Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog

Channel Description:

Military and intelligence history mostly dealing with World War II.

older | 1 | .... | 20 | 21 | (Page 22) | 23 | 24 | 25 | newer

    0 0
  • 09/01/17--01:21: Update
  • In The Japanese FUJI diplomatic cipher 1941-43 I’ve added the following:

    The OKW/Chi designation for FUJI was system J-13/J2B4BCüRuW (Japanese 2-letter and 4-letter code with stencil and transposition – Raster und Würfel). FUJI messages were first solved thanks to a repeat message sent from Paris to Tokyo. The first message and the repeat had the same plaintext (with small variations) and they had both been enciphered with the same key. This mistake facilitated their solution and the basic characteristics of the system were identified.

    The solution of the daily transposition settings and the different stencils was taken over by personnel of the mathematical research department, specifically by the mathematician dr Werner Weber.

    According to Part 3 of the report I-181 ‘Homework by Dr Werner Weber of OKW/Chi’, Weber started working on Japanese diplomatic messages in July ’41 and he identified the system as a transposed code. The underlying code for some of the messages was the previously solved LA code, thus they could be read. The rest of the messages had a new code.

    Solution of the new system and recovery of the code proceeded slowly in 1941. In September ’41 Weber was allocated a small staff to help him with the Japanese traffic and by February ’42 some material could be read. During the year the new system was solved and most of the circular and European/Middle East traffic could be read. In the period summer ’42 to summer ’43 the previous year’s indicators were reused and the old transposition keys and stencils were either repeated or were modified in a predictable manner (with some exceptions).

    0 0
  • 09/03/17--23:37: Soviet cryptologic history
  • The following interesting articles cover important aspects of Soviet cryptologic history:

    0 0
  • 09/10/17--23:04: NSA Early Computer History
  • Several reports on NSA cryptanalytic computers have been uploaded to the NSA website:

    0 0
  • 09/27/17--06:05: TICOM DF-240
  • The NSA FOIA office has released the TICOM report DF-240‘Characteristics, Analysis and security of cryptographic systems’. Google drive link.

    Contents of the file:

    240 A - Table of contents

    240 B - Analysis of Enigma cipher machine type K

    240 Part 1 - Treatise on cryptography

    240 Part 2 - Treatise on cryptography

    240 Part 3 and 4 - Treatise on cryptography


    0 0

    In the course of WWII the Allied and Axis codebreakers attacked not only the communications of their enemies but also those of the neutral powers, such as Switzerland, Spain, Portugal, Turkey, Ireland, the Vatican State and others (1).
    Switzerland was a traditionally neutral country but during the war it had close economic relations with Germany and it also acted as an intermediary in negotiations between the warring nations. Important international organizations like the Red Cross and the Bank of International Settlements were based in Switzerland.

    Naturally both the Allies and the Germans were interested in the communications of the Swiss government.

    Swiss diplomatic codes and ciphers

    The Swiss Foreign Ministry used several cryptologic systems for securing its radio messages. According to US reports (2) several codebooks were used, both enciphered and unenciphered. These systems were of low cryptographic complexity but had an interesting characteristic in that the same codebooks were available in three languages.

    French, German and Italian were the recognized official languages of Switzerland. The codebooks of the Swiss foreign ministry had versions in French, German and English.

    Apart from codebooks the Swiss also used a number of commercial Enigma cipher machines at their most important embassies.

    The Swiss Enigma K cipher machine

    Since the 1920’s the Enigma cipher machine was sold to governments and companies that wanted to protect their messages from eavesdroppers.

    The latest version of the commercial Enigma machine was Enigma K. In WWII this device was used by the Swiss diplomatic service and armed forces.

    The device worked according to the Enigma principle with a scrambler unit containing an entry plate, 3 cipher wheels and a reflector. Each of the cipher wheels had a tyre, marked either with the letters of the alphabet or with the numbers 1-26, settable in any position relative to the core wheel, which contained the wiring. The tyre had a turnover notch on its left side which affected the stepping motion of the device.

    The position of the tyre relative to the core was controlled by a clip called Ringstellung (ring setting) and it was part of the cipher key, together with the position of the 3 cipher wheels. 

    The commercial version was different from the version used by the German Armed Forces in that it lacked a plugboard (stecker). Thus in German reports it was called unsteckered Enigma.

    In 1938 the Swiss government purchased 14 Enigma Dcipher machines, together with radio equipment. The next order was in 1939 for another 65 machines and in 1940 they received 186 Enigma K machines in two batches in May and July ’40. The Enigma cipher machines were used by the Swiss Army, Air Force and the Foreign Ministry (3).

    Military version

    The majority of the Enigma machines were used by the Swiss Armed Forces. Apparently the Swiss were aware of the Enigma weaknesses so they modified their machines.

    The wheels were rewired and the stepping motion of the device was altered (4).

    In regular Enigma machines the movement of the rotors was predictable due to their having only one notch. The fast rotor moved with every key depression, the middle rotor moved once every 26 key depressions and the slow rotor (the left one) moved only once every 676 key strokes (26x26).

    The Swiss military modified their Enigmas so that the middle rotor moved with every key depression, instead of the one on the right.

    During WWII it seems that these security measures paid off since there is no indication that either the Allies or the Axis were able to solve Swiss military Enigma traffic.

    US effort

    The US and UK effort was concentrated on the Swiss diplomatic Enigma traffic, thus it does not seem like they were able to solve any military traffic.

    The report ‘European Axis Signal Intelligence in World War II’, vol1 (dated May 1946) says in the ‘Results of European Axis cryptanalysis’ - Switzerland that the Enigma traffic SZD-1 was solved but not SZD-2 and SZD-3.

    SZD and SZD-1 were diplomatic traffic and it is possible that SZD-2 and SZD-3 were the US designations for Swiss military traffic.

    The special research history SRH-361 ‘History of the Signal Security Agency volume two - The general cryptanalytic problems’ mentions, in chapters VII and XVI, the Swiss diplomatic Enigma but not the military version.

    Thus there is no indication that the Anglo-Americans solved the military traffic.

    German effort

    During WWII the German Army made extensive use of signals intelligence and codebreaking in its operations against enemy forces. German commanders relied on signals intelligence in order to ascertain the enemy’s order of battle and track the movements of units.

    The German Army’s signal intelligence agency operated a number of fixed intercept stations and also had mobile units assigned to Army Groups. These units were called KONA (Kommandeur der Nachrichtenaufklärung) - Signals Intelligence Regiment and each had an evaluation centre, a stationary intercept company, two long range signal intelligence companies and two close range signal intelligence.

    The KONA units did not have the ability to solve complicated Allied cryptosystems. Instead they focused on exploiting low/mid level ciphers and even in this capacity they were assisted by material sent to them by the central cryptanalytic department. This was the German Army High Command’s Inspectorate 7/VI

    Inspectorate 7/VI had separate departments for the main Allied countries, for cipher security, cipher research and for mechanical cryptanalysis (using punch card machines and more specialized equipment).

    Swiss ciphers were worked on by Referat 3 (France, Switzerland, Spain, Portugal), headed by Sonderführer Hans Wolfgang Kühn. In the period 1941-42 this department solved Swiss hand ciphers and did some research on the Swiss military Enigma (5).

    The War Diary of Inspectorate 7/VI shows that in 1941 Swiss traffic was intercepted and worked on by the fixed intercept station Strasbourg (Festen Horchstelle Strassburg). Some hand ciphers were solved but by late ’41 it was clear that the Enigma machine was entering service and that it would replace the old cipher procedures.

    Report of November 1941:

    Referat 3


    Der Spruchanfall der Schweiz ist sehr gering geworden. Alle Anzeichen deuten darauf hin, dass die Schweiz das Schwergewicht ihrer Verschlüsselungsmethoden auf die Maschine verlegt hat. Aus Chi-Spruch inhalten geht hervor, dass die 'Enigma' in Verwendung ist. (Vergleiche hierzu die VN-Meldungen: 1/41 Spruch)

    Maschinensprüche liegen in geringer Anzahl bereits vor und werden ständig beobachtet bis eine in Arbeit nahme möglich wird.

    In late 1941 and early 1942 there were several meetings with officials of the Foreign Ministry’s deciphering department Pers Z in order to discuss the Swiss Enigma problem.

    In October 1941 Kühn (head of Referat 3) and dr Steinberg (member of the mathematical research department) met the Pers Z’s dr Kunze and discussed the Swiss Enigma procedure. The Inspectorate 7/VI officials wanted to clarify if the military version of the Swiss Enigma used the same wheel wirings as the diplomatic one. However due to the limited intercepted traffic it was not possible to solve this issue.

    Sonderführer Kühn and dr Kunze met again in January and March 1942. The March ’42 report says that an Enigma machine with Swiss wheel wirings was loaned to the department for a short time.

    Dr Buggisch, an Army cryptanalyst who specialized on cipher machines, examined the Swiss Army messages and worked out a theoretical method of solution which however depended on knowing the wheel wirings (6).

    Despite these efforts the Swiss military Enigma was not solved and from August 1942 Swiss radio traffic was monitored but not actually worked on.

    Diplomatic version

    According to US and German reports (7) the diplomatic Enigma was used on the links Bern-Washington, London, Berlin, Rome.

    The diplomatic Enigma machines were rewired by the Swiss but their stepping system was not modified.

    During WWII both the Anglo-Americans and the German codebreakers were able to solve Swiss Enigma diplomatic traffic.

    US/UK effort

    The codebreakers of the US Army Security Agency devoted most of their resources against German and Japanese ciphers but they did not neglect to solve the cryptosystems of neutral countries.

    The postwar report 'Achievements of the Signal Security Agency in World War II’ (dated February 1946) says in page 31 that ‘The traffic of the Swiss Government provided cryptanalytic problems of moderate difficulty and owing to the fact that the Swiss served as representatives of belligerents in many countries, Swiss traffic was an important source of information’.

    Swiss crypto systems were worked on by a sub unit of the Romance Language Code Recovery section, created in December 1942. The Swiss unit was joined with the French Code Recovery unit in March 1943 but in August 1944 it was made independent again. The unit worked on the Swiss codebooks while the Enigma traffic was solved by the machine cipher section and the results passed to the Swiss unit for further processing. The Swiss Enigma was designated system SZD and work on it started in December 1942, with the first translations issued in July 1943 (8).

    The US codebreakers cooperated closely with their British counterparts on the systems of neutral countries, including Switzerland. The British had better coverage of European radio traffic and had been working on these systems for a long time.

    Regarding the Swiss Enigma traffic the British had exclusive coverage of the link Bern-London and the Americans of Bern-Washington (9).

    According to US reports (10) messages were either in French, German or English and numbers were sandwiched between X and Y with the figures 1234567890 substituted by the letters QWERTZUIOP respectively.

    Up to late 1942 the internal settings (wheel order and ring settings) were valid for a week and the same key was used for the links Bern-Washington-London.

    The cipher machine employed only 3 wheels which the Anglo-Americans called ‘Blue’, ‘Red’ and ‘Green’. The wheels however were rewired frequently. One set was used for the period August ’42 - 6 April ’43 then new wirings for the period 7 April ’43 - 31 December ’43 and the last one mentioned in the report covers the period January ’44 – October’44. These wirings were received by the British codebreakers (11). 

    Originally the indicator (showing the starting position of the rotors) was sent in the clear but from August 1942 it was enciphered. The cipher clerk chose a random position for the wheels and enciphered the ring setting on it to produce the message’s setting.

    In 1943 the cipher procedure was changed and a large set of numbered keys were used with the internal key (wheel order and ring settings) being determined by the serial number of the message. The indicator procedure remained the same, with the cipher clerk choosing a random setting for the wheels and enciphering the ring setting on it to get the message’s key. Different numbered keys were introduced for each link.

    From February 1944 some messages were doubly enciphered. The first indicator worked in the manner already described previously. Then the cipher clerk chose another random 4-letter indicator, set the wheels on it and enciphered the text one more time, including the first indicator. The second indicator was sent in the clear as the first group and repeated anywhere within the first ten groups of text.

    The messages were sent in 5-letter groups with the first 4 letters being the indicator. Some messages had the following coded designations: Saturn, Wega, Merkur, Helos, Nira, Urania. These were indicators of content with Wega referring to shipping and transport matters, Saturn dealing with trade and Merkur with finance.

