CRYPTOGRAPHY

Lecture 7

The Radio

• 1894 Marconi experimented with electrical circuits and developed a wireless system: the radio (up to 2.5km)

• 1896 he emigrated to Britain and filed his first patent

• He increased the range to 15km, then 53km

• This was an advantage over the telegraph because it was wireless, so there was no need for constructing telegraph wires, and you could send messages between two isolated locations.

The Radio

• Marconi transmitted messages in Morse code.

• It was a big breakthrough when he transmitted the letter S (dot-dot-dot) from Cornwall to Newfoundland, a distance of 3500km.

• This was very promising for the military, but now they needed reliable encryption because all the messages were in the air, ready to be intercepted.

• Many ciphers were tried, and broken.

The German ADFGVX cipher

• Was introduced in 1918, it was a combination of substitution and transposition.

• Draw up a 6x6 grid, and fill the grid with a random combination of the 26 letters of the alphabet and the 10 digits.

• The arrangement of the elements in the grid is part of the key.

The German ADFGVX cipher

A D F G V XA 8 P 3 D 1 ND L T 4 O A HF 7 K B C 5 ZG J U 6 W G MV X S V I R 2X 9 E Y 0 F Q

The German ADFGVX cipher

The first step is to take each letter of the plaintext, locate its position, and substitute it with the letters that label its row and column.

A D F G V X For example, 8 becomes AAA 8 P 3 D 1 N P becomes AD, L is DAD L T 4 O A HF 7 K B C 5 ZG J U 6 W G MV X S V I R 2X 9 E Y 0 F Q

The German ADFGVX cipher

So the message

ATTACK AT 10 PM

BECOMES

DV DD DD DV FG FD DV DD AV XG AD GX

The German ADFGVX cipher

This is a simple mono-alphabetic substitution cipher, which can be broken by frequency analysis. But now we add some transposition into the mix.

For step 2, we need a keyword. In our example, we use the keyword MARK

The keyword is the second piece of information we must share with the receiver.

The German ADFGVX cipher

Now we transpose by arranging the message in columns and shifting the columns around according to the alphabetical order of the keyword:

MARK AKMRDVDD VDDDDDDV DVDDFGFD GDFFDVDD VDDDAVXG VGAXADGX DXAG

The German ADFGVX cipher

Now we read off the message column wise:

AKMRVDDDDVDD VDGVVDDVDDGXDDFDXGGDFFVDDDVGAXDXAG

The German ADFGVX cipher

Why ADFGVX? These letters, when written in Morse

code, are very different from each other.

A French cryptanalyst called Georges Painvin spent much time deciphering it. Finally, he broke it and intercepted a message that led to the German army losing the element of surprise, and eventually the battle.

Back to the Vigenere cipher

Let’s go back and figure out how the Vigenere cipher was broken, in order to build a stronger code.

The weakness of the Vigenere cipher was in the repeating of the keyword. What if instead of a keyword we used a key phrase, that was as long as the message itself. Then frequency analysis does not apply.

Vigenere cipher with long key-phrase

Let’s say we have a cipher text, how can we break it?

V H R M H E U Z N F Q D E Z R W X F I D

K

Vigenere cipher with long key-phrase

Assume that the word the will appear in the plaintext. Try it in three positions and see what that implies about the key phrase

Key C A N ? ? ? B S J ? ? ? ? ? Y P T ? ? ? ?Plaintext T H E - - - T H E - - - - - T H E - - - -Cipher text V H R M H E U Z N F Q D E Z R W X F I D K

BSJ does not make any sense, but CAN looks promising, and YPT can be a part of a word, e.g. APOCALYPTIC, CRYPT or EGYPT. So we try these three.

Vigenere cipher with long key-phrase

Key C A N ? ? ? ? ? A P O C A L Y P T I C ? ?Plaintext T H E - - - - - N Q C B E O T H E X G - -Cipher text V H R M H E U Z N F Q D E Z R W X F I D K

Key C A N ? ? ? ? ? ? ? ? ? E G Y P T ? ? ? ?Plaintext T H E - - - - - - - - - A T T H E - - - -Cipher text V H R M H E U Z N F Q D E Z R W X F I D K

Key C A N ? ? ? B S J ? ? ? C R Y P T ? ? ? ?Plaintext T H E - - - - - - - - - C I T H E - - - -Cipher text V H R M H E U Z N F Q D E Z R W X F I D K

The word EGYPT is the only one which makes sense.

