[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WW II Cryptography



This came to me recently.  It should be of interest to people here.

Bruce




Dear Mr. Schneier,

If you have an interest in cryptographic history, I am working on a WW II
technology project you might be interested in.  The primary US cipher
system during WW II was  the SIGABA a.k.a. ECM Mark II or CSP-889.  This
machine that was created in 1940 was used until the early sixties when it
was finally retired because it was too slow.  This technology was more
important to the war effort than the incredibly valuable cryptanalytic
successes on Enigma and Purple.  The details of this machine were
classified until April of this year. This machine is significantly
different from the classic Hagelin or  Enigma derivative rotor cipher
machine.  It was one of the top ten most important technologies of WW II,
right up there with radar and proximity fuses but virtually  nothing has
been written about it because it remained classified.

I work on USS Pampanito a WW II submarine on display in San Francisco, CA.
We have the only SIGABA ever to be in private hands on display, the only
other place one can see this machine is at the National Cryptologic Museum
at the NSA.  In addition, I have collected about 2,000 pages of
declassified documents on the machine and its context.  This information,
with the access to the real machine has provided the information necessary
to create an algorthmic description of the machine.  The next  logical step
is to create a software emulation of the machine.

Pampanito is creating a web site that should be up sometime in the next two
weeks that will include the enclosed description of the machine.  I am also
including a short report on the machine we have that includes some
additional detail.  The web page by the way will be the first meaningful
description of this machine ever published.   I would like to create a Java
application that allows people to operate a virtual SIGABA.  The core of
its functionality will probably be about 100 lines of code.  However doing
a reasonable user interface will require quite a bit more code.

1- Would you or anyone you know be interested in collaborating on the Java
software project?

I would like to include at least some cryptographic analysis of the machine
in my description of the machine.  The NSA historians have told me that
properly implemented this would be a formidable algorithm even today
(something I doubt.)  I have all the information needed to describe the
machine.

2- Would you or anyone you know be interested in creating an analysis of
the machine.  I would like this for my web page, and would love to see a
couple of papers on the technology created.  Publication could be in a
wider range of publications than are normally interested in cryptologic
issues.  This may be one of the very last of the really important WW II
technologies to be disclosed.  That combined with the recent interest in
cryptography in public policy might make it a hot for some pretty broad
journals.

Your thoughts would be appreciated.

Yours truly,

Richard Pekelney
========
<html>
<head>
   <title>USS Pampanito - ECM Mark II </title>
   <meta name="GENERATOR" content="Mozilla/2.01Gold (Win32)">
</head>
<body bgcolor="#FFFFFF">

<h2>Electronic Cipher Machine (ECM) Mark II</h2>

<p>By Rich Pekelney</p>

<p>
<hr width="100%" ></p>

<h3>WHAT IS THE ECM MARK II AND WHY IT WAS IMPORTANT:</h3>

<p>The ECM Mark II (also known in the Navy as CSP-888/889 or SIGABA by the
Army) is a cipher machine. It was used aboard <i>USS Pampanito</i> to
encipher messages from ordinary, or what cryptologist (people who study
secret communications) call plain text, into secret language, which is
called cipher text, under the control of a key (encipherment). A
cryptographic system consists of the combination of cipher machine,
operating procedures and management of keys. If the system is well designed
and implemented correctly, cipher text can only be converted back to plain
text (deciphered) by someone with all three elements of the system.</p>

<p>In early September 1944 U.S.Fleet Radio Unit Pacific (FRUPAC) in Hawaii
recorded a Japanese cipher radio message that originated from Singapore.
Unknown to the Japanese, U.S. forces had analyzed many Japanese messages
and as a result of much brilliant and hard work were able to reproduce
their enemy's inadequately designed and implemented cryptographic system.
This is called cryptanalysis or &quot;breaking the system&quot;. FRUPAC
deciphered (and decoded) the message that announced the route of an
important Japanese convoy from Singapore to Japan. The timing and expected
path of the convoy from the message was enciphered on an ECM in Hawaii and
sent to <i>Pampanito</i> where it was deciphered on an ECM. Although
<i>Pampanito</i>'s crew did not know how FRUPAC got its information, they
were able to go directly to the convoy's path and attack with great
efficiency. <i>Pampanito</i>'s attack was kept secret by the superior U.S.
cryptographic system that revolved around the ECM Mark II.</p>

