Cryptanalysis of the Enigma
Encyclopedia
Cryptanalysis of the Enigma enabled the western Allies
Allies of World War II
The Allies of World War II were the countries that opposed the Axis powers during the Second World War . Former Axis states contributing to the Allied victory are not considered Allied states...

 in World War II
World War II
World War II, or the Second World War , was a global conflict lasting from 1939 to 1945, involving most of the world's nations—including all of the great powers—eventually forming two opposing military alliances: the Allies and the Axis...

 to read substantial amounts of secret Morse-coded
Morse code
Morse code is a method of transmitting textual information as a series of on-off tones, lights, or clicks that can be directly understood by a skilled listener or observer without special equipment...

 radio communications of the Axis powers
Axis Powers
The Axis powers , also known as the Axis alliance, Axis nations, Axis countries, or just the Axis, was an alignment of great powers during the mid-20th century that fought World War II against the Allies. It began in 1936 with treaties of friendship between Germany and Italy and between Germany and...

 that had been enciphered using Enigma machine
Enigma machine
An Enigma machine is any of a family of related electro-mechanical rotor cipher machines used for the encryption and decryption of secret messages. Enigma was invented by German engineer Arthur Scherbius at the end of World War I...

s. This yielded military intelligence
Military intelligence
Military intelligence is a military discipline that exploits a number of information collection and analysis approaches to provide guidance and direction to commanders in support of their decisions....

 which, along with that from other decrypted Axis radio and teleprinter
Teleprinter
A teleprinter is a electromechanical typewriter that can be used to communicate typed messages from point to point and point to multipoint over a variety of communication channels that range from a simple electrical connection, such as a pair of wires, to the use of radio and microwave as the...

 transmissions, was given the codename Ultra
Ultra
Ultra was the designation adopted by British military intelligence in June 1941 for wartime signals intelligence obtained by "breaking" high-level encrypted enemy radio and teleprinter communications at the Government Code and Cypher School at Bletchley Park. "Ultra" eventually became the standard...

. This was considered by western Supreme Allied Commander Dwight D. Eisenhower
Dwight D. Eisenhower
Dwight David "Ike" Eisenhower was the 34th President of the United States, from 1953 until 1961. He was a five-star general in the United States Army...

 to have been "decisive" to the Allied victory.

The Enigma machines were a family of portable cipher
Cipher
In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...

 machines with rotor
Rotor machine
In cryptography, a rotor machine is an electro-mechanical device used for encrypting and decrypting secret messages. Rotor machines were the cryptographic state-of-the-art for a prominent period of history; they were in widespread use in the 1920s–1970s...

 scrambler
Scrambler
In telecommunications, a scrambler is a device that transposes or inverts signals or otherwise encodes a message at the transmitter to make the message unintelligible at a receiver not equipped with an appropriately set descrambling device...

s. Good operating procedures, properly enforced, would have made the cipher unbreakable. However, most of the German armed and secret services and civilian agencies that used Enigma employed poor procedures and it was these that allowed the cipher to be broken.

The German plugboard-equipped Enigma became the Third Reich's principal crypto-system
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...

. It was reconstructed by the Polish General Staff's Cipher Bureau
Biuro Szyfrów
The Biuro Szyfrów was the interwar Polish General Staff's agency charged with both cryptography and cryptology ....

 in December 1932—with the aid of French-supplied intelligence material that had been obtained from a German spy. Shortly before the outbreak of World War II
World War II
World War II, or the Second World War , was a global conflict lasting from 1939 to 1945, involving most of the world's nations—including all of the great powers—eventually forming two opposing military alliances: the Allies and the Axis...

, the Polish Cipher Bureau initiated the French and British into its Enigma-breaking techniques and technology at a conference held in Warsaw
Warsaw
Warsaw is the capital and largest city of Poland. It is located on the Vistula River, roughly from the Baltic Sea and from the Carpathian Mountains. Its population in 2010 was estimated at 1,716,855 residents with a greater metropolitan area of 2,631,902 residents, making Warsaw the 10th most...

.

From this beginning, the British Government Code and Cypher School at Bletchley Park
Bletchley Park
Bletchley Park is an estate located in the town of Bletchley, in Buckinghamshire, England, which currently houses the National Museum of Computing...

 built up an extensive cryptanalytic facility. Initially, the decryption was mainly of Luftwaffe
Luftwaffe
Luftwaffe is a generic German term for an air force. It is also the official name for two of the four historic German air forces, the Wehrmacht air arm founded in 1935 and disbanded in 1946; and the current Bundeswehr air arm founded in 1956....

and a few Army messages, as the German Navy employed much more secure procedures for using Enigma.

Alan Turing
Alan Turing
Alan Mathison Turing, OBE, FRS , was an English mathematician, logician, cryptanalyst, and computer scientist. He was highly influential in the development of computer science, providing a formalisation of the concepts of "algorithm" and "computation" with the Turing machine, which played a...

, a Cambridge University
University of Cambridge
The University of Cambridge is a public research university located in Cambridge, United Kingdom. It is the second-oldest university in both the United Kingdom and the English-speaking world , and the seventh-oldest globally...

 mathematician and logician, provided much of the original thinking that led to the design of the cryptanalytical Bombe
Bombe
The bombe was an electromechanical device used by British cryptologists to help decipher German Enigma-machine-encrypted signals during World War II...

 machines, and the eventual breaking of naval Enigma. However, when the German Navy introduced an Enigma version with a fourth rotor for its U-boats, there was a prolonged period when those messages could not be decrypted. With the capture of relevant cipher keys and the use of much faster U.S. Navy Bombes, regular, rapid reading of German naval messages resumed.

General principles

The Enigma machines produced a polyalphabetic substitution cipher
Polyalphabetic cipher
A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets. The Vigenère cipher is probably the best-known example of a polyalphabetic cipher, though it is a simplified special case...

. During World War I
World War I
World War I , which was predominantly called the World War or the Great War from its occurrence until 1939, and the First World War or World War I thereafter, was a major war centred in Europe that began on 28 July 1914 and lasted until 11 November 1918...

, inventors in several countries realized that a purely random key sequence, containing no repetitive pattern, would, in principle, make a polyalphabetic substitution cipher unbreakable. This led to the development of rotor cipher machines which alter each character in the plaintext
Plaintext
In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties....

 to produce the ciphertext
Ciphertext
In cryptography, ciphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher...

, by means of a scrambler comprising a set of rotors that alter the electrical path from character to character, between the input device and the output device. This constant altering of the electrical pathway produces a very long period before the pattern—the key sequence
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...

 or substitution alphabet—repeats.

Deciphering enciphered messages involves three stages. Firstly, there is the identification of the system in use, in this case Enigma; secondly, breaking the system by establishing exactly how encryption takes place, and thirdly, setting, which involves finding the way that the machine was set up for an individual message, i.e. the message key. Although Kerckhoffs's principle states that a cryptosystem
Cryptosystem
There are two different meanings of the word cryptosystem. One is used by the cryptographic community, while the other is the meaning understood by the public.- General meaning :...

 should be secure even when everything about the system except the key is known to the enemy, the internal wiring of machines such as Enigma has so many possibilities that this second stage is a very important aspect of breaking them.

The Enigma machines

The Enigma rotor cipher machine was potentially an excellent system. It generated a polyalphabetic substitution cipher, with a period before repetition of the substitution alphabet that was much longer than any message, or set of messages, sent with the same key.

A major weakness of the system, however, was that no letter could be enciphered to itself. This meant that some possible solutions could quickly be eliminated because of the same letter appearing in the same place in both the ciphertext and the putative piece of plaintext. Comparing the possible plaintext Keine besonderen Ereignisse (literally, "no special occurrences"—perhaps better translated as "nothing to report"), with a section of ciphertext, might produce the following:
Exclusion of possible positions for the possible plaintext Keine besonderen Ereignisse
Ciphertext O H J Y P D O M Q N J C O S G A W H L E I H Y S O P J S M N U
Position 1 K E I N E B E S O N D E R E N E R E I G N I S S E
Position 2 K E I N E B E S O N D E R E N E R E I G N I S S E
Position 3 K E I N E B E S O N D E R E N E R E I G N I S S E
Positions 1 and 3 for the possible plaintext are impossible because of matching letters.
The red cells represent these crashes.
Position 2 is a possibility.

Structure

The mechanism of the Enigma consisted of a keyboard
Keyboard (computing)
In computing, a keyboard is a typewriter-style keyboard, which uses an arrangement of buttons or keys, to act as mechanical levers or electronic switches...

 connected to a battery
Battery (electricity)
An electrical battery is one or more electrochemical cells that convert stored chemical energy into electrical energy. Since the invention of the first battery in 1800 by Alessandro Volta and especially since the technically improved Daniell cell in 1836, batteries have become a common power...

 and a current entry plate or wheel (German: Eintrittswalze), at the right hand end of the scrambler (usually via a plugboard
Plugboard
A plugboard, or control panel , is an array of jacks, or hubs, into which patch cords can be inserted to complete an electrical circuit. Control panels were used to direct the operation of some unit record equipment...

 in the military versions). This contained a set of 26 contacts that made electrical connection with the set of 26 spring-loaded pins on the right hand rotor. The internal wiring of the core of each rotor provided an electrical pathway from the pins on one side to different connection points on the other. The left hand side of each rotor made electrical connection with the rotor to its left. The leftmost rotor then made contact with the reflector (German: Umkehrwalze). The reflector provided a set of thirteen paired connections to return the current back through the scrambler rotors, and eventually to the lampboard where a lamp under a letter was illuminated.

Whenever a key on the keyboard was pressed, the stepping motion was actuated, moving the rightmost rotor on one position. Because it advanced with each key pressed it is sometimes called the fast rotor. When a notch on that rotor engaged with a pawl on the middle rotor, that too moved; and similarly with the leftmost ('slow') rotor.

There are a huge number of ways that the connections within each scrambler rotor—and between the entry plate and the keyboard or plugboard or lampboard—could be arranged. For the reflector plate there are fewer, but still a large number of options to its possible wirings.

Each scrambler rotor could be set to any one of its 26 starting positions (any letter of the alphabet). For the Enigma machines with only three rotors, their sequence in the scrambler—which was known as the wheel order (WO) to Allied
Allies of World War II
The Allies of World War II were the countries that opposed the Axis powers during the Second World War . Former Axis states contributing to the Allied victory are not considered Allied states...

 cryptanalysts—could be selected from the six that are possible.
Possible rotor sequences—also known as Wheel Order (WO)
Left Middle Right
I II III
I III II
II I III
II III I
III I II
III II I


Later Enigma models included an alphabet ring like a tyre around the core of each rotor. This could be set in any one of 26 positions in relation to the rotor's core. The ring contained one or more notches that engaged with a pawl that advanced the next rotor to the left.

Later still, the three rotors for the scrambler were selected from a set of five or, in the case of the German Navy, eight rotors. The alphabet rings of rotors VI, VII and VIII contained two notches which, despite shortening the period of the substitution alphabet, made decryption more difficult.

Most military Enigmas also featured a plugboard
Plugboard
A plugboard, or control panel , is an array of jacks, or hubs, into which patch cords can be inserted to complete an electrical circuit. Control panels were used to direct the operation of some unit record equipment...

 (German: Steckerbrett). This altered the electrical pathway between the keyboard and the entry wheel of the scrambler and, in the opposite direction, between the scrambler and the lampboard. It did this by exchanging letters reciprocally, so that if A was plugged to G then pressing key A would lead to current entering the scrambler at the G position, and if G was pressed the current would enter at A. The same connections applied for the current on the way out to the lamp panel.

