SlideShare a Scribd company logo

The Hagelin M-209 cipher machine

J
John-André Bjørkhaug
TechnologyBusiness
1 of 15
Download to read offline
Gjøvik University College Cryptology 1 The Hagelin M-209 cipher machine John-André Bjørkhaug 2013.10.01
The Hagelin M-209 cipher machine 1 Abstract During WW2 cipher machines were extensively used, both by the allied and axis nations. Most famous is the German Enigma machine. The allied used multiple machines, but the Swedish M-209 stood out. The fully mechanical, and impressive complex machinery, was produced in the amazingly amount of 140000 during WW2, and used by multiple allied nations. This paper will first give a short introduction to cryptographic rotor machines, describe the history of Boris Hagelins cipher machines, then discuss details of the M-209s, its mechanical properties, how its ciphering works, how to use it, and cryptanalysis work done on it.
The Hagelin M-209 cipher machine 2 Table of Contents 1 Introduction......................................................................................................................... 3 2 Rotor cipher machines ........................................................................................................ 3 2 History of Hagelin mechanical rotor cipher machines........................................................ 4 3 The M-209 .......................................................................................................................... 8 3.1. Ciphering process ........................................................................................................ 9 3.2. Setup .......................................................................................................................... 10 3.3. Accessories ................................................................................................................ 11 3.4. Cryptanalysis ............................................................................................................. 11 4 Conclusion ........................................................................................................................ 13 Reference.................................................................................................................................. 14
The Hagelin M-209 cipher machine 3 1 Introduction The first rotor cipher machines were developed at the end of WW1, including the one that after some modifications would become the most famous of them all, the Enigma. It was invented by Arthur Scherbius, and cryptanalyzed at Bletchley Park during WW2. But there was another less famous rotor machine, which was just as important during WWII, the Swedish Hagelin M- 209. Produced in a stunning amount of approximately 140000, and used mainly by the US Army and Navy, but also by other allied nations, like Norway. This paper will first give a short introduction to cryptographic rotor machines, describe the history of Boris Hagelins cipher machines, starting in 1925, leading up to the M-209 in WW2, the successors of this complex little machine, and ending in the 1960s, when the electronic age was entered. The text will then discuss details of the M-209s, its mechanical properties, how its ciphering works, how to use it, and at last a part about cryptanalysis work done on it. 2 Rotor cipher machines In cryptography a rotor machine is a mechanical or electro-mechanical stream cipher machine. These machines first came into existence in 1915, with the two Dutch naval officers Theo A. van Hengel and R. P. C. Spengel invention. Little is known about this first machine, and other of the earliest machines, invented by men like Edward Hugh Hebern in 1917, Arvid Gerhard Damm in 1919 and Hugo Alexander Koch in 1919. In 1918 Arthur Scherbius filed a patent for his first rotor machine, and in the early 1920s he had invented the first rotor machine that got really famous, and still today is the most famous of them all, the Enigma. Used by the Axis nations, cryptanalyzed and cracked by among others Allan Turing at Bletchley Park during WW2. Its cryptanalyze work was groundbreaking in the world of computers. The Enigma have been the theme of multiple books and even a couple of movies. A cryptographic rotor cipher machines implements a polyalphabetic substitution, with one or multiple rotors to make the cipher complex. The rotors are often key-wheels, where the initial cipher key is set, and the wheels turn in a regular or irregular way for each enciphered letter.
The Hagelin M-209 cipher machine 4 How the key-wheels interact with the enciphering/deciphering process is most often determined by internal settings in the machine. 2 History of Hagelin mechanical rotor cipher machines In 1925, while working for the Swedish company A.B. Cryptograph, Boris Hagelin developed his first cipher machine, the electromechanical B-21, to compete with the Enigma when the Swedish General Staff where looking for new cipher machines to purchase. This was based on the B-18 invented by the company’s owner Arvid Gerhard Damm. The B-21 rotor machine had many similarities with the Enigma, a keyboard for input and light bulbs for output. To avoid patent infringement Hagelin used totally different ciphering operations. Instead of alphabet substitution, he used four coding pin-wheels to scramble a 5x5 matrix. The wheels had different cyclic length, 17, 19, 21 and 23, which made them align after 156009 enciphered letters. More on the pin-wheels in Chapter 3. One problem with the 5x5 matrix, was that it only allowed for a 25 letter long alphabet, so the letter W was substituted by VV. The B-21 was considered more secure than the Enigma, but this was not fact. In 1931 it was broken in less than 24 hours by Arne Beurling, a young mathematics student, attending a course in general cryptology and cryptanalysis held by the Swedish Cipher Bureau at the Swedish Navy Staff. Beurling become more famous in 1942 when he deciphered the German Geheimfernschreiber, also single handedly, with only a pencil and paper in under two weeks. This caused the Swedish Government to establish “Försvarets Radioanstalt”. [Beckman]. At the end of 1933 the French Army got interested in the B-21, but requested some modifications. They needed a portable ciphering machine that could print text. Hagelin added these changes and production of the B-211 started in France. Before the outbreak of WW2, there were produced approximately 500 machines. The ciphering method was the same pin- wheels and matrix as on the B-21. Soon after the beginning of the business with the French, they inquired Hagelin about the possibilities of a compact portable cipher machine that could print. Combining the design of the B-21 and a coin changing machine Hagelin had invented a while before, his first fully mechanical bars and lugs rot cipher machine were invented in 1935, the C-35. The calculating mechanism in the coin changing machine consisted of a cylindrical cage made out of horizontal bars. The bars were affected by keys, slid to the left and creating
The Hagelin M-209 cipher machine 5 teeth in a cogwheel in a variable gear. A type wheel was then turned the same number of rounds as bars in their left position. The keys in the changing machine were switched with pin-wheels, and the type wheel now carried letters instead of numbers. Hagelin have now built the C-35 ciphering machine with 25 horizontal bars in the cage and five pin-wheels. The cage is also discussed in detail in chapter 3. The numbers of letters on the wheels were 17, 19, 21, 23 and 25, which made them align after 3900225 enciphered letters. It was later made several changes to the C-35, making in more suitable for tactical use, adding one pin-wheel, and introduce movable lugs on the bars in the cage. The pin- wheel and cage changes were made in a direct response to cryptoanlysis work made by the Swedish cryptoanalyst Yves Gylden in 1935. The changes led to the model C-36. The numbers of letters on the wheels were 26, 25, 23, 21, 19 and 17, which made them align after 101405850 enciphered letters. In 1937 Hagelin travelled to the US, trying to get the Government in Washington interested in his ciphering machines, but was met with very little interest. Right after the war in Europe had broken out in 1939, he once again travelled to the US, trying to sell them his ciphering machine. This time they were much more interested. William Frederick Friedman, a US Army cryptographer, and the head of the research divison of the Army's Signal Intelligence Service, suggested certain changes. After these changes the machine was named M-209 by the US Army, C-38 by Hagelin, but were most known only by the “Hagelin. In 1942 it was adopted by the US Army, and multiple other allied nations, including Norway. By the same year it was put into mass production by the company L. C. Smith & Corona Typewriters Inc.. In addition to their regular 600 typewriters a day, they now starting putting out as much as 500 olive-drab Hagelin machines a day. By 1944 there were produced approximately 50000 machines, and by the end of the war approximately 140000. The production was not discontinued before Figur 1: C-35 Figur 2: The Hagelin M-209
