Few details
about these machines are known. I have covered the K-37 here.
An article in agentura.ru
says that the B-4 was built in the 1930’s and used in Spain during the civil
war, in the Far East border incidents with Japan and in the Russo-Finnish war
of 1940.
A modernized
version of the B-4 called M-100 was built in 1940 and installed in American
busses in order to provide mobility (it weighed 141kg). By the summer of 1941
there were 96 sets of the M-100 in service.
In 1943 a
more compact version of the M-100 was built and given the designation M-101.
The agentura
piece does not give details on the characteristics of these machines.
German
interception of Soviet radio-teletype networks
During the
1930’s the SU started to use radio-teletype. Since 1936 the Germans had
equipment that automatically intercepted and printed this traffic.
From TICOM reports
it seems that the military networks used 2-channel teleprinters while the
economic links used multichannel systems.
The 2-channel
links employing cipher T/P assigned one channel for the cipher traffic and the
other for operator ‘chat’.
There were at
least three agencies that intercepted this traffic.
1). The Army
Ordnance, Development and Testing Group, Signal Branch Group IV C - Wa Pruef 7/IV C at an experimental
station in Hillersleben-Staats.
2). The Forschungsamt, an agency reporting
directly to Hermann Goering.
3). The
Army’s signal intelligence agency OKH/GdNA/In 7/VI (General der Nachrichtenaufklaerung) and its Group VI - OKH/GdNA Group VI.
Forschungsamt
success in 1943
In 1943 the Forschungsamt
informed the Army agency of their success in reconstructing a Soviet cipher
teleprinter used between Moscow and the Fronts. This machine was solved because
during every pause seven characters of pure ‘key’ were transmitted. A meeting
was held in September 1943 between Councilor Paetzel (head of the FA’s cipher
research department), Councilor Kroeger (the FA’s cipher machine specialist)
and the Army agency’s Dr Pietsch (head of the mathematical research department)
and Doering (head of cipher machine research).
The Soviet
machine had 6 wheels. Five enciphered the respective Baudot impulses while the
sixth controlled their movement.
The wheels had
the following positions (pins):
wheel I – 49
wheel II – 47
wheel III –
46
wheel IV – 45
wheel V – 41
wheel VI – 43
The Soviet
scrambler corresponded to the left portion of the German SZ 40/42 cipher attachment.
The Forschungsamt people stated that they would build a copy of this machine in
order to decrypt this traffic more efficiently.
More details
about the Forschungsamt solution of the Soviet cipher teleprinter are given by Bruno
Kröger in TICOM reports DF-240 and DF-241. Kröger was the FA’s cipher machine
expert and during the war he solved not only the Soviet machine but also the
Swiss diplomatic Enigma K.
The Soviet cipher
teleprinter was used on 2-channel networks and the FA’s Technical Division was
able to build equipment that automatically intercepted and printed this radio
traffic. The cipher text was then examined by Kröger’s department and it was
discovered that during transmission pauses the Russian letter П was enciphered
seven times in succession. Messages interrupted by transmission pauses were
examined and their first and last seven characters analyzed in order to uncover
the operating principles of the device.
Through this cryptanalytic
procedure it was possible to find out that the machine had 6 wheels that stepped
regularly, then their pin arrangement was identified and with the daily key
recovered all the day’s traffic could be solved.
This success
however turned out to be short lived since in late 1943 the Soviet cipher
machine was modified and no pure ‘key’ was transmitted during transmission
pauses. It seems that from then on this traffic was only examined by the Army’s
Inspectorate 7/VI.
Efforts of
the Army signal intelligence agency
The Army agency Inspectorate 7/VI assigned its own unit to intercept and evaluate this traffic. This was Group VI
operating during 1942-44 from Loetzen, East Prussia.
Unteroffizier Karrenberg,
the member of that unit assigned to work on the cipher teleprinter said in postwar
interrogations that this traffic was first intercepted in 1940 in Warsaw.
However it was not systematically collected and analyzed till summer 1943. They
called this traffic ‘Bandwurm’ because of the non-repeating cipher.
There were 8
T/P links from the Army Fronts to Moscow plus 2-3 Airforce links and a link to
the Far East command. It was also used by the NKVD. There was no direct T/P
link between the individual Front staffs. Instead messages had to be routed
through Moscow.
According to
Karrenberg the machine had two settings a large and a small. The large setting
gave a simple substitution because the wheels did not turn. This was used for
operator ‘chat’. The small setting gave an endless column substitution since
the wheels moved.
