Chapter 6: Analysis of a five wheels Hagelin Cipher Machine ---- Explanation Problem 1 ========= 1) First step: recover the key K[i] = (P[i] + C[i] + 1) % 26 K[0] = (H + J + 1) = 7 + 9 + 1 = 17 K[1] = (O + H + 1) = 14 + 7 + 1 = 22 ... Key: 17 22 23 14 0 16 25 10 24 4 5 15 24 6 3 23 15 21 5 10 2 10 20 15 12 24 13 18 18 12 22 24 4 14 6 10 13 18 10 0 24 2) Second step: Search the lower and higher value (0 and 25). Remark: maximum value for a C36 machine is 25. For key 0 all pins are non-effective and for key 25 all pins are effective. We report on a chart a effective Pin by "+" and non-effective Pin by "-". We mark the period of the wheel by "]". i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 C J H J H A F K W R E I O F G C D V U C Z X G U A Y P H O N G Z K O N G Z W A S Z A T T A C K E D Z O N K 17222314 016251024 4 51524 6 3231521 510 210201512 W17 - - + ] - - + W19 - - + ] - - W21 - + - ] W23 - + - ] W25 - + - ] i 25 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 C Y I J L E C Y A J D F A Q F I Y N H A N D A N N B P Z E I G H T Z D E C E M B E R Z K 24131818122224 414 610131810 024 W17 ] - - + W19 + ] - W21 - + - ] W23 - + - ] W25 - + - ] On this chart we can see the Pins at position 25 : the displacement (key) is 24 = 25 – 1. The Pin[W21][25] is non-effective. We can deduce there is only one lug front of the Wheel 21 and all other Pins at position 25 are effective. The K[8], K[12] and K[31] are equal to 24 too. We apply the same argument. Report our deductions on the chart. i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 C J H J H A F K W R E I O F G C D V U C Z X G U A Y P H O N G Z K O N G Z W A S Z A T T A C K E D Z O N K 17222314 016251024 4 51524 6 3231521 510 210201512 W17 - - + + + + ] - - + W19 - + - + + + ] - - W21 - + - - - - ] W23 + - + + + - + ] W25 + - + + + - + ] i 25 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 C Y I J L E C Y A J D F A Q F I Y N H A N D A N N B P Z E I G H T Z D E C E M B E R Z K 24131818122224 414 610131810 024 W17 + + + ] - - + W19 + + + ] - + W21 - + - - - - - ] W23 + - + + + - + W25 + - + + + - + 3) The third step is to search for the wheel with the largest number of lugs front of it. We write the key in a period for each wheel. At the same time me note the differences between the largest and smallest key number in each position. The Wheel with the smallest differences between the largest and smallest key number within each position is the wheel with the largest lugs front of it. Its Pins setting can be recovered. Wheel 17: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 17222314 016251024 4 51524 6 32315 21 510 21020151224131818122224 414 610131810 024 ---------------------------------- 15171616102010 2 0 913 312181919 1 => 0/20 Wheel 19: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 17222314 016251024 4 51524 6 3231521 5 10 21020151224131818122224 414 6101318 10 024 -------------------------------------- 72212 615 4 1 3 614 7 7 0 2 917 5 813 => 0/22 Wheel 21: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 17222314 016251024 4 51524 6 3231521 510 2 1020151224131818122224 414 610131810 024 ------------------------------------------ 7 2 8 224 3 7 81218191110 0 710 311 514 => 0/24 Wheel 23: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 17222314 016251024 4 51524 6 3231521 510 21020 151224131818122224 414 610131810 024 ---------------------------------------------- 210 1 118 21312 0 0 9 914 7151315 3 => 0/18 Wheel 25: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 17222314 016251024 4 51524 6 3231521 510 210201512 24131818122224 414 610131810 024 -------------------------------------------------- 8 9 5 412 6 1 610 2 5 2 6 4 3 1 => 1/12 The keys showing in one column have been produced with the wheel being in a certain position. From the keys in a column being large or small, it can be said whether the pin in that position of wheel must effective or non-effective. Wheel 25: + + + + - + + - + - - + + - - + + + - - - ? + + ? 