Enigma Procedure
Enigma Procedure
Enigma Procedure
To obtain secure communications, the German Heer (Army) and Luftwaffe (Air Force) used standard procedures to transmit and receive messages. For a
message to be correctly encrypted and decrypted, both the sender and receiver needed to set up their Enigma in exactly the same way. These settings were
distributed in key sheets. For reasons of security, different parts of the armed forces had their own network, with different key sheets and with a network having its
own codename.
The key sheets were distributed on beforehand, and contained the basic settings for a whole month, per day. In general, the key sheets were in the custody of an
officer, responsible for setting up the machine rotors and ringsettings. After setup, he could lock the machine front panel with a key. The operator could only select
the rotor start position.
You might wonder why the order of the days is reversed. The reason is quite simple. The officer, responsible for handing out the key for that day, could tear off the
current day at the bottom of the sheet and give it to the radio operator to set the machine. After being used, the strip of paper with the key was destroyed.
The Kenngruppen
To identify the key that was used for a particular message, the operator had to insert a five letter group called Buchstabenkenngruppe (letter identification group)
as the first group of the message. The Buchstabenkenngruppe is composed of two randomly selected letters and one of the four possible three-letter
Kenngruppen at the key sheet for that day. If we take day 31 from the Army Staff key 28 (image above), we see the Kenngruppen JKM, OGI, NCJ and GLP. In
this case, some examples of a correct Buchstabenkenngruppe are FDJKM, KVOGI or QNNCJ. This five letter group at the start of the message should not be
encrypted with the rest of the message! If a message was devided into several parts, the operator had to insert another Buchstabenkenngruppe for each part of
the message. When counting the letters for the message header, the five letters of the Buchstabenkenngruppe must be included. The receiving operator
immediately recognized which key was to be applied by looking at the last three letters of the first group.
The setting of the machine was typically valid for one day. Using the same settings for a large number of messages would increase the statistical amount of data
to break a particular key. Therefore, each message was sent with a different startposition of the Enigma rotors, randomly selected by the operator. This was called
the Spruchschlüssel or message key.
Before 1940, the German military used the daily key and startposition, according to the key sheet. The operator selected a random message key. This message
key was encoded twice, to exclude errors. As example, the trigram GHK is encoded twice, resulting in XMC FZQ. Next, the operator moved the rotors to the
message key GHK and encoded the message. The two trigrams, being the encoded message key, were transmitted, together with the message. The receiver
sets his machine on the start position, as described in the codebook, and decodes the trigrams XMC FZQ back into the GHK message key. Next, he sets the
message key GHK as start position on his machine, to continue decoding the rest of the message. However, this procedure was actually a security flaw. The
message key is encoded twice, resulting in a relation between first and fourth, second and fifth, and third and sixth character. Moreover, many message keys on a
particular day would have the same setup and startpositions. This security problem enabled the Polish Cipher Bureau to break the pre-war Enigma messages.
However, German cryptologists were aware of the security flaw and from 1940 on, the Wehrmacht changed the message key procedures to increase security.
Wehrmacht radio operators now selected for each message a new randomly chosen start position or Grundstellung, let's say WZA, and random message key or
Spruchschlüssel, let's say SXT. He moved the rotors to the random startposition WZA, and encoded the random message key SXT. Let us presume that the
result was UHL. He sets up the message key SXT as startposition and encodes the message. Next, he transmits the random start position WZA, the encoded
message key UHL and the message. The receiver sets up the start position according the first trigram WZA, and decodes the second trigram UHL to obtain the
message key SXT . Next, he uses the message key SXT as startposition to decode the actual message. If a message was devided into several parts, the
operator had to insert a new startposition and message key for each part of the message.
The message was created at 12h30, consists of three parts (3 teile), of which this is the first, and contains 250 characters (Buchstabenkenngruppe included).
WZA is the startposition (Grundstellung) to decipher the encrypted message key (Spruchschlüssel) UHL. The Buchstabenkenngruppe FDJKM shows that the key
that was used is the one with Kenngruppe JKM.
