French Army C-36: The Vichy period () ()

Home Page
C-36 Home Page
  • 1. Introduction.
  • 2. Machine operation
  • 3. The pre-war period
  • 4. The start of the war
  • 5. The Vichy period
  • 6. The Allied period
  • 7. The post-war period
  • 8. Conclusion
  • Appendix

5.1 Historical background

Following the armistice, France was cut in two. The North was occupied by the Germans and the South and North Africa (Morocco, Algeria, and Tunisia) were under the control of a government based in Vichy. This government, led by Marshal Pétain, followed a policy of collaboration with the enemy.

5.2 French encryption – Occupant control

Following the armistice with Germany, Vichy was authorized to encrypt its messages and to transmit them by radio, on the condition that they used methods and keys known to the Germans. Here are those methods:

  • 1919 Type 2 code, five digits, using an superencipherment process.
  • Colony code 1923B - using the CMAN superencipherment process.
  • Four-digit SMC (Sahara-Maroc-Confins) code using the SAMA superencipherment process specific to North Africa, which can be used at all levels.
  • System 1923 1A (simple column transposition).

However, Vichy also used other encryption methods, which were not communicated to the Germans, but only on a wired network.

In mainland France, some of these encryption methods existed before the armistice: the B-211, the 1919 5-digit Type 1 code, the DT Code, the G1 Code, the four-digit Code 70 (which replaces the Code 69), and C-36. The B-211 was the normal means of communication at staff level. Code DT served as a back-up. Code 70 and the C-36 were used only for instruction.

In North Africa (19th military region), the B-211 was mainly used for dialog between EM and with the mainland. The North African-specific ATM code was the main encryption tool. This was a four-digit code and it used superencipherment tables. The SD23 diagonal manual process was used between battalion and regimental commanders. Finally, the C-36 was used at division and regiment levels.

An operational network of C-36s covering the whole of North Africa was formed from April 1941 onwards (SHD-1P136 1942). This network was reserved for telegraphic communications between military commanders, generals commanding groups of subdivisions, major generals, and communications between the major generals and the superior commanding general: 

     Secretary of War to the General Commander-in-Chief Delegate General of 
     the Government in French Africa. Vichy, March 8, 1941. 
     (SECRET stamp in red).
     In response to your letter N° 1108/EM of February 28, 1941, relating to 
     the use of C-36 cipher machines in North Africa and AOF [1]. I have the honor 
     to inform you of the existence in North Africa of a network of C-36 cipher
     machines. This network, formed during the war by the TOAFN [2] EM, is currently 
     operating under the leadership of the 19th region. I authorize you to 
     extend and modify it subject to your management (establishment and renewal 
     of keys). As the tables of endowment in the Bureau du Chiffre documents for 
     North Africa currently in preparation have to include the new owners of 
     these machines, you will kindly send me under this stamp [3] the diagram of 
     this encryption network and the numbers of the machines that you propose to 
     distribute. I would also like you to send me the key tables that you will
     put into service.
Toward the end of 1940, the B-211 was transformed by the addition of four rotors, which greatly improved its level of security. Following its commissioning, the Germans were unable to decipher any message encrypted by this machine for the rest of the war (cf. 6.4).

Footnotes:

  • [1] AOF: “Afrique Occidentale Française”: French West Africa, which includes Mauritania, Sudan, Guinea, the Ivory Coast, Togo, Dahomey, and Niger.
  • [2] TOAFN: “Théâtre d’Opération en Afrique du Nord”: Theater of Operations in North Africa, i.e., the armed forces present in Algeria, Tunisia, and Morocco.
  • [3] The French text “… sous le présent timbre …” is not very clear. I interpret it as "using the same level of classification". i.e., SECRET.

5.3 Use of the machine

5.3.1 Equipment and number of machines

Several documents state the number of encryption means per unit. A summary reports the presence of 250 C-36s in North Africa. The mainland, which is divided into eight military regions or DMs (“Division Militaire”: Military Division), has, with schools, 155 machines in total. Hence, during the Vichy period, there was a total of 400 operational C-36s.