    Example of Swiss telegram (12):

    Solution of the Swiss Enigma depended on the use of stereotyped beginnings and on operator mistakes. The Enigma settings were recovered by using ‘cribs’ (suspected plaintext in the ciphertext) and sometimes ‘cillies’ (mistakes/non random choices by the cipher clerks) (13).

    Some of the cribs used on the link Bern-Washington were: ‘Von Wanger fuer transport’, ‘Fuer transport’, ‘Pour transport’, ‘Transport’, ‘Wanger’, ‘Surcommerce’, ‘Fuer surcommerce’, ‘Handel’, ‘Ihr X’, ‘Unser X’, ‘Votre X’, ‘Fuer Wanger’, ‘Fortsetzung’.

    IBM punch card equipment was used to speed up the solution.

    Occasionally messages could be solved by using the indicators. As has been mentioned previously each message had a 4-letter indicator, chosen by the cipher clerk. After setting the wheels at the letters of the indicator the operator then enciphered the ring setting on the machine in order to get the message key. The 4 letters of the external indicator were supposed to be chosen at random, however sometimes the cipher clerks would choose the setting which they found in their machine after setting up the ring setting clips. This was usually one or two positions forward of the clip setting.

    These non random indicators could be exploited to solve the Enigma:

    The Swiss SIGABA

    After recovering the internal settings of the device and the message key it was possible to decode the intercepted traffic.

    Instead of buying a commercial Enigma machine and rewiring it to Swiss specifications the US codebreakers modified one of their SIGABA cipher machines, thus turning it into a Swiss Enigma clone.

    Content of the messages

    In general Swiss diplomatic traffic was judged to be of low intelligence value. Most messages dealt with Swiss trade, activities on behalf of the Red Cross, prisoners of war, Swiss representation of interests of other countries, conditions of neutrals in warring countries etc. Messages judged to be valuable were those that dealt with Swiss trade, Swiss representation of the interests of third countries and those concerning abuse of the Swiss diplomatic pouch.

    Out of all the Swiss crypto systems the Enigma cipher was the most important and in 1943 out of 906 Bern-Washington intercepts 266 were published in reports (14).

    Effects of improved security procedures

    In 1943 the introduction of a different rotor arrangement for each pair of messages complicated the solution of Swiss Enigma traffic. From then on the US codebreakers would have to identify the rotor order, the ring settings and the starting position of the rotors for each two messages.

    It seems that due to the limited value of the Swiss messages and the significant resources needed for regular solution of the individual key settings by late 1943 the Swiss Enigma problem was downgraded in terms of importance and the traffic was mostly used for training purposes. The keys to the Bern-London traffic were received from the British (15).

    German effort

    Foreign diplomatic codes and ciphers were worked on by three different German agencies, the German High Command’s deciphering department – OKW/Chi, the Foreign Ministry’s deciphering department Pers Z and the Air Ministry’s Research Department - Reichsluftfahrtministerium Forschungsamt.

    OKW/Chi effort

    At the High Command’s deciphering department - OKW/Chi, Swiss diplomatic systems were worked on by a subsection of main Department V. Depending on the source this was either Section 5 (France, Switzerland), headed by dr Helmuth Mueller or Section 2 (Switzerland), headed by dr Peters (15).

    According to dr Erich Hüttenhain, chief cryptanalyst of OKW/Chi, the Swiss Enigma machine was solved by his unit. The wirings of the wheels changed every 3 months but they were not changed on all the links simultaneously. The machines on the link Bern-Washington continued to use the old wirings for some time thus these messages could be solved and they provided ‘cribs’ which could be used to solve the Bern-London traffic and recover the new wirings (17).

    The TICOM report I-45 ‘OKW/Chi Cryptanalytic research on Enigma, Hagelin and Cipher Teleprinter machines’ describes three methods for solving the commercial Enigma machine.

    1). By using ‘depths’ (messages enciphered on the same wheel settings):

    If 20 to 25 messages of the same setting are available then the solution of these messages can be done in an elementary manner ie, the columns of the encoded texts written under one another in depth are solved as a Spaltencasar. In this the reciprocity of the substitutions is made use of to a great extent. In the solution procedure no other characteristic of the machine is used. This is also valid for the elementary solution of Stocker Enigma. After this elementary solution of the encoded texts the determination of the machine setting presents no difficulties.’

    2). By using a ‘crib’ (suspected plaintext in the ciphertext) and taking advantage of the regular stepping of the Enigma. In the example given the crib ‘gabinetto alt’ is used:

    3). By using the E-Leiste (E-List) method. This method was based on comparison of the frequency of the letter E in clear text and in the examined cipher text. According to the report this was only a theoretical solution and it was not used in practice since the ‘crib’ method sufficed:

    With the K-machine six different wheel orders are possible. The adjustable Umkehr wheel can be set in twenty-six different positions. The periods of the three moveable wheels is about 17,000 steps, There are therefore 6 x 26 = 156 different periods of 17,000 long respectively possible. If in each of the 156 different periods the clear letter e is encoded 17,000 times, then 156 rows of encoded elements results, each 17,000 long. All these rows of encoded elements are designated e-Leiste.

    The clear letter e appears in German with a frequency of 18%. If a German clear text encode with the K-machine is moved through the e-Leiste and if in each position the corresponding encoded elements are counted, then the correct phase position will have the maximum cases of correspondence. In this the Ringstellung need not be considered. The e-Leiste need only be prepared once. The comparison of the encoded text with the e-Leiste would have to be carried out on a machine. In order to come to a positive conclusion in a reasonable time, then several machines would have to be used at the same time, even if one machine was capable of making 10,000 comparisons per second.

    In GERMANY a practical solution with the aid of the e-Leist was not carried out, as in, practice the method of solution from a part compromise was always possible.’

    Pers Z effort

    At the Foreign Ministry’s deciphering department Swiss systems were worked on by a group headed by Senior Specialist dr Wilhelm Brandes. This section, which dealt with French, Dutch, Belgian, Swiss and Romanian ciphers, successfully solved several Swiss codebooks and the Enigma machine.

    In TICOM report I-22 ‘Interrogation of German Cryptographers of Pers Z S Department of the Auswaertiges Amt’ (18) there is some information regarding the Swiss Enigma.

    In page 14 Dr Rudolf Schauffler (head of Pers Z) said that ‘The commercial type Enigma used by the Swiss was sometimes solved by stereotyped beginnings and known settings. The Swiss used to include in their messages the machine settings for the next message’.

    In page 20 it says that ‘Dr. Brandes was unable to state the exact dates when the Swiss Eniqma was read but said that it was read completely for a considerable time. [Comment: the phrasing of his statement implied that there was also a time when it was partially readable].

    These statements can be confirmed by the Pers Z file ‘Bericht der Belgisch-Französisch-Schweizerischen Gruppe Stand 31.12.1941’ (19) since it contains reports that mention the Swiss Enigma traffic.

    The report of Group Brandes for 1940 says that most of the Swiss diplomatic traffic was sent using letter codebooks. However from the end of May 1940 traffic between Bern-Berlin and Bern-London had been sent using the Enigma machine. According to the report ‘a solution should be possible with ample material and sufficient personnel’.

    According to the report for 1941 the Swiss Enigma was solved thanks to a partial solution provided by the Forschungsamt. In order to process this traffic two Enigma machines were purchased and rewired according to the Swiss specifications and the results passed on to the FA. In some cases the inner settings of the device were given in the telegrams. The machine was used on the links Bern - Berlin, London, Washington.

    Apart from the Forschungsamt’s assistance there was also exchange of information between Pers Z and Inspectorate 7/VI on the Swiss Enigma. A detailed report on the solution of the commercial Enigma was found in the Pers Z files (20). This was written by Inspectorate 7/VI mathematician dr Rudolf Kochendörffer (21). It involved obtaining many messages in depth, reading these messages by solving the successive (monoalphabetlc) columns of superimposed text and then applying the resultant cribs to recovering the wirings of the rotors.

    Forschungsamt effort

    At the Air Ministry’s Research Department Swiss systems were worked on by Abteilung 8, Branch A, Section 3 (Holland, Switzerland, Luxembourg, Abyssinia). The department had about 30-40 workers (22).

    According to dr Martin Paetzel (deputy director of Main Department IV - Decipherment) ‘their main machine success was with the Swiss Enigma as long as the same machine setting was used over a longish period’ (23).

    More details about the Forschungsamt solution of the Swiss Enigma are given by Bruno Kröger in TICOM reports DF-240 and DF-241 (24). Kröger was the FA’s cipher machine expert and during the war he solved several foreign cipher machines.

    The Swiss Enigma was first solved as a polyalphabetic substitution cipher, by processing several messages sent on the same key. The solution of these ‘depths’ led to the recovery of the wheel wirings and the further exploitation of the traffic. When the wheels were rewired it was possible to recover the new settings by using assumed plain text-cipher text cryptanalytic attacks. It took 5-6 workers about 1-6 weeks to recover the wiring of the first rotor and then they could quickly recover the wiring of the remaining two rotors.

    Eventually the use of enciphered indicators and individual internal keys for each message (or pair of messages) made it too costly to work on this traffic, so the FA had to give up on it. According to Kröger this decision was made in early 1944.

    Postwar developments – The new cipher machine and dr Kröger’s confession

    At the Swiss Army’s Cipher Bureau (headed by Captain Arthur Alder, a professor of mathematics at the University of Bern) a new cipher machine was designed in the period 1941-43,  for use by the country’s armed forces and diplomatic authorities (25).

    The device was based on the Enigma principle with a scrambler unit containing wired rotors and a reflector. However the new cipher machine, called NEMA, had a much more complex stepping system than standard Enigmas. The device had 10 rotors, out which 4 were the alphabet rotors, 1 was a reflector that could move during encipherment and 5 stepping wheels controlling the motion of the device.

    The NEMA (Neue Maschine) was much more secure than a commercial Enigma machine and it entered service in 1947.

    In 1948 a letter was sent to the Swiss government. The letter was written by dr Kröger, the Forschungsamt’s cipher machine expert, and in it he described how the Swiss Enigma was solved during the war. His conclusion was that the commercial Enigma could not satisfy the current security requirements. Kröger then offered his services to the Swiss government (26).


    (2). European Axis Signal Intelligence in World War II, vol1 table ‘Results of European Axis cryptanalysis’ and US report ‘Swiss Cryptographic Systems’ (found in NARA - RG 457 - NR3254 'Foreign Cryptographic Systems, 1942-1945')

    (5). Kriegstagebuch Inspectorate 7/VI - German Foreign Ministry’s Political Archive - TICOM collection – files Nr 2.755-2.757

    (6). TICOM I-176‘Homework by Wachtmeister Dr. Otto Buggisch of OKH/Chi and OKW/Chi’, p3

    (7).  US report ‘Swiss Cryptographic Systems’  and German Foreign Ministry’s Political Archive - TICOM collection - file Nr. 2.050 - Berichte Gruppe Frankreich, Belgien, Holland, Schweiz, Rumänien 1939-1942

    (8). SRH-361 ‘History of the Signal Security Agency volume two - The general cryptanalytic problems’, chapters VII ‘The Swiss systems’ and XVI ‘The machine cipher section’.

    (9). US report ‘Swiss Cryptographic Systems’, p3

    (10). NARA - RG 457 - Entry 9032 - files NR3820 ‘Swiss diplomatic machine cipher SZD’, NR3821 ‘Swiss random letter traffic’, ‘SZD various notes’, NR3254 ‘Swiss Cryptographic Systems

    (11). NR3820 ‘Swiss diplomatic machine cipher SZD’, p23

    (12). NR3820 ‘Swiss diplomatic machine cipher SZD’, p6

    (13). NR3820 ‘Swiss diplomatic machine cipher SZD’, p3-5

    (14). NR3254 Swiss Cryptographic Systems’, p4-5

    (15). ‘SZD various notes’, NR3254 Swiss Cryptographic Systems’ and SRH-361 ‘History of the Signal Security Agency volume two - The general cryptanalytic problems’, pages 237-238.

