The Reihenschieber was a simple encryption device used by the Germans in the Cold War. I built a model of it with Lego bricks. Can you solve an encrypted text I produced with it?

The Reihenschieber (row shifter) was invented by the central German crypto authority in Bonn in the 1950s. Here’s a picture of a Reihenschieber I took at the Enigma Reunion in Bletchley Park a few years ago:

Reihenschieber-Reunion

Here’s another specimen (owned by the German IT Security Authority BSI):

Reihenschieber-BSI

This Reihenschieber was on display at the Kryptologikum in Karlsruhe, Germany:

Reihenschieber-Bar

 

How it worked

The Reihenschieber looks pretty similar as a cipher slide (here is one on the website of Ralph Simpson). However, a Reihenschieber works completely different. In fact, the Reihenschieber is a tool used to create a sequence of random numbers or letters that are added to the cleartext (the concept of adding random material to a cleartext is also known as One Time Pad).

In order to get a better understanding of the Reihenschieber, I built my own specimen using Lego bricks. My version is considerably simpler than the original. In addition, I omitted a few details that are not relevant from a cryptographer’s point of view.

The most important part of the Reihenschieber is a set of bars. The origial device has 26 bars, my version has only eight (each one with a different color). Here they are:

Reihenschieber-Lego-Slides

Each bar has four faces. On each face a sequence of 17 letters is printed. The following table lists all the bars with their inscriptions:

Red

1:FZFHWJTXNWOKBHEUO
2:IYXKEMFOHCMWPXZJP
3:OSBZGTNKSMZDKVRPR
4:URXGGVRCCZRMSMDHC

Pink

1:GMMWENGZKBKVYEWFK
2:BOCDFNXTNZVETOENA
3:JZVREYRZDGPDJOURS
4:FCELAAGXZQDRBSFQS

Purple

1:UMVINOUWZNYQZRKKK
2:QDQXFZHHRMLZXYFRA
3:OEWHMGIZJEGLSNHVP
4:RTWPOPGPQDVOLCRZQ

Blue

1:GRTBVWTSZDQPKFUWF
2:IDNIKKYKHMWRQUDEN
3:BLPWRFJVEPAGIEXAS
4:CQJYHZNTJBRXNNGDY

Cyan

1:KANJTCYKTYKNLMCSL
2:XHWGNVTAIGRUJJAMS
3:YIRHUQPQVIGFPGCBS
4:YDYHMKICPTGTETEWL

Yellow

1:AXUXAWFBIAXDPYOAQ
2:LRPABYAXYOQWLTMVP
3:HWJBVPXLIIWQIPAJZ
4:JOCBGPBATTEIPZAGF

Black

1:ZOSFRXMTRTIZTKXPF
2:SFRLEVNRWJNMHDIFD
3:ZIWWBDIRAQZSGIASP
4:NRZYROASHAIYCVCQL

Grey

1:JUUHTZMOJLXBEGWWD
2:WVJZSJWINYSEJQVWZ
3:ZOYSVYYNUYYBOHEIR
4:VKVKYYLQIRQSQGHVT

To produce a random sequence we choose five of the eight bars (say grey, red, purple, yelloy and black), each one with a certain face up (say 2, 1, 4, 1, and 3). These five bars are put into a frame:

Reihenschieber-Lego-Key

Now each bar is shifted. A shift is identified by the number of letters that are covered by the frame or are located right of it. The minimum shift is 0, the maximum one 10 (more than 10 is not allowed, otherwise there wouldn’t be enough letters to fill the stencil in the next step). In the case shown on the picture the shifts are 1, 10, 3, 8, and 3.

The combination of bars chosen, order of bars, face and shift is the key of our encryption. In this case the key can be written as follows:

grey 2,1 / red 1,10 / purple 4,3 / yellow 1,8 / black 3,3

In the next step, we put a stencil on top of the frame:

Reihenschieber-Lego-Stencil

Now we can read the random letter sequence: YSJV FHJT DVOC UXBI RAZG. Let’s use this sequence to encrypt the cleartext WE NEED HELP URGENTLYXX. What we need to do is add the letters one by one (A=1, B=2, C=3, …):

WENEEDHELPURGENTLYXX
YSJVFHJTDVOCUXBIRAZG
--------------------
VXXAKLRYPLJUBCPCDZXE

The ciphertext is: VXXAKLRYPLJUBCPCDZXE

 

The challenge

Here’s a ciphertext I created with my Reihenschieber model (with a different key, of course, but with the same stencil):

TVOFHMUZZKQSYOESLVQU

Can you solve it?

The number of keys is almost ten billions (10^10). This is probably too much for exhaustive search, unless you have a lot of time and computer power. However, there are certainly better ways to attack a Reihenschieber. An obvious weakness is that the first part of the ciphertext only depends on the first bar, the second part only on the second bar, and so on. Like the Fleissner Raster, the Reihenschieber might be susceptible to a Hill Climbing attack.

Of course, my model is considerably less secure than the original. The original Reihenschieber was certainly hard to break with the means of the 1950s.


Further reading: How a crypto mystery from the Cold War was solved – or was it?

Linkedin: https://www.linkedin.com/groups/13501820
Facebook: https://www.facebook.com/groups/763282653806483/

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Kommentare (15)

  1. #1 Norbert
    23. Januar 2017

    The plaintext is:

    ITSASMALLSTEPFORAMAN

  2. #2 Tony
    23. Januar 2017

    I think it says ‘klausenjoysplayingwithlego’

  3. #3 George Lasry
    24. Januar 2017

    Hi Klaus

    Two questions:
    1) Is the yellow stencil the same as in your picture?
    2) How did you compute the key space?
    Assuming the stencil stays the same, this should be
    (8!/5!) * (4**5) * (11**5), which is
    55,411,851,264 I believe.
    George

  4. #4 Klaus Schmeh
    24. Januar 2017

    @Norbert:
    Your solution is correct! Congratulations, great job! How did you find it so fast?

  5. #5 Klaus Schmeh
    24. Januar 2017

    @George:
    I’m afraid you’re right. I didn’t mind that not only the choice of the bars but also the order of the bars needs to be taken into account. So, it’s even more than 10 billions.

  6. #6 Klaus Schmeh
    24. Januar 2017

    @George:
    Yes, I used the same yellow stencil.

  7. #7 Klaus Schmeh
    24. Januar 2017

    @Tony:
    >I think it says ‘klausenjoysplayingwithlego’
    Good try, but it’s not the correct solution.

  8. #8 Norbert
    24. Januar 2017

    If I didn’t miscount, the key is:
    pink 1,2 / red 3,10 / black 2,6 / yellow 3,2 / cyan 4,5

    @Klaus: I think the number of possible keys for a given stencil is somewhat higher than 10^10: We have 8 possibilities for choosing the first bar, 7 possibilities for the second bar and so on. Each bar may be rotated (4 possibilities) and shifted into 11 positions:

    8 * 7 * 6 * 5 * 4 * (4**5) * (11**5) = 1,108,237,025,280

    But, as you pointed out, each bar only affects four contiguous characters, leaving only 8 * 4 * 11 = 352 possibilities for these. Thus, a program may compute the 352 plaintext possibilities for character 1-4, 5-8, and so on, try all combinations of adjacent quadgrams and keep the most promising in memory. My “quick and dirty” program code did not really reveal the solution at once, but when examining the output, I discovered “ITSASMALLSTE” among the best 50 candidates in the list for combined bars 1, 2 and 3. This was clear enough to do the rest by hand.

  9. #9 George Lasry
    24. Januar 2017

    Correction:
    This is (8!/3!) * (4**5) * (11**5) =
    1,108,237,025,280
    Congrats Norbert!, very impressive.
    Hope to see you at the HCC and have the opportunity to chat 🙂
    George

  10. #10 Klaus Schmeh
    24. Januar 2017

    @Norbert:
    I’m absolutely impressed!

    >If I didn’t miscount, the key is:
    >pink 1,2 / red 3,10 / black 2,6 / yellow 3,2 / cyan 4,5
    Yes, this is correct.

  11. #11 Fliegenschubser
    24. Januar 2017

    Interesting device. I see the weakness (as noted) that the first letters only depend on the first bar.
    How would it change the game if you read your random sequence not in rows but in columns? Looking at the last picture, it would be (with a space after each column)
    YFUR SXA D JHVZ O VJBG TCI
    With that you have way more possibilities for each 4-letter-block since its depending on more than one bar. You could also use different stencils to get more possibilities.

  12. #12 George Lasry
    24. Januar 2017

    Hi Klaus

    With a real device, it seems that numbers were used and not letters, right?

    Also some of the places have a . (a dot) instead of a number. This might imply that such places were to be skipped?

    Furthermore – was the stencil fixed for some time or settable?

    And finally, were the strips changeable?

    Would be interesting to see if the codebreaking algorithm for the Lego version can extended to the real version.
    George

  13. #13 Klaus Schmeh
    24. Januar 2017

    @George:
    >With a real device, it seems that numbers were
    >used and not letters, right?
    Yes.

    >Also some of the places have a . (a dot) instead of
    >a number. This might imply that such places were
    >to be skipped?
    Probably.

    >Was the stencil fixed for some time or settable?
    The Reihenschiebers I have seen have only one stencil that is not settabbel.

    >And finally, were the strips changeable?
    There was a set of 26 bars. Ten had to be chosen for an encryption process.

  14. #14 Klaus Schmeh
    24. Januar 2017

    @Fliegenschubser:
    >How would it change the game if you read
    >your random sequence not in rows but in columns?
    This is the lesson I have learned from this challenge (and from Norbert’s solution). The random letters need to be read top down instead of from left to right. I’m sure the original Reihenschieber was operated this way. I have never seen a Reihenschieber manual, so I didn’t know this.

  15. #15 Klaus Schmeh
    24. Januar 2017

    Here’s an excerpt from an article about the Reihenschieber from Cryptologia 2/96 written by Michael van der Meulen: