How much would removing enigmas biggest flaw improve it?

Question

Enigma's biggest flaw was that a letter could never be encrypted as itself. How much would enigma's security increase if it were possible that a letter could be encrypted as itself? I know that would void the method used by Turing and co.

Please give as much detail as possible in answers.

EDIT: clarifying improvement

The improvement is, in the simplest terms:

Once the signal has passed through the rotors and into the reflector, the rotors shift forward before allowing the signal back through, meaning that each encryption operation would use two shifts instead of one.

EDIT 2: Also, with enigmas flaws removed, how comparable to modern algorithms would it's security be? And as another note, I'm not talking about modifying enigma back in WWII, I'm talking about a virtual software based mod now.

That will depend on how this flaw is removed, making the question too broad IMHO. If for example we add an additional fixed public involution (e.g. A to B, B to A, C to D, D to C..) on input on encryption, and output on decryption, we fully fix the flaw as stated in the question, but cryptanalysis is just as easy. If we make that additional permutation keyed, the system is more secure to some degree. — fgrieu, Oct 22 '19 at 07:31
My question would be how to do it - It is easy in a modern digital electronic world, but would be much more difficult in a WW2 time frame. — Eugene Styer, Oct 22 '19 at 14:47
An easier change (given the technology of the time) would be to get rid of the reflector; double the number of rotors, and rotate the rotor disks at both ends. That would approximately double the cost (I assume that the rotors are the majority of the cost), however it is straight-forward, and decryption should be fairly easy (in decrypt mode, you arrange the rotors in the opposite direction (you'd include rotors with inverse wiring); in your case, you need need to do some fancy rotor management in decrypt mode) — poncho, Oct 22 '19 at 15:01
@EugeneStyer I was thinking that enigma, enhanced with no flaws might actually be comparable to AES. Also I wasn't talking about back then, I was talking about now. — Legorooj, Oct 22 '19 at 23:13
@poncho I'm taking about now, not WWII. See edit 2 for detail. — Legorooj, Oct 22 '19 at 23:15
Well, if you enhance Enigma to have no flaws, well then, it'd have no flaws. However, I am not convinced that specific suggestion you gave would have no flaws. For example, in the short term, the encryption operation can be expressed as $R_i P R^{-1}_{i+1}$, for a fixed permutation $P$ with no fixed points (the rest of the rotors). It would seem to me that statistical analysis (based on the lack of fixed points) be able to recover the state of the initial rotor. Once you do that, you're left with a standard Engima (with one less rotor) — poncho, Oct 23 '19 at 14:14
@pocho true - I have an idea which mutates the rotors based on a key and much more - I'll ask a question about the security of the algorithm when perfected. — Legorooj, Oct 23 '19 at 23:56
The conclusion I've come to is that it entirely depends on how enigma is modified. See @ponchos answer for detail on some attacks. — Legorooj, Oct 24 '19 at 04:21
There were so many flaws in Enigma that only removing one would not do much good. Take a look at the FIALKA, sometimes called the "Russian Enigma". It resolved many of the shortcomings in the Enigma. — Patriot, Aug 14 '21 at 07:51

score 3 · Accepted Answer · answered Oct 23 '19 at 15:08

with enigmas flaws removed, how comparable to modern algorithms would it's security be?

With the specific change you specified, it would still (by modern standards) be considered "broken".

Here is how you can perform a distinguishing attack, and do a partial key recovery (recover the first two rotor settings with a good probability of recovering the third rotor setting) with about 400 characters of known plaintext.

I'll be assuming a 26 character rotor, however the attack scales to other sizes.

Here's how to recover the first rotor setting (and if you do recover a setting that works, that's a distinguishing attack):

In the encryption operation, the note that:
- The plaintext character is sent through the first rotor: $A := R_i({Pt})$
- The ciphertext character is sent through the first rotor after stepping it one position: $B = R_{i+1}(Ct)$
- The mapped plaintext $A$ is different than the mapped ciphertext $B$

This holds because the internal rotors and the reflector do not step during the operation, and hence will never map a character to itself.

