Editing Cryptanalysis of the Enigma (section)

==The Enigma machine==
{{Main|Enigma machine|Enigma rotor details}}
[[File:Enigma rotor set.png|thumbnail|right|A series of three rotors from an Enigma machine scrambler. When loaded in the machine, these rotors connect with the entry plate on the right and the reflector drum on the left.]]

The Enigma rotor machine was potentially an excellent system. It generated a polyalphabetic [[substitution cipher]], with a period before repetition of the substitution alphabet that was much longer than any message, or set of messages, sent with the same key.

A major weakness of the system, however, was that no letter could be enciphered to itself. This meant that some possible solutions could quickly be eliminated because of the same letter appearing in the same place in both the ciphertext and the putative piece of plaintext. Comparing the possible plaintext ''Keine besonderen Ereignisse'' (literally, "no special occurrences"—perhaps better translated as "nothing to report"; a phrase regularly used by one German outpost in North Africa), with a section of ciphertext, might produce the following:
{| class="wikitable" | border=1 style="margin: 1em auto 1em auto"
|+ Exclusion of some positions for the possible plaintext ''Keine besonderen Ereignisse''
|- align=center
! align=left | Ciphertext
|O||H||J||Y||P||D||O||M||Q||N||J||C||O||S||G||A||W||H||L||E||I||H||Y||S||O||P||J||S||M||N||U
|- align=center
! align=left | Position 1
| || ||K||E||I||N||E||B||E||S||O||N||D||E||R||E||N||E||R||style="background:red"|E||style="background:red"|I||G||N||I||S||S||E|| || || ||
|- align=center
! align=left | Position 2
| || || ||K||E||I||N||E||B||E||S||O||N||D||E||R||E||N||E||R||E||I||G||N||I||S||S||E|| || ||
|- align=center
! align=left | Position 3
| || || || ||K||E||I||N||E||B||E||S||style="background:red"|O||N||D||E||R||E||N||style="background:red"|E||R||E||I||G||N||I||S||style="background:red"|S||E|| ||
|-
!
| colspan="31" align="center" | Positions 1 and 3 for the possible plaintext are impossible because of matching letters.
The red cells represent these ''clashes''.
Position 2 is a possibility.
|-
|}

===Structure===
The mechanism of the Enigma consisted of a [[keyboard (computing)|keyboard]] connected to a [[battery (electricity)|battery]] and a [[Enigma machine#Entry wheel|current entry plate]] or wheel (German: ''Eintrittswalze''), at the right hand end of the scrambler (usually via a [[plugboard]] in the military versions).<ref>{{Harvnb|Alexander|c. 1945}} "Background" Para. 2 Alexander (c. 1945) "Background" Para. 2</ref> This contained a set of 26 contacts that made electrical connection with the set of 26 spring-loaded pins on the right hand rotor. The internal wiring of the core of each rotor provided an electrical pathway from the pins on one side to different connection points on the other. The left hand side of each rotor made electrical connection with the rotor to its left. The leftmost rotor then made contact with the [[Enigma machine#Reflector|reflector]] (German: ''Umkehrwalze''). The reflector provided a set of thirteen paired connections to return the current back through the scrambler rotors, and eventually to the lampboard where a lamp under a letter was illuminated.<ref>{{Harvnb|Ellsbury|1998a}}</ref>

Whenever a key on the keyboard was pressed, the [[Enigma machine#Stepping|stepping motion]] was actuated, advancing the rightmost rotor one position. Because it moved with each key pressed it is sometimes called the ''fast rotor''. When a notch on that rotor engaged with a [[Enigma machine#Stepping|pawl]] on the middle rotor, that too moved; and similarly with the leftmost ('slow') rotor.

There are a huge number of ways that the connections within each scrambler rotor—and between the entry plate and the keyboard or plugboard or lampboard—could be arranged. For the reflector plate there are fewer, but still a large number of options to its possible wirings.<ref>{{Harvnb|Churchhouse|2002|pp=202–204}}</ref>

Each scrambler rotor could be set to any one of its 26 starting positions (any letter of the alphabet). For the Enigma machines with only three rotors, their sequence in the scrambler—which was known as the ''wheel order (WO)'' to [[Allies of World War II|Allied]] cryptanalysts—could be selected from the six that are possible.

{| class="wikitable" | border=1 style="margin: 1em auto 1em auto"
|+ Possible rotor sequences—also known as ''Wheel Order (WO)''
|-
! width="70pt"| Left
! width="70pt"| Middle
! width="70pt"| Right
|-
| align="center" | I ||align="center" | II ||align="center" | III
|-
| align="center" | I || align="center" | III || align="center" | II
|-
| align="center" | II || align="center" | I || align="center" | III
|-
| align="center" | II || align="center" | III || align="center" | I
|-
| align="center" | III || align="center" | I || align="center" | II
|-
| align="center" | III || align="center" | II || align="center" | I
|}

[[File:Enigma-plugboard.jpg|right|thumbnail|The plugboard (''Steckerbrett'') was positioned at the front of the machine, below the keys. In the above photograph, two pairs of letters have been swapped (A↔J and S↔O). During World War II, ten leads were used, leaving only six letters 'unsteckered'.]]