    (16). TICOM I-123, p3 and TICOM I-150, p2

    (17). TICOM I-31'Detailed interrogations of Dr. Hüttenhain, formerly head of research section of OKW/Chi, at Flensburg on 18-21 June 1945’, p14

    (18). TICOM I-22, paragraphs 113, 160 and 163

    (19). German Foreign Ministry’s Political Archive - TICOM collection - file Nr. 2.050 - Berichte Gruppe Frankreich, Belgien, Holland, Schweiz, Rumänien 1939-1942

    (20). ‘European Axis Signal Intelligence in World War II’ vol 2, p76

    (22). TICOM I-54, p2 and TICOM DF-241 ‘Part 1’, p10

    (24). TICOM DF-240-B ‘Analysis of the Enigma cipher machine type K’, DF-240’Parts III and IV’, p14-15 and DF-241‘Part I’, p23

    Acknowledgements: I have to thank Frode Weierud for sharing the reports ‘Swiss diplomatic machine cipher SZD’, ‘Swiss random letter traffic’, ‘SZD various notes’.

    Additional information:

    The E-List method mentioned in TICOM report I-45 was also known to the US codebreakers. Their solution is described in the report ‘Suggested general solution for the commercial Enigma, where only the end plate and wheel wirings are known’ (available from the NSA’s Friedman Collection)

    0 0
  • 10/04/17--05:10: Update
  • 1). In Soviet cipher teleprinters of WWII, I’ve added the following:

    More details about the Forschungsamt solution of the Soviet cipher teleprinter are given by Bruno Kröger in TICOM reports DF-240 and DF-241. Kröger was the FA’s cipher machine expert and during the war he solved not only the Soviet machine but also the Swiss diplomatic Enigma K.

    The Soviet cipher teleprinter was used on 2-channel networks and the FA’s Technical Division was able to build equipment that automatically intercepted and printed this radio traffic. The cipher text was then examined by Kröger’s department and it was discovered that during transmission pauses the Russian letter П was enciphered seven times in succession. Messages interrupted by transmission pauses were examined and their first and last seven characters analyzed in order to uncover the operating principles of the device.

    Through this cryptanalytic procedure it was possible to find out that the machine had 6 wheels that stepped regularly, then their pin arrangement was identified and with the daily key recovered all the day’s traffic could be solved.

    This success however turned out to be short lived since in late 1943 the Soviet cipher machine was modified and no pure ‘key’ was transmitted during transmission pauses. It seems that from then on this traffic was only examined by the Army’s Inspectorate 7/VI.

    From TICOM DF-240 ‘Characteristics, Analysis and security of cryptographic systems’ - Parts III and IV, p37-39

    Both texts indicated the pauses in transmission by - - - - - etc.  The cipher tape has the peculiarity that in passing from the preliminary call-up to the transmission pause, the Russian letter Π, represented in the radio alphabet by + + + + +, occurs seven times.


    Now since it was natural to assume that in this transition to and from cipher texts the same letter Π= + + + + + likewise appeared seven times in each case but vas no longer recognizable due to the encipherment the first and last seven cipher values of all cipher texts interrupted by transmission pauses were subjected to special study. Since the machine, once the daily key had been set up, was used very frequently during the course of the day for sending cipher text with numerous pauses in transmission without any new daily key being set up, rather numerous fragments of a length of seven letters were available at known intervals of greater or lesser lengths.


    From this it could be concluded that the first seven and the last seven letters of each secret text came from enciphering the letter Π= + + + + + seven times and hence these fragments of cipher text represented pure key text. The following study of these fragments of pure key text led to a recognition of the fact that the first impulses show the same repeated picture in the chain of plus and minus impulses at an interval of 37, the second impulses at an interval of 39, the third impulses at an interval of 41, the fourth and fifth at an interval of 43 and 45 respectively (the intervals may have been 35, 37, 39, 41, 43). This showed the length of the five cipher wheels and their cam pattern according to the day’s setting. Each cam crest caused the inversion of the plain impulse into its opposite while a cam trough left a plain impulse unchanged. The wheels regularly moved one step after each cipher letter.

    With this the decipherment of the cipher text had been accomplished. The reconstruction of the cam pattern of the wheels, which was set up new each day, was easily accomplished.

    From TICOM DF-241 ‘The Forschungsamt’- Part I, p25

    18. The Russian radio [2-channel] cipher machine with a channel for plain text and a channel for cipher text could be studied after the Technical Division had constructed a receiving device which at the same time removed the scrambling. The five elements of the radio alphabet [bands] ware enciphered singly through five wheels which move evenly. The wheels could be set up new each day corresponding to the daily key; but the period was constant and invariable. It was possible to solve this completely.

    From TICOM DF-241 ‘The Forschungsamt’- Part IV, p38

    It need only be mentioned here that the 2-channel cipher machine was withdrawn from use a few days after the Forschungsamt succeeded in solving it. When the machine was put into use again some weeks later, the cipher device of the cipher channel had been so altered that solution by the previous method was no longer possible since, when switching the machine from procedure traffic to cipher text and between a pause in transmission and cipher text, the switching became effective at once and the idling period of 7 elements had dropped out. That the same machine was involved was proven only by the receiver device which still broke up the scrambled text into a clear and a cipher text in the same manner as before. Because OKH had great interest in this traffic and its own receivers did not work perfectly, and because further detailed work at this time (Autumn 1943) in the Forschungsamt was not possible, OKH received all new traffic on this machine for processing. 

    2). In Compromise of Soviet codes in WWII, I’ve added information from various reports including TICOM sources and FMS P-038 ‘German radio intelligence’.

    0 0

    In the recently released TICOM report DF-240 ‘Characteristics, Analysis and security of cryptographic systems’ there is a short description of a cryptosystem used by communist agents:

    It is interesting that the names mentioned in the example are Harri Meier, Theodor Felder, Albert Schwarz, Max Hamburger and Karl Gutmann. 

    0 0

    The NSA’s Center for Cryptologic History and the National Cryptologic Museum Foundation are co-sponsoring the 2017 Cryptologic History Symposium:

    19 - 20 October, 2017, Johns Hopkins Applied Physics Laboratory Kossiakoff Center, Laurel, Maryland

    The theme for the 2017 Symposium is "Milestones, Memories, and Momentum." There are many milestones to mark in 2017: the 160th anniversary of the first attempt to span the Atlantic with a telegraph cable, 100 years since both the entry of the United States into World War I and the Russian October Revolution, and 75 years after the World War II battles of Coral Sea and Midway. The Symposium will take place just a few months before the 50th anniversary of the Tet Offensive in Vietnam, and during the 25th year after the fall of the Soviet Union and the end of the Cold War. These milestone events and advances in cryptology, as well as how we remember their significance, provide momentum to create the systems of today and the future.

    0 0
  • 10/09/17--04:03: Cryptiana website
  • I’ve added the website Cryptianain the links. 

    0 0
  • 10/23/17--03:05: Update
  • In Decoding Prime Minister Chamberlain’s messages I’ve added the following:

    A clue regarding the cipher system used is available from the TICOM report DF-241‘The Forschungsamt - Part IV’, p40

    Of the numerous examples which might be adduced, the following may serve as an example: The additive number used by Great Britain, which ran to 40,000 elements and served for the encipherment of the 5-digit code and was replaced at definite intervals of time, offered as a rule adequate assurance of security. But if in periods of greatly increased diplomatic activity with telegraphic traffic many times the usual volume the additive is not replaced correspondingly sooner, especially since increased security is desirable in such periods, then this is a sign of deficient control’.

    Thus it is possible that the German codebreakers were able to solve the British Foreign Office cipher in the 1930’s.

    The official history ‘British Intelligence in the Second World War’ - vol2, p642 says that:


    1. Main Cypher Books

    Despite an extensive attack in 1938 and 1939, the Germans failed to break the long subtractor system used to re-cypher the Foreign Office's basic cypher books. Against similar tables that were in force from November 1940 to January 1941 they had some limited success, but not enough to enable them to reconstruct the book before both the basic book and the tables were again changed. There is no evidence of later success, and according to German testimony after the war the main Foreign Office systems were never broken’.

    However in the notes it also says:

    The discovery after the war in the archives of the German Ministry of Foreign Affairs of  a 90-page volume of British diplomatic signals for the immediately pre-war period led to a  Foreign Office enquiry in 1968. This established that a number of the signals had been dispatched en clair. It also noted that there was reliable evidence that the Italians had obtained temporary possession of the cyphers of the Rome Embassy in 1935, and had photographed them, and that they had had fairly regular access to the cyphers at the Mission to the Holy See during the war, so that they might have read all telegrams to Rome up to the outbreak of war and telegrams to and from the Mission to the Holy See from the outbreak of war to the autumn of 1943. After the war the cryptanalysts of the German Foreign Ministry asserted that they obtained no information about British cyphers from the Italians’.

    The British statements may have been accurate about the work of the decryption department of the German Foreign Ministry but they do not mention the Forschungsamt effort…

    0 0

    At the start of WWII the Kingdom of Greece, ruled by Ioannis Metaxas  (head of the 4th of August Regime) followed a neutral foreign policy and tried to avoid taking part in the conflict. However constant Italian harassment and provocations (such as the sinking of the cruiser Elli) and the transfer of Italian army units to Albania made it clear that war could not be avoided for long.

    In October 1940 Italian forces invaded Greece, in the area of Epirus, and the Greek-Italian war started. The Greek forces were able to contain the assault and the Greek counterattack forced the Italians back into Albanian territory. After the defeat of a major Italian offensive in spring 1941 the front stabilized inside Albania.

    At the time Britain was overextended with obligations in Europe, Middle East and Asia. However the British armed forces made a small contribution with an RAF expeditionary corps. When more British forces started to arrive in March 1941, their involvement gave Germany an excuse to become involved in the conflict.

    German forces invaded Greece in April 1941 and made rapid progress due to the fact that almost the entire Greek Army was fighting in the Epirus area. The remaining units and the small British forces transferred to Greece in March-April 1941 were unable to stop them. 

    Then in May 1941 the Germans were also able to defeat the Greek and British forces that had retreated to the strategic island of Crete.

    What role did signals intelligence and codebreaking play during that short conflict? Let’s have a look at the limited information available:

    The Italian effort

    Italy had two codebreaking departments, one under Army and the other under Navy control.

    The Italian army’s intelligence agency SIM (Servizio Informazioni Militari) had a cryptanalytic department that attacked foreign crypto-systems. This section was headed by General Vittorio Gamba and was located in Rome. Personnel strength was roughly 50 people (half cryptanalysts-half linguists and clerks).

    The naval intelligence agency SIS (Servizio informazioni Speciali della Royal Marina) was divided into 4 branches. Branch B (Beta) was tasked with signals intelligence. It was subdivided into cryptanalysis, interception and direction finding, security and clandestine radio intercepts. The cryptanalytic department was located in Rome and headed by Commander Mario De Monte.

    It is not clear if the Italians had success with Greek Army or Air force codes and ciphers. However in the Archivio dell' Ufficio Storico della Marina Militare there are decoded Greek Navy messages.

    Regarding the Greek Air force communications, it seems that the cipher system used was simple transposition (1). Considering the limited security of this system it is reasonable to assume that it was solved by the Italian codebreakers.

    The Greek effort

    At this time there is almost no information available on the Greek Army’s cryptologic and cryptanalytic effort during WWII. A report from 1938 (2) mentions the Greek Army codebooks: small unit code 1937, large unit code 1937, small unit code 1938, mobilization code 1937, cryptographic lexicon 1935.

    Regarding cryptanalysis it seems that the Greek Army Signal Corps may have been able to exploit Italian communications (3). According to an article on Greek military intelligence this information comes from British liaison signal officers:

    In addition, according to British liaison signals officers, Greek Signals Corps managed to decipher some Italian traffic during the November/December battles in Albania. On 6 December, a British lieutenant-colonel informed his superiors: “Herewith a batch of Italian traffic intercepted by the Greek General Staff. Also, one copy of cipher ‘O.M.’ for internal use of the Italian Army in Albania.” On 8 December, the reply confirmed Greek success: “Many thanks to Greeks for citrario O.M. Tell them I do not remember having seen it but I am very grateful for it and for any further documents of this nature which may be of assistance in reading Italian codes in Albania which I am afraid are not readable.” We could imagine that Greek Signals Corps may have deciphered key traffic during October, prior to the invasion. Unfortunately, at the Army History Service no files of Greek signals operations can be found. Perhaps some material might be held at the Military Archives Service but we must bear in mind that the 1941 German invasion and the 1941-1944 occupation caused the destruction of many files of sensitive army archives. As to Metaxas, he did not make any reference to signals intelligence in his diary’.

