The Higgs memorandum - Compromise of State Department communications by the Finnish codebreakers in WWII

During WWII the US State Department used several cryptosystems in order to protect its radio communications from the Axis powers. For low level messages the unenciphered Gray and Brown codebooks were used.  For important messages four different codebooks (A1, B1, C1, D1) enciphered with substitution tables were available.

Their most modern and (in theory) secure system was the M-138-A strip cipher. Unfortunately for the Americans this system was compromised and diplomatic messages were read by the Germans, Finns, Japanese, Italians and Hungarians. The strip cipher carried the most important diplomatic traffic of the United States (at least until mid/late 1944) and by reading these messages the Axis powers gained insights into global US policy.

Germans, Finns and Japanese cooperated on the solution of the strip cipher. In 1941 the Japanese gave to the Germans alphabet strips and numerical keys that they had copied from a US consulate in 1939 and these were passed on by the Germans to their Finnish allies in 1942. Then in 1943 the Finns started sharing their results with Japan. 

Finnish solution of State Department cryptosystems

During WWII the Finnish signal intelligence service worked mostly on Soviet military and NKVD cryptosystems however they did have a small diplomatic section located in Mikkeli. This department had about 38 analysts, with the majority working on US codes.

Head of the department was Mary Grashorn. Other important people were Pentti Aalto (effective head of the US section) and the experts on the M-138 strip cipher Karl Erik Henriksson and Kalevi Loimaranta.

Their main wartime success was the solution of the State Department’s M-138-A cipher. The solution of this high level system gave them access to important diplomatic messages from US embassies in Europe and around the world. 

Apart from purely diplomatic traffic they were also able to read messages of other US agencies that used State department cryptosystems, such as the OSS -Office of Strategic Services Bern station, Military Attaché in Switzerland, Office of War Information representative in Switzerland, the Foreign Economic Administration, War Shipping Administration, Office of Lend-Lease Administration and the War Refugee Board.

Operation Stella Polaris

In September 1944 Finland signed an armistice with the Soviet Union. The people in charge of the Finnish signal intelligence service anticipated this move and fearing a Soviet takeover of the country had taken measures to relocate the radio service to Sweden. This operation was called Stella Polaris (Polar Star).

In late September roughly 700 people, comprising members of the intelligence services and their families were transported by ship to Sweden. The Finns had come to an agreement with the Swedish intelligence service that their people would be allowed to stay and in return the Swedes would get the Finnish crypto archives and their radio equipment. At the same time colonel Hallamaa, head of the signals intelligence service, gathered funds for the Stella Polaris group by selling the solved codes in the Finnish archives to the Americans, British and Japanese. 

The Stella Polaris operation was dependent on secrecy. However the open market for Soviet codes made the Swedish government uneasy. In the end most of the Finnish personnel chose to return to Finland, since the feared Soviet takeover did not materialize. 

The Higgs memorandum

In September 1944 colonel Hallamaa met with L. Randolph Higgs, an official of the US embassy in Sweden and told him about their successes with US diplomatic codes and ciphers.

This information was summarized in a report prepared by Higgs, dated 30 September 1944.

The report can be found in the US National Archives - collection RG 84 ‘Records of the Foreign Service Posts of the Department of State’ - ‘US Legation/Embassy Stockholm, Sweden’ - ‘Top Secret General Records File: 1944’.

(Google Drive link)

Higgs met with colonel Hallamaa on September 29 and the OSS officials Tikander and Cole were also present during their discussion.

Hallamaa stated that he was an administrator, not a cryptanalyst and about 10-12 of his men worked on US diplomatic codes.

His unit had solved the US codes Gray, Brown, M-138-A strip cipher and enciphered codebooks (probably the A1, B1, C1).

The high level M-138-A system had been solved mostly by taking advantage of operator mistakes such as sending strip cipher information on other systems that had already been broken or sending the same message in different strips one of which had been broken.

The strip cipher was considered a strong encryption system and had been adopted by the Finns for some of their traffic.

Important diplomatic messages from the US embassies in Switzerland, Sweden and Finland were read by the Finnish codebreakers.

Regarding Bern, Switzerland most of the messages dealt with intelligence matters:

‘Replying to my request for information regarding the contents of the messages from our Legation in Bern to the Department, Col. Hallamaa said the great bulk of them were intelligence messages dealing with conditions in Germany, France, Italy and the Balkans. He spoke in complimentary terms about ‘Harrison’s’ information service’.

Regarding Helsinki, Finland Hallamaa stated that thanks to the decoded diplomatic traffic they were always informed of current US policy initiatives:

‘Col. Hallamaa said that they always knew before McClintock arrived at the Foreign Office what he was coming to talk about’.

Hallamaa revealed a lot of confidential information to the Americans and volunteered to have some of his experts interviewed. 

The interview was conducted on friendly terms with Higgs stating; ‘Col. Hallamaa was most pleasant and seemed to be entirely frank and open regarding the matters discussed’.

Additional information: In November 1944 the US cryptanalysts Paavo Carlson of the Army’s Signal Security Agency and Paul E. Goldsberry of the State Department’s cipher unit interviewed Finnish officials regarding their work on US codes. Their report can be found here.

The Carlson-Goldsberry report - Compromise of State Department communications by the Finnish codebreakers in WWII

During WWII the US State Department used several cryptosystems in order to protect its radio communications from the Axis powers. For low level messages the unenciphered Gray and Brown codebooks were used.  For important messages four different codebooks (A1, B1, C1, D1) enciphered with substitution tables were available.

Their most modern and (in theory) secure system was the M-138-A strip cipher. Unfortunately for the Americans this system was compromised and diplomatic messages were read by the Germans, Finns, Japanese, Italians and Hungarians. The strip cipher carried the most important diplomatic traffic of the United States (at least until mid/late 1944) and by reading these messages the Axis powers gained insights into global US policy.

Germans, Finns and Japanese cooperated on the solution of the strip cipher. In 1941 the Japanese gave to the Germans alphabet strips and numerical keys that they had copied from a US consulate in 1939 and these were passed on by the Germans to their Finnish allies in 1942. Then in 1943 the Finns started sharing their results with Japan. 

Finnish solution of State Department cryptosystems

During WWII the Finnish signal intelligence service worked mostly on Soviet military and NKVD cryptosystems however they did have a small diplomatic section located in Mikkeli. This department had about 38 analysts, with the majority working on US codes.

Head of the department was Mary Grashorn. Other important people were Pentti Aalto (effective head of the US section) and the experts on the M-138 strip cipher Karl Erik Henriksson and Kalevi Loimaranta.

Their main wartime success was the solution of the State Department’s M-138-A cipher. The solution of this high level system gave them access to important diplomatic messages from US embassies in Europe and around the world. 

Apart from purely diplomatic traffic they were also able to read messages of other US agencies that used State department cryptosystems, such as the OSS -Office of Strategic Services Bern station, Military Attaché in Switzerland, Office of War Information representative in Switzerland, the Foreign Economic Administration, War Shipping Administration, Office of Lend-Lease Administration and the War Refugee Board.

Operation Stella Polaris

In September 1944 Finland signed an armistice with the Soviet Union. The people in charge of the Finnish signal intelligence service anticipated this move and fearing a Soviet takeover of the country had taken measures to relocate the radio service to Sweden. This operation was called Stella Polaris (Polar Star).

In late September roughly 700 people, comprising members of the intelligence services and their families were transported by ship to Sweden. The Finns had come to an agreement with the Swedish intelligence service that their people would be allowed to stay and in return the Swedes would get the Finnish crypto archives and their radio equipment. At the same time colonel Hallamaa, head of the signals intelligence service, gathered funds for the Stella Polaris group by selling the solved codes in the Finnish archives to the Americans, British and Japanese. 

The Stella Polaris operation was dependent on secrecy. However the open market for Soviet codes made the Swedish government uneasy. In the end most of the Finnish personnel chose to return to Finland, since the feared Soviet takeover did not materialize. 

The American reaction and the Carlson-Goldsberry report

According to the NSA study History of Venona (Ft. George G. Meade: Center for Cryptologic History, 1995), it was at that time that the Finns revealed to the US authorities that they had solved their diplomatic codes. On 29 September 1944 colonel Hallamaa met with L. Randolph Higgs of the US embassy in Stockholm and told him about their success.

In response two cryptanalysts were sent from the US to evaluate the compromise of US codes in more detail. They were Paavo Carlson of the Army’s Signal Security Agency and Paul E. Goldsberry of the State Department’s cipher unit. Their report dated 23 November 1944 had details on the solution of US systems.

