Breaking Enigma
Cryptography Fundamentals
Chapter 4 · Breaking Enigma — Cribs, the Bombe & the Fatal Flaw
Chapter 3 ended with a warning: the ~10¹¹⁴ keyspace calculation assumed an attacker searching blindly, with no shortcuts and no help from the machine's own structure or the humans operating it. Neither assumption held. This chapter covers how Enigma was actually broken — first by Polish mathematicians before the Second World War even started, then at a much larger, sustained scale at Britain's Bletchley Park — and why the real story is less "a genius found one clever trick" and more "a systematic, industrial-scale process exploited several genuine weaknesses at once."
The Reflector's Fatal Flaw, Formalized
Chapter 3 introduced the reflector's guarantee that no letter can ever encrypt to itself, and asked you to reason about why that might help a codebreaker even without knowing the daily key. Here's the formal technique built on exactly that property, known as crib-dragging.
A crib is a guessed or known fragment of plaintext believed to appear somewhere in a message — more on where these guesses actually came from in the next section. To test a crib against a stretch of ciphertext:
- Slide the crib along the ciphertext, testing one starting position (offset) at a time.
- At each offset, compare the crib letter-by-letter against the ciphertext letters directly beneath it.
- If any letter of the crib matches the ciphertext letter in the same position, that offset is impossible — Enigma could never have produced a letter mapping to itself — and can be discarded immediately, with zero knowledge of the actual daily key required.
This alone doesn't reveal the key — but it dramatically narrows down which positions in the ciphertext a guessed crib could actually start at, which is the essential first step every other technique in this chapter builds on.
Cribs — Where the Guesses Came From
Crib-dragging is only useful if you have a good guess for what plaintext to test. In practice, German military communication was remarkably predictable:
- Routine weather reports opened with the same standard phrase, Wettervorhersage ("weather forecast"), nearly every single day.
- Uneventful daily status reports commonly used the stock phrase Keine besonderen Ereignisse ("nothing to report").
- Formal messages followed rigid formatting and titles — dates, ranks, and unit names appearing in predictable positions.
- Some phrases were considered so security-sensitive their use was actually restricted — Hitler's name, for instance, was avoided in encrypted traffic specifically because its predictable spelling made it a dangerously strong crib.
The Polish Contribution — Rejewski & the Bomba
The first real break came years before the war, from the Polish Cipher Bureau. Mathematician Marian Rejewski exploited a specific procedural weakness in how Germany used Enigma in the early-to-mid 1930s: each operator's message began with the day's starting position, enciphered twice in a row as a check against transmission errors. That doubled repetition, combined with rigorous permutation-group mathematics, let Rejewski deduce the internal rotor wiring and build the Bomba kryptologiczna — an electromechanical device that automated testing candidate rotor settings against this specific weakness.
In July 1939, with war looming, Poland shared its Enigma-breaking methods and even reconstructed machines with British and French intelligence — a critical head start that the much larger Bletchley Park effort built directly on top of.
Turing, Welchman & the British Bombe
Once Germany fixed the doubled-key weakness the Poles had exploited, the Polish method stopped working. At Bletchley Park, Alan Turing designed a new electromechanical device — also called the Bombe, distinct from and considerably more powerful than the Polish Bomba — built around crib-dragging rather than the doubled-key flaw. Gordon Welchman then added a critical improvement, the diagonal board, which dramatically increased the number of plugboard-related contradictions the machine could detect, cutting the effective search time enormously.
How the Bombe Actually Worked, Conceptually
Starting from a crib believed to align with a stretch of ciphertext, codebreakers built a menu — a diagram linking each ciphertext letter to its corresponding crib letter at that position, forming a chain (and sometimes closed loops, which were especially valuable). The Bombe then electrically simulated many linked Enigma rotor-sets simultaneously, each wired according to the menu, and tested candidate rotor starting positions one at a time — extremely fast, since it was doing this electromechanically rather than by hand.
For each candidate position, the machine checked whether the wiring was self-consistent. A contradiction — most directly, a chain implying some letter would have to map to itself, violating the reflector's own guarantee from Chapter 3 — meant that starting position was impossible and could be discarded instantly, without ever needing to determine the plugboard or ring settings for it at all. Only candidate positions surviving this contradiction check were passed on for further, more detailed testing. The overwhelming majority of the ~10¹¹⁴-sized keyspace was never touched directly; entire families of settings were ruled out the moment a single contradiction appeared.
Human & Operational Mistakes That Helped
Beyond the machine's own structural properties, operators themselves handed codebreakers real, repeated advantages:
- Lazy or predictable settings — some operators chose starting positions or plugboard pairs following obvious patterns (keyboard sequences, initials, or repeatedly reusing a personal favorite), rather than genuinely random choices, nicknamed "cillies" by Bletchley staff.
- Message-key reuse — sending the same or a very similar message twice under different daily keys (for instance, retransmitting a message that failed to arrive) gave codebreakers two independently encrypted versions of the same plaintext, dramatically easier to attack together than either alone.
- "Kisses" — cases where the same message content was transmitted both via Enigma and via a separately-broken, lower-grade cipher, letting codebreakers use the already-known plaintext as a perfect crib against the Enigma version.
- Rigid message formatting — the same predictability the cribs section above already covered, but worth restating here as a genuinely operational (not mathematical) failure: discipline about varying message structure was simply never enforced.
What This Teaches About Cryptography Generally
Enigma's underlying cipher mathematics were genuinely sound for their era — the ~10¹¹⁴ keyspace from Chapter 3 was real. Every practical avenue of attack covered in this chapter — the reflector's structural guarantee, predictable message content, procedural shortcuts, and operator carelessness — came from how the system was used, not from the core cipher design being fundamentally broken.
Hands-On Exercises
Given the 12-letter ciphertext RWEFTBERXTQY and the crib WETTER (6 letters), test starting offsets 1, 4, and 7 (1-indexed) using crib-dragging. Which offset(s), if any, are eliminated by the "no letter maps to itself" rule, and which survive?
Explain why a "kiss" — the same message content sent both via Enigma and via a separately broken, weaker cipher — could compromise Enigma's security for that message, even though the daily key changed every day and the weaker cipher's own key had nothing to do with Enigma's.
📄 View solutionExplain, conceptually, why testing rotor settings for logical contradictions (the Bombe's approach) was so much faster than brute-forcing all ~10¹¹⁴ possible daily keys directly, one at a time.
📄 View solutionChapter 4 Quick Reference
- Crib-dragging — slide a guessed plaintext fragment along the ciphertext; any position producing a letter matching itself is impossible and eliminated, with no knowledge of the key needed
- Cribs came from predictable German message structure — standard weather-report phrasing, routine "nothing to report" messages, rigid formatting
- Rejewski's Bomba (Poland, pre-war) exploited a doubled-key procedural flaw; shared with Britain/France in July 1939
- Turing/Welchman's Bombe (Bletchley Park) used crib-derived "menus" and tested rotor positions for logical contradictions, discarding entire families of settings instantly
- Operational mistakes — "cillies" (predictable settings), message-key reuse, and "kisses" (the same content sent via a weaker, already-broken cipher) all gave codebreakers real advantages
- The core lesson: Enigma's math was sound; every real attack came from how it was used — the same throughline this whole course keeps returning to
- Next chapter: Symmetric-Key Cryptography — leaving classical/historical ciphers behind for the modern block and stream ciphers real systems use today