[Cryptography] Imitation Game: Can Enigma/Tunney be Fixed?

Ray Dillinger bear at sonic.net
Sun Jan 4 21:13:40 EST 2015 


On 01/04/2015 03:56 PM, Henry Baker wrote:

> Since The Imitation Game is playing & is quite likely to win some
> awards, I was wondering if anyone has written an analysis of the
> Enigma & Lorenz encryption systems using 2015 eyes?

> What would be required to "fix" these codes for modern usage, e.g.,
> converting the mechanical bits into software, adding more wheels,
> etc. ?

The Lorenz cipher was breakable largely because it used ten rotors
to generate keystream material, but encrypted each bit of the (5-bit)
telegraphy code in use using only two of its wheels, allowing them
to be attacked as five two-rotor ciphers with additional constraints
provided by the combination of the five bits into sensible (german)
words.

Its ten rotors were driven in two synchronized groups of five rotors
each, with one group advancing one space for each letter input and
the other group advancing zero or one space depending on a
combination function of the outputs of two "motor" wheels.

Each of these groups of rotors consisted of five rotors which were
a different (relatively prime) number of units in circumference,
such that one wheel went through a complete revolution every 41
times it was advanced, the next every 43 times it was advanced,
the one after that every 47 times it was advanced, etc.

It would have been considerably harder to cryptanalyze if each bit
had been encrypted using a combination of several different rotors
rather than just two (and always the same two).  But it's hard to
come up with a good way to do that without increasing the parts
count, bulk, expense, and unreliability.  If the rotor combination
used for each bit were not to change during the message, it could
be part of the key and set up using a switch panel of five toggle
switches per rotor.  That would probably have secured it in WWII,
but wouldn't be secure against modern methods.

It would have been *much* harder to cryptanalyze if there had
been a simple monoalphabetic substitution of each five-bit
"character" encoded, followed by the Lorenz encryption, followed
by a different monoalphabetic substitution. In terms of parts count,
that would mean adding an Enigma style plugboard or "steckerbrett"
to the input and output of the Lorenz machine.  That would have
provided diffusion by making the encryption of each bit depend not
just on the two rotors in its bit position but also on the values
and settings affecting the encryption of all the bits in its
"character." That would also have kept it secure in WWII, but still
would not do so today.

Considering that both the Lorenz machine and the Enigma had
the capability to read and write paper tape, they could have
been used to superencrypt their own (or with slight adaptation
each other's) output in a way that added no bulk, weight, or
expense and very little time or unreliability.  It would
double (or more) the amount of paper tape with which the signal
corps needed to be supplied, but AFAIK that was never a real
bottleneck.

The real problem with all three of these approaches would be
that they would complicate the job of the cipher clerks, and
those guys making mistakes is a far bigger liability than
cryptanalysis of the devices without them making a mistake.

If I were attempting to make a cipher secure against modern
methods using WWII technology.... it's easy to conjure up some
device which they could have built, but which would have been
bulky, heavy, expensive, slow, complicated to use correctly,
and prone to breaking down. Much harder to come up with
something light, compact, reliable, swift, easy/foolproof
to use, and no more expensive in bulk to produce than, say,
the Naval Enigma.

We're always caught up in the Bletchley Park story and the
cryptanalysis of Enigma and Lorenz; at the time the Allies were
using a device called the M-209, which was successfully
cryptanalyzed in the 1970s (though publication was suppressed
by the NSA) by Dennis Ritchie, James Reeds, and Robert Morris.
That's a far more subtle attack, and actually probably a more
instructive example for modern cryptanalysis.

				Bear




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150104/1bbec8f2/attachment.sig>

More information about the cryptography mailing list