Previous lecture
Table of contents
Next lecture

Lecture #27:  Enigma discussion & review for the final

The students were reminded about the final exam and the DES papers were collected. Again Mr. Radomirovic presided and wrote:

Enigma: I answered some questions about how the device worked roughly, and other minor things. I pointed out the things you suggested, since I found them worth mentioning again. I explained in brief again, what enabled the winners of WW2 to break Enigma ($$$, Flaws in Design of the System, Human Factors). I couldn't answer the question what happened after the Germans started using the converted teletype system, since I haven't seen the end of the tape either.

I had earlier sent a message to Mr. Radomirovic which included what follows:

Some comments you may care to make could include the following:
1. SOURCE: Enigma was an "electromechanical system" and was bought from its commercial manufacturer and changed a bit.
2. Once "deployed" (actually distributed and put into use by the Germans) the investment in material, time, money, training, etc. was VERY SUBSTANTIAL. There were many locations, some remote, and many people involved. So changes in either the physical setup or the operating procedure could not be made casually or frequently. This is reality.
3. The initial "breaks" into the Enigma cryptosystem were done with the aid of corruption ($$$): certain designs, pictures, and key schedules plans were sold to the Polish Secret Service. This helped quite a bit.
4. Breaking Enigma "wholesale" (that is, on a large scale, using the information repeatedly) was done some years later in England. You may want to mention some of the following, as seems useful to you.
  1. Note that many of the people who broke Enigma were about 18 to 22 years old. Somehow they were dedicated, intelligent, hard-working, etc. enough to make very serious contributions to the "war effort".
  2. One of the problems with "communications intelligence" is that the source of the information must be guarded, because if the opponent knows you can break the cryptosystem being used, it may be replaced (either by changing hardware or operational procedure). Although the new cryptosystem may not be any better than the earlier one, there's one immediate disadvantage: you must learn how to break the new one.
  3. As Enigma "evolved" (more rotors, different connections, etc.) certain aspects of cryptanalysis should become clear. First, ERRORS in use by the operators were extremely important to continued exploitation of the break. Second, even when the operators used the machine "flawlessly", their humanity gave information away. For example, consider the "random" spinning of the rotors. Human intervention is rarely random. Human intervention is almost never random. "Spontaneous" HUMAN INTERVENTION IS NOT GOOD for the operation of a cryptosystem. Also, cryptosystems should be designed so that they are relatively invulnerable to misuse. The overconfidence of the Germans in Enigma meant that they rarely took the human factor of their own operators into account.
  4. Complexity does not equal security. The t.v. show mentioned at least one example of this. The ADDITIONAL COMPLEXITY of forcing encoded letters to be different (so "A" in plaintext could not be encoded as "A" in ciphertext) was abominable from the security point of view. It gave the codebreakers much additional information when "cribs" (assumed plaintext) were used.
  5. Sending additional messages encoded with the same keys is very poor for security. This was obvious in the early operation of Enigma (the repeats of three letters) and was certainly exploited greatly in breaking the teletype encryption scheme used later in the war. We did similar exploitation with "depths" in the "Alien messages" homework.
  6. Sending expected messages with different keys can be rather harmful to security. Thus the repeated messages that are routine in complex society (such as the one quoted about air flights, or messages about weather or stylized military communiques) yield more information than is obvious when repeatedly encrypted.
Lessons can be learned from this for commercial encryption practice, and some lessons can even be learned for casual users of encryption.
Three review sheets had been prepared: one on mathematics [PDF|PS|TeX], one on crypto [PDF|PS|TeX], and one on public policy [PDF|PS|TeX]. Students had been quite apprehensive about what sorts of questions would be asked on the final. Mr. Radomirovic continued his description of the class:
Then we started with the review. I passed out the Math sheet and asked them to have a quick look at it, and to notice that everything on that paper has been done in class before. Then I asked them to solve problems 1-4 (then 5-8, etc.), to ask me if they get stuck. They were allowed to work in groups if they preferred to. They would ask me to show this or that problem and I would do it. Some of them were faster, others were slower. The faster ones finished or almost finished the Math paper. Everybody should have solved, or at least pretended to know how to solve the first 14 problems by the end of the class. Problems 5,6,7 seemed hard to them. I had to explain all three of them. (To some of them I even had to explain problem 4).

They wanted to see Problem 8 as well. Only the Math (or similar) majors (I suppose) seemed to be able to figure out 9 by themselves. So I did that, too.

I talked to them about problems 12 to 14 without writing anything down on the blackboard. Then the class was over.

15 minutes before that I passed out the crypto review sheet, since some of them were almost done with the Math stuff.

I should've had a watch. I didn't think time would pass by so fast. Most of them picked up a policy review sheet, some of them probably forgot (since there are more policy papers left than math & crypto).

Of course I was asked how the Final Exam will be like. I told them "pretty much the same". So then they started interpreting "pretty much the same". Could it be exactly the same? I answered I don't know, I haven't seen the final exam, I guess the numbers will be different. I wasn't prepared for that kind of question, although I should have known that they will ask.

Previous lecture
Table of contents
Next lecture