by DAVID KAHN
The Navy, even while saying that each ship’s cryptosystem was unique and that the Pueblo loss would not disclose the Navy’s communications secrets, changed some elements of some of its cryptosystems as a general precaution. Exactly what material fell into North Korea’s hands was never revealed, but some intelligence equipment, technical manuals, and results probably had. Presumably this gave Communist powers information on how to counter American techniques and made it harder for the United States to gain intelligence.
The crew was imprisoned for almost a year. In December, after the United States signed a confession of spying inside North Korean waters that it branded false, the 82 surviving crewmembers were released.
By then, a third episode had further highlighted the vulnerability of spy ships. In February 1968, the engines of the U.S.S. Joseph P Mailer failed as she was on station off Cuba. She began drifting toward the hostile island. Navy vessels sought to tow her to safety, but line after line snapped. Finally, shortly before she crossed into Cuba’s territorial waters, one held and she was pulled away. This incident was the last straw. The United States took its spy ships out of service. The loss, however, was not total, for satellites had, in part, replaced them.
Shortly after the Pueblo incident, in the early 1970s, the world was electrified by public disclosure of the greatest codebreaking operation of the Second World War: Ultra.
The origins of what has been called the longest sustained intelligence success in history had deep roots. Though the success took place in World War II, it originated during World War I. In August 1914, a German cruiser, the Magdeburg, grounded in shallows at the mouth of the Gulf of Finland. Fearing capture by the enemy Russians, its captain burned or jettisoned three of its four copies of the main German naval codebook, the Signalbuch der Kaiserlichen Marine. But in the turmoil he forgot the one in his cabin, and it fell into the hands of the Russians. Perhaps after making a copy for themselves, they gave the original to their allies, the British. This large, fat, blue-bound tome enabled the chief naval power to read German naval messages and to parry Germany’s repeated attempts to sortie into and control the North Sea. In part because of this intelligence, the island nation, which needed to dominate the seas if she were not to lose the war, ruled the waves during the Great War.
In 1923, when the Allied victory was history, Winston Churchill, who, as the political head of the Royal Navy, had received the original codebook, revealed the story of the Magdeburg capture in his inimitable dramatic style. The Germans suddenly saw why their naval moves had been frustrated. They needed, they felt, a cryptosystem that would not have the fatal flaw of a codebook: that the capture of any one copy compromises the entire edition. The Kriegsmarine had, in fact, declined one in 1918 that fulfilled this condition. A machine based on revolving wired codewheels, or rotors, called the Enigma, it had so many keys that even an enemy in possession of a copy would not be able to run through them in time to be of use. Its inventor, engineer Dr. Arthur Scherbius, calculated that if 1,000 cryptanalysts, each with a captured Enigma, tested four keys a minute all day every day, it would take the team 1.8 billion years to try them all. And other methods of solution, such as superimposition, would be excluded by proper encipherment. After the government declined to buy his machine, Scherbius offered it on the commercial market. It thus became known to foreign cryptologic agencies.
Now the German Navy saw that the Enigma fulfilled its needs. It was, moreover, the best practical cipher system then available in the world. After changing some elements of the commercial machine, the Kriegsmarine ordered a quantity of three-rotor Enigmas. From about February 1926, the Enigma served as the German Navy’s main cipher system. It proved good enough for the Army to adopt it on July 15, 1928. Thus the Enigma became the main high-level cryptosystem of both German armed services (they retained hand systems for lower-level communications) and, later, of other agencies such as the railroads (though never the Foreign Office).
Germany was, in the 1920s, enraged at the post-World War I re-creation of Poland. Lands that had been Germany’s since the partitions of the 1790s now constituted the western provinces of Poland, and Germany wanted them back. She thundered out ceaseless propaganda about this and pressed incessantly for a “rectification” of borders. Poland, concerned, sought as much information about her belligerent neighbor as possible.
