The Math That Saved the World

Brad Youngbrad@clearpoint.co.il

Marian Rejewski Alan Turing

A Mathematical and Historical Analysis of the Cryptographic Attacks on the Nazi

Enigma Machine

Agenda

I. Development of Enigma Machine – Why/How/What

II. The Rejewski Crack

III. The Turing Crack

IV. Historical Impact

WWI Cryptology

First major war with radio + telegraph Very large volume of communications

Hand-ciphers Playfair, ADFGVX etc. Bigraph substitution + transformation

Encryption/Decryption Inefficient …Became bottleneck

Cryptanalysis Difficult, time-consuming… But successful (mainly)

Zimmermann Telegram

Invention of Enigma Machine

Arthur Scherbius

Efficient!(oh, and also Secure, by the way)

Business, Military versions Early 1920’s – very poor sales German economy in trouble

Oops

Publishes history book Reveals the impact of

crypto on WWI

Now, the Germans want Enigma!

Reflector 3rd Rotor 2nd Rotor 1st Rotor Keyboard Lightbulbs

A

B

C

E

F

G

H

D

Enigma Schematic

Reflector Keyboard Lightbulbs

A

B

C

E

F

G

H

D

3rd Rotor 2nd Rotor 1st Rotor

Electric Circuit

A

B

C

E

F

G

H

D

Reflector Keyboard Lightbulbs3rd Rotor 2nd Rotor 1st Rotor

Electric Circuit

Pressing ‘A’ on the keyboard…

… lights the ‘B’ lightbulb

NOTE: Because it is a electric circuit,

no letter can map to itself. Minor detail combinatorically

speaking, but very important for the

Turing crack.

Reflector Keyboard Lightbulbs

A

B

C

E

F

G

H

D

3rd Rotor 2nd Rotor 1st Rotor

Rotor Shift

After each letter, the first rotor shifts

one step.

So now, pressing ‘A’ lights a different

lightbulb….’F’

Reflector Keyboard LightbulbsPlugboard

A

B

C

E

F

G

H

D

3rd Rotor 2nd Rotor 1st Rotor

Plugboard

Sits between keyboard and rotors.

Each plug cable swaps signal between

two letters.

6 cables connect 12 letters. 14 other letters are not plugged at all.

Plugboard

Keysize

Rotor Order

Rotor Setting

Plugboard

Wiring

I – III - II

VYJ

A/G, D/Q, J/Z,L/S, M/V, N/T

Total Key Size ≈ 10108

Variable Key Size ≈ 1016

3! = 6

263 =17,576

C(26,2) x C(24,2) x

C(22,2) x C(20,2) x

C(18,2) x C(16,2) x 1/6!

(26!)3 x C(26,2)…C(2,2)x1/13!

≈ 105

≈ 1011

≈ 1092

ABC

EFGH

D

German Use of Enigma

German Use of Enigma

Day Keys (RO, RS, PB) distributed monthly in key books

CILCILATTACKFROMNORTHATNINETHIRTYBOKJRVSQIGPQTMNWJRAKOBYTKMTKGBBRQ

Set to Day Key(VYJ)

Change to Message Key(CIL)

For each message, sender chooses Message Key (Rotor Setting only)

1. Encode Message Key using Day Key, twice

2. Move rotor to Message Key setting

3. Encode actual message

Agenda

I. Development of Enigma Machine – Why/How/What

II. The Rejewski Crack

III. The Turing Crack

IV. Historical Impact

Biuro Szyfrów

1918 – Polish Independence

1919 – Creation (and success) of Cipher Bureau

1926 – Germany goes dark as Enigma is adopted

1930 – Bring in the mathematicians (?!?) Marian Rejewski Jerzy Różycki Henryk Zygalski

The Rejewski Crack

A. Understand how Enigma works

B. Reverse-engineer the wiring

C. Be able to crack the key each day

Intuition,Espionage,Engineering

Permutational Mathematics

The Math of Permutation Cycles

A B C D E F G H

E F H B C D G A P =

A B C D E F G H

H D E F A B G C P-1 =

Cycle Notation

A B C D E F G H

E F H B C D G A P =

P = (AECH)(BFD)(G) = (BFD)(G) (AECH) = (FDB)(G)(CHAE)

P-1 = (HCEA)(DFB)(G)

Benefits of cycle notation:

a) Concise

b) Easier to take inverse

(These are benefits of efficiency)

Cycle Structure

= (AECH)(BFD)(G)

= (AFC)(BG)(D)(EH)

4 3 1

3 2 1 2

A B C D E F G H

E F H B C D G A P =

A B C D E F G H

F G A D H C B E Q =

Benefits of cycle notation:

a) Concise

b) Easier to take inverse

c) Gives more info – Cycle Structure

(This is a benefit of value-add information)

Composition

A B C D E F G H

E F H B C D G A P = = (AECH)(BFD)(G)

A B C D E F G H

F G A D H C B E Q = = (AFC)(BG)(D)(EH)

Q ◦ P = Q(P()) = (AHFDGBCE)

Q ◦ P ≠ P ◦ Q - NOT Commutative

Q ◦ ( P ◦ R ) = ( Q ◦ P ) ◦ R - Associative

Identity

A B C D E F G H

A B C D E F G H I = = (A)(B)(C)(D)(E)(F)(G)(H)

P ◦ I = I ◦ P = P

P ◦ P -1 = I

I ◦ I = I i.e. I = I -1

(ab) ≠ I , but (ab) ◦ (ab) = (a)(b)

i.e. (ab) = (ab)-1

Conjugation

Conjugation of Q by P is defined as P ◦ Q ◦ P-1

P = (AECH)(BFD)(G)

Q = (AFC)(BG)(D)(EH)

P-1 = (HCEA)(DFB)(G)

P ◦ Q ◦ P-1 = (AC)(B)(DHE)(FG)

1-2-2-3

1-2-2-3

This is not a coincidence!This is not a coincidence!

Theorem: Cycle structure is invariant under conjugation

Proof:

Suppose Q: ij, that is Q(i) = j.

Consider P ◦ Q ◦ P-1 (P(i)).

P ◦ Q ◦ P-1 (P(i)) = P ◦ Q ◦ (P-1 ◦ P)(i)

= P ◦ Q(i)

= P(j)

i.e. P ◦ Q ◦ P-1: P(i)P(j)

Therefore…

If Q has k-cycle (i1, i2 … ik) then P ◦ Q ◦ P-1 has k-cycle (P(i1), P(i2)…P(ik))

QED

Using Permuation Cycles on Enigma

Suppose we intercept a message: BOLJRVSQIGPQTMNWJRAKOBYTKMTTGBBRQUPWLHSOLNFEQTHJOVX

Plaintext: abcabcCiphertext: BOLJRV

Define En as the permutation that occurs when Enigma machine is in state n.

So, in the first state, aB. In the fourth state, aJE1 = (aB …E4 = (aJ …

Now…Recall the effect of the Reflector, which creates 2-letter circuits

So, if aB, then Ba. So the cycle is closed.

E1 = (aB) …E4 = (aJ) …

So, we can now compute E4 ◦ E1 = (BJ …

These are the variables a,b,c, not the actual letters

ABC

EFGH

D

Using Permuation Cycles on Enigma

If we have many intercepts from the same day, then they were produced with the same day settings.

So we can calculate the entire compositions…

E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)E5 ◦ E2 = (ORJCLVHGXKF)(AUYMPZQNDWB)(ES)(IT)

E6 ◦ E3 = (BWOIKTZHXB)(EPQJYLVGN)(ARCU)(DSMF)

BOLJRV WKOTFI JOSURM EFKBOT RBEDAPTBHCAX HWKSBT YQDZNS EBXBAB KZXAQBDABNUW QFMQOF WEOTSI UWGMBN WRBTJWWLDTVS ZYDKMS FAREUC XXHXKX DGDNXSNNSHDM QKXQFB CCZFLH VCHVLX ADPRWQXQUXNA JHJUGY TULCYV PFYWOL NQVHNGYKIZFK GGDGXS BSXJEB TITCTZ SZALQRKKDAFS SSVLEG IICITU LPSYZM OGKOXTLXRYKC MOXPRB SLNLVE KTFAID XVAXHRHFJSOY JJQUCJ DMWNPO REJDSY XUZXYH

Good news:

abc variables have been eliminated!

We’ve found a unique identifier!

