Cryptography in WWII: Enigma, Fish, and Code Breaking Race - Prof. Michael Hunter, Papers of Computer Science

Download Cryptography in WWII: Enigma, Fish, and Code Breaking Race - Prof. Michael Hunter and more Papers Computer Science in PDF only on Docsity! Cryptography 1/20 Applications of Cryptography During World War II CS 4235 Fall 2005 Mohammad Abolfathian Ashley Durham Michel Mansour Michael Norris Kalpit Patel Vimal Patel 17 November 2005 Cryptography 2/20 Introduction Cryptography has become increasingly relevant to modern communications. It attempts to achieve secure communication and protection for sensitive information. The modern study of cryptography has made possible ubiquitous secure electronic services, such as electronic commerce and secure authentication. These modern techniques were not always available. As recently as the middle of the twentieth century, cryptography was not a well studied or understand science. World War II created a strong demand for secure communication and pushed cryptography to the forefront of scientific and military research. The efforts of countless Allied scientists resulted in many breakthroughs, including programmable computers. These advancements continue to be relevant in contemporary cryptography. This research paper will cover three main topics relating to the applications of cryptography during World War II. First, it will introduce the background information important to understanding cryptography in this era. Next, cryptographic systems and advancements during this time period will be discussed. Finally, intelligence efforts to exploit these systems and the impact of these efforts on the war will be examined. Cryptography Primer In order to truly understand cryptography and the tools it employs to achieve secrecy, one must first understand some basic terminology used in cryptosystems. A cryptographer is one who uses, studies, or develops cryptographic systems and writings. Cryptography 5/20 “IVOTCIRSUO”. The resulting ciphertext has high diffusion properties. This may seem rather weak, but when substitution and permutation ciphers are combined, they prove to be much more effective. When applying both ciphers to the same example above, one would result in the message “JWPUDJSTVP” (“Ancient Ciphers”). Utilization of both methods of encryption yields a cryptosystem of higher security. A combined system should permute and substitute multiple times during the encryption operation. The final ciphertext should exhibit both confusion and diffusion among the characters. These properties are achieved by application of both techniques. Most historical systems of the era were of this type. World War II cryptographers only had the benefit of private-key cryptography. Each party wishing to communicate required their own set of private keys for communication. Two different types of private-key cryptosystems were available for use during the war: block ciphers and stream ciphers. The main distinction between a block cipher and a stream cipher is that a block cipher operates with fixed transformation on large blocks of plaintext data, while a stream cipher works with time-varying transformations of individual plaintext characters. Both of these ciphers have their own benefits and drawbacks, which will be discussed later. Shannon’s Vernam cipher, also known as a one-time pad, was used widely during the war. Soldiers and ships would have large books of paper pads containing the keys for communication. Once a pad was used, it was destroyed (Robshaw 5). The one-time pad uses a long key stream of randomly chosen characters. To achieve secrecy, the key stream must be the same length as the message, and each key can be used only once. Many stream ciphers used during the war required a short key to generate the pseudo- Cryptography 6/20 random key stream that would appear to be random. Since the key stream is now pseudo- random, the security of the ciphertext does not have the same strength. An adversary who can predict the pseudo-random stream has defeated the stream cipher (“Stream Cipher”). There are two types of stream ciphers, synchronous stream ciphers and self- synchronizing stream ciphers. In a synchronous stream cipher, a key of random digits is generated independently of the plaintext and ciphertext messages. The key is then combined with the plaintext to produce the ciphertext. The plaintext message is encrypted using a Boolean exclusive-or (XOR) function on each digit of the plaintext. The inverse decryption operation is an XOR. In order for the decryption to work, the sender and the receiver must be synchronized. If digits are added or removed from the message, the synchronization is lost. A self-synchronizing stream cipher is also known as ciphertext auto key (CTAK); it uses several of the previous n ciphertext digits to compute the key. Both synchronous and self-synchronizing stream ciphers were utilized during the war (“Stream Cipher”). In contrast to stream ciphers, block ciphers transform a fixed-length block of plaintext into a block of cipher text. The plaintext block size and the ciphertext block size should be the same. The transformation takes place based on the secret key provided by the user. The decryption is performed by applying the reverse transformation to the ciphertext block using the same secret key. A block cipher effectively provides a permutation of the set of all possible messages. Updates and modifications to the key between each block are desirable for achieving higher security. Several modes of operation exist to provide feedback and modification of the key (“Block Cipher”). The operational modes can have a strong impact on the security of the Cryptography 7/20 cryptosystem. The