Military History & Espionage


Code Crackers:
Cryptanalysis in the Civil War

First published in
Civil War Times Illustrated
July-August 1995

Reprinted in
Spies and Secret Missions, 2002

by Michael Antonucci

Captain William R. Plum sat down at his desk in New Orleans with a clear mission. If he could make sense out of the message in front of him, addressed to "Gen. E.K. Smith," the Union high command could suddenly be privy to the most secret Confederate plans. The Federals might be able to crush a Rebel offensive even before it began. But everything hinged on an "if," and he turned his full attention to the paper on his desk. What on earth could "HJ OPG KWMCT" mean?

Plum was a member of one of the Civil War's least appreciated groups of military specialists: the code-crackers. They were underappreciated because, without the benefit of precedents like the breaking of German Enigma and Japanese "Purple" codes in World War II, the leaders of the North and South had no idea how dramatically a good code-cracker could alter a conflict's outcome. They would begin to understand as the Civil War progressed, and men like Plum gave them an occasional chance to read the enemy's mind.

The writing of codes and ciphers is called cryptography, and it is an ancient art. The fundamental principles of the art have long been understood: practicality, to allow a coded message's intended recipient to decipher it easily, and intricacy, to keep anyone else from understanding it.

The Civil War presented new challenges for cryptographers, because it was the first war in which the telegraph played an important role. The telegraph greatly increased the number of messages that could be sent and the speed at which they could travel, but the wires were not secure. At any point between sender and receiver an enemy agent could tap into the line and receive the message without detection. There was little that Civil War armies could do to stop the wiretappers, so they sought to minimize the danger by encoding their transmissions.

Even encrypted messages, however, were not safe, thanks to an art nearly as ancient as cryptography: code-cracking, or cryptanalysis. Together with cryptography, it forms the field of knowledge called cryptology. Both sides in the Civil War used ciphers, and both sides tried to break its opponent's ciphers - with varying degrees of success.

U.S. Army Signal Corps crew
putting up telegraph wire

Modern cryptologists make a distinction between codes and ciphers. Ciphers are secret messages in which individual letters in the original, or "plain," text are replaced with other letters or symbols (e.g. "Q" or "%" replaces "e"). This replacement could be generated by substitution, where the original plaintext words or letters are removed and replaced, or transposition
, where they are simply rearranged. A cipher can express any idea its parent language can express; the sender and receiver must merely know the system for translating the plaintext into ciphertext and back.

It is possible for someone to read an enciphered message without the key by deducing the system used to create it. A more secure method is a code, which replaces complete words, phrases, or longer ideas with other words, numbers, or symbols (e.g. "pumpkins" or "212" means "brigades"). A code requires both sender and receiver to have a sometimes lengthy codebook listing words and their code equivalents. It cannot express any thought not included in the codebooks, but a well-devised code is practically impossible to read without its codebook.

Civil War cryptography was mostly a matter of ciphers; "code" and "cipher" were used interchangeably. The Union's system incorporated some code words, but was primitive even by 19th-century standards. The Confederates used a cipher which, though old, was relatively sophisticated Yet, while the Union telegraphers occasionally deciphered Confederate messages, the South seems to have been completely unable to crack the Union code. The relative success or failure of each side's cryptology stemmed partly from the types of secret writing they chose, and partly from their different approaches to code-breaking.

At the beginning of the war the official communications branch of the U.S. Army consisted of only one man., Major Albert J. Myer. A physician interested in cryptology, Myer had worked on a sign-language system for the deaf before the war. As a surgeon in the pre-war army, he had overseen development of the wigwag system of tactical flag and lantern signaling. Myer was appointed the army's first signal officer in June 1860, and with the coming of war he was occupied with expanding the Union's flag signaling ability. He had too little time to develop a code for the newfangled telegraph.

The cipher the Union eventually adopted was prepared in 1861 by Anson Stager, general superintendent of the Western Union telegraph company, for use by his friend, Ohio Governor William Dennison. Dennison wanted a unique method of communicating with the governors of Indiana and Illinois. The cipher Stager provided was actually a modification of one that had been used by Scottish partisans of the Duke of Argyle almost 200 years earlier. The experts of King James II of England had broken this cipher, but it is unlikely that Dennison knew this.

Early in the war, Dennison informed Major General George McClellan of Stager's cipher. McClellan, the Union armies' overall commander, adopted Stager's cipher for his own use after consulting with an intelligence advisor, Allan Pinkerton. Stager himself was appointed a captain in the Quartermaster Corps, which was responsible for maintaining the army's telegraph system. In February 1862, Stager was promoted to colonel and placed in command of the newly created U.S. Military Telegraph Service.

The simplicity of Stager's system was its most useful characteristic. It was a transposition cipher, which simply rearranged the original words of the plaintext according to a predetermined formula. The plaintext was scrambled beyond recognition, but the recipient would know how to restore the words to their original order. The message was written in normal English text, but with the words laid out in a grid that had a certain number of rows and columns, which were sent out in a prearranged order.

Confederate cipher clerks would find themselves intercepting messages like this one:




The first word of the message is a key that conveys the pattern for deciphering the rest of the text. The Union cipher clerk who received the message would know that the word "REGULARS" meant that he should write the message in five columns. This key word also meant that the first set of words should be written upward in the fourth column, the second set downward in the third, the third set upwards in the fifth column, then downward in the second and upward in the first. The deciphered message would then look like this:


(tribune)        LINCOLN     (spoiled)
(herald)         September      thirty              1862                 (for)
ADAM          period              I                        received          last
evening         your                 dispatch         suspending   my
removal         from                 command.     Out                   of
a                      sense                of                      public             duty
I                       shall                continue         to                      discharge
the                  duties              of                      my                    command
to                     the                   best                   of                      my
ability            until                otherwise       ordered.         ARABIA
(Seward)                                                                                   (worst)


The words in parentheses are "nulls," meaningless words inserted at the ends of the columns to confuse enemy interceptors. The clerk would consult a list of code words to see that "LINCOLN" translated to "Louisville, Kentucky" and "ADAM" and "ARABIA" stood for Union Major Generals Henry Halleck and Don Carlos Buell, respectively. These null and code words had been added to Stager's system by Samuel H. Beckwith, Union Major General Ulysses S. Grant's cipher operator.

With hindsight it seems that the Union cipher should have been easy to crack. Even an inexperienced Confederate telegrapher would have recognized this message as a transposition cipher, because a substitution cipher would almost never result in legible English words. The presence of normal military words like "command" and "duties" indicate that the plain message had simply been rearranged in some unknown manner. But how?

The best way to find out is to start putting together words that seem to make sense. With the preceding message , the most obvious starting point is the presence of "1862," "THIRTY," and "SEPTEMBER." The Confederates would have started this way, and would certainly have recognized the familiar beginning word "REGULARS," which must have appeared on scores of intercepted Union messages.

It's hard to understand why, after such auspicious beginnings, the Confederates would have been unable to crack the Union cipher. Their failure was certainly not due to a lack of opportunity. During the course of the war the South not only tapped Union wires, but also discovered plain and enciphered versions of the same messages and, in the autumn of 1864, captured two  complete Union code books. Some writers have suggested that the Confederates simply did not devote much energy to cryptanalysis because they enjoyed success with other means of intelligence gathering, such as spies and cavalry patrols. But such a theory ignores the efforts of men like telegraph operator Charles Gaston.

In the fall of 1864, Gaston was sent behind Union lines to tap into communications between Grant's headquarters and Washington. Traveling with a troop of scouts, Gaston found an isolated location at the edge of the woods east of Petersburg, Virginia. He attached his wires to a convenient Union telegraph pole and, while his scouts pretended to be innocent woodcutters, Gaston settled down to listen in on the Union army's highest-level communications.

For more than two months Gaston dutifully wrote down the enciphered messages that came over the wire and sent them on to his superiors in Richmond, Virginia, the Confederate capital. The head of the Union Army of the Potomac's counter-intelligence service, Colonel George H. Sharpe, knew Confederates were operating near his telegraph lines, but because the communications traffic was never interrupted, he did nothing about it.

