SIGABA: ECM MARK II
MIDN Jonathan Poole
04 APR 2013
Abstract:
The following paper will take an in depth look into quite possibly one of the most
complex, powerful, and successful cryptologic machines of the 20 th century, the SIGABA(or
ECM Mark II) Machine. Primarily used during WWII, the SIGABA Machine was one of the
most secure ways to communicate in the late war Army and Navy. This paper will discuss the
history, design, operation, and mathematical strength to the SIGABA crypto system.
History:
Just as many of the great advancements in technological history were not dreamt up
overnight, the development of the SIGABA took many years and many different forms. The two
masterminds behind the machine were Army Cryptologists by the name of William F. Friedman
and Frank B. Rowlett.1 Friedman, a Russian born, Pittsburg raised, Cornell Alumnus developed
one of the fundamental ideas behind the machine in 1926. 2 The beginning of rotor based
encryption was in 1917 when a man by the name of Edward Hugh Hebern developed the first
electronic cypher rotor.3 Hebern was confident that his rotor system would change the world, but
it never caught on. He attempted to market it to the Army and Navy, but neither seemed to
interested. The problem with the original rotor machines was that the stepping process was
entirely predictable, which for any mathematician/code breaker, is a gift. Thanks to the work
done by Hebern, Friedman developed the idea to control the shifting of the rotors through the use
of long paper tapes with a close to random pattern of holes dotted throughout the surface. 4 The
original machine that utilized this five channel paper tape was called the M-134-T1, and the man
responsible for the punching of the wholes throughout the tape was a man by the name of Frank
B. Rowlett.5
1 Pekelney, “Electronic Cipher Machine (ECM) Mark II” http://www.maritime.org/tech/ecm2.htm
2 “William F. Friedman (1891-1969)” National Security Agency. 15 JAN 2009.
http://www.nsa.gov/about/crypto logic_heritage/hall_of_honor/1999/friedman.shtml
3 "Edward H. Hebern." Encyclopædia Britannica. Encyclopædia Britannica Online Academic Edition. Encyclopædia
Britannica Inc., 2013. Web. 25 Apr. 2013. <http://www.britannica.com/EBchecked/topic/259011/Edward-H-Hebern>.
4 Mucklow, Timothy. “SIGABA Lecture,” 03APR2013
5 Ibid
After the introduction of the second version of Friedman’s machine, the M-134-T2, in
March of 1933, his assistant, Frank Rowlett, unveiled his contribution to the SIGABA machine. 6
The genius idea produced by Rowlett was to use rotors, not paper, to determine the rotation of
the ciphering rotors. Adopting the idea, Rowlett and Friedman created an adapter for the M-134
called the SIGOO. This attached three more rotors to the M-134 creating a machine that looked
and functioned similar to the final SIGABA, but was not nearly as effective. 7 Due to a lack of
funding in the Army’s cryptology budget, the project had to be shelved in order to wait for
development funds. Prior to the National Security Act of 1947, there were not many joint efforts
between the Army and Navy, and cryptography was no different. However in 1935 the Navy
became interested when Friedman discussed the complex idea of a stepping maze and the work
Rowlett and himself had done so far with Lt. Joseph N. Wenger. 8 With the lack of Army funding,
Rowlett and Friedman were sidelined, allowing the Navy to run with the idea. On 23 MAR 1936,
patent number 70,412 was filed on behalf of Lt. Wenger. In the winter of 1936-1937, the Navy
recognized the potential for the crypto system and began sponsoring and funding the
development of the machine. 9 In February of 1940, prototypes were released and the details
shared with the Army. After having been originally upset with the idea that the Navy had stolen
their idea, Friedman and Rowlett were given all credit for developing the system. 10 Just like most
things, the Army and Navy could not agree upon a name for the machine. The Army called it
SIGABA while the Navy called it the ECM Mark II. On 1 AUG 1941 the machine became
operational, and by 1943, there were over 10,000 machines in use paving the way towards an
allied victory in both the Pacific and Atlantic campaigns. 11
6 John J. G. Savard & Richard S. Pekelney (1999): THE ECM MARK II: DESIGN, HISTORY, AND
CRYPTOLOGY,
Cryptologia, 23:3, 211-228
7 Mucklow
8 Ibid
9 Pekelney
10 Mucklow
11 Pekelney
Throughout its time in operational service, there are no recorded breaks of the SIGABA
cryptosystem, making it one of the most secure systems the US has used in war time. Despite
there being no break in the crypto system, the machine was stolen in February of 1945. 12 At this
point in 1945, the German Army was in a rapid retreat and the American Army was playing leap
frog in order to keep up with their advances. The term leap from is used because every time one
signals camp was set up the one behind it would break down and move in front of the other. All
of the plans for an Allied invasion of Germany were typed, encrypted, and distributed by
SIGABA. So, when the machine was stolen in 1945, the US had to assume the worst that
machine had fallen into enemy hands and that the missions were compromised. 13 As the Signals
Intelligence Corps advanced toward Germany, they stopped in Colmar, France where the 2.5 ton
GMC trucks that housed the machine were stolen.