<p>The ECM Mark II based cryptographic system was never broken by an enemy
and was secure throughout WW II. The system was retired by the U.S. Navy in
1959 because it was too slow to meet the demands of modern naval
communications. Axis powers (primarily Germany) did however periodically
break the lower level systems used by Allied forces. Early in the war
(notably during the convoy battle of the Atlantic and the North Africa
campaign) the breaking of Allied systems contributed greatly to Axis
success.</p>

<p>In contrast, the Allies were able to break Axis communications for most
of the war supplying many of the targets attacked by <i>Pampanito</i>.
Intercepted messages provided not only the location of potential targets,
but often insight into the thinking of enemy commanders. In the Pacific,
this information was critical to success in the battles of Midway and the
Coral Sea in 1942. The combination of secure U.S. cryptographic systems and
vulnerable Axis systems directly contributed the success of the Allied
powers during WW II thereby shortening the war by years and saving
countless human lives.</p>

<p>A picture of an ECM (labeled SIGABA) may be found on the National
Cryptologic Museum web site <a
href="http://www.nsa.gov:8080/museum/big.html">The &quot;Big&quot; Machines
Exhibit</a> . Note this is a large (613K) color picture.</p>

<h3>THE ECM MARK II'S DEVELOPMENT: </h3>

<p>The ECM Mark II's critical cryptographic innovation (the Stepping Maze)
over Hebern's and other precursors was created by Army cryptologists Frank
B. Rowlett and William F. Friedman shortly before 15 Jun 1935. During
October and November of 1935 Friedman disclosed the details of the
&quot;Stepping Maze&quot; to the Navy's cryptologists including Lt. Joseph
N. Wenger. Aside from filing secret patent application 70,412 on 23 Mar
1936 little additional development was performed by either the Army or Navy
until Lt. Wenger discussed the patent with Cmdr. Laurence Safford during
the winter of 1936-37. Cmdr. Safford recognized the potential of the
invention and the Navy began sponsoring and financing a new machine
including the &quot;Stepping Maze&quot;. Additional innovations by Cmdr.
Safford, Cmdr. Seiler and the Teletype Corporation including Mr. Reiber and
Mr. Zenner added to the security, reliability and manufacturability of the
ECM Mark II. Prototypes were soon delivered, and in February 1940 the
machine's details were disclosed to the Army. Amazing as it may seem, the
Navy had kept its continuing development of the machine secret from the
Army. With minor changes suggested by the Army the machine was accepted as
the primary cipher machine for use by both Army and Navy.</p>

<p>The joint Army-Navy ECM Mark II cryptographic system became effective on
1 Aug 1941, and the two services had the common high-security cryptographic
system in place and in use prior to the attack on Pearl Harbor. The use of
a common system was of great military value, particularly during the early
stages of the war when the distribution of machines and codewheels was
incomplete. By 1943, over 10,000 machines were in use. The &quot;Stepping
Maze&quot; and use of electronic control were a generation ahead of the
systems employed by other countries before and after WW II. No other
country is known to have ever broken the ECM Mark II cryptographic
system.</p>

<h3>WHERE IS THE ECM MARK II TODAY:</h3>

<p>After newer, faster cryptographic systems replaced the ECM Mark II the
machines were systematically destroyed to protect the secrets of their
design. Today probably less than a dozen ECMs still exist. The <a
ref="http://www.nsa.gov:8080/museum">National Cryptologic Museum</a> (a
part of the National Security Agency) has 6 machines, one of which is on
display in their Fort George Meade, MD museum. The U.S. Navy has 2
machines, one of which is displayed aboard Pampanito in San Francisco, CA.
When recently contacted the US Army historians did not believe they had any
machines. </p>

<p>The ECM Mark II aboard <i>Pampanito</i> may be the only fully operable
ECM Mark II today. This machine was built in June of 1943 as a CSP-889, and
sometime ca. 1950 it was modified into a CSP-889-2900. The minor
modifications added one switch and a knob that allow operation compatible
with CSP-889 machines, or enhanced security when operated as a CSP-2900.
</p>

