Sunday, April 16, 2017


In The American M-209 cipher machine i’ve added notes and I’ve also added some text (analysis of German trigram technique and a list of reports on the Hagelin C-38). 

Friday, April 14, 2017

Article on Vietnamese signals intelligence successes against French and US forces

The very interesting article ‘Cryptography During the French and American Wars in Vietnam by Phan Duong Hieu and Neal Koblitz is available online.

Abstract: After Vietnam's Declaration of Independence on 2 September 1945, the country had to suffer through two long, brutal wars, first against the French and then against the Americans, before finally in 1975 becoming a unified country free of colonial domination. Our purpose is to examine the role of cryptography in those two wars. Despite the far greater technological resources of their opponents, the communications intelligence specialists of the Viet Minh, the National Liberation Front, and the Democratic Republic of Vietnam had considerable success in both protecting Vietnamese communications and acquiring tactical and strategic secrets from the enemy. Perhaps surprisingly, in both wars there was a balance between the sides. Generally speaking, cryptographic knowledge and protocol design were at a high level at the central commands, but deployment for tactical communications in the field was difficult, and there were many failures on all sides.

Sunday, April 9, 2017

A misogynistic mistake!

In The Finnish cryptologic service in WWII I’ve added ‘Head of the diplomatic department was Mary Grashorn’.

Mary Grashorn was mentioned in the essay ‘Finland’s codebreaking in WWII’ by David Kahn. I don’t know how I missed that. 

Tuesday, April 4, 2017

The quest for the missing NAASt 5 reports

During WWII the German Army’s signal intelligence agency operated a number of fixed intercept stations and also had mobile units assigned to Army Groups. These units were called KONA (Kommandeur der Nachrichtenaufklärung - Signals Intelligence Regiment) and each had an evaluation centre, a stationary intercept company, two long range signal intelligence companies and two close range signal intelligence companies.

Each KONA regiment was assigned to an Army group and was responsible for intercepting and decoding enemy traffic. KONA 5 was stationed in Western Europe and their cryptanalytic centre NAASt 5 (Nachrichten Aufklärung Auswertestelle - Signal Intelligence Evaluation Center) worked mainly on the radio traffic of the US and UK forces.

In late 1944 the cryptanalysts of NAAS 5, led by Reinold Weber, built a cryptanalytic device in order to solve the settings of the M-209 device more quickly.

In order to learn more about this device and the way it was used I’ve tried to locate any surviving reports of NAAS 5. According to the TICOM report IF-272 - TAB ‘D’ the following NAAS 5 reports survived the war:

E-Bericht Nr. 1/44 der NAAst 5 dated 10.1.44

E-Bericht Nr. 2/44 der NAAst 5

E-Bericht Nr. 3/44 der NAAst 5 (Berichtszeit 1.4-30.6.44)

E-Bericht 4/44 der NAAst 5 (Berichtszeit 1.7-30.9.44) dated 10.10.44 

E-Bericht der NAAst 5 (Berichtszeit 1.10.44-30.12.44) dated 14.1.45

The first three can be found in the US national archives, collection RG 457 - Entry 9032 - box 22, titled ‘German deciphering reports’.

Unfortunately the last two (covering the second half of 1944) are not there.

I asked NARA if they could locate the missing reports elsewhere in collection RG 457 but they could not. I also requested the reports from the NSA’s FOIA office. In October 2016 they responded that the NAAS 5 reports were included in transfer group TR-0457-2016-0014.

I then contacted the NARA FOIA office and asked for the release of the NAAS 5 reports. 

The material in transfer group TR-0457-2016-0014 was classified so they would have to locate the reports and then review them for declassification. Unfortunately they have checked the files several times and they cannot locate any file titled E-Bericht NAAst 5.

So at this time I am trying to find a solution with the NSA and NARA FOIA office.

In the meantime if you know more about this case, if you think you have a better chance of locating the missing reports etc give it a try. 

Friday, March 24, 2017

The Abwehr’s Enigma G cipher machine and Procedure 63

The Cryptologia article Mr. Twinn’s bombes is available from the Taylor and Francis website and it has some very interesting information on the Enigma G cipher machine, used in WWII by the German military intelligence service Abwehr.

The Enigma G was different from the version used by the German military since it did not have a plugboard. Also its stepping was more frequent due to the many notches in the rotors.

According to the article it was used by the following Abwehr networks:

1). Berlin, Madrid, Lisbon, Paris, Bordeaux

2). Berlin, Vienna, Budapest, Bucharest, Sofia, Salonika

3). Berlin, Vienna

4). Berlin with stations in Turkey

The device was issued with 3 rotors only (while the military version used 3 rotors from a set of 5). In some networks the rotors were rewired during the war.

Several indicator systems were used in the period 1941-44. Up to August 1942 the message key was enciphered twice on the Grundstellung (basic setting). The 8 letter sequence was the indicator at the start of the message. This was the same procedure used up to 1938 by the German Army and Airforce.

From August 1942 the double encipherment of the message key was dropped and instead it was enciphered on the Grundstellung only once.

In the period late 1943-early 1944 a new indicator procedure was introduced. This was part of new security regulations called Procedure 63 - ‘Verfahren 63’. The new system used two basic settings. One for the network and one for the station. The cipher clerk first enciphered the message key twice on the network’s basic setting and then enciphered the 8 letters again at the station’s basic setting.

It is interesting to note that an OKW/Chi report dated August 1944 says that Procedure 63 was not secure:

D) Agentenverkehr

Die Vorschrift Nr.63 genügt nur dann zeitgemässen Sicherheitsansprüchen, wenn auf jeder Linie nur wenig Verkehr auftritt. Es soll versucht werden eine bessere Vorschrift auszuarbeiten.