Later Enigma models included an ''alphabet ring'' like a tyre around the core of each rotor. This could be set in any one of 26 positions in relation to the rotor's core. The ring contained one or more notches that engaged with a pawl that advanced the next rotor to the left.<ref>{{citation |last=Sale |first=Tony |author-link=Anthony Sale |title=The components of the Enigma machine |series=Enigma rotors (or wheels) |url=https://www.codesandciphers.org.uk/enigma/enigma2.htm |access-date=1 January 2010}}</ref>

Later still, the three rotors for the scrambler were selected from a set of five or, in the case of the German Navy, eight rotors. The alphabet rings of rotors VI, VII, and VIII contained two notches which, despite shortening the period of the substitution alphabet, made decryption more difficult.

Most military Enigmas also featured a [[plugboard]] (German: ''Steckerbrett''). This altered the electrical pathway between the keyboard and the entry wheel of the scrambler and, in the opposite direction, between the scrambler and the lampboard. It did this by exchanging letters reciprocally, so that if ''A'' was plugged to ''G'' then pressing key ''A'' would lead to current entering the scrambler at the ''G'' position, and if ''G'' was pressed the current would enter at ''A''. The same connections applied for the current on the way out to the lamp panel.

To decipher German military Enigma messages, the following information would need to be known.

'''Logical structure of the machine''' (unchanging)
*The wiring between the keyboard (and lampboard) and the entry plate.
*The wiring of each rotor.
*The number and position(s) of turnover notches on the rings of the rotors.
*The wiring of the reflectors.
'''Internal settings''' (usually changed less frequently than external settings)
*The selection of rotors in use and their ordering on the spindle (''Walzenlage'' or "wheel order").
*The positions of the alphabet ring in relation to the core of each rotor in use (''Ringstellung'' or "ring settings").
'''External settings''' (usually changed more frequently than internal settings)
*The plugboard connections (''Steckerverbindungen'' or "stecker values").
*The rotor positions at the start of enciphering the text of the message.

Discovering the logical structure of the machine may be called "breaking" it, a one-off process except when changes or additions were made to the machines. Finding the internal and external settings for one or more messages may be called "solving"{{sfn|Huttenhain|Fricke|1945|p=2}} – although breaking is often used for this process as well.

===Security properties===
The various Enigma models provided different levels of security. The presence of a plugboard (''Steckerbrett'') substantially increased the security of the encipherment. Each pair of letters that were connected together by a plugboard lead were referred to as ''stecker partners'', and the letters that remained unconnected were said to be ''self-steckered''.<ref>{{Harvnb|Copeland|2004|p=245}}</ref> In general, the unsteckered Enigma was used for commercial and diplomatic traffic and could be broken relatively easily using hand methods, while attacking versions with a plugboard was much more difficult. The British read unsteckered Enigma messages sent during the [[Spanish Civil War]],<ref>{{Harvnb|Smith|2006|p=23}}</ref> and also some [[#Italian naval Enigma|Italian naval traffic]] enciphered early in World War II.

The strength of the security of the ciphers that were produced by the Enigma machine was a product of the large numbers associated with the scrambling process.
#It produced a polyalphabetic substitution cipher with a period ({{thinspace|16|900}}) that was many times the length of the longest message.
#The 3-rotor scrambler could be set in 26 × 26 × 26 = {{thinspace|17|576}} ways, and the 4-rotor scrambler in 26 × {{thinspace|17|576}} = {{thinspace|456|976}} ways.
#With ''L'' leads on the plugboard, the number of ways that pairs of letters could be interchanged was <math>\tfrac{26!}{(26-2L)! \cdot L! \cdot 2^L}</math>
#*With ''L''=6, the number of combinations was {{thinspace|100|391|791|500}} (100 billion)<ref>{{Harvnb|Singh|1999|p=136}}</ref> and with ten leads, it was {{thinspace|150|738|274|937|250}} (151 trillion).<ref>{{citation |last=Sale |first=Tony |author-link=Anthony Sale |title=Military Use of the Enigma: The complexity of the Enigma machine |url=https://www.codesandciphers.org.uk/enigma/enigma3.htm |access-date=2 June 2010}}</ref>

However, the way that Enigma was used by the Germans meant that, if the settings for one day (or whatever period was represented by each row of the setting sheet) were established, the rest of the messages for that network on that day could quickly be deciphered.<ref>{{Harvnb|Copeland|2004|p=250}}</ref>