Vigenere cipher with long key-phrase

Key C A N ? ? ? ? ? ? ? ? ? E G Y P T ? ? ? ?Plaintext T H E - - - - - - - - - A T T H E - - - -Cipher text V H R M H E U Z N F Q D E Z R W X F I D K

Maybe the key is a list of countries? Maybe CAN is part of CANADA?

Key C A N A D A ? ? ? ? ? ? E G Y P T ? ? ? ?Plaintext T H E M E E - - - - - - A T T H E - - - -Cipher text V H R M H E U Z N F Q D E Z R W X F I D K

Maybe this is the beginning of the meeting?

Vigenere cipher with long key-phrase

Key C A N A D A B R A Z ? ? E G Y P T ? ? ? ?Plaintext T H E M E E T I N G - - A T T H E - - - -Cipher text V H R M H E U Z N F Q D E Z R W X F I D K

Is BRAZ the beginning of Brazil?

Key C A N A D A B R A Z I L E G Y P T ? ? ? ?Plaintext T H E M E E T I N G I S A T T H E - - - -Cipher text V H R M H E U Z N F Q D E Z R W X F I D K

Now we can try other countries to see if they make sense.

Vigenere cipher with long key-phrase

CUBA seems to make sense . . .

Key C A N A D A B R A Z I L E G Y P T C U B APlaintext T H E M E E T I N G I S A T T H E D O C KCipher text V H R M H E U Z N F Q D E Z R W X F I D K

Notice the back-and-forth nature of the cryptanalysis process.

One-time cipher pad

A key-phrase as long as the message does not guarantee an unbreakable code.

The weakness is that the key phrase is made up of words that make sense. What if the key has no inherent structure?

If we use a random key, and a different one for each message, we come up with a secure cipher.You could still try to test all possible keys, but this is prohibitively time-consuming. By the time that gives results the message is no longer pertinent.

Now security is guaranteed.

One-time cipher pad

A key-phrase as long as the message does not guarantee an unbreakable code.

The weakness is that the key phrase is made up of words that make sense. What if the key has no inherent structure?

If we use a random key, and a different one for each message, we come up with a secure cipher.You could still try to test all possible keys, but this is prohibitively time-consuming. By the time that gives results the message is no longer pertinent.

Now security is guaranteed.

One-time cipher pad

Creating a random key takes a lot of time, effort and money. Distributing the cipher keys to everyone who needs them is prohibitive. Making sure that everyone is “on the same page” is difficult. If the system is widely used, there is a great danger that one set of pads will be stolen and the whole system compromised. Reusing a onetime key compromises the system. Can sometimes be used in diplomacy for a very secret message, but cannot be used in the heat of battle, or in daily business communication.

CIPHER DISKS

In the fifteenth century, Leon Alberti invented the cipher disk.

http://www.secretcodebreaker.com/ciphrdk.html

CIPHER DISKS

This type of encryption was used in the civil war.

CIPHER DISKS

Thomas Jefferson’s cipher wheel:

CIPHER DISKS

Ovaltine cipher ring . . .

The Enigma machine

The enigma machinedescription from

http://en.wikipedia.org/wiki/Enigma_machine#Rotors

• The rotors (alternatively wheels or drums — Walzen in German) form the heart of an Enigma machine. Approximately 10 cm in diameter, each rotor is a disk made of hard rubber or bakelite with a series of brass spring-loaded pins on one face arranged in a circle; on the other side are a corresponding number of circular electrical contacts. The pins and contacts represent the alphabet — typically the 26 letters A–Z (this will be assumed for the rest of the description). When placed side-by-side, the pins of one rotor rest against the contacts of the neighbouring rotor, forming an electrical connection. Inside the body of the rotor, a set of 26 wires connects each pin on one side to a contact on the other in a complex pattern. The wiring differs for every rotor.

The enigma machine

The left side of an Enigma rotor, showing the flat electrical contacts. A single turnover notch is visible on the left edge of the rotor.

The right side of a rotor, showing the pin electrical contacts. The Roman numeral V identifies the wiring of the rotor.

Three Enigma rotors and the shaft on which they are placed when in use.

