History of Codes and Ciphers in the
       U.S.  During the Period between World Wars, Part II,
       1930 - 1939., Aegean Park Press, 1990.

[BAR3] Barker, Wayne G., "Cryptanalysis of the Hagelin
       Cryptograph, Aegean Park Press, 1977.

[BARK] Barker, Wayne G., "Cryptanalysis of The Simple
       Substitution Cipher with Word Divisions," Aegean Park
       Press, Laguna Hills, CA. 1973.

[BARR] Barron, John, '"KGB: The Secret Work Of Soviet Agents,"
       Bantom Books, New York, 1981.

[BAUD] Baudouin, Captain Roger, "Elements de Cryptographie,"
       Paris, 1939.

[BAZE] Bazeries, M. le Capitaine, " Cryptograph a 20 rondelles-
       alphabets,"  Compte rendu de la 20e session de l'
       Association Francaise pour l'Advancement des Scienses,
       Paris: Au secretariat de l' Association, 1892.

[BEES] Beesley, P., "Very Special Intelligence", Doubleday, New
       York, 1977.

[BLK]  Blackstock, Paul W.  and Frank L Schaf, Jr.,
       "Intelligence, Espionage, Counterespionage and Covert
       Operations,"  Gale Research Co., Detroit, MI., 1978.

[BLOC] Bloch, Gilbert and Ralph Erskine, "Exploit the Double
       Encipherment Flaw in Enigma", Cryptologia, vol 10, #3,
       July 1986, p134 ff.  (29)

[BLUE] Bearden, Bill, "The Bluejacket's Manual, 20th ed.,
       Annapolis: U.S. Naval Institute, 1978.

[BODY] Brown, Anthony - Cave, "Bodyguard of Lies", Harper and
       Row, New York, 1975.

[BOLI] Bolinger, D. and Sears, D., "Aspects of Language,"
       3rd ed., Harcourt Brace Jovanovich,Inc., New York,

[BOSW] Bosworth, Bruce, "Codes, Ciphers and Computers: An
       Introduction to Information Security," Hayden Books,
       Rochelle Park, NJ, 1990.

[BOWE] Bowers, William Maxwell, "The Bifid Cipher, Practical
       Cryptanalysis, II, ACA, 1960.

[BP82] Beker, H., and Piper, F., " Cipher Systems, The
       Protection of Communications", John Wiley and Sons,
       NY, 1982.

[BRAS] Brasspounder, "Language Data - German," MA89, THe
       Cryptogram, American Cryptogram Association, 1989.

[BROO] Brook, Maxey, "150 Puzzles in Cryptarithmetic,"
       Dover, 1963.

[BRIT] Anonymous, "British Army Manual of Cryptography",
       HMF, 1914.

[BROG] Broglie, Duc de, Le Secret du roi: Correspondance
       secrete de Louis XV avec ses agents diplomatiques
       1752-1774, 3rd ed.  Paris, Calmann Levy, 1879.

[BRYA] Bryan, William G., "Practical Cryptanalysis - Periodic
       Ciphers -Miscellaneous", Vol 5, American Cryptogram
       Association, 1967.

[BURL] Burling, R., "Man's Many Voices: Language in Its
       Cultural Context," Holt, Rinehart & Winston, New York,

[CAND] Candela, Rosario, "Isomorphism and its Application in
       Cryptanalytics, Cardanus Press, NYC 1946.

[CAR1] Carlisle, Sheila. Pattern Words: Three to Eight Letters
       in Length, Aegean Park Press, Laguna Hills, CA 92654,

[CAR2] Carlisle, Sheila. Pattern Words: Nine Letters in Length,
       Aegean Park Press, Laguna Hills, CA 92654, 1986.

[CASE] Casey, William, 'The Secret War Against Hitler',
       Simon & Schuster, London 1989.

[CAVE] Cave Brown, Anthony, 'Bodyguard of Lies', Harper &
       Row, New York 1975.

[CCF]  Foster, C. C., "Cryptanalysis for Microcomputers",
       Hayden Books, Rochelle Park, NJ, 1990.

[CHOI] Interview with Grand Master Sin Il Choi.,9th DAN, June
       25, 1995.

[CHOM] Chomsky, Norm, "Syntactic Structures," The Hague:
       Mouton, 1957.

[CHUN] Chungkuo Ti-erh Lishih Tangankuan, ed "K'ang-Jih
       chengmien chanch'ang," Chiangsu Kuchi Ch'upansheh,
       1987., pp993-1026.

[CI]   FM 34-60, Counterintelligence, Department of the Army,
       February 1990.

[COUR] Courville, Joseph B., "Manual For Cryptanalysis Of The
       Columnar Double Transposition Cipher, by Courville
       Assoc., South Gate, CA, 1986.

[CLAR] Clark, Ronald W., 'The Man who broke Purple',
       Weidenfeld and Nicolson, London 1977.

[COLF] Collins Gem Dictionary, "French," Collins Clear Type
       Press, 1979.

[COLG] Collins Gem Dictionary, "German," Collins Clear Type
       Press, 1984.

[COLI] Collins Gem Dictionary, "Italian," Collins Clear Type
       Press, 1954.

[COLL] Collins Gem Dictionary, "Latin," Collins Clear Type
       Press, 1980.

[COLP] Collins Gem Dictionary, "Portuguese," Collins Clear Type
       Press, 1981.

