|
Enigma is the name of a family of ciphering machines made famous by their use in World War II and the successful solution of the cipher by Allied codebreakers. This article discusses the techniques for solving Enigma and the historical circumstances in which they were developed and applied. See Enigma machine for a description of the machine itself, and Ultra for a discussion of the intelligence gained from reading Enigma. Strengths of Enigma Enigma was designed to defeat basic cryptanalysis techniques by continually changing the substitution alphabet. Like other rotor machines, it implemented a polyalphabetic substitution cipher with a long period. With single-notched rotors, the period of the machine was 16,900 (26 × 25 × 26). This long period helped protect against overlapping alphabets. The Enigma machines added other possibilities. The sequence of alphabets used was different if the rotors were started in position ABC, as opposed to ACB; each rotor had a rotatable ring which could be set in different positions, and the starting position of each rotor was also variable. Most of the military Enigmas also featured a plugboard (German: Steckerbrett) which exchanged letters. Even so, this complex combination key could be easily communicated to another user, comprising as it did only a few simple items: rotors to be used, rotor order, ring positions, starting positions, and plugboard connections. Potentially this made the Enigma an excellent system. Involution The fact that encipherment was the same operation as decipherment was, at the time, considered to be an advantage of the Enigma. The most common versions were symmetrical in the sense that decipherment works in the same way as encipherment — when one types in the ciphertext, the sequence of lit lamps corresponds to the plaintext. However, this works only if the deciphering machine has the same starting configuration (that is, rotor choice, sequence, alphabet ring settings, and initial positions) as had the enciphering machine. These changed regularly (at first monthly, then weekly, then daily and even, toward war's end in some networks, more often) and were specified in key schedules distributed to Enigma users. Security properties The various Enigma models provided different levels of security. The presence of a plugboard (Stecker) substantially increased the complexity of the machine. In general, unsteckered Enigma could be attacked using hand methods, while breaking versions with a plugboard was more involved, and often required the use of machines. The Enigma machine had a number of properties that proved helpful to cryptanalysts. First, a letter could never be encrypted to itself (with the exception of the early models A and B, which lacked a reflector). This was of great help in finding cribs — short sections of plaintext that are known (or suspected) to be somewhere in a ciphertext. This property can be used to help deduce where the crib occurs. For a possible location, if any letter in the crib matches a letter in the ciphertext at the same position, the location can be ruled out; at Bletchley Park, this was termed a "crash." Another property of the Enigma was that it was self-reciprocal: encryption is performed identically to decryption. This imposed constraints on the type of scrambling that Enigma could provide at each position, and this property was used in a number of codebreaking methods. A weakness of many Enigma models was that the rightmost rotor turned a constant number of places before the next rotor turned. Apart from the less-than-ideal inherent characteristics of the machine, the way Enigma was used proved its greatest weakness in practice. Mistakes by operators were common, and a number of the officially-specified procedures for using Enigma provided avenues for attack. It has been suggested by some of those working on its cryptanalysis at Bletchley Park that the Enigma would have been unbreakable in practice had its operators not been so error-prone, and had its operating procedures been better thought out. Post-war debriefings of German cryptographic specialists, conducted as part of project TICOM, tend to support this view - German cryptographers were well aware that Engima was theoretically breakable, but felt that the resources required to mount a purely mathematical brute-force attack on the system would require too much effort to be worthwhile. Had they considered the potential consequences of widespread operator error and poor procedure, it is likely that compromising Enigma would have proved impractical. Unsteckered Enigma The unsteckered Enigma — Enigma without a plugboard — was solved relatively easily. The British read messages sent during the Spanish Civil War, and also read some Italian traffic enciphered early in World War II (see Ultra). Solution before World War II In the early 1930s, the German Army began using an Enigma with a plugboard, greatly increasing its security. While British and French cryptanalysts had no success with this version of Enigma, their Polish counterparts, starting with the work of Marian Rejewski, were able to solve the rotor wiring and read German Enigma traffic. Breakthrough
