Cryptanalysis — the science of breaking codes — has a deep and consequential Bayesian history. Alan Turing's work at Bletchley Park during World War II was explicitly Bayesian: he developed the concept of "weight of evidence" measured in bans and decibans, used sequential likelihood ratio tests to evaluate Enigma key hypotheses, and built electromechanical devices (Bombes) that implemented Bayesian search over the key space. This work, which shortened the war by an estimated two years, represents one of the most impactful applications of Bayesian reasoning in history.
Turing's Banburismus
Banburismus was a manual Bayesian procedure used to reduce the number of Enigma rotor settings that needed to be tested on the Bombes. By comparing pairs of intercepted messages believed to be encrypted with related settings, Turing accumulated evidence for each possible rotor order using a scoring system based on the logarithm of the likelihood ratio — the "ban," defined as a factor of 10 in the odds, and the "deciban," one-tenth of a ban.
Sequential Accumulation Total weight = Σᵢ wᵢ [sum of decibans from each observation]
Decision Rule Accept H if total weight > threshold (e.g., +15 decibans ≈ odds 30:1)
Reject H if total weight < negative threshold
This is precisely the sequential probability ratio test (SPRT) that Abraham Wald would later develop independently, publish, and prove optimal. Turing's priority, classified for decades, was one of the great unrecognized achievements of applied statistics. The Banburismus procedure saved approximately one day of Bombe time per naval Enigma key, a contribution that directly affected the Battle of the Atlantic.
I. J. Good, Turing's statistical assistant at Bletchley Park, became one of the most influential Bayesian statisticians of the twentieth century. Good later wrote extensively about the Bayesian foundations of cryptanalysis, popularized the concept of Bayes factors (which he called "Bayes-Turing factors" in acknowledgment of their wartime origins), and developed the theory of weight of evidence that Turing had used intuitively. Good's work formed a bridge between wartime cryptanalysis and the postwar Bayesian revival.
The Bayesian Framework for Code-Breaking
Modern cryptanalysis of classical ciphers uses Bayesian methods explicitly. For a substitution cipher, the key is a permutation of the alphabet, and the likelihood of a proposed key is the probability that the decrypted text looks like natural language — measured by character frequencies, bigram frequencies, or language model probabilities. MCMC methods explore the space of possible keys, with the Metropolis-Hastings algorithm proposing key swaps and accepting or rejecting them based on the change in likelihood.
P(ciphertext | key) = ∏ P(bigram_i in decrypted text) [language model]
P(key) = 1/26! [uniform prior over permutations]
This approach, demonstrated in influential papers by Diaconis and others, can crack substitution ciphers automatically in seconds — a task that would require hours of manual frequency analysis. The same principle extends to transposition ciphers, polyalphabetic ciphers, and even unknown cipher types where the cipher structure itself is a model to be inferred.
"I should like to put in a plea that in just this one subject, instead of proceeding by the usual Neyman-Pearson theory, we should go back to the principles of Bayes and Laplace, which underlie many of the most successful applications of statistics — including the one that helped to win the war." — I. J. Good, reflecting on cryptanalytic methods
Modern Cryptanalytic Applications
While modern cryptographic systems (AES, RSA, elliptic curves) are designed to resist all known attacks, Bayesian methods remain relevant in several areas. Side-channel analysis uses Bayesian inference to recover secret keys from power consumption, electromagnetic emissions, or timing measurements. Bayesian profiling attacks combine a priori device characterization with observed leakage to extract keys with fewer measurements. And in the analysis of weak or improperly implemented cryptography — still common in legacy systems and IoT devices — Bayesian approaches to key recovery and plaintext scoring remain standard tools.
Bayesian Methods in Steganography and Traffic Analysis
Beyond cipher-breaking, Bayesian methods detect hidden communications (steganography) by comparing the statistical properties of images or audio files to models of cover media and stego media. Bayesian traffic analysis infers communication patterns from metadata — who contacts whom, when, and how often — using hierarchical models that separate routine behavior from anomalous patterns of interest.