Lorenz cipher

From Infogalactic: the planetary knowledge core
Jump to: navigation, search
The Lorenz SZ42 machine with its covers removed. Bletchley Park museum

The Lorenz SZ40, SZ42A and SZ42B were German rotor stream cipher machines used by the German Army during World War II. They were developed by C. Lorenz AG in Berlin. The model name SZ was derived from Schlüsselzusatz, meaning cipher attachment. The instruments implemented a Vernam stream cipher.

British cryptographers, who referred to encrypted German teleprinter traffic as Fish, dubbed the machine and its traffic Tunny.[1]

The SZ machines were in-line attachments to standard teleprinters. An experimental link using SZ40 machines was started in June 1941. The enhanced SZ42 machines were brought into substantial use from mid-1942 onwards for high-level communications between the German High Command in Wünsdorf close to Berlin, and Army Commands throughout occupied Europe.[2] The more advanced SZ42A came into routine use in February 1943 and the SZ42B in June 1944.[3]

Wireless telegraphy (WT) rather than land-line circuits was used for this traffic.[4] These non-Morse (NoMo) messages were picked up by Britain's Y-stations at Knockholt and Denmark Hill and sent to Government Code and Cypher School at Bletchley Park (BP). Some were deciphered using hand methods before the process was partially automated, first with Robinson machines and then with the Colossus computers.[5] The deciphered Lorenz messages made one of the most significant contributions to British Ultra military intelligence and to Allied victory in Europe, due to the high-level strategic nature of the information that was gained from Lorenz decrypts.[6]

The Vernam cipher

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

Gilbert Vernam was an AT&T Bell Labs research engineer who, in 1917, invented a cipher system that used the Boolean "exclusive or" (XOR) function, symbolized by ⊕.[7] This is represented by the following "truth table", where 1 represents "true" and 0 represents "false".

INPUT OUTPUT
A B AB
0 0 0
0 1 1
1 0 1
1 1 0

Other names for this function are: Not equal (NEQ), modulo 2 addition (without 'carry') and modulo 2 subtraction (without 'borrow').

Vernam's cipher is a Symmetric-key algorithm, i.e. the same key is used both to encipher plaintext to produce the ciphertext and to decipher ciphertext to yield the original plaintext:

plaintext ⊕ key = ciphertext

and:

ciphertext ⊕ key = plaintext

This produces the essential reciprocity that allows the same machine with the same settings to be used for both enciphering and deciphering.

Vernam's idea was to use conventional telegraphy practice with a paper tape of the plaintext combined with a paper tape of the key. Each key tape would have been unique (a one-time tape), but generating and distributing such tapes presented considerable practical difficulties. In the 1920s four men in different countries invented rotor cipher machines to produce a key stream to act instead of a tape.[8] The 1940 Lorenz SZ40/42 was one of these.[9]

Structure

The logical functioning of the Tunny system was worked out well before the Bletchley Park cryptanalysts saw one of the machines—which only happened in 1945, shortly before the allied victory in Europe.[10]

The Lorenz SZ machines had 12 wheels each with a different number of cams (or "pins").
Wheel number 1 2 3 4 5 6 7 8 9 10 11 12
BP wheel name[11] ψ1 ψ2 ψ3 ψ4 ψ5 μ37 μ61 χ1 χ2 χ3 χ4 χ5
Number of cams (pins) 43 47 51 53 59 37 61 41 31 29 26 23

The SZ machine served as an in-line attachment to a standard Lorenz teleprinter. It had a metal base 19 in (48 cm) × 15.5 in (39 cm) and was 17 in (43 cm) high.[9] The teleprinter characters consisted of five data bits, encoded in the International Telegraphy Alphabet No. 2 (ITA2). The enciphering machine generated a pseudorandom character-by-character key that was XOR-ed with the input characters to form the output characters.[11]

Each of the five bits (or "impulses") of the key for each character was generated by the relevant wheels in two parts of the machine. The Bletchley Park analysts called these the χ ("chi") wheels, and the ψ ("psi") wheels. Each wheel had a series of cams (or "pins") around them. These cams could be set in a raised (active) or lowered (inactive) position. In the raised position they generated a '1', in the lowered position they generated a '0'. There were a total of 501 pins on the wheels, giving a theoretical number of ways of setting the pins of 2501 which is approximately 10151, an astronomically large number.[12]

