Tuesday, February 14, 2017

Interesting reports on the Soviet crypto problem

Two new versions of the following reports can be found at the NSA’s website.



The previous versions had a lot of pages deleted by these seem to have fewer redactions. 

It’s a step forward…

Thursday, February 9, 2017

Breaking Enigma messages

Frode Weierud and Olaf Ostwald have written the interesting article ‘Modern breaking of Enigma cipher texts’ on modern techniques used in solving original Enigma messages from WWII.

ABSTRACT
“Breaking German Army Ciphers” is the title of a Cryptologia article from 2005, describing the lucky survival of several hundred authentic Enigma messages of World War II, and an account of a ciphertext-only cryptanalysis of a large number of these messages, leaving only a few (mostly short messages) unbroken. After reviewing the work done, and investigating the reasons for both lucky breaks and close misses, the modern ciphertext-only attack on Enigma messages is improved, especially on genuine ones with short lengths and/or many garbles. The difficulties of a proper measure for the candidate’s closeness to a plaintext are clarified. The influence on the decryption process of an empty plugboard and one with only a few correct plugs is examined. The method is extended by a partial exhaustion of the plugboard combined with an optimized hillclimbing strategy. The newly designed software succeeds in breaking formerly unbroken messages.

Frode has also summarized the previous efforts to solve these messages at CryptoCellar Tales.

Wednesday, February 1, 2017

The compromise of the Croat Enigma K cipher machine by the German Army’s codebreakers

Signals intelligence and codebreaking played an important role in WWII. British and American codebreakers solved many important Axis crypto systems and similarly their Axis counterparts also had their own successes.

Both the Allies and the Axis powers solved not only their opponents’ communications but also those of neutral powers and in some cases the communications of their own allies.
For example the German codebreaking agencies solved Japanese and Italian diplomatic ciphers during the 1930’s and in WWII.

The Germans also solved the messages of their minor allies. One such case concerns the Enigma K (commercial version) used by the Armed Forces of the Independent State of Croatia in WWII.

The Independent State of Croatia

The Kingdom of Yugoslavia was one of the states that were created when the old Austro-Hungarian empire collapsed at the end of WWI. The country covered a large area in the Balkans but was politically unstable since it was made up of a diverse group of peoples (Serbs, Croats, Slovenes, Montenegrins). 

In April 1941 the country was quickly defeated and occupied by German forces. The collapse of the Yugoslav state led to its partition into new states, subservient to the Axis powers.

One of them was the Independent State of Croatia, ruled by the Ustaše movement and its leader Ante Pavelić.

Although the Croat State was a puppet state of Germany its communications were targeted by the German Army’s codebreakers.

The German Army High Command’s codebreaking department

During WWII the German Army made extensive use of signals intelligence and codebreaking in its operations against enemy forces. German commanders relied on signals intelligence in order to ascertain the enemy’s order of battle and track the movements of units.

The German Army’s signal intelligence agency operated a number of fixed intercept stations and also had mobile units assigned to Army Groups. These units were called KONA (Kommandeur der Nachrichtenaufklärung) - Signals Intelligence Regiment and each had an evaluation centre, a stationary intercept company, two long range signal intelligence companies and two close range signal intelligence companies.

The KONA units did not have the ability to solve complicated Allied cryptosystems. Instead they focused on exploiting low/mid level ciphers and even in this capacity they were assisted by material sent to them by the central cryptanalytic department. This was the German Army High Command’s Inspectorate 7/VI

Inspectorate 7/VI had separate departments for the main Allied countries, for cipher security, cipher research and for mechanical cryptanalysis (using punch card machines and more specialized equipment).

The codes of Balkan countries and of the Tito and Mihailović resistance movements (1) were worked on by Referat 6. This department also solved Croat communications in the period 1941-45 (2).

Yugoslav communications were also worked on by a small detachment under Lieutenant Wollny (Nachrichten Aufklärung Zug ‘W’) based in Belgrade and by the units of KONA 4 (Kommandeur der Nachrichtenaufklärung 4 - Signals Intelligence Regiment 4).

The Croat Enigma K cipher machine

According to German reports the Croatian forces used several cryptosystems, from Caesar cipher and simple transposition to 4 and 5-figure enciphered codes.

A more interesting system identified in Croatian radio traffic was the Enigma K cipher machine.

Since the 1920’s the Enigma cipher machine was sold to governments and companies that wanted to protect their messages from eavesdroppers.

The latest version of the commercial Enigma machine was Enigma K. In WWII this device was used by the Swiss diplomatic service and armed forces and also by the Croatian authorities.

