Since there doesn’t seem be a French-English translation of Auguste Kerckhoff’si seminal article on military cryptography on any of the major search engines, what follows is an admittedly crude effort in this direction :
From La cryptographie militaire, Journal des sciences militaires, vol. IX, January 1883 :ii
I. Cryptography in the military :
A. Historical Concepts :
Cryptography, or the Art of Numbers, is a science as old as the world itself ; confounded in its origin with military telegraphy, it was cultivated, by the most noble of antiquity, by the Chinese, the Persians, the Carthagenians ; it was taught in the tactical schools in Greece, and held in high esteem by the most illustrious Roman generals.
Since the modest Lacedaemonian scytalesiii and the tricks invented or relayed by Aeneas Tacticus,iv until the famous barrel of Kessler,v men of war have devised procedures for transmitting secret orders over great distances, or for putting their instructions outside the purview of investigations and enemy surprises.
We have little more than incomplete fragments extant of the cryptographic procedures properly implemented by the ancients ; and outside of Aeneas’ Commentaries, we don’t encounter the subject matter in question, save isolated passages in Polybius,vi Plutarch,vii Cassius Dio,viii Suétone,ix Aulu-Gelle,x Isidore,xi and Julius Africanus.xii
Throughout the Middle Ages, cryptography was little cultivated by the monks and Kabbalists, and again, only where it served a practical and known objective, did the inventors themselves seek to obscure the meanings of their transmitted communications, thus devising methods of correspondence more or less indecipherable ; for in those times of enshadowed ignorance, it was entirely dangerous to correspond in a mysterious or indecipherable language, just as it was to write in plaintext the most compromising secrets.
Even in the 17th century, the simple act of making correspondence in a secret script was considered to be an aggravating circumstance by the English tribunals ; and in the famous trial of the Earl of Sommerset, for the crime of poisoning, the Chancellor Bacon made a grave charge against the accused noble, as to his habitual practise of writing to his friends in code.
It was in such a manner that our fathers practised stenography, artificium sine secreti latentis suspicione scribendi, more than “cryptography,” in the sense that we attach to this word today. We can read in the oeuvre of the Jesuit Schottxiii and in an old treatise on cryptography by the Duke of Brunswick, the thousand devices they successfully invented. It wasn’t until the Rennaisance that cryptography became a veritable art, ars occulte scribendi, as we speak of now, and which acquired a certain importance in the correspondences of princes and their ambassadors, and in the relations of major lords and their loyalists.
We have seen, by the letters addressed to the Landgravexiv of Hesse, published a few years ago by Rommal, that Henry IV liked to use a code for his intimate communication.
We know equally that Henry IV also intercepted several encoded letters addressed to members of the Spanish Government League, and charged the mathematician Viète with finding the key. It succeeded, and the king, for nearly two years, monitored the intrigues of his enemies.
Under Richelieu, the art of decoding the secret writings was raised nearly to the height of a state sciencexv ; in the words of Brigadier Beausobre,xvi the minister of foreign affairs even had an academy where she was taught.xvii Sustained by the largesses of the government, encouraged by the absence of political probity that characterised the successive reigns, the art of decoding continued, up until the July Revolution, and it was cultivated with equal success by court spies and the men of the Cabinet Noir.xviii
I have thus far yet to find clear evidence of the use of cryptographic correspondence in the army in the 16th century, but we know positively that, in the 18th century, orders were only transmitted by commanding generals to the front lines or into enemy territory once encoded.
In the accounts of the wars of the First Empire, there was often mention of cryptographic communications ; the generals had two keys for corresponding, one for between themselves and one for use with the general staff : the major code and the minor or ordinary code. The Baron Fain, the secretary of Napoleon I, reports that during the Russian War the Emperor undertook encoded correspondences.xix We know equally that, during the Spanish War, a Spaniard found a method of cracking Suchet’s code, and used it to help his compatriots to recover Mequinenza and Lerida.xx
Today, encoded correspondence has been adopted by all the armies of Europe, but it has yet to be applied in a systematic way except in the offices of the chancelleries.
B. State of Affairs :
The Germans posit that cryptographic correspondence should be employed in the broadest manner ; the programs in their military schools prescribe not only not only exercising the officers in the composition and the reading of secret dispatches, but also in introducing them to the knowledge of the theorectical principles of the art of deciphering.
Article 32 of the Regulation of January 19, 1874 carries equally that military dispatches must, whenever possible, be encoded.
