Shachar ShemeshMarch 24, 2008 1:37 PM


Umless I totally misunderstood the construct, seems weaker than the original:
1. No deflector. permutation
2. As a result - data goes in, as opposed to in and then out in the original.
3. No pre-patch panel for further combinations (but that wasn't used by the Germans either).
4. Only three wheels to choose from.

It's a simplified version. I'm not sure whether this is necessarily less strong (this version, unlike the original, can encrypt a letter to itself, for example).


Mark VandeWetteringMarch 24, 2008 1:59 PM

Well, if you like unusual implementations of the Enigma machine, you might enjoy the Enigma 2600: a reimplementation of the German three rotor machine on an old Atari 2600 video game. I showed this previously at the Maker's fair and a couple of hacker events. It's the most useless thing I've ever done. :-)

ChrisMarch 24, 2008 2:38 PM

Well, it only emulates the very first Enigma issued by the Germans. That had just 3 rotors. Additional rotors to pick from (and versions that used more than 3 rotors at once) came later.

I'm not sure what you mean by "data goes in, as opposed to in and then out in the original." Did you read the instructions? Characters enter on the right, travel through the rotors, reflect off the left side, and return through the rotors to emerge on the right.

Shachar ShemeshMarch 24, 2008 4:22 PM


To my credit, I did say:
"Umless I totally misunderstood the construct"

You are right, the deflector is there (which also means that, like the original, it can't encode a letter to itself). I still stand by point 3 (which the original Enigma did have, though it wasn't used). You also may want to switch the rotor positions (again, as I understand this, the original Enigma allowed).

All in all, however, a nice touch.


False DataMarch 24, 2008 10:08 PM

With all the modern recreations of Enigma machines, I'm surprised there aren't more Enigma cracking systems floating around. I'm not familiar enough with the encryption algorithm to be able to calculate the number of permutations involved. With modern horsepower, would it make sense to launch a brute force attack against the cyphertext, maybe including in some of the heuristics the WW II cryptanalysts used, and then rank the key candidates by the number of dictionary hits in the resulting plaintext? Or is there a more elegant way to build an automatic Enigma-breaker?

EricMarch 24, 2008 11:53 PM


Unfortunately, your saying "Umless I totally misunderstood the construct" really doesn't give you much credit. Clearly you didn't "totally" misunderstand. Your misunderstanding was somewhere between "slightly" and "moderately". That is, unless, you totally misunderstand "totally".

SparkyMarch 25, 2008 4:45 AM

Wasn't one of the biggest weaknesses of the whole system the german convention of encoding the rotor position twice at the start of each message? The algorithm could check the starting rotor position against the first and second set of 3 characters, and discard it if it doesn't match.

If I recall correctly, it isn't really all that hard with modern memory en processing capabilities, once you know how the machine operates, especially if you also know the rotor wiring.

Also, I don't think the plug board really complicated the matter, as it is basically a series substitution cypher.

I think one the system might have been somewhat stronger if they used the plaintext in the algorithm, like an extra rotor that rotates a number of notches depending on the plaintext character.

The greatest feat, I think, the allies pulled of while cracking this thing, is deducing how this thing worked, without ever seeing one.

DanCMarch 25, 2008 6:36 AM

This would make a nice way to encrypt an easy to remember password. Run it through and use the encrypted version. You can remember the dog's name and just hang this up on the wall. Not as nice as password Safe but usable.

David (Toronto)March 25, 2008 7:34 AM


The British got info from Poland and they also had a captured machine early on.

The double keying procedure was the one broken by the the Polish team. The Germans changed it early in the war.

Turning and Welchman advanced the science of the bombe.

It was the US that deduced the Japanese Purple machine without having captured one.

Nonetheless, both were impressive accomplishments.

