Main Page | See live article | Alphabetical index

Enigma machine

This article relates to the Enigma machine in cryptography. For the Enigma web browser, see Enigma browser; for the musical work by Elgar, see Enigma Variations; for the musical artist, see Enigma (musical artist); for the computer game, see Enigma (game).

Fig. 1 - The Enigma Machine
The Enigma was an electro-mechanical cypher machine used for both encryption and decryption, widely used in various forms by most German military forces. Ease of use and the supposedly unbreakable cypher were the main reasons for its widespread use. The cypher was in fact broken, and the reading of information in the messages it didn't protect is generally credited with ending World War II at least a year earlier than it would have otherwise.

The British encryption machine, Typex, and several American ones, eg the SIGABA or M-134-C, were similar in principle to Enigma, but far more secure.

Table of contents
1 History
2 Operation
3 Basic Cryptanalysis
4 Encoding Methodology
5 Breaking the Enigma
6 Ultra
7 After the War
8 Related Topics
9 External Links


Enigma was developed by Arthur Scherbius in various versions dating back to 1919. He set up a Berlin company to produce the machine, and the first commercial versions were offered for sale in 1923. Several copies were purchased by the German Navy in 1926, and the device was then picked up by the Army in 1929, and thereafter by practically every German military organization and by most parts of the Nazi hierarchy. In the German Navy, it was called the "M" machine.

Versions of Enigma were used for practically all German (and much other European Axis) radio, and often telegraph, communications throughout the war, even weather reports were encrypted with an Enigma machine. Both the Spanish (during the Civil War) and Italians (during World War II) are said to have used the commercial machine, unchanged, for military communications. This was unwise, for the British (and one presumes, others) had succeeded in breaking the plain commercial version.


The Enigma machine was electro-mechanical, meaning it used a combination of electrical and mechanical parts. The mechanism consisted primarily of a typewriter-style keyboard, which operated electrical switches as well as a gearing mechanism.

The electrical portion consisted of a battery attached through the keys to lamps. In general terms, when a key was held down on the keyboard, one of the lamps would be lit up by the battery. In the picture to the right you can see the typewriter keys at the front of the machine, and the lights are the small (barely visible) circles "above" the keyboard in the middle of the machine.

The heart of the basic machine was mechanical, consisting of several connected rotors. Enigma rotors consisted of flat disks with 26 contacts on each side, arranged in a circular manner around the outer faces of the disk. Every contact on one side of each disk is wired to a different contact on the other side. For instance, in a particular rotor the 1st contact on one side of the rotor might be wired to the 14th contact on the other side, the 2nd one the first side to the 22nd on the other, and so forth. Each rotor in the set supplied with an Enigma was wired differently than the others, and the German military/party models used different rotor wirings than did the commercial models.

Inside the machine were three slots (in most variants) into which the rotors could be placed. The rotors were "stacked" in the slots in such a way that the contacts on the "output" side of one rotor were in contact with the "input" contacts on the next. The third rotor was connected to a reflector (unique to the Enigma family amongst the various rotor machines designed in the period) which was hard wired to feed outputs of the third rotor back into different contacts of the third rotor, thence back to the first rotor, but by a different route. In the picture you can see the three stacked rotors at the very top of the machine, with teeth protruding from the surface that allows the rotors to be turned by hand.

When a key was pressed on the keyboard, the current from the battery flowing to that letter, say A, would be fed into the A position of the first rotor. There it would travel through the rotor's internal wiring to, say, the J position on the other side. It would then go into the next rotor, perhaps turned such that the first rotor's J was lined up with the second's X. From there it would travel to the other side of the second rotor, and so on. By the time the signal had travelled through the rotors and back, some other letter than A would light in the lamp array – thus substituting one letter for another, the key to all substitution cypher systems.

Because the rotors changed position (rather like an automobile odometer) with every key press, A might be Q this time, but the next A would be something different, perhaps T. After 26 letters were pressed, a cam on the rotor spun the rotor in the next slot. The substitution alphabet thus changed with every plaintext letter.

Better yet, due to the "random" wiring of each rotor, the exact sequence of these substitution alphabets varied depending on the initial position of the rotors, their installed order, and which rotors were installed in the machine. These settings were referred to as the initial settings, and were given out in books once a month (to start with -- they became more frequent as time went on).

The machine was symmetrical in the sense that decypherment works in the same way as encypherment: type in the encyphered text and the sequence of lit lamps will correspond to the plain text. However, this works only if the decyphering machine has the same configuration as had the encrypting machine (rotor sequence, wiring, ring settings, and initial positions); these changed regularly (at first monthly, then weekly, then daily and even more often near the end of the War on some networks) and were specified in key schedules distributed to Enigma users.

