Cipher Department of the High Command of the Wehrmacht

(Redirected from OKW/Chi)

The Cipher Department of the High Command of the Wehrmacht (German: Amtsgruppe Wehrmachtnachrichtenverbindungen, Abteilung Chiffrierwesen) (also Oberkommando der Wehrmacht Chiffrierabteilung or Chiffrierabteilung of the High Command of the Wehrmacht or Chiffrierabteilung of the OKW or OKW/Chi or Chi) was the Signal Intelligence Agency of the Supreme Command of the Armed Forces of the German Armed Forces before and during World War II. OKW/Chi, within the formal order of battle hierarchy OKW/WFsT/Ag WNV/Chi, dealt with the cryptanalysis and deciphering of enemy and neutral states' message traffic and security control of its own key processes and machinery, such as the rotor cipher ENIGMA machine. It was the successor to the former Chi bureau (German: Chiffrierstelle) of the Reichswehr Ministry.[1]

Short name

edit

The name "Chi" for the Chiffrierabteilung ("cipher department") is, contrary to what one might expect, not in reference to the Greek letter Chi, nor anything to do with the chi-squared test,[2] a common cryptographic test used as part of deciphering of enciphered message, and invented by Solomon Kullback, but simply the first three letters of the word Chiffrierabteilung.

German cryptology service structure during World War II

edit

From the early 1930s to the start of the war, Germany had a good understanding of, and indeed a lead in, both cryptoanalytic and cryptographic cryptology services. The various agencies had cracked the French–English inter-allied cipher, the Germans with some help from the Italian Communications Intelligence Organization stole American diplomatic codes, and codes taken from the British embassy in Rome, that enabled the breaking of the cipher,[3][4] leading to some gains early in the war. Although the Germans worked to ensure its cryptologic services were effective at the outbreak of the war, the service offerings fragmented considerably among the German armed forces. OKW/Chi had jurisdiction over all the military cryptologic bureaus, chairing the executive committee. However, for several reasons, including specialisation against opposing forces of a similar type, the inherent independence of agencies, and agencies vying for power and favour from Hitler, it was inevitable that the three military branches of German forces operated independently.[3]

In total eight organizations operated within the forces, each operating on its own terms, even though OKW/Chi was considered the premier organization controlling both cipher creation and decipherment of enemy crypts.[3] These eight bureaus which practiced cryptology were split between military and civilian control:[5]

Military

edit

Civilian

edit
  • AA/Pers Z S: (AA) Auswärtiges Amt (Foreign Office Personnel Department) (Pers Z) Sonderdienst (Special Service of Unit Z) The Foreign Office cipher bureau decrypting diplomatic signals.
  • RSHA: The Reichssicherheitshauptamt (Reich Security Main Office), the main cipher bureau for Hitler's personal staff including the SS.
  • Forschungsamt: (Research bureau). Part of OKL and Göring's personnel cipher bureau.

Although OKW/Chi continually pushed for the integration of all five military services, it was last blocked in Autumn 1943 by Ribbentrop, Göring, and Himmler.[6] It was not until 9 November 1944, that OKW/Chi was formally made responsible for control of all signals intelligence activities across all forces, by the order of Hitler.[6]

Background

edit

The OKW/Chi was one of the highest military agencies of the Wehrmacht, but with a dual focus: on cryptography, creating Germany's own secure communication systems, and the monitoring of enemy broadcasts and news analysis. As far as cryptanalysis was concerned, OKW/Chi tended to act as troubleshooter, providing the highest service to the Wehrmacht, instead of setting policy as its power to set military SIGINT was limited.[7]

The unit began as the cipher section of the German Defense Ministry (German: Reichswehrministerium) in 1922.[8] The Cipher Bureau (German: Chiffrierstelle) followed later in the 1930s. They were more interested in diplomatic communications than foreign military communications, which were in short supply, and viewed the diplomatic communications as a way to train staff during peacetime.[7] With the rise of the Nazis, the unit grew from 10 people in 1937 to almost 200 people by the outbreak of World War II in 1939. By the end of the war, it had almost 800 individuals working there, and its focus had changed to strategy.[7]

It was true that a certain amount of development and security work was always done. The original charter was obscure, but since the Army, Navy and the Air Force was each responsible for its own security development, the only defining commitment of OKW/Chi was to develop ciphers for the agents of the Abwehr. The separate branches were free to submit their own systems to OKW for security scrutiny. This was changed in October 1942, ensuring that no new ciphers could be introduced by the Armed Forces unless they were first checked by the OKW. OKW/Chi made some efforts to set up an additional section in section IV, but this work was buried within the organization with OKW/Chi remaining an organization that produced military intelligence.[7]

Contrast this with Bletchley Park, the UK Government Code and Cypher School during World War II, the direct opponent of OKW/Chi, which had almost 12,000 personnel working at the end of the war. It had a singular focus on cryptanalysis services and an integrated strategy across all the services from the start of the war.

OKW/Chi was one of the primary targets of TICOM, the operation by the United States to seize military assets after the war.[7] This article consists in part of material from those reports (See: Notes).

Key personnel

edit

The most important individual at OKW/Chi was Chief Cryptologist Director Wilhelm Fenner, who was the Head of Main Group B, including Group IV Analytical cryptanalysis working with Specialist Dr. Erich Hüttenhain.[9] A German by birth, Wilhelm Fenner went to high school in St Petersburg.[7] His father was an editor of a German language newspaper. He moved back to Germany in 1909 to study at Berlin Royal Institute of Technology but was drafted into the Army when World War I started, eventually joining the Tenth Army, serving as an intelligence officer.[7] After the war, Fenner met Professor Peter Novopaschenny, a former Tsarist cryptanalyst who taught Fenner the Black Arts of Cryptography, and who went on to become Chief of the Russian subsection of OKW/Chi.[10] They both joined the Cipher Bureau in autumn 1922, initially working in temporary positions. The following year, Fenner was made chief of the Bureau.[7] He worked there until just after the war, discharged on 19 June, eventually working as a car and cycle mechanic in Straubing.[7]

Chief Cryptanalyst Specialist Dr. Erich Hüttenhain was a mathematician hired in 1937 to create a specialized cryptanalytic research unit to investigate enemy cryptologic systems and to test Germany's own cryptologic systems and processes. Together with Dr. Walter Fricke, Chief evaluator, also a mathematician of some distinction, and his assistant, he was also moved to England to be interrogated by TICOM after the war.[7] Walter Fricke was then considered the official historian of OKW/Chi.

Colonel Hugo Kettler was an administrator who had commanded OKW/Chi from October 1943. His intimate knowledge of the working of OKW/Chi, enabled him to provide information to TICOM that the OKW/Chi archive papers had been moved to Schliersee.[7]

Lieutenant Colonel Metting was a signals officer who worked up to command the Germany Armies cryptologic centre, Inspectorate 7/VI from November 1941 to June 1943. After working in the Signals Battalion on the Eastern Front for several months, he was assigned second in command of OKW/Chi in December 1943.[7] After the war he was considered such a high-value target that he was moved to England to be interrogated by TICOM. He was Head of Main Group A.

Organization

edit

The following information was prepared by TICOM agents, by comparing the interrogation documents of Colonel Hugo Kettler, Director Wilhelm Fenner, Dr. Walter Fricke and Dr. Erich Hüttenhain. TICOM believed that the information was correct.[11]

1939 to summer 1944

edit

OKW/Chi passed from peace to war without change to its organization. Preparations had been made in 1938 to define staff numbers but at the outbreak of the war, personnel were increased by about 30%. In 1939, OKW/Chi was called The Cryptologic Bureau (German: Chiffrierstelle) and was a part of the Inspectorate of the Signal Troops.[12] At the start of the war The Cryptologic Bureau was commanded by Oberstlt (Colonel) Fritz Boetzel as Director of Operations with his deputy being Major Andrae. He was replaced by Colonel Hugo Kettler during summer of 1943.

The organization of OKW/Chi was broken down into four groups which were named Group I to Group IV.

In 1938, OKW/Chi had no mechanical aids to use for the quick decryption of enemy messages once the cipher was broken. Although major attempts were made to mechanize the process, it was realized only in late 1943 that additional specialist personnel would be needed, and they were not available.

OKW/Chi was primarily an intelligence gathering organization at this point, with its only commitment to develop ciphers for Military Intelligence (Abwehr). Each branch of the armed forces were free to submit their system for testing, but were under no obligation to do so. In October 1943, OKW/Chi gained control for cipher development across all military agencies by an order of Field Marshall Keitel, Chief of Staff of the Supreme Command Armed Forces (OKW).[12][13]

Summer 1944 to March 1945

edit

The organisation and mission of OKW/Chi changed significantly in the summer of 1944, principally centered on the attempted assassination of Hitler.[12] Whereas OKW/Chi had supposed jurisdiction over all cipher agencies within the Armed Forces, after Summer 1944, Director Wilhelm Fenner persuaded Generalleutnant Albert Praun, General of the Communications Troops of the need to centralise all results and efforts within OKW/Chi, and to issue an order to that effect.[14] After the order, OKW/Chi no longer acted like a service agency, but instead set policy and became the primary jurisdiction for all work done on cipher development, message decryption and associated machinery design and construction.[12] The organisation changed significantly, with new commanding officers, more focus for Chi IV function and increased staffing levels.[12]

OKW/Chi classified the manner of how they would work with other agencies. How they were classified depended on whether a particular agency had influential Nazi party members in their leadership. The Army had close ties with OKW/Chi but other classifications, for example, the Kriegsmarine and Luftwaffe proved more difficult to control and were never subordinate to OKW.[12][15] Agreement was needed to ensure common process, control and cipher machinery. The Waffen-SS was considered a third classification. OKW had no control over it and special orders had to be issued to enable liaison to start.[12]

OKW/Chi was organised into four principal groups headed by Colonel Kettler, with his deputy Major Mettig.[12] These were the personnel section, Main Group A, Main Group B and Group X. Group A contained Section I, Section II and Section III. Group B contained Section a, Section b and Section c. Group A's assignment was the development of their own cryptographic systems and the interception of foreign radios and cables. Group B's assignment was cryptanalysis of foreign government communications, the development of mechanical cryptanalysis devices including training in such devices. Group X's assignment was the scanning and forwarding of deciphered telegrams to suitable offices including the keeping of a day book recording the most important data.

