Due to latest analyzis all rotorbased cryptosystems can be considered compromised (including Enigma, SIGABA, TypeX, etc.). It is rather obvious that the latest supercomputers (for example IBM Sequoia) can break those near 100 years old machines.
A SIGABA operator with two machines. (7774th Signal Battalion, source: Jack Emanuelson, 1954.)
From NAVY Operating Instructions for SIGABA ECM MARK 2:
"As a check on accuracy, an enciphered message shall be check-deciphered prior to transmission, preferably by another coding officer, and if possible, on a second machine using a different set of Code Wheels. In an emergency the check-decipherment may be deferred until after transmission, but should be completed as soon as possible. THE CHECK-DECIPHERMENT IS MANDATORY."
A disarmed SIGABA; most critical parts removed and destroyed.
SIGABA, US Rotor-Based Cipher Machine /1/
SIGABA was developed by William F. Friedman, Frank B. Rowlett and Laurence Safford.
William F. Friedman
Frank B. Rowlett
Laurence
Safford
SIGABA was a US rotor-based cipher machine used mainly from 1930's to 1950's. It was similar to the German Enigma (created a decade earlier) but was never cracked (as what is known). The advantage of using rotors was that it was resistant to the cracking using simple frequence analysis since the coding changes after ever letter (due to stepping rotors).
General Heinz Guderian during the Battle of France with an Enigma machine.
SIGABA's history has been kept in secrecy, with the result that few people know of its significance in securing American communications during and after World War II. SIGABAs operational details were finally declassified in 1996, and the patent for its design was granted in 2001, more than 50 years after it was filed.
SIGABA ECM II.
Many Names
The machine was called SIGABA by the US Army and ECM MARK II (Electric Cipher Machine) by the Navy. It is also known as Converter M-134 and CSP-888/889 (Navy). A modified Navy version is known as the CSP-2900. The Germans called it the American Big Machine. During WWI II, the Germans are said to have quit collecting SIGABA intercepts since they deemed the problem hopeless. /4/ /5/
The controller switch or main switch.
The patent was not published however, until 16 January 2001, shortly after the machine was declassified by the NSA.
Towards the end of WWII, there was an increasing need for secure communication between US and the British Armed Forces. It was decided that SIGABA would be modified, so that it would become interoperable with a modified British Typex machine. That was called Combined Cipher Macine (CCM/SIGABA)
Description /2/
SIGABA was similar to the Enigma in basic theory, in that it used a series of rotors to encipher every character of the plaintext into a different character of ciphertext.
Enigma Idea: No need to swap sides since the reflector makes the device to work both ways.
Unlike Enigma's three rotors however, the SIGABA included fifteen, and did not use a reflecting rotor. Enigma's reflecting rotor had a drawback that a letter could never be coded to it self and that was a piece of information that was used (among others) to crack Enigma.
SIGABA Idea: You have to swap keyboard with printer magnets to decipher.
The SIGABA advanced one to four of its five main code rotors one step in a complex, pseudorandom fashion after each letter was printed. The number of code wheels and the selection that moved each time was determined by the five control wheels and five index wheels.
SIGABA's chipher unit with code, control, and index wheels
All index wheels and two control wheels were set manually and remained unchanged through the complete message. Notice that it always moved at least one code wheel and never all five wheels. The only purpose of the index wheels and stepping wheels was to step the actual code wheels in more random order.
Code wheel with coding.
Code wheel with the coding leads desoldered.
This meant that code cracking attacks which could break other rotor machines with more simple stepping (for example, Enigma) were made much more difficult. Even with the plaintext in hand, there are so many potential inputs to the encryption that it is difficult to work out the settings.
The 5 control wheels in the stepping maze.
The ECM Mark II's (SIGABA) critical cryptographic innovation (the Stepping Maze) over Hebern's and other precursors was created by Army cryptologists Frank B. Rowlett and William F. Friedman shortly before 15 Jun 1935.
During October and November of 1935 Friedman disclosed the details of the "Stepping Maze" to the Navy's cryptologists including Lt. Joseph N. Wenger. Aside from filing secret patent application 70,412 on 23 Mar 1936 little additional development was performed by either the Army or Navy until Lt. Wenger discussed the patent with Cmdr. Laurence Safford during the winter of 1936-37.
SIGABA's main parts: chipher unit, printer and the frane.
Cmdr. Safford recognized the potential of the invention and the Navy began sponsoring and financing a new machine including the "Stepping Maze". Additional innovations by Cmdr. Safford, Cmdr. Seiler and the Teletype Corporation including Mr. Reiber and Mr. Zenner added to the security, reliability and manufacturability of the ECM Mark II.
A typist.
Prototypes were soon delivered, and in February 1940 the machine's details were disclosed to the Army. Amazing as it may seem, the Navy had kept its continuing development of the machine secret from the Army. With minor changes suggested by the Army the machine was accepted as the primary cipher machine for use by both Army and Navy.
Some Specialities
When deciphering SIGABA connects Z to the X lead and the space bar to the Z lead. Thus yielding XERO for ZERO for example. "However the letter Z is so seldom used that no difficulty srises". This arrangement was probably made because the rarity of the letter Z might have helpt crackers to compromise the device if that letter was used.
