The Code Book Part 5

Figure 30 Three sheets, each a potential key for a onetime pad cipher. The message is enciphered using Sheet 1. Three sheets, each a potential key for a onetime pad cipher. The message is enciphered using Sheet 1.

[image]

If all the different keys could be tested, every conceivable 21-letter message would be generated, and the crypta.n.a.lyst would be unable to distinguish between the right one and all the others. This difficulty would not have arisen had the key been a series of words or a phrase, because the incorrect messages would almost certainly have been a.s.sociated with a meaningless key, whereas the correct message would be a.s.sociated with a sensible key.

The security of the onetime pad cipher is wholly due to the randomness of the key. The key injects randomness into the ciphertext, and if the ciphertext is random then it has no patterns, no structure, nothing the crypta.n.a.lyst can latch onto. In fact, it can be mathematically proved that it is impossible for a crypta.n.a.lyst to crack a message encrypted with a onetime pad cipher. In other words, the onetime pad cipher is not merely believed to be unbreakable, just as the Vigenere cipher was in the nineteenth century, it really is absolutely secure it really is absolutely secure. The onetime pad offers a guarantee of secrecy: the Holy Grail of cryptography.

At last, cryptographers had found an unbreakable system of encryption. However, the perfection of the onetime pad cipher did not end the quest for secrecy: the truth of the matter is that it was hardly ever used. Although it is perfect in theory, it is flawed in practice because the cipher suffers from two fundamental difficulties. First, there is the practical problem of making large quant.i.ties of random keys. In a single day an army might exchange hundreds of messages, each containing thousands of characters, so radio operators would require a daily supply of keys equivalent to millions of randomly arranged letters. Supplying so many random sequences of letters is an immense task.

Some early cryptographers a.s.sumed that they could generate huge amounts of random keys by haphazardly tapping away at a typewriter. However, whenever this was tried, the typist would tend to get into the habit of typing a character using the left hand, and then a character using the right hand, and thereafter alternate between the two sides. This might be a quick way of generating a key, but the resulting sequence has structure, and is no longer random-if the typist hits the letter D, from the left side of the keyboard, then the next letter is predictable in as much as it is probably from the right side of the keyboard. If a onetime pad key was to be truly random, a letter from the left side of the keyboard should be followed by another letter from the left side of the keyboard on roughly half the occasions. typing a character using the left hand, and then a character using the right hand, and thereafter alternate between the two sides. This might be a quick way of generating a key, but the resulting sequence has structure, and is no longer random-if the typist hits the letter D, from the left side of the keyboard, then the next letter is predictable in as much as it is probably from the right side of the keyboard. If a onetime pad key was to be truly random, a letter from the left side of the keyboard should be followed by another letter from the left side of the keyboard on roughly half the occasions.

Cryptographers have come to realize that it requires a great deal of time, effort and money to create a random key. The best random keys are created by harnessing natural physical processes, such as radioactivity, which is known to exhibit truly random behavior. The cryptographer could place a lump of radioactive material on a bench, and detect its emissions with a Geiger counter. Sometimes the emissions follow each other in rapid succession, sometimes there are long delays-the time between emissions is unpredictable and random. The cryptographer could then connect a display to the Geiger counter, which rapidly cycles through the alphabet at a fixed rate, but which freezes momentarily as soon as an emission is detected. Whatever letter is on the display could be used as the next letter of the random key. The display restarts and once again cycles through the alphabet until it is stopped at random by the next emission, the letter frozen on the display is added to the key, and so on. This arrangement would be guaranteed to generate a truly random key, but it is impractical for day-to-day cryptography.

Even if you could fabricate enough random keys, there is a second problem, namely the difficulty of distributing them. Imagine a battlefield scenario in which hundreds of radio operators are part of the same communications network. To start with, every single person must have identical copies of the onetime pad. Next, when new pads are issued, they must be distributed to everybody simultaneously. Finally, everybody must remain in step, making sure that they are using the right sheet of the onetime pad at the right time. Widespread use of the onetime pad would fill the battlefield with couriers and bookkeepers. Furthermore, if the enemy captures just one set of keys, then the whole communication system is compromised.

It might be tempting to cut down on the manufacture and distribution of keys by reusing onetime pads, but this is a cryptographic cardinal sin. Reusing a onetime pad would allow an enemy crypta.n.a.lyst to decipher messages with relative ease. The technique used to prize open two pieces of ciphertext encrypted with the same onetime pad key is explained in Reusing a onetime pad would allow an enemy crypta.n.a.lyst to decipher messages with relative ease. The technique used to prize open two pieces of ciphertext encrypted with the same onetime pad key is explained in Appendix G Appendix G, but for the time being the important point is that there can be no shortcuts in using the onetime pad cipher. The sender and receiver must use a new key for every message.

A onetime pad is practicable only for people who need ultrasecure communication, and who can afford to meet the enormous costs of manufacturing and securely distributing the keys. For example, the hotline between the presidents of Russia and America is secured via a onetime pad cipher.

The practical flaws of the theoretically perfect onetime pad meant that Mauborgne's idea could never be used in the heat of battle. In the aftermath of the First World War and all its cryptographic failures, the search continued for a practical system that could be employed in the next conflict. Fortunately for cryptographers, it would not be long before they made a breakthrough, something that would reestablish secret communication on the battlefield. In order to strengthen their ciphers, cryptographers were forced to abandon their pencil-and-paper approach to secrecy, and exploit the very latest technology to scramble messages.

The Development of Cipher Machines-from Cipher Disks to the Enigma The earliest cryptographic machine is the cipher disk, invented in the fifteenth century by the Italian architect Leon Alberti, one of the fathers of the polyalphabetic cipher. He took two copper disks, one slightly larger than the other, and inscribed the alphabet around the edge of both. By placing the smaller disk on top of the larger one and fixing them with a needle to act as an axis, he constructed something similar to the cipher disk shown in Figure 31 Figure 31. The two disks can be independently rotated so that the two alphabets can have different relative positions, and can thus be used to encrypt a message with a simple Caesar s.h.i.+ft. For example, to encrypt a message with a Caesar s.h.i.+ft of one place, position the outer A next to the inner B-the outer disk is the plain alphabet, and the inner disk represents the cipher alphabet. Each letter in the plaintext message is looked up on the outer disk, and the corresponding letter on the inner disk is written down as part of the ciphertext. To send a message with a Caesar s.h.i.+ft of five places, simply rotate the disks so that the outer A is next to the inner F, and then use the cipher disk in its new setting. looked up on the outer disk, and the corresponding letter on the inner disk is written down as part of the ciphertext. To send a message with a Caesar s.h.i.+ft of five places, simply rotate the disks so that the outer A is next to the inner F, and then use the cipher disk in its new setting.

