[Next] [Up] [Previous] [Index]

Isomorphs

It is possible to break even the complicated cipher produced by a rotor machine. Especially when only one rotor moves with every letter enciphered, that rotor is at either the input or output end of the rotor machine, and no other rotor moves more often than once every 26 letters.

Of course, having some cribs, that is, plaintext for a number of cipher messages, will be helpful. As will cracking the 'indicator system', that is, the method by which the sender notifies the recipient of the starting positions of the rotors for each message.

When only one rotor moves, and the rest of the machine stands still, and the moving rotor is on the outside, then the only difference between the cipher applied for one such period of 26 letters and any other is a monalphabetic substitution.

With a number of cribs, one may be able to reconstruct little pieces of the fast rotor relative to more than one of the monalphabetic substitutions produced by the others, and it may even be possible to link these pieces together.

For the case where the fast rotor is the last one, the one whose output is the ciphertext, this process proceeds as follows:

Let us suppose that at one point within a message whose plaintext is known, the letter E becomes Q. At another point within the same message, separated by an exact multiple of 26 letters, the letter A becomes Q.

Then, the letter E in the one part of the message, and the letter A at the other part of the message, lead to the same output from all the rotors other than the fast rotor. Thus, other occurrences of the letter E in the plaintext near the one involved in this relationship, and other occurrences of the letter A in the plaintext near the occurrence of the letter A involved in this relationship, are likely to provide more information about the fast rotor.

Contradictions obtained in attempting to glean information about the fast rotor indicate when the medium rotor moves, then allowing other information about the fast rotor to be obtained with more confidence.

Once it becomes possible to nullify the effect of the fast rotor, the isomorph method then greatly facilitates solving messages.

If you know the wiring of all the rotors, and you have some known plaintext, and the fast rotor is on the outside, the procedure is to try each rotor, in all 26 rotational positions as the fast rotor (this amounts to 130 trials for a machine with five rotors) until you find one that produces a monalphabetic result. If the fast rotor is on the output side, you use it to decipher the ciphertext. If it is on the input side, you use it to encipher the plaintext. Either way, if the plaintext and ciphertext are made to match, so that repeated letters in both match up, you have found an isomorph.

Note that while frequent or complicated rotor movement can make it impossible to mount an isomorph attack, having the fast rotor in the middle of the rotor stack makes such an attack more difficult, since one has mixed alphabets to deal with, and these will not be the same in all messages, it does not make attacks based on this principle completely impossible.

[Next] [Up] [Previous] [Index]