Cryptologic bomb Analysis of thousands of possibilities represents a vast human effort, if done by hand. To help in this, Marian Rejewski about October 1938 invented an electro-mechanical device which was dubbed the "cryptologic bomb": the name originated from the characteristic muffled noise it produced when operating; alternative names puckishly given the device by Polish Cipher Bureau personnel were "washing machine" and "mangle." The French and British later modified the spelling to "bombe." In mid-November 1938 the Polish bombs were ready, and reconstruction of daily keys went on apace. Rejewski has written about the device: "The bomb method, invented in the fall of 1938, consisted largely in the automation and acceleration of the process of reconstructing daily keys. Each cryptologic bomb (six were built in Warsaw for the Cipher Bureau before September 1939) essentially constituted an electrically powered aggregate of six Enigmas. It took the place of about one hundred workers and shortened the time for obtaining a key to about two hours." (Rejewski, in Kozaczuk, Enigma 1984, p. 290.) The Poles were able to decrypt a large portion of German Enigma traffic from December 1932. Rejewski had been aided in his reconstruction of Enigma's wiring by documents obtained by French military intelligence from an agent in Berlin (Hans Thilo-Schmidt, codenamed Asché by the French) who had access to Enigma key-schedules and manuals. However, in 1939 the German Army increased the complexity of its Enigma operating procedures. Initially only three rotors had been in use, and their sequence in the slots was changed periodically. Now two additional rotors were introduced; three of the five would be in use at any given time. The Germans also stopped transmitting a twice-enciphered individual three-letter message setting at the beginning of a message, thus putting an end to one of the Poles' original methods of cryptological attack. As Rejewski wrote in a 1979 critique of appendix 1, volume 1 (1979), of the official history of British Intelligence in the Second World War, "we quickly found the wirings within the new rotors, but their introduction ... raised the number of possible sequences of drums from 6 to 60 ... and hence also raised ten-fold the work of finding the keys. Thus the change was not qualitative but quantitative. We would have had to markedly increase the personnel to operate the bombs, to produce the perforated sheets ..." "Enigma doubles" Polish intelligence had been reading Enigma-generated cryptograms since December 1932. Subsequent modifications in the machine and its operating procedures caused periodic "blackouts" requiring the Poles (and, after July 1939, also the British) to find new ways of breaking into the ciphers. In April and May 1939 Poland contracted military alliances with Britain and France. The Poles, realizing the pace and direction of changes in the European political situation, decided in mid-1939 to share their work. At a conference in Warsaw on July 25, 1939, they pledged to give the French and British each a Polish-reconstructed Enigma, along with details of Enigma-solving techniques that they had developed, such as Zygalski's "perforated sheets" and the "cryptologic bomb" (Polish: bomba kryptologiczna). The two "Enigma doubles" were shipped to Paris, whence Gustave Bertrand brought one to London for the British, turning it over at Victoria Station, as he was to recall in his Enigma, to Stewart Menzies of Britain's Secret Intelligence Service. Until then, German military Enigma traffic had utterly defeated the British and French, and they had faced the disturbing prospect that German communications would remain "black" to them for the duration of the coming war. Caught between two giants During the German invasion of Poland in September 1939, key Cipher Bureau personnel were evacuated southeastward and — after the Soviets invaded eastern Poland on September 17 — into Romania, on the way destroying their cryptologic equipment and documentation. Eventually, crossing Yugoslavia and still-neutral Italy, they reached France. There, at PC Bruno outside Paris, they resumed their work on breaking German Enigma ciphers, continuing it into the subsequent Battle of France. Several months before the German invasion of France, in January 1940, British mathematician Alan Turing came to Bruno for several days to confer with his Polish mathematician colleagues. After the French-German armistice, the Polish Cipher Bureau continued its work in France's southern "Free Zone" (Vichy France) and in French Algeria, at constant risk of discovery and imprisonment or worse. When Germany took over Vichy France in November 1942, the Poles once again had to flee. The Cipher Bureau's chiefs, Colonel Gwido Langer and Major Maksymilian Ciężki, and some of the technical staff were captured by the Germans but, despite extensive interrogation, managed to preserve the secret of Enigma decryption. The mathematicians Marian Rejewski and Henryk Zygalski, after a perilous odyssey that took them across France, into a Spanish prison, to Portugal and at last by ship to Gibraltar, finally made it to Britain. (The third mathematician, Jerzy Różycki, had perished in the sinking of a passenger ship while returning in 1942 to southern France from a tour of duty in Algeria.) In Britain, Rejewski and Zygalski were inducted as privates into the Polish Army. Eventually they were promoted to second lieutenant, then lieutenant, and put to work breaking German SS and SD ciphers at a Polish signals facility in Boxmoor; they were not invited to work on Enigma at Bletchley Park. Until 1945, numerous enhancements were made to the system, although the Germans considered it unbreakable for all practical purposes. See also: Cyclometer , Perforated sheets. World War II British codebreakers had adopted the Polish Enigma-breaking techniques, but had to remain alert to German cryptographic advances. The German Army had changed its practices (more rotors, a more secure indicator system, etc.). The German Navy — some of whose Enigma ciphers the Poles had broken — had always used more secure procedures. The Herivel tip (also known as Herivelismus), suggested by John Herivel, was an effect which relied on operators failing to choose a random rotor positions for their indicators after