The security of Enigma ciphers did have fundamental weaknesses that proved helpful to cryptanalysts.
#A letter could never be [[encrypt]]ed to itself, a consequence of the reflector.<ref>{{Harvnb|Mahon|1945|p=3}}</ref> This property was of great help in using ''[[known-plaintext attack|cribs]]''—short sections of plaintext thought to be somewhere in the ciphertext—and could be used to eliminate a crib in a particular position. For a possible location, if any letter in the crib matched a letter in the ciphertext at the same position, the location could be ruled out.<ref name="Mahon 1945 16">{{Harvnb|Mahon|1945|p=16}}</ref> It was this feature that the British [[mathematician]] and [[logic]]ian [[Alan Turing]] exploited in designing the British [[bombe]].
#The plugboard connections were reciprocal, so that if A was plugged to N, then N likewise became A. It was this property that led mathematician [[Gordon Welchman]] at Bletchley Park to propose that a ''diagonal board'' be introduced into the bombe, substantially reducing the number of incorrect rotor settings that the bombes found.<ref name="Welchman97p245">{{Harvnb|Welchman|1997|p=245}}</ref>
#The notches in the ''alphabet rings'' of rotors I to V were in different positions, which helped cryptanalysts to work out the ''wheel order'' by observing when the middle rotor was turned over by the right-hand rotor.<ref>{{Harvnb|Bauer|2002|p=135}}</ref>
#There were weaknesses, in both policies and practice, in the way some Enigma versions were used.{{Clarify|date=July 2023}}
#Critical material was disclosed without notice.{{Clarify|date=July 2023}}

===Key setting===
Enigma featured the major operational convenience of being [[involution (mathematics)|symmetrical]] (or [[inverse function|self-inverse]]). This meant that [[decipherment]] worked in the same way as [[encryption|encipherment]], so that when the [[ciphertext]] was typed in, the sequence of lamps that lit yielded the [[plaintext]].

Identical setting of the machines at the transmitting and receiving ends was achieved by key setting procedures. These varied from time to time and across different [[telecommunications network|networks]]. They consisted of ''setting sheets'' in a ''[[codebook]]''<ref>{{citation |last=Sale |first=Tony |author-link=Anthony Sale |title=Military Use of the Enigma: The Message Key and Setting Sheets |series=Codes and Ciphers in the Second World War: The history, science and engineering of cryptanalysis in World War II |url=https://www.codesandciphers.org.uk/enigma/enigma3.htm |access-date=21 October 2008}}</ref><ref>{{citation |last=Rijmenants |first=Dirk |title=Enigma Message Procedures |work=Cipher Machines and Cryptology |url=https://www.ciphermachinesandcryptology.com/en/enigmaproc.htm |access-date=19 November 2009}}</ref> which were distributed to all users of a network, and were changed regularly. The message key was transmitted in an ''[[Enigma machine#Indicator|indicator]]''<ref>{{Harvnb|Churchhouse|2002|pp=33, 86}}</ref> as part of the message preamble. The word ''key'' was also used at Bletchley Park to describe the network that used the same Enigma setting sheets. Initially these were recorded using coloured pencils and were given the names ''red'', ''light blue'' etc., and later the names of birds such as ''kestrel''.<ref>[[Harry Hinsley|Hinsley, F.H.]] and Stripp, Alan (1993) p. xviii and [[Harry Hinsley|Hinsley]] (1992) p. 2</ref> During World War II the settings for most networks lasted for 24 hours, although some were changed more often towards the end of the war.<ref>One element of the key, the sequence of rotors in the machine, was at first changed quarterly; but from 1 January 1936 it was changed monthly; from 1 October 1936, daily; and later, during World War II, as often as every eight hours. [[Marian Rejewski]], ''Summary of Our Methods for Reconstructing ENIGMA and Reconstructing Daily Keys...'', Appendix C to [[Władysław Kozaczuk]], ''Enigma'' (1984) p. 242</ref> The sheets had columns specifying, for each day of the month, the rotors to be used and their positions, the ring positions and the plugboard connections. For security, the dates were in reverse chronological order down the page, so that each row could be cut off and destroyed when it was finished with.<ref>{{Harvnb|US Army|1945|p=2}}</ref>