An ARCSI bulletin (Ribadeau-Dumas 1976) specified that during the withdrawal in June 1940, the Bureau du Chiffre hid cipher machines in several caches. If we assume that at least one in two machines was hidden, there were at least 900 machines. If we suppose that several dozen were lost, destroyed, or captured during the debacle of June 1940, we obtain a total number of 1,000 C-36s delivered to the French Army in 1940. This number corresponds to the order determined in 1937.

In fact, the number of machines delivered is more likely to have been 2,000 machines. Indeed, several endowment documents specify the serial numbers of the machines. Thus, in an inventory dated March 18, 1941, the serial numbers of the 49 machines then present in Morocco are indicated along with the units that hold them (SHD-1P136 1942). Here are some of the numbers: 5.003, 5.128, 6.482, and 6.709. In all cases, the numbers present are of the type 5.xxx or 6.xxx [1]. We can deduce with an extremely small margin of error that a maximum of 2,000 machines were delivered to France.

This number is also confirmed by an article from ARCSI concerning the history of French military cryptography (Ribadeau-Dumas 1975), which indicates that there were 115 B-211s and 2,000 C-36s in 1939 [2].

Footnotes:

  • [1] Out of all the archives I have explored, I have been able to record over 100 machine numbers, including machines on the Continent. All of the numbers were in the 5,000–6,999 range. If C-36 owners (collectors, curators) sent me their machine numbers, I could publish an anonymous catalog of existing machines.
  • [2] However, I think the date 1939 is wrong. It is more likely that in 1939 the C-36s were still being manufactured and it was only in 1940 that the total of 2,000 machines (or almost) was reached.

5.3.2 Key distribution

During the Vichy period (March 1941), the C-36s were only used on wired networks and the key change was obviously less frequent. The keys were valid for several months. Thus, Table A n ° 10, dating from December 27, 1940, was still in operation on March 26, 1941. In addition, it was valid for all units in North Africa. Tables A, B, and C of August 21, 1942 were not destroyed until January 22, 1943 after the fall of the Vichy government in Africa.

A document dated June 9, 1941 from the AOF staff in Dakar indicates the receipt of Tables A and B (n ° 3110/EM-CH) for the C -36, which must be put into service on June 15 from 4 p.m. We also learn that at this time the C-36 was considered safer than the SD 23 diagonal system. Finally, it was specified that the C-36 must only be used in exceptional cases and only on wire telegraphy (SHD-1P136 1942).

5.3.3 Other procedures

In 1941 when a unit received machines, the acknowledgment was encrypted with the machine using the exercise key contained in the manual. I deduced that in this manual there was an example key and an example message. I also learned that only an officer had the right to position the internal key (pins and slide; SHD-1P136 1942): 

     2e Bureau of the troops of the AOF group - Memorandum - Subject: the cipher 
     machines C.36 - April 23, 1941. The installation of the internal secret 
     elements will be carried out obligatorily by an officer who will keep the 
     two keys for the opening of the machine casing in place. The operator, unless 
     he is an officer, must know only the starting key [1]; the holders will 
     acknowledge receipt using the key from the manual. The five letters used as 
     the starting key of this telegram will constitute the third group of the 
     message.
In the documents that an operator receives, there is, in particular, the "Memento du Chiffreur" (memento of the cipher clerk), which summarizes the main security measures to be followed. A section deals with cipher machines (SHD-1P136 1942): 
     Command-in-chief of the land and air forces in Africa - Confidential – 
     Bureau du Chiffre of the Army - Memento guide of the cipher clerk - Algiers, 
     January 15, 1943 ... 4° Conservation of documents ... Only open the cipher
     machines for the operations of encryption. Then close them with a key 
     during periods of non-use. Do not leave machines set to the current key 
     during transport. If a machine is involved in an accident, never entrust the 
     repair of a part to an unqualified person (civil worker, for example). 
     Request the exchange of the machine for a machine in good condition.

Footnote: [1] The starting key corresponds to the message key chosen by the operator.

5.3.4 An example of a message:
An authentic cryptogram – Confirmation of procedures

In the archives of the military forces in Africa (SHD-1P136 1942), I found an extraordinary document: an authentic cryptogram encrypted in C-36 dated June 9, 1941. Normally, no cryptogram is kept. Indeed, as soon as a cryptogram is deciphered, it is destroyed. Accordingly, if the enemy captures the secret documents of the Bureau du Chiffre, they cannot possess the plain text and the corresponding cipher text at the same time.

