|
|
|
|
|
|
|
|
Working principle of the Enigma
|
 |
|
|
On this page we will try to explain how the Enigma works. We do this
by first examining the circuit diagram and following the
electric current from the keyboard, through the wheels, to the lamp panel.
Next we explain the movement of the wheels,
the configuration of the plug board
and the total possible number of settings.
Finally, the differences between the various Enigma models
and some weaknesses of the system are discussed. Have fun!
|
When studying the working principle of the Enigma, we have to consider
that there are in fact many different variants of this machine.
Some of the differences make it impossible to decrypt a message
that was encoded on another model. That does however not affect the working
principle as explained here. For this we study the circuit diagram
of an standard 3-wheel Army Enigma.
| |
|
Simplified circuit diagram of a 3-wheel Service Enigma
|
Letters are 'scrambled' by a set of rotatable wheels each with 26 contacts
on either side. Each contact on one side is connected (wired) to a
contact on the other side in some random fashion.
Some models, like the standard Service Enigma and the M3 have
3 such rotating wheels, but the M4 model, used later in the war
exclusively for the German U-Boats, has 4 wheels.
Each time a key is pressed, the right most wheel
is rotated by one step, resulting in a different mapping of the
internal wires. As a result, each new letter is encoded
differently.
Each wheel has one or more notches that may cause
the next wheel to be moved by one position too. If a wheel has only
one notch, it needs to complete a full revolution before the wheel
to the left of it is stepped by one position.
The keyboard consists of 26 keys, marked A-Z.
Whenever a key, say Q, is pressed the wheels will
be moved into a new position and a contact is closed.
As a result a current will flow.
The wires from the 26 keys are connected to a static wheel called
the Stator or Entrittswalze (ETW). The order in which
the keys are connected to the 26 contacts on the ETW varies
between the different Enigma models.
Leaving the ETW, the current enters the right most wheel (1) via one
of the contacts at its right hand side. The internal wiring of that wheel 'translates' this current to one of the contacts on the left side of
the wheel. From there the current is 'handed over' to the next wheel,
and so on. Left of the rotating wheels is the
Reflector, or Umkehrwalze (UKW). This wheel sends the current
back into the rotating wheels, but this time the current flows
from left to right, until it reaches the ETW again. From the
ETW the current goes to the lamp board where the corresponding
letter (E in the example) will be lit. It is inherent to this
design, that a letter can never be encoded into itself.
Before starting the ciphering process, the Enigma needs to be
setup in a known way at both sides of the communication link.
This means the wheel order (Walzenlage) needs to be known
as well as the starting position of each wheel (Grundstellung).
In order to further complicate things, each wheel has a settable
index ring that moves the contacts independant of the wheel's alphabet.
This is called the ring setting (Ringstellung).
To make life even more complex, the Army machines were all
equipped with a plug board, or patch panel (Steckerbrett),
that allows pairs of letters to be swapped.
Any number of cables from none to 13 may be connected to the
Steckerbrett, meaning that between 0 and 13 letter pairs may
be swapped. If a letter is not mapped (i.e. no stecker is used for
that letter), the letter is known to be Self-Steckered.
See below for more information.
|
|
|
Wheel rotation in more detail
|
|
|
|
|
Below each key of the keyboard is a two-position switch.
The key has to be fully depressed before the switch is activated.
The key also controls the wheel movement. Whenever a
key is pressed, the rightmost wheel makes a single step before
the switch is activated and a lamp is turned on.
|
Each wheel has 26 positions that we will call A-Z. The index on the
wheels is engraved (either as A-Z or 1-26) along the side of the wheel.
When a key is pressed, the rightmost wheel is rotated counter clockwise,
when viewed from the ETW. If the letter A
was visible in the window, the letter B will be visible next time
the wheel is moved.
Each wheel has a ring that can be used to rotate
the wiring independantly of the index. This can be regarded as
creating an offset in the opposite direction.
The wheel-turnover notches are fixed to the index ring.
Therefore the turnover of the next wheel,
will always happen at the same letter in the window,
but the wiring might be rotated.
Wheel movement is much like the odometer in a car. If the rightmost
wheel has made a full turn, it will carry on the next wheel
by one step.
|
|
| |
|
Exploded view of a wheel
|
|
Most Enigma models are equipped with stepping levers and notches.
Whenever the position of a notch is reached, it engages a pawl.
On the next key press, this pawl will carry-on the next wheel.
This principle is called Enigma stepping and has the strange
side-effect that the middle rotor steps twice
(on successive key presses)
if the leftmost wheel also makes a step. This phenomena,
called the double stepping anomaly, has been described in detail
by David Hamer in 1997 [1].
|
The table below should illustrate what happens.
Wheel I is placed in the rightmost position (also called the 'fast'
position). It causes the next wheel to step when it changes from
Q to R. Wheel II is in the middle position. It causes a step
when changing from E to F. Now observe what happens:
|
| III
|
II
|
I
|
<-- wheel order
|
|
|
| A
|
D
|
O
|
| A
|
D
|
P
|
| A
|
D
|
Q
|
| A
|
E
|
R
|
<-- 1st step of middle wheel
|
| B
|
F
|
S
|
<-- 2nd step of middle wheel
|
| B
|
F
|
T
|
| B
|
F
|
U
|
|
When the fast wheel changes from Q to R, it causes the middle wheel (II)
to step from D to E. One the next step, the rightmost wheel changes from
R to S and the middle wheel makes one more step: from E to F.
At the same time, the middle wheel causes the left wheel (I) to make
a single step. This double stepping anomaly reduces the cryptographic
period of the system.
Some Enigma machines, such as the Zählwerksmaschine A28
and the Enigma G, were driven by a gear mechanism with
cog-wheels rather than by pawls and rachets.
These machines do not suffer from the double stepping
anomaly and behave exactly like the odometer of a car.
They have the additional advantage that they can be wound back by means
of a crank in case of a typo, whereas machines with Enigma Stepping can
only be moved forward.
|
The army variants of the Enigma (Service Enigma, M3 and M4) were
equipped with a plug board (Steckerbrett) at the front, that would
allow any pair of letters to be swapped.
For this purpose 12 patch cables
were usually supplied: 10 to be used on the Steckerbrett and 2 spares
that were stored inside the top lid of the case.
As the Steckerbrett is connected between the keyboard and the ETW,
each encoded letter will go through the stecker mappings twice.
This does not affect the machine's reciprocity (reversibility)
and a letter can still not be encoded into itself.
Each patch cable as a 2-pin plug at either side.
Each plug has a thick and a thin pin,
so that it can not be inserted
the wrong way around. The cable crosses the connection between
the plugs. The thick pin of one plug is connected to the thin pin of
the other one and vice versa.
|
The image on the right shows a double-ended plug with a thick and a thin pin.
Swapping the letters in pairs means that if A is transposed into Z, the
reverse is also true: Z is transposed into A. This is called
self-reciprocity.
Compared to a single-ended Steckerbrett, this reduces the total number of
possible wire combinations.
The same self-reciprocity was exploited by Gordon Welchman
when improving Turing's Bombe,
resulting in shorter Bombe-runs when breaking the Enigma's daily keys.
It effectively eliminated the Steckerbrett from the equasion.
|
|
|
With 26 letters, and hence 26 sockets on the Steckerbrett, a maximum of 13
patch cables could be installed. Any number of cables between 0 and 13 was
possible and the maximum number of combinations would be reached when the
number of patch cables was different each day. In practice however, the
German operation procedure generally instructed the use of 10 cables.
The total number of combinations for each number of cables is calculated
as follows [2]:
The table below shows the number of cables for each number of cables:
|
| Cables (n)
|
Possible combinations
|
|
|
| 0
|
1
|
| 1
|
325
|
| 2
|
44,850
|
| 3
|
3,453,450
|
| 4
|
164,038,875
|
| 5
|
5,019,589,575
|
| 6
|
100,391,791,500
|
| 7
|
1,305,093,290,000
|
| 8
|
10,767,019,640,000
|
| 9
|
53,835,098,190,000
|
| 10
|
150,738,274,900,000
|
<-- Standard number of cables
|
| 11
|
205,552,193,100,000
|
| 12
|
102,776,096,500,000
|
| 13
|
7,905,853,580,550
|
|
|
| Total
|
532,985,208,200,000
|
|
In the table above you can see that it is theoretically possible to
multiply the number of possibilities of a non-Steckered machine
(approx. 71 million) with over 500 million million Stecker
combinations. However, as the Germans always used exactly 10 cables,
the multiplication factor would 'just' be 150 million million,
giving approx. 180 million million million permutations.
Also note that the mathematical optimum is at 11 cables, not at 10.
Strangely enough, the number of possibilities decreases when more
than 11 cables are used. It would have been far better though not
to restrict the number of cables at all and use all possible combinations.
|
|
|
|
|
|
|
The total number of possible settings of the Enigma machine can be
calculated in various ways. A detailed description of the mathematics
behind the Enigma can be found in The Cryptographic Methematics
of Enigma, distributed by the NSA in 1996 [3]. In this publication,
it is assumed that the wheel wiring is unknown, which greatly increases
the number of possible settings.
According to Kerkhoffs Principle however, we should assume that a
possible attacker has full knowledge of the system, including its wiring.
So, in order to make a more realistic estimation of the number of possible
settings, we assume that the attacker knows the wiring of the wheels, the
entry wheel (ETW) and the reflector (UKW). We therefore only need to
consider the possible settings of the wheels and the configuration of the
Steckerbrett. Let's first look at the wheels:
|
| English
|
German
|
Calculation
|
Total
|
|
|
|
| Wheel order
|
Walzenlage
|
5 x 4 x 3
|
60
|
|
| Ring setting
|
Ringstellung
|
26 x 26
|
676
|
x
|
| Start position
|
Grundstelling
|
26 x 26 x 26
|
17,576
|
x
|
|
|
|
|
|
Total
|
712,882,560
|
|
|
Please note that the Ringstellung of the leftmost wheel has no effect
as its notch can not move the wheel to its left. Next we need to take the
Steckerbrett into account, and we assume that the Germans always used
exactly 10 cables on the Steckerbrett. This leads to the multiplication:
|
712,882,560
150,738,274,900,000 x
107,458,491,300,000,000,000,000 = 1.07 x 1023 = 276 = 76 bits
|
Compared to modern computer encryption, this would be the equivalent of 76 bits;
which is quite an achievement for its era. If we consider the
4-wheel Naval Enigma (M4), we have to take the following into
account. The M4 and an extra wheel to the left of the three standard wheels.
This wheel could not be exchanged with the other wheels.
Furthermore it did not move during encypherment.
The Navy had a set of 8 wheels to chose from.
This leads to the following table:
|
| English
|
German
|
Calculation
|
Total
|
|
|
|
| Wheel order
|
Walzenlage
|
8 x 7 x 6
|
336
|
|
| Ring setting
|
Ringstellung
|
26 x 26
|
676
|
x
|
| Start position
|
Grundstelling
|
26 x 26 x 26 x 26
|
456,976
|
x
|
|
|
|
|
|
Total
|
103,795,700,700
|
|
|
If we multiply this with the result of the Steckerbrett, we get the following:
|
103,795,700,700
150,738,274,900,000 x
15,645,956,330,000,000,000,000,000 = 1.56 x 1025 = 284 = 84 bits
|
This makes the 4-wheel variant significantly stronger than the 3-wheel machine.
In practice, the total number of combinations was less then the number
calculated here, as there were several restrictions imposed on the selection
of the wheels. For example: the Navy always used at least one of their extra
wheels (VI, VII and VIII) and such an extra wheel should never appear in the
same position on two successive days.
|
|
|
Differences in Enigma models
|
|
|
|
When examining the different versions of the Enigma,
the following differences can be observed:
|
- Steckerbrett
Some models have a plug panel and some don't. The
maximum number of patch cables is 13 (as we have 26 letters),
but the number of cables supplied with the unit varies. The
highest number of permutations is achieved with 11 patch cables.
The Steckerbrett was used exclusively by the German Army and did
not appear on any other model.
- ETW mapping
The Eintrittswalze (ETW) can be mapped in a linear fashion: ABCDEFGH... etc, but also
in the order of the keys on the keyboard: QWERTZUIO...
On the Japanese Enigma machine, the Tirpitz, the contacts of the ETW
are organised in a random fashion: KZROUQHY...
- Numbers or letters
Some wheels have numbers (01-26) on their perimeter, whilst others
carry letters (A-Z). Initially all Enigma machines used letters (A-Z)
on their wheels. This is definitely the case for all commercial Enigma
machines produced prior to WWII. When the German Army adopted the machine
for military use, they added a Steckerbrett (see above) and changed the
lettering of the wheels into numbering (01-26). The (later) Naval machines
however (M3 and M4), had letters again.
- Number of different of wheels
Some models have 3 rotatable wheels, but the M4 has 4 wheels.
Also some models have a range of wheels (e.g. 8) to choose from.
The wheels may be placed in the machine in any particular order.
On an Enigma M4 (a 4 wheel machine), the extra wheel is not moved
automatically, but can be set manually to an initial position.
Furthermore the extra wheel cannot be exchanged with the other
three wheels as it is a 'thin' one.