[COLR] Collins Gem Dictionary, "Russian," Collins Clear Type
       Press, 1958.

[COLS] Collins Gem Dictionary, "Spanish," Collins Clear Type
       Press, 1980.

[COPP] Coppersmith, Don.,"IBM Journal of Research and
       Development 38, 1994.

[COVT] Anonymous, "Covert Intelligence Techniques Of the Soviet
       Union, Aegean Park Press, Laguna Hills, Ca.  1980.

[CULL] Cullen, Charles G., "Matrices and Linear
       Transformations," 2nd Ed., Dover Advanced Mathematics
       Books, NY, 1972.

[DAGA] D'agapeyeff, Alexander, "Codes and Ciphers," Oxford
       University Press, London, 1974.

[DALT] Dalton, Leroy, "Topics for Math Clubs," National Council
       of Teachers and Mu Alpha Theta, 1973.

[DAN]  Daniel, Robert E., "Elementary Cryptanalysis:
       Cryptography For Fun," Cryptiquotes, Seattle, WA., 1979.

[DAVI] Da Vinci, "Solving Russian Cryptograms", The Cryptogram,
       September-October, Vol XLII, No 5. 1976.

[DEAC] Deacon, R., "The Chinese Secret Service," Taplinger, New
       York, 1974.

[DEAU] Bacon, Sir Francis, "De Augmentis Scientiarum," tr. by
       Gilbert Watts, (1640) or tr. by Ellis, Spedding, and
       Heath (1857,1870).

[DELA] Delastelle, F., Cryptographie nouvelle, Maire of Saint-
       Malo, P. Dubreuil, Paris, 1893.

[DENN] Denning, Dorothy E. R.," Cryptography and Data
       Security," Reading: Addison Wesley, 1983.

[DEVO] Devours, Cipher A. and Louis Kruh, Machine Cryptography
       and Modern Cryptanalysis, Artech, New York, 1985.

[DIFF] Diffie, Whitfield," The First Ten Years of Public Key
       Cryptography," Proceedings of the IEEE 76 (1988): 560-

[DIFE] Diffie, Whitfield and M.E. Hellman,"New Directions in
       Cryptography, IEEE Transactions on Information Theory
       IT-22, 1976.

[DOW]  Dow, Don. L., "Crypto-Mania, Version 3.0", Box 1111,
       Nashua, NH. 03061-1111, (603) 880-6472, Cost $15 for
       registered version and available as shareware under
       CRYPTM.zip on CIS or zipnet.

[EIIC] Ei'ichi Hirose, ",Finland ni okeru tsushin joho," in
       Showa gunji hiwa: Dodai kurabu koenshu, Vol 1,  Dodai
       kurabu koenshu henshu iinkai, ed., (Toyko: Dodai keizai
       konwakai, 1987), pp 59-60.

[ELCY] Gaines, Helen Fouche, Cryptanalysis, Dover, New York,

[ENIG] Tyner, Clarence E. Jr., and Randall K. Nichols,
       "ENIGMA95 - A Simulation of Enhanced Enigma Cipher
       Machine on A Standard Personal Computer," for
       publication, November, 1995.

[EPST] Epstein, Sam and Beryl, "The First Book of Codes and
       Ciphers," Ambassador Books, Toronto, Canada, 1956.

[EYRA] Eyraud, Charles, "Precis de Cryptographie Moderne'"
       Paris, 1953.

[FL]   Anonymous, The Friedman Legacy: A Tribute to William and
       Elizabeth Friedman, National Security Agency, Central
       Security Service, Center for Cryptological History,1995.

[FREB] Friedman, William F., "Cryptology," The Encyclopedia
       Britannica, all editions since 1929.  A classic article
       by the greatest cryptanalyst.

[FR1]  Friedman, William F. and Callimahos, Lambros D.,
       Military Cryptanalytics Part I - Volume 1, Aegean Park
       Press, Laguna Hills, CA, 1985.

[FR2]  Friedman, William F. and Callimahos, Lambros D.,
       Military Cryptanalytics Part I - Volume 2, Aegean Park
       Press, Laguna Hills, CA, 1985.

[FR3]  Friedman, William F. and Callimahos, Lambros D.,
       Military Cryptanalytics Part III, Aegean Park Press,
       Laguna Hills, CA, 1995.

[FR4]  Friedman, William F. and Callimahos, Lambros D.,
       Military Cryptanalytics Part IV,  Aegean Park Press,
       Laguna Hills, CA, 1995.

[FR5]  Friedman, William F. Military Cryptanalysis - Part I,
       Aegean Park Press, Laguna Hills, CA, 1980.

[FR6]  Friedman, William F. Military Cryptanalysis - Part II,
       Aegean Park Press, Laguna Hills, CA, 1980.

[FRE]  Friedman, William F. , "Elements of Cryptanalysis,"
       Aegean Park Press, Laguna Hills, CA, 1976.

[FREA] Friedman, William F. , "Advanced Military Cryptography,"
       Aegean Park Press, Laguna Hills, CA, 1976.

[FRAA] Friedman, William F. , "American Army Field Codes in The
       American Expeditionary Forces During the First World
       War, USA 1939.

[FRAB] Friedman, W. F., Field Codes used by the German Army
       During World War. 1919.

[FR22] Friedman, William F., The Index of Coincidence and Its
       Applications In Cryptography, Publication 22, The
       Riverbank Publications,  Aegean Park Press, Laguna
       Hills, CA, 1979.

[FROM] Fromkin, V and Rodman, R., "Introduction to Language,"
       4th ed.,Holt Reinhart & Winston, New York, 1988.

[FRS]  Friedman, William F. and Elizabeth S., "The
       Shakespearean Ciphers Examined,"  Cambridge University
       Press, London, 1957.

[FUMI] Fumio Nakamura, Rikugun ni okeru COMINT no hoga to
       hatten," The Journal of National Defense, 16-1 (June
       1988) pp85 - 87.

[GAR1] Gardner, Martin, "536 Puzzles and Curious Problems,"
       Scribners, 1967.

[GAR2] Gardner, Martin, "Mathematics, Magic, and Mystery ,"
       Dover, 1956.

[GAR3] Gardner, Martin, "New Mathematical Diversions from
       Scientific American," Simon and Schuster, 1966.

[GAR4] Gardner, Martin, "Sixth Book of Mathematical Games
       from Scientific American," Simon and Schuster, 1971.

[GARL] Garlinski, Jozef, 'The Swiss Corridor', Dent,
       London 1981.

[GAR1] Garlinski, Jozef, 'Hitler's Last Weapons',
       Methuen, London 1978.

[GERM] "German Dictionary," Hippocrene Books, Inc., New York,

[GIVI] Givierge, General Marcel, " Course In Cryptography,"
       Aegean Park Press, Laguna Hills, CA, 1978.  Also, M.
       Givierge, "Cours de Cryptographie," Berger-Levrault,
       Paris, 1925.

[GRA1] Grandpre: "Grandpre, A. de--Cryptologist. Part 1
       'Cryptographie Pratique - The Origin of the Grandpre',
       ISHCABIBEL, The Cryptogram, SO60, American Cryptogram
       Association, 1960.

[GRA2] Grandpre: "Grandpre Ciphers", ROGUE, The Cryptogram,
       SO63, American Cryptogram Association, 1963.

[GRA3] Grandpre: "Grandpre", Novice Notes, LEDGE, The
       Cryptogram, MJ75, American Cryptogram Association,1975

[GRAH] Graham, L. A., "Ingenious Mathematical Problems and
       Methods,"  Dover, 1959.

[GODD] Goddard, Eldridge and Thelma, "Cryptodyct," Marion,
       Iowa, 1976

[GORD] Gordon, Cyrus H., " Forgotten Scripts:  Their Ongoing
       Discovery and Decipherment,"  Basic Books, New York,

[HA]   Hahn, Karl, " Frequency of Letters", English Letter
       Usage Statistics using as a sample, "A Tale of Two
       Cities" by Charles Dickens, Usenet SCI.Crypt, 4 Aug

[HAWA] Hitchcock, H. R., "Hawaiian," Charles E. Tuttle, Co.,
       Toyko, 1968.

[HAWC] Hawcock, David and MacAllister, Patrick, "Puzzle Power!
       Multidimensional Codes, Illusions, Numbers, and
       Brainteasers," Little, Brown and Co., New York, 1994.

[HEMP] Hempfner, Philip and Tania, "Pattern Word List For
       Divided and Undivided Cryptograms," unpublished
       manuscript, 1984.

[HIDE] Hideo Kubota, " Zai-shi dai-go kokugun tokushu joho
       senshi."  unpublished manuscript, NIDS.

[HILL] Hill, Lester, S., "Cryptography in an Algebraic
       Alphabet", The American Mathematical Monthly, June-July

[HIL1] Hill, L. S. 1929. Cryptography in an Algebraic
       Alphabet.  American Mathematical Monthly. 36:306-312.

[HIL2] Hill, L. S.  1931.  Concerning the Linear
       Transformation Apparatus in Cryptography.  American
       Mathematical Monthly. 38:135-154.

[HINS] Hinsley, F. H.,  "History of British Intelligence in the
       Second World War", Cambridge University Press,
       Cambridge, 1979-1988.

[HIN2] Hinsley, F. H.  and Alan Strip in "Codebreakers -Story
       of Bletchley Park", Oxford University Press, 1994.

[HISA] Hisashi Takahashi, "Military Friction, Diplomatic
       Suasion in China, 1937 - 1938," The Journal of
       International Studies, Sophia Univ, Vol 19, July, 1987.

[HIS1] Barker, Wayne G., "History of Codes and Ciphers in the
       U.S. Prior to World War I," Aegean Park Press, Laguna
       Hills, CA, 1978.

[HITT] Hitt, Parker, Col. " Manual for the Solution of Military
       Ciphers,"  Aegean Park Press, Laguna Hills, CA, 1976.

[HODG] Hodges, Andrew, "Alan Turing: The Enigma," New York,
       Simon and Schuster, 1983.

[HOFF] Hoffman, Lance J., editor,  "Building In Big Brother:
       The Cryptographic Policy Debate," Springer-Verlag,
       N.Y.C., 1995. ( A useful and well balanced book of
       cryptographic resource materials. )

[HOF1] Hoffman, Lance. J., et. al.," Cryptography Policy,"
       Communications of the ACM 37, 1994, pp. 109-17.

[HOM1] Homophonic: A Multiple Substitution Number Cipher", S-
       TUCK, The Cryptogram, DJ45, American Cryptogram
       Association, 1945.

[HOM2] Homophonic: Bilinear Substitution Cipher, Straddling,"
       ISHCABIBEL, The Cryptogram, AS48, American Cryptogram
       Association, 1948.