The device worked according to the Enigma principle with a scrambler unit containing an entry plate, 3 cipher wheels and a reflector. Each of the cipher wheels had a tyre, marked either with the letters of the alphabet or with the numbers 1-26, settable in any position relative to the core wheel, which contained the wiring. The tyre had a turnover notch on its left side which affected the stepping motion of the device.

The position of the tyre relative to the core was controlled by a clip called Ringstellung (ring setting) and it was part of the cipher key, together with the position of the 3 cipher wheels.  
The commercial version was different from the version used by the German Armed Forces in that it lacked a plugboard (stecker). Thus in German reports it was called unsteckered Enigma.

The Croatian authorities first received 12 Enigma machines in July 1942 (3). More machines were purchased in 1943 and 1944. In the period November ’43 - March ‘44 Enigmas that had been used by the Condor Legion in Spain were rewired for the General Staff of the Croatian Home Defence Forces (Kroatischen Landwehr – Hrvatsko Domobranstvo) (4).

The reflector remained on the commercial wiring Ch 11 Tz 86, however the 3 cipher wheels received the new wiring Ch 11 Tz 364 a–c (5).



In total 12 new Enigma cipher machines and 29 rewired ones were prepared for Croatian use. In addition it is likely that another 44 machines were also delivered (6).

Solution of Croat Enigma K communications

Details on the solution of Croatian messages enciphered on the Enigma K are available from the postwar interrogation of Army cryptanalyst dr Buggisch and from the relevant entries in the War Diary of Inspectorate 7/VI.

Dr Buggisch, one of the top cryptanalysts of Inspectorate 7/VI, said in TICOM report I-92 ‘Final Interrogation of Wachtmeister Otto Buggisch’, p2-3

2. Solution of Croat Enigma. This was not an outstanding cryptanalytic achievement. The machine used was the K model, with three wheels and no stecker. The machines were made for the Croats by the firm of KROSKY and KRUGER, Berlin, which gave the wirings promptly to OKW/WNV in about 1941 or 1942. A single key was used throughout the entire Croat Army and area, and this consisted only of a list of 100 settings for a period of a month. As far as Buggisch knew the Ringstellung stayed always at AAA, and the wheel order at 1, 2, 3. Just to make sure, the Germans paid for one of the first keys used, and with this decoded traffic were able to establish stereotypes and solve almost 100% from the first.

The solutions were done entirely by hand with wiring charts, assuming a pet beginning (one third of all messages began with "MINORS") and assuming the left hand wheels and Umkehrwalz unmoving (only one notch per wheel as in the commercial model). The Croats also had pet indicators and so would furnish depths in case this method did not work. The setting was indicated directly by a two digit number unenciphered, so that the settings wore solved almost as fast as they came, and the traffic read currently from then on. Buggisch did not recall the contents in detail. 90% of it was uninteresting; there were some interesting messages about actions against Tito

Buggisch said the Germans had considered equipping the Croats With the military Enigma, as they did for HUNGARY, ROUMANIA, FINLAND and ITALY (and JAPAN, he thinks) in about 1942. However, they decided against this as they believed the corrupt CROATS would go right on selling the keys to British agents, while they, the GERMANS, would have to pay as well instead of solving free. (The possibility of a BRITISH solution obviously did not occur to Buggisch during this discussion of the K model.)




According to Buggisch one third of all messages began with the word ‘MINORS’. MINORS stood for ‘Ministarstvo Oruzanih Snaga’ - Ministry of Armed Forces of the Independent State of Croatia (7).

Thus this was high level traffic between the Ministry of Armed Forces and the regional military commands.

The war diary of Inspectorate 7/VI (8) confirms Buggisch’s statements and shows that in the period 1943-45 the Croatian Enigma was regularly read by the Germans.

Information from the War Diary of Inspectorate 7/VI

In June ’43 the report of Referat 13 (security of German cipher machines) said that the use of the commercial Enigma K machine had been identified in Croatian 5-letter cipher traffic and by using the wheel wirings supplied by the company Heimsoeth & Rinke together with known key documents it was possible to break into this traffic. Presumably ‘known key documents’ would have been the compromised documents that Buggisch mentioned in report I-92.

Bei einem kroatischen 5B-Verkehr wurde festgestellt, daß er mit einer handelsüblichen Enigma Modell K verschlüsselt ist. Ein Versuch mit den von der chiffriermaschinengesellschaft Heimsoeth & Rinke an Kroatien gelieferten Walzen ergab, daß tatsächlich die betreffenden Walzenschaltungen benutzt wurden. Unter Ausnutzung teilweise bekannter Schlüsselunterlagen gelang ein Einbruch und damit die Deutung der Schlüsseltechnik. Nach früher hier entwickelten Methoden wird eine laufende Entzifferung möglich sein.

