Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world

The Math That Saved the WorldBrad Youngbrad@clearpoint.co.ilA Mathematical and Historical Analysis of the Cryptographic Attacks on the Nazi Enigma Machine Marian RejewskiAlan Turing

AgendaDevelopment of Enigma Machine – Why/How/WhatThe Rejewski CrackThe Turing CrackHistorical Impact

WWI CryptologyFirst major war with radio + telegraph Very large volume of communications Hand-ciphersPlayfair, ADFGVX etc.Bigraph substitution + transformationEncryption/DecryptionInefficient …Became bottleneckCryptanalysisDifficult, time-consuming…But successful (mainly)

Invention of Enigma MachineArthur ScherbiusEfficient!(oh, and also Secure, by the way)Business, Military versionsEarly 1920’s – very poor salesGerman economy in trouble

OopsPublishes history bookReveals the impact of crypto on WWINow, the Germans want Enigma!

ABCDEFGHReflector3rd Rotor2nd Rotor1st RotorLightbulbsKeyboardEnigma Schematic

ABCDEFGHReflectorLightbulbs3rd Rotor2nd Rotor1st RotorKeyboardElectric Circuit

ABPressing ‘A’ on the keyboard…CDEF… lights the ‘B’ lightbulbGHNOTE: Because it is a electric circuit, no letter can map to itself. Minor detail combinatorically speaking, but very important for the Turing crack.ReflectorLightbulbs3rd Rotor2nd Rotor1st RotorKeyboardElectric Circuit

ABCDEAfter each letter, the first rotor shifts one step.So now, pressing ‘A’ lights a different lightbulb….’F’FGHReflectorLightbulbs3rd Rotor2nd Rotor1st RotorKeyboardRotor Shift

ABCDEFSits between keyboard and rotors.Each plug cable swaps signal between two letters.6 cables connect 12 letters. 14 other letters are not plugged at all.GHReflectorLightbulbsPlugboard3rd Rotor2nd Rotor1st RotorKeyboardPlugboard

KeysizeABRotor OrderRotor SettingPlugboardWiringI – III - IIVYJA/G, D/Q, J/Z,L/S, M/V, N/T3! = 6263 =17,576C(26,2) x C(24,2) xC(22,2) x C(20,2) xC(18,2) x C(16,2) x 1/6!(26!)3 x C(26,2)…C(2,2)x1/13!C≈ 105DEF≈ 1011≈ 1092GHTotal Key Size ≈ 10108Variable Key Size ≈ 1016

German Use of EnigmaDay Keys (RO, RS, PB) distributed monthly in key booksFor each message, sender chooses Message Key (Rotor Setting only)Encode Message Key using Day Key, twiceMove rotor to Message Key setting Encode actual messageSet to Day Key(VYJ)Change to Message Key(CIL)CILCILATTACKFROMNORTHATNINETHIRTYBOKJRVSQIGPQTMNWJRAKOBYTKMTKGBBRQ

Biuro Szyfrów1918 – Polish Independence1919 – Creation (and success) of Cipher Bureau 1926 – Germany goes dark as Enigma is adopted1930 – Bring in the mathematicians (?!?)Marian RejewskiJerzy RóżyckiHenryk Zygalski

The Rejewski CrackIntuition,Espionage,Engineering Understand how Enigma worksReverse-engineer the wiringBe able to crack the key each dayPermutational Mathematics

The Math of Permutation Cycles P = P-1 =

Cycle Notation P = P = (AECH)(BFD)(G) = (BFD)(G) (AECH) = (FDB)(G)(CHAE) P-1 = (HCEA)(DFB)(G) Benefits of cycle notation:ConciseEasier to take inverse(These are benefits of efficiency)

Cycle Structure = (AECH)(BFD)(G) P = 4 3 1 = (AFC)(BG)(D)(EH) Q = 3 2 1 2Benefits of cycle notation:ConciseEasier to take inverseGives more info – Cycle Structure (This is a benefit of value-add information)

Composition P = = (AECH)(BFD)(G) Q = = (AFC)(BG)(D)(EH) Q ◦ P = Q(P()) = (AHFDGBCE) Q ◦ P ≠ P ◦ Q - NOT Commutative Q ◦ ( P ◦ R ) = ( Q ◦ P ) ◦ R - Associative

Identity = (A)(B)(C)(D)(E)(F)(G)(H)I = P ◦ I = I ◦ P = PP ◦ P -1 = II ◦ I = I i.e. I = I -1(ab) ≠ I , but (ab) ◦ (ab) = (a)(b)i.e. (ab) = (ab)-1

Conjugation Conjugation of Q by P is defined as P ◦ Q ◦ P-1 P = (AECH)(BFD)(G) P-1 = (HCEA)(DFB)(G) Q = (AFC)(BG)(D)(EH) 1-2-2-31-2-2-3This is not a coincidence!This is not a coincidence!P ◦ Q ◦ P-1 = (AC)(B)(DHE)(FG)

Theorem: Cycle structure is invariant under conjugationProof:Suppose Q: ij, that is Q(i) = j.Consider P ◦ Q ◦ P-1 (P(i)).P ◦ Q ◦ P-1 (P(i)) = P ◦ Q ◦ (P-1 ◦ P)(i) = P ◦ Q(i) = P(j)i.e. P ◦ Q ◦ P-1: P(i)P(j)Therefore…If Q has k-cycle (i1, i2 … ik) then P ◦ Q ◦ P-1 has k-cycle (P(i1), P(i2)…P(ik)) QED

Using Permuation Cycles on EnigmaABSuppose we intercept a message: BOLJRVSQIGPQTMNWJRAKOBYTKMTTGBBRQUPWLHSOLNFEQTHJOVXPlaintext: abcabcCiphertext: BOLJRVDefine En as the permutation that occurs when Enigma machine is in state n.So, in the first state, aB. In the fourth state, aJE1 = (aB …E4 = (aJ …Now…Recall the effect of the Reflector, which creates 2-letter circuitsSo, if aB, then Ba. So the cycle is closed.E1 = (aB) …E4 = (aJ) …So, we can now compute E4 ◦ E1 = (BJ …CThese are the variablesa,b,c, not the actual lettersDEFGH

Using Permuation Cycles on EnigmaIf we have many intercepts from the same day, then they were produced with the same day settings. So we can calculate the entire compositions…E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)E5 ◦ E2 = (ORJCLVHGXKF)(AUYMPZQNDWB)(ES)(IT)E6 ◦ E3 = (BWOIKTZHXB)(EPQJYLVGN)(ARCU)(DSMF)Good news: abc variables have been eliminated! We’ve found a unique identifier!Bad news:It is one of 10,000,000,000,000,000 possibilities

Explore the nature of EnABEn = P ◦ Rn ◦ P where P is the plugboard permutation and Rn is rotor permutation when in state nE4 ◦ E1 = P ◦ R4 ◦ P ◦ P ◦ R1 ◦ PNow, recall the plugboard…P = (ab)(cd)(ef)(gh)(ij)(kl)(m)(n)(o)(p)(q)(r)(s)(t)(u)(v)(w)(x)(y)(z)All 2-cycles and 1-cycles, therefore P = P-1 !E4 ◦ E1 = P ◦ R4 ◦ P ◦ P ◦ R1 ◦ P = P ◦ R4 ◦ P ◦ P-1 ◦ R1 ◦ P = P ◦ R4 ◦ (P ◦ P-1 ) ◦ R1 ◦ P = P ◦ R4 ◦ R1 ◦ P = P ◦ (R4 ◦ R1 ) ◦ P = P ◦ (R4 ◦ R1 ) ◦ P-1CPRDEFGHConjugation:Cycle structure of E4 ◦ E1 is same as cycle structure of R4 ◦ R1 and is not affected at all by the plugboard!E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)E5 ◦ E2 = (AUYMPZQNDWB)(CLVHGXKFORJ)(ES)(IT)E6 ◦ E3 = (BWOIKTZHXB)(EPQJYLVGN)(ARCU)(DSMF)1-1-1-1-1-1-10-10 ; 2-2-11-11 ; 4-4-9-9Remember:Keysize(R) ≈ 105Keysize(P) ≈ 1011

Now, where are we?Figuring out En is problem of size 1016 Now, we have Rn, a smaller problem: 105Just barely small enough to attack brute force