Es wird dafür gesorgt werden, dass alle anderen mit Enigma-Maschinen arbeitenden Behörden usw. nur die vom Ausschuss geprüften und zugelassenen Vorschriften benutzen.

Google translation:

D) Agent traffic

Regulation No.63 only meets current safety requirements if only little traffic occurs on each line. A better regulation is to be worked out.

It is necessary to ensure that all other authorities working with Enigma machines, etc., use only the regulations audited and approved by the Committee.

Sunday, March 12, 2017


The report SRH-361 ‘History of the Signal Security Agency Volume Two The General Cryptanalytic Problems’, p283 says about TOKI/JBA:

JBA, a transposition system of a degree of security second only to the Purple machine-cipher system (JAA), was solved by statistical methods within six weeks. This solution is believed to be the first instance of the recovery of an unknown transposition of an unknown code by purely statistical means. Beginning groups, and later, code groups within the body of the text were found by matching stretches of cipher text from several messages with the same indicator. Frequent digraphs were recorded, and eventually the transposition patterns and tetragraphic code groups were recovered despite the presence of occasional trigraphic groups, the use of blanks in the matrix, and the use of the letters of the signature as nulls throughout the message.

Monday, March 6, 2017

NSA Special Research Histories available for download

The following recently declassified Special Research Histories can be downloaded from the NSA website:

SRH-361 is very interesting since it has details not only on US cryptanalysis of Japanese, Italian and German systems but also on the codes of neutral and Allied countries (China, Poland, Greece, Turkey, Czechoslovakia, etc).

Wednesday, March 1, 2017

The Japanese TOKI diplomatic cipher 1943-45

During WWII Japan’s Foreign Ministry used several cryptologic systems in order to protect its diplomatic communications from eavesdroppers. In 1939 the PURPLE cipher machine was introduced for the most important embassies, however not all stations had this equipment so hand ciphers continued to play an important role in the prewar period and during the war.

The main hand systems were transposed codes.

Historical overview

The first Japanese diplomatic system identified by US codebreakers was introduced during WWI and it was a simple bigram code called ‘JA’. There were two code tables, one of vowel-consonant combinations and the other of consonant-vowel. Similar systems, some with 4-letter code tables were introduced in the 1920’s.

These unenciphered codes were easy to solve simply by taking advantage of the repetitions of the codegroups of the most commonly used words and phrases. US codebreakers solved these codes and thus learned details of Japan’s foreign policy. During the Washington Naval Conference the codebreakers of Herbert Yardley’s Black Chamber  were able to solve the Japanese code and their success allowed the US diplomats to pressure the Japanese representatives to agree to a battleship ratio of 5-5-3 for USA-UK-Japan. However this success became public knowledge when in 1931 Yardley published ‘The American Black Chamber’, a summary of the codebreaking achievements of his group. The book became an international best seller and especially in Japan it led to the introduction of new, more secure cryptosystems.

In the 1930’s the Japanese Foreign Ministry upgraded the security of its communications by introducing the RED and PURPLE cipher machines and by enciphering their codes mainly with transposition systems.

Japanese transposed codes J-16 to J-19

The J-19 code had bigram and 4- letter code tables similar to the ones used previously by the Japanese Foreign Ministry. According to the NSA study ‘West Wind Clear: Cryptology and the Winds Message Controversy A Documentary History’ it was used from 21 June 1941 till 15 August 1943.

In terms of security the J-19 FUJI and the similar codes J-16 MATSU to J-18 SAKURA, that preceded it in the period 1940-41, were much more sophisticated than the older Japanese diplomatic systems. They had roughly double the number of code groups at ~1.600 bigram entries and in addition there was a 4-letter table with 900 entries for ‘common foreign words, usually of a technical nature, proper names, geographic locations, months of the year, etc’.

These codes were enciphered mainly by columnar transposition based on a numerical key, with a stencil being used for additional security. The presence of ‘blank’ cages in the box created irregular lengths for each column of the text.

Examples of the stencils and numerical keys from ‘West Wind Clear’:

The replacements of J-19 FUJI

In summer ’43 J-19 FUJI was replaced by three new systems. The transposed codes TOKI and GEAM and the enciphered code ‘Cypher Book No1’.

TOKI was used in the period 1943-45 and it was similar to J-19 in that it was a code transposed on a stencil. The TOKI system was used by Japan’s embassies and consulates in Europe (2).

Just like its predecessor it was solved by the Anglo-Americans and the German codebreakers.

Allied exploitation of the TOKI cipher

The US effort

The TOKI transposed code was different from its predecessor J-19 FUJI in that it was used by European posts, while J-19 was used by Japanese diplomatic missions from around the world. Also TOKI was made up of 2 and 3 letter code groups while J-19 had 2 and 4 letter groups. The code groups were arranged in a non systematic manner thus making solution more difficult (3).

Examples of recovered code values (4):

The TOKI messages were enciphered using stencils and transposition keys that changed within the same message. Specifically the indicator of the message designated 3 stencils and 3 numerical keys to be used in encipherment. Each table had 250 blocks (25x10) but 50 were crossed out according to a specific system, thus 200 letters could be enciphered. If the message was longer than that then the next stencil and numerical key designated by the indicator was used.

Initially the date of the message and the signature of the originator were used to select null and blank blocks (5). In December 1943 this procedure was changed. Null blocks were abolished and the new procedure for crossing out blocks was the following (6):

at the intersection of the column and row; five blanks are inserted; the odd blanks are inserted vertically, the even blanks horizontally, for numbers 1-10 in numerical order. Blanks to be inserted below row 10 are continued at row 1. If a blank is already present in a space to be used for another blank, it is skipped over; always five blanks are inserted for each intersection point, so that the total number of blanks is 50, and the number of letters in the matrix is 200. Three such matrices and three such random sequences are used for each indicator, if the length of the message warrants this. If a message is longer than 600 textual letters, the first sequence is used for a fourth block, the second for a fifth block, etc..

Examples of stencils and transposition keys (7):

The use of a 2 and 3 letter code together with different stencils and transposition keys made solution difficult. The main method used was to analyze a large number of messages ‘in depth’ (enciphered with the same settings, identified by having the same indicator), then it was possible to use anagramming in order to solve the encipherment and recover the code values.

The report SRH-361 ‘History of the Signal Security Agency Volume Two The General Cryptanalytic Problems’, p283 says about TOKI/JBA:

JBA, a transposition system of a degree of security second only to the Purple machine-cipher system (JAA), was solved by statistical methods within six weeks. This solution is believed to be the first instance of the recovery of an unknown transposition of an unknown code by purely statistical means. Beginning groups, and later, code groups within the body of the text were found by matching stretches of cipher text from several messages with the same indicator. Frequent digraphs were recorded, and eventually the transposition patterns and tetragraphic code groups were recovered despite the presence of occasional trigraphic groups, the use of blanks in the matrix, and the use of the letters of the signature as nulls throughout the message.

Apart from statistical methods it was possible to solve messages by taking advantage of operator mistakes such as sending the same message in two different keys, enciphering the same message on TOKI and GEAM ciphers, having stereotyped beginnings etc

The Gee-Whizzer

During the war traffic on the J-series codes increased significantly and the solution of the daily changing settings became a problem for the small number of people working on Japanese systems, so there was an effort to automate the process. The device built was an attachment for standard IBM punch card equipment called the ‘Electromechanagrammer’ or ‘Gee-Whizzer’.

According to the NSA study ‘It Wasn’t All Magic: The Early Struggle to Automate Cryptanalysis, 1930s – 1960s’, p50-51:

‘The Gee Whizzer had been the first to arrive. In its initial version it did not look impressive; it was just a box containing relays and telephone system type rotary switches. But when it was wired to one of the tabulating machines, it caused amazement and pride. Although primitive and ugly, it worked and saved hundreds of hours of dreadful labor needed to penetrate an important diplomatic target. It proved so useful that a series of larger and more sophisticated "Whizzers" was constructed during the war……………….When the Japanese made one of their diplomatic "transposition" systems much more difficult to solve through hand anagramming (reshuffling columns of code until they made "sense"), the American army did not have the manpower needed to apply the traditional hand tests.

Friedman's response was to try to find a way to further automate what had become a standard approach to mechanically testing for meaningful decipherments……………………………………..Rosen and the IBM consultants realized that not much could be done about the cards; there was no other viable memory medium. But it was thought that it might be possible to eliminate all but significant results from being printed. Rosen and his men, with the permission and help of IBM, turned the idea into the first and very simple Gee Whizzer. The Whizzer's two six-point, twenty-five-position rotary switches signalled the tabulator when the old log values that were not approaching a criterion value should be dropped from its counters. Then they instructed the tabulator to start building up a new plain-language indicator value.

Simple, inexpensive, and quickly implemented, the Gee Whizzer reinforced the belief among the cryptoengineers in Washington that practical and evolutionary changes were the ones that should be given support.’

From the available statistics on the solved TOKI messages and the reports issued it is clear that it was one of the high level Japanese diplomatic hand systems (together with JBB/GEAM and JBC/Cypher Book No1) (8).

In the period 1943-45 the main Japanese diplomatic systems decoded and forwarded to the Military Intelligence Service were the Purple cipher machine (JAA), the ciphers TOKI (JBA), GEAM (JBB), Cypher Book No1 (JBC) and the unenciphered code LA (JAH).

The Australian effort

In Australia the Diplomatic Special Section (D Special Section) of the Australian Military Forces HQ in Melbourne decrypted Japanese diplomatic ciphers. This unit was headed in the period 1942-44 by A.D. Trendall, Professor of Greek at Sydney University. Despite the small size of the unit considerable success was achieved in the solution of Japanese communications (9).

According to the report ‘Special Intelligence Section report - Japanese Diplomatic ciphers’ (10) the TOKI cipher was the first of the new Japanese Foreign Office ciphers to be broken.

The system was quickly compromised by the Japanese Ambassador in Lisbon Morishima Morito. The report says that he committed a fatal mistake by sending the same message in two different keys. This allowed the two messages to be solved and a few code groups to be identified.

More codegroups were recovered when some messages were sent both in the TOKI and GEAM ciphers. Since GEAM (JBB) was easier to solve it was then possible to identify the equivalent groups in solved TOKI (JBA) messages. When the cipher was modified in December 1943 it was possible to break in again by solving two messages sent in the same key.

Regarding the content of the messages the report says:

BA was used only to a moderate extent and the material it contained was of varying interest ranging from general Tokyo circulars upon international happenings to dull routine matters about couriers. Most BA messages from Russia were on the subject of couriers, visas and rations. However Stockholm was in the habit of sending all his chōhōsha (spy reports) in BA and much information was obtained therefrom. Although the second system of BA cypher might well have proved unbreakable the Foreign Ministry did not regard it very highly and issued instructions that it was to be used only for routine matters; more confidential material was to be sent in the recyphering tables. This was satisfactory from our point of view as we encountered far more difficulty in breaking and reading the second BA system than we did in recovering recyphering tables’.

The German effort

Foreign diplomatic codes and ciphers were worked on by three different German agencies, the German High Command’s deciphering department – OKW/Chi, the Foreign Ministry’s deciphering department Pers Z and the Air Ministry’s Research Department - Reichsluftfahrtministerium Forschungsamt.

OKW/Chi effort

At the High Command’s deciphering department - OKW/Chi, Japanese diplomatic systems were worked on by a subsection of Referat 13, headed by 1st Lieutenant dr Adler. About 15 people were employed by the unit (11) and according to Reinhard Wagner (a member of the section) the TOKI cipher was solved by the department.

Wagner said in his postwar interrogation report (12):

(3) A transposition procedure (Wuerfelverfahren), on which WAGNER did not work himself and which he knew only through having translated messages passed in the system. He could say of this system only that there was a daily changing keyword, and the reciphering process was complicated by Raster. The system remained valid until August 1943.
(4) The successor to the above transposition procedure, which WAGNER helped to solve, employed a basic 2 and 4 letter code book. Transposition was done in a width of 25 and a depth of 10. The keyword was changed arbitrarily. Not all the fields in the transposition square were employed but gaps (Loecher) were left. For example, the first square in the first column was to be left blank, the second square down in the second column, and so forth up to ten. In the eleventh column the top five squares down might be left blank, and in the twenty-first column the bottom five squares. In January 1944 the procedure was complicated by causing blank squares to be left vertically and horizontally. E.g., in column one, starting from the top down five squares were to be left blank. In column two, starting with the second. square down, five squares horizontally were to be left blank. In column three, starting with the third square down, five squares vertically were to be left blank, etc. The referat was successful in breaking this system.

At OKW/Chi they not only solved the Japanese transposed codes but also built a specialized cryptanalytic device called the ‘Bigram search device’ (bigramm suchgerät) for recovering the daily settings. EASI vol3, p65 says:

FUJI, a transposition by means of a transposition square with nulls applied to a two and four letter code. This system was read until it ended in August, 1943. It was broken in a very short time by the use of special apparatus designed by the research section and operated by Weber. New traffic could be read in less than two hours with the aid of this machine.

The ‘Bigram search device’ is called ‘digraph weight recorder’ in the US report ‘European Axis Signal Intelligence in World War II’ volume 2. In pages 51-53 details are given on the operation of this device:

The digraph "weight" recorder consisted of: two teleprinter tape reading heads, a relay-bank interpreter circuit, a plugboard ‘’weight’’ assignor and a recording pen and drum.
Each head read its tape photoelectrically, at a speed of 75 positions per second.

The machine could find a solution in less than two hours and did the work of 20 people, thus saving manpower.

Pers Z effort

At the Foreign Ministry’s deciphering department Pers Z Japanese systems were worked on by a group headed by Senior Specialist dr Rudolf Schauffler. This section successfully solved the Japanese diplomatic transposed codes, including the TOKI cipher which in Pers Z reports was designated as JB-64.

Dr Schroeter, a cryptanalyst of the mathematical research section who worked on Japanese ciphers, said in TICOM report I-22, p17

136. Dr. Schroeter: Had joined the organization comparatively later (Spring 1941) and had no intention of ‘staying on'. He was a lecturer in mathematical logic at the University of Münster. He had joined Dr. Kunze’s party and worked independently on Japanese recypherments.
137. He started work on simple transposition recypherments of codes; they were single transpositions with nulls over two-letter books. In the autumn of 1942-43 he worked on a Japanese 'Greater East Asia‘ traffic consisting of single transposition over a two-letter book systematically constructed, groups consisting of cv. The cage was 6 letters long and 5 or 10 letters deep with blanks evenly distributed throughout; there were three keys.
138. The system used with European posts consisted of transposition with a 25 place stencil. The stencil changed sometimes as often as three times within the message. The blanks in the stencil were filled out with the originator's signature, e.g. SHIGEMITSU. The basic book was more difficult and employed groups of two or three letters. The system was broken largely-owing to a twelve part message from Moscow with similar beginnings to each part. This system, known as 'JB 64’, is still current, though the stencil changes more frequently. Dr. Olbricht used to work on it. Dr. Schroeter sketched a specimen stencil.

It is interesting to note that a cryptanalytic device called ‘Spezialvergleicher’ was used to solve the Japanese transposed codes (13).

In the TICOM collection of the German Foreign Ministry’s Political Archive there are several folders containing worksheets of solved JB-64 messages for the period 1943-45 (14).

For example (15):

Forschungsamt effort

At the Air Ministry’s Research Department Japanese systems were worked on by Abteilung 7 (USA, UK, Ireland, South America, Spain, Portugal, Turkey, Egypt, Far East). The department had about 60-70 workers.

Unfortunately at this time there is limited information on the Forschungsamt cryptanalytic effort. In TICOM report I-25, p7 dr Martin Paetzel (deputy director of Main Department IV - Decipherment) said that a Japanese transposed code was worked on in the middle of 1943 but it was not read currently. It is possible that he was referring to TOKI.

Messages from the Japanese embassy in the Soviet Union

The Germans were particularly interested in the communications of the Japanese diplomats in the Soviet Union. It seems that this embassy was either not given a PURPLE machine or perhaps they had to dismantle it in 1941, so they relied on hand ciphers for their most important messages.

During WWII Japan fought on the side of the Axis but was careful to avoid a confrontation with the Soviet Union. War between the SU and Japan finally broke out in August 1945 but during the period 1941-45 Japanese diplomats were free to collect and transmit important information from the SU on military and political developments as well as their discussions and negotiations with Soviet officials. These messages were a prime target for the Allied and German codebreakers.

In the period 1943-45 the messages of the Japanese ambassador clearly showed the deterioration of Soviet-Japanese relations. Some of these messages were used in a series of reports prepared by Giselher Wirsing, an accomplished author and journalist, who in 1944 joined the Sicherheitsdienst foreign intelligence department as an evaluator.