In TICOM
report I-153 he says: ‘In Autumn 1944
both the end of 'adder' and every pause in the cipher proper was preceded by
seven key letters [redacted]. Then the traffic went off the air and reappeared
in December with no external change except that the seven ‘residue' letters had
been reduced to three, suggesting a modification of the machine’. In TICOM
report I-30 he says that the attachment had 5 small wheels driven by a large
one with a period of 43.
These were the
same characteristic observed in the machine analyzed by the Forschungsamt.
However another OKH cryptanalyst named Buggisch says that the FA machine and
the ‘Bandwurm’ were different.
Buggisch was assistant
to Doering in the cipher machine research section of Inspectorate 7/VI. In his interrogation TICOM
I-64 he says that the cycle of one wheel was 37 and the others 30-80. The
machine was analyzed by the mathematics department and a cryptanalyst Troeblicher
or Troebliger played a leading part. Thanks to a ‘compromise’ of 8 messages
enciphered with the same settings 1.400 characters of pure ‘key’ were
recovered. However they were not able to solve the machine because they lacked
the manpower.
Unfortunately
Buggisch left the OKH agency in June 1944 so he did not know anything more.
The Germans
may have failed to solve this machine but they were able to decode messages ‘in
depth’ by anagramming. A machine was built that automatically printed the
Baudot traffic in Hollerith/IBM cards and these were searched for repeats but
with limited success.
The
intercepted messages contained reports on Soviet and German military
dispositions, statements by POW's, signal intelligence reports, reports for
TASS and SOVINFORMBUREAU, letters concerning postings, transfers, promotions, weather
situation reports and supply manifests.
Information
from the War Diary of Inspectorate 7/VI
More details
are available from the monthly reports found in the War Diary of Inspectorate
7/VI.
In July 1943
a report by dr Pietsch says that the examination of Russian Baudot material
revealed cipher teleprinter traffic and an effort was made to copy this traffic
either by LNA (Leitstelle der Nachrichtenaufklärung in Loetzen) or Staats (Wa
Pruef 7/IV C). Processing was to be carried out at Referat 13:
(2) Die eingehende Beobachtung der
Baudot-Aufnahmen ergab, daß neben normalen Klar- und Chitexten auch Material
anfällt, daß als eigentlicher Fernschreibschlüsselverkehr anzusprechen ist. Es
wurden Maßnahmen verabredet, um das Material in einer zur Bearbeitung
geeigneten Form (Lochstreifen, Einbeziehung des Verständigungsverkehrs) nach
Berlin zu bekommen. Eine tiefergehende Bearbeitung dürfte nur an Ort einer
Empfangsstelle (LNA oder Staats) möglich sein. Ob man jedoch beim Fehlen jeder
Geräte-Kenntnis über primitive Feststellungen hinauskommen kann, bleibt
abzuwarten. Über die weitere Entwicklung wird Referat 13 berichten.
In August ’43
the tapes with the Baudot traffic were examined but investigations could not be
carried forwards due to the limited traffic and the many errors due to bad
reception.
In September
’43 dr Pietsch and dr Doering (head of Referat 13) met with their Forschungsamt
counterparts Councilors Paetzel and Kroeger (the FA’s cipher machine
specialist), to discuss the Soviet cipher teleprinter problem.
Investigations
continued and in November ’43 the analysts of Referat 13 succeeded in solving a
long message and recovering the pure ‘key’:
6. Russischer Baudot--‐Verkehr.
Es gelang, für einen längeren Spruch den reinen Schlüssel zu erstellen und
damit den Geheimtext zu lösen. Schlussfolgerungen über den Bau und die
Wirkungsweise der Schlüsselfernschreibmaschine konnten bisher nicht daraus
gezogen werden.
In December
‘43 the departments were renamed, with Referat 13 becoming Referat b2. A second
message was solved and investigations continued:
6. Russischer Baudot--‐Verkehr.
Aus einem zweiten Spruchmaterial wurde stückweise der reine Schlüssel
ermittelt. Weitere Materialen wurden laufend untersucht.
In February
and March ’44 departments b1 (general research into cipher machines) and b2
(former 13) worked on the teleprinter problem, examining the Soviet 4-letter
and 5-letter Baudot traffic and the movement of the cipher wheels of the
device:
Referat b1
3. Russischer Baudot--‐Verkehre:
Neu in Angriff genommen wurde die Untersuchung von russischen 4B--‐
und 5B--‐Sprüchen, die in
Baudot--‐Fernschreibverkehren
auftreten. Die Untersuchungen befinden sich noch im Anfangsstadium.
