Kryptologi og 2. verdenskrig

Transkript

1 Studieretningsprojekt 2014 Kryptologi og 2. verdenskrig Kryptering under 2. verdenskrig Louise Vesterholm Møller Matematik A & Historie A Birgitte Pedersen & Thomas von Jessen G a m m e l H e l l e r u p G y m n a s i u m

2 Abstract This paper examines the encryption and decryption of telecommunications during World War II as well as the decryption s influence on the outcome of the war. This paper has given an account of the English decryption program, Ultra and of the breaking of the German cipher, Enigma during the Battle of the Atlantic. Likewise are the objectives of the decryption investigated. Furthermore an account of the construction of Enigma and as some of its combinatorics will be given to calculate the number of possible permutations. Thus, it is proven that: 26! x 1 < 26! x 1 (25 2n+1)!n! 2 n (25 2(n+1)+1)!(n+1)! 2 n+1 0<n2-26n+162 Additionally, this paper has given an account of RSA encryption and decryption in practice and the mathematical principles involved such as modulo and the Euclidean algorithm. Finally, by means of an assessment of the decryption of the Enigma-code its influence on the outcome of the war is concluded. The study indicates that the Britons, by using different methods, gained full insight into the encrypted Enigma-messages during the Battle of the Atlantic, which meant that it became possible for the allied convoys to sail safely over the Atlantic. Additionally, the complexity of the code analysts work is demonstrated as the calculation results show that with eleven plug leads in use in the electromechanical cipher a total of permutations is reached. Moreover, it is concluded that the RSA-encryption relies on large prime numbers and that the decryption of the system is only possible by using modulo and the Euclidean algorithm. At last, the study shows that not only did the decryption programs save lives they were also a decisive factor that shortened the war by 2-4 years. 2

3 Indholdsfortegnelse INDLEDNING 4 ATLANTERHAVSKRIGEN OG DEKRYPTERINGEN AF ENIGMA 5 POLEN.. 5 BLETCHLEY PARK OG ATLANTERHAVSKRIGEN...7 ENIGMA 11 ENIGMAS OPBYGNING. 11 MATEMATIKKEN BAG ENIGMA 12 SCRAMBLERENHEDEN. 12 KOBLINGSTAVLEN. 14 RSA-KRYPTERING 19 RESTKLASSER 19 EUKLIDS ALGORTIME 21 RSA-KRYPTERING I PRAKSIS KRYPTERING. 23 DEKRYPTERING. 25 DEKRYPTERINGENS BETYDNING FOR KRIGEN 25 KONKLUSION 29 LITTERATURLISTE 31 BILAG 33 BILAG BILAG BILAG BILAG BILAG

4 Indledning Det er ingen nyhed, at der findes et hav af historiebøger, der omhandler 2. Verdenskrig. Bøger, hvis fortællinger og forklaringer alle er en smule forskellige, hvad enten det gælder små detaljer, årstal eller hele faktorer som hvem, hvad, hvor, hvornår og hvorfor. Derfor er det logisk at tro, at den brede befolkning ville være fuldt ud oplyst om alle begivenheder og mulige udslagsgivende faktorer, men én ting der dog sjældent nævnes i de omtalte bøger, og som kun få derfor er klar over i dag, er det, der under krigen foregik på Station X. På dette sted, som i dag er bedst kendt som Bletchley Park, sad der hver eneste dag mens krigen stod på mange tusinde mennesker i al hemmelighed og forsøgte sig med den ældgamle videnskab, det er at bryde koder. Disse mennesker lykkedes ikke bare med at dekryptere flere tusinde værdifulde, tyske meddelelser fra kodemaskinen Enigma, som gav de allierede en stor fordel - deres utrolige arbejde var også af stor betydning for selve krigen. 1 Men hvordan lykkedes det egentlig Station X s kodeanalytikere at bryde tyskernes Enigmakryptering, og hvad var den egentlige betydning af deres arbejde? Lige netop disse spørgsmål er fundamentet for denne opgave og vil på de følgende tyve sider blive gennemarbejdet. Således vil Bletchley Parks dekrypteringsprojekt under Atlanterhavskrigen og dets militære mål undersøges vha. en redegørelse, hvorefter opgaven vil gøre rede for nogle af kodemaskinen Enigmas principper samt dele af dennes kombinatorik. Det vil således bevises at: 26! x 1 < 26! x 1 (25 2n+1)!n! 2 n (25 2(n+1)+1)!(n+1)! 2 n+1 0<n2-26n og ud fra dette vil udregninger præcisere hvilket antal ledninger, der giver de flest mulige permutationer. Det ovenstående tjener for at skabe den bedst mulige forståelse af Enigmamaskinen og samtidig give en indføring i præcis hvor stort et arbejde, det har været at dekryptere. Da både restklasser og Euklids algoritme er nødvendige at kende til for at kunne kryptere og dekryptere med RSA vil udtrykket r modulo m samt Euklids algoritme forklares, ligesom der vil blive givet et eksempel på regning med disse. Derefter vil der gives et eksempel på, hvordan RSA-kryptering og dekryptering foregår i praksis. Til slut vil der konkluderes på betydningen af dekrypteringen af Enigma vha. en vurdering, hvor kilderne The Influence of ULTRA in the Second World War, og Ultra and the battle of the Atlantic: the British view samt hovedlinjerne i andre dekrypteringsprojekter vil blive inddraget. 1 Cheesman, Susan, The Influence of ULTRA in the Second World War, 2 Frandsen, Jesper og andre forfattere. Enigma et dilemma. S. 50 4

5 Atlanterhavskrigen og dekrypteringen af Enigma Bletchley Parks dekryptering af Enigma havde en stor betydning for anden verdenskrig, men forarbejdet der gjorde denne dekryptering mulig, var ikke Englands, men derimod Polens. For at kunne give et fuldstændigt overblik over Bletchley Parks(BP) dekryptering under Atlanterhavskrigen er man dog nødsaget til at gå endnu længere tilbage, nemlig til Frankrig, hvor det første skridt i retning af at bryde den ellers ubrydelige kodemaskine blev taget. 3 I 1918 blev en elektrisk krypteringsmaskine opfundet af en tysk elektroingeniør ved navn Arthur Scherbius. Denne kodemaskine fik navnet Enigma, og selvom den senere fik enorm betydning for det tyske militær, havde Scherbius i begyndelsen meget svært ved at sælge sin krypteringsmaskine. Først i 1923 med Winston Churchills udgivelse af The World Crisis og Royal Navy s publicering af sin tolkning af 1. verdenskrig, ændrede denne situation sig. Disse to dokumenter beskrev, hvordan England havde skaffet sig adgang til tysk kryptografisk materiale under 1. verdenskrig, og den store fordel det har givet de allierede. Tysklands militær var derfor nødsaget til at anerkende Scherbius Enigma, og fra 1925 blev over Enigmaer produceret og overdraget til det tyske militær. 4 Polen I 1926 blev de første Enigma meddelelser opsnappet i Polen, som havde oprettet et cifferbureau som følge af deres lokalisation beliggende mellem to fjender, nemlig Rusland og Tyskland. Uden kendskab til Enigmas opbygning var de polske kodebrydere chanceløse overfor krypteringen, men i 1931 skete der imidlertid noget. Den tyske Hans-Thilo Schmidt, der arbejdede indenfor Tysklands kryptografiske kommunikation, mødtes med en fransk agent, som han, mod et klækkeligt beløb, lod fotografere to dokumenter, der gjorde det muligt for de allierede at bygge en tro kopi af den tyske kodemaskine. Dog indså de allierede hurtigt, at maskinens sikkerhed ikke lå i, at fjenden ikke kunne fremskaffe en maskine, men derimod de mange milliarder kombinationer, også kaldet nøgler. Frankrig, der havde opgivet alt håb om at bryde Enigma, overdrog samme år fotografierne af de to tyske dokumenter til Polen, som de ti år forinden havde indgået et militært samarbejde med. 5 3 Singh, Simon. Kodebogen. S Singh, Simon. Kodebogen. S Singh, Simon. Kodebogen. S

6 De to dokumenter, der både afslørede den indre ledningsføring i scramblerenheden, samt hvordan tyskerne anvendte deres kodebøger i praksis, fik en helt anden rolle i Polen, end de havde haft i Frankrig. Polen, der havde ræsonneret sig frem til fordelen i, at kodebryderne var matematikere frem for sprogstrukturseksperter, inviterede tyve polske matematikere fra et universitet i Poznán til at demonstrere deres evner for kodebrydning. Tre af disse blev ansat, og den mest bemærkelsesværdige af dem var Marian Rejewski. Rejewski var overbevist om, at gentagelsen af den midlertidige nøgle, der bestod af scramblerenhedens startindstilling, var det, der skulle bryde den frygtede tyske krypteringsmaskine. De midlertidige nøgler, også kaldet cillies, blev sendt to gange, hvilket gjorde, at det samme bogstav blev krypteret til to forskellige. Det betød, at det på dage med et tilstrækkeligt stort antal meddelelser var muligt for Rejewski at skabe et fuldendt relationsalfabet, der bestod af de forskellige bogstavers relationer. Rejewski, der stadig ikke have nogen idé om den anvendte dagsnøgle, fandt et mønster. Bogstaverne i relationsalfabetet dannede kæder, der startede og sluttede med det samme bogstav således kunne A krypteres til D, D krypteres til T, mens T krypteres til A, hvorved kæden sluttede. Rejewski fandt så ud af, at antallet af kæder og kædernes længde kun afhang af scramblerindstillingerne, hvilket betød, at han i stedet for skulle koncentrere sig om 10x10 15 nøgler pludselig kun skulle koncentrere sig om scramblerenhedens indstillinger. 6 Efter et år havde Rejewski og hans team færdiggjort et katalog over alle mulige kædelængder, hvorefter det kun var koblingstavlens indstillinger, der skulle udregnes, og også dét lykkedes via sund fornuft. Rejewski havde brudt Enigma, og selv da tyskerne foretog ændringer i maskinens opsætning, der gjorde kædekataloget ubrugeligt, var det muligt for Polen at dekryptere tyskernes meddelelser. Rejewski opfandt nemlig en maskine, der på kort tid kunne gennemgå alle scramblerenhedens indstillinger. Denne maskine blev kaldt bomben, og med den nåede dechifreringen af tyske meddelelser sit højeste. Nye tilføjelser til Enigma i 1939 betød imidlertid, at Polen pga. manglende ressourcer ikke kunne komme videre, og derfor måtte overdrage bombens arbejdstegninger samt to Enigmakopier til England og Frankrig, for at alt ikke skulle gå tabt i den kommende tyske invasion. 7 6 Singh, Simon. Kodebogen. S Singh, Simon. Kodebogen. S

7 Bletchley Park & Atlanterhavskrigen De to Enigmakopier samt arbejdstegningerne til bomben blev bragt til den nyoprettede Station X, som var beliggende i og omkring godset Bletchley Park(BP). Dette sted husede forskellige kodebrydningsaktiviteter, f.eks. tog Hytte 6 sig af den tyske hærs Enigmakommunikation, mens Hytte 8 og 4 tog sig af flådens Enigma. Disse aktiviteter samt andre dekrypteringsprojekter gik sammenlagt under kodenavnet Ultra. Ultraarbejdet blev foretaget af nogle helt specielle og særligt udvalgte mennesker, hvis evner blev afspejlet ved, at man ikke bare hurtigt lærte de polske teknikker, man begyndte også at udvikle sine egne. Disse mennesker fandt også ud af, at der var mange menneskelige fejl forbundet med brugen af Enigma fejl, som kunne udnyttes til de allieredes fordel. Fejlene var bl.a. de såkaldte cillies, men også andre fejl blev begået for at undgå forudsigelighed, således måtte scramblerenhedens rotorer ikke placeres samme sted to dage i streg, ligesom to nabobogstaver på koblingstavlen heller ikke måtte forbindes. Rent teknisk var det heller ikke muligt for et bogstav at blive krypteret til sig selv. Desuden sendte tyskerne også regelmæssige beskeder på bestemte tidspunkter af dagen, hvilket gjorde, at man kunne knytte et stykke klartekst til en krypteret tekst. Dette gav de såkaldte cribs. Her var det især den daglige vejrudsigt, der hjalp dechifreringen, da kodeanalytikerne på Bletchley havde let ved at finde en crib til ordet wetter (vejr), da man vidste hvor i den krypterede tekst, man skulle lede som følge af den strenge tyske stil. 8 Alt dette betyder udelukkelser af nøgler, der gjorde kodebrydningsarbejdet lettere, og som i praksis fik den betydning, at man via de dechifrerede meddelelser kunne forudsige nogle angreb. Dette betød, at man kunne klargøre en defensiv ved at tilsende målrettede forstærkninger eller helt undgå angrebet ved at evakuere. Dechifreringen betød også, at de allierede til tider var klar over fjendens positioner, så de kunne fokusere deres offensiv, ligesom dekrypteringen også betød, at man kunne varsle tidspunkter og steder for bombeangreb og samtidig holde sig ajour med de tyske tab og deres erstatning. 9 Således kan målet med dekrypteringen af Enigma siges at være spredt udover et stort gitter, da det både var i offensiven og defensiven, man havde gavn af de dekrypterede beskeder. Et problem opstod dog i maj 1940, da tyskerne stoppede med at gentage de midlertidige nøgler, som var en stor del af det Rejewskis bombe byggede på. Dette problem var dog forudset, og den geniale matematiker, Alan Turing havde på det tidspunkt allerede opfundet en maskine, der byggede på viden fra cribs, løkker og forbundne Enigmamaskiner, til at løse tyskernes 8 Singh, Simon. Kodebogen. S Ibid. 7