[HOM3] Homophonic: Computer Column:"Homophonic Solving,"
       PHOENIX, The Cryptogram, MA84, American Cryptogram
       Association, 1984.

[HOM4] Homophonic: Hocheck Cipher,", SI SI, The Cryptogram,
       JA90, American Cryptogram Association, 1990.

[HOM5] Homophonic: "Homophonic Checkerboard," GEMINATOR, The
       Cryptogram, MA90, American Cryptogram Association, 1990.

[HOM6] Homophonic: "Homophonic Number Cipher," (Novice Notes)
       LEDGE, The Cryptogram, SO71, American Cryptogram
       Association, 1971.

[HUNG] Rip Van Winkel, "Hungarian," The Cryptogram, March -
       April,  American Cryptogram Association, 1956.

[IBM1] IBM Research Reports, Vol 7., No 4, IBM Research,
       Yorktown Heights, N.Y., 1971.

[INDE] PHOENIX, Index to the Cryptogram: 1932-1993, ACA, 1994.

[ITAL] Italian - English Dictionary, compiled by Vittore E.
       Bocchetta, Fawcett Premier, New York, 1965.

[JAPA] Martin, S.E., "Basic Japanese Coversation Dictionary,"
       Charles E. Tuttle Co., Toyko, 1981.

[JOHN] Johnson, Brian, 'The Secret War', Arrow Books,
       London 1979.

[KADI] al-Kadi, Ibrahim A., Cryptography and Data Security:
       Cryptographic Properties of Arabic, Proceedings of the
       Third Saudi Engineering Conference. Riyadh, Saudi
       Arabia: Nov 24-27, Vol 2:910-921., 1991.

[KAHN] Kahn, David, "The Codebreakers", Macmillian Publishing
       Co. , 1967.

[KAH1] Kahn, David, "Kahn On Codes - Secrets of the New
       Cryptology," MacMillan Co., New York, 1983.

[KAH2] Kahn, David, "An Enigma Chronology", Cryptologia Vol
       XVII,Number 3, July 1993.

[KAH3] Kahn, David, "Seizing The Enigma: The Race to Break the
       German U-Boat Codes 1939-1943 ", Houghton Mifflin, New
       York, 1991.

[KERC] Kerckhoffs, "la Cryptographie Militaire, " Journel des
       Sciences militaires, 9th series, IX, (January and
       February, 1883, Libraire Militaire de L. Baudoin &Co.,
       Paris.  English trans. by Warren T, McCready of the
       University of Toronto, 1964

[KOBL] Koblitz, Neal, " A Course in Number Theory and
       Cryptography, 2nd Ed, Springer-Verlag, New York, 1994.

[KONH] Konheim, Alan G., "Cryptography -A Primer" , John Wiley,
       1981, pp 212 ff.

[KORD] Kordemsky, B., "The Moscow Puzzles," Schribners, 1972.

[KOTT] Kottack, Phillip Conrad, "Anthropology: The Exploration
       Of Human Diversity," 6th ed., McGraw-Hill, Inc., New
       York, N.Y.  1994.

[KOZA] Kozaczuk, Dr. Wladyslaw,  "Enigma: How the German
       Machine Cipher was Broken and How it Was Read by the
       Allies in WWI", University Pub, 1984.

[KRAI] Kraitchek, "Mathematical Recreations," Norton, 1942, and
       Dover, 1963.

[KULL] Kullback, Solomon, Statistical Methods in Cryptanalysis,
       Aegean Park Press, Laguna Hills, Ca. 1976

[LAFF] Laffin, John, "Codes and Ciphers: Secret Writing Through
       The Ages," Abelard-Schuman, London, 1973.

[LAI]  Lai, Xuejia, "On the Design and Security of Block
       Ciphers," ETH Series in Information Processing 1, 1992.
       (Article defines the IDEA Cipher)

[LAIM] Lai, Xuejia, and James L. Massey, "A Proposal for a New
       Block Encryption Standard," Advances in Cryptology -
       Eurocrypt 90 Proceedings, 1992, pp. 55-70.

[LAKE] Lakoff, R., "Language and the Women's Place," Harper &
       Row, New York, 1975.

[LANG] Langie, Andre, "Cryptography," translated from French
       by J.C.H. Macbeth, Constable and Co., London, 1922.

[LATI] BRASSPOUNDER, "Latin Language Data, "The Cryptogram,"
       July-August 1993.

[LAUE] Lauer, Rudolph F.,  "Computer Simulation of Classical
       Substitution Cryptographic Systems" Aegean Park Press,
       1981, p72 ff.

[LEAU] Leaute, H., "Sur les Mecanismes Cryptographiques de M.
       de Viaris,"  Le Genie Civil, XIII, Sept 1, 1888.

[LEDG] LEDGE, "NOVICE NOTES," American Cryptogram Association,
       1994.  [ One of the best introductory texts on ciphers
       written by an expert in the field.  Not only well
       written, clear to understand but as authoritative as
       they come! ]

[LENS] Lenstra, A.K. et. al. "The Number Field Sieve,"
       Proceedings of the 22 ACM Symposium on the Theory of
       Computing," Baltimore, ACM Press, 1990, pp 564-72.

[LEN1] Lenstra, A.K. et. al. "The Factorization of the Ninth
       Fermat Number," Mathematics of Computation 61 1993,
       pp. 319-50.