Wirsing had come to the attention of General Schellenberg (head of SD foreign intelligence) due to his clear headed analysis of the global political situation and of Germany’s poor outlook for the future. Under Schellenberg’s protection he wrote a series of objective reports (called Egmont berichte) showing that Germany was losing the war and thus a political solution would have to be found to avoid total defeat (16).

In his postwar interrogations Wirsing mentioned the decoded messages of the Moscow embassy that he used in his reports:

Japanese ambassador in Moscow to his Government. Occasional telegrams were deciphered which indicated clearly that the Japanese were having increasing difficulties in maintaining friendly relations with the USSR. Through this source came confirmation from an Amt VI Far East V-man regarding a secret meeting of Japanese and Russian emissaries somewhere in SIBERIA’.

When STALIN delivered his famous address on 7 November 1944, singling JAPAN out as an aggressor nation, WIRSING, in a special report written at the request of SCHELLENBERG, read into this sentence the accomplished fact of a fundamental change of Russian policy towards JAPAN. Again SCHELLENBERG demurred. Then, approximately three weeks later, a report by ambassador SATO to his government was intercepted in which he related a conversation he had had with MOLOTOV in connection with a Japanese note expressing concern over anti-Japanese utterances by a Russian colonel in a public address. MOLOTOV, according to SATO, availed himself of this opportunity to advise the Japanese Government not to mistake rhetorical exuberance for an expression of the considered policy of the Kremlin. However, MOLOTOV added, the time would come when certain outstanding questions of a more fundamental nature would have to be thrashed out between the two nations.‘

It is reasonable to assume that some of these messages were enciphered with the TOKI system.


(2). TICOM report I-22, p17 and US report ‘The solution of the Japanese transposed code JBA’, p1 (NARA - RG 457 - Entry 9032 – NR 2828)

(3). US report ‘The solution of the Japanese transposed code JBA’ (NARA - RG 457 - Entry 9032 – NR 2828)

(4). US report ‘Master JBA trigraph charts‘ (NARA - RG 457 - Entry 9032 – NR 2458)

(5). The procedure as described in ‘The solution of the Japanese transposed code JBA’ was as follows. The cipher clerk would take the stencil, write the numerical key at the top and then add the letters of the signature of the originator (for example SATOAMBASS) at the blocks on row 1-column 1, row 2-column 2, row 3-column 3 etc.

The blank blocks were selected from a key table which identified the columns to be crossed out for each day of the month.

(6). US report ‘The solution of the Japanese transposed code JBA’ (NARA - RG 457 - Entry 9032 – NR 2828)

(7). US reports ‘Report on Japanese diplomatic systems 1944’ (NARA - RG 457 - Entry 9032 – NR 3095) and ‘The solution of the Japanese transposed code JBA’ (NARA - RG 457 - Entry 9032 – NR 2828)

(8). US report 'Foreign Cryptographic Systems, 1942-1945' (NARA - RG 457 - Entry 9032 - NR3254)

(9). Breaking Japanese Diplomatic Codes David Sissons and D Special Section during the Second World War, chapter 1

(10). Australian National Archives - NAA: A6923, 1/REFERENCE COPY - (barcode 12127133)

(11). TICOM I-124, p3 and TICOM I-150, p4

(12). TICOM I-90 ‘Interrogation of Herr Reinhard Wagner (OKW/Chi) on Japanese systems’, p3

(13). TICOM I-22, p18

(14). German Foreign Ministry’s Political Archive - TICOM collection - files Nr. 2.465-2.471

(15). German Foreign Ministry’s Political Archive - TICOM collection - file Nr. 2.471 - Japan 1944/45   ‘JB64, 1481-1644’, Diplom. Briefverkehr

(16). British national archives KV 2/140 ‘Giselher WIRSING: Journalist and author’


‘European Axis Signal Intelligence in World War II’ volumes 2,3,6,7 , TICOM reports I-22, I-25, I-90, I-124, I-150,  DF-187B , ‘The Codebreakers’, ‘Breaking Japanese Diplomatic Codes David Sissons and D Special Section during the Second World War’, United States Cryptologic History Series IV: World War II Volume X: ‘West Wind Clear: Cryptology and the Winds Message Controversy A Documentary History’, United States Cryptologic History, Special Series, Volume 6, ‘It Wasn’t All Magic: The Early Struggle to Automate Cryptanalysis, 1930s – 1960s’, NSA interviews of Frank Rowlett 1974 (National Cryptologic Museum Library), Australian National archives: ‘Special Intelligence Section report - Japanese Diplomatic ciphers’, NARA reports: ‘The solution of the Japanese transposed code JBA’, 'Foreign Cryptographic Systems, 1942-1945', ‘Report on Japanese diplomatic systems 1944’, ‘Master JBA trigraph charts‘, NSA report SRH-361 ‘History of the Signal Security Agency Volume Two The General Cryptanalytic Problems

Acknowledgements: I have to thank Rene Stein for identifying several of the NARA JBA reports.

Tuesday, February 14, 2017

Interesting reports on the Soviet crypto problem

Two new versions of the following reports can be found at the NSA’s website.

The previous versions had a lot of pages deleted by these seem to have fewer redactions. 

It’s a step forward…

Thursday, February 9, 2017

Breaking Enigma messages

Frode Weierud and Olaf Ostwald have written the interesting article ‘Modern breaking of Enigma cipher texts’ on modern techniques used in solving original Enigma messages from WWII.

“Breaking German Army Ciphers” is the title of a Cryptologia article from 2005, describing the lucky survival of several hundred authentic Enigma messages of World War II, and an account of a ciphertext-only cryptanalysis of a large number of these messages, leaving only a few (mostly short messages) unbroken. After reviewing the work done, and investigating the reasons for both lucky breaks and close misses, the modern ciphertext-only attack on Enigma messages is improved, especially on genuine ones with short lengths and/or many garbles. The difficulties of a proper measure for the candidate’s closeness to a plaintext are clarified. The influence on the decryption process of an empty plugboard and one with only a few correct plugs is examined. The method is extended by a partial exhaustion of the plugboard combined with an optimized hillclimbing strategy. The newly designed software succeeds in breaking formerly unbroken messages.

Frode has also summarized the previous efforts to solve these messages at CryptoCellar Tales.

Wednesday, February 1, 2017

The compromise of the Croat Enigma K cipher machine by the German Army’s codebreakers

Signals intelligence and codebreaking played an important role in WWII. British and American codebreakers solved many important Axis crypto systems and similarly their Axis counterparts also had their own successes.

Both the Allies and the Axis powers solved not only their opponents’ communications but also those of neutral powers and in some cases the communications of their own allies.
For example the German codebreaking agencies solved Japanese and Italian diplomatic ciphers during the 1930’s and in WWII.

The Germans also solved the messages of their minor allies. One such case concerns the Enigma K (commercial version) used by the Armed Forces of the Independent State of Croatia in WWII.

The Independent State of Croatia

The Kingdom of Yugoslavia was one of the states that were created when the old Austro-Hungarian empire collapsed at the end of WWI. The country covered a large area in the Balkans but was politically unstable since it was made up of a diverse group of peoples (Serbs, Croats, Slovenes, Montenegrins). 

In April 1941 the country was quickly defeated and occupied by German forces. The collapse of the Yugoslav state led to its partition into new states, subservient to the Axis powers.

One of them was the Independent State of Croatia, ruled by the Ustaše movement and its leader Ante Pavelić.

Although the Croat State was a puppet state of Germany its communications were targeted by the German Army’s codebreakers.

The German Army High Command’s codebreaking department

During WWII the German Army made extensive use of signals intelligence and codebreaking in its operations against enemy forces. German commanders relied on signals intelligence in order to ascertain the enemy’s order of battle and track the movements of units.

The German Army’s signal intelligence agency operated a number of fixed intercept stations and also had mobile units assigned to Army Groups. These units were called KONA (Kommandeur der Nachrichtenaufklärung) - Signals Intelligence Regiment and each had an evaluation centre, a stationary intercept company, two long range signal intelligence companies and two close range signal intelligence.

The KONA units did not have the ability to solve complicated Allied cryptosystems. Instead they focused on exploiting low/mid level ciphers and even in this capacity they were assisted by material sent to them by the central cryptanalytic department. This was the German Army High Command’s Inspectorate 7/VI

Inspectorate 7/VI had separate departments for the main Allied countries, for cipher security, cipher research and for mechanical cryptanalysis (using punch card machines and more specialized equipment).

The codes of Balkan countries and of the Tito and Mihailović resistance movements (1) were worked on by Referat 6. This department also solved Croat communications in the period 1941-45 (2).

Yugoslav communications were also worked on by a small detachment under Lieutenant Wollny (Nachrichten Aufklärung Zug ‘W’) based in Belgrade and by the units of KONA 4 (Kommandeur der Nachrichtenaufklärung 4 - Signals Intelligence Regiment 4).

The Croat Enigma K cipher machine

According to German reports the Croatian forces used several cryptosystems, from Caesar cipher and simple transposition to 4 and 5-figure enciphered codes.

A more interesting system identified in Croatian radio traffic was the Enigma K cipher machine.

Since the 1920’s the Enigma cipher machine was sold to governments and companies that wanted to protect their messages from eavesdroppers.

The latest version of the commercial Enigma machine was Enigma K. In WWII this device was used by the Swiss diplomatic service and armed forces and also by the Croatian authorities.

The device worked according to the Enigma principle with a scrambler unit containing an entry plate, 3 cipher wheels and a reflector. Each of the cipher wheels had a tyre, marked either with the letters of the alphabet or with the numbers 1-26, settable in any position relative to the core wheel, which contained the wiring. The tyre had a turnover notch on its left side which affected the stepping motion of the device.

The position of the tyre relative to the core was controlled by a clip called Ringstellung (ring setting) and it was part of the cipher key, together with the position of the 3 cipher wheels.  
The commercial version was different from the version used by the German Armed Forces in that it lacked a plugboard (stecker). Thus in German reports it was called unsteckered Enigma.

The Croatian authorities first received 12 Enigma machines in July 1942 (3). More machines were purchased in 1943 and 1944. In the period November ’43 - March ‘44 Enigmas that had been used by the Condor Legion in Spain were rewired for the General Staff of the Croatian Home Defence Forces (Kroatischen Landwehr – Hrvatsko Domobranstvo) (4).

The reflector remained on the commercial wiring Ch 11 Tz 86, however the 3 cipher wheels received the new wiring Ch 11 Tz 364 a–c (5).

In total 12 new Enigma cipher machines and 29 rewired ones were prepared for Croatian use. In addition it is likely that another 44 machines were also delivered (6).

Solution of Croat Enigma K communications

Details on the solution of Croatian messages enciphered on the Enigma K are available from the postwar interrogation of Army cryptanalyst dr Buggisch and from the relevant entries in the War Diary of Inspectorate 7/VI.

Dr Buggisch, one of the top cryptanalysts of Inspectorate 7/VI, said in TICOM report I-92 ‘Final Interrogation of Wachtmeister Otto Buggisch’, p2-3

2. Solution of Croat Enigma. This was not an outstanding cryptanalytic achievement. The machine used was the K model, with three wheels and no stecker. The machines were made for the Croats by the firm of KROSKY and KRUGER, Berlin, which gave the wirings promptly to OKW/WNV in about 1941 or 1942. A single key was used throughout the entire Croat Army and area, and this consisted only of a list of 100 settings for a period of a month. As far as Buggisch knew the Ringstellung stayed always at AAA, and the wheel order at 1, 2, 3. Just to make sure, the Germans paid for one of the first keys used, and with this decoded traffic were able to establish stereotypes and solve almost 100% from the first.

