Cryptanalysis of the HCM 5 rotors

• Navy 1924 Challenge
• Cryptanalyse (This page)
  Note: (F): Friedman.
  • (F) Known plain text attack
  • the wiring of the rotors is known. Search for rotor V
  • the wiring of the rotors is known. Search for rotor I
  • (F) Find the rotor wiring V
  • (F) The beginning of plain text
  • The beginning of plain text
  • (F) Find the rotor wiring I
  • (F) Find the stator wiring S
  • (F) Find the wiring for the other rotors
  • Hill Climbing: Find the rotor wiring V
• The Friedman's report

Introduction

There are essentially two works that deal with cryptanalysis of Hebern's 5-rotor ciphering machine:

• Machine Cryptography and Modern Cryptanalysis, by Deavours & Kruh.
• The report by W. Friedman (Analysis of mechanico-electrical cryptograph, Part I) which describes how he managed to break the 10 messages of the 1924 Challenge created by the American Navy before the adoption of the Hebern machine as high-level encryption means. This report remained over 60 years classified.

In this page, we will deal with all the methods described in the two previous works as well as other methods from other sources.

Cryptanalysis with known plain text

Friedman's approach, deciphering a poem

In his secret report, Friedman does not deal exclusively to find the solution to the Navy's challenge. He gives an example of reconstitution of the wiring of the rotors of a Hebern machine from a couple plain text, cryptogram. (link).

The Deavours & Kruh approach

Deavours & Kruh also offers a method for finding the wiring of the rotors from a cryptogram/plain text couple.

Their method is similar to that of Dawson which I presented in the study of the Hebern 1 rotor machine.

Cryptanalysis knowing the wiring of the rotors

Find the fast rotor using statistics

Finding the fast rotor using isomorphs

Deavours & Kruh offers an alternative using isomorphs:

The previous method (based on the IC) to find the rotor in position V uses statistics. A faster method is based on isomorphs. For example, if we assume that the cryptogram begins with "CONFIDENTIAL", we can verify this hypothesis by try each rotor in turn and for each, check if the decipherment gives a simple isomorphic substitution of the probable word.

Find the medium rotor (in position I)

Cryptanalysis from the cryptogram alone

Objectives: find at least the wiring of the rotor in position V, decipher the messages, and at best, reconstruct the machine, i.e. find the wiring of all the rotors.

The Deavours & Kruh method

Friedman's method

In his secret report, the key stages of which are described (link). Friedman manages to find the wiring of the rotors and the plain text of 10 messages ( all 10 messages made about 3000 characters). Friedman claims that his statistical method works from 2000 characters.

Note: Friedman knows the input and output permutations (Keyboard and Lampboard), as well as the external key of the 10 messages. On the other hand he ignores the wiring of the rotors.

Finding plain text from simple substitutions

As soon as we know the wiring of the rotor in position V (fast rotor), it is possible to start trying to decipher cryptograms. Indeed if we eliminate the action of the Lampboard and the rotor V, the problem comes down to deciphering simple substitutions... but limited to only 26 letters! It's a real feat if you can do it. It is simpler to first reconstruct the wiring of the rotor in position I, but to do so, you need to know a few plain text lines!

• Friedman's approach (link).
• We use software (link).

Messages in-depth

Deavours & Kruh affirm: "... With the Hebern machine even 10 to 15 messages, whose individual lengths may not be more than 50 or so letters, can be solved and the rotor wirings reconstructed to some degree if the texts are identically keyed".

I completely disagree with this statement. Through experience that the Challenges that I published gave me, you need at least 100 messages to find the solution. Friedman agrees with me in part by stating in his secret report (paragraph 86) that it takes more than 50 messages to have almost certainty to reconstruct the plain text messages and then be able to reconstruct the fast rotor (the V rotor).

Game tree algorithm

• A current state of play.
• Rules for making legal moves.
• A method of evaluation a given state of play against others so that the most likely winning path may be chosen.

Note: In Carl Ellison's article on his solution to the 1924 Navy challenge, Carl only gives his solution for the fast rotor (the rotor in the V position):

     U Z X D R Q C E L N H V A K J Y G T B P M O F I S W

I developed a signature program which allows me to identify a rotor independently of whether it has undergone a rotation or a twist effect. This program is described in my page rotor. Using this program, I compared Ellison's solution to Friedman's. The signatures are different. Conclusion, it seems that the solution published by Ellison is incorrect.

C:\H1_TOOLS> python signature.py -R =UZXDRQCELNHVAKJYGTBPMOFISW -c -S
  Type     :  1.3.22.
  Cycles   :  (D),(AUM),(BZWFQGCXILVOJNKHERTPYS),
  Signature:  [1, 6, 1, 19, 13, 4, 9, 24, 14, 7]

C:\H1_TOOLS> python signature.py -R =DPGTBZOHRYMSLAJIWCKUQFNVXE -a
PI direct
  PI       :  DPGTBZOHRYMSLAJIWCKUQFNVXE
  Type     :  1.4.7.14.
  Cycles   :  (H),(KMLS),(ADTUQWN),(BPIRCGOJYXVFZE),
  Signature:  [1, 6, 24, 11, 16, 12, 7, 23, 14, 18]
PI reverse
  PI       :  NERAZVCHPOSMKWGBUILDTXQYJF
  Type     :  1.4.7.14.
  Cycles   :  (H),(KSLM),(ANWQUTD),(BEZFVXYJOGCRIP),
  Signature:  [2, 17, 15, 3, 18, 7, 10, 21, 7, 16]

Hill Climbing

Taking inspiration from Deavours & Kruh's approach to finding the rotor in position V (if we know the wiring of the rotors), I created a program using Hill Climbing approach to find the wiring of the rotor in position V from 1000 characters (link).

Miscellaneous

Knowledge (or not) of Lampboard permutation

Friedman succeeds in his feat of deciphering the 10 messages of the Navy challenge because he knew the Lampboard permutation (RFS), which was identical on army machines and on navy machines.

Friedman notes that if we put ourselves in real conditions, in short if we respect the principles of Kerckhoff (not quoted by Friedman), we can assume that the enemy knows the details of the machine: either because he bought it (for a commercial machine like this of Hebern), or because he captured it.

Nevertheless, Friedman indicates that thanks to his first statistical method (which requires nearly 200,000 letters), the reconstruction of the Lampboard permutation is possible.

Analysis in case REVERSE mode is used

Friedman, in his report concerning the analysis of the HCM (Hebern Cipher Machine), asks the question of the difficulty of deciphering messages encrypted by the machine configured in REVERSE mode (decryption mode).

It does not deal with a complete example, but concludes with possibility of finding the solution but with a lot more data than in the case where the machine is configured in DIRECT mode.

References

• Machine Cryptography and Modern Cryptanalysis, by Cipher A. Deavours & Louis Kruh, Artech House Editor, 1985.
• Analysis of the Hebern Cryptograph Using Isomorphs, by Cipher A. Deavours, Cryptologia, Vo. 1, N°2, April 1977.
• A Solution of the Hebern Messages, by Carl M. Ellison, Cryptologia, Volume XII, Number 3, July 1988.

Web Links

• ANALYSIS OF A MECHANICO-ELECTRICAL CRYPTOGRAPH, PART I, TECHNICAL PAPER, BY WILLIAM F. FRIEDMAN Cryptanalyst, Chief of Signal Intelligence Section UNITED STATES GOVERNMENT PRINTING OFFICE, WASHINGTON: 1934, Secret. (link)