Wednesday, April 18, 2012

The RAF cypher

One of the high level British codes compromised by the Germans during WWII was the RAF’s cypher. This was a high-grade 4-figure codebook used together with special superencipherment tables.

The RAF cypher was used for traffic between airbases and headquarters. The Brits also had the TypeX cipher machine but not in large numbers for most of the war, so they had to rely on their book systems for a lot of the traffic.
Especially in North Africa the use of book codes was exploited by the Germans in 1941-42. The Luftwaffe’s signal intelligence units were able to keep track of British formations, their organization and their operations by reading the RAF cypher, the low level SYKO code and by intercepting plaintext radiotelephone transmissions.

German exploitation of the RAF cypher was first mentioned in ‘British intelligence in the Second World War’ vol2, p641 in 1981, which said that it was first ‘broken’ in March 1940 and traffic between the Air Ministry and Gibraltar, Malta, Habbaniya, Ismailia was read. From early 1941 to November 1942 traffic in the Med/Middle East was also compromised.

According to Dr Voegele, chief cryptanalyst of the Luftwaffe: ‘From Sept. '41 to Nov. '42 the majority of the 200 - 400 daily intercepted 4 fig. messages could be decyphered with an average delay of 5 - 10 days, in single cases messages were decyphered the day of intercept.’

The codebreakers of the Luftwaffe’s Chi Stelle did not have the basic codebook but they were able to ‘break’ into the system by taking advantage of ‘depths’ (messages enciphered with the same numerical sequences). According to the report AIR 20/1531 ’R.A.F. signal communications: security’ in 1940-41 there were two series of enciphering tables in use with the RAF Cypher, the ‘Special’ for higher formations and the ‘General’ for all units. Traffic was not split evenly between the two tables because the units that had the ‘Special’ sets were usually equipped with the Typex cipher machine so they relied on that. Considering that the ‘General’ tables were the ones used all the time and that they were valid for three months it was only natural that there would be heavy ‘depths’, although the number of 150 given by the report is definitely impressive!

Thanks to the heavy ‘depths’ and the heavy traffic (up to 600 messages daily) the Luftwaffe cryptanalysts were able to solve a new edition of the RAF Cypher in 1941. Traffic from the ME Theater could be exploited till November 1942.

A summary of the work done on the RAF Cypher is available from TICOM IF-175 Seabourne Report, Vol. XIII. ‘Cryptanalysis within the Luftwaffe SIS’ Part 1, p19-20

Other sources give more details:

From FMS B-644Luftwaffe Communications (Greece and Crete)’ By Generalmajor Walter Gosewisch. 1947, (available through fold3)


The rapid expansion of the Royal British Air Force in the eastern Mediterranean area soon taxed the intercept service to an increasing extent. Added to this was the fact that in the fall of 1941 the British changed the code book they had been using for ground radio traffic based on four-digit code groups. However, breaking the new code was possible only if the intercept service succeeded in picking up a sufficiently large number of radio messages encoded by means of four-digit code groups.


The specialists which the Cryptographic Office had placed at the disposal of the net control station achieved excellent results in deciphering messages encrypted by means of the new four-digit code book. In a short while they succeeded in deciphering such a large number of messages based on the four-digit code groups that they were able to interpret most of the transmissions of the ground radio networks. This data, in conjunction with the findings procured through the interception of aircraft radio traffic, made it possible to obtain valuable Information concerning the strength, equipment and operations of the enemy air force.

At the end of October, 1939, I began statistics of RAF 4 fig. on messages of Oct. 39 with a group of 20 soldiers who had not the slightest idea about decrypting - there was no time for teaching. Four weeks later I had the first items - 2222 take-part 2, 1111, main code, 1584 from a.s.o. Shifting from relative numbers - for 2222 I had 9711 - 1111 was 0822 was done by 0983 = read following 5 figures in clear. I knew that the first digits of old non-comm. officers' Pay Book was 5 or 6, so I got the 5, the other digits I got by filling up figures with 000 for instance 0983 57643000. As a proof I found 5 messages dated December 24th (Xmas) which were sent in open code without recyphering. Further I got 2 messages sent in syko and repeated in RAF 4 fig. At the end of '40 some recyphering tables were completely reconstructed - 100 pages, each 20 lines, each line with five 4 fig. groups. In winter 1939/40 about 30% of these 4 fig. messages began with 2222. In January '41 many of the messages began with the text followed by address in brackets - so it was easier to find overlapping messages.

On April 1st code was changed. At first 2222 and 1111 were represented by one group only (at least practically), spelling being a = 01, b = 02, .... z = 26. After a fortnight I had the first 200 items of new code. Introduction of disguised Indicator group stopped work for some weeks. The 4 fig. decrypting group was brought to Athens and some weeks passed before decyphering was possible. From Sept. '41 to Nov. '42 the majority of the 200 - 400 daily intercepted 4 fig. messages could be decyphered with an average delay of 5 - 10 days, in single cases messages were decyphered the day of intercept. When in Nov. '42 a new code was brought into use attempts were without result - so messages and many of the crew were sent back to Marstall in March '43. At this time I myself was engaged in USA systems. In '43 and '44 the quantity of 4 fig. messages was less than 200 and even less than 100 a day. Many of them were General Recyphering Table, One way system, Dummy and may be others. Messages of August '43 did not show the same characteristics as those of winter '42/43. At the end of ‘44 I made a new attempt with 4 fig. of 1944 on basis of differences between two 4 fig. groups. Result seemed possible in February '45 with at least 1,000 messages when reencyphered by table of 100 pages as before, or less with shorter books or single sheets for shorter periods. Details about this might be given by Unteroffizier Herbert RIEDEL, at last at 1/350 Kressbronn Bodensee, who in July '45 was French prisoner at Friedrichshafen (Bodensee) French zone.
Dr Voegele was  the chief cryptanalyst of the Luftwaffe.

The German success ended in November 1942. From then on they would have to rely only on low level codes, especially the easily solved Slidex.
However while it lasted their success allowed them to keep a close eye on British aerial strength and dispositions in the Med.

No comments:

Post a Comment