SIS and Cipher Machines: 1930

Home , Abraham Sinkov, Cipher disk, Cryptograph, Kryha, SIGABA, Solomon Kullback

SIS and Cipher Machines: 1930 – 1940

John F Dooley Knox College

Presented at the 14th Biennial NSA CCH History Symposium, October 2013

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States License.

Thursday, November 7, 2013 1 The Results of Friedman’s Training

• The initial training regimen as it related to cipher machines was cryptanalytic

• But this detailed analysis of the different machine types informed the team’s cryptographic imaginations when it came to creating their own machines

2 Thursday, November 7, 2013 2 The Machines

• Wheatstone/Plett Machine • M-94 • AT&T machine • M-138 and M-138-A • Hebern cipher machine • M-209 • Kryha • Red • IT&T (Parker Hitt) • Purple • Engima • SIGABA (M-134 and M-134-C) • B-211(and B-21)

3 Thursday, November 7, 2013 3 The Wheatstone/Plett Machine

• polyalphabetic cipher disk with gearing mechanism rotates the inner alphabet. • Plett’s improvement is to add a second key and mixed alphabet to the inner ring. • Friedman broke this in 1918

Principles: (a) The inner workings of a mechanical cryptographic device can be worked out using a paper and pencil analog of the device. (b) if there is a cycle in the mechanical device (say for particular cipher alphabets), then that cycle can be discovered by analysis of the paper and pencil analog. 4 Thursday, November 7, 2013 4 The Army M-94

• Traces its roots back to Jefferson and Bazieres • Used by US Army from 1922 to circa 1942 • 25 mixed alphabets. Disk order is the key.

Principles: For wheel ciphers and their equivalents one can create a series of tables representing all the possible substitutions for all the letters in each mixed alphabets and use the resulting tables to try probable word attacks. In addition, the use of indicators and probable words offer an excellent avenue for cryptanalysis of these types of ciphers.

5 Thursday, November 7, 2013 5 The Hagelin B-21

•rotor and pin system (2 rotors, 4 pin-wheels) •B-211 could operate with or without electricity •its effect is a fractionating cipher •ﬁrst encounter of SIS with an irregularly stepped system.

Principles: First rotor-type device SIS saw. “This was our first encounter with anything like the effect of several elements, such as the four control (pin) wheels, operating together to produce a key which in turn controlled the stepping of electrical switching components such as the commutators (cipher wheels).” (Rowlett)

6 Thursday, November 7, 2013 6 Kryha

• gear-based single wheel with changeable mixed alphabet sliding against a ﬁxed alphabet (either standard or mixed)

• Rowlett: “A noisy brute of a device...”

Principles: A gear-based rotating wheel that changed the cipher letters sliding against the fixed (and mixed) alphabet.Regular wheel stepping is a weakness. Ability to change both the movable and fixed alphabets between messages.

7 Thursday, November 7, 2013 7 The AT&T teletype machine

• original system that Friedman cracked in 1919 used a single key tape (later two, offset tapes)

• weakness is in key repetition and non- randomness

• Maubourgne improvement leads to one-time pad system

Principles: Automatic transmission of encrypted text. Use of multiple key streams. First example of using “digital” circuits – the system employed an exclusive-or operation.

8 Thursday, November 7, 2013 8 The Hebern Mark I

•rotor system - originally one rotor, later expanded to 5 rotors

•Friedman broke the Mark I in 1924

•“The most important cipher machine we studied.” (Rowlett) Principles: First electro-mechanical rotor machine that SIS tackled. Number of rotors and complex stepping mechanism. Recovery of rotor wiring diagrams. Interval method of rotor wiring. Use of statistical analysis in recovering the rotor wiring and starting positions. (SIS attacked an updated Hebern in 1934. Led to realization that automated computation would be necessary in the future.) 9 Thursday, November 7, 2013 9 The Army M-209 (The Hagelin C-38)

•pin and lug cage to control rotor stepping •purely mechanical •6 rotors, all different sizes

Principles: The use of the pin and lug system can improve security. Complex keys can improve security if used correctly. 140,000 manufactured during WW2 10 Thursday, November 7, 2013 10 The Army M-138 and M-138-A

• Parker Hitt’s original version from 1916

• Maubourgne evolved this into the M-94

• Friedman has the patent

11 Thursday, November 7, 2013 11 The IT&T Machine of Parker Hitt

• teletypewriter designed to send encrypted text end-to-end

• used 10 cams with relatively prime periods

• several weaknesses, including operating use

12 Thursday, November 7, 2013 12 Enigma

• Friedman acquired commercial version of the system

• Little luck in breaking it

• surprising considering his success with the Hebern

• SIS never saw military version during the 1930s

13 Thursday, November 7, 2013 13 The Japanese Red Machine

•Introduced in 1932; broken by SIS in 1935 •used variation on Hagelin half-rotor (see B-21) •irregular motion of cipher wheel governed by a 47-position pin (break) wheel •Japanese added the “sixes” and the “twenties” and plugboard •separation was a basic weakness recognized early by SIS

