The method works by the sender and receiver pre-arranging a poem to use. The sender chooses a set number of words at random from the poem and gives each letter in the chosen words a number. The numbers are then used as a key for some cipher to conceal the plaintext of the message. The cipher used was often double transposition. To indicate to the receiver which words had been chosen an indicator group is sent at the start of the message.
To encrypt a message, the agent would select words from the poem as the key. Every poem code message commenced with an indicator-group of five letters, which showed which five words of an agent's poem had been used to encrypt the message.
The words would be written sequentially, and their letters numbered to create a transposition key to encrypt a message. For example, if the words are YEO THOMAS IS A PAIN IN THE ARSE, then the transposition key is: 25 5 16, 23 8 17 13 1 20, 10 21, 2, 18 3 11 14, 12 15, 24 9 6, 4 19 22 7. These are the locations of the first appearances of A's, B, etc. in the sentence.
This defines a permutation which is used for encryption (25->1, 5->2 etc.). First, the plaintext message is arranged in columns. Then the columns are permuted, and then the rows are permuted.
For example, the text "THE OPERATION TO DEMOLISH THE BUNKER IS TOMORROW AT ELEVEN" would be written on grid paper as:
(The above transposition key requires longer messages which would have at least 25 columns and 25 rows).
Security checks: As an additional security measure, the agent would add prearranged errors into the text as security checks. For example, there might be an intentional error in every 18th letter. This was to ensure that, if the agent was captured or the poem was found, the enemy might transmit without the security checks.
The code's advantage is to provide relatively strong security while not requiring any codebook.
However, the encryption process is error-prone when done by hand, and for security reasons, messages should be at least 200 words long. The security check was usually not effective: if a code was used once intercepted and decoded, any security checks were revealed and could often be tortured out from the agent.
There are a number of other weaknesses
- Because the poem is re-used, if one message is broken by any means (including threat, torture, or even cryptanalysis), past and future messages will be readable.
- If the agent used the same poem code words to send a number of similar messages, these words could be discovered easily by enemy cryptographers. If the words could be identified as coming from a famous poem or quotation, then all of the future traffic submitted in that poem code could be read. The German cryptologic units were successful in decoding many of the poems by searching through collections of poems.
- Since the poems used must be memorable for ease of use by an agent, there is a temptation to use well-known poems or poems from well-known poets further weakening the analysis (e.g. SOE agents often used verses by Shakespeare, Racine, Tennyson, Molière, Keats, etc.).
When Leo Marks was appointed codes officer of the Special Operations Executive (SOE) in London during World War II, he very quickly recognized the weakness of the technique, and the consequent damage to agents and to their organizations on the Continent, and began to press for changes. Eventually, the SOE began using original compositions (thus not in any published collection of poems from any poet) to give added protection (see The Life That I Have, an example). Frequently, the poems were humorous or overtly sexual to make them memorable ("Is de Gaulle's prick//Twelve inches thick//Can it rise//To the size//Of a proud flag-pole//And does the sun shine//From his arse-hole?"). Another improvement was to use a new poem for each message, where the poem was written on fabric rather than memorized.
Gradually the SOE replaced the poem code with more secure methods. Worked-out Keys (WOKs) was the first major improvement – an invention of Marks. WOKs are pre-arranged transposition keys given to the agents and which made the poem unnecessary. Each message would be encrypted on one key, which was written on special silk. The key was disposed of, by tearing a piece off the silk, when the message was sent.
A project of Marks, named by him "Operation Gift-Horse", was a deception scheme aimed to disguise the more secure WOK code traffic as poem code traffic, so that German cryptographers would think "Gift-Horsed" messages were easier to break than they actually were. This was done by adding false duplicate indicator groups to WOK-keys, to give the appearance that an agent had repeated the use of certain words of their code poem. The aim of Gift Horse was to waste the enemy's time, and was deployed prior to D-Day, when code traffic increased dramatically.
The poem code was ultimately replaced with the one-time pad, specifically the letter one-time pad (LOP). In LOP, the agent was provided with a string of letters and a substitution square. The plaintext was written under the string on the pad. The pairs of letters in each column (such as P,L) indicated a unique letter on the square (Q). The pad was never reused while the substitution square could be reused without loss of security. This enabled rapid and secure encoding of messages.
- Between Silk and Cyanide by Leo Marks, HarperCollins (1998) ISBN 0-00-255944-7; Marks was the Head of Codes at SOE and this book is an account of his struggle to introduce better encryption for use by field agents; it contains more than 20 previously unpublished code poems by Marks, as well as descriptions of how they were used and by whom.