LAB 4

LAB 4

Fall 2001

Michael Siff

Cryptanalyzing Enigma Ciphers

Lab Report due Thursday, October 18

Introduction

(Review Singh, Chapters 4 and 5, 127-178) The goal of this lab is to demonstrate that the Enigma cipher, while difficult, is not impregnable.

The version of the Enigma presented in this lab is slightly simplified. In particular, no plugboard is used and the three scramblers are already in place in the machine and remain the same throughout the lab. This simplifies the decryption process - there are only 26*26*26 possible keys to consider - that's 17,576 keys. Nevertheless, I don't recommend using brute force techniques to cryptanalyze these ciphers.

You have several tools at your disposal:

You can (and should!) make use of any general facts you have learned about cryptanalysis, and any specific facts about Enigma and how it is used. An example of such a fact: An Enigma machine never encrypts a plaintext letter as itself.
There are two long catalogs describing facts about all 17,576 possible initial orientations of the scramblers. The files are long so you should either open them in its own window or download the files to your local machine. The catalogs are sorted alphabetically and are intended to ease the process of identifying scrambler orientations. The catalogs are:
1. a Rejewski catalog - each line represents a possible mapping of first letters (from A-Z, implicit) to fourth letters for repeated plaintext letters in those positions. For example:
```
UVTZBXCLDSENPWRMIAQHJGKFOY (F,O,E)
```
  refers to a mapping:
```
  ABCDEFGHIJKLMNOPQRSTUVWXYZ
  UVTZBXCLDSENPWRMIAQHJGKFOY
```
  meaning that if the initial scrambler orientation the first rotor at position F, the second rotor at position O, and the third rotor at position E, then if a plain letter would map to cipher letter A in the first position would map the same plain letter to cipher letter U in the fourth position of the message. (See Singh, p. 151 for another example.)
2. an initial alphabet catalog - each line represents a mapping of plain letters (A-Z, implicit) to cipher letters for a given scrambler orientation. The idea is that if the rotors did not move that each line would represent the monoalphabetic substitution cipher that the rotors represent in each orientation.

You can make use of this simple Enigma servlet. (It works much like the other cryptology servelets we have used in lab to date.)

You can use any of the other tools in our cryptology toolbox.

You may find it useful to use a text editor or word processor for organizing lists of plaintext or ciphertext.

You can make use of this Enigma Machine applet. (The rotors used in the lab are the default rotors used in the applet. However, the implementations do differ slightly. So, do not use this as your only tool. Also, due to Internet congestion, you may have better luck using this local copy of the applet.) In your lab report, be sure to indicate which tools you employed, and make special note if you use any not on the above list.

Cryptograms for your puzzling pleasure

Rejewski's method.
Rejewski found a weakness with the repeated message key system that German military used with Enigma. The goal of this part of the lab is demonstrate how to exploit Rejewski's realization.
Consider these intercepts. There are twenty-six short ciphertexts, one per line. Each was received on the same day. Each was generated using the same day key, but different three-letter message key. The message keys are repeated twice at the beginning of the ciphertext.
Your goal is to analyze the ciphertext to find a correspondence between the first and fourth letters of each message (or second and fifth or third and sixth) since the encrypted letters in those positions must be represent the same plain letter. Once you have identified the proper relationships, you should be able to determine the day key. From that, you should be able to unscramble the messages.
You should submit the day key and the message keys and plaintexts corresponding to each ciphertext. For extra credit, identify what the ciphertexts have in common and what their order means.
Known-plaintext (crib) attack.
Consider this ciphertext:
```
  NMHIJIZYLABOFBLCQRHZJBYSKKLDBKHTHINKSILL
```
Your spy network has determined that the ciphertext was generated using an Enigma machine keyed identically to that which produced these short ciphertexts. You have been informed that for this cipher, your opposition just used the day key and did not use any message key at all. Furthermore, your spies are confident that the single ciphertext words correspond (in an unknown order) to these plaintext words. Use this information to identify the day key and decrypt the initial ciphertext. Submit the key, the matches between the plaintext and ciphertext cribs, and the plaintext corresponding to the main ciphertext.
Broken Enigma.
The opposition has improved their technique - somewhat. They use day keys and message keys, and, now, they no longer repeat the message key. However, occasionally things happen that give the cryptanalyst a window of opportunity. Consider this ciphertext. Your spy network has determined that the ciphertext was generated using a broken Enigma machine - a machine in which the rotors never moved. That is, the users set the day key and typed in the three-letter message key. But the rotors stayed in the same orientation for each of the three letters. Then, they reset the orientation based on the message key and apparently did not notice that the rotors had not been moving. They then typed in the message. Again, the rotors did not move and the would-be cryptographers did not notice. Given these facts and your full cryptanalytic knowledge, decipher the message.
Meanwhile, your information gatherers have identified this shorter ciphertext sent on the same day (using a different message key, we assume) from a working Enigma machine:
```
  EHSIVBLTMQYFBXOXBVDWLYWAXEKELPTSZZYEZCYZNVENDOQBAZAXQ
```
Use what you learned from the first part of this exercise to uncover the plaintext.
Submit the day key, the message keys, the plaintext corresponding to the latter, shorter ciphertext. Do not submit the plaintext corresponding to the long ciphertext. However, you should indicate what it is (it's somewhat famous) if you can identify the source.

crypto home

assignments

labs

notes

tools

contact instructor