The events leading up to the incident began on 4 FEB 1945 when the 28 th Division’s
Signal Company arrived in Colmar with nothing to set up. On 5 FEB 1945 spare equipment
including the SIGABA machine arrived. That evening, the trucks were parked on the street and
went without guards for the duration of the night. When two officers noticed the truck was
missing the next morning, the search began. Later the same morning, the search revealed that the
truck’s trailer housing unclassified material was found on a dead end road with nothing missing.
All units and divisions in the area began searching every barn, shed, and crevice in the Colmar
region. Having lost his most important tool for encryption, General Eisenhower became
personally invested. On 9 MAR 1945, the truck was finally located in a wooded area 45 miles
northeast of Colmar, however the safes containing the SIGABA were missing. Later the same
day, the lower half of the safe was located in the Gressen River. The lower half contained less
valuable information, so the machine and code books still remained missing. Eleven days later
on the 20th of March, the upper safe was found 100 feet downstream from the upper safe.
Nothing had been tampered with, and the 55 pound thermite bombs and 14 pound blocks of TNT
remained undetonated.14
The result of the investigation found that the man at fault was a French farmer who had
borrowed the truck in order to move some household furniture. 15
12 “The Colmar Incident “http://www.nsa.gov/public_info/_files/cryptologic_spectrum/Colmar_Incident.pdf
13 Ibid
14 Ibid
15 Ibid
The Rotor Bank:
As mentioned in the history of the SIGABA, it is a rotor based crypto system. This
section will go in depth into the design of the SIGABA’s rotors and other systems.
The first step in explaining how the SIGABA actually works is to break it apart and
explain how each part works individually. To begin, a rotor is a “disk with electrical contacts
arranged in a circle on both sides, and a series of teeth set into the circumference of the disk.” 16
(See figure 1) Pinned to a central axis and connected to a mechanical gear, the rotors would
physically step from one tooth to another.
The SIGABA utilizes 15 rotors that are broken up into three distinct groups. The first set
of five rotors is called the Cipher rotors. The second set is the set of control rotors. The cipher
and control rotors are both made up of 26 contact points on each side, each corresponding to a
letter in the alphabet. 17 This allows for several variations that increase the security and key space
of the machine. Because these ten rotors are identical to one another, they can be interchanged
and each rotor can fill one of ten different positions in the machine. The second advantage is that
both the left and right side of the rotor are identical, which allows each rotor to either be inverted
or remain in its normal positioning.
