Part 1: Foundations of Cryptography
Part 2: Classical Ciphers
Part 3: Mechanized Cryptography
Part 4: Theoretical Breakthroughs
Part 5: Modern Symmetric Cryptography
Part 6: Principles of Good Cryptosystems
Part 7: Introduction to Cryptanalysis

Introduction

By the early 20^th century, the limitations of classical ciphers were well understood. Substitution leaked frequency patterns, transposition preserved letter content, and even sophisticated combinations eventually fell to systematic analysis. Military and diplomatic communications required something fundamentally stronger.

The solution was mechanization. Machines could apply more complex transformations, change substitution alphabets continuously, and handle the volume of traffic that modern warfare and diplomacy demanded. The mechanized era produced the most sophisticated ciphers that could be built without computers—and taught important lessons about the relationship between complexity and security.

The Key Insight: Continuous Variation

What distinguished mechanical approaches from classical methods was continuous alphabet variation. Mechanical devices could change the substitution with every single letter, much like the Vigenère cipher, but deploy a substitution alphabet that does not repeat for an incredibly large amount of data.

This addressed the fundamental weakness of classical polyalphabetic ciphers: repetition. By ensuring that the same plaintext letter rarely (or never) encrypted the same way twice, mechanical systems eliminated the repeated patterns that classical cryptanalysis exploited.

Rotor Machines: Automating Complexity

The breakthrough in mechanized cryptography came with rotor machines, developed in the early 20^th century. These devices automated polyalphabetic substitution and made it practical to change the cipher alphabet for every single letter typed.

Basic Rotor Principle

A rotor is a disk with electrical contacts on both sides, wired internally to implement a substitution cipher. When an electrical signal enters one side, it emerges on the other side according to the rotor's internal wiring—effectively a hardwired substitution table.

A rotor is a wheel with a set of contacts on each side -- one contact per side for each character in the alphabet. A contact on one side is wired internally to a contact on the other side in a scrambled order. When an electrical signal enters on one side, it emerges on the other, mapped to a different letter. A single rotor performs a monoalphabetic substitution. By stacking multiple rotors in series, each keystroke passes through several substitutions, producing a highly complex mapping.

The crucial innovation was stepping: after each letter, the rightmost rotor rotates by one position. This changes which input contact connects to which output wire, creating a different substitution mapping for the next letter. After the rightmost rotor completes a full revolution, the next rotor advances by one step, and so on.

The result is that the substitution changes continuously with every keystroke, creating an enormously complex polyalphabetic substitution that changes continuously.

Why Rotors Were Revolutionary

Rotor machines solved several problems that had plagued classical cryptography:

Eliminated repetition: The substitution alphabet changed with every keystroke
Large key space: Multiple rotors with different starting positions and stepping patterns
Operator simplicity: Type plaintext, read ciphertext lamps—no manual table lookup
Symmetric operation: The same machine setup could encrypt or decrypt
Mechanical reliability: No mental arithmetic or table lookups that could introduce human error

The Enigma Machine

The most famous rotor machine was Germany's Enigma, used extensively during World War II. From the outside, it looked like a typewriter with a lamp board. The operator typed a plaintext letter, and a lamp lit up showing the corresponding ciphertext letter. The recipient, with an identically configured machine, typed the ciphertext and the plaintext letter would illuminate. Encryption and decryption were the same process.

Enigma's Structure

Enigma's security came from layering multiple sources of complexity:

Three rotors in series (later versions used more): Each rotor implemented a different substitution, and the signal passed through all three. The rightmost rotor stepped after every letter, like a second hand or an odometer wheel. When it completed a full rotation, the middle rotor advanced one step, like a minute hand. The leftmost rotor advanced by one position only after the middle rotor completed a full rotation, like an hour hand. This continously varied the substitution alphabet until all the rotors were aligned back at their starting position.

A reflector: At the end of the rotor stack, a "reflector" sent the signal back through all the rotors on a different path. This meant no letter could ever encrypt to itself—an intended feature that would prove to be a crucial weakness.

A plugboard: Before and after the rotors, the signal passed through a plugboard (a set of wired connections) that could swap pairs of letters. Up to 10 pairs could be connected, adding another layer of substitution, although the real strength came from the rotors.

Daily key settings: Each day brought new instructions specifying: - Which rotors to use and in what order - The starting position of each rotor
- Which letters to connect on the plugboard

Enigma Keyspace

To German military planners, Enigma's key space seemed impossibly large:

Rotor arrangements: Choosing 3 rotors from 5 available, in order = 5 × 4 × 3 = 60 ways
Rotor positions: Each rotor had 26 starting positions, giving 26³ = 17,576 combinations. This also means that the substitutions would repeat only after 17,576 characters were typed
Plugboard settings: Up to 10 pairs of wires from 26 letters ≈ 10¹⁴ possibilities

Together, these factors yielded more than 10²³. To German military planners, that number was unthinkably large. No human could hope to try all those settings, and even machines of the era would take centuries.

This astronomical key space convinced German cryptographers that Enigma was unbreakable by any practical means. They were wrong.

