M-209
The M-209 , also known as the C-36 , also referred to by the German as AM-1 for "American Machine No. 1", is a portable mechanical rotor cipher machine that was widely used by the US military during World War II .
The portable encryption machine was mainly used by the US military during World War II, but was in active use until the Korean War . The M-209 was designated the CSP-1500 by the US Navy . The manufacturer's designation was C-38. It was designed by the Swedish cryptographer Boris Hagelin to meet the demand for a portable cipher machine. It is an improved version of the C-36.
The M-209 is about the size of a lunch box. The dimensions (L × W × H) are around 178 mm × 140 mm × 82 mm with a weight (including bag) of around 3.5 kg. The rotor scheme used is similar to that of the German telex cipher machine Lorenz SZ 40 or the secret telex T52 from Siemens & Halske .
Functional fundamentals
The operation of the M-209 is relatively straightforward. Six adjustable key rotors on the top of the housing each display one letter of the alphabet. These six rotors represent the external key for the machine and thus generate a starting position, similar to an initialization vector , for the encryption process.
To encrypt a message, the user first sets the key rotors to a random sequence of letters. The encryption / decryption switch on the left side of the machine is set to encrypt . The dial on the left is set to the first letter of the message, which is then encrypted by turning the crank handle on the right. When the key cycle is complete, the encrypted letter is printed on paper tape, the key rotors move forward one letter, and the machine is ready for the next letter.
The letter "Z" is encrypted to represent spaces between words in the message. If you repeat this process for the remaining letters, you get the complete ciphertext. B. can be transmitted in Morse code . Since the key rotors are set randomly at the beginning, it is necessary to transmit this setting to the recipient as well. It can also be encrypted, e.g. B. with a daily key, or transmitted as plain text .
The M-209 automatically divides the encrypted text into groups of five to improve readability. A letter counter on the top shows the number of letters encoded so far and could be used as an indicator if you made a mistake during encryption or decryption.
The decryption procedure is almost the same as that for encryption. The user sets the selector switch to decrypt and sets the key rotors to the same sequence that was used for the encryption. The ciphertext is entered letter by letter and decrypted by turning the hand crank. When the letter "Z" appears, a cam creates a space on the paper. Actual "Z" s in the message can usually be recognized by the user through the context.
An experienced M-209 user needed about two to four seconds for a letter, so processing was relatively quick.
Internal elements
Overview
Inside the case there is a much more complicated picture. The six key rotors have a small movable pin on the rotor for each letter. These pins can be moved left or right; the positioning influences the encryption process. The left position is inactive, the right one is active .
.png)
Each key rotor has a different number of letters and, accordingly, a different number of pins.
From left to right the rotors have the following letters:
- 26 letters, from A to Z
- 25 letters, from A to Z without W
- 23 letters, from A to X without W
- 21 letters, from A to U
- 19 letters, from A to S
- 17 letters, from A to Q
This deviation is selected so that the sizes of the rotors are coprime , which ultimately means that the rotors only return to the same position after 26 × 25 × 23 × 21 × 19 × 17 = 101,405,850 encrypted letters (this is also called period ) exhibit. Each key rotor is assigned a beveled metal guide arm, which is actuated by pins in the active position. The respective position of the pins on the rotor disks thus represents the first part of the internal key system of the M-209.
Behind the row of key rotors is a cylindrical drum consisting of 27 horizontal bars. There are two movable slides on each rod that can be positioned over the key rotors or in one of two neutral zero positions. An active stylus causes its guide arm to jump forward and touch the drum. The position of the sliders is the second part of the internal key system.
Since it was quite complicated to adjust this internal system, it was changed less often, in most cases about once a day. When the user turns the hand crank, the drum completes one complete revolution over all 27 bars. When a slide on one of the rods comes into contact with the guide arm of an active key rotor, that rod is shifted to the left; Sliders in a neutral position or those that do not touch a guide arm do not affect the rod. All rods that were pushed to the left form a variable-toothed gear wheel that shifts the letter that is to be encrypted. This shift is identical to the number of bars shifted to the left. The resulting key letter is printed on the paper tape. After the rotation is complete, the rods are pushed back again. A set of intermediate gears sets the key rotor to a position forward, and a lock arm hooks into the drum, to prevent a second passage, was until the shim set to the next letter.