The enigma machineBy itself, a rotor performs only a very simple type of encryption a simple substitution cipher. For example, the pin corresponding to the letter E might be wired to the contact for letter T on the opposite face. The complexity comes from the use of several rotors in series — usually three or four — and the regular movement of the rotors; this provides a much stronger type of encryption.

The enigma machine

When placed in the machine, a rotor can be set to one of 26 positions. It can be turned by hand using a grooved finger-wheel which protrudes from the internal cover when closed. So that the operator knows the position, each rotor has an alphabet tyre (or letter ring) attached around the outside of the disk, with 26 letters or numbers; one of these can be seen through a window, indicating the position of the rotor to the operator. In early Enigma models, the alphabet ring is fixed; a complication introduced in later versions is the facility to adjust the alphabet ring relative to the core wiring. The position of the ring is known as the Ringstellung ("ring settings").

The enigma machine

To avoid merely implementing a simple substitution cipher, some rotors turn with consecutive presses of a key. This ensures that the cryptographic transformation is different at each position, producing a formidable polyalphabetic substitution cipher.

The enigma machineWith the exception of the early models A and B, the last rotor is followed by a reflector a patented feature distinctive of the Enigma family amongst the various rotor machines designed in the period. The reflector connects outputs of the last rotor up in pairs, redirecting current back through the rotors by a different route. The reflector ensures that Enigma is self-reciprocal: conveniently, encryption is the same as decryption. However, the reflector also gives Enigma the property that no letter can encrypt to itself. This was a severe conceptual flaw and a cryptological mistake subsequently exploited by codebreakers.

The enigma machineThe plugboard (Steckerbrett in German) is a variable wiring that could be

reconfigured by the operator (visible on the front panel of Figure 1; some of the patch cords can be seen in the lid). It was introduced on German Army versions in

1930 and was soon adopted by the Navy as well. The plugboard contributes a great deal to the strength of the machine's encryption, more than an extra rotor would. Enigma without a plugboard — "unsteckered" Enigma — can be solved relatively

straightforwardly using hand methods; these techniques are generally defeated by the addition of a plugboard, and codebreakers resorted to special machines to solve

it.A cable placed onto the plugboard connects letters up in pairs, for example, E and Q might be a steckered pair. The effect is to swap those letters before and after the main rotor scrambling unit. For example, when an operator presses E, the signal is

diverted to Q before entering the rotors. Several such steckered pairs, up to 13, might be used at one time.

Current flows from the keyboard through the plugboard, and proceeds to the entry-rotor or Eintrittswalze. Each letter on the plugboard has two jacks. Inserting a plug will disconnect the upper jack (from the keyboard) and the lower jack (to the entry-

rotor) of that letter. The plug at the other end of the crosswired cable is inserted into another letter's jacks, switching the connections of the two letters.

The enigma machine

The plugboard (Steckerbrett in German) is a variable wiring that could be reconfigured by the operator. It was introduced on German Army versions in 1930 and was soon adopted by the Navy as well. The plugboard contributes a great deal to the strength of the machine's encryption, more than an extra rotor would. Enigma without a plugboard — "unsteckered" Enigma — can be solved relatively straightforwardly using hand methods; these techniques are generally defeated by the addition of a plugboard, and codebreakers resorted to special machines to solve it.

The beginning

• The British kept on deciphering German messages after the end of WWI, and in 1926 they started getting messages that baffled them completely.

• The Americans and French were baffled too.

• The Enigma gave the Germans the most secure means of communication then available.

The Polish cryptanalysts

• The allied cryptanalysts gave up trying. They had little to lose. Germany lost the war and was crippled by defeat.

• But Poland had continued threats to its sovereignty, from Russia and Germany.

• The Poles started a cipher bureau.• Captain Maksymilian Ciezki was in

charge of deciphering the German messages.

The Polish cryptanalysts

• Ciezki had access to a commercial version of the Enigma machine, so he understood the concept.

• But the military version was more sophisticated and Ciezki was baffled by the Enigma.

• Hans-Thilo Schmidt was a German who fought in WWI. In the hard times after the war, he was in financial difficulties, and jealous of his successful older brother, who got him a job at the Enigma command center.

Schmidt sells the instructions

• Schmidt allowed a French agent to photograph 2 documents which were the instructions for use of the Enigma machines, and gave insight into the wirings inside each scrambler.

