‘Venona‘ was the code name for US decrypts made on Soviet traffic, some of which were encoded using a One Time Pad. The codename in the UK was ‘Bride’
If used correctly, a One Time Pad is unbreakable. The Soviets knew this, and used One Time Pads for much of their encryptions, for trade and diplomatic messages as well as covert traffic.
So, how was it possible for the messages to be broken?
The Soviets had a difficulty, and that was key distribution. They needed to generate and distribute a large amount of random data. This data had to be kept secure as it was distributed to their embassies and agents. This was a monumental task.
They cheated.
They reused some keys on different ‘channels’ of communication, hoping that nobody would notice. Meredith Gardner was able to combine ciphertexts and remove the effect of the randomising key, in much the same way that the German Lorenz machine was first analysed. This allows the cryptanalysts to guess at letters on one message which used a particular key and try to find guesses which ‘made sense’ in the other message.
Not all of the traffic was encoded with One Time Pads, though. Over time. Using a variety of methods ranging from defections to buggings and burglaries, more Soviet traffic was decrypted.
The programme ceased in 1980, having started in the 40s. In the 1990s, Venona decrypts were released to the public in several batches and are available for download.
Note that there are, at this time, HTML errors in some links on the Venona webpages. Some links refer to things like: http://localhost/venona/venon00026.cfm
To fix this, just copy the link, paste it into the address bar, and replace ‘localhost’ with www.nsa.gov, so the above becomes: http://www.nsa.gov/venona/venon00026.cfm
2 Comments
By my count from the NSA decrypts there were 13 code names for VENONA. There is no indication that BRIDE was uniquely the British term. Here are the cover names I got from the decrypts.
ACORN
BRIDE
CANOE
COPSE
CREAM
DAUNT
DINAR
DRUG
EIDER
FROTH
GLINT
JADE
SUEDE
TRINE
UMBRA
VENONA
Your explanation of the Soviet reuse of the one time pads is weak, and technically incorrect. First their motivation. According to Cecil Philips’s opinion, the Soviet code makers were badly stressed due to the war. Don’t forget, they were nearly defeated. They could not generate one time pads in the quantities needed. But they did not duplicate pads. They duplicated sheets and interspersed them among different pads. Haynes and Klehr repeat Philip’s opinion in their book, “Decoding VENONA.” They did hope that a duplicated page here and a page there would not be noticed.
The Soviets used a one-part code book, probably to compress text thus saving expenses on cables. The code book consisted of four-digit entries. The code book wasn’t particularly secure. To these digits, the cipher clerk added digits from a sheet or sheets of the one time pad. Sheets were destroyed after use. You fail to mention the underlying code book in your description. There were several code books in use at various times. I count six, and others count five. Also, the code books provided for a simple substitution cipher, called “spelling alphabets”, for terms not in the code book. The KGB used two spelling alphabets, two digits per character, one for Cyrillic, the second for Latin, and some names are enciphered in both alphabets for clarity. The simple substitutions were also super encrypted with the one time pad. The Naval GRU used a single spelling alphabet that included both Cyrillic and Latin. I suspect this was a particularly clever system described by David Kahn in his history of cryptography where the most frequent letters are represented with single digits, and the others with two, without ambiguity. The result is little expansion of text. But I have no proof that this particular method was used.
The code books and the spelling alphabets had to allow for shift codes to mark going from four digit codes to the spelling alphabets, and vice versa. Also, Russian is a declined language, so must have code book entries for case endings. You have to know if a noun is the genitive, the dative, etc. You must know if this intelligence is FROM Richard (Richard said it), or by means of Richard (Richard supplied it). However, in the only message for which the Russian plaintext is provided (the ALES/Alger Hiss msg), case was suppressed where meaning would not be lost. Svetlana Chervonnaya, a Russian historian, has told me this practice was common.
Thanks for your comment – always useful to have more information. Though I think you missed the original intent of these articles:
‘Your explanation of the Soviet reuse of the one time pads is weak, and technically incorrect.’
I know. I wasn’t going for a full explanation. I pointed out (correctly) that keys were re-used, and acknowledge that I didn’t go into the detail of how this was used in this case – only that reusing keys of one time pads allows for analysis (which is equivalent, though not identical to what happened in Lorenz, as there they used the same key on different versions of the same message).
The intention of these articles was to provide an overview, not a detailed analysis.