A Castor cipher is something I came up with that reminded me of the fractionating Morse code cipher Pollux so the name seemed to fit well.

The idea is that you don’t need all of the letters of the alphabet to spell out a legible message, especially with only 97 characters.  It also has been bothering me how to explain how every letter of the alphabet is represented because via monoalphabetic substitution (no matter how clever) we would therefore end up with every letter of the alphabet represented.  You’d need to write the message out specifically including those letters a la Scrabble.

An alternate explanation is by developing a cipher that uses less than 26 letters.  For example, let’s say we only want to use 13.  I’d use E, T, N, O, R, I, A, S, H, D, L, C and U.  These are the 13 most common letters so it would seem they are the easiest to make a message that actually made sense.

Now the trick is to make a substitution alphabet where each of our 13 letters can be represented by 2 different possible ciphertext letters.  The actual choice by the cryptographer would matter little because the recipient would automatically know that T and Y both = E so whether the sender used more T’s than Y’s doesn’t change the message.  The benefits to this cipher are that you can manipulate the letter frequencies at will simply by adjusting the ciphertext values associated with your plaintext letters.  You also maintain the length of your original message so we would retrieve 97 letters of plaintext from the 97 letters of ciphertext.

Is it vulnerable to analysis?  Sure.

Does it completely solve the problem?  No, not really.

Is it interesting?  Yeah, why not.

It’s worth considering as it is not too far out into the lunatic fringe.  Let’s move on to how to analyze these things to see how it compares to what we know of K4.

The first and easiest way of using a Castor cipher is by using a 13 letter alphabet with two available cipher letters for each.  Simplest way of assigning CT is alternating them.  What is a characteristic of this type of ciphering?  No letter repeats.  Even if the plaintext letter repeats, it will not repeat in the ciphertext as you alternate between the possible CT letters.


So with the simplest stylings of the Castor cipher, it cannot work for K4.  How could we work around this dilemma?

The two options available in my mind were random chance or frequency analysis driven enciphering.

With random chance some method would be needed outside of the cryptographer to generate the randomness.  The human element will always be the weakest in this type of ciphering as we naturally try and influence randomness which actually reduces the entropy of the cryptosystem.

Frequency-driven Castor ciphering is simply a means of artificially controlling the letter frequencies by the choices of CT made.  Using the most common letters, the letter frequencies will be muted already and by effectively halving the frequency of the letter “E” for example then we provide a situation where the analyst can be confounded.  It would be perhaps better to not have completely flat frequencies but seek the middle ground.  Why?  Let’s consider K4 again:


There are 8 K’s which would lead us to think these were E’s in the case of straightforward frequency counting.  Let’s for arguments sake look at the E’s and T’s.  Let’s say that E’s are enciphered with S’s and T’s while T’s are enciphered with K’s and C’s.  The cryptographer in this example would have thrown us by allowing the peak of 8 K’s in CT which would generally lead us to assume they were E’s because there’s more of them.  In reality, there are more E’s but the distribution is spread out more evenly.  There are 12 E’s via 6 S’s and 6 T’s.  There are 10 T’s via 8 K’s and 2 C’s.

A further convolution would be using less than 13 letters in the message.  This would give an uneven Castor ciphering where some plaintext letters are enciphered by 2 or even three letters.  In the case of K4, we must assume that an effort has been made to include all of the letters of the alphabet but in a private message you could leave out some letters of ciphertext.

Conceivably you could also adjust the ciphertext frequencies to match plaintext thereby hiding a substitution under the guise of a tranposition.

What are some descriptive characteristics of this cipher-system I’ve made up?  It’s a symmetric key cipher because the recipient would need the decryption table.  It’s non-keyed.  By itself it is decent but a transposition would not affect much except make confident deciphering attempts slightly more challenging. 

I rather like my little made-up cipher.

It’s just as plausible as many traditional methods and while it is home-made it still remains in the realm of the plausible and avoids being batshit crazy.

I’m not exactly sure at this point how to recommend analysis…

I guess I’ll have to work on that unless someone could suggest something useful?

I doubt I’m the first to have thought of something like this but it seems I’m the first to name something as a Castor cipher.  It seems like a nice fit to the problem of K4 so I’ll try and see if I can figure out some kind of strategy.  If something similar was employed perhaps a slight dent could be made in K4’s invulnerability.