17 22 23 14 0 16 25 10 24 4 5 15 24 6 3 23 15 21 5 10 2 10 20 15 12 24 13 18 18 12 222 4 4 14 6 10 13 18 10 0 24 We report our deductions on the chart: i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 C J H J H A F K W R E I O F G C D V U C Z X G U A Y P H O N G Z K O N G Z W A S Z A T T A C K E D Z O N K 17222314 016251024 4 51524 6 3231521 510 210201512 W17 - - + + + + ] - - + W19 - + - + + + ] - - W21 - + - - - - ] W23 + - + + + - + ] W25 + + + + - + + - + - - + + - - + + + - - - ? + + ?] i 25 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 C Y I J L E C Y A J D F A Q F I Y N H A N D A N N B P Z E I G H T Z D E C E M B E R Z K 24131818122224 414 610131810 024 W17 + + + ] - - + W19 + + + ] - + W21 - + - - - - - ] W23 + - + + + - + W25 + + + + - + + - + - - + + - - + From maximum values of each wheel we can deduce the rough lugs values front of each one: - Max[w17] = 20 => Lugs[w17] ~ (25-20) ~ 4 - Max[w19] = 22 => Lugs[w19] ~ (25-22) ~ 2 - Max[w21] = 24 => Lugs[w21] ~ (25-24) ~ 1 - Max[w23] = 18 => Lugs[w23] ~ (25-18) ~ 7 - Max[w25] = 12 => Lugs[w25] ~ (25-12) ~13 From the Chart, Several deductions can be made : a) K[2]=23, then Pins[w17][2] is effective and there are 2 lugs front of it. b) K[14]=3 and Pins[w17][14] is effective, then Pins[w21][14] is effective too and other Pins are non-effective. c) K[29]=12 and (Pins[w17][29] and Pins[w23][29] are effective), and Lugs[w23] ~ 7, then Pins[w19][29] is effective. d) K[20]=10 then Pins[w17][20] is non-effective and Pins[w23][20] is effective. e) K[27]=18 and Lugs[w23] ~ 7 and Pins[w23][27] is non-effective, then Pins[w17][27] is effective. f) K[10]5 and Lugs[w23] ~ 7, then Pins[w23][10] is non-effective and Pins[w19][10] is effective and Lugs[w19] = 3. K[18] = 5 too, then Pins[w23][18] is non-effective and Pins[w19][18] is effective. From position 27 (K[27]=18) we can deduce Lugs[w25] = 12. From position 19 (K[19]=10), we can deduce Lugs[w23] = 7. g) Now, all Pins can be deduced execpt if key value equal 3,10,15 and 22, because 3=2+1 or 3, 10=7+3 or 10=1+2+7, 15=12+3 or 15=12+2+1, 22=12+7+2+1 or 22=12+7+3. If some Pins values are known for keys equal 3,10,15 then in these cases we can deduce Pins too. We report our deductions on the chart: i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 C J H J H A F K W R E I O F G C D V U C Z X G U A Y P H O N G Z K O N G Z W A S Z A T T A C K E D Z O N K 17222314 016251024 4 51524 6 3231521 510 210201512 W17 2 + + - + - - + + - + + + + - ]+ + - + - - + W19 3 + - + - - + + + + + + + - + - +]+ - - W21 1 - + + - - + + - + - - + + + - - - -] W23 7 - + + - - - + + + - - + - - + - + - + - ] W25 12 + + + + - + + - + - - + + - - + + + - - - ? + + ?] i 25 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 C Y I J L E C Y A J D F A Q F I Y N H A N D A N N B P Z E I G H T Z D E C E M B E R Z K 24131818122224 414 610131810 024 W17 2 + - + + + + - +]+ - + - - + W19 3 + - + + + + + - + - +]+ - + W21 1 - + + + - - + - + + + - - - ] W23 7 + - - - + + - - - + - - + - + W25 12 + + + + - + + - + - - + + - - + Now we report Pins values from modulo values: Pins[w21][28%21] = Pins[w21][7] is effective Pins[w17][33%17] = Pins[w17][16] is effective Pins[w23][34%23] = Pins[w23][11] is non-effective Pins[w21][32%21] = Pins[w21][11] is effective i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 C J H J H A F K W R E I O F G C D V U C Z X G U A Y P H O N G Z K O N G Z W A S Z A T T A C K E D Z O N K 17222314 016251024 4 51524 6 3231521 510 210201512 W17 2 + + - + - - + + + - + + + + + - +]+ + - + - - + + W19 3 + - + - - + + - + + + - + + - + - - +]+ - + - - + W21 1 - + + - - + + + - + - + - + + + + - - - -]- + + - W23 7 - + + - - - + + + - - - + - - + - + - + - + +]- + W25 12 + + + + - + + - + - - + + - - + + + - - - - + + -] Now we know all Pins and Lugs, it is easy to decipher the rest of the message. Problem 2 ========= We don’t use new methods. Problem 3 ========= 1) First step: recover the key Key[] = 19 3 4 17 4 9 17 18 1 23 0 17 16 14 2 9 17 15 2 23 12 11 20 4 11 20 18 0 18 6 20 13 18 3 6 13 