Even though the cipher disk is a very basic device, it does ease encipherment, and it endured for five centuries. The version shown in Figure 31 Figure 31 was used in the American Civil War. was used in the American Civil War. Figure 32 Figure 32 shows a Code-o-Graph, a cipher disk used by the eponymous hero of shows a Code-o-Graph, a cipher disk used by the eponymous hero of Captain Midnight Captain Midnight, one of the early American radio dramas. Listeners could obtain their own Code-o-Graph by writing to the program sponsors, Ovaltine, and enclosing a label from one of their containers. Occasionally the program would end with a secret message from Captain Midnight, which could be deciphered by loyal listeners using the Code-o-Graph.

The cipher disk can be thought of as a "scrambler," taking each plaintext letter and transforming it into something else. The mode of operation described so far is straightforward, and the resulting cipher is relatively trivial to break, but the cipher disk can be used in a more complicated way. Its inventor, Alberti, suggested changing the setting of the disk during the message, which in effect generates a polyalphabetic cipher instead of a monoalphabetic cipher. For example, Alberti could have used his disk to encipher the word goodbye, using the keyword LEON. He would begin by setting his disk according to the first letter of the keyword, moving the outer A next to the inner L. Then he would encipher the first letter of the message, g, by finding it on the outer disk and noting the corresponding letter on the inner disk, which is R. To encipher the second letter of the message, he would reset his disk according to the second letter of the keyword, moving the outer A next to the inner E. Then he would encipher o by finding it on the outer disk and noting the corresponding letter on the inner disk, which is S. The encryption process continues with the cipher disk being set according to the keyletter O, then N, then back to L, and so on. Alberti has effectively encrypted a message relatively trivial to break, but the cipher disk can be used in a more complicated way. Its inventor, Alberti, suggested changing the setting of the disk during the message, which in effect generates a polyalphabetic cipher instead of a monoalphabetic cipher. For example, Alberti could have used his disk to encipher the word goodbye, using the keyword LEON. He would begin by setting his disk according to the first letter of the keyword, moving the outer A next to the inner L. Then he would encipher the first letter of the message, g, by finding it on the outer disk and noting the corresponding letter on the inner disk, which is R. To encipher the second letter of the message, he would reset his disk according to the second letter of the keyword, moving the outer A next to the inner E. Then he would encipher o by finding it on the outer disk and noting the corresponding letter on the inner disk, which is S. The encryption process continues with the cipher disk being set according to the keyletter O, then N, then back to L, and so on. Alberti has effectively encrypted a message using the Vigenere cipher with his first name acting as the keyword. The cipher disk speeds up encryption and reduces errors compared with performing the encryption via a Vigenere square. using the Vigenere cipher with his first name acting as the keyword. The cipher disk speeds up encryption and reduces errors compared with performing the encryption via a Vigenere square.

[image]

Figure 31 A U.S. Confederate cipher disk used in the American Civil War. ( A U.S. Confederate cipher disk used in the American Civil War. (photo credit 3.4) [image]

Figure 32 Captain Midnight's Code-o-Graph, which enciphers each plaintext letter (outer disk) as a number (inner disk), rather than a letter. Captain Midnight's Code-o-Graph, which enciphers each plaintext letter (outer disk) as a number (inner disk), rather than a letter.

The important feature of using the cipher disk in this way is the fact that the disk is changing its mode of scrambling during encryption. Although this extra level of complication makes the cipher harder to break, it does not make it unbreakable, because we are simply dealing with a mechanized version of the Vigenere cipher, and the Vigenere cipher was broken by Babbage and Kasiski. However, five hundred years after Alberti, a more complex reincarnation of his cipher disk would lead to a new generation of ciphers, an order of magnitude more difficult to crack than anything previously used.

In 1918, the German inventor Arthur Scherbius and his close friend Richard Ritter founded the company of Scherbius & Ritter, an innovative engineering firm that dabbled in everything from turbines to heated pillows. Scherbius was in charge of research and development, and was constantly looking for new opportunities. One of his pet projects was to replace the inadequate systems of cryptography used in the First World War by swapping pencil-and-paper ciphers with a form of encryption that exploited twentieth-century technology. Having studied electrical engineering in Hanover and Munich, he developed a piece of cryptographic machinery that was essentially an electrical version of Alberti's cipher disk. Called Enigma, Scherbius's invention would become the most fearsome system of encryption in history.

Scherbius's Enigma machine consisted of a number of ingenious components, which he combined into a formidable and intricate cipher machine. However, if we break the machine down into its const.i.tuent parts and rebuild it in stages, then its underlying principles will become apparent. The basic form of Scherbius's invention consists of three elements connected by wires: a keyboard for inputting each plaintext letter, a scrambling unit that encrypts each plaintext letter into a corresponding ciphertext letter, and a display board consisting of various lamps for indicating the ciphertext letter. Figure 33 Figure 33 shows a stylized layout of the machine, limited to a six-letter alphabet for simplicity. In order to encrypt a plaintext letter, the operator presses the appropriate plaintext letter on the keyboard, which sends an electric pulse through the central shows a stylized layout of the machine, limited to a six-letter alphabet for simplicity. In order to encrypt a plaintext letter, the operator presses the appropriate plaintext letter on the keyboard, which sends an electric pulse through the central scrambling unit and out the other side, where it illuminates the corresponding ciphertext letter on the lampboard. scrambling unit and out the other side, where it illuminates the corresponding ciphertext letter on the lampboard.

The scrambler, a thick rubber disk riddled with wires, is the most important part of the machine. From the keyboard, the wires enter the scrambler at six points, and then make a series of twists and turns within the scrambler before emerging at six points on the other side. The internal wirings of the scrambler determine how the plaintext letters will be encrypted. For example, in Figure 33 Figure 33 the wirings dictate that: the wirings dictate that: typing in a will illuminate the letter B, which means that a is encrypted as B, typing in b will illuminate the letter A, which means that b is encrypted as A, typing in c will illuminate the letter D, which means that c is encrypted as D, typing in d will illuminate the letter F, which means that d is encrypted as F, typing in e will illuminate the letter E, which means that e is encrypted as E, typing in f will illuminate the letter C, which means that f is encrypted as C.

The message cafe would be encrypted as DBCE. With this basic setup, the scrambler essentially defines a cipher alphabet, and the machine can be used to implement a simple monoalphabetic subst.i.tution cipher.

