Find the V rotor wiring using Hill Climbing

• Navy 1924 Challenge
• Cryptanalyse: Note: (F): Friedman.
  • (F) Known plain text attack
  • the wiring of the rotors is known. Search for rotor V
  • the wiring of the rotors is known. Search for rotor I
  • (F) Find the rotor wiring V
  • (F) The beginning of plain text
  • The beginning of plain text
  • (F) Find the rotor wiring I
  • (F) Find the stator wiring S
  • (F) Find the wiring for the other rotors
  • Hill Climbing: Find the rotor wiring V. This Page.
• The Friedman's report

Introduction

I created a program based on the Hill Climbing algorithm to find the rotor wiring in position V.

As we have observed, this step is essential because it allows to start deciphering the messages and reconstructing the wiring of the other rotors.

Algorithm

The algorithm is classic (cf. HC for Hebern 1-rotor). On the other hand, we use a single fitness function based on the IC (Index of Coincidence).

In addition, I was inspired by the Deavours & Kruh approach to find the rotor (the wiring being known) which is in position V. Indeed, I break down the cryptogram (after removing the Lampboard action) into slices of 26 letters and I calculate the IC for each slice. The fitness function returns the average of the ICs.

Example, we know the external key

- Start of the plain text message (it is approximately 1000 characters long).

C:\H5_TOOLS> more tmp\clair.pln
THEWASHINGTONNAVALCONFERENCEWASADISARMAMENTCONFERENCECALLED
BYTHEUNITEDSTATESANDHELDINWASHINGTONDCCOMMAFROMNOVEMBER
TWENTIETHONENIVETWOONECOMMATOFEBRUARYSIXTHONENIVETWOTWOZDOTZITWAS
...

- Create the cryptogram (we use an offset of 5 [RAW=S])

C:\H5_TOOLS> python hebern5_tui.py -E ZZAAAZS ^
  < tmp\clair.pln > tmp\clair_DS.cry

- We remove the action of the Lampboard (RFS)

C:\H5_TOOLS> python striplamp.py TYOEUMXDFJQVKWBNSHCILRZAGP ^
    tmp\clair_DS.cry > tmp\clair_DS.stripped

C:\H5_TOOLS> python hc_h5.py
usage:
  -h         Help
  -c crypto  The cryptogram
  -t tries   Number of tries, default: 15
  -o offset  Offset, 0 by default
notes:
1. The cryptogram must be 'stripped',
   i.e. without the action of the lampboard
2. Offset is relied to RAW (position of right ratchel wheel)
   ALPHA[ (13 + (N - offset)) % N ], N == 26

C:\HC_TOOLS> python hc_h5.py  -c tmp\clair_DS.stripped -o 5 -t 50
0 0.05756708407871199 HTSNXYUJICVOPMLEAGFQWKRBDZ
1 0.05590339892665474 CHGQVIKLWDJEMSZPONTRXBUYFA
2 0.05783542039355991 VUDNXKGIBLRZHPWAJYFCOSETQM
...
49 0.05477638640429336 IVHYPOXAKSGMRZDECJUNBWFLTQ

Key:  ZRDUEKMPBXVGJLSWANFIOHYTQC  Score:  0.06544090056285176
IDJQSRDUCWIKCCSHSTVKCXHLHEJHUCDCPGDCLTCTHENJREXAEAYZAZXIIAUJK
GRAWYQGAUNGXTEJIKGAEZGMKHIJAMKVTWKGFFWNNODQVNAVEHNBHQPIHAPKHP
MVADMJADQESSMDOSUUZQSKDPFRZFCWZSACQXFXZMFALQALQIOQAIZALVMPHLQ
CPXUQHCXM...

m     012345678901234567890----5----0----5----0----5-
c'    IDJQSRDUCWIKCCSHSTVKCXHLHEJHUCDCPGDCLTCTHENJREX
plain THEWASHINGTONNAVALCONFERENCEWASADISARMAMENTCONF
e       J                   h h  h            h
t     I         I                               n
a         S         S S            c c   c  c
n             C   CC      C    e               e   e     
o                K       K                        r
h      D    D                         p

We don't know the external key

If we do not know the external key, it is always possible to try all possible offsets (from 0 to 25).

Here is a test based on the previous example (offset, IC):

- We take a cryptogram of approximately 1000 characters:
Note: for each test, we do 50 trials (shotgun).

 0  0.0577      6  0.0672     12  0.0558     18  0.0564
 1  0.0581      7  0.0596     13  0.0550     19  0.0565
 2  0.0584      8  0.0568     14  0.0566     20  0.0569
 3  0.0589      9  0.0566     15  0.0555     21  0.0569
 4  0.0629     10  0.0556     16  0.0552     22  0.0565
 5  0.0672     11  0.0558     17  0.0550     23  0.0567
                              24  0.0567     25  0.0560

 0  0.0510      3  0.0611      6  0.0631      9  0.0507
 1  0.0532      4  0.0624      7  0.0606      ...
 2  0.0520      5  0.0654      8  0.0530

In conclusion, offset 5 corresponds to the correct configuration although this is more obvious with a cryptogram long enough.

Relationship between my solution and the authentic wiring

My solution to the Army V rotor wiring seems correct (I can get simple substitutions). Question: Does my rotor have the same wiring as the army machine?

I developed a signature program which allows me to identify a rotor independently of whether it has undergone a rotation or a twist effect. This program is described in my page rotor.

Using this program, I compared the genuine wiring to mine. The signatures are equal. Conclusion, my solution is correct.

C:\H1_TOOLS> python signature.py ^
	-R =FQTGXANWCJOIVZPHYBDRKUSLEM -a
PI direct
  PI       :  FQTGXANWCJOIVZPHYBDRKUSLEM
  Type     :  1.2.10.13.
  Cycles   :  (J),(AF),(BQYEXLICTR),(DGNZMVUKOPHWS),
  Signature:  [1, 13, 18, 9, 23, 18, 18, 7, 18, 10]
PI reverse
  PI       :  FRISYADPLJUXZGKOBTWCVMHEQN
  Type     :  1.2.10.13.
  Cycles   :  (J),(AF),(BRTCILXEYQ),(DSWHPOKUVMZNG),
  Signature:  [1, 2, 11, 21, 23, 10, 2, 1, 6, 3]

C:\H1_TOOLS> python signature.py ^
	-R =ZRDUEKMPBXVGJLSWANFIOHYTQC  -c -S
  Type     :  1.10.15.
  Cycles   :  (E),(BRNLGMJXTI),(AZCDUOSFKVHPWYQ),
  Signature:  [1, 2, 11, 21, 23, 10, 2, 1, 6, 3]

How do I get from genuine wiring to mine? All I had to do was inspect the cipher tables for each rotor. Here is the answer :

Here is the PI table which identifies the genuine rotor V in reverse mode with the key O. As we can see, it corresponds to the my rotor shifted by 11 positions to the right.

     W A N F I O H Y T Q C Z R D U E K M P B X V G J L S

Web Links

• ANALYSIS OF A MECHANICO-ELECTRICAL CRYPTOGRAPH, PART I, TECHNICAL PAPER, BY WILLIAM F. FRIEDMAN Cryptanalyst, Chief of Signal Intelligence Section UNITED STATES GOVERNMENT PRINTING OFFICE, WASHINGTON: 1934, Secret. (link).
• NSA - Friedman's Original Worksheets of Hebern Solution, 11 Nov 1936 (PDF)
  Note: The solution dates from 1924.