Breaking the WW2 German Enigma Historical APT Perspective Richard - - PowerPoint PPT Presentation

6/27/2019 1

Richard Brisson Email: richardbrisson@sympatico.ca

Historical “APT” Perspective

Breaking the WW2 German Enigma

6/27/2019 2

• Enigma Background …
• “Getting In”!
• “Staying In”!
• “Getting Back In”!
• “The Imitation Game” Movie – Some

facts, some fiction

Overview

6/27/2019 3

Arthur Scherbius patents Enigma in 1923

Early 20th Century Cryptography Rotor Machines

6/27/2019 4

6/27/2019 5

6/27/2019 6

1930’s - Enigma firm taken over by German Government & Military

Main Features

• Electro-mechanical device
• Keyboard
• Stecker or Plugboard
• 3 rotors - indexed I, II, III
• Mechanism for stepping the

rotors

• Reflector
• Lampboard

6/27/2019 7

• 26 spring loaded contacts on right face
• 26 flat contacts on the left face
• Rotors I, II, III - secret wiring/permutation
• Has a ring which has the letters/numbers for the reading

station and a single notch

• This notch ring can be rotated relative to the rotor itself

(26 positions)

Rotors

German Enigma

6/27/2019 8

German Enigma

6/27/2019 9

• 3 rotors are selected and inserted in a specific order

from left to right in the Enigma

• Rightmost rotor always single steps with every

keystroke

• Middle rotor will single step if a) its right neighboring

rotor’s notch is in the appropriate position, or b) its

• wn notch is in the appropriate position
• Leftmost rotor steps if the notch of the middle rotor is

in appropriate position

• On average, middle rotor steps every 26th keystrokes
• On average the leftmost rotor steps every 676th

keystrokes

Motion of Rotors

German Enigma

6/27/2019 10

• Returns the electrical impulse

back through the rotors (along a different path)

• Encryption process is reciprocal

=> If E(x | s) = y, then E(y | s) = x for any configuration/state “s”

• E(x | s) is never equal to x for any

state “s”.

Reflector

German Enigma

6/27/2019 11

6/27/2019 12

• Plugboard wiring (usually 6 or 10 plug wires) – daily
• Order of rotors – daily
• Relative location of notch ring to main rotor

(ringstellung) – daily

• Starting positions for 3 rotors (chosen at random by
• perator and typically changed for each message)

Enigma Cryptovariables

German Enigma

6/27/2019 13

German Enigma

6/27/2019 14

At the beginning of WW-II, the German military increases the number of available rotors from 3 to 5. In 1941, the Kriegsmarine increases the number even further from 5 to 8 with those numbered 6, 7 and 8 having two ring notches each.

WW-II Cryptography The German Enigma

German Enigma

6/27/2019 15

WW-II Cryptography The German Enigma

In 1941, the Kriegsmarine introduces a fourth functional rotor! That rotor is the leftmost with a now compressed reflector to its

• left. The 4th rotor is

typically red coded for which there are two to choose from.

German Enigma

6/27/2019 16

World War II

An urgent problem warrants a timely and effective plan to achieve the ultimate solution!

6/27/2019 17

Getting in …

How does the German Enigma work?

Work by the Poles in the 1930’s including:

• Acquiring a commercial version of Enigma;
• Benefitting from French information extracted from

a HUMINT source on Enigma (Hans-Thilo Schmidt – codename Asché);

• Correctly guessing the entry ring (alphabetical

sequence);

• Recovering the wiring for rotors #1, #2 and #3 in the

early 1930’s and rotors #4 and #5 just before WW2 in 1939;

• Weeks before the German invasion in 1930, the

Poles share their work/secrets with the French and British – suggestion by Gustave Bertrand …

6/27/2019 18

Getting in …

How does the German Enigma work?

• With the information obtained from the Poles, the Allies

completely understand the 3-rotor Enigma as used by the German Army and Luftwaffe;

• To exploit the Kriegsmarine Enigma messages, the

Allies had to recover the wiring of rotors #6, #7 and #8;

• Attempt to understand the variety of ways the German

elements impart knowledge of the starting positions for the rotors to initiate encipherment of actual plaintext messages (e.g. in the clear, grundstellung and double encipherment of starting positions, codebooks, etc.).

