Intelligence in War: The Value--And Limitations--Of What the Military Can Learn About the Enemy (24 page)
Authors: John Keegan
The one-time pad suffered, however, from a disabling defect. To be useful, pads had to be distributed on a very large scale and had to be identified, so that sender and recipient knew that they were working on the same document. The generation of random numbers on a large scale is not a simple matter either; deliberate attempts to randomise will inadvertently follow patterns, the more conspicuously the greater the pace and volume of output, while large-scale distribution in real time poses insurmountable logistic difficulties. Any persuasive solution to the problem of randomising and distribution was, therefore, likely to be enthusiastically welcomed in military circles everywhere.
THE ENIGMA MACHINE
It was to be supplied by a German inventor, Arthur Scherbius, who in 1918 set up a small engineering business to produce and market inventions. One of the ideas he took up was for a machine that would encipher—but also decipher—automatically. Cipher machines were not a new idea; simple versions had long existed. One, indeed, had been invented by Thomas Jefferson, polymath and third president of the United States. It consisted of thirty-six discs, separately rotatable about an axle, on the rims of each one of which were engraved the letters of the alphabet in random sequence. The sender enciphered by turning the discs to produce a plain text (which could not, of course, be of more than thirty-six letters, though it might be of fewer). He then sent another row of letters to the intended recipient. The recipient turned his discs to replicate the message, which was a garble, and then examined all the other rows of letters. One was the plain text. Security was provided by arranging the discs in a different sequence on the axle, the change of order being preordained and known only to sender and recipient. Had the order of discs not been variable, messages would have succumbed quite quickly to frequency analysis; as it was variable, giving thirty-six possible orders, a number having forty-eight digits (36 3 35 3 34 3 33 . . .), messages were effectively irretrievable in the pre-computer age.
10
In the period 1910–20, several attempts were made to mechanise the rotating disc principle though none achieved commercial success. Nor, at first, did the Scherbius disc machine, when offered for sale under the trade name Enigma in 1923. In the later twenties, however, Scherbius managed to interest the German armed forces in Enigma. Models were bought and adapted and in 1928 the German army began to use it for all secret communication susceptible to interception, which effectively meant radio messages. It was also taken into service by the German navy.
What particularly attracted the German forces to Enigma was a feature unique to the Scherbius system, the “reflector” disc, which equipped the machine to work both to encrypt and decrypt; a message encrypted on one Enigma machine would, when entered in encrypted form on another Enigma machine set up in the same way, yield the plain text automatically. That feature eliminated the need to decrypt by separate process, a tedious and time-consuming business. In that sense, the Enigma was an early example of the “on line” machine (though it was emphatically
not
a computer, but an electromechanical switching system).
Enigma had other characteristics making it attractive to military signal services: compactness and portability. Outwardly it resembled a portable typewriter of the period, with a typewriter keyboard, in the military version originally arranged alphabetically rather than in the QWERTY order, and a strong carrying case; there were no numerals, all numbers having to be spelled out. It was normally powered by dry-cell batteries.
The chief virtue of Enigma, however, lay in its ability to multiply possible encryptions by an order of magnitude so large as to defy decryption by an outsider in any practical dimension of time; estimates of how long it would take mathematicians to break an Enigma encryption by brute calculation vary, but the Germans themselves believed that the lifetimes of thousands, perhaps millions of mathematicians, working without sleep, would not suffice to decrypt a single message. Enigma was supposed to have complicated the making of the “key,” which is the heart of the cipher system of secret writing, to a degree lying beyond the power of human intelligence to produce a solution.
The purpose of the key is to disguise letter frequency and to multiply, to as near infinity as possible, the number of mathematical attempts necessary to establish a frequency table. The Vigenère square was one method of lengthening a key; there are many others, including the use of a common text, such as a word possessed by both users. The principle, however, remains constant: to make the key so long, consistent with convenient decipherment, as to defy mathematical process. Total mystification, unless by the one-time pad, is never to be achieved; the key has a logic and is therefore retrievable by reason; the object is so to overload the powers of reason as to defeat it in real time, indeed in any sort of human time at all.
Enigma appeared to do exactly that. Its electromechanical switching process was entirely logical; but unless the steps by which it worked were understood, and unless the basis on which the switching was started was known, then indeed the mathematics of its decryption became insurmountable.
The steps and the starting were separate from each other: the first was intrinsic to the machine, though variable within definable limits, the second was illimitable, in theory at least, being chosen by human decision.
The intrinsic characteristics of Enigma could produce five variables, most dependent on its discs: (1) the internal wiring of the discs, (2) the choice of discs, (3) the arrangement in order, from right to left, of the chosen discs, (4) the alteration of the disc rims, (5) the “plugging”
(steckerung)
of the discs from one to another.
Each Enigma disc, which was removable, had two faces, with fifty-two contact points for the letters of the alphabet; the right-hand face had twenty-six transmitter points, the left-hand face twenty-six receptor points; the interior of the disc wired the transmitter and receptor points together in a secret way.
When the key on the typewriter keyboard was depressed it sent an electric pulse through the right-hand (fixed) disc to the right-hand face of the first rotor. By internal wiring, that rotor transformed the impulse from, say, A to B on the disc’s left-hand face (in fact, the course of the wiring; something much more complex was expected by Germany’s enemies). The right-hand face of the second disc picked up the pulse and transmitted it by internal wiring to its left-hand face; the third rotor then worked similarly. When the pulse left the third rotor it was picked up by the fourth (fixed) reflector disc and sent back again along the same route as it had been received. With this difference: because each rotor was notched to turn over when it had received twenty-six pulses, the returning signal would find the right-hand rotor in a different position, by one letter, on its first journey, the second letter in a different position (by one letter) on its twenty-sixth journey and the third letter again in a different position, by one letter, on its six hundred and sixty-sixth (26 3 26) journey.
