World War II Dead Pigeon Code: Cracked?

World War II was a watershed moment for cryptologists: The Native American code talkers; the Nazis’ field-deployed cipher hardware; Alan Turing and the efforts at Bletchley Park. These all even have their own movies. Or a History Channel documentary, at the very least. But one unsung aspect of the crypto-tasticness of the war is the extensive use of homing pigeons.

These brave feathered creatures were used to carry messages to and from England and friendlies in Nazi-occupied territories like France—at great danger to themselves, of course. As much as I can’t help picturing these guys wearing little bird helmets with little bird chin straps, the reality is, they went it alone, without a shred of protection—with rolled-up, encrypted messages affixed to their little bird legs in little bird-sized canisters.

This may have been a forgotten chapter if it weren’t for a man in the South of England who discovered a pigeon skeleton while renovating his chimney—and the skeleton had an encoded message still attached.

That touched off a quest to crack the Dead Pigeon code. And now, 22-year-old Dídac Sánchez from Spain claims that he’s done it.

According to The Telegraph, Sánchez—a Barcelona entrepreneur, said that he has spent about $1.7 million and three years to solve the puzzle.

“I put out advertisements on the internet, asking for certain mathematical and IT skills to get the best people for the job,” he said. “The selection process took four or five months as a lot of people turned up claiming to know a lot and then when it came down to it, they were useless. I thought about throwing in the towel at one point.”

So what does it say? We may never know. The UK’s GCHQ has confirmed that Sánchez has contacted British authorities with the message and the code; but he’s not revealing anything publicly.

That’s likely because he now plans to market new security software that he says is based on the code. The 4YEO (For Your Eyes Only) encryption will allow any text, document, WhatsApp, Messenger, SMS or Skype conversation to be encrypted, as well as telephone calls. The system is “impossible to crack,” he claims, and is offering €25,000 to anyone who can figure out the code’s structure by the end of the year.

Will Sanchez’ code fly, as it were? Some are skeptical and think that this is all simply a marketing ploy--because in all likelihood the Dead Pigeon code method is unsolvable anyway.

“If the sender was a field agent in occupied France, he may well have had a one-time pad, a sort of cipher that uses a randomly generated key that is as long as the message,” explained Paul Ducklin, a Sophos Security researcher, in a column. Ducklin lays out in detail more about how this type of encoding works, and why it’s rather airtight, and why it means that the message should be considered unbreakable.

He added, “Only two copies of the key ever exist: the agent takes one key, or more usually a code-pad consisting of numerous sheets of daily keys, and the agent's handler keeps the other. By destroying one page of the code-pad each day, whether a message was sent or not, the field agent can ensure that each key is only ever used once, or not at all, and the handler can keep in synchronization.”

Only time will tell what the truth is. It looks like it’s up to the British government to decide whether to release the message to the public, fittingly, just as the Allied spy agent released the pigeon that started his whole thing, more than 70 years ago.

What’s Hot on Infosecurity Magazine?