Wars, though terrible, can also catalyze new technologies. In fact, the ancestor of the computer you’re reading these words on right now was born in the crucible of World War II. That was when the Germans created a powerful machine to protect their secrets, forcing the Allies to create an even greater machine to unlock them.
In doing so, they helped to defeat one of the greatest evils the world has ever seen and created the precursor to the modern computer. But it’s not just history we’re after. Even almost a century later, there are lessons we can learn here about modern cybersecurity.
What follows is the fascinating story of how clever spies, daring commandos, brilliant mathematicians, and industrious engineers came together to crack Germany’s Enigma code machine…
The element of surprise is crucial in war. Intercept an enemy’s message and you’ll know their moves before they do. World War II was no exception.
Radio waves enabled the nations of WWII to communicate with their troops over vast distances. However, it was easy for enemies to hear those messages as well. In a war where everyone can hear what you’re saying, you need to speak in codes to transmit secret information. This was why the German government developed the Enigma machine.
The Enigma machine was a keyboard that scrambled messages in a way that could only be unscrambled by someone using an identical machine with identical settings somewhere else. It was initially created for commercial and diplomatic use before the war, but the government later began developing versions with more powerful encryption exclusively for the military.
The machine looked like a typewriter, but instead of typing out letters on a sheet of paper, it had a board of lights with one light for each letter of the alphabet. As the operator typed each letter of their message into the machine, a letter on the board would light up to produce, letter by letter, a scrambled message.
The German military used the Enigma to great effect during WWII. Their seemingly unbreakable encrypted messages would direct army movements, aircraft raids, and the deadly U-boat submarines that terrorized Allied military and civilian ships on both sides of the Atlantic.
Cracking the Enigma machine was key to gaining an advantage in WWII. But first, they had to figure out how it worked.
The key to its power lay in the clever way that the inside was wired. The wartime Enigma could create trillions and trillions of potential combinations – too many for any contemporary methods to crack. But we’ll get to that later. First, let’s see what you’d have to do to create and send an Enigma-encrypted message:
Check your settings: The Enigma only worked if both ends of the conversation were using the same settings. To this end, the German military would issue sheets of daily Enigma settings that would be replaced at various frequencies – usually once a month.
The Enigma was constantly updated throughout the war, so the exact types of settings varied. However, they usually included:
Every Enigma also had a reflector, but only a few of the versions could adjust their reflectors. We’ll get to the reflector later, as it introduced a flaw that was crucial to the Allies’ efforts to crack the Enigma.
In any case, once the Enigma machine was correctly configured, it was time to send your message.
Now that we know how it was used, what made it so powerful? Why was it such a phenomenal challenge for the Allies to crack the Enigma’s code?
The thing that made Enigma so hard to crack with contemporary means was that the settings changed with each keystroke. If you were to sit down at an Enigma machine right now and press the “A” key three times, you would get a different scrambled letter every time. As an example, the word “AARDVARK” could very well be scrambled into “GFKLRLWC” – and if I were to type it again later in my message, it could look completely different!
It’s hard to convey just how deeply scrambled any given code could be because the numbers are truly astronomical. Hopefully, the math here will help:
Brute-forcing the Enigma was effectively impossible. So how could the Allies possibly hope to break it?
Well, the Enigma itself had one fatal flaw – the reflector component made it so a letter could never be encoded to itself in the scrambled message. In other words, if the scrambled text is “HWLER”, you can immediately rule out the word “HELLO” in that spot because the “H” and the first “L” would match. But to really understand why this was such a key flaw, we need to understand how the Allies worked to break the Enigma.
Hollywood has shown us how the British military eventually took the initiative in cracking the Enigma code, but every Allied country pitched in to help. The Enigma codebreaking process began long before the war did.
As Germany’s neighbor, Poland understood the threat Germany presented and began attempting to crack the Enigma’s earlier and simpler versions.
Before the war, Poland faced weaker Enigma encryption and shoddier German security practices. However, the dire international need to decrypt it was not yet present and Poland did not have the resources or information available to make the breakthroughs that their allies did later.
Impressively, some of Poland’s greatest breakthroughs came through the power of math and deduction.