For an enemy to decipher German military Enigma messages required that the following were known.

Logical structure of the machine (unchanging)
  • The wiring between the keyboard (and lampboard) and the entry plate.
  • The wiring of each rotor.
  • The number and position(s) of turnover notches on the rings of the rotors.
  • The wiring of the reflectors.

Internal settings (usually changed less frequently than external settings)
  • The selection of rotors in use and their positions on the spindle (Walzenlage or "wheel order").
  • The positions of the alphabet ring in relation to the core of each rotor in use (Ringstellung or "ring settings").

External settings (usually changed more frequently than internal settings)
  • The plugboard connections (Steckerverbindungen or "stecker values").
  • The scrambler rotor positions at the start of enciphering the text of the message.

Security properties

The various Enigma models provided different levels of security. The presence of a plugboard (Steckerbrett) substantially increased the security of the encipherment. Each pair of letters that were connected together by a plugboard lead, were referred to as stecker partners, and the letters that remained unconnected were said to be self-steckered. In general, the unsteckered Enigma was used for commercial and diplomatic traffic and could be broken relatively easily using hand methods, while attacking versions with a plugboard was much more difficult. The British read unsteckered Enigma messages sent during the Spanish Civil War
Spanish Civil War
The Spanish Civil WarAlso known as The Crusade among Nationalists, the Fourth Carlist War among Carlists, and The Rebellion or Uprising among Republicans. was a major conflict fought in Spain from 17 July 1936 to 1 April 1939...

, and also some Italian naval traffic enciphered early in World War II.

The strength of the security of the ciphers that were produced by the Enigma machine was a product of the large numbers associated with the scrambling process.
  1. It produced a polyalphabetic substitution cipher with a period (16,900) that was many times the length of the longest message.
  2. The 3-rotor scrambler could be set in 26 × 26 × 26 = 17,576 ways, and the 4-rotor scrambler in 26 × 17,576 = 456,976 ways.
  3. With six leads on the plugboard, the number of ways that pairs of letters could be interchanged was 100,391,791,500 (100 billion) and with ten leads, it was 150,738,274,937,250 (150 trillion).


However, the way that Enigma was used by the Germans meant that, if the settings for one day (or whatever period was represented by each row of the setting sheet) were established, the rest of the messages for that network on that day could quickly be deciphered.

The security of Enigma ciphers did have fundamental weaknesses that proved helpful to cryptanalysts.
  1. A letter could never be encrypted to itself. This property was of great help in using cribs
    Known-plaintext attack
    The known-plaintext attack is an attack model for cryptanalysis where the attacker has samples of both the plaintext , and its encrypted version . These can be used to reveal further secret information such as secret keys and code books...

    —short sections of plaintext thought to be somewhere in the ciphertext—and could be used to eliminate a crib in a particular position. For a possible location, if any letter in the crib matched a letter in the ciphertext at the same position, the location could be ruled out. It was this feature that the British mathematician
    Mathematician
    A mathematician is a person whose primary area of study is the field of mathematics. Mathematicians are concerned with quantity, structure, space, and change....

     and logic
    Logic
    In philosophy, Logic is the formal systematic study of the principles of valid inference and correct reasoning. Logic is used in most intellectual activities, but is studied primarily in the disciplines of philosophy, mathematics, semantics, and computer science...

    ian Alan Turing
    Alan Turing
    Alan Mathison Turing, OBE, FRS , was an English mathematician, logician, cryptanalyst, and computer scientist. He was highly influential in the development of computer science, providing a formalisation of the concepts of "algorithm" and "computation" with the Turing machine, which played a...

     exploited in designing the British bombe
    Bombe
    The bombe was an electromechanical device used by British cryptologists to help decipher German Enigma-machine-encrypted signals during World War II...

    .
  2. The plugboard connections were reciprocal, so that if A was plugged to N, then N likewise became A. It was this property that led mathematician Gordon Welchman
    Gordon Welchman
    Gordon Welchman was a British-American mathematician, university professor, World War II codebreaker at Bletchley Park, and author.-Education and early career:...

     at Bletchley Park to propose that a diagonal board be introduced into the bombe, substantially reducing the number of incorrect rotor settings that the bombes found.
  3. The notches in the alphabet rings of rotors I to V were in different positions, which helped cryptanalysts to work out the wheel order by observing when the middle rotor was turned over by the right-hand rotor.
  4. There were substantial weaknesses, in both policies and practice, in the way that Enigma was used (see 'Operating shortcomings' below).

Key setting

Enigma featured the major operational convenience of being symmetrical (or self-inverse
Inverse function
In mathematics, an inverse function is a function that undoes another function: If an input x into the function ƒ produces an output y, then putting y into the inverse function g produces the output x, and vice versa. i.e., ƒ=y, and g=x...

). This meant that decipherment
Decipherment
Decipherment is the analysis of documents written in ancient languages, where the language is unknown, or knowledge of the language has been lost....

 worked in the same way as encipherment
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...

, so that when the ciphertext
Ciphertext
In cryptography, ciphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher...

 was typed in, the sequence of lamps that lit yielded the plaintext
Plaintext
In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties....

.

Identical setting of the machines at the transmitting and receiving ends was achieved by key setting procedures. These varied from time to time and across different networks
Telecommunications network
A telecommunications network is a collection of terminals, links and nodes which connect together to enable telecommunication between users of the terminals. Networks may use circuit switching or message switching. Each terminal in the network must have a unique address so messages or connections...

. They consisted of a combination of transmitting an indicator as part of the message preamble, and monthly setting sheets in a codebook
Codebook
A codebook is a type of document used for gathering and storing codes. Originally codebooks were often literally books, but today codebook is a byword for the complete record of a series of codes, regardless of physical format.-Cryptography:...

. These were distributed to all users of a network and were changed regularly. During WWII the settings for most networks lasted for 24 hours, although towards the end of the war, some were changed more frequently. The sheets had columns specifying, for each day of the month, the rotors to be used and their positions, the ring positions and the plugboard connections. The dates were in reverse chronological order down the page. For security, each row was cut off and destroyed when it was finished with.
The top part of an early setting sheet looked something like this
Datum [Date] Walzenlage [Rotors] Ringstellung [Ring settings] Steckerverbindungen
[Plugboard settings]
Grundstellung
[Indicator settings]
31 III II I W N M HK CN IO FY JM LW RAO
30 III I II C K U CK IZ QT NP JY GW VQN
29 I II III D Q G MO DI GY PU CJ FQ UKY
28 III I II B H N FR LY OX IT BM GJ XIO


Up until 15 September 1938, the transmitting operator indicated to the receiving operator(s) how to set their rotors, by choosing a three letter message key (the key specific to that message) and enciphering it twice using the specified indicator setting. The resultant 6-letter indicator, was then transmitted before the enciphered text of the message. Suppose that the specified indicator setting was RAO, and the chosen 3-letter message key was IHL, the operator would set the rotors to RAO and encipher IHL twice. The resultant ciphertext, say OTUNSD, would be transmitted, followed by the message enciphered using message key IHL. The receiving operator would use the specified indicator setting RAO to decipher the first six letters, yielding IHLIHL. The receiving operator, seeing the repeated message key would know that there had been no corruption and use IHL to decipher the message.

The major weakness of specifying the indicator setting on the setting sheets, and so using the same indicator for all the messages of that day, was removed in September 1938, with a change to the operator choosing his own indicator setting and transmitting it in clear as the first part of the 9-letter indicator. The practice of sending the enciphered message key twice was, however, an even greater cryptographic weakness, but it was continued until May 1940.

Polish breakthrough

In the 1920s the German military began using a 3-rotor Enigma, whose security was increased in 1930 by the addition of a plugboard. In Poland, which justifiably felt threatened by Germany, the Polish Cipher Bureau in Warsaw sought to break it. On 1 September 1932, a 27-year-old Polish mathematician, Marian Rejewski
Marian Rejewski
Marian Adam Rejewski was a Polish mathematician and cryptologist who in 1932 solved the plugboard-equipped Enigma machine, the main cipher device used by Germany...

, joined the Bureau along with two fellow Poznań University mathematics graduates, Henryk Zygalski
Henryk Zygalski
Henryk Zygalski was a Polish mathematician and cryptologist who worked at breaking German Enigma ciphers before and during World War II.-Life:...

 and Jerzy Różycki
Jerzy Rózycki
Jerzy Witold Różycki was a Polish mathematician and cryptologist who worked at breaking German Enigma-machine ciphers.-Life:Różycki was born in what is now Ukraine, the fourth and youngest child of Zygmunt Różycki, a pharmacist and graduate of Saint Petersburg University, and Wanda, née Benita. ...

. Their first task was to solve the logical structure of the military Enigma, which differed from the commercial version.

In December 1932, the Bureau received from Gustave Bertrand
Gustave Bertrand
Gustave Bertrand was a French military intelligence officer who made a vital contribution to the decryption, by Poland's Cipher Bureau, of German Enigma ciphers, beginning in December 1932...

 of French Military Intelligence, two German documents and two pages of Enigma daily keys which had been obtained by the French from an agent who worked at Germany's Cipher Office in Berlin, Hans Thilo-Schmidt. This material enabled Rejewski to achieve "one of the most important breakthroughs in cryptologic history" by using the theory of permutations and groups
Permutation group
In mathematics, a permutation group is a group G whose elements are permutations of a given set M, and whose group operation is the composition of permutations in G ; the relationship is often written as...

 to work out the Enigma scrambler wiring.

Rejewski found that the connections between the military Enigma's keyboard and the entry ring were not, as in the commercial Enigma, in the order of the keys on a German typewriter. He made an inspired correct guess that it was in alphabetical order. Britain's Dilly Knox
Dilly Knox
Alfred Dillwyn 'Dilly' Knox CMG was a classics scholar at King's College, Cambridge, and a British codebreaker...

 was astonished when he learned, in July 1939, that the arrangement was so simple. Having worked out the logical structure of the machine, Rejewski had replicas made, which he called 'Enigma doubles'.

Rejewski's characteristics method

Marian Rejewski quickly spotted the Germans' major procedural weakness of specifying a single indicator setting (Grundstellung) for all messages on a network for a day, and repeating the operator's chosen message key in the enciphered 6-letter indicator. This helped him to work out the rotor wirings In the above example of OTUNSD being the enciphered indicator, it is known that the first letter O and the fourth letter N represent the same letter, enciphered three positions apart in the scrambler sequence. Similarly with T and S in the second and fifth positions, and U and D in the third and sixth. Rejewski exploited this fact by collecting a sufficient set of messages enciphered with the same indicator setting, and assembling three tables for the 1,4, the 2,5, and the 3,6 pairings. Each of these might look something like the following:
First letter A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Fourth letter X F E A R B S L H Q I G C V D Z W K M N J U O Y T P

A path from one first letter to the corresponding fourth letter, then from that letter as the first letter to its corresponding fourth letter, and so on until the first letter recurs, traces out a cycle group
Cycle graph (algebra)
In group theory, a sub-field of abstract algebra, a group cycle graph illustrates the various cycles of a group and is particularly useful in visualizing the structure of small finite groups...

