|This article needs additional citations for verification. (June 2009)|
In the history of cryptography, the Nihilist cipher is a manually operated symmetric encryption cipher originally used by Russian Nihilists in the 1880s to organize terrorism against the tsarist regime. The term is sometimes extended to several improved algorithms used much later for communication by the First Chief Directorate with its spies.
First the encipherer constructs a Polybius square using a mixed alphabet. This is used to convert both the plaintext and a keyword to a series of two digit numbers. These numbers are then added together in the normal way to get the ciphertext, with the key numbers repeated as required.
Consider the Polybius square created using the keyword ZEBRAS:
with a plaintext of "DYNAMITE WINTER PALACE" and a key of RUSSIAN. This expands to:
PT: 23 55 41 15 35 32 45 12 53 32 41 45 12 14 43 15 34 15 22 12 KEY: 14 51 21 21 32 15 41 14 51 21 21 32 15 41 14 51 21 21 32 15 CT: 37 106 62 36 67 47 86 26 104 53 62 77 27 55 57 66 55 36 54 27
Because each symbol in both plaintext and key is used as a whole number without any fractionation, the basic Nihilist cipher is little more than a numerical version of the Vigenère cipher, with multiple-digit numbers being the enciphered symbols instead of letters. As such, it can be attacked by very similar methods. An additional weakness is that the use of normal addition (instead of modular addition) leaks further information. For example, (assuming a 5 × 5 square) if a ciphertext number is greater than 100 then it is a certainty that both the plaintext and key came from the fifth row of the table.
Later variants or derivatives
During World War II, several Soviet spy rings communicated to Moscow Centre using two ciphers which are essentially evolutionary improvements on the basic Nihilist cipher. A very strong version was used by Max Clausen in Richard Sorge's network in Japan, and by Alexander Foote in the Lucy spy ring in Switzerland. A slightly weaker version was used by the Rote Kapelle network.
In both versions, the plaintext was first converted to digits by use of a straddling checkerboard rather than a Polybius square. This has the advantage of slightly compressing the plaintext, thus raising its unicity distance and also allowing radio operators to complete their transmissions quicker and shut down sooner. Shutting down sooner reduces the risk of the operator being found by enemy radio direction finders. Increasing the unicity distance increases strength against statistical attacks.
Clausen and Foote both wrote their plaintext in English, and memorized the 8 most frequent letters of English (to fill the top row of the checkerboard) through the mnemonic (and slightly menacing) phrase "a sin to err" (dropping the second "r"). The standard English straddling checkerboard has 28 characters and in this cipher these became "full stop" and "numbers shift". Numbers were sent by a numbers shift, followed by the actual plaintext digits in repeated pairs, followed by another shift. Then, similarly to the basic Nihilist, a digital additive was added in, which was called "closing". However a different additive was used each time, so finally a concealed "indicator group" had to be inserted to indicate what additive was used.
Unlike basic Nihilist, the additive was added by non-carrying addition (digit-wise addition modulo 10), thus producing a more uniform output which doesn't leak as much information. More importantly, the additive was generated not through a keyword, but by selecting lines at random from almanacs of industrial statistics. Such books were deemed dull enough to not arouse suspicion if an agent was searched (particularly as the agents' cover stories were as businessmen), and to have such high entropy density as to provide a very secure additive. Of course the figures from such a book are not actually uniformly distributed (there is an excess of "0" and "1" (see Benford's Law), and sequential numbers are likely to be somewhat similar), but nevertheless they have much higher entropy density than passphrases and the like; at any rate, in practice they seem never to have been successfully cryptanalysed.
The weaker version generated the additive from the text of a novel or similar book (at least one Rote Kapelle member used The Good Soldier Schweik) This text was converted to a digital additive using a technique similar to a straddling checkerboard.
The ultimate development along these lines was the VIC cipher, used in the 1950s by Reino Häyhänen. By this time, most Soviet agents were instead using one-time pads. However, despite the theoretical perfection of the one-time pad, in practice they were broken, while VIC was not.