NSA manual on cracking unknown ciphers partially declassified

Sculpture Kryptos at the headquarters of the CIA

US National Security Agency finally declassified third part the famous textbook “Military Cryptanalyst” (MILCRYP), written to train NSA specialists and military cryptanalysts during the Cold War. The last part of the three-volume edition was published with some cuts, but it is still of great value, because we do not have many practical tutorials on breaking ciphers. We are talking about unknown, complex codes, which are composed according to incomprehensible rules. How to approach them? How do I find leads? The book answers these questions.

Perhaps an NSA textbook will help decipher texts that have defied cryptanalysis for decades and centuries. And even millennia, as in the case of Cretan writing from the III millennium BC (Minoan civilization).

The author of the textbook is the military cryptologist Lambros Callimahos, assistant and longtime assistant of William Friedman, “the father of American cryptology”, the author of three textbooks on military cryptography and the developer of nine encryption machines, three of which are patented and six remain classified to this day. It was Friedman’s group that hacked Japanese Purple code at the beginning of World War II.

The three-volume edition was published in October 1977.

The Military Cryptanalytics Trilogy explains how to break all types of codes, including military codes and puzzles, which are created solely for competitive purposes. This is a methodological guide for classical cryptography, which operates with letters and numbers. Unlike modern (computer) cryptography, which manipulates bits, although sometimes these areas overlap.

The first two parts have been publicly available since the 80s:

It deals with hacking known types classical cipherssuch as wildcard and permutation ciphers (substitution and permutation of characters). The third part of the textbook was of particular interest.

However, in 1992 the US Department of Justice statedthat the publication of the third book could harm national security by revealing “NSA methods of cracking ciphers.” In the same year, the cryptographic community began to fight for information disclosure. A number of inquiries have been made to the authorities under the Freedom of Information Act. In the end, in December 2020, the book was published.

Principles of cryptodiagnostics

By expert opinion, key to Callimachos’ book is the chapter entitled Principles of Cryptodiagnosis, which describes a systematic three-step approach to decrypting a message encoded by unknown method… The contents of this chapter can be found on pages 323-414 in published pdf

In a routine mode, intelligence intercepts thousands of messages. If the cipher is already familiar, then the scouts understand the algorithm by which the texts are encrypted. But if they are faced with something new, they must first figure out the encryption method.

As Callimachos describes in detail in this chapter, you should start by collecting all the necessary data. This data is of three types:

  1. ciphertext;
  2. any known source plaintext;
  3. important contextual information.

In “sports” puzzles, a piece of plain text can be passed on to help the reader. In the case of secret military messages, the reader may suspect that certain words are encrypted in the ciphertext, based on past knowledge. For example, there might be key terms such as [НАЧАЛО], [КОНЕЦ] or specific names, places, addresses.

Examples of indicators

After collecting all the data, the cracker arranges and rearranges them to find non-random characteristics.

For example, let’s study the following encryption log:

Insofar as

$ A1 $

– obvious discriminant, the indicator can be in position

$ A2 $

… And if a text group is used to encrypt the indicator, then we can reveal an important pattern if we try to add different groups near the beginning or end. Sometimes subtracting all pairs of groups is required

$ A1-A5 $


$ Z4-Z0 $

digit by digit (it is curious that in this place two pages of the textbook remained classified: probably some non-standard techniques were mentioned there). In our case, subtract all five digits of the number

$ A3 $

sequentially from the digits of the number

$ A2 $


6-8 = 8
7−2 = 5
4−1 = 3
7−4 = 3
0-8 = 2

In this way,

$ 67470-82148 = $ 85332

Here’s the overall result:

And this is already an ordered sequence. It can be seen that the addition of the first two digits gives the third:

$ 8 + 5 = (1) $ 3


$ 8 + 6 = (1) 4 $

and so on, that is, it is a sequence in ascending order. Moreover, if you subtract

$ 2 $

from the column

$ GR $

(the number of text blocks in each message), then from the last two digits we get a continuous trace in the coordinate space 10 × 10:

First coordinate

$ 3−2 $

communication with

$ 62−2 = $ 60

text groups gives us a number

$ 32 + 60 = $ 92

… This is the coordinate of the beginning of the next message from the mark

$ 9−2 $

… In that message

$ 81−2 = $ 79

text groups, which takes us to the point

$ 92 + 79 = (1) $ 71

… Etc.

In the following example, the encrypted indicators in the group

$ A2 $

are revealed if the values ​​are subtracted from them

$ Z1 $

1-8 = 3
4−3 = 1
5−1 = 4
7−6 = 1
1-5 = 6

The theory is confirmed by a similar subtraction of the values

$ Z0 $

from the numbers in the column

$ A2 $

, which gives similar decrypted indicators:

As it was easy to notice, the difference between the values

$ A2 $


$ A3 $

the same as between

$ Z1 $


$ Z0 $

… This additionally indicates that they should be used in pairs.