    The German effort

    The German Army’s signal intelligence agency solved Greek Army and Air force ciphers. According to the TICOM report I-170 in spring 1941 Greek AF single transposition messages were solved and translated (4):

    My first employment was on the breaking and translating of Greek Air Force messages in Spring 1941. The unit was in BUCHAREST at that time and later it was at BANJA KOSTENIC in Bulgaria. C.O. was Hptm. SCHMIDT, head of the cryptography and translation department from then until Autumn 1944 was Prof. Alfred KNESCHKE, a Professor of Mathematics from Saxony.

    The Greek Air Force messages were a matter of simple boxes, the text being sent in T/L groups. The indicator took the form of 3 letters which were always in a given position, the first three T/L groups and had to be knocked out before entering the cipher text in the clear box. This was broken by writing out the cipher text in vertical strips of varying depth and sliding them against each other until a few Greek syllables appeared above one another. After the initial break it became clear that a large part of the messages began with the words ‘parakalw', 'anaferw’ and ‘apesteilamen’ and that the width of the box was as a rule between 15 and 22 columns. On the basis of the above, initial words, all messages were tried out on the normal number of columns and nearly everything was read. I had less to do with the actual evaluation, firstly because the two departments were kept separate and secondly because we were kept fully occupied with our own job. In any case the content of the messages was usually of insignificant strategic value, although the continuous check on officer personalities, deliveries of stores and knowledge of airfields combined with D/F bearings indirectly contributed to considerable tactical results'.

    Regarding Greek Army ciphers there is some information available from the postwar interrogations of Army cryptanalyst dr Buggisch. According to TICOM report I-58, in early 1941 he investigated a Greek codebook enciphered with a 35 figure repeating additive sequence (5). Progress was made in the solution of the cipher but the campaign ended just as the system was starting to be exploited operationally:

    c. Greek - In early 1941, B. solved a 5-letter code with a 7-cyclic recipherment (period of 35). Just getting to operational speed when the campaign ended.

    German exploitation of Italian communications

    It seems that the codebreakers of the German Army did not only monitor the communications of their enemies but also solved the codes and ciphers of their Italian allies.

    The War Diary of Inspectorate 7/VI shows that Italian codes and ciphers were worked on by Referat 4 (6). According to the reports of Referat 4 for early 1941, 5-figure and 3-figure codes were worked on:

    The 3-figure Army code was successfully solved and read. A 5-figure Air Force code was also worked on and the encipherment solved. A 5-figure enciphered code used by the higher command in Albania was worked on and code groups recovered.

    The reports say that emphasis was put on the analysis of the systems used by the higher echelons of command.

    Some interesting statements regarding Italian radio communications are made in ‘War Secrets in the Ether’ - vol 3, p25 written by Wilhelm Flicke (he was in charge of the OKW/Chi’s Lauf intercept station):

    ‘Mussolini had decided on war in the Balkans. Von Papen's warnings made Hitler averse to any immediate action there, but he was only able to restrain Mussolini to the extent of limiting Italy to war with Greece. In less than two months the Italians, who had the advantage in everything save morale, were badly beaten. The political leaders were terribly surprised and the Chief of General Staff, Marshal Badoglio, and numerous other high officers were relieved of their duties. This did not help matters.

    One of the most decisive factors during those weeks was the manner in which the Italians employed radio. The set-up was the same as that used in maneuvers of previous years. They employed open circular traffic; that is, they used one uniform frequency for a group of stations belonging to the same unit (e.g., the stations of three infantry regiments of a division for traffic with one another and with the divisional station) and each station used only one call sign for all its traffic. The call sign was supposed to change daily but was often used for several days; not infrequently a change in call sign was followed by errors which betrayed the change. Traffic was so heavy that the enemy always had a chance to take bearings and fix locations. Frequently messages were sent in clear. Several units of the Italian Eleventh Army distinguished themselves in this respect. Moreover, the Greeks had obtained at least two Italian army cryptographic systems, how I do not know, but it is certain that in the very first days of the campaign they could decipher a large part of the Italian messages. This enabled them to learn promptly most of the dispositions of the Italian command and to take appropriate action. The superiority thus gained was utilized cleverly and a series of military actions took place which heretofore would never have been deemed possible’.


    (2). German Foreign Ministry’s Political archive - TICOM collection - file Nr. 3.676 - Griechenland 1940 - Korresp. betr. Neue milit. Schlüssel u. Vernichtung alter.

    (3). Journal of Intelligence History: ‘Greek Military Intelligence and the Italian Threat, 1934–1940

    (6). Kriegstagebuch Inspectorate 7/VI - German Foreign Ministry’s Political Archive - TICOM collection – files Nr 2.755-2.757

    Acknowledgments: I have to thank Enrico Cernuschi for sharing the messages from the Archivio dell' Ufficio Storico della Marina Militare.

    0 0

    At Crypto museum I saw that they’ve uploaded some Slidex cards from 1944. I had a quick look to see if I could locate the one solved by the German codebreakers and found in the report E-Bericht FNASt 9 (US National archives - RG 457 - Entry 9032 - box 22 ‘German deciphering reports’).

    I didn’t expect to find anything so imagine my surprise when I saw that the Air Support Signals Unit card No. 1 (from 1944) had the same code values:

    I’ve added this card in The Slidex code.

    0 0
  • 10/30/17--11:32: WWII documentary
  • Interesting newfound footage from WWII. Hitler’s mental and physical deterioration can be clearly seen in this documentary.

    0 0

    After the Allied victory in WWI, the leaders of the US, UK and France imposed harsh peace terms on the defeated Germans. Germany (and the other defeated Central Powers) had to make reparations to the Allied countries.

    The problem was that the payments that the German government was supposed to make were so great that they would bankrupt the country. Due to German unwillingness and inability to service the payments the Allies resorted to military measures such as the occupation in 1923 of the Ruhr industrial area.

    In order to defuse the situation and find a realistic solution to the reparations problem the Dawes Plan was implemented. Allied troops would leave the Ruhr area and the German government would resume payments, after receiving a US loan that would revitalize the German economy.

    In Germany the Allied representative responsible for monitoring the German compliance with the Dawes plan was mr Seymour Parker Gilbert and his official title was Agent General for Reparations by the Allied Reparations Commission.

    It seems that the German government closely monitored Gilbert’s communications and was able to solve some of his encrypted traffic to New York (Federal Reserve bank), Paris and Rome.

    Documents of the German Foreign Ministry’s decryption department Pers Z, captured at the end of WWII, show that his messages were solved by the German codebreakers:

    Source: TICOM report DF-15 ‘Reports of Group A’ (US National archives - RG 457)

    Additional information:Gilbert’s 1927 report.

    0 0

    I have one more essay that I’m going to upload and it covers, in some detail, the compromise of State Department communications in WWII.

    Ideally I would like to get a copy of the Carlson-Goldsberry report from the NSA’s FOIA office but if that doesn’t happen soon I’ll just go ahead and post it anyway. If I need to update it I’ll do so in 2018.

    Let’s hope I get lucky and the file is released soon.

    0 0

    All the major powers of WWII used tanks and especially in North Africa and in Europe they played an important role in the actual combat operations. Some of these tanks like the German Tiger were famous for their combat record, while others like the Soviet T-34 and American M4 Sherman were produced in huge numbers.

    However both during the war and afterwards British tanks were criticized for being inferior. The design and combat performance of British WWII tanks is a subject that has received attention by historians and several authors like Correlli Barnett, David Fletcher and Peter Beale are critical of British tanks.

    The new book ‘British Tank Production and the War Economy, 1934-1945’ by Benjamin Coombs covers the administrative and production history of the British tank program in WWII and its greatest strength is that it tries to explain why certain decisions were made and what effects they had regarding production numbers, tank quality and combat performance.

    The book has the following chapters:


    1. Government and Industry during Disarmament and Rearmament

    2. Government and Industry during Wartime

    3. General Staff Requirements and Industrial Capabilities

    4. The Tank Workforce and Industrial Output

    5. Overcoming Production Problems and Delays

    6. Influence of North America upon the British Tank Industry


    A great review is available at by user ‘VinceReeves’ so I’ll repeat it here:

    ‘This is a long-needed objective view of British tank production during World War II that finally manages to eschew the hysteria and nonsense that generally attends this subject. Coombs chronicles the evolution of tank design, and the shifting priorities of production with authority and objectivity, and demonstrates how much misunderstanding has attended the controversies over real and perceived quality issues and inefficient tank production. 

    Basically, British tank production underwent three stages during the war; an early stage in which tank production was downgraded in favour of more vital air defence work, a second stage in which quality was sacrificed to boost quantity production to rectify numerical deficiencies, and finally a mature third stage in which quality was emphasised, and British tanks became more effective and reliable.

    Coombs makes sense of what appear to be irrational decisions to continue the manufacture of obsolete tanks long after they were required - more often than not this was undertaken to keep production facilities and skilled labour within the tank programme so that they would be available when newer tanks were ready for introduction.’

    If you are interested in military history and you want to learn more about the British tank program then this book is a valuable resource.

    For me the value of the book is that it helps explain German victories in N.Africa in 1941-42. The Germans benefited by fighting against an enemy whose tanks constantly broke down. In the period 1943-45 the British tanks became more reliable because a determined effort was made to thoroughly check and fix flaws and a high priority was assigned to spare parts production.

    0 0

    The war between Nazi German and the Soviet Union was the largest land campaign of WWII and it involved millions of troops and tens of thousands of tanks and warplanes.

    In the East the Luftwaffe played a vital role by establishing air superiority, supporting the ground troops at the front, bombing important targets deep behind enemy lines and keeping the enemy under constant observation with its recon planes.

    The Red Air force suffered great losses in 1941-42 but in the period 1943-45 it was rebuilt and it managed to play an important role in the actual fighting.

    Until recently studies of the air war in the Eastern front were hampered by the lack of adequate sources for both participants. Authors either had to rely on the surviving Luftwaffe records, which meant they would have to use German estimates of Soviet strength and losses instead of the actual data, or they were forced to use the official Soviet post war histories, which downplayed Soviet defeats and exaggerated German strength and losses.

    Hooton’s books are different from other similar works due to their emphasis on statistical analysis of the Luftwaffe operations.

    His new book ‘War over the Steppes: The air campaigns on the Eastern Front 1941–45’ covers the air war in the Eastern front and the main battles between the Luftwaffe and the Red Air force.

    The book has the following chapters:

    1. From friends to foes: Russian and German air power 1924 to 1941.

    2. Invasion and retreat: June 1941 to April 1942.

    3. The tide turns: May 1942 to February 1943.

    4. The Russian advance: March 1943 to April 1944.

    5. Red Star triumphant: May 1944 to May 1945.

    The main strength of the book is the addition of detailed tables on the strength, loss and sortie statistics for both sides. After the fall of the Soviet Union the government archives were opened to researchers and new material on WWII has became widely available. Hooton was able to take this data and incorporate it into his book, thus offering detailed and most of all reliable information for both air forces.  

    I consider this book to be on the same level as ‘Stopped at Stalingrad: The Luftwaffe and Hitler's Defeat in the East, 1942-1943’, meaning it is essential reading for anyone interested in military aviation history. 

    0 0
  • 11/26/17--00:37: Progress of my FOIA cases
  • So far in 2017 my following NSA FOIA cases have been processed:

    1). TICOM report DF-229 ‘Three reports on the work of OKW/Chi’:

    2). Request for any postwar interrogation reports on Georg Schroeder, head of the Forschungsamt’s cryptanalysis department:

    I received a reference to files transferred to NARA in 2016. The NARA research department checked the reference and they could not locate any file on Schroeder.

    3). Special Research History SRH-361 ‘History of the Signal Security Agency Volume Two: The General Cryptanalytic Problems’:

    4). Request for two Japanese TICOM reports – ‘Report on Saburo Nomura’ and ‘Interrogation of mr Hayashi’:

    I copied the first one from NARA. The second has also been sent to NARA but the reference points to 36 boxes that have not been indexed, so the file could not be located by my researcher. 

    5). TICOM report I-170 ‘Report on French and Greek Systems by Oberwachtmeister Dr. Otto Karl Winkler of OKH/FNAST 4’:

    6). TICOM report I-40:

    I requested this file in 2015 and now it has been placed in the review queue.

    7). Request for TICOM report DF-196 ‘Report on Russian decryption in the former German Army’ and TICOM document 2765 ‘Die Entwicklung des russ. Geheimschriftenwesens’:

    DF-196 has been placed in the review queue. TICOM document 2765 cannot be located. 

