Professional Documents
Culture Documents
To cite this article: Elonka Dunin, Magnus Ekhall, Konstantin Hamidullin, Nils Kopal, George
Lasry & Klaus Schmeh (2021): How we set new world records in breaking Playfair ciphertexts,
Cryptologia, DOI: 10.1080/01611194.2021.1905734
ABSTRACT KEYWORDS
The Playfair cipher is a well-known manual encryption method challenges; cryptanalysis;
developed in the 19th century. Until 2018, known cryptanaly- dictionary attack; hill
sis techniques, with computer assistance, could solve non-key- climbing; Playfair cipher;
simulated annealing;
word-based Playfair ciphertexts if they had at least 60 letters tabu search
to work with. Shorter ciphertexts were effectively impossible
to solve in the absence of a crib. In this article, we show how
we introduced several improvements in these cryptanalysis
methods, which made it possible to do much better. This
resulted in the (unofficial) world record for the shortest
Playfair message broken going down from 60 via 50, 40, 32,
and 28 to 26 letters. The cryptanalysis techniques used include
hill climbing, simulated annealing, tabu search, and plaintext-
based dictionary attacks. For readers interested in improving
the current record, we also provide unsolved Playfair chal-
lenges consisting of 24 and 22 letters.
TO BE OR NO TT OB E
CONTACT Klaus Schmeh klaus@schmeh.org Private, Nikolaus-Groß-Str. 32, Gelsenkirchen 45886, Germany
ß 2021 Taylor & Francis Group, LLC
2 E. DUNIN ET AL.
As the rules of Playfair (provided below) require that there are no pairs
with identical letters in the plaintext, we will put an X between the two Ts:
TO BE OR NO TX TO BE
Sidenotes about a Playfair plaintext:
If there was now a single letter at the end, we would have to add
another padding letter, such as an X, at the last position. But this is not
necessary here, as the number of letters after adding the X between the
two Ts is even.
The letter J may not appear in a Playfair plaintext; if one exists, this is
usually handled by writing an I instead of a J.
Figure 1. The Playfair cipher is named for British politician and scientist Lyon Playfair
(1818–1898, left), who promoted the system. It was actually invented by his friend, inventor
and scientist Charles Wheatstone (1802–1875, right). Sources: Lock & Witfield, Public domain,
via Wikimedia Commons/Samuel Laurence, Public domain, via Wikimedia Commons.
The key of the Playfair cipher is a 5 5 matrix that contains the letters
of the alphabet (except the J) in an arbitrary order; in other words, a per-
mutation of a 25-letter alphabet. It is possible to use a keyword (e.g.,
MONDAY) for determining the order of the letters in the matrix:
2 3
M O N D A
6Y B C E F7
6 7
6G H I K L7
6 7
4 P Q R S T5
U V W X Z
CRYPTOLOGIA 3
However, this method is not applied in the following. Instead, in this art-
icle we assume that a Playfair matrix is always based on a random permu-
tation of the alphabet, as in the following example:
Figure 2. The Playfair cipher substitutes digraphs according to three simple rules.
1. If the two letters of a digraph are in neither the same column nor the
same row (this is the most frequent case), form a rectangle with the two
letters at opposite corners and replace the two letters by the other two
corner letters. The upper plaintext letter is replaced by the other upper
letter in the rectangle, the lower plaintext letter by the lower one. For
instance, if we use the above matrix, TO encrypts to HL.
2. If the two letters stand in the same row, each one is replaced by its
right neighbor, or wraps around to the first column as needed. In our
example, BE becomes KB.
3. If the two letters stand in the same column, each one is replaced by its
lower neighbor and wraps around to the top row as needed. In our
example, OR encrypts to NO.