8 nye fremgangsmåde til distribution af nøgler. Denne type maskine blev også kaldt en bombe, pga. ligheden i fremgangsmetoden med den oprindelige bombe. Den første engelske bombe ved navn Victory ankom til Bletchley Park d. 14. marts 1940 altså to måneder inden tyskerne ændrede deres metode. Alligevel faldt antallet af dechifrerede meddelelser drastisk med tyskernes ændringer, idet den første bombe viste sig at være noget langsommere end ventet. Derfor var det først i august 1940, da den modificerede bombe, Agnus Dei, ankom, at dette tal igen begyndte at stige. 10 En anden ting var, at Enigma-trafikken ikke var ét stort netværk, men derimod flere mindre, hvoraf mange havde forskellige måder at anvende Enigma på. Det sværeste at bryde ind i var Kriegsmarines. 11 I de første otte måneder af krigen brugte flåden det samme Enigmasystem, som de andre tyske enheder, hvorfor dekrypteringen på dette tidspunkt ikke var noget problem. Dette ændrede sig dog i april 1941, hvor flåden begyndte at bruge Enigmaer med en fjerde rotor 12, ligesom også antallet af rotorer der kunne vælges mellem steg fra fem til otte, hvilket øgede antallet af mulige nøgler markant. Desuden var Kriegsmarinen også langt mere omhyggelig med Enigma-kommunikationen end andre af de tyske netværk, hvilket betød, at Bletchley Park ikke fik muligheden for at arbejde med cribs på samme måde. Alle disse nye foranstaltninger gjorde den tyske flådes Enigma urørlig, med den effekt at Tyskland fik overtaget i slaget om Atlanten. 13 Tysklands overtag og det manglende indblik i den tyske krigsførelse i Atlanten betød, at England ikke fik de forsyninger, de havde brug for, da man ikke havde mulighed for at styre konvojer udenom de tyske ubåde. I mistede de allierede i gennemsnit 50 skibe om måneden og omkring søfolk mistede livet. Det så derfor sort ud, og det var ikke bare slaget om Atlanten, der var på spil, da hele krigen, pga. de vitale forsyninger fra USA, som man ikke kunne klare sig uden, afhang af denne. Uden udsigt til at bryde flådens Enigma måtte de tage andre midler i brug og begyndte således at skaffe sig fjendens nøgler via spionage, infiltration og tyveri. 14 Et eksempel er Operation Primrose i 1941, hvor man tilfangetog den tyske ubåd U-110 efter den havde forsøgt at angribe konvoj OB 318. Fra ubåden blev, udover nogle besætningsmedlemmer, en Enigmamaskine, kodebøger, koden til dobbeltkrypterede 10 Singh, Simon. Kodebogen. S Singh, Simon. Kodebogen. S Carter, Frank. Breaking Naval Enigma. s Singh, Simon. Kodebogen. S Singh, Simon. Kodebogen. S

9 signaler og andre værdifulde ting såsom kort og tekniske håndbøger, reddet, inden den sank til bunds. Denne erobring var dog bare kronen på værket, efter man i februar havde erobret koder til to måneders brug fra den armerede trawler Krebs og vejrskibet München. 15 Opsnapninger som disse betød, at man kunne begynde at dekrypterede tyske meddelelser igen. Det betød, at Flådens Operative Efterretningscenter(OIC) igen fik en masse oplysninger om fjendens positioner og deployering. Dette var dog ikke problemfrit, da man nu skulle vurdere, hvordan man bedst muligt skulle udnytte Ultras oplysninger, uden fjenden fik nys om det generhvervede indblik i den tyske flåde og manden bag ulvekoblet, 16 Karl Dönitz hoved. Lige netop derfor var målet heller ikke at destruere så mange fjendtlige ubåde og skibe som muligt, da dette ville betyde en øget risiko for, at tyskerne fattede mistanke. 17 Derimod var målet at kende fjendens positioner og de konvojruter, der var i risiko for at blive angrebet, så man kunne styre konvojerne med de vigtige forsyninger udenom. 18 Disse forsyninger var meget vigtige for krigsførelsen på fastlandet, og for fortsat at kunne placere fjendtlige positioner, når man løb tør for nøgler, begyndte de allierede at lægge miner ud bestemte steder for at få cribs. Dette blev også kaldt gardening. Minerne betød nemlig, at tyske fartøjer sendte advarsler rundt, som man med sikkerhed vidste indeholdt geografiske positioner. 19 Andre snedige planer, hvis mål var at stjæle koder nok til flere måneder, blev også udtænkt og en af disse endda af James Bond-skaberen Ian Fleming. Denne plan blev dog ikke til noget, men en række pinches 20 betød, at man alligevel kom i besiddelse af tyske kodebøger. 21 Dette var medvirkende til, at sænkningen af tyske fartøjer nåede sit højeste i 1943, og det lignede således mere og mere en sejr til de allierede. 22 De oplysninger man havde fået ud af dekrypteringen var af enorm stor betydning og havde således vendt krigen for de allierede, derfor gjorde man meget for at skjule, at Enigma var blevet brudt. De fleste episoder med Ultras involvering havde da også en positiv udgang, men der var dog særligt et tilfælde, hvor tyskerne alligevel fik sået tvivl om maskinens tilsyneladende ubrydelighed. BP havde således opsnappet en nøjagtig position for ni tyske fartøjer, 15 Williams, Andrew. Slaget om Atlanten. s Det kaldte man ubådene. 17 Williams, Andrew. Slaget om Atlanten. s Williams, Andrew. Slaget om Atlanten. s Singh, Simon. Kodebogen. S Dristige angreb. 21 Singh, Simon. Kodebogen. S Cheesman, Susan, The Influence of ULTRA in the Second World War, 9

10 men for ikke at vække mistanke hos tyskerne besluttede Admiralitetet, 23 at kun syv af dem skulle destrueres og dette lykkedes også. Ved en tilfældighed blev den tyske mistanke alligevel vakt, da nogle Royal Navy destroyere, der var uvidende om brydningen af Enigma, fandt de to sidste skibe og derfor også sænkede dem. Den tyske admiral Kirt Fricke var uforstående overfor det voldsomme angreb og iværksatte derfor en undersøgelse. Konklusion på denne blev dog, at det store tab skyldtes sort uheld eller en infiltrering af en engelsk spion. Opfattelsen af Enigma som værende ubrydelig vedblev, og tyskerne fortsatte således ufortrødent brugen. 24 Næsten alle de tyske ubådsoperationer ophørte imidlertid, da det tyske slagskib Bismarck sejlede ud i Atlanten. Dette blev dog, uden meget hjælp fra Ultra, sænket efter kun tre dage, og pludselig kunne det net af skibe, der skulle stå for forsyningerne til slagskibet i stedet stå til rådighed for ulveflokken. 25 Forsyningsskibene betød ikke bare, at ubådene kunne blive længere i vandet, men også at de kunne operere langt fra deres base og her fik BP s Hytte 8 og 4 igen en stor betydning, da deres dechifreringer gav den britiske flåde alle de oplysninger, de havde brug for, for at kunne handle. Efter to uger var næsten hele nettet blevet rullet op og sænket. Betydningen af det tunge dekrypteringsarbejde kom også til syne i juni 1941, da et ulvekobbel gjorde klar til angreb på konvoj HX 133, men da BP opsnappede disse planer blev en eskorte hurtigt stablet på benene. Dette betød, at man kun mistede seks allierede skibe, og med sig i faldet tog de to ubåde. 26 Disse er blot få eksempler på, hvordan BP s dechifrering af Enigma-kommunikation havde betydning for både de allieredes forsvar og angreb under slaget om Atlanten, og man kan finde mange andre eksempler. Ligeledes findes der også tilfælde, hvor man har måtte lade ubåde undslippe for ikke at vække mistanke, 27 ligesom der gennem Atlanterhavskrigen også var enkelte lyspunkter for den tyske flåde De øverstkommanderende. 24 Singh, Simon. Kodebogen. S De tyske ubåde. 26 Williams, Andrew. Slaget om Atlanten. s Singh, Simon. Kodebogen. S Williams, Andrew. Slaget om Atlanten. s

11 Enigma Enigma-maskinen, som tyskerne anvendte til kryptering, bestod af i alt fem komponenter, der alle bidrog til, at kodemaskinen skulle blive en af historiens mest frygtede krypteringssystemer, der med sit famøse rygte for at være ubrydelig skabte mange kvaler for de allierede under 2. verdenskrig. 29 Lige netop disse komponenter samt den relevante matematik bag den berømte elektro-mekaniske chiffermaskine vil i det følgende blive gennemgået. Enigmas opbygning Enigma var opbygget af forskellige komponenter forbundet via ledninger. Disse komponenter bestod af et almindeligt tastatur, hvorpå man tastede den ønskede klartekst, en koblingstavle, en scramblerenhed, en reflektor samt en lampeplade, hvor det krypterede bogstav lyste op efter, det var blevet indtastet på tastaturet. 30 De tre midterste komponenter var dem, der gjorde Enigma med dennes mange permutationer unik. Koblingstavlen består således af 26 bogstaver, der parvis kan forbindes med ledninger, så de ombyttes. 31 Scramblerenheden derimod består af 3 hjul(senere anvendte flåden 4), der også kaldes rotorer. Hvert af disse hjul har 26 tal(1-26), der hver repræsenterer tilsvarende bogstav i alfabetet samt et ledningsnet, der sørger for, at der sker en permutation af bogstaverne, der kommer ind. Dagligt valgte tyskerne tre rotorer mellem i alt fem, som adskiller sig fra hinanden ved at indeholde forskellige ledningsnet, hvilket betyder, at rækkefølgen af rotorerne også har betydning for krypteringen(vil blive uddybet senere). En af grundene til at scramblerenheden var så velfungerende var, at når et bogstav indtastes på tastaturet, drejede rotor nr. 1 et hak, altså en seksogtyvendedel omgang, hvorved der blev skabt et nyt kryptoalfabet. Sådan fortsætter den, indtil den første rotor har roteret 26 gange, svarende til en hel omgang, hvor en lille anordning på startindstillingen gør, at rotor nr. 2 roterer en seksogtyvendedel. Når rotor 1 så har været endnu en omgang rundt, drejer rotor 2 én placering igen. Når rotor 2 har været en omgang igennem, vil en anordning magen til den på rotor 1 betyde, at rotor 3 roterer en seksogtyvendedel. Hver gang der indtastes et bogstav, vil det altså krypteres via forskellige kryptoalfabeter, i hvert fald indtil der er indtastet bogstaver(vil blive uddybet senere) Singh, Simon. Kodebogen. S Frandsen, Jesper og andre forfattere. Enigma et dilemma. S Ibid. 32 Frandsen, Jesper og andre forfattere. Enigma et dilemma. S