Therefore, why does it appear here in the army archives? Because this message had been transmitted on the radio waves and intercepted by the Germans. They could not decipher it because it used a process that had not been authorized by the Armistice Commission. The Germans demanded from the French state of Vichy not only the plain message but also the process and the keys used. The war secretary addressed the German request to the Governor of French Africa because the message came from that region. Vichy also demanded that an investigation into this breach of the security rules be conducted and that sanctions be imposed against those responsible.

In the letter originating from the Vichy government and accompanying the cryptogram, two pieces of information concerning the procedures became apparent to me:

  1. Judging from the last two groups of the cryptogram, the war secretary declared that it was encrypted by means of the C-36. To corroborate this assertion, one can read on the page containing the cryptogram, the text "NDKLE" written in pencil. This chain was presumably the key of the message. I knew the method used to encrypt the message key in May 1940. The method in 1941 must have been slightly different from that used previously because it allowed the machine that was used to be deduced (B-211 or C-36). Therefore, I think that, as before, the key was encrypted through two substitution alphabets but which were different for the B-211 and the C-36. Thus, if the decryption of the indicator gave the same key, we not only knew this key but also which machine was used [1].
  2. The Secretary of War also requested that the keys of the C-36 machine be changed, that is, Tables A and B and the location of the key groups. Thus, I learned that this location was changeable. At a minimum, the groups were either at the start of the message (as at the start of the war), or at the end (as in the message), or perhaps still buried inside the cryptogram.

The verbatim cryptogram from the archives (at the bottom, handwritten in pencil: NDKLE): 

      		de FVA à FVB 9/6/41 21 h 19
       Off Alger nr 152 W57 h 9 à 18 h 10 – Général Cdt 19 ème
       		région à Division Oran. - 
       0945-
       XOTKA YLRWH TMTIR ADRDB VHCCL WUCCA JGDBG ZFYNC
       ZRBKD WDSHA ELDZG DZVGM FOFMR LIHCF XFJSP YXMBD
       TWWXH OSQVO QJQOV LVCHO NUVGP RILRG UUVVG KDDUE
       TDXYO HNOEZ ZWWAI KSIAC ZLNLV RYSKF WBJUE TSODI
       MTYCS UADMS RKFCW WSKTX RFCJW IQFKD WIYZX TSDOE
       KTTNF MAPEN JKYRB POTVT GZEBC - ar.
Using modern methods, I managed to find the plain text of this message (cf. 5.4). Following is the raw decryption as if it came from the tape emerging from the machine: 
       NO WBPE R SUR WB MONSIEUR GJENIER HABILITE PAR CDT SUPERIEUR 
       AIR ALGER INTERROGERA DESERTEUR QUCQELAM QURT ACTUELLEMENT A 
       ORAN STOP TOTTLS FACILILITES SERONT DONNEES A MONRIEUR 
       GRENIER QUI ARRIVERA WAP JUIN ORAN FIN
Remarks
  • As the letter K was used to transcribe the spaces, it was replaced in the plain text by the bigram QU or CQ. I conducted research on search engines about the name KELAM KURT, which seems plausible (several people of North African origin have this name).
  • The numeric group (0945) that precedes the cryptogram specifies the date (June 9) and the number of groups (45).
I reconstructed (after decryption) the position of the digital disc: 
     Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Read disc
     9 8 7 6 5 4 3 2 1 0 1 2 3 4 5 6 1 2 3 4 5 6 7 8 9 0 Digital disc
     Z Y X W V U T S R Q P O N M L K J I H G F E D C B A Print disc
Message after removing drafting and errors: 
     N° 205-8/2 Mr Grenier habilité par commandant supérieur Air Alger 
     interrogera déserteur Kelam Kurt actuellement à Oran STOP Toutes 
     facilités seront données à Mr Grenier qui arrivera le 10 juin à 
     Oran FIN
English translation: 
     N° 205-8/2 Mr. Grenier authorized by superior air commander from 
     Algiers will interrogate deserter Kelam Kurt currently in Oran STOP 
     All facilities will be given to Mr. Grenier who will arrive on June 
     10th in Oran END
Here is the key: 
     Message key: AAAAA
     Wheel 25 AB__E___I_KLM____R___V___
     Wheel 23 A__DE____J__M__P_RS____
     Wheel 21 ABC__FG_I_KLM_OP__S_U
     Wheel 19 A_CDE__HI__LM_OP_R_
     Wheel 17 AB_D_FG_IJ_L__O_Q
     Slide: 15 (“calage” letter: “G” [cf. 6.3.5.4])

Footnote:
[1] I have had confirmation of this from other documents (cf. 6.3.6).

5.4 Modern cryptanalysis via the hill climbing method

To obtain the cryptogram solution described in the previous paragraph, I used the hill climbing approach but in the simplest way possible. At each step, I changed the value of a randomly chosen pin and calculated a score with bigrams as the fitness function. If the score improved, I kept the pin configuration. I repeated this step 200 times before abandoning my trials. I repeated the whole process for as long as the score improved. I calculated the frequencies of French bigrams from the work "The Battle of France" by Louis Madelin (Madelin 1920). In case of failure, I had planned to use a more accurate source based on the hundred or so raw decryptions of C-36 messages that I collected at the SHD (SHD-11P187 1944). Admittedly, these data dated from 1943 and the cryptogram from 1941, but they were better than those in Madelin’s book. It is undeniable that in extreme cases good statistics are vital.

Algorithm 

     0. Set the maximum score to zero. 

     1. Generate initial random pin setting, decrypt and compute an initial
        score with the fitness function. Fix the high score to this initial 
        score.

     2. Repeat the following steps. Exit from this infinite loop if the 
        fitness function no longer improves the maximal score.

        2.1. For a predetermined number of loops (for example, 200).
               2.1.1. Randomly toggle a pin.
               2.1.2. Decrypt and compute the fitness function.
               2.1.3. If the score with the new pin setting is better
                      than the high score, fix the high score to the current
                      score. In addition, keep the new pin setting. Otherwise,
                      discard the new pin setting.
	2.2. If the high score is better than the maximal score, fix the
             maximal score to the new one and print this score, the key, and
             the beginning of the plain deciphered text.

     3. Repeat from Step 1, i.e., restart with new random pin setting. 
        Stop if the predetermined number of loops is reached (number of 
        shotgun restart).
In fact, I repeated the whole algorithm for each slide (there were 26 possible slides). I limited the number of attempts to 100 for each slide tested (shotgun hill climbing). In each test, there were approximately 2,500 decryptments, which makes (in the worst case) less than 7 million decryptions (2,500 x 100 x 26). I started my tests with the Lug A configuration from Table 2, which is the only one with overlaps. I found the solution with this one but I planned to try the six other probable configurations (cf. 2.6, 7.3). The solution involved the slide equaling 15. It was after the fifth shotgun restart that the configuration of the pins delivered an understandable plain text.

My program took less than a minute for each slide value. I was using an Intel Pentium G860, dual-core processor (but I was only using one core), at 3 GHz. I used the Python language because it allows rapid development (Agile software development).

I had planned in case of failure to use more complex methods inspired by George Lasry's thesis on metaheuristic searches in classical cryptology (Lasry 2017). Although I had found the solution without using these methods, I was testing them out of curiosity. I manipulated the algorithms that this author used against the M-209 (reverse each pin or swap each pair of pins … ). I also used other fitness functions: IC, unigrams, trigrams, and quadrigrams without result. Then I managed to find the solution with a combination of fitness methods, as the author suggests: IC and then trigrams, unigrams, and then quadrigrams. Each time I triggered the second method based on the best score of the first. I also managed to find the solution based only on using trigrams but with much more testing. I also tried the simulated annealing algorithm. The implementation of this approach was not easy both in terms of the detail of the algorithm and the level of its parameterization. Overall, all my tests were conclusive but they were much more complex than my initial approach and notably no more effective. I think the explanation lies in the fact that the C-36 is an uncomplicated machine that does not require sophisticated algorithms. In fact, I could have solved this problem with pencil and paper. Indeed, the most frequent cribs were present: NOKW ... KSURKW ... END (cf. 6.3.2).

