Cryptography, Ciphers, and Hidden Texts

Contents: Introduction *Summarization *Substitution *Transposition *Tools and Examples

Introduction

It may seem a little silly to include a section on cryptography(the science of creating and revealing secret messages) in anencyclopedia of textual criticism, and the author can hardly denythat cryptography is not a main concern of textual critics -- oreven of serious Biblical scholars (as opposed to the sort who goabout trying to "solve the mystery" of the Apocalypse whenthe only genuine mystery is why people keep thinking they can"solve" it). But it's worth noting that the well-knownBiblical scholar Ronald Knox was actually a cryptologist, workingwith Britain's famous "Room 40" to solve German ciphersduring World War I; in addition, one of the men who cracked thevital Zimmerman Telegram was William Montgomery, who edited anedition of Augustine's Confessions. Others involved inBritish cryptography at this time include the papyrologist A. S. Huntand the paleographer Ellis H. Minns. Ward M. Manly, one of theleading lights of the American MI-8 intelligence service in WorldWar I (responsible among other things for the instruction of newcryptographers) did not work on classical or biblical literature,but he did co-edit the Manly-Rickert edition of The CanterburyTales, the leading critical edition for many years. There seemslittle question that the same skills that make good textual criticsalso make good cryptographers. (I will admit that both interest me,though I am no cryptographer and my place in textual criticism isat best debatable.)

And it's worth remembering that we dofind encryptions of sorts in the Bible: Jeremiah 25:26, for example,has an encrypted name, and presumably the "Number of theBeast" in Revelation 13:18 represents some sort of cryptogram.It's just possible that there are others -- if we knew where tolook.Tsar Ivan Alexander's Gospels

And there are instances of cryptograms of sorts in the marginalia ofBiblical manuscripts. I seem to recall hearing of a few instances wherescribes' names appeared to be hidden in code. And there is a famous Slavonicgopels, the Gospels of (Bulgarian) Tsar Ivan Alexander, British LibraryAdditional MS. 39627 (dated 1356) which contains a "magic square"(in effect, a transposition code)with information about the manuscript's history. In the case of Tsar Ivan'sgospels, that information is hardly needed, since there is full informationelsewhere in the manuscript. But if the true colophon had been lost, theability to read the Magic Square could have been vital. (A reduced black andwhite scan of this Magic Square is shown at right. A larger image, with anextensive description of the manuscript though no text, can be found in theBritish Library's volume The Gospels of Tsar Ivan Alexander.)

We find encrypted passages in other manuscript-era works aswell, such as an astronomical treatise from the era of Chaucer.It's even thought that some Egyptian hieroglyphs are encryptedmessages. It seems certain that we have encoded Babylonianastrological tablets -- tablet British Library 92685, for instance,is a table of some sort, with six columns of numbers (astronomical coordinates?)and then what appears to be an explanation. Since we have only partof the tablet, and it is encoded, not one has ever figured out thisparticular scheme.

Let's start with a few terms. First, encryption is the processof taking some sort of message and concealing it by turning themeaningful message (the "plaintext") into something that,at first glance, looks meaningless (the "ciphertext").Decryption is the process of taking the ciphertext and convertingit back to the original plaintext. There are two sorts ofdecryption -- what we might call "hostile" and"friendly." Friendly decryption occurs if you arethe intended recipient and have been told what you have to do toconvert the message. The method used to convert it is known as"the key." A key usually consists of two parts: A methodand a specific piece of data used to apply the key -- usually, incryptography, a set of letters and numbers used to conceal the message.Think of a combination lock: To open it, you must know how all combinationlocks work (right to the first digit, left to the second, right to thethird) and the combination (23-16-21, or whatever). Becausecryptographic methods are fairly standard, it is common to refer to the"combination" alone as the "key," rather than applyingthat term both to method and specific data.

Hostile decryption (now usually technicallyknown as "cryptanalysis")occurs if you intercept the message and manage to decrypt iteven though the key has not been voluntarily revealed to you. Typicallythis entails deducing the key, by logic or by trial and error.