When the intercepted Union messages arrived in Richmond, no one seems to have known what to do with them. The Confederates had no organization dedicated to breaking Union codes. Their most skilled and experienced cryptologist was probably Edward Porter Alexander, who had helped Albert Myer develop the wigwag system before the war, and brought that system to the Confederate army in 1861. Alexander certainly had the intelligence and expertise to crack the Union cipher, but he had been promoted to brigadier general in 1864, and was serving as General Robert E. Lee's most valued artillery officer - a position deemed more important to the Confederate cause than that of code-breaker.

Throughout the war, intercepted Northern messages would continue to land not on the desk of an expert, but in the pages of Southern newspapers, with rewards offered for their solution.

There is no record of anyone claiming those rewards. Most historians have accepted this as proof positive that the Confederates never found a solution, but there is another possibility: that the Confederates broke the Union cipher, but disguised the fact so the Federals would continue using it. If that were the case, though, some evidence of it should have come out after the war. None did.

If the enciphered Union messages reaching Richmond did indeed go unsolved (as it seems they did), Gaston's efforts were for nothing - except for one fortuitous event. An office of the Union Quartermaster Corps wired to Grant's headquarters that a herd of 3,000 head of cattle was about to be delivered to them at Coggin's Point, on the James River near Richmond. Fearing a Confederate raid, the quartermaster wanted to be sure that Grant's headquarters would send a strong escort to meet the herd. Foolishly, however, he neglected to encipher the message.

Sitting in the Virginia woods, Gaston could hardly believe his good fortune when he finally overheard a Union message he could understand. He immediately sent the message to Lee's headquarters.

At dawn of September 16, 1864, a Confederate raiding force under Major General Wade Hampton overran Union pickets and made off with the cattle. Conservative estimates indicate that the 2,486 head of cattle were enough to feed Lee's entire army for three weeks. There are even stories that some Confederate soldiers on the front lines traded their now-plentiful beef rations to Union soldiers for other food.

It seems that Gaston's lucky interception of that plaintext message was as close as the Confederates ever got to penetrating the Union's secret communications. Union attempts to interpret Confederate ciphers, on the other hand, were somewhat more fruitful. At the beginning of the war, the Federals had little opportunity to intercept Confederate messages. At the same time, the Southern military had adopted a rather lackadaisical attitude toward its own secret communications, with commanders using whatever code or cipher suited their fancy.

A pewter sculpture
depicting the Beefsteak Raid

Confederate President Jefferson Davis communicated with General Albert Sidney Johnston by means of a dictionary code, in which each word in the message was replaced by its location in the standard dictionary both men used. For example, "division" would be encoded as "265-2-10" for page 265, column 2, word 10. Johnston in turn communicated with his second-in-command, General Pierre G.T. Beauregard, with the most primitive of ciphers, the "Caesar." In the Caesar system, each letter is replaced by the letter which sits three places beyond it in the alphabet; "division" would become "GLYLVLRQ."

The lack of a standardized code and cipher system soon resulted in communications chaos. To end the confusion, the Confederacy eventually adopted a uniform cipher known as the Vigenre. Created in 1587, this substitution cipher used a tableau of staggered alphabets like the one below:


A key word or phrase told the cipher clerk how to use the tableau to decipher the message. The Vigenre cipher had several advantages. It did not require code books, which an enemy could capture. Cipher clerks could easily recreate the tableau from memory and the only prior coordination necessary between sender and receiver was the choice of a key word or phrase.

During the 1863 siege of Vicksburg, Mississippi, Union soldiers captured eight men who were trying to sneak into the city with a shipment of 200,000 percussion caps. The ringleader carried a cipher message to the city's commanding officer from General Joseph E. Johnston, commander of the Confederate Department of the West. Grant sent the message to Washington "hoping that someone there may be able to make it out." The message read:

Jackson, May 25, 1863:

Lieutenant General Pemberton:

YOIG AS QHY NITWM do you YTIAM the IIKM VFVEY. How and where is the JSQMLGUGSFTVE. HBFY is your ROEEL.