14 Thursday, November 7, 2013 14 The Red Machine Movie

• 2009

• Plays fast and loose with the facts

15 Thursday, November 7, 2013 15 The Japanese Purple Machine

•Introduced in 1938, ﬁrst messages intercepted in early 1939. •more sophisticated than RED (although still kept the “sixes” and “twenties”) •small number of daily keys used (~1000) •cipher wheel gone - uses telephone stepping switches in banks instead •plugboard used for input and output •broken by Rowlett’s team in September 1940

16 Thursday, November 7, 2013 16 SIGABA (The M-134, M-134-C, and M-229)

• Friedman’s original M-134 design

• Rowlett’s improvement (M-229)

• using irregularly stepping rotors to change the cipher alphabets (the stepping maze)

• Navy combined the ideas and built the M-134-C (Safford & Seiler)

17 Thursday, November 7, 2013 17 Patents

SIGABA 6,175,625

18 Thursday, November 7, 2013 18 Cryptanalysis informs Cryptography

• electro-mechanical systems • automatic computation necessary for cryptanalysis • rotor construction and use • Hebern’s level method of designing rotors • reversible rotors • irregular stepping (complex rotor movement) • pin and lug systems • irregular stepping • statistical analysis of rotor systems is possible (and essential)

Thursday, November 7, 2013 19 Conclusions

• The cryptanalytic work of SIS lead directly to their expertise in cryptographic work

• Friedman’s work in the 1920s in cryptanalyzing cipher machines provided the foundation for his training regimen and the subsequent successes of SIS in the late 1930s.

20 Thursday, November 7, 2013 20 References

Barker, Wayne G. 1989. The History of Codes and Ciphers in the United States during the Period Between the Wars: Part II. 1930 - 1939. paperback ed. 54. Laguna Park, CA: Aegean Park Press. 99 pgs. Callimahos, Lambros D. 1973. Q.E.D.-2 Hours, 41 Minutes. NSA Technical Journal XVIII (4):13-34. Clark, Ronald. 1977. The Man Who Broke Purple. hardcover. Boston: Little, Brown and Company. 271 pgs. Deavours, Cipher A. 1977. Analysis of the Hebern Cryptograph using Isomorphs. Cryptologia 1 (2):167-185. Ellison, Carl M. 1988. A SOLUTION OF THE HEBERN MESSAGES. Cryptologia 12 (3):144-158. Freeman, Wes, Geoff Sullivan, and Frode Weierud. 2003. PURPLE Revealed: Simulation and Computer-aided Cryptanalysis of Angooki Taipu B. Cryptologia 27 (1):1-43. Friedman, William F. 1940. Preliminary Historical Report on the Solution of the "B" Machine (SRH-159). edited by S. I. S. US Army. Washington, DC: National Archives. ———. 1942. A Brief History of U.S. Cryptologic Operations 1917 - 1929 (June 29, 1942). SRH-029. Washington, DC: NARA. RG 457 Entry 9032. ———. 1991. A Brief History of The Signal Intelligence Service (SRH-029). Cryptologia 15 (3):263 - 272. ———. 2006. The Friedman Legacy: A Tribute to William and Elizebeth Friedman (Third Printing). Fort Meade, MD: NSA Center for Cryptologic History. 226 pgs. Hannah, Theodore M. 1981. Frank B. Rowlett - A Personal Profile. Cryptologic Spectrum 11 (2):4 - 21. Kahn, David. 1967. The Codebreakers; The Story of Secret Writing. hardcover ed. New York: Macmillan. xvi, 1164 pgs. Kullback, Solomon. 1982. Oral History of Solomon Kullback. In Oral History Collection. Ft. Meade, MD: National Security Agency. Lewin, Ronald. 1982. The American Magic: Codes, Ciphers and the Defeat of Japan. hardcover ed. New York: Farrar Straus Giroux. 332 pgs. Marks, Philip. 2011. Operational Use and Cryptanalysis of the Kryha Cipher Machine. Cryptologia 35 (2):114-155. Morris, Robert. 1978. The Hagelin Cipher Machine (M-209): Reconstruction of the Internal Settings. Cryptologia 2 (3):267-289. Rowlett, Frank R. 1974. Oral History of Frank Rowlett (1974). In Oral History Collection. Ft. Meade, MD: National Security Agency. ———. 1976. Oral History of Frank Rowlett (1976). In Oral History Collection. Ft. Meade, MD: National Security Agency. ———. 1998. The Story of Magic: Memoirs of an American Cryptologic Pioneer. hardcover. Laguna Hills, CA: Aegean Park Press. 258 pgs. Savard, John J. G., and Richard S. Pekelney. 1999. THE ECM MARK II: DESIGN, HISTORY, AND CRYPTOLOGY. Cryptologia 23 (3):211-228. Schmeh, Klaus. 2010. Alexander von Kryha and His Encryption Machines. Cryptologia 34 (4):291-300. Sinkov, Abraham. 1979. Oral History of Dr. Abraham Sinkov. In Oral History Collection. Ft. Meade, MD: National Security Agency. Smoot, Betsy Rohaly. 2012. Pioneers of U.S. Military Cryptology: Colonel Parker Hitt and His Wife, Genevieve Hitt. Federal History Journal (4):87-100. Snyder, Samuel. 1976. Oral History of Samuel Snyder. In Oral History Collection. Ft. Meade, MD: National Security Agency.

21 Thursday, November 7, 2013 21