17 6 17 0 11 18 2 6 21 22 10 21 0 24 23 14 2 6 16 23 0 16 4 9 2) The second step is to search for the wheel with the largest number of lugs front of it. Its Pins setting can be recovered. Wheel 17 19 3 417 4 91718 123 0171614 2 917 15 223121120 4112018 018 6201318 3 61317 617 01118 2 621221021 02423 14 2 61623 016 4 9 ---------------------------------- 1311171110111314181721 510 7111520 => 5/21 Wheel 19 + - - + - - + + - + - + + + - - + + - 19 3 417 4 91718 123 0171614 2 91715 2 23121120 4112018 018 6201318 3 61317 6 17 01118 2 621221021 0242314 2 61623 0 16 4 9 (mini +=13) -------------------------------------- 712 7 3 2 5 4 410 5 6 710 4 1 3 4 8 6 => 1/12 Wheel 21: 19 3 417 4 91718 123 0171614 2 91715 22312 1120 4112018 018 6201318 3 61317 617 01118 2 621221021 0242314 2 61623 016 4 9 ------------------------------------------ 17171711161217 622 9 912131711 813 8 212 6 => 6/22 Wheel 23: 19 3 417 4 91718 123 0171614 2 91715 223121120 4112018 018 6201318 3 61317 617 01118 2 62122 1021 0242314 2 61623 016 4 9 ---------------------------------------------- 151816 719 9151415 5 31112 8 4 817 41621 610 2 => 2/21 Wheel 25: 19 3 417 4 91718 123 0171614 2 91715 223121120 411 2018 018 6201318 3 61317 617 01118 2 621221021 024 2314 2 61623 016 4 9 -------------------------------------------------- 415 212121417 2 31713 010 3 2 2 113 4 210 1 1 413 => 0/17 3) Third step: Search the lower and higher value (0 and 24). For key 0 all pins are non-effective and for key 24 all pins are effective. We report on a chart our deductions: i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 C J C O Q Q E Y N B W R Z N W B D X P F S U G U R K J J M L G P J A P A N E S E z A I R C R A F T z W E R E z M A K I N G z K 19 3 417 4 91718 123 0171614 2 91715 223121120 4112018 018 6 w17 - - - + ] - - w19 + - - + - - + + - + - + + + - - + + -]+ - - + - - + + - + - w21 - + - - - ] - + w23 - + - - - ] - + - w25 - - - - - +] - i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 C T T Y C D C Y G C M L E N O B O F D M Y W T J M Y W O H D J P A T T A C K S z O N z N O R T H E R N z A U S T R A L I A z K 201318 3 61317 617 01118 2 621221021 0242314 2 61623 016 4 9 w17 - + ] - - + ] - w19 + + + - - + + -]+ - - + - - + + - + - + + + - - + + -]+ - - w21 - - - ] - + - - w23 - - ] - + - - w25 - - - - +] - - 4) Find a complete Pins setting. K[14]=2 => Lugs[w23]=2 and Pins[w23][15] is effective. We can use the same argument for K[42]=2, K[52]=2, K[18]=2 K[8]=1 => Pins[w23][8] is non-effective. Number of lugs front of wheel 21 is less than the wheel 25 =>Lugs[21]=1 K[31]=13 and only one Pin is effecive => Lugs[w19]=13 We report on the chart our deductions: i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 C J C O Q Q E Y N B W R Z N W B D X P F S U G U R K J J M L G P J A P A N E S E z A I R C R A F T z W E R E z M A K I N G z K 19 3 417 4 91718 123 0171614 2 91715 223121120 4112018 018 6 w17 - - - - - + ] - - - - w19 + - - + - - + + - + - + + + - - + + -]+ - - + - - + + - + - w21 - - + + - - - ]- - + w23 - + - + - - + - + + + ] - + - + w25 - - - - - - - +] - i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 C T T Y C D C Y G C M L E N O B O F D M Y W T J M Y W O H D J P A T T A C K S z O N z N O R T H E R N z A U S T R A L I A z K 201318 3 61317 617 01118 2 621221021 0242314 2 61623 016 4 9 w17 - + ] - - - - + ] - - - w19 + + + - - + + -]+ - - + - - + + - + - + + + - - + + -]+ - - w21 - - - ]- - + - - w23 - - + - + + + ] - + - + - w25 - - - - - - +] - - - K[1]=3 => Pins[w21][1]and Pins[w23][1] are effectives and Pins[w25] is non-effective. Pins[w17][33] is effective K[2]=4 => Lugs[w17]=3 and Pins[w17][2] is effective, it is the same argument for all key equal 4 (K[4] and K[23]). K[59]=9 => all remaining pins are effective and Lugs[w25]>=6 K[50]=23 => all remaining pins are effective and there is an overlap between remaining wheels K[6]=17=> Pins[w17][6] is effective K[29]=6 => Pins[w17][39] and Pins[w21][39] are effective i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 C J C O Q Q E Y N B W R Z N W B D X P F S U G U R K J J M L G P J A P A N E S E z A I R C R A F T z W E R E z M A K I N G z K 19 3 417 4 91718 123 0171614 2 91715 223121120 4112018 018 6 w17 - + + - + - - + - + +] - + + - + - - + w19 + - - + - - + + - + - + + + - - + + -]+ - - + - - + + - + - w21 - + + + - + + - - - - + - ]- + + + - + + w23 - + - + - + - - + + - + + + ]- + - + - + w25 + - - - - - + - - - - +]+ - - - i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 C T T Y C D C Y G C M L E N O B O F D M Y W T J M Y W O H D J P A T T A C K S z O N z N O R T H E R N z A U S T R A L I A z K 201318 3 61317 617 01118 2 621221021 0242314 2 61623 016 4 9 w17 - + +] - + + - + - - + - + +] - + + - + - w19 + + + - - + + -]+ - - + - - + + - + - + + + - - + + -]+ - - w21 - - - - - ]- + + + - + + - - - - + w23 - - + - + + + ]- + - + - + - - + w25 - - + - - - - +]+ - - - - - + K[0]=19 => Pins[w17][0] is non-effective K[5]=9 => alls remaining Pins are effective. The same argument can be used with K[15] and K[59] K[13]=14 => there is an overlap (3-5) and all remaining pins are non-effective, K[19]=23, => Pins[w25][19] is effective and Lugs[w25]=6 K[21]=11, => Pins[w23][21] and Pins[w25][21] are effectives. It is the same with K[24] K[26]=18 and Lugs[w19]+Lugs[w23]-1 Overlap = 14, then Pins[w17][26] and Pins[w21][26] are effective K[34]=6 => Pins[w17][34] and Pins[w23][34] are non-effective K[35]=13 => Pins[w23][35] is non-effective K[37]=6 => Pins[w17][37] and Pins[w21][37] are effective. The same argument can be used with K[43] and K[53] K[46]=10 => Pins[w25][46] is effective K[54]=16 => Pins[w17][54] is effective K[55]=23 => Pins[w23][55] and Pins[w25][55] are effective We report our deductions on the chart: i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 C J C O Q Q E Y N B W R Z N W B D X P F S U G U R K J J M L G P J A P A N E S E z A I R C R A F T z W E R E z M A K I N G z K 19 3 417 4 91718 123 0171614 2 91715 223121120 4112018 018 6 w17 - - + + - + + - + - + - - + +]- - + + - + + - + - + w19 + - - + - - + + - + - + + + - - + + -]+ - - + - - + + - + - w21 - + + + + - + + - - + - - - + + - - ]- + + + + - + + w23 - + - + - + + + - + - - - + + - + + + + ]- + - + - + + w25 + - - - - + - - + - - - + - - + + - +]+ - - - - i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 C T T Y C D C Y G C M L E N O B O F D M Y W T J M Y W O H D J P A T T A C K S z O N z N O R T H E R N z A U S T R A L I A z K 201318 3 61317 617 01118 2 621221021 0242314 2 61623 016 4 9 w17 - - + +]- - + + - + + - + - + - - + +]- - + + - + + - w19 + + + - - + + -]+ - - + - - + + - + - + + + - - + + -]+ - - w21 - - + - - - + + - - ]- + + + + - + + - + - - - + + w23 + - - - + + - + + + + ]- + - + - + + + - + - - - + w25 + - - + - - - + - - + - +]+ - - - - + - - + K[37]=6 => Pins[w17][37%17=3] is effective and Pins[w25][37%25=12] is non-effective K[3]=17 => Pins[w17][3] is effective and Pins[w21][3] is non-effective K[7]=18 => Pins[w25][7] is non-effective K[11]=17 => Pins[w17][11] is effective and Pins[w25][11] is non-effective, it is the same with K[16]. K[15]=9 => Pins[w21][15] and Pins[w23][15] are non-effective K[20]=12 and Pins[w19][20] is non-effective => other Pins are effective. K[22]=20 => Pins[w23][22] is non-effective and Pins[w25][22] is effective We report our deductions on the chart: i 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 K 19 3 417 4 91718 123 0171614 2 91715 223121120 411 w17 3 - - + + + - + + - + - + + - - + +] w19 I--13 + - - + - - + + - + - + + + - - + + -] w21(1) 1 - + + - + + - + + - - + - - - - + + - - +] w23 I-- 2 - + - + - + + + - + - - - + + - - + + + + + -] w25 6 + - - - - + - - - + - - - - - + - - - + + + + - +] We have recovered the whole internal settings. It is easy to solve the rest of the message. Remark: There was only one overlap (between wheel 19 and wheel 23), then the problem was simple to solve. More overlaps there are, more decrypting is complex. Problem 4 ========= We don’t use new methods. Problem 5 ========= We don’t use new methods.