J.E. Johnston

While cipher operators in Washington were working on a solution, Vicksburg fell to the Union army. Among the captured communications, soldiers found the following cipher message:

Gen. J.E. Johnston, Jackson:

I prefer OAAVVR. It has reference to XHVKJ QCHFF IBPZE LREQP ZWNYK to prevent PNUZE

J.C. Pemberton

What made this find valuable was the fact that a translated version was found at the same time:

I prefer Canton. It has reference to fortifications at Yazoo City to prevent passage of river at that point. Force landed about three thousand, above mouth of river.

The Confederate key phrase for this cipher was "MANCHESTER BLUFF." Using the key phrase and the tableau, we can see how the cipher was made. The clerk who enciphered the message began by looking for "M," the first letter of the key phrase, along the top alphabet. He then looked for "C," the first letter of "Canton" in the plaintext, along the vertical alphabet on the left side. Where the column under "M" and the row next to "C" met was the cipher letter (in this example "o"). This process is repeated (using key letter "A" and plaintext letter "a") to get the next cipher letter.

The difficulty in deciphering this message without knowing the key is apparent. The first "n" in "Canton" is replaced by "A," but the second "n" is replaced by "R."

Pemberton's clerk wisely omitted word spacings to prevent anyone from guessing the plaintext words by their sizes and positions. The longer stretches of ciphertext are broken into five-letter groups. Those precautions were rendered useless, however, when someone carelessly failed to destroy the enciphered message after translating it. With both versions in hand, operators at the military telegraph office in Washington were able to determine the message was made with a Vigenre cipher using the keyphrase "MANCHESTER BLUFF." They then applied the same key phrase to the first captured message that Grant had sent them. It worked!

Evidently the Confederates were using the same key phrase for all their high-level communications. After transmission errors had been corrected, the "percussion cap" message read:

Jackson, May 25, 1863

Lieutenant General Pemberton:

My last note was captured by the picket. 200,000 caps have been sent. It will be increased as they arrive. Bragg is sending a division. When it joins I will come to you. Which do you think is the best route? How and where is the enemy encamped? What is your force?

J.E. Johnston

Because of its position in both messages, the plaintext word "force" translates to the ciphertext "ROEEL" in both Johnston's and Pemberton's communications. Clues like these are prominent when a large number of messages enciphered with the same key are intercepted.

Though this solution came too late to help Grant, it did illustrate the value of code-breaking. Pemberton's answer would have included instructions on which route Johnston's Confederate reinforcements should take, allowing Grant to set up an ambush. Grant might also have learned the location and strength of Pemberton's force with far greater accuracy than that provided by scouts or deserters (who were at that time the main sources of information about the enemy's situation and plans).

Once they knew the key phrase "MANCHESTER BLUFF," Union telegraphers assumed they would be able to read Confederate messages at will. But the Confederates, suspecting their cipher was broken, simply changed the key phrase, and the code-crackers had to start again from scratch. The flexibility of the Vigenre cipher allowed the South to continue using the same system without compromising its secret communications. The Union had learned the fundamental nature of the system, however, and careless use of it by the Confederates would result in it being broken once again.

While Charles Gaston was intercepting Union communications in Virginia in 1864, Union wiretappers were busily doing the same to Confederate messages and sending them to Captain William Plum, who was in charge of Union communications at New Orleans. It was at that time that Plum received the vitally important intercepted message addressed to "Gen. E.K. Smith" - Lieutenant General Edmund Kirby Smith, commander of the Confederacy's Trans-Mississippi Department.

The campaign in the southwest was not going well for the North at that time. Smith's forces represented a dangerous unknown. They were in position to advance north into Missouri, raid the West, advance south toward New Orleans, or fight to regain a foothold on the Mississippi River's eastern bank. If someone coudl decipher the intercepted orders to Smith, Union strategists could prepare for Smith's next move and distribute military resources accordingly.

When Captain Plum set to work at his desk in New Orleans, this is what was printed on the page before him:

To Genl. E. K. Smith:

What are you doing to execute the instructions sent you to HCDLLVW XMWQIG KM GOEI DMWI JN VAS
DGUGUHDMITD. If success will be more certain you can substitute EJTFKMPG OPGEEVT KQFARLF TAG HEEPZZU
BBWYPHDN OMOMNQQG. By which you may effect
O TPQGEXYK above that part HJ OPG KWMCT patrolled by the ZMGRIK GGIUL CW EWBNDLXL.