The Polish mathematicians achieved remarkable results. They proved that the earlier versions of Enigma could be broken and provided the theoretical foundations upon which many of the Brits’ later breakthroughs were built.
As the war approached, the Allies began sharing intelligence to accelerate the breaking of the Enigma. Brief secretive meetings were arranged at hotels and train stations across Europe to exchange information. A French spy named Hans Tilo-Schmidt who was embedded in the German Armed Forces’ Cipher Office produced many useful clues. For years, he sold Enigma manuals and other info to French intelligence that made its way to the rest of their allies.
In 1939, Germany invaded Poland, beginning World War II. The Polish mathematicians fled through several countries to the UK, where they shared everything they knew with British intelligence. However, they were tasked with solving other cryptographic puzzles – Britain and the US took over Enigma decryption and shrouded it in the highest levels of secrecy.
As the war approached and got underway, a few significant changes occurred:
Scores of brilliant mathematicians, analysts, and engineers worked at the top-secret facility at Bletchley Park, but Alan Turing (played by Benedict Cumberbatch in the film The Imitation Game) and Gordon Welchman are considered the stars of the Enigma effort. They are credited with developing the bombe – the electro-mechanical calculator that helped crack the Enigma and that many call the precursor of the modern computer. With that being said, their contemporaries have said that the contributions of the Polish mathematicians saved Turing and Welchman a year of work.
Let’s break down the steps in the British Enigma codebreaking process so we understand how it works.
Cryptanalysis: Teams of British mathematicians analyzed the messages to find patterns and clues that would help, but their most useful tools were cribs – plaintext words they hypothesized might exist in a given scrambled message. To produce useful cribs based on solid hypotheses, clever cryptanalysts had to pore over mountains of data gathered from across Europe by the Brits and their allies.
The reflector flaw mentioned earlier made these cribs much easier to use. The location of a crib in the text could be ruled out if even one of the letters matched the scrambled text.
Computation: Once they had good cribs and intercepted encrypted messages, the analysts at Bletchley Park could use their bombes to test the cribs and discover the Enigma settings being used by the Germans for that day. If they could do so fast enough, they would have the power to unlock Enigma messages for the rest of that day. Each day they had to start all over again.
Each bombe machine was essentially composed of a large array of simulated Enigma rotors. They worked by testing thousands of Enigma settings to discover settings that could have produced the cribs that the analysts fed into them. With clever insights, the analysts were able to rule out certain settings to make the machines’ work more efficient.
Eventually, the Brits were able to manufacture vast facilities full of bombe machines and set them to work to crack the Enigma codes. Towards the end of the war, the British had 155 3-rotor bombes operating across multiple sites(to protect them from air strikes).
Let’s go over the clues and the human mistakes that enabled the British mathematicians to form useful cribs to feed to their bombe machines.
Many modern historians, mathematicians and cryptanalysts agree – if the Enigma had been operated perfectly, it may have remained impossible to crack. However, it wasn’t. The British relied on the humans operating the Enigma to make mistakes that could give them clues. Here are just some of the ways that the people using the system actually undermined it:
Repetition: Some of the most easily exploitable cribs came from daily reports whose formats rarely changed. Most U-boats, for example, would send daily weather reports. Analysts could make educated guesses at the location of the plaintext word “weather report” in the scrambled message.
In less-active regions, military units might often send messages that contained the words “nothing unusual” or “nothing to report” – another frequent repetition that the British used to great advantage.
Poor setting sheets: By poring through their data, analysts made discoveries about how the Enigma setting sheets were made. In some areas, for example, no rotor settings could ever be repeated in a month, so once they had been used, they could be ruled out for upcoming days. In others, no rotor could occupy the same slot in the Enigma as it had the previous day, also reducing the number of options analysts needed to check.
In other cases, some commands would recycle entire rows or columns of the previous month’s sheets, handing the British small victories when these flaws were detected.
Overconfidence: There were periods during the war when the British managed to break Enigma codes for weeks on end, safely directing their ships around German U-boat patrols. Still, up until after the end of the war, German commanders still believed that the Enigma was only breakable in theory, but not in practice.
Sometimes, the British took measures to perpetuate this misconception. In one case, when the location of a U-boat in the Mediterranean was discovered by cracking an Enigma message, the British air force first sent a scout plane to the location to “spot” the submarine and provide a plausible pretext for attacking it.