This system allowed the shift to be changed for each encrypted letter; without it, the encryption would have been nothing more than a very insecure Caesar cipher .
Example configuration
Before encryption with the M-209 takes place, it is necessary for the user to set the machine according to a predefined template. This includes the positioning of the pins on each of the rotor disks as well as the settings of the slides on the drum bars. Usually these were exchanged between the sender and the recipient using a secret set of keys. The external position of the key rotors could then be selected at will by the sender (randomly) and transferred to the receiver via a secure channel.
Each letter on each rotor has a pen that can be slid to the left or right. A table that specifies these settings could e.g. B. look like this:
| rotor | Pin position |
|---|---|
| 1 |
AB-D---HI-K-MN----ST-VW---
|
| 2 |
A--DE-G--JKL--O--RS-U-X--
|
| 3 |
AB----GH-J-LMN---RSTU-X
|
| 4th |
--C-EF-HI---MN-P--STU
|
| 5 |
-B-DEF-HI---MN-P--S
|
| 6th |
AB-D---H--K--NO-Q
|
Letters that appear in the table have their pen in the right, active position, letters that do not exist (marked with a line) in the left, inactive position .
The drum has 27 rods, each with two slides . These sliders can be set to positions from 1 to 6 and are then aligned over a key rotor, or they are set to one of two “0” positions where they are inactive . A table containing these settings could look like this:
| pole | 1 | 2 | 3 | 4th | 5 | 6th | 7th | 8th | 9 |
|---|---|---|---|---|---|---|---|---|---|
| Slider | 3-6 | 0-6 | 1-6 | 1-5 | 4-5 | 0-4 | 0-4 | 0-4 | 0-4 |
| pole | 10 | 11 | 12 | 13 | 14th | 15th | 16 | 17th | 18th |
| Slider | 2-0 | 2-0 | 2-0 | 2-0 | 2-0 | 2-0 | 2-0 | 2-0 | 2-0 |
| pole | 19th | 20th | 21st | 22nd | 23 | 24 | 25th | 26th | 27 |
| Slider | 2-0 | 2-5 | 2-5 | 0-5 | 0-5 | 0-5 | 0-5 | 0-5 | 0-5 |
Rod 1 would have its slider on positions "3" and "6", rod 2 on "0" and "6" etc. Each slider in position "3" e.g. B. is pushed to the side by a guide arm when the currently active pin on rotor disk "3" is in the active position.
Finally, the external key is set by setting the key rotors to a specific or random sequence of letters. To test the internal key, the user sets the rotors to “AAAAAA” and then encrypts a message that also only consists of the letter “A”. The resulting ciphertext is then compared with a given string of characters.
The test message for the above setting is:
T N J U W A U Q T K C Z K N U T O T B C W A R M I O
The pins on the key rotors only come into play when they reach the bottom part of the rotation; at this point you can operate the guide arm, which then moves the rods to the left by means of the slide. The active pen is always shifted a certain number from the letter that is displayed. Are the letters displayed e.g. B. "AAAAAA", then the active pens / letters are "PONMLK".
Sample encryption
After the M-209 has been configured according to the above settings, the machine is ready to be encrypted. We take the example of the test message again, so the first letter is "A". The user sets the letter wheel to "A" and turns the hand crank. Since the key is "AAAAAA", the active letters are "PONMLK"; After the settings, "P" is inactive on the first rotor , "O" is active on the second, "N" is active on the third, "M" is active on the fourth, "L" is inactive on the fifth and " K “is active on the sixth. The guide arms that are assigned to the active pins are moved, in this case arms 2, 3, 4 and 6.
