The Enigma Cipher Challenge

Earlier this year, the Bombe rebuild team faced their toughest challenge yet from no less than GCHQ themselves. An Enigma machine was installed at the Cheltenham Science Festival and every day it was configured with new settings, just like in wartime. After a test message was sent, containing a phrase known to the Bombe team (to replicate wartime ‘cribbing’), visitors were invited to encrypt and then send messages to Bletchley Park. In B Block, the Bombe team used the original techniques to break the Enigma settings using ‘Phoenix’, our very own Bombe. Every day brought a new challenge as the Enigma settings were changed. This went on for the course of a week.

They scored 7 for 7. Typically, the correct Enigma settings were known to the team before noon. Conclusive proof of the capabilities of Turing, Welchman and Keen’s formidable machine and a great result for the Bombe rebuilders.

On the Saturday, in a nod to old and new technology, Enigma-encrypted messages were sent to Bletchley Park by morse code. The plaintext replies arrived in Cheltenham by Twitter.

Peter J Davis has uploaded this video of the challenge, it’s well worth a watch.

 

Inside The Bletchley Circle

Thursday 6th September 9pm sees the premiere of ‘The Bletchley Circle’ on ITV. This four-part fictional drama tells the story of three women who worked as code-breakers at Bletchley Park during the second world war. Now in 1951, they find themselves back together to solve a string of murders using the skills they acquired during wartime.

The opening episode features footage shot at Bletchley Park during the summer, mainly around Hut 11, home of Bletchley’s Bombe. Today, the series’s writer, Guy Burt, released these candid shots of the Park filming.

If you would like the chance to meet the real people who worked at Bletchley Park, there is no better opportunity than this Sunday’s Enigma Reunion (2nd September) . I’m really pleased to be touring this year. It’s always a magical day.

 

 

The Story of DOG

Sometimes Bletchley Park throws up the most fascinating little stories. Here’s one sent to me by Min Cornelius, part-owner of the Holly/Cornelius Toy and Memorabilia Collection, based at the Park…

The story of DOG, the soft toy made by Harry Molloy for his sister Edith’s little son Brian, on display in the WW2 toys and memorabilia collection at Bletchley Park

Harry Molloy joined the Navy in 1940, and after various ‘adventures’, he was serving as a gunner aboard R.N.A tanker El Ciervo.

Off Hamburg, his ship was attacked within the convoy. He was very badly wounded, and transferred to a destroyer and then a speed boat which carried him to safety and eventually to Devonport Naval Hospital.

After initial treatment, he was sent to Sherbourne R.N Hospital in Dorset. Six months of treatment there was followed by a collapse caused by peritonitis. After this set-back, Harry and other recovering patients were helped in their recover by periods of occupational therapy.

They were shown several crafts to enable them to learn to re-use their hands and wasted muscles. Harry got on very well with sewing, and as a result, DOG was made from a piece of patterned linen fabric which was then stuffed.

The toy has had a very special place within Harry’s family, as Harry gave it to Edith’s little son, Brian who, sadly, later passed away in childhood.

Some years ago, Harry  and Edith donated DOG to be on permanent display in The Holley/Cornelius Collection at Bletchley Park, home of the Codebreakers in WW2.

In 2011, Harry gave permission for DOG to be part of a very special exhibition in The Redoubt Museum at Eastbourne called Stitch for Victory. To Harry’s surprise and delight, Dog had a prominent place in the exhibition in a showcase all by himself, and was featured on the front of the leaflet promoting the exhibition. Harry and his wife Frances travelled down to see DOG, and were very proud of him.

Harry was unfit to return to active service, being 60% war-disabled, and awarded £7. 10. 0d (£7.50p) by the insurer’s of the tanker. Equivalent to about £195 in today’s money.

Some years after the war, Harry’s Grandson and wife brought a plastic ‘half dog’ to Harare in Rhodesia where Harry was living at the time.  This ‘half-dog’ was named Arthur (harfer dog) and put on half watch in the garden.

Later Harrry and his  wife Frances also moved to Australia taking Arthur half-dog with them.

After some time, Harry and Frances returned to England leaving family and Arthur behind.

Now comes the twist!!

Jane, the daughter in Australia is having a new house built in Bletchley Park, which is a new housing estate in Perth. So Dog on display in Bletchley Park England will have  a half brother also living in a place called Bletchley Park, but in Australia.

 

 

Colossus on a Raspberry Pi

One of only nine known photographs of Colossus

Like many oldies who ordered a Raspberry Pi, I was more taken that such a thing now existed rather than having any kind of specific plans for it. Never mind, I thought, something will come along. Sure enough it did. A little background first.