However, Scherbius's idea was for the scrambler disk to automatically rotate by one-sixth of a revolution each time a letter is encrypted (or one-twenty-sixth of a revolution for a complete alphabet of 26 letters). Figure 34(a) Figure 34(a) shows the same arrangement as in shows the same arrangement as in Figure 33 Figure 33; once again, typing in the letter b will illuminate the letter A. However, this time, immediately after typing a letter and illuminating the lampboard, the scrambler revolves by one-sixth of a revolution to the position shown in Figure 34(b) Figure 34(b). Typing in the letter b again will now illuminate a different letter, namely C. Immediately afterward, the scrambler rotates once more, to the position shown in Figure 34(c) Figure 34(c). This time, typing in the letter b will illuminate E. Typing the letter b six times in a row would generate the ciphertext ACEBDC. In other words, the cipher alphabet changes after each encryption, and the encryption of the letter b is constantly changing. With this rotating setup, the scrambler essentially defines six cipher alphabets, and the machine can be used to implement a polyalphabetic cipher.

The rotation of the scrambler is the most important feature of Scherbius's design. However, as it stands the machine suffers from one obvious weakness. Typing b six times will return the scrambler to its original position, and typing b again and again will repeat the pattern of encryption. In general, cryptographers are keen to avoid repet.i.tion because it leads to regularity and structure in the ciphertext, symptoms of a weak cipher. This problem can be alleviated by introducing a second scrambler disk. position, and typing b again and again will repeat the pattern of encryption. In general, cryptographers are keen to avoid repet.i.tion because it leads to regularity and structure in the ciphertext, symptoms of a weak cipher. This problem can be alleviated by introducing a second scrambler disk.

[image]

Figure 33 A simplified version of the Enigma machine with an alphabet of just six letters. The most important element of the machine is the scrambler. By typing in b on the keyboard, a current pa.s.ses into the scrambler, follows the path of the internal wiring, and then emerges so as illuminate the A lamp. In short, b is encrypted as A. The box to the right indicates how each of the six letters is encrypted. A simplified version of the Enigma machine with an alphabet of just six letters. The most important element of the machine is the scrambler. By typing in b on the keyboard, a current pa.s.ses into the scrambler, follows the path of the internal wiring, and then emerges so as illuminate the A lamp. In short, b is encrypted as A. The box to the right indicates how each of the six letters is encrypted.

[image]

Figure 34 Every time a letter is typed into the keyboard and encrypted, the scrambler rotates by one place, thus changing how each letter is potentially encrypted. In (a) the scrambler encrypts b as A, but in (b) the new scrambler orientation encrypts b as C. In (c), after rotating one more place, the scrambler encrypts b as E. After encrypting four more letters, and rotating four more places, the scrambler returns to its original orientation. Every time a letter is typed into the keyboard and encrypted, the scrambler rotates by one place, thus changing how each letter is potentially encrypted. In (a) the scrambler encrypts b as A, but in (b) the new scrambler orientation encrypts b as C. In (c), after rotating one more place, the scrambler encrypts b as E. After encrypting four more letters, and rotating four more places, the scrambler returns to its original orientation.

Figure 35 is a schematic of a cipher machine with two scramblers. Because of the difficulty of drawing a three-dimensional scrambler with three-dimensional internal wirings, is a schematic of a cipher machine with two scramblers. Because of the difficulty of drawing a three-dimensional scrambler with three-dimensional internal wirings, Figure 35 Figure 35 shows only a two-dimensional representation. Each time a letter is encrypted, the first scrambler rotates by one s.p.a.ce, or in terms of the two-dimensional diagram, each wiring s.h.i.+fts down one place. In contrast, the second scrambler disk remains stationary for most of the time. It moves only after the first scrambler has made a complete revolution. The first scrambler is fitted with a tooth, and it is only when this tooth reaches a certain point that it knocks the second scrambler on one place. shows only a two-dimensional representation. Each time a letter is encrypted, the first scrambler rotates by one s.p.a.ce, or in terms of the two-dimensional diagram, each wiring s.h.i.+fts down one place. In contrast, the second scrambler disk remains stationary for most of the time. It moves only after the first scrambler has made a complete revolution. The first scrambler is fitted with a tooth, and it is only when this tooth reaches a certain point that it knocks the second scrambler on one place.

In Figure 35(a) Figure 35(a), the first scrambler is in a position where it is just about to knock forward the second scrambler. Typing in and encrypting a letter moves the mechanism to the configuration shown in Figure 35(b) Figure 35(b), in which the first scrambler has moved on one place, and the second scrambler has also been knocked on one place. Typing in and encrypting another letter again moves the first scrambler on one place, Figure 35(c) Figure 35(c), but this time the second scrambler has remained stationary. The second scrambler will not move again until the first scrambler completes one revolution, which will take another five encryptions. This arrangement is similar to a car odometer-the rotor representing single miles turns quite quickly, and when it completes one revolution by reaching "9," it knocks the rotor representing tens of miles forward one place.

The advantage of adding a second scrambler is that the pattern of encryption is not repeated until the second scrambler is back where it started, which requires six complete revolutions of the first scrambler, or the encryption of 6 6, or 36 letters in total. In other words, there are 36 distinct scrambler settings, which is equivalent to switching between 36 cipher alphabets. With a full alphabet of 26 letters, the cipher machine would switch between 26 26, or 676 cipher alphabets. So by combining scramblers (sometimes called rotors), it is possible to build an encryption machine which is continually switching between different cipher alphabets. The operator types in a particular letter and, depending on the scrambler arrangement, it can be encrypted according to any one of hundreds of cipher alphabets. Then the scrambler arrangement changes, so that when the next letter is typed into the machine it is encrypted according to a different cipher alphabet. Furthermore, all of this is done with great efficiency and accuracy, thanks to the automatic movement of scramblers and the speed of electricity. scrambler arrangement, it can be encrypted according to any one of hundreds of cipher alphabets. Then the scrambler arrangement changes, so that when the next letter is typed into the machine it is encrypted according to a different cipher alphabet. Furthermore, all of this is done with great efficiency and accuracy, thanks to the automatic movement of scramblers and the speed of electricity.

