Read Alan Turing: The Enigma Online
Authors: Andrew Hodges
Tags: #Biography & Autobiography, #Science & Technology, #Computers, #History, #Mathematics, #History & Philosophy
There was a practical advantage to this Enigma property. It meant that the deciphering operation was identical with the enciphering operation. (In group-theory terms, the cipher was self-inverse). The receiver of the message had only to set up the machine in exactly the same way as the sender, and feed in the cipher-text, to recover the plain-text. There was no need to incorporate ‘encipher’ and ‘decipher’ modes into the Enigma machine, which made its operation that much less liable to mistakes and confusion. But it was associated with a grave weakness, in that the substitutions thus performed were always of this very special kind, with the particular feature that no letter could ever be enciphered into itself.
This was the basic structure of the Enigma. But there was much more to the machine actually in military use. For one thing, the three rotors were not fixed in place, but could be removed and replaced in any order. Until late 1938 there was a stock of just three rotors, which therefore allowed a total of six arrangements. In this way, the machine offered 6 × 17576 = 105456 different alphabetic substitutions.
Obviously, the rotors had to be marked in some way on the outside so that the different positions could be identified. However, here entered yet another element of complexity. Each rotor was encircled by a ring bearing the 26 letters, so that with the ring fixed in position, each letter would label a rotor position.
*
(In fact, the letter would show through a window at the top of the machine.) However, the position of the ring, relative to the wirings, would be changed each day. The wirings might be thought of as labelled by numbers from 1 to 26, and the position of the ring by the letters A to Z appearing in the window. So a ring-setting would determine where the ring was to sit on the rotor, with perhaps the letter G on position 1, H on position 2, and so forth.
It
would be part of the task of the cipher clerk to make the ring-settings, and thereafter he would use the letters on the ring to define the rotor-settings. From the cryptanalyst’s point of view, this meant that even if it were openly announced that rotor-setting ‘K’ was being used, this would not give away what at Bletchley they would call the
core-position
– the actual physical position of the wiring. This could only be deduced if the ring-setting were also known. However, the analyst might know the
relative
core-positions; thus settings K and M would necessarily correspond to core-positions two places apart. So it was known that if K were at position 9, then M would be at position 11.
The more important complicating feature, however, was the attachment of a
plugboard
. It was this that distinguished the military from the commercial Enigma, and made it something that had unnerved the British analysts. It had the effect of performing automatically an extra swapping of letters, both before entering the rotors, and after emerging from them. Technically, this was achieved by attaching wires, with plugs at each end, into a plugboard with 26 holes – rather like making connections on a telephone switchboard. It required ingenious electrical connections, and the use of double wires, to have the required effect. Until late 1938, it was usual in the German use of the machine to have only six or seven pairs of letters connected in this way.
Thus with the rotors and reflector of the basic machine in such a state as to effect the substitution
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
C O A I G Z E V D S W X U P B N Y T J R M H K L Q F
and with the plugboard wires set up to Connect the pairs
(AP) (KO) (MZ) (IJ) (CG) (WY) (NQ),
the result of pressing the A key would be to send a current through the plugboard wire to P, then through the rotors and out again to N, then through the plugboard wire to Q.
Because
of the symmetrical use of the plugboard both before and after the passage of the current through the rotors, it would preserve the self-inverse character of the basic Enigma, and the feature that no letter could be enciphered into itself. If A were enciphered into Q then, in the same state of the machine, Q would be enciphered into A.
So the plugboard left unaffected this useful – but dangerous – aspect of the basic Enigma. But it enormously increased the sheer number of states of the Enigma machine. There would be 1,305,093,289,500 ways
*
of connecting seven pairs of letters on the plugboard, for each of the 6 × 17576 rotor states.
Presumably the German authorities believed that these modifications to the commercial Enigma had brought it ’Very close to practical unsolvability’. And yet, when Alan joined up at Bletchley on 4 September, he found it humming with the disclosures made by the Polish cryptanalysts.
5
It was all still fresh and new, for only on 16 August had the technical material reached London. And this revealed the methods by which, for seven years, the Poles had been deciphering Enigma messages.
The first thing, the
sine qua non
, was that the Poles had been able to discover the wirings of the three rotors. It was one thing to know that an Enigma machine was being used; quite another thing – but absolutely essential – to know the specific wirings employed. To do this, in the peacetime conditions of 1932, was itself an impressive feat. It had been made possible by the French secret service who had obtained, through spying, a copy of the instructions for using the machine in September and October 1932. They had passed it to the Poles. They had also passed it to the British. The difference was that the Polish department employed three energetic mathematicians, who were able to use the papers to deduce the wirings.
Highly ingenious observations, good guessing, and the use of elementary group theory, produced the rotor wirings, and the structure of the reflector. The guessing, as it happened, was necessary to ascertain how the letters on the keyboard were connected to the enciphering mechanism. They might have been connected in some jumbled order to introduce another element of complexity into the machine. But they guessed and verified that the Engima design made no use of this potential freedom. The letters were joined to the rotor in alphabetical order. The result was that logically, if not physically, they had captured a copy of the machine, and could proceed to exploit that fact.
They were only able to make these observations, on account of the very particular way in which the machine was used. And they were only able to progress towards a regular decipherment of Enigma material by exploiting that method of use. They had not broken the
machine
; they had beaten the
system
.