Note that this might not be true if the second rotor is stepped during the encryption operation; however that will occur only once every 13 character encryptions.

So, if we take a guess at an initial rotor setting, we can determine how all the plaintext and ciphertext characters are mapped. Then, if we find two instances where the plaintext and ciphertext characters are mapped to identical $A, B$ values (and those locations are not multiples of 13 apart), we know that that initial rotor setting is impossible.

After 400 characters, the probability that an incorrect rotor setting will show as possible is approximately $2^{-13}$; as there are significantly fewer than $2^{13}$ possible settings for the first rotor, then with high likelihood, only the correct setting will remain as possible (and if no settings remain, then this isn't modified Enigma).

Now, that we've recovered the first rotor setting (and position), we can peel off the first rotor operation (by applying the now-know first rotor operation to the known plaintext/ciphertext), and use a similar attack to recover the second rotor (which is actually easier; we have a lot more information per rotor step). And, if the third rotor steps during the 400 character encryption but not the fourth (probability >50%), then we can recover the third rotor (using the same trick)

Bottom line: this would be considered (by modern standards) totally broken

Your attack seems to use th fact that a letter can not be encrypted as itself - would it still succeed if a letter could be? — Legorooj, Oct 23 '19 at 23:59
@Legorooj: this specific attack, no. However, depending on how you modify Enigma, a more sophisticated one might be able to... — poncho, Oct 24 '19 at 02:16
Well then, I shall tag you when I've done with my algo, and ask about its security in a new question. — Legorooj, Oct 24 '19 at 02:55

score 2 · Answer 2 · answered May 17 '23 at 18:48

Remember this was a mechanical device. Holding the signal in the reflector, rotating the device, and then releasing the signal, that would have been very difficult.

But also remember that what made Enigma easy to use (and easy to use is very important) is the fact that if two enigmas are set up in an identical way, and I enter the clear text into one and the encrypted text into the second, then the second machine outputs the clear text. And since this works with two enigmas set up identically, then it works with a single enigma.

So “fixing” the flaw totally changes the way enigma is used.

score -1 · Answer 3 · answered May 16 '23 at 21:28

-1

I'm new to this, however. I do not believe the stated flaw, is really a large contributing factor to enigma being broken as is it made out to be. Information about the process was the biggest flaw. For example, if a cryptologist didn't know that the device will not encrypt an input character to itself, where could they start? It would have to be discovered first, and then made into a flaw during the analysis. How would one know (or calculate) that fact first?

The Germans fist mistake was using a known starting point that was easily available, the pre-war consumer version. If the device was created without a created starting point, the fact that the device did not encrypt an input character to itself would not be in play.

Think of ASE encryption. Everyone knows how it works. But what they don't know is the starting point. The key.

answered May 16 '23 at 21:28

DJ in Colorado

39
5

"The Germans fist mistake was using a known starting point that was easily available" well that didn't help, but Bill Tutte broke the Lorenz cipher without having a sample machine, or any details of how it worked (see Wikipedia) – Martin Bonner supports Monica May 18 '23 at 16:09
You missed the point. Basing the M3 on the same device that was know, gave the steps needed to break it. The Pol's work, based on the commercial device, and mathematician analysis got them further.
Although, Bill Tutte did not have access to a Lorenz cipher, they knew it was a rotor system as other countries used similar devices to the enigma. That lead to the idea an additional XOR was used, which was similar to the telegraphy used at the time (ITA2). And, the mistake of the germans to send the code twice, using the same key got the ball rolling.
– DJ in Colorado May 18 '23 at 19:59
1

Also in peace times the settings were rarely changed, only once every three months. And an attacker needed about 90 messages with three repeated letters to crack the internals of the rotors. Changing the settings daily would have prevented this (from memory). – gnasher729 May 20 '23 at 19:41

How much would removing enigmas biggest flaw improve it?

3 Answers3