Null Cipher Concealment by selective reading · ancient → modern
Spell the secret with every Nth letter of every Mth word. Trivial when noticed; surprisingly hard to notice.
Why This Matters
The null cipher is older than any cipher recognised by name. Roman correspondents are documented hiding instructions in the first letters of innocuous-looking poems; medieval monks did the same in marginalia and acrostics; Renaissance humanists turned the technique into a literary game.
Operationally it returned to prominence in the world wars. Allied and Axis prisoners both used null ciphers in censored letters home; the most-cited example is the German U-boat commander's letter that read, taking every fifth word, FATHER IS DEAD — a status report, not a bereavement notice. American POWs in Vietnam hid blink patterns and word-position nulls in propaganda interviews. Cold-war espionage frequently used newspaper classifieds as null carriers.
Pick a position rule. The simplest is first letter of every word:
Carrier: Help Every Little Pup Hidden : H E L P
The demo on this page builds carrier sentences from a dictionary of common English words and selects ones whose chosen letter matches the next character of your secret. Position keys it accepts:
first— first letter of each word (default)last— last letter of each word2,3, … — Nth letter of each word
When no real word fits a needed letter, the demo fabricates a plausible-looking filler so the round-trip always closes. In real use a writer would simply rewrite the carrier sentence around the constraint.
Once a censor suspects a letter, they read the first letters, then the last letters, then every second letter, and so on. Within a few minutes any single-rule null cipher is exposed.
Because the carrier is constrained to spell something, its letter and word-length distributions drift away from natural English. Bletchley-era censors maintained statistical baselines for ordinary correspondence and flagged outliers.
The null cipher is the ancestor of every covert channel in computer security: timing channels, DNS-tunnel exfiltration, image-LSB steganography, even the way malware hides in CDN traffic. The mechanism is unchanged from the Roman version — pick a carrier nobody will look at, encode the secret in a property of the carrier nobody will measure.
The defensive lesson is also unchanged. Defenders cannot watch every field of every packet, so attackers have rich choices for where to hide. Best modern practice is to assume covert channels exist and to design protocols that minimise the bandwidth available for them — not to chase every clever new carrier.
| Origin | Roman & medieval correspondents |
| Notable uses | Bacon's Advancement of Learning; WWII POW letters; spy classifieds |
| Key Type | Position rule — first/last letter, Nth letter, Nth word, … |
| Family | Steganography (concealment cipher) |
| Modern Lesson | A hidden message that nobody looks for is, briefly, secure |