Referat b2
5. Russischer Baudot--‐Verkehr:
Die Untersuchungen über die gegenseitige Abhängigkeit der einzelnen Impulse des
reinen Schlüssels wurden an weiterem Spruchmaterial fortgesetzt.
In April ’44
department b1 stated that through analysis of the indicator groups the Soviet
Baudot traffic could be subdivided into three distinct groups. The first being
probably a cipher machine unlike the second and the third unclear:
3. Russischer Baudot--‐Verkehre:
Durch Kenngruppenuntersuchungen gelang Trennung des Materials in drei Gruppen,
von denen die erste im Gegensatz zur zweiten möglicherweise von einer Maschine
stammt, während das dritte Verfahren völlig ungeklärt ist.
The report of
department b2 shows that there was a meeting at Wa Prüf 7 to better organize
the interception of this traffic. Investigations on the recovered pure key
continued.
In the
following months investigations continued but no breakthrough was achieved.
There were complaints about the limited traffic intercepted.
In December
’44 four messages in depth were solved and pure key analyzed:
Russische Baudot verkehre
Aus dem anfallenden material könnte
ein kompromiss von 4 phasengleichen sprüchen
gefunden werden, der zum grössten Teil gelöst wurde. Mit Untersuchungen
am reinen schlüssel wurde begonnen.
In January
’45 investigations of the recovered pure key continued and in February more in
depth messages were solved:
Russische Baudot verkehr
An der lösung weiterer phasengleicher
sprüche wurde gearbeitet; ausserdem wurden die untersuchungen am reinen
Schlüssel fortgesetzt.
The last
report, of March ’45 says that investigations continued:
Russische Baudot verkehr
Die untersuchung der russischen
Baudot-verfahren wurde fortgesetzt.
The Poets
series cipher machines
In the
immediate postwar period the Anglo-Americans were able to solve at least two
Soviet cipher teleprinters. These were given the names Coleridge and
Longfellow.
Coleridge was
used on military networks in the European part of the Soviet Union. By March
1946 it had been solved. The Coleridge decrypts provided important intelligence
about the Soviet military’s order of battle, training activities and logistical
matters.
The other
system, Longfellow, was reconstructed by July 1946 and the settings were first retrieved
in February 1947.
It seems both
machines were ‘lost’ in 1948 when the Soviets introduced emergency changes in
their cryptologic systems.
It is not
clear if Coleridge and Longfellow had a connection with the cipher machines
that the Germans attacked during the war.
Coleridge may
have been the system the Germans called ‘Bandwurm’.
Primary
sources:
From TICOM I-2 ‘Interrogation of Dr. Huettenhain and Dr. Fricke at
Flenshurg,21 May 1945’, p2
... they also have another machine„
funkfernschreiber, which encodes during transmission. it uses the international
five impulse teleprinter code.
Q. Did the Russians use this machine
much?
A. It became increasingly important
during the last 1 1/2 years.
Q. What units used it?
A. Only the highest staffs, press and
diplomatic services.
From TICOM DF-240
‘Characteristics, Analysis and security of cryptographic systems’ - Parts III
and IV, p37-39
Both
texts indicated the pauses in transmission by - - - - - etc. The cipher tape has the peculiarity that in
passing from the preliminary call-up to the transmission pause, the Russian
letter Π,
represented in the radio alphabet by + + + + +, occurs seven times.
…………………………………………….
Now
since it was natural to assume that in this transition to and from cipher texts
the same letter Π= +
+ + + + likewise appeared seven times in each case but vas no longer
recognizable due to the encipherment the first and last seven cipher values of
all cipher texts interrupted by transmission pauses were subjected to special
study. Since the machine, once the daily key had been set up, was used very
frequently during the course of the day for sending cipher text with numerous
pauses in transmission without any new daily key being set up, rather numerous
fragments of a length of seven letters were available at known intervals of
greater or lesser lengths.
…………………………………………….
