Kryha Cryptanalysis - Cryptograms in depth

• Wheel unknown
• Superposition Method
• Friedmand's Method
• Start sector
• Cryptograms in-depth, this page.
• Hill Climbing

Introduction

If we have several cryptograms encrypted with the same key, we say that these messages are "in-depth." Regardless of the encryption method, it is possible to recover the plaintext of the messages. Therefore, in the end, we will have several plaintext/ciphertext pairs. We can then attack the encryption system and reconstruct it (if it is unknown and not too complex) or, if it is known, reconstruct the key.

Note: The superposition page describes (among other things) the use of IC (Index of Coincidence) to prove that messages are in-depth.

The exploits of Parker Hitt against the Kryha

In 1929 and 1930, the American Parker Hitt analyzed two series of in-depth messages. Each of these series had been encrypted using a kryha, but with different wheels. For both series, Parker Hitt succeeded in deciphering the messages and reconstructing the secret elements of the machine: the alphabets and the wheel.

• 1929 Exploit (link)
• 1930 Exploit (link)

Method Used by Parker Hitt

In handwritten memos, Parker Hitt described his method:

• 1. Write messages so that initial letters, second letters, third letters, etc. are in column.
• 2. Prepare frequency table for each column.
• 3. Combine obviously equivalent columns.
• 4. Tentatively choose space, E, and common consonants.
• 5. Apply to text.
• 6. Prepare messages in blocks of 14 to 25 columns.
• 7. Analyze for identical cipher letters having probable meanings as found in 4.
• 8. Pick out the block best meeting this analysis. (This determines number of groups of teeth on gear wheel).
• 9. Using this Block, begin to pick out words through use of 2 and 4.
• 10. As words develop, start a two way similarity table.
• 11. Continue 9 and 10 simultaneously until 10 is practically completed. This will give most of the gear tooth spacing.
• 12. Make up a cipher disk with letters running according to horizontal similarity lines and a plain text disk with available letters chosen from vertical similarity (Method 7).
• 13. Using these disks, determine all gear tooth spacing through trial on proved words.
• 14. Complete plain text disk and translation of messages.

Commentary on Parker Hitt's method

In short, Parker Hitt's method consists of first finding the fixed outer alphabet (which corresponds to the plaintext). This is done by analyzing each column, which corresponds to an alphabet. To move from one column to another (and therefore from one alphabet to another), the alphabets must be shifted (this corresponds to the shifts created by the sectors of the wheel). For the alphabets to be superimposed, they must be in order. Thus, the outer alphabet and the shifts are determined simultaneously. Finally, the inner alphabet is determined by following the shifts of one or more plaintext letters, such as E or T (the most frequent letters). In the end, it is verified whether the messages can be deciphered with the reconstructed key.

This method is not easy to automate. It is reserved for professional cryptologists accustomed to using pen and paper and who know how to use their intuition.

A personnal example

I constructed an example similar to the in-depth message series broken by Parker Hitt. Then, I tried to reconstruct the key, drawing inspiration from Parker's method.

Note: My work is not finished, I will probably come back to it later...

Creating in-depth messages

$ echo TOBEORNOTTOBETHATISTHE | python3 kryha_tui.py -o -f 3 \
	-i KPFQVGMASCHYNIORDELUBZWJXT -e ZCJBWYKNAGQSPFTROXVMDULEHI
OCEGEHBJYMFHJSIOILJZTE

$ echo QUESTIONWHETHERTISNOBL | python3 kryha_tui.py -o -f 3 \
	-i KPFQVGMASCHYNIORDELUBZWJXT -e ZCJBWYKNAGQSPFTROXVMDULEHI
HOYURBQOPDCZXEVBXVUJVD

$ echo ERINTHEMINDTOSUFFERTHE | python3 kryha_tui.py -o -f 3 \
	-i KPFQVGMASCHYNIORDELUBZWJXT -e ZCJBWYKNAGQSPFTROXVMDULEHI
JSIRRUHKWTMZDGHUNDPZTE

$ echo SLINGSANDARROWSOFOUTRA | python3 kryha_tui.py -o -f 3 \
	-i KPFQVGMASCHYNIORDELUBZWJXT -e ZCJBWYKNAGQSPFTROXVMDULEHI
YRIRHMZOEKPWDXKWNCAZDF

$ echo GEOUSFORTUNEORTOTAKEAR | python3 kryha_tui.py -o -f 3 \
	-i KPFQVGMASCHYNIORDELUBZWJXT -e ZCJBWYKNAGQSPFTROXVMDULEHI
CDVQNSQWYIUVDCQWIPLVCC