<h3>WHAT CIPHER EQUIPMENT WAS ABOARD PAMPANITO DURING WW II:</h3>

<p>Just before leaving on each war patrol, one officer and one enlisted man
armed with a machine gun would draw the cipher equipment from its secure
storage. There were two lists of cipher equipment and manuals, List A
included an ECM Mark II and associated documents, List B did not include
the ECM. For most patrols List A was used, if the patrol was particularly
dangerous and in shallow waters List B was used.</p>

<p><b>CSP-888/889 = ECM Mark II = M-134-C = SIGABA</b>. This was a
first-rate, electro-mechanical, rotor wheel cipher machine and the physical
component of the primary cryptographic system used by the United States.
First-rate cryptographic systems are those that you believe cannot be
broken by an enemy in a useful period of time even if they are in
possession of the physical elements of the system, provided the other
elements of the system are preserved (i.e. keys are kept secret, operating
procedures are well designed and followed, number and size of messages per
key are small, etc.) The CSP-888 model lacked plugs necessary for tandem
operation, but was otherwise identical to the later CSP-889 model.  CSP-890
is a pluggable rotor that was carried for use in the CSP-888/889.</p>

<p>Pampanito did not use any Second-rate cryptographic systems such as the
British Type-X or U.S. CCM.</p>

<p><b>CSP-845 = M138A = CSP-1088</b>. This was a third-rate, paper strip
cryptographic system that was used by U.S. Submarines when they were on
such dangerous missions that they could not risk the capture of an ECM. It
was also used to communicate with forces that did not have an ECM.
Third-rate cryptographic systems can be read by an enemy in possession of
the physical elements of the system, even if the other elements of the
system are preserved.</p>

<p><b>CSP-1500 = M-209 = C-38</b>. This is a fourth-rate, Hagelin
derivative, mechanical cryptographic system. Over 140,00 of these were used
by Allied forces during the war and they were regularly broken by the
enemy. Pampanito would have used this to communicate with forces that did
not have an ECM. Fourth-rate cryptographic systems can be broken by an
enemy by purely cryptoanalytical means without possession of any parts of
the system.</p>

<p><b>CSP-488 = M-94</b>. This is a low level, fourth rate, rotary disk,
Jefferson type cipher. It was used to communicate with forces that did not
have an ECM.</p>

<p><b>CSP-1270</b> Chart style authentication cipher, CSP-1272 are its
instructions.
<br><b>CSP-1286</b> Two card style authentication cipher, CSP-1521 are its
instructions.
<br><b>CSP-1750</b> Call sign cipher, CSP-1751 are its instructions.
<br><b>CSP-1300</b> Weather cipher. </p>

<h3>DETAILS OF THE ECM MARK II CIPHER UNIT:</h3>

<p>Prior to the ECM Mark II many cipher machines incorporated encipherment
by means of an electric current passing through a series of cipher wheels
or rotors. A character is typed on a keyboard, passed through the rotors
and either printed or displayed in a light board for the operator. The
rotors are thin disks with contacts on each side that are wired at random
to the other side one wire per contact. Typically a rotor will have 26
contacts on each side, each contact representing a letter of the alphabet.
A current passing through the rotor disk might enter in the position of
letter B and exit in the position of letter G. Encipherment occurs by
passing the current through several rotors that are side by side and
rotating one or more of the rotors between each character enciphered. If
the deciphering machine starts with rotors of the same design and in the
same positions as the enciphering machine, it will repeat the motion of the
rotors thereby deciphering the text. The most important difference between
previous machines and the ECM is how the enciphering rotors are stepped.
The &quot;Stepping Maze&quot; uses rotors in cascade formation to produce a
more random stepping of the cipher rotors than existed on previous
electromechanical cipher machines.</p>

