The poem code was a rather rudimentary, and frankly, insecure, cryptographic method that saw some use during the Second World War. The British Special Operations Executive, or SOE as they were more commonly known, employed this technique to relay messages to their operatives scattered across Nazi-occupied Europe. It’s the kind of thing you might expect from someone trying to hide a note in plain sight, a desperate measure rather than a robust solution.
The core principle, if you can call it that, involved pre-arranging a specific poem between the sender and receiver. The sender would then select a predetermined number of words from this poem. These chosen words, or rather, the letters within them, were then assigned numerical values. These numbers formed the basis of a key for a transposition cipher, a method where the order of letters in the plaintext is rearranged. More often than not, this transposition was applied twice – a "double transposition" – to add a thin veneer of complexity. To let the recipient know which words from the shared poem were actually used for that particular message, a unique indicator group of letters was appended to the beginning of the ciphertext. It’s like leaving a breadcrumb trail, except the breadcrumbs are made of letters and the forest is a continent under occupation.
Description
The process for encrypting a message using the poem code was as follows: an agent would first select words from their pre-arranged poem. Every message transmitted using this method commenced with a distinctive five-letter indicator group. The position of these letters within the alphabet corresponded to specific words within the agent's chosen poem, dictating which words would be used to construct the encryption key.
Let's take a hypothetical example, using the opening stanza of Lewis Carroll's Jabberwocky as the shared poem:
’Twas brillig, and the slithy toves Did gyre and gimble in the wabe: All mimsy were the borogoves, And the mome raths outgrabe.
Imagine the agent chose the words THE WABE TOVES TWAS MOME. These words appear at positions 4, 13, 6, 1, and 21 respectively within the stanza. To represent these word choices, a corresponding indicator group, DMFAU, would be generated. This group serves as the initial signal, allowing the recipient to identify the precise words from the poem that form the key for decryption.
Once the five words were identified, they were written out sequentially. The letters within these words were then numbered according to a specific, albeit tedious, system. The numbering began by assigning '1' to the first 'A', '2' to the second 'A', and so on, for all instances of the letter 'A' across the five chosen words. This process continued alphabetically: all the 'B's were numbered next, then 'C's, and so forth. Any letters not present in the selected words were simply skipped. Applying this to our example words, THE WABE TOVES TWAS MOME, would yield a transposition key like this: 15 8 4, 19 1 3 5, 16 11 18 6 13, 17 20 2 14, 9 12 10 7. This sequence of numbers defines the permutation that dictates how the plaintext will be rearranged.
To encrypt the actual message, the plaintext was written out in rows, filling a grid. The number of columns in this grid was determined by the length of the transposition key. The columns were then read out in the order specified by the numerical sequence of the key. For instance, if the plaintext message was "THE OPERATION TO DEMOLISH THE BUNKER IS TOMORROW AT ELEVEN RENDEZVOUS AT SIX AT FARMER JACQUES", it would be laid out in a grid, with the key numbers above each column:
15 8 4 19 1 3 5 16 11 18 6 13 17 20 2 14 9 12 10 7
T H E O P E R A T I O N T O D E M O L I
S H T H E B U N K E R I S T O M O R R O
W A T E L E V E N R E N D E Z V O U S A
T S I X A T F A R M E R J A C Q U E S X
The columns would then be extracted in the sequence dictated by the key: 1, 2, 3, 4, and so on, up to the final column. This would result in a jumbled string of letters. The previously determined indicator group, DMFAU, would then be placed at the very beginning of this scrambled text, creating the final ciphertext.
DMFAU PELAD OZCEB ETETT IRUVF OREEI OAXHH ASMOO ULRSS TKNRO RUENI NREMV QTSWT ANEAT SDJIE RMOHE XOTEA
The security of this method was often further enhanced by employing a double transposition. This meant the entire process of selecting an indicator, generating a key, and transposing the text was performed a second time. As an additional layer of security, agents were sometimes instructed to introduce deliberate, prearranged errors into the text. This was intended as a security check; if the enemy managed to intercept and decode a message, these known errors would reveal that the code had been compromised, or that the agent was operating under duress. It was a rather desperate attempt to maintain some semblance of control.