The Kriegsmarine (German Wartime Navy) procedures on sending messages with the Enigma cipher machine were far more complex and elaborate than the
Heer and Luftwaffe procedures. The Kriegsmarine Enigma key sheets consisted of two parts.
Schlüsseltafel M Allgemein - Innere Einstellung (internal settings), contained the three rotors and their ring settings, the thin beta or gamma rotor and the
reflector, and this only for the odd days of a month.
Schlüsseltafel M Allgemein - Aussere Einstellung (external settings), contained the plugs and Grundstellung (basic start position) for each day of the
month..
An additional key existed for the officers and a special Schlüssel M NIXE was used for private communication between the captain and U-boat Command, without
other U-boats being able to read the message.
Examples of Kriegsmarine TRITON keys and Sonderschlüssel (special key) NIXE (click to enlarge).
Inner settings "TRITON" External settings "TRITON" Schlüssel M "TRITON" Officer Sonderschlüssel M "NIXE"
Kriegmarine Kenngruppen
The Kriegsmarine system of Kenngruppen was completely different to the Heer and Luftwaffe Kenngruppen system. In addition to the key sheets, the
Kriegsmarine used a Kenngruppenbuch on their main cipher nets to determine the message key. This Kenngruppenbuch is not to be confused with the
Kenngruppenheft for Short-signals (see Kurzsignalen) which has a completely different purpose. The Kenngruppenbuch contained the following parts:
Zuteilungsliste (an allotment list) that told the operator which table he should use for a particular cipher net. This list consisted of two parts. The first part
showed the table number, given the name of the cipher nets, and the second part showed the different cipher nets, given the table number.
Tauschtafelplan (table pointer) told the operator which column of a given table was used to select the required trigrams.
Spalten (columns) with the Kenngruppen ( indicator and encryption groups).
The operator had to select two three-letter kenngruppen or trigrams from the Kenngruppenbuch:
Both Schlüsselkenngruppe and Verfahrenkenngruppe had their own tables as determined in the Zuteilungsliste.
With the Enigma in the Grundstellung (the basic position for that day) the operator typed in the Verfahrenkenngruppe. The result would be the message key, used
as start position to encipher the message. The two trigrams together (Schlüsselkenngruppe and Verfahrenkenngruppe) were the message indicator.
Finally, this message indicator underwent an additional substitution encryption with a bigram table called Doppelbuchstabentauschtafel or double-letter
conversion table(see next section below).
Kenngruppenbuch Instructions Table selection by radionet Column selection by date Kenngruppen Table 681
The Kriegsmarine Enigma messages were formatted in four-letter groups. Some messages were encoded with the Kurzsignalheft code book or the
Wetterkurzschlüssel, prior to encryption with the Enigma. The Kurzsignalheft (short-signal book) converted words, numbers and all kinds of operational and
technical expressions and phrases into four-letter codes. The Wetterkurzschlüssel (weather-short signal key) converted a complete weather report into a 23 or 24
letters code. For more information on Kurzsignalen, please read the Kurzsignalen procedures page.
The Kriegsmarine message indicator (the Schlüsselkenngruppe and Verfahrenkenngruppe together) were encoded with a bigram table called
Doppelbuchstabentauschtafel or double-letter conversion table. A set of bigram tables consisted of nine different tables, labelled A to J. A calendar determined
which of the substitution tables was used on a particular day. The bigram table was reciprocal, meaning that if a bigram AB was encoded in KW, the bigram KW
would also decode to AB. The operator wrote the two trigrams from the message indicator underneath each other, but added one random dummy letter at the
beginning of the first trigram and one dummy letter at the end of the second trigram. To encode, bigrams were taken vertically from the message indicator and
encoded according to the bigram table.
As an example, we will encode the message indicator HLG KQK with Bigram Table “Fluss”.