The Hagelin M-209 cipher machine 6 the first half of the 1960s. The initial price was $64. Today collectors buy it for up to several thousand US dollars. Hagelin earned millions of dollars in royalties, and became the first and possible only cryptology millionaire. The M-209 was first used during the invasion of Africa in November 1942, and did not only see the battlefields of WW2, it was the standard ciphering machine for tactical use in the US Army’s through the Korean War, which ended in 1954. Since the M-209 was meant to be used by soldiers in the field, its size and rugged construction was very important, but made it unpractical for use in Command & Control centers. Hagelin therefore developed the BC-38, which was an electromechanical version of the fully mechanical M-209. This machine were fitted with a full QWERTY keyboard which made it more practical for this use. Like the M-209, the BC-38 also have a pure mechanical enciphering/deciphering process. The only electric parts is a motor and it’s driving circuit. The motor is only used for driving the mechanical encipher/decipher method. It can also be used without electricity, by driving the encipher/decipher process by a handle on the right side, much like on the M-209. Near the end of WW2, even the Germans showed interest in Hagelin’s BC machine to replace the Engima, since it had been broken by the British at Bletchley Park. Since Sweden was neutral they had no problems with selling to both sides. Germany even started to produce Hagelin machines under license, and kept doing so into the 1950’s. There were also licensed production in France. In the end of 1944 and beginning of 1945, Hagelin came with a slightly modified version of the M-209, the C-446. At first sight there were not many changes, but it had two printers, one for clear text and one for cipher text, and two locks, one for the operator and one for the offices. But the most interesting part is that the C-446 also came with a version without the pin-wheels. Instead it had a reader for one-time pad paper tape, which with truly random keys generated a cipher which Claude Shannon in his world famous 1949 paper “Communication Theory of Secrecy Systems” termed “perfect secrecy”. Perfect secrecy means that the cipher gives no additional information about the plaintext, and is unbreakable. The most famous one-time pad Figur 3: BC-38
The Hagelin M-209 cipher machine 7 ciphering machine is the Norwegian ETCRRM (Electronic Teleprinter Cryptographic Regenerative Repeater Mixer) using the Vernam principle, produced by Standard Telefon og Kabelfabrik in the 1950s, and used on the Washington – Moscow hotline during the Cold War. After WW2 there were even more need for ciphering equipment, and Hagelin made improvements on his M-209 design, and produced machines with even more complex algorithms. The CX- 52 machines developed in 1952, used six changeable wheels, which was picked from a set of twelve. The numbers of letters on the wheels were 25, 26, 29, 31, 34, 37, 38, 41, 42, 43, 46 and 47. Five of the wheels had irregular stepping, which made the cipher algorithm even more secure. The machine also had five more bars in the cage than the M-209, in a total of 32 bars. The extra five bars controlled the irregular stepping of the pin-wheels. Using the wheels with twice the numbers of letters than the M-209 wheels, and a special lug configuration in the cage, made the machine compatible with the M-209, BC-38 and C-446. A bad design in the irregular pin-wheels stepping made the last of the six wheel move in a way that it did not contribute very much to the security of the machine. This was fixed in a new version called the CX-52. The CX-52 came in many different versions including one with a one-time pad paper tape reader instead of the pin-wheels, and one with Arabic letters. The CX-52 were Hagelin’s most successful mechanical cipher machine, both commercially and technically. It was sold to over 50 countries, and in use even after Hagelin started to produce fully electronic machines in the 1960s. The CX-52 was used as backup machines during the cold war into the 1980s, and by some countries all the way into the 1990s. In 1992, it came into the light that the National Security Agency (NSA) in 1957, only five years after they were formed, made a deal with Hagelin’s company, Crypto AG, to place a backdoor in, among other cipher machines, the CX-52. This backdoor made the NSA able to easily decrypt messages sent by the Iranian Isalmic regime, Saddam Hussein, Moammar Gadhafi, Ferdinand Marcos, Idi Amin, and even the Vatican. The backdoor access was also shared with the British intelligence service Government Communications Headquarters (GHCQ). After this it was widely accepted that this machine was not more used [OSVDB]. In September 2013 there was a huge media coverage in connection with the Edward Snowden leakage, that the NSA had backdoors into communication and cryptology equipment. The press wrote about this as it was Figur 4: CX-52
The Hagelin M-209 cipher machine 8 something new, but for over 20 years, it has been known that NSA and GHCQ had a backdoor into the Hagelin CX-52 machine for 35 years. If it hadn’t been for the backdoor, the CX-52 would still be relative secure to use. Even though it is based on principles from the 1920s, the CX-52 is very hard to break, even today with the help of computers. The CX-52 was the last of Hagelins mechanical pin-wheel cipher machines, but Hagelin and his company, Crypto AG, continued to produce electronic cipher machines, and communication equipment. Today Crypto AG is still one of the biggest companies in the world when it comes to secure communication. 3 The M-209 The M-209 is very small, about the size of a lunchbox, measuring only 83 x 140 x 178 mm, and weighing a little over 3 kg including its rugged case. The small size, its low weight, and the fact that it is non-electrical, made the M-209 well suited for tactical use on the battlefield. It is no problem for the machine to survive hard shocks, dust, sand, tropic humidity or arctic cold [Kahn]. In addition the machine is capable of performing both enciphering and deciphering, which is a huge plus compared to many other ciphering machines. The most important parts in the machine is the cage, the key wheels and the guide-arms which bind them together. The drum bar cage, also known as the lug cage, but mostly called just “the cage”, consists of 27 horizontal bars between two disks, which forms a revolving cylinder. Each bar has two movable lugs which can be placed in eight positions. Two neutral, and six positions which interacts with the key wheels. Depended on the lug and key wheel pin setting, the individual bars can slide to the left, and add a cog tooth to the variable gear. The number of bars in their left position is the same as the offset between the clear text letter and the cipher text letter.
The Hagelin M-209 cipher machine 9 Six key wheels, which each controls one guide-arm, have a different number of letters on its rim, and a pin under each letter. The number of letters from left to right are 26, 25, 23, 21, 19 and 17. These numbers are chosen to be coprime, which means their greatest common divisor is 1. This causes the wheels to align after26 ∙ 25 ∙ 23 ∙ 21 ∙ 19 ∙ 17 = 101 405 850 enciphered letters, this is also known as a period. Each letter on each wheel has a movable pin. Setting the pin to the right means that the letter position is enabled, and to the left for disabled. An enabled letter position will in turn set the wheel’s guide arm in its operative position, which determines whether lugs in the cage is contacted. If a lug is in contact with a guide arm, its bar slide to the left, and interact with the cogs in the variable gear, as previously mentioned. The wheels have the following letters: Wheel 1: ABCDEFGHIJKLMNOPQRSTUVWXYZ Wheel 2: ABCDEFGHIJKLMNOPQRSTUVXYZ Wheel 3: ABCDEFGHIJKLMNOPQRSTUVX Wheel 4: ABCDEFGHIJKLMNOPQRSTU Wheel 5: ABCDEFGHIJKLMNOPQRS Wheel 6: ABCDEFGHIJKLMNOPQ 3.1.Ciphering process When the clear text letter is set on a knop with an indicator disk on the left side of the machine, the operator turns the power handle of the right side, the cage makes a complete rotation through all of the 27 bars. If an operative guide arm gets in contact with a lug on a bar, the bar slides to the left. All the bars that now are in their left position comprise a cog in the gear, which turns the letter to be enciphered. The letter shift is equal to the number of bars in their left position. Figur 5: M-209s internals. Indicator disk, type wheel, key-wheels with pins, cage with lugs, guide arms etc. is shown
