By Justin Yeh (Guest Contributor from Vanderbilt University)
An Allied cryptanalyst intercepts the message, “JDNTOENVIPDJ,” during World War II and attempts to decrypt it. He assumes it was encrypted using the German Enigma machine and performs the standard cryptanalysis, resulting in the message “PQNXLATIDNW.” He is completely baffled…the Allies had already broken the Enigma, so why was this message indecipherable?
The Germans had invented a new cryptographic weapon.
The Germans’ new cipher, the Rasterschlüssel 44, was introduced in 1944. Ironically, the origins of this new German cipher can be traced to British cryptography (Rijmenants). The cipher was used in the field, mainly by police forces and the army (Cowan 2004) instead of by diplomatic officials. The Rasterschlüssel 44 (RS 44) was a hand cipher, meaning that it could be implemented with pencil and paper, unlike the German Enigma, which required a machine to encipher and decipher a message. Like all hand ciphers, the RS 44 needed to balance security strength and convenience. The cipher had to be complicated enough to withstand decryption efforts, but not so complicated as to be difficult to use.
Even though the RS 44 is a relatively unknown cipher, it still played a substantial role in WWII. The Allies had already broken the Germans’ previous field cipher, the Double Playfair cipher, and all of the messages enciphered with the Double Playfair were being read (CryptoDen). The RS 44 allowed the German military and field troops to communicate securely without fear of revealing critical military strategies to the Allies. Had the RS 44 failed to secure German communications, the Allies would have gained a tremendous tactical advantage. Cowan (2004) lists translated messages sent on February 3rd, 1945 that were enciphered with the RS 44:
“An additional 16 cubic metres Otto fuel have been allocated from Muerlenbach delivery #IS20 to enable 3rd Panzer Grenadier Regiment to be brought up more rapidly.”
“Combat elements of II Battalion have set-off on foot. I Battalion will leave tonight by truck.”
The Allies were too slow in decrypting these messages to be able to react to this information, but these messages provide examples of the subject matter and importance of the content enciphered using the RS 44.
The method by which the RS 44 encrypts a message can be seen in the cipher’s name; “Rasterschlüssel” means “grid key” in German. The basic principle of the RS 44 is that the plaintext (the message being enciphered) is horizontally written into a grid, and then the ciphertext (the scrambled message) is obtained by vertically reading the columns from top to bottom and writing out the letters. This method of scrambling letters is called columnar transposition.
Here is an example:
Resulting ciphertext: ptee les axs ita nmg
The grid scrambles up the letters so that the message can no longer be read. The RS 44 takes a basic grid and adds in a few tricks. First, the RS 44 uses a much larger 25×24 grid. The 25 columns are labeled with the numbers 1-25 in a random order. Each column is also randomly labeled with one of the 25 following pairs of letters:
aa ba ca da ea
ab bb cb db eb
ac bc cc dc ec
ad bd cd dd de
ae be ce de ee
Each of the 24 rows is also labeled with one of the 25 pairs (one pair is unused).
So a possible grid might look like this:
(Click on the image to see a larger version.)
The rows and columns are labeled as previously specified, but the grid is not complete. In each row, 15 of the cells are randomly blacked out, leaving only 10 white spaces in each row. Here is an example:
The grid pictured above resembles a crossword puzzle gone horribly wrong, but it is actually a finished stencil for the RS 44. Now that the grid is complete, the plaintext message can be inserted into the stencil. In our example, the plaintext message will be:
“Rainbow unicorn horns are immensely more valuable than those of even the largest narwhals.”
A hypothetical German cryptographer encrypting this important, nonsensical wartime message would begin by choosing any white cell in the grid. In this example, let’s say he chooses the cell in column “dc” and row “ee.” He would then write the message horizontally, putting one letter in each blank space and continuing to the next row when he reaches the end of one row. Once he finishes, the grid would look like this:
Now that the letters are inserted into the rows, the cryptographer obtains the ciphertext by reading down the columns, similar to the example with the “plaintext message” in the first figure above. However, instead of starting with the leftmost column and reading to the rightmost column, the RS 44 uses the numbered columns to determine the order in which the columns are read.
The cryptographer will choose a column based on the time the message is written and the length of the message: in this example, the column is “ec,” also numbered “8”. This column only contains the letters: “h,” “n,” and “a,” so those are the first three letters of the ciphertext. The next column is “bd,” which is labeled “9.” The remaining ciphertext is obtained by reading the columns from top to bottom in increasing numerical order. After all the columns are read, the ciphertext message reads:
However, our cryptographer is not finished. In order to indicate the cell in which he started writing his plaintext, he uses a 5×5 matrix of letters. The coordinates of the starting cell can be written as “dcee,” and he substitutes letters from the matrix, resulting in the letters “rvhp.” This substitution must be attached to the beginning of the message before it can be sent. In addition, the time that the message was written (16:21) and the message length (76) must also be included. This extra information is written as 1621-76-rvhp.