Jeffn. Davis

To solve secret messages like the one that faced Plum, Union cipher clerks normally resorted to trial and error, guessing at possible key words and trying them on the ciphertext. They would apply popular phrases and patriotic sayings that Confederates might use. A whole series of messages had been deciphered by using the names of Confederate generals as key words.

Plum had a large advantage with the Smith orders. The Confederates had enciphered only parts of the message, and it appeared they had left normal word divisions intact. Plum also knew from the Pemberton message that the Vigenre worked in reverse - that is, given the ciphertext and the plaintext, once could determine the key word. So he simply guessed at portions of the plaintext.

The last part of the message mentioned patrolling. Plum felt it probably referred to gunboat patrols on the river, the only patrols likely to excite the interest of the Confederate high command. Plum assumed "that part HJ OPG KWMCT patrolled" stood for "that part of the river patrolled." The keyword that yielded that translation turned out to be "-TE VICTORY C-." A promising start, but Plum could not solve the message until he discovered the entire key phrase.

He began to examine earlier passages of the ciphertext. The only phrase he could think of that would make sense as a substitute for "O TPQGEXYK" was "a crossing," resulting in the phrase "effect a crossing above that part of the river..." The key for that translation was "-ORY COMPLE-." He knew he had broken it. The two fragments were consecutive; together they gave Plum the key phrase "COMPLETE VICTORY" and the solution to the message:

To Genl. E. K. Smith:

What are you doing to execute the instructions sent you to forward troops to east side of the Mississippi? If success will be more certain you can substitute Wharton's cavalry command for Waller's infantry division. By which you may effect a crossing above that part of the river patrolled
by the larger class of gunboats.

Jeffn. Davis

It was the word divisions in the message to Smith that led to its decipherment. Why did the Confederate cipher clerk leave them in? There was good reason. Transmitting cipher in Morse code over telegraph wires invariably led to mistakes and garbled messages. The Vigenre cipher was more intricate than the Union cipher, but less practical, because any missed letter could turn the message into gibberish. Smith had once spent 12 hours during the Vicksburg campaign trying to read an error-filled message from Johnston asking for reinforcements. He finally gave up and sent his chief of staff galloping around the flank of the Union army to find out personally from Johnston what the message had been. By the time the courier got the message, Johnston's army was cut off from Smith. After that fiasco, the Confederates retained word divisions in messages to make friendly deciphering easier. Unfortunately for them, it also eased Captain Plum's task.

The Confederacy continued to rely on the Vigenre cipher through the war's end. After the assassination of Abraham Lincoln, investigators discovered a Vigenre tableau on a piece of paper among the belongings assassin John Wilkes Booth had left behind in the National Hotel. Having found a similar tableau in the office of Confederate Secretary of War Judah P. Benjamin when Richmond fell, they accused the Confederate government of being behind the assassination plot. Their eagerness to link Confederate officials to Lincoln's killing led them to overlook an important detail: Booth's tableau was actually a variant of the Vigenre - the top alphabet beginning "ZABCD" - which would have been useless in deciphering messages created with Benjamin's tableau.

Federal code-breaking successes were not limited to unscrambling the Vigenre. Throughout the war, the Union maintained a focused effort to interpret Confederate messages. In Washington, the three most experienced cipher operators of the Union army continuously looked for solutions to whatever Confederate ciphers they could get from the field. These men were Charles A. Tinker, Albert A. Chandler, and David Homer Bates, who liked to call themselves the "Sacred Three." Though barely out of their teens, they were as familiar with different forms of cipher as anyone in the North.

Many Union generals were baffled by the work of cipher operators, but there was one important commander who took a personal interest in their work - the commander-in-chief, President Abraham Lincoln. David Bates later recalled:

"Outside the members of his cabinet and his private secretaries, none were brought into closer or more confidential relations with Lincoln than the cipher operators... for during the Civil War the President spent more of his waking hours in the War Department telegraph office than in any other place, except the White House."

The telegraph office was located on the second floor of the War Department building, next door to the White House. Lincoln kept a close watch on the daily operations of the war by personally reading the dispatches of his generals as well as whatever deciphered intercepts Tinker, Chandler and Bates could supply.