. The above table contains four cycle groups.
Cycle group starting at A (12 links) (A, X, Y, T, N, V, U, J, Q, W, O, D, A)
Cycle group starting at B (2 links) (B, F, B)
Cycle group starting at C (10 links) (C, E, R, K, I, H, L, G, S, M, C)
Cycle group starting at P (2 links) (P, Z, P)

Rejewski realised that, although the letters in these cycle groups were changed by the plugboard, their patterns—in this example, four groups with 12, 10, 2 and 2 links—were not. He described this as the characteristic of the indicator setting. This reduced the number of possibilities for the indicator setting from 10,000 trillion to 105,456. The Poles therefore set about creating a card catalog
Card catalog (cryptology)
The card catalog, or "catalog of characteristics," in cryptography, was a system designed by Polish Cipher Bureau mathematician-cryptologist Marian Rejewski, and first completed about 1935 or 1936, to facilitate decrypting German Enigma ciphers.-History:...

 of these cycle patterns.

Rejewski, in 1934 or 1935, devised a machine to facilitate this task, called a cyclometer
Cyclometer
The cyclometer was a cryptologic device designed, "probably in 1934 or 1935," by Marian Rejewski of the Polish Cipher Bureau's German section to facilitate decryption of German Enigma ciphertext.-History:...

. This "comprised two sets of rotors... connected by wires through which electric current could run. Rotor N in the second set was three letters out of phase with respect to rotor N in the first set, whereas rotors L and M in the second set were always set the same way as rotors L and M in the first set". Preparation of this catalog, using the cyclometer, was, said Rejewski, "laborious and took over a year, but when it was ready, obtaining daily keys was a question of [some fifteen] minutes".

However, on 1 November 1937, the Germans changed the Enigma reflector
Reflector (cipher machine)
A reflector, in cryptology, is a component of some rotor cipher machines, such as the Enigma machine, that sends electrical impulses that have reached it from the machine's rotors, back in reverse order through those rotors.- Other names :...

, necessitating the production of a new catalog—"a task which [says Rejewski] consumed, on account of our greater experience, probably somewhat less than a year's time".

This characteristics method stopped working for German naval Enigma messages on 1 May 1937, when the indicator procedure was changed to one involving special codebooks (see German Navy 3-rotor Enigma below). Worse still, on 15 September 1938 it stopped working for German army and air force messages because operators were then required to choose their own indicator setting for each message.

Perforated sheets

Although the characteristics method no longer worked, the inclusion of the enciphered message key twice, gave rise to a phenomenon that the cryptanalyst Henryk Zygalski
Henryk Zygalski
Henryk Zygalski was a Polish mathematician and cryptologist who worked at breaking German Enigma ciphers before and during World War II.-Life:...

 was able to exploit. Sometimes (about one message in eight) one of the repeated letters in the message key enciphered to the same letter on both occasions. These occurrences were called samiczki (in English, females—a term later used at Bletchley Park).

Only a limited number of scrambler settings would give rise to females, and these would have been identifiable from the card catalog. If the first six letters of the ciphertext were SZVSIK, this would be termed a 1-4 female; if WHOEHS, a 2-5 female; and if ASWCRW, a 3-6 female. The method was called Netz (from Netzverfahren, "net method"), or the Zygalski sheet method as it used perforated sheets that he devised, although at Bletchley Park Zygalski's name was not used for security reasons. Some ten females from a day's messages were required for success.

There was a set of 26 of these sheets for each of the six possible sequences wheel orders. Each sheet was for the left (slowest-moving) rotor. The 51 by 51 matrices on the sheets represented the 676 possible starting positions of the middle and right rotors. The sheets contained about 1000 holes in the positions in which a female could occur. The set of sheets for that day's messages would be appropriately positioned on top of each other in the perforated sheets apparatus
Perforated sheets
The method of Zygalski sheets was a cryptologic technique used by the Polish Cipher Bureau before and during World War II, and during the war also by British cryptologists at Bletchley Park, to decrypt messages enciphered on German Enigma machines....

. Rejewski wrote about how the device was operated:
The holes in the sheets were painstakingly cut with razor blades and in the three months before the next major setback, the sets of sheets for only two of the possible six wheel orders had been produced.

Polish bomba

After Rejewski's
Marian Rejewski
Marian Adam Rejewski was a Polish mathematician and cryptologist who in 1932 solved the plugboard-equipped Enigma machine, the main cipher device used by Germany...

 characteristics method became useless, he invented an electro-mechanical device that was dubbed the bomba kryptologiczna
Bomba (cryptography)
The bomba, or bomba kryptologiczna was a special-purpose machine designed about October 1938 by Polish Cipher Bureau cryptologist Marian Rejewski to break German Enigma-machine ciphers....

 or cryptologic bomb. Each machine contained six sets of Enigma rotors for the six positions of the repeated three-letter key. Like the Zygalski sheet method, the bomba relied on the occurrence of females, but required only three instead of about ten for the sheet method. Six bomby were constructed, one for each of the then possible wheel orders. Each bomba conducted an exhaustive (brute-force
Brute force attack
In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...

) analysis of the 17,576 possible message keys.

Rejewski has written about the device:

Major setback

On 15 December 1938, the German Army increased the complexity of Enigma enciphering by introducing two additional rotors (IV and V). This increased the number of possible wheel orders from 6 to 60. The Poles could then read only the small minority of messages that used neither of the two new rotors. They did not have the resources to commission 54 more bombs or produce 58 sets of Zygalski sheets. Other Enigma users received the two new rotors at the same time. However, until 1 July 1939 the Sicherheitsdienst
Sicherheitsdienst
Sicherheitsdienst , full title Sicherheitsdienst des Reichsführers-SS, or SD, was the intelligence agency of the SS and the Nazi Party in Nazi Germany. The organization was the first Nazi Party intelligence organization to be established and was often considered a "sister organization" with the...

(SD)—the intelligence agency of the SS
Schutzstaffel
The Schutzstaffel |Sig runes]]) was a major paramilitary organization under Adolf Hitler and the Nazi Party. Built upon the Nazi ideology, the SS under Heinrich Himmler's command was responsible for many of the crimes against humanity during World War II...

 and the Nazi Party—continued to use its machines in the old way with the same indicator setting for all messages. This allowed Rejewski to reuse his previous method, and by about the turn of the year he had worked out the wirings of the two new rotors. On 1 January 1939, the Germans increased the number of plugboard connections from between five and eight to between seven and ten, which made other methods of decryption even more difficult.

Rejewski wrote, in a 1979 critique of appendix 1, volume 1 (1979), of the official history of British Intelligence in the Second World War:

Italian naval Enigma

During the Spanish Civil War
Spanish Civil War
The Spanish Civil WarAlso known as The Crusade among Nationalists, the Fourth Carlist War among Carlists, and The Rebellion or Uprising among Republicans. was a major conflict fought in Spain from 17 July 1936 to 1 April 1939...

, Italy sided with Franco's
Francisco Franco
Francisco Franco y Bahamonde was a Spanish general, dictator and head of state of Spain from October 1936 , and de facto regent of the nominally restored Kingdom of Spain from 1947 until his death in November, 1975...

 Nationalists. The Italian Navy
Regia Marina
The Regia Marina dates from the proclamation of the Kingdom of Italy in 1861 after Italian unification...

 used a version of Enigma that did not have a plugboard. In April 1937 Dillwyn "Dilly" Knox
Dilly Knox
Alfred Dillwyn 'Dilly' Knox CMG was a classics scholar at King's College, Cambridge, and a British codebreaker...

, a gifted British cryptanalyst veteran of World War I
World War I
World War I , which was predominantly called the World War or the Great War from its occurrence until 1939, and the First World War or World War I thereafter, was a major war centred in Europe that began on 28 July 1914 and lasted until 11 November 1918...

 and the cryptanalytical activities of Room 40
Room 40
In the history of Cryptanalysis, Room 40 was the section in the Admiralty most identified with the British cryptoanalysis effort during the First World War.Room 40 was formed in October 1914, shortly after the start of the war...

, managed to break this cipher, using a technique that he called buttoning up to discover the rotor wirings and another that he called rodding to break messages. This relied heavily on cribs and on a crossword-solver's expertise in Italian, as it yielded a limited number of spaced-out letters at a time.

When in 1940 Dilly Knox wanted to establish whether the Italian Navy were still using the same system, he instructed his assistants to use rodding to see whether the crib PERX (per being Italian for "for" and X being used to indicate a space between words) worked for the first part of the message. After three months there was no success, but Mavis Lever, a 19-year-old student, found that rodding produced PERS for the first four letters of one message. She then (against orders) tried beyond this and obtained PERSONALE (Italian for "personal"). This confirmed that the Italians were indeed using the same machines and procedures.

The subsequent breaking of Italian naval Enigma ciphers led to substantial Allied successes. The cipher-breaking was disguised by sending a reconnaissance aircraft
Surveillance aircraft
A surveillance aircraft is an aircraft used for surveillance — collecting information over time. They are operated by military forces and other government agencies in roles such as intelligence gathering, battlefield surveillance, airspace surveillance, observation , border patrol and fishery...

 to the known location of a warship before attacking it, so that the Italians assumed that this was how they had been discovered. The Royal Navy's
Royal Navy
The Royal Navy is the naval warfare service branch of the British Armed Forces. Founded in the 16th century, it is the oldest service branch and is known as the Senior Service...

  victory at the Battle of Matapan
Battle of Cape Matapan
The Battle of Cape Matapan was a Second World War naval battle fought from 27–29 March 1941. The cape is on the southwest coast of Greece's Peloponnesian peninsula...

 (March 1941) was considerably helped by Ultra
Ultra
Ultra was the designation adopted by British military intelligence in June 1941 for wartime signals intelligence obtained by "breaking" high-level encrypted enemy radio and teleprinter communications at the Government Code and Cypher School at Bletchley Park. "Ultra" eventually became the standard...

 intelligence obtained from Italian naval Enigma signals.

Polish disclosures

As the likelihood of war increased in 1939, Britain and France pledged support for Poland in the event of action that threatened her independence. In April, Germany withdrew from the German-Polish Non-Aggression Pact
German-Polish Non-Aggression Pact
The German–Polish Non-Aggression Pact was an international treaty between Nazi Germany and the Second Polish Republic signed on January 26, 1934. In it, both countries pledged to resolve their problems through bilateral negotiations and to forgo armed conflict for a period of ten years...

 of January 1934. The Polish General Staff, realizing what was likely to happen, decided to share their work on Enigma decryption with their western allies. Marian Rejewski
Marian Rejewski
Marian Adam Rejewski was a Polish mathematician and cryptologist who in 1932 solved the plugboard-equipped Enigma machine, the main cipher device used by Germany...

 later wrote:

At a conference near Warsaw on 26 and 27 July 1939, the Poles revealed to the French and British that they had broken Enigma and pledged to give each a Polish-reconstructed Enigma, along with details of their Enigma-solving techniques and equipment, including Zygalski's perforated sheets
Perforated sheets
The method of Zygalski sheets was a cryptologic technique used by the Polish Cipher Bureau before and during World War II, and during the war also by British cryptologists at Bletchley Park, to decrypt messages enciphered on German Enigma machines....

 and Rejewski's cryptologic bomb
Bomba (cryptography)
The bomba, or bomba kryptologiczna was a special-purpose machine designed about October 1938 by Polish Cipher Bureau cryptologist Marian Rejewski to break German Enigma-machine ciphers....

