Tuesday, December 18, 2018

CSE decryption aid

The History page on CSE's website contains a photo of this intriguing device, described as a poly-alphabetic cipher decryption aid made by an analyst in 1974 using cardboard tubing and graph paper.

The page explains that the device was "created to add another facet to an encryption slide rule," although it leaves us guessing as to what exactly that means.

I don't have an answer to that question, but I do have some thoughts about the object's purpose.

1. The device was used to analyze teleprinter traffic.

Teleprinters are electromechanical or electronic devices for transmitting text by cable or radio. Prior to the Internet, teleprinters were the primary means used to transmit government and corporate communications, sometimes in encrypted form, often en clair. In North America, the best-known teleprinters were those produced by the Teletype Corporation, and as a result the name Teletype was often used to refer to all teleprinters.

Close examination of CSE's decryption aid shows characters specific to teleprinter operation, including C/R (carriage return), L/F (line feed), characters to switch the output between alphabetic characters and numbers or symbols, and a bell symbol that is used not to print, but to ring the signal bell on the teleprinter.

2. The target was not Soviet.

The Soviets were big users of teleprinters, and CSE, which focused primarily on Soviet targets during much of the Cold War, collected and processed a lot of Soviet teleprinter traffic. But Soviet traffic it will come as no surprise to anyone to discover was mostly in Russian, and it used the Cyrillic alphabet.

CSE's device utilizes the English alphabet and thus was almost certainly used for traffic in English or other languages with essentially the same alphabet.

3. The device was used to help the analyst add teleprinter characters to one another.

Teleprinter characters are transmitted as a series of impulses of two different frequencies (or, in cable systems, voltages of opposite polarity) called marks and spaces, using in this case five marks or spaces per character. The letters A and B, for example, are typically encoded as mark-mark-space-space-space and mark-space-space-mark-mark, respectively. You can also think of this coding in terms of binary numbers, where A = 11000 and B = 10011.

Additional characters are used to shift between letters and other meanings (numbers/symbols) for each five-element code. The graphic below shows one version of this system (source).

This coding translates the text into a form suitable for machine transmission, but it doesn't provide any security for the message. Any teleprinter machine can interpret it.

To encrypt the text, typically a separate stream of characters equal in length to the original text is added to it, one character at a time.

These key stream characters are added using the equivalent of non-carrying binary addition, which is to say if you add key character B (10011) to plaintext character A (11000) you get 01011, which is the coding for character G. In this example, the enciphered text character that is sent is G.

To get the plaintext message, the intended recipient, who also possesses the key stream, adds it to the enciphered text again. (In non-carrying binary, addition and subtraction are functionally the same thing.) In the example, B (10011) is added to G (01011), producing 11000, which is the original plaintext character A.

CSE's decryption device appears to have been designed to help the analyst add teleprinter characters in this way.

To use it, you slip the cylinder with the multiple alphabets into the cover with the slot, select the first character you wish to combine from the column on the far left of the cylinder, rotate it so the character appears in the slot, find the location of the second character to be combined on the cover (letters below the slot, symbols above), and read off the character inside the slot (i.e., on the cylinder) directly above or below that second character.

To add A and B, for example, you find the letter A in the left-hand column, look two places to the right (corresponding to the letter B on the cover—this would be easier if the device were assembled), and read off the letter in that position (G).

4. The device was probably used for depth reading.

If CSE somehow obtained the key stream for an encrypted teleprinter message, this device would certainly have helped a cryptanalyst asked to manually decrypt it. Except for very short messages, however, it would probably have been simpler to set up the key stream on one teleprinter tape and the enciphered text on another and run them through a Rockex or similar cipher machine, which would automate the decryption process.

The more likely use of this device, I suspect, was to assist the analyst in depth reading.

Sometimes more than one message is encrypted in whole or in part with the same key stream, usually as a result of error, incompetence, or equipment malfunction. When such messages are found, they are said to be in "depth".

In systems like this, if you combine two encrypted messages that are in depth, an interesting thing happens. Since each of the enciphered texts was already a combination of the key stream and a plaintext, when the two enciphered texts are combined the two identical key streams cancel out, and the resulting text is a combination of just the two plaintexts.

For a cryptologic agency, this is a sitting duck. A cryptanalyst can test words that are likely to be found in one of the plaintexts against the combined text to see if a coherent version of the other plaintext emerges. By working back and forth between the two, it is possible to recover both plaintexts, although often with some unrecoverable or ambiguous parts.

In the days before desktop computers, the CSE device would have been very handy for this process, enabling a cryptanalyst to quickly check guessed characters for one plaintext against the combined text to determine the characters that would appear in the other plaintext if the guess were correct.

5. It may have been used on traffic collected at CSE's experimental collection operation in Montreal.

Canadian intercept stations focused overwhelmingly on Soviet targets at this time, but it is possible that some non-Soviet maritime traffic was being collected in the course of monitoring fishing fleets or other shipping off the coasts. Some of that traffic may have been encrypted and potentially been vulnerable to this cryptanalytic approach, although it's not obvious it would have been worth an analyst's time to recover it.

Another, perhaps more likely, possibility is diplomatic traffic to and from embassies in Ottawa. While many countries would certainly have known better than to permit key reuse, it's likely that some had lower standards of security, and accidents and errors do happen.

A third possibility is the traffic was collected at CSE's experimental collection operation at the Canadian Overseas Telecommunication Corporation (COTC) gateway in Montreal. I wrote about that little-known adventure here.

According to CSE, the device was made in 1974, which fits reasonably well with the COTC operation. Monitoring of teleprinter cable traffic was begun at the site on an experimental basis, to assess the value of the traffic that might be collected there, in or around 1971. The test was evidently a success, as CSE later sought funding to put the program into full operation. In mid-1974, however, the entry into force of the Protection of Privacy Act seems to have put the kibosh on the project.

Earlier in 1974, however, there may well have been an analyst working on ways to exploit this new source of traffic who decided it would be handy to have a quicker way to recover the texts of messages in depth.

At least, it seems possible to me.


Post a Comment

<< Home