Online Encyclopedia

Categories: Cryptography | World War II German electronics

Enigma machine

This article is the part of the series on the
Enigma cipher machine.

Enigma machine

Cryptanalysis of the Enigma

Perforated sheets

Bomba

Bombe

Ultra

In the history of cryptography, the Enigma was a portable cipher machine used to encrypt and decrypt secret messages. More precisely, Enigma was a family of related electro-mechanical rotor machines — there were a variety of different models.

The Enigma was used commercially from the early 1920s on, and was also adopted by the military and governmental services of a number of nations — most famously, by Nazi Germany before and during World War II (WWII). The German military model, the Wehrmacht Enigma, is the version most commonly discussed. The machine has gained notoriety because Allied codebreakers were able to decrypt a large number of messages protected by the machine (see cryptanalysis of the Enigma). The intelligence gained through this source — codenamed ULTRA — was a significant aid to the Allied war effort. Some historians have suggested that the end of the European war was hastened by up to a year or more because of the decryption of German ciphers.

Figure 1. A three-rotor German military Enigma machine showing, from bottom to top, the plugboard, the keyboard, the lamps and the finger-wheels of the rotors emerging from the inner lid (version with labels).

Although the Enigma cipher has cryptographic weaknesses, there were in practice other significant factors which allowed codebreakers to read messages: captured machines and codebooks, mistakes by operators, and procedural flaws.

Contents

1 Description

1.1 Rotors
1.2 Stepping motion
1.3 Entry wheel
1.4 Reflector
1.5 Plugboard
1.6 Mathematical description

2 Procedures for using the Enigma

2.1 Indicators

3 History

3.1 Commercial Enigma
3.2 Military Enigma

4 Surviving Enigmas

5 Fiction

6 See also

7 References

8 External links

Description

Like other rotor machines, the Enigma machine is a combination of mechanical and electrical systems. The mechanical mechanism consists of a keyboard; a set of rotating disks called rotors arranged adjacently along a spindle; and a stepping mechanism to turn some of the rotors with each key press. The exact mechanism varies, but the most common form is for the right-hand rotor to step once with every key stroke, and occasionally the motion of neighbouring rotors is triggered. The continual movement of the rotors results in a different cryptographic transformation after each key press.

The mechanical parts act in such a way as to form a varying electrical circuit — the actual encipherment of a letter is performed electrically. When a key is pressed, the circuit is completed; current flows through the various components and ultimately lights one of many lamps, indicating the output letter. For example, when encrypting a message starting ANX..., the operator would first press the A key, and the Z lamp might light; Z would be the first letter of the ciphertext. The operator would then proceed to encipher N in the same fashion, and so on.

Current flows from a battery through the switch controlled by the depressed key into a fixed entry wheel. This leads into the rotor assembly (or scrambler), where the complex internal wiring of each rotor results in the current passing from one rotor to the next along a convoluted path. After passing through all the rotors, current enters the reflector, which relays the signal back out again through the rotors and the entry wheel — this time via a different path — and, finally, to one of the lamps (the earliest Enigma models do not have the reflector). In addition, some machines are equipped with a plugboard, which allow the connections between the keyboard and the entry wheel to be easily rewired by an operator.

Rotors

The rotors (alternatively wheels or drums — Walzen in German) form the heart of an Enigma machine. Approximately 10 cm in diameter, each rotor is a disk made of hard rubber or bakelite with a series of brass spring-loaded pins on one face arranged in a circle; on the other side are a corresponding number of of circular electrical contacts. The pins and contacts represent the alphabet — typically the 26 letters A–Z (this will be assumed for the rest of the description). When placed side-by-side, the pins of one rotor rest against the contacts of the neighbouring rotor, forming an electrical connection. Inside the body of the rotor, a set of 26 wires connects each pin on one side to a contact on the other in a complex pattern. The wiring differs for every rotor.

By itself, a rotor performs only a very simple type of encryption — a simple substitution cipher. For example, the pin corresponding to the letter E might be wired to the contact for letter T on the opposite face. The complexity comes from the use of several rotors in series — usually three or four — and the regular movement of the rotors; this provides a much stronger type of encryption.