The χ wheels all moved on one position for each character. The ψ wheels also all moved together, but not after each character. Their movement was controlled by the two μ ("mu") or "motor" wheels.[13] The SZ40 μ61 wheel moved one position with each character, but the μ37 wheel moved on only when the cam on the μ61 wheel was in the active position. If the cam on the μ37 wheel was in the active position, all five ψ wheels then moved.[13] The SZ42A and SZ42B models had additional complexity to this mechanism, known at Bletchley Park as Limitations.[14]

The key stream generated by the SZ machines thus had a χ component and a ψ component that were combined together with the XOR function. Symbolically, the key that was combined with the plaintext for enciphering—or with the ciphertext for deciphering—can be represented as follows.[13]

key = χ-key ⊕ ψ-key

The number of cams on each wheel equalled the number of impulses needed to cause them to complete a full rotation. These numbers are all co-prime with each other, giving the longest possible time before the pattern repeated. This number is the product of the number of positions of the wheels i.e. 43 × 47 × 51 × 53 × 59 × 37 × 61 × 41 × 31 × 29 × 26 × 23 = 1.6034 × 1019 (16 billion billion). However, if the five impulses are considered independently, the numbers are much more manageable. The product of the rotation period of any pair of χ wheels gives numbers between 41 × 31 = 1271 and 26 × 23 = 598.

Operation

Close-up of the cams on wheels 9 and 10 of the Lorenz SZ42 showing cams in both the active (raised) position and the inactive (lowered) position.

Each "Tunny" link had four SZ machines with a transmitting and a receiving teleprinter at each end. For enciphering and deciphering to work, the transmitting and receiving machines had to be set up identically. There were two components to this; setting the patterns of cams on the wheels and rotating the wheels for the start of enciphering a message. The cam settings were changed less frequently before summer 1944. The ψ wheel cams were initially only changed quarterly, but later monthly, the χ wheels were changed monthly but the motor wheel patterns were changed daily. From 1 August 1944, all wheel patterns were changed daily.[15]

Initially the wheel settings for a message were sent to the receiving end by means of a 12-letter indicator sent un-enciphered, the letters being associated with wheel positions in a book. In October 1942 this was changed to the use of a book of single-use settings in what was known as the QEP book. The last two digits of the QEP book entry were sent for the receiving operator to look up in his copy of the QEP book and set his machine's wheels. Each book contained one hundred or more combinations. Once all the combinations in a QEP book had been used it was replaced by a new one.[16] The message settings should never have been re-used, but on occasion they were, providing a "depth", which could be utilised by a cryptanalyst.[17]

As was normal telegraphy practice, messages of any length were keyed into a teleprinter with a paper tape perforator. The typical sequence of operations would be that the sending operator would punch up the message, make contact with the receiving operator, use the EIN / AUS switch on the SZ machine to connect it into the circuit, and then run the tape through the reader.[9] At the receiving end, the operator would similarly connect his SZ machine into the circuit and the output would be printed up on a continuous sticky tape. Because this was the practice, the plaintext did not contain the characters for "carriage return", "line feed" or the null (blank tape, 00000) character.[4]

Cryptanalysis

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

British cryptographers at Bletchley Park had deduced the operation of the machine by January 1942 without ever having seen a Lorenz machine, a feat made possible by a mistake made by a German operator.

Interception

Tunny traffic was known by Y Station operators used to listening to Morse code transmission as "new music". Its interception was originally concentrated at the Foreign Office Y Station operated by the Metropolitan Police at Denmark Hill in Camberwell, London. But due to lack of resources at this time (around 1941), it was given a low priority. A new Y Station, Knockholt in Kent, was later constructed specifically to intercept Tunny traffic so that the messages could be efficiently recorded and sent to Bletchley Park.[18] The head of Y station, Harold Kenworthy, moved to head up Knockholt. He was later promoted to head the Foreign Office Research and Development Establishment (F.O.R.D.E).

Code breaking

On 30 August 1941, a message of some 4,000 characters was transmitted from Athens to Vienna. However, the message was not received correctly at the other end, so (after the recipient sent an unencoded request for retransmission, which let the codebreakers know what was happening) the message was retransmitted with the same key settings (HQIBPEXEZMUG); a forbidden practice. Moreover, the second time the operator made a number of small alterations to the message, such as using abbreviations, making the second message somewhat shorter. From these two related ciphertexts, known to cryptanalysts as a depth, the veteran cryptanalyst Brigadier John Tiltman in the Research Section teased out the two plaintexts and hence the keystream.