<p>The ECM has fifteen rotors arranged in three rotor banks. The five
rotors in the rear are the cipher rotors that convert a plain-text letter
into a cipher-text letter as they are irregularly stepped. Electrical
currents passing first through the control (middle) rotor bank and then
through the index (front) rotor bank determine which cipher rotor(s) step.
The center three of five control rotors step in a metered fashion. Control
rotor 3 is the fast rotor and steps once for each character typed. Control
rotor 4 is the medium rotor and steps once each time control rotor 3
completes a full rotation. Control rotor 2 is the slow rotor and steps once
each time control rotor 4 completes a full rotation. Control rotors 1 and 5
do not step. The index rotors are positioned once each day and do not move
while operating. The 10 cipher and control rotors are large 26 contact
rotors that may be used interchangeably in the cipher or control bank and
are reversible. The five smaller, 10 contact, index rotors are only used in
the index bank. Four contacts are energized on the first rotor of the
control rotor bank. The connections between the last rotor of the 26
contact control bank and the first rotor of the 10 contact index bank are
in 9 groups of between 1 and 6 wire(s) each. One of the index bank contacts
is not used. The 10 outputs of the last index rotor are attached in pairs
to 5 magnets that step cipher rotors when energized. Between 1 and 4 cipher
rotors are stepped for each character enchiphered.</p>

<p>To properly encipher a message, the three banks of rotors must be
arranged and aligned in such a way that they can be reproduced by the
deciphering operator. The particular arrangement and alignment of the
rotors selected by the enciphering operator and transmitted to the
deciphering operator in disguised form constitutes the keying instructions.
</p>

<p>The design of the ECM limited the erratic stepping so that at least 1,
and not more than 4 cipher rotors step at a time. Even so, a crude,
exhaustive search would require an enemy to check around 10 to the 14th
permutations of code, index and control rotor starting positions. The
combination of modern algorithms and the availability of high speed
computers mean this system is no longer secure, but during its term of
service it provided an unprecedented level of security.</p>

<h3>KEYING (OPERATING) THE ECM MARK II:</h3>

<p>This outline of the June 1945 (SIGQZF-2) keying procedure describes how
key lists were used to assemble and align the rotors before enciphering a
message. The first instructions from July 1941 (SIGQZF) were changed in
June 1945 (SIGQZF-2) and again November 1945 (SGIQZF-3). For example,
SIGQZF-3 uses a totally different method of determining message indicators
that eliminated the need for a daily rotor alignment of the control and
cipher rotors. Changes were made to minimize operator errors, enhance
security and speed up the operation.</p>

<p>Although the index rotors were reassembled (changing the order of the
rotors) once a day during most of the war (SIGQZF), starting with SIGQZF-2
they were kept in a fixed order not requiring daily reassembly. The
operator consults the secret daily keylist and aligns (rotates) the index
rotor wheels differently for secret, confidential and restricted messages.
The index rotor alignment is only changed when either the day ends, or the
classification of message to be encrypted changes.</p>

<p>Control and cipher rotors are also reassembled once a day from the
secret daily keylist, their alignment however, was changed with each
message. After the daily assembly of all rotors and the alignment of the
index rotors, a check group is used to verify the initialization and
operation of the machine before any real messages are encrypted. The rotors
are zeroized, (cipher and control rotors positioned on &quot;O&quot;) and
the letter A is repeatedly encrypted until 30 cipher text characters are
printed. Then the 26th-30th letters are matched with the check group
supplied in the secret daily keys.</p>

<p>For each message, the secret daily keylist is consulted, and the control
and cipher rotors are aligned to an initial position depending on the
classification of the message. Now the operator selects a group of any five
letters, except Z, at random to be the internal message indicator. This
internal message indicator is then enciphered and the external message
indicator (enciphered internal message indicator) is printed on the tape
and transmitted with the message. The control and cipher rotors are then
aligned without printing to the internal message indicator. The rotors are
never aligned to the external message indicator (the letters printed on the
tape), but always to the internal message indicator. Now the body of the
message may be enciphered and transmitted with the external message
indicator. If the plain text exceeds 350 5-letter groups, the plain text
must be divided into 2 or more equal parts so that no part exceeds 350
groups. For each part a
new internal message indicator is selected.</p>

<h3>COMPLIANCE WITH OPERATING PROCEDURES:</h3>

<p>The security of a cryptographic system relies as much on the operation
of the cipher machine as the machine itself. During WW II the U.S. created
organizations to formally train operators and to monitor U.S. operators
compliance with procedure. When an error was found the first response was
often a memorandum such as the one replicated below. It provides a list of
the most common errors that could compromise the security of the
cryptographic system.</p>

<p><tt>Navy Department
<br>Office of Chief of Naval Operations
<br>Washington, D.C. </tt></p>

<p><tt>CLASSIFICATION: CONFIDENTIAL     Date: 27 Dec 1943</tt></p>

<p><tt>MEMORANDUM
<br>COMMUNICATION IMPROVEMENT ITEM</tt></p>

<p><tt>From: Director Naval Communications
<br>To: Commandant, Twelfth Naval District</tt></p>

<p><tt>The principles of communication security cannot be overstressed, for
such security is vital to the success of operations. Errors which seem
minor in themselves may, when accumulated, offer to the enemy an entering
wedge for the eventual compromise of a system. The object of this
memorandum is to enlist your cooperation in protecting our cipher systems
and hence our national security. </tt></p>

<p><tt>THE PRICE OF SECURITY IS ETERNAL VIGILANCE. </tt></p>

<p><tt>A communication such as COM 112 222105 DECEMBER may endanger our
interests because it appears to violate security principles in the
following respect(s): </tt></p>

<p><tt>DRAFTING: Plain language reference to encrypted dispatches.</tt></p>

<p><tt>No reply to this memorandum is necessary, but your cooperation in
supressing dangerous communication practices is earnestly solicited.
</tt></p>

<p><tt>CARELESS COMMUNICATIONS COST LIVES</tt></p>

<p><tt>The following is a list of some of common violations of security
principles: </tt></p>

<p><tt>DRAFTING: </tt></p>

<p><tt>Unnecessary word repetition
<br>Unnecessary or improper punctuation
<br>Plain language reply to encrypted dispatch
<br>Classification too high
<br>Precedence too high
<br>Cancellation in plain language of an encrypted dispatch</tt></p>

<p><tt>ENCRYPTION: </tt></p>

<p><tt>&quot;XYX&quot; or &quot;X&quot;'s for nulls
<br>&quot;XX&quot; &amp; &quot;KK&quot; to separate padding from text
<br>Same letters at both ends to separate padding from text
<br>Continuity of padding
<br>Seasonal and stereotyped padding
<br>Repetition of generatrices
<br>Systematic selection of generatrices
<br>Using plain text column for encryption
<br>Proper strips not eliminated as prescribed by internal indicator (Ed.
Note: CSP-845)
<br>Improper set-up according to date
<br>Using system not held by all addressees
<br>Failing to use system of narrowest distribution</tt></p>

<p><tt>CALLS: </tt></p>

<p><tt>Enciphering indefinite call sign
<br>Enciphering call signs of shore activities
<br>CODRESS might have been used</tt></p>

<p><tt>TRANSMISSION: </tt></p>

<p><tt>Classified dispatch transmitted in plain language by wire or radio,
when not specifically authorized.
<br>Dispatch might have gone to some or all addressees by mail. </tt></p>

<p>
<br></p>

<h3>SOME ECM MARK II SPECIFICATIONS:</h3>

<p><b>Input:</b> Keyboard or electric via tandem plug.
<br><b>Output: </b>Printed tape or electric via tandem plug.
<br><b>Speed: </b>45 to 50 Words per minute.
<br><b>Power Supply: </b>40/70 cycle, 105-125 VAC or 105-125 VDC or 24 VDC
<br>2 amps at 120 volts AC or DC, 3 amps at 24 VDC. </p>

<p><b>Approximate Size: </b></p>

<p><b>In operation: </b>15&quot; x 19.25&quot; x 12&quot; or 2.1 cubic feet
<br><b>In carrying case: </b>17.125&quot; x 23&quot; x 15.5&quot; or 3.5
cubic feet
<br><b>Packed for long term: </b>19.5&quot; x 27.5&quot; x 18&quot; or 5.6
cubic feet</p>