When placed in the machine, a rotor can be set to one of 26 positions. It can be turned by hand using a grooved finger-wheel which protrudes from the internal cover when closed, as shown in Figure 2. So that the operator knows the position, each rotor has an alphabet tyre (or letter ring) attached around the outside of the disk, with 26 letters or numbers; one of these can be seen through a window, indicating the position of the rotor to the operator. In early Enigma models, the alphabet ring is fixed; a complication introduced in later versions is the facility to adjust the alphabet ring relative to the core wiring. The position of the ring is known as the Ringstellung ("ring settings").

The rotors each contain a notch (sometimes multiple notches), used to control the stepping of the rotors. In the military versions, the notches are located on the alphabet ring.

The Wehrmacht Enigma was equipped with a number of rotors. For the Army and Air Force versions, three rotors were chosen from a set of five; these were marked with Roman numerals to distinguish them: I, II, III, IV and V, all with single notches. The Naval Enigma also had these rotors, but the Navy added three more — VI, VII and VIII — exclusively for their own use. These rotors had two notches cut into them, resulting in a more frequent turnover.

Stepping motion

To avoid merely implementing a simple substitution cipher, some rotors turn with consecutive presses of a key. This ensures that the cryptographic transformation is different at each position, producing a formidable polyalphabetic substitution cipher.

The most common arrangement utilises a ratchet and pawl mechanism. Each rotor is affixed with a ratchet with 26 teeth; a group of pawls engage the teeth of the ratchet. The pawls are pushed forward in unison with each keypress on the machine. If a pawl engages the teeth of a ratchet, that rotor advances by one step.

Each rotor is also affixed with a notched ring, typically containing a single notch, but occasionally several notches. At a certain point, a rotor's notch will align with the pawl, allowing it to engage the ratchet of the next rotor with the subsequent key press. When a pawl is not aligned with the notch, it will simply slide over the surface of the ring without engaging the ratchet. In a single-notch rotor system, the second rotor is advanced one position for every 26 advances of the first rotor. Similarly, the third rotor is advanced one position for every 26 advances of the second rotor. The second rotor also advances at the same time as the third rotor, meaning the second rotor can step twice on subsequent key presses — "double stepping" — resulting in a reduced period (Hamer, 1997).

With three wheels and only single notches in the first and second wheels, the machine has a period of 26 × 25 × 26 = 16,900. Historically, messages were limited to a couple of hundred letters, and so there was no risk of repeating any position.

When pressing a key, the rotors step before the electrical circuit is connected.

Entry wheel

The entry wheel (Eintrittwalze in German), or entry stator, connects the plugboard, if present, or otherwise the keyboard and lampboard to the rotor assembly. While the exact wiring used is of comparatively little importance to the security, it proved an obstacle in the progress of Polish cryptanalyst Marian Rejewski during his deduction of the rotor wirings. The commercial Enigma connects the keys in the order of their sequence on the keyboard: Q $\rightarrow$ A, W $\rightarrow$ B, E $\rightarrow$ C and so on. However, the military Enigma connects them in straight alphabetical order: A $\rightarrow$ A, B $\rightarrow$ B, C $\rightarrow$ C etc. It took an inspired piece of guesswork for Rejewski to realise the modification, and he was then able to solve the equations.

Reflector

With the exception of the early models A and B, the last rotor is followed by a reflector (German Umkehrwalze), a patented feature distinctive of the Enigma family amongst the various rotor machines designed in the period. The reflector connects outputs of the last rotor up in pairs, redirecting current back through the rotors by a different route. The reflector ensures that Enigma is self-reciprocal: conveniently, encryption is the same as decryption. However, the reflector also gives Enigma the property that no letter can encrypt to itself; this property was exploited by codebreakers.

In the commercial Enigma model C, the reflector can be inserted in one of two different positions. In Model D the reflector can be set in 26 possible positions, although it does not move during encipherment. In the Abwehr Enigma, the reflector is stepped during encryption in a similar way to the other wheels.