Then, after three months of the Research Section failing to diagnose the machine from the almost 4,000 characters of key, the task was handed to mathematician Bill Tutte. He applied a technique that he had been taught in his cryptographic training, of writing out the key by hand and looking for repetitions. Tutte did this with the original teleprinter 5-bit Baudot codes, which led him to his initial breakthrough of recognising a 41 character repetition.[10][19] Over the following two months up to January 1942, Tutte and colleagues worked out the complete logical structure of the cipher machine. This remarkable piece of reverse engineering was later described as "one of the greatest intellectual feats of World War II".[10]

After this cracking of Tunny, a special team of code breakers was set up under Ralph Tester, most initially transferred from Alan Turing's Hut 8. The team became known as the Testery. It performed the bulk of the subsequent work in breaking Tunny messages, but was aided by machines in the complementary section under Max Newman known as the Newmanry.[20]

Decryption machines

Several complex machines were built by the British to aid the attack on Tunny. The first was the British Tunny.[21][22] This machine was designed by Bletchley Park, based on the reverse engineering work done by Tiltman's team in the Testery, to emulate the Lorenz Cipher Machine. When the pin wheel settings were found by the Testery, the Tunny machine was set up and run so that the messages could be printed.

A family of machines known as "Robinsons" were built for the Newmanry. These used two paper tapes, along with logic circuitry, to find the settings of the χ pin wheels of the Lorenz machine.[23] The Robinsons had major problems keeping the two paper tapes synchronized and were relatively slow, reading only 2000 characters per second.

The most important machine was the Colossus of which ten were in use by the war's end, the first becoming operational in December 1943. Although not fully programmable, they were far more efficient than their predecessors, representing advances in electronic digital computers. The Colossus computers were developed and built by Tommy Flowers, of the Dollis Hill Post Office Research Station. Some influential figures had doubts about his proposed design for the decryption machine, and Flowers proceeded with the project while largely funding it himself, he was apparently never reimbursed. Like the later ENIAC of 1946, Colossus did not have a stored program, and was programmed through plugboards and jumper cables. It was faster, more reliable and more capable than the Robinsons, so speeding up the process of finding the Lorenz χ pin wheel settings. Since Colossus generated the putative keys electronically, it only had to read one tape. It did so with an optical reader which, at 5000 characters per second, was driven much faster than the Robinsons' and meant that the tape travelled at almost 30 miles per hour (48 km/h).[24] This, and the clocking of the electronics from the optically read paper tape sprocket holes, completely eliminated the Robinsons' synchronisation problems. Bletchley Park management, which had been sceptical of Flower's ability to make a workable device, immediately began pressuring him to construct another. After the end of the war, Colossus machines were dismantled on the orders of Winston Churchill,[25] but GCHQ retained two of them.[26]

Testery executives and Tunny codebreakers

  • Ralph Tester – linguist and head of Testery
  • Jerry Roberts – shift-leader, linguist and senior codebreaker
  • Peter Ericsson – shift-leader, linguist and senior codebreaker
  • Victor Masters – shift-leader
  • Denis Oswald – linguist and senior codebreaker
  • Peter Hilton – codebreaker and mathematician
  • Peter Benenson – codebreaker
  • Peter Edgerley – codebreaker
  • John Christie – codebreaker
  • John Thompson – codebreaker
  • Roy Jenkins – codebreaker
  • Shaun Wylie – codebreaker
  • Tom Colvill – general manager

By the end of the war, the Testery had grown to 9 cryptographers, 24 ATS girls (as the women serving that role were then called) with a total staff of 118, organised in three shifts working round the clock.

Surviving machines

Lorenz cipher machines were built in small numbers; today only a handful survive in museums.

In Germany, examples may be seen at the Heinz Nixdorf MuseumsForum, a computer museum in Paderborn and the Deutsches Museum, a museum of science and technology in Munich.[27] A Lorenz machine is also displayed at Bletchley Park in the United Kingdom and at the National Cryptologic Museum in the United States.