changing the rotor ring settings, effectively sending the ring settings almost in the clear. German Army and Air Force Enigma-machine operators also gave the decrypters immense help on a number of occasions. In one instance an operator was asked to send a test message, and simply hit the T key repeatedly and sent the resulting letters. A British analyst received from the intercept stations a long message without a single T in it, and immediately realised what had happened. In other cases, Enigma operators would constantly use the same settings as message keys, often their own initials or those of girlfriends (called "cillies," after an operator with the apparent initials "C.I.L."). Analysts were set to finding these messages in the sea of intercepts every day, allowing Bletchley to use the original Polish techniques to find the initial settings for the day. Other German operators used "form letters" for daily reports, notably weather reports, in which case the same crib might be used every day. The bombe
Naval Enigma Kriegsmarine procedures were much more secure, and the Navy Enigma variant featured a set of eight rotors from which the three operating ones were selected. This meant that there were 336 possible rotor combinations alone. Bletchley Park made no useful headway into Kriegsmarine Enigma until mid-1940 with the capture of the armed trawler, Polares. The latter yielded enough intact cryptographic material that by June or July 1940, Hut 8 at least knew what content to expect in Kriegsmarine messages, and knew the details of the encipherment and decipherment procedures. However, the 336 possible rotor selections, together with a lack of usable cribs, made the usual cryptanalysis methods almost useless. Hut 8 therefore developed "Banburismus," a method using Bayesian statistics to derive a bombe menu from the "message settings" rather than the messages themselves. In doing so, they would identify at least the rightmost rotor being used in the cipher that day. If Hut 8 were lucky, they managed to identify the rightmost and middle rotors, leaving only six wheel orders to be run on the bombes. Later in the war, British codebreakers learned to fully exploit a crucial security flaw associated with German weather reports: they were broadcast from weatherships to Germany in lower-level ciphers, easy to decrypt, then retransmitted to U-boats at sea in Enigma, thus giving Bletchley Park regular cribs. This was crucial in attacking the special four-rotor U-boat Enigma machine introduced in 1942. Cipher material was captured at sea. The first capture of Enigma material occurred in February 1940, when rotors VI and VII, the wiring of which was at that time unknown, were captured from the crew of U-33. On May 7 1941, the Royal Navy captured a German weather ship, together with cipher equipment and codes. They did it again shortly afterwards. And two days later U-boat U-110 was captured, complete with Enigma machine, codebook, operating manual and other information. As a result, Naval Enigma was readable directly through the end of June, and from then on Banburismus allowed it to be read fairly continuously until newer, faster Bombes rendered the procedure unnecessary in mid-1943. In addition to U-110, Naval Enigma machines or settings books were captured from a total of 7 U-boats and 8 German surface ships, including U-boats U-505 (1944) and U-559 (1942), two German weather-reporting trawlers, and a small vessel (the Krebs) captured during a raid on the Lofoten Islands off Norway. Several other imaginative techniques were dreamed up, including Ian Fleming's suggestion to crash captured German bombers into the sea near German ships, hoping the planes' crews would be rescued by the ships' crews, which would then be taken captive, along with the ships' cryptographic materials, by commandos concealed in the planes. In order to solve Naval Enigma, both Britain and the US, but particularly the US, produced four-wheel bombes that could rapidly test thousands of possible keys. The American efforts on the M4 Enigma were lead by Joseph Desch, an engineer working for the National Cash Register Corporation. German suspicions about Enigma security By 1945, almost all German Enigma traffic (Wehrmacht, Kriegsmarine, Luftwaffe, Abwehr, SD, etc.) could be decrypted within a day or two, yet the Germans remained confident of its security. They considered Enigma traffic sufficiently secure that they openly discussed their plans and movements, handing the Allies huge amounts of information, not all of which was properly used. For example, both Rommel's actions at the Kasserine Pass, and German preparations for the Battle of the Bulge were clearly foreshadowed in decrypted Enigma traffic, but the information was not properly appreciated in either case. After the war, American TICOM project teams found and detained a considerable number of German cryptographic personnel. Among the things the Americans learned was that German cryptographers, at least, understood very well that Enigma messages might be read; they knew Enigma was not unbreakable. They just found it impossible to imagine anyone going to the immense effort required. When Abwehr personnel who had worked on Fish cryptography and Russian traffic were interned at Rosenheim around May 21, 1945, they were not at all surprised that Enigma had been broken, only that someone had mustered all the resources in time to actually do it. Admiral Dönitz had been advised that that was the least likely of all security problems. After World War II Modern computers can be used to solve Enigma using a variety of techniques. There is even a project to decipher some remaining messages * using distributed computing. Notes | |||||||||||
|
| ||||||||||||
 |
|
| |