The Bletchley Park Codebreakers

by Michael Smith

  Either our ciphers have been compromised or it is a case of leakage. A British submarine does not appear by chance in such a remote part of the ocean. The Naval Staff is requested to take the necessary measures to safeguard the cipher system.

  In the ensuing inquiry, Rear-Admiral Erhard Maertens, the head of the MND, advised that ‘The more important ciphers do not seem to have been compromised.’

  As the war progressed, the evasive routeing of Allied convoys, attacks on U-boat rendezvous and evidence from B-Dienst decrypts, led the Kriegsmarine, especially its U-boat arm, to become increasingly alarmed about cipher security. The B-Dienst was solving many of the ‘U-boat estimates’ promulgated by the British and Americans. Although these were based on Ultra in 1943, they invariably referred to the intelligence being derived from direction-finding (DF), to disguise its true origin. In late March 1943, for example, BdU recorded that:

  according to an American estimate of the U-boat situation on 24 March it is presumed on the basis of inaccurate D/F that 10 to 15 U-boats are thought to be patrolling in the area 56 to 61 degs. N and 28 to 36 degs. W…. The Seeteufel Group with 14 boats was in a patrol line from AD 7986 to AK 3955 up to 2100 on 23 March.

  However, as BdU observed, DF could not account for the estimate, since the Seeteufel group had not yet sent any signals. Even so, BdU managed to convince himself that the American estimate could have been deduced from a detailed analysis of all the available intelligence, and that it was not the result of the Allies reading the U-boat signals.

  BdU’s suspicions were again aroused by a series of attacks on U-boats at or near no fewer than ten refuelling rendezvous in mid-Atlantic between 3 and 11 August 1943. These were followed by a highly disturbing report from the Abwehr in Switzerland:

  A special office [in England] has dealt exclusively with solving German codes. It has succeeded for some months in reading all orders sent by the Kriegsmarine to U-boat commanders, which has very considerably helped the hunt against the U-boats.

  The Abwehr had received the information from a member of the Swiss intelligence service. The original source was said to be a Swiss–American in an important position in the US Navy Department. BdU’s alarm can be imagined, but the experts reaffirmed their earlier advice that the ‘continuous current reading of our W/T traffic by the enemy is out of the question’, since ‘At present no possible way of solving [the plugboard combinations] within a reasonable time is known, even with the maximum amount of labour.’

  At the end of February 1944, the MND carried out a further inquiry into how the Allies had found out about three rendezvous, between U-129, U-516 and U-544 on 16 January, the tanker Charlotte Schliemann and U-532 on 11 February, and U-518 and the Japanese submarine I-29 on 13 February. However, the committee conducting the inquiry does not seem to have approached its task with an open mind, since it explained its purpose as being ‘to explain for what reasons reading of our signals … could not have taken place’ (my emphasis). It completely discounted the possibility that messages had been read with the help of punched card systems, since, for some unexplained reason, it thought the systems ‘would have to be applied anew to each signal’. A later investigator, Lt. Hans-Joachim Frowein, did not make the same mistake. The committee concluded that if ‘the enemy really was for a limited time in a position to read our traffic currently it is incomprehensible that during this period he should not have interfered with all U-boat operations’. The fact that doing so would have endangered the Allied source seems not to have occurred to them. Since reading the traffic was ‘shown to be out of the question’, only the usual culprits – ‘treachery or discovery by enemy aerial reconnaissance’ – could explain the incidents. As it was, the report had scarcely been completed before U-It 22, an ex-Italian freight-carrying U-boat, was sunk on 11 March at a rendezvous some hundreds of miles south of Capetown, and a refuelling tender, Brake, was attacked and destroyed by a British destroyer on 12 March, the day after a rendezvous in the Indian Ocean. This immediately led to yet another inquiry, and later to a major report on Kriegsmarine cipher security generally.

  The Kriegsmarine’s investigators continually emphasized the security afforded by the Stichwort procedure in protecting key-lists which might have been compromised by capture, since it was obvious that the Allies would use a captured key-list and then try to find message settings by trial and error. The Kriegsmarine even believed that the Stichwort procedure protected captured key-lists from attacks using ‘extensive mechanization’. But the investigators were completely mistaken about the Stichwort’s effectiveness, and can scarcely have given it even a cursory analysis. Under the procedure, five numbers were derived from the letters in a secret key-word (Kennwort), for example ‘baden’ furnished 2, 1, 4, 5, 14. The first number was added to each of the rotors which would otherwise have been used (with 2, rotors III, I, VII became V, III, I), the next three to the Ringstellung, and the last number to each Stecker letter. An attacking cryptanalyst therefore only had to try a maximum of eight new rotor orders (instead of 336) and a mere twenty-six sets of Stecker (instead of 150 million million), which could be done even by hand methods, and would have taken only a few minutes with punched cards. It is amazing that the Kriegsmarine placed so much emphasis on such a weak procedure, demonstrating as it does that the people carrying out the inquiries had no cryptographic expertise. Even more surprisingly, it would seem that they did not ask any real experts to examine the procedure carefully.

  In finding that Enigma was secure, Stummel and others relied heavily on B-Dienst decrypts, which they described as a ‘first-class and important source of information’. So they were, until they virtually dried up when Naval Cypher No. 5 replaced Naval Cypher No. 3, which the B-Dienst had substantially penetrated, as the combined British–American naval code on 10 June 1943. The decrypts also required rigorous analysis, which Stummel was seemingly ill-equipped to carry out. Largely because the decrypts did not even indirectly refer to Allied solutions of Enigma, he reported that they gave ‘infallible confirmation’ that the Allies had not solved Enigma, and that:

  no trace or even any hint has been afforded by our cryptographic work [i.e. by the B-Dienst] of any results of the decyphering of our own main procedures … the success of these [Kriegsmarine Enigma] cyphers has been further assured and confirmed by all existing proofs.

  Some German signals to the U-boats gave clear indications that they were based on decrypts, by referring to the contents of Allied signals without paraphrasing them. Stummel seems to have expected the Allies to have adopted that highly insecure German procedure, even though B-Dienst reports emphasized that they were to be ‘disseminated only in cases of emergency and then in paraphrase and without reference to source’. However, a careful reading of some of the Allied signals referring to DF might well have revealed to the Kriegsmarine that some were mere cover for Sigint. Some signals which purport to be based on DF were sent twenty-four hours or more after the alleged DF ‘fix’, and do not cite the frequency of the signals said to have been fixed. Information based on true HF-DF fixes was sent out much more quickly and specified the frequencies involved, to enable the shipborne HF-DF operators to tune to them, if necessary.

  As Tranow observed, however, all but one of the MND’s investigations were fundamentally flawed: ‘the only effective action was to do what the enemy might be expected to do – [carry out] a first class cryptanalytic attack’. No cryptanalyst was assigned to investigate M4’s security until July 1944, when Lt. Frowein was lent by department 4 SKL III (cryptanalysis) of the German Admiralty to 4 SKL II (radio, including cipher security) for six months for the purpose. Although neither Frowein nor any of his ten staff had any experience whatsoever of breaking commercial Enigma, or any other machine ciphers, by December he had developed a method to recover M4’s inner settings and Stecker with a twenty-five-letter crib. His method was slightly artificial, in that it depended on only the right-hand rotor moving during the full length of the crib, which would only hap
pen about once in every forty-two messages with M3 or M4 – only when one of rotors I to V was in the right-hand position and had just passed its turnover position. But it was a start, and proved that Heer and Luftwaffe Enigma ciphers were more vulnerable in practice, especially from an attack using punched cards. Frowein knew that punched card machinery would have speeded up his methods considerably. He reckoned that a catalogue for M4 would have required four million cards, but that the three-rotor Enigma needed only 70,000 cards. Since M3’s rotors were the same throughout the war, punching the cards once would have sufficed. Frowein’s findings are said to have led the Kriegsmarine to decide that only rotors with two notches (VI to VIII) should be used in the right-hand position from December 1944 onwards. But even that basic step appears not to have been taken. A Shark key-list for June 1945 does not show any of those rotors in that slot.

  The failure of the Germans to take additional steps to protect Enigma is all the more astonishing, since they knew that young Polish mathematicians had solved Enigma before the war, and probably up to May 1940. They had discovered the Polish Cipher Centre at Pyry (codenamed Wicher) when they occupied Poland, and had been amazed by its successes. They even claim to have found decrypts of some pre-war naval Enigma messages in Wicher’s files. They carried out various investigations into the work done at Wicher, but made little real progress for many months. However, in March 1944, as a follow-up to the earlier inquiries, a German technical commission questioned the former head of the Polish Cipher Bureau, Colonel Gwido Langer, and Major Maksymilian Ciezki, a senior member of the Bureau, who were being held at an SS internment camp, Schloss Eisenberg, near Brüx (now called Most) in Czechoslovakia. Langer and Ciezki learned that the commission clearly knew, from decrypts found after the occupation of Poland, that the Poles had broken Enigma. Langer and Ciezki therefore felt compelled to concede, at least indirectly, that Wicher had done so before the war, but fortunately they also convinced the commission that a change in Enigma procedures had made it impossible for the Poles to continue their breaks into Enigma. Although the MND should clearly have been informed about Langer’s and Ciezki’s testimony, that appears not to have happened, since the MND’s major report in mid-1944 on Kriegsmarine cipher security does not even mention the commission’s findings. That is all the more surprising since the findings undoubtedly received some circulation: one German prisoner of war later told a TICOM team that the Poles had continued to read Enigma in France after the fall of Poland. However, he thought that a change in the indicator system (possibly the dropping of double encipherment in May 1940) had brought the Polish work to an end: ‘Solution had stopped, however … It was an abrupt ending, as if caused by a change in the system.’

  Although an organization known as OKW/Chi (Amtsgruppe Wehrmachtnachrichtenverbindungswesen Chiffrierabteilung) became responsible for communications security in the German armed forces in 1943, the relevant order remained a dead letter until mid-1944. But even then, OKW/Chi lacked clout: it had no authority to monitor actual traffic, and the Navy successfully opposed its attempts to take over naval communications security. OKW/Chi experts merely maintained that Wehrmacht Enigma was ‘secure when used according to regulations’. They were well aware of Enigma’s weaknesses and that, in particular, the right-hand rotor moved too uniformly, other rotors moved too seldom, and that Enigma should have held more than three rotors, and been issued with more than five rotors. The Heer and Kriegsmarine knew that Enigma was theoretically breakable, ‘given extraordinary mechanical outlay on the part of the enemy for cryptographic activities’, but OKW/Chi investigations on how Wehrmacht Enigma could be solved using long catalogues of the enciphered letter ‘e’ had not been finished by the end of the war. OKW/Chi did not carry out an in-depth study to ascertain whether a practical solution was feasible, partly because no authentic clear and cipher texts were ever made available to it for the purpose.

  OKW/Chi knew, of course, that commercial Enigma was insecure and, indeed, the Germans broke a rewired Enigma used by the Swiss during the war. Messages on the rewired versions used by the German post office and railways were therefore supposed to be re-enciphered at a different setting. In practice, that was probably not always done, if at all. GC&CS would probably have been unable to solve Railway Enigma traffic so successfully if the messages had been doubly enciphered. OKW/Chi also knew that the ‘counter’ Enigma (which used ‘multiple notch’ rotors) employed by the Abwehr could be solved with cribs of only ten letters. Instructions were therefore issued by OKW/Chi to encipher messages on the counter Enigma twice, or to encipher the plain-text manually before doing so on the Abwehr Enigma.