[image]

Figure 35 On adding a second scrambler, the pattern of encryption does not repeat until 36 letters have been enciphered, at which point both scramblers have returned to their original positions. To simplify the diagram, the scramblers are represented in just two dimensions; instead of rotating one place, the wirings move down one place. If a wire appears to leave the top or bottom of a scrambler, its path can be followed by continuing from the corresponding wire at the bottom or top of the same scrambler. In (a), b is encrypted as D. After encryption, the first scrambler rotates by one place, also nudging the second scrambler around one place-this happens only once during each complete revolution of the first wheel. This new setting is shown in (b), in which b is encrypted as F. After encryption, the first scrambler rotates by one place, but this time the second scrambler remains fixed. This new setting is shown in (c), in which b is encrypted as B. On adding a second scrambler, the pattern of encryption does not repeat until 36 letters have been enciphered, at which point both scramblers have returned to their original positions. To simplify the diagram, the scramblers are represented in just two dimensions; instead of rotating one place, the wirings move down one place. If a wire appears to leave the top or bottom of a scrambler, its path can be followed by continuing from the corresponding wire at the bottom or top of the same scrambler. In (a), b is encrypted as D. After encryption, the first scrambler rotates by one place, also nudging the second scrambler around one place-this happens only once during each complete revolution of the first wheel. This new setting is shown in (b), in which b is encrypted as F. After encryption, the first scrambler rotates by one place, but this time the second scrambler remains fixed. This new setting is shown in (c), in which b is encrypted as B.

Before explaining in detail how Scherbius intended his encryption machine to be used, it is necessary to describe two more elements of the Enigma, which are shown in Figure 36 Figure 36. First, Scherbius's standard encryption machine employed a third scrambler for extra complexity-for a full alphabet these three scramblers would provide 26 26 26, or 17,576 distinct scrambler arrangements. Second, Scherbius added a reflector reflector. The reflector is a bit like a scrambler, inasmuch as it is a rubber disk with internal wirings, but it differs because it does not rotate, and the wires enter on one side and then reemerge on the same side. With the reflector in place, the operator types in a letter, which sends an electrical signal through the three scramblers. When the reflector receives the incoming signal it sends it back through the same three scramblers, but along a different route. For example, with the setup in Figure 36 Figure 36, typing the letter b would send a signal through the three scramblers and into the reflector, whereupon the signal would return back through the wirings to arrive at the letter D. The signal does not actually emerge through the keyboard, as it might seem from Figure 36 Figure 36, but instead is diverted to the lampboard. At first sight the reflector seems to be a pointless addition to the machine, because its static nature means that it does not add to the number of cipher alphabets. However, its benefits become clear when we see how the machine was actually used to encrypt and decrypt a message. nature means that it does not add to the number of cipher alphabets. However, its benefits become clear when we see how the machine was actually used to encrypt and decrypt a message.

[image]

Figure 36 Scherbius's design of the Enigma included a third scrambler and a reflector that sends the current back through the scramblers. In this particular setting, typing in b eventually illuminates D on the lampboard, shown here adjacent to the keyboard. Scherbius's design of the Enigma included a third scrambler and a reflector that sends the current back through the scramblers. In this particular setting, typing in b eventually illuminates D on the lampboard, shown here adjacent to the keyboard.

An operator wishes to send a secret message. Before encryption begins, the operator must first rotate the scramblers to a particular starting position. There are 17,576 possible arrangements, and therefore 17,576 possible starting positions. The initial setting of the scramblers will determine how the message is encrypted. We can think of the Enigma machine in terms of a general cipher system, and the initial settings are what determine the exact details of the encryption. In other words, the initial settings provide the key. The initial settings are usually dictated by a codebook, which lists the key for each day, and which is available to everybody within the communications network. Distributing the codebook requires time and effort, but because only one key per day is required, it could be arranged for a codebook containing 28 keys to be sent out just once every four weeks. By comparison, if an army were to use a onetime pad cipher, it would require a new key for every message, and key distribution would be a much greater task. Once the scramblers have been set according to the codebook's daily requirement, the sender can begin encrypting. He types in the first letter of the message, sees which letter is illuminated on the lampboard, and notes it down as the first letter of the ciphertext. Then, the first scrambler having automatically stepped on by one place, the sender inputs the second letter of the message, and so on. Once he has generated the complete ciphertext, he hands it to a radio operator who transmits it to the intended receiver.

In order to decipher the message, the receiver needs to have another Enigma machine and a copy of the codebook that contains the initial scrambler settings for that day. He sets up the machine according to the book, types in the ciphertext letter by letter, and the lampboard indicates the plaintext. In other words, the sender typed in the plaintext to generate the ciphertext, and now the receiver types in the ciphertext to generate the plaintext-encipherment and decipherment are mirror processes. The ease of decipherment is a consequence of the reflector. From Figure 36 Figure 36 we can see that if we type in b and follow the electrical path, we come back to D. Similarly, if we type in d and follow the path, then we come back to B. The machine encrypts a plaintext letter into a ciphertext letter, we can see that if we type in b and follow the electrical path, we come back to D. Similarly, if we type in d and follow the path, then we come back to B. The machine encrypts a plaintext letter into a ciphertext letter, and, as long as the machine is in the same setting, it will decrypt the same ciphertext letter back into the same plaintext letter. and, as long as the machine is in the same setting, it will decrypt the same ciphertext letter back into the same plaintext letter.

It is clear that the key, and the codebook that contains it, must never be allowed to fall into enemy hands. It is quite possible that the enemy might capture an Enigma machine, but without knowing the initial settings used for encryption, they cannot easily decrypt an intercepted message. Without the codebook, the enemy crypta.n.a.lyst must resort to checking all the possible keys, which means trying all the 17,576 possible initial scrambler settings. The desperate crypta.n.a.lyst would set up the captured Enigma machine with a particular scrambler arrangement, input a short piece of the ciphertext, and see if the output makes any sense. If not, he would change to a different scrambler arrangement and try again. If he can check one scrambler arrangement each minute and works night and day, it would take almost two weeks to check all the settings. This is a moderate level of security, but if the enemy set a dozen people on the task, then all the settings could be checked within a day. Scherbius therefore decided to improve the security of his invention by increasing the number of initial settings and thus the number of possible keys.

He could have increased security by adding more scramblers (each new scrambler increases the number of keys by a factor of 26), but this would have increased the size of the Enigma machine. Instead, he added two other features. First, he simply made the scramblers removable and interchangeable. So, for example, the first scrambler disk could be moved to the third position, and the third scrambler disk to the first position. The arrangement of the scramblers affects the encryption, so the exact arrangement is crucial to encipherment and decipherment. There are six different ways to arrange the three scramblers, so this feature increases the number of keys, or the number of possible initial settings, by a factor of six.