12 Også reflektoren består af et antal ledninger, som leder det permuterede bogstav fra scramblerenheden ind og sender(reflekterer) det tilbage gennem rotorerne, men ad en anden vej. Den adskiller sig dog fra scramblerenheden, idet den ikke roterer, hvilket også betyder, at dens egentlige mening ikke er at øge antallet af kodealfabeter, 33 men derimod at sørge for en let dekryptering, således at krypteringen og dekrypteringen bliver spejlprocesser. 34 Kort fortalt kan krypteringsprocessen siges at starte i tastaturet, hvor et bogstav, f.eks. s, indtastes af person A, herfra kommer det til koblingstavlen via en ledning, hvor det, afhængigt af om det via ledning er forbundet med et andet bogstav, ombyttes. Derfra sendes det videre gennem scramblerenhedens tre hjul, der permuterer det videre til reflektoren, som reflekterer det tilbage af en anden rute gennem scramblerenheden til koblingstavlen, for til sidst at ende i lampetavlen, hvor s nu er blevet krypteret til p, som er det bogstav, der lyser op. Da maskinen stadig blev anvendt, blev dette bogstav efterfølgende overdraget til en operatør, som enten via radio eller morsekode sørgede for at kommunikere det videre til person B. 35 Matematikken bag Enigma Disse komponenter betyder, at krypteringen i Enigma bygger på kombinatorik, som er en matematisk disciplin, der omhandler antallet af måder eller måske mere passende, kombinationer, hvorpå noget kan sammensættes. 36 Således betød det ikke noget, hvis fjenden kom i besiddelse af en maskine eller lykkedes med at lave en kopi. 37 De to permuterende dele, koblingstavlen og scramblerenheden er med til at øge antallet af mulige nøgler, og netop disse dele og deres bidrag til antallet af mulige nøgler vil blive gennemgået i det følgende. Scramblerenheden Scramblerenheden består som nævnt af tre forskellige hjul, der vælges ud af fem i alt. Antallet af mulige måder denne kan opsættes, kan deles op i to dele, hvor den første omhandler rækkefølgen af rotorerne og den anden deres indstilling - altså hvilket bogstav, der starter omgangen Singh, Simon. Kodebogen. S Ibid 35 Frandsen, Jesper og andre forfattere. Enigma et dilemma. S Kombinatorik, Regneregler, 37 Frandsen, Jesper og andre forfattere. Enigma et dilemma. S Ibid. 12

13 Da der i alt er fem rotorer, som der skal udvælges tre af, kan den første rotor vælges på fem måder. Den anden rotor kan så vælges på fire måder, hvilket betyder, at bare udvælgelsen af de to første rotorer giver 5x4=20 forskellige kombinationer. Den sidste rotor kan således vælges ud af tre forskellige rotorer, hvilket giver et samlet antal på 5x4x3=60 forskellige rækkefølger. 39 Dette kaldes både-og-princippet. 40 Den andel del omhandler som nævnt de tre valgte rotorers indstillinger, og som tidligere omtalt har hver rotor 26 tal, der svarer til et bogstavs tilsvarende nummer i alfabetet. Vælges indstillingen t,d,s, betyder det at rotor 1 s starttal, altså det tal, der vender opad, svarer til t s nummer i alfabetet, rotor 2 s svarer til d s, mens rotor 3 s svarer til s, og fremgangsmetoden for at udregne antallet af mulige indstillinger er den samme Billede 1. Scramblerenhedens tre hjul. som i udregningen af antallet af rækkefølger. Således har den første rotor 26 forskellige måder, den kan indstilles på, og det har både den anden og tredje også, da der ikke, ligesom ved rækkefølgen, fjernes en mulighed, når der vælges én. Det betyder, at de tre rotorer tilsammen kan sættes i 26x26x26= positioner. 41 Men da scramblerenhedens samlede antal kombinationer udgøres af både rækkefølgen af rotorerne samt deres indstilling, skal det hele ganges sammen, før man har det endelige antal: 42 5x4x3x26 3 =60x17.576= Således er scramblerenhedens samlede antal indstillinger for en Enigma med tre ud af fem rotorer lig med Havde man derimod arbejdet med fire rotorer, der skulle vælges ud af otte som i den tyske flåde, ville tallet blive: 43 8x7x6x5x26 4 = 1680x456976= måder 39 Frandsen, Jesper og andre forfattere. Enigma et dilemma. S Frandsen, Jesper og andre forfattere. Enigma et dilemma. S Ibid. 42 Frandsen, Jesper og andre forfattere. Enigma et dilemma. S Enigma, Wikipedia, 13

14 Koblingstavlen Selvom de måder kan lyde som mange, er det langt fra nok til at forhindre en computer i, på rimelig tid, at komme dem alle igennem. Derfor tilføjede man endnu en komponent, der skulle øge antallet af permutationer, nemlig koblingstavlen. Koblingstavlen har 26 bogstaver, som parvis kan forbindes via ledninger, således der bliver skabt en permutation. Går man ud fra ledningerne som ses på billede 2, ses det, at en lednings ene ende er placeret i A, mens den anden ende er placeret i J. Da man besluttede, at sætte den første ledning i A, havde man 26 forskellige muligheder for at placere ledningens første ende. Efter man havde placeret enden i A, var der kun 25 muligheder tilbage. Derfor er det logisk at tro, at antallet af Billede 2. Koblingstavlen. muligheder for den første ledning er 26x25, sådan er det imidlertid ikke. Det er nemlig lige meget, om det er den ene eller den anden ende, der er placeret først, idet ombytningen fra A til J vil være den samme som J til A. Derfor skal 26x25 divideres med 2: 26x25 2 = 325 muligheder 44 Da den anden lednings ene ende, som på billedet blev sat i S var der altså 24 forskellig muligheder tilbage, mens der således kun var 23, da dens anden ende blev placeret i O, og igen skal der divideres med 2, for at få dette korrekte antal muligheder. Forestillede man sig videre, at der var endnu en ledning placeret i to bogstaver ville fremgangsmåden være tilsvarende, og der ville altså være: 26x25 2 x 24x23 2 x 22x21 2 muligheder 45. Men da rækkefølgen også her er uden betydning, og man altså ville få det samme, hvis den første ledning forbandt S og O og den anden A og J som omvendt, skal man derfor dividere med det antal af kombinationer, der kan permuteres på i dette tilfælde 3! som er lig 6. Derfor ville antallet af mulige permutationer med tre ledningerne, der forbinder tre forskellige par bogstaver blive: 44 Frandsen, Jesper og andre forfattere. Enigma et dilemma. S Frandsen, Jesper og andre forfattere. Enigma et dilemma. S

15 26x25 2 x 24x23 2 x 22x21 2 x 1 46 = mulige permutationer 3! Den generelle formel for kombinationer lyder: k! C(k,n)= 47 (k n)!n! Og i Enigmas tilfælde, hvor antallet af ledninger er n, og der er 26 mulige placeringer, vil det altså se ud som følger: 26! C(26,2n)= (26 2n)!n!2 n Dette tilfælde anvendes, da rækkefølgen af ledningernes placeringer er ligegyldig. Det er desuden irrelevant, hvilken vej ledningen vender, hvorfor der divideres med 2 n. Af hensyn til en senere løsning af uligheden vil nævneren blive opdelt i flere led. Man kunne nu fristes til at tro, at antallet af permutationer vil være størst, hvis man indsætter de 13 mulige ledninger, men ser man antallet af muligheder som en funktion af n, ses det, at antallet først vokser med n for derefter at aftage. Derfor vil det antal ledninger, der giver det største antal permutationer blive udregnet, ved at udregne det antal af ledninger, hvor antallet af permutationer stadig øges, hvis der tilføjes endnu en ledning. Således sammenlignes summen af muligheder med n ledninger med n+1 ledninger. Dette vil give uligheden, som efterfølgende vil blive løst: 26! x 1 < 26! x 1 (25 2n+1)!n! 2 n (25 2(n+1)+1)!(n+1)! 2 n+1 48 Før man begynder, er det vigtigt at huske på, at man ikke kan bruge et negativt antal ledninger, hvorfor n altid vil være et positivt tal. Det er også af stor vigtighed, at uligheden ikke ændres, og derfor er det nødvendigt altid at gøre det samme på begge sider af uligheden. Med dette vil uligheden løses: Først divideres der med fakultet 26(26!) på hver side af uligheden: 1 x 1 < 1 x 1 (25 2n+1)!n! 2 n (25 2(n+1)+1)!(n+1)! 2 n+1 46 Frandsen, Jesper og andre forfattere. Enigma et dilemma. S Combinations and Permutations, Math is fun, Advanced, 48 Frandsen, Jesper og andre forfattere. Enigma et dilemma. S

16 Omskrives (n+1)! nu til (n+1)n! kan man gange n! ind på hver side af ulighedstegnet, og derefter lade n! gå ud: 1 x n! x 1 < 1 x n! x 1 (25 2n+1)!n! 2 n (25 2(n+1)+1)!(n+1)n! 2 n+1 1 x 1 < 1 x 1 (25 2n+1)! 2 n (25 2(n+1)+1)!(n+1) 2 n+1 Herfra er ønsket en forkortelse af 1 2 n og 1 2n+1 og dette opnås ved at gange med 2n på hver side, da 2n således også går ud: 1 (25 2n+1)! 1x2n x < 1 1x2n x 2 n (25 2(n+1)+1)!(n+1) 2 n+1 1 < 1 x 1 (25 2n+1)! (25 2(n+1)+1)!(n+1) 2 Nu ganges der ind i parentesen på højre side af uligheden: 1 < 1 x 1 (25 2n+1)! (25 2(n+1)+1)!(n+1) 2 1 < 1 x 1 (25 2n+1)! (25 2n 1)!(n+1) 2 For at opnå en yderligere reducering af udtrykket, er det nødvendigt først at forlænge udtrykket med (25-2n-1)! i tælleren på begge sider: (25 2n 1)! (25 2n+1)! < (25 2n 1)! (25 2n 1)!(n+1) x 1 2 Man kan nu lade (25-2n-1)! gå ud på den højre side, men dette er ikke muligt på den venstre, da fakulteterne på denne side ikke er ens, men først opskrives uligheden, hvor højre sides fakulteter er gået ud med hinanden for bedre overblik: (25 2n 1)! (25 2n+1)! < 1 (n+1) x 1 2 For at kunne reducere venstresiden er det nødvendigt at skrive fakulteterne ud, således at de fakulteter, der er ens, kan gå ud med hinanden: (25 2n 1) x (25 2n 2) 1 (25 2n+1) x (25 2n+0) x (25 2n 1) 1 1 (25 2n+1) x (25 2n+0) 16

17 Uligheden ser nu altså ud som følger: 1 < 1 x 1 (25 2n+1) x (25 2n) (n+1) 2 Nu samles udtrykket på den højre side, så uligheden kommer til at se således ud: 1 < 1 (25 2n+1) x (25 2n) 2(n+1) Nu ganges både højre og venstresidens nævner ind i tælleren på begge sider af ulighedstegnet, så de værdier, der er på begge sider af brøkstregen kan gå ud med hinanden: (25 2n+1) x(25 2n) x 2(n+1) (25 2n+1) x (25 2n) < (25 2n+1) x (25 2n) x 2(n+1) 2(n+1) 2(n + 1) < (25 2n + 1) x (25 2n) 2(n + 1) < (26 2n) x (25 2n) Nu sættes 2 uden for parentes på højresiden, da dette er nødvendigt for at kunne reducere udtrykket yderligere efterfølgende: 2(n + 1) < 2(13 n) x (25 2n) Herefter divideres der med 2 på begge sider af uligheden: 2(n+1) 2 < 2(13 n) x (25 2n) 2 (n + 1) < (13 n) x (25 2n) Nu er uligheden næsten løst, men først skal (n+1) trækkes fra på begge sider af uligheden: (n + 1) (n + 1) < (13 n) x (25 2n)-(n+1) 0<325-26n-25n+2n 2 -n-1 0<324-52n+2n 2 2 skal nu sættes udenfor parentes på højresiden samtidig med, at der også divideres med 2, og så er uligheden løst: 0< 2(162 26n+n2 ) 2 0<162-26n+n 2 Således er det bevist at: 26! x 1 < 26! x 1 (25 2n+1)!n! 2 n (25 2(n+1)+1)!(n+1)! 2 n+1 0<n2-26n Frandsen, Jesper og andre forfattere. Enigma et dilemma. S