Key-space size:
As there are 25! ways to permute a 25-letter alphabet, there are as many
keys available for the Playfair cipher. However, rotating the lines or the col-
umns in the matrix doesn’t affect the encryption result. There are 5 ways
to rotate the columns and 5 ways to rotate the rows, and therefore
5 5 ¼ 25 possible rotations which result in equivalent keys. The effective
number of keys for the Playfair cipher is therefore 25!/25 ¼ 24!6:2 1023 ,
which corresponds to a 79-bit key.
Unicity distance:
The unicity distance of the Playfair cipher is 22.69 for the English lan-
guage (Deavours 1977). The unicity distance is the minimum length of a
ciphertext so that there is only one plausible plaintext (i.e., there exists
only one key that decrypts the ciphertext into a meaningful English plain-
text). This means that for a Playfair ciphertext consisting of 22 or fewer
letters, we can expect more than one key that decrypts the ciphertext so
that the decrypted text is meaningful, which could result in ambiguous
solutions. However, the unicity distance is, of course, a theoretical thresh-
old. It is therefore possible that an even shorter Playfair ciphertext
is breakable.
For more information about the Playfair cipher, see (Kahn 1996,
198–203) and (Bauer 2019, 320–326). A detailed look on how to break
such a cipher is provided in (Dunin and Schmeh 2020, 289–305). As can
be seen in these sources, many variants of the Playfair cipher have been
described since the invention of this system in the 19th century. For
instance, during the Second World War the U.S. Army used a Playfair ver-
sion that allowed for identical digraphs (Dunin and Schmeh 2020,
287–288), while the Germans employed a two-matrix variant, known as
two-square cipher or Doppelkasten, at the same time (David 1996). It is
also possible to have nonstandard versions, such as larger matrices of 5 6,
or rules that shift things to the left instead of right, or down instead of up.
However, in this article, we only address the standard version as
described above.
The rest of this article is structured as follows: First, Section 2 introduces
conventional cryptanalysis approaches for attacking the Playfair cipher.
After that, Section 3 presents the concepts of hill climbing and simulated
annealing, which were successfully used for cryptanalyzing classical ciphers.
Then, in Section 4 we present different Playfair challenges and how authors
of this article solved these over the last few years. We also provide unsolved
Playfair challenges for readers interested in improving the current state-of-
the-art of attacking the Playfair cipher as presented in this article. Finally,
Section 5 concludes this article.
CRYPTOLOGIA 5
Figure 3. Hill climbing is a technique for solving optimization problems with a smooth scoring
function. The algorithm starts with a random solution candidate and iteratively tries to reach a
better solution by making small changes. The goal is to reach the solution with the highest
score, which is most often the correct solution.
functions which are smooth. This means that small changes in the key
cause only small changes in the decryption score (for example, using letter
n-graph statistics). Second, the number of potential solutions (i.e., the key
space) of many classical ciphers is too large for a brute-force attack. For
instance, it is nearly impossible to work through all 26!1027 289 ways a
substitution table with 26 letters can be assembled. For introductions to hill
climbing attacks on ciphers see (Dunin and Schmeh 2020, 377–412), (Lasry
2018, 38–39), and (Bauer 2019, 358–360).
Cryptanalyzing a ciphertext with hill climbing works as follows:
After termination, the final key and plaintext candidates have some prob-
ability of being the correct ones. To increase this probability, the procedure
should be carried out many times with different starting points. In practice,
CRYPTOLOGIA 7
alphabet). These are the two conditions for a hill climbing or simulated
annealing attack to be most effective and useful. It therefore comes as no
surprise that these two methods have proven very efficient for the crypt-
analysis of Playfair.
For instance, (Cowan 2008) presents an attack on Playfair based on
simulated annealing with a constant temperature. It uses tetragraph (four-
letter group) frequencies for the scoring function. With this method,
Playfair ciphertexts as short as 80 letters can routinely be solved. In (Al-
Kazaz et al. 2018), a Playfair-breaking technique based on simulated
annealing is described and demonstrated on several ciphertexts. The short-
est one, with only 60 letters, was successfully deciphered with only two
errors. The scoring function is based on hexagraph statistics. To the
authors’ knowledge, as of early 2018 the deciphering of the aforementioned
60-letter message (yet with two errors) represented the world record for
the shortest random-matrix Playfair ciphertext ever cryptanalyzed.
