October 2, 2022

Why Don't NFL Teams Encrypt Their Signals Better?

Yesterday the National Football League punished the New England Patriots and their coach, Bill Belichick, for videotaping an opposing team’s defensive signals. The signals in question are used by coaches to tell their on-field defensive unit how to line up and which tactics to use for the next play. The coach typically makes hand signals and arm movements that the on-field players know how to interpret. (The offense also needs to send signals to players from the sidelines before each play, but they use radios.) The opposition gets an advantage if they know what play is coming, so they will try to figure out what the signals mean.

This is essentially a weak form of cryptography. The coaches apply a kind of encryption to translate the desired play into a ciphertext, which is a sequence of hand and arm movements. They transmit the ciphertext (by making the indicated movements) to the on-field players, who then decrypt it, recovering the original play that the coaches wanted to send. An adversary who can see the ciphertext is supposed to be unable to recover the original message.

I don’t know what systems NFL teams use, but Belichick and the Patriots apparently thought they had a chance of breaking their opponents’ code.

There’s an interesting technical problem here: how to encrypt defensive plays into sideline signals securely, in a way that’s practical for real coaches and players in a game situation. I can think of at least one solution that is secure and practical. (Exercise for geeky readers: How would you do this?)

You might think that any solution would be too complicated for a mere football player to decode. If you think that, you’re underestimating the players involved. NFL defensive captains already cope with complex information and plans, and their teams’ current signaling systems already require decoding of symbols. Clever solutions can be pretty simple.

Crypto applies not only to designing a team’s signals, but also to analyzing rivals’ signals. Who will be the first NFL team to hire a cryptographer?


  1. Yesterday I saw a headline on CNN saying that NFL players will now have encrypted headsets (likely just receivers) in helmets (at least on the defence).

    They also mentioned “268 million combinations”. Since 28 bit crypto will have 268,435,456 combinations, I suspect that it does use 28-bit crypto. First time I LOL’ed on a CNN story.

    To answer your question, why don’t they use better crypto? Its run by jocks, duh!

  2. According to a friend of mine this is how the football signals were done:

    Three coaches send anywhere between 1 and 3 signals
    1 coach is the actual one to listen too – and that changes through the game
    and one signal of the few that coach gives is the actual signal – everything else is not important.

    Which is different in baseball because one can assume, which runner the coach is listening too fairly easily.

    So how was it broken with 3 coaches signaling and each throwing bad signals it seems like in theory this would be hard to break.

  3. Tom Bylander says:

    One kind of approach that I’ve thought about for the baseball signal is for the pitcher to signal a number that the catcher uses to call the pitch. A 1, 2, or 3 from the pitcher could indicate that it should be the first, second, or third signal from the catcher, or the pitcher signals i and the catcher signals j to get pitch (i+j)mod n (or something like that).

    The security would be that no one person on the other team could see both signals, and there wouldn’t be enough time to process and communicate the result to the batter.

    Something similar could work for football, too.

  4. Not only does Baseball have a more advanced cryptographic environment, steganography isn’t unheard of.

    A college baseball coach [in Arizona, IIRC] had a brilliant system of signaling to his players: There were three guys on his bench, one whose last name began with B, one H, and one S. These players would stand up against the rail to signal a bunt, hit or steal. Meanwhile, the team’s third base coach was busy “signaling” up quite a storm of gibberish.

    I imagine part of the success of this method involved the fact that colleges don’t trade players, and the reticence of professionals to rat out their old coach.

  5. How limited is the universe of defense plays? I’d think that the general shape of the defense might be relatively small, but that the space of modifiers (what to do if the offense isn’t doing what you think, tactics for particular offensive players in particular situations etc) might be rather large. Some of this will of course be in the players’ heads already, but it would be interesting to know how much the signals represent a language rather than a lookup.

  6. john erickson says:

    Former coach Bill Parcells has stated the solution at least twice on air, once immediately when the story broke and once on the ESPN Radio/tv simulcast: linebackers should use armbands (like the quarterbacks already do) and switch the bands during the game. This is indeed the one-time pad approach, in the sense that one or a few codewords are being related to specific plays.

    The problem is that many defensive coordinators (including the Patriots) are very clever, not “showing” their defense in the traditional sense (or giving false shows) before the snap. So the offensive coordinators are trying to get more clues, such as figuring out the calls from the sidelines. There are a limited number of defensive sets, so even if the approach above is used, the “guys in the booth” will still be able to fill out much of the table in a half…

    Finally, Brett Farve pointed out a deception that the Packers often employ: fake calls at the line. He’ll appear to check the current call, and give out well-known calls (West-coast offense) for the new play; it has made the difference at important times in the past.

  7. Yeah, I don’t think the system used today is particularly secure. Obviously it’s simple enough that the Patriots were able to decipher the system within the course of the game, and then record the signals and break them down in realtime. (As soon as the play starts, the signal given before the play is no longer valuable.)

  8. Baseball coaches change the key from time to time to fight “cryptanalysis”; they also do other things football coaches could easily adopt, like having multiple people signal from the sidelines and having only the batter (or runner) know whose signal is the operative one.

    Th strategic possibilities here seem interesting. It’s arguably more valuable for the offense to have the defense think it knows the play and be wrong, than it is for the defense to think it knows the play and be right. A smart team could exploit the knowledge that an opponent was stealing signs by sending false signals in order to gain the benefit of surprise – as the US Navy did to determine that Midway was in fact the target of a planned Japanese offensive in World War II (described briefly here: http://en.wikipedia.org/wiki/Station_Hypo).