The Hagelin M-209 cipher machine 10 The cipher text letter is then printed on a paper tape. In the case that the machine runs out of paper tape, the type wheel works as an indicator disk which makes the operator able to read the enciphered or deciphered letter directly. After one rotation, all the slid bars are retracted to their original position by a retractor, all the key wheels are advanced one position by another set of gears, and a locking arm locks the cage to prevent one more enciphering until the indicator disk is set to the next letter. This means that if the operator is enciphering or deciphering two equal letters successively he needs to turn the disk back and forth. A skilled operator can run the machine at 15 to 30 letters a minute. The cipher used in the M-209 is a variant of the Beaufort cipher, which means that the ciphering process is an involution, it uses the same algorithm for both enciphering and deciphering. Encipher: 𝑦𝑖 = (𝑧𝑖 − 𝑥𝑖)𝑚𝑜𝑑 26 Decipher: 𝑥𝑖 = (𝑧𝑖 − 𝑦𝑖)𝑚𝑜𝑑 26 What makes the M-209’s ciphering different from the Beaufort cipher, is the system of the cage and the key wheels, which makes the offset change for each enciphered letter. The machine has a button on the right side for choosing Encipher (C) or Decipher (D), but this is only for printing adjustment. Encipher prints the letters in groups of five letters, and deciphering prints the words with the correct spacing. The letter “z” is used for as the spacer, so the word “analyze” would come out as “analy e”. 3.2.Setup Before use the operator needs to set the two lugs on each of the 27 horizontal bars in the cage and enable or disable the pins under each letter on each wheel. This is a complex process that takes quite a bit of time. These settings are called the internal key. Because of this the settings was changed relatively infrequently. Once a day was common. The setup was done with the help of tables, distributed equally to the sender and recipient. An example setup table can be seen in Table 1. NR LUGS 1 2 3 4 5 6 BAR 1 2 3 4 5 6 01 3-6 A A A - - A 01 - - X - - X 02 0-6 B - B - B B 02 - - - - - X 03 1-6 - - - C - 03 X - - - - X 04 1-5 D D - - D D 04 X - - - X - 05 4-5 - E - E E - 05 - - - X X - 06 0-4 - - - F F - 06 - - - X - -
The Hagelin M-209 cipher machine 11 07 0-4 - G G - - - 07 - - - X - - 08 0-4 H - H H H H 08 - - - X - - 09 0-4 I - I I - - 09 - - - X - - 10 2-0 - J J - - - 10 - X - - - - 11 2-0 K K - - - K 11 - X - - - - 12 2-0 - L L - - - 12 - X - - - - 13 2-0 M - M M M - 13 - X - - - - 14 2-0 N - N N N N 14 - X - - - - 15 2-0 - O - - - O 15 - X - - - - 16 2-0 - - - P P - 16 - X - - - - 17 2-0 - - - - - Q 17 - X - - - - 18 2-0 - R R - - 18 - X - - - - 19 2-0 S S S S S 19 - X - - - - 20 2-5 T - T T 20 - X - - X - 21 2-5 - U U U 21 - X - - X - 22 0-5 V - - 22 - - - - X - 23 0-5 W X X 23 - - - - X - 24 0-5 - - 24 - - - - X - 25 0-5 - - 25 - - - - X - 26 0-5 - 26 - - - - X - 27 0-5 27 - - - - X - Plaintext: AAAAAAAAAAAAAAAAAAAAAAAAAA Cipher: TNJUW AUQTK CZKNU TOTBC WARMI O Table 1: Example setup sheet [Cryptomuseum] When the internal settings are set, the operator set the start position on the key-wheels. This is called the external key, and is changed from message to message. This key is inserted into a prearranged position in the cipher text, which makes the deciphering operator set his machine to the correct start position. 3.3.Accessories On the inside of the top lid, there is compartments for accessories, see Figure 6. At the center of the lid there is a paper tape holder, on the left side there is a screwdriver for opening the machine when setting the lugs and pins, a cylinder with blue or purple ink and one with oil. On the right side there is a pair of tweezers used for feeding the paper tape through the printer and removing blocked paper tape. 3.4.Cryptanalysis The security of the M-209 was good for its time, but not perfect. Unlike one other cipher machine used by the US in WW2, the SIGABA, M-209 cipher texts could be decrypted by hand relatively easy once the enemy knew the internal mechanics of the machine. This was done Figur 6:Accessories inside the M-209s lid
The Hagelin M-209 cipher machine 12 using kappa testing which uses the index of coincidence, a technique invented by William F. Friedman during the 1920s. The same person who gave Hagelin advice on how to improve his C-38, and build the M-209. Under heavy traffic the M-209 could come into situations where the key wheels were in a close enough position so the machine would create overlapping portions of the text. The kappa test uses this overlapping portions, and makes it possible for the cryptanalyst to recover the key-wheel pin and lug settings of the machine. The Germans managed to get their hands on quite a lot of the M-209 machines, and got familiar with the way it worked. By 1943 they learned that certain settings gave patterns that could disclose the settings of the pins on the key-wheels and lugs in the cage, and making them able to decrypt cipher text from the M-209 with a length of approximately 150 letters. If the cryptanalyst was lucky 35 letters could be enough. Decryption by an adversary was very time consuming, and the extreme number of internal settings, made the US Army still use the M-209 for tactical use not only through WW2, but as mentioned, also through the Korean War. Since it was known to be vulnerable to cryptanalysis, it was limited to tactical use with messages that would be acted on immediately, within the time it would take to decrypt the message, by the receiver Around 1970 a cryptanalyze of the M-209 was done by Dennis Ritchie, the creator on the C programming language and one the creators of the UNIX operating system, Robert Morris, a contributor to the early versions of UNIX and chief scientist at the NSA in the early 90s, and Jim Reed, a mathematician and hobby cryptologist. The result was a computer program that, in a relatively short time, was able to decrypt about half the texts longer than 2000 characters, and most of the texts with over 2500 characters. In 1974 Robert Morris wrote the crypt program for the Sixth Edition of Unix, based on the M-209 ciphering method. Ritchie, Morris and Reeds work was written as an article meant to be published in the Cryptologia magazine, but after a dialogue with NSA, their work was never published. Although the NSA didn’t have any interest in the M-209 anymore, there were cipher machines still in use based on the same principles. Their work could then potentially damage governments using this equipment. [Ritchie]. Technology has evolved, and in the late 1990s it was possible with a fast cipher text-only attack with 1000-2000 characters, and a known-plaintext attack with only 50-100 characters [Menezes et al.].
The Hagelin M-209 cipher machine 13 4 Conclusion The Hagelin M-209 was a very advanced ciphering machine, ahead of its time. The fact that it was fully mechanical, was an amazing achievement. In addition the M-203 was very small, rugged and able to perform both enciphering and deciphering which made it perfect for tactical use. But one thing to think about today, is how much work it was to change the internal ciphering key, compared to how easily this can be done on today’s crypto equipment. I can’t imagine how frustrating this could be for soldiers in the field, with bullets flying around them. But I guess this was the reason keys most often were changed once a day. The machine built on principles from the early 1920s, and was improved to the last rotor machine from Boris Hagelin, the CX-52, which still today is hard to decrypt by an adversary. One interesting thing today, after the Snowden leakage on NSA backdoors, is that they already had backdoors as early as in 1957 in the CX-52.
The Hagelin M-209 cipher machine 14 Reference [Beckman] B. Beckman, Codebreakers: Arne Beurling and the Swedish Crypto Program During World War II, American Mathematical Society, 2002 [Cryptomuseum] Crypto AG, Hagelin Cipher Machines, http://www.cryptomuseum.com/crypto/hagelin/index.htm [Hafner] K. Hafner, J. markoff, Cyberpunk: Outlaws and hackers on the computer fronter, ., Simon & Schuster, 1995 [Hagelin] B. Hagelin, The Story of Hagelin Cryptos, 1981 [Johnson] B. Johnson, Kryptografi, Tapir Forlag, 2001 [Kahn] D. Kahn, The Codebreakers, 2nd ed., Simon & Schuster, 1996 [Menezes et al.] A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996 [OSVDB] 95427 : Crypto AG Multiple Hagelin Cipher Machine NSA Backdoor Encryption Compromise, http://www.osvdb.org/show/osvdb/95427 [Rice] R. Rice, The M-209 Cipher Machine, 2010, http://derekbruff.org/blogs/fywscrypto/files/2010/11/Rice-Essay-2.pdf [Rijmenants] M-209 simulator, http://users.telenet.be/d.rijmenants/en/m209sim.htm [Ritchie] D.M. Ritchie, Dabbling in the Cryptographic World--A Story, 2000, http://cm.bell-labs.com/who/dmr/crypt.html [Trappe et al.] W. Trappe, L.C. Washington, Introduction to Cryptography with Coding Theory, 2nd ed., Pearson Prentice Hal, 2006 [Wikipedia1] Arne Beurling, http://en.wikipedia.org/wiki/Arne_Beurling [Wikipedia2] Beaufort cipher, http://en.wikipedia.org/wiki/Beaufort_cipher [Wikipedia3] Boris Hagelin, http://en.wikipedia.org/wiki/Boris_Hagelin [Wikipedia4] Enigma machine, http://en.wikipedia.org/wiki/Enigma_machine [Wikipedia5] M-209, http://en.wikipedia.org/wiki/M-209 [Wikipedia6] National Security Agency, http://en.wikipedia.org/wiki/National_Security_Agency [Wikipedia7] William F. Friedman, http://en.wikipedia.org/wiki/William_F._Friedman Permission to use pictures from cryptomuseum.com given by Paul Reuvers 09.03.2013

