On the Combination of Cryptography and Steganography in 17th Century Germany

Assessing and averting possible interception lies at the heart of cryptology. In handbooks printed in 17th century Germany, the authors suggested combining steganography and cryptography to increase information security. This article discusses several techniques for concealing ciphers and demonstrates that the authors of instructional literature had to consider complex inter-playing factors when it came to combining cryptography and steganography. Overall, these examples show that the cryptological literature of the 17th century mirrors an increased discussion about the visibility of ciphers.


Introduction
The history of early modern cryptology is first and foremost a history of alphabetical and numerical encryption techniques.Historians have been primarily interested in the invention and evolution of polyalphabeticity, which, according to scholarship, peaked in the 15th and 16th centuries (Strasser, 2007, p. 297, 321, Kahn,  1967, p. 154).For this reason, the cryptological literature of the 17th century, especially those printed in Germany, received relatively little scholarly attention.1However, the authors of handbooks on secret communication showcase the skillful use of diverse resources to develop ever more sophisticated techniques.Applying polyalphabeticity was not the only way to increase information security.
Steganography is another blind spot in the history of secret communication.In contrast to cryptography (text encryption), steganographic techniques hide messages entirely so that they escape the attention of unauthorized persons.In the early modern era, this form of secret communication was more diverse and important than is assumed today.
To achieve an even higher level of information security, early modern scholars also suggested combining cryptography and steganography.The aim of this article is to offer an insight into multiple historical techniques concerned with the concealment of a ciphertext.To create an adequate basis of understanding, I will briefly discuss early modern steganography and its relevance for the history of cryptology.It will be argued that, when it came to the combination of cryptography and steganography, scholars had to consider multiple interplaying factors such as the knowledge of interceptors, the naturalness of the steganotext, the choice of the steganotext, the complexity of the cipher, as well as the encryption process on the receiver side.
On a broader level it will be shown that these techniques reflect a broader historical change in cryptology that began around 1600.Although alphabetical and numerical substitutions remained important, 17 th century sources mirror an increased discussion about the visibility of ciphers.