18 For nu at udregne det antal ledninger hvor permutationerne øges, hvis man tilføjer endnu en ledning, er det først vigtigt at klargøre, at man skal opfatte venstre side af uligheden som en funktion af n, da grafen således bliver en parabel, hvis ben vender opad. Så kan antallet af ledninger, der +1, giver det maksimale antal kombinationer udregnes. Dette gøres ved at bestemme rødderne til uligheden. 50 Man sætter således ulighedens to sider lig med hinanden, som her er udregnet vha. N-spire, som er et cas-værktøj: Solve(0=162-26n+n 2,n) = 10,35 eller 15,65 Som det fremgår af bilag 1, ligger grafen altså under første aksen mellem 10,35 og 15,65, og dermed opfylder både 10 og 15 ledninger uligheden, men da der maksimalt kan være 13 ledninger, da der kun er 26 bogstaver, må 10,35 være løsningen. Da det der blev udregnet, var det antal ledninger, der øgede antallet af kombinationer, hvis man tilføjede endnu en ledning, betyder det, at det antal ledninger, der giver flest antal permutationer er 10+1=11, hvilket også fremgår af bilag er altså det antal ledninger, der giver det største antal af permutationer i koblingstavlen, og det præcise antal udregnes ved at indsætte 11 i stedet for n i udtrykket: 26! x 1 (25 2n+1)!n! 2 n Det maksimale antal permutationer, der fås i koblingstavlen er: 26! x 1 (25 2x11+1)!11! 211 = For nu at gøre klart hvor mange mulige kombinationer en Enigma med 3 rotorer, der vælges ud af 5, har, ganges antallet af startindstillingernes kombinationer med koblingstavlens maksimale antal permutationer: x = Så vidt man ved brugte tyskerne dog ikke mere end 10 ledninger, 51 hvilket således giver: 26! x x 1 (25 2x10+1)!10! 210 = Det er derfor muligt at konstatere, at en matematisk dekryptering af Enigma var et meget stort arbejde. 50 Frandsen, Jesper og andre forfattere. Enigma et dilemma. S Ibid. 18

19 RSA-kryptering Efter Enigma-kommunikationen var blevet brudt, var der behov for en ny og stærkere krypteringsform, der ikke var baseret på elektromekaniske principper. Dette udgjorde således motivationen for, at tre unge matematikere ved navn Ron Rivest, Adi Shamir og Len Adleman i 1977 opfandt et asymmetrisk krypteringssystem, der fik navnet RSA. 52 Selvom også RSAsystemets mange udgaver gennem årene er blev brudt, bliver nogle af dets principper fortsat anvendt i dag, som det f.eks. ses med NemID, hvis kryptering består af meget store RSAnøglepar. 53 RSA er selvsagt meget anderledes fra Enigma, og derfor er det nødvendigt først at forstå matematikken bag systemet, for derefter at kunne forstå måden, hvorpå der krypteres og dekrypteres. Dette afsnit vil derfor sætte fokus på de grundlæggende talteorier samt den matematik, som RSA-kryptosystemet er bygget på. Ligeledes vil der også gives et eksempel på, hvordan krypteringen og dekrypteringen af RSA-systemet foregår i praksis. Restklasser For at forstå RSA-kryptering er det vigtigt, at man kender til restklasser, da denne talteori er grundlæggende for forståelsen af krypteringsmetoden. En rest fås, hvis en division ikke går op, altså hvis et tal, a ikke går op i tallet b. Dette ser man f.eks. ved, at 5 ikke går op i 19, og i stedet for et decimal kan man skrive en divisionsligning med rest: 19=3x5+4 Dette benævnes 19 modulo 5 er 4 eller 19 mod 5 =4, og man siger, at m har resten r ved division med n. 54 En definition lyder derfor: n mod m=r, hvilket er det samme som n=md+r n og d er her hele tal, mens m og r er hele tal 0, så resten r bliver mindst mulig. 55 For ethvert heltal n, skal alle andre tal erstattes med dets rest ved division med n, 56 så alle andre tal end n kun kan identificeres ved deres rest ved division med n. Dette betyder også, at 52 RSA, Wikipedia, 53 Kryptering, Version 2, 54 Rosenkilde, Kirsten, Talteori -Teori og problemløsning 55 Baktoft, Allan. Matematik i virkeligheden. S

20 nogle heltal vil give den samme principale rest ved division med n, og i tilfælde af dette siges det, at tallene er kongruente modulo n. 57 Et eksempel på dette er, at 19 og 29 er kongruente modulo 5, og dette skriver man således: og det er de, fordi deres divisionsligninger er: 19=29 (mod 5) eller 29=19(mod 5) 19=3x5+4 og 29=5x5+4. Både 19 og 29 modulo 5 har altså den principale rest 4, hvilket også kan skrives som a b(mod n) eller n a-b De to hele tal, a og b er altså kongruente modulo n, men dette er de kun, hvis de har samme principale rest ved division med n. 58 Son nævnt vil nogle heltal have samme rest, og disse heltal med samme rest kan placeres i hver deres mængder, som defineres: [r]m= {n n=md+r} Dette kalder man restklassen r modulo m, 59 og det betyder, at for et vilkårligt heltal n er der n restklasser modulo n, som er mængderne. 60 Dette kan også opstilles som: [a]= {b a b mod n} Hvorved definitionen kan omformuleres til, at restklassen til et heltal, a består af alle heltal b, der er kongruente til a modulo n, som med andre ord betyder, at alle tal b, der ved en division med n har samme rest som a: [a]= {b a b mod n}={,a-2n,a-n,a,a+n,a+2n, } 61 Opstiller man restklasser for modulo 5, ser de altså således ud: [0]5 ={,-10,-5,0,5,10,15, } [1]5 ={ -9,-4,1,4,9,14, } [2]5 ={ -8,-3,2,7,12,17, } [3]5 = { -7,-2,3,8,13,18, } [4]5 ={ -6,-1,4,9,14,19, 24, 29 } [5]5 ={ -5,-0,5,10,15,20, } 56 Hansen, Johan P og andre forfattere. Algebra og talteori. Side Carstensen, Jens. Talteori. S.8 58 Bomann, Gunnar. Tal og algebra med historisk tilgang: Bog 2, tal og algebra. S Baktoft, Allan. Matematik i virkeligheden. S Bomann, Gunnar. Tal og algebra med historisk tilgang: Bog 2, tal og algebra. S Hansen, Johan P. og andre forfattere. Algebra og talteori. S

21 - og til slut vil man opdage, at restklasse [5]5 =[0]5 ligesom [6]5= [1]5, som definitionen sagde, da 5 0(mod 5) og 6 1(mod 5). Alle heltal tilhører altså en af restklassemængderne. 62 Restklasser er en smart størrelse, da disse er nemme at regneoperere med, hvilket vil præciseres med nogle eksempler. Først addition: [2]5+[4]5=[2+4]5=[6]5=[1]5 Her er idéen altså, at man plusser, i dette tilfælde to, repræsentanter. På samme facon ses det med multiplikation: [2]5x[4]5=[2x4]5=[8]5=[3]5 Her er idéen altså, at man ganger repræsentanterne. Sætningen for disse lyder derfor således: Lad [r1]m=[r1 ]m og[r2]m=[r2 ]m, da gælder, at [r1+r2]m=[r1 +r2 ]m og [r1 x r2]m=[r1 x r2 ]m. 63 Således er det derfor muligt at anvende regneoperationerne, addition og multiplikation, på restklasser, da de kan fungere som en slags tal. Som følge af dette giver det også mening, at man på samme måde kan bruge potenser på restklasser: [n] k m=[n k ]m Euklids algoritme Når man arbejder med RSA-kryptering, er det også nødvendigt at kende til Euklids algoritme, da den er nøglen til tallene u og v i ligningen a x u + b x v = 1. Disse to tal er nødvendige for at kunne dekryptere en RSA-kryptering. 64 En algoritme er en skematisk regnemetode, som over et endeligt antal trin fører frem til et ønsket resultat. Således er det også tilfældet med Euklids algoritme, hvis mål er at frembringe den største fælles divisor mellem to tal. 65 Fortsætter man med tallene a og b, vides det, at visse divisorer er fælles for de to tal, og i Euklids algoritme er det den største af dem, man er interesseret i. Den største fælles divisor benævnes sfd(a,b), og med andre ord er sfd(a,b) altså det største tal, der går op i både a og b. Sfd(a,b) kan findes ved en primfaktorisering af a og b, men da dette er enormt vanskeligt, især når man når op i de store primtal, kan man med fordel anvende Euklids algoritme Baktoft, Allan. Matematik i virkeligheden. S Baktoft, Allan. Matematik i virkeligheden. S Ibid. 65 Carstensen, Jens. Talteori. S Carstensen, Jens. Talteori. S

22 Euklids algoritme vil i det følgende blive gennemgået med eksemplet sfd(83880,7), og da 7 ikke går op i 83880, vil der gøres brug af division med rest, som tidligere er gennemgået. 67 Divisionsligningen vil se ud som følgende: 83880=11982x7+6 Der er altså en rest på 6, og følger man Euklids algoritme, skal det dividerede tal(7) fra ovenstående, nu divideres med den fundne rest, således at: 7=1x6+1 Resten er nu 1, og igen divideres det dividerede tal fra ovenstående(6) med resten: 6=6x1+0 Resten er nu lig 0, og sfd(83880,7) findes så ved at tage den sidste rest, som IKKE er nul. I dette tilfælde altså 1, og således er resultatet af sfd(83880,7)=1. Da den sidste rest, som ikke er 0, er 1, siger man, at a og b, her og 7, er indbyrdes primiske, da det eneste tal, der går op i dem begge, er tallet For nu at kunne bestemme bogstaverne u og v, som er nødvendige for en dekryptering, vil der gives et taleksempel på, hvordan koefficienterne u og v bestemmes, men først sætningen for en linearkombination af a og b. Sætning 1: Største fælles divisor for tallene a og b er en linearkombination af a og b, dvs. der findes hele tal, u og v, således at Sfd(a,b)=au + bv Enhver linearkombination af a og b er et multiplum af sfd(a,b) 69 Eksempel(resultatet anvendes senere): Først isoleres resterne fra den gennemgåede algoritme: 83880=11982x7+6 <-> 6= x7 7=1x6+1<-> 1=7-1x6 6=6x1+0 Resterne 6 og 1 er altså blevet isoleret i divisionsligningerne, og som nævnt er sfd(83880,7)=1. Værdierne for u og v skal altså findes, således at: 1=83880 x u +7 x v 67 Se side Hansen, Johan P. og andre forfattere. Algebra og talteori. S Carstensen, Jens. Talteori. S. 20. (bogstaverne h og k er erstattet af u og v for at skabe overensstemmelse gennem opgaven)* 22

23 For at finde disse værdier benyttes resterne fra før, og de indsættes baglæns op gennem ligningerne: 70 1=7-1x6=7-( x7)x1 = x x Således er u=-1 og v=11983, og 1 er altså en linearkombination af og 7, og da alle tal går op i 1, er de fundne værdier således et multiplum af 1, sådan som sætning 1 påstod. 71 RSA-kryptering i praksis Kryptering Da den nødvendige matematik nu er blevet gennemgået, vil RSA-kryptering samt dekryptering blive gennemgået i praksis. Ordet, der skal krypteres, er i dette tilfælde ordet hemmelig, og først er der behov for en bogstavstabel, der kan transformere bogstaverne til tal. a b c d e f g h i j k L m n o p q r s t u v w x y z Æ ø å Der vælges nu en blokstørrelse, og i dette tilfælde vælges blokstørrelsen to. Altså anvendes to bogstaver til et helt tal. Eksempelvis: He mm el ig Således bliver klarteksten 0704, 1212, 0411, Nu skal to primtal vælges, disse benævnes q og r. Da produktet skal have et ciffer mere, end der er i klarteksten, 72 skal produktet i dette tilfælde have fem cifre, da der anvendes to som blokstørrelse. I dette tilfælde vælges p=467 og r=181, og produktet af disse, som benævnes m, bliver: m = p x q = 467x181= Hansen, Johan P. og andre forfattere. Algebra og talteori. S Ibid. 72 Baktoft, Allan. Matematik i virkeligheden. S