The Carlson-Goldsberry report

Unfortunately locating this report proved to be quite a problem. Initially I searched for it in the US National Archives (both in the NSA and OSS collections) but without success.

Thankfully the NSA FOIA/MDR office has managed to locate this file and they have finally declassified it.

Google drive link

The 4-page report summarizes the information gathered by US officials from their interviews of Finnish codebreakers in 16, 18 and 21 November 1944.

From the Finnish side Erkki Pale (head of the department working on Soviet ciphers) and Kalevi Loimaranta (member of the department dealing with foreign diplomatic codes) gave a summary of their work on various cryptosystems.

The Finns admitted to solving US diplomatic systems, both codebooks and the strip cipher M-138-A. According to them an unenciphered codebook could be reconstructed in 6 months but an enciphered one was harder to solve.

Regarding the M-138-A cipher it was solved because the alphabet strips were used for long periods of time, the same strips were used by several users and the numerical keys were the same for all users. Stereotypical beginnings and endings were also exploited in assumed plaintext cryptanalytic attacks.

There was cooperation with the German codebreakers on US systems and the Finns received a lot of intercepts from them.

The Finnish codebreakers also used a number of IBM machines for statistical work.

Although the Finns stated that after the introduction of channel elimination in January 1944 they could no longer solve strip cipher traffic a memo included in the report says that their detailed knowledge of channel elimination procedures may indicate continued success with the M-138-A system.

Acknowledgments: I have to thank my friends in the US for requesting this file from the NSA FOIA/MDR office and getting it declassified.

Compromise of State Department communications in WWII

In the course of WWII both the Allies and the Axis powers were able to gain information of great value from reading their enemies secret communications. In Britain the codebreakers of Bletchley Park solved several enemy systems with the most important ones being the German Enigma and Tunny cipher machines and the Italian C-38m. Codebreaking played a role in the Battle of the Atlantic, the North Africa Campaign and the Normandy invasion. 

In the United States the Army and Navy codebreakers solved many Japanese cryptosystems and used this advantage in battle. The great victory at Midway would probably not have been possible if the Americans had not solved the Japanese Navy’s JN25 code.

On the other side of the hill the codebreakers of Germany, Japan, Italy and Finland also solved many important enemy cryptosystems both military and diplomatic. The German codebreakers could eavesdrop on the radio-telephone conversations of Franklin Roosevelt and Winston Churchill, they could decode the messages of the British and US Navies during their convoy operations in the Atlantic and together with the Japanese and Finns they could solve State Department messages (both low and high level)  from embassies around the world.

Britain, the Soviet Union and the United States did not have impenetrable codes. In the course of WWII all three suffered setbacks from their compromised communications. One of the worst failures of US crypto security was the extensive compromise of State Department communications in the period 1940-44.

Reports on Japanese WWII codes and ciphers found in the Australian National Archives

Two very interesting reports detailing the main Japanese diplomatic and naval cryptosystems of WWII are available online via the Australian National Archives website.

To view the reports go to the National Archives site, click on ‘RecordSearch’, then click Advanced search for items and next to ITEM BARCODE enter 12127133 for the diplomatic report or 859305 for the Naval report.

1). The first report is titled ‘Special Intelligence Section report - Japanese Diplomatic ciphers’ and covers the codes and ciphers used by Japan’s Foreign Ministry, their characteristics and the success that the Anglo-American codebreakers had with each one.

2). The second report covers the codes and ciphers of the Imperial Japanese Navy and it is titled ‘Volume of technical records containing details of codes and cyphers’. The unofficial title is ‘The Jamieson report’.

Note that one of the systems mentioned is the JN-87 strip cipher. The Japanese thought so highly of the US M-138-A strip cipher that they copied it and used it with certain modifications!

Acknowledgements: I have to thank Professor Peter Donovan for informing me of the ‘Jamieson report’.

Victory!

I recently presented new information on the use of the M-138-A strip cipher by the State Department in the period 1940-44.  

However there was a small problem! The entries for the second half of 1944 were not in the microfilm that contains the material for 1940-44.

This meant that I had to find the microfilm with the relevant entries and this was not an easy task. After examining the finding aid for the Department of State Decimal File it was clear that the 119.25/Strip cipher entries would be in film 611.

Thankfully this turned out to be the case and I finally have all the 1944 entries. It will take me a few days to read them and then I’ll add the information in New developments in the strip cipher case.