From
this it could be concluded that the first seven and the last seven letters of
each secret text came from enciphering the letter Π= + + + + + seven times and hence these
fragments of cipher text represented pure key text. The following study of
these fragments of pure key text led to a recognition of the fact that the
first impulses show the same repeated picture in the chain of plus and minus
impulses at an interval of 37, the second impulses at an interval of 39, the
third impulses at an interval of 41, the fourth and fifth at an interval of 43
and 45 respectively (the intervals may have been 35, 37, 39, 41, 43). This
showed the length of the five cipher wheels and their cam pattern according to
the day’s setting. Each cam crest caused the inversion of the plain impulse
into its opposite while a cam trough left a plain impulse unchanged. The wheels
regularly moved one step after each cipher letter.
With
this the decipherment of the cipher text had been accomplished. The
reconstruction of the cam pattern of the wheels, which was set up new each day,
was easily accomplished.
From TICOM DF-241
‘The Forschungsamt’- Part I, p25
18.
The Russian radio [2-channel] cipher machine with a channel for plain text and
a channel for cipher text could be studied after the Technical Division had
constructed a receiving device which at the same time removed the scrambling.
The five elements of the radio alphabet [bands] ware enciphered singly through
five wheels which move evenly. The wheels could be set up new each day
corresponding to the daily key; but the period was constant and invariable. It
was possible to solve this completely.
From TICOM DF-241
‘The Forschungsamt’- Part IV, p38
It need only be mentioned here that the 2-channel cipher machine was withdrawn from use a few days after the Forschungsamt succeeded in solving it. When the machine was put into use again some weeks later, the cipher device of the cipher channel had been so altered that solution by the previous method was no longer possible since, when switching the machine from procedure traffic to cipher text and between a pause in transmission and cipher text, the switching became effective at once and the idling period of 7 elements had dropped out. That the same machine was involved was proven only by the receiver device which still broke up the scrambled text into a clear and a cipher text in the same manner as before. Because OKH had great interest in this traffic and its own receivers did not work perfectly, and because further detailed work at this time (Autumn 1943) in the Forschungsamt was not possible, OKH received all new traffic on this machine for processing.
From TICOM I-30 ‘Report on Interrogation of Uffz. Karrenberg at Steeple Claydon on 7th July 1945 at 11.00 am’, p2
The subject of this interrogation was
confined to Karrenberg’s work on Russian Baudot letter ‘strip’, traffic known
to the Germans as ‘BANDWURM’ and not to be confused with Russian 5-letter,
traffic also carried on Baudot lines.
The Germans had not captured any of
the apparatus used but considered that it consisted of two parts: 1) a
Baudot-teleprinter with the letters of the Russian alphabet (excluding q and
'g') and figure and letter shift making 32 characters in all; 2) a cipher
attachment consisting of 5 small wheels driven by one large wheel.
Each of the small wheels had a pattern
of positive and negative impulses and each wheel worked in conjunction with one
of the five impulses produced by pressing a key of the teleprinter, the effect being
to add a positive or negative impulse to each of the five impulses produced by
the letter being sent. This in effect means adding a letter of key to the clear
letter to produce a cipher letter.
Depths were frequent on the traffic
intercepted by the Germans, but they do not seem to have made any attempt to
reconstruct the wheel patterns. In the case of the driving wheel they came to
the tentative conclusion that it had a period of 43. The preambles of messages
were always enciphered which resulted in stereotyped and known beginnings to
messages. The machine setting for a message was indicated by means of a two
figure number which presumably referred to a table of settings; a different
table was used each day.
Before the actual start of a message a
passage of operator's chat was sent enciphered by the addition of a constant
letter to each letter of the clear text. This letter was then sent en clair-
and repeated three times. The object of this was to see that the receiver had
his machine net up correctly.
The system was used by the Army and
Air Force and to a lesser extent by the N.K.W.D.
From TICOM I-153
‘Second Interrogation of Uffz. Karrenberg of OKH on the Baudot-Scrambler
Machine (Bandwurm)’, p2
P.W. stated that he believed the
‘Bandwurm’ traffic was first intercepted in 1940 in Warsaw. As far as he had
been able to make out no interest had then been taken in it. The first actual
knowledge we had of a traffic with the same external features (chat.
indicators, eto.) was in summer 1943 when the first real interest was taken in
it and the traffic was sent to Berlin for analysis. He understood that it went
to a Dr. Pietsch and Doering.
There were a number of links usually
varying according to the number of armies (Frontstaebe). The maximum number was
8. One end of each link was always in Moscow, the other would be mobile, and
move with the armies. There were also one or two Airforce links. There was also
supposed to be a link with the Far East. Traffic was heavier from the
‘outstations’ to Moscow.
and page 3
In Autumn 1944 both the end of 'adder'
and every pause in the cipher proper was preceded by seven key letters
[redacted]. Then the traffic went off the air and reappeared in December with
no external change except that the seven ‘residue' letters had been reduced to
three, suggesting a modification of the machine. In general it is clear that some of the features of the key at
least have not changed in the last nine months.
