The Lorenz Cipher and how Bletchley Park broke it

The German Lorenz cipher system

The German Army High Command asked the Lorenz company to produce for them a high security teleprinter cipher machine to enable them to communicate by radio in complete secrecy. The Lorenz company designed a cipher machine based on the additive method for enciphering teleprinter messages invented in 1918 by Gilbert Vernam in America. Teleprinters are not based on the 26-letter alphabet and Morse code on which the Enigma depended. Teleprinters use the 32-symbol Baudot code. Note that the Baudot code output consists of five channels each of which is a stream of bits which can be represented as no-hole or hole, 0 or 1, dot or cross.



The Baudot Code


The Vernam system enciphered the message text by adding to it, character by character, a set of obscuring characters thus producing the enciphered characters which were transmitted to the intended recipient. The simplicity of Vernam's system lay in the fact that the obscuring characters were added in a rather special way (known as modulo-2 addition). Then exactly the same obscuring characters, added also by modulo-2 addition to the received enciphered characters, would cancel out the obscuring characters and leave the original message characters which could then be printed. The working of modulo-2 addition is exactly the same as the XOR operation in logic. If A is the plain-text character, and C the obscuring character, then in the table below, F is the cipher-text character. You can also see from this table that the addition of C to F brings you back to A again:
A + C = F      F + C = A
x + . = x      x + . = x
x + x = .      . + x = x
. + x = x      x + x = .
. + x = x      x + x = .
. + . = .      . + . = .Vernam proposed that the obscuring characters should be completely random and pre-punched on to paper tape to be consumed character by character in synchrony with the input message characters. Such a cipher system (a 'one-time pad system') using purely random obscuring characters is unbreakable.
The difficulty was how to ensure, in a hot war situation, that the same random character tapes were available at each end of a communications link and that they were both set to the same start position. The Lorenz company decided that it would be operationally easier to construct a machine to generate the obscuring character sequence. Because it was a machine it could not generate a completely random sequence of characters. It generated what is known as a pseudo-randomsequence. Unfortunately for the German Army it was more "pseudo" than random and that was how it was broken.



The amazing thing about Lorenz is that the code breakers in Bletchley Park never saw an actual Lorenz machine until right at the end of the war but they had been breaking the Lorenz cipher for two and a half years.

The first intercepts

The teleprinter signals being transmitted by the Germans, and enciphered using Lorenz, were first heard in early 1940 by a group of policemen on the South Coast who were listening out for possible German spy transmissions from inside the UK. Brigadier John Tiltman, one of the top code breakers in Bletchley Park, took a particular interest in these enciphered teleprinter messages. They were given the code name "Fish". The messages which (as was later found out) were enciphered using the Lorenz machine, were known as "Tunny". Tiltman knew of the Vernam system and soon identified these messages as being enciphered in the Vernam manner. Because the Vernam system depended on addition of characters, Tiltman reasoned that if the operators made a mistake and used the same Lorenz machine starts for two messages (a depth), then by adding the two cipher texts together character by character, the obscuring character sequence would disappear. He would then be left with a sequence of characters each of which represented the addition of the two characters in the original German message texts. For two completely different messages it is virtually impossible to assign the correct characters to each message. Just small sections at the start could be derived but not complete messages.

The German mistake

As the number of intercepts, now being made at Knockholt in Kent, increased a section was formed in Bletchley Park headed by Major Ralph Tester and known as the Testery. A number of Depths were intercepted but not much headway had been made into breaking the cipher until the Germans made one horrendous mistake. It was on 30 August 1941. A German operator had a long message of nearly 4,000 characters to be sent from one part of the German Army High command to another — probably Athens to Vienna. He correctly set up his Lorenz machine and then sent a twelve letter indicator, using the German names, to the operator at the receiving end. This operator then set his Lorenz machine and asked the operator at the sending end to start sending his message. After nearly 4,000 characters had been keyed in at the sending end, by hand, the operator at the receiving end sent back by radio the equivalent, in German, of "didn't get that — send it again".
They now both put their Lorenz machines back to the same start position. Absolutely forbidden, but they did it. The operator at the sending end then began to key in the message again, by hand. If he had been an automaton and used exactly the same key strokes as the first time then all the interceptors would have got would have been two identical copies of the cipher text. Input the same — machines generating the same obscuring characters — same cipher text. But being only human and being thoroughly disgusted at having to key it all again, the sending operator began to make differences in the second message compared to the first.
The message began with that well known German phrase SPRUCHNUMMER — "message number" in English. The first time the operator keyed in S P R U C H N U M M E R. The second time he keyed in S P R U C H N R and then the rest of the message text. Now NR means the same as NUMMER, so what difference did that make? It meant that immediately following the N the two texts were different. But the machines were generating the same obscuring sequence, therefore the cipher texts were different from that point on. The interceptors at Knockholt realised the possible importance of these two messages because the twelve letter indicators were the same. They were sent post-haste to John Tiltman at Bletchley Park. Tiltman applied the same additive technique to this pair as he had to previous Depths. But this time he was able to get much further with working out the actual message texts because when he tried SPRUCHNUMMER at the start he immediately spotted that the second message was nearly identical to the first. Thus the combined errors of having the machines back to the same start position and the text being re-keyed with just slight differences enabled Tiltman to recover completely both texts. The second one was about 500 characters shorter than the first where the German operator had been saving his fingers. This fact also allowed Tiltman to assign the correct message to its original cipher text. Now Tiltman could add together, character by character, the corresponding cipher and message texts revealing for the first time a long stretch of the obscuring character sequence being generated by this German cipher machine. He did not know how the machine did it, but he knew that this was what it was generating!