    However pages 31-37 of that report are available as TICOM DF-94 ‘The development of Russian cryptographic systems’.

    8). Reports ‘E-Bericht der NAAst 5’ for second half 1944:

    9). Report ‘Polish cipher systems - January 1945’ (S-007.253):

    The NSA FOIA office gave me a reference which the NARA research department checked without success.

    10). TICOM reports I-26, I-31, I-84, I-116, I-118, I-120, I-137, I-160, I-176, I-181:

    11). TICOM report DF-240 ‘Characteristics, analysis and security of cryptographic systems’ and DF-241 ‘The Forschungsamt’:

    12). Carlson-Goldsberry report:

    It is still in the review queue.

    Overall it’s been a very good year so far as I’ve received a lot of material. Let’s hope the rest of the reports are released soon.

    0 0

    In the course of WWII both the Allies and the Axis powers were able to gain information of great value from reading their enemies secret communications. In Britain the codebreakers of Bletchley Park solved several enemy systems with the most important ones being the German Enigma and Tunny cipher machines and the Italian C-38m. Codebreaking played a role in the Battle of the Atlantic, the North Africa Campaign and the Normandy invasion. 

    In the United States the Army and Navy codebreakers solved many Japanese cryptosystems and used this advantage in battle. The great victory at Midway would probably not have been possible if the Americans had not solved the Japanese Navy’s JN25 code.

    On the other side of the hill the codebreakers of Germany, JapanItaly and Finland also solved many important enemy cryptosystems both military and diplomatic. The German codebreakers could eavesdrop on the radio-telephone conversations of Franklin Roosevelt and Winston Churchill, they could decode the messages of the British and US Navies during their convoy operations in the Atlantic and together with the Japanese and Finns they could solve State Department messages (both low and high level)  from embassies around the world.

    Britain, the Soviet Union and the United States did not have impenetrable codes. In the course of WWII all three suffered setbacks from their compromised communications. One of the worst failures of US crypto security was the extensive compromise of State Department communications in the period 1940-44.

    The Cryptographic Section of the Division of Communications and Records

    Since its creation in 1789, the Department of State has been responsible for promoting U.S. interests in the world and implementing US foreign policy.

    During WWII communications between the State Department and the US embassies and consulates around the world were encrypted using various systems. Up to late 1944 the unit responsible for the production and distribution of codes and ciphers was the Cryptographic Section of the Division of Communications and Records, headed by David A. Salmon(1).

    This unit prepared codebooks and cipher keys but did not have the means to properly evaluate the security of the various cryptosystems or ensure that they were used properly.

    State Department codes and ciphers 1939-1944

    The cryptosystems used by the Department up to late 1944 were letter codebooks (both enciphered and unenciphered), the M-138-A strip cipher and the cipher machines SIGABA (Converter M-134-A) and HCM (Hebern 5-rotor type) (2).

    Gray and Brown codes

    The codebooks Gray and Brown were used for messages classified ‘Restricted’.

    Gray was a 5-letter one-part codebook of 68.000 values, introduced in 1918. Brown was a 5-letter two-part codebook with 124.000 values, introduced in 1938. Most of the time these codebooks were used without additional encipherment.

    When the Gray and Brown codes were used with enciphering tables they were called ‘Special Gray’ and ‘Special Brown’.

    Codebooks A1, B1, C1, D1

    The codebooks A1, B1, C1, D1 were used for messages classified ‘Confidential’. These were 5-letter two-part codebooks, introduced in 1919, 1922, 1927 and 1934 respectively.

    A1 and B-1 had 114.000 values, while C-1 and D-1 had 60.000.

    The codebooks were always used with enciphering tables, since they transmitted highly confidential information. 

    M-138-A strip cipher

    In the 1930’s the US military introduced the M-138-A cipher as a new high level system. The M-138-A was based on the same cryptographic principles as the older M-94 cylinder/disk cipher but it was much easier to produce and use since it was made up of paper alphabet strips instead of the metal disks used on the M-94. The M-138-A was used extensively by the US Army and Navy in the late 1930’s and in WWII.

    Example of the M-138-A board and alphabet strips (3):

    In the late 1930’s the State Department also adopted the M-138-A as a high level system. The cipher was used for messages classified ‘Secret’.

    Each embassy had 50 ‘special’ alphabet strips and 50 ‘circulars’. The ‘specials’ were used for direct communications between that embassy and Washington. The ‘circulars’ were used for communications between embassies and for messages sent from Washington to more than one embassy.

    The way the system worked was that each day 30 alphabet strips were chosen out of the available 50 (both for the ‘circulars’ and the ‘specials’). The strips used and the order that they were inserted in the metal frame were specified by the ‘daily key’. 

    Cipher machines

    In the period 1939-1944 the State Department relied almost entirely on hand ciphers.

    Cipher machines were only used by the US embassy in London and later on by the embassies in Latin American countries (Mexico City, Panama, Bogota, Lima, Santiago, Buenos Aires, Montevideo, Rio) and in Moscow (4).

    The embassy in London had the early version of the SIGABAcipher machine, the Converter M-134-A model.

    The embassies in Latin America and in Moscow had the 5-rotor Hebern cipher machine, loaned to the State Department by the US Navy.

    Axis exploitation of State Department codes and ciphers

    Germany, Italy, Japan and Finland were able to read classified State Department messages during the war both through cryptanalysis and by physical compromise. Unfortunately many aspects of the Axis effort are vague; however the available information points to a serious compromise of most of the State Department cryptosystems.

    Italian effort in 1941

    In 1941 members of a special unit called the Extraction Section (Sezione Prelevamento) were able to enter the US embassy in Rome and they copied the Military Intelligence Code No11used by military attaches. By having the MI Code No 11 they could read the communications of US military attaches from important embassies such as Cairo, Egypt and Moscow, Soviet Union.

    It is reasonable to assume that they also copied diplomatic codebooks, however details are lacking. According to postwar reports the Italian codebreakers had a copy of the Brown codebook (5).

    Japanese effort in 1940-1941

    Since the 1920’s the codebreaking departments of the Japanese Army, Navy and Foreign Ministry intercepted and solved US diplomatic traffic. 

    In 1939 or 1940 agents of the military police Kenpeitai gained access to the US consulate in Kobe and they copied cipher material (including alphabet strips for the M-138-A system) (6).

    The Japanese were able to get copies of the codebooks A1, Gray, Brown and the M-138-A strips 9-1, 10-1, 18-1, 0-1 (together with their daily key table and numerical key) (7).

    This material gave them access to the communications of the US ambassador Joseph Grew and especially important were the messages concerning US policy regarding Japan (8). Messages from other US embassies were also read by using the 0-1 circular strips (9).

    German effort in 1940-1942

    Foreign diplomatic codes and ciphers were worked on by three different German agencies, the German High Command’s deciphering department - OKW/Chi, the Foreign Ministry’s deciphering department Pers Z and the Air Ministry’s Research Department - Reichsluftfahrtministerium Forschungsamt.

    The German codebreaking agencies successfully solved the diplomatic cryptosystems of many countries. In the late 1930’s and early part of WWII their emphasis was on the systems used by France, Poland, Britain and the minor European nations.

    US diplomatic traffic was monitored and solved but it was not a main target due to limited role of the United States in international affairs. From 1941 more resources were put on the solution of US codes since the US government followed a more interventionist policy.

    At the High Command’s deciphering department - OKW/Chi, US diplomatic systems were worked on by a subsection of main Department V. This unit was headed by Senior Councilor (Oberregierungsrat) Nikolai Rohen. Other important members of the US section were dr Franz Weisser and Councilor Schulz (10).

    The unit read the Military Intelligence Code, the War Department Confidential Code, the War Department Telegraph Code and the diplomatic systems Gray, Brown, A1, C1 and M-138-A (11).

    Work on difficult cipher procedures (like the M-138-A) was also carried out at the mathematical research department (department IV of OKW/Chi). The person in charge of strip cipher research was the mathematician Wolfgang Franz.

    In the summer of 1941 a Japanese mission headed by Colonel Tahei Hayashi, former head of the Japanese Army’s cryptologic agency, visited Germany and exchanged US and British codes with systems solved by the Germans (12). The Germans got a copy of the Brown and A1 codebooks and also the M-138-A strips (9-1, 10-1, 18-1, 0-1 with their daily key table and numerical keys) and the instructions for use of the M-138-A system. This material allowed the Germans to immediately start exploiting strip cipher traffic and of course to read fully all Brown messages upon interception.

    At the Foreign Ministry’s deciphering department Pers Z US codes and ciphers were worked on by the ‘American and Scandinavian language group’, headed by Technical Assistant Karl Zastrow.

    Additional research on complex ciphers was carried out at the ‘Mathematical Cryptanalytic Subsection’, headed by dr Werner Kunze. Their M-138-A expert was Professor Hans Rohrbach.

    According to German reports the main systems used were the Gray and Brown codes, followed by the strip cipher and the enciphered codebooks. Gray had been copied in the past and the Brown code was worked on successfully so that by 1941 about 80% of the messages could be read. The enciphered codebooks A1 and C1 were also worked on with success and code values recovered through cryptanalysis. The M-138-A traffic was investigated in early 1940 but it was judged to be too difficult to deal with by Pers Z (13).

    Pers Z reports for 1940 and 1941 show that most of the US traffic was sent on the Gray and Brown codes, followed by the strip cipher (14):

    Note that B3=Gray, B8=Brown, SV (Streifenverfahren)=M-138-A, B6a=A1, B7=C1.
    Pers Z also received the Japanese material given to OKW/Chi:

    In the period 1941-42 the Germans were in a favorable position versus US systems since they had copies of the widely used Gray and Brown codes and work on the enciphered system A1 was made much easier since they no longer had to recover the book’s code values.

    Regarding the strip cipher it is clear that they could read current traffic, as the circular strips 0-1 were valid till August 1942. Moreover by having examples of the strips, daily tables, numerical keys as well as the instructions they could bypass the difficult initial phase of a cryptanalytic attack. Work on the M-138-A cipher was split between OKW/Chi and Pers Z, as OKW/Chi attacked the ‘special’ traffic while Pers Z worked on the ‘circular’ strips (15). 

    Details of their success with the strip systems in 1941-42 are hazy.

    The circular strips 0-1 were replaced in August 1942 with the 0-2 set. The new set was solved by Pers Z but it is not clear of this was achieved in late 1942/early 1943 or late 1943 (16).

    At OKW/Chi the mathematician Wolfgang Franz developed theoretical methods of solution which however did not have to be used as simpler attacks were possible (reuse of alphabet strips, reencodements between strip systems, reencodements between codebooks and strip systems, stereotypical beginnings etc). It seems that by early 1943 he was able to solve the ‘special’ strips used by the US embassy in Bern, Switzerland (17). 

    Finnish effort in 1942

    Finland’s codebreaking agency was established in 1927 and its main effort was directed against the communications of the Soviet Union. However foreign diplomatic systems were also worked on, as far as limited resources could allow.

    In WWII the department dealing with diplomatic traffic was based in Mikkeli. Head of the diplomatic department was Mary Grashorn. Other important people were Pentti Aalto (effective head of the US section) and the experts on the M-138 strip cipher Karl Erik Henriksson and Kalevi Loimaranta. The diplomatic section had 38 cryptanalysts in 1944, with the majority working on US codes (18).

    In early 1942 the Finns received from the Germans the Japanese material and especially the M-138-A strips and keys (19). During the second half of the year they were able to use this material in order to break into the traffic of several US embassies by taking advantage of mistakes in the use of the strip cipher by the State Department.

    When examining the cipher messages of various US embassies the Finnish codebreakers discovered that the same alphabet strips were reused. When one embassy stopped using them they were not discarded but instead they were sent to another embassy to be used there. Also the same daily tables and numerical keys were used by all embassies for their ‘special’ strip traffic. The Finns also used reencodements of the same message on the 0-1 circular strips in order to break into ‘special’ traffic. Sometimes the same message would be enciphered on the 0-1 circular strips and sent again on an embassy’s ‘special’ strips. Since the Finns had the 0-1 strips and could read the message this was a clear case of cleartext-ciphertext compromise (20).

    German effort in 1943       

    In 1943 the State Department continued to use the codebooks Gray, Brown, A1 and C1 that could be exploited by the Axis powers.

