Contents
ContentsGeneralcombination letter figure 11000 A - 10011 B ? 01110 C : 10010 D who are you? 10000 E 3 10110 F Å (national use) 01011 G Ä (national use) 00101 H Ö (national use) 01100 I 8 11010 J bell 11110 K ( 01001 L ) 00111 M . 00110 N , 00011 O 9 01101 P 0 11101 Q 1 01010 R 4 10100 S ' 00001 T 5 11100 U 7 01111 V = 11001 W 2 10111 X / 10101 Y 6 10001 Z + 00010 carriage return 01000 line feed 11111 letter shift 11011 figure shift 00100 space 00000 unperforated tapeSince 32 combinations isn't enough to represent both letters and figures, two shifts are used. When switching between these shifts the combinations letter shift and figure shift are used. (The combinations F, G and H on the figure shift are not used in international traffic, but are reserved for national use. The letters given above show how these combinations are used for national Swedish teletype traffic.)
Teletype cryptosystems
U.S. WWI systemTwo like symbols, two zeros or two ones, combined to yield a one; whereas, two unlike symbols, a one and a zero, combined to yield a zero. Thus, if the first keytape had the baudotsymbol representing the letter A, and the second keytape had the symbol representing Z, these would combine like this:
tape 1 - "A": 1 1 0 0 0 tape 2 - "Z": 1 0 0 0 1 --------------------------- new "F": 1 0 1 1 0The new symbol - F, in this case - were likewise combined with the symbol representing the cleartext - or cryptotext, since the operation is reciprocal - to form the cryptosymbol.
Originally, the AT&T engineers wanted to use only one keytape, which should be destroyed as it was used. This system is known today as a one-time-tape (more commonly: one-time-pad) and is absolutely impossible in theory to break when used correctly. The military saw the immense logistic problem of manufacturing and distributing such tapes, and therefore the less secure method using two keytape loops came to be the one used.
The Siemens GeheimschreiberThe original version of the Geheimschreiber was developed by the German firm Siemens & Halske during the years 1929-1932 and patented under the name Anordnung zur Nachrichtenübermittlung in Geheimschrift über Telegraphenanlagen (Device for the transmission of messages in secret writing via telegraphic installations). During WWII it was used both for military and diplomatic correspondence. It was built in a few variant models, the main model at first being the T52a/b. After the war, the Norwegian police used rebuilt, captured machines for their secret correspondence.
The T52a/b-model uses ten notched wheels (the notches being fixed at the manufacturing; they can't be changed as is the case with most other machines using e.g. pinwheels as keying element) with the numbers of positions on each wheel relatively prime to each other. The largest wheel has got 73 positions, the next 71 and the rest 69, 67, 65, 64, 61, 59, 53, and 47 positions. Through a plugboard five of these wheels are chosen to generate five bits then added to the plaintext entered. The resulting new five bits of this operation passes through five relays, which are governed by the other five wheels. A zero will leave a relay open, shifting the incomming bit to a new position, and a one will close the relay, leaving the bit in place. Since the relays follow on each other, one and the same bit can pass more than one relay. In the end, the bits come out of the machine transposed.
After a character has been encrypted, all ten wheels move forward one step, giving rise to a new value to be added to the plaintext, and a new relay combination.
Schematic sketch showing the cryptopart of the Geheimschreiber. 
Before switching to crypto mode, the German operators at each end had to agree on a starting alignment of the ten wheels. Five of the wheels - different wheels each day - were set according to a special daily key, the so called QEK-part. The other five wheels were left to the operators to set at will and this part, the QEP, had to be communicated between the two parties involved in exchanging messages, and should be different for each message sent. But...
Early in the morning of the 9th of April 1940 - one version goes - the Swedish Foreign Office was visited by a minister from the German legation in Stockholm. On this day, the Germans had invaded Denmark and Norway, and the minister now presented a series of demands to the Swedes. One of the demands was, that German telephone and telegraphic traffic should be allowed to continue passing through the Swedish west coast cable previously used by the Norwegians.
The Swedes agreed to this on the same day, making some fuzz at first as to not arouse German suspicion, since the Swedes were going to tap the lines. On the 18th of april, the Swedish telecommunications authority, in charge of tapping the telegraph line - reported that the Germans were conducting test transmissions. In the following days it was found that the Germans used teletype equipment and that the traffic was in clear. From the intercepted traffic it was learned that "der Geheimschreiber" (the Secret Printer) was about to be put into use on the lines, and soon the traffic on the west coast cable became unreadable.