. In return, the British pledged to prepare two full sets of Zygalski sheets for all 60 possible wheel orders. Dilly Knox
Dilly Knox
Alfred Dillwyn 'Dilly' Knox CMG was a classics scholar at King's College, Cambridge, and a British codebreaker...

 was a member of the British delegation. He commented on the fragility of the Polish system's reliance on the repetition in the indicator because it might, "at any moment be cancelled". In August two Polish Enigma doubles were sent to Paris, whence Gustave Bertrand
Gustave Bertrand
Gustave Bertrand was a French military intelligence officer who made a vital contribution to the decryption, by Poland's Cipher Bureau, of German Enigma ciphers, beginning in December 1932...

 sent one to London, handing it to Stewart Menzies
Stewart Menzies
Major General Sir Stewart Graham Menzies, KCB, KCMG, DSO, MC was Chief of MI6 , British Secret Intelligence Service, during and after World War II.-Early life, family:...

 of Britain's Secret Intelligence Service
Secret Intelligence Service
The Secret Intelligence Service is responsible for supplying the British Government with foreign intelligence. Alongside the internal Security Service , the Government Communications Headquarters and the Defence Intelligence , it operates under the formal direction of the Joint Intelligence...

 at Victoria Station.

Gordon Welchman
Gordon Welchman
Gordon Welchman was a British-American mathematician, university professor, World War II codebreaker at Bletchley Park, and author.-Education and early career:...

, who became head of Hut 6
Hut 6
Hut 6 was a wartime section of Bletchley Park tasked with the solution of German Army and Air Force Enigma machine ciphers. Hut 8, by contrast, attacked Naval Enigma...

 at Bletchley Park, wrote:

Peter Calvocoressi
Peter Calvocoressi
Peter John Ambrose Calvocoressi was a British political author, historian and a former intelligence officer at Bletchley Park during World War II.-Early years:...

, who became head of the Luftwaffe section in Hut 3, wrote of the Polish contribution:

PC Bruno

On 17 September 1939, as the Soviet Army
Soviet Army
The Soviet Army is the name given to the main part of the Armed Forces of the Soviet Union between 1946 and 1992. Previously, it had been known as the Red Army. Informally, Армия referred to all the MOD armed forces, except, in some cases, the Soviet Navy.This article covers the Soviet Ground...

 invaded eastern Poland, Cipher Bureau personnel crossed their country's southeastern border into Romania
Romania
Romania is a country located at the crossroads of Central and Southeastern Europe, on the Lower Danube, within and outside the Carpathian arch, bordering on the Black Sea...

. They eventually made their way to France
France
The French Republic , The French Republic , The French Republic , (commonly known as France , is a unitary semi-presidential republic in Western Europe with several overseas territories and islands located on other continents and in the Indian, Pacific, and Atlantic oceans. Metropolitan France...

, and on 20 October 1939, at PC Bruno
PC Bruno
PC Bruno was a Polish-French intelligence station that operated outside Paris during World War II, from October 1939 until June 9, 1940. It decrypted German ciphers, most notably messages enciphered on the Enigma machine.-History:...

outside Paris
Paris
Paris is the capital and largest city in France, situated on the river Seine, in northern France, at the heart of the Île-de-France region...

, the Polish cryptanalists resumed work on German Enigma ciphers in collaboration with Bletchley Park
Bletchley Park
Bletchley Park is an estate located in the town of Bletchley, in Buckinghamshire, England, which currently houses the National Museum of Computing...

.

PC Bruno and Bletchley Park worked together closely, communicating via a telegraph line secured by the use of Enigma doubles. In January 1940 Alan Turing
Alan Turing
Alan Mathison Turing, OBE, FRS , was an English mathematician, logician, cryptanalyst, and computer scientist. He was highly influential in the development of computer science, providing a formalisation of the concepts of "algorithm" and "computation" with the Turing machine, which played a...

 spent several days at PC Bruno conferring with his Polish colleagues. He had brought the Poles a full set of Zygalski sheets that had been punched at Bletchley Park by John Jeffreys using Polish-supplied information, and on 17 January 1940, the Poles made the first break into wartime Enigma traffic—that from 28 October 1939. From that time, until the Fall of France
Battle of France
In the Second World War, the Battle of France was the German invasion of France and the Low Countries, beginning on 10 May 1940, which ended the Phoney War. The battle consisted of two main operations. In the first, Fall Gelb , German armoured units pushed through the Ardennes, to cut off and...

 in June 1940, 17 percent of the Enigma keys that were found by the allies, were solved at PC Bruno.

The Germans, just before opening their 10 May 1940 offensive against the Low countries
Low Countries
The Low Countries are the historical lands around the low-lying delta of the Rhine, Scheldt, and Meuse rivers, including the modern countries of Belgium, the Netherlands, Luxembourg and parts of northern France and western Germany....

 in their thrust towards France, had made the feared change in the indicator procedure, discontinuing the duplication of the enciphered message key. This meant that the Zygalski sheet method no longer worked. Instead, the cryptanalysts had to rely on exploiting the operator weaknesses described below, particularly the cillies and the Herivel tip.

After the June Franco-German armistice, the Polish cryptological team resumed work in France's southern Free Zone, although probably not on Enigma. Marian Rejewski and Henryk Zygalski, after a perilous journey finally made it to Britain where they were inducted into the Polish Army and put to work breaking German SS and SD
Sicherheitsdienst
Sicherheitsdienst , full title Sicherheitsdienst des Reichsführers-SS, or SD, was the intelligence agency of the SS and the Nazi Party in Nazi Germany. The organization was the first Nazi Party intelligence organization to be established and was often considered a "sister organization" with the...

hand ciphers at a Polish signals facility in Boxmoor
Boxmoor
Boxmoor, or Boxmoor Village, is a district of Dacorum in Hertfordshire, England. It is now part of Hemel Hempstead. It is a district of mainly nineteenth century housing and meadowland, repeatedly cut through by transport links from London to the The Midlands....

. Because of having been in occupied France, it was considered too risky to invite them to work at Bletchley Park.

After the German occupation of Vichy France
Vichy France
Vichy France, Vichy Regime, or Vichy Government, are common terms used to describe the government of France that collaborated with the Axis powers from July 1940 to August 1944. This government succeeded the Third Republic and preceded the Provisional Government of the French Republic...

, several of those who had worked at PC Bruno were captured by the Germans. Despite the dire circumstances in which some of them were held, none betrayed the secret of Enigma's decryption.

Operating shortcomings

Apart from some less-than-ideal inherent characteristics of the Enigma, in practice the machine's greatest weakness was the way that it was used. The basic principle of this sort of enciphering machine is that it should deliver a very long stream of transformations that are difficult for a cryptanalyst to predict. Some of the instructions to operators, however, and their sloppy habits, had the opposite effect. Without these operating shortcomings, Enigma would not have been broken.

The set of shortcomings that the Polish cryptanalysts exploited to such great effect included the following:
  • Producing an early Enigma training manual containing an example of plaintext and its genuine ciphertext, together with the relevant message key. When Rejewski was given this in December 1932, it "made [his reconstruction of the Enigma machine
    Enigma machine
    An Enigma machine is any of a family of related electro-mechanical rotor cipher machines used for the encryption and decryption of secret messages. Enigma was invented by German engineer Arthur Scherbius at the end of World War I...

    ] somewhat easier".
  • Repetition of the message key as described in early indicator procedures, above. (This helped in Rejewski's solving Enigma's wiring in 1932, and was continued until May 1940.)
  • Repeatedly using the same stereotypical expressions in messages, an early example of what Bletchley Park would later term cribs. Rejewski wrote that "... we relied on the fact that the greater number of messages began with the letters ANX—German for "to", followed by X as a spacer".
  • The use of easily-guessed keys such as AAA or BBB, or sequences that reflected the layout of the Enigma keyboard, such as "three [typing] keys that stand next to each other [o]r diagonally [from each other]..." Sometimes, with multi-part messages, the operator would not enter a key for a subsequent part of a message, merely leaving the rotors as they were at the end of the previous part, to become the message key for the next part. At Bletchley Park such occurrences were called cillies. Cillies in the operation of the four-rotor Abwehr Enigma included four-letter names and German obscenities.
  • Having only three different rotors for the three positions in the scrambler. (This continued until December 1938, when it was increased to five and then eight for naval traffic in 1940.)
  • Using only six plugboard leads, leaving 14 letters unsteckered. (This continued until January 1939 when the number of leads was increased, leaving only a small number of letters unsteckered.)


Other useful shortcomings that were discovered by the British and later the American cryptanalysts included the following, many of which depended on frequent breaking of a particular network:
  • The practice of re-transmitting a message in an identical, or near-identical, form on different cipher networks. If a message was transmitted using both a low-level cipher that Bletchley Park broke by hand, and Enigma, the decrypt provided an excellent crib for Enigma decipherment.
  • For machines where there was a choice of more rotors than there were slots for them, a rule on some networks stipulated that no rotor should be in the same slot in the scrambler as it had been for the immediately preceding configuration. This reduced the number of wheel orders that had to be tried.
  • Not allowing a wheel order to be repeated on a monthly setting sheet. This meant that when the keys were being found on a regular basis, economies in excluding possible wheel orders could be made.
  • The stipulation, for Air Force operators, that no letter should be connected on the plugboard to its neighbour in the alphabet. This reduced the problem of identifying the plugboard connections and was automated in some Bombes with a Consecutive Stecker Knock-Out (CKSO) device.
  • The sloppy practice that John Herivel
    John Herivel
    John W. Herivel was a British science historian and former World War II codebreaker at Bletchley Park.As a codebreaker concerned with Cryptanalysis of the Enigma, Herivel is remembered chiefly for the discovery of what was soon dubbed the Herivel tip or Herivelismus...

     anticipated soon after his arrival at Bletchley Park in January 1940. He thought about the practical actions that an Enigma operator would have to make, and the short cuts he might employ. He thought that, after setting the alphabet rings to the prescribed setting, and closing the lid, the operator might not turn the rotors by more than a few places in selecting the first part of the indicator. Initially this did not seem to be the case, but after the changes of May 1940, what became known as the Herivel tip proved to be most useful.
  • The practice of re-using some of the columns of wheel orders, ring settings or plugboard connections from previous months. The resulting analytical short-cut was christened at Bletchley Park Parkerismus after Reg Parker, who had, through his meticulous record-keeping, spotted this phenomenon.
  • The re-use of a permutation in the German Air Force METEO code as the Enigma stecker permutation for the day.


Mavis Lever, a member of Dilly Knox's
Dilly Knox
Alfred Dillwyn 'Dilly' Knox CMG was a classics scholar at King's College, Cambridge, and a British codebreaker...

 team, recalled an occasion when there was an extraordinary message.

Postwar debriefings of German cryptographic specialists, conducted as part of project TICOM
TICOM
TICOM was a project formed in World War II by the United States to find and seize German intelligence assets, particularly cryptographic ones. The project was stimulated chiefly by the US military cryptography organizations, and had support from the highest levels.Several teams were sent into the...

, tend to support the view that the Germans were well aware that Enigma was theoretically breakable, but felt that the resources required to mount a pure brute-force attack on it would be impracticable. To the war's end, the Germans continued making improvements to the system, though they considered it to be, for all practical purposes, unbreakable.

Crib-based decryption

The term crib
Known-plaintext attack
The known-plaintext attack is an attack model for cryptanalysis where the attacker has samples of both the plaintext , and its encrypted version . These can be used to reveal further secret information such as secret keys and code books...

was used at Bletchley Park
Bletchley Park
Bletchley Park is an estate located in the town of Bletchley, in Buckinghamshire, England, which currently houses the National Museum of Computing...

 to denote any known plaintext or suspected plaintext at some point in an enciphered message. This cryptanalytic approach was thus a chosen-plaintext attack
Chosen-plaintext attack
A chosen-plaintext attack is an attack model for cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts. The goal of the attack is to gain some further information which reduces the security of the...

.

Britain's Government Code and Cipher School (GCCS), before its move to Bletchley Park, had realized the value of recruiting mathematicians and logicians to work in codebreaking teams. Alan Turing
Alan Turing
Alan Mathison Turing, OBE, FRS , was an English mathematician, logician, cryptanalyst, and computer scientist. He was highly influential in the development of computer science, providing a formalisation of the concepts of "algorithm" and "computation" with the Turing machine, which played a...

, a Cambridge University mathematician with an interest in cryptology and in machines for implementing logical operations—and who was regarded by many as a genius—had started work for GCCS on a part-time basis from about the time of the Munich Crisis
Munich Agreement
The Munich Pact was an agreement permitting the Nazi German annexation of Czechoslovakia's Sudetenland. The Sudetenland were areas along Czech borders, mainly inhabited by ethnic Germans. The agreement was negotiated at a conference held in Munich, Germany, among the major powers of Europe without...

 in 1938. Gordon Welchman
Gordon Welchman
Gordon Welchman was a British-American mathematician, university professor, World War II codebreaker at Bletchley Park, and author.-Education and early career:...

, another Cambridge mathematician, had also received initial training in 1938, and they both reported to Bletchley Park on 4 September 1939, the day after Britain declared war on Germany.

Most of the Polish success had relied on the repetition within the indicator. But as soon as Turing moved to Bletchley Park—where he initially joined Dilly Knox
Dilly Knox
Alfred Dillwyn 'Dilly' Knox CMG was a classics scholar at King's College, Cambridge, and a British codebreaker...

 in the research section—he set about seeking methods that did not rely on this weakness, as they correctly anticipated that the German Army and Air Force might follow the German Navy in improving their indicator system.

The Poles had used an early form of crib-based decryption in the days when only six leads were used on the plugboard. The technique became known as the Forty Weepy Weepy method for the following reason. When a message was a continuation of a previous one, the plaintext would start with FORT (from Fortsetzung, meaning "continuation") followed by the time of the first message given twice bracketed by the letter Y. At this time numerals were represented by the letters on the top row of the Enigma keyboard. So, "continuation of message sent at 2330" was represented as FORTYWEEPYYWEEPY.
Top row of the Enigma keyboard and the numerals they represented
Q W E R T Z U I O
1 2 3 4 5 6 7 8 9
(Zero was represented by P)


Cribs were fundamental to the British approach to breaking Enigma, but guessing the plaintext
Plaintext
In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties....

 for a message was a highly skilled business. So in 1940 Stuart Milner-Barry
Stuart Milner-Barry
Sir Stuart Milner-Barry KCVO, CB, OBE was a British chess player, chess writer, World War II codebreaker and civil servant. He represented England in chess both before and after World War II...

 set up a special Crib Room in Hut 8.

Foremost amongst the knowledge needed for identifying cribs was the text of previous decrypts. Bletchley Park maintained detailed indexes of message preambles, of every person, of every ship, of every unit, of every weapon, of every technical term and of repeated phrases such as forms of address and other German military jargon. For each message the traffic analysis
Traffic analysis
Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and...

 recorded the radio frequency, the date and time of intercept, and the preamble—which contained the network-identifying discriminant, the time of origin of the message, the callsign of the originating and receiving stations, and the indicator setting. This allowed cross referencing of a new message with a previous one. Thus, as Derek Taunt
Derek Taunt
Derek Roy Taunt was a British mathematician who worked as a codebreaker during World War II at Bletchley Park....

, another Cambridge mathematician-cryptanalyst wrote, the truism that "nothing succeeds like success" is particularly apposite here.

Stereotypical messages included Keine besonderen Ereignisse (literally, "no special occurrences"—perhaps better translated as "nothing to report"), An die Gruppe ("to the group") and a number that came from weather stations such as weub null seqs null null ("weather survey 0600"). This was actually rendered as WEUBYYNULLSEQSNULLNULL. The word WEUB being short for wetteruebersicht, YY was used as a separator and SEQS was common abbreviation of sechs ("six"). Field Marshal Erwin Rommel's
Erwin Rommel
Erwin Johannes Eugen Rommel , popularly known as the Desert Fox , was a German Field Marshal of World War II. He won the respect of both his own troops and the enemies he fought....

 Quartermaster started all of his messages to his commander with the same formal introduction.

With a combination of probable plaintext fragment and the fact that no letter could be enciphered as itself, a corresponding ciphertext fragment could often be tested by trying every possible alignment of the crib against the ciphertext, a procedure known as crib-dragging. This, however, was only one aspect of the processes of breaking a key. Derek Taunt has written that the three cardinal personal qualities that were in demand for cryptanalysis were (1) a creative imagination, (2) a well-developed critical faculty, and (3) a habit of meticulousness. Skill at solving crossword puzzles was famously tested in recruiting some cryptanalysts. This was useful in working out plugboard settings when a possible solution was being examined. For example, if the crib was the word WETTER (German for "weather") and a possible decrypt before the plugboard settings had been discovered, was TEWWER, it is easy to see that T with W are stecker partners. These examples, although illustrative of the principles, greatly over-simplify the cryptanalysts' tasks.

A fruitful source of cribs was re-encipherments of messages that had previously been decrypted either from a lower-level manual cipher or from another Enigma network. This was called a kiss
Kiss (cryptanalysis)
In cryptanalysis, a kiss was a term used at Bletchley Park during World War II for occasions when the enemy sent an identical message twice, once in a breakable cipher and again in an unbroken cipher. A deciphered message in the breakable system provided a "crib" which could then be used to read...

and happened particularly with German naval messages being sent in the dockyard cipher and repeated verbatim in an Enigma cipher. One German agent in Britain, code named Treasure, who had been turned
Double Cross System
The Double Cross System, or XX System, was a World War II anti-espionage and deception operation of the British military intelligence arm, MI5. Nazi agents in Britain - real and false - were captured, turned themselves in or simply announced themselves and were then used by the British to broadcast...

to work for the Allies, was very verbose in her messages back to Germany, which were then re-transmitted on the Abwehr Enigma network. She was kept going by MI5
MI5
The Security Service, commonly known as MI5 , is the United Kingdom's internal counter-intelligence and security agency and is part of its core intelligence machinery alongside the Secret Intelligence Service focused on foreign threats, Government Communications Headquarters and the Defence...

 because of providing long cribs in this way, not because of her usefulness as an agent to feed incorrect information to the Abwehr.

Occasionally, when there was a particularly urgent need to break German naval Enigma, such as when an Arctic convoy
Arctic convoys of World War II
The Arctic convoys of World War II travelled from the United Kingdom and North America to the northern ports of the Soviet Union—Arkhangelsk and Murmansk. There were 78 convoys between August 1941 and May 1945...

 was about to depart, mines would be laid by the RAF
Royal Air Force
The Royal Air Force is the aerial warfare service branch of the British Armed Forces. Formed on 1 April 1918, it is the oldest independent air force in the world...

 in a defined position, whose grid reference in the German naval system did not contain any of the words (such as sechs or sieben) for which abbreviations or alternatives were sometimes used. The warning message about the mines and then the "all clear" message, would be transmitted both using the dockyard cipher and the U-boat
U-boat
U-boat is the anglicized version of the German word U-Boot , itself an abbreviation of Unterseeboot , and refers to military submarines operated by Germany, particularly in World War I and World War II...

 Enigma network. This process of planting a crib was called gardening
Gardening (cryptanalysis)
In cryptanalysis, gardening was a term used at Bletchley Park, England, during World War II for schemes to entice the Germans to include known plaintext, which the British called "cribs," in their encrypted messages...

.

Although cillies were not actually cribs, the chit-chat in clear that Enigma operators indulged in amongst themselves, often gave a clue as to the cillies that they might generate.

When a captured, interrogated German Enigma operator revealed that they had been instructed to encipher numbers by spelling them out rather than using the top row of the keyboard, Alan Turing
Alan Turing
Alan Mathison Turing, OBE, FRS , was an English mathematician, logician, cryptanalyst, and computer scientist. He was highly influential in the development of computer science, providing a formalisation of the concepts of "algorithm" and "computation" with the Turing machine, which played a...

 reviewed decrypted messages and determined that the word eins ("one") appeared in 90% of messages. He automated the crib process, creating the Eins Catalogue, which assumed that eins was encoded at all positions in the plaintext. The catalogue included every possible rotor position for EINS with that day's wheel order and plugboard connections.

British bombe

The British bombe was an electromechanical device designed by Alan Turing
Alan Turing
Alan Mathison Turing, OBE, FRS , was an English mathematician, logician, cryptanalyst, and computer scientist. He was highly influential in the development of computer science, providing a formalisation of the concepts of "algorithm" and "computation" with the Turing machine, which played a...

 soon after he arrived at Bletchley Park
Bletchley Park
Bletchley Park is an estate located in the town of Bletchley, in Buckinghamshire, England, which currently houses the National Museum of Computing...

 in September 1939. Harold "Doc" Keen
Harold Keen
Harold Hall "Doc" Keen was a British engineer who produced the engineering design, and oversaw the construction of, the British bombe, a codebreaking machine used in World War II to read German messages sent using the Enigma machine. He was known as "Doc" Keen because of his habit of carrying...

 of the British Tabulating Machine Company
British Tabulating Machine Company
The British Tabulating Machine Company was a firm which manufactured and sold Hollerith unit record equipment and other data-processing equipment...

 (BTM) in Letchworth
Letchworth
Letchworth Garden City, commonly known as Letchworth, is a town and civil parish in Hertfordshire, England. The town's name is taken from one of the three villages it surrounded - all of which featured in the Domesday Book. The land used was first purchased by Quakers who had intended to farm the...

 (35 kilometres (21.7 mi) from Bletchley) was the engineer who turned Turing's ideas into a working machine—under the codename CANTAB. Turing's specification developed the ideas of the Poles' bomba kryptologiczna
Bomba (cryptography)
The bomba, or bomba kryptologiczna was a special-purpose machine designed about October 1938 by Polish Cipher Bureau cryptologist Marian Rejewski to break German Enigma-machine ciphers....

 but was designed for the much more general crib-based decryption.

The bombe helped to identify the wheel order, the initial positions of the rotor cores, and the stecker partner of a specified letter. This was achieved by examining all 17,576 possible scrambler positions for a set of wheel orders on a comparison between a crib and the ciphertext, so as to eliminate possibilities that contradicted
Contradiction
In classical logic, a contradiction consists of a logical incompatibility between two or more propositions. It occurs when the propositions, taken together, yield two conclusions which form the logical, usually opposite inversions of each other...

 the Enigma's known characteristics. In the words of Gordon Welchman
Gordon Welchman
Gordon Welchman was a British-American mathematician, university professor, World War II codebreaker at Bletchley Park, and author.-Education and early career:...

 "the task of the bombe was simply to reduce the assumptions of wheel order and scrambler positions that required 'further analysis' to a manageable number."
The demountable drums on the front of the bombe were wired identically to the connections made by Enigma's different rotors. Unlike them, however, the input and output contacts for the left-hand and the right-hand sides were separate, making 104 contacts between each drum and the rest of the machine. This allowed a set of scramblers to be connected in series by means of 26-way cables. Electrical connections between the rotating drums' wiring and the rear plugboard were by means of metal brushes. When the bombe detected a scrambler position with no contradictions, it stopped and the operator would note the position before re-starting it.

Although Welchman had been given the task of studying Enigma traffic callsigns
Call sign
In broadcasting and radio communications, a call sign is a unique designation for a transmitting station. In North America they are used as names for broadcasting stations...

 and discriminants, he knew from Turing about the bombe design and early in 1940, before the first pre-production bombe was delivered, he showed him an idea to increase its effectiveness. It exploited the reciprocity in plugboard connections, to reduce considerably the number of scrambler settings that needed to be considered further. This became known as the diagonal board and was subsequently incorporated to great effect in all the bombes.

