Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world

The Math That Saved the World Brad Young brad@clearpoint.co.il A Mathematical and Historical Analysis of the Cryptographic Attacks on the Nazi Enigma Machine Marian Rejewski Alan Turing

Agenda Development of Enigma Machine – Why/How/What The Rejewski Crack The Turing Crack Historical Impact

WWI Cryptology First major war with radio + telegraph Very large volume of communications Hand-ciphers Playfair, ADFGVX etc. Bigraph substitution + transformation Encryption/Decryption Inefficient …Became bottleneck Cryptanalysis Difficult, time-consuming… But successful (mainly)

Invention of Enigma Machine Arthur Scherbius Efficient! (oh, and also Secure, by the way) Business, Military versions Early 1920’s – very poor sales German economy in trouble

Oops Publishes history book Reveals the impact of crypto on WWI Now, the Germans want Enigma!

A B C D E F G H Reflector 3rd Rotor 2nd Rotor 1st Rotor Lightbulbs Keyboard Enigma Schematic

A B C D E F G H Reflector Lightbulbs 3rd Rotor 2nd Rotor 1st Rotor Keyboard Electric Circuit

A B Pressing ‘A’ on the keyboard… C D E F … lights the ‘B’ lightbulb G H NOTE: Because it is a electric circuit, no letter can map to itself. Minor detail combinatorically speaking, but very important for the Turing crack. Reflector Lightbulbs 3rd Rotor 2nd Rotor 1st Rotor Keyboard Electric Circuit

A B C D E After each letter, the first rotor shifts one step. So now, pressing ‘A’ lights a different lightbulb….’F’ F G H Reflector Lightbulbs 3rd Rotor 2nd Rotor 1st Rotor Keyboard Rotor Shift

A B C D E F Sits between keyboard and rotors. Each plug cable swaps signal between two letters. 6 cables connect 12 letters. 14 other letters are not plugged at all. G H Reflector Lightbulbs Plugboard 3rd Rotor 2nd Rotor 1st Rotor Keyboard Plugboard

Keysize A B Rotor Order Rotor Setting Plugboard Wiring I – III - II VYJ A/G, D/Q, J/Z,L/S, M/V, N/T 3! = 6 263 =17,576 C(26,2) x C(24,2) x C(22,2) x C(20,2) x C(18,2) x C(16,2) x 1/6! (26!)3 x C(26,2)…C(2,2)x1/13! C ≈ 105 D E F ≈ 1011 ≈ 1092 G H Total Key Size ≈ 10108 Variable Key Size ≈ 1016

German Use of Enigma Day Keys (RO, RS, PB) distributed monthly in key books ,[object Object],Encode Message Key using Day Key, twice Move rotor to Message Key setting Encode actual message Set to Day Key(VYJ) Change to Message Key (CIL) CILCILATTACKFROMNORTHATNINETHIRTYBOKJRVSQIGPQTMNWJRAKOBYTKMTKGBBRQ

Biuro Szyfrów 1918 – Polish Independence 1919 – Creation (and success) of Cipher Bureau 1926 – Germany goes dark as Enigma is adopted 1930 – Bring in the mathematicians (?!?) Marian Rejewski Jerzy Różycki Henryk Zygalski

The Rejewski Crack Intuition,Espionage,Engineering Understand how Enigma works Reverse-engineer the wiring Be able to crack the key each day Permutational Mathematics

The Math of Permutation Cycles P = P-1 =

Cycle Notation P = P = (AECH)(BFD)(G) = (BFD)(G) (AECH) = (FDB)(G)(CHAE) P-1 = (HCEA)(DFB)(G) Benefits of cycle notation: Concise Easier to take inverse (These are benefits of efficiency)

Cycle Structure = (AECH)(BFD)(G) P = 4 3 1 = (AFC)(BG)(D)(EH) Q = 3 2 1 2 Benefits of cycle notation: Concise Easier to take inverse Gives more info – Cycle Structure (This is a benefit of value-add information)

Composition P = = (AECH)(BFD)(G) Q = = (AFC)(BG)(D)(EH) Q ◦ P = Q(P()) = (AHFDGBCE) Q ◦ P ≠ P ◦ Q - NOT Commutative Q ◦ ( P ◦ R ) = ( Q ◦ P ) ◦ R - Associative

Identity = (A)(B)(C)(D)(E)(F)(G)(H) I = P ◦ I = I ◦ P = P P ◦ P -1 = I I ◦ I = I i.e. I = I -1 (ab) ≠ I , but (ab) ◦ (ab) = (a)(b) i.e. (ab) = (ab)-1

Conjugation Conjugation of Q by P is defined as P ◦ Q ◦ P-1 P = (AECH)(BFD)(G) P-1 = (HCEA)(DFB)(G) Q = (AFC)(BG)(D)(EH) 1-2-2-3 1-2-2-3 This is not a coincidence! This is not a coincidence! P ◦ Q ◦ P-1 = (AC)(B)(DHE)(FG)

Theorem: Cycle structure is invariant under conjugation Proof: Suppose Q: ij, that is Q(i) = j. Consider P ◦ Q ◦ P-1 (P(i)). P ◦ Q ◦ P-1 (P(i)) = P ◦ Q ◦ (P-1 ◦ P)(i) = P ◦ Q(i) = P(j) i.e. P ◦ Q ◦ P-1: P(i)P(j) Therefore… If Q has k-cycle (i1, i2 … ik) then P ◦ Q ◦ P-1 has k-cycle (P(i1), P(i2)…P(ik)) QED

Using Permuation Cycles on Enigma A B Suppose we intercept a message: BOLJRVSQIGPQTMNWJRAKOBYTKMTTGBBRQUPWLHSOLNFEQTHJOVX Plaintext: abcabcCiphertext: BOLJRV Define En as the permutation that occurs when Enigma machine is in state n. So, in the first state, aB. In the fourth state, aJ E1 = (aB …E4 = (aJ … Now…Recall the effect of the Reflector, which creates 2-letter circuits So, if aB, then Ba. So the cycle is closed. E1 = (aB) …E4 = (aJ) … So, we can now compute E4 ◦ E1 = (BJ … C These are the variablesa,b,c, not the actual letters D E F G H

Using Permuation Cycles on Enigma If we have many intercepts from the same day, then they were produced with the same day settings. So we can calculate the entire compositions… E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)E5 ◦ E2 = (ORJCLVHGXKF)(AUYMPZQNDWB)(ES)(IT)E6 ◦ E3 = (BWOIKTZHXB)(EPQJYLVGN)(ARCU)(DSMF) Good news: abc variables have been eliminated! We’ve found a unique identifier! Bad news: It is one of 10,000,000,000,000,000 possibilities

Explore the nature of En A B En = P ◦ Rn ◦ P where P is the plugboard permutation and Rn is rotor permutation when in state n E4 ◦ E1 = P ◦ R4 ◦ P ◦ P ◦ R1 ◦ P Now, recall the plugboard… P = (ab)(cd)(ef)(gh)(ij)(kl)(m)(n)(o)(p)(q)(r)(s)(t)(u)(v)(w)(x)(y)(z) All 2-cycles and 1-cycles, therefore P = P-1 ! E4 ◦ E1 = P ◦ R4 ◦ P ◦ P ◦ R1 ◦ P = P ◦ R4 ◦ P ◦ P-1 ◦ R1 ◦ P = P ◦ R4 ◦ (P ◦ P-1 ) ◦ R1 ◦ P = P ◦ R4 ◦ R1 ◦ P = P ◦ (R4 ◦ R1 ) ◦ P = P ◦ (R4 ◦ R1 ) ◦ P-1 C P R D E F G H Conjugation:Cycle structure of E4 ◦ E1 is same as cycle structure of R4 ◦ R1 and is not affected at all by the plugboard! E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)E5 ◦ E2 = (AUYMPZQNDWB)(CLVHGXKFORJ)(ES)(IT)E6 ◦ E3 = (BWOIKTZHXB)(EPQJYLVGN)(ARCU)(DSMF) 1-1-1-1-1-1-10-10 ; 2-2-11-11 ; 4-4-9-9 Remember: Keysize(R) ≈ 105 Keysize(P) ≈ 1011

Now, where are we? Figuring out En is problem of size 1016 Now, we have Rn, a smaller problem: 105 Just barely small enough to attack brute force

Building the Rejewski Dictionary RO RS E4 ◦ E1 E5 ◦ E2 E6 ◦ E3 1 2 3 AAA 13-13 1-1-12-12 1-1-12-12 1 2 3 BAA 1-1-12-12 1-1-12-12 2-2-11-11 1 2 3 CAA 1-1-12-12; 2-2-11-11 1-1-12-12 1 2 3 DAA 2-2-11-11 1-1-12-12 13-13 1 2 3 EAA 1-1-12-12 13-13 13-13 1 2 3 FAA 13-13 13-13 1-1-2-2-3-3-3-3-4-4 1 2 3 GAA 13-13 1-1-2-2-3-3-3-3-4-4 2-2-5-5-6-6 1 2 3 HAA 1-1-2-2-3-3-3-3-4-4 2-2-5-5-6-6 13-13 1 2 3 IAA 2-2-5-5-6-6 13-13 4-4-9-9 1 2 3 JAA 13-13 4-4-9-9 1-1-5-5-7-7 1 2 3 KAA 4-4-9-9 1-1-5-5-7-7 13-13 1 2 3 LAA 1-1-5-5-7-7 13-13 1-1-2-2-10-10 1 2 3 MAA 13-13 1-1-2-2-10-10 1-1-1-1-11-11 . . . . . . . . . . . . . . . … 2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 1-1-12-12 KFE 213 2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 2-2-5-5-6-6 ZTF 132 2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 5-5-8-8 GIC 312 2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-12-12 AHH 132 2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-12-12 WLA 312 2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-5-5-7-7 YKG 132 2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 DXI 213 2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 ESY 321 2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 VHX 213 2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 2-2-11-11 UNV 231 … 1 setting every 4 minutes, x 20 hours/day = 300 / day 105 / 300 ≈ 1 year to complete Good news; Solved the RO, RS! Bad news: 105 solved, 1011 not solved Cycle structure is not unique …even though 105 << (1012)3 ≈ 1012 But most have < 10

Recovering the Plugboard Plugboard is the biggest problem combinatorically But… It is trivial to solve E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V) R4 ◦ R1 = (MGWTREFBJU)(AKZCINLSHY)(P)(D)(O)(Q)(V)(X) (BJUMPWTCFE) (BJUMGWTREF) Plugboard settings: P/G , C/R , E/F , etc.

Paradox of Decreasing Benefit Keysize # Cables

1939 – Brink of War Polish deliver Enigma replica and training to England and France Biuro Szyfrów is dismantled

Bletchley Park HQ of British Government Code and Cypher School (GCCS)

New Challenges Combinatoric More rotors to choose from Increase # of plugs Ring settings Procedural Eliminate Message Key repetition Navy / Air Force / Army mods Keysize now 1023

Turing’s Solution Known-Plaintext attack Heil Hitler Wetterbericht Seeding values Plaintext Crib:Ciphertext: Try to place the crib without letter any letter mapping to itself WETTERBERICHT WETTERBERICHT WETTERBERICHT WETTERBERICHT WETTERBERICHT EXLMBTWZXBITWZCIQ P(false hit) = (25/26)length of crib

Finding Cycles WETTERBERICHT EXLMBTWZXBITW E1: WE E5: EB E7: BW

J Q F b E E1 E1: WE E5: EB E7: BW a W J Q J B b E E5 c J Q L B E7 c a W

J Q F b E1 a J Q J b E5 c J Q L E7 c a

M V C b E1 a M Z C b E5 c M B D E7 c a

M V C b a E1 M Z C b E5 c M B D E7 P(false hit) = (1/26)length of cycle-1 a c

Turing’s Bombe NOT a computer Multi-Enigma Wiring 120 rpm  max 6 hrs to solve ~70% of days cracked Accurate crib? Location of crib in message? Find cycle in message? Not too many false hits? Crib seeding Fake missions – Get spotted 18’26”N, 72’49”E = einachtzweisechsnordensiebenzweivierneunosten Reimann zeta zeros

6 : 60,000,000 :: 8 : ?

Secrecy Bletchley Park is gutted Enigma machines captured (and distributed!) Top Secret status until 1973!

Marian Rejewski – During and After the War ,[object Object]

Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world

Semelhante a Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world (20)

Último

Último (20)

Cracking the Enigma Machine - Rejewski, Turing and the Math that saved the world