Einzeldarstellungen aus dem Gebiet der Kryptologie - Hüttenhain’s statements on the State Department’s strip cipher

During WWII the US State Department used several cryptosystems in order to protect its radio communications from the Axis powers. The main systems used were the unenciphered Gray and Brown codebooks along with the enciphered codes A1, B1, C1, D1 and the new M-138 strip cipher. 

In the period 1940-1944 German, Japanese and Finnish codebreakers could solve State Department messages (both low and high level) from embassies around the world. The M-138-A strip cipher was the State Department’s high level system and it was used extensively during that period. Although we still don’t know the full story the information available points to a serious compromise both of the circular traffic (Washington to all embassies) and special traffic (Washington to specific embassy). In this area there was cooperation between Germany, Japan and Finland. The German success was made possible thanks to alphabet strips and key lists they received from the Japanese in 1941 and these were passed on by the Germans to their Finnish allies in 1942. The Finnish codebreakers solved several diplomatic links in that year and in 1943 started sharing their findings with the Japanese. German and Finnish codebreakers cooperated in the solution of the strips during the war, with visits of personnel to each country. The Axis codebreakers took advantage of mistakes in the use of the strip cipher by the State Department’s cipher unit.

Erich Hüttenhain, who was the chief cryptanalyst of OKW/Chi (Signal Intelligence Agency of the Supreme Command, Armed Forces), said in his unpublished manuscript ‘Einzeldarstellungen aus dem Gebiet der Kryptologie’, p20-21 about the strip system:

IV. Das amerikanische streifenverfahren

Im  2. Weltkrieg benutzten die USA bis September 1944 in Diplomatie, Heer, Luftwaffe und Marine neben anderen Verfahren ein unter dem Namen “Streifenverfahren" bekanntes Chiffrierverfahren.

Des Diplomaten—Streifenverfahren war das aufwendigste und mit den meisten Variations möglichkeiten versehen. Deshalb soll hier nur auf dieses Verfahren eingegangen werden.

Des Streifenverfahren in der Diplomatie war ein Chiffrierverfahren für den Linienverkehr; es bestand aber die Möglichkeit, von der Zentrale aus cq-Sprüche abzusetzen.
Fast jede US-Vertretung im Ausland hat zum chiffrierten Verkehr mit Washington einen Satz von 50 Stäben, auf denen je ein anderes verwürfeltes Alphabet zweimal hintereinander aufgezeichnet war. Täglich wurden 25 dieser Stäbe ausgewählt und in vorgeschriebener Reihenfolge zum Schlüsseln benutzt: Tagesschlüssel.

Nach einigen Monaten wurde der ganze Satz von 50 Stäben gegen einen anderen  satz von 50 Stäben ausgetauscht. Außerdem hatte jede Vertretung des US-Außenministeriums noch einen Stabsatz zur Entschlüsselung von cq-meldungen aus Washington. Auch dieser cq-Satz wurde von Zeit zu Zeit ausgewechselt.

Vom Standpunkt der Kryptologie war dieses Streifenverfahren ein mehrfach belegter Spaltencäsar.

Bald nach dem Beginn der Untersuchungen dieses Chiffrierverfahrens gelang es, die Periode von 25 zu erkennen. Es gelang auch, einige besonders lange Geheimtexte wenigstens teilweise zu entziffern. Es wäre eine harte und langwierige Arbeit geworden, wenn nicht besondere Umstände hinzugekommen wären. Einer dieser umstände war die Tatsache, daß die USA den bei einer Stelle abgelösten Stabsatz an anderer Stelle wieder einsetzten, anstatt ihn außer Kraft zu setzen.

Ein zweiter für die Entzifferung günstiger Umstand war, daß es wegen der U-Boot-Blockade nicht immer gelang, den auszuwechselnden Stabsatz rechtzeitig an alle Außenstellen zu bringen.  In solchen Fällen wurde z.B. ein cq-Spruch an die Stelle, bei der der neue cq-Stabsatz noch nicht eingetroffen war, mit dem bei der Stelle vorhandenen und seit längerer Zeit in Benutzung befindlichen Spezial-Stabsatz verschlüsselt.

