#-------- Decrypting Enigma ----------- version 01 Here's what I've been able to piece together from the three accounts - Budiansky [B], Hodges [H], and Singh [S]. I've probably got it all wrong since they seem to disagree on a few points; but, I've tried to put things in chronological order as related by [B] and augmented by [H] and [S]. The entry for October 1932 is the one I'm very confused about. #-------- Notation ---------- For permutations p,q,... i(p) is the inverse of p p^q = i(q)*p*q p**2 = p*p, etc. Write functions on the left. The parts of an Enigma permutation: r1 = 1st rotor (in setting 01) r2 = 2nd rotor (in setting 01) r3 = 3rd rotor (in setting 01) c = cyclic permutation (A B C D .... ) t = reflector involution Note: t has no fixed points s = stecker (plugboard setting) Note: s originally had at least 6 fixed points. Later this restriction was removed q = QWERTZU (entry ring connections) Then the Enigma permutation for setting k3:k2:k1 (ki is the setting for rotor i) is the product: t^p where p = r3^(c**k3)*r2^(c**k2)*r1^(c**k1)*q*s Let's rewrite the above using the notation from permutations.py and enigma.py: Let ic=i(c) be the invere of the cyclic permuation c. The left action by conjugation of a permutation x on a permuation y is given by x>>y. The right action by conjugation of x on y is given by y< 1:1:2 -> 1:1:3 -> ... etc. Consider the encryption of a message, and let p1 be the permutation applied to the first letter of the message, p2 be the permutation applied to the second letter, ... etc. In a given day, the first six letters of every message used the same settings, so p1, p2, etc. were the same for all messages. Each day, the steckering was changed along with the initial rotor settings. The rotor order was changed quarterly. #-------- Chronology -------- November 1931 - Asche (Hans-Thilo Schmidt) provided two operating manuals for the Enigma (along with some other unspecified documents) to Bertrand of France. Bertrand supplied Asche's documents to British and Langer (Poland) with understanding that they'ld share any progress they made. October 1932 - Rejewski began work on Enigma. Langer supplied him with the operating manuals obtained from Asche. For a given day Rejewski used the first and fourth letters of about 80 messages to figure out p1*p4 along with p4*p1 =i(p1*p4)=(p1*p4)^p1. From this he was able to figure out p1 and p4. The claim in the last sentence is only found in [B]. (In [H] and [S] the determination of p1 through p6 was much more laborious, and only completed after the rotor wirings had been determined.) Back to the story in [B]: Similarly Rejewski was able to determine p2, p3, p5, and p6. November 1932 - Asche supplied the stecker settings for September and October 1932 to Bertrand who shared them with Langer. Langer gave this new information (permutation 's') to Rejewski. Next Rejewski "guessed" that permutation 'q' was the identity permutation. (What a man!) Rejewski now worked out the wiring of the first (fast) rotor by looking at a single days traffic: Since the fast rotor moves by itself for short message segments, Rejewski thought of the problem in the following way: H = t^(r3^(c**k3) * r2^(c**k2)) is an unknown constant. It's a fixed-point free involution, if that matters. s = q*s is a guessed/known constant. k = initial setting of fast rotor The (known) permutations p1,p2,...,p6 could then be expressed as pj = H^(r1^(c**(k+j-1))*s) where the only unknowns were r1 and k. Six equations, two unknowns: piece of cake. The next bit of luck: the rotor positions for September and October were different so Rejewski was able determine the wiring for a second rotor. And once he had two, the third was easy. 1933 - Rejewski and friends built up a database (on index cards) of the cycle lengths of p4*p1, p5*p2, and p6*p4 determined by each rotor ordering and initial setting. The cards were filed by cycle structure. It took about a year to finish the database. #-------- I quit for the moment -------