Poem code

The poem code is a simple and insecure, cryptographic method which was used during World War II by the British Special Operations Executive (SOE) to communicate with their agents in Nazi-occupied Europe.

The method works by having the sender and receiver pre-arranging a poem to use. The sender chooses a set number of words at random from the poem and gives each letter in the chosen words a number. The numbers are then used as a key for a transposition cipher to conceal the plaintext of the message. The cipher used was often double transposition. To indicate to the receiver which words had been chosen, an indicator group of letters is sent at the start of the message.

Description
To encrypt a message, the agent would select words from the poem as the key. Every poem code message commenced with an indicator group of five letters, whose position in the alphabet indicated which five words of an agent's poem would be used to encrypt the message. For instance, suppose the poem is the first stanza of Jabberwocky:

’Twas brillig, and the slithy toves

     Did gyre and gimble in the wabe:

All mimsy were the borogoves,

     And the mome raths outgrabe.

We could select the five words THE WABE TOVES TWAS MOME, which are at positions 4, 13, 6, 1, and 21 in the poem, and describe them with the corresponding indicator group DMFAU.

The five words are written sequentially, and their letters numbered to create a transposition key to encrypt a message. Numbering proceeds by first numbering the A's in the five words starting with 1, then continuing with the B's, then the C's, and so on; any absent letters are simply skipped. In our example of THE WABE TOVES TWAS MOME, the two A's are numbered 1, 2; the B is numbered 3; there are no C's or D's; the four E's are numbered 4, 5, 6, 7; there are no G's; the H is numbered 8; and so on through the alphabet. This results in a transposition key of 15 8 4, 19 1 3 5, 16 11 18 6 13, 17 20 2 14, 9 12 10 7.

This defines a permutation which is used for encryption. First, the plaintext message is written in the rows of a grid that has as many columns as the transposition key is long. Then the columns are read out in the order given by the transposition key. For example, the plaintext "THE OPERATION TO DEMOLISH THE BUNKER IS TOMORROW AT ELEVEN RENDEZVOUS AT SIX AT FARMER JACQUES" would be written on grid paper, along with the transposition key numbers, like this:

15 8 4  19 1  3  5  16 11 18 6  13 17 20 2  14 9  12 10 7 T  H  E  O  P  E  R  A  T  I  O  N  T  O  D  E  M  O  L  I S  H  T  H  E  B  U  N  K  E  R  I  S  T  O  M  O  R  R  O W  A  T  E  L  E  V  E  N  R  E  N  D  E  Z  V  O  U  S  A T  S  I  X  A  T  F  A  R  M  E  R  J  A  C  Q  U  E  S  X

The columns would then be read out in the order specified by the transposition key numbers:

PELA DOZC EBET ETTI RUVF OREE IOAX HHAS MOOU LRSS TKNR ORUE NINR EMVQ TSWT ANEA TSDJ IERM OHEX OTEA

The indicator group (DMFAU) would then be prepended, resulting in this ciphertext:

DMFAU PELAD OZCEB ETETT IRUVF OREEI OAXHH ASMOO ULRSS TKNRO RUENI NREMV QTSWT ANEAT SDJIE RMOHE XOTEA

In most uses of code poems, this process of selecting an indicator group and transposing the text would be repeated once (double transposition) to further scramble the letters. As an additional security measure, the agent would add prearranged errors into the text as security checks. For example, there might be an intentional error in every 18th letter to ensure that, if the agent was captured or the poem was found, the enemy might transmit without the security checks.

Analysis
The code's advantage is that it provides relatively strong security without requiring any codebook.

However, the encryption process is error-prone when done by hand, and for security reasons, messages should be at least 200 words long. The security check was usually not effective: if a code was used after being intercepted and decoded by the enemy, any security checks were revealed. Further, the security check could often be tortured out from the agent.

There are a number of other weaknesses
 * Because the poem is re-used, if one message is broken by any means (including threat, torture, or even cryptanalysis), past and future messages will be readable.
 * If the agent used the same poem code words to send a number of similar messages, these words could be discovered easily by enemy cryptographers. If the words could be identified as coming from a famous poem or quotation, then all of the future traffic submitted in that poem code could be read. The German cryptologic units were successful in decoding many of the poems by searching through collections of poems.
 * Since the poems used must be memorable for ease of use by an agent, there is a temptation to use well-known poems or poems from well-known poets, further weakening the encryption (e.g., SOE agents often used verses by Shakespeare, Racine, Tennyson, Molière, Keats, etc.).

Development
When Leo Marks was appointed codes officer of the Special Operations Executive (SOE) in London during World War II, he very quickly recognized the weakness of the technique and the consequent damage to agents and to their organizations on the Continent, and began to press for changes. Eventually, the SOE began using original compositions (thus not in any published collection of poems from any poet) to give added protection (see The Life That I Have, an example). Frequently, the poems were humorous or overtly sexual to make them memorable ("Is de Gaulle's prick//Twelve inches thick//Can it rise//To the size//Of a proud flag-pole//And does the sun shine//From his arse-hole?"). Another improvement was to use a new poem for each message, where the poem was written on fabric rather than memorized.

Gradually, the SOE replaced the poem code with more secure methods. Worked-out Keys (WOKs) were the first major improvement—an invention of Marks. WOKs are pre-arranged transposition keys given to the agents, which made the poem unnecessary. Each message would be encrypted on one key, which was written on special silk. The key was disposed of by tearing a piece off the silk, when the message was sent.

A project of Marks, named by him "Operation Gift-Horse", was a deception scheme aimed to disguise the more secure WOK code traffic as poem code traffic so that German cryptographers would think "Gift-Horsed" messages were easier to break than they actually were. This was done by adding false duplicate indicator groups to WOK-keys, to give the appearance that an agent had repeated the use of certain words of their code poem. The aim of Gift Horse was to waste the enemy's time, and was deployed prior to D-Day, when code traffic increased dramatically.

The poem code was ultimately replaced with the one-time pad, specifically the letter one-time pad (LOP). In LOP, the agent was provided with a string of letters and a substitution square. The plaintext was written under the string on the pad. The pairs of letters in each column (such as P and L) indicated a unique letter on the square (Q). The pad was never reused while the substitution square could be reused without loss of security. This enabled rapid and secure encoding of messages.