Wenn nun dieses Spezial-Verfahren gelöst war, - und das war in der Regel der Fall — so war der Klartext des cq-Spruches bekannt, und es lag ein Klar-Geheim-Kompromiß im neuen cq-Verfahren vor, aus dem die Stäbe des neuen cq-Verfahrens rekonstruiert wurden.

Auf diese Weise wurden von 1942 bis September 1944 insgesamt 22 verschiedene Linien und alle cq-Sprüche mitgelesen.

Aus dieser erfolgreichen EntzifferungsArbeit muß gefolgert werden:

1. Es ist unzulässig, bereits einmal verwendete Schlüssel an anderen Stellen wieder zu verwenden.

2. Es ist nicht zulässig, Chiffrierverfahren einzusetzen‚ die gegen Klar-Geheim-Kompromisse anfällig sind.

Google translation with corrections by Frode Weierud:

IV. The American strip cipher system

During the Second World War and until September 1944, the United States used, together other cipher procedures, an encryption system in its Diplomatic Service, Army, Air Force and Navy that was known as the "Strip procedure."

The diplomatic strip system was the most elaborate and equipped with the most variation possibilities. That is why we will concentrate only on this procedure.

The strip procedure in the diplomatic service was an encryption system for regular, scheduled services; but it also allowed for sending broadcast messages from headquarters.

Almost every U.S. mission abroad had a set of 50 strips for encrypted traffic with Washington, on each of which a different scrambled alphabet was recorded twice in succession. Daily 25 of these rods were selected and used in a prescribed order for ciphering: the daily key.

After a few months the whole set of 50 strips was replaced by another set of 50 strips. In addition, every mission of the US State Department had yet another set of strips for decrypting broadcast messages from Washington. Also this broadcast set was changed from time to time.

From a cryptologic point of view the strip system was a periodic substitution cipher.

Soon after starting the investigations of this encryption procedure we succeeded in identifying the period of 25. We also succeeded to partially decipher some extra long cipher texts. It would have been a hard and tedious work, if not some special circumstances would have occurred. One of these circumstances was the fact that when the United States changed a set of strips at one site it would reuse the same set at another site, instead of cancelling it.

A second fact that was favorable for deciphering was that, because of the U-boat blockade, it was not always possible to replace the strip sets in timely manner at all the field offices. In such cases, e.g. a broadcast message, for a site where the new broadcast strip set had still not arrived, was encrypted with the existing special strip set at that office and which had been in use for a long time.

If now this special procedure was solved - and this was usually the case - the plain text of the broadcast message was known, and there was a clear-cipher text compromise in the new broadcast, from which the strips of the new broadcast procedure were reconstructed.

In this way, a total of 22 different lines and all broadcast messages were read from 1942 to September 1944.

From this successful decipherment must be concluded:

1. It is prohibited to use a key already used in other places.

2. It is not permitted to employ encryption procedures that are vulnerable to clear text-cipher text compromises.

Use of the M-138-A cipher system by the US State Department in WWII

During WWII the US State Department used several cryptosystems in order to protect its radio communications from the Axis powers. The main systems used were the unenciphered Gray and Brown codebooks along with the enciphered codes A1, B1, C1, D1 and the new M-138 strip cipher. 

In the period 1940-1944 German, Japanese and Finnish codebreakers could solve State Department messages (both low and high level) from embassies around the world. The M-138-A strip cipher was the State Department’s high level system and it was used extensively during that period. Although we still don’t know the full story the information available points to a serious compromise both of the circular traffic (Washington to all embassies) and special traffic (Washington to specific embassy). In this area there was cooperation between Germany, Japan and Finland. The German success was made possible thanks to alphabet strips and key lists they received from the Japanese in 1941 and these were passed on by the Germans to their Finnish allies in 1942. The Finnish codebreakers solved several diplomatic links in that year and in 1943 started sharing their findings with the Japanese. German and Finnish codebreakers cooperated in the solution of the strips during the war, with visits of personnel to each country. The Axis codebreakers took advantage of mistakes in the use of the strip cipher by the State Department’s cipher unit.

After further (costly) research new information has come to light. Originally I thought that each US embassy had two sets of strips, the ‘specials’ for direct communications with Washington and the ‘circulars’ for messages sent to several embassies and for intercommunication between embassies.

Recently I also realized that there were additional sets of strips for enciphering the traffic of other US agencies such as the Office of Strategic Services, Office of War Information, Military Intelligence Service, Foreign Economic Administration, War Shipping Administration, Office of Lend-Lease Administration and War Refugee Board.