• Now the allies has an accurate model of the machine, but they still could not decipher the messages. The strength of the cipher was in keeping the initial configuration of the wheels secret. The Germans even assumed that the machine could be available to their enemies.

Having the Enigma does not mean you can break the code.

• Schmidt allowed a French agent to photograph 2 documents which were the instructions for use of the Enigma machines, and gave insight into the wirings inside each scrambler.

• Now the allies has an accurate model of the machine, but they still could not decipher the messages. The strength of the cipher was in keeping the initial configuration of the wheels secret. The Germans even assumed that the machine could be available to their enemies.

Having the Enigma does not mean you can break the code.

• Schmidt allowed a French agent to photograph 2 documents which were the instructions for use of the Enigma machines, and gave insight into the wirings inside each scrambler.

• Now the allies has an accurate model of the machine, but they still could not decipher the messages. The strength of the cipher was in keeping the initial configuration of the wheels secret. The Germans even assumed that the machine could be available to their enemies.

Enigma key

• Remember that there are several pieces of information which go into encipherment using the Enigma.

Enigma key

• Each month, Enigma operators got a new codebook which specified the key:– Plugboard settings (which letters were

wired to which)– Scrambler arrangement (what order to

put the disks in). Each disk is different, so it matters what order they are put in.

– Scrambler orientation (which letter each disk should show.

Enigma key example

• Plugboard settings A/L-P/R-T/D-B/W-K/F-O/Y: swap the letters A and L by connecting them by a lead on the plugboard. Similarly, swap P and R, T and D etc.

Enigma key example• Scambler arrangement 2-3-1 place the 2nd

scrambler in the first slot, the 3rd scrambler in the second slot and the 1st scramble in the third slot

Enigma key example• Scambler

orientation: which letters face upwards

Enigma key

One way of encrypting the message would be to send all the days messages according to the day key. This would mean that for a whole day, all Enigma operators would set the scramblers and plugs in the specified way before each method. This process is weakened by the repeated use of the same key to transmit many messages.Another way is to use the day-settings to transmit a new message key for each message. The message key would have the same plugboard and scrambler arrangement as the day key, but the scrambler orientations would be different. The scambler orientation for the message key was sent in the beginning of the message, enciphered by the day key.

Enigma key

Using the day key only to encrypt the message key limited the number of messages sent in one key.This seems hard to break.

Enter Marian Rejewski, a 23 year old math student. He used the fact that repetition is the key to breaking codes.

The Germans enciphered the message key twice at the beginning of each message, to avoid the mistakes by radio interference

Enigma message key

So if the message key was to be ULJ, when sent enciphered twice we would obtain, for example PEFNWZ (remember that the Enigma rotors change position, so that we get a poly-alphabetic cipher).So Rejewski would focus on the first 6 letters of each message, which were the message key letters.

Enigma message key

1st 2nd 3rd 4th 5th 6th

1st message L O K R G M2nd message M V T X Z E3rd message J K T M P E4th message D V Y P Z X

This gives some constraint as to the initial setup of the machine. Given enough messages, a series of such relationships could be built up for each letter of the alphabet.

Does this give us information about the settings? It allows us to find a chain, and the length of this chain represents only the scrambler settings.

Enigma message key

ABCDEFGHIJKLMNOPQRSTUVWXYZ 1st letter

FQHPLWOGBMVRXUYCZITNJEASDK 4th letter

This forms chains, e.gA F W A

3 linksB Q Z K V E L R I B

9 linksEven if the plugboard settings interchange letters, the length of the chains is only dependent on the original scrambler settings.

Enigma message key

There are 6 scrambler arrangements (3!)And 17,576 (=26*26*26) scrambler orientationsSo the total number of scrambler settings is 6x17576 = 105,456This is a lot less than the number of day keys (10,000,000,000,000,000)So now the question is what are the chain lengths generated by each one of the 105,456 scrambler settings.Rejewski catalogued the lengh of chains generated by each one of the scrambler settings.

Rejewski’s technique

Now each day, he would look at the relationships in the 1st 4th , 2nd 5th, and 3rd 6th letters and use this information to build the table of relationshipsOnce he had the table of relationships set up, he used that to trace the chains, and establish the length of all the different chains.Now he would go to his catalog and see what scrambler arrangements could give rise to the chain-lengths he had.This gave him the scrambler arrangement for the day.

