|
|
| Line 1: |
Line 1: |
| '''Turingery'''<ref name="GRoTTuringery" >{{Harvnb|Good|Michie|Timms|1945|p=313}} in ''Testery Methods 1942-1944''</ref> or '''Turing's Method'''<ref>{{Harvnb|Government Code and Cypher School|1944|p=89}}</ref> (playfully dubbed '''Turingismus''' by Peter Ericsson, [[Peter Hilton]] and [[Donald Michie]]<ref name="Copeland2006P380">{{Harvnb|Copeland|2006|p=380}}</ref>) was a hand [[codebreaking]] method devised in July 1942<ref>{{Harvnb|Good|Michie|Timms|1945|p=309}} in ''Early Hand Methods''</ref> by the mathematician and cryptanalyst [[Alan Turing]] at the British [[Government Code and Cypher School]] at [[Bletchley Park]] during [[World War II]].<ref>{{Harvnb|Hodges|1992|pp=230–231}}</ref><ref>{{Harvnb|Copeland|2006|pp=380–382}}</ref> It was for use in [[Cryptanalysis of the Lorenz cipher]] produced by the [[Lorenz cipher|SZ40 and SZ42]] teleprinter [[Rotor machine|rotor]] [[stream cipher]] machines, one of the [[Germans]]' ''Geheimschreiber'' (secret writer) machines. The British codenamed non-[[Morse code|Morse]] traffic [[Fish (cryptography)|"Fish"]], and that from this machine "Tunny". | | I'm Merrill and I live in a seaside city in northern Poland, Warszawa. I'm 39 and I'm will soon finish my study at Greek and Roman Culture.<br><br>Here is my web site; [http://www.cheapsnapbackscaps.me.uk cheap snapbacks] |
| | |
| Reading a Tunny message required firstly that the logical structure of the system was known, secondly that the periodically changed pattern of active cams on the wheels was derived, and thirdly that the starting positions of the scrambler wheels for this message—the [[Key (cryptography)|message key]]—was established.<ref>{{Harvnb|Churchhouse|2002|p=4}}</ref> The logical structure of Tunny had been worked out by [[W. T. Tutte|William Tutte]] and colleagues<ref>{{Harvnb|Tutte|1998|p=5}}</ref> over several months ending in January 1942.<ref>{{Harvnb|Good|1993|p=161}}</ref> Deriving the message key was called "setting" at Bletchley Park, but it was the derivation of the cam patterns—which was known as "wheel breaking"—that was the target of Turingery.
| |
| | |
| German operator errors in transmitting more than one message with the same key, producing a [[Cryptanalysis#Depth|"depth"]], allowed the derivation of that key. Turingery was applied to such a key stream to derive the cam settings.<ref>{{Harvnb|Copeland|2006| p=381 }}</ref>
| |
| | |
| ==The SZ40 and SZ42==
| |
| {{main|Lorenz cipher}}
| |
| The logical functioning of the Tunny system was worked out well before the Bletchley Park cryptanalysts saw one of the machines—which only happened in 1945, shortly before the allied victory in Europe.<ref>{{Citation | last = Sale | first = Tony | author-link = Anthony Sale | title = The Lorenz Cipher and how Bletchley Park broke it | url = http://www.codesandciphers.org.uk/lorenz/fish.htm | accessdate = 21 October 2010 }}</ref>
| |
| [[File:SZ42-6-wheels-lightened.jpg|right|340px|thumbnail|The Lorenz SZ machines had 12 wheels each with a different number of cams (or "pins").
| |
| {|class="wikitable" | border=1 | style="margin: 1em auto 1em auto"
| |
| |-
| |
| ! Wheel number
| |
| |1||2||3||4||5||6||7||8||9||10||11||12
| |
| |-
| |
| ! BP wheel name<ref name = "GRoT11B6">{{Harvnb|Good|Michie|Timms|1945|p=6}} in ''German Tunny''</ref>
| |
| | align="center" | <math>\psi</math><sub>1</sub>
| |
| | align="center" | <math>\psi</math><sub>2</sub>
| |
| | align="center" | <math>\psi</math><sub>3</sub>
| |
| | align="center" | <math>\psi</math><sub>4</sub>
| |
| | align="center" | <math>\psi</math><sub>5</sub>
| |
| | align="center" | <math>\mu</math><sub>37</sub>
| |
| | align="center" | <math>\mu</math><sub>61</sub>
| |
| | align="center" | <math>\chi</math><sub>1</sub>
| |
| | align="center" | <math>\chi</math><sub>2</sub>
| |
| | align="center" | <math>\chi</math><sub>3</sub>
| |
| | align="center" | <math>\chi</math><sub>4</sub>
| |
| | align="center" | <math>\chi</math><sub>5</sub>
| |
| |-
| |
| ! Number of cams (pins)
| |
| |43||47||51||53||59||37||61||41||31||29||26||23
| |
| |}
| |
| ]]
| |
| The SZ machines were 12-wheel [[Rotor machine|rotor]] [[cipher]] machines which implemented a [[Gilbert Vernam#The Vernam cipher|Vernam]] [[stream cipher]]. They were attached in-line to standard Lorenz teleprinters. The message [[Character (computing)|characters]] were encoded in the [[bit|5-bit]] [[Baudot code#ITA2|International Telegraphy Alphabet No. 2 (ITA2)]]. The output ciphertext characters were generated by combining a [[pseudorandom number generator|pseudorandom]] character-by-character key stream with the input characters using the [[Exclusive or|"exclusive or (XOR)"]] function (symbolised by <span style="font-size:190%;">'''⊕''' </span>).
| |
| ::::: <big>[[Plaintext]] <span style="font-size:190%;"> '''⊕''' </span> [[Key (cryptography)|Key]] = [[Ciphertext]]</big>
| |
| | |
| Similarly, for deciphering, the ciphertext was combined with the same key to give the plaintext.
| |
| ::::: <big> [[Ciphertext]] <span style="font-size:190%;"> '''⊕''' </span> [[Key (cryptography)|Key]] = [[Plaintext]] </big>
| |
| | |
| This produces the essential reciprocity to allow the same machine with the same settings to be used for both enciphering and deciphering.
| |
| | |
| Each of the five bits of the key for each character was generated by the relevant wheels in two parts of the machine. These were termed the [[Chi (letter)|''chi'']] (<math>\chi</math>) wheels, and the [[Psi (letter)|''psi'']] (<math>\psi</math>) wheels. The ''chi'' wheels all moved on one position for each character. The ''psi'' wheels also all moved together, but not after each character. Their movement was controlled by the two [[Mu (letter)|''mu'']] (<math>\mu</math>) or "motor" wheels.<ref name = "GRoT11B7">{{Harvnb|Good|Michie|Timms|1945|p=7}} in ''German Tunny''</ref>
| |
| | |
| The key stream generated by the SZ machines thus had a ''chi'' component and a ''psi'' component that were combined together with the XOR function. So, the key that was combined with the plaintext for enciphering—or with the ciphertext for deciphering—can be represented as follows.<ref name = "GRoT11B7" />
| |
| | |
| ::::: <big> Key = ''Chi''-Key <span style="font-size:190%;"> '''⊕''' </span> ''Psi''-Key </big>
| |
| | |
| Symbolically:
| |
| | |
| ::::: <big> K = <math>\chi</math><span style="font-size:190%;"> '''⊕''' </span> <math>\psi</math> </big>
| |
| | |
| The twelve wheels each had a series of cams (or "pins") around them. These cams could be set in a raised or lowered position. In the raised position they generated a "mark" '<big> '''x''' </big>' ('''1''' in binary), in the lowered position they generated a "space" '<big> '''•''' </big>' ('''0''' in binary). The number of cams on each wheel equalled the number of impulses needed to cause them to complete a full rotation. It should be noted that these numbers are all [[Coprime|co-prime]] with each other, giving the longest possible time before the pattern repeated. With a total of 501 cams this equals 2<sup>501</sup> which is approximately 10<sup>151</sup>, an astronomically large number.<ref>{{Harvnb|Churchhouse|2002|p=158}}</ref> However, if the five impulses are considered independently, the numbers are much more manageable. The [[Multiplication|product]] of the rotation period of any pair of ''chi'' wheels gives numbers between 41×31=1271 and 26×23=598.
| |
| | |
| ==Differencing==
| |
| Cryptanalysis often involves finding patterns of some sort that provide a way into eliminating a range of key possibilities. At Bletchley Park the XOR combination of the values of two adjacent letters in the key or the ciphertext was called the difference (symbolised by the Greek letter ''delta'' 'Δ') because XOR is the same as [[Modular arithmetic|modulo]] 2 subtraction (without "borrow")—and, incidentally, modulo 2 addition (without "carry"). So, for the characters in the key(K), the difference ΔK was obtained as follows, where <u>underline</u> indicates the succeeding character:
| |
| | |
| ::::: <big> ΔK = K<span style="font-size:190%;"> '''⊕''' </span> <u>K</u> </big>
| |
| | |
| Similarly with the plaintext, the ciphertext and the two components of the key. Also, the relationship amongst them applies when they are differenced. For example, as well as:
| |
| | |
| ::::: <big> K = <math>\chi</math><span style="font-size:190%;"> '''⊕''' </span> <math>\psi</math> </big>
| |
| | |
| It is the case that:
| |
| ::::: <big> ΔK = Δ<math>\chi</math><span style="font-size:190%;"> '''⊕''' </span> Δ<math>\psi</math> </big>
| |
| | |
| If the plaintext is represented by P and the cipertext by Z, the following also hold true:
| |
| | |
| ::::: <big> ΔZ = ΔP <span style="font-size:190%;"> '''⊕''' </span> Δ<math>\chi</math><span style="font-size:190%;"> '''⊕''' </span> Δ<math>\psi</math> </big>
| |
| | |
| And:
| |
| ::::: <big> ΔP = ΔZ <span style="font-size:190%;"> '''⊕''' </span> Δ<math>\chi</math><span style="font-size:190%;"> '''⊕''' </span> Δ<math>\psi</math> </big>
| |
| | |
| The reason that differencing provided a way into Tunny, was that although the frequency distribution of characters in the ciphertext could not be distinguished from a random stream, the same was not true for a version of the ciphertext from which the ''chi'' element of the key had been removed. This is because, where the plaintext contained a repeated character and the ''psi'' wheels did not move on, the differenced ''psi'' character (Δ<math>\psi</math>) would be the null character ('''•••••''' or 00000), or, in Bletchley Park terminology, '<span style="font-size:140%;">'''/'''</span> '. When XOR-ed with any character, this null character has no effect, so in these circumstances, Δ<math>\chi</math> = ΔK. Repeated characters in the plaintext were more frequent both because of the characteristics of German (EE, TT, LL and SS are relatively common),<ref>{{Citation | last = Singh | first = Simon | author-link = Simon Singh | title = The Black Chamber | url = http://www.simonsingh.net/The_Black_Chamber/hintsandtips.html | accessdate = 28 April 2012 }}</ref> and because telegraphists frequently repeated the figures-shift and letters-shift characters<ref>[[Max Newman|Newman]] ''c''. 1944 p. 387</ref> as their loss in an ordinary telegraph message could lead to [[gibberish]].<ref>{{Harvnb|Carter|p = 3 }}</ref>
| |
| | |
| To quote the General Report on Tunny:<blockquote>Turingery introduced the principle that the key differenced at one, now called ΔΚ, could yield information unobtainable from ordinary key. This Δ principle was to be the fundamental basis of nearly all statistical methods of wheel-breaking and setting.<ref name="GRoTTuringery"/></blockquote>
| |
| | |
| ===Bit-level differencing===
| |
| As well as applying differencing to the full 5-bit characters of the [[ITA2]] code, it was also applied to the individual impulses (bits). So, for the first impulse, that was enciphered by wheels <math>\chi</math><sub>1</sub> and <math>\psi</math><sub>1</sub>, differenced at one:
| |
| ::::: <big> ΔK<sub>1</sub> = K<sub>1</sub><span style="font-size:190%;"> '''⊕''' </span> <u>K</u><sub>1</sub> </big><>
| |
| And for the second impulse:
| |
| ::::: <big> ΔK<sub>2</sub> = K<sub>2</sub><span style="font-size:190%;"> '''⊕''' </span> <u>K</u><sub>2</sub> </big>
| |
| And so on.
| |
| | |
| It is also worth noting that the periodicity of the ''chi'' and ''psi'' wheels for each impulse (41 and 43 respectively for the first one) is reflected in its pattern of ΔK. However, given that the ''psi'' wheels did not advance for every input character, as did the ''chi'' wheels, it was not simply a repetition of the pattern every 41 × 43 = 1763 characters for ΔK<sub>1</sub>, but a more complex sequence.
| |
| | |
| ==Turing's method==
| |
| In July 1942 Turing spent a few weeks in the Research Section.<ref>{{Harvnb|Tutte|2006|pp=359, 360}}</ref> He had become interested in the problem of breaking Tunny from the keys that had been obtained from [[Cryptanalysis#Depth|depths]].<ref name="Copeland2006P380"/> In July, he developed the method of deriving the cam settings from a length of key.<ref name="GRoTTuringery"/> It involved an [[Iteration|iterative]], almost trial-and-error, process. It relied on the fact that when the differenced ''psi'' character is the null character ('''•••••''' or 00000), <big>'''/'''</big>, then XOR-ing this with any other character does not change it. Thus the delta key character gives the character of the five ''chi'' wheels (i.e. Δ<math>\chi</math> = ΔK).
| |
| | |
| Given that the delta ''psi'' character was the null character half of the time on average, an assumption that ΔK = Δ<math>\chi</math> had a 50% chance of being correct. The process started by treating a particular ΔK character as being the Δ<math>\chi</math> for that position. The resulting putative bit pattern of <big> '''x''' </big> and <big> '''•''' </big> for each ''chi'' wheel, was recorded on a sheet of paper that contained as many columns as there were characters in the key, and five rows representing the five impulses of the Δ<math>\chi</math>. Given the knowledge from Tutte's work, of the periodicity of each of the wheels, this allowed the propagation of these values at the appropriate positions in the rest of the key.
| |
| | |
| A set of five sheets, one for each of the ''chi'' wheels, was also prepared. These contained a set of columns corresponding in number to the cams for the appropriate ''chi'' wheel, and were referred to as a 'cage'. So the <math>\chi</math><sub>3</sub> cage had 29 such columns.<ref>{{Harvnb|Copeland|2006|p=385}} which reproduces a <math>\chi</math><sub>3</sub> cage from the General Report on Tunny</ref> Successive 'guesses' of Δ<math>\chi</math> values then produced further putative cam state values. These might either agree or disagree with previous assumptions, and a count of agreements and disagreements was made on these sheets. Where disagreements substantially outweighed agreements, the assumption was made that the Δ<math>\psi</math> character was not the null character <big>'''/'''</big>, so the relevant assumption was discounted. Progressively, all the cam settings of the ''chi'' wheels were deduced, and from them the ''psi'' and motor wheel cam settings.
| |
| | |
| As experience of the method developed, improvements were made that allowed it to be used with much shorter lengths of key than the original 500 or so characters.<ref name="GRoTTuringery"/>
| |
| | |
| == See also ==
| |
| * [[Banburismus]]
| |
| | |
| ==References and Notes==
| |
| {{reflist|colwidth=30em}}
| |
| | |
| ==Bibliography==
| |
| *{{Citation | last = Carter | first = Frank | title = Bletchley Park Technical Papers: Colossus and the Breaking of the Lorenz Cipher | url = http://www.bletchleypark.org.uk/content/lorenzcipher.pdf | accessdate = 28 January 2011 }}
| |
| * {{Citation | last = Churchhouse | first = Robert | title = Codes and Ciphers: Julius Caesar, the Enigma and the Internet | place = Cambridge | publisher = Cambridge University Press | year = 2002 | isbn = 978-0-521-00890-7 }}
| |
| * {{Citation | last = Copeland | first = Jack | author-link = Jack Copeland | year = 2006 | contribution = Turingery | editor-last = Copeland | editor-first = B. Jack | editor-link = Jack Copeland | title = Colossus: The Secrets of Bletchley Park's Codebreaking Computers | place = Oxford | publisher = Oxford University Press | isbn = 978-0-19-284055-4 }}
| |
| * {{Citation | last = Good | first = Jack | author-link = I. J. Good | year = 1993 | contribution = Enigma and Fish | editor-last = Hinsley | editor-first = F.H. | editor-link = Harry Hinsley | editor2-last = Stripp | editor2-first = Alan | title = Codebreakers: The inside story of Bletchley Park | publication-place = Oxford | publisher = Oxford University Press | isbn = 978-0-19-280132-6 }}
| |
| * {{Citation | last = Good | first = Jack | author-link = I. J. Good | last2 = Michie | first2 = Donald | author2-link = Donald Michie | last3 = Timms | first3 = Geoffrey | title = General Report on Tunny: With Emphasis on Statistical Methods | year = 1945 | id = UK Public Record Office HW 25/4 and HW 25/5 | url = http://www.alanturing.net/turing_archive/archive/index/tunnyreportindex.html | accessdate = 15 September 2010 }} That version is a facsimile copy, but there is a transcript of much of this document in '.pdf' format at: {{Citation | last = Sale | first = Tony | author-link = Anthony Sale | title = Part of the "General Report on Tunny", the Newmanry History, formatted by Tony Sale| year = 2001 | url = http://www.codesandciphers.org.uk/documents/newman/newman.pdf | accessdate = 20 September 2010 }}, and a web transcript of Part 1 at: {{Citation | last = Ellsbury | first = Graham | title = General Report on Tunny With Emphasis on Statistical Methods | url = http://www.ellsbury.com/tunny/tunny-001.htm | accessdate = 3 November 2010 }}
| |
| * {{Citation | last = Government Code and Cypher School | author-link = Government Code and Cypher School | title = The Bletchley Park 1944 Cryptographic Dictionary formatted by Tony Sale | year = 1944 | url = http://www.codesandciphers.org.uk/documents/cryptdict/cryptxp3.pdf | accessdate = 7 October 2010 }}
| |
| * {{Citation | last = Hodges | first = Andrew | author-link = Andrew Hodges | year = 1992 | title = Alan Turing: The Enigma | publication-place = London | publisher = Vintage | isbn = 978-0-09-911641-7}}
| |
| * {{Citation | last = Newman | first = Max | author-link = Max Newman | year = ''c''. 1944
| |
| | chapter = Appendix 7: Δ<math>\chi</math>-Method| editor-last = Copeland | editor-first = B. Jack | editor-link = Jack Copeland | title = Colossus: The Secrets of Bletchley Park's Codebreaking Computers | place = Oxford | publisher = Oxford University Press | isbn = 978-0-19-284055-4 }}
| |
| * {{Citation | last = Tutte | first = William T. | authorlink = W. T. Tutte | year = 2006 | contribution = My Work at Bletchley Park | editor-last = Copeland | editor-first = B Jack | editor-link = Jack Copeland | title = Colossus: The Secrets of Bletchley Park's Codebreaking Computers | publication-place = Oxford | publisher = Oxford University Press | isbn = 978-0-19-284055-4 }}
| |
| * {{Citation | last = Tutte | first = W. T. | author-link = W. T. Tutte | title = Fish and I | date = 19 June 1998 | url = http://frode.home.cern.ch/frode/crypto/tutte.pdf | accessdate = 7 October 2010 }} Transcript of a lecture given by Prof. Tutte at the [[University of Waterloo]]
| |
| | |
| [[Category:Bletchley Park]]
| |
| [[Category:Alan Turing]]
| |
| [[Category:Cryptographic attacks]]
| |