24 Der er nu behov for et tal, her benævnt k, der er indbyrdes primisk med Eulers phi-funktionen, φ(m). Da der for to primtal gælder, at φ(p x q)= (p-1) x (q-1)= φ(p)x φ(q) 73 betyder det, at i dette tilfælde er φ(m)= φ(84527)= (467-1)x(181-1)= k sættes nu lig 7, da 7 er et primtal, der ikke går op i (83880/7=11982,8571), hvilket betyder at og 7 er indbyrdes primiske, som det var ønsket. Således er alle de værdier, der er nødvendige for at kunne kryptere nu på plads, og den offentlige nøgle består således af k=7 og m=84527, mens den hemmelige nøgle her er φ(m)= Som det ligger i ordene offentlig og hemmelig, må den offentlige nøgle godt være kendt af alle, mens den hemmelige nøgle samt de to valgte primtal, q og r skal forblive hemmelige. 74 Krypteringsformlen, der nu er brug for, lyder således: n [n] k m=[y]m Og nu er der brug for den restklasseviden, der tidligere blev gennemgået, da de restklasser, der arbejdes med her er modulo m = Følger man den ovenstående formel skal altså divideres med og derefter skal resten bestemmes. Dette kan udregnes i hånden, da det er restklassen, som skal findes. Her er tricket at udregne et skridt af gangen, og dette er muligt, da det som tidligere nævnt er muligt at behandle restklasser som en slags tal: [704] 7 m=[704x0704]m x [704] 7 =[72081]m x [704] 5 osv. 76 Men da dette ville tage meget lang tid, er matematikprogramment Maple anvendt til hurtigt at udregne de krypterede tal De krypterede tal bliver som følge: n [n] k m=[y]m Den krypterede meddelelse kommer således til at se sådan ud: Baktoft, Allan. Matematik i virkeligheden. S Baktoft, Allan. Matematik i virkeligheden. S Baktoft, Allan. Matematik i virkeligheden. S Baktoft, Allan. Matematik i virkeligheden. S.178 (værdierne er mine egne) 77 Se bilag 3, side 35 24

25 Dekryptering Nu skal teksten dekrypteres, og først er der behov for at finde de to tal u og v, således at: kv- φ(m)u=1 eller - φ(m)u+kv=1, som i dette tilfælde, 7 x v x u = 1 Disse tal er tidligere fundet via Euklids algoritme, så det vides at v=11983 og u= Dekrypteringsformlen lyder: [y]m [y] v =[n] kv m=[n]m Og da den offentlige nøgle er kendt, ved vi, at restklasserne er modulo m= For det første krypterede tal(10823) vil dekrypteringen se ud som følger: mod = På samme formel vil de krypterede tal altså dekrypteres således: [y]m [y] v =[n] kv m=[n]m = HE MM EL IG Krypteringen samt dekrypteringen er nu lykkedes, men hertil er det vigtigt at pointere, at dette er et forsimplet eksempel, idet blokstørrelsen samt primtallenes størrelse vil være større i virkelighedens RSA-kryptering, da dette vil øge sikkerheden i kryptosystemet betydeligt. 82 Dekrypteringens betydning for krigen En ting er at kunne dekryptere en krypteret tekst, en anden ting er, at kunne bruge den information, man får ud af dechifreringen, og som tidligere nævnt var det ikke altid lige nemt. Under arbejdet med Enigma vil et centralt spørgsmål derfor lyde, om dekrypteringen overhovedet havde nogen betydning for krigens udfald. For at kunne vurdere hvorledes den knækkede Enigma-kommunikation havde nogen betydning for krigens udfald, vil der derfor blive taget udgangspunkt i kilderne The Influence of ULTRA in the Second World War en tale fra 1993 af Sir Harry Hinsley samt Ultra and the battle of the Atlantic: the British view et oplæg af Patrick Beesly samt supplerende materiale. Kilderne ses i bilag 4 og Se side Baktoft, Allan. Matematik i virkeligheden. S.178. u og v er her ombyttet* 80 Udregningerne ses på bilag 3, side Ibid. 82 Jensen, Anders Rune og andre forfattere. Kryptering, S

26 Den første kilde, talen af Sir Harry Hinsley, blev holdt på Babbage Lecture Theatre, University of Cambridge Computer Laboratory som et seminar for studerende, og den handler om Ultras arbejde og dets betydning for krigen. Sir Hinsleys selv mener, at Ultras arbejde havde enorm betydning for krigen, og talen kan derfor kortes ned til én konklusion, som han selv formulerer således: My own conclusion is that it shortened the war by not less than two years and probably by four years - that is the war in the Atlantic, the Mediterranean and Europe. (uddrag) Til at støtte denne konklusion nævner Sir Hinsley flere ting, men især Ultras rolle i den gennemgåede Atlanterhavskrig mod ulvekoblet, lægger han vægt på. Således siger han, at Ultras arbejde i de sidste fire måneder af 41 reddede ca ton forsyninger. Tabet af disse ville ud fra Sir Hinsleys synspunkt have betydet, at England ikke havde været i stand til at opbygge den fornødne hær til at nedkæmpe ubådene. Var ubådene ikke blevet nedkæmpet på netop dette tidspunkt, ville landgangen i Normandiet under D-day, efter hans mening, have været en meget svær operation. 83 Det er derfor tydeligt hvor stor en værdi, han tillægger Bletchley Parks og Ultras dekrypteringsarbejde under 2. verdenskrig, også selvom han mener, at krigen under alle omstændigheder ville være blevet vundet af de allierede. 84 Spørgsmålet er så, hvorvidt kilden er troværdig. Sir Harry Hinsley, som er kildens afsender, arbejdede selv på Bletchley Park som kodeanalytiker under krigen, og var derfor blandt de få primære kilder, der var vidne til de ting, der foregik på Station X. 85 Talen er dog en skriftlig kilde nedskrevet af Susan Cheesman, hvilket betyder, at den er en andenhåndsberetning, men da Sir Hinsley selv har gennemlæst, kommenteret og er kommet med rettelser efterfølgende, kan kilden betragtes som en førstehåndskilde. Disse må i sig selv formodes at være mere troværdige end andenhåndskilder. Hertil kommer, at Sir Hinsley arbejdede som historiker - et erhverv hvor en hvis objektivitet kræves. Han har derudover været med til at skrive flere bøger omhandlende 2. verdenskrig samt redigeret i den officielle historiebog omhandlende Speciel Intelligence, som Ultra også blev kaldt. 86 Med disse ting i mente er der god grund til at betragte kilden som troværdig, også selvom talen er holdt og nedskrevet i 1993, 48 år efter det hele fandt sted, hvorfor Sir Hinsley kan have husket enkelte ting forkert. 83 Bilag 4, s. 43 midt 84 Bilag 4, s. 43, nederst 85 Harry Hinsley, Wikipedia, 86 Harry Hinsley, Wikipedia, 26

27 Ved at kigge nærmere på den anden kilde(bilag 5), som er et nedskrevet oplæg holdt af Patrick Beesly ved flådekonferencen hos det amerikanske flådeakademi i Annapolis i 1977, 22 år efter krigen, er det muligt at undersøge, om informationerne og Sir Hinsleys vurdering af dekrypteringens betydning går igen og på den måde øger troværdigheden. Først skal det pointeres, at Beesly arbejdede i OIC 87 under krigen, og er derfor, ligesom Sir Hinsley, en primærkilde til det hemmelige krypteringsarbejde og dets bedrifter. Ligesom den første kilde omhandler også denne kilde dekrypteringens betydning for krigen, her dog set udelukkende fra britisk perspektiv, som også titlen implicerer, og her lyder konklusionen som følger: Special Intelligence and, I must emphasize, the way in which 0.1.c. and OP-20-G made use of it, was a war winner. (uddrag) Kilden bekræfter altså Sir Hinsleys påstand om, at Bletchey Parks arbejde havde en stor betydning for krigen, og i dette tilfælde bliver det sågar udpeget som det krigsvindende element. Ydermere ses det, at også denne kilde påpeger dekrypteringen i Atlanterhavskrigen, som betød, at konvojer med forsyninger kunne sejle sikkert frem og tilbage, som yderst vigtig. Patrick Beesly, kildens afsender, påpeger altså, at hvis dette ikke havde været muligt, ville sejren først være opnået senere, 88 og således istemmer han sig Sir Hinsleys vurdering. Skulle en kritik af de to kilder gives, vil det umiddelbart være, at de begge var involverede i dekrypteringsarbejdet på Bletchley Park og derfor ikke objektivt kan vurdere deres egen indsats betydning. Kigger man imidlertid andre steder hen, ses de samme vurderinger og yderligere nævnes også alle de materielle og menneskelige tab, både allierede og fjendtlige, der uundgåeligt ville have været, hvis krigen havde trukket i langdrag, eller hvis ikke Ultras oplysninger havde været tilgængelige under planlægningen i både offensiven og defensiven Operations Intelligence Centre 88 Bilag 5, s. 50, anden kolonne, nederst. 89 Singh, Simon. Kodebogen. S

28 Det kan altså konkluderes, at dekrypteringsarbejdet havde en stor betydning for krigen, også selvom man i det lange løb formodentlig ville have vundet under alle omstændigheder. Dog er det vigtigt at pointere, at selvom Enigma er den, der primært nævnes i kilderne, så var den ikke den eneste kodemaskine under krigens forløb og heller ikke den eneste, der blev knækket. Således havde andre af de allieredes dekrypteringsprojekter også betydning for krigen. Her kan f.eks. nævnes amerikanernes brydning af den japanske kodemaskine Purple, der fungerede som den tyske flådes Enigma, men adskilte sig ved at have stepping switches i stedet for rotorer. 90 Selvom den kun blev brudt to gange, 91 havde den stor betydning for Stillehavskrigen, som det også fremgår af følgende: I 1942 dekrypterede amerikanerne således en meddelelse, der antydede planerne for et fingeret angreb ved Aleuterne, der skulle aflede opmærksomheden fra deres egentlige mål, nemlig Midway Island. At denne besked blev knækket resulterede i, at USA kunne lege med på legen ved at forlade Midway Island-området, for derefter at overraske japanerne ved deres ankomst. Et år efter lykkedes det amerikanerne at dekryptere en tidsplan for et besøg på de nordlige Solomon-øer af den meget indflydelsesrige admiral Isoruko Yamamoto. 92 Han ankom efter tidsplanen, men kom aldrig levende derfra, da dechifreringen betød, at han blev modtaget af 18 amerikanske P-38 jagerfly. 93 Et andet af BP s dekrypteringsprojekter er også værd at nævne nemlig det, omhandlende den tyske Lorenz-maskine, som englænderne refererer til under navnet Fish. Denne krypteringsmaskine, der er en langt mere kompliceret udgave af Enigma, blev fra 41 brugt til at sende meddelelser mellem Hitler og hans generaler - en kommunikations-trafik der populært blev kaldt Tunny(tunfisk). At maskinen var langt mere kompleks end Enigma betød også, at BP s kodeanalytikere igen blev stillet overfor en svær udfordring. Dog fandt de to kodeanalytikere John Tiltman og Bill Tutte en svaghed i den måde Lorenz-koden blev anvendt, og det muliggjorde, at koden blev brudt. Dekrypteringen, som bestod i en kombination af søgning, sammenstilling, statistisk analyse og omhyggelig afvejning, var dog et langsommeligt manuelt arbejde. Dette faktum fik matematikeren Max Newman til at udtænke en mekanisering af dekrypteringen, som dog hurtigt blev opgivet af BP. Ingeniøren Tommy Flowers tog dog kampen op og fik bygget en programmérbar maskine, som kan anses for at være en forgænger til den moderne digitale computer. Denne fik navnet Colossus, og den første af sin slags blev 90 Balcinuas, Marjus Japan s Purple Machine W04/Papers/PurpleMagic.pdf 91 Kiesow, Charlotte, Efterretningstjenesternes historie, 92 Den japanske flådes øverstkommanderende. 93 Singh, Simon. Kodebogen. S