Early Modern Steganography
The field of steganography (from the Greek word στεγανός, 'hidden' and γραφία, 'writing') dates back to antiquity.Steganography is a form of secret communication that seeks to hide messages in innocuous texts, objects, art works etc.There are two forms of steganography: Linguistic steganography is the term used to describe methods by which a text is hidden in a set of data.Writing with invisible inks or hiding slips of information in objects, on the other hand, are examples of technical steganography.This article discusses linguistic steganography.
Semagrams were a popular means of hiding information in early modern Europe.Here, the secret message is embedded into an inconspicuous message (steganotext).The semagram relies on visual cues such as tiny ink dots placed above certain letters or a slightly different appearance of a character to denote the relevant letter of a secret message.The advantage of this technique is that the sender does not have to compose a text, but can also send, for example, journals or books to the receiver to convey clandestine intelligence.Due to the use of visual cues, however, detection is still possible.
Null ciphers work similarly, but the plaintext is inserted into a larger text body based on a rule.Despite their name, null ciphers are not concerned with encryption, but the significant text is surrounded by insignificant data (nulls).An example would be to only read the first (acrostic) or last (telestich) letters of each word.2Depending on the complexity of the rule, null ciphers are a safe way to convey clandestine messages.In contrast to semagrams, the sender would have to compose a text that might sound constructed.
Since steganographic techniques ideally do not arouse suspicion, they are also prone to escape the historians' gaze.This is probably the reason why there is hardly any historical research on this topic. 3Invisible inks have been found in early modern letters (Britland, 2018, p. 208,  Rous, 2011, p. 250), but other forms are much harder to spot.For this reason, cryptological handbooks are -besides metatexts that attest for its application4 -the only valuable source to gain insight into early modern steganography.
Many cryptological works of the 16th century mention forms of linguistic steganography.However, in the 17th century, steganographic techniques take up more space in cryptological handbooks; a trend that correlates with changing attitudes towards the visibility of ciphers.(Harsdörffer, 1653, p. 56, Francisci,  1673, p. 176) was not limited to the 17 th century, but also a relevant factor.Moreover, it is likely that rising literacy rates and the dissemination of cryptological knowledge increased the amount of people who were able to break ciphers. 9It seems then, that the mastering of steganographic techniques became increasingly important in the 17 th century.
Still, little is known about the value of steganography in cryptological literature, the authors' receptions, and improvements of existing methods as well as inventions after 1600.What factors did scholars like Schwenter assess to guarantee information security?What additional security measures did they apply?And what about the advantages and disadvantages 5 Several parties asked Schwenter for advice during the Thirty Years' War.Mährle (2000), p. 375.Schwenter also published a work on war fortification, see Gärtner (1999), p. 244. 6 Much ink has been spilled about the exact publication date of Schwenter's handbooks.However, it seems likely that the first edition with the nova-title was published in 1617, as on p. 50 Schwenter refers to a book that had been published two years earlier, namely Franz Kessler's Secreta (1615).The publication dates of the second and third editions remain unresolved. 7"However, it is not advisable to write with secret characters in letters / as the matter is full of suspicion / and one can not only intercept these letters / but also understand them." 8Post espionage in general and the extent of interception remains to be examined.In a survey on early modern Saxony, Rous counted eleven boxes with intercepted letters from the Thirty Years' War.Rous (2022), p. 380. 9 According to the writer Erasmus Francisci everyone had become so clever, that it was almost impossible to come up with secure ciphers.Francisci (1673), p. 173.when it came to decide on the one or the other method?Regardless of whether or not these techniques were applied, handbooks are a crucial source for the history of science and technology, as they demonstrate how changes in communication culture spurred the invention of new ways to protect intelligence.
Information security could, for example, be increased by the combination of cryptography and steganography.In simple terms, a plaintext is transformed into a ciphertext and hidden as / in a steganotext.Concealed ciphers were known before 1600, 10 however, 17th century handbooks contain more variations and innovations thereof.
The following examples demonstrate that hiding ciphertexts required the assessment of various interplaying factors.

Secret Alphabets
In addition to common alphabetical or numerical ciphers, handbooks often include secret alphabets consisting of alchemical, zodiac, or geometrical symbols.We know that in 17th century Germany symbols were used for encryption, although they were not supposed to be hidden. 11Overall, the use of secret alphabets was not a secure method to conceal a message, as the cipher could be cracked easily just like other encryptions based on a monoalphabetic substitution.
Schwenter assesses several commonly known alphabets in the fifth book of the Steganologia (1617), such as Cabbalistic alphabets discussed by Cornelius Agrippa in the third volume of De occulta philosophia (1533), all of which Schwenter deems to be impractical as they are difficult and slow to write (p.146).He also examines several geometric alphabets consisting of rectangles, triangles, or circles. 10Trithemius' Ava Maria Cipher presented in his Polygraphia (1518) is a prime example on how to hide an enciphered text.The letters of the alphabet are encrypted by Latin nouns, verbs, and adjectives that should read like innocuous religious texts or prayers.See also a recent study by Paolo Bonavoglia (2020) on a technique used in late 16 th century Italy, as well as Strasser (2007), p. 317. 11 See for example Stützel (1963).Unfazed by the existing techniques, Schwenter introduces his own cunning alphabet (p.154).As a professor of Oriental languages at the Altdorf Academy near Nuremberg, he took inspiration from the Hebrew, Syriac, and Arabic writing systems.According to the key, the symbols substitute consonants and dots signify vowels.As figure 2 shows, the dots are placed below or above the preceding consonants.The first symbol from the right is to be used as a proxy consonant in case a word starts with a vowel.Additionally, Schwenter proposes to change the writing direction.This alphabet is a simple monoalphabetic substitution, but the secret message disguises itself as an innocuous text; using this method, interceptors would ideally assume a text written in a foreign language and therefore refrain from attempting to break the cipher.In this case, the ciphertext and the steganotext are identical.
It can be assumed that Schwenter proposed to encrypt only certain passages and not an entire letter.In that case, the relationship between the script and the surrounding text would have been of utmost importance.The letter would have had to refer to languages or scripts.The specific communication context should also have legitimized the exchange of information related to this topic.
The key to using secret alphabets was to find a middle ground between something that looked familiar, but not too familiar.In contrast to the triangle letters or other secret alphabets, this way of writing could be mistaken for a foreign script in use.It was still better to encrypt a text with Greek letters than with an invented alphabet, but in 17th century Germany, there was still the possibility that the correspondence could fall into the hands of scholars who were able to read Greek.The chance of someone being fluent in Oriental languages was smaller.Thus, the success of this technique depended on the interceptors' language skills.
To protect the message even in the event of detection, Schwenter adds another layer of security by suggesting a right-to-left-script as is usual in the Arabic, Syriac, or Hebrew writing systems.While inversion -the technical term for writing backwards -is usually not a safe way to disguise a message, it somewhat improves the safety of an enciphered text as cryptanalysis heavily depends on the recognition of linguistic patterns such as frequent diphthongs, pre-or suffixes, or parts of words.This process is already complicated by the fact that the vowels are substituted by diacritics.Schwenter proudly declares his invention to be the best, swiftest, and safest of all secret alphabets (p.155).

Musical notes
Musical note ciphers were already used in the Middle Ages (see for example de Luca / Haines, 2018, or Code, 2022, p. 13).However, it is unclear if the ciphers were supposed to be visible.Musical note ciphers were particularly popular in 17th century handbooks. 13Gustavus Selenus (Duke August II of Brunswick-Lüneburg) discusses several musical ciphers in his Cryptomenytices (1624), which he attributes to Count Friedrich of Oettingen-Wallerstein. 14ese techniques are based on the Polybius Square.In its original form, the square, first introduced by the Greek historian Polybius in the second century BC, consists of five rows and five columns with spaces for up to 26 letters of the alphabet.Thus, all letters are represented by a two-digit number, depending on which cell they are located in.The first digit signifies the row, the second the column.Although by using the square the ciphertext is twice as long as the plaintext, from a combinatorial perspective it comes handy in situations when cryptographic knowledge is transferred from basic alphabetical substitutions to other symbolic representations or media.For example, Polybius applied the square to encrypt a message by operating five torches at two places (5 2 = 25 letters of the alphabet) (Polybius, 1925, p. 215ff.).
To simplify and speed up the encryption process, Selenus reduces the alphabet to 16 letters as is shown in table 2 Now the sender draws five lines that serve as note lines as is common in musical sheets, although only four are to be used.These four lines correspond to the numbers of columns and rows (4 2 positions to signify 16 letters).The letter "g" as is shown in Selenus sample text "Gustavus" is therefore encrypted by the number 23 (second row and third column).The sender must therefore place the first note on the second line and the second note one on the third.However, the application of this technique produces odd melodies; depending on the knowledge of interceptors, this could have posed a problem.Selenus therefore presents another technique with polyphonic vocals and in which only the tenor is encrypted, resulting in a somewhat harmonious musical piece. 15Although this method is quite secure, also because the ciphertext is surrounded by nulls, it would have been very tedious to compose this kind of music, not to mention the skill that it required.
In the Cryptographia (1684), the second cryptological handbook published in the German language, Johann Balthasar Friderici16 suggests an easier cipher.According to the key shown in figure 5, the letters are substituted by three notes each, however, the tone is irrelevant.Instead, the letters are encrypted by a combination of whole, half, and quarter notes.To even out an odd rhythm, Friderici proposes to add nulls in the form of inverted quarter notes.
While at first, this technique might look like the solution to avert detection, there are two issues.First, just as with the last example discussed by Selenus, the sender of the secret message would have to know how to compose a coherent melody.Second, in music composition, the rhythm is just as important as the melody, and this case, it could look funny to the trained eye.Nonetheless, from a cryptographic perspective, this was still safer than methods that relied on the note height, which seem to have been more commonly known.The more natural the music "looked", the better.Overall, di-or trigraphic ciphers were a bit safer than musical notes that relied on monographic substitutions.17Similar to the use of secret alphabets, the success of the technique furthermore relied on the surrounding text.The cipher could remain obscured if the sender wrote about music.Of course, it was also possible to only transmit a musical sheet without additional information.Lastly, the context would have to justify why two people exchanged musical sheets or information about music.

Invoices
In Table 3: Key for a cipher to be used in an invoice (Harsdörffer, 1651, p. 6ff.).
Harsdörffer's example message "Jch kan den Ort drey Tage halten" 18 is encrypted by numbers that are then listed as the debts of certain people.As the first and fourth word begin with a vowel, he advises his readers to attach the vowels to the preceding names, as demonstrated here with Claus Pfitz and Moritz Curz: To increase the complexity of the cipher, the encryption operates with one, two, three, four, and five-digit numbers to make cryptanalysis even more difficult.Unfortunately, Harsdörffer failed to take the recipient into account, as the ciphertexts result in multiple plaintexts.For example, the number "30020" encrypts the plaintext "den", but also "daan" "daaca", "deca", "pan", or "paca".Therefore, this is not a practical technique.
Another example of an encrypted invoice is included in Friderici's Cryptographia (1684) (p.166ff.).A variation of the Polybius Square serves as the base. 18"I can hold this place for three days." The ciphers are merged into four-digit numbers (quadgraphs), while the number 9 marks a word ending.To hide the message "Dein Verwalter ist dir nicht getrew / schaffe ihn ab"19 , Friderici composes a letter asking the recipient for the correction of an erroneous invoice.The recipient first jots down the numbers listed in the first column from top to bottom and so on, splits up the numbers into two-digits (leaving out the number 9) and consults the square to decrypt the secret message.Unlike common numerical ciphers, the surrounding text and the appearance of an invoice legitimates the presence of numbers.In contrast to secret alphabets and musical notes, the knowledge of the interceptor would have been irrelevant as long as the amount of money made sense.Moreover, digraphic encryptions presented as quadgraphs as well as the addition of nulls significantly increases information security.

Encrypted Null Ciphers
Secret alphabets, musical ciphers, and numerical ciphers in invoices feigned to be something else which ideally resulted in an undetected exchange of information.The downside was that the choice of the steganotext was somewhat limited, as the sender of a message would have to reference languages/scripts, music, or amounts of money.
Techniques for concealed ciphers that utilized the Latin alphabet had two advantages: The knowledge of possible interceptors was irrelevant, and they allowed the flexibility to choose any kind of steganotext.
According to a technique discussed in Friderici's Cryptographia (1684), the letters of the secret message are encrypted by words that are then embedded into a larger body of nonsignificant text (p.111).In that sense, this method is similar to Trithemius' Ava Maria Cipher, although there are more word types, which are also unrelated to the nature of the information. 20Friderici uses the key shown in figure 7. The letters of the alphabet are divided into three groups, each of which is assigned a different word beginning ("UN-", "AL-", or "WE-").According to Friderici, the sender would now have to integrate these words into a coherent message in the right order.He continues that this technique is especially convenient for the recipient, as they can skim the letter searching for words starting with "UN-", "AL-", and "WE".However, he acknowledges that, in order to avert confusion, the sender would have to refrain from using any of the above listed words in the text surrounding the cipher.In sum, Friderici states that while this technique is rather tedious, it is also "sehr sicher und darzu von allem Verdacht befreyet" 23 (p. 112).
"BECAUSE AS WHO LITTLE AS ALWAYS MEANWHILE BECAUSE AND WHO WHO US FAR REFRAINED AND ALWAYS." 23"Very secure and, in addition, free from any suspicion."

7
Encrypted Semagrams In the second half of the 17th century, the Jesuit scholar Caspar Schott introduced in the Schola Steganographica (1665) a technique that, according to him, could be used for correspondence with princes and governors.He uses a Tabula Recta and a keyword as introduced by Blaise de Vigenère in his Traicté des chiffres (1586), although Schott refers to Athanasius Kircher's Abacus Numeralis using numbers instead of letters.The key, as shown in figure 8, consists of a table with letters of the alphabet both in a vertical and horizontal order as well as numbers from 1-24 allowing for polyalphabeticity.First, the sender writes the secret message onto a piece of paper for reference.The note shall be: "State cauti, cras hora decima noctis venient hostes, ut invadant urbem ex parte orientalis plagae." 24en, they must decide on a keyword; Schott uses the sentence (p.79): "Omnia sunt hominum tenui pendentia filo." 25 The sender now composes a text in any language with any kind of information.To encrypt the message, they locate the first letter of the keyword, "O" in the top row.Then they move down to where the first letter of the secret message "S" is located on the far-right column and finds the number 7. Thus, the first letter is encrypted by the number 7. To encrypt the second letter of the secret, the sender finds the number located between "M" (second letter of the keyword) and "T" (second letter of the secret), which is the number 6, etc.So far, this is nothing new.But, to "write" the first letter of the secret message ("S"), one should not jot down the number 7, but rather place a small dot or line below the seventh letter of the steganotext.To signify the following letter "T", which is encrypted by the number "6", the sender starts from the first mark, counts six letters, and places a dot on the thirteenth letter of the steganotext, etc.This technique was quick and easy to use.Moreover, the sender of a secret message could apply it to any kind of steganotext.The language sounded natural, and the parties could disregard any concerns relating to the communication context or knowledge of possible interceptors.
The writer and poet Erasmus Francisci paid reverence to this method in the third volume of Die lustige Schau-Bühne (1673), which contains six fictional conversations between six friends (Helduser 2011), 26 providing valuable insight into contemporary communication culture.The fictional friends state that letters containing ciphers would be confiscated immediately, which is why it would be better to hide a secret message (Francisci 1673, p. 173).This is followed by a story about a French diplomat named De la Haye who was supposedly incarcerated after "the Turks" had intercepted one of his letters that contained some ciphers (p.177).One of the characters -or rather Francisci -deems Schott's method to be the safest technique of all and adds that it would be even more secure to make the dots with invisible ink.To this date, it is the only known early modern technique to combine complex cryptography (polyalphabeticity and keyword) with linguistic and technical steganography.

Conclusion
As this article has shown, skills for hiding messages became increasingly important during the 17th century.To ensure the highest possible level of information security, scholars combined cryptography and steganography.Although the 26 He also refers to Hardsörffers method hiding ciphers in invoices as a secure way to convey information, p. 175.
simultaneous application of these two forms of secret communication fanned out the possibilities of hiding information, they also required a lot of skill and consideration.
The authors of cryptological handbooks had to consider the knowledge of possible interceptors, the naturalness of the language or data, and flexibility in choosing an adequate steganotext.The scholars even made sure that they increased the complexity of the ciphers through the application of inversion, polygraphic substitution, as well as keywords and polyalphabeticity.The techniques presented in this paper varied in sophistication, and were sometimes not very practical, but they all exemplify the scholars' ability for computational thinking and creative problem-solving strategies.
As a next step, it would be interesting to see if and to what extent the techniques discussed have been applied in correspondences.However, since steganography obscures the presence of a secret message, this will prove to be a difficult task.In sum, historians still have a lot to discover as far as 17th century cryptology -and hiding information in specific -is concerned.This paper offers only a small glimpse into early modern steganography, which, just like the messages it seeks to conceal, is still hiding in plain sight.
the second volume of the Delitiae Mathematicae et Physicae (1651), Georg Philipp Harsdörffer presents a cryptological technique for people in besieged cities who want to convey intelligence to persons outside the city walls (p.6ff.).The numerical ciphers are inserted to a merchant's invoice.As is shown in table3, the consonants b-m are signified by the numbers 1-10, the letters n-z by 20-100 and the vowels by zeros