Creating Authentic Details: Keeping Secrets

by Pamela Taylor
published in Writing

This is the first of a set of articles I plan to do from time to time on ways to provide details that immerse the reader ever deeper into your story in a way that is fully authentic for the time period. I chose this one first because it’s near and dear to my heart, since I was a certified security professional at one point in my corporate career. We had to learn not only modern digital techniques, but some of the history of how they evolved. Needless to say, I enjoyed the historical bits almost more than the modern ones :-).

It’s just between you and me

Secrets are as old as time. As soon as humans realized they could gain an advantage by keeping others from finding out what they knew, they started devising methods to protect their knowledge. And when they needed to share that knowledge with an ally, they began developing techniques to transmit it in secret.

Among the earliest were pictographic techniques—either hidden in graphical representation of language or in drawings. Eventually, men developed locks and keys. Secrets could be protected in locked chests or boxes. Over time, the locks and keys grew ever more complex and often included booby traps that could harm anyone trying to break into them. Puzzles could also hide secrets (think complex puzzle boxes that could contain hidden messages or contraband). Invisible writing—using citrus juice or milk as ink—meant that the recipient had to know to expose the paper to heat to reveal what was written.

But boxes and chests and paintings and physical things are bulky. What if the protection of the secret could be embedded in the message itself?


The first thing that will pop into many minds is protecting the data on your electronic devices. But the roots of modern encryption are far older than you might think. One of the earliest recorded uses of encryption techniques is the Caesar Cipher, so named because of its use by Julius Caesar to send secret messages during his military campaigns. It’s a simple alphabetic substitution cipher in which the receiver need only know the sender’s offset to decode the message. Julius Caesar was known to use an offset of three, meaning that the letter “D” would be substituted for “A” in the coded message.

Alphabetic substitution is something even children do at play when they randomly assign one letter to stand in for another and then write messages in code. The problem with this random approach is that both sender and receiver must be in possession of identical tables showing the assignments—and must take extraordinary measures to safeguard those tables lest they fall into the wrong hands. (This method is actually the basis for the one-time pads used in modern espionage, but that’s a discussion for a different genre of writing.)

Caesar’s simplification meant that sender and receiver could store the key in their heads, eliminating the additional risk of safeguarding code tables (perhaps not the easiest thing to do during a military campaign) or transmitting the key by a courier who could be waylaid and bribed or coerced into parting with the information. The substitution table could be constructed on the fly.

So Caesar might have sent a message to his field commanders that read “Wrpruurz zh furpp wkh Uxelfrq” and when each commander decoded the message, he would learn “Tomorrow we cross the Rubicon.”

So for any tale set in western civilization (and that would include the Middle East, given the extent of the Roman Empire) from about 55 BCE onward, it’s quite legitimate for your characters to send and receive coded messages using this technique.

And, of course, your characters are not restricted to using the same key (three) chosen by Caesar. They need only pick a key that is used consistently between sender and recipient.

Sometime around 800 CE, an Arab mathematician writing about code breaking techniques included references to polyalphabetic ciphers. These ciphers use a table such as the one shown here and the key is the letter of the row or column used for the encryption.

With such a scheme, one can actually embed the key within the message so that it’s not necessary for the recipient to know the key in advance. This makes messages somewhat safer because a different key can be used for each message. The recipient need only construct a table like the one shown to enable decoding.  And it’s also possible to change the key in the middle of the message. Though the polyalphabetic cipher is mathematically no more secure than a simple substitution cipher, using different keys each time means that the code breaker’s job isn’t “one and done.”

So how would this type of encryption be used in practice? Let’s say you chose “F” as your key.  Then you’d use the row beginning with “F” for the encoded text and the top row for the clear text. So a general’s simple message to his commanders“Attack their right flank”would be encoded as “Ffyyfhp ymjnw wnlmy kqfsp.” The first letter of the message tells the recipient what key to use and is a throw-away, with the letters following comprising the first actual word of the message.

Now let’s say a spy in the field needs to send a somewhat more complex message to his master, but wants to make it as secure as possible because lots of lives depend on it, so he varies the key within the message. The coded message would read:  Txgxfr lmkhxk matg px lahnzal. Cvgp ujkru uckn kp hkxg fcau. Hvyklyz hyl ahrl uv wypzvulyz. The recipient would start with a key of “T” and decode the first sentence to “Enemy stronger than we thought.” Then when he hits the next word (Cvgp), that decodes to “Jcnw,” which isn’t a word, so he knows that the “C” is a new key and decodes the second sentence to “Ten ships sail in five days.” The same thing happens with the next word, so the recipient uses the “H” key to decode “Orders are take no prisoners.”

If you look carefully at the construction of the table, you’ll see it doesn’t matter if you work row-wise or column-wise for either the encoding or decoding—the results will be identical. And it also doesn’t matter what language you use because the table can be constructed with whatever alphabet is appropriate for that language, and characters with accents or diacritical marks can also be included.

Given that the Arab conquest of the Iberian peninsula began in 717 and Arab knowledge began to make its way into the rest of Europe over the 9th and 10th centuries, tales set in the late middle ages or after could certainly incorporate these techniques. Tales set in the Arab world could use them much earlier.

There’s no doubt that, with either of these techniques, people would often double—or even triple—encode messages. So if Caesar’s coded message had read “Zusuxxuc ck ixuss znk Xahoint,” that would decode to “Wrpruurz zh furpp wkh Uxelfrq,” and finally, “Tomorrow we cross the Rubicon.” Mathematically, multiple encodings of this type are no more secure than a single one. But at least having to decode multiple times would slow the code breaker down just a little—possibly adding to the dramatic tension and/or the characterization of the code breaker.

Many other encryption techniques developed over time—perhaps a good topic for a follow-on article.

Pamela Taylor’s inspiration for her first book turned out to be that final straw that pushed her to leave the corporate world behind for the world of words and imagination. Now an author and an editor, she loves helping others polish their stories almost as much as she enjoys writing her own. She’s a member of the DFW Writers Workshop and the Editorial Freelancers Association and is in her second year on the judges panel for the Ink & Insights Contest. You can learn more about her books at, and about her editing services at

Enjoyed this article?