<p><b>Approximate Weight</b>: </p>

<p><b>In operation: </b>93.5 lbs.
<br><b>In carrying case: </b>133.5 lbs.
<br><b>Packed for long term: </b>195 lbs. </p>

<p><b>Cost: </b></p>

<p>By 1943, 10, 060 ECM Mark II's were purchased at an estimated cost of
$2,040 a piece. This does not include the cost of spare parts; additional
code wheel sets, code wheel wiring that was done by the military;
modifications and upgrades, precursor machine development, etc. </p>

<h3>REFERENCES:</h3>

<p>The information enclosed here relating to the ECM Mark II was edited and
excerpted from:
<br><i>Army Signal Security Agency (1946) History Of Converter M-134-C
(Sigaba) Vol I, II And III </i>This is available from the US National
Archives and Records Administration (NARA); NSA Historical Collections
190/37/7/1, Box 799, F: 2292, pp 468. </p>

<p><i>Safford, L.F. (1943) History of Invention And Development of the Mark
II ECM (Electric Cipher Machine)</i> This available from NARA. SRH-360 in
RG 0457: NSA/CSS Finding Aid A1, 9020 US Navy Records Relating to
Cryptology 1918-1950 Stack 190 Begin Loc 36/12/04 Location 1-19. In Feb
1996 the version at NARA was redacted, but the full document is now
declassified.</p>

<p>Specifications for an ECM Mark II are from:
<br><i>Army Security Agency (1948) Historical and Cryptologic Summary of
Cryptosystems; ASAG 23; Vol 1. </i></p>

<p>ECM Mark II Keying, Operating and Maintenance instructions are in:
<br><i>War Department Office of The Chief Signal Officer (1941) Operating
Instructions for Converter M-134-C (short title: SIGBWJ)
<br>War Department Office of The Chief Signal Officer (1941) Operating
Instructions for Converter M-134-C (short title: SIGLVC)
<br>Department of the Army (1941) Crypto-Operating Instructions for
Converter M-134-C (short title: SIGQZF)
<br>Department of the Army (1945) Crypto-Operating Instructions for
Converter M-134-C (short title: SIGQZF-2)
<br>Department of the Army (1946) Crypto-Operating Instructions for
Converter M-134-C (short title: SIGQZF-3)
<br>Department of the Army (1949) ASAM 1/1 Crypto-Operating Instructions
for ASAM 1. </i>Note the new designation of ASAM 1 for the ECM Mark II
after the war.
<br>War Department (1942) Maintenance Instructions for Converter M-134-C
(short title: SIGKKK)
<br><i>War Department (1945) Maintenance Instructions for Converter M-134-C
(short title: SIGKKK-2)
<br></i>SIGQZF, SIGBWJ, SIGLVC, SIGKKK, SIGKKK-2 are available from NARA;
NSA Historical Collections 190/37/7/1, NR 2292 CBLL36 10622A 19410300.</p>

<p>General information including security of the ECM Mark II are in:
<br><i>War Department (1945) General Instructions For Converter M-134-C
(short title: SIGBRE-1)</i> This is available from NARA; NSA Historical
Collections 190/37/7/1, NR 4588 ZEMA35 13909A 19450600 </p>

<p>A list of cipher equipment carried by submarines in the Pacific is in:
<br><i>Submarine Force U.S. Pacific Fleet (1944) Cryptographic Aids
Check-Off List </i>This is available from NARA, Pacific Sierra Regional
Archive, 181-58-3201, S1313, S372, A6-3/N36 Cryptographic Aids.</p>

<p>Information on the overall history of Naval Communications during WW II
may be found in:
<br><i>US Naval Administration in WW II, History of Naval Communications,
1939-1945. Op-20A-asz, A12, Serial 00362P20, 7 Apr 1948. </i>This is
available from the Naval Historical Center; WW II Command File CNO;
Communications History; Microfiche No. F3561. </p>

<p>Compliance with Operating Instructions notes are from:
<br><i>Office of Chief of Naval Operations (1943) Memorandum Communication
Improvement Item. </i>This is available from the NARA, Pacific Sierra
Regional Archive, RG 181-58-3224, 12th ND Commandants Office General
Correspondence, A6-2(1) Complaints - Discrepencies, Security-etc. </p>

