Between Silk and Cyanide

by Leo Marks

Reviewed by Arnold Reinhold

Leo Marks has written an entertaining, yet historically significant autobiography of his wartime experiences working for the Special Operations Executive S O E in England. Is remarkable in part because of his ability to remember his attitudes as a 22 year old junior officer even though he is now in his 80's. (Marks became a screenwriter of note after the war. His filmography at www.imdb.com lists 9 writing credits and several acting roles.) A major subtext of this work is Mr. Marks' "coming of age" in the midst or World War II. However I will focus on the cryptological aspects of his book.

Cryptography was a childhood hobby for Marks. Family connections got him into a training class for Britain's famed cryptography establishment, but a bad case of attitude cost him a slot at Bletchley Park and instead he was sent off to the Special Operations Executive (SOE) in downtown London. His new employers were distressed at how long it took him to decoded a message until they realized he didn't know he had been supplied with the key. He in turn is horrified at the simplicity of the codes that SOE is using to communicate with secret agents in Europe: a double transposition cipher keyed by five words from a memorized poem. The five words differ for each message and are indicated in a prefix to the message. His first step to improve the security of SOE's agent communications is to discourage agents from using classic poetry and get them to use poems Marks and others make up instead. This prevents German cryptographers from guessing the poems using the five word key they recover from cracking a single message. Marks includes several examples of his rhymes. One possible title for this book might have been "War Poet."

Marks quickly realized that the real danger from messages being read by the Germans was not just the exposure of one message's content, but the ability of the Germans to figure out the security checks the agents employ. SOE instructed agents to make certain predictable "mistakes" in each messages. If they were captured and forced to continue sending messages, they should simply omit those mistakes, thereby alerting the British to their capture. In fact Mr. Marks soon finds out that a large amount of the traffic coming from Europe, especially the Netherlands, does not have valid security checks. The people in charge of running those agents assure him that this is due to sloppiness and lapses in training rather than actual capture. Sadly, they were wrong.

Indecipherables

In addition to worrying about code security, Mr. Marks devoted much of his energy to the problem of "indecipherables." These are messages from agents that do not decode properly, usually due to coding errors or garbles in transmission. If the messages cannot be read, the agents were instructed by radio to recode and send them again, puting those agents at much greater risk of detection and capture. Mr. Marks puts his code breaking skills to good use and ends up turning his code clerks into a small cryptanalysis unit to decode these messages using related key attacks. He earns great respect from the agents who understand he is saving their lives.

Marks is at first stymied by indecipherable messages that come from the Free French. The French insisted on using a code supplied by General de Gaulle and kept secret from the British. But our smart aleck hero was more concerned with agent safety than diplomatic sensibilities and managed to solve this problem without anybody losing face.

Mr. Marks next major idea toward improving cryptographic security is to replace the poems with a list of single-use transposition keys . This goes against the time-honored doctrine that keys should be memorized, but the Germans were were known to use torture to extract keys and it was assumed that few agents would resist for long. The printed (on silk) key list offers two advantages. First the agents can do their coding more quickly and more accurately since they don't have to deal with the complicated and error prone conversion of poems into transpositions. In addition the agents can destroy keys that have already been used, preventing the Germans from reading past messages in the event of capture. In modern cryptography, this concept is termed "forward security,") and it also allowed the agents to use less ambiguous security checks, since the Germans could not compare them to earlier messages.

One time pads

Mr. Marks the third innovation was to recommend to the use of one time pads. Marks knew that one time pads offer absolute security against cryptanalysis. They had another advantage in that messages can be short. To ensure the SOE transposition cipher had adequate security required a minimum message size of 200 characters. That kept agents on the air longer and increased their risk of detection.

But Marks is familiar with one time pads only in the context of "mainline" communications codes where the one time pads are all digits. It takes him a while to figure out how to use letters in one time pads, but he eventually gets it. One thing I found puzzling is that he used a complex of transposition table to combine the letters in a message text with the letters in the one time pad. (Several examples of the table are shown in the photo section.) He can be forgiven for not realizing that simple modulo 26 addition (a+a=a, a+b=b, b+b=c, ...) would suffice and could be memorized or recreated in the field. What is now baby level cryptography was top-secret than. But if it appears that the folks at Bletchley Park approved his system. Using the transposition table increased the amounts of secret material each agents had to carry into the field on necessarily without adding any security.

Acording to Peter McCollum http://www.geocities.com/saipan59/clan_radio/otp.html the CIA uses a simpler table, but with a reverse alphabet. Thus a key of "A" means a->z, b->y, c->x, etc. This is still more complex than it needs to be.

Another cryptographic puzzle in the book is a system Marks says he developed that allowed a master agent to give agents recruited in the field a security code that the master agent could not compromise in the event of his later capture. Britain still considers this technique classified and asked him not to reveal its details.

