Cryptanalysis of Enigma. "Metode des batons, Rejewski's contribution."

Here is a final version of the lecture notes written by Jason Friedman:
Lecture5.ps or Lecture5.ps.gz.
(Print with 600 or 1200 dpi to get better quality:  lpr -P12laser11 lecture5.ps)

0. Enigma encryption using any text editor...

1.We have covered method of "batons", which attacks plug-less Enigma (1930).
The method is a probable word attack, which recovers the key setting of the fastest
rotor, and supports the probable word hypothesis. This method caused appearance
of plugboard in Enigma. British solution to this problem was an introduction of two
stators before the first moving rotor. Americans, considered faster stepping functions
(every 3-4 letters).

2. We have seen Rejewski's theorem on cycle structure of the product of two
involutions. Characteristic sets (cycles of AD, BE, CF) of the day key which
are plugboard invariant (!) thus allowing for separate solution of the rotor wirings
and order, without the need to guess the day key and the plugboard setting.
Factorization of the permutations into involutions. An observation on key habits
(JJJ, QSC, ZXC, ..) of the cipher clerks. Isomorphism of permutations as a tool
for error correction. Recovery of the wires of the rotors. Cyclometer. This lecture
was  based on the following sources:

[Deavours, Kahn, Kruh, Mellen, Winkel, "Cryptology: Machines, History & Methods"

Marian Rejewski "Mathematical Solution of the Enigma Cipher", Cryptologia, Vol.VI, No.1, 1982.
(is also given in a survey book above)]
Here is a shortened version (many typos, a bit hard to read).
 

3. Gillogly's ciphertext only attack on Enigma [handout], which is an interesting application
of the Index of Coincidence (IC) and a "hill climbing" technique. Here is a related letter from
Ralph Erskine.

In the next lecture we will briefly review this attack, and move to Shannon's theory of
"Secrecy Systems".