In cryptography, the ADFGVX cipher was a field cipher used by the German Army on the Western Front during World War I. ADFGVX was in fact an extension of an earlier cipher called ADFGX.

Invented by Colonel Fritz Nebel and introduced in March 1918, the cipher was a fractionating transposition cipher which combined a modified Polybius square with a single columnar transposition.

## Nomenclature

The cipher is named after the six possible letters used in the ciphertext: A, D, F, G, V and X. These letters were chosen deliberately because they sound very different from each other when transmitted via Morse code. The intention was to reduce the possibility of operator error.

Nebel designed the cipher to provide an army on the move with encryption more convenient than trench codes but still secure. In fact, the Germans believed the ADFGVX cipher was unbreakable.[1]

## Operation of ADFGX

Suppose we need to send the plaintext message, "Attack at once". First, a secret mixed alphabet is filled into a 5 × 5 Polybius square, like so:

A D F G X
A b t a l p
D d h o z k
F q f v s n
G g j c u x
X m r e w y

i and j have been combined, to make the alphabet fit into a 5 × 5 grid.

Using this square, the message is converted to fractionated form:

```a  t  t  a  c  k  a  t  o  n  c  e
AF AD AD AF GF DX AF AD DF FX GF XF
```

Next, the fractionated message is subject to a columnar transposition. We write out the message in rows under a transposition key (here, "CARGO"):

```C A R G O
_________
A F A D A
D A F G F
D X A F A
D D F F X
G F X F
```

Next, we sort the letters alphabetically in the transposition key (changing CARGO to ACGOR), rearranging the columns beneath the letters along with the letters themselves:

```A C G O R
_________
F A D A A
A D G F F
X D F A A
D D F X F
F G F   X
```

Then it is read off in columns, in keyword order, yielding the ciphertext:

```FAXDF ADDDG DGFFF AFAX AFAFX
```

In practice, the transposition keys were about two dozen characters long. Long messages sent in the ADFGX cipher were broken into sets of messages of different and irregular lengths, thus making it invulnerable to multiple anagramming.[1] Both the transposition keys and fractionation keys were changed daily.

In June 1918, an additional letter, V, was added to the cipher. This expanded the grid to 6 × 6, allowing 36 characters to be used. This allowed the full alphabet (instead of combining I and J), plus the digits from 0 to 9. This mainly had the effect of considerably shortening messages which contained a large number of figures.

The cipher is based on the 6 letters ADFGVX. A table containing a random and secret alphabet is created with these letters as column headings and row identifiers. This results in the following table:

A D F G V X
A N A 1 C 3 H
D 8 T B 2 O M
F E 5 W R P D
G 4 F 6 G 7 I
V 9 J 0 K L Q
X S U V X Y Z

The text 'attack at 1200am' will translate to this:

A T T A C K A T 1 2 0 0 A M
AD DD DD AD AG VG AD DD AF DG VF VF AD DX

Then, a new table is created with a key as a heading. Let's use 'PRIVACY' as a key. Usually much longer keys or even phrases were used.

P R I V A C Y
A D D D D D A
D A G V G A D
D D A F D G V
F V F A D D X

The columns are sorted alphabetically based on the keyword and the table changes to this:

A C I P R V Y
D D D A D D A
G A G D A V D
D G A D D F V
D D F F V A X

Then, appending the columns to each other results in the following cipher text:

Having the keyword, the columns can be reconstructed and placed in the correct order. When using the original table containing the secret alphabet, the text can be deciphered.

## Cryptanalysis

ADFGVX was cryptanalysed by French Army Lieutenant Georges Painvin and the cipher was broken in early June 1918.[2] The work was exceptionally difficult by the standards of classical cryptography, and Painvin became physically ill during it. His method of solution relied on finding messages with stereotyped beginnings, which would fractionate the same, then form similar patterns in the positions in the ciphertext that had corresponded to column headings in the transposition table. (Considerable statistical analysis was required after this step had been reached — all done by hand.) This meant it was only effective during times of very high traffic — but, fortunately for the cryptanalysts, that was also when the most important messages were sent.