In the Wehrmacht Enigma, the reflector is fixed and does not rotate, and appeared in four versions. The original version was marked A, and was replaced by Umkehrwalze B on 1 November 1937. A third version, Umkehrwalze C appeared in 1941. The fourth version, first observed on 2 January 1944 is a rewireable reflector, called Umkehrwalze D, allowing the Enigma operator to alter the connections as part of the key settings.

Plugboard

The plugboard mechanism (Steckerbrett in German, shortened to Stecker) is visible on the front panel of Figure 1 and some of the patch cords can be seen in the lid. It was introduced on German Army versions in 1930 and was soon adopted by the Navy as well. The plugboard contributes a great deal to the security. Enigma without a plugboard — "unsteckered" Enigma — can be solved relatively straightforwardly using hand methods; these techniques are generally defeated by the addition of a plugboard, and codebreakers resorted to special machines to solve it.

A cable placed onto the plugboard connects letters up in pairs, for example, E and Q might be a steckered pair. The effect is to swap those letters before and after the main rotor scrambling unit. For example, when an operator presses E, the signal is diverted to Q before entering the rotors. Several such steckered pairs, up to 13, might be used at one time.

Mathematical description

The Enigma transformation for each letter can be specified mathematically as a product of permutations. Assuming a three-rotor German Army/Air Force Enigma, let $P$ denote the plugboard transformation, $U$ denote the reflector, and $L, M, R$ denote the actions of the left, middle and right rotors respectively. Then the encryption $E$ can be expressed as

E = P R M L U L - 1 M - 1 R - 1 P - 1

After each key press the rotors turn, changing the transformation. For example, if the right hand rotor $R$ is rotated $i$ positions, the transformation becomes $ρ i R ρ - i$ , where $ρ$ is the cyclic permutation mapping A to B, B to C, and so forth. Similarly, the middle and left-hand rotors can be represented as $j$ and $k$ rotations of $M$ and $L$ . The encryption function can then be described as:

E = P (ρ i R ρ - i)(ρ j M ρ - j)(ρ k L ρ - k) U (ρ k L - 1 ρ - k)(ρ j M - 1 ρ - j)(ρ i R - 1 ρ - i) P - 1

Procedures for using the Enigma

In German military usage, communications were divided up into a number of different networks, all using different settings for their Enigma machines. These communication nets were termed keys at Bletchley Park, and were assigned codenames, such as Red, Chaffinch and Shark. Each unit operating on a network was assigned a settings list specifying the Enigma for a period of time. For a message to be correctly encrypted and decrypted, both sender and receiver have to set up their Enigma in the same way; the rotor selection and order, the starting position and the plugboard connections need to be identical; these settings have to be agreed on beforehand, and were distributed in codebooks.

An Enigma machine's initial state, the cryptographic key, has several aspects:

Wheel order (Walzenlage) — the choice of rotors and the order in which they are used.
Initial position of the rotors: — an operator chose the initial positions of the rotors, different for each message.
Ring settings (Ringstellung) — the position of the alphabet ring relative to the rotor wiring.
Plug settings (Steckerverbindungen) — the connections of the plugs in the plugboard.

Enigma was designed to be secure even if the rotor wiring was known to an eavesdropper, although in practice the wiring was kept secret. With secret wiring, the total number of possible configurations has been calculated to be around 10¹¹⁴ (approximately 380 bits); with known wiring and other operational constraints, this is reduced to around 10²³ (76 bits) [1]. Users of Enigma were assured of its security by the large number of possibilies; it was not feasible for an adversary to even begin to try every possible configuration in a brute force attack.

Indicators

Most of the key was kept constant for a set time period, typically a day. However, a different initial rotor position was chosen for each message, because if a number of messages are sent encrypted with identical or near-identical settings, a cryptanalyst has several messages "in depth", and might be able to attack the messages using frequency analysis. To counter this, a different starting position for the rotors was chosen for each message; a similar concept to an initialisation vector in modern cryptography. The starting position was transmitted along with the ciphertext. The exact method used is termed the "indicator procedure" — weak indicator procedures allowed the initial breaks into Enigma.