Recommended

IPv4 to IPv6
IPv4 to IPv6IPv4 to IPv6
IPv4 to IPv6
mithilak
 
Blynk presentation
Blynk presentationBlynk presentation
Blynk presentation
Davide Meacci
 
Network Programming in Java
Network Programming in JavaNetwork Programming in Java
Network Programming in Java
Tushar B Kute
 
Serial And Parallel Data Transmission By ZAK
Serial And Parallel Data Transmission By ZAKSerial And Parallel Data Transmission By ZAK
Serial And Parallel Data Transmission By ZAK
Tabsheer Hasan
 
Ethernet
EthernetEthernet
Ethernet
sijil chacko
 
Vpn
VpnVpn
Vpn
KamalPreet Saluja
 
Project report on home automation using Arduino
Project report on home automation using Arduino Project report on home automation using Arduino
Project report on home automation using Arduino
AMIT SANPUI
 
About ip address
About ip addressAbout ip address
About ip address
gaurav koriya
 

Recommended

IPv4 to IPv6
IPv4 to IPv6IPv4 to IPv6
IPv4 to IPv6
mithilak
 
Blynk presentation
Blynk presentationBlynk presentation
Blynk presentation
Davide Meacci
 
Network Programming in Java
Network Programming in JavaNetwork Programming in Java
Network Programming in Java
Tushar B Kute
 
Serial And Parallel Data Transmission By ZAK
Serial And Parallel Data Transmission By ZAKSerial And Parallel Data Transmission By ZAK
Serial And Parallel Data Transmission By ZAK
Tabsheer Hasan
 
Ethernet
EthernetEthernet
Ethernet
sijil chacko
 
Vpn
VpnVpn
Vpn
KamalPreet Saluja
 
Project report on home automation using Arduino
Project report on home automation using Arduino Project report on home automation using Arduino
Project report on home automation using Arduino
AMIT SANPUI
 
About ip address
About ip addressAbout ip address
About ip address
gaurav koriya
 
Device Hacking
Device HackingDevice Hacking
Device Hacking
Damian T. Gordon
 
Soc - Intro, Design Aspects, HLS, TLM
Soc - Intro, Design Aspects, HLS, TLMSoc - Intro, Design Aspects, HLS, TLM
Soc - Intro, Design Aspects, HLS, TLM
Subhash Iyer
 
Network Layer Numericals
Network Layer NumericalsNetwork Layer Numericals
Network Layer Numericals
Manisha Keim
 
QoS in WSN thesis
QoS in WSN thesisQoS in WSN thesis
QoS in WSN thesis
Sujaritha Sundaresan
 
RPL - Routing Protocol for Low Power and Lossy Networks
RPL - Routing Protocol for Low Power and Lossy NetworksRPL - Routing Protocol for Low Power and Lossy Networks
RPL - Routing Protocol for Low Power and Lossy Networks
Pradeep Kumar TS
 
Chap5 analog transmission
Chap5 analog transmissionChap5 analog transmission
Chap5 analog transmission
arslan_akbar90
 
Mac protocols
Mac protocolsMac protocols
Mac protocols
juno susi
 
Security in an embedded system
Security in an embedded system Security in an embedded system
Security in an embedded system
UrmilasSrinivasan
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
Jtag presentation
Jtag presentationJtag presentation
Jtag presentation
klinetik
 
Snort
SnortSnort
Snort
Fadwa Gmiden
 
Arduino UNO Gas & Smoke Detection - Embedded Systems
Arduino UNO Gas & Smoke Detection - Embedded SystemsArduino UNO Gas & Smoke Detection - Embedded Systems
Arduino UNO Gas & Smoke Detection - Embedded Systems
Imtiaze A.
 
Keil tutorial
Keil tutorialKeil tutorial
Keil tutorial
anishgoel
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
ImXaib
 
WSN-IEEE 802.15.4 -MAC Protocol
WSN-IEEE 802.15.4 -MAC ProtocolWSN-IEEE 802.15.4 -MAC Protocol
WSN-IEEE 802.15.4 -MAC Protocol
ArunChokkalingam
 
Introduction to Node MCU
Introduction to Node MCUIntroduction to Node MCU
Introduction to Node MCU
Amarjeetsingh Thakur
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
Nzava Luwawa
 
Stm32 f103c8t6
Stm32 f103c8t6Stm32 f103c8t6
Stm32 f103c8t6
whatry1995
 
USB 2.0
USB 2.0USB 2.0
USB 2.0
VinChip Systems - VinTrain VLSI Academy
 
Presentation english y-Banners
Presentation english y-BannersPresentation english y-Banners
Presentation english y-Banners
opportunitygroup
 
(IMSI-)Catch me if you can
(IMSI-)Catch me if you can(IMSI-)Catch me if you can
(IMSI-)Catch me if you can
John-André Bjørkhaug
 

More Related Content

What's hot

Soc - Intro, Design Aspects, HLS, TLM
Soc - Intro, Design Aspects, HLS, TLMSoc - Intro, Design Aspects, HLS, TLM
Soc - Intro, Design Aspects, HLS, TLM
Subhash Iyer
 
Chap5 analog transmission
Chap5 analog transmissionChap5 analog transmission
Chap5 analog transmission
arslan_akbar90
 
Jtag presentation
Jtag presentationJtag presentation
Jtag presentation
klinetik
 
Keil tutorial
Keil tutorialKeil tutorial
Keil tutorial
anishgoel
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
ImXaib
 

What's hot (20)

Device Hacking
Device HackingDevice Hacking
Device Hacking
 
Soc - Intro, Design Aspects, HLS, TLM
Soc - Intro, Design Aspects, HLS, TLMSoc - Intro, Design Aspects, HLS, TLM
Soc - Intro, Design Aspects, HLS, TLM
 
Network Layer Numericals
Network Layer NumericalsNetwork Layer Numericals
Network Layer Numericals
 
QoS in WSN thesis
QoS in WSN thesisQoS in WSN thesis
QoS in WSN thesis
 
RPL - Routing Protocol for Low Power and Lossy Networks
RPL - Routing Protocol for Low Power and Lossy NetworksRPL - Routing Protocol for Low Power and Lossy Networks
RPL - Routing Protocol for Low Power and Lossy Networks
 
Chap5 analog transmission
Chap5 analog transmissionChap5 analog transmission
Chap5 analog transmission
 
Mac protocols
Mac protocolsMac protocols
Mac protocols
 
Security in an embedded system
Security in an embedded system Security in an embedded system
Security in an embedded system
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
 