4. Playfair challenges
The following sections describe Playfair challenges even shorter than 60
characters which were created by Schmeh and how they were solved by dif-
ferent co-authors of this article. At the end, we also present even smaller
unsolved challenges and invite the readers of this article to try to
solve them.
MQ VS KP EV IS BA WK TP KP PN AU NU NE GL UZ TY UZ LY GC TZ
KN KU ST AG CT NQ
This cryptogram was solved on the same day by Lasry, thus breaking the
previous record. Lasry used a simulated annealing program (with constant
temperature) of Lasry’s own design, the scoring function being based on
hexagraph statistics. The details are provided in (Lasry 2019).
Contrary to most other simulated-annealing algorithms, the one imple-
mented by Lasry not only checked simple changes of the key—swapping
1
Klaus Schmeh’s blog: Playfair cipher: Is it unbreakable, if the message has only 50 letters? https://scienceblogs.
de/klausis-krypto-kolumne/2018/04/07/playfair-cipher-is-it-unbreakable-if-the-message-has-only-50-letters
10 E. DUNIN ET AL.
two elements in the key matrix—at each iteration, but also checked a larger
number of other possible small changes on the key matrix—namely swaps
of any two rows, swaps of any two columns, permutations of the five rows,
permutations of the five columns, permutations of the five elements of any
row, and permutations of the five elements of any column—and computed
the scoring function separately for each one. It took the algorithm only a
few seconds on a 10-core Intel Core i7 6950 3.0 GHz PC to complete the
attack and to derive the correct solution:
OF FC ER VU MW MO OM RU FI WC MA OG FV ZY FX YB HG UX ZV EH
Again, the record was quickly broken, as the solution to the challenge
was solved within a few hours. This time, it was Kopal who came up with
the solution.
For the deciphering work, Kopal applied the simulated-annealing algo-
rithm written by Lasry including the hexagraph-based scoring function.
Initial runs only produced spurious solutions. At some stage, the software
displayed a decryption (at the fourth position of the list), starting with
MEETYOU, but only for a few seconds, before the decryption quickly dis-
appeared from the list as new higher-score decryptions were inserted. At
this point, an additional feature of the software proved helpful, which sup-
ported simulated annealing with a crib. The scoring function was modified
such that the score, based on hexagraph statistics, would be increased for
each known-plaintext symbol (i.e., the crib, or a portion of it) correctly
reproduced when decrypting the ciphertext with a candidate key. With this
2
Klaus Schmeh’s blog: Playfair cipher: Is it breakable, if the message has only 40 letters? https://scienceblogs.de/
klausis-krypto-kolumne/2018/12/08/playfair-cipher-is-it-breakable-if-the-message-has-only-40-letters
CRYPTOLOGIA 11
SX CR ED BQ UG VZ RS MN DS IK RK WR SG NS NX VM
The challenge definitely proved more difficult than the previous ones, as
no solution popped up that day, week, or even month. However, five
months later, in September 2019, Ekhall deciphered the message and again
set a new record4.
For this cryptanalysis effort, Ekhall started by writing a simulated-anneal-
ing program, first in Python, then later rewritten in C. The scoring func-
tion was based on the frequencies of five-letter groups (pentagraphs).
Initial results were not successful, so Ekhall improved the simulated-anneal-
ing algorithm by introducing two new functions:
3
Klaus Schmeh’s blog: Playfair cipher: Is it breakable, if the message has only 30 letters? https://scienceblogs.de/
klausis-krypto-kolumne/2019/04/15/playfair-cipher-is-it-breakable-if-the-message-has-only-30-letters
4
Klaus Schmeh’s blog: Magnus Ekhall solves Playfair challenge and sets a new world record. https://scienceblogs.
de/klausis-krypto-kolumne/2019/09/05/magnus-ekhall-solves-playfair-challenge-and-sets-a-new-world-record
12 E. DUNIN ET AL.
The memory function required a large amount of storage for storing the
visited key matrices and appropriate memory management. Ekhall came to
the conclusion that a data structure with efficient insertion and search per-
formance was essential. Switching from C to Cþþ allowed the use of an
std::unordered_set which has average constant-time search and inser-
tion complexity.
Ekhall ran the simulated-annealing algorithm with the memory and
restart functions. All candidate solutions that scored better than a fixed
threshold were logged to a file. Afterwards, the large log file was investi-
gated both manually and with a simple software routine that highlighted
words listed in a dictionary. After the program had worked for over a week
with numerous restarts, Ekhall finally found a plausible message amongst
the large number of plaintext candidates:
Schmeh confirmed that this was exactly the plaintext that had been
encrypted. A new record was reached, 32 letters. The plaintext did not
have a particularly high score, there were many false plaintext candidates
that scored better. A single score of a short message is more sensitive to
the presence of unusual letter combinations compared to longer messages
(Lasry 2018). As messages get shorter, the variance of the n-graph scoring
becomes larger.
ZX LS EW HC HU CE LQ OE PN YR IW YC VQ LS
5
Klaus Schmeh’s blog: Can you solve this Playfair cryptogram and set a new world record?. https://
scienceblogs.de/klausis-krypto-kolumne/2019/09/10/can-you-solve-this-playfair-cryptogram-and-set-a-new-
world-record
CRYPTOLOGIA 13
6
Klaus Schmeh’s blog: Magnus Ekhall solves 28-letter Playfair challenge and sets new world record. https://
scienceblogs.de/klausis-krypto-kolumne/2019/11/14/magnus-ekhall-solves-28-letter-playfair-challenge-and-sets-
new-world-record
14 E. DUNIN ET AL.
potential plaintext candidates were each given a score based on how many
characters could be connected to a word pair. For example, in the input string:
KOTAHEREBEENMAKINGTHEATEMPTA
AWAYWHEREYOUAREUNTILTHURSDAY
Ekhall guessed that this was close to the solution, though the correct first
word might be STAY instead of AWAY. Using
STAYUNTILTHURSDAY as a crib, the program quickly con-
firmed Ekhall’s hypothesis and rendered the following solution:
DB AQ IH KN RW VB KW NA DQ WR AM OQ IY
7
Klaus Schmeh’s blog: Can you solve this Playfair cryptogram and set a new world record? https://scienceblogs.
de/klausis-krypto-kolumne/2019/11/22/can-you-solve-this-playfair-cryptogram-and-set-a-new-world-record-2
CRYPTOLOGIA 15
Four weeks later the solution8 was posted by a person so far unknown to the
other authors of this article: Hamidullin. Surprisingly, Hamidullin had solved this
challenge with neither a hill climber nor a simulated annealer, but with a special
kind of dictionary attack on the first words of the plaintext (A dictionary attack
on the key matrix would not have been possible, as the matrix was not derived
from a keyword.). As far as we know, this approach to decipher a Playfair cipher-
text has never been discussed in the codebreaking literature before.
For the attack, Hamidullin required a list (i.e., a dictionary) of words that
stand at the beginning of English sentences. As Hamidullin couldn’t find an
existing collection that would suit his needs, he decided to create one. After
analyzing Ekhall’s solution of the previous two Playfair challenges, Hamidullin
realized that Project Gutenberg provided the input needed for this purpose.
Hamidullin wrote a software program in Cþþ that worked through
about three thousand English-language Project Gutenberg books and gener-
ated lists of the most frequent word n-graphs, with n running from 1 to 6.
Hamidullin’s codebreaking software then used the word n-graph database
that had been compiled, along with the following recursive algorithm that
would incrementally reconstruct plaintext one letter at a time and compare
the reconstructed portion with the word n-graphs to see if the reconstruc-
tion was a potential English expression:
8
Klaus Schmeh’s blog: Konstantin Hamidullin solves 26-letter Playfair challenge and sets new world record.
https://scienceblogs.de/klausis-krypto-kolumne/2019/12/21/konstantin-hamidullin-solves-26-letter-playfair-challenge-
and-sets-new-world-record
16 E. DUNIN ET AL.
This algorithm produces a list of plaintext candidates that are both con-
sistent with a Playfair matrix and have a certain degree of meaningfulness.
This raises the question of how “meaningfulness” can be measured with the
IsMeaningful function. The method Hamidullin applied was to store the
plaintext candidate as an array of words, and then assign each word a pen-
alty value depending on the context. The context was defined as a sequence
of previous words (but no more than five, as a word hexagraph database
was used). In this algorithm, the phrase was considered meaningful if the
sum of all penalties didn’t exceed a certain value. This procedure is effect-
ively a variant of a scoring function, as known from hill climbingand
simulated annealing. The penalty for using a word was equal to log mh ,
where h is the frequency of the word in a given context and m is the fre-
quency of the most frequent word in the given context. For example, in the
database that was built, the most frequent word after the phrase “WAIT
FOR” was “THE”, so the penalty for using “THE” would be 0; the alternate
word “FURTHER” was 56 times less frequent than “THE” in this context
and hence would score log(56). The penalty for rare words (and even for
non-words) can also be defined, thus allowing almost any word combina-
tions (for example “WAIT FOR X”). However the total score for randomly
constructed phrases would quickly exceed the allowed limit and the phrase
would be discarded.
To test consistency (IsConsistent), the algorithm starts with simple
checks (example: identical ciphertext letter pairs must encode identical
plaintext letter pairs; thus DBAQIH cannot encode THISIS) and then tries
to create a Playfair matrix with an exhaustive search. This was optimized
by rearranging letter quads (a pair of ciphertext letters and its respective
pair of plaintext letters): quads with fewer placement options should be
processed first.
For example, when checking whether the ciphertext is consistent with
the plaintext:
DBAQIHKNRWVBKW
WAITFORFURTHER
We have 7 quads, taking sequential letter pairs from each: (DB, WA),
(AQ, IT), (IH, FO), (KN, RF), (RW, UR), (VB, TH), and (KW, ER), all of
which are assembled in a key matrix. The first quad (DB, WA) can poten-
tially be placed on an empty matrix in 20 distinct (cryptologically nonequi-
valent) ways. All other ways of placing the quad, say by simply shifting it
left or right, or up and down without changing the distance between the
letters, would lead to an identical result.
All of the other quads would also have 20 distinct ways of being placed
except (RW, UR)—since a letter is shared between them, U, R, and W
CRYPTOLOGIA 17
must be adjacent according to the Playfair rules. Since there are only two
options to place (RW, UR), it should be positioned first. With W and R
located, quad (KW, ER) becomes the one with the fewest number of place-
ment possibilities, only requiring guesses for the positions K and E, so it
should be placed second. (KN, RF) can be positioned next by the same
logic. Out of the remaining four quads, (IH, FO) is taken next since F is
already positioned, followed by (AQ, IT) since I is positioned. Finally, (VB,
TH) and (DB, WA) close the list since there is only one placement option
per each in this attempt (Figures 5 and 6).
Figure 5. Straightforward matrix generation. (a) There are 20 distinct cryptologically nonequiva-
lent ways to place the quad (DB, WA) on an empty matrix, as D and B cannot be adjacent.
One of the possible options is shown. (b) Depending on the position of (DB, WA), there may
be up to 11 ways to place (AQ, IT). One of the possible options is shown.