One of the earliest indicator procedures was exploited to make the initial breaks into the Enigma by Polish cryptanalysts. The procedure was for the operator to set up his machine in accordance with his settings list, which included a global initial position for the rotors (Grundstellung — "ground setting"), AOH, say. The operator would turn his rotors until AOH was visible through the rotor windows. At this point, the operator would choose his own, arbitrary starting position for that particular message. An operator might select EIN, and this became the message settings for that encryption session. The operator would then type EIN into the machine, twice, to allow for detecting transmission errors. The results would be an encrypted indicator — the EIN typed twice might turn into XHTLOA, which would be transmitted along with the message. Finally, the operator would then spin the rotors to his message settings, EIN in this example, and the text of the actual message was typed in.

At the receiving end the operation was reversed. The operator set the machine to the initial settings and typed in the first six letters of the message (XHTLOA). In this example, EINEIN would be produced. By moving his rotors to EIN, the receiving operator would then type in the rest of the ciphertext, deciphering the message.

The weakness came from two factors: the use of a global ground setting — this was later changed so that the operator selected his initial position to encrypt the indicator, and sent the initial position in the clear. The second problem was the repetition of the indicator, which was eventually changed in May 1940.

History

Commercial Enigma

In 1918, engineer Arthur Scherbius applied for a patent for a cipher machine using rotors, and, with E. Richard Ritter, founded the firm of Scherbius & Ritter. They approached the German Navy and Foreign Office with their design, but neither were interested. They then assigned the patent rights to Gewerkshaft Securitas, who founded the Chiffriermaschinen Aktien-Gesellschaft (Cipher Machines Stock Corporation) on 9 July 1923; Scherbius and Ritter were on the board of directors.

Chiffriermaschinen AG began advertising a rotor machine — Enigma model A — which was exhibited at the Congress of the International Postal Union in 1923 and 1924. The machine was heavy and bulky, incorporating a typewriter. It measured 65×45×35 cm and weighed about 50kg. A model B was introduced, and was of a similar construction. While bearing the Enigma name, both models A and B were quite unlike later versions: they differed in physical size and shape, but also cryptographically, in that they lacked the reflector.

The reflector — an idea suggested by Scherbius' colleague Willi Korn — was first introduced in the Enigma C (1926) model. The reflector is a key feature of the Enigma machines. Hamer et al (1998) write, "[Enigma] was a relatively large family of machines built around the same principle, wired wheels (rotors) with a fixed or rotatable Umkehrwalze (reflector)".

Model C was smaller and more portable than its predecessors. It lacked a typewriter, relying instead on the operator reading the lamps; hence the alternative name of "glowlamp Enigma" to distinguish from models A and B. The Enigma C quickly became extinct, giving way to the Enigma D (1927). This version was widely used, with copies going to Sweden, the Netherlands, England, Japan, Italy, Spain, USA and Poland.

Military Enigma

Several copies of commercial Enigmas were purchased by the German Navy, leading to adoption of an adapted machine by the Navy in 1926, termed the Funkschlüssel C (Radio cipher C); the machine was revised slightly in 1933.

On 15 July 1928, the German Army (Reichswehr) introduced their own version of the Enigma — the Enigma G, revised to the Enigma I in June 1930. There was also a typewriter version, the Enigma II. The most important change introduced was the addition of a plugboard; a variable wiring that could be reconfigured by the operator. The plugboard significantly increased the security of the machine. This version became known as the Wehrmacht, or Services Enigma, and was used extensively by the German military services and other government organisations, both prior to and during World War II. The machine's dimensions were 28×34×15 cm (weighing around 12 kg).

By 1930, the Army suggested that the Navy adopt their machine, giving the reasons of increased security (with the plugboard) and easier interservice communication. The Navy eventually agreed and in August 1934 brought into service the Navy version of the Army Enigma, designated Funkschlüssel M or M3. While the Army version used only three rotors, the Navy specified a choice of three from a possible five. In 1939 the Army went to a 3 rotors out of 5 system and changed their indicator procedures, leaving the Poles with too much work to keep up. This was one of the reasons for passing information and equipment on to British and French in July of that year. Still later, the Navy went to 3 rotors out of a possible 8. In August 1935 the Air Force also introduced the Wehrmacht Enigma for their communications. A four rotor Enigma was introduced by the Navy for U-boat traffic on 1 February 1942, called M4 (the network was known as Triton, or Shark to the Allies). The extra rotor was fitted in the same space by splitting the reflector into a combination of a thin reflector and a thin fourth rotor.

