cracking the enigma machine - rejewski, turing and the math that saved the world
Post on 22-Nov-2014
7.666 Views
Preview:
DESCRIPTION
TRANSCRIPT
The Math That Saved the World
Brad Youngbrad@clearpoint.co.il
Marian Rejewski Alan Turing
A Mathematical and Historical Analysis of the Cryptographic Attacks on the Nazi
Enigma Machine
Agenda
I. Development of Enigma Machine – Why/How/What
II. The Rejewski Crack
III. The Turing Crack
IV. Historical Impact
WWI Cryptology
First major war with radio + telegraph Very large volume of communications
Hand-ciphers Playfair, ADFGVX etc. Bigraph substitution + transformation
Encryption/Decryption Inefficient …Became bottleneck
Cryptanalysis Difficult, time-consuming… But successful (mainly)
Zimmermann Telegram
Invention of Enigma Machine
Arthur Scherbius
Efficient!(oh, and also Secure, by the way)
Business, Military versions Early 1920’s – very poor sales German economy in trouble
Oops
Publishes history book Reveals the impact of
crypto on WWI
Now, the Germans want Enigma!
Reflector 3rd Rotor 2nd Rotor 1st Rotor Keyboard Lightbulbs
A
B
C
E
F
G
H
D
Enigma Schematic
Reflector Keyboard Lightbulbs
A
B
C
E
F
G
H
D
3rd Rotor 2nd Rotor 1st Rotor
Electric Circuit
A
B
C
E
F
G
H
D
Reflector Keyboard Lightbulbs3rd Rotor 2nd Rotor 1st Rotor
Electric Circuit
Pressing ‘A’ on the keyboard…
… lights the ‘B’ lightbulb
NOTE: Because it is a electric circuit,
no letter can map to itself. Minor detail combinatorically
speaking, but very important for the
Turing crack.
Reflector Keyboard Lightbulbs
A
B
C
E
F
G
H
D
3rd Rotor 2nd Rotor 1st Rotor
Rotor Shift
After each letter, the first rotor shifts
one step.
So now, pressing ‘A’ lights a different
lightbulb….’F’
Reflector Keyboard LightbulbsPlugboard
A
B
C
E
F
G
H
D
3rd Rotor 2nd Rotor 1st Rotor
Plugboard
Sits between keyboard and rotors.
Each plug cable swaps signal between
two letters.
6 cables connect 12 letters. 14 other letters are not plugged at all.
Plugboard
Keysize
Rotor Order
Rotor Setting
Plugboard
Wiring
I – III - II
VYJ
A/G, D/Q, J/Z,L/S, M/V, N/T
Total Key Size ≈ 10108
Variable Key Size ≈ 1016
3! = 6
263 =17,576
C(26,2) x C(24,2) x
C(22,2) x C(20,2) x
C(18,2) x C(16,2) x 1/6!
(26!)3 x C(26,2)…C(2,2)x1/13!
≈ 105
≈ 1011
≈ 1092
ABC
EFGH
D
German Use of Enigma
German Use of Enigma
Day Keys (RO, RS, PB) distributed monthly in key books
CILCILATTACKFROMNORTHATNINETHIRTYBOKJRVSQIGPQTMNWJRAKOBYTKMTKGBBRQ
Set to Day Key(VYJ)
Change to Message Key(CIL)
For each message, sender chooses Message Key (Rotor Setting only)
1. Encode Message Key using Day Key, twice
2. Move rotor to Message Key setting
3. Encode actual message
Agenda
I. Development of Enigma Machine – Why/How/What
II. The Rejewski Crack
III. The Turing Crack
IV. Historical Impact
Biuro Szyfrów
1918 – Polish Independence
1919 – Creation (and success) of Cipher Bureau
1926 – Germany goes dark as Enigma is adopted
1930 – Bring in the mathematicians (?!?) Marian Rejewski Jerzy Różycki Henryk Zygalski
The Rejewski Crack