[LEWI] Lewin, Ronald, 'Ultra goes to War', Hutchinson,
       London 1978.

[LEWY] Lewy, Guenter, "America In Vietnam", Oxford University
       Press, New York, 1978.

[LEVI] Levine, J.,  U.S. Cryptographic Patents 1861-1981,
       Cryptologia, Terre Haute, In 1983.

[LEV1] Levine, J.  1961.  Some Elementary Cryptanalysis
       of Algebraic Cryptography.  American Mathematical
       Monthly.  68:411-418

[LEV2] Levine, J.  1961.  Some Applications of High-
       Speed Computers to the Case n =2 of Algebraic
       Cryptography.  Mathematics of Computation.  15:254-260

[LEV3] Levine, J. 1963.  Analysis of the Case n =3 in Algebraic
       Cryptography With Involuntary Key Matrix With Known
       Alphabet.  Journal fuer die Reine und Angewante
       Mathematik.  213:1-30.

[LISI] Lisicki, Tadeusz, 'Dzialania Enigmy', Orzet Biaty,
       London July-August, 1975; 'Enigma i Lacida',
       Przeglad lacznosci, London 1974- 4; 'Pogromcy
       Enigmy we Francji', Orzet Biaty, London, Sept.

[LYNC] Lynch, Frederick D., "Pattern Word List, Vol 1.,"
       Aegean Park Press, Laguna Hills, CA, 1977.

[LYSI] Lysing, Henry, aka John Leonard Nanovic, "Secret
       Writing," David Kemp Co., NY 1936.

[MADA] Madachy, J. S., "Mathematics on Vacation," Scribners,

[MAGN] Magne, Emile, Le plaisant Abbe de Boisrobert, Paris,
       Mecure de France, 1909.

[MANS] Mansfield, Louis C. S., "The Solution of Codes and
       Ciphers", Alexander Maclehose & Co., London, 1936.

[MARO] Marotta, Michael, E.  "The Code Book - All About
       Unbreakable Codes and How To Use Them," Loompanics
       Unlimited, 1979.  [This is a terrible book.  Badly
       written, without proper authority, unprofessional, and
       prejudicial to boot.  And, it has one of the better
       illustrations of the Soviet one-time pad with example,
       with three errors in cipher text, that I have corrected
       for the author.]

[MARS] Marshall, Alan, "Intelligence and Espionage in the Reign
       of Charles II," 1660-1665, Cambridge University, New
       York, N.Y., 1994.

[MART] Martin, James,  "Security, Accuracy and Privacy in
       Computer Systems," Prentice Hall, Englewood Cliffs,
       N.J., 1973.

[MAVE] Mavenel, Denis L.,  Lettres, Instructions Diplomatiques
       et Papiers d' Etat du Cardinal Richelieu, Historie
       Politique, Paris 1853-1877 Collection.

[MAYA] Coe, M. D., "Breaking The Maya Code," Thames and Hudson,
       New York, 1992.

[MAZU] Mazur, Barry, "Questions On Decidability and
       Undecidability in Number Theory," Journal of Symbolic
       Logic, Volume 54, Number 9, June, 1994.

[MELL] Mellen G.  1981. Graphic Solution of a Linear
       Transformation Cipher. Cryptologia. 5:1-19.

[MEND] Mendelsohn, Capt. C. J.,  Studies in German Diplomatic
       Codes Employed During World War, GPO, 1937.

[MERK] Merkle, Ralph, "Secrecy, Authentication and Public Key
       Systems," Ann Arbor, UMI Research Press, 1982.

[MER1] Merkle, Ralph, "Secure Communications Over Insecure
       Channels," Communications of the ACM 21, 1978, pp. 294-

[MER2] Merkle, Ralph and Martin E. Hellman, "On the Security of
       Multiple Encryption ," Communications of the ACM 24,
       1981, pp. 465-67.

[MER3] Merkle, Ralph and Martin E. Hellman, "Hiding
       Information and Signatures in Trap Door Knapsacks,"
       IEEE Transactions on Information Theory 24, 1978, pp.

[MILL] Millikin, Donald, " Elementary Cryptography ", NYU
       Bookstore, NY, 1943.

[MM]   Meyer, C. H., and Matyas, S. M., " CRYPTOGRAPHY - A New
       Dimension in Computer Data Security, " Wiley
       Interscience, New York, 1982.

[MODE] Modelski, Tadeusz, 'The Polish Contribution to the
       Ultimate Allied Victory in the Second World War',
       Worthing (Sussex) 1986.

[MRAY] Mrayati, Mohammad, Yahya Meer Alam and Hassan al-
       Tayyan., Ilm at-Ta'miyah wa Istikhraj al-Mu,amma Ind
       al-Arab. Vol 1. Damascus: The Arab Academy of Damascus.,

[MYER] Myer, Albert, "Manual of Signals," Washington, D.C.,
       USGPO, 1879.

[NBS]  National Bureau of Standards, "Data Encryption
       Standard," FIPS PUB 46-1, 1987.

[NIBL] Niblack, A. P., "Proposed Day, Night and Fog Signals for
       the Navy with Brief Description of the Ardois Hight
       System," In Proceedings of the United States Naval
       Institute, Annapolis: U. S. Naval Institute, 1891.

[NIC1] Nichols, Randall K., "Xeno Data on 10 Different
       Languages," ACA-L, August 18, 1995.