Basic Cryptanalysis

Ciphers can be attacked in a number of ways, and by the opening of World War I code-breaking departments were good enough that most cyphers could be broken with enough effort. However most of the techniques used relied on gaining access to sufficient quantities of text encyphered with a particular key, from which patterns might be discerned with much statistics and hard work.

In the frequency analysis technique, letters and letter patterns are counted. Since certain letters appear much more frequently than others in every language, these counts usually reveal information about likely substitutions in the cipher. Users typically look for some important letters and combinations. For instance, in English, E, T, A, O, I, N and S, are usually easy to identify, as well as NG, ST and other similar combinations. Once these are found, the message is partially decrypted, revealing more information about other likely substitutions.

Simple frequency analysis relies on any one letter always being substituted for another letter in the cypher: if this is not the case the situation is more difficult. For many years, cryptographers attempted to hide the frequencies by using several different substitutions for common letters, but this is unable to fully hide patterns in the substitutions for plaintext letters. Such codes were being widely broken by the 1500s.

One technique to make frequency analysis more difficult is to use a different substitution for every letter, not only the common ones. This would normally be a very time-consuming process that required both parties to exchange their substitution patterns prior to sending encyphered messages. In the 1400s, a new technique was invented, now known generally as polyalphabetic ciphers, which provided a simple technique for "creating" a multitude of substitution patterns. The two parties would exchange a small amount of information (referred to as the key) and follow a simple technique that produced many substitution alphabets, and so many different substitutions for each plaintext letter.

It took several hundred years before methods to reliably break these cyphers were found. The new techniques relied on statistics (coincidence counting, for example) to discover information about the key used for a message. These techniques look for repeating patterns in the ciphertext, which provide clues about the length of the key. Once this is known the message essentially becomes a series of messages, each as long as the length of the key, to which normal frequency analysis can be applied. Babbage, Kaisiski, and Freidman are among those who did most to develop these techniques.

Cypher users were told to not only use a different substitution for every letter, but also to use a very long key, so both of these techniques would fail (or at least be a lot harder). However this is very difficult to arrange; a very long key takes longer to convey to the parties who need it, and mistakes are more likely. The ultimate cypher of this kind would be one in which such a long key could be generated from a simple pattern, producing a cypher in which there are so many substitution alphabets that frequency counting and statistical attacks would be effectively impossible.

Enigma's use of multiple rotors provided a simple way of determining which substitution alphabet to use for any particular plaintext letter (while encyphering) and any particular cyphertext letter (when decyphering). In this respect it was similar to the polyalphabetic cipher. However, unlike the polyalphabetic system, the Enigma had no obvious key length since the rotors generated a new substitution alphabet with each keypress, and the entire sequence of substution alphabets could be changed by spinning one or more rotors, changing rotor order, etc before starting a new encryption. In the most simple sense, Enigma had a library of 26 x 26 x 26 = 17576 substitution alphabets for any given combination and ordering of rotors. In addition, the sequence of alphabets used was different if the rotors were started in position ABC, as opposed to ACB. As long as the message was not longer than 17576 characters, there would be no repeated use of a substitution alphabet. And yet this 'key' can be easily communicated to another user, it's just a few simple values: rotor IDs, rotor order, ring position, and starting position.

Encoding Methodology

Of course, if those settings were available, a code-breaker could simply set their copy of an Enigma to the same settings and decode the message. One could send out books of settings to use, but these could be intercepted. Instead the Germans settled on a clever system that blended the two designs.

Enigma operators were at first given a new book every month that contained the initial settings for the machine. For instance, on a particular day the settings might be to put rotor number 7 in slot 1, nr 4 in slot 2, and 6 in 3. They are then spun, so that slot 1 is at letter X, slot 2 at letter J and slot 3 at A. Since the rotors could be moved around in the machine, with three rotors in three slots you have another 3 x 2 x 1 = 6 combinations to consider, for a total of 105456 possible alphabets. There was also a 'ring' setting for each rotor which adds still more variation.

At this point, the operator would then select some other settings for the rotors, this time defining only the positions, or "spins" of the rotors. A particular operator might select ABC, and these become the message settings for that encryption session. They then typed their message settings into the machine, which is still set up in the initial settings. To be on the safe side, they typed it twice. The results would be encrypted, so the ABC typed twice might turn into XHTLOA. The operator then spins the rotors to his message settings, ABC. The rest of the message is then typed in, and sent it over the radio.