Figure 6. Optimized matrix generation. (a) There are only two distinct ways to place quad (RW,
UR) on an empty matrix, one of which is shown. (b) Depending on the position of (RW, UR)
there may be up to five ways to place (KW, ER), one of which is shown. (c) No matter how
(RW, UR), (KW, ER), (KN, RF), (IH, FO), (AQ, IT) were positioned, (VB, TH) would have at most
one placement option in this example.
Assuming that plaintext, the following key matrix was derived (the aster-
isks stand for the remaining unknown letters; their position is not relevant):
18 E. DUNIN ET AL.
2 3
R W E K U
6Y D S7
6 7
6N A C F I7
6 7
4 B H O5
T M V Q
VYRSTKSVSDQLARMWTLRZNVUC
NTKRKDLDGHISZWLICKHIAO
The solutions of the 24-letter and the 22-letter challenges are known
only to Schmeh and Dunin.
9
Klaus Schmeh’s blog: Can you solve this Playfair cryptogram and set a new world record? https://scienceblogs.
de/klausis-krypto-kolumne/2020/01/27/can-you-solve-this-playfair-cryptogram-and-set-a-new-world-record-3
CRYPTOLOGIA 19
Notes on contributors
Elonka Dunin has co-authored the 2020 book Codebreaking: A Practical Guide together
with Klaus Schmeh. She is considered an authority on classical ciphers, co-founder and co-
leader of a group of cryptographers who are working hard to crack the final cipher on the
famous Kryptos sculpture at CIA Headquarters. She maintains a list of the World’s most
famous unsolved codes on her elonka.com site, and also published The Mammoth Book of
Secret Codes and Cryptograms. Bestselling author Dan Brown named one of the characters
in his The Da Vinci Code sequel, The Lost Symbol, after her. “Nola Kaye” is an ana-
grammed form of “Elonka.” She is a member of the Board of Directors for the National
Cryptologic Foundation, and is a lifetime member of the International Game Developers
Association. Currently living in the Washington, D.C. area, she works as a management
consultant. As a public speaker, Elonka regularly gives talks on her favorite subjects:
Games, Wikipedia, cryptography, medieval history, Agile development, and geocaching.
Magnus Ekhall has a MSc in Computer Science and Engineering from Link€ oping
University, Sweden. Apart from cryptanalysis of classical ciphers, Magnus is interested in
the mechanization of cryptanalysis, especially the Turing Bombes used to break the Enigma
cipher. Magnus currently works for Sectra Communications.
Konstantin Hamidullin received his master’s degree in computer science in 2007 from the
University of Latvia. He is currently a programmer from Riga (Latvia) with years of experi-
ence in the gaming industry, his work being mainly related to statistics and optimization.
After learning about the Voynich Manuscript in 2015, he developed an interest in classical
cryptography, including Playfair ciphers.
Nils Kopal is a computer scientist and cryptanalyst working as a postdoc at the
University of Siegen, Germany. He specializes in cryptanalysis of classical ciphers and
distributed cryptanalysis. He is leading the development of the open-source software
CrypTool 2. In the DECRYPT project he is responsible for developing tools for
20 E. DUNIN ET AL.
cryptanalysis of historical and classical ciphers and integrating these in the DECRYPT
pipeline and CT2.
George Lasry is a computer scientist in the high-tech industry in Israel, and a member of
the DECRYPT and CrypTool projects. He obtained his PhD in 2017 with the research
group “Applied Information Security” (AIS) at the University of Kassel. His primary inter-
est in cryptographic research is the application of specialized optimization techniques for
the computerized cryptanalysis of classical ciphers and cipher machines. In 2013, he solved
the Double Transposition (Doppelw€ urfel) cipher challenge. He also deciphered German
ADFGVX ciphertexts and diplomatic codes from World War I; World War II messages
encrypted using the German Siemens and Halske T52 teleprinter encryption device; a col-
lection of papal ciphers from the 16th, 17th, and 18th centuries; and transposition ciphers
from the Biafran War in the late 1960s.