Mike KossMarch 25, 2008 11:04 AM

@shachar - You're right about some deficiencies of the Paper Enigma:

- Only 3 rotors to choose from.
- Does not have a "rotating/replaceable" reflecting rotor (as added in the M4 Enigma) [fixed Umkehrwalze].
- Missing the front plugboard (which performs an additional static pairwise substitution of up to 10 letter pairs) [no Steckerbrett].

But other than that, the Paper Enigma is compatible with any authentic Enigma machine; messages can be sent and received on the Paper Enigma and read on a physical Enigma (just restrict yourself to the original 3 rotors, set the reflecting rotor to the "standard/A" position, and don't used the plugboard).

And yes, being a subset, this Enigma is "less strong" than the original - and is subject to the same kinds of attacks due to it's symmetric encrypting and decrypting.

@bruce - Thanks for the post. While not quite getting "slash-dotted" my daily visits to this page are up by a factor of 100 (usually 40/day, I got 4,000 views yesterday).

- Mike (author of the Paper Enigma)

Clive RobinsonMarch 25, 2008 5:32 PM


Of the two I think Gordon Welchman moved the breaking process the furthest.
He actually broke the enigma design indipendantly of the others (much to their surprise) part time over a period of around a month. He then went on to design the diagonal board which made the bombes several orders of magnitude more efficient and apparently made Turing nearly drop his tea cup (which was normaly chained to a radiator).

As for paper enigmas, if I remember correctly the early version of the enigma used during the Spanish war (based on the commercial version) was regularly broken by the French using a paper analog (I'm away from my library at the moment so memory has not been checked 8). I think it was called the "method of battons" or was it cliques.

As for breaking it today on a PC you would probably treat it as two seperate ciphers consisting of the dynamic rotor block and the static cross wiring.

At slightly less than 26^3 positions you would simply run an enciphered message against all rotor positions. Then using a windowing technique determin the likley turnover position for the fast and possibly middle rotor.

Having determined the likley turn over points ypu would run the message through again. If the stats look right you would then do the simple analysis to remove the static cipher.

Obviously determining the turn over points is key to breaking any given message and sometimes with a short message and both rotors turning over in the first part of the message you might not be lucky in finding them.

It might make an interesting undergraduate project 8)

bobMarch 26, 2008 12:58 PM

This looks like a good training tool. It reminds me of a similar device I used in High School to learn machine language; it was called CARDIAC (CARDboard Instructional Aid to Computing, I believe it was from Bell Labs?) which simulated/demonstrated the way a simple processor handles interpreting machine language. You moved paper strips up/down to represent various registers, memory locations and pointers (except you used a pencil to actually write in the values for storage).

markmMarch 27, 2008 9:24 PM

Sparky: What David said, and besides that three-rotor Enigma machines were sold commercially before the German or Japanese governments adopted them, so the basic principles were no mystery. You did have to deduce the rotor wiring in the official models, and occasionally they'd change out at least one rotor, throwing the decoders off for weeks to months. The German military added the plug board and more rotors, but the Poles got a head start on cracking the code in the mid or late 30's when Germany sent a machine to their Warsaw embassy by parcel post, and Polish Intelligence[1] did a complete tear-down and reassembly before sending it on. Furthermore, they managed to get their entire code-cracking establishment, primitive computers and all, on a ship to France when the Germans attacked, and then to smuggle it all out of occupied France to the UK.

[1] Before making any jokes about that, look up Madame Curie's origins.

DukeMarch 24, 2009 2:56 PM

Interesting site - I found it while searching for check stock security paper.

Somewhere at home I have a BASIC computer program that emulated the Enigma machine. If I remember correctly its output was in 5-letter groups. I'll look around if anyone is interested. Perhaps I can find the BASIC source code on an old 250 mb hard drive from my now long-deceased IBM PC/AT.

Jorn StadskleivNovember 27, 2011 7:24 PM

Permutation is often used in conjunction with the Enigma. But isn't permutation "rearrangig" the text?, so if the message is "attack", a permutation might look like: "ctakat"? In fact an enigma machine rearranging the message would have been very hard to crack.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..