    Gray and Brown could be read fully. The substitution tables used with the codes A1 and C1 were solved by the Germans, with dr Erich Huettenhein(chief cryptanalyst of OKW/Chi) stating that ‘it took about two months to build up tables, so that we could only read the traffic currently during the last month of the period’ (21).  Prior to July 1942 the codebooks were enciphered using digraphic substitution tables. After July ’42 monographic tables were used. These were composed of 10 pages with 20 alphabets per page. The D1 codebook seems to have been withdrawn from use (22).

    The M-138-A system was also exploited to a considerable degree by the Germans. Unfortunately there are few details on the strips that they solved or the traffic that they could read. However the available information from various sources points towards considerable success both with the ‘special’ strips and the ‘circulars’.

    Dr Huettenhein stated that ‘most of the American strip cipher was read’ and dr Franz claimed that his unit solved 28 strip sets plus 6 numerical keys (23). Considering the improvement of State Department cryptosecurity that took place in late 1943 and throughout 1944 it seems that these statements referred to their successes in the year 1943.

    In early 1943 the Germans were certainly reading the ‘special’ strips of the Bern embassy and it is reasonable to assume that during the year they also had access to the messages of the other US embassies in European and Middle Eastern countries. At the time the M-138-A cipher mostly used either a straight board system (meaning 30 cipher letters chosen from one column) or the split board system (meaning 15 cipher letters chosen from one column and the other 15 chosen from a different column) (24). Both these procedures were insecure and could be solved by the German codebreakers. 

    Their success with the strip cipher led them to design and build special cryptanalytic equipment that could speed up the solution.

    At OKW/Chi they built a device called ‘Tower Clock’ (Turmuhr). The device was used when ‘cribbing’ was not possible and worked according to the following principle (25):

    The machine found message parts with the same generatrices by the following method - having established a depth by finding repeats, the letter frequencies for each column were weighted. The correct generatix for additional message parts was then found by totaling these weights. The machine gave the result as a needle graph. It ticked after each set of calculations; hence the name Turmuhr. OKH also used the machine. It could not be used after the system was modified by the withdrawal of strips.

    At Pers Z a special device was built for rapid decoding of messages, after the alphabet strips had been recovered. It was called the ‘Automaton’ and it allowed a small number of workers to decode a large volume of past traffic. A description is available from TICOM report I-89 (26):

    The decipherment of a double line consists of two operations:  (1) arranging the strips so that the cipher text letters are made to lie in a row, (2) selecting the line containing the true reading out of 25 parallel lines. The adjustment of the strips that move up and down, so that the true reading can be read horizontally, is accomplished by the machine quite automatically. The cipher text may be touched by hand on the keyboard of a typewriter, or be taken by means of a sounding device from the Hollerith cards that had already been punched. Finding the true reading is simplified by the fact that the letters on the strips are printed in two different weights, the most frequent letters in the English language (about 80% of true reading) are printed in a heavy tone, the others in a light tone. A line consisting of 15 letters chosen arbitrarily would contain 6 bold ones on an average, while the true reading line of 15 letters with 12 bold ones on an average stands out distinctly; moreover this line is indicated by a bright spot of light on the edge of the set of strips. The 30 strips necessary for the decipherment of a double line, are arranged side by side in two groups of 15 each for the line; if the left-hand group is in the first movement, the right-hand one is in the second movement and vice versa. During the time when the clerk copies the true reading from the indicated line on the typewriter, the machine prepares automatically the adjustment of strips for the next line and performs it at the touch of a key. In this way the decipherment of a double line, requires barely half a minute on an average. By means of this machine the total material could be deciphered within a month.’

    It seems that the ‘Automaton’ was built by early 1943, as it was displayed to the Army cryptanalyst dr Luzius in March 1943 (27):

    In March the circular strips 0-2 were replaced by the new edition 0-3. From then on a new set would be used for each month (0-4 for April, 0-8 for August etc). The exception to this rule was the embassy in Bern, which did not have access to the new strips so they continued to use the 0-2 set (28).

    It seems that this change hindered the operations of the German codebreakers as in July ’43 there was a meeting between Kunze (Pers Z), Weisser (OKW/Chi) and Voegele (Luftwaffe Chi Stelle) in order to discuss cooperation between their departments on the strip cipher (29).

    Voegele was chief cryptanalyst of the Chi Stelle and in late 1942 and early 1943 he had solved a USAAF ferry traffic strip system which used 30 strips selected from 100. The system was solved in 1942 but in 1943 channel elimination was introduced (meaning 5 channels in the M-138-A panel were left empty). Voegele was also able to solve this procedure by using IBM/Hollerith equipment (30). Although the report says that there was disagreement between Voegele and Kunze in other reports Voegele stated that he demonstrated his cryptanalytic attack to representatives of OKW/Chi and Pers Z and they adopted his method of solution (31).

    Axis collaboration in 1943

    During 1943 there was exchange of information on State Department codes and ciphers between the German, Finnish and Japanese signal intelligence agencies.

    The Finns had managed to solve several special strips in 1942 and in early 1943 they gave copies to the Japanese military attaché so that he could transmit this information back to Tokyo (32).  These messages were in turn decoded by the Allied codebreakers and they clearly revealed the compromised M-138-A strips 10-3, 10-1, 18-1, 4-1, 7-1.

    More messages were exchanged regarding US codes and telegram No 101 of March 1943 contained the 33-1 strips while No 102 had solved messages on the 0-1 and 0-2 strips. The exchange of information was not entirely one-sided since the Japanese shared the strips used in 1942 by the US embassy in Vichy France (33).

    Relations between the Finnish and German codebreakers were closer, with visits of personnel to each country and regular exchange of solved material. As has been mentioned earlier the Finnish success with US diplomatic systems was possible thanks to the material they received from the Germans in 1942.

    In January 1943 Karl Erik Henriksson visited OKW/Chi and was shown reconstructed M-138-A alphabet strips (34). In November ’43 it was dr Franz’s turn to visit the Finns (35).

    State Department security measures in 1943

    In 1943 the Americans learned from decoded Japanese telegrams and from German sources (Fritz Kolbe and Hans Bernd Gisevius) that their high level diplomatic communications were being read by the Axis powers. Although they officially downplayed the compromise (36) it is clear that their cipher procedures were upgraded in terms of security. Regarding the strip cipher several changes were made in the use of the system (37):

    1). From March 1943 a new set of circular strips was used for each month (0-4 for April, 0-8 for August etc, the strips used in 1944 were numbered 0-13 to 0-24).

    2). The embassy in Bern, Switzerland received 6 new cipher systems in June 1943. In July they started using the strips 60-3 for intercommunication between Bern, London, Lisbon, Algiers and Washington.

    3). A set of strips titled 00-1 (and key table C) was introduced in late 1943 for enciphering the confidential traffic of other US government agencies such as the Office of Strategic Services, Office of War Information and Military Intelligence Service,  Foreign Economic Administration, War Shipping Administration, Office of Lend-Lease Administration and the War Refugee Board. Previously messages of other US organizations were simply sent using State Department codes and ciphers, with the result that they could be easily read by the Axis powers.

    4). A security survey of State Department codes, ciphers and security procedures was undertaken in November and December 1943. The survey evaluated the State Department cryptosystems and found many problems both in their theoretical security and also mistakes in their use by State Department cipher clerks. Regarding the strip cipher it was noted that the same strips were used by 2-4 stations but an effort was underway to introduce new ones, used by only 2 holders at the same time and to expand the use of channel elimination (38):

    The old systems did not use channel elimination and the same set of strips was sometimes held by 2 to 4 stations, however new systems using channel elimination and limited to 2 holders are being distributed as fast as possible

    Axis effort in 1944

    In 1944 the Axis codebreakers continued to read fully the Gray and Brown codebooks till late 1944 when Gray was withdrawn from service and Brown was to be used for condensation purposes only (39).

    Regarding the enciphered codebooks A1 and C1 it seems that the Germans solved the C1 cipher tables valid till 31 December 1943 and these continued to be used by the Bern embassy in 1944. It is unclear if the A1 code was read in 1944 (40). 

    An activity report of OKW/Chi, covering the first half of 1944, says that ‘Government codes and ciphers of 33 European and extra-European States and agents lines were worked on and deciphered. 17.792 VN were produced including 6.000 agents messages. From point of view of numbers the list was headed by Government reports of the USA, Poland and Turkey’ and ‘A number of complicated recipherings, principally American (USA) and Polish, have been broken. (41)’

    As has been mentioned previously in 1944 the M-138-A cipher was used in a more secure manner by the State Department, with frequent changes of alphabet strips and use of channel elimination.

    According to German accounts they could not solve strips using channel elimination (42) but they continued to read some US strip cipher traffic since alphabet strips that had been solved in previous years continued to be used in 1944 (43).

    It seems that the embassies in Bern, Switzerland, Stockholm, Sweden and Madrid, Spain continued to use old strips for some of their traffic (44).

    Apart from these messages the Germans and the Finns also solved back traffic from 1942 and 1943 (45).

    It seems that their success with the M-138-A cipher ended in September 1944. Dr Huettenhein (chief cryptanalyst of OKW/Chi) said in his unpublished manuscript ‘Einzeldarstellungen aus dem Gebiet der Kryptologie’ that the strip cipher was read from 1942 till September 1944 (46).

    Professor Rohrbach received the War Service Cross 2nd Class in September ’44 for his work on the strip cipher (47).

    The Finns also revealed their success to the Americans in September. On 29 September 1944 colonel Hallamaa(head of the Finnish signal intelligence agency) met with L. Randolph Higgs of the US embassy in Stockholm and told him about their successes with US diplomatic systems (48).

    Even though the German success probably ended in September ’44 that does not mean that they did not continue to research this system. In January 1945 a lecture was held at OKW/Chi on the US strip cipher procedure. According to a summary found in the War Diary of Inspectorate 7/VI:

    On 26 January [1945] the chief of department 1 and the chiefs of sections 1a and 2a participated in a talk at OKW/WNV/Chi IV on the American strip system. (Increase in the importance of this procedure in diplomatic traffic, where it has replaced other methods. Concerning the processing no fundamentally new ideas proposed compared to the methods known here. Processing recently complicated by improved cipher techniques, in particular by a not yet clarified method of strip selection that varies from message to message.)’ (49).

    Axis collaboration in 1944

    In 1944 both the Finns and the Germans sent strip cipher material to Japan (50).

    In summer 44 the Japanese transmitted to the Finns information on messages from the US embassy in Chungking, China (wartime capital of Nationalist China). These were telegrams of the years 1942 and 1943. It seems that these messages were transported by courier to Finland, solved by the Finns and then sent back to Japan.

    In July ’44 the Germans sent to the Japanese copies of the M-138-A ‘special’ strips 38-1, 22-1 and the ‘circular’ set 0-5.

    In late ’44 the ‘circular’ strips 0-2, 0-3, 0-4 and tables for the A-1 and C-1 codes were transmitted by the Japanese attaché in Budapest.

    According to the Finns they received the circular strips 0-2, 0-3, 0-4, 0-5 from OKW/Chi, so this material originated from Germany (51).

    Introduction of cipher machines and creation of the Division of Cryptography

    In 1944 the State Department took measures to secure its communications and in the second half of the year the M-325 - SIGFOY cipher machine was introduced into service. 

    The M-325 was a 3-rotor Enigma type device, designed by William F. Friedman and according to the available reports 1.000 devices were built for State Department use. Delivery of the machines began in July ’44 and by March ’45 the M-325 was in use at all foreign posts (52).

    By 1945 the State Department was also given access to the Army’s SIGTOT (one time tape) cipher teleprinter network in London, Paris and Moscow (53). During 1945 the introduction of more secure systems continued and by early 1946 all posts were supplied with a version of the Combined Cipher Machine (non reciprocal 5-rotor cipher machine) and one time pads for use with the codebooks (54).

    These efforts to secure State Department communications were the result of several security studies, undertaken in the period 1941-44. Investigations were carried out in June 1941November and December 1943 and June 1944 (55). The findings of these committees showed that the codes and ciphers in use had many vulnerabilities and the cipher clerks made mistakes that compromised their security.

    There were also serious problems with the handling of classified material, unclear classification procedures, insecure safes in embassies and locks in courier pouches etc

    The most important recommendations of the surveys concerned the introduction of a sufficient number of secure cipher machines and the creation of a dedicated cryptology department.