In einer Besprechung am 8.6.43 wurden einige Entzifferungergebnisse über die handelsübliche Enigma mit dem Forschungsamt ausgetauscht. (Wm.Döring, Uffz. Rinow.)



In July ’43 the report of Referat 6 (Balkan countries) said that there was cooperation with Referat 13 (Wm. Buggisch) on the solution of the Croat Enigma. 23 indicators (for the initial position of the rotors) were recovered and transmitted to Lieutenant Wollny’s Nachrichten Aufklärung Zug ‘W’, together with a cipher machine for processing the accumulating material.

Von den mit Chiffriermaschine verschlüsselten kroatischen Sprüchen wurden unter Zusammenarbeit mit Referat 13 (Wm. Buggisch) 23 Kenngruppen (für Walzeneinstellung) gedeutet und mitsamt einer Chiffriermaschine fur Nachr. Aufkl.-Zug "W" zwecks Bearbeitung des dort anfallenden Spruchmaterials Herrn Oberleutnant Wollny übergeben. Die mit der Chiffriermaschine gelösten Sprüche wurden in einer umfangreichen VN-Meldung herausgegeben. (s.Schrb. Br.B.Nr. 1691/43 gKdos.)

The report of Referat 13 said that by solving the frequently used indicators it was possible to solve almost all the traffic.

Bei den kroatischen 5B-Sprüchen, die als Enigma-Sprüche (Modell K) erkannt wurden, konnten die häufig benutzten Kenngruppen erstellt werden, sodass fast der gesamte Verkehr mitgelesen werden kann.

A table contained in the Referat 6 report shows how many messages were processed during the month:



In August ’43 Referats 6 and 13 solved 16 indicator groups and transmitted them to Nachrichten Aufklärung Zug ‘W’ via teletype.

Referat 6:

Von den mit Chiffriermaschine verschlüsselten kroatischen Sprüchen wurden unter zusammenarbeit mit Referat 13 (Wm. Buggisch) 16 Einstellungsgruppen gedeutet und dem Nachr. Aufkl. Zug mit Fernschreibgspräch (G-Schreiber) am 10 und 17.8 zwecks Bearbeitung des dort anfallenden spruchmaterials mitgeteilt.

In September ’43, indicator groups continued to be solved and sent to the Wollny unit for direct exploitation. However according to the Referat 13 report the Croatian authorities changed the indicator system by having 10 new indicators valid for each day instead of the previous arrangement for 100 indicators valid for each quarter.

Nachdem die Kroaten von Vierteljährlichen Schlüsselwechsel (100 Schlüssel) zu täglichem Schlüsselwechsel (10 Schlüssel) übergegangen sind, erfordert die laufende Erstellung der schlüssel mehr Arbeit als bisher.

In October ’43, 13 indicators were sent to the Wollny unit. The report of Referat 13 says that the current solution of the indicators could be stopped. This would seem to imply that they got copies of the indicator tables, thus they didn’t need to solve them cryptanalytically.

Da die Schlüsselunterlagen zur kroatischen Enigma anderweitig besorgt werden, konnte die laufende Erstellung der schlüssel Mitte des Monats eingestellt werden.

In November ’43 the report of Referat 6 says that Croatian ciphers were solved (hand systems and cipher machine) and the results transmitted to Nachrichten Aufklärung Zug ‘W’.

Bearbeitung umfangreichen Spruchmaterials aus dem kroatischen Funkverkehr, Entzifferung einfacher Würfel und mit Chiffriermaschine verschlüsselter Sprüche. Herausgabe von 9 V.N.-meldungen aus diesem Verkehr. sämtliche hier erstellten Losungen und neuen überschlüsselungsarten wurden dem N.A.Zug "W" fernschriftlich oder schriftlich mitgeteilt.

In December ’43 there were organizational changes in Inspectorate 7/VI, with Referat 6 becoming Referat a5 and Referat 13 becoming Referat b2.

New indicators were recovered by departments a5 and b2. The report of b2 says that the solution of the Croat Enigma indicators had to be resumed because procurement was not yet possible in the new key period.

Referat b2

3. Enigma: Die erstellung der kroatischen Schlüssel wurde wieder aufgenommen, da die Beschaffung auf dem früheren Weg in der neuen Schlüsselperiode noch nicht möglich war.