electronic codebook (ECB) mode splits the message into blocks, and each block is encrypted separately with its own key. The major draw back of this method is that two identical plaintext messages create two identical ciphertext messages. Cipher- block chaining (CBC) mode performs an XOR operation on each plaintext block with the previous ciphertext block before encrypting. In this method, each block is also encrypted using a unique key. One of the major drawbacks for this method is that it is sequential (“Block Cipher”). Both cipher classes have advantages and disadvantages. Stream ciphers are faster than block ciphers. Stream ciphers are not very efficient at diffusing plaintext, that is, spreading information across the cipher text. Block ciphers encrypt blocks sequentially and each block exhibits strong diffusion properties. Both systems have strong confusion properties, but stream ciphers are significantly faster at achieving this property. Block ciphers generally trade speed for secrecy (“What is a block cipher”). Intelligence and Cryptanalysis The collection and analysis of intelligence was important to the war effort. Intelligence was frequently collected from signals transmitted via radio. The transmission sources were primarily submarines, surface ships, aircraft and ground-based forces. The signals were commonly encrypted prior to transmission. Allied efforts focused on collecting these signals and defeating the encryption scheme. While the physical collection of these signals was important, the focus of this paper is the exploitation and decryption of these messages. Encrypted intercepts are exploited by personnel known as cryptanalysts, who attempt to recover the plaintext from the ciphertext message. A cryptanalytical success Cryptography 10/20 will 'wrap around' and repeat or even exhibit a bias in generation. Any exhibited bias can be used to make presumptions about subsequent bits and deduce the deterministic mechanism (“Fish”). Fish was the name given to the German stream cipher systems exploited by the allies. Fish is a stream cipher operating over digital representations of the German alphabet. The system was introduced relatively late in the war and had a strong theoretical foundation. High-level German military officials used several varieties during the war. The systems were mechanical in nature and the initial position in the stream was selected using several rotors, similar to the Enigma machines. The message was typed into the machine and produced ciphertext for transmission. Many examples of the different machines are displayed in museums throughout the world (“Fish”). On the other front, Japan utilized two primary cipher systems of their own: Purple and JN-25. American cryptographers working on cracking these codes coined both of these names. Code Purple was so called because information about it was stored in purple binders by American cryptanalysts. Purple was primarily a diplomatic code that the Japanese used to communicate to their Foreign Office in the United States. The code Purple was broken prior to the attack on Pearl Harbor, but was not useful in preventing the attack because the Japanese did not disclose military information to their Foreign Office. The code used for Japanese military communication, JN-25, was broken only after the attack on Pearl Harbor (Budiansky). The Purple machine was built in Japan in 1938 and first used in 1939. The machine is an electro-mechanical stepping-switch device that was designed by Risaburo Ito, a Japanese naval captain. The Purple machine divided the alphabet into two groups – Cryptography 11/20 consonants and vowels – and used a different algorithm to encode each group. An electromagnet, stimulated by an electrical pulse, moved the stepping switch to connect inputs to proper, seemingly unrelated outputs. Additionally, plug boards at the input and output scrambled certain letters. The cipher is not very repetitive either as it repeats only every 15,625 letters. While Purple was a strong cipher, the Japanese placed too much trust in the machine and considered its code unbreakable. They failed to consider operator error in their assumption regarding Purple’s invincibility. Operator error, and in particular poor key choices, made Purple more susceptible to analysis (“PURPLE”). U.S. officials called information obtained from decrypted Purple code Magic. Magic was not particularly helpful to the U.S., as Japan was primarily run by the military, which utilized JN-25. Therefore, most sensitive information was not encoded with Purple, and most sensitive information was not disclosed to the Foreign Office. Additionally, once the code was intercepted and decrypted by the U.S., it was not handled properly and efficiently. There was disagreement between the Navy and the Army regarding who should handle the decryption. In a compromise, they agreed to alternate days. Once the code was decrypted, it had to be translated from Japanese to English and then analyzed in order to determine if there was any new intelligence in the message. Often times, this information was not passed on to the proper authorities in a timely manner, if at all. Purple is sometimes mistakenly related to the attack on Pearl Harbor. Purple did not encrypt information that hinted of an attack on Pearl Harbor. However, what Purple code did contain was a message from Japan, dated December 7, 1941 (the day of the attack on Pearl Harbor) in which they broke off diplomatic relations with the U.S. This Cryptography 12/20 message was sent from Japan to the Japanese Embassy in the U.S. However, the U.S. was able to decrypt the code more quickly than the embassy was able to decrypt and deliver the message. The message