    As we have seen cipher machines and one time pads were widely distributed in the period 1944-45. The other major accomplishment in the field of communications security was the establishment of a separate Division of Cryptography, tasked with creating and evaluating State Department codes and ciphers.

    In May 1944 two experienced cryptologists joined the State Department. These were Commander Lee W. Parke, US Navy and Major James G. Moak, US Army. Both were assigned to the office of Assistant Secretary Gardiner Howland Shawbecause Shaw had overall responsibility for the State Department’s cipher unit (56). 

    In June ’44 Commander Parke was designated Assistant Security Officer in the Office of the Assistant Secretary and Security Officer.  David Salmon, former Assistant Security Officer, was designated Consultant on Cryptography in the Office of the Assistant Secretary Shaw.

    Finally in September 1944 the new Division of Cryptography was established. The operations section of the Division was responsible for developing the State Department’s cryptographic plan, providing suitable cryptosystems, distributing and keeping account of the crypto material. The security section of the Division was responsible for reviewing radio communications and detecting security violations as well as rendering technical assistance on the preparation of crypto systems and instructions for their implementation.

    Initially the unit functioned as part of Assistant Secretary Shaw’s office but in November ’44 a new Departmental designation was issued and Commander Parke became chief of the Division. Major Moak was made assistant chief for Operations and mr Salmon an adviser. In December 1944 a Departmental reorganization order placed the Division under the office of Departmental Administration.

    Downplaying the compromise of US diplomatic cryptosystems

    During the war the State Department received information on the compromise of its radio communications from several sources.

    In early 1943 the German officials Fritz Kolbe and Hans Bernd Giseviustold US representatives about the compromise of their codes and during the year Japanese messages containing US crypto material were decrypted by the Allies.  

    In late 1944 more Japanese messages were decrypted and they revealed that the Germans had given to the Japanese the M-138-A strips 38-1, 22-1, 0-2, 0-3, 0-4, 0-5 as well as A1 and C1 substitution tables (57).

    Also in late 1944 members of the Finnish signal intelligence service met with US officials in Sweden and gave them a detailed account of their solution of State Department codes and ciphers (58). 

    Just from the decoded Japanese messages the US officials knew that the circular strips 0-1, 0-2, 0-3, 0-4, 0-5 and the specials 10-3, 10-1, 18-1, 4-1, 7-1, 33-1, Vichy, 38-1, 22-1 had been solved by the Axis powers and these were just the strips mentioned in the Japanese traffic and not necessarily the only strips solved by the Axis.

    Yet the postwar ‘European Axis Signal Intelligence in World War II’ volumes only mention strips 0-1 and 0-2, not the rest of them. Nor do they mention the specific systems solved by the Finnish codebreakers even though they had a detailed report on the subject.

    Volume 1 ‘Synopsis’, p6 says:

    The U. S. Army Converter M-134A lSIGMYC) and the U. S. Navy Cipher Machine (HCM), furnished by the Navy to the State Department, were not read by the Germans. The State Department Strip systems 0-1 and 0-2 were solved, the former probably through a compromise and the latter through cryptanalysis. Several State Department codes including the Brown code (unenciphered) and Code A-1 (enciphered) were compromised and read, probably from 1938 and 1939, respectively.


    The value of the intelligence which the Germans got from State Department codes and strip ciphers is not accurately known. The strip systems were probably read too late to be of any great value.

    There is also no mention of specific embassies such as Moscow and Bern, whose messages were known to have been read by the Germans through the material found in the OKW/Chi archives and the OSS reports (59).

    Failures of cryptosecurity

    The fact that the Axis codebreakers could exploit the main US diplomatic codes and ciphers for such a long period of time was a consequence of the theoretical and practical insecurity of these systems (60).

    1). Gray Code: The Gray codebook had been used since 1918 and it was considered to have been physically compromised. The fact that it continued to be used during WWII was a serious mistake by the Americans.

    2). Brown Code: The Brown codebook was a new system and it was used extensively in the period 1939-44. The fact that it had been introduced in 1938 led the State Department cipher clerks to overestimate its security and thus use it to transmit sensitive information. 

    This can be seen in numerous WWII telegrams that contain important reports even though they are only classified ‘Restricted’ (61). The State Department security survey of 1943 pointed out that:

    As regards the low-grade basic systems, the BROWN and GRAY codes are two-part codes; BROWN has been in effect since 1938 and GRAY since 1918. There is positive evidence to indicate that both of these codes have been compromised and that the Axis powers have been deriving useful intelligence from the reading of messages in these codes. The committee considers that these codes are not adequate for use in war-time even for restricted traffic’.

    However it was not until late 1944 that the Brown code was downgraded to unclassified traffic.

    3). Enciphered codebooks: The codebooks A1, B1, C1, D1 were insecure since they were used for a long time and it was reasonable to assume that a foreign power would have been able to acquire copies. Moreover their enciphering tables could be solved if a lot of traffic was sent on these systems. 

    The security survey of 1943 said that:

    The committee feels that in view of their long usage the basic codes (A, B, and C) must be considered compromised and that the cryptographic system for superenciphering messages in these codes does not yield adequate security for a voluminous number of confidential messages’.

    The 1944 survey suggested the introduction of new codebooks and the use of one time pads for encipherment. The introduction of one time pads took place in 1945-46.

    4). M-138-A cipher:

    The M-138-A system was introduced in the late 1930’s and the Department used it for its most important messages. The strip system was a powerful encryption method but it had serious vulnerabilities that could be exploited by enemy cryptanalysts. The main problem was that it was vulnerable to a plaintext-ciphertext compromise. 

    In the strip system a letter could not be enciphered as itself so it was possible to place ‘cribs’ with a high certainty of success. Thus messages whose content could be guessed or was known from other sources (reencodements or press releases) could be easily solved and the alphabet strips recovered (62).

    The State Department’s cipher unit also used the M-138-A system in an insecure manner (63). The biggest mistakes were the use of only 40 different keys (daily arrangements for the strips) for an entire year, the use of the same 'special' alphabet strips by several embassies and the coupling of the ‘special’ strips with only one key list.

    5). Cipher machines: Clearly the main failure of the State Department was the delay in the introduction of a cipher machine till late 1944-early 1945. The US Armed Forces had managed to introduce the SIGABA (Converter M-134-C model) in 1941 and that device gave them the ability to send radio messages quickly and securely to all posts.

    In 1941 the State Department was advised to acquire cipher machines but apart from the small number of Converters M-134-A and HCM’s no large scale effort was undertaken till the introduction of the SIGFOY in 1944 (64).

    To add insult to injury the new cipher machine was not a successful design and it was quickly replaced by the Combined Cipher Machine in 1945-46 (65).

    Limitations of codebooks and of the M-138-A

    Apart from their limited security the main problem with hand systems (such as the codebooks and the strip ciphers) was that it took cipher clerks too long to process the cipher messages. Considering the wartime growth of the Department and the major increase in radio messages from its embassies it is clear that hand systems greatly hindered the rapid transmission of information.

    The delay in sending and receiving cipher messages must have been the main reason for the continued use (and misuse) of the Brown codebook.

    Notable cases of compromise

    US-Japanese negotiations in 1940-41

    Relations between the United States and Japan were tense since the late 1930’s due to Japan’s expansionist and militaristic foreign policy. In 1941 the US government responded to Japanese militarism with an embargo of oil exports and this measure threatened to cripple Japan’s war machine. The Japanese leadership was split between those who wanted a war with the US and UK and those who favored a compromise so that they could attack the Soviet Union instead. In the period 1940-1941 negotiations were held between the Japanese and US governments.

    Thanks to the material copied in 1940 from the US consulate in Kobe the Japanese leadership had access to ambassador Joseph Grew’s messages (66).

    For example:

    Messages of the US embassy in Chungking, China from 1942-1943

    During the Second Sino-Japanese War the city of Chungking became the provisional capital of Nationalist China. Apart from housing the Chinese government it was also the base of Joseph Stilwell, deputy commander for the Allied South East Asia Command.

    Messages of the Chungking embassy from 1942 and 1943 were read by the Finns and the Japanese in 1944 (67).

    Messages of the US embassy in Moscow, Soviet Union

    German and Finnish accounts mention the solution of messages from the US embassy in Moscow and these statements can be confirmed from the surviving archives of OKW/Chi and of the Finnish codebreaking organization (68). The compromise of traffic between the United States and a major wartime ally must be rated as a significant failure for the Allied side.

    Messages of the US consulate in Algiers, Algeria

    According to German accounts they could read the messages of the US consul in Algiers Robert Daniel Murphy (69). In 1942-43 Murphy was the personal representative of President Roosevelt in North Africa and he was engaged in difficult negotiations with the various French political groups (De Gaulle, Giraud, Vichy).

    It seems that his use of stereotypical beginnings was exploited by the German codebreakers (his messages began with ‘From Murphy’ and those addressed to him ‘For Murphy’).

    Messages of the US embassy in Bern, Switzerland

    The Bern embassy was one of the most important foreign posts of the State Department, since Switzerland had close economic relations with Germany, was the home of international organizations like the Red Cross and the Bank of International Settlements and due to its geographical position it offered a base from which the US representatives could acquire economic, political and military intelligence about current European events.

    The US ambassador Leland B. Harrisonsent detailed reports back to Washington and many were read by the Axis codebreakers (70).

    Messages of other US government organizations

    1). Messages of the OSS Bern Station were read by the Germans (71). During the war Bern was a hotspot of agent activity both Allied and Axis. The goal of the Office of Strategic Services was to recruit informants and gather intelligence on European affairs. Especially important was the need to recruit German agents to report on that country’s internal condition and policies. The Bern station also had contact with members of the German resistance.

    2). General Barnwell R. Legge was the US military attache to Switzerland and during the war he worked to promote US interests and he also cooperated in intelligence gathering activities with Allen Dulles, head of the local station of the Office of Strategic Services. Legge developed his own intelligence networks and he sent reports dealing with military developments and Axis war potential to the Military Intelligence Service in Washington. Some of these reports were read by the Germans and the Finns (72).

    3). Apart from the Office of Strategic Services and the Military Intelligence Service the Office of War Informationalso engaged in intelligence operations from the US embassy in Bern. The local station was headed by Gerald M Mayer, who cooperated closely with the Office of Strategic Services station of Allen Dulles. Messages of the OWI Bern station were read by the Germans and the Finns (73).

    4). The War Refugee Board was established by President Franklin D. Roosevelt in January 1944 with the goal of providing aid to civilian victims of the Axis powers. In 1944-45 representatives of the WRB in Europe collected information about the persecution of the Jewish population in the occupied territories and they tried to save as many people as possible by engaging in negotiations with German officials. Some of their communications were read by OKW/Chi (74).


    In WWII the Axis and the Allies fought not only in the fields of battle, using troops, tanks, planes and ships but also in the field of signals intelligence and codebreaking. 

    The United States military forces were well equipped with secure cipher machines (SIGABA, SIGTOT, Converter M-228) so that they could quickly and securely transmit messages to their units. These cipher machines were designed according to sound principles and high level US military communications were secure during the war (75).

    However US diplomatic communications were protected by insecure systems and the limited security of these systems was further compromised by the mistakes made in their use by the State Department’s cipher unit and by the department’s cipher clerks.

    From the available information it is clear that in the period 1940-1944 the codebreakers of Japan, Germany and Finland could exploit low, mid and high level codes and ciphers of the State Department.

    The compromise of State Department communications was one of the biggest failures of US cryptosecurity during WWII however this case has not received the attention it deserves because there is limited information available. The fact that several countries and organizations were involved in the solution of the US diplomatic systems also means that the relevant information is fragmented.

    Even though the full story is not known (and will probably never be known) the remaining files of the Axis codebreaking organizations show that they had regular access to messages containing sensitive information regarding US foreign policy and goals. The solution of State Department systems also gave them access to the communications of other US government agencies (since they occasionally used the State Department’s cryptosystems and radio facilities) such as the Office of Strategic Services, Military Intelligence Service, Office of War Information, Foreign Economic Administration, War Shipping Administration, Office of Lend-Lease Administration and the War Refugee Board.

    This was a significant defeat for the Allied side in the field of communications security.


    (1). NARA - collection RG 59 - War History Branch Studies - CY ‘Division of Cryptography’.

