sign in sign up
<<
Home , Banburismus, Bletchley Park, Hut 8

Lorenz Lecture 17: Machine Double Deltas and

We’ll finish up the tree sorting next week Colossus Rebuilt, Park, Summer 2004

CS150: Science Today’s notes: on-line only (links) University of Virginia David Evans Computer Science http://www.cs.virginia.edu/evans Lecture 17: Double Deltas and Banburismus 2

Lorenz Wheels Breaking Fish 12 wheels • GCHQ learned about first Fish link (Tunny) 501 pins in May 1941 total (set – Intercepted unencrypted Baudot-encoded test to control messages wheels) • August 30, 1941: Big Break! Work to break in – Operator retransmits failed message with same Θ(pw) so real starting configuration Lorenz is 41 12 /5 3 ~ – Gets lazy and uses some abbreviations, makes 1 quintillion ( 10 18 ) some mistakes times harder! • SPRUCHNUMMER/SPRUCHNR (Serial Number)

Lecture 17: Double Deltas and Banburismus 3 Lecture 17: Double Deltas and Banburismus 4

“Two Time” Pad “Cribs” • Allies have intercepted: • Know: C1, C2 (intercepted ciphertext) ⊕ ⊕ C1 = M1 ⊕ K1 C1 C2 = M1 M2 C2 = M2 ⊕ K1 • Don’t know M1 or M2 – But, can make some guesses (cribs) Same key used for both (same starting • SPRUCHNUMMER configuration) • Sometimes allies moved ships, sent out bombers to help the • Breaking message: cryptographers get good cribs • Given guess for M1, calculate M2 C1 ⊕ C2 = (M1 ⊕ K1 ) ⊕ (M2 ⊕ K1 ) M2 = C1 ⊕ C2 ⊕ M1 = (M1 ⊕ M2) ⊕ (K1 ⊕ K1 ) • Once guesses that work for M1 and M2 = M1 ⊕ M2 K1 = M1 ⊕ C1 = M2 ⊕ C2

Lecture 17: Double Deltas and Banburismus 5 Lecture 17: Double Deltas and Banburismus 6

1 Reverse Engineering Lorenz Intercepting Traffic • From the 2 intercepted messages, Col. John • Set up listening post to intercept traffic from Tiltman worked on guessing cribs to find M1 12 Lorenz (Fish) links and M2: 4000 letter messages, found 4000 – Different links between conquered capitals letter key K1 – Slightly different coding procedures, and different • Bill Tutte (recent Chemistry graduate) given configurations task of determining machine structure • 600 people worked – Already knew it was 2 sets of 5 wheels and 2 on intercepting traffic wheels of unknown function – Six months later new machine structure likely to generate K1

Lecture 17: Double Deltas and Banburismus 7 Lecture 17: Double Deltas and Banburismus 8

Breaking Traffic Recognizing a Good Guess • Knew machine structure, but a different • Intercepted Message (divided into 5 initial configuration was used for each channels for each Baudot code bit) message Zc = z 0z1z2z3z4z5z6z7… • Need to determine wheel setting: ⊕ ⊕ zc, i = mc,i xc,i sc,i – Initial position of each of the 12 wheels Message Key (parts from S-wheels and rest) – 1271 possible starting positions • Look for statistical properties – Needed to try them fast enough to decrypt message while it was still strategically valuable – How many of the zc,i ’s are 0? ½ (not useful) ⊕ – How many of (z c,i+1 zc,i ) are 0? ½ This is what you did for PS4 (except with fewer wheels)

Lecture 17: Double Deltas and Banburismus 9 Lecture 17: Double Deltas and Banburismus 10