Any bar on the drum that has its slide in one of these positions will move to the left and become part of the variable gear that controls the output of the machine. In this case, rods 1, 2, 3 and 5-21 are pushed to the left, which makes a total of 20 rods, or 20 “teeth” on the gear. So the letter is shifted by 20 letters.
The M-209 uses a reciprocal substitution cipher , also known as the Beaufort scheme; the alphabet that was used in the plain text message is reversed:
| Plain text alphabet: |
ABCDEFGHIJKLMNOPQRSTUVWXYZ
|
| Key text alphabet: |
ZYXWVUTSRQPONMLKJIHGFEDCBA
|
If you leave out the shift at first, “A” becomes “Z”, “B” becomes “Y” etc. The shift is carried out to the left, e.g. B. a plain text "P" is assigned to the key text "K". If you move it three places to the left, you get an "N". If you get past the ends of the alphabet when moving, you just start again from the right. This approach is self-reversing; That is, the decryption uses the same table in the same way: a ciphertext "N" is entered as plain text; this corresponds to an “M” in the reverse alphabet. If you move this three places to the left, you get the original plain text again: "P". In the example above, the first letter was an “A”, which corresponds to a “Z” in the inverted alphabet. The displacement through the variable gear was 20; If we now shift the “Z” by 20 places to the left, the result is a “T”, which also corresponds to the first character in the test message.
At the end of the key cycle, all six key rotors are advanced by one digit each, the sequence of letters then displayed is “BBBBBB” and the active letters are “QPONML”. This will address other guide arms that interact with the drum and thus form another shift for the next encryption.
safety
The M-209 was well constructed for its time and usable in the field, but, like other machines of its time, not completely cryptologically secure. As with the German Enigma , it was technical weaknesses and operating errors that gave an introduction to the functionality and the respective settings of the M-209.
For example, since the M-209 only encrypted alphabetic characters, numbers always had to be expressed in words. This weak point in the M-209 encryption resulted in a large number of numbers appearing in the mostly 1000 to 4000 letter long messages. The German decipherers searched specifically for these written out numerals in order to deduce the further key. With a certain mathematical formula they could calculate the absolute setting from the relative one.
Another weak point was that changing the basic settings (on the pin wheels) was complicated and relatively seldom made due to the time required.
In 1943, German cryptanalysts were able to read M-209 messages regularly (see also this article ( Memento of February 3, 2006 in the Internet Archive ) for details). The deciphering of individual radio messages sometimes took up to a week, but the time could soon be significantly shortened by specially designed calculating machines.
A “deciphering machine” completed in September 1944 reduced the time to a maximum of seven hours. This deciphering machine consisted of four rollers with 26 slots each as well as punched sheet metal plates and numerous soldered cable connections. The machine consisted of two parts: a box the size of a desk, which contained the relays and the four rotating rollers, and another box with an edge length of 80 × 80 × 40 cm. The latter contained 26 by 16 lamp sockets with which the letters of the relative setting could be reproduced using incandescent lamps.
The M-209 messages thus deciphered contained, for example, explosive information and sometimes also references to imminent bombings of German cities, which were usually announced in radio messages about six to eight weeks before the implementation.
It is not known whether and how this news was last used on the German side. Field Marshal Erwin Rommel, for example, is familiar with the intensive use of intelligence, including those from deciphered messages.
Nonetheless, the M-209 was considered excellent for tactical use and was in use by the American armed forces until the Korean War .
Production and use
The first M-209 was sold to the French military in 1936, then still under the name C-36. At the beginning of the Second World War , Hagelin fled from Sweden to Switzerland , where he rebuilt his company under the name Crypto AG in Zug . His escape route leads him directly through National Socialist Germany. On his trip through Berlin he carried the plans of his machine with him.
Shortly after the start of the war, Hagelin found another major buyer in the US armed forces, who slightly modified the way the device worked and then named it M-209. The US military was won over by the small, cheap and reasonably secure design of this encryption machine. Production took place under license in the USA. Approximately 140,000 M-209s were built in the United States. As far as publicly known, it was the most popular encryption machine. This made Hagelin a millionaire.
From around the beginning of 1941, the Italian Navy used the Hagelin C-38m, a version of the M-209. Your code was deciphered in Bletchley Park in June 1941 , whereupon the losses of the German-Italian convoys to North Africa skyrocketed.
In addition, Fritz Menzer , a German cryptographer during World War II, built cipher machines that were based on Hagelin's design, but were cryptographically significantly stronger. Menzer's SG-41 was a purely mechanical device, with an internal structure similar to that of the M-209, but larger and with a keyboard. It was also only produced on a smaller scale, around 2,000 in total, for use by the German Abwehr , which used it from 1944.
The SG-41 was supposed to be the standard cipher machine for tactical use. However, since it was too heavy at 13.5 kg for front use, only 1,000 machines were to be produced by the end of 1944. Menzer also worked on two other encryption machines, a successor to the Enigma, the "SG-39" and a simple but relatively powerful portable machine, the "key box". However, none of these machines went into production. Had it come into use, it would certainly have created some problems for the Allied cryptanalysts, although their codes were no more difficult to break than those of the M-209.
After the war, Hagelin developed an improved model of the M-209, the "C-52". The C-52 had a period of 2,756,205,443 letters, interchangeable rotors, and a type wheel with a mixed alphabet. However, the C-52 was a machine of the last generation of classic encryption machines, since at that time the new digital technology enabled the development of much stronger encryption.
See also
literature
- Jean-François Bouchaudy: Genuine French WWII M-209 cryptograms. Cryptologia , 2019. doi: 10.1080 / 01611194.2019.1596180
- David A. Kahn: The Codebreakers. The story of secret writing. The Comprehensive History of Secret Communication from Ancient Times to the Internet. Revised and updated. Scribner, New York NY 1996, ISBN 0-684-83130-9 .
- George Lasry, Nils Kopal and Arno Wacker: Ciphertext-only cryptanalysis of short Hagelin M-209 ciphertexts. Cryptologia, 42: 6, pp. 485-513, 2018. doi: 10.1080 / 01611194.2018.1428836
- Klaus Schmeh : Code breakers versus code makers. The fascinating story of encryption. 2nd Edition. W3L-Verlag, Herdecke, 2008, ISBN 978-3-937137-89-6 .
Individual evidence
- ↑ Friedrich L. Bauer : Deciphered secrets. Methods and maxims of cryptology. 3rd, revised and expanded edition. Springer, Berlin et al. 2000, ISBN 3-540-67931-6 , pp. 140-141; Joachim Beckh: Lightning and Anchor, Volume 2: Information Technology, History & Backgrounds. Books on Demand, 2005, ISBN 3-8334-2997-6 , 978-3-833-42997-2 (pp. 269-270); FH Hinsley & Alan Stripp (eds.): Codebreakers: The inside story of Bletchley Park. Oxford University Press, Oxford, 1993, ISBN 978-0-19-280132-6
- ↑ Michael Pröse: Encryption machines and deciphering devices in the Second World War - the history of technology and aspects of the history of IT . Dissertation at Chemnitz University of Technology, Leipzig 2004, p. 61ff. PDF; 7.9 MB ( Memento of the original from September 4, 2009 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (last accessed on April 7, 2010)
Web links
- Dirk Rijmenants' M-209 Simulator for Windows
- Manual of the M-209 PDF; 2 MB (English) 1944, accessed on September 17, 2018.
- Jerry Proc's page on the M-209
B-21 | B-211 | CCM | CD-57 | CX-52 | Enigma | Fialka | HC-9 | Hebern's Electric Code Machine | HX-63 | KL-7 | Kryha | Lacida | Lorenz SZ 42 "Tunny" | M ‑ 130 | M ‑ 209 | M ‑ 325 | Nema | OMI | Portex | RM-26 | San-shiki Kaejiki | SG-39 | SG-41 | Siemens T52 "Sturgeon" | Sigaba | Sigcum | Singlet | Typex