Analysis
The primary advantage of the poem code, and the reason it persisted for as long as it did, was its apparent simplicity. It offered a degree of security without the need for complex codebooks or specialized equipment, relying instead on memorization and a shared literary reference. For agents operating in hostile territory, often with limited resources, this was a significant consideration.
However, the practical application of the poem code was fraught with peril and inherent weaknesses. The manual encryption and decryption process was exceedingly prone to errors. Even a single misplaced letter could render a message unintelligible, or worse, lead to fatal misunderstandings. For the sake of security, messages were meant to be at least 200 words long, a requirement that often proved impractical given the demands of clandestine operations.
The supposed security checks, the prearranged errors, were often rendered ineffective. If an enemy cryptographer managed to break a code, including identifying these deliberate mistakes, they could then transmit false messages laced with the same errors, sowing confusion and misinformation. Furthermore, the agents themselves could be captured and tortured, revealing these security checks and rendering them useless.
There were several other critical vulnerabilities:
- Reusability of the poem: The most glaring flaw was the reuse of the same poem as the basis for the key. If even a single message was compromised – through interception, capture of the agent, or successful cryptanalysis – then all previous and future messages encrypted using that same poem and key words became vulnerable. It was like leaving the master key under the mat.
- Familiarity of the poems: The very nature of the poem code demanded that the chosen poems be memorable for the agents. This created an irresistible temptation to select well-known verses from popular poets or literary works. This familiarity, while aiding memorization, significantly weakened the encryption. German cryptologic units became adept at breaking these codes by simply searching through collections of famous poems, looking for matches to intercepted ciphertext. Operatives often found themselves using verses from esteemed authors like Shakespeare, Racine, Tennyson, Molière, and Keats, effectively handing the enemy a ready-made crib sheet.
- Pattern Recognition: If an agent, in their haste or lack of discipline, used the same sequence of poem code words to send multiple similar messages, these patterns could be easily identified by enemy cryptographers. This predictability was a hacker's dream.
Development
When Leo Marks took over as the codes officer for the SOE in London during World War II, he quickly recognized the severe limitations and inherent dangers of the poem code. He understood that its weaknesses were directly contributing to the capture and destruction of agents and their networks on the Continent. He began a persistent campaign to introduce more secure cryptographic methods.
Eventually, the SOE started to adopt the practice of using original poetic compositions, specifically created for the purpose of encryption. These were not published works, thus adding a crucial layer of protection by removing the temptation to use well-known texts. One such example is the poem known as The Life That I Have, arguably the most famous of these code poems. To further enhance memorability, these original poems were often written with a humorous or overtly sexual tone, making them stick in the agents' minds. Marks himself recounts composing rather graphic verses for this purpose, a rather unconventional approach to espionage. Another improvement involved printing the poem on fabric rather than relying on agents memorizing it, allowing for more complex and less easily recalled verses.
Gradually, the SOE moved away from the poem code altogether, transitioning to more sophisticated and secure systems. The first significant advancement was the introduction of Worked-out Keys (WOKs). This invention, also credited to Marks, eliminated the need for a poem altogether. Agents were issued pre-arranged transposition keys, often printed on silk. A portion of the silk key was torn off and destroyed after each message was sent, ensuring that the key was used only once.
Marks also orchestrated a clever deception scheme, codenamed "Operation Gift-Horse." The objective was to disguise the traffic from the more secure WOK system as if it were still using the weaker poem code. This was intended to mislead German cryptographers, making them believe that the intercepted messages were easier to break than they actually were. The scheme involved adding false duplicate indicator groups to the WOK keys, creating the illusion that an agent was repeatedly using the same words from a code poem. Operation Gift-Horse was particularly crucial in the lead-up to D-Day, when the volume of coded traffic increased dramatically, and its aim was to waste valuable enemy cryptanalytic resources.
Ultimately, the poem code was superseded by the one-time pad, specifically a letter-based version known as the LOP (Letter One-Time Pad). In this system, agents received a string of letters and a substitution square. The plaintext was written beneath the string of letters on the pad. Each pair of letters in a column (one from the plaintext, one from the pad) corresponded to a unique letter on the substitution square, which was then used for encryption. The pad itself was never reused, while the substitution square could be employed multiple times without compromising security. This method allowed for rapid and highly secure message encoding.