We should therefore be at first glance surprised that, with rare exception, the use of encoded correspondence is still limited today, in the French army, to commanders in chief. But a system of cryptography “of an easy and secure usage is a gap” said General Lewal, “that has always existed in our army.”xxi The former commander of the War College added, it’s true, that there exist procedures to this effect, and it’d suffice to adopt one “that must be at once portable and of a usage accessible to all ;” but certain frustrations, experienced by the staff in our recent campaign in Tunisia, as good as the assigned methods and planning in our upper military schools were, had themselves not supposed that there exists a singular analogy between this easy and secure system and the philosopher’s stone of the ancient chemists.xxii
Our best generals are well of the opinion, today, that it’s indispensable that the different commanders of an army have at their disposition a system of secret communication for freely corresponding, not just between each other and with their commanders-in-chief, but also with their lieutenants ; therefore, the tactician that I just cited thinks that one must make use of a code in times of peace as in times of war, the generals, the chiefs of the regiment or of the service, and all of the post and column commanders. He even adds, and with reason, that one must, during peacetime, exercise our officers in the use of this correspondence.
“This is a matter to anticipate and resolve before the war,” says he ; “once operations commence, it’s too late to think about it. Moreover, even in peace, we have a need, at every instance, to correspond in secret.”
We read in the “Historical research on the art of military” of General Bardinxxiii that the use of codes had died in the middle of the conflagration of 1814, and that, when Napoleon wanted to reunite to the core of the army all the garrisons abroad and several major French garrisons, it was out in the open that Feltre and Berthier dispatched his orders ; and, few of the dispatches made it to their destination, the enemy intercepted the majority of them. “Maybe,” said Bardin, “the fate of France and the appearance of Europe depended on the nonuse of cryptography!”
But it wasn’t sufficient to have a code for secret correspondence, one also had to present serious guarantees of indecipherability ; or, it’s the fallible aspect of the majority of the systems devised to date, and where this capital defect was removed, we find in its place equally serious practical inconveniences. Even at the War Ministry we haven’t been very happy with the choice or the combination of codes. It’s not a secret to anyone that during the Turko-Russian War we received, one Sunday, from one of the military attachés that was following the operations of the armies, an encoded dispatch that, on account of the absence of the Bureau Chief in charge of cryptographic correspondence, was indecipherable. The Minister, who ignored the key of the message, without faith to provide more than a prayer took one of the state-major officer to have him try to decode it without a key: after a few hours the crytogram was translated! Fortunately for the confidentiality of the correspondence, the able decoder was the son of the Minister himself.
We can see from the obituaries published in 1879 in the German newspapers, on the occasion of the death of Captain Max Hering, the chief of the telegraph service, who discovered in 1870 the Seine cable, which services rendered to the besiegers the lack of a safe system of secret correspondence between the Parisian army and the provincial generals.
I do not know what one must think of the statements of journalists on the other side of the Rhine ; but when I see the authorised judges declare that cryptography is a “powerful aid of military tactics,” and that I consider the destiny of a country, the fate of a city or an army, could on occasion depend on the greater or lesser indecipherability of a crytogram, I’m stunned to see our scholars and our professors teaching and recommending the use in war of systems that a decoder could, with little experimentation, certainly find the key in less than an hour.xxiv
We can hardly explain this overconfidence in certain codes than by resigning ourselves to suppression by the Cabinets Noirs and the postal security services to bring down cryptographic studies ; it is equally reasonable to believe that the poorly measured statements of certain authors, to say nothing of the complete absence of serious work on the art of decoding and of deciphering secret writings, we greatly contribute to the most erroneous misconceptions of the value of our cryptographic systems.
It’s thus that General Lewal categorically affirms in his “Studies of War”xxv that codes of various lengths are illegible, or at least we can’t arrive at their decryption without annoying difficulty ! And Voltaire himself, didn’t he say in an article devoted to encoded writings, and this at a time when the art of decoding was in full bloom, that “those who endeavour to decode a letter without being instructed in the affairs of which we treat, and without having preliminary help, are bigger charlatans than those who brag about understanding languages they haven’t learned.”xxvi
In the preface of “Counterespionage”xxvii where “The Citizen” Dlandol made known, in 1793, the keys to certain codes that served the royalists in their correspondences with the emigres, it is said that “it was no small services to render to the country, in these circumstances, the annihilation by the weapon of publicity the most dangerous of the secret enemies of the Republic.” I believe, for myself, it’s not an act of poor citizenship to bring to light a situation which, to raise a different line of thought, is nonetheless identical in substance, which our enemies abroad could one day too well and too easily take advantage of.