The solutions were done entirely by hand with wiring charts, assuming a pet beginning (one third of all messages began with "MINORS") and assuming the left hand wheels and Umkehrwalz unmoving (only one notch per wheel as in the commercial model). The Croats also had pet indicators and so would furnish depths in case this method did not work. The setting was indicated directly by a two digit number unenciphered, so that the settings wore solved almost as fast as they came, and the traffic read currently from then on. Buggisch did not recall the contents in detail. 90% of it was uninteresting; there were some interesting messages about actions against Tito

Buggisch said the Germans had considered equipping the Croats With the military Enigma, as they did for HUNGARY, ROUMANIA, FINLAND and ITALY (and JAPAN, he thinks) in about 1942. However, they decided against this as they believed the corrupt CROATS would go right on selling the keys to British agents, while they, the GERMANS, would have to pay as well instead of solving free. (The possibility of a BRITISH solution obviously did not occur to Buggisch during this discussion of the K model.)

According to Buggisch one third of all messages began with the word ‘MINORS’. MINORS stood for ‘Ministarstvo Oruzanih Snaga’ - Ministry of Armed Forces of the Independent State of Croatia (7).

Thus this was high level traffic between the Ministry of Armed Forces and the regional military commands.

The war diary of Inspectorate 7/VI (8) confirms Buggisch’s statements and shows that in the period 1943-45 the Croatian Enigma was regularly read by the Germans.

Information from the War Diary of Inspectorate 7/VI

In June ’43 the report of Referat 13 (security of German cipher machines) said that the use of the commercial Enigma K machine had been identified in Croatian 5-letter cipher traffic and by using the wheel wirings supplied by the company Heimsoeth & Rinke together with known key documents it was possible to break into this traffic. Presumably ‘known key documents’ would have been the compromised documents that Buggisch mentioned in report I-92.

Bei einem kroatischen 5B-Verkehr wurde festgestellt, daß er mit einer handelsüblichen Enigma Modell K verschlüsselt ist. Ein Versuch mit den von der chiffriermaschinengesellschaft Heimsoeth & Rinke an Kroatien gelieferten Walzen ergab, daß tatsächlich die betreffenden Walzenschaltungen benutzt wurden. Unter Ausnutzung teilweise bekannter Schlüsselunterlagen gelang ein Einbruch und damit die Deutung der Schlüsseltechnik. Nach früher hier entwickelten Methoden wird eine laufende Entzifferung möglich sein.

In einer Besprechung am 8.6.43 wurden einige Entzifferungergebnisse über die handelsübliche Enigma mit dem Forschungsamt ausgetauscht. (Wm.Döring, Uffz. Rinow.)

In July ’43 the report of Referat 6 (Balkan countries) said that there was cooperation with Referat 13 (Wm. Buggisch) on the solution of the Croat Enigma. 23 indicators (for the initial position of the rotors) were recovered and transmitted to Lieutenant Wollny’s Nachrichten Aufklärung Zug ‘W’, together with a cipher machine for processing the accumulating material.

Von den mit Chiffriermaschine verschlüsselten kroatischen Sprüchen wurden unter Zusammenarbeit mit Referat 13 (Wm. Buggisch) 23 Kenngruppen (für Walzeneinstellung) gedeutet und mitsamt einer Chiffriermaschine fur Nachr. Aufkl.-Zug "W" zwecks Bearbeitung des dort anfallenden Spruchmaterials Herrn Oberleutnant Wollny übergeben. Die mit der Chiffriermaschine gelösten Sprüche wurden in einer umfangreichen VN-Meldung herausgegeben. (s.Schrb. Br.B.Nr. 1691/43 gKdos.)

The report of Referat 13 said that by solving the frequently used indicators it was possible to solve almost all the traffic.

Bei den kroatischen 5B-Sprüchen, die als Enigma-Sprüche (Modell K) erkannt wurden, konnten die häufig benutzten Kenngruppen erstellt werden, sodass fast der gesamte Verkehr mitgelesen werden kann.

A table contained in the Referat 6 report shows how many messages were processed during the month:

In August ’43 Referats 6 and 13 solved 16 indicator groups and transmitted them to Nachrichten Aufklärung Zug ‘W’ via teletype.

Referat 6:

Von den mit Chiffriermaschine verschlüsselten kroatischen Sprüchen wurden unter zusammenarbeit mit Referat 13 (Wm. Buggisch) 16 Einstellungsgruppen gedeutet und dem Nachr. Aufkl. Zug mit Fernschreibgspräch (G-Schreiber) am 10 und 17.8 zwecks Bearbeitung des dort anfallenden spruchmaterials mitgeteilt.

In September ’43, indicator groups continued to be solved and sent to the Wollny unit for direct exploitation. However according to the Referat 13 report the Croatian authorities changed the indicator system by having 10 new indicators valid for each day instead of the previous arrangement for 100 indicators valid for each quarter.

Nachdem die Kroaten von Vierteljährlichen Schlüsselwechsel (100 Schlüssel) zu täglichem Schlüsselwechsel (10 Schlüssel) übergegangen sind, erfordert die laufende Erstellung der schlüssel mehr Arbeit als bisher.

In October ’43, 13 indicators were sent to the Wollny unit. The report of Referat 13 says that the current solution of the indicators could be stopped. This would seem to imply that they got copies of the indicator tables, thus they didn’t need to solve them cryptanalytically.

Da die Schlüsselunterlagen zur kroatischen Enigma anderweitig besorgt werden, konnte die laufende Erstellung der schlüssel Mitte des Monats eingestellt werden.

