Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world

The Math That Saved the World
Brad Young
brad@clearpoint.co.il
A Mathematical and Historical Analysis of the Cryptographic Attacks on the Nazi Enigma Machine
Marian Rejewski
Alan Turing

Agenda
Development of Enigma Machine – Why/How/What
The Rejewski Crack
The Turing Crack
Historical Impact

WWI Cryptology
First major war with radio + telegraph
Very large volume of communications
Hand-ciphers
Playfair, ADFGVX etc.
Bigraph substitution + transformation
Encryption/Decryption
Inefficient …Became bottleneck
Cryptanalysis
Difficult, time-consuming…
But successful (mainly)

Zimmermann Telegram

Invention of Enigma Machine
Arthur Scherbius
Efficient!
(oh, and also Secure, by the way)
Business, Military versions
Early 1920’s – very poor sales
German economy in trouble

Oops
Publishes history book
Reveals the impact of crypto on WWI
Now, the Germans want Enigma!

A
B
C
D
E
F
G
H
Reflector
3rd Rotor
2nd Rotor
1st Rotor
Lightbulbs
Keyboard
Enigma Schematic

A
B
C
D
E
F
G
H
Reflector
Lightbulbs
3rd Rotor
2nd Rotor
1st Rotor
Keyboard
Electric Circuit

A
B
Pressing ‘A’ on the keyboard…
C
D
E
F
… lights the ‘B’ lightbulb
G
H
NOTE: Because it is a electric circuit, no letter can map to itself. Minor detail combinatorically speaking, but very important for the Turing crack.
Reflector
Lightbulbs
3rd Rotor
2nd Rotor
1st Rotor
Keyboard
Electric Circuit

A
B
C
D
E
After each letter, the first rotor shifts one step.
So now, pressing ‘A’ lights a different lightbulb….’F’
F
G
H
Reflector
Lightbulbs
3rd Rotor
2nd Rotor
1st Rotor
Keyboard
Rotor Shift

A
B
C
D
E
F
Sits between keyboard and rotors.
Each plug cable swaps signal between two letters.
6 cables connect 12 letters. 14 other letters are not plugged at all.
G
H
Reflector
Lightbulbs
Plugboard
3rd Rotor
2nd Rotor
1st Rotor
Keyboard
Plugboard

Plugboard

Keysize
A
B
Rotor Order
Rotor Setting
Plugboard
Wiring
I – III - II
VYJ
A/G, D/Q, J/Z,L/S, M/V, N/T
3! = 6
263 =17,576
C(26,2) x C(24,2) x
C(22,2) x C(20,2) x
C(18,2) x C(16,2) x 1/6!
(26!)3 x C(26,2)…C(2,2)x1/13!
C
≈ 105
D
E
F
≈ 1011
≈ 1092
G
H
Total Key Size ≈ 10108
Variable Key Size ≈ 1016

German Use of Enigma

German Use of Enigma
Day Keys (RO, RS, PB) distributed monthly in key books

For each message, sender chooses Message Key (Rotor Setting only)

Encode Message Key using Day Key, twice
Move rotor to Message Key setting
Encode actual message
Set to Day Key(VYJ)
Change to Message Key
(CIL)
CILCILATTACKFROMNORTHATNINETHIRTYBOKJRVSQIGPQTMNWJRAKOBYTKMTKGBBRQ

Agenda
The Rejewski Crack
The Turing Crack
Historical Impact

Biuro Szyfrów
1918 – Polish Independence
1919 – Creation (and success) of Cipher Bureau
1926 – Germany goes dark as Enigma is adopted
1930 – Bring in the mathematicians (?!?)
Marian Rejewski
Jerzy Różycki
Henryk Zygalski

The Rejewski Crack
Intuition,Espionage,Engineering
Understand how Enigma works
Reverse-engineer the wiring
Be able to crack the key each day
Permutational Mathematics

The Math of Permutation Cycles
P =
P-1 =

Cycle Notation
P =
P = (AECH)(BFD)(G)
= (BFD)(G) (AECH)
= (FDB)(G)(CHAE)
P-1 = (HCEA)(DFB)(G)
Benefits of cycle notation:
Concise
Easier to take inverse
(These are benefits of efficiency)

Cycle Structure
= (AECH)(BFD)(G)
P =
4 3 1
= (AFC)(BG)(D)(EH)
Q =
3 2 1 2
Benefits of cycle notation:
Concise
Easier to take inverse
Gives more info – Cycle Structure
(This is a benefit of value-add information)

Composition
P =
= (AECH)(BFD)(G)
Q =
= (AFC)(BG)(D)(EH)
Q ◦ P = Q(P()) = (AHFDGBCE)
Q ◦ P ≠ P ◦ Q - NOT Commutative
Q ◦ ( P ◦ R ) = ( Q ◦ P ) ◦ R - Associative

Identity
= (A)(B)(C)(D)(E)(F)(G)(H)
I =
P ◦ I = I ◦ P = P
P ◦ P -1 = I
I ◦ I = I i.e. I = I -1
(ab) ≠ I , but (ab) ◦ (ab) = (a)(b)
i.e. (ab) = (ab)-1