The Sacred Three's most notable feat occurred in December 1863. Postal censors in New York discovered an odd-looking message addressed to an Alexander Keith in Halifax, Nova Scotia. Keith was known to be in contact with Confederate agents. The letter was sent to Washington for solution

The Keith message used five different sets of cipher symbols, and was too short to allow effective analysis of letter frequencies, a fundamental tool of cryptanalysts. The Sacred Three were still able to decipher the message, however, because of weaknesses in its encipherment. For one thing, it was apparent that the sender had divided words with commas. Also, the first line of the message was evidently a dateline. The Union by its location in a tic-tac-toe diagram. Two letters inhabit each space:


The writer replaced each letter with the angled lines associated with it, so "T" would appear as ">". A dot within the symbol indicated the second letter, so "X" became "*>."

Once a few letters of a Rosicrucian cipher are known, the rest can be deduced rather quickly. In the Keith message, the Rosicrucian alphabet deciphered to reveal the phrase "other two steamers per" follow by more ciphertext in a script-like alphabet. The first word in this new alphabet was nine letters long. The second and fifth letters were the same, and the seventh and eighth were the same. The code-breakers assumed this to be the word "programme" and, using that word as a starting point, they cracked the second alphabet.

This procedure continued until, in the space of a single afternoon, the entire message was revealed:

Hon. J.P. Benjamin:

Willis is here. The two steamers will leave here about Christmas. Lamar and Bowers left here via Bermuda two weeks ago. 12,000 rifled muskets came duly to hand and were shipped to Halifax as instructed. We will be able to seize the other two steamers as per programme. Trowbridge has followed the President's orders. We will have Briggs under arrest before this reaches you; cost $2,000. We want some money; how shall we draw? Bills are forwarded to Slidell and rec'ts rec'd. Write as before.


The solution was evidence of an important Confederate spy ring in New York City. A special cabinet meeting was called that evening and Assistant Secretary of War Charles A. Dana set out for New York to take charge of an investigation. The Union authorities were too late to do anything about the rifles, but soon a new message in the same cipher arrived. The Sacred Three quickly solved it:

Say to Memminger that Hilton will have the machines all finished and dies all cut ready for shipping by first of January. The engraving of the plates is superb.

Memminger was Confederate Secretary of the Treasury Christopher G. Memminger, and the engraved plates were for printing Confederate money! The South, which lacked much of the technology necessary to print money, had engaged engravers in New York to build presses for them.

On December 31, 1863, U.S. marshals raided the Hilton's engraving shop in lower Manhattan, capturing the machinery, plates, and several million dollars in Confederate money. Not only did the operation interfere with the South's ability to print currency, but Union spies used the plates to print counterfeit Confederate bills which, it was said, were superior in quality to genuine Southern-produced currency. For their work in destroying the Confederate money ring, Tinker, Chandler and Bates each received a raise of $25 per month - in U.S. currency.

The Sacred Three served under the aegis of the Military Telegraph Service, led by Anson Stager. In November 1863, Stager had clashed with Signal Corps founder Albert Myer over the army's telegraph needs. As a result, Myer was relieved of his post and the Signal Corps' authority was limited to visual communications. The Military Telegraph Service was grant full control over telegraph operations.

Myer remained interested in codes, and in 1864 published A Manual of Signals, which contained a discussion of cryptography. Nevertheless, it was not until after the war that serious research was made into cryptanalytic techniques and their underlying principles. Lessons learned in the Civil War led Federal authorities to devote money and personnel to the study of codes and ciphers. As a result, American cryptologists would play an important role in the conflicts of the 20th century, including both world wars and the modern "cold war." Today's cryptanalysts, armed with powerful, sophisticated computers, would make short work of any secret message from the Civil War era.

The story of Civil War code-breaking is primarily a story of missed opportunities, peppered with small victories. Still, the code-breakers' efforts proved a point that one of America's premier 19th-century cryptographers, a young writer named Edgar Allan Poe, had made years before the war: "Human ingenuity cannot construct a cipher which human ingenuity cannot resolve."