[NIC2] Nichols, Randall K., "Chinese Cryptography Parts 1-3,"
       ACA-L, August 24, 1995.

[NIC3] Nichols, Randall K., "2erman Reduction Ciphers Parts
       1-4," ACA-L, September 15, 1995.

[NIC4] Nichols, Randall K., "Russian Cryptography Parts 1-3,"
       ACA-L, September 05, 1995.

[NIC5] Nichols, Randall K., "A Tribute to William F. Friedman",
       NCSA FORUM, August 20, 1995.

[NIC6] Nichols, Randall K., "Wallis and Rossignol,"  NCSA
       FORUM, September 25, 1995.

[NIC7] Nichols, Randall K., "Arabic Contributions to
       Cryptography,", in The Cryptogram, ND95, ACA, 1995.

[NIC8] Nichols, Randall K., "U.S. Coast Guard Shuts Down Morse
       Code System," The Cryptogram, SO95, ACA publications,

[NIC9] Nichols, Randall K., "PCP Cipher," NCSA FORUM, March 10,

[NICX] Nichols, R. K., Keynote Speech to A.C.A. Convention,
       "Breaking Ciphers in Other Languages.," New Orleans,
       La., 1993.

[NICK] Nickels, Hamilton, "Codemaster: Secrets of Making and
       Breaking Codes," Paladin Press, Boulder, CO., 1990.

[NORM] Norman, Bruce, 'Secret Warfare', David & Charles,
       Newton Abbot (Devon) 1973.

[NORW] Marm, Ingvald and Sommerfelt, Alf, "Norwegian," Teach
       Yourself Books, Hodder and Stoughton, London, 1967.

[NSA]  NSA's Friedman Legacy - A Tribute to William and
       Elizabeth Friedman, NSA Center for Cryptological
       History, 1992, pp 201 ff.

[OKLA] Andre, Josephine and Richard V. Andree, "Cryptarithms,"
       Unit One, Problem Solving and Logical Thinking,
       University of Oklahoma, Norman, Ok.  Copy No: 486, 1976.

[OKLI] Andre, Josephine and Richard V. Andree, " Instructors
       Manual For Cryptarithms," Unit One, Problem Solving and
       Logical Thinking, University of Oklahoma, Norman, Ok.
       Copy No: 486, 1976.

[OP20] "Course in Cryptanalysis," OP-20-G', Navy Department,
       Office of Chief of Naval Operations, Washington, 1941.

[PERR] Perrault, Charles, Tallement des Reaux, Les
       Historiettes, Bibliotheque del La Pleiade, Paris 1960,
       pp 256-258.

[PGP]  Garfinkel, Simson, "PGP: Pretty Good Privacy," O'reilly
       and Associates, Inc. Sebastopol, CA. 1995.

[PHIL] Phillips, H., "My Best Puzzles in Logic and Reasoning,"
       Dover, 1961.

[PIER] Pierce, Clayton C., "Cryptoprivacy", 325 Carol Drive,
       Ventura, Ca. 93003.

[POLY] Polya, G., "Mathematics and Plausible Reasoning,"
       Princeton Press, 1954.

[POL1] Polya, G., "How To Solve It.," Princeton Press, 1948.

[POPE] Pope, Maurice, "The Story of Decipherment: From Egyptian
       Hieroglyphic to Linear B., Thames and Hudson Ltd., 1975.

[PORT] Barker, Wayne G. "Cryptograms in Portuguese," Aegean
       Park Press, Laguna Hills, CA., 1986.

[POR1] Aliandro, Hygino, "The Portuguese-English Dictionary,"
       Pocket Books, New York, N.Y., 1960.

[RAJ1] "Pattern and Non Pattern Words of 2 to 6 Letters," G &
       C.  Merriam Co., Norman, OK. 1977.

[RAJ2] "Pattern and Non Pattern Words of 7 to 8 Letters," G &
       C.  Merriam Co., Norman, OK. 1980.

[RAJ3] "Pattern and Non Pattern Words of 9 to 10 Letters," G &
       C.  Merriam Co., Norman, OK. 1981.

[RAJ4] "Non Pattern Words of 3 to 14 Letters," RAJA Books,
       Norman, OK. 1982.

[RAJ5] "Pattern and Non Pattern Words of 10 Letters," G & C.
       Merriam Co., Norman, OK. 1982.

[REJE] Rejewski, Marian, "Mathematical Solution of the Enigma
       Cipher" published in vol 6, #1, Jan 1982 Cryptologia pp

[RHEE] Rhee, Man Young, "Cryptography and Secure Commun-
       ications,"  McGraw Hill Co, 1994

[RIVE] Rivest, Ron, "Ciphertext: The RSA Newsletter 1, 1993.

[RIV1] Rivest, Ron, Shamir, A and L. Adleman, "A Method for
       Obtaining Digital Signatures and Public Key
       Cryptosystems," Communications of the ACM 21, 1978.

[ROAC] Roach, T., "Hobbyist's Guide To COMINT Collection and
       Analysis," 1330 Copper Peak Lane, San Jose, Ca. 95120-
       4271, 1994.

[ROBO] NYPHO, The Cryptogram, Dec 1940, Feb, 1941.

[ROHE] Jurgen Roher's Comparative Analysis of Allied and Axis
       Radio-Intelligence in the Battle of the Atlantic,
       Proceedings of the 13th Military History Symposium, USAF
       Academy, 1988, pp 77-109.