    (2). Report: ‘Communications systems in use by the Department of State’, NARA - collection RG 457- Entry 9032- box 1384 - 'JCS Ad hoc committee report on cryptographic security of government communications

    (4). US report: ‘Statement of Cryptographic Systems now in use by Department of State’, according to the report ‘State Department requesting the issue of four M-134-A cipher machines’ the consulate in Istanbul, Turkey also received 2 HCM machines in 1944.

    (5). Information on the Italian cryptanalytic effort is available from Italian codebreakers of WWII and US military attaché codes of WWII. Note that in report CSDIC/CMF/Y 4 ‘First detailed interrogation of Bigi, Augusto’, p5 it is stated that the Italians had copies of the Brown code.

    (16). Dr Schultz, a member of the Mathematical Cryptanalytic Subsection of Pers Z said in TICOM report I-22 ‘Interrogation of German Cryptographers of Pers Z S Department of the Auswaertiges Amt’, p16 that the solution of the 0-2 strip was a major achievement of the unit since it was solved by hand, (without using special statistical/cryptanalytic equipment). Professor Hans Rohrbach, said in TICOM I-89 ‘Report by Prof Dr. H Rohrbach of Pers Z S on American strip cipher’ that the strips were recovered in late 1943 by using the IBM/Hollerith statistical equipment. However in the first page of the report he also mentioned that there may be mistakes in the dates because he was working from memory.

    (17). TICOM report DF-176 ‘Answers written by professor doctor Wolfgang Franz to questions of ASA Europe’, ‘Hitler's Spies: German Military Intelligence In World War II’, p192-3 and 'Finland's Codebreaking in World War II' (chapter 20 of ‘In the Name of Intelligence: Essays in Honor of Walter Pforzheimer’)

    (19). 'Finland's Codebreaking in World War II' (chapter 20 of ‘In the Name of Intelligence: Essays in Honor of Walter Pforzheimer’)

    (20). Interviews of former Finnish codebreakers by David Kahn - National Cryptologic Museum Library, State Department’s strip cipher – reuse of alphabet strips and key lists

    (21). TICOM report I-2 ‘Interrogation of Dr. Huettenhain and Dr. Fricke at Flensburg, 21 May 1945’, p3, NARA - RG 457 - Entry 9032 - box 1.018 - ‘JAT write up - selections from JMA traffic', NARA - RG 457 - Entry 9032 - Box 214 - ‘M-138-A numerical keys/daily key table/alphabet strips’ and UK national archives - HW 40/132 'Decrypts relating to enemy exploitation of US State Department cyphers, with related correspondence' (A telegram from the Japanese military attaché in Hungary (dated June 1st 1944) said that the Germans would share the A-1 and C-1 enciphering tables used till 31 December 1943).

    (22). 'JCS Ad hoc committee report on cryptographic security of government communications' - The report of November 1943 only mentions the codebooks A1, B1, C1. Note that telegram statistics from June 1941, found in the NSA’s Friedman collection file ‘Distribution of telegrams according to codes, June 3 to 7, 1941’ (A67352), show that the D1 code was barely used by the State Department.

    (23). TICOM report I-2 ‘Interrogation of Dr. Huettenhain and Dr. Fricke at Flensburg, 21 May 1945’, p2 and TICOM report DF-176 ‘Answers written by professor doctor Wolfgang Franz to questions of ASA Europe’, p9

    (24). 'JCS Ad hoc committee report on cryptographic security of government communications' – report of November 1943.

    (26). TICOM I-89 ‘Report by Prof Dr. H Rohrbach of Pers Z S on American strip cipher’, p13-14

    (27). War Diary of Inspectorate 7/VI - Report of Referat 1 for March 1943

    (28). NARA - RG 59 - Purport Lists for the Department of State Decimal File 1910-1944 - microfilms 444 and 611 - 119.25/Strip Cipher

    (29). TICOM D-60 ‘Miscellaneous Papers from a file of RR Dr. Huettenhain of OKW/Chi’, p5-6

    (30). TICOM IF-175 Seabourne Report, Vol. XIII. ‘Cryptanalysis within the Luftwaffe SIS’, p15

    (31). TICOM IF-175 Seabourne Report, Vol. XIII. ‘Cryptanalysis within the Luftwaffe SIS’, p27 and TICOM I-119 ‘Further Interrogation of R.R. Voegele and Major Feichtner on GAF Sigint’, p3

    (32). UK national archives - HW 40/132 'Decrypts relating to enemy exploitation of US State Department cyphers, with related correspondence' and NARA - RG 457 - Entry 9032 - box 1.018 - ‘JAT write up - selections from JMA traffic'

    (33). NSA Friedman collection - telegram Tokyo-Helsinki No 719 and UK national archives - HW 40/132 'Decrypts relating to enemy exploitation of US State Department cyphers, with related correspondence'

    (34). 'Finland's Codebreaking in World War II' (chapter 20 of ‘In the Name of Intelligence: Essays in Honor of Walter Pforzheimer’)

    (35). TICOM report DF-176 ‘Answers written by professor doctor Wolfgang Franz to questions of ASA Europe’, p10

    (36). UK national archives - HW 40/132 'Decrypts relating to enemy exploitation of US State Department cyphers, with related correspondence'. Friedman’sresponse to the Japanese telegrams containing solved M-138-A information was: ‘Friedman states facts do not correspond with USA use of strip nor does indication of keys apply’.

    (37). NARA - RG 59 - Purport Lists for the Department of State Decimal File 1910-1944 - microfilms 444 and 611 - 119.25/Strip Cipher and NARA - collection RG 457- Entry 9032- box 1384 - 'JCS Ad hoc committee report on cryptographic security of government communications'.

    (38). US report from November 1943(NSA’s Friedman collection)

    (39). ‘History of the Bureau of Diplomatic Security of the United States Department of State’, p60 and NARA - collection RG 59 - War History Branch Studies - CY ‘Division of Cryptography’, p5

    (40). TICOM I-201 ‘Interrogation of Franz Weisser , Dr Phil Studienassessor of Anglo-American section of OKW/Chi’, p2-3, NARA - RG 457 - Entry 9032 - box 1.018 - ‘JAT write up - selections from JMA traffic', NARA - RG 457 - Entry 9032 - Box 214 - ‘M-138-A numerical keys/daily key table/alphabet strips’ and UK national archives - HW 40/132 'Decrypts relating to enemy exploitation of US State Department cyphers, with related correspondence'– (A telegram from the Japanese military attaché in Hungary (dated June 1st 1944) said that the Germans would share the C-1 enciphering tables used till 31 December 1943 (still used in 1944 in the Bern traffic) and the A1 tables valid from January to April ‘will probably have been readable in May’).

    (44). NARA - RG 226 - Entry 210 - box 348 - Director’s Office records relating to developments in Sweden, ca. May 1944 – January 1945 and NARA - RG 59 - Purport Lists for the Department of State Decimal File 1910-1944 - microfilms 444 and 611 - 119.25/Strip Cipher (the 0-2 strips were used for communications between Madrid and Bern till summer 1944)

    (45). In the surviving archives of OKW/Chi and of the Finnish department there are US messages from 1942-43 decoded in 1944 -  NARA - RG 457 ‘Records of the National Security Agency’ - Entry 9032 - boxes 205-213 ‘German decrypts of US diplomatic messages 1944’ and Finnish national archives - folders T-21810/4 and T-21810/5.

    (47). European Axis Signal Intelligence in World War II: Volume 6: The Foreign Office Cryptanalytic Section, p15

    (48). NSA study: ‘History of Venona’, p51 (Ft. George G. Meade: Center for Cryptologic History, 1995)

    (49). War Diary of Inspectorate 7/VI - Report of January 1945 (translation by Frode Weierud).

    (50). UK national archives - HW 40/132 'Decrypts relating to enemy exploitation of US State Department cyphers, with related correspondence'

    (51). NARA - RG 457 - Entry 9032 - box 1018 - ‘JAT write up - selections from JMA traffic' and 'Finland's Codebreaking in World War II' (chapter 20 of ‘In the Name of Intelligence: Essays in Honor of Walter Pforzheimer’)

    (53). US Army Center of Military History: ‘Signal Corps: The outcome’, p586

    (55). NARA - collection RG 457- Entry 9032- box 1384 - 'JCS Ad hoc committee report on cryptographic security of government communications'

    (56). NARA - collection RG 59 - War History Branch Studies - CY ‘Division of Cryptography’

    (57). NARA - RG 457 - Entry 9032 - box 1018 - ‘JAT write up - selections from JMA traffic', p16

    (58). NSA study: ‘History of Venona’, p51-53 (Ft. George G. Meade: Center for Cryptologic History, 1995) and NARA - RG 226 - Entry 210 - box 348 - Director’s Office records relating to developments in Sweden, ca. May 1944 - January 1945

    (60). NARA - collection RG 457- Entry 9032- box 1384 - 'JCS Ad hoc committee report on cryptographic security of government communications'

    (61). There are decoded US messages in  NARA - RG 457 ‘Records of the National Security Agency’ - Entry 9032 - boxes 205-213 ‘German decrypts of US diplomatic messages 1944’ and Finnish national archives - folders T-21810/4 and T-21810/5. Some of them contain valuable information such as economic and intelligence reports and the original US telegrams have the classification ‘Restricted’ so the Brown code must have been used.

    (62). NSA oral history: 1974 interview of Frank B. Rowlett, p236-237

    (64). NARA - collection RG 59 - War History Branch Studies - CY ‘Division of Cryptography’, p3 and NARA - collection RG 457- Entry 9032- box 1384 - 'JCS Ad hoc committee report on cryptographic security of government communications' [It is interesting to note that the Hebern cipher machine was used in Latin American countries and not in the important European embassies (with the exception of Moscow)]

    (65). SRH-364 ‘History of the Signal Security Agency Volume One 1939 – 1945’, p113 and SRH-010 ‘History of Converter M-325’ (National Cryptologic Museum Library)

    (67). UK national archives - HW 40/132 'Decrypts relating to enemy exploitation of US State Department cyphers, with related correspondence'

    (68). NARA - RG 457 ‘Records of the National Security Agency’ - Entry 9032 - boxes 205-213 ‘German decrypts of US diplomatic messages 1944’ and Finnish national archives - folders T-21810/4 and T-21810/5. Note that the 38-1 strips were used by the Moscow embassy (NARA - RG 59 - Purport Lists for the Department of State Decimal File 1910-1944 - microfilms 444 and 611 - 119.25/Strip Cipher)

    (69). ‘Decrypted Secrets: Methods and Maxims of Cryptology’, p69 (Fräulein Asta Friedrichs, who took part in this activity, said after the war, as she was detained in Marburg and saw him drive by one day: “Ich wollte ihn anhalten und ihm die Hand schütteln,—so viel hatte er für uns getan.” [I wanted to stop him and shake his hand—he’d done so much for us.]), according to NARA - RG 59 - Purport Lists for the Department of State Decimal File 1910-1944 - microfilms 444 and 611 - 119.25/Strip Cipher the Algiers consulate used the alphabet strips 33-1 and 22-1 that were  solved by the Germans and the Finns.

    (70). NARA - RG 457 ‘Records of the National Security Agency’ - Entry 9032 - boxes 205-213 ‘German decrypts of US diplomatic messages 1944’ and Finnish national archives - folders T-21810/4 and T-21810/5, various TICOM reports, UK national archives file KV 2/95, NARA - RG 226 ‘Records of the Office of Strategic Services’ - Entry 123.

    (74). ‘Hitler, the Allies, and the Jews’ by Shlomo Aronson.

    (75). It should be noted however that a few messages of a US cipher teleprinter system were read by the Germans in late 1944: Compromise of US cipher teleprinter in 1944

    0 0

    My opinion on this matter is given in the following comparisons:

    Also note the following statement by Christopher Lawrence in ‘War by Numbers: Understanding Conventional Combat‘, p48:

    We conclude from the Kursk comparison that the Germans had a clear advantage in combat capability that showed itself in both offensive and defensive casualty effectiveness and mission accomplishment. The difference appears to be a factor of 3. This difference appears in the middle of 1943, after the Soviet Army had two years of wartime experience, was using experienced units, and had time to rest, train, and rebuild before the German offensive. Yet there was still a very clear performance difference between these armies’.

    and in page 50:

    One cannot help but note that the relative combat performance of the Israelis and the Arabs in 1956-73 was similar in disparity to that between the Germans and the Soviets in 1943’.

    Understandably the truth hurts…

older | 1 | .... | 20 | 21 | (Page 22) | 23 | 24 | 25 | newer