There are, in general, two ways to encrypt a message: Bycode and by cipher.Codes consist of substituting one set ofwords for another -- e.g. one might say "Throw out the garbagetomorrow morning" to mean "attack at dawn" or"Tomorrow's menu includes sausage" for "buypork bellies." A famous real-world example is theJapanese government's signal "East wind, rain" toannounce war with the United States in 1941. We also see codes,of a primitive sort, in the Bible, e.g. at Rev. 14:8, 16:19,17:5, 18:2, 10, 21, where "Babylon" is used as asubstitute for Rome. We also see what appear to be examplesof this in alchemical texts, where a number of special symbolsare adopted for particular chemicals or activities.The problem with codes is their inflexibility --if you don't have a code symbol for "enemy on our flank,"and the enemy is on your flank, you have no way toencrypt this vital message. Serious codes are generally nearly unbreakablewithout some sort of key (unless you have large numbersof messages, anyway, and at least an idea of what some of them areabout) -- but they are limited in their usefulness. And if theyare compromised (by the capture or theft of a codebook), theyare gone forever.

Hence the cipher. Ciphers, instead of replacing words andphrases by other words and phrases, replace letter by letter (or,these days, in blocks of letters)Since there are only a finite number of letters (26 in the Romanalphabet, plus whatever other symbols you wish to include such asspaces and numbers and punctuation), you can make up a rule to coverall possible messages. And, if your first version iscompromised, you can just change the key and you are once again safe,at least temporarily.

Concealed messages have an ancient and venerable lineage,and though messages in the past were most often concealedsteganographically (i.e. they were physically hidden, writtenin invisible ink or hidden inside other objects), true cryptographywas also occasionally used. Ciphers have been known since ancient times,though the earliest ciphers were almost pathetically simply compared to modernencryption schemes. We won't worry about such modern devices as theEnigma machine or public key cryptography, which (while fascinating)truly have no part in textual criticism. But classical scholarsdo care about ancient ciphers.

And that means textual critics must care. The reason is thatencrypted information is easy to damage. That usually mattersrelatively little if you know the key to the cipher, and thecipher is a simple one-to-one replacement; you can decryptthe message, fix the errors, and thencorrect the encrypted form. But if you don't know the key,and have to decrypt the message, think how complicated it is todecrypt it! Even if you have the correct key, you may get nonsense.

Let's give an example of this point, using a simple cipher knownsince ancient times: The "Caesar cipher." Julius Caesar, to encrypthis messages, used a simple substitution, usually a three-letter offset(i.e. A became D, B became E, C became F, and so on to X, which becameA, etc.). So the text "THIS IS A CIPHER" would become"WKLV LU D FLSKHU." (This cipher technique is described, e.g.,in Suetonius, Julius LVI. Augustus LXXXVIII tells of thevariant used by that monarch: A single-letter shift, A becoming B,B becoming C, etc., up to X becoming AA; if Suetonius is right, thisis less secure, because the fact that A would occur only rarely, andalways twice, is a clue to the form of the cipher. We also find a CaesarCipher used by some alchemists; it's hard to believe anyone thought itsecure by then!)

OK, now assume that, instead of an encrypted passage onesentence long, you have many paragraphs in cipher text. Or, rather,assume you're a scribe confronted with this. What arethe odds that all that nonsense will be copied correctly?

And now assume that you come along much later and have to decryptthis damaged message and have to figure out what it says. There aretools available for decrypting ciphers -- indeed, the author is notaware of any unsolved ancient cryptographic methods. But the easymethods of decrypting all assume an intact original, making it easyto recognize the code. That, in fact, appears to be why we can'tsolve the Babylonian cipher cited above: We don't have the first partof the ciphertext to give us some idea of what we're looking at!We may illustrate this easily by looking at the "Caesarcipher" above. Suppose that, instead of
   WKLV LU D FLSKHU,
the scribe had copied it as
   WRLV LU D FLSKHU
(changing the second letter -- achange that could easily happen in some Roman writing styles).You come along and say, "Hm. Looks like aCaesar cipher." So you start working back, and find that thefirst word decrypts as TOIS. If you believe the message to be inEnglish, this makes nonsense, so you conclude, incorrectly, that it isnot a Caesar cipher.