$ echo MSAGAINSTASEAOFTROUBLE | python3 kryha_tui.py -o -f 3 \
	-i KPFQVGMASCHYNIORDELUBZWJXT -e ZCJBWYKNAGQSPFTROXVMDULEHI
UVWECBBLYKJVSHFBOCAHJE 

$ echo SANDBYOPPOSINGENDTHEMT | python3 kryha_tui.py -o -f 3 \
	-i KPFQVGMASCHYNIORDELUBZWJXT -e ZCJBWYKNAGQSPFTROXVMDULEHI
YPZFVKQUCSJMAQNIUAHVBS

$ echo ODIETOSLEEPNOMOREANDBY | python3 kryha_tui.py -o -f 3 \
	-i KPFQVGMASCHYNIORDELUBZWJXT -e ZCJBWYKNAGQSPFTROXVMDULEHI
DIIGRYXQBRXODIGZWPUPVT

The messages lined up

 0 1 2 3 4 5 6 7 8  9 0 1 2 3 4 5 6
[7,6,7,5,6,7,6,8,6,10,5,6,5,7,6,5,9]

        0123456789012345678901
Crypto  OCEGEHBJYMFHJSIOILJZTE
Clair   TOBEORNOTTOBETHATISTHE

Crypto  HOYURBQOPDCZXEVBXVUJVD
Clair   QUESTIONWHETHERTISNOBL

Crypto  JSIRRUHKWTMZDGHUNDPZTE
Clair   ERINTHEMINDTOSUFFERTHE

Crypto  YRIRHMZOEKPWDXKWNCAZDF
Clair   SLINGSANDARROWSOFOUTRA

Crypto  CDVQNSQWYIUVDCQWIPLVCC
Clair   GEOUSFORTUNEORTOTAKEAR

Crypto  UVWECBBLYKJVSHFBOCAHJE
Clair   MSAGAINSTASEAOFTROUBLE

Crypto  YPZFVKQUCSJMAQNIUAHVBS
Clair   SANDBYOPPOSINGENDTHEMT

Crypto  DIIGRYXQBRXODIGZWPUPVT
Clair   ODIETOSLEEPNOMOREANDBY
        0123456789012345678901

Encryption of the most frequent letters

I have constructed a table of the most frequent clear letters (ETAON...) and on the x-axis the corresponding numbered letters for each sector of the wheel (for the moment we do not know its period.

  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
E J D Y G     H   B R C V J E N     D   V   E  
T O       R       Y M   Z   S Q B I A   Z   S
A   P W   C   Z     K     S     O   O       F
O D C V     Y Q J   S F   D H G W   C   J 
N     Z R     B O   T U O A     I     U
I     I     B           M         X L
R   S       H   W     P W     V Z O   P
S Y V   U N M X L     J   G   K     V J
H           U       D   X     I           T

Some columns are identical (for example, columns 7 and 10). This is because the inner alphabet is in phase with the outer alphabet. Consequently, the sum of the corresponding sectors is equal to 0:

l[7] + l[8] + l[9] + l[10] = 0 modulo 26. The same is true for columns 13 and 21, 0 and 12, 11 and 19, and 1 and 17.

These identical columns allow us to complete these columns:

  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
E J D Y G     H   B R C V J E N     D   V   E  
T O A     R       Y M   Z O S Q B I A   Z   S
A S P W   C   Z     K     S F   O   P       F
O D C V     Y Q J   S F J D H G W   C   J   H 
N A   Z R     B O   T U O A     I     U O
I   L I     B   M       M         X L   M
R   S       H   W     P W     V Z O S P W
S Y V   U N M X L     J L Y G K     V J L   G
H X         U   X   D     X   I           T

Parker Hitt first focused on the columns and attempted to reconstruct the order of the plaintext alphabets. He then examined the different ciphertext alphabets for each column and superimposed them to determine the shifts and also to complete them.

If we look at the ciphertext for the letter E, we have the successive ciphertext letters: J, D, Y. These letters are separated by the gaps l[0] and l[1]. If we estimate that the gaps l[7] to l[11] are equal to 26, on average, a sector of the wheel is approximately 26/4 = 6. If we apply this average value to the letters J, D, Y:

J+6=D, D+6=Y.

The letters of the plaintext must give the same order. Thus, in the first column (number 0) E:J, O:D, S:Y, … these pairs must be rearranged to obtain the order JDY. We obtain the order E, O, S separated by the gaps l[0] and l[1].

If two letters appear consecutively (column x, column x+1) in two different rows but in different column pairs, the offsets between these two column pairs are identical. Thus, the letters CV, in columns 1 and 2 (row O) and also in columns 10 and 11 (row E), have the same offset (l[1]==l[10]).

Reference

• Frode Weierud - The Kryha Cipher Machine - Transcript of 1929 manuscript written by Parker Hitt. link