Hebern cryptanalysis: the rotor is known

Home Page
Hebern's machines Home Page
Hebern 1 rotor Home Page
Cryptanalysis, Home Page

Cryptanalysis with known rotor

First case to consider, we know everything: the machine as well as the rotor(s) used. The only thing we don't know is the external key (the starting position of the rotor) and possibly the rotor used (if we have a set of rotors) and the mode used (Direct or Reverse) and finally in which direction is positioned the rotor.

We have already calculated the key space: 104 times the number of rotors available.

How to find the solution? There are two approaches:

  • We test all possible keys. You have to know all the permutations. You must also be able to recognize plain text when it occurs.
  • We use a “probable word” (Crib) which can be positioned using the isomorph method. We may not know the Lampboard permutation.

Plain text detection by IC

The theory

It is enough to test all possible cases and when the decryption gives a plausible plain text, we have found the solution.

In the case where a computer program is used to automate the tests, the calculation of the coincidence index (CI) makes it easy to detect the correct solution, in particular the initial position of the rotor.

Example

Consider the following cryptogram: 
C:\H1_TOOLS> python groupe.py < MSGS\bronte_p17.cry
QPYPM IWAOT DYRWI VUKMG JRJUK AKOGR WDXIP GIPIQ YVAAO DURSP
ZHQYC GUCFV MVWZX CZNGH JCDJM VGHGK RYTGB FDRVZ XZPQZ ZFRGV
DPUDJ VZYRO WRLCZ HFWH

We know the rotor wiring: FTQJVAXMWDSNHLRUCOKBPEIGZY

Just test the decryption with my simulator and my IC calculation program. In the following example we test the key Z (effective key A) in decryption mode. 

C:\H1_TOOLS>python hebern1_tui.py -R p17 -E Z -d < MSGS\bronte_p17.cry |python ic.py
0.0390
We do this type of test for all possible cases (encryption mode, decryption mode, all possible external keys, etc.). Here are the results in the case of decryption mode. 
A 0.0424      G 0.0353      L 0.0405      Q 0.0406      V 0.0372
B 0.0419      H 0.0367      M 0.0397      R 0.0409      W 0.0396
C 0.0412      I 0.0400      N 0.0377      S 0.0397      X 0.0417
D 0.0375      J 0.0392      O 0.0393      T 0.0440      Y 0.0413
E 0.0399      K 0.0597      P 0.0385      U 0.0386      Z 0.0390
F 0.0442
The external key is therefore K (effective key K+1=L). We can decipher the message: 
C:\H1_TOOLS> python hebern1_tui.py  -R p17 -E K -d <  MSGS\bronte_p17.cry
IHAVEJUSTRETURNEDFROMAVISITTOMYLANDLORDTHESOLITARYNEIGHBOURTHATISHALLBE
TROUBLEDWITHSTOPTHISISCERTAINLYABEAUTIFULCOUNTRY

Note: if you want to automate the tests, you need to know the system Shell (bash on Linux, powershell on Windows) to create a script that uses loops.

Finding the key using the Isomorphs method

Isomorphs

If all the permutations are known, and if we know the beginning of the text, we have another technique than the detection of plain text by an IC measurement. Simply try all the keys until the correct key gives the supposed beginning (crib or probable word) during decryption.

If the Lampboard permutation is unknown, it is still possible to use this method. On the other hand, decryption does not provide plain words, but an isomorphic expression. If a plain letter occurs several times, it will appear in the same (iso) form (morph).

Here is an example (see next paragraph): 

	Crib         : V I S I T T O M Y L A N D L O R D
	Cryptogram   : C E U W Y B T H K A H F M X N M F
	Decryption   : S D E N B O A R M X R I F G P F I
	Coincidences :               1     1 2 3     3 2
We see that the cryptogram and the decryption (without the lampboard) are isomorphic.

The search for the crib does not necessarily take place at the beginning of the text. Indeed, this search can be carried out anywhere in the text. In this case, it is necessary to scan the cryptogram with the crib and test at each position whether a decryption is isomorphic with the piece of the corresponding cryptogram.

Example

We create the encrypted message: 
C:\H1_TOOLS> python hebern1_tui.py -R p17 -L RFS < MSGS\bronte.txt 
  > MSGS\bronte_p17_rfs.cry

C:\H1_TOOLS> python groupe.py < MSGS\bronte_p17_rfs.cry
ZRBZC KPHVZ DQVFM KVHVI EJCEU WYBTH KAHFM XNMFQ SKXJH THJND
NQZVY CXITG KLPSJ OESEI SBIFX OMQJM SMJYC AGDUS JHJPP MRFZY
SDYXR CXMEW PEQAV BBFI
Then we test the presence of the crib “VISITTOMYLANDLORD” in the cryptogram. Lampboard permutation is unknown. 
C:\H1_TOOLS> python motprobable.py -C VISITTOMYLANDLORD -R p17 -s 
   < MSGS\bronte_p17_rfs.cry
Length of the cryptogram:  119
The last position tested:  102
(if the last position tested is zero, we test only
 the beginning of the cryptogram [we don't use -s])
1st col: The current position (inside the cryptogram)
2nd col: The Key (for the 1st character of the isomorph)
3th col: The slice of the cryptogram tested
4th col: The pseudo plain which corresponds to the
slice of the cryptogram tested, in short, the isomorph
0022 , W CEUWYBTHKAHFMXNMF SDENBOARMXRIFGPFI
The program gives position 22 and the effective key H (at the start of the Crib), so the message key is (H-22=11=L), it is the effective key, the real key (before the advancement of the rotor) is therefore K.