Course Handout - Codes and Ciphers in History, Part 3 - 1918 to 1945
Copyright Notice: This material was written and published in Wales by Derek J. Smith (Chartered Engineer). It forms part of a multifile e-learning resource, and subject only to acknowledging Derek J. Smith's rights under international copyright law to be identified as author may be freely downloaded and printed off in single complete copies solely for the purposes of private study and/or review. Commercial exploitation rights are reserved. The remote hyperlinks have been selected for the academic appropriacy of their contents; they were free of offensive and litigious content when selected, and will be periodically checked to have remained so. Copyright © 2010, High Tower Consultants Limited.
First published online 10:49 GMT 27th January 2003, Copyright Derek J. Smith (Chartered Engineer). This version [HT.1 - transfer of copyright] dated 18:00 14th January 2010
Although this paper is reasonably self-contained, it is best read as the third part of a three-part subordinate file to our six-part review of how successfully the psychological study of biological short-term memory (STM) has incorporated the full range of concepts and metaphors available to it from the computing industry. To go directly to the superordinate content file, click here, to go to the superordinate menu file, click here, and to see the author's homepage, click here.
The Automation of Secrecy, 1 - Simple Mechanical Systems
This story begins in 1891, when a French military cryptologist named Etienne Bazeries (1846-1924?) decided to resurrect, and if possible improve, Jefferson's cipher cylinder (see Part 1 of this historical review). He took around 30 separate disks and inscribed a different random cipher alphabet on each of their circumferences. He then stacked them in random order along a central spindle, giving what is nowadays called the "Bazeries Cylinder". The French army were not sufficiently impressed to develop this into a fully operational system, but a quarter of a century later the idea was resurrected by Captain Parker Hitt, fresh from his successes supporting Pershing's Mexican expedition (see Part 2 of this historical review). After further development by Major Joseph O. Mauborgne, the Jefferson-Bazeries cipher cylinder, was introduced in 1921 into the US Army Signal Corps under the equipment code M-94 (Gaddy, 1993 online), and remained in operational use until 1942. The M-94 consisted of 25 simple aluminium rotors, slotted onto a central spindle, and secured with a locknut [picture: note that disk #17 includes the plaintext ARMYOFTHEUS, a phrase which coincidentally (and necessarily) includes no one letter more than once.]. The US Navy CSP-488 [picture] was a close variant, and a flat slide version became the M-138-A (CSP-845 naval) "strip cipher" system [pictures]. Instead of 25 disks with circumferential lettering, each randomised alphabet was now printed vertically on a narrow lath. A stock box of 100 different laths was provided, from which a controlled subset of 30 was selected on any one occasion. The US Navy purchased this system in 1931, but only for high level communications. [To play with a simulated M-94, courtesy/copyright Wilhelm Plotz, click here.]
The Automation of Secrecy, 2 - The Hebern Wheels
As we have already seen, the late nineteenth century was the age of the technical entrepreneur. Inspired by the telegraph, the calculator, the typewriter, the cash register, etc [see Part 1], inventors in a number of countries started to develop automated cipher machines, and one historically important development appeared in four countries almost simultaneously. The first past the post was Edward Hugh Hebern (1869-1952), an American. In 1917, Hebern filed for a patent in a wired rotor cipher machine. The main functional component was a modern-day Alberti disk: it returned a cipher character for every input plain character, and it did this by means of covert internal wiring. The patent was awarded 30th September 1924, and, because Hebern was the first to deliver a working system, such rotors are sometimes referred to as "Hebern wheels" (eg. by Good, 1979). A German variation on the same basic principle was designed by Arthur Scherbius (1878-1929), and a patent applied for in 1918 [for sight of Scherbius' patent, click here], but Scherbius was robbed of a military marketplace by the 1918 Armistice. He therefore targeted the security needs of banks and finance houses instead, exhibiting a prototype cipher machine named "Enigma" at the World Postal Congress in Stockholm in 1924. He then set up Chiffriermaschinen AG in Berlin, and his chief engineer Willi Korn took charge of developments after Scherbius died in 1929, accumulating further patents in his own name. The third rival system was devised by the Dutchman Hugo Alexander Koch, and the fourth by the Swedish engineer Arvid Damm. Both filed for patents in their respective countries in October 1919.