{| class="wikitable" style="margin: auto; border: none; text-align:center"
|+The top part of an early setting sheet looked something like this<ref>{{citation |last=Sale |first=Tony |author-link=Anthony Sale |title=Bigrams, Trigrams and Naval Enigma: The Daily Key, (Tagschluessel) |series=Lecture on Naval Enigma |url=https://www.codesandciphers.org.uk/lectures/naval1.htm |access-date=7 June 2010}}</ref>
|-
! {{langx|de|Datum||Date}}
! {{langx|de|Walzenlage||Rotors|link=no}}
! {{langx|de|Ringstellung||Ring settings|link=no}}
! {{langx|de|Steckerverbindungen||Plugboard settings|link=no}}
! {{langx|de|Grundstellung||Initial rotor settings|link=no}}
|-
| style="text-align: center; font-family: monospace;" | 31 || style="text-align: center; font-family: monospace;" | I II III || style="text-align: center; font-family: monospace;" | W N M || style="text-align: center; font-family: monospace;" | HK CN IO FY JM LW || style="text-align: center; font-family: monospace;" | RAO
|-
| style="text-align: center; font-family: monospace;" | 30 || style="text-align: center; font-family: monospace;" | III I II || style="text-align: center; font-family: monospace;" | C K U || style="text-align: center; font-family: monospace;" | CK IZ QT NP JY GW || style="text-align: center; font-family: monospace;" | VQN
|-
| style="text-align: center; font-family: monospace;" | 29 || style="text-align: center; font-family: monospace;" | II III I || style="text-align: center; font-family: monospace;" | B H N || style="text-align: center; font-family: monospace;" | FR LY OX IT BM GJ || style="text-align: center; font-family: monospace;" | XIO
|}

Until 15 September 1938,<ref>The German Navy adopted a more complex and secure indicator procedure on 1 May 1937—see "[[#German Naval Enigma|German naval Enigma]]".</ref> the transmitting operator indicated to the receiving operator(s) how to set their rotors, by choosing a three-letter ''message key'' (the key specific to that message) and enciphering it twice using the specified initial ring positions (the ''Grundstellung''). The resultant six-letter indicator was then transmitted before the enciphered text of the message.<ref>{{citation |last1=Gaj |first1=Kris |last2=Orłowski |first2=Arkadiusz |title=Advances in Cryptology — EUROCRYPT 2003 |chapter=Facts and myths of Enigma: breaking stereotypes |series=Lecture Notes in Computer Science |date=2003 |volume=2656 |publisher=George Mason University, Fairfax, VA 22030, U.S.A.; Institute of Physics, Polish Academy of Sciences Warszawa, Poland |at=Section 3.2 |doi=10.1007/3-540-39200-9_7 |isbn=978-3-540-14039-9 |chapter-url=https://link.springer.com/content/pdf/10.1007/3-540-39200-9_7.pdf |access-date=6 May 2024 |url-status=live |archive-url=https://web.archive.org/web/20080414141147/http://teal.gmu.edu/courses/ECE543/viewgraphs_F03/EUROCRYPT_2003.pdf |archive-date=14 April 2008}}</ref> Suppose that the specified ''Grundstellung'' was ''RAO'', and the chosen three-letter message key was ''IHL'', the operator would set the rotors to ''RAO'' and encipher ''IHL'' twice. The resultant ciphertext, ''DQYQQT'', would be transmitted, at which point the rotors would be changed to the message key (''IHL'') and then the message itself enciphered. The receiving operator would use the specified ''Grundstellung RAO'' to decipher the first six letters, yielding ''IHLIHL''. On seeing the repeated message key, they would know there had been no corruption and use ''IHL'' to decipher the message.

The weakness in this [[Enigma machine#Indicator|indicator procedure]] came from two factors. First, use of a global ''Grundstellung''; this was changed in September 1938 so that the operator selected his initial position to encrypt the message key, and sent the initial position [[Plaintext|in clear]] followed by the enciphered message key. The second problem was the repetition of the message key within the indicator, which was a serious security flaw.<ref>{{citation |last1=Gaj |first1=Kris |last2=Orłowski |first2=Arkadiusz |title=Advances in Cryptology — EUROCRYPT 2003 |chapter=Facts and myths of Enigma: breaking stereotypes |series=Lecture Notes in Computer Science |date=2003 |volume=2656 |publisher=George Mason University, Fairfax, VA 22030, U.S.A.; Institute of Physics, Polish Academy of Sciences Warszawa, Poland |at=Section 7 |doi=10.1007/3-540-39200-9_7 |isbn=978-3-540-14039-9 |chapter-url=https://link.springer.com/content/pdf/10.1007/3-540-39200-9_7.pdf |access-date=6 May 2024 |url-status=live |archive-url=https://web.archive.org/web/20080414141147/http://teal.gmu.edu/courses/ECE543/viewgraphs_F03/EUROCRYPT_2003.pdf |archive-date=14 April 2008}}</ref> The message setting was encoded twice, resulting in a relation between the first and fourth, second and fifth, and third and sixth characters. This weakness enabled the [[Cipher Bureau (Poland)|Polish Cipher Bureau]] to break the pre-war Enigma system as early as 1932. On 1 May 1940 the Germans changed the procedures to encipher the message key only once.