At the receiving end the operation is reversed. The operator sets the machine to the inital settings and types in the first six letters of the message. Upon doing this he will see ABCABC light up on the machine. He then spins the rotors to ABC and types in the rest of the encrypted message, decyphering as he goes.

This system was excellent because cryptanalysis fundamentally relies on frequency counting of some sort. Although lots of messages would be sent in any one day with six letters from the initial settings, those letters were intended to be random. While an attack on the cypher itself ought to have been possible, every message used a different cypher key, making frequency counting useless in practice. With modern computers, things might have been different, but with pencil and paper...

Enigma was very secure. So secure in fact that the Germans relied very heavily on it. The Enigma-encrypted traffic included everything from high-level messages about tactics and plans, to trivialities such as weather reports and even birthday congratulations.

Breaking the Enigma

The effort which broke the German cypher began in 1929 when the Poles intercepted an Enigma machine being shipped from Berlin to Warsaw and mistakenly not protected as diplomatic baggage. It was not the military version of the machine, but it provided a hint that the Germans might be using an Enigma type machine in the future. When the German Army first began using modified Enigmas a few years later, the Poles attempted to 'break the system' by finding the wirings of the rotors used in the Army version and by finding a way to recover the settings used for particular messages.

A young Polish mathematician, Marian Rejewski, made one of the most signficant breakthroughs in cryptanalytic history by using fundamental mathematical and statistical techniques to find a way to do both. Rejewski noticed a pattern that was to prove vital; since the message code was repeated twice at the beginning of the message, you could guess the wiring of a rotor not by the letters themselves, but by the way they changed.

For instance, let's say an operator picked QRS as their message settings. They would set the machine to the day's ground settings, and then type QRSQRS. This would turn into something like JXDRFT. Now this looks like complete gibberish, but the clue Rejewski exploited was that the disk had moved three positions between the two sets of QRS – we know that J and R are originally the same letter, and the same for XF and DT. We don't know what the letters are, but nor do we care, because while there are a huge number of rotor settings, there are only a small number of rotors that will have a letter go from J to R, X to F and D to T. Rejewski called these patterns chains.

Finding the proper chains from the 105456 possiblilities was quite a task. The Poles (particularly Rejewski's classmates Jerzy Rozycki and Henryk Zygalski), developed a number of methods to help. One technique used clear strips for each rotor showing which letters could be chained, with the letters that could not chain being blacked out. Users would pick up the strips and lay them over each other, looking for selections where the three letters were clear all the way through. The British had also developed such a technique when they attempted (and failed) to break the military versions of the Enigma.

Of course, a few thousand possibilites is still a lot to try. To help with this, the Poles eventually built several "parallel enigma" machines which they called the bomba kryptologiczna (cryptologic bomb). (Suggestions are that the name was chosen from a kind of local ice-cream dish, or from the ticking noise the machines made as they ran through the possibilities; the French later changed the name to 'bombe' and the English to 'bomb'. No one traces the name to anything explosive.) Possible sets of disks would be loaded into the machine and then a message could be tried on all of the settings at once. Now you were down to hundreds of possibilities. Hundreds is a reasonable number to attack by hand.

The Poles were able to determine the wiring of the rotors then in use by the German Army and, using them, to decrypt a large portion of German Army traffic for much of the 1930s. They received some assistance from the French, who had an agent (Hans Thilo-Schmidt, codenamed Asch by the French) in Berlin who had access to Enigma key schedules, manuals, etc. Rejewski's cryptanalytic breakthrough did not, however, depend on that information; he wasn't even told of the French agent or his material.

Some sources claim (without much support from participants' accounts) that in 1938 a Polish mechanic employed in a German factory producing Enigma machines took notes of the components before being repatriated and, with the help of the British and French secret services, constructed a wooden mockup of the machine. There's also a story about an ambush by the Polish resistance of a German Army vehicle carrying an Enigma machine... In neither case would the ground settings, much less the individual message settings chosen by the operators, be available, and so that knowledge, however bravely gained, would be of little worth. These stories are, thus, less than inherently plausible.

However, in 1939 the German Army increased the complexity of their Enigmas. Whereas in the past they used only three rotors and simply moved them from slot to slot, they now introduced an additional two rotors to the mix. They also had their operators stop sending the individual message settings twice at the beginning of each message, which eliminated the original method of attack.