From TICOM I-64 ‘Answers by Wm. Buggisch of OKH/Chi to Questions sent
by TICOM’ , p2-3
1. Russian Systems
In 1943 B heard that the Forschungsamt
(no individual names given) had claimed some success on a Russian teletype
machine, and had re-created the action of the machine. It was a machine with a
very long cycle being not prime but the product of several smaller cycles--like
the SZ42. B. did not know the cycle of all of the individual wheels or any
other details. He heard this from DOERING, who was then doing his research on
the T-52, but liaison with the FA was bad anyway (Major Mettig was particularly
opposed to the SS taint) and the next he heard was that the traffic found by
the FA had stopped. B. remembered only that the cycle of one wheel was 37; the
others, he thought, varied widely from 30-80.
Late in 1943 and increasingly in 1944
OKH itself began to intercept non-Morse, 5-impulse traffic (called ‘Hughes’ by
B.). The Mathematics Referat went to work on it, with TROEBLICHER playing a
leading part. At the end of 1943 the Russians created a ‘kompromiss’, giving a
depth of about 8 messages with the same setting. With this they were able to
recover 1400 letters of pure key and at the same time to ascertain that the
traffic being passed was the 5-figure code, with regular station chat
enciphered at the same time on the machine (Suggests a machine in constant
motion as described by Karrenberg).Part of the depth was created within the
same long message, so that the machine had a cycle, at least in this one case
of about 1450 letters. The actual number was thought to be very significant by
the Germans, as it was prime and so could not be the product of smaller cycles
in any way that they could imagine. This differentiated it from the machine
which the FA had broken. The Germans postulated either a single tape machine
like the T43 or a machine in which the motions of the wheels influenced each
other,1 and 2 affecting 3, 3 affecting 5, etc. as in the T52. They were never
able to prove one theory or the other. (B. apologized for this. Said they did
not have enough mathematicians to tackle the fascinating problem of determining
what the motion must be to create this cycle. Seemed quite convinced that there
would be a unique solution to the problem.) After this experience they devised
Hollerith machinery to locate depths, but in fact they only found three or four
more cases and none of these gave additional cycle evidence or even furnished
as much pure key as the first one. B. left the section in June 1944. He thinks
the traffic slumped off in the summer of 1944 and LNA took steps to try to
improve the reception, as they believed the traffic was still there.
TROEBLICHER was detailed to this end of the work at this time. B. stressed one
fact which had surprised him, that they had never had information about either
of these machines (he assumed that the one the FA broke was not the same
because of the difference on cycles.) from PW or agent sources.
B. said in passing that their own
security idea on the subject of wheel machines of this sort was that the cycle
should not be the product of smaller periods(as in Hagelin) even if this was
long. Mutual influence of wheels should be used to avoid this, but at the same
time care must be taken that too short a period was not created in the process.
This in fact had apparently been done by the Russians, but the fact that it was
not repeated suggested to him that they might have seen the weakness and
corrected it.
Troeblicher
is mentioned in CSDIC (U.K.) SIR 1717, appendix A as Troebliger (Uffz). He worked in Group IV, Referat 1b as an analyst
on Russian Baudot traffic.
Sources: CSDIC (U.K.) SIR 1717, SI-32 ‘Special intelligence report’, ‘European Axis Signal Intelligence in World War II’ vol2 and vol4, TICOM reports I-2, I-64, DF-98, I-30, I-153, I-169, I-173, DF-240, DF-241, ‘The Secret Sentry: The Untold History of the National Security Agency’, Intelligence and National Security article: ‘Behind Venona: American signals intelligence in the early cold war’, Soviet cryptographic service 1920-1940
TICOM reports I-2, I-64, DF-98, DF-240, DF-241 can be
found in my TICOM
folder, reports I-30, I-153, I-169, I-173 can be downloaded from TICOM Archive.
Acknowledgments: It was Frode Weierud who first
pointed to me the German interest in the Soviet teleprinter and the
characteristics of the machine solved by the Forschungsamt in 1943. Credit also
goes to Randy Rezabek for finding and uploading to the internet the
interrogations of Karrenberg since they contain lots of information on the cipher
machine.
No comments:
Post a Comment