The good news is that modern cryptographic methods, which are verysusceptible to damage and which are unusually difficult to crack, arejust that: modern. They require advanced machinery (these days,usually computers, but the German Enigma machine was mechanical andrequired mass-produced encoder/decoder cams).

Basically, ancient ciphers followed one of three methods:substitution, transposition, and summarization.

Summarization (my own term)is perhaps best dealt with first,since it's actually a class of methods, and it's also formallyuncrackable (you can never know you have the right answer).This is because it destroys information.A summarized message gives no clue to its meaning;it's just some sequence which equates to the value of the message.For example, we already mentioned Revelation 13:18 and the"number of the beast." This is actually what acomputer person would call a checksum: Take the numericalvalues of the letters, add them up, and record the result.

We can do this for English messages -- e.g. assign the valueA=1, B=2, C=3... Z=26. If we take our "THIS IS A CIPHER" text,for instance, it has the following checksum:

T H I S     = 20 + 8 + 9 + 19         =  56I S         = 9 + 19                  =  28A           = 1                       =   1C I P H E R = 3 + 9 + 16 + 8 + 5 + 18 =  59                               TOTAL  = 144

Unfortunately, this information is completely un-decryptable.Suppose you know that a message has "value" 144. The numberof possible such messages is very large. It could represent"This is a cipher." It could also represent 144 instancesof the letter A. Or six instances of the letter X. Or twelveinstances of the letter L. Only a computer could list all thepossibilities, and the number of possible readings gets larger and larger as thenumber gets larger. With a checksum of 144, we know that thenumber of letters is at least six and no more than 144. Nowimagine a checksum of, say, 40,000. That's a minimum messagelength of 1539 letters, a maximum of 40,000, and a likely valueof about 3400 letters. (In a long summarization, you can estimate thatthe total number of letters is about equal to the total value divided by11.7; that's the "average value" of a letter in English, whichtends to use the letters early in the alphabet more often thanthose late in the alphabet.) I doubt even a computer could grindout all the possible values for a checksum of 40,000 in a reasonabletime.

And even if you somehow knew the values, it doesn't do you anygood, because you don't know their order. Take our message"THIS IS A CIPHER." The letters in this message areACEHHIIIPRSST. We can arrange these in all sorts of ways. Forinstance, for all we could tell, it might stand for

IS THIS A CIPHER

or

THIS A CIPHER IS

or, if we are deliberately trying to confuse potential spies,

IS THA CIPHER, IS

(mis-spelling words and adding waste syllables is arecognized method of making deciphering harder).

It could also stand for

ACE HIRST IS HIP

(meaning perhaps that it is safe to talk to Ace Hirst).

And there are doubtless other possibilities I could findif I used a computer rather than my head.

Which brings us to our second method of summmarization,the anagram. ACEHHIIIPRSST, for instance, is an anagram ofTHIS IS A CIPHER. Same letters, different order.

This is a well-known method of publishing hidden messages.Christiaan Huygens, for instance, announced his discovery ofthe ring(s) of Saturn with an anagram -- a long message whichonly he could unscramble:
AAAAAAACCCCCDEEEEEGHIUIIIIIILLLLMMNNNNNNNNNOOOOPPQRRSTTTTTUUUUU
which rearranges to spell
Annulo cingitur tenui plano, nusquam cohaerente, ad ecliptican inclinato
allowing him to claim credit withoutlooking stupid if he turned out to be wrong.(On the other hand, Huygens was clearly a coward or he would havestood up and announced rather than using a trick to claimcredit from someone else who had the courage to say what he saw!).Galileo had earlier done something similar, telling Kepler of thephases of Venus with the anagram
Haec immatura a me jam frustra leguntur OY
which rearrances as
Cynthiae figuras aemulatour mater amorum
This may soundlike it wouldn't work very well as a method of assuring meaningor secrecy, butit does. Taking a long string of letters and rearranging it to meansomething is tricky; note that Galileo's rearrangement left himwith two leftover letters (OY) which he had to stick on the end.Thus an anagram is a safe way to assure priority.