Parts 1
This is accomplished as follows: /6/
(1) When the controller switch is set to "E" (Encipher), the "Z" keylever contact is parallelled with the "X" keylever contact, and the space bar contact is connected to the "Z" circuit. The "Z" is thus enciphered the same as an "X".
(2) When the controller switch is set to "D" (Decipher) the "Z" printer circuit is connected to a print suppressor magnet.
(b) Deciphered words will appear with normal spacing as enciphered, but words containing the letter "Z" will be spelled with an "X" instead of a "Z". Example: XERO, XEBRA, etc.
Parts 2
SIGABA Downsides
Best with SIGABA was that the messages it sent were never cracked!
On the downside, the SIGABA was large, heavy, expensive, difficult to operate, mechanically complex and fragile. It was nowhere near as practical a device as the Enigma, which was smaller and lighter than the radios it was used with.
Bottom parts.
It found widespread use in the radio rooms of the US Navy's ships, but as a result of these practical problems the SIGABA simply couldn't be used in the field, and, in most theatres other systems were used instead, especially for tactical communications. The most famous may be the Navajo code talkers who provided tactical field communications in parts of the Pacific Theater beginning at Guadalcanal. In other theatres, less secure, but smaller lighter and tougher machines were used, such as the M-209.
Cipher unit.
Stepping Mechanism
The motor drives continiously a bar back and forth and a stepping mechanism is tripped by a timed current pulse to the magnet when a step is required. The armature in the magnet works against a spring and a latch is rotated. This permits a pawl in the mechanism to rotate by its spring so that the arm engages a tooth on the code wheel.
Stepping Mechanism.
Subsequently, the rotation of the driving cam moves the drive bar toward the right and causes the code wheel to rotate one step. Continued rotation of the cam moves the drive bar toward the left and causes an arm of the pawl to contact the reset pin which finally rotates the pawl backward and effects re-engagement of the mechanism.
SIGABA Wiring Diagram (this is the patented version).
Stepping Maze
Since there are initially four active inputs to the control rotors and signals never split in two, at most four rotors can turn after any letter is encrypted. While signals are combined together between banks of rotors, they are never completely lost, so there is always at least one rotor that will turn after every letter. On the surface, this might seem bad because randomly moving rotors might all advance or all stay still after any given letter is encrypted. However, the substitution is monoalphabetic if no rotors turn, and weak if all rotors turn at once. Therefore, it seems that the designers valued a continuously changing substitution over increased randomness in rotor movements.
Speed Limits
Skilled typist with a smooth rhythmic touch.
"The use of the External Connector Receptacles is recommended only when a skilled typist with a smooth rhythmic touch is to operate the machine." /6/
Rotorbased Cryptosystems Can be Considered Compromised /3/
The cryptosystem model used for the cryptanalysis in /3/ is general enough that it not only defeats the SIGABA, but also defeats any cryptosystem where the rotors move according to any pseudorandom source. As a result of the thesis, the SIGABA and related rotorbased cryptosystems can be considered compromised.
Execution times for cribbing SIGABA:
Number of Rotors and Execution Time (s)
1 0.03
2 1.05
3 40.8
4 1600
5 64000
Each value is the average of 10 timings taken with various ciphertexts and cribs long enough to eliminate all but a single rotor position. Two last values are approximate projections based upon recorded values. All tests were performed on a year 2002 typical 800M Hz desktop computer.
It is also known that a similar 3-4 rotor based ENIGMA was completly daily cracked by Poland, Britan and USA already before World War II using those day simple mechanical simulators (Bombes) as there were no computers to do the work.
SIGABA, as typically used in WW II, has a keyspace of size 2^48.4, which implies that an exhaustive key search has a work factor of 2^47.4.
Franklin D. Roosevelt with Winston Churchill at the Casablanca Conference.
January 22, 1943
FDR Library Photo Collection. NPx. 48-22:3628(32).
January 22, 1943
FDR Library Photo Collection. NPx. 48-22:3628(32).
However, the SIGABA-encrypted POTUS-PRIME link between Roosevelt and Churchill used the full available keyspace of more than 95 bits. /4/
RESOURCES
/1/ http://www.cryptomuseum.com
/2/ Wikipedia "SIGABA"
/3/ Michael Lee - UNIVERSITY OF CALIFORNIA "Cryptanalys is of the SIGABA"
/4/ Mark Stamp, Wing On Chan - San Jose State University - "SIGABA: Cryptanalysis of the Full Keyspace"
Dr. Mark Stamp has many years of experience in information security. He can neither confirm nor deny that he spent seven years as a cryptanalyst with the National Security Agency, but he can confirm that he recently spent two years designing and developing a security product at a small Silicon Valley startup company.
Wing On Chan enjoys reading up on the latest trends in computer technology, especially the marketing claims of unbreakable security technologies.
/5/ S. Budiansky - The Free Press, 2000 "Battle of Wits"
/6/ NAVY DEPARTMENT - OFFICE OF CHIEF OF NAVAL OPERATIONS, WASHINGTON, 16 MAY 1944 "CSP 1100(C), OPERATING INSTRUCTIONS FOR ECM MARK 2 (CSP 888/889) AND CCM MARK 1 (CSP 1600)" (Declassified: NND 003 004, by R.T. 3-19-05)
* * *
No comments:
Post a Comment