29 overdraget til BP i december Op til og under D-dag fik dechifreringen af Fish med Colossus en enorm betydning, da opsnapningerne af Fish-meddelelser bekræftede, at tyskerne var faldet for en fingeret invasion, der betød, at de troede, man under D-dag ville angribe fra Doverstrædet og ikke fra Normandiet, som man gjorde. Ydermere afslørede en dekryptering hele den tyske forsvarsstruktur positioner, antallet af fly, kampvogne osv., hvilket utvivlsomt gav de allierede en klar fordel. Konklusion Efter grundig gennemgang af opgavens problemstillinger er det muligt at konkludere, at Bletchley Park i store perioder af Atlanterhavskrigen havde fuld indsigt i de tyske ubådes situationer og planer. Denne indsigt opnåede de til dels vha. af Polens og Marian Rejewskis store forarbejde, dels Ultra og især Alan Turings, snilde, der udnyttede tyskernes fejlagtige brug af Enigma til at fremstille dekrypteringsbomber og dels spionage, infiltration og tyveri. Ligeledes kan det konkluderes, at det primære militære mål for dekrypteringen i Atlanterhavskrigen var at udnytte oplysningerne om fjendens positioner til at styre konvojer med forsyninger udenom risikofyldte ruter. Enkelte gange blev oplysninger dog med stor sikkerhed anvendt til sænkninger af tyske fartøjer. Generelt kan det konkluderes, at målet med dechifreringen var at opnå fordel i krigen ved få indsigt i den tyske tankegang, deres planer og status således man bedst muligt kunne fokuserer sin offensiv og forstærke eller advare sin defensiv. Det kan også konkluderes, at brydningen af Enigma ikke har været let, da den som følge af koblingstavlen og de fem rotorer har et samlet antal mulige permutationer på: 26! x 1 (25 2x11+1)!11! 211x = som kunne dokumenteres, da udregning viste, at det største antal permutationer opnås ved 10+1=11 ledninger i koblingstavlen. Ligeledes kan der konkluderes, at der efter Enigma var behov for en ny slags kryptering til at sikre hemmeligholdelsen af oplysninger. Dette blev RSA-krypteringssystemet. Ligesom et eksempel på brugen af RSA i praksis blev givet, blev RSA-systemets nøgler, kryptering og dekryptering samt matematikken bag systemet, bestående af udregning af store primtal, rest- 94 Singh, Simon. Kodebogen. S

30 klasser og Euklids algoritme gennemgået, og det kan konkluderes, at sikkerheden er bygget på sværhedsgraden af primfaktorisering. Slutteligt kan det konkluderes, at succesen med at knække kodemaskiner som Enigma, Fish og den japanske Purple, betød en forkortelse af krigen på mellem 2-4 år. En forkortelse og et dekrypteringsarbejde, som betød, at mange millioner liv blev sparet. Så selvom det vurderes, at de allierede med stor sikkerhed havde vundet krigen under alle omstændigheder, tillægges Ultras arbejde alligevel en enorm betydning. 30

31 Litteraturliste Bøger: Baktoft, Allan: Matematik i virkeligheden, Natskyggen, 2010 Carstensen, Jens: Talteori, Systime A/S, 1993 Carter, Frank: Breaking Naval Enigma. Bletchley Park Trust, 2008 Carter, Frank: Codebreaking with the Colossus Computer. Bletchley Park Trust, 2008 Frandsen, Jesper og Mads Rangvid: Enigma et dilemma, Systime A/S, 2010 Hansen, Johan P. og Henrik Gadegaaard Spalk: Algebra og talteori, Gyldendal 2002 Singh, Simon: Kodebogen videnskaben om hemmelige budskaber fra oldtidens figypten til kvantekryptering, Gyldendal, 2005 Williams, Andrew: Slaget om Atlanten, Gyldendal, 2003 Hjemmesider: Cheesman, Susan, The Influence of ULTRA in the Second World War, - besøgt d. 13/ Balcinuas, Marjus Japan s Purple Machine W04/Papers/PurpleMagic.pdf - besøgt d. 17/ Jensen, Anders Rune, Jasper Kjersgaard Juhl, Ole Laursen og Martin Qvist, Kryptering, -besøgt d. 8/ Kiesow, Charlotte, Efterretningstjenesternes historie, - besøgt d. 10/ Rosenkilde, Kirsten, Talteori -Teori og problemløsning - besøgt d. 6/ Combinations and Permutations, Math is fun, Advanced, - besøgt d. 14/ Enigma, Wikipedia, - besøgt d. 10/ Harry Hinsley, Wikipedia, - besøgt d. 14/ Kombinatorik, Regneregler, - besøgt d. 9/ Kryptering, Version 2, - besøgt d. 14/12 Lorenz cipher, Wikipedia, - besøgt d. 14/ RSA, Wikipedia, - besøgt d. 14/

32 Film: Da Hitler blev hacket : BBC, 2011 Billeder: Billede 1, Rotors I, II, and III in place fra Billede 2, Plugboard, here swapping A with J, and S with O fra 32

33 Bilag Bilag 1 33

34 Bilag 2 34

35 Bilag 3 35

36 Bilag 4 Kilden er taget fra: The Influence of ULTRA in the Second World War In 1993 Sir Harry Hinsley kindly agreed to speak about Bletchley Park, where he worked during the Second World War. Sir Harry Hinsley is a distinguished historian who during the Second World War worked at Bletchley Park, where much of the allied forces code-breaking effort took place. Keith Lockstone recorded the talk and edited the final document, Susan Cheesman transcribed the first draft and Sir Harry made comments and added amendments. Thanks to all involved. Security Group Seminar Speaker: Sir Harry Hinsley Date: Tuesday 19th October 1993 Place: Babbage Lecture Theatre, University of Cambridge Computer Laboratory Title: The Influence of ULTRA in the Second World War Ross Anderson: It is a great pleasure to introduce today's speaker, Sir Harry Hinsley, who actually worked at Bletchley from 1939 to 1946 and then came back to Cambridge and became Professor of the History of International Relations and Master of St John's College. He is also the official historian of British Intelligence in World War II, and he is going to talk to us today about Ultra. Sir Harry: As you have heard I've been asked to talk about Ultra and I shall say something about both sides of it, namely about the cryptanalysis and then on the other hand about the use of the product - of course Ultra was the name given to the product. And I ought to begin by warning you, therefore, that I am not myself a mathematical or technical expert. I was privileged to be an assistant to the mathematicians led by Max Newman and Alan Turing, but I have never myself learned to master or even to approach mastering their art. Ultra, of course, was the product of ciphers. It was used only for the product of the metering of the more important ciphers, and from the spring of 1941 at Bletchley we broke most ciphers to an unprecedented extent and with an unprecedented lack of delay. And there were two reasons for that success. First of all, alone among the governments of those years, the British Government as early as the 1920's concentrated all its cryptanalytical effort in one place which it called the Government Code and Cipher School. And at Bletchley secondly, the staff rose from about 120 in 1939 to about 7,000 at the beginning of Of course that staff was not entirely cryptanalytical, it consisted also of an immense amount of staff used, for example, for signalling the products to commands in the rest of England or abroad. And so it wasn't entirely cryptanalytical staff - it was a very mixed staff compared with pre-war. In addition, those men and women, recruited mainly from universities, developed methods and machinery of a sophistication hitherto undreamt of, including as you all know the first operational electronic computer which was called Colossus. Without those advances, at least the most difficult of the ciphers, which were (although I will make some qualifying remark about this in a minute) those based on the German Enigma and those still more complex systems which Germany introduced for ciphering non-morse transmissions, would have been for all practical purposes invulnerable. Now the value of the resulting Ultra was all the greater because the enemy states - Germany, Italy and Japan - remained unaware of the British successes. The main reason for that was that they didn't allow for that sophistication of method and machinery which the British brought to the attack on their ciphers. They didn't allow for that 36

37 when they constructed their ciphers. Nothing very surprising in that. As I have said, the methods and machinery developed were of a sophistication hitherto unthought of. But it still remains necessary to say that, despite that sophistication, the German belief that the ciphers would remain invulnerable was almost right, almost correct. The ciphers nearly escaped effective exploitation. In the case of the Enigma (which was an electro-mechanical machine) the first solutions were made by hand by mathematicians relying on German operators' errors. The German airforce was always more untidy in its signalling than the other users of the Enigma. And for that purpose (although you will understand it better than I do) they used perforated sheets and exploited these mistakes made by German operators. For other keys than the airforce, especially those of the army and the navy, and especially for the regular and speedy solution of those keys, it was necessary to develop an effective answering cryptanalytical machine. That was the key in the end to the prompt decrypting of the machine cyphers. It was a machine called The Bombe - a name originally given to it by the Poles who invented an early prototype in the 1930's. The Bombe developed in Bletchley by Turing and Welshman and Babbage - all luminaries of the Cambridge scene - was helped a little by the Polish machine, but it was infinitely more powerful, about fifteen times more powerful than the Polish machine. And it was because of the greater difficulties of dealing with the Enigma that it had to be that powerful. But it wasn't enough to have that machinery developed. Except in the case of the airforce keys, we had to capture them before the machinery - even this Bombe machinery - could break into them. And that is where people like myself who were non-mathematical came into the story. It was because I was in close touch with Turing, for example, that I was fully aware of what he had to have before the machine which he had developed could exercise its powers. And I was able to arrange - with other people of course, including the navy - how to capture that. I stress that because, both in the case of the navy and of the army, and at dates which are later than we realise (I will give you the dates later), we needed in addition to this superb mathematics, which was assisted of course by superb Post Office engineering, we needed also these side assets - essentially captured material. That was the Enigma. Now with the non-morse machine which we called Fish, the first successes were again obtained by hand methods. And those hand methods by mathematicians again exploited German operators' errors. In fact, the actual understanding of the machine theoretically (in other words as opposed to breaking it every day), the actual understanding of how it worked was obtained because the Germans went through a long series of experiments with it on the air before they brought it into operational use. And it was these experimental transmissions which primarily were the errors which gave the entree. But it was obvious that any regular or at all reasonably speedy decryption would be impossible if again machine methods were not developed. In particular that they would be impossible without machines because the different Fish ciphers proliferated, just like the different Enigma keys proliferated, and you were dealing with a lot of ciphers concurrently. And so in this case, as you know, the machine was developed which came to be called Colossus. It was of course a much more complex - it wasn't a mere electronic electro-mechanical thing - it was the first computer. It had to be like that in proportion to the fact that the Fish was far more complex than the Enigma. Now it will be clear from what I have said that the problem wasn't merely to master the ma- 37

38 chines. The Germans recognised when they were constructing (in their view) an invulnerable set of machines, that of course in wartime they would be open to capture and therefore locally and temporarily they will be read. But they also felt that the mere local (by which I mean reading one key instead of another key) and temporary reading (in other words that would complete your fundamental knowledge of the machine) wouldn't help you to read it regularly and daily. And they were right, without this machinery that would have been impossible. And in particular it would be impossible because each of the Enigma and the Fish were used by the Germans as the basis not merely for one cipher each, not merely one Enigma and one Fish, but as the basis for a wide range of different ciphers, each cipher having its different key. At one time the Germans were operating concurrently about fifty Enigmas, some in the army, some in the airforce, some in the navy, some in the railways, some in the secret service. And so you were faced not merely with understanding the machine and with breaking a key regularly, but with breaking fifty sometimes regularly at once, or as many of them as you could without delay. And Fish similarly rose from just one link, one cipher, one key to about 22 cipher links, all quite separate except they were using the same machine. And remember that each of them - the Enigma daily and the Fish at varying interludes, usually every few days - changed the keys. So you are on constant alert - every day you had to start again at midnight, and you had to start on perhaps 30 Enigmas or 5 Fishes and so you could see the mere load put it beyond any manual solution. That was one reason, that in spite of their confidence which was not far from being fully justified, that was one reason why the German confidence was proved to be unfounded. The other was (perhaps it is no less important) the fact that steps were taken to avoid arousing enemy suspicion. The British imposed strict secrecy of course on the Ultra production process. Strict regulations about its distribution - who should be indoctrinated - strict regulations against carelessness by users when using it. Those regulations were pretty effective. There were from time to time cases in the war where the Germans did sufficiently suspect to have an enquiry. There were cases when the Italians suspected and advised the Germans to have an enquiry. I ought to say that everything I have been saying about the complex nature of the attack on the ciphers hardly applied to the Italian ciphers - and this is where I am going to bring my ironical remark in about ciphers which will interest you people as machinery experts. The Italians only ran one machine and it was a baby really compared with the Enigma. It was a machine built by a firm called Hagelin (we called it C-38). The American armed forces used it occasionally, but it was easily broken. We broke it. It didn't come into use until the beginning of '41 and we broke it by June '41. It was a very valuable cipher for shipping in relation to North African operations but it wasn't a cryptanalytical problem of the kind I have been describing in the case of the German ciphers. Ironically the Italians, except for that one cipher and also for one they used for their diplomats, didn't use machines. They used book ciphers, and ironically we couldn't read the Italian book ciphers for the army, the navy and the airforce after they brought new ones in between June and November 1940 preparatory to or as a consequence of their own entry into the war. Book ciphers proved to be invulnerable when the machinery proved not to be invulnerable! And as I say the Italians occasionally, who rather looked down on machine ciphers, warned the Germans that they thought that there was evidence that the way the allies behaved sug- 38