When we have deciphered the indicators, the third stage comes – an attempt to understand and explain these characteristics.

Three named steps – example Bayesian inference… It is “a statistical inference in which evidence and / or observation is used to update or re-infer the probability that a hypothesis might be true; the name Bayesian comes from the frequent use in the derivation of Bayes’ theorem, which was derived from the work of the Reverend Thomas Bayes. ”

With these methods, the cipher breaker takes into account the weight of the evidence and tries to guess the likely cause of the observed effect.

Unsolved ciphers

It is important for a cryptanalyst to understand the logic of the cryptor, the author of the problem. After all, an experienced encryptor will certainly leave in the cipher at least a few non-random patterns, clues to the solution. Otherwise, the puzzle will become absolutely impossible to decipher.

Imagine that you have created a puzzle, but after many years no one has been able to solve it. This is very sad. In this case, the author starts to issue tips. For example, a puzzle from books “Masquerade” from 1979 was only resolved after the publication of several clues in 1980 in the Sunday Times.

The answer to the “Masquerade” puzzle is hidden in 15 illustrations in the book. In each painting, you need to draw a line from the left eye of each creature depicted through the longest number on the left hand and to one of the letters on the border of the page. Then from the left eye through the longest digit on the left leg; from the right eye through the longest number on the right hand; and finally from the right eye through the longest digit on the right leg. From the letters indicated by these lines, words can be formed, either by considering them as anagrams, or by applying the sequence of animals and numbers proposed in the picture.

If no one has solved the riddle even after many prompts, then the code is too difficult to crack. This means that you will eventually have to reveal the method you used. One example is the most complex cipher Chaocipher… In this case, the messages are almost impossible to decipher if you do not know the method.

History knows examples of how ciphers still lend themselves to breaking after years of effort. Last year, the famous Z340 cipher was unraveled, which developed serial killer zodiac in 1969. Cipher hacked an international team of amateur cryptanalysts after 51 years hard work. Over the years, the team has carefully and systematically conducted observation list… In the end, it worked.

Using Monte Carlo sampling, the researchers tested whether the patterns in the ciphertext were random or not. Along with detailed knowledge of the context and after hacking previous zodiac cipher, they managed to understand the encryption method.

Another example is the Kryptos sculpture outside the CIA office by the American sculptor Jim Sanborn. There are several encrypted messages on it, which also resisted breaking for a long time. The most difficult of them is K4.

K4 cipher text remains unsolved for about 30 years. Here it is:


This is a really complex cipher. Its compiler Ed Scheidt, chairman of the CIA’s Cryptographic Center, rated the difficulty at 9 out of 10 possible points. It was necessary so that the code would not be solved quickly – after all, it would annoy the best analysts from the CIA every day on the way to the office. According to the author’s intention, the cipher should be solved in five, seven, or maybe ten years.

However, Ed miscalculated.

The last clue by Jim Sanborn on K4, April 2020

Why is the K4 cipher so difficult? First, the snippet is only 97 characters long, very short, which means less data and fewer hints. The encryption method used to create it is unknown and there is little context as to how it might have been encrypted. Independent Cryptographers At The DEFCON Conference complained and other difficulties: the CIA office is difficult to find (it does not have an address), and unauthorized persons are not allowed into the territory. Therefore, the sculpture is difficult to see in the immediate vicinity.

In one of George Poya’s classic books “How to solve a problem” (cm. Russian translation (pdf) for mathematics teachers from 1959), a general principle for solving any problem is proposed – to turn to a similar problem that has already been solved. This principle applies to the world of historical puzzles as well.

But Scheidt confessedthat as he worked on Kryptos, he changed the methodology – specifically to complicate the task.

Some suggest that the sculptor could accidentally introduce a mistake in the ciphertext during the manufacture of the sculpture – and confuse some signs. An encryption error can make the puzzle unsolvable. In such cases, the puzzle creator should announce this to potential cipher breakers.

In a 2007 NSA presentation mentionedthat “dozens” of agency employees tried to unravel the K4 encryption. All is unsuccessful.

However, hope does not die. Every year, more and more historical texts are hacked, which were considered absolutely impossible to decipher. And our computing power is growing. Perhaps someday the K4 encryption will be broken by an ordinary amateur burglar, not an NSA agent at all.

Unsolved ciphers

Here is a small selection of scripts that still have not been deciphered.

The work will last for several more generations.


Order a server and start working right away! Creature VDS any configuration within a minute. Epic 🙂

Subscribe to our chat in Telegram

Similar Posts

Leave a Reply