German Army cryptographic systems of World War II

German Army cryptographic systems of World War II were based on the use of three types of cryptographic machines that were used to encrypt communications between units at the division level. These were the Enigma machine,^[1] the teleprinter cipher attachment (Lorenz cipher),^[2] and the cipher teleprinter the Siemens and Halske T52,^[3] (Siemens T-43). All were considered insecure.

Machine ciphers

The first cipher attachment, the (German: Schlüsselzusatz SZ40) SZ-40 original mode was introduced into the Army, probably in 1940,^[4] although Erich Hüttenhain, a cryptographer assigned to the Cipher Department of the High Command of the Wehrmacht (OKW/Chi), stated that the Army had been experimenting with this type of cryptographic apparatus from as early as 1937.^[5] It was replaced by the SZ-40 regular mode and this was succeeded by the SZ-42a and SZ-42b, both developed by Werner Liebknecht, Erich Hüttenhain and Fritz Menzer.^[6]^[7] The SZ-42c was also developed and 30 or 40 test sets built but the apparatus was evidently not used.

The (German: Schlüsselfernschreibmaschine), the first cipher teleprinter, T-52a, was introduced in 1939. Newer models were versions T-52c, T-52d and T-52e were in use. The one-time tape cipher teleprinter designated the SFM T-43 was developed in 1943 and introduced in 1944. The machine was theoretically unbreakable, if the key tape was truly random. However, the key tape was pseudo random as it was generated by the T-52e, and therefore insecure.

Hand Ciphers

The German Army used hand ciphers below division level. The manually operated hand systems of the Army that were used between 1939 and 1942 were listed by Erich Hüttenhain as follows:^[8]

A monoalphabetic type substitution using a keyword mixed alphabet in a 5 x 5 square
A comb-transposition (German: Kammwürfel)
A book key (German: Heftschlüssel)
A double Transposition cipher (German: Doppelwürfel) 4-S-40 This system was used until 1926 or 1927
The Playfair cipher in Single Playfair (German: Kastenschlüssel) (TS-42)
The Double Playfair (German: Doppelkastenschlüssel) Message Cypher 42 (NS-42)

In 1942, Walter Fricke of the General der Nachrichtenaufklärung, declared that all hand systems currently in use by the army were insecure. ^[9] Since the Field Army had no reserve hand systems, OKH/Chi was ordered to cooperate with the Army Signal Security agency department (In 7/IV) responsible for producing new systems.^[10] The following hand systems were evolved and used by the German Army from 1932-1945:

Three letter field codes (German: Signaltafeln) with or without enciphering table (German: Schlüsseltafeln).^[9]
Single transposition using grille (German: Rasterschlüssel 44) usually called Raster.^[11]
Double transposition (German: Rasterersatzverfahren)

Under field conditions many makeshift systems were employed such as monoalphabetic substitution, transposition consisting only of reversing the order of the letters of the plaintext and whatever the particular radio operators might adopt by agreement among themselves.

Weather ciphers

For weather reporting, the army used two types of systems until 1945:

The Barbara Code (German: Barbaraschlüssel) consisting of figure cards for encoding artillery meteorological reports, e.g. weather constants like wind velocity at various heights, 100m, 200m, for Army and anti-aircraft units. Walter Fricke considered this code, a terrible system. It employed an additive with as many as 100 messages in depth. General Erich Fellgiebel ordered it into use in 1939. OKW/Chi only became aware of its existence in 1944. The German Army considered the messages unimportant, even if broken, but after examining the code in detail, Fricke found that it was extremely valuable to the Allies, as it could be used by enemy bombers to perfectly calculate the trajectory of their bombs.^[12] The SG-41 was planned to replace this code.
Weather substitution tables, for enciphering meteorological reports in the Reich Weather Service. Walter Fricke also considered this a poor code.

The Barbara Code was replaced in 1945 by the Rasterschlüssel 44 that was developed by Walter Fricke^[13]

Preparation and distribution of cryptographic keys

The history of the preparation, printing and distribution of cryptographic keys by the German Army was described by Walter Fricke and Erich Hüttenhain.^[14] According to Fricke, the keys for the Army were produced at the beginning of the war on In 7/IV's own press. The number of personnel required was small, about 20 people in all, since only Enigma, weather and book staple keys (German: Heftschlüssel) were printed.

The number of personnel required for producing keys increased in 1940, when the Heftschlüssel was replaced by the double transposition and in 1942 when the double transposition was replaced by the TS-42a and the NS-42. A considerable increase in the personnel took place in the section as a result of the introduction of the key tables to the W/T tables. With the introduction of the SZ 40 and SZ 42 and other cryptographic systems which required keys, the amount of work entailed in the preparation of keys became too great for In 7/IV alone. In 1942, therefore, the production of key table manuscripts was transferred to the IBM section of the unit, and the printing to the Reich press in Berlin. In 7/VI was confined to reading proof and distributing the finished product.

At the time of the bombing attacks on Berlin on 22 and 23 November 1943, the printing press and all key material of In 7/IV at the Tirpitzufer 76 was destroyed. The key producing section was then moved from Berlin into emergency quarters prepared some weeks before in the Army Signal Academy located in Halle (German: Heeresnachrichtenschule) During this period, private printing firms were increasingly drawn on for the production of keys, first, because the Reich printing press could not meet the requirements, and secondly, decentralisation was becoming increasingly necessary to avoid bombing. About 20 firms in the central German area were given contracts. The high number was attributed to the introduction in 1944 of the Stencil System 44, the Rasterschlüssel 44.

In May 1944, the key production section was transferred to the Hindenburg barracks at Dresden owing to a lack of space. This situation remained until 1 November 1944, when all the tasks of producing, printing and distributing of keys were transferred to Section IIIa of the OKW/Chi. This section was established in Dresden in the HQ in which the key preparation section of In 7/IV had occupied. In March 1945, Section IIIa was transferred from Dresden to the Army Signal Academy located in Halle due to the approach of the Soviet Army. Work was never begun, and on 12 April, keys and material production machines were loaded onto three trucks to be sent to southern Germany by goods train. Keys left in Halle were destroyed by Germany at the approach of the United States Army.^[15]

German Army security studies

Before 1939, the Army High Command had no security organisation of its own. Questions of security concerning Army systems were transferred to the Codes and Ciphers section of the German Defense Ministry. Erich Hüttenhain stated that he and Fritz Menzer conducted a security study on the initial model of the SZ40 and found that it could be solved in two days.^[8] This led to its improved form.

In 1939, the Army High Command established its own Signal Security Agency (In 7/IV) which functioned as a unit until 1942. During the period of its operation, In 7/IV' examined the plugboard Enigma^[16] and made security studies on two other cryptographic machines proposed for Army usage, the M-40, first proposed by Fritz Menzer and the SG-41.^[17] The initiation of the security study of the plugboard Enigma was occasioned by Der Fall Wicher or case Wicher, the suspicion that Polish cryptanalysts of the Biuro Szyfrów had already read Enigma machine traffic by 1939.^[18] It was known that several cryptanalysts including Friedrich Böhm made security studies of the machine, and found it to be secure, although it was insecure. The Army continued to use the system, until Walter Fricke^[19] informed the Army that the Armies manner of using the Indicators led to an easy solution. At his recommendation, the indicator system was changed.^[19]^[20]

The two machines proposed for Army use, the M-40 and SG-41 were invented by Fritz Menzer, who worked for OKW/Chi. Security studies on the M-40 were conducted by Wachtmeister Heinrich Döring and Otto Buggisch.^[21] Buggisch stated that the studies proved the device to be moderately secure, but that it was never used because it was as bulky as the plugboard Enigma but could not print letters.^[22] With regard to the SG-41, the studies made by OKH/Chi showed it to be superior to the M-40, but regarding its use, Buggisch stated:

The Army hemmed and hawed and never did adopt it^[21]

In 1942, the security testing unit and most of the testing personnel of In 7/IV were transferred from their former unit to the Group IV of OKH/Chi Hans Pietsch, S Steinberg, Herbert von Denffer, Hilburg and Hans-Peter Luzius were named as those transferred.^[23] Security work was the responsibility of Group IV, Referat I, Section Ib, Subsections 7 and 13. Subsection 7 worked on testing German hand systems, 13 on machine systems.^[23] The first studies of Subsection 7 on German hand systems proved that all systems currently in use by the Army were solvable. As a result, OKH/Chi was ordered to collaborate with OKW/Chi in the development of new systems for the Army.^[24] Although OKH/Chi would have preferred to establish this section within itself, where the preparation of systems would be done in close cooperation with cryptanalytic specialists, this point of view was not recognised by the Army and OKH/Chi was ordered to send mathematicians back to In 7/IV. The mathematicians sent were Fricke, Jesse and Kehren.^[24] From that time on, subsection 7 only developed hand ciphers handed to it by the Field Army. Mettig noted that the amateur systems with which the section dealt were very bad and betokened great ignorance on the part of the Field Army in regard to code and cipher security.^[23]

Cipher teleprinter

Subsection 13, the section of Referat I of the General der Nachrichtenaufklärung was responsible for the security of German Army cryptographic machine systems. They conducted security studies of the T-52 Schlüsselfernschreibmaschine, teleprinter. Versions SFM T-52A, B, and C were built by Werner Liebknecht and tested by Heinrich Döring in the summer of 1942 and were discovered to be easily solvable.^[25]

By the autumn of 1942, despite the alterations of the individual encipherment, it was clear to the mathematicians that Version C could not be made secure. It was considered exceedingly awkward, as it was the latest available secret teleprinter and was used in communication from Germany to neutral countries. This improvement, the SFM T-52d, was ready in early 1943 and was shown by Heinrich Döring to be probably insecure. As there was a shortage of spare parts, and industry could not deliver the new machines sufficiently quickly, the High Command, largely out of wishful thinking, began to consider the misgivings of OKH/Chi as unwarranted.

Despite warnings from the unit, the Field Army continued to use SFM T-52c. They were particularly sure of it because they thought the land lines that the system ran on, i.e. where the messages passed through, could not be tapped by the Allies. Not until a cellar equipped to tap land lines was found in Paris in late 1942, did the Army consent to the improvement of the machine.^[26] Further evidence of lines being tapped came from the military attache in Stockholm, who later did a very foolish thing when he asked Oslo to send him T-52 keys in the clear.^[12] Early in 1943, Heinrich Döring established by further investigations that T-52d was not secure and that single messages could be solved. He did it as follows:

Each letter was characterised by five electrical impulses (positive or negative). On the basis of these impulses, Döring differentiated between letters having positive and negative qualities. An enciphered positive letter preserved its positive quality. Having established the plus/minus relationship of the text, it was possible to feed a suspected clear word through the message until it fitted correctly. Thence the message could be broken. As a result, a new alteration was made in the T-52d from which the T-52e emerged, which was regarded until the end of the war as secure.^[27]

Enigma

Some security research was conducted on the plugboard Enigma by subsection 13, although no definite conclusion was reached concerning its security. In 1943–44, case Wicher was confirmed when definite proof was obtained from the two Polish officers, who were being held prisoner at Neuengamme concentration camp, close to Hamburg. They confirmed the Poles had read the plugboard Enigma both before the Polish Campaign and after.^[19] This proof collaborated the suspicions around in 1940. Heinrich Döring and Hans Pietsch, were sent to interrogate the Polish prisoners, and had drawn a blank, it became evident that the Polish at Wicher had solved Enigma traffic, and moved to France. OKH/Chi never realised that the Polish cipher bureau had been researching the Enigma, in one form or another, from about 1920. The mathematicians of subsection 13 believed that solution had ceased when the Field Army followed Walter Fricke's indicator recommendations. The general result was that subsection 13 did not press the matter of Enigma security.

Cipher Device 39

Subsection 13 had also assisted in the design of the Schlüsselgerät 39, an improved Enigma which was intended to employ a plugboard, changeable turnover rotors, pluggable reflecting wheels, and additional Hagelin-type drive wheels.^[28] This machine was in all likelihood secure and unbreakable. Otto Buggisch stated that these machines were his speciality. They were constructed at the Telefonbau und Normalzeit (T&N) firm in Frankfurt at the time of the surrender.^[29]

The responsibility for the security of German Army cryptographic systems remained with subsections 7 and 13 until 1934, when it was turned over to OKW/Chi. The Army then retained only the responsibility for seeing the systems, approved by OKW/Chi, were properly used.^[30]

Attitude to security studies

Whenever the German Army was asked to change a system, there was always a storm of protest. It was not them but the staff of General Fellgiebel (Chef WNV) (German: Wehrmachtnachrichtenverbindungen) (WNV) which made the decision on which methods to be used. The results depended on whether the officers at WNV at the time, happened to know anything about cryptography. He usually did not, as it was a specialised field. In 1942, all hand systems were solvable. When the WNV was told this, the reply was that Germany had won all her battles so far, using these systems, and there was no need to overload the troops with new methods.^[9] Only with the greatest difficulty was the Field Army persuaded to change its methods.