Klaus Schmeh has co-authored the 2020 book Codebreaking: A Practical Guide
together with Elonka Dunin. He has written 15 other books (mainly in German)
about cryptology, as well as over 200 articles, 25 scientific articles, and 1,300 blog
posts, which probably makes him the most-published cryptology author in the world.
He is also a member of the editorial board of Cryptologia. Klaus’s main fields of
interest are codebreaking and the history of encryption. His blog Cipherbrain.net is
read by crypto enthusiasts all over the world. Klaus is a popular speaker, known for
his entertaining presentation style involving self-drawn cartoons and Lego models. He
has lectured at hundreds of conferences, including the NSA Cryptologic History
Symposium, HistoCrypt, the Charlotte International Cryptologic Symposium, and the
RSA Conference in San Francisco. In his day job, Klaus works for the German crypt-
ology company, cryptovision.
References
Aho, A. V., and M. J. Corasick. 1975. Efficient string matching: An aid to bibliographic
search. Communications of the ACM 18 (6):333–40. doi: 10.1145/360825.360855.
Al-Kazaz, N. R., S. A. Irvine, and W. J. Teahan. 2018. An automatic cryptanalysis of
Playfair ciphers using compression. In Proceedings of the 1st International Conference
on Historical Cryptology HistoCrypt, Vol. 149, 115–24. Link€ oping University Electronic
Press.
Cowan, M. J. 2008. Breaking short Playfair ciphers with the simulated annealing algorithm.
Cryptologia 32 (1):71–83. doi: 10.1080/01611190701743658.
Bauer, C. P. 2019. Unsolved!: The history and mystery of the world’s greatest ciphers from
ancient Egypt to online secret societies. Princeton, NJ: Princeton University Press.
David, C. 1996. A World War II German army field cipher and how we broke it.
Cryptologia 20 (1):55–76. doi: 10.1080/0161-119691884780.
Deavours, C. A. 1977. Unicity points in cryptanalysis. Cryptologia 1 (1):46–68. doi: 10.1080/
0161-117791832797.
Dunin, E., and K. Schmeh. 2020. Codebreaking: A practical guide. London: Robinson.
Glover, F., and M. Laguna. 1998. Editors: Panos M. Pardalos, Ding-Zhu Do, Ronald L.
Graham. Tabu search. In Handbook of combinatorial optimization, 2093–2229.
Heidelberg, Germany: Springer.
CRYPTOLOGIA 21
Kahn, D. 1996. The Codebreakers: The comprehensive history of secret communication from
ancient times to the Internet. New York City, NY: Simon and Schuster.
Kopal, N. 2018. Solving classical ciphers with CrypTool 2. In Proceedings of the 1st
International Conference on Historical Cryptology HistoCrypt, Vol. 149, 29–38.
Link€ oping University Electronic Press.
Kopal, N., O. Kieselmann, A. Wacker, and B. Esslinger. 2014. CrypTool 2.0. Datenschutz
und Datensicherheit - DuD 38 (10):701–8. doi: 10.1007/s11623-014-0274-7.
Lasry, G. 2018. A methodology for the cryptanalysis of classical ciphers with search metaheur-
istics. Kassel, Germany: Kassel University Press GmbH.
Lasry, G. 2019. Solving a 40-letter Playfair challenge with CrypTool 2. In Proceedings of
the 2nd International Conference on Historical Cryptology, HistoCrypt 2019, June 23-26,
Mons, Belgium, Vol. 158, 87–96. Link€ oping University Electronic Press.
Monge, A. 1936. Solution of a Playfair cipher. Fort Gordon, GA: US Signal Corps.
Mauborgne, J. O. 1918. An advanced problem in cryptography and its solution. Fort
Leavenworth, KS: Army Service Schools Press.
Schneier, B. 2007. Applied cryptography: Protocols, algorithms, and source code in C.
Hoboken, NJ: John Wiley & Sons.