However there’s more to this story:

1). The circular strips were the 0 dash series. 0-1 was used from 1940 till August 1942. 0-2 from August 1942 till March 1943. From March 1943 a new set was used for each month, 0-3 for March 1943, 0-5 for May, 0-9 for September etc. The circular strips used in 1944 were numbered 0-13 to 0-24 for January-December 1944.

However there were two problems with this system.

One was that the embassy in Bern, Switzerland did not have access to the new strips so it seems that they continued to use the 0-2 strips for some time.

Another problem was that distributing the new circular strips to embassies around the world was not always possible, so some posts were told to continue using the old strips till the new ones arrived. This was clearly a security problem and Erich Huettenhain, chief cryptanalyst of OKW/Chi, said in his manuscript ‘Einzeldarstellungen aus dem Gebiet der Kryptologie’ that they relied on reencodements in their efforts to solve the strip system

‘Ein zweiter für die Entzifferung günstiger Umstand war, daß es wegen der U-Boot-Blockade nicht immer gelang, den auszuwechselnden Stabsatz rechtzeitig an alle Außenstellen zu bringen.  In solchen Fällen wurde z.B. ein cq-Spruch an die Stelle, bei der der neue cq-Stabsatz noch nicht eingetroffen war, mit dem bei der Stelle vorhandenen und seit längerer Zeit in Benutzung befindlichen Spezial-Stabsatz verschlüsselt. Wenn nun dieses Spezial-Verfahren gelöst war, - und das war in der Regel der Fall — so war der Klartext des cq-Spruches bekannt, und es lag ein Klar-Geheim-Kompromiß im neuen cq-Verfahren vor, aus dem die Stäbe des neuen cq-Verfahrens rekonstruiert wurden.’

2). A set of strips titled 00-1 (and key table C) were introduced in late 1943 for enciphering the confidential traffic of other US government agencies. In January 1944 the set 00-2 and 00-3 were sent to the embassies in Algiers (Free French), Turkey, Egypt, UK, Calcutta, Portugal, Spain, India, Sweden, Iran, Iraq, Beirut.

The 00-4 strips replaced set 00-3 in October 1944.

3). In April 1944 the strip system FRIBP was sent to Lisbon, Madrid, Tangier, Algiers, London, Dakar for Cross messages (US-British supply program).

In November 1944 a circular telegram said that the 000-1 strips were used for CROSS and Joint Economic missions messages.

4). In June 1944 Sweden, Spain, Portugal, Egypt, Turkey, Algiers (Free French) received strips to be used for the communications of the WRB - War Refugee Board.

5). In June/July 1943 the strip set 60-3 was introduced for intercommunication between the embassies in Bern, London, Lisbon, Algiers and Washington. From January 1st 1944 the strips 60-5 were used for this purpose.

Madrid also received the strips 60-5 in June 1944.

In July ’44 the 60-5 strips were sent to the US diplomatic facilities in Caserta (for Robert Daniel Murphy) and Rome (for Alexander Comstock Kirk).

6). The embassy in Bern, Switzerland received 6 new code systems in June 1943. In August they received systems 45 and six sixty, with key tables.

In late September 1944 Bern finally received the current circular strips 0-21 to 0-24 and thus use of the 60-5 strips was discontinued.

In early October ’44 Bern stopped using the 00-3 strips for sending messages of other US agencies.

7). During the war the State Department received information pointing to the compromise of the strip cipher system from the embassies in Casablanca, Vichy France, Helsinki, Stockholm and Bern.

8). The embassies in Panama, Turkey, India, Spain reported problems with the strip system. Similar problems (warping of the panel, defects in the paper strips) are mentioned in the military report SRH-366 ‘History of Army Strip Cipher devices’.

9). In August 1943  a strip system was forwarded to Harold J. Tittmann (US Charge d'Affaires to the Vatican).

10). In September ’44 a set of strips were sent to the Special mission of Taylor.

11). In November 1944 the ICSSY cryptographic material was sent to several embassies.

12). Several alphabet strips that are mentioned in decoded Japanese messages were used by embassies around the world. For example:

Strips 22-1 were used in Egypt and Baghdad in 1941, by Vladivostok in 1942-44, by Algiers in 1943.

