Anoraks Corner
by Tony Sale

Welcome to Anoraks Corner, the vulnerabilities of the Lorenz machine and how these were exploited.

The main vulnerability was the regular motion of the first set of five wheels coupled with the intermittent motion of the second set of five wheels. It was this vulnerability which enabled Bill Tutte to make the first British break into Lorenz and reveal the complete logical structure of the machine.

Also by having two sets of five wheels, it allowed for removing the obscuring characters one by one. Clearly the regularly moving set was the one to attack first. Bill Tutte, being a mathematician, had called the three sets of wheels, Chi, for the regular set, Psi for the intermittently moving set and Mu for what became known as the Motor wheels, the ones controlling the motion of the Psi wheels. (Most written screeds use X for Chi, S for Psi and M for Motor).

The search space for just the set of Chi wheel starts was very large, 23x26x29x31x41 = 22 Million possible wheel start positions. What Bill Tutte found was that it was possible to break into the Chis by attacking the wheels in pairs. Thus the search space for the start positions of the largest wheels (X1 and X2) was 31x41 = 1271, a possible attack space using machines.

The attack depended on generating X1 and X2 patterns and adding them bit by bit to the cipher text characters (Z) on its channels 1 and 2 (Z1 and Z2). This is of course part of what a receiving Lorenz machine would do to remove the obscuring characters. If the start positions of the X1 and X2 patterns are exactly in synchronism with the positions originally used to generate the obscuring first character, then it will be cancelled out on bits 1 and 2 down the whole length of the cipher text. What is now important is the statistical properties of this partially stripped out cipher text, known as a de-Chi.

This reveals the next vulnerability of the Lorenz cipher system. When the first obscuring character, the Chi wheels character is removed it leaves the original message text character plus the obscuring Psi character. Now natural language characters are definitely not random, for instance in English and German, the "E" character has 12% occurance against a random 3.8%. Obviously the addition of the Psi wheel characters partally obscures this but not completely because of the intermittent motion of the Psi wheels. Thus the correctly positioned removal of the Chi wheels leaves a non random distribution of bits. If the attempt at removing the Chi wheels is not in the right start position then the result is a very near random distribution of bits. It is thus possible to detect the correct Chi wheel start positions by choosing successive bit pattern start positions and looking for when the resulting count down the whole length of the cipher text is not a random count. Bill Tutte also found that the non-random effect can be amplified if the Delta is used rather than the direct character bit patterns. The Delta is the change in bit pattern between successive character bits. It is zero if there is no change, but one if the bits are not the same. This means that if two successive characters are the same on each of their five bits, the Delta is all zeros which is the "/" character. Natural language has lots of double letters, punctuation can also contribute significantly.

The cipher equations then become Delta Z = Delta P + Delta Chi + Delta Psi' and Delta D = Delta P + Delta Psi'.

Any of the 32 combinations of 5 bits could be produced by the cipher. The international Teleprinter code used 26 combinations for letter of the alphabet leaving 6 bit patterns used for Teleprinter control operations like carriage return, line feed etc. In order to actually print these bit patterns, BP modified Teleprinters so that these bit patterns came out as non-alphabetic but printable characters. Unfortunately there were at least two standards for this mapping, they are:

bit pattern prints as:
Carriage return: 3
Line feed: 4
Letter shift: 8 or -
Figure shift: 5 or +
Space: 9 or .
Blank: /

The numbering used for the 5 bits was:

1 2 . 3 4 5
0 0 * 0 0 0
Where * is the sprocket hole on the paper tape and 1 is the most significant bit of the character.

There exists in the National Archive in America (NARA) a number of reports written by Americans seconded to BP during WW II. One of these. Americans, Walter Fried, worked in the Newmanry, where the Colossi were and he sent back to America weekly Fish Notes, (Fish was the cover name for German enciphered teleprinter traffic). He also sent detailed "screeds" on various aspects of breaking Lorenz . One of these, #F71 Annex, is entitled "Elementary Screed on Delta D Counts and Colossus Runs". It is reproduced in full in the Documents section of this web site. Here is the section describing contributing factors to the non-randomness of the Delta D counts.

".... The factors determining the shape of the Delta D count are, of course, many: there are a few that we normally take into consideration and that we believe to dominate the count.

(i) Doodling Habits. Some operators nearly always double a 5, others a 5 and an 8; some double the 9 between words. These vices, of course, bump up / in Delta P, Some tend to put 89 between words, or to indulge in strings of 898989 : this sends up the count of 5 in Delta P.

(ii) The proportion of punctuation. (A lot of punctuation is likely to be due to many abbreviations). A high frequency of full stops sends up the counts of U and 5 and (to a lesser extent) of A or O or both.

(iii) The order of 8 and 9. Most operators use 89 to return to letter- shift : some use 98. Since the commonest letter before 89 (or 98) is M this influences the frequencies of A and O.

(iv) The proportion of plain German. The Delta P counts of plain German differ notably from those arising from punctuation, figures and abbreviations etc. The typical Delta P count of message strong in plain German is rich in J, F, 3, fairly rich in S and U.

A given Delta P count will be largely interpretable in terms of these factors. The characteristics carry over also into the Delta D count with the bulges, of course, much feebler and with smaller antipodal bulges on the opposites and near-opposite, (e.g. if the Delta P is strong in 5' s, the Delta D wll in consequence be strengthened in 9's and to a lesser extent in /, S, I, N and H). .....".

This shows quite clearly the lengths to which the Newmanry had to go to get their Delta D statistics right and how important this was.

Operational vulnerabilities.

As explained above, the key for a Lorenz enciphered text was in two parts, the patterns of lug or cam settings around each wheel and the relative wheel start position different for each message. Because a large number of cams were involved, most wheel patterns changed very infrequently. For instance, Psi wheel patterns might stay fixed for three months, with Chi wheels changed every month but the motor wheel patterns might change ever one or two days. Towards the end of the war all patterns were changed much more frequently.

As with Enigma there had to be an indicatot system to tell the German receiving operator the precise wheel start positions to be used to decipher a message. Initially this was a set of twelve letters, one for each wheel which via a lookup table gave the actual numeric wheel start position. And just as with Enigma this indicator system had vulnerabilities. Most strikingly if two indicators for different messages were the same, the wheels had been set to the same start positions, known in BP as a "depth". If only one letter had changed between two message indicators, only one wheel setting had been changed. All the first breaks of Lorenz depended on depths and analysis of indicators. Then the Germans, as with Enigma, changed the Lorenz indicator system. Instead of twelve letters, just a QEP number which when looked up in a table gave the receiving German operator the start wheel positions to use. No useful relationship between adjacent QEP numbers but the same numbers still meant a depth but only between stations using the same QEP number lookup book.

Another vulnerability was "go backs". This was where the sending German operator had a problem during the sending of the message. This might be a tape reader jam or an electrical fault. The operator would then "pull back" the message about 100 characters and re-send it, usually without re-setting the Lorenz machine. Thus two stretches of the message existed, both with the same plain language text but different parts of the key stream. This overlap could be used to deduce parts of the key stream notably the Psis.

Yet another one was the re-enciphering of messages from one Lorenz link to another, without changing the message text. SIXTA was the very large section in BP in G Block which analysed German radio traffic in great detail and were able to tell the Newmanry when they thought two cipher texts on different Lorenz settings might be the same plain language texts.

This page was originally created by the late Tony Sale, the original curator of the Bletchley Park Museum.

Anoraks Corner by Tony Sale

Welcome to Anoraks Corner, the vulnerabilities of the Lorenz machine and how these were exploited.

Anoraks Corner
by Tony Sale