The 4th wheel was supplied as a pair with an UKW.
For UKWs B and C, the extra wheels Beta and Gamma where supplied,
hence the name Griechenwalze (Greek wheel). They may be used however in any combination.
The 4th wheel on an Abwehr Enigma (G-series) is moved by the other wheels, due to
the mechanical difference of this model.
- UKW mapping and setting
Some models have more than one UKW available.
On most models the UKW is fixed, but on some the UKW can be given a start position.
Additionally, the G models have a movable UKW, which means that the wheel can
be moved by the notches of the wheel next to it.
- Wheel wiring
Although the wiring of the wheels I to V was identical for all German Army
Enigma machines during WWII, other versions used a different wiring.
This wiring could be different for each customer.
- Number of notches on each wheel
In the basic situation, each wheel has one notch which, after a full revolution,
causes the next wheel to be stepped by one position. Some versions have two
or even more notches on each wheel, causing more frequent changeovers of the next wheel.
The three wheels of the Enigma-G have 11, 15 and 17 notches respectively.
- Single or double stepping
As a result of the mechanical principle of the stepping mechanism, the middle
rotor 'suffers' from a double stepping anomaly, described in a paper by David
Hamer [1].
The Enigma-G, which use a gear box instead, does not suffer
from this anomaly.
- Manufacturer
Before and during WWII, the Enigma machines were built by various manufacturers.
Although these machines were mathematically compatible, there are a few cosmetic
differences. Additionally there are physical differences between the thin wheels
from some manufacturers.
|
The basic Enigma design has a number of waknesses that helped the
allied codebreakers during WWII to some extend.
|
- A letter can never be encoded into itself
One of the key properties of the Enigma design is the fact that
a letter can never be encoded into itself. In other words: when
the letter A is pressed, every lamp on the lamp panel can be
lit, except for the letter A itself.
This property is caused by the fact that a reflector (UKW) is used.
- Regular stepping of the wheels
In most Enigma machines, the righmost wheel needs to complete a
full revolution before the wheel next to it is moved by one
position. As a result, the 2nd wheel is only stepped once every
26 characters and the 3rd wheel hardly ever moves. This makes
the Enigma more predictable.
Some Enigma variants (such as the Enigma T) had
multiple turnover notches and
the Zählwerksmaschine (Enigma G) even featured a cog
wheel mechanism to cause irregular stepping.
- Double stepping of the middle rotor
Under certain circumstances, the middle rotor can make two
steps on two subsequent key presses. This effectively halves
the cipher period. The double stepping feature is described
in a paper by David Hamer
[1].
- 4th wheel not moving
In the Naval Enigma M4, the extra wheel (Zusatswalze) can be set
to any of 26 position at the start of a message. During
encipherment, however, the wheel never moves. Together with the
UKW, this wheel can be regarded as a selection between 26
different UKWs.
- 2 Notches on the extra Naval wheels
The three extra Naval wheels (VI, VII and VIII) each have two
notches to cause a more frequent wheel turnover. However,
because 2 is a relative prime of
26 and because the two notches are positioned oposite each
other, the cipher period is effectively halved.
- Mandatory use of extra Navel wheels
If the operator could pick any three wheels from the available 8
on any given day, there would have been 336 possible different
wheel orders. In practice however, the Navy was instructed to
use at least one extra Naval wheel each day (VI, VII or VIII)
and that the selected wheel could not be used on two successive
days.
- Fixed number of cables on the Steckerbrett
The Steckerbrett has 26 sockets, one for each letter of the
alphabet. Cables were used to swap pairs of letters. If
a cable was omitted, that letter would not be swapped.
In theory, any number of cables between 0 and 13 would thus
be possible. In practice, the procedures commanded the use
of exactly 10 cables at all times, which greatly reduces the
maximum number of possibilities.
|
- David Hamer: Actions involved in the 'double stepping' of the middle rotor
Cryptologia, January 1997, Volume XX, Number 1.
- Arthur Bauer, Funkpeilung als alliierte Waffe gegen Deutsche U-Boote 1939-1945.
ISBN: 3-00-002142-6. The Netherlands, 1997. German. p. 33.
- Dr. A. Ray Miller, The Cryptographic Methematics of Enigma
NSA. Center for Cryptologic History. USA. 1996. 3rd edition 2002.
|
|
|
|
Any links shown in red are currently unavailable.
If you like this website, why not make a donation?
© Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Friday, 11 May 2012 - 18:54 CET
|
 |
|
|