6/27/2019 19

Getting in …

Is it possible to cryptanalytically break Enigma?

Cryptanalytic work by the Poles in the 1930’s including:

• Exploited the twice enciphered indicator in the 3-rotor

Enigma to first recover the rotor wirings;

• Analyzed the cycle structure underlying the twice

encrypted indicators to exploit traffic – the analysis involved attempting all possible rotor combinations and starts (i.e. 6 * 17576 = 105,456) and seeing how many characters lit up in two interconnected Enigmas (with the second Enigma being 3 steps ahead of the first Enigma) – the number of lit characters is independent of ringstellung and stecker connections!

6/27/2019 20

Getting in …

Developing cryptanalytic attacks against Enigma

Attacks that were crib based rather than the focus on the twice encrypted indicators

• Use of stereotypical words or phrases in Enigma

messages;

• Advancing technological progress in regards to

hypothesis validation or rejection through rapid paced mechanical/electrical components;

• Taking advantage of a character never encrypting to itself

6/27/2019 21

Getting in …

• Bombe required a menu which was derived from matching

the plaintext from a crib to a specific position in cipher;

• Each Bombe ran against a specific rotor order and

exhausted all possible rotor positions against the supplied menu;

• Early Bombe runs assumed that only the rightmost rotor

stepped and none of the others to its left – so the length of the crib was critical! Long enough to not give too many false hits but not too long to greatly increase the probability of the middle rotor stepping. Apparently later Bombes took account of the possibility of the middle rotor stepping as well.

Development of the Cryptanalytic UK Bombe

6/27/2019 22

Getting in …

• The Bombe occasionally gave you an incorrect answer –
• therwise it gave only part of the right answer! It typically

provided a candidate solution that had to be secondary

• tested. If it was validated, it yielded the true rotor order,

initial rotor positions for the (crib, cipher) placement and

• ne stecker or plugboard value. So more work had to be

done to recover the rest of the Enigma settings!!!

• The Welchman diagonal board idea (which took advantage
• f the fact that the stecker was reciprocal) vastly improved

Bombe efficiency and was incorporated from the 2nd Bombe manufactured onwards;

• A key figure in the development of the UK Bombes was

Harold “Doc” Keene (electrical engineer).

Development of the Cryptanalytic UK Bombe

6/27/2019 23

Getting in …

• Observing and taking advantage of “CILLIES”;
• The Turing “EINS” catalog;
• Banburismus scoring methods developed by Turing.

Is it possible to cryptanalytically break Enigma?

Developing other cryptanalytic approaches and attacks:

6/27/2019 24

Staying in …

• Profile cribs based on network and users (actual plaintext

and where most likely in the ciphertext);

• Aided by “Traffic Analysis” developed by Gordon

Welchman.

After breaking the first few Enigma messages, what next?

Improving the cribs:

6/27/2019 25

Staying in …

• North African German post commonly having “Nothing to

report” as its daily plaintext message for Enigma encipherment – Allied Forces under strict orders not to go anywhere near this post and assuring that they intercept his Enigma message;

• Expand infrastructure and partnerships to intercept,

collect and forward Enigma traffic worldwide;

• “Intelligence Analysis” of decrypts and general “Traffic

Analysis” assist in focussing on prioritizing selection of Enigma messages to be submitted for breaking on Bombes.

After breaking the first few Enigma messages, what next?

Developing and/or managing opportunities:

6/27/2019 26

Staying in …

• Development of “ULTRA” clearance and the strict need-to-

know principle;

• Winterbotham’s book “The Ultra Secret” – Coventry …
• Kriegsmarine Enigma decrypts typically reported U-boat

positions based on fine grids of the North Atlantic – the Brits typically sent reconnaissance planes in their direction so that the U-boats would assume that they were spotted before they were attacked.

Once you break Enigma messages on a regular basis …

Developing and/or managing opportunities/risks:

6/27/2019 27

Getting back in …

• Have to recover the missing new components to 4-rotor

Enigma (new Beta and Gamma rotors as well as new selectable reflectors);

• Understanding the bigram and trigram tables for indicator

encipherment;

• Information sharing with Allies – U.S. develops a more

resilient and faster Bombes (e.g. codebreaking rotors rotate at about 1725 rpm compared to 120 rpm for the UK Bombes) – “Joe Desch story.

The Kriegsmarine adds a 4th functional rotor in 1942…

Moving towards a solution:

6/27/2019 28

“The Imitation Game” Movie …

• When Turing (Cumberbatch) has a Eureka moment at the

bar …

• The WW2 timeline focussed on the early war period and

the 3rotor Kriegsmarine Enigma – later shot of a 4-rotor Enigma …

• Acting on the first “actionable” decrypt … likely managed

between Menzies and Churchill …

• It appears that Turing designed, developed and built the

first Bombe …

• Was there an actual showdown at the Bombe Corral

between Turing and Denniston …

What’s between fact & fiction:

6/27/2019 29

Getting back in …

• Brits must have been flirting with that “fine tipping line”

as Dönitz initiated a study into what he considered abnormally high counts of U-boat casualties …;

• The Dieppe pinch raid hypothesis …

The Kriegsmarine adds a 4th functional rotor in 1942…

Moving towards a solution:

6/27/2019 30

Further Observations

• n the WW-II German Enigma

ULTRA shortened WW-II by at least two years … ULTRA became to be depended upon … “The Man who Never Was” TUNNY & Dr. Tutte

WW-II and Canada

William Tutte – Bletchley Park & Fish

TUNNY/FISH (Lorenz SZ42)

WW-II and Canada

William Tutte – Bletchley Park & Fish

November 1999 at Ottawa International Airport

6/27/2019 33

Suppose the same plaintext message is ciphered by Berlin for N = 100 different post …

1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 Message 1: W U W X C Q F A S L V M Z E M N L B I Z Z V B X B H F S F O N J B Z G Message 2: A L S V B P R G V Z R K Y F Z U B P Q Q I M W U Z H F B N T Z Y U L J Message 3: A L F C F T G O M H I T D G B V P W T E O Q Y V O A O D C G R B Q D D Message 4: R G Q U P K C M L G I M Z E A H V N Q Q G Z C J U E P L F P C Y P I B Message 5: F A A Y Q L O R A C E D I X O K J U S Q I M J A P C C U S C O K O X N Message 6: K Q U I H U G A R L W L L M C V O K P A L B D L T E D W L F U Q U A Q Message 7: K P V K V A W H A X E D U C Z G U Y U S V G G Y Z H R W A I L H P L E

. . .

Message 94: U I Q H T L P R I G G S H W O Y C C K L R F F Y Z V R Z Q W V K C H G Message 95: C L T U A P Q T Z C R X E G N M X A J L Q R Z V M B N M G E L U U N S Message 96: P S K Q Y B Y W Q K I S H K C H H S F X Y I I Z O P W I A U F V W C I Message 97: H O I C R Z X J W M X N O M C U N V T R U G G M U F D N G L Q Q W V U Message 98: K C P G T A K C T M X N O Y X O O W T Q U R M O J M T R A N X K Z K C Message 99: S F C N K H A W Q X B O A F M M K I Z G P R M C C H F M J T R Y S G N Message 100: L C B Y C E Y J W M K G W R S P M U T R V G S E R Q I G R C L H K F K

Messages are all 35 characters long

German Enigma

6/27/2019 34

Table below shows which letters that do not appear in each of the 35 columns … 1 1 1 1 1 1 1 1 1 Columns: 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 T H E M E I I S O B H I S T H C A T O J N P I S T 1 2 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 Columns: 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 E D H A C D E R L C I M E F R B M N S K S Y O T O U T

German Enigma

What is the plaintext message???

6/27/2019 35

Q & A

Richard Brisson Email: richard@campx.ca Web: www.campx.ca