  9. Rafe,

    What you’re describing is a just another form of encryption, where the “real” ciphertext is marked by some kind of (supposedly) unguessable delimiter. Such schemes have been tried in the past in traditional crypto settings, and they don’t provide much security.

  10. In practice, the way it often works in practice is there’s a “start the actual message” signal. The signaler sends in real signals that are to be ignored for a random amount of time, then sends the “start the message” signal, then sends the real signal.

  11. There are different ways to implement a one-time pad. In cases like this where the set of possible plaintexts (or elements combined to make a plaintext) is predetermined and not too large, you can use a table-based approach where the sender gives the coordinates of a cell in (say) a two-dimensional grid, and the receiver just looks in that box of the grid.

    This requires the receiver to have a small amount of written material, but that’s not a problem as some players already wear information-carrying wristbands, and anyway there are plenty of places on a player’s gear where you could stick the information. You can change the key by changing the wristband.

    This system has the advantage that decoding is extremely simple, and the on-field player doesn’t have to remember anything. Encoding requires a little bit of organization, to avoid reusing table entries, but that’s pretty easy and can be done by a sideline person.

    There are some more details you have to work out to make a practical system, but this should give the idea.

  12. This is the only blog on the planet where it’s always worthwhile reading all the comments.

  13. I’m just scared a real system might make things easily get out of sync. A simple one-time-pad I can imagine would be some well known phrase such as “I pledge allegiance to the flag of the…” If you could remember where you were in the sentence you could pull an attribute out of it (like does the word start with a letter A-M or N-Z) but you had better remember where you were. Of course if you could put up on a board which word in the phrase is the current keyword, that would assure everybody was in sync. In baseball, you could key it of the state of the game (innings, outs, strikes etc.) Football perhaps off what down it is or what yard line of the field you’re in. With a bit of work you might be able to figure something out.

  14. It seems like the bandwidth on this channel is rather low, so isn’t most of the work being done a form of compression rather than encryption? Is it as easy to compress a cyphertext as a cleartext?

  15. Ed,

    The problem i see with the one-time pad approach is that you expect sender and receiver to remember constantly changing keys.

    This is fine for information that can be processed slowly (or by CPU), but in real time (with no CPU), I would think it is better to have cripto fail (with communication still up) than have a player miss a key decision.

    I would think a possibility would be to use time/yard data as a key. For instance, if the ball is at the 49, you use the 4 to know that the 4th set of instructions is real. There is a lot of data that changes over time, which would provide an easy to use one-time pad, with little memorization.

    In the end it seems hard to deal with players changing teams, etc. Given we’re talking about the algorithm not the key…

  16. Seth,

    There are really simple systems based on a one-time pad approach — probably easier to follow than the systems they use now.

  17. Brad,

    This is one reason to use real encryption instead of an ad hoc solution. With real crypto, you don’t have to keep the algorithm secret. If somebody leaves your team, you just change the key.

  18. Per above comments, what sounds good on paper might not be robust on the field. And it’s hard to get any group of ordinary people to follow sound crypographic procedures – remember, how many people have their name or some simple word as their password, even though they’re repeatedly told not to do that?

  19. Is player-trading and needing to change the system frequently why the pro teams don’t just use playbooks and refer to the play formation by page number and color, i.e. “Blue 14!”

    Also what happened to the good old-fashioned huddle? I guess the ticking clock kind of puts a damper on that most plays…

  20. Problem is teams keep trading players, so you have to change your cryptosystem after every change, and you can’t just pick up an old one if the past players can easily identify it. So you need a system you can change very frequently, but which won’t cause players to get confused about what the system is that day. It’s not so easy. In addition, it must change during the game sometimes, since they will quickly figure out if it’s “take the 2nd sign” or anything consistent.

  21. Peter,

    Baseball-style multiple signals are just another form of encryption. Some football teams reportedly use them.

    As you suspect, they’re not secure: a good cryptanalyst could probably break such a system pretty quickly, given enough observations.

    Baseball signaling raises similar issues to football. There are some technical differences (fewer possible plays to distinguish in baseball, for example, and more players having to interpret them) but most of this post applies equally to baseball. And of course there is a rich history of sign-stealing in baseball.

  22. Sports crypto has already reached an advanced level in baseball, where the managers on both sides must tell their players what to do without a radio. Given the sheer number of bored eavesdroppers (a full dugout of them), a lot of effort goes into designing and breaking encryption schemes.

    Baseball also has the fun situation where the catcher and pitcher must agree on a pitch when a man is on second. The catcher sends 2 or 3 bits with a hand signal, the pitcher responds with a bit by nodding or shaking his head, and they continue until they agree – it is neat to watch their strategy change from plaintext-only to encrypted when a runner reaches second and they suddenly have an adversary who can read the messages going in one direction.

  23. Can’t they just do what baseball teams do in a similar situation? When runners are on base (esp 2nd) and able to see what sign the catcher is using, the catcher “throws” multiple signs knowing that he and the pitcher have agreed that it will be the “nth” sign that is the “real” sign. n can change every inning, or every batter, or every time they get a chance to chat with each other. Couldn’t the defense unit and the defense coordinator (or whoever is calling the plays on the football field) do something similar?

    I think the base coaches in baseball use something similar — they throw multiple signs — mostly gibberish — but the correct one is signified by the presence of some other validating sign. (“Only read me touching my cap as ‘bunt’ if I follow it 2 signs later by a swipe of my chest…”).

    I don’t know if either technique is ‘secure,’ but to my decidedly non-crypto mind, they seem good enough to be practical. 🙂

  24. Why doesn’t the NFL simply allow the defensive coordinator give the signals to the middle linebacker (or other designated player) over an encrypted radio link just like the offensive coordinator does for the QB? It’s a bit silly, really.