39 gested that maybe they were reading the German ciphers. And the Germans said 'Pooh, pooh, we are alright!' Apart from occasional suspicions, those precautions I described, as used by the Allies, worked. They were wholly justifiable ones. Any confirmation reaching the Germans that this whiff of suspicion that this system that they had constructed wasn't safe, would have led to not easy but not impossible steps to render it safe. But of course the precautions complicated the task of establishing the value that Ultra had in the war. Contemporary reports and the memoirs and histories that have been published before the records about Ultra became available, of course allow for, incorporate, the contribution Ultra made to decisions and the course of events, but they don't acknowledge it. Because either the writers of the reports and the memoirs didn't know about it, or they were not able to mention it. So that historians now have to identify that contribution from the written records about the war and it is a straightforward job to do that now that Ultra is available. You can see - we know what Ultra went to what commands, we know what time it arrived, we know what other intelligence they had at the time the Ultra arrived, we know what decisions and orders followed from its arrival, and frequently we have discussions on record about what they thought about what they ought to do about it before they reached their decisions. It is not enough to establish accurately the availability of the Ultra and to reach reasonable conclusions about its influence on British and American assessments and decisions. You have also got to consider the consequences of those assessments and decisions on the war. Let me give an example of the distinction. Once you have identified the Ultra (which you now can from the decrypts in the Public Record Office) you can see pretty clearly (if you have also got the record of the war) that Ultra was the main reason why the British were able to reduce the depredations of the U- Boats in the Atlantic in the second half of But what was the value of that effect in the North Atlantic in that second half of 1941 on the course of the war? What was the consequence of that use of Ultra on the course of the war? And those effects too are already incorporated into the record, which shows that the U-Boats were defeated in the North Atlantic in the second half of Of course in order to assess the true significance of Ultra we have got to assume that it didn't exist in the North Atlantic at that time. We have got to strip it out of the record in order to get its true significance into focus. This is what historians call counter-factual history. To calculate something assuming that some factors in it didn't exist. And I am sure it is a process well known to mathematicians and other people like yourselves. But it is still the case that there is a great deal of danger in using counter-factual history unless you use it very carefully. For example it is very common among historians to use counterfactual history either from a desire to shock or because the user in question hasn't got any judgement. And you have therefore got to use it in relation to the possibilities that were practically available in the circumstances that you are considering. There is no danger whatever in reconstructing the course of the war on the assumption that Ultra hadn't existed. As I have said the story of its acquisition is of near legendary, even science fiction proportions, because it might so easily not have taken place. You are not making a huge assumption when you start playing with the record of the war on the basis that it hadn't been solved, it hadn't been obtained. It was by no means fortuitous or miraculous. It was the consequence of forces deliberately brought together to solve it. But it was far from being inevitable that the forces would succeed. The proposition that we might have had to fight the war without Ultra is a reasonable 39

40 and necessary element in the assessment of its true significance. On the other hand if you apply counter-factual history and use this proposition that Ultra might not have existed, you are undertaking a pretty bold enterprise in hypothesis and speculation and you must control that exercise by a constant reference to the straightforward facts about what Ultra actually did do. If you apply that check, then I think we can draw two pretty sound conclusions. First of all, though we did obtain it in such amounts, amounts rising to 2,000 of those Italian Hagelin decrypts a day at the peak of the Mediterranean War and to 30,000 a month rising to 90,000 a month of Enigma and Fish decrypts combined - that is a very big number of decrypts. It is still the case that those volumes and the speed with which they were got out were not fully established until the second half of Up 'till June '41 the successes were confined to decrypts of the German airforce Enigma and some of the Italian book ciphers which were quite readable before Italy came into the war and for a month or two afterwards. Those helped to produce isolated allied successes like the Battle of Matapan when we defeated the Italian fleet, and wouldn't have done so but for a few Enigma and Italian signals which gave enough warning to the British Alexandria fleet. The distances in the Mediterranean are such that unless you have got some notice you can't cover the thousand miles or the seven hundred and fifty miles. So Matapan was one success. The sinking of the Bismark was another. Again I am speaking of the period before June '41. She was sunk in May '41 just before the turn. The defeat of the Italians in East Africa and in North Africa. Those were Allied successes, but they were slightly isolated successes. Again in the same period Ultra did something to mitigate British disasters. It greatly assisted the British forces that were sent to Greece, to retreat without serious loss when it become obvious that they couldn't hold a line against the scale of the German invasion. It gave us - here was another disaster - all the information required to destroy the German attack on Crete. We didn't destroy the attack but we made it an extremely damaging exercise for the Germans, which was done because the Ultra signals were so complete. Some people think we should have prevented or destroyed the invasion - an air landing invasion. In fact Bletchley Park felt very strongly for the first time in the war that its product had not been used properly in the case of the Crete invasion. I think possibly that we were wrong now that we can see the evidence in more detail, but at least it helped to make it a disastrous operation for the Germans even though they actually got Crete as a consequence. And so in all that story you can see that the British survived the war with little benefit from Intelligence until the Germans invaded Soviet Russia. And since Soviet Russia survived the German invasion, and that invasion was followed by the entry of the United States in December '41, we can safely conclude that Germany was going to be defeated in the long run, even if the enormous expansion of Ultra from the summer of 1941 had not from that date given the Allies this massive superiority in Intelligence which they retained until the end of the war. They were hardly ever rivalled by Axis success in reading our ciphers. There were two major exceptions to the lack of success by the Axis against Allied ciphers. One was that they did have some success in reading a British naval cipher which was for a longish time also shared with the American navy in relation to convoy escorting. They were successful in reading that for a long period from 1940 to the end of '42. And the other was that they didn't exactly capture but they managed to extract of copy of the cipher that was being used by the American Military Attache in Cairo for a period when Rommel was at his most dangerous. And from that too the Germans obtained some great advantage. But generally speaking, except possibly in relation to the convoy cipher, there was never any great cryptanalytical rivalry. The Germans were completely outclassed in terms of Ultra. The 40

41 Italians also made very little progress against any important allied cipher. In June 1941 however, (we survived 'till then with very little value from the Ultra), the end of the war still four years away. And that is such a length of time that we might be tempted to jump to the other conclusion and say that far from producing by itself on its own the defeat of the Axis, it made only a marginal contribution to it. Here we are, we start getting this Ultra coming onto stream in June '41 as opposed to the slight trickle before that date, and yet you have still got four years of war. How can it have made much difference? But that second conclusion can I think be as firmly dismissed as the one I have been discussing about how Ultra didn't really win the war. The second real conclusion that stands out is that Ultra was decisive in shortening the war from the time, beginning in the summer of 1941, the cryptanalytical successes were extended from the German airforce Enigma keys to the Enigmas used by the navy and the army and the secret service, to the non-morse ciphers of the German High Command which came on stream in mid 1941, and to a new Italian machine cipher, the one I have mentioned which also was brought into force beginning of '41 and broken in the summer of '41. And to the ciphers of the Italian and German and especially Japanese Embassies. The Japanese Embassies in Europe were in the second half of the war to prove of immense Intelligence value because they were repeating back to Tokyo their versions of German assessments and their knowledge of German intentions. They were almost as valuable on some subjects (like for example the Normandy Landings) as were the direct Ultra from the German horse's mouth. From the moment we began that expansion you can see that the influence is continuous. I have spoken of the amount of Ultra there was. The lack of delay, the fact that they were obtained with very little delay was equally important. After all, one of the crucial characteristics of Intelligence is that to be useful it must be quick. In the case of the Enigmas we didn't exactly reach a position in which the new keys, having come into force at midnight, were broken by breakfast, but of, shall we say, twenty, twenty five Enigmas running concurrently (the number varied according to different stages of the war), we would be reading twenty to twenty five at most times. Of that twenty to twenty five the ones to which highest priority was given on the limited number of Bombes available would be out by breakfast. Which meant that the whole of the rest of that 24 hours' signals from the moment you broke the key for the day, the setting for the day, would be read instantaneously, as soon as the message was intercepted it would be decrypted. Fish was a bit slower. It didn't change daily like the Enigma. It varied, on different links it changed with different frequency. The average was that it changed about once every five or six days - the setting of the keys changed every five or six days. Again the number we read varied from time to time but from the end of '42 when Fish on the German side got going strongly, we were generally reading four or five Fish links at any one time. Generally we were reading them about seven, six, five days late - after their transmission. That didn't matter with Fish (at least it didn't matter so much as it would have done with Enigma) because, whereas the Enigma like that Italian machine was used for what you might call operational purposes below army level for something that was happening tomorrow or happening today, Fish was reserved for communications between the highest commands of the German Armed Forces. Between Berlin and the army groups or the armies. And then never lower than armies. It was a system that increasingly replaced the landline transmissions between Berlin and Kesselring in Rome and Von Rundstedt who was commander in the west in Paris by They were on landlines normally but gradually with Fish being perfected as they thought and 41

42 with landlines being damaged by bombing they put more onto the air. So Fish was carrying Intelligence of a character that didn't really depend for its value on immediacy. It would carry long term estimates, or it would carry prolonged discussions between German Headquarters on the Russian Front or in Italy and Berlin about what was the best thing to do next. So you didn't have the immediacy requirement there as you did with the Enigma. Speaking on the whole then we can see the fact that we were getting Ultra in the amounts I spoke of and with the speed that I emphasised as being a very important characteristic of valuable Intelligence. It was no use having Enigma a week late, and it wouldn't be much use having Fish more than a month late. If you had that amount of decrypts with that small amount of delay, it would, I think, on the face of it, be surprising if Ultra hadn't contributed to the very considerable shortening of the war, given the fact that on the other side the enemy is blind and his Intelligence is increasingly deteriorating because of the Allied possession of the superiority in Intelligence. I will give you an example of that. We read all the Enigma signals of the German Abwehr which meant that we captured every spy that arrived in the United Kingdom by having advance knowledge of his arrival. Which meant that we could turn such as we needed and use them to send messages we wanted the Abwehr to receive, and monitor the reception and the reaction of the Abwehr. All that signal Intelligence underlay the effective use of what was called the Doublecross Operation for the purposes both of stopping German reception of Intelligence (other than false Intelligence) and also of creating deception by sending them false Intelligence. So given that they were so blind and we were getting this increasing amount with less and less delay, it would be surprising if it hadn't, from the middle of '41, contributed pretty appreciably to the difficulties of the enemy and to the accurate appreciations of the Allies. Now the question remains how much did it shorten the war, leaving aside the contribution made to the campaigns in the Far East on which the necessary work hasn't been done yet. My own conclusion is that it shortened the war by not less that two years and probably by four years - that is the war in the Atlantic, the Mediterranean and Europe. The detailed answer for those theatres begins in the Mediterranean. There, in the autumn of 1941 against Rommel it turned almost certain defeat into a stalemate. If not then, then certainly in the summer of 1941 after Rommel had returned to the Egyptian frontier, it made a decisive contribution to keeping him out of Egypt between his victory at the Battle of Gazala in 1942 and the British getting ready for their own victory at El Alamein. It did this chiefly by killing off his seaborne supplies. Both the Italian machine cipher and the airforce Enigma and a bit of naval Enigma contributed decisively to starving Rommel of fuel and replacement hardware and ammunition. Without that, the commander of our own forces at the time, General Auchinleck, concluded that Rommel would have got through to Egypt. As you know at that time the Allies themselves were landing in North West Africa. If they had lost Egypt they might have abandoned the operation against North West Africa, especially as they would also have lost Malta if Egypt went, and decided to alter their strategy (we have to allow for this possibility) and go back and concentrate on the North Sea and the direct Second Front. Now if they had stayed in the Mediterranean it would have taken them a least a year longer than it actually took them from Tunis and from the Western Desert to complete the conquest of North Africa and open the Mediterranean. That was successfully achieved in May '43. It wouldn't have been achieved in less than a year beyond that, if we had gone on in spite of the loss of Egypt trying to do it. It wouldn't have been achieved in time to do the Normandy landings in

