Pocket Enigma®: The Review

© Dr. Stuart Savory & Brian Hargrave, 2003

Stu Savory is a crypto-geek who is interested in old cipher machines. In fact he has the number one website in German on the subject [ look up "Chiffriergeräte" worldwide in Google]. But we write this review in English, for the international community :-)

Brian Hargrave designed the Pocket Enigma toy reviewed here. He also responded to my original review (see my blog-entry for October 7th 2003). His reply is behind this link. So I have now revised my original review to integrate his comments and am giving this Pocket Enigma® review its own webpage, to make it easier for you to bookmark. The Pocket Enigma® is a toy designed for children from 8 to 80 as you can read below.

Bletchley Park: Pocket Enigma front cover. During WW2 the German armed forces' top secret codes were broken at Bletchley Park (UK), providing the allies with vital information towards their war effort. The link is to their official website. Actually, dear readers, here is a much better website about Codes and Ciphers in the Second World War written by Tony Sale, the original founder and curator of the Bletchley Park Museum. The Enigma was probably the most famous cipher machine and was widely used by the Germans.

Brian Hargrave has designed (in association with The Bletchley Park Trust) a really well thought out toy which is like a single-rotor Enigma machine and beautifully demonstrates one of the three working principles of the Enigma. The toy is fairly well-produced (details below), cheap, well-explained and can be used in a simplified mode by six to ten year-olds. The toy is designed for children from 8 to 80 years of age who have a special interest in secret writing, codes and ciphers.

The Toy is available from the Bletchley Park Shop.
However I ordered mine (for only five pounds sterling (UK) + post and packing) from Mark Baldwin at the address shown:-

Mark Baldwin,
24 High Street, Cleobury Mortimer, KIDDERMINSTER  DY14 8BY, England
phone/fax: 01299 270110 (international +44 1299 270110); 
email: enigma@mbaldwin.free-online.co.uk
Delivery was prompt (as is usual with Mark) and the goods arrived in Germany undamaged.

The Pocket Enigma® is like a one-rotor Enigma machine in a compact disk case. The stator is a cheap-to-produce compact disk case (photolink). The serious downside of this design is that the "ears" of the disk case will probably break off quite quickly if the toy is actually used by children. Brian remarks : I spent some considerable time trying to find a commercial or heavy duty CD case, but without success. In the end I agreed with Bletchley Park that even if such a thing exists, the ready availability of the standard jewel case as any easy replacement and its very low cost were the overriding factors, particularly the latter.

The rotor is a simple disk (photolink) printed on its two faces with two different "wirings", which you are required to trace through manually. Despite the warnings on the instruction leaflet, some idiot may put the disk into his/her CD-player, DVD or PC CDROM drive ( probably the same US woman who tried to dry her poodle in a microwave oven!). Brian point out : The rotor is made from a matt plastic printed with special ink to give good durability. It is almost impossible to tear and is much more difficult to bend than you might think at first sight.

The instructions supplied explain how to trace through the "wirings". I could code/decode at 20 to 30 characters per minute after some practice, i.e. about half real Enigma speeds.

The instructions (the CD-cover sheet) are really good! They explain how the Pocket Enigma® works (starting with the traditional naming of parts :-) and take the user step-by-step through the processes of coding and decoding. Worked examples and carefully annotated figures illustrate how the Key and Message Setting are used, and there is a trouble-shooting table to help with common errors. Brian remarks : The instruction leaflet took about as long to write as to develop the machine itself, the published edition being about Version 15 or thereabouts. The main problem was that the instructions take up the active width of the printing press to the millimetre, and just one more panel on the leaflet meant a bigger press giving a big step in cost to the extent that the instructions would then have cost more than the wheel.

Stu Savory summarises: All in all, I can recommend this toy! Well done, Brian Hargrave!

Criticism : But now for the caveats.

With the improvements I suggest above, the toy could advance to be suitable historical instructional material too.

Cryptanalysis of the Pocket Enigma®

Assume we have intercepted the ciphertext FXNTQAYHGQP and would like to know what it means.

Just to keep things simple, I will use the Pocket Enigma as Brian designed it, and not include a plugboard etc. Furthermore, I will step the rotor uniformly by only 1 position for each letter enciphered. Cryptanalysis would otherwise be slightly harder, and I don't want to cover Kappa-testing here.