The dénouement

John Tiltman then gave this long stretch of obscuring characters to a young chemistry graduate, Bill Tutte, who had recently come to Bletchley Park from Cambridge. Bill Tutte started to write out the bit patterns from each of the five channels in the teleprinter form of the string of obscuring characters at various repetition periods. Remember this was BC, "Before Computers", so he had to write out vast sequences by hand.



When he wrote out the bit patterns from channel one on a repetition of 41, various patterns began to emerge which were more than random. This showed that a repetition period of 41 had some significance in the way the cipher was generated. Then over the next two months Tutte and other members of the Research section worked out the complete logical structure of the cipher machine which we now know as Lorenz:



This was a fantastic tour de force and at the beginning of 1942 the Post Office Research Labs at Dollis Hill were asked to produce an implementation of the logic worked out by Bill Tutte & Co. Frank Morrell produced a rack of uniselectors and relays which emulated the logic. It was called "Tunny". So now when the manual code breakers in the Testery had laboriously worked out the settings used for a particular message, these settings could be plugged up on Tunny and the cipher text read in.


If the code breakers had got it right, out came German. But it was taking four to six weeks to work out the settings. This meant that although they had proved that technically they could break Tunny, by the time the messages were decoded the information in them was too stale to be operationally useful.

The Enigma Machine

The Enigma Machine

Invented by Arthur Scherbius in 1918 the Enigma machine is a very ingenious way of achieving seven alphabet substitutions between a text input letter and a ciphered output letter. The alphabetic substitutions are implemented via wiring inside rotors.

Enigma rotors (or wheels)

Before seeing how the Enigma machine was constructed you should see the rotors or wheels which embodied the alphabetic substitutions.



Figure 4: details of an Enigma rotor:(1) The finger notches used to turn the rotors to a start position.
(2) The alphabet RING or tyre round the circumference of the rotor (see below for an explanation of its significance).
(3) The shaft upon which the rotors turn.
(4) The catch which locks the alphabet ring to the core (5).
(5) The CORE containing the cross-wiring between contacts (6) and discs (7). It is the core which effects the essential alphabetic substitution.
(6) The spring loaded contacts to make contact with the next rotor.
(7) The discs embedded into the core to make contact with the spring-loaded contacts in the next rotor.
(8) The CARRY notch attached to the alphabet ring (see below for explanation).


These rotors were manufactured with their wirings buried inside and they could not be modified in use.
In the 1930s, the Enigma had only three different kinds of rotor, I II and III. These rotors could be assembled on the shaft in any order giving 6 (i.e. 3x2x1) possible configurations.
In 1938 the Germans added rotors IV and V to the repertoire, thus giving 60 (i.e. 5x4x3) configurations by choosing a set of three rotors from the five. Some further wheels were brought into use during the course of the war but basically the rotors remained unchanged throughout.

The Military Enigma Machines

We are now ready to see the machine actually used by the German armed forces, and to go on to the further complications introduced through the ring-setting and the plugboard or Steckerverbindung.

