Much of the cryptanalysis of SZ40 ciphertext described next is included in a Master's Thesis at U.C. Santa Barbara by Nitesh Saxena.
Depth (in ciphertext) occurs when two or more SZ40 ciphertexts yi (i = 1, 2,…) were intercepted in a period
The computation of the differences with depth Δ y1,2 ≡ y1 + y2 = Δx1,2, ≡ x1 + x2 eliminates the key. The differenced plaintext might be searched for probable words (cribs); for example,
For example, if the crib SPRUCHNUMMER might be slid across the differenced ciphertext; with the letter S in position j, the XOR of the crib and the difference plaintext produces putative plaintext:
The fragment of putative plaintext x2(j), x2(j + 1), x2(j + 2),…, x2(j + 8), x2(j + 9), x2(j + 10) is tested; if it is (grammatically) readable text, a hit has been obtained, which might reveal additional plaintext. With good luck, both plaintexts x1 and x2 may be read and the common key k used to encipher them recovered.
Early in the GCHQ SZ40 cryptanalysis, an interception of the near-repeat of a message of 4000 characters enciphered ...