In 2007, Tony Sale and the volunteers at The National Museum of Computing at Bletchley Park had completed their magnum opus: The rebuild of Colossus. This saw a major milestone after many years of works by the team as they toiled to recreate the world’s first programmable computer in as authentic a fashion as possible.

Colossus was the ultimate expression of necessity being the mother of invention. In 1941, Bletchley Park was struggling with deciphering the German ‘Fish’ codes. These were high-command transmissions using an unknown enciphering system seemingly much more complex than Enigma. A breakthrough by John Tiltman, helped along unwittingly by some German radio engineers, had given the codebreakers vital clues into how the system worked. After three months obsessive work on the problem, Bill Tutte correctly ascertained how the traffic was being encrypted. They were now able to build an analogue of the deduced twelve-rotor system and had a solid method to crack the messages. The problem was the process took six to eight weeks per message.

The race was on to build machines that could speed up this process. After a few false starts, Tommy Flowers, who was working for the General Post Office’s research department at Dollis Hill, constructed a monster that could cut though the lion’s share of codebreaking work in just a few hours. This machine, Colossus, had such an impact on Bletchley Park’s abilities to read ‘Fish’ traffic that a total of ten were built towards the end of WWII. It wasn’t until after the war that the German secret machine was revealed, the Lorenz SZ40 & SZ42 ‘secret writers’.

So, back to 2007. A rebuilt Colossus partakes in the ‘Great Cypher Challenge’. A Lorenz cypher machine was taken to the Heinz Nixdorf museum in Paderborn, Germany. Over the course of a day, messages were enciphered using the device and transmitted over teleprinter code (‘non-morse’) just as they were in WWII. In Bletchley, modern-day ‘Y’ station operators listened in on old radio sets trying to record the signal. At about 3pm, a clear message was received and Colossus was set to work. A few hours later, and with a little help from it’s modern-day codebreakers, all twelve rotors settings for Lorenz had been found and the message decrypted. Champagne everywhere.

However.

In Bonn, a young cryptology enthusiast by the name of Joachim Schueth was also listening (fair enough, the competition was open to anyone). He had written some software that would not only act as an analogue for Colossus’ work (identifying the first five rotor settings) but would in fact handle the entire process from interception to revealing the plaintext message. He intercepted the message first time and had an answer 46 seconds later.

Jo has been kind enough to allow others to download his code, along with recordings of all three messages he intercepted, along with generous instructions on how to proceed. So, there was my first Raspberry Pi challenge, could it become a modern-day Colossus? It seemed appropriate after all, to see this little wonder of 2012 pit itself against it’s Granddad.

After a few tweaks I was able to get the whole process up and running on Eben and David’s little baby. Yes, the Raspberry Pi, running the standard Debian ‘Squeeze’ image, can not only replicate Colossus’ work but the whole process from interception to plaintext. Let’s call it Pilossus.

I thought others might like to have a go at running this themselves, so I’ve provided a simple tar ball that will get you up and running. Get your Pi booted up and we’ll start from a terminal prompt in your home directory.

Before you go any further, you must run the following command (especially if it’s a clean build of Debian), or the installation will not work).

$ sudo apt-get update

Now you can…

Download Pilossus 0.1 (tgz 12MB)

or, directly from your RasPi, run this:

pi@raspberrypi:~$ wget http://mrpjevans.com/downloads/pilossus-0.1.tar.gz

Once  you’ve got the package into your ‘pi’ home directory via wget, scp, usb stick, etc we should have this:

pi@raspberrypi:~$ ls
pilossus-0.1.tar.gz

First, uncompress the package in a suitable directory:

$ mkdir pilossus
$ cd pilossus
$ tar xvf ../pilossus-0.1.tar.gz

Now, run the script that will ensure you have all the bits and pieces you need:

$ ./install.sh

This will use apt-get to install or update any dependancies. It’ll probably take a few minutes and does require an Internet connection. Once downloaded, the binaries will be compiled from the Ada sources. There will be a couple of warnings, but these are nothing to worry about.

Once you see ‘Pilossus is ready’, the binaries required are now installed in /usr/local/bin and the scripts are ready to run from your current directory.

The cypher challenge comprised three messages. These are known here as 1200, 1600 and 1700 simply based on time of transmission. They had some variations in transmission type and how much information was given away in advance.

You can process and break these three transmissions from their raw audio form by running the script like so:

$ ./pilossus.sh 1200
$ ./pilossus.sh 1600
$ ./pilossus.sh 1700

Each process will take some time but will end with a lot of information including the results of analysis (the analogue for Colossus), the calculated wheel settings for Lorenz and the resulting plaintext. If you scroll up to the start of the plaintext output you will see a time reading. This shows how long it took to run the section that replicates the work of Colossus. I won’t spoil it for you but Colossus itself took around three hours.

If you would like to hear the original recordings, you can cd into the 1200UTC, 1600UTC or 1700UTC directories and enter ‘play A.mp3’.

If you want to run the codebreak again, you can ‘reset’ the system by running the ./clean.sh script. This removes all output files from a previous run.

Jo has released the source code and recordings of the original transmissions for anyone to download. However, the comments in the source files attribute copyright to DL2KCD and Joachim Schueth. Unfortunately I have been unable to contact Jo to ask permission. I am assuming that what I am doing here is simply an extension of the public release of his source and I make no assertions over copyright of this code. The scripts I have added (pilossus.sh and install.sh) may be considered Public Domain.

So, why not download the package and see how your Raspberry Pi compares to the granddaddy of them all, Colossus. The result is quite remarkable considering it’s a £20 computer the size of a credit card. How far we have come. Got a time reading? I would to hear about it in the comments.

 More information on the cypher challenge, and how he did it, can be found on Jo’s website
 
 

A Visit to La Coupole

About 40 minutes south of Calais there is a place that makes you wonder whether all those James Bond films were so far-fetched after all. The cliché has the evil genius entrenched in his lair; a heavily fortified high-tech bunker, typically in a volcano. Well, I can’t do volcano, but can provide a limestone quarry.

La Couple (‘The Dome’) was the name given to the conversion of a limestone quarry on the outskirts of Wizernes, a small village near Saint-Omer in the Pas-de-Calais region of northern France. It was literally an underground secret lair, to be packed full of Wernher von Brawn’s latest rocket technology – the V2. The intention was to build a subterranean missile base that could assemble, fuel and launch V2 rockets around the clock.

The German firm of Bauer and Nebel started planning the base in 1942. This involved carving out tonnes of limestone, burying into the side of the mountain. Something akin to a small underground city was created. A railway tunnel at ground level, previously used for removing limestone from the quarry, would become the delivery point for V2 rocket parts. These would then be assembled within the base, passing through a production line where workers would prepare the rockets for launch, finally fuelling them and adding their deadly payloads. The V2s would then exit the side of the mountain on rails and be transferred to the adjacent launch pads. Within five minutes, they would be falling on London.

In order to protect the base from aerial bombing, a massive concrete dome capped its top. Measuring 71m in diameter it was 5m thick and weighed an estimated 55,000 tonnes. Underneath, the ‘hexagon’ room was to act as the rocket production facility, processing 40-50 rockets per day for launch. 42 meters below the ground, rockets could be stored in the 6 kilometres of tunnels that had been dug by Soviet prisoners.

Fortunately, the base never saw operation and was never completed; not a single V2 was launched. Ground-breaking new stereoscopic photography techniques used by the British had identified the dome of Wizerne and it became a target of Operation Crossbow. After several failed attempts to destroy the base, on 17th July 1944, specially design Tallboy bombs carried by 16 Lancaster Bombers finally made their mark. The dome’s supporting structure was damaged, the concrete behemoth listing to the side, beyond repair.

Faced with the advancing forces that had made the D-Day landings a month before, the decision was taken to abandon La Coupole and it was never to fire a shot in anger. Today the dome still sits, listing, on the top of limestone quarry and you can experience the unique feeling of being beneath it’s massive structure.

Today La Coupole is a museum preserving the history of ‘what might have been’ but also as the French museum of the holocaust. A visit allows you to enter through the railway tunnel, explore some of the tunnels underneath and then ascend to the dome itself. Inside the dome are two museums, carefully separated to avoid distress to younger visitors. The first covers the history of rocket development and in particular the history of von Brawn’s advances in rocket technology all the way up to the Saturn V, which put man on the moon. The second is dedicated to those who lost their lives under the occupiers and makes for harrowing viewing. Descending down again you visit the uncompleted ‘Hexagon’, a Thunderbirds-esque construction that would have eventually been the assembly route for V2 launches.

La Coupole is an amazing and eye-opening visit, especially when you consider what might have been should this fortress have come to life. Many owe their lives to the brave members of the Operation Crossbow air forces who prevented those V2s from ever taking flight.

La Coupole Website

Additional information sourced from http://everything.explained.at/La_Coupole/
 

Papercraft Enigma

This has been doing the rounds on Twitter but I thought I’d show off my own attempt.

UK security firm Franklin Heath have put together an Enigma machine made out of paper. This really goes to show that Enigma is not a complex beast at all and you can make your own with some printouts and a handy Pringles tube. The result really works and could be used to decode any Wehrmacht Enigma message encyphered on a real machine (and vice versa).

Not a bad deal considering a real Enigma will cost you upwards of £150,000!

Go on, make your own

 

 

Why Ten Pairs?

Plugboard, here swapping A with J, and S with O. Photo Bob Lord (CC BY-NC-SA).

As you may know, the German military made a significant addition to the original Enigma design by adding the plugboard, or steckerbrett. The board has twenty-six sockets, one for every letter in the alphabet. The operator would use ten cables, each with a plug at each end, to ‘pair up’ twenty letters. This would have the effect of cross-wiring the keyboard before it’s electrical wires entered the rotors. So, a cable paired the A socket to the B socket would mean you had effectively pressed B, not A. This added significant complexity to the Enigma cypher.

One question I am often asked on tours is ‘why ten pairs?’. Surely it would make more senses to plug up every letter and completely scramble the keyboard? Well, not so fast. Adding the concept (and therefore probability) of an empty socket increases the odds significantly.

The maths itself is surprising. However, I’m going to hand over to PJ Bryant who explains how the optimal number of pairs is actually 11.

Optimal Stecker Combinations on an Enigma

 

 

GCHQ Challenge The Bombe Team

You never know what to expect next from Bletchley Park. Every time I turn up there something comes out of the blue that reminds me why it is one of the most fascinating places on Earth and this week was no exception. I knew the Bombe team were busy and ‘up to something’ and that GCHQ were involved, but not much more than that.

It turns out that GCHQ have challenged the Bombe rebuild team to a spot of codebreaking. As part of The Times Cheltenham Science Festival, GCHQ have teamed up with Bletchley Park to do something that hasn’t been done in a long time; live codebreaking using WWII technology. Best of all, the public can take part. They’ve been working away at this all week and this weekend it gets very special indeed.

GCHQ have set up an original Enigma machine on their stand at the festival. Every day the Enigma is reconfigured with new settings. As the public visit, they are offered the chance to operate the machine and encrypt a message of their choosing. The resulting ciphertext has been sent over Twitter to the Bombe team at Bletchley Park and they have to crack it. This is particularly difficult for our modern-day codebreakers as cribbing (guessing the partial content of the message) is going to be very difficult indeed. However, after about three hours on each day, the Enigma machine’s rotors, order, ring settings and plugboard (‘stecker’) configurations have been successfully identified.

On Saturday, the teams will be joined by the Cheltenham and Bletchley Amateur Radio Societies. They will add a further sense of authenticity to proceedings by relaying the messages from Cheltenham to Bletchley Park using morse code. The plaintext will then be Tweeted back in a nod to the progress of technology.

When a piece of ciphertext is handed to the codebreakers, they will first crib it. This is the process of identifying the position of known (or guessed) piece of text in the ciphertext. This is made easier as Enigma could never encipher a letter as itself, so bad positioning would often be given away by two letters matching between the ciphertext and plaintext. When the position of a piece of text has been established, a menu is then drawn up. This is a diagram showing which key-presses resulting in what ciphertext and potential links between them (the operator pressed ‘C’ and ‘J’ lit up, so they are connected). The rear of the Bombe contains a complex wiring system called the Diagonal Board. This can be ‘plugged up’ to match the menu. The Bombe now checks a range of possible settings using it’s array of 36 ‘Letchworth Enigmas’, analogues for the German machines. When a setting is found that could produce the menu, the machine stops and provides information on the rotor positions and the plugboard. Once a good ‘stop’ has been found, our codebreakers will then refine this information, filling in the gaps, until the full set up is known.

During WWII, the discovered settings would then be transferred to Typex machines, the British Enigma equivalent. They were of very similar design and could be modified to operate identically. Wrens (WRNS – Women’s Royal Naval Service) would operate these machines, converting the day’s ciphertext into plaintext.

This is one of the very few times Phoenix, the ‘rebuild’ Bombe, will have been used in anger, as the operators do not know whether the information output by the machine is correct until they verify it. Everything is being undertaken as authentically as possible. Messages are cribbed, menus drawn up, the Bombe is then ‘plugged up’ and ran. Each stop is tested on a rebuilt Checking Machine and when settings are found, plaintext is generated using an original modified Typex cipher machine. The plaintext is then tweeted back to the sender to prove their message could be read.

Here’s the decision you need to make. If you come to Bletchley Park this weekend, you can see real WWII-era codebreaking at work, including seeing the Bombe hunting for the settings. If you go Cheltenham, you have the very rare opportunity to operate a real Enigma machine and to have your code broken. A constant video linkup between the two sites will allow you to view progress. They’re running Saturday and Sunday, so why not do both?

http://www.gchq.gov.uk/Press/Pages/2012-science-festival.aspx

Follow @enigmachallenge and @bombeteam on Twitter to see the messages.