Double Delta Actual Advantage ∆ ⊕ • Probability of repeating letters Zc,i = Zc,i Zc,i+1 ∆ ⊕ ∆ Combine two channels: Prob[ M1, i M2, i = 0] ~ 0.614 ∆ ⊕ ∆ ∆ ⊕ ∆ 3.3% of German digraphs are repeating Z1, i Z2, i = M1, i M2, i > ½ Yippee! ⊕ ∆ ⊕ ∆ • Probability of repeating S-keys X1, i X2, i = ½ (key) ⊕ ∆ ⊕ ∆ Prob[∆ S ⊕ ∆ S = 0] ~ 0.73 S1, i S2, i > ½ Yippee! 1, i 2, i ∆ ⊕ ∆ ∆ ⊕ ∆ ⊕ ∆ ⊕ ∆ Why is M1,i M2,i > ½ Prob[ Z1, i Z2, i X1, i X2, i = 0] Message is in German, more likely following = 0.614 * 0.73 + (1-0.614) * (1-0.73) letter is a repetition than random ∆ M and S are 0 ∆ M and S are 1 ∆ ⊕ ∆ Why is S1,i S2,i > ½ = 0.55 S-wheels only turn when M-wheel is 1 if the wheel settings guess is correct (0.5 otherwise)

Lecture 17: Double Deltas and Banburismus 11 Lecture 17: Double Deltas and Banburismus 12

2 Using the Advantage Heath Robinson • If the guess of X is correct, should see higher • Dec 1942: Decide to build a than ½ of the double deltas are 0 machine to do these ⊕s • Try guessing different configurations to find quickly, due June 1943 highest number of 0 double deltas • Apr 1943: first Heath Robinson machine is • Problem: delivered! # of double delta operations to try one config • Intercepted ciphertext on tape: = length of Z * length of X – 2000 characters per second = for 10,000 letter message = 12 M for each (12 miles per hour) ⊕ – Needed to perform 7 ⊕ setting * 7 per double delta operations each ½ ms = 89 M ⊕ operations Heath Robinson, British Cartoonist (1872-1944)

Lecture 17: Double Deltas and Banburismus 13 Lecture 17: Double Deltas and Banburismus 14

Colossus Colossus Design Ciphertext Tape

• Heath Robinson machines were too slow

• Colossus designed and first built in Jan 1944 Electronic Keytext Logic Tape Reader • Replaced keytext tape loop with electronic keytext Generator generator • Speed up ciphertext tape: Position Counter – 5,000 chars per second = 30 mph Counter – Perform 5 double deltas simultaneously – Speedup = 2.5X for faster tape * 5X for parallelism

Printer

Lecture 17: Double Deltas and Banburismus 15 Lecture 17: Double Deltas and Banburismus 16

Impact on WWII Colossus History • 10 Colossus machines operated at Kept secret after the war, all machines destroyed – Various improvements in speed • Decoded 63 million letters in Nazi command messages • Learned German troop locations to plan D- Day (knew the deception was working)

Rebuild, Bletchley Park, During WWII Summer 2004

Lecture 17: Double Deltas and Banburismus 17 Lecture 17: Double Deltas and Banburismus 18

3 How could the folks at Bletchley Park solve a problem ~ 1 quintillion times harder than ps4?

Poster in RAF Museum

Lecture 17: Double Deltas and Banburismus 19 Lecture 17: Double Deltas and Banburismus 20

Motivation Helps… The Good News...

Confronted with the prospect of defeat, the Allied cryptanalysts had worked night and day to penetrate German . It No problems on your exam are would appear that fear was the main 1/quintillionth as hard as driving force, and that adversity is one of the foundations of successful breaking the codebreaking.

Simon Singh, The Code Book

Lecture 17: Double Deltas and Banburismus 21 Lecture 17: Double Deltas and Banburismus 22

Banburismus • Invented commercially, 1923 Given two Enigma- • German Navy, Army, Air Force encrypted messages, how • About 50,000 in use (many were can we determine if they captured by Allies) were encrypted starting • Modified throughout WWII, with the same wheel Germans believed perfectly secure settings? • Kahn’s Codebreakers (1967) didn’t know it was broken • Turing’s 1940 Treatise on Enigma at Bletchley Park declassified in 1996

Lecture 17: Double Deltas and Banburismus 23 Lecture 17: Double Deltas and Banburismus 24