The second new feature was the insertion of a plugboard plugboard between the keyboard and the first scrambler. The plugboard allows the sender to insert cables which have the effect of swapping some of the letters before they enter the scrambler. For example, a cable could be used to connect the a and b sockets of the plugboard, so that when the cryptographer wants to encrypt the letter b, the electrical signal actually follows the path through the scramblers that previously would have been the path for the letter a, and vice versa. The Enigma operator had six cables, which meant between the keyboard and the first scrambler. The plugboard allows the sender to insert cables which have the effect of swapping some of the letters before they enter the scrambler. For example, a cable could be used to connect the a and b sockets of the plugboard, so that when the cryptographer wants to encrypt the letter b, the electrical signal actually follows the path through the scramblers that previously would have been the path for the letter a, and vice versa. The Enigma operator had six cables, which meant that six pairs of letters could be swapped, leaving fourteen letters unplugged and unswapped. The letters swapped by the plugboard are part of the machine's setting, and so must be specified in the codebook. that six pairs of letters could be swapped, leaving fourteen letters unplugged and unswapped. The letters swapped by the plugboard are part of the machine's setting, and so must be specified in the codebook. Figure 37 Figure 37 shows the layout of the machine with the plugboard in place. Because the diagram deals only with a six-letter alphabet, only one pair of letters, a and b, have been swapped. shows the layout of the machine with the plugboard in place. Because the diagram deals only with a six-letter alphabet, only one pair of letters, a and b, have been swapped.

There is one more feature of Scherbius's design, known as the ring ring, which has not yet been mentioned. Although the ring does have some effect on encryption, it is the least significant part of the whole Enigma machine, and I have decided to ignore it for the purposes of this discussion. (Readers who would like to know about the exact role of the ring should refer to some of the books in the list of further reading, such as Seizing the Enigma Seizing the Enigma by David Kahn. This list also includes two Web sites containing excellent Enigma emulators, which allow you to operate a virtual Enigma machine.) by David Kahn. This list also includes two Web sites containing excellent Enigma emulators, which allow you to operate a virtual Enigma machine.) Now that we know all the main elements of Scherbius's Enigma machine, we can work out the number of keys, by combining the number of possible plugboard cablings with the number of possible scrambler arrangements and orientations. The following list shows each variable of the machine and the corresponding number of possibilities for each one: arrangements and orientations. The following list shows each variable of the machine and the corresponding number of possibilities for each one: [image]

Figure 37 The plugboard sits between the keyboard and the first scrambler. By inserting cables it is possible to swap pairs of letters, so that, in this case, b is swapped with a. Now, b is encrypted by following the path previously a.s.sociated with the encryption of a. In the real 26-letter Enigma, the user would have six cables for swapping six pairs of letters. The plugboard sits between the keyboard and the first scrambler. By inserting cables it is possible to swap pairs of letters, so that, in this case, b is swapped with a. Now, b is encrypted by following the path previously a.s.sociated with the encryption of a. In the real 26-letter Enigma, the user would have six cables for swapping six pairs of letters.

Scrambler orientations. Each of the 3 scramblers can be set in one of 26 orientations. There are therefore 26 26 26 settings: 17,576.

Scrambler arrangements. The three scramblers (1, 2 and 3) can be positioned in any of the following six orders: 123, 132, 213, 231, 312, 321.

6.

Plugboard. The number of ways of connecting, thereby swapping, six pairs of letters out of 26 is enormous: 100,391,791,500.

Total. The total number of keys is the multiple of these three numbers: 17,576 6 100,391,791,500 10,000,000,000,000,000 As long as sender and receiver have agreed on the plugboard cablings, the order of the scramblers and their respective orientations, all of which specify the key, they can encrypt and decrypt messages easily. However, an enemy interceptor who does not know the key would have to check every single one of the 10,000,000,000,000,000 possible keys in order to crack the ciphertext. To put this into context, a persistent crypta.n.a.lyst who is capable of checking one setting every minute would need longer than the age of the universe to check every setting. (In fact, because I have ignored the effect of the rings in these calculations, the number of possible keys is even larger, and the time to break Enigma even longer.) Since by far the largest contribution to the number of keys comes from the plugboard, you might wonder why Scherbius bothered with the scramblers. On its own, the plugboard would provide a trivial cipher, because it would do nothing more than act as a monoalphabetic subst.i.tution cipher, swapping around just 12 letters. The problem with the plugboard is that the swaps do not change once encryption begins, so on its own it would generate a ciphertext that could be broken by frequency a.n.a.lysis. The scramblers contribute a smaller number of keys, but their setup is continually changing, which means that the resulting ciphertext cannot be broken by frequency a.n.a.lysis. By combining the scramblers with the plugboard, Scherbius protected his machine against frequency a.n.a.lysis, and at the same time gave it an enormous number of possible keys. broken by frequency a.n.a.lysis. By combining the scramblers with the plugboard, Scherbius protected his machine against frequency a.n.a.lysis, and at the same time gave it an enormous number of possible keys.

Scherbius took out his first patent in 1918. His cipher machine was contained in a compact box measuring only 34 28 15 cm, but it weighed a hefty 12 kg. Figure 39 Figure 39 shows an Enigma machine with the outer lid open, ready for use. It is possible to see the keyboard where the plaintext letters are typed in, and, above it, the lampboard which displays the resulting ciphertext letter. Below the keyboard is the plugboard; there are more than six pairs of letters swapped by the plugboard, because this particular Enigma machine is a slightly later modification of the original model, which is the version that has been described so far. shows an Enigma machine with the outer lid open, ready for use. It is possible to see the keyboard where the plaintext letters are typed in, and, above it, the lampboard which displays the resulting ciphertext letter. Below the keyboard is the plugboard; there are more than six pairs of letters swapped by the plugboard, because this particular Enigma machine is a slightly later modification of the original model, which is the version that has been described so far. Figure 40 Figure 40 shows an Enigma with the cover plate removed to reveal more features, in particular the three scramblers. shows an Enigma with the cover plate removed to reveal more features, in particular the three scramblers.

Scherbius believed that Enigma was impregnable, and that its cryptographic strength would create a great demand for it. He tried to market the cipher machine to both the military and the business community, offering different versions to each. For example, he offered a basic version of Enigma to businesses, and a luxury diplomatic version with a printer rather than a lampboard to the Foreign Office. The price of an individual unit was as much as $30,000 in today's prices. offering different versions to each. For example, he offered a basic version of Enigma to businesses, and a luxury diplomatic version with a printer rather than a lampboard to the Foreign Office. The price of an individual unit was as much as $30,000 in today's prices.