Bad news:

It is one of 10,000,000,000,000,000 possibilities

Explore the nature of En

En = P ◦ Rn ◦ P where P is the plugboard permutation and Rn is rotor permutation when in state n

E4 ◦ E1 = P ◦ R4 ◦ P ◦ P ◦ R1 ◦ P

Now, recall the plugboard…

P = (ab)(cd)(ef)(gh)(ij)(kl)(m)(n)(o)(p)(q)(r)(s)(t)(u)(v)(w)(x)(y)(z)

All 2-cycles and 1-cycles, therefore P = P-1 !

E4 ◦ E1 = P ◦ R4 ◦ P ◦ P ◦ R1 ◦ P

= P ◦ R4 ◦ P ◦ P-1 ◦ R1 ◦ P

= P ◦ R4 ◦ (P ◦ P-1 ) ◦ R1 ◦ P

= P ◦ R4 ◦ R1 ◦ P

= P ◦ (R4 ◦ R1 ) ◦ P

= P ◦ (R4 ◦ R1 ) ◦ P-1

Conjugation:Cycle structure of E4 ◦ E1 is same as cycle structure of R4 ◦ R1 and is not affected at all by the plugboard!

E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)E5 ◦ E2 = (AUYMPZQNDWB)(CLVHGXKFORJ)(ES)(IT)E6 ◦ E3 = (BWOIKTZHXB)(EPQJYLVGN)(ARCU)(DSMF)

1-1-1-1-1-1-10-10 ; 2-2-11-11 ; 4-4-9-9

Remember:Keysize(R) ≈ 105

Keysize(P) ≈ 1011

ABC

EFGH

D

R P

Now, where are we?

Figuring out En is problem of size 1016

Now, we have Rn, a smaller problem: 105

Just barely small enough to attack brute force

Building the Rejewski Dictionary RO RS E4 ◦ E1 E5 ◦ E2 E6 ◦ E3

1 2 3 AAA 13-13 1-1-12-12 1-1-12-12

1 2 3 BAA 1-1-12-12 1-1-12-12 2-2-11-11

1 2 3 CAA 1-1-12-12; 2-2-11-11 1-1-12-12

1 2 3 DAA 2-2-11-11 1-1-12-12 13-13

1 2 3 EAA 1-1-12-12 13-13 13-13

1 2 3 FAA 13-13 13-13 1-1-2-2-3-3-3-3-4-4

1 2 3 GAA 13-13 1-1-2-2-3-3-3-3-4-4 2-2-5-5-6-6

1 2 3 HAA 1-1-2-2-3-3-3-3-4-4 2-2-5-5-6-6 13-13

1 2 3 IAA 2-2-5-5-6-6 13-13 4-4-9-9

1 2 3 JAA 13-13 4-4-9-9 1-1-5-5-7-7

1 2 3 KAA 4-4-9-9 1-1-5-5-7-7 13-13

1 2 3 LAA 1-1-5-5-7-7 13-13 1-1-2-2-10-10

1 2 3 MAA 13-13 1-1-2-2-10-10 1-1-1-1-11-11

. . . . .

. . . . .

. . . . .

Good news; Solved the RO, RS!

Bad news: 105 solved, 1011 not solved

1 setting every 4 minutes, x 20 hours/day = 300 / day105 / 300 ≈ 1 year to complete

…

2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 1-1-12-12 KFE 213

2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 2-2-5-5-6-6 ZTF 132

2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 5-5-8-8 GIC 312

2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-12-12 AHH 132

2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-12-12 WLA 312

2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-5-5-7-7 YKG 132

2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 DXI 213

2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 ESY 321

2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 VHX 213

2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 2-2-11-11 UNV 231

…Cycle structure is not unique…even though 105 << (1012)3 ≈ 1012 But most have < 10

Recovering the Plugboard

Plugboard is the biggest problem combinatoricallyBut… It is trivial to solve

E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)

R4 ◦ R1 = (MGWTREFBJU)(AKZCINLSHY)(P)(D)(O)(Q)(V)(X)

(BJUMPWTCFE)(BJUMGWTREF)

Plugboard settings: P/G , C/R , E/F , etc.