To increase the key space and variations of different rotors, the internal wiring for each
rotor are pseudo random. If rotor wiring was done is a predictable manner, it would decrease the
overall security of the machine and cryptosystem, so developers of the SIGABA machine came
as close to random as possible. Meaning that in the production of the rotors, the wires connecting
two contacts on either side of the rotor are done in a pseudo random fashion. It is pseudo random
because collisions between wires in the mapping process must be taken out by a human operator
and when only one collision remains, the operator makes the final pairing and a rotor is
16 Lee, Michael “Cryptanalysis of the SIGABA” University of California: Santa Barbara.
http://ucsb.curby.net/ broadcast/thesis/thesis.pdf
17 Ibid
produced.18 This process was developed by Edward S. Herben, a pioneer in the invention of rotor
machines.19 This allows for a possible 26! permutations of the control and cipher rotor.
The way that a letter is encrypted using one of these rotors is through the electrical wiring
on the side of the rotor. By looking at the electrical contacts around the outside of each side of
the rotor wheel, one can imagine how letters are encrypted. With one rotor, the typist would push
a plaintext letter which would send a corresponding signal to the rotor, it would then pass
through the rotor’s internal wiring and come out, encrypted as another letter. 20 (See figure 2)
As can be seen in Fig 2.c, the encryption of a letter through multiple rotors because incredibly
complicated due to the multitude of different wirings and possible set ups. What made the
SIGABA so successful was not only the use of fifteen rotors, but also the stepping maze it
developed, which will be addressed later.
18 Ibid
19 Pekelney and Savard
20 Lee
The third set of five rotors is called the indexing rotor bank. As opposed to the control
and cipher rotors that both utilize 26 contacts, the index rotors only have 10 contacts. 21 The five
index rotor contacts are labeled 10-19 on the first rotor, 20-29 on the second, 30-39 on the third,
40-49 on the fourth, and 50-59 on the fifth. These smaller, indexing rotors could not be inserted
inverted.
A composition of all fifteen rotors can be seen in Figure 3.
Stepping Maze:
One of the unique things about the SIGABA machine that made it so successful and
difficult to break was the use of a stepping maze. While most rotor based crypto systems utilized
a nonexistent stepping maze, meaning they simply worked in an odometer function. An odometer
function means that one rotor would rotate completely through before the next rotor would step
once. SIGABA uses a system that bases the movement of the cipher rotors off of the other ten
rotors in the machine. This itself is a cryptosystem, within the larger cryptosystem. 22
Imagine the rotor bank of the SIGABA machine. Refer to the cipher rotors as C 1 ,C2, C3,
C4, and C5. The control rotors can be R1 –R5, and the indexing rotors I1-I5.
After every key stroke either 1,2,3, or 4 of the cipher rotors will rotate, but not all of
them. The rotations in the cipher rotors are determined by the indexing rotors whose function is
determined by the control rotors.
21 Ibid
22 Ibid
The control rotors function very similarly to a car odometer, just scrambled. R 1 and R5 are
locked and do not rotate during encryption, however the others functions as the odometer. R 3
rotates once for every key stroke by the typist, R 4 rotates once every 26 key strokes, and R2 every
676 key strokes. The electrical signal from the control rotors is then sent to the indexing rotors.
One important thing to note is that when keystrokes are made, electrical signals are sent to the
cipher rotors and control rotors. The signals to the cipher rotors begin the encryption while the
signals to the control rotors begin the stepping. All inputs to the control bank get separated into
FOUR distinct inputs. The four distinct inputs are F,G,H, and I. Every time a key is pressed, the
four inputs to the control rotors are energized. 23 Since there are four inputs to the control rotors
with every key stroke, there will be four outputs on the control rotors. These four outputs from
the control rotors will then become the four inputs to the indexing rotors. There are 26 distinct
possible outputs from the control rotors which are ORed and sent to in the inputs of the indexing
rotors. As seen in Figure 4, an output of F or G or H from the control rotors will result in an
activation of the input of the 4 th input on the indexing rotors.
To simplify and recap, for every energized key on the keyboard, four inputs are sent to
the control rotors, the four inputs are encrypted via the wiring within the rotors and come out as
four distinct outputs. The outputs are ORed and sent to an input on the index rotors. The number
four is crucial because only a maximum of four cipher rotors may step after each key stroke. This
means that there can only be a maximum of four distinct outputs from the index rotors after
ORing.24
The indexing rotors remained fixed throughout both the encryption and set up process.