[image]

Figure 38 Arthur Scherbius. ( Arthur Scherbius. (photo credit 3.5) Unfortunately, the high cost of the machine discouraged potential buyers. Businesses said that they could not afford Enigma's security, but Scherbius believed that they could not afford to be without it. He argued that a vital message intercepted by a business rival could cost a company a fortune, but few businessmen took any notice of him. The German military were equally unenthusiastic, because they were oblivious to the damage caused by their insecure ciphers during the Great War. For example, they had been led to believe that the Zimmermann telegram had been stolen by American spies in Mexico, and so they blamed that failure on Mexican security. They still did not realize that the telegram had in fact been intercepted and deciphered by the British, and that the Zimmermann debacle was actually a failure of German cryptography.

Scherbius was not alone in his growing frustration. Three other inventors in three other countries had independently and almost simultaneously hit upon the idea of a cipher machine based on rotating scramblers. In the Netherlands in 1919, Alexander Koch took out patent No. 10,700, but he failed to turn his rotor machine into a commercial success and eventually sold the patent rights in 1927. In Sweden, Arvid Damm took out a similar patent, but by the time he died in 1927 he had also failed to find a market. In America, inventor Edward Hebern had complete faith in his invention, the so-called Sphinx of the Wireless, but his failure was the greatest of all.

In the mid-1920s, Hebern began building a $380,000 factory, but unfortunately this was a period when the mood in America was changing from paranoia to openness. The previous decade, in the aftermath of the First World War, the U.S. Government had established the American Black Chamber, a highly effective cipher bureau staffed by a team of twenty crypta.n.a.lysts, led by the flamboyant and brilliant Herbert Yardley. Later, Yardley wrote that "The Black Chamber, bolted, hidden, guarded, sees all, hears all. Though the blinds are drawn and the windows heavily curtained, its far-seeking eyes penetrate the secret conference chambers at Was.h.i.+ngton, Tokyo, London, Paris, Geneva, Rome. Its sensitive ears catch the faintest whisperings in the foreign capitals of the world." The American Black Chamber solved 45,000 cryptograms in a decade, but by the time Hebern built his factory, Herbert Hoover had been elected President and was attempting to usher in a new era of trust in international affairs. He disbanded the Black Chamber, and his Secretary of State, Henry Stimson, declared that "Gentlemen should not read each other's mail." If a nation believes that it is wrong to read the messages of others, then it also begins to believe that others will not read its own messages, and it does not see the necessity for fancy cipher machines. Hebern sold only twelve machines at a total price of roughly $1,200, and in 1926 he was brought to trial by dissatisfied shareholders and found guilty under California's Corporate Securities Act. American Black Chamber solved 45,000 cryptograms in a decade, but by the time Hebern built his factory, Herbert Hoover had been elected President and was attempting to usher in a new era of trust in international affairs. He disbanded the Black Chamber, and his Secretary of State, Henry Stimson, declared that "Gentlemen should not read each other's mail." If a nation believes that it is wrong to read the messages of others, then it also begins to believe that others will not read its own messages, and it does not see the necessity for fancy cipher machines. Hebern sold only twelve machines at a total price of roughly $1,200, and in 1926 he was brought to trial by dissatisfied shareholders and found guilty under California's Corporate Securities Act.

[image]

Figure 39 An army Enigma machine ready for use. ( An army Enigma machine ready for use. (photo credit 3.6) [image]

Figure 40 An Enigma machine with the inner lid opened, revealing the three scramblers. An Enigma machine with the inner lid opened, revealing the three scramblers.

Fortunately for Scherbius, however, the German military were eventually shocked into appreciating the value of his Enigma machine, thanks to two British doc.u.ments. The first was Winston Churchill's The World Crisis The World Crisis, published in 1923, which included a dramatic account of how the British had gained access to valuable German cryptographic material: At the beginning of September 1914, the German light cruiser Magdeburg Magdeburg was wrecked in the Baltic. The body of a drowned German under-officer was picked up by the Russians a few hours later, and clasped in his bosom by arms rigid in death, were the cipher and signal books of the German navy and the minutely squared maps of the North Sea and Heligoland Bight. On September 6 the Russian Naval Attache came to see me. He had received a message from Petrograd telling him what had happened, and that the Russian Admiralty with the aid of the cipher and signal books had been able to decode portions at least of the German naval messages. The Russians felt that as the leading naval Power, the British Admiralty ought to have these books and charts. If we would send a vessel to Alexandrov, the Russian officers in charge of the books would bring them to England. was wrecked in the Baltic. The body of a drowned German under-officer was picked up by the Russians a few hours later, and clasped in his bosom by arms rigid in death, were the cipher and signal books of the German navy and the minutely squared maps of the North Sea and Heligoland Bight. On September 6 the Russian Naval Attache came to see me. He had received a message from Petrograd telling him what had happened, and that the Russian Admiralty with the aid of the cipher and signal books had been able to decode portions at least of the German naval messages. The Russians felt that as the leading naval Power, the British Admiralty ought to have these books and charts. If we would send a vessel to Alexandrov, the Russian officers in charge of the books would bring them to England.

This material had helped the crypta.n.a.lysts in Room 40 to crack Germany's encrypted messages on a regular basis. Finally, almost a decade later, the Germans were made aware of this failure in their communications security. Also in 1923, the British Royal Navy published their official history of the First World War, which reiterated the fact that the interception and crypta.n.a.lysis of German communications had provided the Allies with a clear advantage. These proud achievements of British Intelligence were a stark condemnation of those responsible for German security, who then had to admit in their own report that, "the German fleet command, whose radio messages were intercepted and deciphered by the English, played so to speak with open cards against the British command." condemnation of those responsible for German security, who then had to admit in their own report that, "the German fleet command, whose radio messages were intercepted and deciphered by the English, played so to speak with open cards against the British command."

The German military held an enquiry into how to avoid repeating the cryptographic fiascos of the First World War, and concluded that the Enigma machine offered the best solution. By 1925 Scherbius began ma.s.s-producing Enigmas, which went into military service the following year, and were subsequently used by the government and by state-run organizations such as the railways. These Enigmas were distinct from the few machines that Scherbius had previously sold to the business community, because the scramblers had different internal wirings. Owners of a commercial Enigma machine did not therefore have a complete knowledge of the government and military versions.

Over the next two decades, the German military would buy over 30,000 Enigma machines. Scherbius's invention provided the German military with the most secure system of cryptography in the world, and at the outbreak of the Second World War their communications were protected by an unparalleled level of encryption. At times, it seemed that the Enigma machine would play a vital role in ensuring n.a.z.i victory, but instead it was ultimately part of Hitler's downfall. Scherbius did not live long enough to see the successes and failures of his cipher system. In 1929, while driving a team of horses, he lost control of his carriage and crashed into a wall, dying on May 13 from internal injuries.