The Netherlands catastrophy

A main cryptologic theme in this book is Marks' growing realization that something was seriously wrong in the Netherlands section and his apparent inability to convince others of the extent of the disaster. Before it was over, 54 agents were captured, 47 of whom were shot and 95 parachute drops fell into waiting German hands carrying tons of guns, explosives and ammunition. David Kahn refers to this episode as "the worst Allied defeat in the espionage war."

Marks puts this tragic story in a different context: the bureaucratic battle between SOE and the main British intelligence service that Marks knows as "C." Apparently C believed that SOE was ineffectual and wanted to disband them or at least take them over. Evidence that the Netherlands operation was compromised would have been all the ammo they need. So in a classic bureaucratic maneuver, Marks is instructed to look for evidence beyond the security check failures. It dawns on him that the Netherlands is the only country that does not generate indecipherables. To him, this suggested efficient German clerks were encoding the messages, not bona fide agents, but his superiors professed to be unconvinced. He comes up with other ploys, including getting his radio operators to send "HH" (a German procedure sign for "Heil Hitler") in Morse code at the end of a message. The "agent" reflexively returns the HH, but Marks superiors are apparently still not convinced.

Phillipe Ganier-Raymond's "A Tangled Web," Arthur Barker Ltd., 1968, tells the same story from the perspective of the agents in Holland and the Germans themselves, including Marks' counterpart, Major Giskes, who survived and is interviewed. The tone of this book is appropriately darker and Ganier-Raymond devotes his last chapter to the bitter questions of the Dutch survivors and several possible answers. British bureaucrat infighting is not among them.

Another Explaination

I believe there is yet another possible explanation for the continuation of the Netherlands fiasco in the face of Marks' evidence. The British had a big secret of their own to protect: they had cracked many of the German's codes. And Britian was running a very complex deception too. It had penetrated the German spy network in England even more throughly than the Germans had compromised SOE's in Holland. But the British use of their counter espionage asset was far more strategic. They employed it to mislead the Germans about the coming invasion of Europe. They did this by having the notional spies they ran send numerous reports of troop sightings that the German intelligence could assemble into map of all the Allied forces stationed in Britain. They expected, correctly as it turned out, that this map would convince the Germans that the invasion was planned for Calais instead of Normandy.

This deception was so subtle and effective that the Germans assumed the actual invasion in Normandy was a diversion, and kept several divisions in reserve awaiting the main Calais invasion. Germany awarded the British-run spies the Iron Cross for their excellent work and continued to employ the network to refine the aim of V-2 rockets, allowing the British to divert the V-2s away from London to more rural areas.

While the Netherlands fiasco may have started with incompetence and may have been covered up initially by bureaucratic infighting, it was very much in the Allies' interest to have the German intelligence establishment and high command believe the British were a bunch of cryptographic nincompoops. If the Britts could be so easily fooled, surely the German codes were safe and the German spy net in England must be operating undetected. In the cruel calculus of war, 54 agents and a few thousand guns and supplies are a cheap insurance policy for what the Allied Normandy deception accomplished. It would be interesting to know if Marks' report made its way up the chain of command to the central deception committee. Unfortunately, most of SOE's records were destroyed after the war in a fire, so we may never know the true story.

Bletchley Park

Another subplot in this book is Marks' relationship with Bletchley Park. Bletchley was part of C so Marks had to be careful what he told them, but it is clear that they looked kindly on his efforts. At one point Marks decides to send one time pad traffic with poem code headers in order to tie up any German cryptographers who would try to crack that traffic. He gets a visitor from Bletchley who is a bit cross with him for not sharing his clever idea with them. I strongly suspect Bletchley was monitoring his traffic and wasted some time themselves trying to break these messages. If they were monitoring SOE agent traffic they may have had independent reason to suspect the Netherlands operation. Again, we may never know.

Conclusion

Leo Mark's book will entertain anyone who enjoys spy novels and is "must read" material for anyone interested in cryptography. It is now available in paperback.

We are sad to report Leo Marks passed away on January 15, 2001.

Errata

One reviewer on Amazon.com points out:

"Anyone interested in trying the double transposition leading to the code on Page 46 should note that the transposition key of 'ALL THINGS BRIGHT AND BEAUTIFUL' is:

1 16 17 23 11 13 19 9 22 4 21 14 10 12 24 2 20 6 5 7 3 26 25 15 8 27 18
not:
1 16 17 23 11 13 19 9 22 4 21 14 10 12 24 2 20 7 5 6 3 26 25 15 8 27 18

With these changes, Message 2 encodes as stated, although there appears to be one error in Message 1."

agr 2000-12-10, 2001-1-31