Two researchers have introduced new techniques for breaking Enigma messages. Using these techniques they have deciphered hitherto unsolved Enigma cryptograms from World War II.

As is well known, Polish mathematicians Rejewski, Zygalski and Różycki were the first to break messages encrypted by the Germans with the Enigma.



Bomba and Cyclometer

The three Polish mathematicians even constructed two codebreaking machines named Cyclometer and Bomba in order to automize their cryptanalysis work.


The Polish mathematicians benefitted from a faulty key setting protocol the Germans used. Instead of using the key provided for a certain day to encrypt a certain message, German Enigma operators would choose a message key by random, encrypt it with the day key and send it as a prefix to the cipher message. To avoid transmission errors, the message key was encrypted and prefixed twice. This double key prefix turned out to be a serious mistake, as the Polish codebreaking machines could derive the day key from it.


The Bombe

Based on the Polish expertise, British codebreakers developed another codebreaking machine, the Bombe (also known as Turing-Welshman Bombe), which enabled them to read hundreds of thousands of Enigma messages during World War II.


Contrary to the Polish devices, the Bombe realized a guessed plaintext attack. The British codebreakers would guess a word in an Enigma message, e.g. WETTERVORHERSAGE, and configure it with a number of plugs on the backside of the machine. Subsequently, the Bombe automatically searched for a rotor setting that fit with this word.

In order to support their British colleagues, US codebreakers built a number of Bombes, too. Their task was to break the four-rotor Naval Enigma, which was especially hard to decipher.



Gillogly’s method

After World War II breaking Enigma messages for military reasons soon became obsolete. Only in the 1990s crypto historians started new efforts to decipher Enigma cryptograms – of course, using a computer. In 1995 Jim Gillogly, a reader of this blog, described a new computer-based ciphertext-only attack on Enigma messages. He used an exhaustive search for all 60 wheel orders, 676 ring settings, and 17,576 wheel starting positions of an Enigma. However, this was not enough, as the Enigma (in most variants) also used a plugboard on the front side as a part of the key.


The Enigma plugboard can be configured in 150,738,274,937,250 ways, which is way too much for exhaustive search, especially as each plug combination must be tested with each wheel order, ring setting, and wheel starting position. As a solution, Jim searched for the plug combination with hill climbing, a technique I have mentioned a few times before on this blog.

The most important part of a hill climbing cryptanalysis is the fitness function. When Frode Weierud and Geoff Sullivan, two more readers of this blog, started their project “Breaking German Wehrmacht Ciphers“, they improved the fitness function used by Jim Gillogly. Their work proved to be successful, as they decrypted hundreds of messages from the Flossenbürg concentration camp and Hitler’s Soviet Union campaign “Unternehmen Barbarossa”. Details can be read in my book Nicht zu knacken – Von ungelösten Enigma-Codes zu den Briefen des Zodiac-Killers.


New improvements

In spite of all the progress, breaking very short Enigma messages is still a problem. Israelian codebreaker George Lasry therefore included the breaking of short Enigma messages (less than 70 letters) in a list of unsolved crypto problems he presented last year in Kassel.


A few days ago, Frode Weierud and Olaf Ostwald published a paper titled Modern breaking of Enigma ciphertexts in the magazine Cryptologia. Frode and Olaf have developed a further improved fitness function for detemining the plug combination of an Enigma via hill climbing. With their method, the two could break hitherto unsolved Enigma messages, the shortest of which had only 32 letters. The following message from 1941 is a little longer (72 letters without the discriminant group), but still unbroken until recently:


Frode and Olaf broke this message with their new method. The cleartext is: An Roem Eins Berta x Quartiermeispcr Panz x Gruppe x Ostrow Ostrow x Kasernengelzenme.

The paper of Frode Weierud and Olaf Ostwald shows that even in the year 2017 there is still progress in the field of Enigma cryptanalysis. I’m looking forward to more interesting results of this kind.

Further reading: How the Enigma evolved from complex to simple

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Kommentare (9)

  1. #1 George Lasry
    7. Februar 2017

    This is without doubt a very impressive achievement, with a problem previously considered as intractable. It involved new creative and innovative approaches. Well done!

  2. #2 Klaus Schmeh
    7. Februar 2017

    Bart Wenmeckers via Facebook:
    Very nice Klaus.
    Here is a 44con presentation on enigma that may be also of interest.

  3. #3 Klaus Schmeh
    7. Februar 2017

    @Bart Wenmeckers:
    Thanks for the link. I met Ben Gatti and Bob Weiss at the Charlotte Crypto Symposium a few years ago.

  4. #4 Detlev Vreisleben
    7. Februar 2017

    “Quartiermeister” und “Kasernengelaende” gibt wohl mehr Sinn

  5. #5 Thomas
    8. Februar 2017

    “a further improved fitness function” – What is the improvement (in a nutshell)?

  6. #6 Rainer Boldhaus
    8. Februar 2017

    The paper “Modern Breaking of Enigma Ciphertexts” is ready for download on Frodes website “Cryptocellar”(Authors copy).

  7. #7 Thomas
    8. Februar 2017

    Thank you, Rainer, very interesting!

  8. #8 Frode & Olaf
    14. Februar 2017

    @ George: Many thanks for the very friendly and encouraging comment.

    @ Detlev: The plaintext, as quoted by Klaus, is the “raw” plaintext, meaning the exact decryption of the ciphertext with the recovered key. Authentical messages often contain garbles. The emending is not always as easy as in the given case, which contains four garbles. Another example with no less than 30 garbles is presented in the article.

    @ Thomas: A “fitness function” is not mentioned in the article. Although generally important, it is not the key element for improving the breaking ability in the case of short and/or garbled messages. The decisive boost is rather produced by a partial exhaustion of the plugboard, meaning starting with an empty plugboard and plugging all “promising” or assumingly effective plugs.

  9. #9 Mohamed
    16. Oktober 2019

    Does anyone know if Germany made any improvements to the Enigma