Some months later the Swedish mathematician Arne Beurling - then
drafted into the Swedish army as a cryptanalyst - managed to break the
machine in only two weeks using only paper and pencil. One contributing
aid in this feat, was that the German operators didn't change the QEP-part
of the key for every message, as stated in the German regulations, but
they very frequently used the same setting for several messages and retransmissions
(some times the stations communicating in crypto-mode lost syncronization,
hence they had to start over with the message again). Why? Well, when the
Swedes got to see the Geheimschreiber after the war, they found that it
had a facility, which enabled the operator to easily reset all ten wheels
with a lever to an initial alignment chosen at will. In order not to have
to consult the daily list of QEK-keys every time they had to begin communication,
the operators chose as initial alignment one which had the five QEK-wheels
at the position stated in the keylist and some other arrangement for the
QEP-wheels, and used the lever to reset them whenever necessary. Then,
if one operator was lazy, he wouldn't change the QEP-wheels inbetween different
transmissions, hence the same key would be used for several messages in
a row. This Beurling made good use of when he broke the machine in 1940.
Later in the war, the Germans found out somehow, that the Swedes were reading their secret communications and introduced countermeasures. On the 21st of July 1942 a new model of the machine, the T52c, is introduced; this is fully broken by the Swedes on the 13th of September. In the T52c ten combinations of four wheels each are chosen via a plugboard. The pattern of the four wheels in each of the ten groups are added modulo 2 to produce the ten bits needed for the encryption. Schematic it will look something like this:
In October the German authorities orders the use of the so called Wahlwörter ("Choosewords" i.e. dummy words). A word, chosen at will by the operator, is to be placed in the beginning of every message to hide the otherwise stereotype beginnings. A great many messages now turn out to begin with the word SONNENSCHEIN ("sunshine"); probably this is the word given as example in the new regulations! This, of course, only helps the Swedes further.
Not all German countermeasures were toothless, though. In December they begin to encrypt the QEP-keys (the part of the message key that the operator chose at will) with a substitution system changing daily. This has some effect on the number of messages read by the Swedes.
On the 23rd of February 1943 another model of the Geheimschreiber, the T52ca, is introduced. Cryptanalysis of the T52ca is successful by the 20th of Mars, but an increase in German cryptodiscipline and a decrease in intercepted traffic makes the machine unreadable by May. By the end of 1943 yet another Geheimschreiber model, the T52d, is put into use, and the cryptanalysts are not sure as to how it works.
The war doesn't go very well for the Germans, and a teletype operator working for the German airattaché in Stockholm contacts the Swedes and offers them cryptosecrets in exchange for good-will and possible asylum in Sweden. Late on a sundaynight in November 1944 he lets a few Swedish policemen and a cryptanalyst in. The attaché is not at home (of course!), and they have plenty of time to study the T52d and other German cryptoequipment. It seems, that during the course of encryption, some of the ten wheels in the T52d (notched in the same way on all models, incidently) remains stationary at times; in the previous models they have all moved one step for each letter processed. A few A's are typed on the keyboard and the resulting cryptotext is noted. Then the machine is reset and the process is repeated, this time with B's and so on trying different letters. With this material the Swedish cryptanalysts are later able to reconstruct the T52d-model, but - for reasons not stated in mr Beckman's book - to no use.
When the war ends, yet another model of the Geheimschreiber is found to exist, the T52e, apparantly the last one of all the variants. It doesn't seem as this model was used on the lines the Swedes were monitoring. The T52e steps the ten wheels irregular like the T52d, but there also exists a facility, which causes the previous plaintext character to govern the steppings of the wheels. If the middle bit of the preceding plaintext characters baudot code is a zero two of the wheels are stepped, if it is a one two other wheels will step forward once.
This facility can be switched on or off by means of a switch on the machine labelled Ohne Klartextfunktion and Mit Klartextfunktion (Without plaintext function/With plaintext function). If the ten wheels are labelled in descending order by the letters A through J the following table will show the two types of motions:
"Ohne" ------ A,B,C,D step if E is 0 or F is 0 E steps if F is 1 or G is 0 F steps if G is 1 or H is 1 G steps if H is 0 or I is 0 H steps if I is 1 or J is 0 I steps if J is 1 or A is 0 J steps if D is 0 or E is 1 "Mit" ----- A steps if B is 1, C is 1 or bit-3 is 1 B steps if C is 0, D is 1 or bit-3 is 1 C steps if D is 0 or E is 1 D steps if E is 0 or F is 0 E steps if F is 1, G is 0 or bit-3 is 0 F steps if G is 1, H is 1 or bit-3 is 0 G steps if H is 0 or I is 0 H steps if I is 1 or J is 0 I steps if J is 1 or A is 0 J steps if A is 1 or B is 0
The Lorenz Schlüsselzusatz
- SZ 40/SZ 42In Sweden, SZ 40-traffic becomes more frequently intercepted as the Germans learn that the Swedes are reading the Geheimschreiber cryptomachine and hence switch to SZ 40 to protect the traffic on some links. The SZ 40, called 'Z-skrivaren' ('the Z-printer') by the Swedes, is fully broken at 1700 hours on April 9, 1943 by the three cryptanalysts Carl-Gösta Borelius, Tufve Ljunggren, and Bo Kjellberg.