5.5 German cryptanalysis

After France was wiped out, German cryptologists had plenty of time to break the C-36 and B-211 systems. They could base their attempts to do so not only on the capture of these machines but also on many seized documents during Battle of France [1] As the C-36 and B-211 systems were not part of the encryption methods authorized on the airwaves by the Germans, they were unable to intercept their traffic, which was only wired, and therefore could not exploit them.

Here is the result of these studies, which are described in the document “OKW/Chi [2] Cryptanalytic Research on Enigma, Hagelin and Cipher Teleprinter Machines” (TICOM I-45 1945). 

     … The different methods to break the C36 are as follows:

     1. Solution of messages of the same phase [3] in the case of C.36.
     2. Solution of C.36 from stereotyped beginnings.
     3. General solution of C.36 ...
The general solution requires extremely long messages in the order of 1,000 characters. The TICOM document describes it in general terms. Baker's book on the M-209 describes it in detail (Baker 1977). Because the messages exchanged with the C-36 were for the most part less than 300 characters, the relevance of the general solution is only of academic interest unless we know the indicator method. Knowing the indicator method makes it possible to know the position of each message in the space of the keys and thus aggregate several messages that are ultimately the equivalent of a single large message.

Using in-depth messages was more realistic but it required having messages encrypted with the same message key and therefore the same indicators. Normally the procedures produced by the Bureau du Chiffre prohibited this practice, but there is no doubt that the conditions of war favored this practice. Remember that this was the only technique that enabled the Germans to decipher the M-209. The TICOM document outlines this method. A long-classified Dutch Army document describes it in detail for the C-446 which, like the C-36, uses a variable slide (post-1945 SMID).

The most common method used by German code-breakers from November 1942 onward without context is the exploitation of messages with a stereotypical beginning. Unfortunately, the French cipher clerks abusing this usage (cf. 6.3.2). I will describe it and give an example. 

     TICOM I-45 - OKW/Chi Cryptanalytic Research on Enigma, Hagelin 
     and Cipher Teleprinter Machines. The attached papers, written 
     jointly by ORR Huettenhain and Sdf. Dr. Fricke …

     Solution of C.36 from Stereotyped Beginnings (the word “peg” 
     meaning pin and the word “jump” meaning key).

     Let us assume the beginning "CONFIDENTIAL." From this clear 
     text word and the corresponding encoded text the first twelve 
     jumps of the typing wheel can be deduced. Thus the first twelve 
     peg arrangements of the five wheels are known, if the initial 
     position of the wheels is assumed to be "zero position" … 
     The position of 26 to 29 sign can then be immediately written 
     in the clear text. The continuation is guessed. In this way 
     further peg arrangements in the individual wheels can be 
     determined. These peg arrangements by themselves show pieces 
     of clear texts, etc. at other positions until all peg 
     arrangements are known.
I illustrate the method described above with the following cryptogram, which corresponds to the encryption of an English text. It is assumed to begin with the word ORGANIZATIONK (K being used as a space). 
     INCXL BISSD QGQLZ XJVGX CHBEA MDYBX XIEPV WEPVF VEZLW LMSWD
     TPMZR JCTMV ZXVFU IHAJW TMCMQ UDVOX ASQRH HGAGG HRNDG QEITY
     HKIXQ WRWCJ MZHDK YOBYH WNNBP MZTUO JDGJR
In the chapter on the operation of the C-36, (cf. 2.1), we studied the formulas that describe the encryption: C = D - P and D = S + K, where C: Ciphered_letter, P: Plain_letter, D: Difference, S: Slide, K: Key (from Pin Settings).

We can calculate values for the first letter. We assume that the slide is equal to 20: 

     C = D - P      => D = C + P = i (8) + o (14) = 24, 
                       K = D - S = 24 - 20 = 2
In Table 4, we have calculated all the possible keys (shifts) for each pin setting. The key value 2 is for the [0 1 0 0 0] pin settings. Table 5 lists the pin settings for each letter of the crib. Then we can deduce pin settings for positions 19 to 32 in part or in total. We can guess the word at position 23: SIGNAL. It is framed by space, then we have deduced the string KSIGNALK. Then we deduce some pin settings: pos. 22: [? 0 1 0 1], pos. 23: [0 1 0 0 0], pos. 24: [0 0 0 0 1], pos. 26: [? 1 0 1 1], pos. 27: [1 0 1 0 0]. These deductions permit other deductions until all the pin settings are discovered. We leave it to the reader to piece together the rest of the key and the message.

The book by Cipher Deavours and Louis Kruh (Deavours & Kruh 1985) also describes this method. However, there is a problem. The method just described requires knowledge of the slide. Neither the TICOM archives nor the Deavours and Kruh book discuss this problem. In fact, if the configuration of the lugs is Configuration A (Table 2), we can easily guess the value of the slide. Table 4 gives the different possible offsets. Note that offsets 16, 19, 20, and 23 are impossible. We also note that some shifts are more likely (3, 10, 14,…, 24, 25) than others (0,1,4,5,…). If we test the crib for each possible slide, we see that only Slides 2, 20, and 23 are possible. For each one we can calculate a score according to the more or less numerous incidence of the most probable shifts. We obtain respectively the scores 7, 8, and 5. Thus, Slide 20 is the most probable, followed by Slide 2, and finally Slide 23. It is therefore legitimate to test Slide 20 first. We can thus see the serious error of the designers of the C-36 who created a configuration of lugs with overlaps, which does not allow all the possible shifts.

We can also find the slide easily with a short crib (NUMKW for example), but by testing many messages that start with it. I conducted a test with only five messages, which allowed me to deduce the slide. From these five messages, we can reconstitute an extremely small part of the key, but if we have dozens of messages at our disposal, it is possible by cross-checking to completely reconstitute the configuration of the pins after finding the slide.

A document (TICOM IF-107 1944) confirms that this method was used by German cryptanalysts (cf. 6.4.1).

Footnotes:

  • [1] TICOM archives do not specify the nature of the documents captured, but we can assume that they included key tables as well as details of the procedures used.
  • [2] OKW/Chi (OberKommando der Wehrmacht/Chiffrierabteilung): The cryptologic agency of the Wehrmacht (Army, Navy and Air Force).
  • [3] Messages of the same phase: messages in depth, i.e., with the same key.

