Abstract

The SIGABA was an electromechanical encryption device used by the US during WWII and in the 1950s. Also known as ECM Mark II, Converter M-134-C, CSP-889, and CSP-2900, the SIGABA was considered highly secure and was employed for strategic communications, such as between Churchill and Roosevelt. The SIGABA encrypts and decrypts with a set of five rotors and implements irregular stepping with two additional sets of five rotors. Its full keyspace, as used during WWII on some circuits, was in the order of $2^{95.6}.$ It is believed that the German codebreaking services were unable to make any inroads into the cryptanalysis of SIGABA. The most efficient modern attack on SIGABA published so far is a known-plaintext attack that requires at least $2^{60.2}$ steps and extensive computing power. In this paper, the author presents a novel divide-and-conquer known-plaintext attack that can recover the key in less than 24 hours on a high-end consumer PC, taking advantage of multiple weaknesses in the design of SIGABA. With this attack, the author solved several series of full-keyspace challenges.

摘要

SIGABA 是美国在二战期间和 1950 年代使用的一种机电加密设备。SIGABA 也被称为 ECM Mark II、转换器 M-134-C、CSP-889 和 CSP-2900，被认为是高度安全的，用于战略通信，例如丘吉尔和罗斯福之间的通信。SIGABA 使用一组五个转子进行加密和解密，并使用另外两组五个转子实现不规则步进。它的完整密钥空间，如二战期间在某些电路上使用的那样，顺序为${\mathrm{2个}}^{95.6}.$据信，德国的密码破译服务无法对 SIGABA 的密码分析取得任何进展。迄今为止发布的针对 SIGABA 的最有效的现代攻击是已知明文攻击，至少需要${\mathrm{2个}}^{60.2}$步骤和广泛的计算能力。在本文中，作者提出了一种新颖的分而治之已知明文攻击，可以在高端消费 PC 上在不到 24 小时内恢复密钥，利用 SIGABA 设计中的多个弱点。通过这次攻击，作者解决了几个系列的全键空间挑战。