4 Cracking the Enigma

In the years that followed the First World War, the British crypta.n.a.lysts in Room 40 continued to monitor German communications. In 1926 they began to intercept messages which baffled them completely. Enigma had arrived, and as the number of Enigma machines increased, Room 40's ability to gather intelligence diminished rapidly. The Americans and the French also tried to tackle the Enigma cipher, but their attempts were equally dismal, and they soon gave up hope of breaking it. Germany now had the most secure communications in the world.

The speed with which the Allied crypta.n.a.lysts abandoned hope of breaking Enigma was in sharp contrast to their perseverance just a decade earlier in the First World War. Confronted with the prospect of defeat, the Allied crypta.n.a.lysts had worked night and day to penetrate German ciphers. It would appear that fear was the main driving force, and that adversity is one of the foundations of successful codebreaking. Similarly, it was fear and adversity that galvanized French crypta.n.a.lysis at the end of the nineteenth century, faced with the increasing might of Germany. However, in the wake of the First World War the Allies no longer feared anybody. Germany had been crippled by defeat, the Allies were in a dominant position, and as a result they seemed to lose their crypta.n.a.lytic zeal. Allied crypta.n.a.lysts dwindled in number and deteriorated in quality.

One nation, however, could not afford to relax. After the First World War, Poland reestablished itself as an independent state, but it was concerned about threats to its newfound sovereignty. To the east lay Russia, a nation ambitious to spread its communism, and to the west lay Germany, desperate to regain territory ceded to Poland after the war. Sandwiched between these two enemies, the Poles were desperate for intelligence information, and they formed a new cipher bureau, the Biuro Szyfrow. If necessity is the mother of invention, then perhaps adversity is the mother of crypta.n.a.lysis. The success of the Biuro Szyfrow is exemplified by their success during the Russo-Polish War of 191920. In August 1920 alone, when the Soviet armies were at the gates of Warsaw, the Biuro deciphered 400 enemy messages. Their monitoring of German communications had been equally effective, until 1926, when they too encountered the Enigma messages. Szyfrow. If necessity is the mother of invention, then perhaps adversity is the mother of crypta.n.a.lysis. The success of the Biuro Szyfrow is exemplified by their success during the Russo-Polish War of 191920. In August 1920 alone, when the Soviet armies were at the gates of Warsaw, the Biuro deciphered 400 enemy messages. Their monitoring of German communications had been equally effective, until 1926, when they too encountered the Enigma messages.

In charge of deciphering German messages was Captain Maksymilian Ciezki, a committed patriot who had grown up in the town of Szamotuty, a center of Polish nationalism. Ciezki had access to a commercial version of the Enigma machine, which revealed all the principles of Scherbius's invention. Unfortunately, the commercial version was distinctly different from the military one in terms of the wirings inside each scrambler. Without knowing the wirings of the military machine, Ciezki had no chance of deciphering messages being sent by the German army. He became so despondent that at one point he even employed a clairvoyant in a frantic attempt to conjure some sense from the enciphered intercepts. Not surprisingly, the clairvoyant failed to make the breakthrough the Biuro Szyfrow needed. Instead, it was left to a disaffected German, Hans-Thilo Schmidt, to make the first step toward breaking the Enigma cipher.

Hans-Thilo Schmidt was born in 1888 in Berlin, the second son of a distinguished professor and his aristocratic wife. Schmidt embarked on a career in the German Army and fought in the First World War, but he was not considered worthy enough to remain in the army after the drastic cuts implemented as part of the Treaty of Versailles. He then tried to make his name as a businessman, but his soap factory was forced to close because of the postwar depression and hyperinflation, leaving him and his family dest.i.tute.

The humiliation of Schmidt's failures was compounded by the success of his elder brother, Rudolph, who had also fought in the war, and who was retained in the army afterward. During the 1920s Rudolph rose through the ranks and was eventually promoted to chief of staff of the Signal Corps. He was responsible for ensuring secure communications, and in fact it was Rudolph who officially sanctioned the army's use of the Enigma cipher.

After his business collapsed, Hans-Thilo was forced to ask his brother for help, and Rudolph arranged a job for him in Berlin at the Chiffrierstelle, the office responsible for administrating Germany's encrypted communications. This was Enigma's command center, a top-secret establishment dealing with highly sensitive information. When Hans-Thilo moved to his new job, he left his family behind in Bavaria, where the cost of living was affordable. He was living alone in expensive Berlin, impoverished and isolated, envious of his perfect brother and resentful toward a nation which had rejected him. The result was inevitable. By selling secret Enigma information to foreign powers, Hans-Thilo Schmidt could earn money and gain revenge, damaging his country's security and undermining his brother's organization. for help, and Rudolph arranged a job for him in Berlin at the Chiffrierstelle, the office responsible for administrating Germany's encrypted communications. This was Enigma's command center, a top-secret establishment dealing with highly sensitive information. When Hans-Thilo moved to his new job, he left his family behind in Bavaria, where the cost of living was affordable. He was living alone in expensive Berlin, impoverished and isolated, envious of his perfect brother and resentful toward a nation which had rejected him. The result was inevitable. By selling secret Enigma information to foreign powers, Hans-Thilo Schmidt could earn money and gain revenge, damaging his country's security and undermining his brother's organization.

On November 8, 1931, Schmidt arrived at the Grand Hotel in Verviers, Belgium, for a liaison with a French secret agent codenamed Rex. In exchange for 10,000 marks (equivalent to $30,000 in today's money), Schmidt allowed Rex to photograph two doc.u.ments: "Gebrauchsanweisung fur die Chiffriermaschine Enigma" and "Schlusselanleitung fur die Chiffriermaschine Enigma." These doc.u.ments were essentially instructions for using the Enigma machine, and although there was no explicit description of the wirings inside each scrambler, they contained the information needed to deduce those wirings. instructions for using the Enigma machine, and although there was no explicit description of the wirings inside each scrambler, they contained the information needed to deduce those wirings.

[image]

Figure 41 Hans-Thilo Schmidt. ( Hans-Thilo Schmidt. (photo credit 4.1) Thanks to Schmidt's treachery, it was now possible for the Allies to create an accurate replica of the German military Enigma machine. However, this was not enough to enable them to decipher messages encrypted by Enigma. The strength of the cipher depends not on keeping the machine secret, but on keeping the initial setting of the machine (the key) secret. If a crypta.n.a.lyst wants to decipher an intercepted message, then, in addition to having a replica of the Enigma machine, he still has to find which of the millions of billions of possible keys was used to encipher it. A German memorandum put it thus: "It is a.s.sumed in judging the security of the cryptosystem that the enemy has at his disposition the machine."