The
basic principle of using an Enigma machine was that its rotors and rings and plugboard would be set up in some particular way, and then the message would be encrypted, the rotors automatically stepping round as this was done. But for this to be of any use in a practical communication system, the receiver of the message also had to know the initial state of the machine. It was the fundamental problem of any cipher system. The machine was not enough; there had to be also an agreed, fixed, ‘definite method’ of using it. According to the actual method employed by the Germans, the initial state of the machine was partly decided at the time of use by the cipher clerk. Inevitably, therefore, it made use of indicators, and it was through the indicator system that the Poles enjoyed their success.
To be explicit, the order of the three rotors was laid down in written instructions, and so was the plugboard and ring-setting. The task of the cipher clerk was to choose the remaining element, the initial settings for the three rotors. This amounted to choosing some triplet of letters, say ‘WHJ’. The most naive indicator system would have been simply to transmit ‘WHJ’, and follow it with the enciphered message. However, it was made more complicated than that. The ‘WHJ’ was
itself
enciphered on the machine. For this purpose a so-called
ground-setting
was also laid down in the instructions for the day. This, like the rotor order, plugboard and ring-setting would be common to every operator in the network. Suppose the ground-setting were ‘RTY’. Then the cipher clerk would set up his Enigma with the specified rotor order, plugboard and ring-setting. He would turn the rotors to read ‘RTY’. Then his job was to encipher, twice over, his own choice of rotor setting. That is, he would encipher ‘WHJ WHJ’, producing say ‘ERIONM’. He would transmit ‘ERIONM’, then turn the rotors to ‘WHJ’, encipher the message, and transmit it. The strength was that every message, after the first six letters, was enciphered on a different setting. The weakness was that for one day, all the operators in the network would be using exactly the same state of the machine for the first six letters of their messages. Worse, those six letters always represented the encipherment of a repeated triplet. It was this element of repetition that the Polish cryptanalysts were able to exploit.
Their method was to collect each day, from their radio intercepts, a list of these initial six-letter sequences. They knew that in this list, there would be a pattern. For if in
one
message the first letter were A, and the fourth letter was R, then in any
other
message where the first letter was A, the fourth letter would again be R. With enough messages, they could build up a complete table, say:
First letter: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Fourth letter: R G Z L Y Q M J D X A O W V H N F B P C K I T S E U
There
would be two further tables, connecting the
second
and
fifth
letters, and the
third
and
sixth
. There were a number of ways of using this information to derive the state of the Enigma machine from which all those six-letter sequences had emanated. But particularly significant was a method which responded to the mechanical work of the cipher clerk, with a mechanised form of analysis.
They wrote these tables of letter connections in the form of
cycles
. The cycle notation was common currency in elementary group theory. To bring the specific letter connection above into ‘cycle’ form, one would start with the letter A, and note that A was connected with R. Then R was connected with B, B with G, G with M, M with W, W with Z, Z with C, C with Z, Z with U, U with K, and K with A – making a complete ‘cycle’: (A R B G M W T C Z U K). The complete connection could be written out as the product of four cycles:
(ARBGMWTCZUK) (DLOHJXSPNVI) (EY) (FQ)
The reason for doing this was that the analysts had noticed that the
lengths
of these cycles (in this example, 11, 11, 2, 2) were independent of the plugboard. They would depend only upon the position of the rotors, the plugboard affecting
which
letters appeared in the cycles, but not
how many
. This observation showed that in a rather beautiful way the rotor positions left their fingerprints upon the cipher-text, when the traffic was considered as a whole. In fact they left just three fingerprints, the cycle-lengths of each of the three letter-connection tables.
It followed that if they possessed a complete file of the cycle-length fingerprints, three for each rotor position, then to determine which rotor position was being used for the first six letters all they would have to do was to search through the file. The snag was that there were 6 × 17576 possible rotor positions to catalogue. But they did it. To help in the work, the Polish mathematicians devised a small electrical machine which incorporated Enigma rotors, and which automatically produced the required sets of numbers. It took them a year to do the work, the results of which were entered on file cards. But then the detective work was effectively mechanised. It only took twenty minutes to look through the file to identify the combination of cycle-lengths which matched the cipher traffic of the day. This would reveal the positions of the rotors as they stood during the encipherment of the six indicator letters, and from that information, the rest could be worked out and the day’s traffic read.
It was an elegant method, but the disadvantage was that it depended entirely on the specific indicator system. It did not last. The naval Enigma was the first to be lost, and
6
… after the end of April 1937, when the Germans changed the naval indicators, they had been able to read the naval traffic only for the period from 30 April to8 May 1937, and that only retrospectively. Moreover, this small success left them in no doubt that the new indicator system had given the Enigma machine a much higher degree of security…
And then on 15 September
1938, as Chamberlain flew to Munich, a greater disaster struck. All the other German systems were changed. It was only a minor modification, but it meant that overnight, all the catalogued cycle-lengths became completely worthless.
In the new system, the ground-setting was no longer fixed in advance. Instead, it would be chosen by the cipher clerk, who therefore had to communicate it to the receiver. This was done in the simplest possible way, by transmitting it as it stood. Thus the clerk might choose AGH, then set the rotors to read AGH. He would then choose another setting, say TUI. He would encipher TUITUI, to give say RYNFYP. He would then transmit AGHRYNFYP as indicator letters, followed by the actual message as enciphered with the rotors starting on the setting TUI.
This method depended for its security upon the fact that the ring-setting would be varying from day to day, for otherwise the first three letters (AGH, in the example) would give the whole thing away. The task of the analyst, correspondingly, was to determine this ring-setting which was common to all the traffic of the network. And amazingly, the Polish analysts were able to bounce back with a new kind of fingerprint, which had the effect of finding this ring-setting, or equivalently, of finding the core-position which corresponded to the openly announced rotor setting such as AGH in the example.