In the following pages, I will herein examine the principles of all systems of military cryptography ; then I’ll say a few words on the different codes ; then I will indicate a new decryption method applicable to the most widely used cyrptographic systems with variable lengths ; I will finish with some considerations of dictionary-based codes and cryptographers.
II. Principles of Military Cryptography.
One must clearly distinguish between a system of encoded writing, designed for a momentary conversation of letters between isolated persons, and a method of cryptography intended to satisfy for an unlimited time the correspondence of different military leaders between one another. This latter group, in effect, may, at their discretion and at any moment, change their policies ; what’s more, they should never keep any writings or other things on their person that might make clear to the enemy the meaning of the secret dispatches that might fall into their hands.xxviii
A great number of ingenious combinations can meet the goals that we want to achieve in the first case ; in the second, we must have a system satisfying certain exceptional conditions, conditions that I will summarise in the following six key points:
1st : The system must be materially, if not mathematically, indecipherable ;
2nd : The system must not require secrecy and must not cause inconvenience should it fall into the hands of the enemy ;
3rd : The key must be able to be used in communiques and retained without the help of written notes, and be changed or modified at the discretion of the correspondents ;
4th : The system must be compatible with telegraphic communication ;xxix
5th : The system must be portable, and remain functional without the help of multiple people ;
6th : Finally, it’s necessary, given the circumstances in which the system will be applied, that it’s easy to use, is undemanding, not overly stressful, and doesn’t require the knowledge and observation of a long series of rules.
Everyone agrees to admit the raison d’être for the last three principles ; without them, we’d have no way of dealing with the first three.
It’s thus that authoritative persons argue that the absolute indecipherability of code can’t be considered as a sine qua non condition of the codes’ admission into the military service : that the encoded instructions transmitted in times of war are only of a momentary importance, and the requirement of war for the secret beyond the three or four hours following the moment where they were given ; so it matters little that the meaning of a secret telegram is known to the enemy within a few hours of interception ; it’s sufficient, in a word, that the system is formulated in such a fashion that the translation of a cryptogram takes at least three to four hours of work. We add the possibility of changing the key to voluntarily remove the default of non-indecipherability of all its importance.
This argument may, on the surface, seem fair enough ; I think it’s basically false.
It is indeed, as I see it, forgetting that the secret of remote communications very frequently retains its importance beyond the date of transmission ; without enumerating all the eventualities that might present themselves, it suffices me to mention the case where the commander of a besieged city sends intelligence to the army that is to rescue him. What’s more, once an intercepted cryptogram can be decoded, all new dispatches, written with the same key and suffering the same fate, can be read instantaneously. It will happen as a result that, in the near-term or the long-term, dispatches will be shipped in all directions, such that their decoding will in some ways be a foregone conclusion ; unless we allow an army corps to have all of its instructions encoded by a single person, or at least passing through the hands of a single person, which would reduce the clandestine correspondence to a singularly modest role.
The ability to be able to change the key at will is certainly an essential condition for any cryptographic system, but this is of misleading benefit and the practical realisation of which would be wrong to rely on, through the thousands of vicissitudes of a long campaign.
As for the need for secrecy, which, in my eyes, constitutes the principal flaw of all our systems of cryptography, I would observe that it somewhat restricts the use of encrypted mail only to commanders.xxx And by secret here I mean, not the actual key, but what constitutes the material part of the system : lookup tables, dictionaries, or mechanical devices of some description that must be used to enable the application. Indeed, it isn’t necessary to create imaginary phantoms and to suspect the incorruptibility of the employees or junior officers, to understand that, if a system requiring secrecy were found in the hands of too many individuals, it could be compromised by each one who takes part.xxxi Nothing but this point of view is needed to condemn the use of dictionary codes, such as the ones in use today in the military.
It can perhaps be objected that with the inclusion of the second principle, it’s hardly possible to establish a system that’s completely indecipherable. We must understand : I know very well that desiring such conditions as finding a system that’s mathematically indecipherable is mathematically impossible ; but I affirm, and not without good reason, by achieving the different principles that I’ve enumerated above, we can perfectly work out systems that are, if not mathematically, at least materially indecipherable.