  • Chi I: Commanded by Captain (Hauptmann) Grotz. Also called Section 1, it controlled the interception of class 1 traffic. The job was one of liaison. The section head was briefed by the head of OKW/Chi and was also in contact with the cryptanalysts. On that basis he would give instructions to the intercept stations.[15] It consisted of some 420 staff at the end of 1944 including the intercept station traffic. It consisted of three sections:[11]
  • Referat Ia: It had control of signal intelligence cover for inter-state communications and control of fixed intercept stations and their branch stations. It contained two staff.
  • Referat Ib: Study of communications systems of foreign countries and consisted of two staff.
  • Referat Ic: Responsible for both the Abwehr and OKW/Chi's own telecommunications equipment, including deployment and upkeep. It contained two officers and 24 staff.
  • Chi II: Its position was similar to Chi I but while Chi I was a liaison organisation, Chi II was the interception organisation. It controlled directly the personnel at the main intercept stations at Ludwigsfelds and of the subsidiary stations at Treuenbrietzen and Lauf which was used to intercept encrypted diplomatic Morse network signals. The broadcasts picked up at Ludwigsfelds and other stations were carried by line to Berlin. They were immediately translated. It also developed and allocated German code and cipher systems. It consisted of three sections:[11]
  • Referat IIa: Section IIa's activities varied, and included the following. Camouflage systems for use in German telephonic and radio communications. Passing of requests to monitoring services. Preparation of code and cipher manuals and working instructions. Ownership of key allocation policy. Security scrutiny. Investigation of loss and compromise. Captain Bernsdorf was in control of IIa and had some six staff.
  • Referat IIb: Developed German code and cipher systems (camouflage, codes and ciphers and telephone secrecy) and also advised on the production of keys and the supervision of production. Specialist Dr Fricke was in control of IIb and had some 14 staff.
  • Referat IIc: Controlled by Inspector Fritz Menzer with a staff of 25. Codes and ciphers for agents. Fritz Menzer was considered a Cryptographic Inventor Extraordinaire by cryptographic historian David P Mowry.[16]
  • Chi III: Managed by Major Metzger. Its assignment was the monitoring of foreign press and propaganda transmissions. It evaluated those transmissions, reproduced and distributed the most important broadcasts. It also made and improved the radio receiving stations, managed the telegram system to and from Chi and ensured the operation provided a 24-hour service. It consisted of around 100 individuals by the end of the war.[15] It was also responsible for the distribution of keys. It controlled the production, printing and distribution and control of outstations responsible for production of keys.[11] It was controlled by Major Metzger and was managed by 25 officers and 215 staff.
  • Chi IV: Managed by Dr. Erich Hüttenhain, with the department name (German: Analytische Kryptanalyse), was the code breaking and translation service which took the raw material from Chi I intercept stations for decryption. This was considered the most important section of the service from an operational viewpoint. The bulk of the personal in Chi IV were linguists, engaged in code-breaking and translation. Also in Chi IV, from 1939, was a group of mathematicians headed by Dr Erich Hüttenhain, and organised on the same level as the linguists. By 1942, the mathematicians were grouped in a new subsection, Chi IVc, in recognition of their increasing importance. The mathematicians were considered a research group, whose job was to make the initial break into more difficult ciphers. When the cipher decryption became routine, it was handed to a linguist. In addition, Chi IV contained a subsection devoted to cipher development and security improvements. In connection of security improvements, an additional subsection was created in 1942, tasked with the development of cryptanalytic machines. It was managed by Dr Hüttenhain with two administrative staff.[15] It consisted of four sections:[11]
  • Referat IVa: Managed by Dr Karl Stein with a staff of 11. Its duties were the testing of accepted and new cipher procedures and devices (camouflage, codes and ciphers, and telephone security). The section's purpose was to determine the degree of security of devices and processes. It also tested newly invented devices.
  • Referat IVb: Managed by Wilhelm Rotscheidt with a staff of 28. Its duties were the development and construction of decoding devices and the deployment of decoding devices. This was specifically for the decoding offices of Chi and various departments of the Armed Forces and several Government departments.
  • Referat IVc: Managed by Dr Wolfgang Franz, it had a staff of 48. Its duties were the scientific decoding of enemy crypts, the development of code breaking methods and working on re-ciphering systems not solved by practical decoding.
  • Referat IVd: Managed by Dr Hüttenhain, he provided training and instructions. Conducted lectures and prepared tutorial materials.
  • Chi V: Managed by Dr Wendland with an administrative staff of two, with 22 desks. It was in charge of the teleprinter connections between Chi I and the intercept stations, and in addition provided a Siemens ADOLF teleprinter network for the Abwehr, at home and abroad.[12][17] It ran the special communications service of Chi, also for the German High Command, Luftwaffe, Funkabwehr, Abwehr and AA/Pers Z. Monthly message rates were of 18-20000 teleprints.[17]

It also conducted practical decoding of codes and ciphers of foreign governments, military attaches and agents.[11]

  • Chi VI: Managed by Colonel Kaehler with an administrative staff of two and its main duty was the monitoring of radio and press. It was staffed mostly by personnel with newspaper experience and who prepared a daily news summary. In addition, special reports were occasionally created and sent to those departments which had a need for the material.[12] Chi VI consisted of four desks.
  • Referat VIa: It conducted wireless interception and managed the sound recording machinery. It was also in charge of listening station Ludwigsfelde, provided analytical solutions to foreign re-encipherments, was in charge of communication between intercept stations and controlled the wireless equipment. It consisted of some 60 individuals.[11]
  • Referat VIb: It managed radio news services and photographic image transmission. It consisted of some 60 individuals.[11]
  • Referat VIc: It intercepted and monitored non-German radio broadcast services. It consisted of some 30 personnel.[11]
  • Referat VId: This section evaluated radio broadcasts and press news. It published the Chi-bulletins, and created normal and special reports according to subject. It consisted of 12 personnel.[11]
  • Chi VII: Managed by Oberstltn. Dr Kalckstein. Sometimes called Group X, its task was mainly administrative in nature. It scanned and forwarded deciphered telegrams, kept a day book, and consisted of four officers and nine other personnel. It consisted of two sections.[11]
  • Referat VIIa: It kept the day book, and also evaluated and distributed VN-bulletins as necessary.
  • Referat VIIb: It organised and indexed messages into categories including family name, place names and subjects such as politics. It also distributed the information on cards as necessary.
  • Group Z: The department's duties was entirely administrative in nature. It looked after quarters, accounts, and staff deployments. Managed the organisation of internal offices and ran the political commissariat. It had a staff of 13.[11]

Disintegration

edit

By end of 1944 and the beginning of 1945, Chi had begun to disintegrate.[18] Increasing bombing and difficult working conditions in Berlin forced Chi to transfer to Army Signal School (German: Heeresnachrichtenschule) (LNS) Halle (Saale) in Halle on 13 February 1945,[18] with the cryptanalytic machinery left lying in the cellar of the Haus des Fremdenverkehrs, Potsdamer Straße, in Berlin.[19] Message decryption continued on a limited scale. On 13 April 1945, Chi partially dissolved when Colonel Hugo Kettler dismissed all staff who wanted to go home. All remaining personnel of Chi again moved on 14 April by military train to Werfen station in Austria. It ceased to exist the next day. All papers and machinery were destroyed by burning in anticipation of the American forces, the American Ninth Army arriving in the next few days.[18] All burnt material was thrown into the River Salzach next to the Werfen station.[14]

No Verlässliche Nachrichten's (V.N's) (described below) were thrown into the River Salzach. V.N's from 1922 to 1939 were deposited in the archive of the Chef des Heeres in Potsdam. The V.N's for 1940-1943 were deposited at the Tirpitzufer 38–42, later renamed the Bendlerblock. The V.N's for the last year were all burnt.[14]

Operations

edit

Reports

edit

Evaluation output

edit

During the period of 1 January 1944 to 25 June 1944, Chi II, the evaluation of foreign language transmissions section, processed an average of 253 broadcast transmissions and 234 wireless news service reports were dealt with daily.[17] Apart from the daily Chi reports, i.e. military, political, economic situation and commentaries, a further P/W report was issued on an average daily, and an espionage report nearly every day.[17] In addition, special reports were sent to the following daily.

Chi II achieved these results in spite of having to work since the outbreak of the war without pause in day and night shifts, and since August 1943, owing to bomb damage, in a deep cellar and in cramped quarters.

Solution output

edit

The number of encrypted intercepts that were solved, over the life of the Chi IV unit:[17]

  • 93,891 line messages
  • 150,847 wireless messages
  • 244,738 cipher and code messages.

12.5% of this amount was due to traffic intercept received from Hungary. Around 33% of solutions to diplomatic traffic was received from the Forschungsamt. Rejects amount to 0.25%.[17] Forty-one European and extra-European countries were monitored on a regular basis as well as Allied agents' codes and ciphers.[17] Government codes and ciphers of 33 European and extra-European countries were worked on and solved.[17]

Damage to working materials, e.g. burnt one-time pads, reciphering, and cipher texts, caused by air attacks were regularly made good by copies that had been safely stored elsewhere.[17]

Linguistic output

edit
 
A Reliable Report that has been damaged by being in water, removing the red strip from the header, with the diluted text recovered manually, probably by TICOM

The final output from Chi IVb, i.e. from the linguists, was the translation of decoded traffic into a product called Reliable Reports (German: Verlässliche Nachrichten), and were classified as Top Secret (German: Geheime Kommandosache).[15]

The principal recipient of the most important VNs was General Alfred Jodl, Chief of Operations and Hitler, with a copies being sent to other agencies and archives and used for additional processing, for example, cribbing.[15] That material which was considered of no importance was discarded. The linguistic section produced an average of 3000 VNs per month.[15] Statistics on a month per month basis demonstrate the number of VN's produced, after sorting and rejection of unimportant texts. Note: the following statistics do not include the 6000 agent messages handed to the Funkabwehr (FU III).[17]

Reliable reports produced in the first 6 months of 1944
Month Number of Verlässliche Nachrichten
January 1944 1795
February 1944 1860
March 1944 1951
May 1944 2122
June 1944 1656

TICOM seized most of the VNs which represent the traffic of 29 countries and are now available at the US National Archives for viewing.[20] A Combined British and American team combed the VNs for Intelligence after the war and it was known that Churchill read a number.[15]

Production process
edit

All traffic intercepts were written out as a telegram card and sorted in the telegram registry. The telegram registry was a very large card index system that was designed to be as comprehensive as possible. The telegram was assigned various property values which uniquely defined it. The telegram was delivered as quickly as possible to the section head of the appropriate country desk. There the telegrams were divided according to four points of view:[21]

  • Messages which could be read currently.
  • Messages worked on but not presently decipherable.
  • Unknown systems, i.e. those not yet analysed, but not presently deciperable, insofar as the telegram has failed to eliminate these.

The telegrams containing solved codes were stripped of encipherment and decoded at once. Messages enciphered with a code or cipher that was not solved was assigned to a cryptanalyst. Unknown telegrams were stored in the telegram registry, and observed for like types, frequencies, frequency of message intercept that Chi would like to be cleared before starting a systematic study of the code. Fenner stated that he did not think any clever cryptanalyst was allowed to work on more than two plain codes unless solution had reached a point where only decoding was involved. When messages were decoded the selection began.[21]

Selection process
edit

The practiced cryptanalyst can quickly determine whether a message contains a political or political, military-political news, administrative messages or those messages with content that could be used to provide intelligence. So called Passport messages, i.e. those messages sent to confirm the identity of an individual seeking a passport, were quickly spotted, likewise those only reporting press reports. Very few messages were of objective interest. Moreover, nothing was so apt to reduce the value of a particular VN, than to publish trivial information. Hence in selecting the VN's it was considered important to give:[21]

  • daily situation reports of diplomatic representatives as the specific attitude of a particular countries government could be understood.
  • Information that helped to solve certain outstanding problems
  • new reports and instructions from foreign central government authorities to its Ambassadors, government minister, and other Plenipotentiaries and from them to the home office. after observations covering many years, about 7 times as many telegrams were deciphered as were issued as VN's.[21]

Occasionally instructions were received regarding information that was of a particular or special interest and effort was focused but such instructions regularly coincided with what Fenner generally knew about current event. Fenner gave his colleagues as much leeway as possible in their choice of selection and it was possible since most cryptanalysts were professionals and professional objectivity was expected of the role. The many passport messages and messages containing information of an economic nature were of no interest to German High Command, and if they were included sometimes in a particular VN, as were even less significant items, it was usually due to the cryptanalyst attributing some additional significance, perhaps from personal information, that the eventual end reader of the VN, in the High Command did not know, as they were less informed, and ultimately less prepared. The question: What was the most important information? was, of course, never correctly answered, as the whole process was a subjective one. What seemed important and intensely interesting one day, in two years’ time could be unimportant and vice versa. Hence, Fenner and his colleagues took the view that it was better to issue some unimportant VN's than to fail to include some important ones. Fenner's attitude in this matter, could best be described by TICOM as

Let the senior command sift the grain from the chaff.[21]

When army radiograms were solved, there was no hard or fast criteria for evaluation. A seemingly irrelevant message in which some new unit was named might, under certain circumstances, be more important than an order to attack, of which one already had knowledge from other sources. For this reason, deciphered army radiograms were never included in the daily VN's. They were termed VN's but followed a different process and given the appropriate attention in a different section. This process was separate from diplomatic intercepts, and involved evaluation of Call signs, the attempt to find some periodicity in the scheduling of call-signs and wavelengths; with preliminary evaluation, updates to the card index registry, the actual evaluation of the message and final evaluation resulting in an appropriate report.[21]

Translation process
edit

Good translation was the task that had the greatest importance attached to it within OKW/Chi. Translation was necessary due to the number of different languages used in intercepted messages. It was inconceivable that the officers engaged in dealing with the solved intercepts would be able to understand them all, especially since the grammar in messages often departed from normal conversational usage. At each desk, there was at least one translator analyst who knew the foreign language specific to that desk and German well enough too, such that in doubtful cases the translation could be shown to him for checking.[21] It was expected that e.g. the language differences as the following should be handled directly:

  • gewisslich certainement
  • sicherlich surement
  • nur plus de, seulement
  • bloss pas autrement, simple
  • anscheinend probable
  • scheinbar apparent