Jtag presentation
Jtag presentationJtag presentation
Jtag presentation
 
Snort
SnortSnort
Snort
 
Arduino UNO Gas & Smoke Detection - Embedded Systems
Arduino UNO Gas & Smoke Detection - Embedded SystemsArduino UNO Gas & Smoke Detection - Embedded Systems
Arduino UNO Gas & Smoke Detection - Embedded Systems
 
Keil tutorial
Keil tutorialKeil tutorial
Keil tutorial
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
WSN-IEEE 802.15.4 -MAC Protocol
WSN-IEEE 802.15.4 -MAC ProtocolWSN-IEEE 802.15.4 -MAC Protocol
WSN-IEEE 802.15.4 -MAC Protocol
 
Introduction to Node MCU
Introduction to Node MCUIntroduction to Node MCU
Introduction to Node MCU
 
Firewall
Firewall Firewall
Firewall
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
 
Stm32 f103c8t6
Stm32 f103c8t6Stm32 f103c8t6
Stm32 f103c8t6
 
USB 2.0
USB 2.0USB 2.0
USB 2.0
 

Viewers also liked

Presentation english y-Banners
Presentation english y-BannersPresentation english y-Banners
Presentation english y-Banners
opportunitygroup
 
Determination of some heavy metals possibly present in drinking stations foun...
Determination of some heavy metals possibly present in drinking stations foun...Determination of some heavy metals possibly present in drinking stations foun...
Determination of some heavy metals possibly present in drinking stations foun...
dfajdbsj
 
Fighting buffer overflows with Address Space Layout Randomization
Fighting buffer overflows with Address Space Layout RandomizationFighting buffer overflows with Address Space Layout Randomization
Fighting buffer overflows with Address Space Layout Randomization
John-André Bjørkhaug
 
Vulnerabilities in login authentication methods and password storage in Windo...
Vulnerabilities in login authentication methods and password storage in Windo...Vulnerabilities in login authentication methods and password storage in Windo...
Vulnerabilities in login authentication methods and password storage in Windo...
John-André Bjørkhaug
 
Smart grid networks and security architecture: Threat analysis, threat scenar...
Smart grid networks and security architecture: Threat analysis, threat scenar...Smart grid networks and security architecture: Threat analysis, threat scenar...
Smart grid networks and security architecture: Threat analysis, threat scenar...
John-André Bjørkhaug
 
ISF høstkonferanse 2014 - Windows 8 autentisering og passord
ISF høstkonferanse 2014 - Windows 8 autentisering og passordISF høstkonferanse 2014 - Windows 8 autentisering og passord
ISF høstkonferanse 2014 - Windows 8 autentisering og passord
John-André Bjørkhaug
 

Viewers also liked (10)

Presentation english y-Banners
Presentation english y-BannersPresentation english y-Banners
Presentation english y-Banners
 
(IMSI-)Catch me if you can
(IMSI-)Catch me if you can(IMSI-)Catch me if you can
(IMSI-)Catch me if you can
 
ASURED presentation
ASURED presentationASURED presentation
ASURED presentation
 
Determination of some heavy metals possibly present in drinking stations foun...
Determination of some heavy metals possibly present in drinking stations foun...Determination of some heavy metals possibly present in drinking stations foun...
Determination of some heavy metals possibly present in drinking stations foun...
 
Fighting buffer overflows with Address Space Layout Randomization
Fighting buffer overflows with Address Space Layout RandomizationFighting buffer overflows with Address Space Layout Randomization
Fighting buffer overflows with Address Space Layout Randomization
 
Vulnerabilities in login authentication methods and password storage in Windo...
Vulnerabilities in login authentication methods and password storage in Windo...Vulnerabilities in login authentication methods and password storage in Windo...
Vulnerabilities in login authentication methods and password storage in Windo...
 
Smart grid networks and security architecture: Threat analysis, threat scenar...
Smart grid networks and security architecture: Threat analysis, threat scenar...Smart grid networks and security architecture: Threat analysis, threat scenar...
Smart grid networks and security architecture: Threat analysis, threat scenar...
 
Kroma Tower Gateway Update 021414
Kroma Tower Gateway Update 021414Kroma Tower Gateway Update 021414
Kroma Tower Gateway Update 021414
 
ISF høstkonferanse 2014 - Windows 8 autentisering og passord
ISF høstkonferanse 2014 - Windows 8 autentisering og passordISF høstkonferanse 2014 - Windows 8 autentisering og passord
ISF høstkonferanse 2014 - Windows 8 autentisering og passord
 
Generating random primes
Generating random primesGenerating random primes
Generating random primes
 

Similar to The Hagelin M-209 cipher machine

Final Paper for Senior Seminar
Final Paper for Senior SeminarFinal Paper for Senior Seminar
Final Paper for Senior Seminar
Kasner Margaret
 
The Enigma Machine And How It Worked
The Enigma Machine And How It WorkedThe Enigma Machine And How It Worked
The Enigma Machine And How It Worked
Lisa Kennedy
 

Similar to The Hagelin M-209 cipher machine (14)

history.ppt
history.ppthistory.ppt
history.ppt
 
005813616.pdf
005813616.pdf005813616.pdf
005813616.pdf
 
enigma cipher machine
enigma cipher machineenigma cipher machine
enigma cipher machine
 
1st week history-of-computers.pptx
1st week history-of-computers.pptx1st week history-of-computers.pptx
1st week history-of-computers.pptx
 
Final Paper for Senior Seminar
Final Paper for Senior SeminarFinal Paper for Senior Seminar
Final Paper for Senior Seminar
 
Activity 3 history of computer
Activity 3 history of computerActivity 3 history of computer
Activity 3 history of computer
 
The Enigma Machine And How It Worked
The Enigma Machine And How It WorkedThe Enigma Machine And How It Worked
The Enigma Machine And How It Worked
 
28927346-Typewriters
28927346-Typewriters28927346-Typewriters
28927346-Typewriters
 
Lec 1-history & evolution of computers
Lec 1-history & evolution of computersLec 1-history & evolution of computers
Lec 1-history & evolution of computers
 
History of the computer
History of the computerHistory of the computer
History of the computer
 
Computer history
Computer historyComputer history
Computer history
 
YINS GRANDAD
YINS GRANDAD YINS GRANDAD
YINS GRANDAD
 
Computer history
Computer historyComputer history
Computer history
 
10 innovations you thought were new (by @creaxnv)
10 innovations you thought were new (by @creaxnv)10 innovations you thought were new (by @creaxnv)
10 innovations you thought were new (by @creaxnv)
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

The Hagelin M-209 cipher machine

  • 1. Gjøvik University College Cryptology 1 The Hagelin M-209 cipher machine John-André Bjørkhaug 2013.10.01
  • 2. The Hagelin M-209 cipher machine 1 Abstract During WW2 cipher machines were extensively used, both by the allied and axis nations. Most famous is the German Enigma machine. The allied used multiple machines, but the Swedish M-209 stood out. The fully mechanical, and impressive complex machinery, was produced in the amazingly amount of 140000 during WW2, and used by multiple allied nations. This paper will first give a short introduction to cryptographic rotor machines, describe the history of Boris Hagelins cipher machines, then discuss details of the M-209s, its mechanical properties, how its ciphering works, how to use it, and cryptanalysis work done on it.
  • 3. The Hagelin M-209 cipher machine 2 Table of Contents 1 Introduction......................................................................................................................... 3 2 Rotor cipher machines ........................................................................................................ 3 2 History of Hagelin mechanical rotor cipher machines........................................................ 4 3 The M-209 .......................................................................................................................... 8 3.1. Ciphering process ........................................................................................................ 9 3.2. Setup .......................................................................................................................... 10 3.3. Accessories ................................................................................................................ 11 3.4. Cryptanalysis ............................................................................................................. 11 4 Conclusion ........................................................................................................................ 13 Reference.................................................................................................................................. 14
  • 4. The Hagelin M-209 cipher machine 3 1 Introduction The first rotor cipher machines were developed at the end of WW1, including the one that after some modifications would become the most famous of them all, the Enigma. It was invented by Arthur Scherbius, and cryptanalyzed at Bletchley Park during WW2. But there was another less famous rotor machine, which was just as important during WWII, the Swedish Hagelin M- 209. Produced in a stunning amount of approximately 140000, and used mainly by the US Army and Navy, but also by other allied nations, like Norway. This paper will first give a short introduction to cryptographic rotor machines, describe the history of Boris Hagelins cipher machines, starting in 1925, leading up to the M-209 in WW2, the successors of this complex little machine, and ending in the 1960s, when the electronic age was entered. The text will then discuss details of the M-209s, its mechanical properties, how its ciphering works, how to use it, and at last a part about cryptanalysis work done on it. 2 Rotor cipher machines In cryptography a rotor machine is a mechanical or electro-mechanical stream cipher machine. These machines first came into existence in 1915, with the two Dutch naval officers Theo A. van Hengel and R. P. C. Spengel invention. Little is known about this first machine, and other of the earliest machines, invented by men like Edward Hugh Hebern in 1917, Arvid Gerhard Damm in 1919 and Hugo Alexander Koch in 1919. In 1918 Arthur Scherbius filed a patent for his first rotor machine, and in the early 1920s he had invented the first rotor machine that got really famous, and still today is the most famous of them all, the Enigma. Used by the Axis nations, cryptanalyzed and cracked by among others Allan Turing at Bletchley Park during WW2. Its cryptanalyze work was groundbreaking in the world of computers. The Enigma have been the theme of multiple books and even a couple of movies. A cryptographic rotor cipher machines implements a polyalphabetic substitution, with one or multiple rotors to make the cipher complex. The rotors are often key-wheels, where the initial cipher key is set, and the wheels turn in a regular or irregular way for each enciphered letter.
  • 5. The Hagelin M-209 cipher machine 4 How the key-wheels interact with the enciphering/deciphering process is most often determined by internal settings in the machine. 2 History of Hagelin mechanical rotor cipher machines In 1925, while working for the Swedish company A.B. Cryptograph, Boris Hagelin developed his first cipher machine, the electromechanical B-21, to compete with the Enigma when the Swedish General Staff where looking for new cipher machines to purchase. This was based on the B-18 invented by the company’s owner Arvid Gerhard Damm. The B-21 rotor machine had many similarities with the Enigma, a keyboard for input and light bulbs for output. To avoid patent infringement Hagelin used totally different ciphering operations. Instead of alphabet substitution, he used four coding pin-wheels to scramble a 5x5 matrix. The wheels had different cyclic length, 17, 19, 21 and 23, which made them align after 156009 enciphered letters. More on the pin-wheels in Chapter 3. One problem with the 5x5 matrix, was that it only allowed for a 25 letter long alphabet, so the letter W was substituted by VV. The B-21 was considered more secure than the Enigma, but this was not fact. In 1931 it was broken in less than 24 hours by Arne Beurling, a young mathematics student, attending a course in general cryptology and cryptanalysis held by the Swedish Cipher Bureau at the Swedish Navy Staff. Beurling become more famous in 1942 when he deciphered the German Geheimfernschreiber, also single handedly, with only a pencil and paper in under two weeks. This caused the Swedish Government to establish “Försvarets Radioanstalt”. [Beckman]. At the end of 1933 the French Army got interested in the B-21, but requested some modifications. They needed a portable ciphering machine that could print text. Hagelin added these changes and production of the B-211 started in France. Before the outbreak of WW2, there were produced approximately 500 machines. The ciphering method was the same pin- wheels and matrix as on the B-21. Soon after the beginning of the business with the French, they inquired Hagelin about the possibilities of a compact portable cipher machine that could print. Combining the design of the B-21 and a coin changing machine Hagelin had invented a while before, his first fully mechanical bars and lugs rot cipher machine were invented in 1935, the C-35. The calculating mechanism in the coin changing machine consisted of a cylindrical cage made out of horizontal bars. The bars were affected by keys, slid to the left and creating
  • 6. The Hagelin M-209 cipher machine 5 teeth in a cogwheel in a variable gear. A type wheel was then turned the same number of rounds as bars in their left position. The keys in the changing machine were switched with pin-wheels, and the type wheel now carried letters instead of numbers. Hagelin have now built the C-35 ciphering machine with 25 horizontal bars in the cage and five pin-wheels. The cage is also discussed in detail in chapter 3. The numbers of letters on the wheels were 17, 19, 21, 23 and 25, which made them align after 3900225 enciphered letters. It was later made several changes to the C-35, making in more suitable for tactical use, adding one pin-wheel, and introduce movable lugs on the bars in the cage. The pin- wheel and cage changes were made in a direct response to cryptoanlysis work made by the Swedish cryptoanalyst Yves Gylden in 1935. The changes led to the model C-36. The numbers of letters on the wheels were 26, 25, 23, 21, 19 and 17, which made them align after 101405850 enciphered letters. In 1937 Hagelin travelled to the US, trying to get the Government in Washington interested in his ciphering machines, but was met with very little interest. Right after the war in Europe had broken out in 1939, he once again travelled to the US, trying to sell them his ciphering machine. This time they were much more interested. William Frederick Friedman, a US Army cryptographer, and the head of the research divison of the Army's Signal Intelligence Service, suggested certain changes. After these changes the machine was named M-209 by the US Army, C-38 by Hagelin, but were most known only by the “Hagelin. In 1942 it was adopted by the US Army, and multiple other allied nations, including Norway. By the same year it was put into mass production by the company L. C. Smith & Corona Typewriters Inc.. In addition to their regular 600 typewriters a day, they now starting putting out as much as 500 olive-drab Hagelin machines a day. By 1944 there were produced approximately 50000 machines, and by the end of the war approximately 140000. The production was not discontinued before Figur 1: C-35 Figur 2: The Hagelin M-209