The Poles, realizing time was running out before the Germans invaded, and unable to extend their techniques with available resources, decided in mid-1939 to share their work, and passed to the French and the British some of their ersatz 'Enigmas', information on Rejewski's breakthrough, and on the other techniques they had developed. The information was shipped to France in diplomatic baggage; the British share went on to Bletchley Park. Up until this point German military Enigma traffic had utterly defeated both the British and French, and they faced the terrifying possibility that German communications would remain "black" for the entire war in prospect. In fact, nearly all the personnel of the Polish cryptography section left Poland during the invasion and most of them ended up in France, working with French cryptographers on German transmissions. Some of the Polish crypto workers were captured by the Germans, but fortunately nothing was revealed of the Enigma work. The work continued there until the fall of France (and even somewhat after). Some of the French/Polish workers managed to escape to England; none were used to help the British cryptanalytic effort against the Engima networks. When Rejewski learned (shortly before his death) of the work at Bletchley Park which he had begun in Poland in 1932, and of its importance to winning WWII, he was astonished.


With this massive Polish assistance, the British began to work on German Enigma traffic themselves. Early in 1939 Britain's secret service installed its Code and Cypher School at Bletchley Park, 50 miles (80 km) north of London, for the purpose of breaking the Germans' message traffic if possible. They also set up a large interception network to collect the encyphered traffic for the code breakers at Bletchley. Eventually, there was a very large organization controlling the distribution of the resultant secret information. Strict rules were established to restrict the number of people who knew about the existence of the Ultra information and to ensure that no actions would alert the Axis powers that the Allies possessed knowledge of their plans.

There, British mathematicians and cryptographers, chess players, bridge players, and crossword puzzle fans, among them Alan Turing, conquered the problems presented by the many German Enigma variations, and found means of cracking them. The information so produced was eventually termed Ultra. British attacks on the Enigmas were similar in concept to the original Polish methods, but based on different specifics. First, the German Army had changed their practices (more rotors etc), so the Polish techniques no longer worked without modification. Second, the German Navy had always used more secure practices, and no one had broken any of their traffic.

One new attack relied on the fact that the reflector (a patented feature of the Enigma machines) guaranteed that no letter could be encyphered as itself, so an A could never turn back into an A. Another technique counted on various common German phrases, like "Heil Hitler" or "please respond", which were found to likely be in this or that plaintext; successful guesses as to the plaintext were known at Bletchley as cribs. With a probable plaintext fragment and the knowledge that no letter could be encyphered as itself, it wasn't uncommon that a corresponding cyphertext fragment could be identified. This provide a large hint as to the message settings, much in the same way the message setting codes had done for the Poles before the War started.

German operators themselves also gave the decrypters immense help on a number of occasions. In one instance an operator was asked to send a test message, so he simply hit the T key repeatedly and sent it. A British analyst received a long message without a single T in it from the interceptor stations, and immediately realised what had happened. In other cases Enigma operators would constantly use the same settings for their message codes, often their own initals or those of their girlfriends. Analysts were set to finding these messages in the sea of traffic every day, allowing Bletchley to use the original Polish technique to find the initial settings for the day. Other German operators used "form letters" for daily reports, notably weather reports, so the same crib could be used every day.

From the beginning, the Naval version of Enigma used a greater variety of rotors than did the Army or Air Force versions, as well as various operational methods that made it much more secure than other Enigma variants. There was no hint at all of the initial settings for the machines, and there was little probable plaintext to use either. Different, and far more difficult methods had to be used to break this system, and with the U-boats running amok in the Atlantic, a more direct approach recommended itself.

On May 7 1941 British Commandos captured a German weather ship, together with cipher equipment and codes, and 2 days later U-110 was captured, together with an Enigma machine, code book, operation manual and other information enabling the code to be broken until the end of June.

In addition to U-110, Naval Enigma machines or settings books were captured from a total of 7 U-boats and 8 German surface ships, including U-boats U-505 (1944), and U-559 (1942), as well as from a number of German weather-reporting boats, from some converted trawlers, and so on. Several other more imaginative techniques were dreamed up, including Ian Fleming's suggestion to "crash" captured German bombers into the sea near German shipping, hoping to be "rescued" by the crew, which would then be taken captive by the commandos hiding in the plane.

In other cases the Allies forced the Germans to provide them with a crib. To do this they would drop mines (or take some other action), and then listen for messages being sent. They knew the word "Minen" would be in some of them. This technique was called gardening.

Had the Germans ever replaced every rotor at the same time, it is possible that the British would not have been able to break back into the system. However, both because of the expense and because of the difficulty of getting all those new rotors to all the necessary ships and units, it was never done. Instead the Germans simply added new rotors to the mix every so often, allowing the settings of the newest ones to be deciphered after a short period.