It is found that the machine has twelve pin wheels of the lengths 23, 26, 29, 31, 37, 41, 43, 47, 51, 53, 59, and 61. The pins on the wheels can be placed in either active or passive mode (the pattern was probably changed on a daily basis). Six of the wheels, 1 - 6, are stepped forward one step for every letter processed by the machine. One of these wheels, 6, controls the stepping of a seventh wheel - an active pin on wheel six will step wheel seven, a passive pin on wheel six will keep wheel seven stationary - which, in turn, controls the steppings of the remaining five wheels, 8 - 12 (see sketch below). The pin patterns on wheels 1 - 5 are added pairwise modulo 2 to the pin patterns on wheels 8 -12, and the result is then added to the plaintext (cryptotext) bitpattern to produce the final cipher (plaintext).
The Swedish SA-1 Teletype Cipher
- Introduction
The SA-1 teletype ciphermachine was invented in the late 1940-ies (an
application for patent is filed in 1948, and a variant designation for
the machine hence is SA-48) by P-E Ahlman, Å Lindgren and
V
Lindstein. The machine was improved during the 1950-ies and 60-ies
for use by the Swedish Armed Forces, where it was re-named Krypteringsapparat
101 or Kryapp 101 for short ("Encryption Apparatus 101"). The
letters of the original name - SA - stands for Styrapparat meaning
something like Guiding Apparatus/Steering Apparatus, a name deliberately
chosen to misguide the foe as to the purpose of the machine.
In 1967 an export version - TA-1 ("Teleprinter Ciphering Apparatus")
- was patented.
Description
The individual pins can be pushed in one of two positions, and the pattern constitutes the base key, or inner setting.
Each pin/position on a wheel is labelled with a letter from the alphabet to allow a message setting, or outer setting to be set against a benchmark, in the following way:
Wheels Positions
1/ 6 : A B C D E F G H I J K L M N O P Q R S
2/ 7 : A B C D E F G H I J K L M N O P Q R S T U
3/ 8 : A B C D E F G H I J K L M N O P Q R S T U V X
4/ 9 : A B C D E F G H I J K L M N O P Q R S T U V X Y Z
5/10 : A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
(The TA-1 has larger wheelsizes: wheels 1 & 6 have 26 positions, 2 & 7 have 29, 3 & 8 have 31, 4 & 9 have 33, and wheels 5 & 10 have 35 positions. The extra positions after the 26th are labelled with figures.)
For every teletype symbol (i.e. character) processed by the machine,
the wheels in group B step forward one step. The wheels of group A step
irregular, either one step each or two steps each according to the following
scheme:
The pins at two positions back from the letter at the benchmark in
group B (i.e. pos. 18, 20, 22, 24 and 25 if the position labelled A
is numbered 1) are read by the machine (if the setting of group B equals
e.g. A A A A A, the pins at positions R T V Y Y will be read).
If the number of active pins is odd, group A will step twice, otherwise
only one step, just as the wheels of group B.
Prior to stepping the wheels, the machine encrypts the symbol fed into
it by the line or teletypewriter. The first bit is exclusive-or-ed (XOR-ed)
with the value of the pins read at position 13 of wheels 1 and 6 (the first
wheels in each group), the second bit is XOR-ed with the value of the pins
read at position 14 of wheels 2 and 7, the third with position 15 of wheels
3 and 8, the fourth with position 17 of whels 4 and 9, and the last bit
is XOR-ed with the value of the pins read at position 17 of the last wheels
of each group (Again, if the letters at the benchmark are all A's,
the pins read are those at positions labelled M N O Q Q - M N O Q Q).
The result is finally inverted (i.e. all bits are XOR-ed with 1) if the
number of active pins at positions 18, 20, 22, 24, and 25 of group A is
odd.
The following schematic sketch may explain the matter more clearly:
