Floradora (cryptology)
Floradora was the English code name used in World War II , with which British codebreakers in Bletchley Park designated a German encryption method. In its ultimate form, it was based on a one-time key procedure (OTP). The American cryptanalytic service Signal Intelligence Service (SIS) gave it the systematic abbreviation GEC or GEE , where G stood for German . An alternative name was simply keyword ( German keyword ).
prehistory
Before and during the Second World War, the German services, such as the Wehrmacht , police , secret services , diplomatic services , SD , SS , Reichspost and Reichsbahn , used an abundance of different manual and machine methods for encryption .
As early as 1921, during the time of the Weimar Republic (1919–1933), the Germans Werner Kunze, Rudolf Schauffler and Erich Langlotz had suggested using blocks that were printed with randomly generated digits to encode the diplomatic codes of the time. They referred to this sequence of digits as "individual worm", or i-worm for short (today's technical term: one-time pad ; German literally " one-time block" ). The diplomatic service of the Foreign Office (AA) actually used this method. The procedure was retained even after the " seizure of power " (1933) and continued to be used by the now National Socialist AA , especially during World War II (1939–1945).
Procedure
The procedure used by the German side consisted of two steps. The first was based on a code book called "Deutsches Satzbuch" ( briefly referred to as DESAB by the SIS ), which contained five-digit numbers (00000 to 99999) as ciphertexts , to which certain terms, words or parts of sentences were assigned as plain texts .
There were several editions of the sentence book, the third (DESAB 3) contained around 31,500 code pairs and was used until December 1941. It was followed by the fourth (DESAB 4) with around 57,500 pairs, which was used from January 1942 until the end of the war . The use of code books is an ancient cryptographic method that is not considered particularly secure. The AA saw it no differently either. When using the sentence book, it was not a question of creating cryptographic security, but of converting ( alphanumeric ) plain text into a standardized (only consisting of five-digit groups) "intermediate text".
In the second step, the digits have been using the i-worm on down . Every single digit of the subtext is added to the corresponding digit of the i-worm individually and without carrying over. The result of this modulo addition is the ciphertext to be transmitted.
The authorized recipient of the ciphertext, who is in possession of the identical i-worm , can easily undo the mentioned second encryption step by subtracting digit by digit without carrying over and thus receives the original intermediate text . By looking up the five-digit code groups now obtained in the sentence book, the original plain text is finally visible again for him.
Provided that the i-worm was generated evenly randomly , does not fall into the wrong hands, i.e. remains secret, and is not used a second time, the process is demonstrably safe and can not be broken .
The Germans used three variants of the procedure described and were apparently so convinced of its “unbreakability” that they sometimes sent unimportant messages encoded with the sentence book alone (without encoding with the help of the i-worm ). This made it relatively easy for the SIS to reconstruct a large part of the sentence book (DESAB 3) at the beginning of 1940, well before the United States entered the war in December 1941 . In July 1940, the FBI even succeeded in “ felting ” a German courier on his passage through the Panama Canal on a Japanese steamer, thereby ensuring an intact DESAB 3 . The British side had also succeeded in reconstructing parts of DESAB 3 before they too came into possession of a German sentence book . This meant that the content of the code book, on which German confidence was not based, was no longer a secret to the Western Allies .
Trellis method
The Germans called the simplest variant the " espalier method ". This context to the coding was not done using an i-worm , but were instead involution (reciprocal) Bigrammtabellen used, similar to those from the Navy in connection with the Enigma used double letters exchange panels . In the case of letters (as in the navy), such exchange tables represent corresponding encodings in tabular form for all 26² = 676 possible double letters from AA to ZZ, for example AA-PQ, AB-CH, AC-OS and so on to ZZ-NG . In the case of digits, there are 10² = 100 possible two-digit numbers from 00 to 99. It is therefore a bigram substitution . The swap table was designed so that the swaps were involutorial, that is, if, for example, the number 27 was swapped for 89, then 89 was swapped for 27. This makes it easier to use the boards, because you don't have to differentiate between encryption and decryption . At the same time, however, this property also represents a cryptographic weakness. The decisive weakness of the espalier method, however, was that it always produced the same interchanges; in the example, 27 was always converted to 89. So it has similar weaknesses as other monoalphabetic substitutions and was relatively easy for the Allies to break. However, they only intercepted a few radio messages that were encrypted using the espalier method.
