02 Polyalphabetic encryption – ENIGMA

The Enigma (from the Greek word “ainigma” = riddle) is the undisputed star among the encryption machines of the Second World War. Not because it is the best, but because it is by far the best known. Whereby it was really good and almost impossible to crack.

Purely technically, Enigma is a rotor key machine in which each letter of the plaintext is encrypted with a different key alphabet. It thus masters polyalphabetic substitution, which, thanks to machine support from about 1920 onwards, was simple and – theoretically – safe for everyone to use. Relatively secure, at least, as long as certain rules were observed and only as long as there were no machines to help with decryption. Arthur Scherbius invented the Enigma. Around the same time as him, similar devices were patented in other countries. Initially, it was designed for civilian purposes. However, since the First World War had highlighted a clear lack of secure and yet easy-to-use encryption methods, the military soon showed interest in Mr Scherbius’ devices. Unfortunately, he did not live to enjoy the triumphant success of his invention; he died in 1929 as a result of a traffic accident (with a horse-drawn vehicle!). On the other hand, he was spared the experience that his baby was only FAST uncrackable. In the end, many historians write that Enigma was decisive for the war. Above all because of the fact that in the last years of the war many German radio transmissions could be read by the enemy. Thanks to the skill of the Allies in using this information, the Germans remained convinced of the security of their encryption until the end of the war. In my eyes, this is a very exciting piece of contemporary history, which probably also explains the appeal of the Enigma as a puzzle.

A bit about the technique

There have been a plethora of enigmas over the years. The best known (and most commonly used in geocaching) are the Enigma I, Enigma M3 and the Enigma M4. The numbers three and four here also refer to the number of rollers, which rotate one position further with each encrypted letter and produce a new encryption alphabet each time. The M4 was thus more secure than its little sister with only three rollers and was used in the navy to communicate with submarines.

In addition to the rollers (interchangeable, up to 8 different normal ones plus Beta and Gamma as the fourth roller on the M4), the Enigmas relevant here also had a reversing roller (VHF-B or C), a keypad, a lamp field, which represented the encrypted/decrypted letter, and a pegboard, with which the letters were once again scrambled in pairs; thus the security of the encryption was once again enormously reinforced.

I’ll spare the more specific technical details here, as there are already more than enough really good explanations, construction and circuit diagrams, and mathematical considerations of key strengths and decryption algorithms on the big, wide web.

In return, hopefully in sufficient brevity, I will help translate the encrypted text into plain text using the information available in the (geocaching) puzzle.

Only real freaks “walk” to decode the Enigma; the last ones probably did it about 60 years ago. Less brave natures nowadays make use of the abundant software available for this purpose. I can recommend the download of Dirk Rijmenant’s excellent Enigma simulation. Also recommendable are these online variants of Starry Sky Striker and Enigmaco. And probably many more that I haven’t had a chance to explore.

And how does that work now?

Enigma can only encode capital letters, not numbers or punctuation marks. The latter were simply replaced by an X, digits written out. Proper names were usually doubled and enclosed with X. In addition, the “ch” was replaced by the letter Q. Then the text was presented in groups of five and now encrypted.

To do this, one needed the tag key, which contained the basic position of the Enigma. So the indication which of the rollers is used (the so-called roller position I, II, III, … as well as gamma and beta, if it was an M4), which reversing roller (VHF-B or -C), the basic position of the inner ring of these rollers (ring position, roller position, either expressed in letter values A=1, B=2,… or in letters), as well as the letter interchanges (plug connections) from the plug board.

To decipher, you will find somewhere this information, which in its time in reality and nowadays when we play with it, we like to display on monthly sheets, ascending from bottom to top. From the bottom up, so that you can cut off the key from the previous day and throw it away. These sheets were often printed on blotting paper so that you could simply destroy them when needed.

Example tag key (Enigma I):

There were many different tag keys, depending on the area of application or recipient group. So that the decryptor could be sure that the message was intended for him and he could convert it into plaintext, there was often another identification group (also changing daily) with the day key. This was then placed in front of the unencrypted message.

This all seems sufficiently muddled already, but it was still not enough as security, since a large number of radio messages would have been encrypted in the same way one day using this method. So the person encrypting often had to think up the outer roll position (the spell key) himself and encrypt it with a sequence of letters that he had also thought up himself.

He then placed the Enigma (inside) in the home position of the day according to the day key, chose the three (or four) letters of the spell key he had made up himself at the outer roller positions and typed his three made-up letters. The encryption machine encrypted these and delivered three other letters as an answer. This thus encrypted spell key, together with the chosen basic position, is prefixed to the Enigma message – unencrypted.

A correctly encrypted Enigma message had in its header the time (as a four-digit number, e.g. 1130 for half past eleven), the character length of the radio message, the basic position as well as the spell key encrypted with it. This was followed by the encoded message in groups of five, possibly preceded by the three-digit identification group, which has been increased by two filler letters to form a usual group of five.

An example to act out and understand

1. Encoding

Taking the top tag 29 as an example, set the Enigma M3 to the following default position

inside (the area that changed only once a day):
UKW-C
Roll number I IV III
Ring position of the rollers 12 18 22
Plug connections CY EL FH GS IJ KQ MW PV RZ TU

Outside (the area the encryptor had to make up himself each time)
the default position PLR and now type the made-up spell key: NVD

The Enigma returns a WGT in response.

The thus as WGT encoded spell key is communicated to the receiver along with the randomly chosen basic position PLR in the header of the message.

The text of the radio message is then encrypted with the selected message key, in this case NVD, to which the rollers (outside) are set and the text is entered. In my example this is:

I would never have got here without geocaching!

So in Enigma notation: HEREW AEREI CHOHN EGEOC ACHIN GNIEH INGEK OMMEN X

Encoded, it looks like this: JOPVV QKJZS FNXNJ RUMXT NLQGQ RPEPJ HTLGI SKWLT Z

With a correct key head, this would now give the following radio message: 2333 55 PLR WGT YZUIX JOPVV QKJZS FNXNJ RUMXT NLQGQ RPEPJ HTLGI SKWLT Z  

2. decrypt

The receiver now first looks to see if it has the identification group (somewhere in the first 5 letters) in its tag key. ZUI is there, so he can decrypt the message. He sets the enigma appropriately

C I IV III 12 18 22 CY EL FH GS IJ KQ MW PV RZ TU

and obtains the missing spell key by setting the rollers to PLR and typing WGT from the message header. The Enigma replies with the unencrypted spell key NVD. This (NVD) is now set on the (outer) roller layer and the encrypted text (without the first five characters with the identification group) is entered.

JOPVV QKJZS FNXNJ RUMXT NLQGQ RPEPJ HTLGI SKWLT Z

And poof (*cough*) you get back the unencrypted version:
HEREW AEREI CHOHN EGEOC ACHIN GNIEH INGEK OMMEN X

And if you’re a little confused up to this point, you can sit back and relax: this is probably how most people feel. The best thing to do is to play out this scenario and then console yourself with the thought that many Enigma caches don’t work with the complicated variant of an encrypted spell key sent in the head of the message, but rather encrypt their text and then give out all the data, including the basic position. All you have to do is set the Enigma accordingly, throw in the encrypted text and you get back the decrypted message.

I must also point out, however, that over the course of the (war) years, the handling of the Enigma, the ciphers and their rules has changed, depending on the respective user groups and Enigma versions. Thus, what is presented here is not quite the only truth, but, once you have understood the basic principle, the biggest step towards decryption is certainly already done!

Once again, once more?

For those who want to practise now, I have prepared something 😉

Daily key Kriegsmarine, M4 from 17.6. 2013
UKW B
Roll position: Gamma, VIII, V, VI
Ring position: 15, 5, 16, 12
KNOWLEDGE: liu aer vpu
AN BO DQ FS GT HU IV LY ER

radio phrase

1141 183 ASDFJHGF XYAER QRHGR EYXBX WBMTB YVDWF BGOBX WVWTP EXEKT ZZLTC OFWSB QEJUN LQZTM TELIO FSHMH XHUWS ZPEXH QXMHN ZDJAE RZDWJ BDDCJ DUFLH
WCQRE IXAPH PRQLA HOUAK VDEEF UCFYH GDPKP CGBRJ URXJT IV

Good luck! 🙂  

P.S: But the GC Wizard helps here too with its Enigma tool 😉