Conjugation
Conjugation of Q by P is defined as P ◦ Q ◦ P-1
P = (AECH)(BFD)(G)
P-1 = (HCEA)(DFB)(G)
Q = (AFC)(BG)(D)(EH)
1-2-2-3
1-2-2-3
This is not a coincidence!
This is not a coincidence!
P ◦ Q ◦ P-1 = (AC)(B)(DHE)(FG)

Theorem: Cycle structure is invariant under conjugation
Proof:
Suppose Q: ij, that is Q(i) = j.
Consider P ◦ Q ◦ P-1 (P(i)).
P ◦ Q ◦ P-1 (P(i)) = P ◦ Q ◦ (P-1 ◦ P)(i)
= P ◦ Q(i)
= P(j)
i.e. P ◦ Q ◦ P-1: P(i)P(j)
Therefore…
If Q has k-cycle (i1, i2 … ik) then P ◦ Q ◦ P-1 has k-cycle (P(i1), P(i2)…P(ik))
QED

Using Permuation Cycles on Enigma
A
B
Suppose we intercept a message: BOLJRVSQIGPQTMNWJRAKOBYTKMTTGBBRQUPWLHSOLNFEQTHJOVX
Plaintext: abcabcCiphertext: BOLJRV
Define En as the permutation that occurs when Enigma machine is in state n.
So, in the first state, aB. In the fourth state, aJ
E1 = (aB …E4 = (aJ …
Now…Recall the effect of the Reflector, which creates 2-letter circuits
So, if aB, then Ba. So the cycle is closed.
E1 = (aB) …E4 = (aJ) …
So, we can now compute E4 ◦ E1 = (BJ …
C
These are the variablesa,b,c, not the actual letters
D
E
F
G
H

Using Permuation Cycles on Enigma
If we have many intercepts from the same day, then they were produced with the same day settings.
So we can calculate the entire compositions…
E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)E5 ◦ E2 = (ORJCLVHGXKF)(AUYMPZQNDWB)(ES)(IT)E6 ◦ E3 = (BWOIKTZHXB)(EPQJYLVGN)(ARCU)(DSMF)
Good news:
abc variables have been eliminated!
We’ve found a unique identifier!
Bad news:
It is one of 10,000,000,000,000,000 possibilities

Explore the nature of En
A
B
En = P ◦ Rn ◦ P where P is the plugboard permutation and Rn is rotor permutation when in state n
E4 ◦ E1 = P ◦ R4 ◦ P ◦ P ◦ R1 ◦ P
Now, recall the plugboard…
P = (ab)(cd)(ef)(gh)(ij)(kl)(m)(n)(o)(p)(q)(r)(s)(t)(u)(v)(w)(x)(y)(z)
All 2-cycles and 1-cycles, therefore P = P-1 !
E4 ◦ E1 = P ◦ R4 ◦ P ◦ P ◦ R1 ◦ P
= P ◦ R4 ◦ P ◦ P-1 ◦ R1 ◦ P
= P ◦ R4 ◦ (P ◦ P-1 ) ◦ R1 ◦ P
= P ◦ R4 ◦ R1 ◦ P
= P ◦ (R4 ◦ R1 ) ◦ P
= P ◦ (R4 ◦ R1 ) ◦ P-1
C
P
R
D
E
F
G
H
Conjugation:Cycle structure of E4 ◦ E1 is same as cycle structure of R4 ◦ R1 and is not affected at all by the plugboard!
E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)E5 ◦ E2 = (AUYMPZQNDWB)(CLVHGXKFORJ)(ES)(IT)E6 ◦ E3 = (BWOIKTZHXB)(EPQJYLVGN)(ARCU)(DSMF)
1-1-1-1-1-1-10-10 ; 2-2-11-11 ; 4-4-9-9
Remember:
Keysize(R) ≈ 105
Keysize(P) ≈ 1011

Now, where are we?
Figuring out En is problem of size 1016
Now, we have Rn, a smaller problem: 105
Just barely small enough to attack brute force

Building the Rejewski Dictionary
RO RS E4 ◦ E1 E5 ◦ E2 E6 ◦ E3
1 2 3 AAA 13-13 1-1-12-12 1-1-12-12
1 2 3 BAA 1-1-12-12 1-1-12-12 2-2-11-11
1 2 3 CAA 1-1-12-12; 2-2-11-11 1-1-12-12
1 2 3 DAA 2-2-11-11 1-1-12-12 13-13
1 2 3 EAA 1-1-12-12 13-13 13-13
1 2 3 FAA 13-13 13-13 1-1-2-2-3-3-3-3-4-4
1 2 3 GAA 13-13 1-1-2-2-3-3-3-3-4-4 2-2-5-5-6-6
1 2 3 HAA 1-1-2-2-3-3-3-3-4-4 2-2-5-5-6-6 13-13
1 2 3 IAA 2-2-5-5-6-6 13-13 4-4-9-9
1 2 3 JAA 13-13 4-4-9-9 1-1-5-5-7-7
1 2 3 KAA 4-4-9-9 1-1-5-5-7-7 13-13
1 2 3 LAA 1-1-5-5-7-7 13-13 1-1-2-2-10-10
1 2 3 MAA 13-13 1-1-2-2-10-10 1-1-1-1-11-11
. . . . .
. . . . .
. . . . .
…
2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 1-1-12-12 KFE 213
2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 2-2-5-5-6-6 ZTF 132
2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 5-5-8-8 GIC 312
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-12-12 AHH 132
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-12-12 WLA 312
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-5-5-7-7 YKG 132
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 DXI 213
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 ESY 321
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 VHX 213
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 2-2-11-11 UNV 231
…
1 setting every 4 minutes, x 20 hours/day = 300 / day
105 / 300 ≈ 1 year to complete
Good news; Solved the RO, RS!
Bad news: 105 solved, 1011 not solved
Cycle structure is not unique
…even though 105 << (1012)3 ≈ 1012
But most have < 10