Designations of offices and officials had to be translated correctly as well.[21] Missing words or garbled messages were replaced by dots. Doubtful translations were enclosed by parentheses with a question mark. However, in the view of the multitude of newly appearing technical terms (German: Fachausdrücke) with one or another, may not have been correctly rendered. The deciding factor was always the grammatical sense and word structure of the VN,[21] and any attempt at free elaboration of an incomplete reliable report was strictly forbidden. Personal remarks made on the VN were also strictly forbidden, otherwise it would have ceased to be a Verlässliche Nachricht. Therefore, if an item seemed important enough to be issued as a VN and if it was translated correctly it was issued as a VN.[21]

Distribution
edit

Each VN bore in the heading the designation OKW/Chi and VN, also an indicator whether sent by radio or cable.[21] Then a note of nationality since language alone was not enough. Egypt, for instance, employed a French code. Furthermore, each VN had to contain data which made it a bona fide document; Date of message, and if present, the Journal number, or issuing office. Finally, each VN had in the lower-left corner a Distribution mark, e.g. Abw. 4 x.. This meant that a total of four copies had been supplied to the Abwehr. This mark remained long after Chi ceased to be a part of the Abwehr, even when other offices were supplied copies. No exact list of recipients was on the sheet, so it was decided to write Abw ... x.. In the lower right hand corner, also on the last sheet, was a brief indication of the system, e.g. F 21. This meant France, system 21, i.e. the 21st system solved by OKW/Chi since World War I. The notation was sometimes more explicit, i.e. the entire formula for the code or cipher was given, e.g. P4ZüZw4 meaning Polish 4-digit code enciphered by an additive sequence (Zahenwurm), fourth system solved. Later these notations were usually made on the copy which remained in the section, and was only understood by the section anyway. A VN was not considered genuine without all these identity indicators. On many VNs, the initials of the responsible worker was written, and sometimes Fenner added his own initials that were added later, since it was impossible to read all VNs. VNs were reproduced using a typewriter and using Carbon paper, and a lack of paper meant the available supply became worse and worse as the war progressed. Not until 1944 did Fenner obtain permission to use Wachsplatten, a device created to print multiple copies.[21] As soon as the copies were made they were sent to Leutnant Kalckstein who was changed with all further details. He kept the one copy which ultimately went to the Archive. These copies were inserted in binders, ordered chronologically and delivered to the Chef der Heeresarchive, located in 8 Hans von Seeckt Strasse, Potsdam, whenever it was assumed that Chi no longer had an active interest in them.[21] All VNs up to about 1930 were delivered there. Before distribution, the most important passages in the messages were underscored by Kalckstein and his assistants. Fenner objected to this predigestion owing to the danger that the reader would scan these valuable documents just as fleetingly as he did others. They maintained that VNs should only reach the hands of those who had time to read them and most importantly understand them.[21]

Publication
edit

Publication of VNs was strictly forbidden. Each VN was classified as secret (German:Geheime Kommandosache) and was marked with the highest security protection. It was forbidden to speak about the VN outside the cipher bureau itself, and only inside with the immediate group a particular individual worked with. Every serious cryptanalyst knew the consequences of publication of a VN. When Ambassador Walter Page published the Zimmermann Telegram after World War I, the unit used this to prove how important exact decipherment is and how important it was that every cryptographic system was to be tested before being put into use.[21]

Day-to-day operations

edit

Friction in day-to-day activities occurred between Fenner and other personnel and military agencies, and was not considered satisfactory from an efficiency standpoint. Neither the head of Abwehr, nor indeed the head of OKW/Chi really understood the difficulties involved in cryptanalysis, nor the operational resources required for a specific task.[15] A directive was issued to Fenner to break a particular American strip system by a particular Sunday. This was completed, purely by chance and hard work, and met the deadline. As Dr Hüttenhain stated:

From that point on, personnel were continually concerned that specific ciphers were to be broken to order.

OKW/Chi managed to keep up a continuous stream of VNs even when conditions started to become intolerable, primarily due to the continual bombing. OKW/Chi had been bombed out of its regular headquarters in the Tirpltzufer section in Berlin by November 1943, close to the Abwehr headquarters.[15] From that point it was moved to temporary buildings which were unheated and sometimes without doors and windows.[15] During the last three years of the war a continual thinning of the ranks reduced active personnel in Main Group B down to about 321 from a peak in 1941.[15]

Interception

edit

Interception input

edit

All intercepts were centrally controlled by the unit in order that it did justice to the requirements of the recipients and the technical demands of deciphering at the same time to remove unnecessary duplication. The monthly averages for the period of January 1944 to June 1944 were as follows:[17]

  • Wireless messages: 36,480
  • Press reports: 7,280
  • R/T transmission 20 minutes: 7,340
  • Line messages: 12,330

Intercept networks

edit

OKW/Chi ran two distinct interception networks, which included legacy systems from previous agencies.[15] The first system that was subordinated to Chi I, intercepted inter-state wireless traffic of enemy and neutral stations, that included enciphered and unenciphered telegraphic communications of diplomatic and military attache messages sent in Morse code and most messages were encrypted and received from enemy and neutral states.[17] Messages picked up on this system were sent to OKW/Chi for decipherment. The second network's mission, which was subordinated to Chi II and Chi III, was to monitor foreign wireless news broadcasts, with all traffic sent in clear text, and included such news agencies as Reuters, and Domei,[15] picture transmission as well as multiple enemy Morse code wireless transmissions, also of illicit transmissions, agents' messages and the secret press in Europe.[17] The second system was also used for testing of new or special equipment.

The first network and by far the largest consisted of two large fixed signals intercept stations at Lauf, one at Treuenbrietzen,[15] and outstations at Lörrach, Tennenlohe and branch stations at Libourne, Madrid, Sofia. These stations were subordinated to Chi I.[17]

The Treuenbrietzen station was created in 1933 and used to pick up diplomatic traffic before the war. It was subordinated by OKW/Chi in 1939,[15] but little is known about it since staff escaped to Werfen at the end of the war and they were never interrogated by TICOM.[15] The Lauf station started life intercepting diplomatic traffic in 1933, but was also subordinated by OKW/Chi in 1939 and expanded considerably. It had three small intercept stations on its own.[15] These were branch stations at Lörrach with eight intercept sets to track Swiss traffic, Tennenlohe was a backup/emergency station with five sets and there was a small station at Libourne in France, operating nine sets from 1943 and used to track Swedish and Turkish Traffic.[15]

Lauf had between 200 and 250 people running it, including outstations with over 80 women after January 1944. It used around 90 receiving sets. TICOM primary witness to the running of Lauf was Specialist Flicke,[22][23] who stated:

[Lauf's primary] mission was to intercept all diplomatic traffic including the traffic from the Polish underground.

Wilhelm F. Flicke (1897-1957) would later write a book at the request of the German Military in the 1950s of his experiences at Lauf. The book was called War Secrets in the Ether[24] (which was restricted (English translation) by the NSA, and Britain, until the early 1970s). The Lauf station was intercepting 25000 messages per day by late 1942,[15] but this changed when closer control was instigated in early 1943 to only focus on specific messages groups, dropping the message count down to about 10000 per day.[15]

Flicke also conducted intercept operation against both the Soviet espionage group, the Red Orchestra, operating in France, Germany and the Low Countries, but also, chiefly against the Rote Drei, a Soviet espionage network operating within Switzerland.[25] In 1949, Flicke wrote the Die rote Kapelle, Kreuzlinger, 1949.[26] The information in the book is inaccurate and occasionally misleading.[25] After the war, his reputation was damaged mainly due to his sister and estranged wife were living in the Soviet occupation zone of Germany.[25] He died on 1 October 1957.[25]

Out stations
edit

The intercept network ran special stations called Out Stations, described by Colonel Mettig as being directly subordinated to Group I at OKW/Chi instead of Lauf and deemed to be fairly small and often in foreign countries.[15] They were administered by the Abwehr. Two were known to exist, one in Spain and one in Sofia. The Sofia outstations had considerable difficulty in contact OKW/Chi often using shortwave radio.[15] The Intercept organisation in Spain was called Striker (German:Stuermer).[27]

The Spain outstation employed around 50 men, around 1941. Communication between this outstation and OKW/Chi was by wireless and courier. One outstation was first located in the German consulate in Madrid, later in 1942 it moved to a night club and later to the edge of the city in 1942 to avoid conflicting radio signals.[15] Other branch stations existed, one in a cattle ranch in Seville. The Seville branch station was established to listen to West African colonial traffic, with a staff of about 8 men.[27] A branch station also existed in Barcelona and on Las Palmas in the Canary Islands. The Barcelona outstation was designed to monitor naval radio traffic in the Mediterranean and the Atlantic and had a staff of about 10 men.[27] The Las Palmas branch station was established to intercept Portuguese colonial transmitters, French West Africa Army radio stations and specific transmitters in international communities. It was staffed with four radio operators with two receivers.[27] The Seville branch station had to be closed down to save it from being raided by the Spanish police and removed it to Seville itself.[17] The Seville and Barcelona stations were closed down in the summer of 1944, after the Normandy landings with only Madrid remaining and operated until May 1945.[27]

The outstations conducted work with the official approval of the host country, e.g. in Spain. Extreme and elaborate security precautions were continually in operation to keep the network secret. Outstation personnel were forbidden to mix with the locals, ordered to travel in small groups, married men could not contact their wives and single men were forbidden to marry Spanish women.[15] Certainly it was known that certain men conducted clandestine meetings with Spanish women who were known to be in high positions in both the Spanish government and military.[15]

Other outstations existed in Rome, Belgrade, Vienna, Budapest, Bordeaux, also in Greece.[15]

The interception system control loop was controlled by Group I of OKW/Chi. Colonel Mettig would prepare a monthly report in conjunction with Chief Cryptologist Wilhelm Fenner, of the most interesting links (that a listening station had made) as he appreciated them, based on this knowledge. This was sent to Section IV who examined the links, made decisions as to what to listen for, and this was fed back to the intercept station in question via the Abwehr.[15] The control loop was continually refined to ensure that language desks who were solving specific traffic received new intercepts specific to that desk.[15]

OKW/Chi would also receive traffic from other military agencies. These included the Reichspost, OKW/Fu and the Forschungsamt (Research bureau)Hermann Göring's personnel cipher bureau.[15]

Around 500 people worked on the Lauf interception network when outstations were included.

Second system
edit

Little is known about the second intercept system, which had its main station at Ludwigsfelde with branch stations at Koenigsberg, Gleiwitz, Muenster and Husum,[15] except that it was subordinated to Chi II and Chi III,[17] and that Ludwigsfelde station was very well equipped with 80 receiving sets. It was completely destroyed by an air attack on 2 January 1944[15] and was not back in operation until the autumn of 1944. Colonel Kettler stated under TICOM interrogation that it kept up a monthly average of 7,280 press reports, 7340 phone transmissions, 36,460 wireless messages and 12,330 line messages during the period from 1 January to 25 June 1944.[15]

The bulk of interception was either ordinary Morse code or radio telephone, with little attempt to expand into other traffic types, e.g. Baudot[15][17]

Personnel

edit

Application process

edit

Applicants to the unit were generally academics who had achieved a doctorate, or individuals who had passed the First major State Examination e.g. Staatsexamen.[21] These included philologists, jurists, mathematicians and natural scientists with full command of one foreign language and some acquaintance with another. Mathematicians only required one language.[21] A normal requirement for entry included a good civic reputation and being physically fit, with excellent vision. Candidates had to pass an examination to prove their linguistic or mathematical skills. If they passed the examination, and the candidate was assigned a probationary position, they became a planmässiger (temporary) or if they achieved a permanent position, they became a Uberplanmässiger (permanent).[21]

Training

edit

Training was a regular occurrence at OKW. Occasionally training would be provided in elementary cryptology for those personnel who were considered neither a strategic ally, nor an ally who was not directly involved with Wehrmacht operations. Sometimes advanced courses would be undertaken, for particular groups within Wehrmacht. However, most of the training was for OKW personnel.[15] When Dr Hüttenhain started in 1937, he was trained for six months and practiced on low grade Spanish government military systems. Generally, when a new member joined, who could speak a foreign language, they started as linguists and were gradually introduced into cryptology, working for two days per week in the six winter months.[15] Later, advanced courses for more able candidates were undertaken, but the candidates were expected to undertake significant research work and work on new problems almost immediately after completion. In November 1944, the courses were dropped.[15]

Assignment of duties was the same for all candidates, except those candidates who had been assigned to a section, who had an Assessor. In that case, the candidate had to write and post a report every three months. A record of activities was all kept in a diary by the candidate that was shown every month to the section head.[21] The candidate also had to show proficiency in a lower course in cryptology taken over two years.[21] At the earliest, the candidate could apply after three years for admission to the Second major State Examination for life to become a Beamter of the Higher Foreign Language Service of the Armed Forces.[21] Admission to the examination required the permission of the section head and the chief cryptanalyst. In preparation for the examination, the candidate undertook lectures on diplomacy, Armed Forces organisation, Patent law and organisation disciplinary law.[21]

Examination process

edit

On the first day, the candidate had to translate 20 lines of cryptographic text from a foreign language into German; testing some simple cryptographic system, e.g. a linear slide or disc or some similar device. Solution required the solving of some basic systems with an attached analysis and criticism. Mathematicians followed a slightly different approach, solving a problem from cryptologic mathematics.[21] The total length of the course was 6 hours.