Now it had happened that in 1920, when Russia’s new Communist government had invaded westward in the hope of turning all Europe Red, Poland had created a cryptanalytic section in its Army General Staff. As hoped, the unit gained information that helped Poland block the Russians before Warsaw. Once the Russian threat had receded, the unit, the Biuro Szyfrów, or Cipher Bureau, added Germany as a target. It seems to have solved the German Army double transposition hand cipher, but when in 1928 messages with quite different letter frequencies appeared, it failed. Through analysis or spies, it learned that the new system was the Enigma machine. And here the head of the Biuro Szyfrów proved himself more farsighted than any country’s cryptanalytic chief in the 1920s. Franciszek Pokorny recognized that the increased volume of communications, foreshadowed by World War I, was mechanizing cryptology, that these cipher machines operated not on linguistic entities, such as words, as did the codes that were then popular, but on individual letters that would, for example, separate the t from an h in the, and that consequently, what was needed to solve them were not classical scholars and philologists but mathematicians. They might reconstruct a cryptosystem without ever reading a word of plaintext, not unlike the way William Friedman worked when he devised the index of coincidence. Pokorny recruited young mathematicians through classes in cryptology attended by about 20 at the university in Poznán. Most of the students soon dropped out, but three young men proved outstanding: Marian Rejewski, Henryk Zygalski, and Jerzy Rózycki. After they had completed their studies—or, in the case of Rejewski, the oldest, after he had completed a postgraduate year at Göttingen—they accepted jobs at the Biuro Szyfrów in Warsaw. When they had passed their apprenticeship by solving a German naval code, they were turned loose on Enigma.
At about this time, a 44-year-old employee of the German Army cipher bureau named Hans-Thilo Schmidt, who was discontented with his life and wanted money, offered the French the operational manuals for Enigma. The French bought them, but because the manuals did not provide the keying information needed, the cryptanalysts got nowhere. The French then passed copies of the manuals to the Poles, with whom they had signed a treaty of mutual military assistance—primarily directed against Germany—in 1921. The brochures told the young mathematicians a useful fact about the enciphering procedure of the German Army Enigma: For each message, the enciphering clerk chose, at his whim, the three rotors’ starting positions, which were indicated by letters. To help correct any garbles, he repeated the three letters: PDQPDQ. He enciphered them under the common, army-wide key for that day. The six enciphered letters, say, MKFXRC, called the indicator, were transmitted at the head of each message to the recipient. He used that day’s army-wide key to decipher the indicator, determine the three original letters, and set up his Enigma to read the incoming messages.
But the repetition of the three letters, which was a plus in reliability, proved a minus in security. The three Polish cryptanalysts saw that, as a consequence of the repetition, which made the first and fourth, second and fifth, and third and sixth letters of the preencipherment indicator the same, all the indicators in a single day’s message that had, say, M as its first letter had, say, X as its fourth. The same thing held true for the second and fifth and the third and sixth letters. Now, another enciphering clerk might have chosen PLM as his key setting instead of PDQ. The encipherment of that indicator might be MRAXTT. It might happen that on a single day two indicators were MRAXTT and XYULKO. Rejewski, the best of the three, strung together MX and XL into MXL, the first links in a chain. Other indicators provided other links. Eventually, the chain would close upon itself, but if Rejewski had about 60 indicato
rs, he sometimes could link all 26 letters, though never in one chain but always in several. When he assigned numbers to the letters, these chains, or cycles, enabled Rejewski to set up six long equations that, if solved, would disclose the wiring of the rightmost, or fast, rotor. But they had too many unknowns for him to solve.
Meanwhile, the French continued to receive information from Schmidt. At one rendezvous, he gave them the Enigma keys for August and September 1932. This converted some of the unknowns in Rejewski’s equations to knowns. After struggling with these, he had a flash of inspiration. Perhaps the wiring from the keyboard to the rotor input plate did not run from Q (the first letter on the keyboard) to A (the first contact on the plate) but from Q to Q and likewise for the other letters. He adjusted his equations. “The very first trial yielded a positive result,” he wrote. “From my pencil, as if by magic, began to issue numbers designating the wiring in rotor N [the rightmost].”
The 27-year-old cryptanalyst had uncovered part of the secret heart of the Enigma. Similar work enabled him to reconstruct the wiring in the other two rotors and in the reflecting rotor. Around Christmas 1932, he handed in his first solutions. It was a remarkable feat of cryptanalysis—one of the finest in the history of the art—but Rejewski recognized what was often to become a necessity in the cryptanalysis of modern systems: that it succeeded only with help from stolen or otherwise compromised material. “… the intelligence material furnished to us should be regarded as having been decisive in the solution of the machine,” he wrote.
Great as Rejewski’s achievement was, it marked not the end of his work but only the end of its beginning. For while Poland now had, in effect, a copy of the Wehrmacht’s Enigma, its cryptanalysts stood only at the point that was the main reason for Germany’s adoption of the machine: even if an enemy had an Enigma, he would not be able to read messages in it because so many keys existed that he would not be able to find the right one in any useful time. The Poles were thus faced with the problem of discovering the daily keys.
They exploited the repetition of the indicators, devised a technique for determining the rotor locations by matching pairs of letters, and ascertained the rotors’ starting position sometimes by guessing that the messages began with AnX (German for to plus X as a word divider), sometimes simply by trying all 17,576 possible starting positions by hand. When they had enough of the right kind of messages, the three young Poles could reconstruct the daily keys and read all the messages enciphered that day on that network. Their work would frequently take a full day. But this was much less than the eons the Germans thought would be needed. It was one of the great achievements of cryptology.
But the Poles could not rest on their laurels. As Germany rearmed, the volume of messages rose. Signal officers stepped up the pace of their key changes. Rotor locations, originally changed every three months, began to be changed monthly and then daily. The Poles fought back with mechanical devices they called “bombes”—the roots of protocomputers. But when, late in 1938, the Germans added two rotors to the three available for insertion into the machine, the work required outstripped the Poles’ resources. By then, Germany’s threats against Poland had become all but deafening. After Hitler, who had said at Munich that he wanted no more territory after the Sudetenland, seized all of Czechoslovakia, Britain and France promised that, if Hitler attacked Poland, they would come to her aid. With this guarantee, Poland decided to offer her allies her Enigma results in return for the material help that would enable her to continue her solving. At a conference near Warsaw beginning Monday, July 24, 1939, the Poles revealed their reconstructed Enigmas, their electromechanical codebreaking aids—their “bombes”—and other technical information needed to read the system to the astonished Allied cryptanalysts.
The French and the British were at first incredulous, then overjoyed. They sent the items home under diplomatic seal and began work there.
Five weeks later, Germany flung her panzers and her stukas against Poland. Their might overwhelmed any information the codebreakers supplied—and incidentally provided a fundamental lesson in intelligence: no matter how good intelligence may be, it is all but useless without sufficient force. The same thing, yielding the same lesson, occurred in France in 1940.
Britain now stood alone. But she had an advantage that the other countries did not. The British codebreaking establishment, the so-called Government Code and Cypher School, or G.C. & C.S., had recruited, as war threatened, a number of linguists and mathematicians. Among the latter was an authentic genius. Alan Turing had become a fellow of King’s College, Cambridge, at the almost unprecedented age of 22 when the dons recognized his ability. Tallish, powerfully built, with deep-set blue eyes, he wore unpressed clothes, sidled through doors, stammered, fell into long silences. He had, four years earlier, proved a fundamental theorem in mathematics: that it was not possible to ascertain whether certain problems could be solved. To prove it, he envisioned a mechanism that could move to the left or to the right an infinitely long tape marked into squares, and could read and change or read and leave unchanged the blank or the mark—the 0 or the 1—in each square. He demonstrated that this machine could compute anything that could be calculated. Then he showed that even this machine could not tell whether the unknown problems could be solved. This machine, later called the “universal Turing machine,” has come to be recognized as the idealization of general-purpose computers and Turing, therefore, as the intellectual father of the computer.
This genius turned his mind to the problem of solving Enigma messages. He took the Poles’ bombe and advanced it by a quantum leap. He conceived a device that would take a cryptogram’s presumed plaintext—as the Poles had done with AnX, only longer—and run it through all possible rotor combinations until it found one that would yield the known ciphertext from the presumed plaintext. This combination would constitute that day’s key on that cipher net and would allow the British to read all that net’s messages for that day. The presumed plaintexts, or cribs, would come from radiomen’s chatter, service messages, solutions of messages sent in hand systems, plaintext intercepts, captured documents, prisoner interrogations, guesses basedonevents.