<p>Descriptions of the the Authentication Systems may be found in:
<br><i>Survey Of Authentication Systems 1942-45 (1945)</i> This is
available from NARA; NSA Historical Collections 190/37/7/1, NR 3526 CBRK24
12960A 19420728.</p>

<h3>ADDITIONAL READING:</h3>

<p>History of cryptology:
<br><i>Kahn, D. (1967) The Codebreakers. New York, NY: Macmillan Publishing
Company.
<br>Bamford, J. (1982) The Puzzle Palace. Boston, MA: Houghton Mifflin
Company. </i></p>

<p>Background on the history of intelligence in the Pacific may be found in:
<br><i>Holmes, W.J. (1979) Double-Edged Secrets. Annapolis, MD: Naval
Institute Press.
<br>Layton, E., Pineau, R., Costello, J (19 ) And I Was There. New York,
NY: William Morrow and Company, Inc.
<br>Prados, J. (1995) Combined Fleet Decoded. New York, NY: Random House.
</i></p>

<p>On the subject of Cryptanalysis of rotor systems:
<br><i>Andleman, D., Reeds, J. (1982) On Cryptanalysis of Rotor Machines
and Substitution-Permutation Networks. IEEE Transactions on Information
Theory, IT-28(4), 578-584.
<br>Deavours, C., Kruh, L. (1985) Machine Cryptography and Modern
Cryptanalysis. 35-92. Dedham, MA: Artech House Inc. </i></p>

</body>
</html>

======= Not part of the web page, additional information. ====
- The ECM displayed (starting in July) aboard U.S.S. Pampanito is a
CSP-889-2900 on loan from the Naval Security Group.  It has "12-29-43 BTS"
stamped into the bottom, and "CONT. AX? 1728", "ACCEPTED JUN 1943" with an
indecipherable mark printed in orange ink.  The print unit ENG-108 is
serial number 999 which is consistent with 1943 manufacture.  There is no
name plate on the unit or the rotor cage. The top housing has holes and an
outline in the appropriate location and size to hold a the Cleaning
Instruction plate added in Dec 1943, these holes have been painted over.
Inside the machine were two pieces of paper.  The first was a 3x5" card on
which was printed in ink "Bacchus / Gorgon".  The second is a memorandum of
call form revised in 1967 on the back of which was printed in pencil
"Baccus CSP 2900", "Basket CSP 2899".  The code names Bacchus and Gorgon
were used during the 1950s for CSP 2900 based systems.

The machine arrived in pretty good condition, after mechanical and
electrical safety checks, and a new ribbon we have tested its operation
successfully. The cipher and control rotors are test rotors (wired straight
through) so the cipher wheel stepping is not very erratic.  The index
rotors are wired, changing their setup does change the cipher wheel
stepping. We will be seeking the loan of a wired set of wheels from the NCM
at NSA.  If this fails, we may choose to make a temporary and reversible
change to several of the Cipher and Control rotors.  This will provide an
adequate simulation showing random stepping of cipher wheels and
unintelligible cipher text.

The machine was cleaned and lubricated according to SIGKKK-2, 1945.  To
minimize realignment the main rotor shaft was lubricated in place and the
printer unit was removed, but not separated.  The printer unit should be
removed, separated, cleaned and the center shaft lubricated.  We are trying
to find drawings or descriptions of "pawl release rod" 100707, "assembly
studs" 100708, and "assembly ring" 100706.  We will attempt separating the
unit when we have determined if we can find info on these tools that will
facilitate assembly.  When received, during encrypt the tape was not
spacing in 5 character groups, it advanced to the space and stopped
advancing.  This corrected itself after cleaning and may be caused by a
weakened spring.  Lubricants were used as described: 100983 oil (SAE 20) -
We used SAE 20 synthetic bicycle fork lubricating oil. 100984 grease (light
grease). 108607 "Lubriplate #105" Lubriplate #105 has been in continuos
production without change in formula by Fiske Bros. Refinery, Newark, NJ
(201-589-9150) since 1933.  It was in stock at Coast Marine with "space
age" printed on the tube.  A thin coat of DeOxit from CAIG was used on
exposed leaf contacts in the build up switches.  Cleaning was done with
tech wipes and a non-residual electrical cleaning spray (tested on the
plastic first).  No abrasives were used.