The Examination Commission consisted of Wilhelm Fenner, Dr Erich Hüttenhain, one of the candidate's teachers and a representative of the Armed Forces Administrative Office.[21]

The commission rated the candidates' results in 9 grades ranging from deficient to praise worthy. If a candidate intended to become an administrator in the legal branches, one point extra would be given on the legal portion was given preference, before averaging. In case of ties, that candidate was given preference whose character was rated higher.[21] If the candidate failed, they were allowed to try again after a year. No third examination was allowed.

Government councillor

edit

Candidates who passed the examination were appointed as Regierungsrät (Governing Counciller) with all the attendant rights and privileges of a senior position in the German civil service, including the legal right to old age pensions and provision for widows.[21] As they were now officials of the Armed Forces they were permitted to wear the uniform of that branch of the German Armed Forces and took the appropriate oath.

Since Fenner and Hüttenhain had no experience to tell whether the requirement for new personnel in the time allowed would be met, nor if the course and examination was sufficient to create competent cryptanalysts, provisions were made that changes were effected by agreement between the examining commission and the office concerned, e.g. omissions of certain legal questions, extension of time added to enable the solving of the cryptanalytic problem.[21] There was no desire to make the course a deadly formal test that was quite out of accord with realities. It was also agreed that only such Beamte who had served their required terms, should wear a uniform, lest the public criticize the unit adversely, since only an expert could tell the Beamten officer uniform.[21]

Fenner believed the new rules were of value. Now anybody could know who could and who could not become an official, and those promoted had the satisfaction of knowing they had won the promotion by merit.[21]

The examination was a Pro forma matter, as it called for proof of real knowledge and ability. Both examiner and examinee were expected to concentrate. Weeks of hard preparation went into the examinations since, despite the constant changes, they had to be kept equally difficult. Conscientious observance of all regulations and adherence to established channels called for real knowledge of the subject and real responsibility was undertaken by Fenner.[21]

Liaison and relations

edit

Liaison with Hungary

edit

Hungary was the first country that Germany established signal intelligence relations with in 1922.[28] In the early 1920s OKW/Chi tried to make an agreement with the Austrian cipher bureau in the Ballhausplatz, but they refused to collaborate. The Austrians had personal contact with the Hungarian cipher bureau, who learned of the matter and within weeks sent two men to Berlin, including Wilhelm Kabina, and within a few hours of arriving, an agreement was worked out to collaborate.[21] The agreement remained in effect for over 20 years and the terms were loyally observed.[21] All material and results were exchanged with the Hungarian cipher bureau, and an attempt was even made to divide the work between the two departments, but this had not worked in practice.[14] In urgent cases, messages were passed from Budapest to OKW/Chi by telegraph. In cases where they had failed to intercept an important message, a telephonic request would be sent to Budapest, and any gaps would be filled by telegraph. The Hungarians were considered excellent at solving plain Balkan codes, but had never had any success with Greek traffic. Hungary helped OKW/Chi to solve the American military Attaché system, called the Black Code, by providing materials covertly extracted and photographed from American diplomatic baggage.[28] Wilhelm Fenner however, considered them on the whole indifferent cryptanalysts and not as good as OKW/Chi.[14]

Liaison with Finland

edit

The liaison with the Finland cipher bureau, the Signals Intelligence Office (Finnish: Viestitiedustelutoimisto) was less complete. Fenner visited the agency in Helsinki in 1927 to explore collaboration with Chi, but found that the Finnish had barely any organisation, but three years later it was an equal partner in cipher work.[21] The Finnish contribution was exact clever decipherment rather than an exchange of intercepts. Reino Hallamaa was the Director.[21] They worked on plain Allied codes, the Brown and Gray codes and the strip cipher. The Finnish had a slight liaison with the Hungarians and had an exchange of visits but no material was exchanged. The Hungarian cipher bureau also had a liaison with the Italian cipher bureau, Servizio Informazioni Militare but again no material was exchanged.[14]

Liaison with Japan

edit

At the beginning of the war, a representative from the Japanese cipher bureau visited OKW/Chi and give them the originals of the Brown and Gray Codes. Wilhelm Fenner never found out how they obtained the originals. No material was exchanged with the Japanese cipher bureau at any point.[14]

Liaison with Italy

edit

A representative from the Servizio Informazioni Militare (SIM), Brigadier General Vittorio Gamba visited OKW/Chi at the beginning of the war, and OKW/Chi was surprised. Chi had heard that the Italian bureau had some kind of organisation, but did not realise that the bureau would approach Berlin without an invitation.[21] Gamba's two-day visit led to an arrangement to collaborate on French material. Fenner visited Gamba in Italy to organise matters, but during the entire stay, Fenner never saw a table of organisation or other information which would give him any insight into the size and workings of the bureau. However, Fenner considered them good bargainers and thieves. The Servizio Informazioni Militare provided OKW/Chi with a captured Swedish diplomatic codebook, and in return they exchanged their workings on Romanian and Yugoslavian positions. The enciphered Yugoslavian system had called for a lot of patient work to solve and it had bothered Chi. The Italians also had a Turkish code that Chi was trying hard to break.[21] The Servizio Informazioni Militare was also interested in the French Army and diplomatic codes and ciphers and these were exchanged by courier, as these were its weakest points. Later OKW/Chi received a solved American code that was used by the Military Attache in Cairo. Fenner suspected that they had captured the code book, as OKW/Chi had previously worked on solving the code, but had set it aside as possibly too difficult. OKW/Chi was reading all Italian codes and ciphers.[14]

At the time when Rome was interested in help with French systems, OKW/Chi considered the codes too weak, and insisted that Italian codes be improved, as the risk of important leaks was too great.[21] Fenner did not think that the SIM was actually trying to block, merely that it was unable to do anything satisfactory due to lack of competent personnel. Also there was not the same honesty as was found with the Hungarian and Finnish agencies. Then some of the cryptanalysts in Italy began to complain that Gamba was too old.[21] After the Fall of the Fascist regime in Italy when Benito Mussolini was deposed on 24–25 July 1943, the Servizio Informazioni Militare turned to OKW/Chi for help and cooperation. Generaloberst Alfred Jodl, however, forbade any further liaison, and from that point on, no agency contact was made or material exchanged.[14]

Relations with Auswärtiges Amt

edit

Dr Erich Hüttenhain stated that fierce resistance was met from other departments at any attempt to control the security of all the ciphers and key processes. The OKW/Chi was never allowed to know details of the ciphers used by Foreign office.[29] Even in mid 1944, when Generalleutnant Albert Praun issued a decree [Ref 5.2], that unified the security of own key processes of all the cipher bureaux within OKW/Chi, Pers Z S ignored the order. Kurt Selchow, the Director of Pers Z S, was strongly opposed to the idea and preferred to remain independent.[29]

Defensive cryptology

edit

Defensive cryptology in this context enables secure communication between two individuals, in the presence of a third party. During World War II, defensive cryptology was synonymous with encryption, i.e. the conversion of information from a readable state to apparent nonsense. The originator of an encrypted message shared the decoding technique needed to recover the original information only with intended recipients, thereby precluding unwanted people from doing the same. German Armed Forces relied on a series of devices and processes to accomplish this task.

German high-level cryptologic systems were insecure for a number of reasons, although they were considered brilliantly conceived by TICOM agents.[30] Large outlays of both personnel and resources by the Allies cost Germany dearly, from 1942 onwards. For example, Admiral Doenitz stated at his Nuremberg trial:[30]

The Battle of the Atlantic was nearly won prior to July 1942; when German losses were within reasonable limits. But they jumped 300 per cent when Allied aircraft, aided by radar; which came like an epileptic stroke, were used in the fight. He reported 640 to 670 submarines and 30,000 men lost as a result of British and American action.

The OKW/Chi cipher department report blamed Radar on new aircraft. It was never realized, even to the end of the war and the trials, that cryptanalysts of the Government Code and Cypher School at Bletchley Park had broken the Air Force (Luftwaffe) Enigma and read all Air Force communications from 1942 onwards.[30][31]

The chief German cryptological machine for defense was the Enigma machine.[15] The OKW/Chi and the German armed forces failed to understand how insecure the system was.[30] The Wehrmacht had a generally uneasy feeling regarding Enigma and their own key processes and missed a number of opportunities to definitively prove this. These were:

  • In October 1939, captured Polish prisoners of war, one called Ruźek stated under interrogation that the Enigma was being worked on [in Poland] in conjunction with the French.[15] This was the result of three deciphered German messages being found by the Germans in a captured Spanish ship in 1939.[30] Three separate interrogations took place between 1939 and 1943 with the last in Berlin.[15] No word of the Polish Bombe or Bletchley Park was ever leaked. This became known as Case Wicher and they convinced themselves that the Enigma indicator system was probably at fault. It was followed up by OKW but testing never recovered any weaknesses.[30][32]
  • In early 1944, mounting losses at Nazi Germany's Kriegsmarine, resulted in a navy cryptanalyst Frotiwein being ordered to test the four rotor navy Enigma.[15] He broke the machine with known wheels on a crib of 25 letters. The evidence was not strong enough to discontinue the use of the device.[15] OKW/Chi helped conduct the test using their own machine and soon afterwards started development of the variable-notch rotor (German: Lueckenfuellerwalz).
  • After the War, interrogations by TICOM of Dr Hüttenhain revealed the following:[15]
One Allied PW in North Africa had said the United States and British operated with a very large joint 'park' of IBM (Hollerith) machinery, but this interrogation was never followed up. No personalities whatever were known.

German military cryptographers failed to realize that their Enigma, T52 and other systems were insecure.[30] Although many attempts were made to try and validate the security of the Enigma, which the whole of the Wehrmacht secure communication cryptographic infrastructure rested on, they failed. The reason for this was they were unable to conduct sufficiently deep security tests to determine how secure they were.[30] They were also unable to put forth the costly practical effort required to solve them. Their security tests were theoretical only, and they were unable to imagine what a large concerted effort at traffic analysis could achieve.[30] A security measure which would have proved productive was the issue of new Enigma rotors. However, so many Enigma machines were out in the field that it would prove impractical to update them.[30] OKW/Chi also felt that even if a particular Enigma unit was captured, it would still be considered secure, since no process was known by OKW/Chi that could break it. They also had not advanced sufficiently in cryptology to realize what could be achieved by a large combined engineering team. The Allies had undertaken that effort and had been rewarded with huge successes.[30] Germany was also unable to cryptanalyze British and American high-grade systems (Ultra) carrying critical Allied data. As a result, OKW/Chi had no hint that their own high-grade systems were insecure.[30]

Curiously, a number of systems were under development at OKW/Chi and at other agencies which would have been considered secure. The introduction of the pluggable reflector (German: Umkehrwalze D) called Uncle Dick at Bletchley Park. It was introduced in Spring 1945 and made obsolete the Bombe.[30] This necessitated the development of the new updated Bombe, called the Duenna. Dr. Huettenhain said in TICOM interrogation:[30]

The [Air Force] had introduced the pluggable reflector, but the Army said it was too much trouble.