Paradox of Decreasing Benefit

0 1 2 3 4 5 6 7 8 9 10 11 12 131E+00

1E+05

1E+10

1E+15

# cables Keysize0 1E+001 3E+022 4E+043 3E+064 2E+085 5E+096 1E+117 1E+128 1E+139 5E+13

10 2E+1411 2E+1412 1E+1413 8E+12

# Cables

Keysize

Agenda

I. Development of Enigma Machine – Why/How/What

II. The Rejewski Crack

III. The Turing Crack

IV. Historical Impact

1939 – Brink of War

Polish deliver Enigma replica and training to England and France

Biuro Szyfrów is dismantled

Bletchley ParkHQ of British Government Code and Cypher School (GCCS)

New Challenges

Combinatoric More rotors to choose from Increase # of plugs Ring settings

Procedural Eliminate Message Key repetition Navy / Air Force / Army mods

Keysize now 1023

Turing’s Solution

Known-Plaintext attackHeil HitlerWetterberichtSeeding values

Plaintext Crib:

Ciphertext: WETTERBERICHTWETTERBERICHTWETTERBERICHTWETTERBERICHTWETTERBERICHT

Length of Crib 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

P(false fit) 96% 92% 89% 85% 82% 79% 76% 73% 70% 68% 65% 62% 60% 58% 56% 53% 51% 49% 47% 46% 44% 42% 41% 39% 38% 36% 35% 33% 32% 31%

P(false hit) = (25/26)length of crib

EXLMBTWZXBITWZCIQ

Try to place the crib without letter any letter

mapping to itself

Finding Cycles

WETTERBERICHTEXLMBTWZXBITW

E1: WEE5: EBE7: BW

Wa

bE

B

c

bE

E1

E5

E7 B

c

Wa

E1: WEE5: EBE7: BW

J Q F

J Q J

J Q L

E1

E5

E7

J Q F

J Q J

J Q L

a

b

c

b

c

a

E1

E5

E7

M D B

M C Z

M C V

a

b

c

b

c

a

E1

E5

E7

M D B

M C Z

M C V

P(false hit) = (1/26)length of cycle-1

Length of Cycle 2 3 4 5 6P(false hit) 0.038 0.0015 6E-05 2E-06 8E-08Est. # false hits 40560 1560 60 2 0

a

b

c

b

c

a

Turing’s Bombe

NOT a computer

Multi-Enigma Wiring 120 rpm max 6 hrs to solve

~70% of days cracked Accurate crib? Location of crib in message? Find cycle in message? Not too many false hits?

Crib seeding Fake missions – Get spotted 18’26”N, 72’49”E = einachtzweisechsnordensiebenzweivierneunosten

Reimann zeta zeros

Agenda

I. Development of Enigma Machine – Why/How/What

II. The Rejewski Crack

III. The Turing Crack

IV. Historical Impact

6 : 60,000,000 :: 8 : ?

Secrecy

Bletchley Park is guttedEnigma machines captured

(and distributed!)Top Secret status until 1973!

Marian Rejewski – During and After the War

1939 – Romania 1939 – France

French cipher bureau 1940 – Algeria 1940 – Back to France

Rozycki dies in transit Underground cryptography

1942 – Spain Betrayed mid-crossing Arrested + Jailed

1942 – Portugal, Gibraltar 1942 – England

No security clearance (Vichy France) Polish Army – hand ciphers

1945 – Poland 1950 – Cable salesman

Secret Service meddling 1955 – Bookkeeper

Until retirement 1973 – Finally learns about ULTRA 1980 – Dies at age 73

Alan Turing –Timeline 1936-8 – Computability, Turing Machine,

Decidability, Riemann 1939-45 – Bletchley Park 1946 – Automatic Computing Engine 1947-48 – Algorithms, Neural Nets, AI 1948 – Almost an Olympian 1948-50 – Manchester Mark I

Mersenne + ??? (Was he on a secret nuclear program?? Might explain the gov’t paranoia)

1950 – Turing Test 1951 – Mathematical Biology 1952 – Arrest 1954 – Death at age 41

Colossus Computer

Cracks Lorenz cipherHigh-level German

communicationsHistory of Computers

Z3ColossusENIACMark I

NSA

Addenda, Errata, Anecdotes

Wiring analysis Hans Thilo-Schmidt TTTTTTTTTTTT Entry wheel order

Why E1-E6, instead of E0-E5 ?

Ring Settings and Rotor Stepping

“Turing. Alan Turing.”

Other WWII Cryptanalysis

Disguising ULTRA intelligence

Suggested Reading David Kahn – The Codebreakers Simon Singh – The Code Book