Building the Rejewski Dictionary RO RS E4 ◦ E1 E5 ◦ E2 E6 ◦ E3 1 2 3 AAA 13-13 1-1-12-12 1-1-12-12 1 2 3 BAA 1-1-12-12 1-1-12-12 2-2-11-11 1 2 3 CAA 1-1-12-12; 2-2-11-11 1-1-12-12 1 2 3 DAA 2-2-11-11 1-1-12-12 13-13 1 2 3 EAA 1-1-12-12 13-13 13-13 1 2 3 FAA 13-13 13-13 1-1-2-2-3-3-3-3-4-4 1 2 3 GAA 13-13 1-1-2-2-3-3-3-3-4-4 2-2-5-5-6-6 1 2 3 HAA 1-1-2-2-3-3-3-3-4-4 2-2-5-5-6-6 13-13 1 2 3 IAA 2-2-5-5-6-6 13-13 4-4-9-9 1 2 3 JAA 13-13 4-4-9-9 1-1-5-5-7-7 1 2 3 KAA 4-4-9-9 1-1-5-5-7-7 13-13 1 2 3 LAA 1-1-5-5-7-7 13-13 1-1-2-2-10-10 1 2 3 MAA 13-13 1-1-2-2-10-10 1-1-1-1-11-11. . . . .. . . . .. . . . .…2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 1-1-12-12 KFE 2132-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 2-2-5-5-6-6 ZTF 1322-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 5-5-8-8 GIC 3122-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-12-12 AHH 1322-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-12-12 WLA 3122-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-5-5-7-7 YKG 1322-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 DXI 2132-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 ESY 3212-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 VHX 2132-2-11-11; 1-1-1-1-1-1-1-1-9-9; 2-2-11-11 UNV 231…1 setting every 4 minutes, x 20 hours/day = 300 / day105 / 300 ≈ 1 year to completeGood news; Solved the RO, RS!Bad news: 105 solved, 1011 not solvedCycle structure is not unique…even though 105 << (1012)3 ≈ 1012But most have < 10

Recovering the PlugboardPlugboard is the biggest problem combinatoricallyBut… It is trivial to solveE4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)R4 ◦ R1 = (MGWTREFBJU)(AKZCINLSHY)(P)(D)(O)(Q)(V)(X)(BJUMPWTCFE)(BJUMGWTREF)Plugboard settings: P/G , C/R , E/F , etc.

Paradox of Decreasing BenefitKeysize# Cables

1939 – Brink of WarPolish deliver Enigma replica and training to England and France Biuro Szyfrów is dismantled

Bletchley ParkHQ of British Government Code and Cypher School (GCCS)

New ChallengesCombinatoricMore rotors to choose fromIncrease # of plugsRing settingsProceduralEliminate Message Key repetitionNavy / Air Force / Army modsKeysize now 1023

Turing’s SolutionKnown-Plaintext attackHeil HitlerWetterberichtSeeding valuesPlaintext Crib:Ciphertext: Try to place the crib without letter any letter mapping to itselfWETTERBERICHTWETTERBERICHTWETTERBERICHTWETTERBERICHTWETTERBERICHTEXLMBTWZXBITWZCIQP(false hit) = (25/26)length of crib

Finding CyclesWETTERBERICHTEXLMBTWZXBITWE1: WEE5: EBE7: BW

JQFbEE1E1: WEE5: EBE7: BWaWJQJBbEE5cJQLBE7caW

MVCbaE1MZCbE5cMBDE7P(false hit) = (1/26)length of cycle-1ac

Turing’s BombeNOT a computerMulti-Enigma Wiring120 rpm  max 6 hrs to solve~70% of days crackedAccurate crib?Location of crib in message?Find cycle in message?Not too many false hits?Crib seedingFake missions – Get spotted18’26”N, 72’49”E = einachtzweisechsnordensiebenzweivierneunosten Reimann zeta zeros

6 : 60,000,000 :: 8 : ?

SecrecyBletchley Park is guttedEnigma machines captured (and distributed!)Top Secret status until 1973!

Marian Rejewski – During and After the War1939 – Romania

Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world (20)

Recently uploaded (20)

Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world