A number of other possibly secure systems were developed including Fritz Menzer’s cipher device 39 (SG-39) (German: Schlüsselgerät 39).[30] Invented in 1939, it was designed to replace the Enigma machine, but delays over its design ensured it was never rolled out. Only three devices were built.[33] The cycle for an unmodified ENIGMA is 16,900. When configured according to Menzer's instructions, the SG-39 had a cycle length of 2.7 × 108 characters—more than 15,000 times as long as the Enigma.[34]

Although it was unknown whether these new systems would have made OKW/Chi processes and devices secure, it would probably have complicated the Allied cryptanalytic effort.[35]

Mechanical aids

edit

Development of OKW/Chi cipher machines rested with the Ordnance office.[15] Although OKW/Chi remit was to analyze a number of devices to find their perceived weaknesses, they never constructed any themselves.

The chief German cryptological machine was the Enigma machine.[15] It was invented by the German engineer Arthur Scherbius at the end of World War I, was regarded as antiquated and was considered secure only when used properly, which was generally not the case later in the war.[15] Director Fenner was instrumental in getting them introduced into use.[15] One item alone, the variable-notch rotor (German: Lückenfüllerwalze) would have made the Enigma secure after 1942.

The Siemens and Halske T52-E (German:Geheimschreiber) i.e. the G-Schreiber was considered a secure teleprinter.[15] It was considered modern but not mobile enough. By the end of 1944 planned developments were halted with no further practical work undertaken.[15]

Safety testing the cipher machines

edit

Enigma

edit

In October 1942, after starting work at OKW/Chi, the mathematician Gisbert Hasenjaeger was trained in cryptology by Dr. Hüttenhain. Hasenjaeger was put into a newly formed department, whose principal responsibility was the defensive testing and security control of their own methods and devices.[36] Hasenjaeger was ordered, by the mathematician Karl Stein (who was also conscripted at OKW/Chi), to examine the Enigma machine for cryptologic weaknesses, while Stein was to examine the Siemens and Halske T52 and the Lorenz SZ-42.[36] The Enigma machine that Hasenjaeger examined was a variation that worked with three rotors and had no plug board. Germany sold this version to neutral countries to accrue foreign exchange. Hasenjaeger was presented with a 100 character encrypted message for analysis. He subsequently found a weakness which enabled the identification of the correct wiring rotors, and also the appropriate rotor positions, which enabled him to successfully decrypt the messages. Further success eluded him however. He crucially failed to identify the primary and most important weakness of the Enigma machine: the lack of fixed points (letters encrypting to themselves), due to the reflector, was missed. Hasenjaeger could take some comfort from the fact that even Alan Turing missed the weakness. Instead, the prize was left to Gordon Welchman, who used this knowledge to decrypt several hundred thousand Enigma messages during the war.[36]

Siemens & Halske T-43

edit

The Siemens & Halske T43 T-43 (German:Schlüssel-Fernschreibmaschine) was a cipher teleprinter, which used a one-time key tape to supply a sequence of keying characters instead of mechanical rotor wheels as in other T-series models.[30] The teleprinter was developed in 1943 and introduced in 1944.[37] A serious defect was discovered in the T-43 by Section IVa head Dr Stein in early 1944, but this was corrected. The defect enabled the reading of T-43 messages. Later when TICOM found the device, it was tested and found that the key tape was only pseudo-random, confirming the T-43 was insecure.[30]

Siemens and Halske T-52

edit

The T52 secure teleprinter, was tested on an ongoing basis over the war period. Versions T-52A and T52-B were tested by Dr. Hüttenhain in 1939 and found in his words: to be extraordinarily insecure. Versions A and B were already in production.[15] T-52C was tested by Dr Doering, a mathematician stationed at Inspectorate 7/VI, in 1942 it was found to be insecure and could be broken using a text of 1000 letters.[15] T-52D was also tested by Doering with help from OKW/Chi decipherment machinery and found to be insecure. Both Versions C and D were still being produced even though they were known to be insecure. OKW/Chi had no control over production, with difficulties presented by Army high command accepting their faults.[15] Version T52-E was tested by Dr. Hüttenhain using the new decryption machinery and found to be also insecure.[15] By the end of 1944, production had ceased.

Lorenz SZ-40

edit

The original Lorenz SZ-40 began development in 1937 by the Army Ordnance Development and Testing Group Signal Branch, in conjunction with C. Lorenz AG. Originally no help from OKW/Chi was requested, but in late 1937, Dr. Hüttenhain, Senior Inspector Menzer of OKW/Chi and Dr. Werner Liebknecht, a cryptologic tester from C. Lorenz AG, tested the first SZ-40 and found it could be broken with 1000 letters of text without cribs.[15] Only 100 of these were produced. Model SZ-42 was produced and found to be insecure. Versions A, B and C were designed in conjunction with Dr Hüttenhain and his assistant Dr Karl Stein. It is unknown if versions B and C were tested, however, it was found that version A was also tested and found to be insecure.[15]

Offensive cryptology

edit

Given some encrypted messages ("ciphertext"), the goal of the offensive cryptologist in this context, is for the cryptanalyst to gain as much information as possible about the original, unencrypted data ("plaintext") through whatever means possible.

Insufficient cooperation in the development of one's own procedures, faulty production and distribution of key documents, incomplete keying procedures, overlooked possibilities for compromises during the introduction of keying procedures, and many other causes can provide the unauthorized decryptor with opportunities.[38]
Dr. Erich Hüttenhain 1978

Rapid analytic machinery

edit

Although OKW/Chi were ahead in the use of mechanical aids before the war, these were mostly electro-mechanical devices, and little use was found for newer valve or electronic based devices. In fact the use of electro-mechanical cryptanalytic devices fell during the war.[39] Although some work was done to prototype working models, in general it was mostly experimental work. Experiments did show one thing, that paper tape was far too slow, and that the future was photo-electric scanning of text.[39]

OKW/Chi developed a series of teleprinter tape devices, to examine the periodicity or repetition of text, which employed early designs of photo-electric readers. They employed paper tapes, rather than celluloid film, which was used by the Allies.[30] By the end of the war, the first German film device was in construction. TICOM reported that it was similar to the USA developed Tetragraph-Tester[40] (Tetragraph). It had speed of around 10k letters per second, against the USA development device at 500k letters per second.[30]

Interrogation of Dr Hüttenhain of OKW/Chi IVa by TICOM revealed:

By 1941, it had become clear that machines would be necessary for the dual - offensive and defensive - task of research, but engineers were not obtained until Autumn 1942 when the following were appointed: Two graduate engineers, Willi Jensen and Wilhelm Rotscheidt.[41] both telecom experts; three working engineers, TODT, Schaeffer and Krachel and 25 mechanics.[30]
They decided to use IBM Hollerith machines wherever possible, but it was found that this machinery was not suitable for all problems. The machines which resulted were built in a more generalized way than the immediate problem demanded so that they could be used again.[30]

The following machines were built:

Digraph weight recorder

edit

The digraph, i.e. Bigrams weight recorder (German: Bigramm-Suchgerät) was a search apparatus for making frequency evaluations of digraphs and recording the results. It was used to find expected sequences of Bigrams, which with a certain probability attached, indicated a possible weak point in a cryptographic system. It was built at a cost of ℛℳ6400 Reichsmarks, $5800 at 1945 conversion rate, and was the most expensive machine owned by OKW/Chi.[30]

It was used to break the Japanese two-letter code (J-19) and would find a solution in less than two hours.[30] According to Dr Hüttenhain:

The machine was once used to work on an English meteorology cipher... used by the Air Force Weather Service

The device made the solutions of a single transposition (Transposition cipher) easy. A message being studied must be broken into likely columns, with these matched against each other, with the resulting bigrams (Digraphs) examined for their suitability.[30]

It consisted of a two teleprinter reading head, a relay-bank interpreter circuit, a plugboard weight assigner and a recording pen and drum. Each head read the tape using a photo-electric reader at a speed to 75 characters per second. The interpreter took the two readings and translating then from two separate letters reading into one digraphic reading, which it sent to the plugboard.[30]

The plugboard contained 676 relays on its left side, corresponding to the number of Bigrams available in the Latin alphabet.[3] These could be wired at will to any jack in any one of the five different sets of relays on the right hand side of the plugboard; these sets representing weights, i.e. each bigram could be assigned a weight from 1 to 5. For example, (D->5), (I->3),(O->1),(P->1). In this manner, the digraph DE was given the weight 5, the digraph IL the weight 3, the digraph PC and OX the weight 1. All other bigrams had a weight 0.[30]

The recording device was paper drum pen recorder, with the recording consisting of a cylindrical spiral, with undulations being recorded, whose heights varying with the weights assigned to the digraph.[30] Two tapes with the message to be decrypted, were looped, with one tape being one or more character longer, so they would slide relative to each other. The result would be Kappa plot indicating, bigram by bigram, for every possible juxtaposition of the whole message against itself.

Analysis of the results would show visually (by dense undulations of the plot), along its length, the probability of a good match at each point along its length, became apparent.[30]

It could also be used to discover coincidences (‘parallels’), which would be used to find interrupted repetitions.[3]

Polygraphic coincidence counter

edit

The Polygraphic coincidence counter (Frequency analysis) (German:Sägebock, English:Sawbuck) was a machine for recording the frequency of polygraphs occurring in a message,[3] or for recording the frequency of polygraphic coincidences between messages. It was particularly useful for periodic substitutions. Polygraph sizes includes decagraphs. It had a cost of ℛℳ1580 Reichsmarks, $1200 at 1945 conversion rate.[30]

The apparatus consisted of two teleprinters with paper tape photoelectric reading heads, a calculator (not described by TICOM) and ten different recorders. Each reader had a reading speed of 75 characters per second.[30] Each recorder used a pen which made a dash on a paper strip 30 cm wide, wherever a signal was read from the calculator. During the first read of the full loop, each recorder would make a small vertical stroke every time a coincidence occurred. Thus, if there were 10 digraphic coincidences during the first full looping, the recorder number 2 made 10 small strokes, each above the other and so on. Another device, the trigram recording device output was chained to the bigram, and in a manner up to the Hasgram (10-gram) device. The devices automatically gave a Kappa plot for single characters, bigrams, etc. Although a hundred times faster that doing the method manually, working at 50 characters a second scanning speed for a text of 600 characters, it took two hours.[3][30][41]

Dr Hüttenhain and Walther Fricke his assistant did not identify the types of cryptographic systems this device was constructed for.[3] Dr Hüttenhain did state however:

The problem was to determine the periods in short periodic substitution by finding the distance between repeats in a message...It (the counter) could also find two Enigma machine messages in depth.

These types of machines were considered a class of Phase and Periodic Frequency Searching machines (German: Phase neuchgereat) also (German:Perioden-und-Phasensuchgerat) .[41]

Statistical Depth Increaser

edit

The statistical depth increaser (German:Turmuhr, English:Tower clock) was a machine for testing sequences of 30 letters statistically against a given depth of similar sequences, to determine whether the message belonged to a given depth. (Substitution cipher)[30]

It was used to decrypt the US Strip cipher when cribbing (Substitution cipher) was impossible. It cost of ℛℳ1100 Reichsmarks, $1015 at 1945 conversion rate.[30]

The apparatus consisted of a single paper tape read with a standard teleprinter head, at a speed of 1.5 symbols per second. To paraphase TICOM - A storage device, by which any one of five different scores could be assigned, on a basis of frequency, to each of the letters in the 30 separate mono-alphabets that resulted from the 30 columns of depth; a distributor that rotated in synchronization with the tape stepping, and selected which set of 30 scores were to be used as basis for evaluating the successive cipher letters. A pen recording device was used.[3][30]

Enciphered sections of encrypted test on the same generatrix (A curve that, when rotated about an axis, produces a solid figure), were superimposed properly. As a result, the letters within columns fell into successive and separate mono alphabets with characteristic frequencies. A new section of 30 letters of cipher text would have to "match" these alphabets, i.e., show a greater than random number of coincidences with them, before it could be added to this depth. The machine was used to test the probability of such a match. Weights were assigned each letter in each of the basic thirty alphabets, depending on the frequencies therein, and these weights were "stored" in the machine.[3][30] Paper tape was read in sequences of 30 characters in succession. A long resultant stroke by the recording pen meant a greater total weight, therefore a long resultant stroke probably belonged to the basis set of superimposed sequences.[30]

Dr Hüttenhain and Fricke stated:

The cipher text passages already recognized as the same key are stored in the calculating apparatus (not described to TICOM) of the tower clock as a basis on which to start. In such a way that each of the different substitution alphabets receive different scores according to the frequency of the cipher texts...[30]

The machine was called Tower Clock because it ticked at every set of calculations.[30]

Differencing calculator (non recording)

edit

The Differencing[42] calculator was a manually operated device which was designed to assist additive recovery in super-enciphered cipher coded messages, by speeding the differencing[42] of depth of super-enciphered (codegroups) and the trail of likely additives therein.[30] The machine cost of ℛℳ46 Reichsmarks, $40.00 at 1945 conversion rates. It was identical to the US Navy CXDG-CNN-10ADW, code name "Fruit"[42] often called the NCR differencing calculator.

The German version had a capacity of thirty 5-figure code groups, as against the NCR capacity of 20. The German device was much slower to operate, though far simpler in operation.[30]

This device could be operated by the cryptanalyst at their own desk.[30]

Differencing calculator (recording)

edit

The differencing calculator with recording (German:Differenzen Rechengereat, English:Differencing Calculating Apparatus) was a machine designed to compute a flag of difference[42] for a set of enciphered code groups and record them. It consisted of two teleprinter tapes with photoelectric reading heads, a set of calculating relays and a recording electric teleprinter. The read heads operated at seven characters a second, bounded by the speed of the teleprinter where time was lost by the carriage return and line feed. It cost ℛℳ920 Reichsmarks, $800.00 at 1945 conversion rates.[30]

The figure groups between which differences were to be made were on punched tape. A duplicate of the tape was made, with one blank group added with the two tapes looped and read at the same time. The calculating relays computed the difference (modulo 10) between the two groups and the teleprinter recorded it; the two tapes then stepped simultaneously and the difference between the second and third was computed and recorded; then between the third and fourth; and so on. On the second time around, since the duplicate tape was one group longer than the original, the offset was automatically changed so that the first group was now differenced[42] with the third group, the second with the fourth, and so on. In this way every group was differenced with all other groups.[30]

Likely additive selector

edit

The likely additive selector (German:Witzkiste, English:Brainbox) was a simple device for removing additives from a column of super-enciphered code groups arranged in depth. It could be used with any four-digit encrypted code, whose frequency of decrypted code groups had been discovered from previous removal of additives.[30] Five-digit codes used the differencing[42] calculator. The cost of the device was unknown, but estimates put its price at less than ℛℳ57.5 Reichsmarks, $50.00 at 1945 conversion rates.

Simple counting apparatus

edit

Dr Hüttenhain described it as follows:

By means of a simple counting apparatus, it is possible to quickly work our statistics, when there are more than 100 different elements.
100 counting machines, (which were general post office machines), were put side by side. The text for which statistics are to be worked out in punched on tape. The perforated strip is read and a symbol in each case put in the corresponding counter. The counters are read off and their position photo recorded.
In practice this apparatus was used with success within the scope of the investigations into the security of our own system

The devices cost was approximately ℛℳ57.5 Reichsmarks equivalent to $50 1945 conversion rates.[30]

Proposed repeat finder

edit

The proposed repeat finder (German:Parallel Stellengeraet) was one of the first ultra high speed machines, planned and in production but not finished. It was designed to study from 20 to 25 letters for repetitions of 5 of more characters. Each message could be 500 letters in length, with the study of 10k letter of the message at any one time. Dr Hüttenhain states as follows:

The 10,000 letters were recorded one after another as 5-unit alphabetical symbols onto an ordinary film. A duplicate was made. Both strips were now to pass at high speed in front of a photocell reader. In the event the two strips being completely identical for at least 5 letters, this passage would be likewise registered without inertia [photocell].
The strips were to pass before the reading device at a speed of 10000 symbols per second. Accordingly, not quite three hours would have been required to [Work through 10000 letters] i.e. (10,000 x 10000 =100,000,000 comparisons.).

The US rapid analytic machine that was most nearly like the German device was the Tetragraph Tester[40] by the Eastman Kodak Company for OP-20-G and the Army Security Agency.[30] When Alan Turing arrived at OP-20-G on 20 November 1942, he was shown a run of the machine at that time. No report of the meeting was kept, but a report surfaced on 23 January 1943, RAM-2, [Indicating this was the second version, 2 of 3], that prior to 8 January, the device was working in an unreliable fashion. During testing, it was missing as much as 60% of hits which were known to exist which had been previously analyzed by hand.[40] Although the Americans eventually perfected the machines, OKW/Chi found the device to be too sensitive for continuous use and with the very limited availability of materials and personnel, it was never completed.[30]

Achievements

edit

According to the TICOM interrogations during 1945, the following information about OKW/Chi successes was recorded and a table prepared which was recorded in Table 2–1 in Vol 1 Synopsis.[43]

Mettig's response

edit

When Colonel Mettig was asked point blank what was the greatest achievement of OKW/Chi, he hesitated. It became apparent that OKW/Chi had not achieved any outstanding cryptanalytic successes.[44] However, OKW/Chi did have a number of successes, but generally its cryptologic successes were in what was considered by TICOM to be low and medium grade or medium security cipher systems.[45]

OKW/Chi's cryptanalysis was not outstandingly successful against systems of high security. This may have been not only because the Allies high security systems were actually high security, in some part unsolvable to the Allies' cryptanalysts as well, but because the OKW/Chi cryptanalysts never became technically proficient enough to undertake the solution to these high-security systems.[45]

TICOM agents considered OKW/Chi's greatest achievements were, the fast design and construction of Rapid Analytic Machinery, which were often built quickly under war conditions, e.g. bombing, and where lack of materials was an ever consistent and increasing concern and the continual productions of VN's, (Reliable Reports), up to 3000 per month, even when the war was almost over in January-February 1945, which was a remarkable achievement.

Fenner's response

edit

Wilhelm Fenner was also asked point blank. Fenner stated that the greatest cryptanalytic triumph of OKW was the reading of the London-Warsaw traffic, which provided radio intelligence of the highest value. The messages were intercepted at Lauf and Treuenbrietzen and had 16 people engaged on solving them. Normally, messages which came in during the morning were solved by 1700 hours. In particular, the Polish High Command had an agent working in the Führer Headquarters (German: Fuhrerhauptquartier), who always sent the most accurate plans of the German High Command. When asked by TICOM if they were able to take any action, Fenner stated that as a result of reading these messages, that sometimes they were able to change the place or time of an attack but that usually the reports were of a long-term strategic nature and there was little they could do about it. They never succeeded in tracking down the agent.[14]

Fenner placed the reading of the Turkish ciphers second in importance. The most important intelligence came from the American Cairo traffic, although this was not solved by OKW/Chi.[14]

Cryptanalysis Successes By Country

edit
Successes By Country
Country Name Notes on compromised Ciphers
Belgium The Belgium system was a 5-letter code with a substitution table associated with a date. It was solved over a long period, but after the Battle of Belgium few messages were intercepted so that source was of little value.[21] In about 20 years only two Belgian diplomatic ciphers were solved.[21] A military 3-figure code was read that used substitution tables, in such a way that the first figure of each group remained unchanged, and the second and third were each re-ciphered individually, in substitution which could be varied with each message. No Belgian attaché system was studied.[29]
Bulgaria The main system was a 5-digit code with transposition of, or within the groups. Hence in decoding the groups had to be read out according to a varying scheme, e.g. instead of 12345, 45312. Down to the collapse, some five such groups were solved concurrently. The Bulgarian cipher bureau made the mistake that a new code really corresponded to its predecessor, such that the text digits were subjected to a certain conditionally systematic change, so that for instance from old to new arose:
  • 28 456 → 395 56
  • 28 556 → 396 56

Fenner thinks that once the line numbers were changed by a similar process. The solved messages from Bulgaria were often useful and informative.[21]

China Chinese codes were first observed during the war period. 10 primitive were in use and solved, but were of no strategic or intelligence value.[21]
Czechoslovakia No traffic was intercepted after 1939. Up until that point, not a single piece of traffic was solved during the interwar period and before. A letter substitution was used but the type of encipherment was not discovered. No repeats were found. During the war, Czech ciphers were found sporadically, but all with keys. Fenner stated they were 2-digit substitutions, the contents related to connections of confidential agents.[21]
Denmark Denmark used a plain letter code that was easily solved but the content was of material value.[21]
Egypt Egypt used a plain French code that was used rather infrequently, but was solved.[21]
France The peak of successes occurred before the Armistice. No other European states used so many systems, often over a dozen in use at one time. Systems that could not otherwise be recognised at sight carried an indicator at some specific position in the cipher text. This applied to the majority of 4-digit codes, each with a series of indicators. These were an easily recognised family and combined into tables. Owing to the structure and the paucity of diplomatic language, solution was considered rather easy. In any case, they were not comparable to the extensive American or British codes, or the grammatically difficult Polish codes. The French cipher bureau used these unenciphered codes freely even for what was considered important material. Enciphered code was less used. As long as 2-digit substitution tables were used for partial encipherment, solution would be achieved regularly if enough traffic was received. The unchanged portions of the otherwise enciphered groups gave an important criterium.[21] Fenner had in mind the system with many variants, e.g.
0123 4567 8911 4609 ....

where tied digits were enciphered by 2-digit tables, the digit marked with x remained changed, i.e. were elements of the basic code. However, in the war the French enciphered all pairs in turn, so solution would fail, although at first glance the system appeared simple.[21]

After the armistice, France was requested to deposit certain codes and ciphers, and the French subsequently made no use of these. The French cipher bureau was allowed to use a Colonial cipher, which had not been solved by Chi and the most important traffic was enciphered with this system. Attempts to solve it were unsuccessful. Moreover, the cipher used by the Charles de Gaulle party was never solved.[21]

Before the fighting began, the military cipher of the French High Command and other high echelons had been solved. This was a 4-digit or 4-digit systematically transposed (tableau carré), i.e. a 2-digit transposition matrix. Some short repeats were found in the cipher text, the interval was constant and could only correspond to the width of the box. Despite all the clever points of this system, the appearance of short repeats was its undoing. The solved message intercepts permitted OKW/Chi to follow the movements of the French Army, both at the front and further behind.[21]

Greece Fenner stated that three codes were used, each distinguished by an indicator in the third position of one of the early groups.[21]
Netherlands The Netherlands used French codes with encipherment.[21]
Iran Iranian cipher was primitive and easily solved.[21]
Italy For years Italy used a 5-digit code with a 2-letter substitution table. Mistakes were made constantly. In these codes, the values were not distributed over the whole range of the   groups, but whole hundreds of blocks were left blank, i.e. never used. This was important in solving the encipherment because impossible pairs could be eliminated. Tables once used were not allowed to be used again, except after a number of years according to some defined period on the calendar. When a solved table was in hand, it was only necessary to decipher.[21]

If a new 5-digit code was introduced one did not take care to use new tables on all circuits so the new code was soon compromised. This continued on into the war until Italy, already out on a proverbial limb in a military war, introduced the Littoria type with Impero type encipherment that Chi did not succeed in solving. The chief reason for failure was the sharp decline in intercept traffic. Fenner thought the encipherment was additive (Zalenwurm). Italy did use the groups of its own outmoded codes for re-cipherment additive.[21] The intelligence received was of little importance.[21]

Japan Work began on Japanese systems during the war. In spite of the many systems, only 4 plain codes were solved, the difficulty was largely due to somewhat ambiguous transcription of Japanese text into Latin letters. An interrupted grille, the upper lines with gaps, made more trouble. OKW/Chi had no experience in this field and did not even know the structure of the messages and language.[21] OKW/Chi solved the Type A Cipher Machine, referred to as the Japanese "Red" machine, and there is some evidence, although tenuous that the Type B Cipher Machine, referred to as the Japanese "Purple" machine was also solved or perhaps partially solved.[21]

The FIFIF or KOKOK] was a mixed 2 and 4-letter transposition code. The J-19 FUJI system was a diplomatic code that was used between 21 June 1941 – 15 August 1943.[29] The code used bigram and 4-letter code tables similar to the ones used previously by the Japanese Foreign Ministry.[29]

Norway Codes used by the Norwegian cipher bureau were not worked on until after the German occupation of Norway, but no intelligence was recovered. Less than 200 messages were intercepted in four years.[21]
Poland Since its introduction of additive sequences for encipherment of its diplomatic 4-digit code, Poland had repeatedly improved its system over the years. The sequences were 40 digits long, later they were basically a multiple of 4 plus 1 or plus 3, e.g. L=50 x 4 plus 1=201. Solution of such additives depended on the amount of material that was available. Whereas at the outset, an endless additive sequence was used for a fortnight, it was certainly used more than once, (and there were message encoders who habitually started at the same point), later sequences were replaced more often and were different for each circuit, e.g. Warsaw-Berlin, Warsaw-Washington.[21]

Indeed, at the end of the interwar period, just before the war began, the endless sequences for Warsaw-Berlin were different from Berlin-Warsaw. Changes came fast as well, that even with more fully solved code, messages could no longer be read because no two messages were ever found in the same key. Most of the later messages of the Polish government-in-exile in London and the Polish Resistance movement were solved. The differences were calculated mechanically, using the Difference Calculator [Ref 8.1.4]. The basic system was probably a 2-digit Caesar cipher.[21] Fenner assumed it was known that the Polish government had an excellent connection with the Führer Headquarters and received new information promptly. The indicator for this agent was the 3-digit number, 406. In any case, the High Command of OKW and of the German Government knew from decrypts of Polish demands for the cession of Pomerania, which they claimed as having once belonged to Poland, and also of the disappointments occasioned repeatedly by the Soviet Union after the German front was driven back.[21]

Romania The Bucharest cipher bureau used the same code for 20 years in the most stereotypical fashion. It was a 5-digit code with digit-to-digit substitution tables, e.g. 0->4, 1->1, 2->3, 3->0 and so on. The thought that there were 10!-1 different tables possible, seems to have led Bucharest to believe the system was secure, but this was not the case. Although solution was not very difficult, since, despite all encipherments, all affinities remain, e.g. 13316=24429=90096, i.e. it was isomorphic, with the basic code being solvable with enough traffic. Moreover, Bucharest facilitated solution by using old and new code side by side due to remote legations not having received the new code. At times the new table was forgotten with a new code, or the same message was enciphered with the old and new code. No other country that OKW/Chi monitored compromised its own systems with such fatal regularity. In late 1943 and early 1944, a new 5-digit code with endless additive sequences was introduced. However, the additive sequence, which was over 5000 digits long, was allowed to be reused as it was not possible to supply remote legations with enough cipher material. An attempt was made to obtain differences using the Differencing calculator although the difference catalogue contained several hundred thousand groups. This proved to be in vain, as the Romanian government collapsed soon after, followed shortly by Germany. The value of the Romanian traffic varied greatly, depending on the embassy involved.[21]

More interesting from a value viewpoint was the system of military attaché. It was a system of coupled transpositions called the Weuefell. The Wuerfel encipherment, that used matrices changed daily and the plain text was inscribed in a definite manner. These messages contained extremely valuable information, for example, the rapid breakdown of the Romanian Army due to poor supply of ammunition, or arms and rations.[21]

Soviet Union The system OK and its successors were worked on and solved from their first appearance to the summer of 1943. Fenner stated the first in the series, namely OK5, OK6, and OK7, were solved, and he also believed OK8. Fenner stated that they were 4-digit codes with partial encipherment by a 2-digit substitution table. Solution became easier once a few traffic intercept messages were captured, since the entire vocabulary would be known by then. The Finnish cipher bureau worked successfully on the solutions and was sometimes faster than Chi. Work was also undertaken on an NKVD cipher but no solution was achieved.[21]

No work was done on the ciphers Polpred and Narksmindel, other diplomatic ciphers, because the endless additive sequences were not repeated and a method of reduction could not be found. Furthermore, it was assumed that the basic code had groups of different lengths.[21]

Spain, Portugal, Chile, Ecuador, Hispaniola Work on a Spanish diplomatic cipher resulted in no traffic being solved. The Portuguese original codebook was held by OKW/Chi and traffic was scarce and solution was intermittent, rough, and incomplete.[21] The Brazilian cipher was completely solved with the original codebook on hand. The primitive ciphers of Hispaniola (San Domingo), Ecuador, and Chile were also solved but were of no strategic importance.[21]
Sweden The extensive 5-digit code caused a significant amount of difficulty with OKW/Chi. After a copy of the codebook was received from Servizio Informazioni Militare in early to mid-1940, it became clear that the philological structure of the code was responsible, i.e. Swedish, German, French, and English concepts all in one code. This not only rendered all statistics so useless that for a long time it was thought there must be some analytically unbreakable encipherment, but also the linguistic solution was very difficult. Months were spent working in the completely wrong direction; the mixture of tongues was as confusing as the group appearing in English codes after World War I, i.e. repeating the nth group, which might have thousands of meanings. This Swedish 5-digit code was a typical example of a cleverly constructed codebook. The content of the few intercepted messages was usually unimportant.[21]

The majority of the Swedish messages were enciphered on the Hagelin Teknik designed and constructed at Crypto AG and designed by Boris Hagelin.[46] Fenner stated that the basket of the device, i.e. of the drum consisting of 25(?) bars with various riders was probably varied from message to message so that the almost infinite period of the system could not be pinned down. This problem was scheduled as the focal point of analytical studies all the more since there was a rumour abroad that the USA was also then beginning to use the Hagelin machine.[46]

Switzerland The Swiss used the Enigma K cipher machine with both French and German codebooks. Both the two codes were solved. Fenner stated that several substitution tables existed that might have been used simultaneously, each ciphering sections of text of equal length, with certain pairs of digits being replaced with a single digit. The results provided no strategic information.[21]
Turkey The Turkish 5-digit codes were originally enciphered with primitive substitution tables. The codes introduced (Fenner stated possibly after 1937) were systematically related to their predecessors. At first codes or related systems were changed monthly, later short 20-digit additives were used which caused no difficulty. Turkey always made the same mistake of using known encipherments with new codes. All diplomatic ciphers, save that of the Hungarian Ministry of the Interior, were solved. They yielded much valuable information. Up to March 1945, some eight codes were eventually solved. Great Britain knew the Turkish ciphers were poor and tried to force the British ciphers on the Turkish ministry, but the latter declined to accept.[21]
United Kingdom including British Empire During the interwar and war period, some 25 different systems were observed and some 10 plain codes. These were non-alphabetic, unsystematic 5-letter codes of considerable size, and were solved. Solution depended solely on the amount of material. A digit -based cipher marked Prodrome, a location in London, specifically the War Office, had traffic intercept, but with no success. What messages that were solved, were of relatively little value. Before the Allied Normandy landings, the War Office imposed a traffic blockade, that ensued a noticeable decline in the traffic to and from London. However, even from the messages of the other European diplomatic agencies, not a clue could be gathered as to the time and place of the projected Allied landing place.[21]
United States of America The Brown code and Gray code were both solved. The solution to these two codes depended solely on the number of traffic intercepts that were available, which at times ran very high. Both were held in the original in 1940. Solution to the codes designated A5BC9 and A5BC10 caused considerable difficulty. For encipherment of the one, not known at interrogation, 25 strips were used, each with a different Substitution alphabet, originally valid in sequence from 1939 to 1944. From 1944, the encipherment shifted so much that solving the strips was no longer possible. Fenner stated that the number of strips increased materially. The original break was not by analysis but on the basis of a codebook supplied by the Italian cipher bureau, Servizio Informazioni Militare, and tables supplied by Budapest. Material recovered from the reports of the military observer in Cairo, was of a great strategic value, particularly to Generalfeldmarschall Erwin Rommel while fighting near Tobruk, as the reports regularly provided British Army troop movements. The replacement of the system happened due to knowledge of the system being broken being leaked through to a number of German officers in Rome, who had not the slightest authority to know about the code, nor to know about its importance. The next attempt at solution was found to be impossible due to the fact that, mathematically expressed, an equation modulo 26 had to be solved for each message.[21]
Vatican The Vatican used two systems. One was a plain code that was easily solved. Intercept traffic contained generally unimportant administrative matters and was little used. The enciphered code was laid aside due to lacking of material to form a depth.[21]
Yugoslavia Systems of the Yugoslav government-in-exile were the same as those used during the interwar period and were read currently, with interruptions whenever a code or encipherment was changed. The system was a 5-letter code and a digraphic substitution table. They always facilitated solution of government traffic; either the new code was merely a systematic shuffling of the old one, e.g. by shifting page numbers, or when a really new code was introduced the old tables were kept in use. Fenner stated that all that was needed was adequate traffic volume, even when the encipherment was changed daily. The numerous variations used were not adequate to ensure security. It was a fine example of a system that lowered its limit of resistance by poor use. If Yugoslavia had introduced a completely new code and a new table at the same time, in 1940, not a single intercept would have been read, due to the scant material received. The last code variations were significantly more complicated; instead of enciphering two letters, vertical pairs were taken e.g.
12 45 67 80 92 23 45 46 71 45
ka ro sa tu pi la ro bi mi ro

but

1 2 4 5 6 7 8 0 9 2
2 3 4 5 7 8 0 1 6 0
kalafisisa........

with numerous variations in the manner of forming the pairs. Even though solution was facilitated by the above-mentioned factors it was not easy because of the pairing of heterogeneous letter groups. At least 500 10-letter groups were needed to solve the code with certainty. Because of encipherment, towards the end of the war, many messages remained unsolved. The content of the messages was always factual and of importance.[21]

Further developments

edit

In the last few decades, a number of military historians have continued the examination of military documentation in relation to World War II and a number of facts have emerged which seem to contradict the TICOM findings, which were highlighted by the Christos Website.[47]

According to the TICOM reports in Volume 1, Table 2.1, the Japanese Purple [cipher] had not been read by the Germans, although it was attacked by AA/Pers Z. No mention was made of attacks by OKW/Chi or other German Axis agencies.[48]

In TICOM Vol. 2, it states, "Although they were successful with the Japanese "Red" machine, they did not solve its successor, the "purple" machine."[45]

The solving of the Japanese Purple, considered unbreakable by the Japanese, would indicate the OKW/Chi and the other German agencies were capable of solving high-level security systems. Certainly the Germans knew by 1941 (Purple Cipher - Weaknesses and cryptanalysis), that the purple cipher was insecure, although it is unknown whether OKW/Chi learned this.

The evidence for this revolves around Cort Rave. Dr Cort Rave had started working at OKW/Chi in 1941 and worked as a translator in the Japanese desk of Section IVb and had been detached in December 1943 to the Foreign Office cryptanalytic Section (AA/Pers Z) for training in the Chinese and Japanese Desks.[49] He is listed as an OKW/Chi employee by TICOM,[50] but was considered a minor light by TICOM with an inconsistent memory.[15] However, Rave took the time to conduct personnel communication between the German naval historian Jürgen Rohwer and mathematician Dr. Otto Leiberich, while in advanced old age, as part of a fact finding process conducted by Rohwer, regarding German cryptological successes during World War II.

Rohwer is a naval historian who has written over 400 books and essays.[51]

Dr. Otto Leiberich worked in OKW/Chi, but would work in the new German Chiffrierstelle from 1953, and from 1973, was the boss of Dr. Erich Hüttenhain, who was Director of the Central office of Encryption (ZfCh) between 1956 and 1973 and who was the boss of Leiberich. Leiberich became founder of Federal Office for Information Security (BSI) in 1990.[52]

The contents of Dr Rave's letter, dated 01.03.96, were published in Dr Rohwer's book Stalin's Ocean-going Fleet: Soviet Naval Strategy and Shipbuilding Programs with the letter reference on page 143.[53]

Rave stated that:

...the Purple (cipher) has been broken by the Foreign Office and OKW/Chi....

A further piece of evidence was offered by author Dr Wilhelm F. Flicke, who is also described as an employee of OKW/Chi working in the intercept network at Lauf [23][54] and whose book, War Secrets in the Ether[24] (which was restricted (English translation) by the NSA, and Britain, until the early 1970s) described how many messages between Japanese military attache and later Japanese ambassador Hiroshi Ōshima to Nazi Germany, in Berlin, were intercepted at Lauf and deciphered by OKW/Chi.[55]

The mathematician Otto Leiberich believed that the Purple cipher had been broken and considered certain individuals of OKW/Chi to have sufficient capability, insight and technical knowledge to break the cipher, even within certain constraints and the TICOM documentation seems to support it (TICOM I-25). However, no absolute proof exists to prove it.

German mathematicians who worked at OKW

edit

From an examination of Friedrich L. Bauer book, Decrypted Secrets. Methods and Maxims of cryptography and the TICOM documentations, the following German mathematicians worked in or in conjunction with OKW:

Notes

edit

TICOM documentation archive consists of 11 primary documents Volume I to Volume IX. These primary volumes, are aggregate summary documentation, each volume targeting a specific German military agency. The archive also consists of Team Reports, DF-Series, I-Series, IF-Series and M-series reports which cover various aspects of TICOM interrogation.