A third, partial, form of summarization may just possibly beused in the Old Testament. It's easier to explain in English.The method consists of mashing the whole alphabet into half.So if we line up all 26 letters of the English alphabet with13 in the first row and 13 in the second, as follows,

ABCDEFGHIJKLM
NOPQRSTUVWXYZ

we then set both A and N equal to A (or, theoretically,to N), both B and O equal to B, etc. Under this method, e.g.,THIS IS A CIPHER becomes GHIF IF A CICHEE.

Theoretically, if one used an alphabet with a different number ofletters, one could have other such "mashing" methods. A24-letter alphabet allows unusually many possibilities -- you canline up the first twelve letters with the second twelve, or havethree lines of eight letters (e.g. α, the first letter; ι,the ninth, and ρ, the seventeenth, would all be reduced to α),or even four rows of six letters each. The latter form certainly wouldoffer a great deal of security....

The possible instance of the Hebrew form of this, known as"albam," occurs in Isaiah 7:6, which refers to theinvading powers setting up the "son of Tabeel" to ruleJudah. Tabeel is unknown. The proposal of the Midrash Rabbahon Numbers 18:21 is that "Tabeel" (TBL) is an albam of"Remaliah" (RML), obviously without the last syllable.As with most summarization ciphers, this is possible -- but onlypossible, and the Midrash gives no reason to actually think ithappened. Historical chronicles are full of instances of nameswe simply can no longer identify.

If a summarization encryption is textually damaged, there reallyis no recourse. Take that case of Revelation 13:18. We're quiteconfident that the number of the beast is 666. But we have avariant of 616. Suppose that variant had been more popular, orthat some other variant (say 566) had been widely known. Withoutknowing the thing summarized, and with no basis fordecision based on external evidence, how can we ever solve thecipher? We think it refers to Nero -- and yet, thisreally doesn't make much sense; the emperor Domitian is a muchmore likely target. So are we sure we know what 666 means? No.

Fortunately, we have more hope when dealing withsubstitution ciphers. Theseretain redundancy, so it is sometimes possible to eliminate errors.

A substitution cipher is one in which one letter is substitutedfor another. The "Caesar cipher" is a substitution cipher:A became D, etc. Caesar is also said to have sent messages in Latinbut written in Greek letters (i.e. "THIS IS A CIPHER."would become"ΘΙΣ ΙΣ Α ΣΙΦΕΡ."

Modern substitution ciphers have become very elaborate, usingall sorts of tricks to fool potential decoders. For example, wesee the use of nulls. Instead of just using 26 letters, an encodermight throw in a half dozen other symbols at random (so instead ofan alphabet of ABCDEFGHIJKLMNOPQRSTUVWXYZ, you might useABCDEFGHIJKLMNOPQRSTUVWXYZ#$%&!@, with #$%&!@ being merely symbolsyou throw in at random; they have no meaning. Alternately, youcan use extra characters as multiple expressions for the same letter. E.g., sinceE is the most common letter in English, you could let either # or! stand for E, so that neither # nor ! is the most common symbol).Another trick iscontinuously varying the ciphering algorithm. For example, you couldapply a continuous Caesar cipher: In the first letter of the message,offset by one letter (so A becomes B, etc.). For the second letter,offset by two (A becomes C, etc.). For the third, offset by three.And so forth. All of these methods are designed to fool decipherswho work based on the table of frequencies of letters.

None of which was needed in ancient times. In the Biblical era,as best we can tell, no one knew which letters were most frequentlyused. So a simple substitution (one letter always replaces by thesame letter -- a so-called mono-alphabetic substitution)was fairly secure. (Before you say, "Well, just try some combinations,"remember that the number of such ciphers is huge. There are only 26Caesar ciphers, but 26 factorial possible substitution ciphers. That's403,291,461,129,999,980,156,682,240 possible monoalphabetic substitutionsfor the 26-letter Latin alphabet. For the Greek alphabet, it's620,448,401,730,000,065,134,592 possibilities (more if we include the threenumbers not used as letters). You can't hope to crack that by trialand error without a crib.