Strips 38-1 were used by the embassies in Moscow, Ankara, China, Portugal, Australia in 1942-43.

Overall this is very interesting information and sheds some light into the use of the M-138-A strip cipher by the State Department. 

Sources: NARA - RG 59 - Purport Lists for the Department of State Decimal File 1910-1944 – microfilms 444 and 611 – 119.25/Strip Cipher

Toivo or Karl? – To err is human vol3

In WWII the Finnish codebreakers solved the codes and ciphers of several countries. In the diplomatic field their greatest success was achieved against the State Department’s M-138-A strip cipher. One of the people who played a key role in this operation was the cryptanalyst Karl Erik Henriksson.

However there was another person working for Finnish signals intelligence named Henriksson. This was the radio operator Toivo Erik Henriksson. It seems that I mixed them up.

Thus the passage ‘Other important people were Pentti Aalto (effective head of the US section) and the experts on the M-138 strip cipher Toivo Erik Henriksson and Kalevi Loimaranta’, in The Finnish cryptologic service in WWII turns into:

‘Other important people were Pentti Aalto (effective head of the US section) and the experts on the M-138 strip cipher Karl Erik Henriksson and Kalevi Loimaranta’

I have to thank Craig McKay for pointing out this mistake and my friends in Finland for clarifying that Toivo was a radio operator.

Compromise of the State Department’s M-138-A strip cipher and the traffic of other US agencies

During WWII the US State Department used several cryptosystems in order to protect its radio communications from the Axis powers. The main systems used were the unenciphered Gray and Brown codebooks along with the enciphered codes A1, B1, C1, D1 and the new M-138 strip cipher. 

In the period 1940-1944 German, Japanese and Finnish codebreakers could solve State Department messages (both low and high level) from embassies around the world. The M-138-A strip cipher was the State Department’s high level system and it was used extensively during that period. Although we still don’t know the full story the information available points to a serious compromise both of the circular traffic (Washington to all embassies) and special traffic (Washington to specific embassy). In this area there was cooperation between Germany, Japan and Finland. The German success was made possible thanks to alphabet strips and key lists they received from the Japanese in 1941 and these were passed on by the Germans to their Finnish allies in 1942. The Finnish codebreakers solved several diplomatic links in that year and in 1943 started sharing their findings with the Japanese. German and Finnish codebreakers cooperated in the solution of the strips during the war, with visits of personnel to each country. The Axis codebreakers took advantage of mistakes in the use of the strip cipher by the State Department’s cipher unit.

Traffic of other US government agencies

Apart from purely diplomatic traffic the Axis powers were also able to read some of the messages of other organizations that were occasionally enciphered with State Department systems. I’ve covered the compromise of the communications of the Office of Strategic Services, the Office of War Information and the Military Intelligence Service but these were not the only agencies affected.

According to US reports from 1943 and 1944 (1), separate M-138-A alphabet strips were used by the State Department for messages of the Foreign Economic Administration, War Shipping Administration, Office of Lend-Lease Administration and the War Refugee Board.

The State Department files on the Strip Cipher (2) show that a set of strips titled 00-1 (and key table C) was introduced in late 1943 for enciphering the confidential traffic of other US government agencies. In January 1944 the sets 00-2 and 00-3 were sent to the embassies in Algiers (Free French), Turkey, Egypt, UK, Calcutta, Portugal, Spain, India, Sweden, Iran, Iraq, Beirut.

The 00-4 strips replaced set 00-3 in October 1944.

Was the traffic of these organizations also compromised? It seems so, as some German decodes of State Department traffic contain information on economic matters and Lend Lease shipments (3) and the book ‘Hitler, the Allies, and the Jews’ mentions several War Refugee Board telegrams that were decoded by the Germans (4).

Unfortunately we will have to wait for the release of more classified reports, from the NSA and the State Department, in order to assess the full extent of this compromise.

Notes:

(1). NSA Friedman collection: ‘Statement of cryptographic systems now in use by Department of State’ (dated November 1943) and NARA - RG 457- Entry 9032- box 1.384, file 'JCS Ad hoc committee report on cryptographic security of government communications' (report of June 1944)

(2). New developments in the strip cipher case

(3). For example in Decoded US diplomatic messages from 1944 and German special intelligence, the M-138 strip cipher and unrest in India

(4). ‘Hitler, the Allies, and the Jews’, p200-201 - p265-267 - 287-288