[ROOM] Hyde, H. Montgomery, "Room 3603, The Story of British
       Intelligence Center in New York During World War II",
       New York, Farrar, Straus, 1963.

[ROSE] Budge, E. A. Wallis, "The Rosetta Stone," British Museum
       Press, London, 1927.

[RSA]  RSA Data Security, Inc., "Mailsafe: Public Key
       Encryption Software Users Manual, Version 5.0, Redwood
       City, CA, 1994

[RUNY] Runyan, T. J. and Jan M. Copes "To Die Gallently",
       Westview Press 1994, p85-86 ff.

[RYSK] Norbert Ryska and Siegfried Herda, "Kryptographische
       Verfahren in der Datenverarbeitung," Gesellschaft fur
       Informatik, Berlin, Springer-Verlag1980.

[SADL] Sadler, A. L., "The Code of the Samurai," Rutland and
       Tokyo: Charles E. Tuttle Co., 1969.

[SACC] Sacco, Generale Luigi, " Manuale di Crittografia",
       3rd ed., Rome, 1947.

[SANB] Sanbohonbu, ed., "Sanbohonbu kotokan shokuinhyo." NIDS

[SAPR] Sapir, E., "Conceptual Categories in Primitive
       Language," Science: 74: 578-584., 1931.

[SASS] Sassoons, George, "Radio Hackers Code Book", Duckworth,
       London, 1986.

[SCHN] Schneier, Bruce, "Applied Cryptography: Protocols,
       Algorithms, and Source Code C," John Wiley and Sons,

[SCH2] Schneier, Bruce, "Applied Cryptography: Protocols,
       Algorithms, and Source Code C," 2nd ed., John Wiley and
       Sons, 1995.

[SCHU] Schuh, fred, "Master Book of Mathematical Recreation,"
       Dover, 1968.

[SCHW] Schwab, Charles, "The Equalizer," Charles Schwab, San
       Francisco, 1994.

[SHAN] Shannon, C. E., "The Communication Theory of Secrecy
       Systems," Bell System Technical Journal, Vol 28 (October

[SHIN] Shinsaku Tamura, "Myohin kosaku," San'ei Shuppansha,
       Toyko, 1953.

[SIG1] "International Code Of Signals For Visual, Sound, and
       Radio Communications,"  Defense Mapping Agency,
       Hydrographic/Topographic Center, United States Ed.
       Revised 1981

[SIG2] "International Code Of Signals For Visual, Sound, and
       Radio Communications,"  U. S. Naval Oceanographic
       Office, United States Ed., Pub. 102,  1969.

[SIMM] Simmons, G. J., "How To Insure that Data Acquired to
       Verify Treaty Compliance are Trustworthy, " in
       "Authentication without secrecy: A secure communications
       problem uniquely solvable by asymmetric encryption
       techniques.", IEEE EASCON 79, Washington, 1979, pp. 661-

[SINK] Sinkov, Abraham, "Elementary Cryptanalysis", The
       Mathematical Association of America, NYU, 1966.

[SISI] Pierce, C.C., "Cryptoprivacy," Author/Publisher, Ventura
       Ca., 1995. (XOR Logic and SIGTOT teleprinters)

[SMIH] Smith, David E., "John Wallis as Cryptographer",
       Bulletin of American Mathematical Society, XXIV, 1917.

[SMIT] Smith, Laurence D., "Cryptography, the Science of Secret
       Writing," Dover, NY, 1943.

[SOLZ] Solzhenitsyn, Aleksandr I. , "The Gulag Archipelago I-
       III, " Harper and Row, New York, N.Y., 1975.

[SPAN] Barker, Wayne G. "Cryptograms in Spanish," Aegean Park
       Press, Laguna Hills, CA., 1986.

[STEV] Stevenson, William, 'A Man Called INTREPID',
       Macmillan, London 1976.

[STIN] Stinson, D. R., "Cryptography, Theory and Practice,"
       CRC Press, London, 1995.

[STIX] Stix, F., Zur Geschicte und Organisation  der Wiener
       Geheimen Ziffernkanzlei, Mitteilungen des
       Osterreichischen Instituts fir Geschichtsforschung,
       LI 1937.

[STUR] Sturtevant, E. H. and Bechtel, G., "A Hittite
       Chrestomathy," Linguistic Society of American and
       University of Pennsylvania, Philadelphia, 1935.

[SUVO] Suvorov, Viktor "Inside Soviet Military Intelligence,"
       Berkley Press, New York, 1985.

[TERR] Terrett, D., "The Signal Corps: The Emergency (to
       December 1941); G. R. Thompson, et. al, The Test(
       December 1941 -  July 1943); D. Harris and G. Thompson,
       The Outcome;(Mid 1943 to 1945), Department of the Army,
       Office of the Chief of Military History, USGPO,
       Washington,1956 -1966.

[THEO] Theodore White and Annalee Jacoby, "Thunder Out Of
       China," William Sloane Assoc., New York, 1946.

[THOM] Thompson, Ken, "Reflections on Trusting Trust,"
       Communications of the ACM 27, 1984.

[TILD] Glover, D. Beaird, Secret Ciphers of The 1876
       Presidential Election, Aegean Park Press, Laguna Hills,
       Ca. 1991.

[TM32] TM 32-250, Fundamentals of Traffic Analysis (Radio
       Telegraph) Department of the Army, 1948.