A. Understand how Enigma works
B. Reverse-engineer the wiring
C. Be able to crack the key each day
Intuition,Espionage,Engineering
Permutational Mathematics
The Math of Permutation Cycles
A B C D E F G H
E F H B C D G A P =
A B C D E F G H
H D E F A B G C P-1 =
Cycle Notation
A B C D E F G H
E F H B C D G A P =
P = (AECH)(BFD)(G) = (BFD)(G) (AECH) = (FDB)(G)(CHAE)
P-1 = (HCEA)(DFB)(G)
Benefits of cycle notation:
a) Concise
b) Easier to take inverse
(These are benefits of efficiency)
Cycle Structure
= (AECH)(BFD)(G)
= (AFC)(BG)(D)(EH)
4 3 1
3 2 1 2
A B C D E F G H
E F H B C D G A P =
A B C D E F G H
F G A D H C B E Q =
Benefits of cycle notation:
a) Concise
b) Easier to take inverse
c) Gives more info – Cycle Structure
(This is a benefit of value-add information)
Composition
A B C D E F G H
E F H B C D G A P = = (AECH)(BFD)(G)
A B C D E F G H
F G A D H C B E Q = = (AFC)(BG)(D)(EH)
Q ◦ P = Q(P()) = (AHFDGBCE)
Q ◦ P ≠ P ◦ Q - NOT Commutative
Q ◦ ( P ◦ R ) = ( Q ◦ P ) ◦ R - Associative
Identity
A B C D E F G H
A B C D E F G H I = = (A)(B)(C)(D)(E)(F)(G)(H)
P ◦ I = I ◦ P = P
P ◦ P -1 = I
I ◦ I = I i.e. I = I -1
(ab) ≠ I , but (ab) ◦ (ab) = (a)(b)
i.e. (ab) = (ab)-1
Conjugation
Conjugation of Q by P is defined as P ◦ Q ◦ P-1
P = (AECH)(BFD)(G)
Q = (AFC)(BG)(D)(EH)
P-1 = (HCEA)(DFB)(G)
P ◦ Q ◦ P-1 = (AC)(B)(DHE)(FG)
1-2-2-3
1-2-2-3
This is not a coincidence!This is not a coincidence!
Theorem: Cycle structure is invariant under conjugation
Proof:
Suppose Q: ij, that is Q(i) = j.
Consider P ◦ Q ◦ P-1 (P(i)).
P ◦ Q ◦ P-1 (P(i)) = P ◦ Q ◦ (P-1 ◦ P)(i)
= P ◦ Q(i)
= P(j)
i.e. P ◦ Q ◦ P-1: P(i)P(j)
Therefore…
If Q has k-cycle (i1, i2 … ik) then P ◦ Q ◦ P-1 has k-cycle (P(i1), P(i2)…P(ik))
QED
Using Permuation Cycles on Enigma
Suppose we intercept a message: BOLJRVSQIGPQTMNWJRAKOBYTKMTTGBBRQUPWLHSOLNFEQTHJOVX
Plaintext: abcabcCiphertext: BOLJRV
Define En as the permutation that occurs when Enigma machine is in state n.
So, in the first state, aB. In the fourth state, aJE1 = (aB …E4 = (aJ …
Now…Recall the effect of the Reflector, which creates 2-letter circuits
So, if aB, then Ba. So the cycle is closed.
E1 = (aB) …E4 = (aJ) …
So, we can now compute E4 ◦ E1 = (BJ …
These are the variables a,b,c, not the actual letters
ABC
EFGH
D
Using Permuation Cycles on Enigma
If we have many intercepts from the same day, then they were produced with the same day settings.
So we can calculate the entire compositions…
E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)E5 ◦ E2 = (ORJCLVHGXKF)(AUYMPZQNDWB)(ES)(IT)
E6 ◦ E3 = (BWOIKTZHXB)(EPQJYLVGN)(ARCU)(DSMF)
BOLJRV WKOTFI JOSURM EFKBOT RBEDAPTBHCAX HWKSBT YQDZNS EBXBAB KZXAQBDABNUW QFMQOF WEOTSI UWGMBN WRBTJWWLDTVS ZYDKMS FAREUC XXHXKX DGDNXSNNSHDM QKXQFB CCZFLH VCHVLX ADPRWQXQUXNA JHJUGY TULCYV PFYWOL NQVHNGYKIZFK GGDGXS BSXJEB TITCTZ SZALQRKKDAFS SSVLEG IICITU LPSYZM OGKOXTLXRYKC MOXPRB SLNLVE KTFAID XVAXHRHFJSOY JJQUCJ DMWNPO REJDSY XUZXYH
Good news:
abc variables have been eliminated!
We’ve found a unique identifier!
Bad news:
It is one of 10,000,000,000,000,000 possibilities
Explore the nature of En
En = P ◦ Rn ◦ P where P is the plugboard permutation and Rn is rotor permutation when in state n
E4 ◦ E1 = P ◦ R4 ◦ P ◦ P ◦ R1 ◦ P
Now, recall the plugboard…
P = (ab)(cd)(ef)(gh)(ij)(kl)(m)(n)(o)(p)(q)(r)(s)(t)(u)(v)(w)(x)(y)(z)
All 2-cycles and 1-cycles, therefore P = P-1 !
E4 ◦ E1 = P ◦ R4 ◦ P ◦ P ◦ R1 ◦ P
= P ◦ R4 ◦ P ◦ P-1 ◦ R1 ◦ P
= P ◦ R4 ◦ (P ◦ P-1 ) ◦ R1 ◦ P
= P ◦ R4 ◦ R1 ◦ P
= P ◦ (R4 ◦ R1 ) ◦ P
= P ◦ (R4 ◦ R1 ) ◦ P-1
Conjugation:Cycle structure of E4 ◦ E1 is same as cycle structure of R4 ◦ R1 and is not affected at all by the plugboard!
E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)E5 ◦ E2 = (AUYMPZQNDWB)(CLVHGXKFORJ)(ES)(IT)E6 ◦ E3 = (BWOIKTZHXB)(EPQJYLVGN)(ARCU)(DSMF)
1-1-1-1-1-1-10-10 ; 2-2-11-11 ; 4-4-9-9
Remember:Keysize(R) ≈ 105
Keysize(P) ≈ 1011
ABC
EFGH
D
R P
Now, where are we?
Figuring out En is problem of size 1016
Now, we have Rn, a smaller problem: 105
Just barely small enough to attack brute force
Building the Rejewski Dictionary RO RS E4 ◦ E1 E5 ◦ E2 E6 ◦ E3
1 2 3 AAA 13-13 1-1-12-12 1-1-12-12
1 2 3 BAA 1-1-12-12 1-1-12-12 2-2-11-11
1 2 3 CAA 1-1-12-12; 2-2-11-11 1-1-12-12
1 2 3 DAA 2-2-11-11 1-1-12-12 13-13
1 2 3 EAA 1-1-12-12 13-13 13-13
1 2 3 FAA 13-13 13-13 1-1-2-2-3-3-3-3-4-4
1 2 3 GAA 13-13 1-1-2-2-3-3-3-3-4-4 2-2-5-5-6-6
1 2 3 HAA 1-1-2-2-3-3-3-3-4-4 2-2-5-5-6-6 13-13
1 2 3 IAA 2-2-5-5-6-6 13-13 4-4-9-9
1 2 3 JAA 13-13 4-4-9-9 1-1-5-5-7-7
1 2 3 KAA 4-4-9-9 1-1-5-5-7-7 13-13
1 2 3 LAA 1-1-5-5-7-7 13-13 1-1-2-2-10-10
1 2 3 MAA 13-13 1-1-2-2-10-10 1-1-1-1-11-11
. . . . .
. . . . .
. . . . .
Good news; Solved the RO, RS!
Bad news: 105 solved, 1011 not solved
1 setting every 4 minutes, x 20 hours/day = 300 / day105 / 300 ≈ 1 year to complete
…
2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 1-1-12-12 KFE 213
2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 2-2-5-5-6-6 ZTF 132
2-2-11-11; 1-1-1-1-1-1-1-1-4-4-5-5; 5-5-8-8 GIC 312
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-12-12 AHH 132
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-12-12 WLA 312
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 1-1-5-5-7-7 YKG 132
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 DXI 213
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 ESY 321
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 13-13 VHX 213
2-2-11-11; 1-1-1-1-1-1-1-1-9-9; 2-2-11-11 UNV 231
…Cycle structure is not unique…even though 105 << (1012)3 ≈ 1012 But most have < 10
Recovering the Plugboard
Plugboard is the biggest problem combinatoricallyBut… It is trivial to solve
E4 ◦ E1 = (BJUMPWTCFE)(ARDNHSLYZK)(G)(I)(O)(Q)(X)(V)
R4 ◦ R1 = (MGWTREFBJU)(AKZCINLSHY)(P)(D)(O)(Q)(V)(X)
(BJUMPWTCFE)(BJUMGWTREF)
Plugboard settings: P/G , C/R , E/F , etc.