ASIDE - SWEDISH CRYPTOLOGY: This is a major story in its own right, but it strays too far from our central argument to be covered in detail. We cannot move on, however, without mentioning two central figures Firstly, there is Boris Hagelin (1892-1983), a Russian-born Swede, who developed Damm's ideas during the 1920s and made a fortune selling the B-211 series of cipher machines to the French and Russian armies. He then took his know-how to New York in April 1940 and made another fortune selling the M209/CSP1500 to the US Army/Navy, and, as if that were not enough, his company Crypto AG made yet another fortune after the war selling cipher machines worldwide during the early decades of the Cold War. Then there is Arne Beurling (1905-1986), one time head of Sweden's cryptological service, and subject of a recent best-selling analysis by Bengt Beckman (Beckman, 2003 in Britain). It was Beurling who in 1941 first broke into the German Geheimschreiber system (see Part 3), and after the war his reputation was such that when he took up a post at Princeton University's Institute of Advanced Studies in 1965, he was allocated to Room #115, where Albert Einstein had once worked. Beurling died leaving no published explanation of how he broke the Geheimschreiber: "A magician," he insisted, "does not reveal his secrets".
The Scherbius-Korn System in Greater Detail
The basic commercial Enigma system relied on scrambling keyboard input through an in-built electrical maze. Only the 26 letters of the alphabet were catered for; numbers were either written out in full, or otherwise coded. Pathways through the maze were controlled by three randomising rotors and a randomising "reflector". To put this another way, the maze was built up in parts, each part further scrambling what the preceding part had already scrambled. Each rotor was at first sight not unlike one of Alberti's cipher disks, and was removable to allow the left-right sequence - the Walzenlage - to be varied. Given three rotors and three slots, there are six different left-to-right rotor sequences, namely (I, II, III), (I, III, II), (II, I, III), (II, III, I), (III, I, II), and (III, II, I). Around the circumference of each rotor's outer ring were either the numbers 1 to 26, or the 26 letters of the alphabet, and pressed into the body of the inner ring was the scrambling circuitry. It was, however, possible to vary the relationship between the scrambling circuitry and the alphabet by rotating the inner ring within the outer ring prior to use. The ring position for any one encryption session was known as the Ringstellung. The built-in scrambling circuitry cross-strapped 26 fixed stud contacts (Walzenkontakte) on one face of the inner ring to another 26 sprung stud contacts on the reverse face [for close up pictures of rotors, both in and out of their mounting slots, click here, or here, and for a schematic wiring diagram, click here], and when the prepared rotors were fitted into slots at the top of the equipment, they left enough of their circumference protruding for the operator to adjust their angular setting. They were then rotated to a controlled start position known as the Grundstellung. Given three 26-letter rotors, there are 17,576 (ie. 26 cubed) different start settings for each of the six different rotor sequences (AAA, AAB, AAC, and so on to ZZZ), making the odds of randomly chancing upon the correct Ringstellung (26 cubed permutations), and the correct Walzenlage (six permutations), and the correct Grundstellung (26 cubed permutations) around two billion to one against.
After the initial set-up, current was switched into the right hand end of the maze by depressing individual alphabetical keys. The current then passed through the rotors one by one, entering by one of the right-facing contacts, passing through the hidden wiring, and exiting by whichever left-facing contact it arrived at; and so on until it reached the reflector on the left. This had 26 stud contacts on its right face (only), again wired together covertly in pairs, so that it could reverse the current back the way it had arrived. The current then passed back through the three rotors a second time. Finally, the current was used to light a specific alphabetical lamp on the lamp board. This was the selected cipher for the alphabetic key which had been pressed. No letter was allowed to encipher as itself. At the same time as a key was depressed, the right hand rotor was mechanically advanced by one letter (so, in fact, the very first letter was actually encrypted on the rotor setting <Grund plus one>). Moreover, if at any stage a rotor advanced to its factory pre-set "turnover position", it would step the rotor to its left as well, using basically the same internal gearing as the "tens carry" mechanism in a calculating machine (see Part 1).