See also

Notes

  1. Hinsley 1993, p. 141
  2. Hinsley 1993, p. 142
  3. Copeland 2006, pp. 38, 39
  4. 4.0 4.1 Good, Michie & Timms 1945, p. 4 of German Tunny
  5. Good 1993, pp. 160–165
  6. http://cs.stanford.edu/people/eroberts/courses/soco/projects/colossus/history.html
  7. Klein, p. 2
  8. Klein, p. 3
  9. 9.0 9.1 9.2 Good, Michie & Timms 1945, p. 10 of German Tunny
  10. 10.0 10.1 10.2 Lua error in package.lua at line 80: module 'strict' not found.
  11. 11.0 11.1 Good, Michie & Timms 1945, p. 6 of German Tunny
  12. Churchhouse 2002, p. 158
  13. 13.0 13.1 13.2 Good, Michie & Timms 1945, p. 7 of German Tunny
  14. Good, Michie & Timms 1945, p. 8 of German Tunny
  15. Good, Michie & Timms 1945, p. 14 of German Tunny
  16. Copeland 2006, p. 45
  17. Churchhouse 2002, p. 34
  18. Good, Michie & Timms 1945, p. 281 in Knockholt
  19. Tutte 1998, pp. 356, 357
  20. Roberts 2009
  21. Halton 1993
  22. Bletchley Park completes epic Tunny machine The Register, 26 May 2011, Accessed May 2011
  23. Copeland 2006, p. 66
  24. Flowers 2006, p. 100
  25. Verdict of Peace: Britain Between Her Yesterday and the future, Correlli Barnett, 2002
  26. Copeland 2006, p. 173
  27. Lua error in package.lua at line 80: module 'strict' not found.

References

  • Lua error in package.lua at line 80: module 'strict' not found.
  • Lua error in package.lua at line 80: module 'strict' not found.
  • Lua error in package.lua at line 80: module 'strict' not found. in Copeland 2006, pp. 36–51
  • Lua error in package.lua at line 80: module 'strict' not found. in Copeland 2006, pp. 64–77
  • Davies, Donald W., The Lorenz Cipher Machine SZ42, (reprinted in Selections from Cryptologia: History, People, and Technology, Artech House, Norwood, 1998)
  • Lua error in package.lua at line 80: module 'strict' not found. in Copeland 2006, pp. 91–100
  • Lua error in package.lua at line 80: module 'strict' not found. in Hinsley & Stripp 1993, pp. 149–166
  • Lua error in package.lua at line 80: module 'strict' not found. That version is a facsimile copy, but there is a transcript of much of this document in '.pdf' format at: Lua error in package.lua at line 80: module 'strict' not found., and a web transcript of Part 1 at: Lua error in package.lua at line 80: module 'strict' not found.
  • Lua error in package.lua at line 80: module 'strict' not found. in Hinsley & Stripp 1993, pp. 167–174
  • Lua error in package.lua at line 80: module 'strict' not found.
  • Lua error in package.lua at line 80: module 'strict' not found. in Hinsley & Stripp 1993, pp. 141–148
  • Lua error in package.lua at line 80: module 'strict' not found.
  • Lua error in package.lua at line 80: module 'strict' not found. in Copeland 2006, pp. 249–259
  • Lua error in package.lua at line 80: module 'strict' not found.
  • Lua error in package.lua at line 80: module 'strict' not found. Transcript of a lecture given by Prof. Tutte at the University of Waterloo
  • Entry for "Tunny" in the GC&CS Cryptographic Dictionary
  • The Lorenz Cipher and how Bletchley Park broke it by Tony Sale

Further reading

  • Lua error in package.lua at line 80: module 'strict' not found. Contains a short but informative section (pages 312–315) describing the operation of Tunny, and how it was attacked.
  • Lua error in package.lua at line 80: module 'strict' not found.* Paul Gannon, Colossus: Bletchley Park's Greatest Secret (Atlantic Books, 2006). Using recently declassified material and dealing exclusively with the efforts to break into Tunny. Clears up many previous misconceptions about Fish traffic, the Lorenz cipher machine and Colossus.
  • Lua error in package.lua at line 80: module 'strict' not found.
  • Lua error in package.lua at line 80: module 'strict' not found. Contains a lengthy section (pages 148–164) about Tunny and the British attack on it.

External links