The dummy random letters, in our example A and Z, are added to the trigram Schlüsselkenngruppe HLG and Verfahrenkenngruppe KQK:
AHLG
KQKZ
The receiving operator decoded the eight letters of the message indicator with the help of his bigram table. The resulting first trigram would show him the proper
key. Next, with the rotors in the Grundstellung, he would type in the second trigram. The resulting trigram was the recovered message key. He would set this
message key as rotor positions and finally decipher the rest of the message.The above example was used on the 3-rotor M3 Enigma. The procedure for the four-
rotor M4 Enigma was identical, but used all four letters instead of three and one random letter.
BDU 1540/8/107 24
BDBJ EMEJ DERH RFRS OQRV DTYH QWBV HILS CXHR OPOD
GTQL DDHI KFTG EDZS WXQS EDFR HGYG EDZZ UYQV DTYY
EDGH KIRM BDBJ EMEJ
The message is for BDU, is created at 15h40 on the 8th day, has serial number 107 and consists of 24 groups. At the beginning of the message we have the
message indicator BDBJ EMEJ, which is repeated at the end of the message. The group length of four letters and the repetition of the message indicator at the
end were characteristic for naval messages.
The Navy procedure as describe above was used by the main naval cipher areas. Many cipher nets, used in less important areas such as in the Black Sea,
Balkan and the Far East didn’t use this complex procedure with the Kenngruppenbuch to select message keys. Instead, they applied the insecure “throw-on”
system with double enciphered message key that was abolished by the Wehrmacht in 1940.
The Heer and Luftwaffe transmitted their messages always in five-letter group. To make cryptanalysis harder, it was forbidden to use more than 250 characters in
a single message. Longer messages were divided into several parts, each part using its own message key. The Enigma machine could process letters only.
Therefore, numbers were written out and punctuations were replaced by rare letter combinations. The Wehrmacht used the following abbreviations:
KLAM = Parenthesis
ZZ = Comma
X = Full stop (end of sentence)
YY = Point or dot
X****X = Inverted commas
Question mark (Fragezeichen in German) was usually abbreviated to FRAGE, FRAGEZ or FRAQ. Foreign names, places, etc. are delimited twice by "X", as in
XPARISXPARISX or XFEUERSTEINX. The letters CH were written as Q. ACHT became AQT, RICHTUNG became RIQTUNG.
Numbers were written out as NULL EINZ ZWO DREI VIER FUNF SEQS SIEBEN AQT NEUN
It was prohibited to encipher the word "NULL" several times in succession, so they used CENTA (00), MILLE (000) and MYRIA (0000). Some examples: 200 =
ZWO CENTA, 00780 = CENTA SIEBEN AQT NULL.
To make cryptanalysis even harder, some complications were introduced in the Wehrmacht message procedures during the war. Since the third, left-most rotor,
only advanced every 676 keystrokes, this rotor didn't have much effect during enciphering (such long messages were forbidden for security reasons). However,
the operator could encipher a certain four letter code into the message, for instance CYOP, and change the left rotor position. When the receiving operator
encountered these letters during deciphering, he also turned the left-most rotor to another position (in the case CYOP to position O).
Another complication, added at the end of the war, was placing the rotors 'with rotation'. Every 8 hours, a given rotor placing was rotated clockwise. If the rotors
for that day were 241, this changed during the day to 124 and 412. The ring setting for the individual rotors did not change, and moved along with the rotors.
The Kriegsmarine formatted their messages in four-letter groups. They used the following abbreviations:
X = Period
Y = Comma
UD = Question Mark
XX = Colon
YY = Dash/Hyphen/Slant
KK**KK = Parenthesis
J******J = Stress Mark
References
Off-Site
Wehrmacht Enigma Manual and Key Setting Procedures from Bob Lord's webpages
The Kenngruppenbuch Indicator System by Ralph Erskine
General Procedure for Kriegsmarine Schlüssel M and its Officer and Staff procedure document translations on Tony Sale's site
Ultra in the Atlantic: U-boat operations from NSA archives on ibiblio.org
Naval Enigma by Hugh Alexander
Enigma Message Procedures Used by the Heer, Luftwaffe and Kriegsmarine My paper, published in Cryptologia Volume 34, Issue 4, October 2010, page
329-339, also available as complete issue October 2010.
On-line Enigma Key Sheet Generator on Peter's meinEnigma website.