Rejewski’s technique

But the plugboard settings were unknown.To find these, Rejewski set his Enigma machine with the scrambler settings he found out, took out the plugs, and set to work typing in the received messages. Now most of them were gibberish, since the plugs were not put in, but once in a while obvious exchanged could be made that would result in a message that makes sense. For example, the messageALLIVEINBELRIN strongly suggested the R and L were swapped on the plugboard.Now that the scrambler and plugboard settings were discovered, all the day’s mail could be read.

Rejewski’s Bombe

Even when the Germans made some alteration to the way they transmitted messages, Rejewski was able to handle it by making a mechanized version of his cataloguing system. He had 6 machines working, one for each of the scrambler settings. Each one of these machines checked all the different scrambler orientations.

All this time that Rejewski and the Polish cryptographers were working on breaking the Enigma codes, their chief had the Enigma day keys tucked in his drawer, obtained by the French from Schmidt.

In 1938, the Germans changed the way the Enigma was run. 2 new rotors were introduced. Now each day key represented 3 rotors chosen from a possible 5. The number of arrangements was now 60.

Now the task became prohibitive. Rejewski would have to figure out the internal wiring of the 2 new rotors, and then to set up 60 bombes would be too expensive. It got worse the next month when the Germans started using 20 plugs to swap letters, instead of 12.

The Enigma could still be broken using these techniques, but the mechanized power to do so was not there.

In April 1939, Germany withdrew from its nonagression pact with Poland. Fearing a German invasion, it was decided to share the progress with the Allied forces. The information was given to the French and British. On August 16th, one of the Enigma machines was smuggled to Britain.

Two weeks later, on September 1, 1939, Hitler invaded Poland.

The British and French has assumed the Enigma could not be broken – now they saw they were wrong. The Enigma was not a perfect cipher, it could be broken.

The experience of the Polish codebreakers showed that mathematicians and mathematical techniques are a good way of breaking this code. In Britain “Room 40” was dominated by classicists and linguists, now an effort was made to staff it with mathematicians and scientists.

The new recruits were brought to Bletchley Park, the home of the newly formed Government Code and Cipher School.

In the Fall of 1939, Bletchley park cryptanalysts were learning the workings of the Enigma.

Once the Bletchley park people mastered the techniques developed by the Poles, they started to develop their own techniques and shortcuts.

They noticed that sometimes the German operators used obvious message keys – e.g. QWE or BNM (consecutive type-writer keys) or repeatedly used the same key (e.g. initials of their girlfriends) instead of random keys.

These were not weaknesses of the machine, but rather of how it was used.

Also, there were regulations that the arrangement of rotors could not be the same any 2 days in a row. E.g. if the arrangement was 134 on one day, then the next day rotor 1 could not be in position 1, 3 could not be in position 2, and 4 could not be in position 3. This was meant to induce more random behavior, but in fact reduced the number of possibilites.Similarly, there was a rule that the plugboard settings could never swap a letter for one next to it in the alphabet.

One of the greatest mathematicians in Bletchley was Alan Turing. (see www.turing.org.uk)

He noticed that many of the messages conformed to a certain rigid pattern. For example, a weather report was send shortly after 6am each day. These invariably contained the word WETTER (German for weather). He knew to look for this in the first 6 letters of a message. This served as a crib. Now they could try to see which scrambler and plugboard combinations give the right encryption.

Except that there are too many combinations to test.

Turing created a prototype “bombe” that would test these possibilites. the first computer that could test all this possibilities.

Enigma simulator• http://www.codesandciphers.org.uk/enigma/

emachines/enigmad.htm

Lorenz Cipher• This was a similar machine to the

enigma, but much more complicated.• The first programmable computer

was built to handle this: Colossus• It was secret, though (like everything

else at Bletchley) so it did not become known as the first computer.

HW#8• Use enigma simulators to encipher

and decipher messages.

The enigma machine

http://mckoss.com/Crypto/Enigma.htm for a paper enigma machine

http://users.telenet.be/d.rijmenants/index.htm for a description of the enigma

http://users.telenet.be/d.rijmenants/en/enigmasim.htm for an enigma simulator.