did not contain any specifics about Pearl Harbor; however, it was soon clear why the message was sent, as the attack on Pearl Harbor occurred that same day. The cipher that did encode a lot of the Japanese military and strategic information was JN-25. The encoded output of JN-25 was five numeric groups. JN-25 was frequently modified which made cracking it even more difficult. JN-25 was not broken prior to the attack on Pearl Harbor and was therefore unable to prevent this attack. After the attack, the amount of JN-25 encrypted traffic increased along with the increase in Japanese military operations. This provided the volume of traffic cryptanalysts needed to crack the code. The code was broken after the Pearl Harbor attack and provided exceptionally valuable information during the rest of the war. Information obtained from intercepted and decrypted JN-25 message provided the U.S. with intelligence that aided the U.S. in victories at the Battle of Coral Sea as well as the Battle of Midway. Also, information obtained from decrypted JN-25 messages provided the U.S. with specific information regarding the flight itinerary of Yamamoto Isoroku, the Japanese naval admiral who presided over the attack on Pearl Harbor. Due to this intelligence, U.S. pilots were able to intercept and kill Yamamoto during his flight (“JN-25”). Allied Intelligence Efforts During the War The interception and decryption of Axis communications was essential to the Allied victory in World War II. Working independently but sharing information when necessary, American and British mathematicians and code-breakers managed to decipher Cryptography 15/20 keys at least once per day) (Hinsley 494). Turing and Gordon Welchman were chiefly responsible for designing the Bombe. Three fundamental flaws contributed to their exploitation of Enigma. First, German operators frequently erred by reusing keys and selecting weak keys, such as German women’s names. Second, they took advantage of the fact that German messages contained many common words and phrases, also known as cribs. Finally, they found a fundamental flaw in the Enigma: no character can be encoded as itself (“The machines behind...”). Once this was realized, hundreds of Bombes were built and “formed the basis of Bletchley Park's factory-style attack on Enigma” (Copeland 39). According to historians, the Allies' breaking of the Enigma shortened the war by two years (“The machines behind...”). The other major breakthrough at Bletchley Park was the creation of Colossus, the first programmable computer. Although credit for Colossus is often given to Turing, recently declassified documents indicate that, “Colossus was entirely the idea of Mr. [Thomas] Flowers” (Copeland 38). Bletchley Park built Colossus for the special purpose of analyzing the German messages code-named Fish (“The machines behind...), which featured the strongest encryption of all German codes (Copeland 39). Completed in December 1943, the Colossus produced intelligence that was the basis for the precise timing of the D-Day landings on June 6, 1944 (Copeland 38). John Tiltman was the first to break the Fish messages, doing so by hand in 1941 at Bletchley; but by 1944 the Germans had improved the cipher enough so that it was nearly impossible to continue attacks by hand (“The machines behind...”). Flowers, initially brought to Bletchley Park to help break the Enigma, was assigned to help build Cryptography 16/20 Colossus in early 1943 (Copeland 38). The encryption applied by the Lorenz could not be broken except by brute force, and this could take weeks to complete. Colossus, by contrast, was able to do the work in mere hours (“The machines behind...”). By the end of the war, there were ten Colossus computers in use at Bletchley, and their use, like that of the Bombe, is credited with shortening the war and potentially saving millions of lives (“The machines behind...”). While the British worked to break Nazi codes, the Americans were more focused on the Pacific theater and decrypting Japanese messages. Most of this work was done at Arlington Hall, headquarters of the Army's Signal Intelligence Service. The major work done here during the war was breaking the Japanese code PURPLE, discussed earlier in this paper (“Arlington Hall”). This effort was led by Frank Rowlett, an American cryptologist, and was completed before the United States even entered the war. Conclusion World War II profoundly impacted the study of applied cryptography. Demand for secure communications fueled research in the area and encouraged development of new tools and techniques. To provide security, Axis scientists strove to understand and achieve the fundamental mathematical properties of ideal cryptosystems. Their efforts yielded machinery that significantly increased the level of confusion and diffusion in encrypted messages. The resulting cipher machines generated ciphertext their designers believed was unbreakable at the time. Allied efforts proved this presumption was incorrect by developing sophisticated machinery of their own. German and Japanese armed forces relied heavily on cryptography in their military communications. American and British scientists, therefore, were forced to put Cryptography 17/20 significant efforts into understanding these cryptosystems in order to recover useful and timely intelligence. This intelligence effort produced many advances that significantly influence cryptography today. The greatest of these contributions was the modern programmable computer. Computers continue to influence cryptography, and other sciences, sixty years after their first appearance. While cryptography shaped the outcome of the war, the war also shaped the face of modern cryptography.