Post on 13-Apr-2018
1
CS349 Cryptography
Department of Computer ScienceWellesley College
Cracking the Enigma
Rotor machines
Enigma 3-2
Mechanization of secrecyo Advances in cryptanalysis
prompted the need formore secure (read morecomplex) cryptosystems.
o However, the weakest linkin any cryptosystem isgenerally the people whouse it.
2
Enigma 3-3
Cipher diskso The Confederate Alberti
disk may be thought of asa mechanized Caesarcipher.
o However, it can also beused in a manner that isfunctionally equivalent tothe Vigenere cipher.
Enigma 3-4
Rotor machineso Shortly after the first
world war, the German firmof Scherbius and Ritterdeveloped an electronicversion of the Alberti disk.
o Typing a “b” on the keyboardcauses a current to flowthrough the scrambler andemerge on the other side toilluminate the “a” light lamp.
3
Enigma 3-5
Adding an element of Vigenereo Every time a letter is typed
into the keyboard andencrypted, the scramblerrotates by one place.
o After one rotation, result oftyping a “b” is functionallyequivalent to first shifting“b” back one position, passingthrough the scrambler, thenshifting the result forwardone position: ci = pi p-i R pi.*
*Here pi = ith plaintext, ci = ithciphertext, pi = shift rotor by ipositions, and R is scrambler.
Enigma 3-6
Adding a second scramblero With only one scrambler,
there are only 26 distinctstarting positions.
o This is not a key spacethat is likely to worryeven the dimmest wattbulb.
4
Enigma 3-7
Commercial Enigma machineso Commercial Enigma
machines had three rotorsand a reflector.
o The reflector is acomplication illusoire. Butit serves an important rolenever the less.
Enigma 3-8
Wehrmacht Enigma machineso The number of keys with
three rotors is 263 =17,576.
o A dozen determinedcryptographers couldsearch the entire space ina day.
o Early Wehrmachtmachines were providedwith removable,interchangable rotors anda plugboard.
5
Enigma 3-9
Enigmao Packaged up and weighing
in at about 12 kilos,thousand of Enigmas weredistributed throughoutthe German army by thestart of World War II.
o An Enigma emulator maybe found athttp://www.ugrad.cs.jhu.edu/~russell/classes/enigma/enigma.html
Enigma 3-10
Alan Turing meets Enigmao The best and the
brightest were brought toBletchley Park to breakthe code.
6
Enigma 3-11
The method of isomorphso The action of the three scramblers may be described as
o Combining this with the action of the reflector,
where
†
S(i1 ,i2 ,i3 ) = p-ii RN pii - i2 RM pi2 - i3 RL pi3
†
ci = piS(i1 ,i2 ,i3 )US( i1,i2,i3 )
-1
= pi(p-i1 RN pi1 - i2 RM pi2 - i3 RL pi3 )U(p-i1 RN pi1 - i2 RM pi2 - i3 RL pi3 )-1
= pi(p-i1 RN pi1 )U(i1 ,i2 ,i3 )(p-i1 RN pi1 )-1
†
U(i1 ,i2 ,i3 ) = p-i2 RM pi2 - i3 RL pi3Up-i3 RL-1pi3 - i2 RM
-1 pi2
Enigma 3-12
Rotated alphabetso The relationship
implies
o In other words, and
are isomorphic sequencesduring period that theother rotors remainstationary.
†
ci = pi(p-i1 RN pi1 )U(i2 ,i3 )(p-i1 RN pi1 )-1
†
ci(p-i1 RN pi1 ) = pi(p- i1 RN pi1 )U( i2 ,i3 )
†
pi(p-i1 RN pi1 )
†
ci(p-i1 RN pi1 )
7
Enigma 3-13
Meet in the middle attacko A probable word is compared
with a fragment of thecryptotext:r e c o n n a i s s a n c e
U P Y T E J O J Z E G B O T
o We test whether rotor I is thefastest moving by encoding thethe operation ofon each the plaintext andciphertext pair.
†
p-i1 RN pi1
Enigma 3-14
A direct hito The involutory property is
confirmed in row i=2 bothconfirming rotor I as the fastrotor RN,
o . . . and yielding 14 pairs of entryand exit characters for thenext round*:j g m g f u h r w c n s e w
U Z C Z B J O T A M Q E S A
*In practice, a prefabricated catalogue with 2 x 262 = 1352 entries list all with corresponding rotor positions was used.
†
U(i2 ,i3 )
8
Enigma 3-15
Investigation in partso The analysis above is
based on the assumptionthat the medium rotor RMdoes not move.
o If it does, then thepseudo-reflector ischanged and theinvestigation decomposesinto two parts withoutbecoming essentially moredifficult.
Enigma 3-16
Alan Turing deals with the plugboardo He began by postulating the position of a “crib”. In this,
he was aided by that fact that no letter ever encipher toitself.
o For example, does the following crib match the givenciphertext?Crib: w e t t e r n u l l e c h s
CIPHER: I P R E N L W K M J J S X C P E J W Q
9
Enigma 3-17
Turing loopso Next, he constructed a list of internal loops linking
plaintext and ciphertext characters.
Enigma 3-18
Turing Bombeso A consequence of the loop
is to nullify the effect ofthe plugboard.
o Sixty Enigma machineswere set up, one for eachof the ways of arrangingthe five rotors takenthree at a time.
o These sixty machinesclicked around in unisonuntil a circuit wascompleted and the lightilluminated.
10
Enigma 3-19
Successo Once the correct
scrambler arrangementsand orientations had beenestablished, finding theplugboard cabling was apiece of cake.
o By the end of 1942, 49bombes were clickingaround the clock.
Enigma 3-20
The Kriegsmarine remained a problemo Naval Enigmas had eight,
not five scramblers andthe reflector wasadjustable.
o Naval operators werecareful not to sendstereotypical messages,depriving Bletchley ofcribs and used a moresecure system forexchanging keys.