You can readily see three rotors in place. In operation, a current flowed from right to left then back left to right, so the reflector is at the left and the entry disc is at the right.
The entry disc is a fixed disc of 26 contacts. The keyboard contacts are connected to the right hand side. The left hand side of the entry disc has metal contact discs just like the wheel discs. A curious aspect of the Enigma design was that the keyboard was connected to the entry disc in the simple order ABCDEF... and did not take advantage of the opportunity for introducing a further scrambling.
As explained above, it is important that the rotors are interchangeable. Mechanically, this is effected as follows. When the release lever is pulled forward, the reflector slides to the left and the group of three rotors can be taken out on their shaft. Then the operator can assemble a new sequence of rotors on the shaft, and put this back into the machine.
The lamp panel shows the enciphered output letter for the keyboard key pressed. This was rather a primitive aspect of the Enigma as it relied on the operator to observe and write down the lit-up letter at each stage of encipherment and decipherment.

The plugboard

The plugboard or 'Stecker', visible on the front of the machine, was the most important addition made to the basic Enigma when turning it into a machine for military use. The operator simply inserted plugs so as to connect pairs of letters (generally 10 pairs, in wartime use) and this had the effect of hard-wiring such a swapping.Because the plugboard affected both the incoming current from the keyboard and the outgoing current to the lamps. it left unchanged the reciprocal property of the Enigma. It also meant that the military Enigma still had the property that no letter could ever be enciphered to itself. This was a very grave mistake in the design.
To see how this worked in more detail, it is best to forget the physical picture of the Enigma and concentrate on a logical diagram of how the electrical current effected substitutions:

Circuit Diagram of the Enigma with Plugboard

The keyboard was laid out as follows:
Q W E R T Z U I O
A S D F G H J K
P Y X C V B N M L
The same arrangement was used for the lamp panel and the plugboard.

In this illustration, when key W is pressed on the keyboard (5) current from the battery (4) flows to the plugboard panel socket W, but socket W has been plugged to socket X so current flows up to the entry disc (E) at point X.
The current then flows through the internal wiring in the rotors (2) to the reflector (1). Here it is turned round and flows back through the rotors in the reverse direction emerging from the entry disc at terminal H. Terminal H on the Entry disc is connected to socket H on the plugboard (6) but this socket is plugged to socket I so finally the current flows to lamp I which lights up.
Thus in this instance, the letter W is enciphered to I.
You can now also see that if the key I had been pressed, the lamp W would have lit up. This is because the path from W to I through the steckers and rotors remains the same, though with the current flowing in the opposite direction.
When the W key is pressed the connection to the W lamp is broken and the I lamp lights. If the I key is now pressed down the connection to the I lamp is broken and the W lamp lights.

The motion of the rotors

Now you will recall from our introduction that the whole point of the rotors is that they must rotate, so that every time a letter is enciphered, the machine is in a different configuration. So, when a key on the keyboard is pressed down, a mechanical linkage causes the right hand rotor to turn by 1/26 of a revolution, i.e. by one letter on the alphabet ring.This means that the next time a key is pressed, the substitution effected by the rotors is quite different.
At certain points on the rotation of the right hand rotor, the motion is 'carried' to the middle rotor, M which then moves on one letter. Carry will also occur from the middle to the left hand rotor when the carry notch engages, but obviously this will happen much less often.

The Enigma sent the current through the wires AFTER the mechanical linkage had moved the right-hand wheel and any other wheels knocked on by the carry mechanism. The principle is just the same as the 'carry' on an adding machine knocking on to tens, hundreds and thousands, but there is a subtlety in the design affecting the point at which the knocking-on occurred.
To appreciate this we must first describe the alphabet RING settings.

The ring setting

Referring again to figure 4, not that on each rotor there is a spring loaded catch (4). When this is pulled to the right the ring (or tyre) can be turned with respect to the core of the rotor. In fact the ring for each rotor can be set by the operator in any one of 26 possible settings.The effect of this is that the core which contains the wiring, is turned in relation to the letter showing in the window of the Enigma machine.
At first sight this extra complication might seem rather pointless because it did not change anything to do with the essential scrambling going on inside the system. However the indicator systems, to which we will come later, depended on describing the 'window position' of the rotor, and the ring-setting determined the relationship between the window letters and the actual scramblings. Furthermore, the carry mechanism is affected by the ring setting. The 'carry' point is in fact determined by the position of the carry notch (8) in figure 4, and the crucial point is that this notch is attached to the alphabet RING, and not to the core of the rotor.
The carry notch was arranged to be in a different position for each of the rotors I, II, III, IV, V. This turned out to be a bad cryptographic mistake; it helped first the Poles and then the British analysts at Bletchley Park to identify the right hand rotor in use.