  • 7. The Hagelin M-209 cipher machine 6 the first half of the 1960s. The initial price was $64. Today collectors buy it for up to several thousand US dollars. Hagelin earned millions of dollars in royalties, and became the first and possible only cryptology millionaire. The M-209 was first used during the invasion of Africa in November 1942, and did not only see the battlefields of WW2, it was the standard ciphering machine for tactical use in the US Army’s through the Korean War, which ended in 1954. Since the M-209 was meant to be used by soldiers in the field, its size and rugged construction was very important, but made it unpractical for use in Command & Control centers. Hagelin therefore developed the BC-38, which was an electromechanical version of the fully mechanical M-209. This machine were fitted with a full QWERTY keyboard which made it more practical for this use. Like the M-209, the BC-38 also have a pure mechanical enciphering/deciphering process. The only electric parts is a motor and it’s driving circuit. The motor is only used for driving the mechanical encipher/decipher method. It can also be used without electricity, by driving the encipher/decipher process by a handle on the right side, much like on the M-209. Near the end of WW2, even the Germans showed interest in Hagelin’s BC machine to replace the Engima, since it had been broken by the British at Bletchley Park. Since Sweden was neutral they had no problems with selling to both sides. Germany even started to produce Hagelin machines under license, and kept doing so into the 1950’s. There were also licensed production in France. In the end of 1944 and beginning of 1945, Hagelin came with a slightly modified version of the M-209, the C-446. At first sight there were not many changes, but it had two printers, one for clear text and one for cipher text, and two locks, one for the operator and one for the offices. But the most interesting part is that the C-446 also came with a version without the pin-wheels. Instead it had a reader for one-time pad paper tape, which with truly random keys generated a cipher which Claude Shannon in his world famous 1949 paper “Communication Theory of Secrecy Systems” termed “perfect secrecy”. Perfect secrecy means that the cipher gives no additional information about the plaintext, and is unbreakable. The most famous one-time pad Figur 3: BC-38
  • 8. The Hagelin M-209 cipher machine 7 ciphering machine is the Norwegian ETCRRM (Electronic Teleprinter Cryptographic Regenerative Repeater Mixer) using the Vernam principle, produced by Standard Telefon og Kabelfabrik in the 1950s, and used on the Washington – Moscow hotline during the Cold War. After WW2 there were even more need for ciphering equipment, and Hagelin made improvements on his M-209 design, and produced machines with even more complex algorithms. The CX- 52 machines developed in 1952, used six changeable wheels, which was picked from a set of twelve. The numbers of letters on the wheels were 25, 26, 29, 31, 34, 37, 38, 41, 42, 43, 46 and 47. Five of the wheels had irregular stepping, which made the cipher algorithm even more secure. The machine also had five more bars in the cage than the M-209, in a total of 32 bars. The extra five bars controlled the irregular stepping of the pin-wheels. Using the wheels with twice the numbers of letters than the M-209 wheels, and a special lug configuration in the cage, made the machine compatible with the M-209, BC-38 and C-446. A bad design in the irregular pin-wheels stepping made the last of the six wheel move in a way that it did not contribute very much to the security of the machine. This was fixed in a new version called the CX-52. The CX-52 came in many different versions including one with a one-time pad paper tape reader instead of the pin-wheels, and one with Arabic letters. The CX-52 were Hagelin’s most successful mechanical cipher machine, both commercially and technically. It was sold to over 50 countries, and in use even after Hagelin started to produce fully electronic machines in the 1960s. The CX-52 was used as backup machines during the cold war into the 1980s, and by some countries all the way into the 1990s. In 1992, it came into the light that the National Security Agency (NSA) in 1957, only five years after they were formed, made a deal with Hagelin’s company, Crypto AG, to place a backdoor in, among other cipher machines, the CX-52. This backdoor made the NSA able to easily decrypt messages sent by the Iranian Isalmic regime, Saddam Hussein, Moammar Gadhafi, Ferdinand Marcos, Idi Amin, and even the Vatican. The backdoor access was also shared with the British intelligence service Government Communications Headquarters (GHCQ). After this it was widely accepted that this machine was not more used [OSVDB]. In September 2013 there was a huge media coverage in connection with the Edward Snowden leakage, that the NSA had backdoors into communication and cryptology equipment. The press wrote about this as it was Figur 4: CX-52
  • 9. The Hagelin M-209 cipher machine 8 something new, but for over 20 years, it has been known that NSA and GHCQ had a backdoor into the Hagelin CX-52 machine for 35 years. If it hadn’t been for the backdoor, the CX-52 would still be relative secure to use. Even though it is based on principles from the 1920s, the CX-52 is very hard to break, even today with the help of computers. The CX-52 was the last of Hagelins mechanical pin-wheel cipher machines, but Hagelin and his company, Crypto AG, continued to produce electronic cipher machines, and communication equipment. Today Crypto AG is still one of the biggest companies in the world when it comes to secure communication. 3 The M-209 The M-209 is very small, about the size of a lunchbox, measuring only 83 x 140 x 178 mm, and weighing a little over 3 kg including its rugged case. The small size, its low weight, and the fact that it is non-electrical, made the M-209 well suited for tactical use on the battlefield. It is no problem for the machine to survive hard shocks, dust, sand, tropic humidity or arctic cold [Kahn]. In addition the machine is capable of performing both enciphering and deciphering, which is a huge plus compared to many other ciphering machines. The most important parts in the machine is the cage, the key wheels and the guide-arms which bind them together. The drum bar cage, also known as the lug cage, but mostly called just “the cage”, consists of 27 horizontal bars between two disks, which forms a revolving cylinder. Each bar has two movable lugs which can be placed in eight positions. Two neutral, and six positions which interacts with the key wheels. Depended on the lug and key wheel pin setting, the individual bars can slide to the left, and add a cog tooth to the variable gear. The number of bars in their left position is the same as the offset between the clear text letter and the cipher text letter.
  • 10. The Hagelin M-209 cipher machine 9 Six key wheels, which each controls one guide-arm, have a different number of letters on its rim, and a pin under each letter. The number of letters from left to right are 26, 25, 23, 21, 19 and 17. These numbers are chosen to be coprime, which means their greatest common divisor is 1. This causes the wheels to align after26 ∙ 25 ∙ 23 ∙ 21 ∙ 19 ∙ 17 = 101 405 850 enciphered letters, this is also known as a period. Each letter on each wheel has a movable pin. Setting the pin to the right means that the letter position is enabled, and to the left for disabled. An enabled letter position will in turn set the wheel’s guide arm in its operative position, which determines whether lugs in the cage is contacted. If a lug is in contact with a guide arm, its bar slide to the left, and interact with the cogs in the variable gear, as previously mentioned. The wheels have the following letters: Wheel 1: ABCDEFGHIJKLMNOPQRSTUVWXYZ Wheel 2: ABCDEFGHIJKLMNOPQRSTUVXYZ Wheel 3: ABCDEFGHIJKLMNOPQRSTUVX Wheel 4: ABCDEFGHIJKLMNOPQRSTU Wheel 5: ABCDEFGHIJKLMNOPQRS Wheel 6: ABCDEFGHIJKLMNOPQ 3.1.Ciphering process When the clear text letter is set on a knop with an indicator disk on the left side of the machine, the operator turns the power handle of the right side, the cage makes a complete rotation through all of the 27 bars. If an operative guide arm gets in contact with a lug on a bar, the bar slides to the left. All the bars that now are in their left position comprise a cog in the gear, which turns the letter to be enciphered. The letter shift is equal to the number of bars in their left position. Figur 5: M-209s internals. Indicator disk, type wheel, key-wheels with pins, cage with lugs, guide arms etc. is shown