In November ’43 the report of Referat 6 says that Croatian ciphers were solved (hand systems and cipher machine) and the results transmitted to Nachrichten Aufklärung Zug ‘W’.

Bearbeitung umfangreichen Spruchmaterials aus dem kroatischen Funkverkehr, Entzifferung einfacher Würfel und mit Chiffriermaschine verschlüsselter Sprüche. Herausgabe von 9 V.N.-meldungen aus diesem Verkehr. sämtliche hier erstellten Losungen und neuen überschlüsselungsarten wurden dem N.A.Zug "W" fernschriftlich oder schriftlich mitgeteilt.

In December ’43 there were organizational changes in Inspectorate 7/VI, with Referat 6 becoming Referat a5 and Referat 13 becoming Referat b2.

New indicators were recovered by departments a5 and b2. The report of b2 says that the solution of the Croat Enigma indicators had to be resumed because procurement was not yet possible in the new key period.

Referat b2

3. Enigma: Die erstellung der kroatischen Schlüssel wurde wieder aufgenommen, da die Beschaffung auf dem früheren Weg in der neuen Schlüsselperiode noch nicht möglich war.

Also in the second half of 1943 Referat 9, which was the Hollerith/IBM punch card section, did statistics on the Croatian Enigma traffic (Statistische Untersuchungen für kroatische Enigma für Wm. Buggisch) and on Croat language bigram and trigram statistics (Bi- und Trigrammstatistik aus kroatischen Klarsprüchen für Wm. Buggisch)

In February ’44, 18 indicator groups were solved.

The March ’44 report of Referat a5 says that the extensive Croatian Army traffic was tackled only at the forward unit Nachrichten Aufklärung.

Referat a5

Ehem. Südslawien - Freies Kroatien:
Bearbeitung des gesamten umfangreichen Heeres - Spruchmaterials ( einfache würfel, spaltencäsaren, Enigma) erfolgt nur noch bei N.A.
11 VN- Meldungen mit 208 Sprüchen

In April, May and June ’44 there seems to have been a halt on interception of this traffic. The April’ 44 report says that ‘for unknown reasons message interception has been discontinued as of 6.4

Referat a5

Ehem. Südslawien - Freies Kroatien:
6 S- Meldungen mit 119 Sprüchen
Spruch aufnahme is mit  dem 6.4 aus unbekannten Gründen eingestellt worden, was sehr bedauerlich, da bei evtl. späterer Neubeobachtung erfahrungsgemäss die Ez. erheblichen Zeit- und Arbeitsaufwand erfordert.

Interception resumed in July ’44 with the report pointing out the negative consequences of losing touch with this traffic (‘The three-month interruption of interception makes itself felt in a disadvantageous manner’)

Referat a5

Ehem. Südslawien - Freies Kroatien:
Eingestellte Beobachtung am 1.7.44 wieder aufgenommen. Spruchanfall mässig. 48 Sprüche (einfache Würfel) entziffert, inhalt belanglos. Bearbeitung von 5Z- Sprüchen (vermutlich überschlüsselter 4Z-Code ) bisher ohne Erfolg. Die dreimonatige unterbrechnunh der Beobachtung  macht sich nachteilig bemerkbar. Angeforderte Schlusselunterlagen von Kdr 4 nicht eingegangen.

In August ’44 Referat b2 resumed work on the solution of the Enigma indicators.

Referat b2

Bei wieder aufgenommener Bearbeitung der kroat. Enigma konnten einige Schlüssel erstellt werden.

In September ’44, 7 indicators were recovered by Referat b2.

In October ’44 there was another organizational change with Referat a5 becoming Referat 3c and Referat b2 becoming Referat 1b.

During the month 5 indicators were created and results transmitted to KONA 4 (Kommandeur der Nachrichtenaufklärung 4 - Signals Intelligence Regiment 4) in the Balkans.

In November ’44 solutions increased with 33 indicators transmitted to Referat 3c.

Referat 1b

Erstellung von 33 Schlüsseln für kroatische Enigma und Weiterleitung an 3c.

In December ’44, 59 indicators were recovered.

In January ’45 Referat 3c became Referat 2c. The report of Referat 1b says that 47 keys for the Croat Enigma were solved and transmitted to Referat 2c.

In February ’45 the Ref 1b report simply says that a large number of keys for the Croatian Enigma was solved and passed on to Ref 2c.

Eine grössere Zahl von Schlüsseln für die Kroat. Enigma wurde gelöst und an Ref.2 c weitergegeben.

The final Ref 2c report from March ’45 says that 30 keys were recovered and 354 messages solved.

Referat 2c

1. Balkan- Freies Kroatien
a). Für die mit der Enigma verschlüsselten 5B-Sprüche des Kroatischen Heeres wurden 30 Schlüssel erstellt. Es wurden damit 354 Sprüche entschlüsselt.


(2). Reports of Referat 6 – War Diary of Inspectorate 7/VI

(3). Correspondence with Frode Weierud.

(6). Correspondence with Frode Weierud.

(7). Correspondence with dr Nikica Baric of the Croatian State Archives

(8). German Foreign Ministry’s Political Archive - TICOM collection - files Nr 2760-2761

Additional information:

The files of Inspectorate 7/VI, listed in TICOM report IF-272 - TAB ‘D’, include the following report on the Croatian Enigma in page 8:

Zusammengefasste Umkehrwalze. Kroatien. AA-AZ.
Walze I. II. III.

These should be the wirings for the reflector and the three wheels.

Acknowledgements: I have to thank Frode Weierud for his help in translating the relevant passages from the War Diary of Inspectorate 7/VI and for the information on the Croat Enigma orders and dr Nikica Baric for explaining the meaning of the term MINORS.