There were also some interesting specific scenarios or events that gave the Allies plenty of clues to work with.
The “LLLL” message: German operators sometimes sent decoy messages to delay British efforts to crack their encryption. On one occasion, however, a British analyst noticed something strange – the scrambled message he was inspecting contained absolutely no “L” anywhere in the text. Because of the reflector flaw, this meant that any or all of the letters could be “L”. It turned out that it was all of them – the lazy German operator had simply mashed the “L” button on his Enigma to write his decoy message, practically gifting the British the settings for that day.
Double agent Nathalie Sergueiew: Nathalie was a German spy who had made herself available to British intelligence as a double agent. Her primary contribution to the Enigma effort was to send verbose reports back to her German commanders that were later re-encrypted using the Enigma. This provided British analysts with excellent cribs for discovering machine settings when her messages were relayed.
The sinking of the U-559: The German Navy distributed setting sheets written in ink that would dissolve when wet, making them highly resistant to capture. At one point in the war, they also upgraded their Enigmas to use 4 rotors, making them much more difficult to break.
The first great breakthrough in breaking the upgraded Enigma was achieved in a daring hunt by the destroyer HMS Petard. An engagement with German submarine U-559 ended with the submarine’s surrender after dark had fallen. Nonetheless, the captain immediately ordered three soldiers to dive into the water. Illuminated by spotlights, they swam to the U-boat as its crew surrendered to retrieve any books they could before it sank. Fortunately, the submarine sank slower than it should have due to mistakes made by the departing crew. This gave the soldiers the precious moments to retrieve their valuable prize – intact codebooks.
Operation Claymore: During a daring and explosive raid on German industrial facilities on the Lofoten islands, the commandos seized an unexpected prize – a set of Enigma rotors and a codebook from a docked ship.
These are just a few select colorful cases. This parallel cryptographic arms race was fought throughout the war right up until the end. There was no point during the war during which either side could be said to have fully won or lost the cryptographic battle, but there were some stretches of time during which the Allies enjoyed nearly unrestricted access to German radio communications.
The war was won by more than just the breaking of the Enigma, but uncovering the enemy’s operational secrets no doubt played a pivotal role. Furthermore, this retelling has been simplified to touch on the key elements that can be useful for modern online security. For those interested in mathematics, cryptography, or the history of WWII, there is much more to this story available online!
For our purposes, there were two significant outcomes of the struggle over Enigma encryption in WWII:
Significant advances in computing: The bombe machines inspired by the Polish and developed by the British were electromechanical computers. Many consider them to be precursors to the modern computer. They were capable of accepting user inputs, performing calculations that would have been unfeasible for humans, and computing solutions to a serious problem.
The Brits made even further advances in computing when they built the Colossus, a computer designed to break the German high command’s Lorenz cipher. Though this encryption process was theoretically more powerful, it was also more vulnerable to analysis. The British codebreakers broke the Lorenz with math and analysis – without ever seeing the encryption machine itself.
While enormous, the advances in computing are beyond the scope of this article, so let’s stick to what we can learn about cryptography and cybersecurity:
The Germans weren’t entirely wrong in their belief that Enigma was unbreakable by contemporary means – it may have remained unbroken if it was part of a perfect system, but it wasn’t. When some German commanders recycled their Enigma settings, that sounds a whole lot like when people today reuse their passwords across multiple sites – a big mistake!
Even with its built-in flaws, the Enigma exhibited impressive encryption power. However, other parts of the process weren’t nearly as secure. The setting sheets used by Enigma operators are an example of an unsecure shared key exchange that introduces vulnerabilities to the system. The keys(Enigma settings) changed daily, but the sheets could be captured or photographed, and they were created by people who sometimes took shortcuts.
Today, we have processes like the Elliptic Curve Diffie-Hellman key exchange, which allows parties to exchange secure keys over unsecured connections and to change those keys with every connection they make.
The technology behind Enigma was sound, but the system was only as secure as its users let it be. There are tons of tools out there to keep you safe, like VPNs, ad blockers, and spam filters.However, it’s up to each and every one of us to stay vigilant and informed about cybersecurity threats so we don’t undermine our security tools.