Even these brief periods were enough to have dramatic effects on the war. Charting the amount of traffic decoded against the British shipping losses for that month shows a strong pattern of increased loss when Naval Enigma was blacked out, and vice versa. But by 1943 so much traffic had been decoded that the code breakers had excellent understanding of the messages coming from various locations and times. For instance a message sent from the west at 6am was likely to be sent by a weather reporting boat in the Atlantic, and that meant the message would almost certainly contain these cribs. From this point on, Naval Enigma messages were being read constantly, even after changes to the ground settings.

However, like the Polish system, the new tricks only reduced the number of possible settings. The number remaining was still huge, and due to the new rotors the Germans had been adding, that number was much larger than the Poles had been left with. In order to solve this problem the Allies "went industrial", and produced much larger versions of the Polish bomba that could test hundreds of keys at once.

Some Germans had some inkling that all was not right with Enigma. Karl Doenitz received reports of "impossible" encounters which made him suspect some compromise with his communications. In one instance, three U-boats met at a tiny island in the Caribbean and a British destroyer showed up, unable to resist such a tempting target. They all escaped and reported what had happened. Doenitz immediately asked for a review of Enigma's security. The analysis suggested that the signals problem, if there was one, wasn't due to the Enigma itself. Doenitz had the settings book changed anyway, blacking out the British for a period. However the evidence was never enough to truly convince him over the objections of the coders. The more so, since his counterintelligence B-Dienst, who also had partially broken the Royal Navy Code, supplied information to this effect. After the War, the American TICOM project teams found and detained a considerable number of German cryptography personnel. Among the things they learned from them was that the German cryptographers, at least, understood very well how Enigma messages might be broken. They just found it impossible to imagine anyone going to the immense effort required. (See Bamford's Body of Secrets on this point).

In 1941 British intelligence learned that the German Navy was to introduce Triton, a new version of Enigma with 4 wheels rather than 3. Fortunately, for the Allies, in December a U boat mistakenly transmitted a messsage using Triton before it was due to be implemented. Realising the error, they re-transmitted the same message using pre-Triton 3 rotor Enigma, giving the British sufficient clues to break the new machine very shortly after it became operational on February 1 1942. The Triton network was given the name Shark.

By 1945 almost all German Enigma traffic could be decoded within a day or two, yet the Germans remained convinced of its security. Had they been aware of Allied progress against Enigma, they simply would have changed systems, forcing the code-breakers to start over. The traffic was considered so secure that they openly discussed their plans and movements, handing the British and the United States a huge amount of very useful information. Not all of which was properly used; the Battle of the Bulge was clearly foreshadowed in German Enigma traffic, but that information was not properly appreciated.

It is commonly claimed that the breaks into Naval enigma resulted in the war being a year shorter, but given its effects on the Battle of the Atlantic (1940) alone, that might be underestimating things.

After the War

The fact that Enigma had been broken during the War remained a secret until the late 1960s. The important contributions to the War effort of a great many people remained unknown, and they were unable to share in the glory of what is likely one of the chief reasons the Allies won the war as quickly as they did. Eventually the story became known.

After the war ended, the British and Americans sold surplus Enigmas and Enigma-like machines to many countries around the world, who remained convinced of the security of this remarkable cypher machine. Their traffic was not so secure as they believed, which is, of course, one reason the British and Americans made the machines available.

In 1967 David Kahn released his book The Codebreakers, which described the capture of the Naval Enigma from U-505. He went on to mention, somewhat in passing, that Enigma messages were already being read by that time, requiring machines that filled several buildings. By 1970 newer computer-based cyphers were becoming popular as the world increasingly turned to computerised communications, and the usefulness of Enigma copies (and rotor machines generally) rapidly decreased. It was decided at this point to "let the cat out of the bag", and official reports about some of Bletchley Park's operations were released in 1974.

Many accounts of these events and of other World War II crypto happenings have been published since then. Several are unreliable in many respects. This is due to several reasons:

More than in most history, the history of cryptography, especially its 'recent' history, must be read carefully.

A responsible, and mercifully short, account of World War II cryptography which is essentially up-to-date as of this writing is Battle of Wits by Stephen Budiansky. It covers more than just the Enigma story. Hugh Sebag-Montefiore's recent Enigma is both well written and accurate, and includes some previously unknown information -- and many excellent photographs. David Kahn's Breaking the Enigma is essentially about the problem of Naval Enigma; it's also accurate. Finally, an excellent and accessible (in addition to being brief) description of the Enigma, as well as other codes/cyphers, can be found in Simon Singh's The Code Book'.

Related Topics

World War II Era Encryption Devices

External Links