1

CS349 Cryptography

Department of Computer ScienceWellesley College

Cracking the Enigma

Rotor machines

Enigma 3-2

Mechanization of secrecyo Advances in cryptanalysis

prompted the need formore secure (read morecomplex) cryptosystems.

o However, the weakest linkin any cryptosystem isgenerally the people whouse it.

2

Enigma 3-3

Cipher diskso The Confederate Alberti

disk may be thought of asa mechanized Caesarcipher.

o However, it can also beused in a manner that isfunctionally equivalent tothe Vigenere cipher.

Enigma 3-4

Rotor machineso Shortly after the first

world war, the German firmof Scherbius and Ritterdeveloped an electronicversion of the Alberti disk.

o Typing a “b” on the keyboardcauses a current to flowthrough the scrambler andemerge on the other side toilluminate the “a” light lamp.

3

Enigma 3-5

Adding an element of Vigenereo Every time a letter is typed

into the keyboard andencrypted, the scramblerrotates by one place.

o After one rotation, result oftyping a “b” is functionallyequivalent to first shifting“b” back one position, passingthrough the scrambler, thenshifting the result forwardone position: ci = pi p-i R pi.*

*Here pi = ith plaintext, ci = ithciphertext, pi = shift rotor by ipositions, and R is scrambler.

Enigma 3-6

Adding a second scramblero With only one scrambler,

there are only 26 distinctstarting positions.

o This is not a key spacethat is likely to worryeven the dimmest wattbulb.

4

Enigma 3-7

Commercial Enigma machineso Commercial Enigma

machines had three rotorsand a reflector.

o The reflector is acomplication illusoire. Butit serves an important rolenever the less.

Enigma 3-8

Wehrmacht Enigma machineso The number of keys with

three rotors is 263 =17,576.

o A dozen determinedcryptographers couldsearch the entire space ina day.

o Early Wehrmachtmachines were providedwith removable,interchangable rotors anda plugboard.

5

Enigma 3-9

Enigmao Packaged up and weighing

in at about 12 kilos,thousand of Enigmas weredistributed throughoutthe German army by thestart of World War II.

o An Enigma emulator maybe found athttp://www.ugrad.cs.jhu.edu/~russell/classes/enigma/enigma.html

Enigma 3-10

Alan Turing meets Enigmao The best and the

brightest were brought toBletchley Park to breakthe code.

6

Enigma 3-11

The method of isomorphso The action of the three scramblers may be described as

o Combining this with the action of the reflector,

where

†

S(i1 ,i2 ,i3 ) = p-ii RN pii - i2 RM pi2 - i3 RL pi3

†

ci = piS(i1 ,i2 ,i3 )US( i1,i2,i3 )

-1

= pi(p-i1 RN pi1 - i2 RM pi2 - i3 RL pi3 )U(p-i1 RN pi1 - i2 RM pi2 - i3 RL pi3 )-1

= pi(p-i1 RN pi1 )U(i1 ,i2 ,i3 )(p-i1 RN pi1 )-1

†

U(i1 ,i2 ,i3 ) = p-i2 RM pi2 - i3 RL pi3Up-i3 RL-1pi3 - i2 RM

-1 pi2

Enigma 3-12

Rotated alphabetso The relationship

implies

o In other words, and

are isomorphic sequencesduring period that theother rotors remainstationary.

†

ci = pi(p-i1 RN pi1 )U(i2 ,i3 )(p-i1 RN pi1 )-1

†

ci(p-i1 RN pi1 ) = pi(p- i1 RN pi1 )U( i2 ,i3 )

†

pi(p-i1 RN pi1 )

†

ci(p-i1 RN pi1 )

7

Enigma 3-13

Meet in the middle attacko A probable word is compared

with a fragment of thecryptotext:r e c o n n a i s s a n c e

U P Y T E J O J Z E G B O T

o We test whether rotor I is thefastest moving by encoding thethe operation ofon each the plaintext andciphertext pair.

†

p-i1 RN pi1

Enigma 3-14

A direct hito The involutory property is

confirmed in row i=2 bothconfirming rotor I as the fastrotor RN,

o . . . and yielding 14 pairs of entryand exit characters for thenext round*:j g m g f u h r w c n s e w

U Z C Z B J O T A M Q E S A

*In practice, a prefabricated catalogue with 2 x 262 = 1352 entries list all with corresponding rotor positions was used.

†

U(i2 ,i3 )

8

Enigma 3-15

Investigation in partso The analysis above is

based on the assumptionthat the medium rotor RMdoes not move.

o If it does, then thepseudo-reflector ischanged and theinvestigation decomposesinto two parts withoutbecoming essentially moredifficult.

Enigma 3-16

Alan Turing deals with the plugboardo He began by postulating the position of a “crib”. In this,

he was aided by that fact that no letter ever encipher toitself.

o For example, does the following crib match the givenciphertext?Crib: w e t t e r n u l l e c h s

CIPHER: I P R E N L W K M J J S X C P E J W Q

9

Enigma 3-17

Turing loopso Next, he constructed a list of internal loops linking

plaintext and ciphertext characters.

Enigma 3-18

Turing Bombeso A consequence of the loop

is to nullify the effect ofthe plugboard.

o Sixty Enigma machineswere set up, one for eachof the ways of arrangingthe five rotors takenthree at a time.

o These sixty machinesclicked around in unisonuntil a circuit wascompleted and the lightilluminated.

10

Enigma 3-19

Successo Once the correct

scrambler arrangementsand orientations had beenestablished, finding theplugboard cabling was apiece of cake.

o By the end of 1942, 49bombes were clickingaround the clock.

Enigma 3-20

The Kriegsmarine remained a problemo Naval Enigmas had eight,

not five scramblers andthe reflector wasadjustable.

o Naval operators werecareful not to sendstereotypical messages,depriving Bletchley ofcribs and used a moresecure system forexchanging keys.