One of the specific ways in which the Field Army consciously hampered progress in security studies was to refuse to furnish OKH/Chi actual traffic. Fricke stated that OKH/Chi never knew how the Field Army actually used the systems which it approved. When OKH/Chi asked for studies, it was given specially prepared messages such as We are standing in Berlin and See the Polish infantry coming down the Frankfurt Allee.^[9] However, the Field Army made a brief attempt in 1941 to provide the unit analysts with actual traffic. For this purpose a Signal Intelligence Regiment of the Replacement Army (German: Nachrichtenaufklärungsabteilung/Chef der Heeresrüstung und Befehlshaber des Ersatzheeres) was formed. While two companies of this unit were to act as administrative units for personnel of In 7/VI, the department of the Army Signal Security agency responsible for cryptanalysis of non-Russian traffic, the third company was an intercept unit in the field collecting material for the analysts. Owing to personnel shortage, this unit was dissolved in February 1942, and no subsequent attempt was made by the German Field Army to procure actual traffic for OKH/Chi.^[9]

It was difficult to persuade the Field Army to accept as valid the security studies made by the analysts of In 7/VI. Not until a cellar that contained equipment for tapping land lines used by the T-52c teleprinter, was raided in Paris in early 1943, was the Army High Command persuaded that the security studies made by the OKH/Chi had been valid.^[26]

The attitude of the Field Army could be traced largely to the ignorance on all levels of matters pertaining to codes and cipher security. Traffic handed to In 7/VI for scrutiny betrayed the lamentable ignorance of the Field Army.^[31] Signal tables set up by the troops revealed serious cryptographic errors such as the failure to change keywords for long periods.^[32] In an attempt to correct this ignorance, OKH/Chi gave lectures at the Army Signal Academy located in Halle (German: Heeresnachrichtenschule) and issued instructions on code and cipher security. The situation, however, was never satisfactorily resolved. Buggisch stated, while researching the C-36 device that the studies made on the device by B. et al. were used by Oberinspector Kühn and Major Mang to forestall the introduction of the device into the German Army:

it was tragic-comic: When OKH/Chi detected an insecurity, it was not able to achieve effective remedies; if In 7/VI wanted to install new devices, it had even more difficulties. The Army "hemmed and hawed" and never got around to acting.^[32]

Summary

German signal intelligence did not take a creative, non-linear view of attacking Enigma security, or any other secure system. When reporting on the security of Enigma or even of other ciphers including enemy systems, they focused on the statistics of cryptology. Their security investigations and cryptanalytic reports examined either the problems of physical compromise or of possible statistical methods for breaking systems. Among the surviving wartime documents, no reports deal with the more subtle ways around and into cryptologic problems.^[33]

The Army had cryptanalysts attack their own Enigmas, and in these attacks Germany's experts seem to have stuck to statistical and straightforward approaches. They conducted statistical attacks on Enigma-enciphered traffic both with and without the help of captured documentation. Both the OKH/Chi and Pers Z S found methods to solve the original unsteckered versions of Enigma.^[33] However, it was known they never tackled live traffic, for reasons described above, and instead stuck to straightforward attacks conducted under artificial conditions. All these examinations concluded that the Enigma would defeat enemy cryptanalysts. Throughout these investigations, German cryptologists seem to have never realised the true reduction of Enigma's probability space under real conditions, particularly those reductions arising from operational procedures and human error.^[33]

German cryptanalysts had no luck solving Allied high-grade ciphers and this lack of success only reinforced their belief in Enigma strength and vice versa. As Enigma had proved unbreakable, the Typex would prove even more impervious to attack, and hence the Army did not expend much effort on attacking the device.^[33]

Relying too heavily on theoretical statistics made Germany vulnerable. They knew that Great Britain had captured Enigma machines and associated documentation by the middle of the war. They also knew that Britain had a history of successful cryptanalysis and appreciated the abilities of British intelligence, yet they relied on a statistical security that took neither operational reality into account nor their opponent's capability. They ignored simple factors which could have hindered, if not defeated the Allies. One example, was the complete replacement of the rotors, by the Army, which was never done for various reasons.^[33]

Germany did recognise many of these procedural problems and they frequently reprimanded Enigma operators for insecure habits. In additions, several agencies, conducted investigations into Enigma that hinted at the system's general compromise. However, only the examination of live traffic under real conditions could have suggested the true level of security for Enigma, or indeed any other system, and this was never done.^[33]