It seems that there is serious talk, at the War Ministry, of replacing the dictionary code with a more practical system. As well they should ! if the Administration wants to leverage all the services that can be rendered by a well formulated system of cryptographic correspondence, they must absolutely renounce their covert methods, and establish in principle that they will only accept a procedure that might be taught openly in our military colleges, that our students are free to communicate with whom they please, and that our neighbours can even copy and adopt this, whether this suits them to say more : it is only when our officers have studied the principles of cryptography and studied the art of decoding, that they’ll be in a position to avoid the numerous mistakes that compromised the keys of the best codes, and which are necessarily exposed to laypeople ; only then can this section of the Regulation of November 19, 1874, that I mentioned above, be ready to receive a practical application and true satisfaction.
___ ___ ___
At this point, I leave the different methods of cryptography, as described by Monsieur Kerckhoff in section III of this article, to the alert reader. While the tools at Kerckhoff’s disposal were of a different time and place, I trust that it’s clear to see that his ideas were not.
For today, even in times of peace, war rages on beneath the surface.
___ ___ ___
- Jean Guillaume Auguste Victor François Hubert Kerckhoffs, Dutch linguist and cryptographer, January 19, 1835 – August 9, 1903.↩
- The original French article, of which sub-parts I and II are translated and adnotated below, can be found here : Part 1 , while his follow-up article, published a month later in the same journal and containing further practical examples, can be found here : Part 2. There’s also a PDF version.↩
The first recorded use of cryptography for correspondence was by the Spartans, who as early as 400 bc employed a cipher device called the scytale for secret communication between military commanders. The scytale consisted of a tapered baton, around which was spirally wrapped a strip of parchment or leather on which the message was then written. When unwrapped, the letters were scrambled in order and formed the cipher; however, when the strip was wrapped around another baton of identical proportions to the original, the plaintext reappeared. Thus, the Greeks were the inventors of the first transposition cipher.
- Αἰνείας ὁ Τακτικός; fl. 4th century BC.↩
- Being Austrian military strategist Franz Graf Conrad von Hötzendorf, born November 11, 1852, Penzing, Austria—died August 25, 1925, Mergentheim, Germany, and author of Unterschiedene bisshero mehrern Theils secreta oder Verborgene geheime Künste.↩
- Polybius, The Histories.↩
- Plutarch, Lysandre.↩
- Lucius Cassius Dio, Roman History.↩
- Suétone, La Vie des douze Césars.↩
- Aulu-Gelle, Nuits attiques.↩
- Isidore, Origines.↩
- Sextus Julius Africanus, Chronographiai.↩
- Schotti, Schola steganographica, 1665↩
- Landgrave: title for a German prince.↩
- Hmm. Sounds a bit the NSA’s diddling of most every encryption standard for the past two decades, doesn’t it ?↩
- Beausobre, Commentaires sur la défense des places, Note du traducteur, 1757.↩
- According to Cardinal Mazarin’s Breviarium Politicorum.↩
- The Cabinet Noir, as formalised under France’s King Louis XV, was where suspicious letters were opened and read before being sent to their final destinations, as many other regimes in many other times and places have done. To name but one other: Romania’s Securitate.
Interestingly, the ease of intercepting electronic communication has resulting in the focus of governments in this area, leaving physical mail much less likely to be intercepted today. Just a thought.↩
- Fain, Manuscrit de 1812, contenant le précis des événements de cette année, pour servir à l’histoire de Napoléon, 1827.↩
- Some 16,000 troops under French General Louis Gabriel Suchet beseiged Lerida and then Mequinenza in 1810, conquering both.↩
- Lewal, Tactique de marche, 1876.↩
- See Bortzmeyer’s complaints re: PGP for the contemporary equivalent.↩
- Bardin, Dictionnaire de l’Armée de terre, 1843.↩
- Much in the same way that Phil Zimmerman has been reduced to a two-bit shill for pseudo-privacy and ‘toy crypto‘.↩
- Lewal, Études de Guerre: Tactique des renseignements, 1883.↩
- Also John Barwick, 1612 – 1661, on the subject of decipherers : “I have heard of many of the pretenders of that skill, and have spoken with some of them, but have found them all to be mountebanks.”↩
- Dlandol, Le contr’espion, ou les clefs de toutes les correspondances secrètes, 1793.↩
- See related: Breaking a Bitcoin Brainwallet.↩
- This calls to mind Stan’s Practical Blockchain Telegraphy.↩
- The modern-day commanders being, broadly speaking, those in the WoT, and specifically the lordship. And commanders never starve.↩
- Multi-sig fucktardery, anyone ?↩