Table 4: The different keys (shifts) for different pin settings 

Pin Settings    Key -      Key Pin Settings
   0 0 0 0 0      0          0   [0 0 0 0 0]    
   0 0 0 0 1     14          1   [1 0 0 0 0]
   0 0 0 1 0      7          2   [0 1 0 0 0]
   0 0 0 1 1     21          3   [0 0 1 0 0],[1 1 0 0 0]=[???00]
   0 0 1 0 0      3          4   [1 0 1 0 0]
   0 0 1 0 1     17          5   [0 1 1 0 0]
   0 0 1 1 0     10          6   [1 1 1 0 0]
   0 0 1 1 1     24          7   [0 0 0 1 0]
   0 1 0 0 0      2          8   [1 0 0 1 0]
   0 1 0 0 1     15          9   [0 1 0 1 0]
   0 1 0 1 0      9         10   [0 0 1 1 0],[1 1 0 1 0]=[???10]
   0 1 0 1 1     22         11   [1 0 1 1 0]
   0 1 1 0 0      5         12   [0 1 1 1 0] 
   0 1 1 0 1     18         13   [1 1 1 1 0]
   0 1 1 1 0     12         14   [0 0 0 0 1],[1 0 0 0 1]=[?0001]
   0 1 1 1 1     25         15   [0 1 0 0 1],[1 1 0 0 1]=[?1001]       
   1 0 0 0 0      1         16   Impossible!    
   1 0 0 0 1     14         17   [0 0 1 0 1],[1 0 1 0 1]=[?0101]     
   1 0 0 1 0      8         18   [0 1 1 0 1],[1 1 1 0 1]=[?1101]
   1 0 0 1 1     21         19   Impossible!
   1 0 1 0 0      4         20   Impossible!
   1 0 1 0 1     17         21   [0 0 0 1 1],[1 0 0 1 1]=[?0011] 
   1 0 1 1 0     11         22   [0 1 0 1 1],[1 1 0 1 1]=[?1011]
   1 0 1 1 1     24         23   Impossible! 
   1 1 0 0 0      3         24   [0 0 1 1 1],[1 0 1 1 1]=[?0111]
   1 1 0 0 1     15         25   [0 1 1 1 1],[1 1 1 1 1]=[?1111]
   1 1 0 1 0     10
   1 1 0 1 1     22 
   1 1 1 0 0      6 
   1 1 1 0 1     18
   1 1 1 1 0     13
   1 1 1 1 1     25
Table 5: Pin settings deduced from a crib - we assume slide = 20 
Count Cipher Plain Diff. Key   Pin Settings Hypothesis (D,P)
  000      I     O    22   2  [ 0 1 0 0 0 ]
  001      N     R     4  10  [ ? ? ? 1 0 ]
  002      C     G     8  14  [ ? 0 0 0 1 ]
  003      X     A    23   3  [ ? ? ? 0 0 ] 
  004      L     N    24   4  [ 1 0 1 0 0 ]
  005      B     I     9  15  [ ? 1 0 0 1 ]
  006      I     Z     7  13  [ 1 1 1 1 0 ]
  007      S     A    18  24  [ ? 0 1 1 1 ]
  008      S     T    11  17  [ ? 0 1 0 1 ]
  009      D     I    11  17  [ ? 0 1 0 1 ]
  010      Q     O     4  10  [ ? ? ? 1 0 ]
  011      G     N    19  25  [ ? 1 1 1 1 ]
  012      Q     K     0   6  [ 1 1 1 0 0 ]
  013      L                  [           ]
  014      Z                  [           ]
  015      X                  [           ]
  016      J                  [           ]
  017      V                  [         0 ]
  018      G                  [         0 ]
  019      X                  [       0 1 ] 8,9,11,12   L,M,O,P  
  020      C                  [       1 0 ] 1-7         Z,A-F
  021      H                  [     0 0 0 ] 20-23       N,0,P,Q
  022      B                  [     ? 0 1 ] 8,9,11,12   H,I,K,L
  023      E                  [   1 0 0 0 ] 22,23       S,T
  024      A                  [   ? ? 0 1 ] 8,9,11,12   I,J,L,M   
  025      M                  [ 0 0 1 1 1 ] 18          G
  026      D                  [ ? ? 0 1 1 ] 12,13       M,N
  027      Y                  [ ? 0 1 0 0 ] 23,24       Z,A
  028      B                  [ ? 1 1 0 1 ] 12          L
  029      X                  [ 1 1 1 1 0 ] 7           K
  030      X                  [ ? 0 1 1   ] 4,5,8       H,I,L
  031      I                  [ 1 0 ? 0   ] 21,24,8,11  N,K,A,X
  032      E                  [ ? 0 1     ] 19,20,1,2,15T,U,A,B,P
  033      P                  [ ? ? 1     ]
  034      V                  [ ? 1       ]
Count Cipher Plain Diff. Key Pin Settings Hypothesis (D,P)

References

  • Barker Wayne G., 1977. Cryptanalysis of the Hagelin cryptograph", Aegean Park Press
  • Deavours, Cipher A., Kruh, Louis. 1985. Machine Cryptography and Modern Cryptanalysis – Cipher A. Deavours & Louis Kruh, Artech House, Inc, Boston, London.
  • Ribadeau-Dumas, L. 1975. Essai d’historique du chiffre de l’armée de terre, 4ième partie (1919-1939), Bulletin de l’ARCSI, Nouvelle série N°3, p19–34
  • Ribadeau-Dumas, L. 1976. Essai d’historique du chiffre de l’armée de terre, 5ième partie: la guerre 1939-1945, Bulletin de l’ARCSI, Nouvelle série N°4, p33–52
  • SHD - 1 P 136. 1942. Délégation générale du gouvernement en Afrique française – 1941-1942
  • SHD 11 P 187. 1944. 1er Division Blindée – Section du chiffre – E.M: 2e Bureau – Télégrammes expédiés 9-6-43 au 21-12-1944. 1943-1944.

Web Links