  • 11. The Hagelin M-209 cipher machine 10 The cipher text letter is then printed on a paper tape. In the case that the machine runs out of paper tape, the type wheel works as an indicator disk which makes the operator able to read the enciphered or deciphered letter directly. After one rotation, all the slid bars are retracted to their original position by a retractor, all the key wheels are advanced one position by another set of gears, and a locking arm locks the cage to prevent one more enciphering until the indicator disk is set to the next letter. This means that if the operator is enciphering or deciphering two equal letters successively he needs to turn the disk back and forth. A skilled operator can run the machine at 15 to 30 letters a minute. The cipher used in the M-209 is a variant of the Beaufort cipher, which means that the ciphering process is an involution, it uses the same algorithm for both enciphering and deciphering. Encipher: 𝑦𝑖 = (𝑧𝑖 − 𝑥𝑖)𝑚𝑜𝑑 26 Decipher: 𝑥𝑖 = (𝑧𝑖 − 𝑦𝑖)𝑚𝑜𝑑 26 What makes the M-209’s ciphering different from the Beaufort cipher, is the system of the cage and the key wheels, which makes the offset change for each enciphered letter. The machine has a button on the right side for choosing Encipher (C) or Decipher (D), but this is only for printing adjustment. Encipher prints the letters in groups of five letters, and deciphering prints the words with the correct spacing. The letter “z” is used for as the spacer, so the word “analyze” would come out as “analy e”. 3.2.Setup Before use the operator needs to set the two lugs on each of the 27 horizontal bars in the cage and enable or disable the pins under each letter on each wheel. This is a complex process that takes quite a bit of time. These settings are called the internal key. Because of this the settings was changed relatively infrequently. Once a day was common. The setup was done with the help of tables, distributed equally to the sender and recipient. An example setup table can be seen in Table 1. NR LUGS 1 2 3 4 5 6 BAR 1 2 3 4 5 6 01 3-6 A A A - - A 01 - - X - - X 02 0-6 B - B - B B 02 - - - - - X 03 1-6 - - - C - 03 X - - - - X 04 1-5 D D - - D D 04 X - - - X - 05 4-5 - E - E E - 05 - - - X X - 06 0-4 - - - F F - 06 - - - X - -
  • 12. The Hagelin M-209 cipher machine 11 07 0-4 - G G - - - 07 - - - X - - 08 0-4 H - H H H H 08 - - - X - - 09 0-4 I - I I - - 09 - - - X - - 10 2-0 - J J - - - 10 - X - - - - 11 2-0 K K - - - K 11 - X - - - - 12 2-0 - L L - - - 12 - X - - - - 13 2-0 M - M M M - 13 - X - - - - 14 2-0 N - N N N N 14 - X - - - - 15 2-0 - O - - - O 15 - X - - - - 16 2-0 - - - P P - 16 - X - - - - 17 2-0 - - - - - Q 17 - X - - - - 18 2-0 - R R - - 18 - X - - - - 19 2-0 S S S S S 19 - X - - - - 20 2-5 T - T T 20 - X - - X - 21 2-5 - U U U 21 - X - - X - 22 0-5 V - - 22 - - - - X - 23 0-5 W X X 23 - - - - X - 24 0-5 - - 24 - - - - X - 25 0-5 - - 25 - - - - X - 26 0-5 - 26 - - - - X - 27 0-5 27 - - - - X - Plaintext: AAAAAAAAAAAAAAAAAAAAAAAAAA Cipher: TNJUW AUQTK CZKNU TOTBC WARMI O Table 1: Example setup sheet [Cryptomuseum] When the internal settings are set, the operator set the start position on the key-wheels. This is called the external key, and is changed from message to message. This key is inserted into a prearranged position in the cipher text, which makes the deciphering operator set his machine to the correct start position. 3.3.Accessories On the inside of the top lid, there is compartments for accessories, see Figure 6. At the center of the lid there is a paper tape holder, on the left side there is a screwdriver for opening the machine when setting the lugs and pins, a cylinder with blue or purple ink and one with oil. On the right side there is a pair of tweezers used for feeding the paper tape through the printer and removing blocked paper tape. 3.4.Cryptanalysis The security of the M-209 was good for its time, but not perfect. Unlike one other cipher machine used by the US in WW2, the SIGABA, M-209 cipher texts could be decrypted by hand relatively easy once the enemy knew the internal mechanics of the machine. This was done Figur 6:Accessories inside the M-209s lid
  • 13. The Hagelin M-209 cipher machine 12 using kappa testing which uses the index of coincidence, a technique invented by William F. Friedman during the 1920s. The same person who gave Hagelin advice on how to improve his C-38, and build the M-209. Under heavy traffic the M-209 could come into situations where the key wheels were in a close enough position so the machine would create overlapping portions of the text. The kappa test uses this overlapping portions, and makes it possible for the cryptanalyst to recover the key-wheel pin and lug settings of the machine. The Germans managed to get their hands on quite a lot of the M-209 machines, and got familiar with the way it worked. By 1943 they learned that certain settings gave patterns that could disclose the settings of the pins on the key-wheels and lugs in the cage, and making them able to decrypt cipher text from the M-209 with a length of approximately 150 letters. If the cryptanalyst was lucky 35 letters could be enough. Decryption by an adversary was very time consuming, and the extreme number of internal settings, made the US Army still use the M-209 for tactical use not only through WW2, but as mentioned, also through the Korean War. Since it was known to be vulnerable to cryptanalysis, it was limited to tactical use with messages that would be acted on immediately, within the time it would take to decrypt the message, by the receiver Around 1970 a cryptanalyze of the M-209 was done by Dennis Ritchie, the creator on the C programming language and one the creators of the UNIX operating system, Robert Morris, a contributor to the early versions of UNIX and chief scientist at the NSA in the early 90s, and Jim Reed, a mathematician and hobby cryptologist. The result was a computer program that, in a relatively short time, was able to decrypt about half the texts longer than 2000 characters, and most of the texts with over 2500 characters. In 1974 Robert Morris wrote the crypt program for the Sixth Edition of Unix, based on the M-209 ciphering method. Ritchie, Morris and Reeds work was written as an article meant to be published in the Cryptologia magazine, but after a dialogue with NSA, their work was never published. Although the NSA didn’t have any interest in the M-209 anymore, there were cipher machines still in use based on the same principles. Their work could then potentially damage governments using this equipment. [Ritchie]. Technology has evolved, and in the late 1990s it was possible with a fast cipher text-only attack with 1000-2000 characters, and a known-plaintext attack with only 50-100 characters [Menezes et al.].
  • 14. The Hagelin M-209 cipher machine 13 4 Conclusion The Hagelin M-209 was a very advanced ciphering machine, ahead of its time. The fact that it was fully mechanical, was an amazing achievement. In addition the M-203 was very small, rugged and able to perform both enciphering and deciphering which made it perfect for tactical use. But one thing to think about today, is how much work it was to change the internal ciphering key, compared to how easily this can be done on today’s crypto equipment. I can’t imagine how frustrating this could be for soldiers in the field, with bullets flying around them. But I guess this was the reason keys most often were changed once a day. The machine built on principles from the early 1920s, and was improved to the last rotor machine from Boris Hagelin, the CX-52, which still today is hard to decrypt by an adversary. One interesting thing today, after the Snowden leakage on NSA backdoors, is that they already had backdoors as early as in 1957 in the CX-52.
  • 15. The Hagelin M-209 cipher machine 14 Reference [Beckman] B. Beckman, Codebreakers: Arne Beurling and the Swedish Crypto Program During World War II, American Mathematical Society, 2002 [Cryptomuseum] Crypto AG, Hagelin Cipher Machines, http://www.cryptomuseum.com/crypto/hagelin/index.htm [Hafner] K. Hafner, J. markoff, Cyberpunk: Outlaws and hackers on the computer fronter, ., Simon & Schuster, 1995 [Hagelin] B. Hagelin, The Story of Hagelin Cryptos, 1981 [Johnson] B. Johnson, Kryptografi, Tapir Forlag, 2001 [Kahn] D. Kahn, The Codebreakers, 2nd ed., Simon & Schuster, 1996 [Menezes et al.] A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996 [OSVDB] 95427 : Crypto AG Multiple Hagelin Cipher Machine NSA Backdoor Encryption Compromise, http://www.osvdb.org/show/osvdb/95427 [Rice] R. Rice, The M-209 Cipher Machine, 2010, http://derekbruff.org/blogs/fywscrypto/files/2010/11/Rice-Essay-2.pdf [Rijmenants] M-209 simulator, http://users.telenet.be/d.rijmenants/en/m209sim.htm [Ritchie] D.M. Ritchie, Dabbling in the Cryptographic World--A Story, 2000, http://cm.bell-labs.com/who/dmr/crypt.html [Trappe et al.] W. Trappe, L.C. Washington, Introduction to Cryptography with Coding Theory, 2nd ed., Pearson Prentice Hal, 2006 [Wikipedia1] Arne Beurling, http://en.wikipedia.org/wiki/Arne_Beurling [Wikipedia2] Beaufort cipher, http://en.wikipedia.org/wiki/Beaufort_cipher [Wikipedia3] Boris Hagelin, http://en.wikipedia.org/wiki/Boris_Hagelin [Wikipedia4] Enigma machine, http://en.wikipedia.org/wiki/Enigma_machine [Wikipedia5] M-209, http://en.wikipedia.org/wiki/M-209 [Wikipedia6] National Security Agency, http://en.wikipedia.org/wiki/National_Security_Agency [Wikipedia7] William F. Friedman, http://en.wikipedia.org/wiki/William_F._Friedman Permission to use pictures from cryptomuseum.com given by Paul Reuvers 09.03.2013