  The Heer and Luftwaffe made no physical changes to Enigma for most of the war – they did not even introduce new rotors, even though they knew that rotors had been captured on all fronts. However, Hut 6 was confronted by a potentially devastating problem on 1 January 1944, when the Luftwaffe started to use a new reflector with its principal cipher, Red. After quickly solving the reflector’s wiring on the first occasion when it was used, the Hut 6 cryptanalysts thought they had seen the end of it. They were therefore dismayed when a differently wired reflector turned up ten days later. Initially, they thought that it might merely be a split reflector, like the beta rotor/thin reflector Bruno combination in M4 Enigma. Such a reflector would not have been too difficult to deal with after the wiring was solved initially. However, it slowly emerged that the reflector, named Umkehrwalze D (Dora) by the Germans (UKD), was completely rewirable in the field, which was potentially a Herculean problem, with approximately 3.2×1011 different possible wirings every ten days (the period after which the wiring generally changed) on each cipher which used it. Interestingly, a rewirable reflector had been added to Typex, the British development of Enigma, as early as November 1941. But no thought seems to have been given at Bletchley to the steps needed to counter a similar development in Enigma, probably because the Bletchley cryptanalysts were kept in the dark about it, as a result of the ‘need to know’ principle.

  Luckily, as usual, the Luftwaffe blundered when making a major change in its cipher procedures. Not only was UKD introduced slowly, but it did not entirely displace the standard reflector, B (Umkehrwalze B - UKB) on the nets which did use it. Instead, both reflectors (UKB and UKD) were generally used alongside each other in the same cipher net: UKD for highly secret messages, and UKB for other signals. But apart from the reflector, all the other components (rotors, Ringstellung, Stecker, etc.) of a given daily key were the same for both the UKB and the UKD keys, which greatly reduced the task facing Hut 6. So long as it could solve the UKB key in the usual way, it only had to solve the UKD reflector wiring, which it could easily do given a crib of about eighty letters.

  Hut 6’s worst nightmare was that the Luftwaffe would entirely replace UKB by UKD on all or many of its cipher nets simultaneously. It received warnings that such a step was planned for 1 August and had to make major contingency plans to try to combat the change. Despite the efforts of the US Navy to develop a machine known as Duenna to tackle UKD, there was no prospect of Duenna being available on time to do so. Indeed, the first Duenna did not enter service until November 1944. Hut 6 therefore had to train about 400 relatively unskilled personnel to attack UKD using hand methods. About one hundred staff per shift were to use one hundred letter cribs – if available – in much the same way as planned for Duenna. Sixty of the staff were to be Wrens who normally looked after bombes at the Stanmore bombe outstation; in consequence, four bays of bombes (thirty-two bombes) would be put out of action – something that had never happened before. It represented a major loss of bombe power, and reveals just how seriously Hut 6 treated the threat. Stuart Milner-Barry, the head of Hut 6, thought that only three UKD wirings might be recovered during each ten-day period: in effect, only three Luftwaffe keys each day (thirty in ten days) – ‘a pathetically meagre result compared with the flood with which we have become accustomed’. Fortunately, the emergency did not happen: the Luftwaffe’s use
of UKD in August and later turned out to be much less than anticipated, although a large number of UKDs had been issued. And for some reason the Heer made very little use of UKD: Greenshank (formerly Green) was the only Heer cipher attacked by Hut 6 to employ it.

  A number of machines were designed or developed to meet the UKD menace. Bletchley’s main contribution was Giant, which comprised no fewer than four Bletchley bombes linked together (and so needed very long cribs), but it does not seem to have been a success. The Autoscritcher, which was the brainchild of the US Army Signal Security Agency, entered service in late December 1944. Being electro-mechanical, it was very slow, and only achieved four successful solutions (the first being on 6 March 1945) out of twenty-one problems attacked. A much more advanced electronic machine, the Superscritcher, only became operational after the end of the war. Duenna was the most successful of the wartime machines, but even it solved only eleven keys, out of sixty-two problems attempted. It was electro-mechanical, but also incorporated a number of sophisticated memory arrays. It was developed by National Cash Register of Dayton, Ohio, which also made the US Navy bombes. Duenna tested a single rotor order in about ninety minutes.

  Had it not been for the mixing of UKD and UKB on the same cipher net, in particular, the results of introducing UKD would have been much more serious. If UKD had also been brought into service on a widespread scale, it would have had a disastrous effect on GC&CS’s production of intelligence. In the almost complete absence of suitable fast machinery to solve UKD, Hut 6 could not have dealt with its widespread and secure deployment by the Heer and Luftwaffe.