Paradox of Decreasing Benefit
0 1 2 3 4 5 6 7 8 9 10 11 12 131E+00
1E+05
1E+10
1E+15
# cables Keysize0 1E+001 3E+022 4E+043 3E+064 2E+085 5E+096 1E+117 1E+128 1E+139 5E+13
10 2E+1411 2E+1412 1E+1413 8E+12
# Cables
Keysize
Agenda
I. Development of Enigma Machine – Why/How/What
II. The Rejewski Crack
III. The Turing Crack
IV. Historical Impact
1939 – Brink of War
Polish deliver Enigma replica and training to England and France
Biuro Szyfrów is dismantled
Bletchley ParkHQ of British Government Code and Cypher School (GCCS)
New Challenges
Combinatoric More rotors to choose from Increase # of plugs Ring settings
Procedural Eliminate Message Key repetition Navy / Air Force / Army mods
Keysize now 1023
Turing’s Solution
Known-Plaintext attackHeil HitlerWetterberichtSeeding values
Plaintext Crib:
Ciphertext: WETTERBERICHTWETTERBERICHTWETTERBERICHTWETTERBERICHTWETTERBERICHT
Length of Crib 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
P(false fit) 96% 92% 89% 85% 82% 79% 76% 73% 70% 68% 65% 62% 60% 58% 56% 53% 51% 49% 47% 46% 44% 42% 41% 39% 38% 36% 35% 33% 32% 31%
P(false hit) = (25/26)length of crib
EXLMBTWZXBITWZCIQ
Try to place the crib without letter any letter
mapping to itself
Finding Cycles
WETTERBERICHTEXLMBTWZXBITW
E1: WEE5: EBE7: BW
Wa
bE
B
c
bE
E1
E5
E7 B
c
Wa
E1: WEE5: EBE7: BW
J Q F
J Q J
J Q L
E1
E5
E7
J Q F
J Q J
J Q L
a
b
c
b
c
a
E1
E5
E7
M D B
M C Z
M C V
a
b
c
b
c
a
E1
E5
E7
M D B
M C Z
M C V
P(false hit) = (1/26)length of cycle-1
Length of Cycle 2 3 4 5 6P(false hit) 0.038 0.0015 6E-05 2E-06 8E-08Est. # false hits 40560 1560 60 2 0
a
b
c
b
c
a
Turing’s Bombe
NOT a computer
Multi-Enigma Wiring 120 rpm max 6 hrs to solve
~70% of days cracked Accurate crib? Location of crib in message? Find cycle in message? Not too many false hits?
Crib seeding Fake missions – Get spotted 18’26”N, 72’49”E = einachtzweisechsnordensiebenzweivierneunosten
Reimann zeta zeros
Agenda
I. Development of Enigma Machine – Why/How/What
II. The Rejewski Crack
III. The Turing Crack
IV. Historical Impact
6 : 60,000,000 :: 8 : ?
Secrecy
Bletchley Park is guttedEnigma machines captured
(and distributed!)Top Secret status until 1973!
Marian Rejewski – During and After the War
1939 – Romania 1939 – France
French cipher bureau 1940 – Algeria 1940 – Back to France
Rozycki dies in transit Underground cryptography
1942 – Spain Betrayed mid-crossing Arrested + Jailed
1942 – Portugal, Gibraltar 1942 – England
No security clearance (Vichy France) Polish Army – hand ciphers
1945 – Poland 1950 – Cable salesman
Secret Service meddling 1955 – Bookkeeper
Until retirement 1973 – Finally learns about ULTRA 1980 – Dies at age 73
Alan Turing –Timeline 1936-8 – Computability, Turing Machine,
Decidability, Riemann 1939-45 – Bletchley Park 1946 – Automatic Computing Engine 1947-48 – Algorithms, Neural Nets, AI 1948 – Almost an Olympian 1948-50 – Manchester Mark I
Mersenne + ??? (Was he on a secret nuclear program?? Might explain the gov’t paranoia)
1950 – Turing Test 1951 – Mathematical Biology 1952 – Arrest 1954 – Death at age 41
Colossus Computer
Cracks Lorenz cipherHigh-level German
communicationsHistory of Computers
Z3ColossusENIACMark I
Addenda, Errata, Anecdotes
Wiring analysis Hans Thilo-Schmidt TTTTTTTTTTTT Entry wheel order
Why E1-E6, instead of E0-E5 ?
Ring Settings and Rotor Stepping
“Turing. Alan Turing.”
Other WWII Cryptanalysis
Disguising ULTRA intelligence
Suggested Reading David Kahn – The Codebreakers Simon Singh – The Code Book
top related