The system offered far greater cryptanalytic potential than the Poles’ system. G.C. & C.S. had a machine to implement it built by the British Tabulating Machine Company. It was about four feet wide, as tall as a man, and with six stacks of two horizontal rectangles, each holding three wired code wheels, the analogues of the rotors, on its front. This, the first British bombe, was installed March 18, 1940, in one of the long, peak-roofed, wooden huts that had been built as a non-London headquarters for the cryptanalysts on an estate, Bletchley Park, or B.P., in the railroad junction town of Bletchley, 50 miles northwest of the capital. It began work at once seeking to determine Enigma keys.
The British concentrated at first on Luftwaffe messages. The Luftwaffe signalmen were not as well trained as the more veteran signalmen of the German Army and Navy; they were less disciplined in their cryptographic work, engaging in such forbidden practices as using a girlfriend’s name for a key setting or beginning a second message with the same setting as that left at the ending of the first. This sloppiness, together with a greater knowledge of probable plaintexts, enabled B.P. to begin reading the Luftwaffe’s general key, which B.P. called RED, with regularity on May 22, 1940. RED provided the British with some insights into the Luftwaffe’s plans during the Battle of Britain, though most of the information that helped Britain win that crucial victory came from radar and plain language intercepts. The British continued to read red to the end of the war. It provided valuable information about land operations as well, primarily through the intercepts of reports from and instructions to the Flivos, or Fliegerverbindungsoffiziere, the air liaison officers who knew what the ground forces to which they were attached were doing.
Prerequisite to the ground victories, however, was victory in the war at sea. And enormously helpful—one cannot say essential—to that victory was the win
ning of the code battle. This was more difficult than the land or air solutions because the Kriegsmarine employed an entirely different Enigma keying system. It lacked the weakness of the repeated key indicators or the use of girlfriends’ names, for example, because it utilized a book of random indicators, which were themselves enciphered. This all but precluded a purely cryptanalytic attack on the Navy system. It became evident that only obtaining the indicator lists and their enciphering tables, through seizure or betrayal, would lead to solution.
One intelligence officer who saw this was a man with an inventive turn of mind: Ian Fleming, the future author of the James Bond books. But his idea for seizing the documents—by crashing a captured German bomber in the North Sea and then boarding the boat that came to rescue the “airmen”—failed when suitable circumstances did not materialize. The thought of seizure took root in the mind of another young B.R worker, a longish-haired, corduroy-trousered Cambridge undergraduate: F. Harry Hinsley. Hinsley knew, from his studies of intercepted German naval traffic, that the Kriegsmarine had stationed converted fishing vessels northeast of Iceland to collect and report the meteorological data that the high command needed to forecast the weather for its bombing raids and its blitzkriegs. He knew, too, that these ships enciphered their messages in Enigma and that they patrolled alone. Hinsley proposed that a task force be sent to seize their key lists, thereby enabling B.P. to read Enigma messages during the month or two that the key lists remained valid.
The Admiralty accepted the proposal. A flotilla of a cruiser and four destroyers were dispatched to the German Navy’s grid square AE39, some 54 miles on a side, about 300 miles northeast of Iceland. At a little past 5:00 p.m. on May 7, 1941, the task force surprised the München. Her crew threw her Enigma overboard, but the British boarders got the Enigma keys for June. These found their way to B.P.—as did complementary documents taken from the U-110, a German submarine that a British destroyer had boarded after an action in the North Atlantic. The cryptanalytic results were dramatic. Toward the end of May, when B.P. was attacking Enigma messages analytically, it was taking from 38 hours to 11 days to read them—when they could be read at all. When the June keys came into effect, the first message intercepted in them, picked up at 12:18 a.m. June 1, was forwarded from the intercept post to B.P, deciphered and translated there, and teleprinted to the Admiralty in just 4 hours 40 minutes. And for the rest of the month, intercept-to-teleprint time averaged six hours.