[TRAD] U. S. Army Military History Institute, "Traditions of
       The Signal Corps., Washington, D.C., USGPO, 1959.

[TRAI] Lange, Andre and Soudart, E. A., "Treatise On
       Cryptography," Aegean Park Press, Laguna Hills, Ca.

[TRIB] Anonymous, New York Tribune, Extra No. 44, "The Cipher
       Dispatches, New York, 1879.

[TRIT] Trithemius:Paul Chacornac, "Grandeur et Adversite de
       Jean Tritheme ,Paris: Editions Traditionelles, 1963.

[TUCK] Harris, Frances A., "Solving Simple Substitution
       Ciphers," ACA, 1959.

[TUKK] Tuckerman, B.,  "A Study of The Vigenere-Vernam Single
       and Multiple Loop Enciphering Systems," IBM Report
       RC2879, Thomas J. Watson Research Center, Yorktown
       Heights, N.Y.  1970.

[TUCM] Tuckerman, B., "A Study of The Vigenere-Vernam Single
       and Multiple Loop Enciphering Systems," IBM Report
       RC2879, Thomas J. Watson Research Center, Yorktown
       Heights, N.Y.  1970.

[USAA] U. S. Army, Office of Chief Signal Officer,
       "Instructions for Using the Cipher Device Type M-94,
       February, 1922," USGPO, Washington, 1922.

[VAIL] Vaille, Euggene, Le Cabinet Noir, Paris Presses
       Universitaires de Frances, 1950.

[VALE] Valerio, "De La Cryptographie," Journal des Scienses
       militares, 9th series, Dec 1892 - May 1895, Paris.

[VERN] Vernam, A. S.,  "Cipher Printing Telegraph Systems For
       Secret Wire and Radio Telegraphic Communications," J.
       of the IEEE, Vol 45, 109-115 (1926).

[VIAR] de Viaris in Genie Civil: "Cryptographie", Publications
       du Journal Le Genie Civil, 1888.

[VIA1] de Viaris, "L'art de chiffre et dechiffre les depeches
       secretes,"  Gauthier-Villars, Paris, 1893.

[VOGE] Vogel, Donald S., "Inside a KGB Cipher," Cryptologia,
       Vol XIV, Number 1, January 1990.

[WALL] Wallis, John, "A Collection of Letters and other Papers
       in Cipher" , Oxford University, Bodleian Library, 1653.

[WAL1] Wallace, Robert W. Pattern Words: Ten Letters and Eleven
       Letters in Length, Aegean Park Press, Laguna Hills, CA
       92654, 1993.

[WAL2] Wallace, Robert W. Pattern Words: Twelve Letters and
       Greater in Length, Aegean Park Press, Laguna Hills, CA
       92654, 1993.

[WATS] Watson, R. W. Seton-, ed, "The Abbot Trithemius," in
       Tudor Studies, Longmans and Green, London, 1924.

[WEBE] Weber, Ralph Edward, "United States Diplomatic Codes and
       Ciphers, 1175-1938, Chicago, Precedent Publishing, 1979.

[WEL]  Welsh, Dominic, "Codes and Cryptography," Oxford Science
       Publications, New York, 1993.

[WELC] Welchman, Gordon, 'The Hut Six Story', McGraw-Hill,
       New York 1982.

[WHOR] Whorf, B. L., "A Linguistic Consideration of Thinking In
       Primitive Communities,"  In Language, Thought, and
       Reality: Selected Writings of Benjamin Lee Whorf, ed. J.
       B.  Carroll, Cambridge, MA: MIT Press, pp. 65-86., 1956.

[WINK] Winkle, Rip Van, "Hungarian: The Cryptogram,", March -
       April 1956.

[WINT] Winterbotham, F.W., 'The Ultra Secret', Weidenfeld
       and Nicolson, London 1974.

[WOLE] Wolfe, Ramond W., "Secret Writing," McGraw Hill Books,
       NY, 1970.

[WOLF] Wolfe, Jack M., " A First Course in Cryptanalysis,"
       Brooklin College Press, NY, 1943.

[WRIX] Wrixon, Fred B. "Codes, Ciphers and Secret Languages,"
       Crown Publishers, New York, 1990.

[XEN1] PHOENIX, "Xenocrypt Handbook," American Cryptogram
       Association, 1 Pidgeon Dr., Wilbraham, MA., 01095-2603,
       for publication March, 1996.

[YARD] Yardley, Herbert, O., "The American Black Chamber,"
       Bobbs-Merrill, NY, 1931.

[YAR1] Yardley, H. O., "The Chinese Black Chamber," Houghton
       Mifflin, Boston, 1983.

[YOKO] Yukio Yokoyama, "Tokushu joho kaisoka," unpublished
       handwritten manuscript.

[YOUS] Youshkevitch, A. P., Geschichte der Mathematik im
       Mittelatter, Liepzig, Germany: Teubner, 1964.

[YUKI] Yukio Nishihara, "Kantogan tai-So Sakusenshi," Vol 17.,
       unpublished manuscript, National Institute for Defense
       Studies Military Archives, Tokyo.,(hereafter NIDS

[ZIM]  Zim, Herbert S., "Codes and Secret Writing." William
       Morrow Co., New York, 1948.

[ZEND] Callimahos, L. D.,  Traffic Analysis and the Zendian
       Problem, Agean Park Press, 1984.  (also available
       through NSA Center for Cryptologic History)

Back to index