When reading Singh’s The Code Book, it can be easy to lose track of how difficult it can be to break a piece of ciphertext. Remember that a simple monoalphabetic substitution cipher took us a fair amount of time and careful consideration to break, even with all of the advantages we had as cryptanalysts: we knew, or at least were fairly sure of, the method used to encrypt the plaintext, we used methods that had already been invented and documented to break the ciphertext, and the plaintext was chosen specifically to be broken because its purpose was to teach us cryptography, not to communicate military secrets.

Contrast our situation with real-world cryptography and it makes a little more sense why cryptanalysis is so difficult. Firstly, when a new cipher is invented, cryptanalysts have no starting point, no angle from which to approach the problem, and no way to tell if the piece of ciphertext they’re working with is indeed ciphertext or if it’s just gibberish sent out to throw them off the scent. Secondly, even when the method of encryption is discovered, a way to crack it doesn’t just materialize out of thin air. Remember that it took more than a few centuries for the Arabs to invent frequency analysis. Thirdly, a good cryptographer will keep encrypted messages short or confusing or both in order to minimize the amount or the helpfulness of the reference material that cryptanalysts have to work with.

With the benefit of hindsight, any code can seem simple to crack, but we should remember that it often takes the best cryptanalysts in the world years or even centuries to defeat a good code.