The Abwehr used a notable variant of the Enigma, known as the Abwehr Enigma, counter machine or the Zahlwerk Enigma, a four-wheel unsteckered machine with multiple notches on the rotors.

An Enigma model T (Tirpitz) — a modified commercial Enigma K manufactured for use by the Japanese.

Other countries also used Enigma machines. The Italian Navy adopted the commercial Enigma as "Navy Cipher D"; the Spanish also used commercial Enigma during their Civil War. British codebreakers succeeded in breaking these machines, which lacked a plugboard. The Swiss used a version of Enigma called model K or Swiss K, for military and diplomatic use, which was very similar to the commercial Enigma D. The machine was broken by a number of parties, including Germany, France, Britain and the United States (the latter codenamed it INDIGO). An Enigma T model (codenamed Tirpitz) was manufactured for use by the Japanese.

It has been estimated that 100,000 Enigma machines were constructed, and after the end of the Second World War, the Allies sold captured Enigma machines, still widely considered secure, to a number of developing countries. Much of the delay in waiting until the 1970's before the fact that the cipher for the Enigma machine had been broken has been widely attributed to the fact that the United States and the United Kingdom wished to hide the fact that they could read text encrypted by Enigma.

A number of other rotor machines were similar to the Enigma machine. For example, the British Typex machine and the Swiss NEMA machine.

Surviving Enigmas

A number of Enigma machines are on public display in museums. The Deutsches Museum in Munich has both the three and four-wheel German military variants, as well as several older civilian versions. There are also examples in the NSA's National Cryptologic Museum at Fort Meade in the United States, at Bletchley Park in the United Kingdom, as well as a number of other locations in Germany, the US, the UK, and a few other countries in Europe. A number are also in private hands [2].

Occasionally, Enigma machines are sold at auction and fetch on the order of US$20,000 [3].

Fiction

Robert Harris' 1996 novel Enigma is set against the backdrop of World War II Bletchley Park and codebreakers working to read Enigma. (Cryptanalytic pedants may notice some simplifications in the descriptions of attacks on Triton or Shark in the novel.) A film of the book was released in 2001 starring Kate Winslet and Dougray Scott .

An interactive fiction game Jigsaw by Graham Nelson contains a puzzle in which the player must decrypt a message with a simplified version of Enigma. The puzzle is generally accepted as the most annoying one in the game, which is perhaps some measure of how hard it was to decrypt messages produced by the original machine(s).

References

Kris Gaj, Arkadiusz Orlowski: Facts and Myths of Enigma: Breaking Stereotypes. EUROCRYPT 2003: 106–122. Online version (PDF).
David Hamer, "Enigma: Actions Involved in the ‘Double-Stepping’ of the Middle Rotor", Cryptologia, Vol. 21(1), January 1997, pp47–50. Online version (PDF).
David H. Hamer, Geoff Sullivan, and Frode Weierud, "Enigma Variations: An Extended Family of Machines", Cryptologia 22(3), July 1998. Online version (PDF).
Louis Kruh and Cipher Deavours, "The Commercial Enigma: Beginnings of Machine Cryptography", Cryptologia, 26(1), pp. 1–16, 2002. Online version (PDF).
Wladyslaw Kozaczuk, Jerzy Straszak: Enigma: How the Poles Broke the Nazi Code, Hippocrene Books; February 1, 2004, ISBN: 078180941X

External links

Images

Descriptions

Simulators and replicas

Enigma simulator (Java applet)
Enigma simulator (Macromedia Flash)
Enigma simulator (Paper cut-out)
A project to construct an accurate M4 Enigma replica
Wiring of the Enigma rotors.

Miscellaneous

David Hamer's Enigma pages — includes a list of known surviving Enigmas and selling prices