However, that was not the only trick Painvin used to crack the ADFGX cipher.[1] He used repeating sections of ciphertext to derive information about the likely length of the key being used. Where the key was an even number of letters in length he knew, due to the way the message was enciphered, that each column consisted entirely of either letter coordinates taken from the top of the Polybius Square, or from the left of the Square, but not a mixture of the two. He also knew that after substitution, but before transposition, the columns would alternately consist entirely of "top" and "side" letters. One of the characteristics of frequency analysis of letters is that while the distributions of individual letters may vary widely from the norm, the law of averages dictates that groups of letters vary less. With the ADFGX cipher, each "side" letter or "top" letter is associated with five plaintext letters. In the example above, the "side" letter "D" is associated with the plaintext letters "d h o z k", while the "top" letter "D" is associated with the plaintext letters "t h f j r". Since these two groups of five letters have different cumulative frequency distributions, then a frequency analysis of the "D" letter in columns consisting of "side" letters will have a distinctively different result from those of the "D" letter in columns consisting of "top" letters. This trick allowed Painvin to tentatively identify which columns consisted of "side" letters and which columns consisted of "top" letters. He could then pair them up and perform a frequency analysis on the pairings to see if they were noise, or real pairings that corresponded to plaintext letters. Once he had the proper pairings, he could then use frequency analysis to figure out the actual plaintext letters. The result was still transposed, but at that point all he had to do was unscramble a simple transposition. Once he determined the transposition scheme for one message, he would then be able to crack any other message enciphered with the same transposition key.[1]

Painvin broke the ADFGX cipher in April 1918, a few weeks after the Germans launched their Spring Offensive. As a direct result, the French army discovered where Ludendorff intended to attack. The French concentrated their forces at that point and it has been claimed that this stopped the Spring Offensive.

Note, however the claim that Painvin's breaking of the ADFGX cipher stopped the German Spring Offensive of 1918, while frequently made,[3] is disputed by some. In his 2002 review of Sophie de Lastours' book on this subject, La France gagne la guerre des codes secrets 1914-1918, in the Journal of Intelligence History, (Journal of Intelligence History: volume 2, Number 2, Winter 2002) Hilmar-Detlef Brückner states:

Regrettably, Sophie de Lastours subscribes to the traditional French view that the solving of a German ADFGVX-telegram by Painvin at the beginning of June 1918 was decisive for the Allied victory in the First World War because it gave timely warning of a forthcoming German offensive meant to reach Paris and to inflict a critical defeat on the Allies. However, it has been known for many years, that the German Gneisenau attack of 11 June was staged to induce the French High Command to rush in reserves from the area up north, where the Germans intended to attack later on.

To achieve this, its aim had to be grossly exaggerated. This the German High Command did by spreading rumors that the attack was heading for Paris and beyond; disinformation proved effective then - and apparently still does. But the German offensive was not successful because the French had a sufficient number of reserves at hand to stop the assault and did not need to bring in additional reinforcements.

Moreover, it is usually overlooked that the basic version of the ADFGVX cipher had been particularly created for the German spring offensive in 1918, meant to deal the Allies a devastating blow. It was hoped that the cipher ADFGX would protect German communications against Allied cryptographers during the assault and this is what it indeed did.

Telegrams in ADFGX appeared for the first time on 5 March, the German attack started on 21 March. When Painvin presented his first solution of the code on 5 April, the German offensive had already petered out.

The ADFGX and ADFGVX ciphers are now regarded as insecure.

## Notes

1. ^ a b c d
2. ^ Newton, David E. (1997). Encyclopedia of Cryptography. Santa Barbara California: Instructional Horizons, Inc. p. 6.
3. ^ "Painvin's manna had saved the French" writes David Kahn in The Codebreakers - The Story of Secret Writing, 1967, ISBN 978-0-684-83130-5, Ch. 9. Kahn also details the role that Painvin's decryption of German messages played in the French response to Operation Gneisenau.

## References

• Friedman, William F. Military Cryptanalysis, Part IV: Transposition and Fractionating Systems. Laguna Hills, CA: Aegean Park Press, 1992.
• General Solution of the ADFGVX Cipher System, J. Rives Childs, Aegean Park Press, ISBN 0-89412-284-3