The indexing rotors receive the ORed outputs from the control rotors and are sent to the contacts
on the indexing rotors. The signals pass through the indexing rotors and when it reaches the far
right side of the bank, at which there are ten possible outputs. The ten outputs are ORed as pairs
and those signals are sent to the cipher rotors in order to step them. 25 Refer to figures 4 and 5 for
images of this process.
23 Ibid
24 Ibid
25 Ibid
To show the entire electronic mapping, please refer to Figure 6. It follows an input to
both the control and cipher rotors, through the encryption process, and shows which cipher rotors
will step after the process.
Key Space:
One of the things that made the SIGABA so successful during its use in American
military history was the overall grand size of both the theoretical and practical key spaces. Key
Space is defined as “the total number of possible values of keys in a cryptographic algorithm or
other security measure such as a password.”26 For example, a 20-bit key would have the key
space of 1,048,576, which is calculated by computing 2 20=1048576.
Let us first look at the theoretical key space. We have to differentiate between theoretical
and practical key space because it would simply be too costly to produce the number of rotors
required to cover the entire key space. First, we count the number of 26 contact rotors and there
are 10 of those for the control and cipher rotors. Therefore, there are 10! ways of arranging these
rotors. To account for all of the possible permutations of the cipher and control rotors we need to
add another term of 26! for each of the 10 rotors in use. So we end up with the (26!) 10 term. As
26 “Key Space,” PC MAG. http://www.pcmag.com/encyclopedia/term/45775/key-space
mentioned earlier, each 26 contact rotor can be entered in either forward or reverse. So, within
each order of the ten rotors, there are 2 10 more variations that account for the forward and reverse
orientation of each rotor. Within each of these orientations there are 26 5 more orientations to
account for the five letter message indicator. 27 (In the setup procedure a five letter message
indicator must be set on both the control and cipher rotors before encryption and decryption. It
can be any five letter combination of 26 possible letters.) The final term in the theoretical key
space is to account for the possible different starting positions of the indexing rotors. There are 5
different rotors, each with 10 possible starting positions, so the term becomes 10 5. The final key
space calculation looks like:
This calculation produces a key space of over 955 bits. However, as mentioned earlier, it is
completely impractical to include the (26!) 10 term because one would have to produce every rotor
permutation included.
The practical key space is the same calculation without the term for the different
permutations of the control and cipher rotors. The equation for the practical key space becomes:
This gives a practical key space of approximately 72 bits. This 72 bit key space was instrumental
in the security and operation of the SIGABA machine. One weakness that reduced the practical
key space was the vulnerability of the five letter message indicator used to setup the machine.
The indicator would be sent out with the encrypted message and if the attacker knew the
meaning of the message, it would reduce the key space by a factor of 26 5.28
Without modern computer technology, an attacker would be left to try a brute force attack
which means that the attacker will try every possible key until the proper one is found. So, in
WWII, this was a very effective way of keeping things secure.
Conclusion:
27 Lee
28 Chan, Wing, "Cryptanalysis of SIGABA" (2007). Master's Projects. Paper 126. http://scholarworks
.sjsu.edu/etd_projects/126
SIGABA was the most successful encryption technology used by the United States
throughout the duration of World War II. This was due in large part to the large practical key
space which was large enough to withstand a brute force attack.
After the war, they made some modifications to increase the strength of SIGABA. For
example, six inputs became energized prior to entering the control rotors as opposed to the
previous four.29 However, SIGABA ceased to exist as we know it shortly after the war. The
population of SIGABA machines dwindled to 10,000 in 1943 to three known existing machines
today. The machine had a proud tenure as the most advanced cryptosystem and WWII and is
revered by cryptologists and computer scientists today.
29 Pekelney and Savard.