A cryptanalyst would prepare a crib for comparison with the ciphertext. This was a complicated and sophisticated task, which later took the Americans some time to master. As well as the crib, a decision as to which of the many possible wheel orders could be omitted had to be made. Turing's Banburismus
Banburismus
Banburismus was a cryptanalytic process developed by Alan Turing at Bletchley Park in England during the Second World War. It was used by Bletchley Park's Hut 8 to help break German Kriegsmarine messages enciphered on Enigma machines. The process used sequential conditional probability to infer...

 was used in making this major economy. The cryptanalyst would then compile a menu which specified the connections of the cables of the patch panels on the back of the machine, and a particular letter whose stecker partner was sought. The menu reflected the relationships between the letters of the crib and those of the ciphertext. Some of these formed loops (or closures as Turing called them) in a similar way to the cycles that the Poles had exploited.

The reciprocal nature of the plugboard meant that no letter could be connected to more than one other letter. When there was a contradiction of two different letters apparently being stecker partners with the letter in the menu, the bombe would detect this, and move on. If, however, this happened with a letter that was not part of the menu, a false stop could occur. In refining down the set of stops for further examination, the cryptanalyst would eliminate stops that contained such a contradiction. The other plugboard connections and the settings of the alphabet rings would then be worked out before the scrambler positions at the possible true stops were tried out on Typex
Typex
In the history of cryptography, Typex machines were British cipher machines used from 1937. It was an adaptation of the commercial German Enigma with a number of enhancements that greatly increased its security....

 machines that had been adapted to mimic Enigmas. All the remaining stops would correctly decrypt the crib, but only the true stop would produce the correct plaintext of the whole message.

To avoid wasting scarce bombe time on menus that were likely to yield an excessive number of false stops, Turing performed a lengthy probability analysis (without any electronic aids) of the estimated number of stops per rotor order. It was adopted as standard practice only to use menus that were estimated to produce no more than four stops per wheel order. This allowed an 8-letter crib for a 3-closure menu, an 11-letter crib for a 2-closure menu and a 14-letter crib for a menu with only one closure. If there was no closure, at least 16 letters were required in the crib. The longer the crib, however, the more likely it was that turn-over of the middle rotor would have occurred.

The production model 3-rotor bombes contained 36 scramblers arranged in three banks of twelve. Each bank was used for a different wheel order by fitting it with the drums that corresponded to the Enigma rotors being tested. The first bombe was named Victory and was delivered to Bletchley Park on 18 March 1940. The next one, which included the diagonal board, was delivered on 8 August 1940. It was referred to as a spider bombe and was named Agnus Dei which soon became Agnes and then Aggie. The production of British bombes was relatively slow at first, with only five bombes being in use in June 1941, 15 by the year end, 30 by September 1942, 49 by January 1943 but eventually 210 at the end of the war.

A refinement that was developed for use on messages from those networks that disallowed plugboard (Stecker) connection of adjacent letters, was the Consecutive Stecker Knock Out. This was fitted to 40 Bombes and produced a useful reduction in false stops.

Initially the bombes were operated by ex-BTM servicemen, but in March 1941 the first detachment of members of the Women's Royal Naval Service
Women's Royal Naval Service
The Women's Royal Naval Service was the women's branch of the Royal Navy.Members included cooks, clerks, wireless telegraphists, radar plotters, weapons analysts, range assessors, electricians and air mechanics...

 (known as Wrens) arrived at Bletchley Park to become bombe operators. By 1945 there were some 2,000 Wrens operating the bombes. Because of the risk of bombing, relatively few of bombes were located at Bletchley Park. The largest two outstations were at Eastcote (some 110 bombes and 800 Wrens) and Stanmore (some 50 bombes and 500 Wrens). There were also bombe outstations at Wavendon, Adstock and Gayhurst. Communication with Bletchley Park was by teleprinter
Teleprinter
A teleprinter is a electromechanical typewriter that can be used to communicate typed messages from point to point and point to multipoint over a variety of communication channels that range from a simple electrical connection, such as a pair of wires, to the use of radio and microwave as the...

 links.

When the German Navy started using 4-rotor Enigmas, about sixty 4-rotor bombes were produced at Letchworth, some with the assistance of the General Post Office
General Post Office
General Post Office is the name of the British postal system from 1660 until 1969.General Post Office may also refer to:* General Post Office, Perth* General Post Office, Sydney* General Post Office, Melbourne* General Post Office, Brisbane...

. The NCR
NCR Corporation
NCR Corporation is an American technology company specializing in kiosk products for the retail, financial, travel, healthcare, food service, entertainment, gaming and public sector industries. Its main products are self-service kiosks, point-of-sale terminals, automated teller machines, check...

-manufactured US Navy 4-rotor bombes were, however, very fast and much the most successful. They were extensively used by Bletchley Park over teleprinter links (using the Combined Cipher Machine
Combined Cipher Machine
The Combined Cipher Machine was a common cipher machine system for securing Allied communications during World War II and for a few years after amongst NATO...

) to OP-20-G
OP-20-G
OP-20-G or "Office of Chief Of Naval Operations , 20th Division of the Office of Naval Communications, G Section / Communications Security", was the US Navy's signals intelligence and cryptanalysis group during World War II. Its mission was to intercept, decrypt, and analyze naval communications...

 for both 3-rotor and 4-rotor jobs.

Luftwaffe Enigma

Although the German army, SS
Schutzstaffel
The Schutzstaffel |Sig runes]]) was a major paramilitary organization under Adolf Hitler and the Nazi Party. Built upon the Nazi ideology, the SS under Heinrich Himmler's command was responsible for many of the crimes against humanity during World War II...

, police, and railway all used Enigma with similar procedures, it was the Luftwaffe
Luftwaffe
Luftwaffe is a generic German term for an air force. It is also the official name for two of the four historic German air forces, the Wehrmacht air arm founded in 1935 and disbanded in 1946; and the current Bundeswehr air arm founded in 1956....

(Air Force) that was the first and most fruitful source of Ultra
Ultra
Ultra was the designation adopted by British military intelligence in June 1941 for wartime signals intelligence obtained by "breaking" high-level encrypted enemy radio and teleprinter communications at the Government Code and Cypher School at Bletchley Park. "Ultra" eventually became the standard...

 intelligence during the war. The messages were decrypted in Hut 6
Hut 6
Hut 6 was a wartime section of Bletchley Park tasked with the solution of German Army and Air Force Enigma machine ciphers. Hut 8, by contrast, attacked Naval Enigma...

 at Bletchley Park and turned into intelligence reports in Hut 3. The network code-named ‘Red’ at Bletchley Park was broken regularly and quickly from 22 May 1940 until the end of hostilities. Indeed, the Air Force section of Hut 3 expected the new day’s Enigma settings to have been established in Hut 6 by breakfast time. The relative ease of breaking this network’s settings was a product of plentiful cribs and frequent German operating mistakes.

Abwehr Enigma

Dilly Knox's
Dilly Knox
Alfred Dillwyn 'Dilly' Knox CMG was a classics scholar at King's College, Cambridge, and a British codebreaker...

 last great cryptanalytical success before his untimely death in February 1943, was the breaking, in 1941, of the Abwehr
Abwehr
The Abwehr was a German military intelligence organisation from 1921 to 1944. The term Abwehr was used as a concession to Allied demands that Germany's post-World War I intelligence activities be for "defensive" purposes only...

Enigma. Intercepts of traffic which had an 8-letter indicator sequence before the usual 5-letter groups, led to the suspicion that a 4-rotor machine was being used. The assumption was correctly made that the indicator consisted of a 4-letter message key enciphered twice. In fact the machine was a Model G Enigma, which had no plugboard, three conventional rotors, and a rotating reflector that could both be set by hand and was advanced by the stepping mechanism. Collecting a set of enciphered message keys for a particular day allowed cycles (or boxes as Knox called them) to be assembled in a similar way to the method used by the Poles in the 1930s.

Knox was able to derive, using his buttoning up procedure, some of the wiring of the rotor that had been loaded in the fast position on that day. Progressively he was able to derive the wiring of all three rotors. Once that had been done, he was able to work out the wiring of the reflector. Deriving the indicator setting for that day was achieved using Knox's time-consuming rodding procedure. This involved a great deal of trial and error, imagination and crossword puzzle-solving skills, but was helped by cillies.

The Abwehr was the intelligence
Military intelligence
Military intelligence is a military discipline that exploits a number of information collection and analysis approaches to provide guidance and direction to commanders in support of their decisions....

 and counter-espionage
Espionage
Espionage or spying involves an individual obtaining information that is considered secret or confidential without the permission of the holder of the information. Espionage is inherently clandestine, lest the legitimate holder of the information change plans or take other countermeasures once it...

 service of the German High Command. The spies that it placed in enemy countries used a lower level cipher (which was broken by Oliver Strachey's
Oliver Strachey
Oliver Strachey , a British civil servant in the Foreign Office was a cryptographer from World War I to World War II....

 section at Bletchley Park
Bletchley Park
Bletchley Park is an estate located in the town of Bletchley, in Buckinghamshire, England, which currently houses the National Museum of Computing...

) for their transmissions. However, the messages were often then re-transmitted word-for-word on the Abwehr's internal Enigma networks, which gave the best possible crib
Known-plaintext attack
The known-plaintext attack is an attack model for cryptanalysis where the attacker has samples of both the plaintext , and its encrypted version . These can be used to reveal further secret information such as secret keys and code books...

 for deciphering that day's indicator setting. Interception and analysis of Abwehr transmissions led to the remarkable state of affairs that allowed MI5
MI5
The Security Service, commonly known as MI5 , is the United Kingdom's internal counter-intelligence and security agency and is part of its core intelligence machinery alongside the Secret Intelligence Service focused on foreign threats, Government Communications Headquarters and the Defence...

 to give a categorical assurance that all the German spies in Britain were controlled as double agents working for the Allies
Allies of World War II
The Allies of World War II were the countries that opposed the Axis powers during the Second World War . Former Axis states contributing to the Allied victory are not considered Allied states...

 under the Double Cross System
Double Cross System
The Double Cross System, or XX System, was a World War II anti-espionage and deception operation of the British military intelligence arm, MI5. Nazi agents in Britain - real and false - were captured, turned themselves in or simply announced themselves and were then used by the British to broadcast...

.

German Army Enigma

In the summer of 1940 following the Franco-German armistice, most Army Enigma traffic was travelling by land lines rather than radio and so was not available to Bletchley Park. The air Battle of Britain
Battle of Britain
The Battle of Britain is the name given to the World War II air campaign waged by the German Air Force against the United Kingdom during the summer and autumn of 1940...

 was crucial, so it was not surprising that the concentration of scarce resources was on Luftwaffe and Abwehr traffic. It was not until early in 1941 that the first breaks were made into German Army Enigma traffic, and it was the spring of 1942 before it was broken reliably, albeit often with some delay. It is unclear whether the German Army Enigma operators made deciphering more difficult by making fewer operating mistakes.

German naval Enigma

The German Navy used Enigma in the same way as the German Army and Air Force until 1 May 1937 when they changed to a substantially different system. This used the same sort of setting sheet but, importantly, it included the ground key for a period of two, sometimes three days. The message setting was concealed in the indicator by selecting a trigram from a book (the Kenngruppenbuch, or K-Book) and performing a bigram substitution on it. This defeated the Poles, although they suspected some sort of bigram substitution.