It is said that Arabic scholars studying the Quranwere the first to learn the rules for decrypting simple substitution ciphers.(One suspects that Hebrew scholars, with their detailed attention tothe individual letters of the MT, also had the data they needed. Butthey probably weren't sending too many secret messages in Hebrew;the language itself, by then, was a pretty good secret medium!) In any case,the substitution code used in the Bible (the above-cited caseof Jeremiah 25:26, etc.) is very simple: it'scalled atbash, because it involved reversing the alphabet.Aleph became taw; bet became shin, etc. An equivalent for theLatin alphabet would be azby, because a becomes z, b becomesy, etc. Under azby, "THIS IS A CIPHER." becomesGSRH RH Z XRKSCI.

We should note that this method is more effective in Hebrew,which has no vowels, than Greek, which does. A reversed Hebrewword is still a consonental text, readable as long as propervowels are supplied. A Greek word is likely to become nonsense --ΙΗΣΟΥΣbecomesΠΣΘΚΕΘ,which even if it were pronounceable, wouldn't be spelled that way. Youcould invoke a variation on this, in which consonants substitutefor consonants and vowels for vowels. In this case, we have

Α
Ε
Η
Ι
Ο
Υ
Ω
Ω
Υ
Ο
Ι
Η
Ε
Α
 β
γ
δ
ζ
θ
κ
λ
μ
ν
ξ
π
ρ
σ
τ
φ
χ
ψ
ψ
χ
φ
τ
σ
ρ
π
ξ
ν
μ
λ
κ
θ
ζ
δ
γ
β

Under this,ΙΗΣΟΥΣbecomes the odd-but-at-least-pronounceableΙΟΘΗΕΘ.

Even this could probably be improved -- for example, to maintain(mostly) proper inflections, one could use some sort of transpositionignoring the vowels and ν and σ. Obviously that wouldn't domuch withΙΗΣΟΥΣ,but ΠΕΤΡΟΣunder the above scheme would beΛΕΖΚΟΣ,which is pretty funny-looking, but pronounceable and inflectable.

There is no obvious evidence of such usage in the New Testament --but who knows? Maybe you can find one. (I have a feeling I justcreated an excuse for a few zillion wild emendations.... Anyone have away to reorganize the alphabet so "Thaddeus" becomes"Lebbaeus"?)

There are many more advanced forms of substitution ciphers. Onemethod involves adding symbols for particular words (e.g. in Englisha symbol for "the" would be most helpful, and also for"and" and some other words). Others involve tricks such asthe continuous Caesar cipher described above. Fortunately, thesewere largely unknown in the manuscript era, so we can pass themby. Nor will I offer complete advice on the solving of substitutionciphers. The problem is that different languages involve differentfrequency tables and different rules. In English, for example, themost common word is "the." Technically, this is true inGreek also -- but Greek inflects the article, so particular forms(e.g. ο, το) arenot as common as the uninflected word και. Eachlanguage -- indeed, each dialect -- involves its own tools fordeciphering. (For a Greek example, see Toolsand Examples.) The principles are the same, butthe data used differs.

We should perhaps add a warning here: One must alwaysbe careful to assure that there is an actual cipher in use. Trying to"solve" something that isn't in fact encrypted can produceextreme silliness -- as the various attempts to decrypt the Apocalypseshow. Another example of this is the diary of Samuel Pepys. When itfirst was discovered, everyone thought it was encrypted, and variouspeople went to great lengths to "crack" his cipher. It wasn'tuntil decades later that it was discovered that Pepys wasn't using acipher; he was simply using Shelton's method of tachygraphy,a well-known shorthand system which also had the advantage of usingless space. What the experts thought was encryption was in factmerely a method of what we would now call compression, and all thatshould have been needed to crack it was to open up a copy of Shelton'swidely available book.

Even more hilarious is Athanasius Kircher's reconstruction of Egyptianhieroglyphs. According to Simon Singh's The Code Book, p. 204, Kirchertranslates the name of Pharaoh Apries as "the benefits of the divineOsiris are to be procured by means of sacred ceremonies and of the chainof the Genii, in order that the benefits of the Nile may be obtained."This was bad enough in dealing with an ancient language -- but think whatsuch ambiguous decrypts could produce when dealing with a real cipher. Aproper cipher will be unambiguous when decrypted -- that is, while you may havechoices in enciphering (e.g. in a cipher which uses numbers for letters,12, 13, 33, and 48 might all mean e, but each of those numbers means e andonly e). Ambiguous readings -- except in summarization ciphers --destroy the whole point.

So let's turn to the other major sort of ancient encryption,the transposition cipher. Unlikea substitution cipher, where oneletter is replaced by another, a transposition cipher involvesrearranging the order of a message. For example, one trickis to take alternate letters and place them in order. To onceagain use "THIS IS A CIPHER," think of placing alternateletters on alternate lines:

T I I A I H R H S S C P E

Then combine the lines to yield TIIAIHRHSSCPE. To decipher,you just cut the message in half and then reverse the aboveprocedure. The advantage of transposition ciphers is that, thoughthey preserve the standard frequency table of letters, the resultsmake no sense.

Transposition ciphers, in fact, began with what appears to havebeen the oldest-ever encryption machine, the Spartanσκυταλη, astick with the edges shaved into the shape of a prism describedby Thucydides. A messagewritten on a straight piece of parchment was wrapped around theσκυταλη,then copied down the columns, and transmitted; it was readby means of aσκυταληwith the same number of sides. Since theσκυταληnecessarily had more than two sides, it produced if anythinga more complex transposition than the above (though it's hardto believe that others did not imitate the thing).

The key to recognizing a transposition cipher is to notethat the frequency table matches that for an unencryptedmessage. That is, if the message is in English, it will containvery many instances of E, T, and A, and very few of Q or Z.Something similar will be true with other languages, thoughtheir frequency tables differ.

Again, modern ciphers are much more complex than the above,but they are not our concern. The currently-popular method ofpublic key cryptography, for instance, is possible only withcomputers. (It relies on finding very large prime numbers.)So far as we know, all ancientciphers were either simple substitutions or simple transpositions --and I know of no instances of the latter in literary works, though myknowledge may well be incomplete.

In any case, we as textual critics do not have to be concernedwith the original "autographs" of the messages.If the encrypted message is intact, textual criticism does not comeinto play. Our concern is the case where the message has beendamaged in transmission. When one has an intact message, one generallycan be confident that it has been decrypted when the entire message,as decrypted, makes sense. With a corrupted original, this will nothappen.

The trick in that case is to decide how much error one can accept.Let's look at the error we had above, in which we THIS IS A CIPHERwas encoded with a Caesar cipher, but then erroneously transmitted asWRLV LU D FLSKHU. This decrypted as TOIS IS A CIPHER. To"correct" this to THIS IS A CIPHER means changing only oneletter, and that an error relatively easy to make (K and R arereadily confused in some scripts).

But now suppose you encounter a message WKLV MU D FLTKHU. Usingthe Caesar decrypt gives you THIS JS A CIRHER. You have two errors,both interesting -- because both could more easily occur in the plaintext than in the cipher text! Was there an error in the original,or an error in the copying -- or have you not solved the cipher?

In fact, you have not solved the cipher, not quite. The above examplewas encrypted using a modified Caesar cipher: The bulk of the messagewas shifted three letters (standard Caesar), but every fifth letter(in this case, the first letter of IS and the P in CIPHER) wereencrypted with a Caesar shift of four letters instead of three.In a sample this small, you can't really prove the matter. In a longerpassage, such regular errors would be more obvious.

So we must somehow evolve criteria for dealing with thatquestion, How much error can we accept while stillpronouncing that we have "solved" our cipher? Thatis really the point of the whole exercise.

There is no simple answer for this. We can't even base our calculationson what we know of the scribe's reliability elsewhere. An encrypted textmay force the scribe to be more careful, and so reduce his errorrate. And it remains the editor's task to try to determine whyparticular errors took place. In other words, one must proceed alongthree lines: The actual decrypting process, a measure of goodness-of-fitfor the decrypting scheme, and an examination of the textual factors whichmight have led to corruption.

Which leads us to another interesting point: Decrypting anunknown cipheris much like making sense of an unknown language. (The two processes, infact, use much of the same vocabulary.) For hints on how to proceed fromhere, the interested reader, as well as studying texts on cryptography,might want to examine the various accounts of the deciphering ofLinear B and other ancient languages.

Which brings us to another warning. Something may look like anencoded message without being one. Scribes did, at times, set outto mess with the minds of their readers. A recent example of this hasbeen somewhat in the news (at least, I found articles about it ina science and an antiquities magazine in the same month). The iteminvolved is the so-called "Voynich manuscript," This firstappeared in 1586, when it was purchased by the Holy Roman EmperorRudolph II, and later vanished until re-discovered by Wilfrid Voynich.

The Voynich manuscript, which gives the appearance of being writtenin the fifteenth or sixteenth century, is in an unknown script whichnonetheless appears to be alphabetic. It is quite extensive -- 230pages! The contents resemble no known language, and yet the sheerbulk of the manuscript, plus its interesting regularities, make itappear an actual cipher and not just a collection of gibberish.

Yet ninety years of effort have completely failed to crack thecipher. Surely, if it were a known language, it would have beendecrypted by now. Yet it has not, and it is too recent for there tobe any likelihood that it is based on a dead language. The suspicionis that it is a hoax (the name of the Elizabethan forger Edward Kelleyhas been mentioned as a possible hoaxer). Recently, Gordon Rugg hasreconstructed a method, based entirely on techniques known in thesixteenth century, which could have been used to produce the manuscript.It is nearly certain, now, that the document is a forgery (though theconnection with Kelley is of course unproved).

This does not tell us anything about any other ancient encryptedmessage, of course. But it does remind us that hoaxes did and do exist;not every seemingly-garbled message actually has meaning behind it!

Tools and Examples

If you actually want to try your hand at some Greek cryptography,we can offer examples showing the technique. We'll start with a fairlysimple one. Here is the message you might receive. Two clues: It'sa monoalphabetic substitution cipher, and space means space. (A majorhelp, that.)

Cryptogram 1

ΗΙΠΚΩΟΦ ΛΔΧΗΦΙΦΗ ΥΦΜΠΨΕΠ ΘΗΦΨ ΩΣΠΨΦΜ ΗΚΚΗ ΘΔ ΑΗΑΦΗ ΜΔΧΦΗΞΠΘΠ ΘΗΦΨ ΙΠΩΣΠΨΦΜ ΘΠΚΠΦΟΦ ΥΦΜΠΨΕΠ ΠΜ ΘΓ ΜΟΛΓ ΥΠΥΣΗΧΘΗΦ ΟΘΦ ΠΜ ΠΘΠΣΟΥΚΓΨΨΟΦΨΑΗΦ ΠΜ ΡΠΦΚΠΨΦΜ ΠΘΠΣΓΜ ΚΗΚΔΨΓ ΘΓ ΚΗΓ ΘΟΤΘΓ ΑΗΦ ΟΤΙ ΟΤΘΓΨΠΦΨΗΑΟΤΨΟΜΘΗΦ ΛΟΤ ΚΠΥΠΦ ΑΤΣΦΟΨ ΓΨΘΠ ΗΦ ΥΚΓΨΨΗΦ ΠΦΨ ΨΔΛΠΦΟΜ ΠΦΨΦΜΟΤ ΘΟΦΨ ΧΦΨΘΠΤΟΤΨΦΜ ΗΚΚΗ ΘΟΦΨ ΗΧΦΨΘΟΦΨ Δ ΙΠ ΧΣΟΩΔΘΠΦΗ ΟΤ ΘΟΦΨΗΧΦΨΘΟΦΨ ΗΚΚΗ ΘΟΦΨ ΧΦΨΘΠΤΟΤΨΦΜ

A solution, with explanation of how you might find it,is here. The solutions pagealso contains several other ciphers you can try, and someadditional tools.