The eventual destination of the pulse was an electric bulb, each representing a different letter of the alphabet; as each lit up, in sequence, on the receiving machine, the bulbs would reveal the plain-text message. Before the pulse reached a bulb, however, it went through another multiplying process; at the end of the return journey, it moved to a “plug” board, resembling that of a manual telephone exchange, on which six letters were plugged to another six (the number of plugs was later increased): A to E, for example, and G to T and so on; the pluggings were altered according to instructions for monthly, weekly, daily and eventually twice-daily use.
Thus the intrinsic complexity of Enigma. It was enlarged by human alterations. In the original version there were only three rotors.
11
Part of the procedure laid down for Enigma’s use, in frequently changed instructions, was to alter the order in which the rotors were arranged in their slots. Finally, each of the rotors had on its outer rim a rotatable ring, often described as the “tyre on the wheel,” which would be moved to any one of twenty-six alphabetical positions. When setting up the machine for use, the operator moved the rim to a position laid down in instructions. The number of variables with which a cryptanalyst was confronted was therefore as follows:
Disc positions (three discs): 26 3 26 3 26 = 17,576
Disc sequence (ABC, ACB, BCA, BAC, CAB, CBA) = 6
Plugboard connections = over 100 billion
Total = 10,000 billion.
12
That number does not allow for rotating the outer rims on the three discs, which multiplies it by 17,576.
The task faced by an interceptor of an Enigma-encrypted text may be represented in this way. If he were able to check “one setting every minute [he] would need longer than the age of the universe to check every setting.”
13
Even if he had got possession of an Enigma machine, and so had only to proceed through the initial settings of the discs (17,576) to see if the encrypt rendered a plain text, he would still, working day and night, need two weeks to check all the settings, allowing one minute for each.
14
No wonder Scherbius advertised his machine as generating “unbreakable” ciphers and that the Germans believed theirs to be so.
BREAKING ENIGMA
Yet Enigma was to be broken and not long after it had been put into use. Those who achieved the solution were cryptanalysts of the Polish army which, as the defender of the Versailles state most resented by post-war Germany, took a keen and necessary interest in German military encrypted transmissions. What is extraordinary, positively intellectually heroic, about the Polish effort is that it was done initially by the exercise of pure mathematics. As Peter Calvocoressi, an initiate of the British cryptanalytic centre at Bletchley Park, has succinctly put it, “in order to break [a machine] cipher, two things are needed: mathematical theory and mechanical aids.”
15
The Poles eventually designed a whole array of mechanical aids—some of which they passed to the British, some of which the British replicated independently, besides inventing others themselves—but their original attack, which allowed them to understand the logic of Enigma, was a work of pure mathematical reasoning. As it was done without any modern computing machinery, but simply by pencil and paper, it must be regarded as one of the most remarkable mathematical exercises known to history.
To do the work the Polish army recruited in the late 1920s a number of young civilian mathematicians from university mathematics faculties, including Henryk Zygalski, Jerzy Rozycki and Marian Rejewski. Marian Rejewski was to prove the most creative; like the others, he came from western, formerly German Poland, and spoke German fluently. In 1932, soon after the German army had adopted, on 1 June, the Enigma machine as its principal encryption instrument, and his own return from postgraduate study at Göttingen, he began to work on intercepted German encrypts in the Polish general staff building in Warsaw. The Poles had already learnt how to break German super-enciphered codes. From 1928 onwards, however, they had been defeated by strange messages which were clearly enciphered and probably, they concluded, the product of a machine system. The young cryptanalysts were set to learn its secrets.
What the Poles were intercepting were five-letter groups which betrayed no frequency. In technical terms, the message was itself the key, a continuous one which did not repeat unless at very long mathematical intervals (once in many millions of times, as we have seen). Yet it must, as Rejewski knew, obey a mathematical rule. He set out to construct the cipher’s mathematical basis.
The messages he was given were, we now know, produced in the following manner. After setting up his machine by printed instruction, which prescribed the disc (or rotor) order, the position of the rim and the plugging, the operator chose his own preliminary rotor setting and typed in a three-letter group, which he then repeated; this instructed the recipient how to set up his own machine for that particular transmission (and was to reveal clues to decipherment that were to be of great use, particularly to Bletchley Park). He then typed in the message with his left hand, writing down with his right hand the letters as they appeared illuminated one by one on the lamp board. Next, he passed what he had written to a radio operator, who transmitted it to the receiving station; it was this process which denied Enigma the status of an on-line system, though it would have been easy to achieve had it been linked directly to a transmitter. At the receiving end, the recipient typed in the letters he received and took down those illuminated on his lamp board, which disclosed the decrypted meaning.
Rejewski got only the encrypt. Quite quickly, however, he recognised that the first three letters were separate from the body of the message, and that the second three letters were an encryption of the first three. These two three-letter groups provided, in short, a key to the very much larger key which was the message itself. If the two preliminary three-letter groups could be broken, two results would follow: first, the electro-mechanics of Enigma itself could be reconstructed, in part at least; second, some intercepted messages could be decrypted.
Rejewski devised a set of equations which would allow him to allot real alphabetical values to the first six encrypted letters. He was able to deduce that, in the groups, say, ABC followed by DEF, D would be an encryption of A (via electromechanical permutation), E would be an encryption of B and F would be an encryption of C. He decided to designate the permutations produced by the first (fixed) disc as S, those produced by the rotors as L, M, N and that produced by the reflector as R. As a result he wrote three equations, the first of which he expressed as: