Crib search

Break an Enigma Key with Bombe

A complete example

Query-Menu

Introduction

A Crib is an assumed plain text that corresponds to the decryption of all or part of a cryptogram.

Finding Crib is a prerequisite for using Turing / Welchman bombes.

There are several origins to a Crib:

  • A routine message
  • A re-encoding of a message from one network to another
  • Throw-on indicators (“Query-Menu” type Crib)
  • In depth messages
  • The cillies
Note: The first two (routine message and re-encodings) are the most common.

In BP, the first Turing / Welchman-type bombe (called a spider) arrived in August 1940. Cryptologists discover, within the Crib Room, the Cribbery (the art of discovering Cribs). At first, the crib room was made up of just four people led by Stuart Milner-Barry who had been studying the Cribbery even before the bombes arrived.

Finding cribs requires regular decryption of a network.

To find Cribs that match routine messages, you must be able to decipher the Enigma traffic on a network. But to perform decryption with bombes, you need Cribs. It's a chicken and egg problem. This is why the first decipherments were often found by manual methods (Cillies) or via re-encoding.

Cribs evolve over time: some appear or disappear or even change. If we want to decipher a network by bombes, it is necessary to decipher this network regularly. Otherwise the lack of cryptological continuity makes it very complex to carry out new decryption. If a network generates little traffic or if security rules are followed, regular decryption is very complex to perform.

A particularity of Enigma, called "non-crashing", helps to choose a crib or to put it at the right place (under the ciphered text). A letter never can be ciphered by the same letter. For example, if the Crib begins by "KEINE", the corresponding ciphered text cannot have a "k" as first letter, an "e" as second letter, an "I" as third letter and so on. To be usefull, a crib must be more than 30 letters. One advantage, we can be almost sure it is a correct crib if it is non-crashing. With 30 letters, there is about 1.25 letters which supperpose.

Routine messages

There are two types of routine messages:

  • The addresses given at the beginning or at the end of messages
  • The actual routine messages.
Routine messages can be identified by a combination of characteristics:
  • Their length
  • Their frequency
  • The original time,
  • The sender and / or the recipient (s))
  • Urgency (KR: Immediate)
The length, the time of origin, the urgency were directly indicated in the preamble of the message. The sender and the recipients could be deduced from the call sign. For example, the HQ call sign could be easily deduced because it was the source of the majority of messages.

After the day’s traffic was deciphered, cryptologists would read the messages and deduce new cribs and list the different forms of an old crib. This information was recorded in a book (Crib Room Log). In particular, this book was used to pass on Crib tracking from one shift to another.

Examples of Cribs

“KEINE BESONDEREN VORKOMMISSE” (nothing to report)

"KEINE BESONDEREN EREIGNISSE" (no special developments)

"NAQT RUHIG YY KEINE BESONDEREN VORKOMMISSE YY" (Quiet night. Nothing special to report)

EINS X MELDUNG KLAM X LUDWIG KLAM YY ... YY SULTAN X ROEM X EINS CAESAR X GEHEIM (One Report (Ludwig) ... Sultan Roman one Caesar , Secret. [the intelligence officer with nickname "Sultan"]

"VORHERSAGEBERREICH SIEBEN" (weather forecast from area seven)

"WETTERVORHERSAGEBISKAYA" (wheather forecast of Bay of Biscay [Golfe de Gasgogne])

"ABSTIMMSPRUCHYYRESTXOHNNEXSINN (tuning message, remainder meaningless)

The re-incoding message

There is another sort of crib: the re-incoding of a message: The same message is sent through different nets. Each time it is ciphered differently. If you decrypt the message for one net, you will decrypt it for all nets.

When a message was retransmitted on another network, security rules required that the message be transformed so that its structure was different: different spacings, abbreviations used or not and even possibly reformulation. These security rules were enforced within the Greenshank network but much less so in the Air Force networks. In some cases, the messages were retransmitted verbatim. So it was very easy for the cryptologists at Hut 6 not only to position the crib but also to be 100% sure that it was a re-encoding. Indeed for a Crib of a few tens of letters the fact that there is no collision (a letter was encrypted by the same letter, which is impossible with the Enigma) can happen by chance. On the other hand, the absence of collision for a text exceeding a hundred letters (which was the case with re-encoding) became impossible.

Throw-on indicators (“Query-Menu” type Crib)

From time to time, the Germans used a very unsecure indicator method: The operator chooses a message key that he encrypts twice at a particular rotor position called GrundStellung, which is part of the key of the day. This type of indicator method is called Throw-on.

The menus generated are called Query-menu. They are special because the Crib contains numbers instead of letters. These numbers actually represent letters that are unknown but identical for a given indicator.

Messages in depth

Cribs based on throw-on indicators are actually a special case of cribs inferred from “in-depth” messages, that is, messages that are encrypted with the same key. If we have a few “in-depth” crytograms we can check “routine” or “re-encoding” type Cribs. If we have a lot of "in-depth" messages, it is even possible to deduce a few pieces of the clear (therefore cribs).