Also in the second half of 1943 Referat 9, which was the Hollerith/IBM punch card section, did statistics on the Croatian Enigma traffic (Statistische Untersuchungen für kroatische Enigma für Wm. Buggisch) and on Croat language bigram and trigram statistics (Bi- und Trigrammstatistik aus kroatischen Klarsprüchen für Wm. Buggisch)

In February ’44, 18 indicator groups were solved.

The March ’44 report of Referat a5 says that the extensive Croatian Army traffic was tackled only at the forward unit Nachrichten Aufklärung.

Referat a5

Ehem. Südslawien - Freies Kroatien:
Bearbeitung des gesamten umfangreichen Heeres - Spruchmaterials ( einfache würfel, spaltencäsaren, Enigma) erfolgt nur noch bei N.A.
11 VN- Meldungen mit 208 Sprüchen

In April, May and June ’44 there seems to have been a halt on interception of this traffic. The April’ 44 report says that ‘for unknown reasons message interception has been discontinued as of 6.4

Referat a5

Ehem. Südslawien - Freies Kroatien:
6 S- Meldungen mit 119 Sprüchen
Spruch aufnahme is mit  dem 6.4 aus unbekannten Gründen eingestellt worden, was sehr bedauerlich, da bei evtl. späterer Neubeobachtung erfahrungsgemäss die Ez. erheblichen Zeit- und Arbeitsaufwand erfordert.

Interception resumed in July ’44 with the report pointing out the negative consequences of losing touch with this traffic (‘The three-month interruption of interception makes itself felt in a disadvantageous manner’)

Referat a5

Ehem. Südslawien - Freies Kroatien:
Eingestellte Beobachtung am 1.7.44 wieder aufgenommen. Spruchanfall mässig. 48 Sprüche (einfache Würfel) entziffert, inhalt belanglos. Bearbeitung von 5Z- Sprüchen (vermutlich überschlüsselter 4Z-Code ) bisher ohne Erfolg. Die dreimonatige unterbrechnunh der Beobachtung  macht sich nachteilig bemerkbar. Angeforderte Schlusselunterlagen von Kdr 4 nicht eingegangen.

In August ’44 Referat b2 resumed work on the solution of the Enigma indicators.

Referat b2

Bei wieder aufgenommener Bearbeitung der kroat. Enigma konnten einige Schlüssel erstellt werden.

In September ’44, 7 indicators were recovered by Referat b2.

In October ’44 there was another organizational change with Referat a5 becoming Referat 3c and Referat b2 becoming Referat 1b.

During the month 5 indicators were created and results transmitted to KONA 4 (Kommandeur der Nachrichtenaufklärung 4 - Signals Intelligence Regiment 4) in the Balkans.

In November ’44 solutions increased with 33 indicators transmitted to Referat 3c.

Referat 1b

Erstellung von 33 Schlüsseln für kroatische Enigma und Weiterleitung an 3c.

In December ’44, 59 indicators were recovered.




In January ’45 Referat 3c became Referat 2c. The report of Referat 1b says that 47 keys for the Croat Enigma were solved and transmitted to Referat 2c.

In February ’45 the Ref 1b report simply says that a large number of keys for the Croatian Enigma was solved and passed on to Ref 2c.

Eine grössere Zahl von Schlüsseln für die Kroat. Enigma wurde gelöst und an Ref.2 c weitergegeben.

The final Ref 2c report from March ’45 says that 30 keys were recovered and 354 messages solved.

Referat 2c

1. Balkan- Freies Kroatien
a). Für die mit der Enigma verschlüsselten 5B-Sprüche des Kroatischen Heeres wurden 30 Schlüssel erstellt. Es wurden damit 354 Sprüche entschlüsselt.



Notes:


(2). Reports of Referat 6 – War Diary of Inspectorate 7/VI

(3). Correspondence with Frode Weierud.



(6). Correspondence with Frode Weierud.

(7). Correspondence with dr Nikica Baric of the Croatian State Archives

(8). German Foreign Ministry’s Political Archive - TICOM collection - files Nr 2760-2761

Additional information:

The files of Inspectorate 7/VI, listed in TICOM report IF-272 - TAB ‘D’, include the following report on the Croatian Enigma in page 8:

Zusammengefasste Umkehrwalze. Kroatien. AA-AZ.
Walze I. II. III.

These should be the wirings for the reflector and the three wheels.

Acknowledgements: I have to thank Frode Weierud for his help in translating the relevant passages from the War Diary of Inspectorate 7/VI and for the information on the Croat Enigma orders and dr Nikica Baric for explaining the meaning of the term MINORS.