When the Scherbius system went to market in about 1925, commercial sales were poor (not least because the equipment was actually quite expensive), and the military were unimpressed. Scherbius therefore added a scrambling plugboard on the military versions, so that the output from the rotors could be enciphered an eighth time before being displayed, but this time under operator control. This letter-swapping plugboard was known as the Steckbrett panel. If R was "steckered" with L, say, on the plugboard, then L would light up as the encrypt, even though the last rotor had powered R. This massively increased the odds against trial-and-error decryption. The system therefore obeyed Kerckhoffs' principle that there should be a relatively basic general system, plus a foolproof specific key - a combination of the ring settings, the rotor sequence, the rotor start positions, and the steckerings. The key, in short, was everything, and theoretically (at least) could neither be guessed (Stripp, 1993, estimates the odds against an enemy cryptanalyst guessing the correct rotor and steckerboard settings at around one in 159 million million million) nor broken back (there was no pattern to the ciphertext to guide the cryptanalyst). Moreover, different networks with different keys and different operating procedures served different branches of the services and/or different geographical zones, and every day the settings were changed!
When the military tested this version of the equipment, they finally reached for their cheque books, and in 1926 the Enigma system entered service in the reborn German navy, the Reichsmarine (later Kriegsmarine). Systems for the army followed in 1928, and for the Luftwaffe in 1935. Enigma was also used by Canaris's Abwehr, the railways, and certain government departments. Volume production was eventually contracted out to a number of specialist engineering firms, including Atlas, Olympia (the typewriter people), Konski and Krüger, and Heimsoeth and Rinke, and by 1945 perhaps as many as 200,000 machines had been produced (Deutsches Museum). The steps in BLACK below show how the commercial hardware worked, and the step in RED shows the additional protection offered by the early military versions:
Of course, the right hand rotor (the "fast" rotor) advances one position with every key depression on the keyboard, so if a second A was now keyed, the right-hand rotor would be offering 26 different stud-to-stud connections. The current to the lamp board would therefore follow a different encryption pathway, and generate a different cipher character .....
EXAMPLE: If you typed in the phrase ATTACKTOMORROWATNINE, the machine might cipher it as BXGUVEJNCQQBIYJAWMPP. Note that the three Ts encrypt differently on each occurrence because the system is position-sensitive, that the double Q encrypt does not indicate a double letter in the plaintext, that there are no spaces between the words, and that the numerical "nine" has been spelled out in full because there were no separate numeric keys.
It remains to mention one of Willi Korn's most important innovations, that of selecting the rotors to be used in any one operational session from a larger stock. From December 1938, the rotors were selected from a stock box of at least five, later more [to see a seven-rotor machine, click here]. Given that there are ten different ways of picking three rotors out of five, and 35 different ways of picking three out of seven, this simple improvement greatly multiplied the unpredictability of the system.
Typical Enigma operating procedures for early 1940 were as follows (distilled from a number of sources, including Welchman, 1982, Stripp, 1993, and Singh, 1999) [we have deliberately excluded the complexities of station identification codes and dealing with multi-part messages, which are addressed in detail in Mommsen (1996-2002 online), if interested]:
AT THE SENDING STATION
The message to be sent was stripped of spaces, numbers were written out in full, and X used to denote full stops.
The date was checked against the master code book, and .....
The specified day's rotors were taken from the stock box and laid out in the sequence specified (rotors III, IV, and I, say). The loading positions were known as the Walzenlage.
The inner ring on each rotor was then rotated within the outer ring until its alignment marker was level with the letter specified. The instruction 06-20-24, for example, would mean aligning the left rotor to F, the middle to T, and the right hand one to X (Stripp, 1993). The ring positions were known as the Ringstellung.
The steckerboard links [Steckerverbindungen] were plugged between the letter pairs stated in the code book. To start with, six steckerings were specified, leaving 14 letters "self-steckered", but this was later extended to ten steckerings, with six left over.
The rotors were then inserted into their slots, taking care not to disturb the ring settings nor damage the spring-loaded stud contacts, and rotated to the specified start position. This was the Grundstellung.
The sending operator then decided upon a random three letter code, and keyed it in twice, noting the six encrypted characters. This gave him the message header, that is to say, the first six characters of the ciphertext. [With effect from 1st May 1940, the procedures changed, and it was only necessary to encipher the local code once.]
WORKED EXAMPLE: With the sending machine set to rotors III-IV-I and Grundstellung EJC, say, the sending operator devises a local key of GUS, say, and ciphers it twice to give LAJRCH, say. CONTINUED BELOW .....
The sending operator then reset the Grundstellung to his random code, and proceeded to encrypt the remainder of the message text, one character at a time, carefully noting down which lamp came on each time.
The full ciphertext was then sent in Morse Code.
AT THE REMOTE STATION
The receiving operator decoded and wrote down each Morse character as it arrived. Providing reception was clear and the transcription was accurate, this produced a perfect remote copy of the ciphertext.