43 If they had abandoned the idea of re-conquering North Africa, the most probable course would have been in fact what the Americans had always wanted to do, to do the cross Channel invasion more quickly than in fact occurred. It in fact occurred in June '44. They would have turned back and done that straight away, that was their obvious alternative. What would have been the prospect for that undertaking if Ultra hadn't become available against the U-Boats in June 1941 and radically reduced their successes against the convoys. We know that in that second half of 1941 their shipping successes were cut back to 120,000 tons a month average. That has to be compared not with the monthly average of 280,000 tons a months in the four months before June '41 but with the sinkings they would have achieved with their greater number of U-Boats. It has been calculated that the Ultra saved about one and half million tons in September, October, November and December '41. And even if Britain's essential imports had not without that reduction been reduced to a dangerously low level, the intermission that provided was invaluable in enabling the British to build up reserves in merchant shipping and develop anti-submarine defences. So that when the U-Boats returned to the Atlantic after their first defeat (they did that in the autumn of 1942), they had been delayed in making a decisive thrust for more than a year. Now when they returned they had been supplied with an advanced Enigma, one that instead of using three wheels concurrently used four wheels, which as you can see noticeably increased the mathematical difficulties of solving the key. In fact Bletchley couldn't solve it from February to December Mercifully for us (though not for the Americans) most of the U-Boats were on the Atlantic American coast at that time, but as they came back to the North Atlantic convoys they were still using this cipher and they brought about another crisis in the Atlantic. It again was the Ultra which brought them under control. The figures of sinkings of Allied shipping reached the highest in the war in March '43. They had been brought down by May '43 to lower proportions than ever before in the war as a result of this return of Ultra to the scene. And so you can see that the problem of undertaking the Normandy landings if those two defeats and controls of the U-Boats hadn't occurred would have been very pronounced. Then there was the contribution of Enigma to the Normandy Landings themselves (I can't go into detail and will answer questions if you need). I think it is no exaggeration to say that even if the U-Boats had prevented it from being attempted only until '45, we would have found it an infinitely more difficult operation to do than in The Germans would have completed the Atlantic defences, they would be bombarding Britain with 'V' weapons on a massive scale, all of which was in the event cut off by the '44 Landings. And they would have had a much bigger Panzer Army to deal with the problems. My own calculation is we wouldn't in fact have been able to do the Normandy Landings, even if we had left the Mediterranean aside, until at the earliest 1946, probably a bit later. It would have then taken much longer to break through in France and Germany than it did in fact take, which was a year from '44. And altogether therefore the war would have been something like two years longer, perhaps three years longer, possibly four years longer than it was. I am sorry I have exceeded my length of time but I hope you will forgive me, and I will do what I can to answer questions. Q. Would we have won the war without Ultra? My own view is that given that the Soviets survived the German attack and the Americans came in as they did, the combined forces of Russia, America and the British would eventually have won the war. The long term relative strengths of Germany and those three counties were such that Germany was bound to loose in the end. But how lengthily and with what damage and destruction we should have succeeded I don't know. I think we would have won but it 43

44 would have been a long and much more brutal and destructive war. Q. Was Bletchley involved at all in cryptanalysis of the Russian theatre? We read a large amount of German signals from the Russian front, but no work was done against Soviet signals after Germany invaded Russia, on account of the high priority given to Axis signals. On the other hand, co-operation with the Soviets was never as close as it was with the USA. Of course when the Americans came into the war in December '41 we had already begun some development of a cryptanalytical partnership with them, and when they came into the war that partnership became almost so complete as to constitute a single joint cryptanalytical effort. Of course that effort involved division of labour and the division of labour is much directed by the interception facilities. For example, except for the Atlantic traffic the American coast couldn't intercept European, German and Italian signals. That was all being intercepted in the UK. Obvious solution - UK concentrates on decrypting, on cryptanalysis against German and Italian. America which can intercept the Pacific from the Pacific and also has headquarters in Brisbane and various places in the Pacific - America concentrates of working on the Japanese. But there are overlaps. For example we have a cryptanalytical annexe at Bletchley, we have it in Singapore, it moved to Hong Kong, it moved to Ceylon, and from there it pitches in its bit by serving the decrypts direct to the American Headquarters. Similarly because the U-Boat traffic can be heard both in America and in Britain, the two sides - Bletchley and the American Navy - swopped keys. They have got a direct line. They say 'we will take 4th June, you take tomorrow 5th June,' and so they split the keys and swopped solutions. So there was an almost total amalgamation of resources and a logical division of labour. Q. Is it not the case that the arrival of the atom bomb in 1945 would have bought a quicker solution? This is a problem because strict, sensible, proper counter-factual history can't really take into account something like that. It is speculation. But of course if my scenario is right and the war was still struggling on and we had the bomb which presumably we would still have had, the problem of whether to drop it on Germany would have arisen. And in some respects the dropping of it on Germany would be more justified than the dropping of it on Japan because Japan was visibly on her knees when we dropped it on her, but in my scenario Germany would have been far from on her knees. So yes the prospects of it being dropped as the solution are quite high. I would mention it in a speculative scenario. Q. How closely did Bletchley work with the Russians on decryption? It couldn't be as close as the collaboration I have described with the Americans for a variety of reasons. One is of course that there just hadn't been the close relationship between the two countries that existed historically between the British and the Americans. The other was that when we actually broke the ciphers - Enigma in the first instance, but Fish later - that were relevant to the Eastern Front, they were coming in to us at a time when it was uncertain whether Russia would survive. And then later on when Russia had survived and we were reading more ciphers both Fish and Enigma from the Eastern Front, there was the problem that we knew from the Enigma that the Germans were reading Russian ciphers, so that if they had too much Enigma intelligence in their ciphers you see the security risk was extremely high. Then fourthly the Russians were not collaborative. They wanted any intelligence we supplied but they wouldn't give any in return. Not that they had much Sigint, but they had a lot of other Intelligence. The answer to your question is with all those difficulties we couldn't have so close a collaboration with the Russians as we had with Washington, but we started sending them a summary of signal intelligence a week after they were attacked by the Germans in '41. We sent it via the British Military Mission in Moscow where there were people to hand it over to the Rus- 44

45 sian General Staff. We had to have a cover for it, had to explain to them that this is the horse's mouth but it is coming to us (this is the kind of cover we used) it is coming to us from very high ranking German officers who are slipping the news to us through Berne or somewhere like that, and we are getting it quickly because we have got pretty direct connections with Switzerland. A steady stream of information about German intentions and dispositions - Airforce and Army on the Eastern Front - were sent to them. They were interrupted from time to time when the Russians were being particularly beastly. For example at the top of Russia, Murmansk at the Kola Inlet where all the convoys taking arms to Russia and supplies were going, we had to keep seamen, sailors, both to man the Allied facilities, unloading facilities - of course the Russians were there too but we had to keep some British sailors there. And then we persuaded the Russians to let us have an Intercept station there because half of the traffic around the top of the North Cape was difficult to intercept even in Northern Scotland. And of course we covered the risk that they would suspect that we were reading Enigma or that they would do more than suspect that, by saying that the value of the traffic to us was that it enabled us, by traffic analysis, to judge the German reactions to the movements of the convoys. So we had this little intercept station and then the Russians locked them all up because they thought we were spying on them, so you had all sorts of little rows with them like that. From time to time when it wasn't vital we did say if you don't behave better than this we wont send you your daily summary. And we stopped it for a short time, then we started again. But it had to be of that character - the collaboration. Q. Is there scope for counter-factual historians studying the siege of Leningrad - if they had had access to the Ultra information that you could have given them. Again you have to bear in mind that there were problems. For example, one of the areas in which we found it extremely difficult to intercept German signals because of radio conditions or atmosphere conditions or whatever it is, was the North Cape; and the other was the Leningrad area. It was very difficult to intercept from the Leningrad area because whatever frequency they were using relative to the distances and the ionosphere we never could cover the Leningrad area properly. Caucaucus on the other hand, Central Front, we could hear then as clear as a bell. Q. If the collaboration had been as close as with the Americans... It would have been an advantage if it had been as close as with the Americans, it is quite true. But on the other hand the risks which I briefly portrayed were quite considerable. And we did our best to make sure that they knew about all the important forthcoming development. Don't forget they had very good intelligence of their own, not primarily Sigint but they had very good air reconnaissance and air superiority after a certain time, and they had an enormous espionage system behind the German lines. So they weren't without information. But we did do our best to make sure that they got crucial early notice whenever we got it ourselves. It was a big dilemma and one that was fought about. Churchill wanted to risk it and let them have more. Naturally the Ultra authorities didn't want to risk it because everything hangs on it you see, so there was a tussle all the time about how much to send. Q. The was a programme recently on Kursk - one might say that a Russian counter-factual historian would say that if we didn't have the Ultra which we got in various ways, then we wouldn't have been able to win the battle of Kursk and Hitler would have been able to carve up Russia. This is perhaps another case... Another case. Stalingrad of course is another one. Those two battles were crucial, especially Stalingrad. Again it wasn't only through us they were getting... we did give them the central facts in advance of Kursk. But as we now know, we didn't know at the time, the one single Russian agent in Bletchley was at that time (just that short period of time before and after Kursk in '43) actually giving them decrypts through the Russian Embassy in London. So all 45

46 sorts of complications about the story. He didn't know that they were getting the supply from London officially, and we didn't know that he was sending the decrypts unofficially. Quite a complex problem! Q. Did they never figure out that this was coming from decrypts? We are never quite clear. Certainly when this man at Bletchley who only surfaced after the war - the secret about him only surfaced after the war - they knew that what they were getting from him was decrypts. They must then have known that our summaries were decrypts. But that didn't alter our practice because we didn't know that he was sending them the decrypts. Q. How was the Ultra Information disguised so that the Germans couldn't work out that you were decrypting them? How did we disguise what we had got you mean? Q. How did you disguise, for example, that a particular submarine was going through a particular area? How could you disguise it so that it wasn't obvious that you'd intercepted it? Let me give you an example of how we took the precautions, using it without on the other hand giving grounds for suspicion to the other side. The most dramatic example comes from the Mediterranean where we sank at two or three stages in the war something from 40% to 60% of every ship that left the north shore of the Mediterranean for North Africa. 60% of the shipping was sunk, for example, just before the Battle of Alamein and again just before Gazala when Rommel was stopped. Every one of those ships before it was attacked and sunk had to be sighted by a British aeroplane or submarine which had been put in a position in which it would sight it without it knowing that it had been put in that position, and had made a sighting signal which the Germans and the Italians had intercepted. That was the standard procedure. As a consequence of that the Germans and the Italians assumed that we had 400 submarines whereas we had 25. And they assumed that we had a huge reconnaissance airforce on Malta, whereas we had three aeroplanes! But solemnly that procedure had to be followed by the commanders. When they in their little centre in Cairo or, as it was later on Algiers, said we can't sink all those seventeen ships today, which five are we going to take first and which five will we take second, when they were doing this they had to arrange that procedure before they hit a single ship. Similar precautions were taken in the Atlantic, but there the problem was different. That is why the Germans got most suspicious about the Atlantic. The great feature there was that the Enigma was used in the first instance not to fight the U- Boats but to evade them. And the problem was how could you evade them without their noticing. You have a situation on the graph in which the number of U-Boats at sea in the Atlantic is going up, and the number of convoys they see is going down! How do you cover that? We did cover it but it was done by a different system from what I have just described in the Mediterranean. We let captured Germans, people we had captured from U-Boats write home from prison camp and we instructed our people when interrogated by Germans - our pilots for example - to propagate the view that we had absolutely miraculous radar which could detect a U-Boat even if it was submerged from hundreds of miles. And the Germans believed it. They had an enquiry saying 'surely it must be possible that it is the Enigma that isn't safe.' And the cipher men come back and say 'it can't be the Enigma.' So somebody gets up and says 'well, it must be this bloody radar that we have heard about.' And so they decided. But you see different solutions had to be adopted for each particular situation. But these were the kind of precautions that were taken I think with great success. I mean they never really did tumble to the idea that it was unsafe, which is pretty marvellous really. 46

47 Bilag 5 Kilden er taget fra: 47

48 48

49 49

50 50