4 Simple Substitution Ciphers Reverse Engineering ABCDEFGHIJKLMNOPQRSTUVWXYZ

Enigma encrypt

“This fictional movie about a fictional U.S. submarine mission is followed by a mention in the end credits of those

actual British missions. Oh, the British deciphered the decrypt Enigma code, too. Come to think of it, they pretty much did everything in real life that the Americans do in this JIDKQACRSHLGWNFEXUZVTPMYOB movie.” ⇒ Roger Ebert’s review of U-571 CS DZ

Lecture 17: Double Deltas and Banburismus 25 Lecture 17: Double Deltas and Banburismus 26 g Rotor Wheels

Simple substitution

Latch turns next rotor once per rotation Imagefrom http://en.wikipedia.org/wiki/Image:Enigma-action.pn

Lecture 17: Double Deltas and Banburismus 27 Lecture 17: Double Deltas and Banburismus 28

Enigma’s Rotating Substitutions Language is Non-Random

ABCDEFGHIJKLMNOPQRSTUVWXYZ • Random strings: the probability of two JIDKQACRSHLGWNFEXUZVTPMYOB letters in the two messages matching is Wheel1: one Rotate position every letter 1/26 (number of letters in alphabet) ABCDEFGHIJKLMNOPQRSTUVWXYZ SQHLZNYKXUWVJRDFBETIMOGACP • Same-encrypted strings: the output letters Wheel2: one Rotate position every letters 26 will match when the input letters match ABCDEFGHIJKLMNOPQRSTUVWXYZ – This happens much more frequently because UAVGRDCBESYHLZOQKXTIMNJWFP some letters (e.g., “e” is ~13% of all letters) are more common Wheel3: one Rotate positionwhen cycles 2 wheel

Lecture 17: Double Deltas and Banburismus 29 Lecture 17: Double Deltas and Banburismus 30

5 ’s Solution

Banbury Bletchley Park

M1: GXCYBGDSLVWBDJLKWIPEHVYGQZWDTHRQXIKEESQS

M2: YNSCFCCPVIPEMSGIZWFLHESCIYSPVRXMCFQAXVXDVU

Lecture 17: Double Deltas and Banburismus 31 Lecture 17: Double Deltas and Banburismus 32

Banburismus Intercepted Message 1 Intercepted Message 2 A A B B C C D D E E F F G G H H I I J J K K L L M M N N O O P P Q Q R R S S T T U U V V M1: GXCYBGDSLVWBDJLKWIPEHVYGQZWDTHRQXIKEESQS W W X X Y Y M2: YNSCFCCPVIPEMSGIZWFLHESCIYSPVRXMCFQAXVXDVU Z Z

Lecture 17: Double Deltas and Banburismus 33 Lecture 17: Double Deltas and Banburismus 34

Intercepted Message 1 Trying Possible Alignments A A B B C C GXCYBGDSLVWBDJLKWIPEHVYGQZWDTHRQXIKEESQS D D E E F F YNSCFCCPVIPEMSGIZWFLHESCIYSPVRXMCFQAXVXDVU G G H H I I YNSCFCCPVIPEMSGIZWFLHESCIYSPVRXMCFQAXVXDVU J J K K L L M M YNSCFCCPVIPEMSGIZWFLHESCIYSPVRXMCFQAXVXDVU N N O O P P Q Q R R ... S S T T U U V V YNSCFCCPVIPEMSGIZWFLHESCIYSPVRXMCFQAXVXDVU W W X X Y Y Z Z

Lecture 17: Double Deltas and Banburismus 35 Lecture 17: Double Deltas and Banburismus 36

6 Charge

• Exam 1: Out now, due beginning of class Monday (2 minute grace period) • Please please please be honorable! – I want the other exams to be take-home also • Last 2 questions are about Banburismus Turing’s at Bletchley Park Don’t complain about your working space (or Small Hall). • When in , visit Bletchley Park You can do good computer science anywhere. But find a quiet, undisturbed place to work on the exam. (about 1 hour train ride)

Lecture 17: Double Deltas and Banburismus 37 Lecture 17: Double Deltas and Banburismus 38

7