Basic procedure
The method described by the Germans as the "basic procedure" was the actual Floradora (the British in BP ) or GEC (the Americans from the SIS ). Here, too, no i-worm was used, but neither were the swap tables, but a book with additives, i.e. numbers that were added to the five-digit number groups in the subtext. The book was a hundred pages (00 to 99) with a hundred lines (00 to 99) each. In each of the 100 x 100 = 10,000 lines, six five-digit numbers were listed. While the first half of the book (pages 00 to 49) was used for encryption, the second half (pages 50 to 99) was for decryption. The corresponding groups of five consequently formed the appropriate complements, for example 43642 in the first half corresponded to 67468 in the second. As you can see, for any five-digit number the digit-wise addition of 43642 and then 67468 results in the original number.
The communication partners have to agree on the start address in the book, for example page 35, line 55, and can then take one additive after the other from their books. An additional “complication” that was introduced to make the process supposedly safe was the double use of such an additive. For this purpose, the second start address is shifted by an offset compared to the first .
The British in BP initially failed to break into Floradora in 1941 , while the SIS achieved isolated successes. However, by April 1942, neither of them made a lasting break-in. This began to improve significantly in May when a number of older sayings were deciphered, and Floradora was finally overcome in August 1942 . This was stated by Commander ( Commander ) Alastair Denniston (1881-1961), Head of the Government Code and Cypher School (GC & CS) of BP , expressly acknowledged by saying: "The cooperation with America was remarkably successful" ( English "liaison with America has been conspicuously successful ” ). From 1944 at the latest, practically all Floradora sayings could be read continuously.
Block procedure
The third variant, called the “block procedure”, called GEE by the Americans , was by far the safest method. If implemented correctly, it would have been unbreakable. As the American scientist Claude Shannon (1916–2001) proved shortly after the war, at the end of the 1940s, this is “ perfect security ”. An OTP is secure in terms of information theory. It cannot be broken.
However, this only applies if no errors occur. One possible mistake is not to generate the i-worm completely randomly . Creating real coincidence is actually not easy. Generating really good random numbers is still a headache today. The Germans then chose a machine method and built a printing press with 240 printing wheels. Each wheel had the ten digits from 0 to 9 in a different “scrambled” order. This enabled two pages of the disposable pad to be printed in one fell swoop. Then the wheels continued to turn and the next two pages were printed. The columns of numbers generated in this way look completely random to the human eye. American cryptanalysts of the SIS but under the direction of Thomas Wagoner, succeeded after tedious detail work to uncover this and the underlying algorithm to reconstruct . So they managed the seemingly impossible and from January 1945 even broke the GEE encryption.
literature
- Stephen Budiansky: Codebreaking with IBM Machines in World War II. Cryptologia , 25: 4, 2001, pp. 241-255, doi: 10.1080 / 0161-110191889914 .
- Ralph Erskine : From the Archives - What the Sinkov Mission brought to Bletchley Park. Cryptologia, 27: 2, 2003, pp. 111-118, doi: 10.1080 / 0161-110391891793 .
- PW Filby: Floradora and a Unique Break into One ‐ Time Pad ciphers. Journal of Intelligence and National Security, 10: 3, 1995, pp. 408-422, doi: 10.1080 / 02684529508432310 .
- Cecil Phillips: The American Solution of a German Onetime-Pad Cryptographic System (G-OTP) , Cryptologia, 24: 4, pp. 324-332, doi: 10.1080 / 01611190008984249 .
- Frode Weierud and Sandy Zabell : German mathematicians and cryptology in WWII. Cryptologia , 2019, doi: 10.1080 / 01611194.2019.1600076 .
Individual evidence
- ↑ Ralph Erskine: From the Archives - What the Sinkov Mission brought to Bletchley Park. Cryptologia, 27: 2, doi: 10.1080 / 0161-110391891793 , p. 113.
- ↑ Frode Weierud and Sandy Zabell: German mathematicians and cryptology in WWII. Cryptologia, doi: 10.1080 / 01611194.2019.1600076 , p. 37.
- ↑ Claude Shannon: Communication Theory of Secrecy Systems (PDF; 563 kB). Bell System Technical Journal, Vol. 28, 1949 (October), pp. 656-715.
- ↑ Ralph Erskine: From the Archives - What the Sinkov Mission brought to Bletchley Park. Cryptologia, 27: 2, doi: 10.1080 / 0161-110391891793 , p. 114.