Finally, the message is ready to be sent:
1621-76-rvhp HNANOESONMEGNANAALHRNTRAUHVSCWSTNAOAWVIBHMEFLREMLRN RLTIOEAEEBRSUIYEHREOTOLSEN
Breaking the RS 44
The strength of the RS 44 lies in the randomness of the stencil. Accounting for repeat configurations and configurations that would not scramble the message, the number of stencil possibilities is still 2.06×10185 (Rijmenants). An Allied cryptanalyst that knew the dimensions of the stencil faced the impossibility of actually guessing the configuration of the stencil.
Despite the astronomical number of stencil possibilities, the RS 44 is not infallible. The number of possible stencils only protects the cipher from random guessing. However, the Allied cryptanalysts used other methods to break the cipher. They used captured stencils to decipher messages, but they had actually cracked the RS 44 without using a stencil. The enciphering technique of the RS 44 was secure; however, the Allies exploited the cipher’s improper implementation. Cryptographers using the stencil were prone to many mistakes, which required some messages to be sent more than once. The Allies used these similar messages to determine the plaintext and derive the stencil. Despite being broken, the RS 44 was still a relative success. The strength of the RS 44 was not that it was unbreakable, but that it was unbreakable in a short time frame. By the time the Allies had decrypted a message enciphered with the RS 44, the message was no longer relevant. Unlike Enigma, which was meant to be unbreakable, the RS 44 only had to be unbreakable for a given period of time. The fastest decryption of the RS 44 by the Allied cryptanalysts at Bletchley Park was ten days, but most messages took longer (Cowan 2004).
Weaknesses of the RS 44
As mentioned earlier, the cryptographers who enciphered messages with the RS 44 made many mistakes. This was due to the difficulty of using the stencil. Cryptographers placed tracing paper on the stencil and wrote on the tracing paper. Errors in counting occurred and the cipher was almost impossible to use in wet conditions (Cowan 2004). The mistakes in enciphering resulted in the decipherment of gibberish, which required a second message to fix the mistake. The resending of faulty messages greatly aided the Allies and their decryption efforts. The rules for enciphering a message were given in a 20-page instruction manual, but some cryptographers were still confused about the process (CryptoDen).
Another weakness of the RS 44 was the manufacture of the stencils. The pattern of the blacked out cells in each row was constructed using a rod. The Germans initially only had 36 rods to choose from, which meant that the millions of possible arrangements of black cells in each row was reduced to 36. If the Germans used a greater variety of rods, and therefore a greater variety of stencils, then the RS 44 would have been more secure. A wartime shortage of materials prevented the mass manufacture of different rods and stencils. In addition, the stencil used for enciphering messages had to be replaced daily. To produce a month’s supply of stencils, a book of 31 stencils had to be assembled and distributed to every unit that communicated using the RS 44. The strain on German supplies was significant; the RS 44, with its stencils and tracing paper, required 30 tons of paper per month (Cowan 2004).
Overall, the RS 44 succeeded in securing German messages. The Allied forces did manage to break the cipher and discover the mechanics, but not in a reasonable time frame. The RS 44 stencil provided a sufficient variability and number of possibilities to maintain the security of the message. However, difficulties in its application ultimately led to its decryption, and limited supplies inhibited its effectiveness. The true value of the RS 44 lies in the fact that scrambling a message using a grid with a few added layers of complexity can stump cryptanalysts but does not even require advanced technology, just paper and a pencil.
This post is part of a series of essays on the history of cryptography produced by students at Vanderbilt University. This post was originally published inFebruary 2013. The students wrote these essays for an assignment in a first-year writing seminar taught by mathematics instructor Derek Bruff. The essays are shared here, in part, to give the students an authentic and specific audience for their writing. For more information on this cryptography seminar, see the course blog.
If you enjoyed this piece please come back the week of November 17th-21st for our week devoted to Cryptography!
Cowen, M. J. (2004). Rasterschlüssel 44 – the epitome of hand field ciphers. Cryptologia, 22(4), 115-148.
CryptoDen. (n.d.). Rasterschluessel 44 (RS 44): Introduction. Retrieved from http://www.cryptoden.com/index.php/21-intro-raster
Rijmenants, D. (n.d.). Rasterschlüssel 44. Retrieved from http://users.telenet.be/d.rijmenants/en/rasterschlussel44.htm
Image: “Goal setting,” Justin See, Flickr (CC)