Weaknesses of Enigma

Despite its complexity, Enigma contained several structural weaknesses that skilled cryptanalysts could exploit:

The reflector: Because every signal bounced off the reflector, no letter could ever encrypt to itself. If the plaintext contained an “A,” the ciphertext could be anything but “A.” That small constraint gave analysts an easy way to rule out wrong guesses.
Stepping patterns were regular: The rotors advanced in predictable patterns. The rightmost always stepped; the middle stepped once per complete rotation of the rightmost; the leftmost stepped rarely. This regularity created mathematical relationships that analysts could exploit.
Operator procedures leaked information: German messages followed predictable formats. Weather reports often began with the word "WETTER," daily situation reports frequently ended with "HEIL HITLER," and many messages started with "ANX" (from the German "AN" meaning "to," with "X" used as a space character). These repeated fragments, called cribs, gave cryptanalysts known plaintext-ciphertext pairs to work with.
Human errors compounded the problems: In the early years, operators transmitted the daily rotor key by encrypting it twice with the same machine settings — a catastrophic error that gave Polish cryptanalysis a way in. Sometimes operators reused keys or failed to change settings as required, handing analysts more footholds.

Captured materials also played a role. British forces retrieved codebooks from seized U-boats, which provided daily key settings. Even without them, Allied cryptanalysts exploited the regularity of German communication and the predictable habits of operators.

The Breaking of Enigma

The defeat of Enigma came not from brute force attacks on its large key space, but from exploiting its structural flaws and operational errors.

Polish cryptographers first broke Enigma by:

Obtaining information about the rotor wiring through espionage
Developing mathematical techniques using group theory and permutation analysis
Building mechanical devices called bombas to search for daily keys
Exploiting a critical German procedure flaw where operators transmitted the message key twice

When Poland shared their work with Britain in 1939, Alan Turing, Gordon Welchman, and their colleagues at Bletchley Park refined and industrialized the attack:

Built faster bombes (improved from the Polish bombas) to search rotor settings
Developed systematic methods for exploiting cribs and German procedural mistakes
Created an intelligence operation that captured codebooks and key material from U-boats
Established workflows that could break daily keys fast enough to read current traffic

Lessons from Enigma's Defeat

Enigma's fall taught several crucial lessons about cryptographic security:

Key space size alone doesn't guarantee security: clever attacks can bypass brute force entirely
Structural flaws matter more than complexity: the reflector constraint was more damaging than helpful
Operational security is crucial: predictable formats and human errors created footholds for attack
Redundancy can be weakness: requiring operators to transmit keys twice created vulnerabilities

Advanced Rotor Machines: Learning from Enigma

Other nations developed rotor machines that addressed some of Enigma's weaknesses, showing how the technology could evolve.

Enigma was not the last word in rotor design. Other nations built their own machines during and after the war, often pushing the idea further.

In the United States, the SIGABA (also known as the ECM Mark II) was developed in the late 1930s and deployed during World War II. It used 15 rotors arranged in two banks and introduced irregular stepping, which made its cipher far harder to predict than Enigma’s. Unlike Enigma, SIGABA was never broken during the war and remained in service into the 1950s.

A decade later, in the 1950s, the Soviet Union fielded the Fialka. Fialka used 10 rotors, each with 30 contacts to handle the Cyrillic alphabet and digits. It also incorporated a built-in paper tape reader for automatic keying. Fialka remained in use throughout the Cold War through the 1980s, demonstrating the longevity of well-designed rotor systems.

Why Rotor Machines Eventually Failed

Despite improvements like SIGABA and Fialka, rotor technology had fundamental limitations:

Mechanical constraints: Physical rotors could only implement a limited range of substitutions, and their stepping patterns, however complex, followed mechanical rules that could be analyzed.

Key distribution problems: Daily key settings still had to be distributed securely to all users, creating a logistics challenge that grew exponentially with the number of machines.

Vulnerability to capture: Unlike purely mathematical systems, rotor machines could be physically captured and their wirings reverse-engineered.

Speed limitations: Mechanical systems couldn't keep up with the increasing volume and speed requirements of modern communications.

Lessons from the Mechanized Era

The rotor era made crucial contributions to cryptographic understanding:

What Worked

Continuous variation: Changing the substitution with every letter eliminated the repetition patterns that doomed classical ciphers
Layered complexity: Multiple rotors and additional transformations (like plugboards) could create genuinely complex cryptographic transformations
Practical operation: Well-designed machines made strong cryptography usable by ordinary operators in field conditions
Mathematical analysis: The complexity of rotor machines forced the development of more sophisticated cryptanalytic techniques

What Failed

Complexity without foundation: Engineering sophistication alone couldn't guarantee security without proper mathematical analysis
Hidden assumptions: Designers' intuitions about what made systems secure (like Enigma's reflector) sometimes weakened rather than strengthened the cipher
Mechanical limitations: Physical constraints limited the space of possible transformations
Operational vulnerabilities: Even mathematically strong systems could be broken through procedural flaws and human error

The Bridge to Modern Cryptography

Mechanized ciphers represented a huge leap over pencil-and-paper methods. Machines made dynamic substitution possible, changing with every keystroke. Keyspaces became astronomically large, and for the first time, cryptanalysis required mechanical aids rather than hand analysis alone.

Yet even the most advanced machine, Enigma, was defeated. Complexity alone was not enough. Without a sound mathematical foundation, clever engineering still left exploitable weaknesses.

This realization set the stage for the modern era, when Claude Shannon provided the theoretical framework to evaluate ciphers, and computers made both encryption and cryptanalysis orders of magnitude faster.

Next: Part 4: Theoretical Foundations