Key of the day break


By Michael Hörenberg

Bild "P1030725_scan_1_k.jpg"
No.1030725
A Turing Bombe break is a so called "known plaintext" attack. This procedure needs a little amount of plaintext. The Turing Bombe can find the ENIGMA settings at the given CRIB position. If the CRIB is too short, the BOMBE will produce thousands of false stops. If the CRIB ist too long, a "normal" Bombe can not detect the middle rotor turnover. The M4 wheels 6-8 had 2 notches, so a middle rotor turnover occurs every 12 characters. To prevent a turnover the CRIB is normaly split into two halfs. This means very short M4 CRIBS and an exorbitant amount of false Bombe-Stops. Michael´s special Bombe can detect the turnovers and determine the fast ring. Due to this fact the WinEnigma Bombe can work with extremly long CRIBS.

Michael decided to use U534 message No.1030725 YPJY ZOOM to create a CRIB. He labeled every message by its file name and/or the unique indicator groups. Number 1030725 has original plaintext. This message dates from 1.May 1945. If the software finds the plugs, the wheel order, the reflector and the greek rotor, we will be able to break all messages with the same key of the day. The key of the day is determined by the plugs, the wheel order, the reflector, the greek rotor and the rings. Every message has a unique message key determined by the wheel position.

Ciphertext from message No.1030725 without indicator groups:

DLYDINPOKAJBBJBXVVJIGZWBXYWWJSFXQFISWKPJBVHXBMBPEOIDZXSOVOGGWFVBBCPLXRZSJJNHLCCTAMGCOJAOJKTIPESWJWKGSGSFRLCSUSAICUZUNFUJCOAYNGPTLCCGGUASEWHDEZHFWEDW

Plaintext:

UUUZWONEUNEINSYTTTFFREINSSIBENVONVONFXDXUUUOSTXXUUUZWONEUNEINSSOFORTAUFGABEABBRECHENUNDJRADEJKMSIBENNZLYFUNFKOMMENXTTTFFFVINSSIBENUEBERMITTLUNGSICHE

Interpretation:

[An] U-291 , T.F. 17 von F.d.U. Ost:
U-291 sofort Aufgabe abbrechen und “Rade” [auf] km 70,5 kommen. T.F. 17 Übermittlung sicherstellen.

Translation:

[To] U-291 and T.F. 17 from Comsubs East:
U-291 break off assignment immediately and come to “Rade” [at] Kilometer 70.5. T.F. 17 ensure transmission.

Note: “Rade” might refer to the town Rade bei Rendsburg, and “Kilometer 70.5” might be a reference to its location on the Kiel Canal

The first Turing-Bombe run failed, because the radio operator did a misstake (FFF -> FFR). We tested this CRIB from the original message:

DLYDINPOKAJBBJBXVVJIGZW
UUUZWONEUNEINSYTTTFFFEI

Later we found, that the ciphertext decodes to:

DLYDINPOKAJBBJBXVVJIGZW
UUUZWONEUNEINSYTTTFFREI

Due to the wrong cipher/plain character G/R instead of G/F on position 21 the Turing Bombe did not produce a Stop!

Bild "Turing Bombe Stop"
Bombe FULL STOP
The second attempt started on 31.July 2012 with the a new CRIB:

ZWBXYWWJSFXQFISWKPJBVHXB
EINSSIBENVONVONFXDXUUUOS

After 5 1/2 hours on 112 CPU cores the Bombe produced 2 valid FULL STOPS. The message key really has a 2 notch fast wheel. Probably the first real Naval Enigma M4 Turing-Bombe break since 1945! Don´t wonder about the elapsed time. We split the task into 2 runs.

Bild "Enigma plug search"
TBreaker
WinEnigma Turing Bombe found the correct wheels, the wheel order, the reflector, the greek wheel, 9 Plugs and the wheel position for the chosen CRIB. Now we had to determine the complete key for the CRIB message No.1030725. Original Naval Enigma messages used 10 Plugs. This task did the TBreaker software with its hillclimbing algorithm. The software found the whole key for the complete CRIB message:
Reflector: B  Greek: C
Wheels: 438
Wheel positions: EBJC
Rings: AACU
10 Plugs: CH EJ NV OU TY LG SZ PK DI QB