Chosen Plaintext Attack : As is usual in the literature, we assume that the rotor wiring is known (i.e. we have captured a Pocket Enigma) and 'merely' need to deduce the key being used. We choose a plaintext, here AAA... and feed it into the device. Let's start off by assuming we have key also A. Then feeding a plaintext of 26 As into the device gives us the ciphertext "CSZBIYYCCIYRCYVCZBXFJDSYYC".

If the key used were B then the string would be shifted along one position. If the key used were C then the string would be shifted along 2 positions etc. We feed in "AAA" as our plaintext, getting BXF as our ciphertext, because the rotor steps on one position after each letter is enciphered. The code sequence BXF starts opposite the keyletter R. From this, we can deduce that the key used was R as shown here.

Why did we need to use 3 As as plaintext ? Well, if we had only used one, the keys A, H, I, M, P, and Z would all have given the ciphertext C. To resolve this ambiguity we entered a second plaintext A after the rotor has moved on 1 position. Ciphertext CS tells us the key was A, CI tells us the key was I, CY tells us the key was M, and CZ tells us the key was P. But CC could have been caused by key H or by key Z. So we need a third plaintext A. CCI tells us the key was H, and CCS tells us the key was Z. The number of letters needed on average to decipher uniquely is called the unicity distance as mentioned above.

Now that we know that the key was R we can decipher the original ciphertext : FXNTQAYHGQP as HALLOSAILOR.

Cryptanalysis of an unknown rotor : A slightly harder case presents itself when an unknown rotor is used. We assume in this section that the rotor wiring is NOT known (i.e. we have NOT captured a Pocket Enigma) and need to deduce the rotor-wiring being used. So now I am going to show you a known plaintext attack and use it to deduce the rotor wiring.

Known plaintext attack : We assume that we have a piece of ciphertext (QXWZNIMGVRCPFHNLKYQVXBRFNJ...) and (have somehow captured/acquired/stolen) the equivalent plaintext. It might just be a probable-word or two though.

For this example I'll use a single sentence taken from a notorious contemporary text, translated (in 1943) from the original German into English. "Our whole public life today is like a hothouse for sexual ideas and stimulations". Splitting this into sections of 26 letters in length (because our Pocket Enigma has a 26-letter rotor circumference) we get:

Now let us just consider line one of the plaintext, writing the corresponding ciphertext directly beneath it, and writing a sawtooth pattern of the numbers 0 to 13 below that (I'll explain why, later).
O U R W H O L E P U B L I C L I F E T O D A Y I S L --- Plaintext
Q X W Z N I M G V R C P F H N L K Y Q V X B R F N J --- Ciphertext
0 1 2 3 4 5 6 7 8 910111213121110 9 8 7 6 5 4 3 2 1 --- Sawtooth pattern
Now we draw a rotor on a piece of plain paper, as shown here, labelling each of the potential contacts serially with the letters A through Z, whereby the starting point is arbitrary. Just to keep things simple, I've assumed that we know already that the rotor circumference to be 26-letters long. If we didn't already know this, then a Kappa test would reveal this fact to us, but I don't want to cover that here.

Taking the first letter pair, plaintext=O and ciphertext=Q, we can draw this wiring onto the rotor.

After the first letter O has been encoded to Q, the rotor steps forward one position and U is encoded to X. But we need to calculate the wiring in the initial position of the rotor. So we connect not U to X but count back 1 position (this is what the sawtooth number pattern is for in line 3 shown above). So - in the initial rotor position - W is wired to T (and of course T to W, we only need to deduce 13 wiring pairs), as shown here.

Continuing, the next step R-W (sawtooth pattern number 2) gives us the connection P-U. But at the next step W-Z we get the wiring pattern we already had at step 1. These coincidences may crop up several times, but we can ignore them and press on regardless. Stepping through the rest of the letter pairs and counting back (or forward after 13 (=26/2)) as given by the sawtooth-pattern, we can deduce the complete rotor wiring.

And if - at some later stage - this rotor is "captured", we can see that our cryptanalysis of the unknown rotor was right.
So don't use this toy seriously anybody, because I can break all its codes easily ;-)

Now, if you want to learn more (e.g. how to do a ciphertext-only attack), I point you to Aegean Park Press book C-73:-

Cryptanalysis Of The Single Rotor Cipher Machine, Donald A. Dawson
This book is divided into three sections: The Cryptographic Process, 
the Cryptanalytical Process, and The Computer Programs (written in QBASIC). 
Chapters contain numerous problems to be solved by the student, enabling 
the student to learn by doing as he studies the text.
C-73 · , iv + 213pp, Paperback, ISBN: 0-89412-262-2 · $38.80

Index/Home Impressum Sitemap Search