The procedure for the naval sending operator was as follows. First they selected a trigram from the K-Book, say YLA. They then looked in the appropriate columns of the K-Book and selected another trigram, say YVT, and wrote it in the boxes at the top of the message form:
. Y V T
Y L A .

They then filled in the "dots" with any letters, giving say:
Q Y V T
Y L A G

Finally they looked up the vertical pairs of letters in the Bigram Tables

and wrote down the resultant pairs, UB, LK, RS and PW which were transmitted as two four letter groups at the start and end of the enciphered message. The receiving operator performed the converse procedure to obtain the message key for setting his Enigma rotors.

As well as these Kriegsmarine procedures being much more secure than those of the German Army and Air Force, the German Navy Enigma introduced three more rotors (VI, VII and VIII), early in 1940. The choice of three rotors from eight meant that there were a total of 336 possible permutations of rotors and their positions.

Alan Turing
Alan Turing
Alan Mathison Turing, OBE, FRS , was an English mathematician, logician, cryptanalyst, and computer scientist. He was highly influential in the development of computer science, providing a formalisation of the concepts of "algorithm" and "computation" with the Turing machine, which played a...

 decided to take responsibility for German naval Enigma because "no one else was doing anything about it and I could have it to myself". He established Hut 8
Hut 8
Hut 8 was a section at Bletchley Park tasked with solving German naval Enigma messages. The section was led initially by Alan Turing...

 with Peter Twinn
Peter Twinn
Peter Frank George Twinn was a British mathematician, World War II codebreaker and entomologist.-Education and codebreaking:...

 and two "girls". Turing used the indicators and message settings for traffic from 1–8 May 1937 that the Poles had worked out, and some very elegant deductions to diagnose the complete indicator system. After the messages were deciphered they were translated for transmission to the Admiralty in Hut 4.

German Navy 3-rotor Enigma

The first break of wartime traffic was in December 1939, into signals that had been intercepted in November 1938, when only three rotors and six plugboard leads had been in use. It used "Forty Weepy Weepy" cribs.

A captured German Funkmaat Meyer had revealed that numerals were now spelt out as words. EINS, the German for "one", was present in about 90% of genuine German Navy messages. An EINS catalogue was compiled consisting of the encipherment of EINS at all 105,456 rotor settings. These were compared with the ciphertext, and when matches were found, about a quarter of them yielded the correct plaintext. Later this process was automated in Mr Freeborn's section using Hollerith equipment
Unit record equipment
Before the advent of electronic computers, data processing was performed using electromechanical devices called unit record equipment, electric accounting machines or tabulating machines. Unit record machines were as ubiquitous in industry and government in the first half of the twentieth century...

. When the ground key was known, this EINS-ing procedure could yield three bigrams for the tables that were then gradually assembled.

Further progress required more information from German Enigma users. This was achieved through a succession of pinches, the capture of Enigma parts and codebooks. The first of these was on 12 February 1940, when rotors VI and VII, whose wiring was at that time unknown, were captured from the U-33, by HMS Gleaner.

On 26 April 1940 the Narvik-bound German patrol boat VP2623, disguised as a Dutch trawler named Polares, was captured by HMS Griffin. This yielded an instruction manual, codebook sheets and a record of some transmissions, which provided complete cribs. This confirmed that Turing's deductions about the trigram/bigram process was correct and allowed a total of six days' messages to be broken, the last of these using the first of the bombes. However, the numerous possible rotor sequences, together with a paucity of usable cribs, made the methods used against the Army and Air Force Enigma messages of very limited value.

Turing had devised a development of the clock method
Clock (cryptography)
In cryptography, the clock was a method devised by Polish mathematician-cryptologist Jerzy Różycki, at the Polish General Staff's Cipher Bureau, to facilitate decrypting German Enigma ciphers.-Method:...

 invented by the Polish cryptanalyst Jerzy Różycki
Jerzy Rózycki
Jerzy Witold Różycki was a Polish mathematician and cryptologist who worked at breaking German Enigma-machine ciphers.-Life:Różycki was born in what is now Ukraine, the fourth and youngest child of Zygmunt Różycki, a pharmacist and graduate of Saint Petersburg University, and Wanda, née Benita. ...

 at the end of 1939. This came to be known as "Banburismus
Banburismus
Banburismus was a cryptanalytic process developed by Alan Turing at Bletchley Park in England during the Second World War. It was used by Bletchley Park's Hut 8 to help break German Kriegsmarine messages enciphered on Enigma machines. The process used sequential conditional probability to infer...

". Turing said that at that stage "I was not sure that it would work in practice, and was not in fact sure until some days had actually broken". Banburismus used a statistical scoring system and large cards printed in Banbury (hence its name), to reduce the number of rotor sequences to be tried on the bombes. In practice the 336 possible rotors and sequences could be reduced to perhaps 18 to be run on the bombes. Knowledge of the bigrams was essential for Banburismus and building up the tables took a long time. This lack of visible progress led to Frank Birch
Francis Birch (cryptographer)
Francis Lyall Birch was a British cryptographer. He was educated at Eton and King’s College, Cambridge. He was awarded an OBE in 1919 and CMG in 1945....

, head of the Naval Section to write on 21 August 1940 to Edward Travis
Edward Travis
Sir Edward Wilfred Harry Travis KCMG CBE was a British cryptographer and intelligence officer, becoming the operational head of Bletchley Park during World War II, and later the head of GCHQ.-Career:...

 Deputy Director of Bletchley Park:

Schemes for capturing Enigma material were conceived including, in September 1940, Operation Ruthless
Operation Ruthless
Operation Ruthless was the name of a deception operation devised by Ian Fleming in the British Admiralty during World War II, in an attempt to gain access to German Naval Enigma codebooks.-Background:...

 by Lieutenant Commander Ian Fleming
Ian Fleming
Ian Lancaster Fleming was a British author, journalist and Naval Intelligence Officer.Fleming is best known for creating the fictional British spy James Bond and for a series of twelve novels and nine short stories about the character, one of the biggest-selling series of fictional books of...

 (author of the James Bond
James Bond
James Bond, code name 007, is a fictional character created in 1953 by writer Ian Fleming, who featured him in twelve novels and two short story collections. There have been a six other authors who wrote authorised Bond novels or novelizations after Fleming's death in 1964: Kingsley Amis,...

 novels). When this was cancelled, Birch told Fleming that "Turing and Twinn came to me like undertakers cheated of a nice corpse....".

A major advance came through Operation Claymore
Operation Claymore
Operation Claymore was the codename for a British Commandos raid on the Lofoten Islands in Norway during the Second World War. The Lofoten Islands were an important center for the production of fish oil and glycerine, used in the German war industry. The landings were carried out on 4 March 1941,...

, a commando
British Commandos
The British Commandos were formed during the Second World War in June 1940, following a request from the British Prime Minister, Winston Churchill, for a force that could carry out raids against German-occupied Europe...

 raid on the Lofoten Islands on 4 March 1941. The German armed trawler
Naval trawler
A naval trawler is a vessel built along the lines of a fishing trawler but fitted out for naval purposes. Naval trawlers were widely used during the First and Second world wars. Fishing trawlers were particularly suited for many naval requirements because they were robust boats designed to work...

 Krebs was captured, including the complete Enigma keys for February, but no bigram tables or K-book. However, the material was sufficient to reconstruct the bigram tables by "EINS-ing", and by late March they were almost complete.

Banburismus then started to become extremely useful. Hut 8 was expanded and moved to 24-hour working, and a crib room was established. The story of Banburismus for the next two years was one of improving methods, of struggling to get sufficient staff, and of a steady growth in the relative and absolute importance of cribbing as the increasing numbers of bombes made the running of cribs ever faster. Of value in this period were further "pinches" such as those from the German weather ships München and Lauenburg and the submarines U-110 and U-559.

Despite the introduction of the 4-rotor Enigma for Atlantic U-boats, the analysis of traffic enciphered with the 3-rotor Enigma proved of immense value to the Allied navies. Banburismus was used until July 1943, when it became more efficient to use the many more bombes that had become available.

German Navy 4-rotor Enigma

On 1 February 1942, the Enigma messages to and from Atlantic U-boats which Bletchley Park called Shark became significantly different from the rest of the traffic which they called Dolphin.

This was because a new Enigma version had been brought into use. It was a development of the 3-rotor Enigma with the reflector replaced by a thin rotor and a thin reflector. Eventually, there were two fourth-position rotors that were called Beta and Gamma and two thin reflectors, Bruno and Caesar which could be used in any combination. These rotors were not advanced by the rotor to their right, in the way that rotors I to VIII were.

The introduction of the fourth rotor did not catch Bletchley Park by surprise, because captured material dated January 1941 had made reference to its development as an adaptation of the 3-rotor machine, with the fourth rotor wheel to be a reflector wheel. Indeed, because of operator errors, the wiring of the new fourth rotor had already been worked out.

This major challenge could not be met by using existing methods and resources for a number of reasons.
  1. The work on the Shark cipher would have to be independent of the continuing work on messages in the Dolphin cipher.
  2. Breaking Shark on 3-rotor bombes would have taken 50 to 100 times as long as an average Air Force or Army job.
  3. U-boat cribs at this time were extremely poor.


It seemed, therefore, that effective, fast, 4-rotor bombes were the only way forward. This was an immense problem and it gave a great deal of trouble. Work on a high speed machine had been started by Wynn-Williams of the TRE
Telecommunications Research Establishment
The Telecommunications Research Establishment was the main United Kingdom research and development organization for radio navigation, radar, infra-red detection for heat seeking missiles, and related work for the Royal Air Force during World War II and the years that followed. The name was...

 late in 1941 and some nine months later Harold Keen
Harold Keen
Harold Hall "Doc" Keen was a British engineer who produced the engineering design, and oversaw the construction of, the British bombe, a codebreaking machine used in World War II to read German messages sent using the Enigma machine. He was known as "Doc" Keen because of his habit of carrying...

 of BTM
British Tabulating Machine Company
The British Tabulating Machine Company was a firm which manufactured and sold Hollerith unit record equipment and other data-processing equipment...

 started work independently. Early in 1942, Bletchley Park were a long way from possessing a high speed machine of any sort.

Eventually, after a long period of being unable to decipher U-boat messages, a source of cribs was found. This was the Kurzsignalen (Short Signal Code) which the German navy used to minimize the duration of transmissions, thereby reducing the risk of being located by direction finding
Direction finding
Direction finding refers to the establishment of the direction from which a received signal was transmitted. This can refer to radio or other forms of wireless communication...

 techniques. The messages were only 22 characters long and were used to report sightings of possible Allied targets. A copy of the code book had been captured from U-110 on 9 May 1941. A similar coding system was used for weather reports from U-boats, the Wetterkurzschluessel, (Weather Short Code Book). A copy of this had been captured from U-559 on 29 or 30 October 1942. These short signals had been used for deciphering 3-rotor Enigma messages and it was discovered that the new rotor had a neutral position at which it, and its matching reflector, behaved just like a 3-rotor Enigma reflector. This allowed messages enciphered at this neutral position to be deciphered by a 3-rotor machine, and hence deciphered by a standard bombe. Deciphered Short Signals provided good material for bombe menus for Shark. Regular deciphering of U-boat traffic re-started in December 1942.

American bombes

Unlike the situation at Bletchley Park, the United States armed services did not share a combined cryptanalytical service. Before the US joined the war, there was collaboration with Britain, albeit with a considerable amount of caution on Britain's side because of the extreme importance of Germany and her allies not learning that its codes were being broken. Despite some worthwhile collaboration amongst the cryptanalysts, their superiors took some time to achieve a trusting relationship in which both British and American bombes were used to mutual benefit.

