Since this does not yield a sensible decryption for , Trudy can safely assume that her guess for was incorrect. When Trudy eventually guesses that she will obtain the correct key and decrypt to also find that , thereby confirming the correctness of the key and, consequently, the correctness of both decryptions.

      2.3.6 Codebook Cipher

      A classic codebook cipher is, literally, a dictionary‐like book containing (plaintext) words and their corresponding (ciphertext) codewords. To encrypt a word, the cipher clerk would simply look it up in the codebook and replace it with the corresponding codeword. Decryption, using the inverse codebook, is equally straightforward. Below, we briefly discuss the Zimmermann Telegram, which is surely the most infamous use of a codebook cipher in history.

      The security of a classic codebook cipher depends primarily on the physical security of the book itself. That is, the book must be protected from capture by the enemy. In addition, statistical attacks analogous to those used to break a simple substitution cipher apply to codebooks, although the amount of data required is much larger. The reason that a statistical attack on a codebook is more difficult is due to the fact that the size of the “alphabet″ is far greater, and consequently, significantly more data must be collected before the statistical information can rise above the noise.

      As late as World War II, codebooks were in widespread use. Cryptographers realized that these ciphers were subject to statistical attack, so codebooks needed to be periodically replaced with new codebooks. Since this was an expensive and risky process, techniques were developed to extend the life of a codebook. To accomplish this, a so‐called additive was generally used.

      Suppose that for a particular codebook cipher, the codewords are all five‐digit numbers. Then the corresponding additive book would consist of a long list of randomly generated five‐digit numbers. After a plaintext message had been converted to a series of five‐digit codewords, a starting point in the additive book would be selected and beginning from that point, the sequence of five‐digit additives would be added to the codewords to create the ciphertext. To decrypt, the same additive sequence would be subtracted from the ciphertext before looking up the codeword in the codebook. Note that the additive book—as well as the codebook itself—is required to encrypt or decrypt a message.

      Often, the starting point in the additive book was selected at random by the sender and sent in the clear (or in a slightly obfuscated form) at the start of the transmission. This additive information was part of the message indicator, or MI. The MI included any non‐secret information needed by the intended recipient to decrypt the message.

If the additive material was only used once, the resulting cipher would be equivalent to a one‐time pad and therefore, provably secure. However, in practice, the additive was reused many times—any messages sent with overlapping additives would have their codewords encrypted with the same key, where the key consists of the codebook and the specific additive sequence. Therefore, any messages with overlapping additive sequences could be used to gather the statistical information needed to attack the underlying codebook. In effect, the additive book dramatically increased the amount of ciphertext required to mount a statistical attack on the codebook, which is precisely the effect that cryptographers had hoped to achieve.

      Modern block ciphers use complex algorithms to generate ciphertext from plaintext (and vice versa), but at a higher level, a block cipher can be viewed as a codebook, where each distinct key determines a distinct codebook. That is, a modern block cipher consists of an enormous number of codebook ciphers, with the codebooks indexed by the key. The concept of an additive also lives on, in the form of an initialization vector, or IV, which is often used with block ciphers (and sometimes with stream ciphers as well). Modern block ciphers are discussed in detail in the next chapter.

2.4 Classic Crypto in History

       The trouble with quotes on the Internet is that it's difficult to determine whether or not they're real.

      —Abraham Lincoln

      In this section, we take a brief look at three instances where classic ciphers played a role in historical events. First, we look at a weak cipher that was used during the controversial U.S. presidential election of 1876. Then we consider the Zimmermann Telegram, which played a pivotal role in World War I. The Zimmermann Telegram was encrypted with a classic codebook cipher. Finally, we discuss the VENONA messages, where Soviet spies in the United States used one‐time pad encryption. This system was used over a long period of time, but most notably for atomic espionage in the 1940s.

      2.4.1 Ciphers of the Election of 1876

      The U.S. presidential election of 1876 was a virtual dead heat. At the time, the Civil War was still fresh in people's minds, Radical Reconstruction was ongoing in the former Confederacy, and the nation was still bitterly divided.

The contestants in the election were Republican Rutherford B. Hayes and Democrat Samuel J. Tilden. Tilden had obtained a slight plurality of the popular vote, but it is the Electoral College that determines the winner of the presidency. In the Electoral College, each state selects a delegation and for almost every state, the entire delegation is supposed to vote for the candidate who received the largest number of votes in that particular state.⁵

In 1876, the Electoral College delegations of four states⁶ were in dispute, and these held the balance. A commission of 15 members was appointed to determine which state delegations were legitimate, and thus determine the presidency. The commission decided that all four states should go to Hayes and he became president of the United States. Tilden's supporters immediately charged that Hayes’ people had bribed officials to turn the vote in his favor, but no evidence was forthcoming.

Some months after the election, reporters discovered a large number of encrypted messages that had been sent from Tilden's supporters to officials in the disputed states. One of the ciphers used was a partial codebook together with a transposition on the words. The codebook was only applied to important words and the transposition was a fixed permutation for all messages