The remote Enigma was set to the day's official rotor and steckerboard settings (as above).
The first six characters of the ciphertext - the message header - were keyed in, and this would decipher as the sending operator's Grundstellung, occurring twice.
WORKED EXAMPLE: CONTINUED FROM ABOVE ..... The receiving operator receives LAJRCH. He then sets his machine to III-IV-I/EJC (because he is working to the same codebook as the sending operator), so that when he keys in the LAJRCH message header, it will decipher as GUSGUS.
The rotors were reset to this value, and the remainder of the message decrypted.
WORKED EXAMPLE: CONTINUED FROM ABOVE ..... The receiving operator then resets his machine to a Grundstellung of GUS and decodes the remainder of the message. In this way, any one encryption is a theoretically safe function (a) of the machine's internal wiring, (b) of the daily codebook settings, (c) of the network operating procedures, and (d) of operator whimsey.
Finally, numbers were restored if required, and spaces and punctuation inserted as appropriate.
Readers may find it useful to spend some time on one of the several Internet Enigma simulators. We found the Johns Hopkins University Internet Enigma simulator (Schwager, 1998-2002) [click here] user friendly and informative: note (from top to bottom) the rotor settings, the alphabetic lamp array for output, the keyboard for input, and the stecker panel, or plugboard.
The Automation of Secrecy, 3 - Telephone Systems
SECTION UNDER CONSTRUCTION
The Automation of Secrecy, 4 - Teletypewriter Systems
The First World War also prompted the creative use of teletypewriter technology [see Part 1] within cryptology. The pivotal figure here is Gilbert Sandford Vernam (1890-1960), a telegraph engineer with AT&T. When America entered the war in 1917, AT&T put Vernam to work on methods of guaranteeing the security of the then recently introduced teletypewriter systems. He did this by inventing a scrambler-unscrambler which would offer meaningless noise to any enemy agent who happened to be electronically eavesdropping. This is what he decided to do:
Key Development - Vernam's "Modulo 2" Bit Flipping: The modern definition of a cipher key is that it is "a large integer that tailors the behaviour of the standard algorithm and makes it generate a cipher that is specific to that number.  All other things being equal, the longer the key, the more secure the mechanism." (Murray, 1994/2002 online.) Noting that every teletypewriter character was coded by five parallel bits across a paper tape [for details of the International Telegraph Alphabets, click here], Vernam suggested intervening electrically to change some or all of the bits according to a preset cipher key. This could be done by reading two tapes simultaneously, one containing the ITA2 plaintext and the other the cipher key on a repeating loop. All the equipment had to do - for each of the five bits - was to carry out a "modulo-2" addition (binary, but without carrying) of plaintext bit with keytext bit. Each plaintext bit was therefore reset to a ciphertext bit as follows:
plaintext ZERO plus key ZERO gives ciphertext ZERO
plaintext ZERO plus key ONE gives ciphertext ONE
plaintext ONE plus key ZERO gives ciphertext ONE
plaintext ONE plus key ONE gives ciphertext ZERO
In modern parlance, a modulo 2 addition is known as an "exclusive or" operation, or XOR for short. As in other ciphering systems, the key turns plaintext into noise which can only be unscrambled by someone else (a) with the same basic system, and (b) with the same key. As Christensen (2002 online) puts it: "Plaintext went in and plaintext came out, while anyone intercepting the message [would see only] a meaningless sequence of marks and spaces". A selection of Vernam's papers from the period in question are in the George C. Marshall Foundation archives, Lexington, VA.
The secret of the effectiveness of the Vernam technique is the key tape, which must be genuinely random, and as long as practicable. This requirement exposed a significant weakness in the system, because teletypewriter tapes were actually quite delicate, even in comparatively short lengths. A colleague of Vernam's, Lyman Morehouse, went a long way towards solving this problem by introducing a second key tape, and by setting the lengths of the two tapes to 1000 and 999 characters. This gave him two eight-foot loops of tape, but by a clever stepping arrangement, the 1000-character tape cycled once for every character on the 999-character tape, giving a "virtual" tape length of 999,000 characters, and saving about a mile and a half of tape in the process (Murray, 1994/2002 online).
The Vernam-Morehouse system subsequently formed the basis of a number of important World War Two cipher systems, including the German Lorenz SZ40/42, whose cryptanalysis we are now going to deal with in detail in Part 3 .....
See Main Menu File.