The CSP-2900 model was developed by the Navy ca. 1950 (SRH-360).  The unit
has two switches in the position that a CSP-889 has only one.  The new
switch is marked 889/2900.  There is also a knob marked 889 F/2900 R
extending out on the left of the keyboard. Near the 889 F/2900 R knob the
housing looks like it underwent some hand work to fit the shaft, this is
all painted.  I believe it was built as a CSP-889 and later modified to
CSP-889-2900. There is an added (not CSP-889) mechanism that appears to be
a counter with a switch that is adjusted so it does not function.  Perhaps
it was connected to an external device.

Floating loose in the machine was a single metal stud that appears to be
unrelated to the machine, possibly a piece of construction debris.  I have
replaced the ribbon with an Okidata printer ribbon (this ribbon is on a
plastic spool.)  The original ribbon, stud and the notes are in a plastic
bag kept with the machine.  The machine was received bolted to the bottom
of the carrying case, we did not get the top of the carrying case.  There
were no wooden shims in the case to protect the rubber shock mounts.  There
is no cover for the print head.

The details below elaborate on the general description provided in History
Of Converter M-134-C (1949 Army History).  I have only included the details
that I noticed where different from the description.  My convention is to
label the rotor contacts when the rotor is in the zeroized position, not
reversed, as printed (i.e. counter clockwise).  The same for index rotors,
i.e. with the units digit zero on top, i.e. 10, 20, 30, 40, 50 showing as
the starting position, unit digits increase in a counter clockwise manner.
I do not know if these are the conventions used elsewhere.

With first switch in the 889 position, the second switch in the OPERATE
position, the control switch on E and the knob selecting 889 F:

The right of the control rotor bank has the TUVW contacts at 60 VAC, the RS
contacts are energized to 16.2 VAC,.  I believe the voltage on the RS
contacts is unintended leakage from the 889/2900 switch, before cleaning
these were at 25 VAC.

The connections between the left plate of the index bank (number) and the
left plate of the control bank (letters) are below.
1-P, 2-Q, 3-RS, 4-TUV, 5-WXY, 6-ZABC, 7-DEFGH, 8-IJKLMN, 9-O, 0-no connection

All cipher rotors turn in a clockwise rotation.

With first switch in the 2900 position, the second switch in the OPERATE
position, the control switch on E and the knob selecting 2900 R:

The right of the control rotor bank has RSTUVW contacts are energized to
60.3 VAC.

The connections between the left plate of the index bank (number) and the
left plate of the control bank (letters) are below.
1 - P, 2-Q, 3-RS, 4-TUV, 5-WXY, 6-ZABCD, 7-GH, 8-KLMN, 9-O, 0- IJ

Cipher rotors 2 and 4 turn counter-clockwise, 1, 3, 5 turn clockwise.  The
2900 R knob is mechanically linked to the cams that turn rotors 2 and 4.
The knob and first switch both must select either 889 or 2900 to operate.

In either position of the first switch (889 or 2900) or knob (889 F or 2900
R), second switch in OPERATE position, control switch on E:

The cipher rotor solenoids (first number) are connected to right of the
index bank (second number).
1-09, 2-87, 3-56, 4-34, 5-12

The keyboard is wired to the left plate of the cipher bank in a sequential
manner with A on top proceeding clockwise.  Note this is opposite of the
rotors that are labeled in a counter clockwise manner.  Z position of the
cipher bank is occupied by the spacebar.  (During encipher typing Z
generates an encrypted X.) When the control switch is in D (decipher)
position the right plate instead of left plate of the cipher bank is
connected to the keyboard as expected.

Probably only a dozen or so ECMs still exist.  The NSA has 6 they know of.
The Navy has 2, one of which is aboard Pampanito.  They Army may have a
couple, but NCM did not know.  We have the only one that is operated. (NCM
estimate Jun 96.)



--
Richard Pekelney
Internet: [email protected]
Phone: 1-415-563-5928
Fax: 1-415-563-5787