Recovering the Plugboard
Plugboard is the biggest problem combinatorically
But… It is trivial to solve
E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)
R4 ◦ R1 = (MGWTREFBJU)(AKZCINLSHY)(P)(D)(O)(Q)(V)(X)
(BJUMPWTCFE)
(BJUMGWTREF)
Plugboard settings: P/G , C/R , E/F , etc.

Paradox of Decreasing Benefit
Keysize
# Cables

Agenda
The Rejewski Crack
The Turing Crack
Historical Impact

1939 – Brink of War
Polish deliver Enigma replica and training to England and France
Biuro Szyfrów is dismantled

Bletchley Park
HQ of British Government Code and Cypher School (GCCS)

New Challenges
Combinatoric
More rotors to choose from
Increase # of plugs
Ring settings
Procedural
Eliminate Message Key repetition
Navy / Air Force / Army mods
Keysize now 1023

Turing’s Solution
Known-Plaintext attack
Heil Hitler
Wetterbericht
Seeding values
Plaintext Crib:Ciphertext:
Try to place the crib without letter any letter mapping to itself
WETTERBERICHT
WETTERBERICHT
WETTERBERICHT
WETTERBERICHT
WETTERBERICHT
EXLMBTWZXBITWZCIQ
P(false hit) = (25/26)length of crib

Finding Cycles
WETTERBERICHT
EXLMBTWZXBITW
E1: WE
E5: EB
E7: BW

J
Q
F
b
E
E1
E1: WE
E5: EB
E7: BW
a
W
J
Q
J
B
b
E
E5
c
J
Q
L
B
E7
c
a
W

J
Q
F
b
E1
a
J
Q
J
b
E5
c
J
Q
L
E7
c
a

M
V
C
b
E1
a
M
Z
C
b
E5
c
M
B
D
E7
c
a

M
V
C
b
a
E1
M
Z
C
b
E5
c
M
B
D
E7
P(false hit) = (1/26)length of cycle-1
a
c

Turing’s Bombe
NOT a computer
Multi-Enigma Wiring
120 rpm  max 6 hrs to solve
~70% of days cracked
Accurate crib?
Location of crib in message?
Find cycle in message?
Not too many false hits?
Crib seeding
Fake missions – Get spotted
18’26”N, 72’49”E = einachtzweisechsnordensiebenzweivierneunosten
Reimann zeta zeros

Agenda
The Rejewski Crack
The Turing Crack
Historical Impact

6 : 60,000,000
::
8 : ?

Secrecy
Bletchley Park is gutted
Enigma machines captured (and distributed!)
Top Secret status until 1973!

Marian Rejewski – During and After the War

1939 – Romania
1939 – France
French cipher bureau
1940 – Algeria
1940 – Back to France
Rozycki dies in transit
Underground cryptography
1942 – Spain
Betrayed mid-crossing
Arrested + Jailed
1942 – Portugal, Gibraltar
1942 – England
No security clearance (Vichy France)
Polish Army – hand ciphers
1945 – Poland
1950 – Cable salesman
Secret Service meddling
1955 – Bookkeeper
Until retirement
1973 – Finally learns about ULTRA
1980 – Dies at age 73

Alan Turing –Timeline
1936-8 – Computability, Turing Machine, Decidability, Riemann
1939-45 – Bletchley Park
1946 – Automatic Computing Engine
1947-48 – Algorithms, Neural Nets, AI
1948 – Almost an Olympian
1948-50 – Manchester Mark I Mersenne + ??? (Was he on a secret nuclear program?? Might explain the gov’t paranoia)
1950 – Turing Test
1951 – Mathematical Biology
1952 – Arrest
1954 – Death at age 41

Colossus Computer
Cracks Lorenz cipher
High-level German communications
History of Computers
Z3
Colossus
ENIAC
Mark I

NSA

Addenda, Errata, Anecdotes
Wiring analysis
Hans Thilo-Schmidt
TTTTTTTTTTTT
Entry wheel order
Why E1-E6, instead of E0-E5 ?
Ring Settings and Rotor Stepping
“Turing. Alan Turing.”
Other WWII Cryptanalysis
Disguising ULTRA intelligence
Suggested Reading
David Kahn – The Codebreakers
Simon Singh – The Code Book