Volume III which covers OKW/Chi contains over 160 references to the I-Series TICOM documents which are TICOM Intelligence reports, and covers references to the full gamut of the other types of reports, e.g. DF-Series, IF-Series, of which there are over 1500 reports.

See also

edit

References

edit
  1. ^ Friedrich L. Bauer: Decrypted Secrets. Methods and Maxims of cryptography. 3d revised and expanded edition. 2000, p. 412
  2. ^ David Kahn (5 December 1996). The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet. Simon and Schuster. p. 574. ISBN 978-1-4391-0355-5.
  3. ^ a b c d e f g h i j R. A. Ratcliff: Delusions of Intelligence: Enigma, Ultra, and the End of Secure Ciphers. Oct 2006, p 36
  4. ^ John Ferris: Intelligence and Strategy: Selected Essays. Routledge; New edition 25 June 2005, Page 337 Note 80 - RG 457/145 Major Gamba - An Account of the recovery of the keys of the Inter-allied Cipher; Admiral Maugeri - Italian Communications Intelligence Organization.
  5. ^ R. A. Ratcliff: Delusions of Intelligence: Enigma, Ultra, and the End of Secure Ciphers. Oct 2006, p. 38-40
  6. ^ a b Friedrich L. Bauer: Decrypted Secrets. Methods and Maxims of cryptography. 3 revised and expanded edition. 2000, p 32
  7. ^ a b c d e f g h i j k l "OKW/Chi (High Command)". sites.google.com. TICOM. Retrieved 7 January 2014.  This article incorporates text from this source, which is in the public domain.
  8. ^ Faulkner, Marcus (1 August 2010). "The Kriegsmarine, Signals Intelligence and the Development of the B-Dienst Before the Second World War". Intelligence and National Security. 25 (4): 521–546. doi:10.1080/02684527.2010.537030. S2CID 154666062.
  9. ^ Friedrich L. Bauer: Decrypted Secrets. Methods and Maxims of cryptography. 3 revised and expanded edition. 2000, p 447
  10. ^ Friedrich L. Bauer: Decrypted Secrets. Methods and Maxims of cryptography. 3 revised and expanded edition. 2000, p 472
  11. ^ a b c d e f g h i j k l http://www.ticomarchive.com/the-archive, TICOM archive:I-Series, Document:I-39 OKW-Chi.pdf, Organisation of OKW/Chi
  12. ^ a b c d e f g h i j "DF-187A Fenner OKW Crypro service.pdf" (PDF). European Command Intelligence Center. Retrieved 1 February 2014.  This article incorporates text from this source, which is in the public domain.
  13. ^ "European Axis Signal Intelligence in World War II Volume 1" (PDF). TICOM. Archived from the original (PDF) on 17 April 2015. Retrieved 12 July 2014.  This article incorporates text from this source, which is in the public domain.
  14. ^ a b c d e f g h i j k "TICOM I-200 Interrogation of Min. Rat. Wilhelm Fenner of OKW/Chi" (PDF). Google drive. TICOM. 22 November 1946. Retrieved 7 June 2018.  This article incorporates text from this source, which is in the public domain.
  15. ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae af ag ah ai aj ak al am an ao ap aq ar as at au av aw ax ay az ba bb bc bd "European Axis Signals Intelligence World War 2 Volume 3" (PDF). TICOM. Archived from the original (PDF) on 18 September 2013. Retrieved 31 January 2014.  This article incorporates text from this source, which is in the public domain.
  16. ^ Mowry, David P. (1983–84). "Regierunges-Oberinspektor Fritz Menzer: Cryptographic Inventor Extraordinaire". Cryptologic Quarterly. 2 (3–4): 21–36.
  17. ^ a b c d e f g h i j k l m n o p q r s t u v "TICOM DF-9 - Translation of Activity Report of OKW/Chi for the period of 1st January 1944 to 25th June, 1944" (PDF). Scribd. GCCS (SAC). May 1945. Retrieved 7 June 2018.
  18. ^ a b c "The Career of Willian Fenner" (PDF). European Command Intelligence Center (TICOM). Retrieved 7 May 2014.  This article incorporates text from this source, which is in the public domain.
  19. ^ "I-176 Homework by Wachtmeister Dr Otto Buggisch of OKH/Chi and OKW/Chi" (PDF). Google drive. TICOM. 17 December 1945. p. 12. Retrieved 20 June 2018.
  20. ^ Hitler, the Allies, and the Jews By Shlomo Aronson, November 2004, Cambridge University Press Page 199
  21. ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae af ag ah ai aj ak al am an ao ap aq ar as at au av aw ax ay az ba bb bc bd be bf bg bh bi bj bk bl bm bn bo bp bq br bs bt bu bv "TICOM I-206:Homework by Wilhelm Fenner" (PDF). Google drive. TICOM. 7 August 1947. Retrieved 8 June 2018.  This article incorporates text from this source, which is in the public domain.
  22. ^ "European Axis Signals Intelligence World War 2 Volume 3" (PDF). TICOM. p. 38. Archived from the original (PDF) on 18 September 2013. Retrieved 28 July 2014.  This article incorporates text from this source, which is in the public domain.
  23. ^ a b http://www.ticomarchive.com/the-archive, TICOM archive:I-Series, Document:I-44 Memorandum on speech encipherment by ORR Huettenhain and SDF Dr Fricke
  24. ^ a b Wilhelm F. Flicke (1 April 1994). War Secrets in the Ether. Aegean Park Press. ISBN 978-0-89412-233-0.
  25. ^ a b c d Kesaris, Paul L., ed. (1979). The Rote Kapelle: the CIA's history of Soviet intelligence and espionage networks in Western Europe, 1936-1945. Washington DC: University Publications of America. p. 277. ISBN 0-89093-203-4.
  26. ^ Flicke, Wilhelm F (1949). Die rote Kapelle (in German). Kreuzlingen: Neptun, cop. OCLC 431615672.
  27. ^ a b c d e "DF-116J - Flicke:The German intercept station in Madrid" (PDF). Scribd. TICOM. 2 June 1948. Retrieved 20 June 2018.
  28. ^ a b David Alvarez (5 November 2013). Allied and Axis Signals Intelligence in World War II. Routledge. p. 2. ISBN 978-1-135-26250-1. Retrieved 7 June 2018.
  29. ^ a b c d e "TICOM I-31:Detailed interrogations of Dr. Hüttenhain, formerly head of research section of OKW/Chi, at Flensburg on 18-21 June 1945". Google drive. Retrieved 11 June 2018.  This article incorporates text from this source, which is in the public domain.
  30. ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae af ag ah ai aj ak al am an ao ap aq ar as at au "European Axis Signal Intelligence in World War II Volume 2" (PDF). TICOM. Archived from the original (PDF) on 11 June 2014. Retrieved 18 June 2014.  This article incorporates text from this source, which is in the public domain.
  31. ^ Adamy, Dave (July 2003). "Bletchley Park". Journal of Electronic Defense Page 16
  32. ^ Meyer, Joseph A. Der Fall WICHER: German Knowledge of Polish Success on ENIGMA (PDF). TICOM. p. 27. Retrieved 10 February 2015.
  33. ^ David P. Mowry: German Cipher Machines of World War II Center for Cryptologic History, National Security Agency, Revised edition 2014, p18
  34. ^ David P. Mowry: German Cipher Machines of World War II Center for Cryptologic History, National Security Agency, Revised edition 2014, p28
  35. ^ David P. Mowry: German Cipher Machines of World War II Center for Cryptologic History, National Security Agency, Revised edition 2014, p22
  36. ^ a b c Cooper, S. Barry; Leeuwen, J. van (3 June 2013). Alan Turing: His Work and Impact: His Work and Impact. Elsevier Science. p. 936. ISBN 978-0123869807. Retrieved 15 March 2014.
  37. ^ "Siemens T-43". www.cryptomuseum.com. Crypto Museum. 7 May 2013. Retrieved 12 July 2013.
  38. ^ Friedrich L. Bauer: Decrypted Secrets. Methods and Maxims of cryptography. 3 revised and expanded edition. 2000, p 470
  39. ^ a b "DF-187 Fenner.pdf" (PDF). European Command Intelligence Center. Retrieved 18 May 2014.
  40. ^ a b c Teuscher, Christof (29 March 2005). Alan Turing: Life and Legacy of a Great Thinker. Springer; 1st ed. 2003. 2nd printing 2005 edition (29 Mar 2005). p. 464. ISBN 978-3540200208. Retrieved 23 June 2014.
  41. ^ a b c Friedrich L. Bauer: Decrypted Secrets. Methods and Maxims of cryptography. 3 revised and expanded edition. 2000, Section 17.3.2 Page 335
  42. ^ a b c d e f Christensen, Chris. "US Navy Mathematicians Vs JN-25" (PPTX). Northern Kentucky University. Retrieved 23 June 2014.
  43. ^ "Volume 1 -- Synopsis, Table 2-1" (PDF). TICOM. p. 54. Archived from the original (PDF) on 17 April 2015. Retrieved 28 July 2014.
  44. ^ "Volume 3--The Signal Intelligence Agency of the Supreme Command, Armed Forces" (PDF). TICOM. p. 55. Archived from the original (PDF) on 18 September 2013. Retrieved 20 July 2014.  This article incorporates text from this source, which is in the public domain.
  45. ^ a b c "Volume 2 -- Notes on German High Level Cryptography and Cryptoanalysis" (PDF). TICOM. p. 86. Archived from the original (PDF) on 11 June 2014. Retrieved 20 July 2014.  This article incorporates text from this source, which is in the public domain.
  46. ^ a b Bengt Beckman; C.G. McKay (11 January 2013). Swedish Signal Intelligence 1900-1945. Routledge. p. 253. ISBN 978-1-136-34155-7. Retrieved 11 June 2018.
  47. ^ Christos, T. (9 September 2011). "German success with Purple ?". Christos Military and Intelligence Corner. Christos Military and Intelligence Website. Retrieved 27 July 2014.
  48. ^ "Volume 1 -- Synopsis, Table 2-1" (PDF). TICOM. p. 54. Archived from the original (PDF) on 17 April 2015. Retrieved 20 July 2014.
  49. ^ http://www.ticomarchive.com/the-archive, TICOM archive:I-Series, Document:I-55 Interrogation of German Cryptographers of the PerZs Department of the Auswartiges Section 51,52
  50. ^ "European Axis Signals Intelligence World War 2 Volume 3" (PDF). TICOM. p. 122. Archived from the original (PDF) on 18 September 2013. Retrieved 27 July 2014.  This article incorporates text from this source, which is in the public domain.
  51. ^ "Prof Dr Jurgen Rohwer, Military Historian".
  52. ^ Leiberich Vom Diplomatischen Code zur Falltürfunktion - 100 Jahre Kryptographie in Deutschland, Spektrum der Wissenschaft, Juni 1999 und Spektrum Dossier Kryptographie, 2001
  53. ^ Mikhail Monakov; Jurgen Rohwer (12 November 2012). Stalin's Ocean-going Fleet: Soviet Naval Strategy and Shipbuilding Programs, 1935-53. Routledge. pp. 1905–1906. ISBN 978-1-136-32198-6.
  54. ^ "European Axis Signals Intelligence World War 2 Volume 3" (PDF). nsa.gov. p. 112. Archived from the original (PDF) on 18 September 2013. Retrieved 27 July 2014.
  55. ^ Friedrich L. Bauer: Decrypted Secrets. Methods and Maxims of cryptography. 3 revised and expanded edition. 2000, p 415

Further reading

edit
  • Friedrich L. Bauer : Decrypted Secrets. Methods and Maxims of cryptography. 3 revised and expanded edition. Springer, Berlin et al. 2000, ISBN 3-540-67931-6 .
  • Target Intelligence Committee (TICOM) Archive
  • Rebecca Ratcliffe: Searching for Security. The German Investigations into Enigma's security. In: Intelligence and National Security 14 (1999) Issue 1 (Special Issue) S.146-167.
  • Rebecca Ratcliffe: How Statistics led the Germans to believe Enigma Secure and Why They Were Wrong: neglecting the practical Mathematics of Ciper machines Add:. Brian J. angle (eds.) The German Enigma Cipher Machine. Artech House: Boston, London of 2005.