The French Secret Service was clearly up to scratch, having found an informant in Schmidt, and having obtained the doc.u.ments that suggested the wirings of the military Enigma machine. In comparison, French crypta.n.a.lysts were inadequate, and seemed unwilling and unable to exploit this newly acquired information. In the wake of the First World War they suffered from overconfidence and lack of motivation. The Bureau du Chiffre did not even bother trying to build a replica of the military Enigma machine, because they were convinced that achieving the next stage, finding the key required to decipher a particular Enigma message, was impossible.

As it happened, ten years earlier the French had signed an agreement of military cooperation with the Poles. The Poles had expressed an interest in anything connected with Enigma, so in accordance with their decade-old agreement the French simply handed the photographs of Schmidt's doc.u.ments to their allies, and left the hopeless task of cracking Enigma to the Biuro Szyfrow. The Biuro realized that the doc.u.ments were only a starting point, but unlike the French they had the fear of invasion to spur them on. The Poles convinced themselves that there must be a shortcut to finding the key to an Enigma-encrypted message, and that if they applied sufficient effort, ingenuity and wit, they could find that shortcut.

As well as revealing the internal wirings of the scramblers, Schmidt's doc.u.ments also explained in detail the layout of the codebooks used by the Germans. Each month, Enigma operators received a new codebook which specified which key should be used for each day. For example, on the first day of the month, the codebook might specify the following specified which key should be used for each day. For example, on the first day of the month, the codebook might specify the following day key: day key:

(1) Plugboard settings: Plugboard settings: A/L-P/R-T/D-B/W-K/F-O/Y. A/L-P/R-T/D-B/W-K/F-O/Y.

(2) Scrambler: arrangement: Scrambler: arrangement: 2-3-1. 2-3-1.

(3)Scrambler orientations: Q-C-W. Q-C-W.

Together, the scrambler arrangement and orientations are known as the scrambler settings. To implement this particular day key, the Enigma operator would set up his Enigma machine as follows: (1) Plugboard settings: Plugboard settings: Swap the letters A and L by connecting them via a lead on the plugboard, and similarly swap P and R, then T and D, then B and W, then K and F, and then O and Y. Swap the letters A and L by connecting them via a lead on the plugboard, and similarly swap P and R, then T and D, then B and W, then K and F, and then O and Y.

(2) Scrambler arrangement: Scrambler arrangement: Place the 2nd scrambler in the 1st slot of the machine, the 3rd scrambler in the 2nd slot, and the 1st scrambler in the 3rd slot. Place the 2nd scrambler in the 1st slot of the machine, the 3rd scrambler in the 2nd slot, and the 1st scrambler in the 3rd slot.

(3) Scrambler orientations: Scrambler orientations: Each scrambler has an alphabet engraved on its outer rim, which allows the operator to set it in a particular orientation. In this case, the operator would rotate the scrambler in slot 1 so that Q is facing upward, rotate the scrambler in slot 2 so that C is facing upward, and rotate the scrambler in slot 3 so that W is facing upward. Each scrambler has an alphabet engraved on its outer rim, which allows the operator to set it in a particular orientation. In this case, the operator would rotate the scrambler in slot 1 so that Q is facing upward, rotate the scrambler in slot 2 so that C is facing upward, and rotate the scrambler in slot 3 so that W is facing upward.

One way of encrypting messages would be for the sender to encrypt all the day's traffic according to the day key. This would mean that for a whole day at the start of each message all Enigma operators would set their machines according to the same day key. Then, each time a message needed to be sent, it would be first typed into the machine; the enciphered output would then be recorded, and handed to the radio operator for transmission. At the other end, the receiving radio operator would record the incoming message, hand it to the Enigma operator, who would type it into his machine, which would already be set to the same day key. The output would be the original message.

This process is reasonably secure, but it is weakened by the repeated use of a single day key to encrypt the hundreds of messages that might be sent each day. In general, it is true to say that if a single key is used to encipher an enormous quant.i.ty of material, then it is easier for a crypta.n.a.lyst to deduce it. A large amount of identically encrypted material provides a crypta.n.a.lyst with a correspondingly larger chance of identifying the key. For example, harking back to simpler ciphers, it is much easier to break a monoalphabetic cipher with frequency a.n.a.lysis if there are several pages of encrypted material, as opposed to just a couple of sentences. an enormous quant.i.ty of material, then it is easier for a crypta.n.a.lyst to deduce it. A large amount of identically encrypted material provides a crypta.n.a.lyst with a correspondingly larger chance of identifying the key. For example, harking back to simpler ciphers, it is much easier to break a monoalphabetic cipher with frequency a.n.a.lysis if there are several pages of encrypted material, as opposed to just a couple of sentences.

As an extra precaution, the Germans therefore took the clever step of using the day key settings to transmit a new message key message key for each message. The message keys would have the same plugboard settings and scrambler arrangement as the day key, but different scrambler orientations. Because the new scrambler orientation would not be in the codebook, the sender had to transmit it securely to the receiver according to the following process. First, the sender sets his machine according to the agreed day key, which includes a scrambler orientation, say QCW. Next, he randomly picks a new scrambler orientation for the message key, say PGH. He then enciphers PGH according to the day key. The message key is typed into the Enigma twice, just to provide a double-check for the receiver. For example, the sender might encipher the message key PGHPGH as KIVBJE. Note that the two PGH's are enciphered differently (the first as KIV, the second as BJE) because the Enigma scramblers are rotating after each letter, and changing the overall mode of encryption. The sender then changes his machine to the PGH setting and encrypts the main message according to this message key. At the receiver's end, the machine is initially set according to the day key, QCW. The first six letters of the incoming message, KIVBJE, are typed in and reveal PGHPGH. The receiver then knows to reset his scramblers to PGH, the message key, and can then decipher the main body of the message. for each message. The message keys would have the same plugboard settings and scrambler arrangement as the day key, but different scrambler orientations. Because the new scrambler orientation would not be in the codebook, the sender had to transmit it securely to the receiver according to the following process. First, the sender sets his machine according to the agreed day key, which includes a scrambler orientation, say QCW. Next, he randomly picks a new scrambler orientation for the message key, say PGH. He then enciphers PGH according to the day key. The message key is typed into the Enigma twice, just to provide a double-check for the receiver. For examp