In February 1941, Captain Abe Sinkov and Lieutenant Leo Rosen of the US Army, and US naval Lieutenants Robert Weeks and Prescott Currier, arrived at Bletchley Park bringing, amongst other things, a replica of the 'Purple' cipher machine for the Bletchley Park's Japanese section in Hut 7
Hut 7
Hut 7 was a wartime section of the Government Code and Cypher School in Bletchley Park tasked with the solution of Japanese naval codes such as JN4, JN11, JN40, and JN25...

. The four returned to America after ten weeks, with a naval radio direction finding
Direction finding
Direction finding refers to the establishment of the direction from which a received signal was transmitted. This can refer to radio or other forms of wireless communication...

 unit and many documents including a "paper Enigma".

The main American response to the 4-rotor Enigma was the US Navy bombe, which was manufactured in much less constrained facilities than were available in wartime Britain. Colonel John Tiltman, who later became Deputy Director at Bletchley Park, visited the US Navy cryptanalysis office (OP-20-G
OP-20-G
OP-20-G or "Office of Chief Of Naval Operations , 20th Division of the Office of Naval Communications, G Section / Communications Security", was the US Navy's signals intelligence and cryptanalysis group during World War II. Its mission was to intercept, decrypt, and analyze naval communications...

) in April 1942 and recognised America's vital interest in deciphering U-boat traffic. The urgent need, doubts about the British engineering workload and slow progress, prompted the US to start investigating designs for a Navy bombe, based on the full blueprint
Blueprint
A blueprint is a type of paper-based reproduction usually of a technical drawing, documenting an architecture or an engineering design. More generally, the term "blueprint" has come to be used to refer to any detailed plan....

s and wiring diagrams received by US naval Lieutenants Robert Ely and Joseph Eachus at Bletchley Park in July 1942. Funding for a full, $2 million, Navy development effort was requested on 3 September 1942 and approved the following day.

Commander Edward Travis
Edward Travis
Sir Edward Wilfred Harry Travis KCMG CBE was a British cryptographer and intelligence officer, becoming the operational head of Bletchley Park during World War II, and later the head of GCHQ.-Career:...

, Deputy Director and Frank Birch
Francis Birch (cryptographer)
Francis Lyall Birch was a British cryptographer. He was educated at Eton and King’s College, Cambridge. He was awarded an OBE in 1919 and CMG in 1945....

, Head of the German Naval Section travelled from Bletchley Park to Washington in September 1942. With Carl Frederick Holden
Carl Frederick Holden
Carl Frederick Holden was an officer of the United States Navy who retired with the rank of Vice Admiral.Born in Bangor, Maine, Holden graduated from the United States Naval Academy at Annapolis in 1917. He saw service in World War I on destroyers based in Queenstown, Ireland. Lieutenant Commander...

, US Director of Naval Communications they established, on 2 October 1942, a UK:US accord which may have "a stronger claim than BRUSA
1943 BRUSA Agreement
The 1943 BRUSA Agreement was an agreement between the British and US governments to facilitate co-operation between the US War Department and the British Government Code and Cypher School...

 to being the forerunner of the UKUSA Agreement
UK–USA Security Agreement
The United Kingdom – United States of America Agreement is a multilateral agreement for cooperation in signals intelligence among the United Kingdom, the United States, Canada, Australia, and New Zealand. It was first signed in March 1946 by the United Kingdom and the United States and later...

," being the first agreement "to establish the special Sigint relationship between the two countries," and "it set the pattern for UKUSA, in that the United States was very much the senior partner in the alliance." It established a relationship of "full collaboration" between Bletchley Park and OP-20-G.

An all electronic solution to the problem of a fast bombe was considered, but rejected for pragmatic reasons, and a contract was let with the National Cash Register Corporation
NCR Corporation
NCR Corporation is an American technology company specializing in kiosk products for the retail, financial, travel, healthcare, food service, entertainment, gaming and public sector industries. Its main products are self-service kiosks, point-of-sale terminals, automated teller machines, check...

 (NCR) in Dayton, Ohio
Dayton, Ohio
Dayton is the 6th largest city in the U.S. state of Ohio and the county seat of Montgomery County, the fifth most populous county in the state. The population was 141,527 at the 2010 census. The Dayton Metropolitan Statistical Area had a population of 841,502 in the 2010 census...

. This established the United States Naval Computing Machine Laboratory
United States Naval Computing Machine Laboratory
The United States Naval Computing Machine Laboratory was a highly secret design and manufacturing site for code-breaking machinery located in Building 26 of the National Cash Register company in Dayton, Ohio and operated by the United States Navy during World War II...

. Engineering development was led by NCR's Joseph Desch
Joseph Desch
Joseph Raymond Desch was an American electrical engineer and inventor. During World War II, he was Research Director of the project to design and manufacture the US Navy version of the bombe, a cryptanalytic machine designed to read communications enciphered by the German Enigma.-Early life:Desch...

.

Alan Turing
Alan Turing
Alan Mathison Turing, OBE, FRS , was an English mathematician, logician, cryptanalyst, and computer scientist. He was highly influential in the development of computer science, providing a formalisation of the concepts of "algorithm" and "computation" with the Turing machine, which played a...

, who had written a memorandum to OP-20-G (probably in 1941), was seconded to the British Joint Staff Mission in Washington in December 1942, because of his exceptionally wide knowledge about the bombes and the methods of their use. He was asked to look at the bombes that were being built by NCR and at the security of certain speech cipher equipment under development at Bell Labs. He visited OP-20-G, and went to NCR in Dayton on the 21 December. He was able to show that it was not necessary to build 336 Bombes, one for each possible rotor order, by utilising techniques such as Banburismus
Banburismus
Banburismus was a cryptanalytic process developed by Alan Turing at Bletchley Park in England during the Second World War. It was used by Bletchley Park's Hut 8 to help break German Kriegsmarine messages enciphered on Enigma machines. The process used sequential conditional probability to infer...

. The initial order was scaled down to 96 machines.

The US Navy bombes used drums for the Enigma rotors in much the same way as the British bombes, but were very much faster. The first machine was completed and tested on 3 May 1943. Soon, these bombes were more available than the British bombes at Bletchley Park and its outstations, and as a consequence they were put to use for Hut 6 as well as Hut 8 work. A total of 121 Navy bombes were produced. In Alexander's "Cryptographic History of Work on German Naval Enigma", he wrote as follows.
The US Army also produced a bombe. It was physically very different from the British and US Navy bombes. A contract was signed with Bell Labs
Bell Labs
Bell Laboratories is the research and development subsidiary of the French-owned Alcatel-Lucent and previously of the American Telephone & Telegraph Company , half-owned through its Western Electric manufacturing subsidiary.Bell Laboratories operates its...

 on 30 September 1942. The machine was designed to analyse 3-rotor, not 4-rotor traffic. It did not use drums to represent the Enigma rotors, using instead telephone-type relays. It could, however, handle one problem that the bombes with drums could not. The set of ten bombes consisted of a total of 144 Enigma-equivalents, each mounted on a rack approximately 7 feet (2.1 m) long 8 feet (2.4 m) high and 6 inches (152.4 mm) wide. There were 12 control stations which could allocate any of the Enigma-equivalents into the desired configuration by means of plugboards. Rotor order changes did not require the mechanical process of changing drums, but was achieved in about half a minute by means of push buttons. A 3-rotor run took about 10 minutes.

German suspicions

By 1945, almost all German Enigma traffic (Wehrmacht
Wehrmacht
The Wehrmacht – from , to defend and , the might/power) were the unified armed forces of Nazi Germany from 1935 to 1945. It consisted of the Heer , the Kriegsmarine and the Luftwaffe .-Origin and use of the term:...

, Kriegsmarine
Kriegsmarine
The Kriegsmarine was the name of the German Navy during the Nazi regime . It superseded the Kaiserliche Marine of World War I and the post-war Reichsmarine. The Kriegsmarine was one of three official branches of the Wehrmacht, the unified armed forces of Nazi Germany.The Kriegsmarine grew rapidly...

, Luftwaffe
Luftwaffe
Luftwaffe is a generic German term for an air force. It is also the official name for two of the four historic German air forces, the Wehrmacht air arm founded in 1935 and disbanded in 1946; and the current Bundeswehr air arm founded in 1956....

, Abwehr
Abwehr
The Abwehr was a German military intelligence organisation from 1921 to 1944. The term Abwehr was used as a concession to Allied demands that Germany's post-World War I intelligence activities be for "defensive" purposes only...

, SD
Sicherheitsdienst
Sicherheitsdienst , full title Sicherheitsdienst des Reichsführers-SS, or SD, was the intelligence agency of the SS and the Nazi Party in Nazi Germany. The organization was the first Nazi Party intelligence organization to be established and was often considered a "sister organization" with the...

, etc.) could be decrypted within a day or two, yet the Germans remained confident of its security. They openly discussed their plans and movements, handing the Allies huge amounts of information, not all of which was used effectively. For example, Rommel's actions at the Kasserine Pass were clearly foreshadowed in decrypted Enigma traffic, but the information was not properly appreciated by the Americans.

After the war, American TICOM
TICOM
TICOM was a project formed in World War II by the United States to find and seize German intelligence assets, particularly cryptographic ones. The project was stimulated chiefly by the US military cryptography organizations, and had support from the highest levels.Several teams were sent into the...

 project teams found and detained a considerable number of German cryptographic personnel. Among the things the Americans learned was that German cryptographers, at least, understood very well that Enigma messages might be read; they knew Enigma was not unbreakable. They just found it impossible to imagine anyone going to the immense effort required. When Abwehr
Abwehr
The Abwehr was a German military intelligence organisation from 1921 to 1944. The term Abwehr was used as a concession to Allied demands that Germany's post-World War I intelligence activities be for "defensive" purposes only...

 personnel who had worked on Fish cryptography
Fish (cryptography)
Fish was the Allied codename for any of several German teleprinter stream ciphers used during World War II. Enciphered teleprinter traffic was used between German High Command and Army Group commanders in the field, so its intelligence value was of the highest strategic value to the Allies...

 and Russian traffic were interned at Rosenheim around May 1945, they were not at all surprised that Enigma had been broken, only that someone had mustered all the resources in time to actually do it. Admiral Dönitz
Karl Dönitz
Karl Dönitz was a German naval commander during World War II. He started his career in the German Navy during World War I. In 1918, while he was in command of , the submarine was sunk by British forces and Dönitz was taken prisoner...

 had been advised that that was the least likely of all security problems.

Since World War II

Modern computers can be used to solve Enigma, using a variety of techniques. There is even a project to decrypt some remaining messages, using distributed computing
Distributed computing
Distributed computing is a field of computer science that studies distributed systems. A distributed system consists of multiple autonomous computers that communicate through a computer network. The computers interact with each other in order to achieve a common goal...

.

See also

  • Tadeusz Pełczyński
  • John Herivel
    John Herivel
    John W. Herivel was a British science historian and former World War II codebreaker at Bletchley Park.As a codebreaker concerned with Cryptanalysis of the Enigma, Herivel is remembered chiefly for the discovery of what was soon dubbed the Herivel tip or Herivelismus...

  • I.J. Good
  • Good–Turing frequency estimation
  • Amy Elizabeth Thorpe
    Amy Elizabeth Thorpe
    Amy Elizabeth "Betty" Thorpe was, according to William Stephenson of British Security Coordination, an American spy, codenamed "Cynthia," who worked for his agency during World War II...


External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK