Cracking Enigma in 2025

Bruce Ediger

2025-06-01 (Last Modified: 2025-06-01)

I watched the Numberphile video Cracking Enigma in 2021 and I decided I had to give that a try.

The video is based on a paper:

CIPHERTEXT-ONLY CRYPTANALYSIS OF ENIGMA, James J. Gillogly, Cryptologia October 1995;Volume XIX, Number 4.

That’s an HTML transliteration of a nicely-typeset, refereed journal article. If you can find a PDF of that journal article, you will make more sense of Gillogly’s actual work.

I had a vague understanding of the Enigma machine from watching another Numberphile video, Flaw in the Enigma Code

I decided that to understand the Gillogly paper, I had to implement it myself. In order to implement it myself, I had to understand and write a simulation of the Enigma machine.

Enigma-like simulated encoding machine

Code repo

Despite the importance of Enigma to winning WW2, and in the history of cryptanalysis, specifics are very hard to come by. Ring setting and “notches” in particular are very strangely described.

I punted on “ring settings” and notches. On my enigma-like simulator, the initial setting is a rotational offset for a rotor. I did not attempt to have an adjustable notch. The first rotor advances the second every 26 simulated key presses. The second rotor advances the third every 26*26 = 676 simulated key presses. The advancing isn’t because a notch or mark appears by a letter on a rotor, it advances every 26 simulated key presses.

Takeaway: it’s hard to simulate machinery designed and built 80-90 years ago.

Index of Coincidence

The real surprise is how well Index of Coincidence works when trying to decide which rotors, and in what order, a fairly short piece of ciphertext was encoded with.

Gillogly defines Index of Coincidence as:

IoC = Σ(f_i(f_i - 1))/(N (N - 1))

Where f_i is a count of the i’th letter of the alphabet, N is the total number of characters in the ciphertext. The wikipedia article about Index of Coincidence multiplies Gillogly’s IoC by the number of characters in the ciphertext’s alphabet. That’s just a constant. As long as you ignore that kind of constant, comparisons of IoC remain valid.

Index of Coincidence seems like a completely arbitrary measure, but it really does give higher values for human-written text than random blobs of letters.

William F. Friedman seems to have invented, or discovered Index of Coincidence.

The NSA’s version of the first edition, REF ID:A66796 has a snarky cover letter, written by one “Capt. 6”, dissing the US Navy’s “state of chaos in their training section”, and advocating removing “mathematical eyewash” from the paper. It comprises 28 pages. The second edition, REF ID:64687 is better typeset, and has 51 pages.

The NSA’s version of the third edition, REF ID: A64722 is 87 pages. Both it and the Aegean Press third edition of THE INDEX OF COINCIDENCE AND ITS APPLICATIONS IN CRYPTANALYSIS seem like a different work altogether from the first and second editions.

The first and second edition describe Index of Coincidence in very non-mathematical text descriptions on pages 2 and 3. The way I read it, Friedman calculated

IoC = c(Σf_i²)/(N²)

I wouldn’t be terribly surprised if I got it wrong. His example calculation is made with a human doing it by hand in mind. There’s a maximum of mere tallying letters, with stuff that’s easy for a human (tallying ’e’ with ‘E’), but seems like a waste of time for a computer program.

I’m not sure why modern IoC calculations use N(N-1) and f_i(f_i - 1) instead of N² and f_i². There’s usually not a whole lot of difference numerically, and as long as you were consistent, either one would work for “classic” pencil-and-paper code breaking.

Cryptanalysis of my Enigma-like simulator

I only got to finding rotors and order of rotors, along with which letter the rotors were initially dialed to. By golly, Gillogly’s method works great. It seems to find rotors, rotor order, and initial setting easily.

Gillogly and Mike Pound (from the Numberphile video) are less specific about how to deal with the “plugboard”. They both talk about how IoC is not effective once you get the rotors and order. You have to use digraph and trigraph frequencies to decipher the plugboard arrangement. I didn’t feel like doing that.

Other papers

Apparently, there’s some 21st century interest in ciphertext-only cryptanalysis of Enigma machine.

Modern breaking of Enigma ciphertexts. Cryptologia dates from 2017, 22 years after Gillogly’s paper.

Ostwald, O., & Weierud, F. (2017). Modern breaking of Enigma ciphertexts. Cryptologia, 41(5), 395–421. https://doi.org/10.1080/01611194.2016.1238423

Enigma variations, an extended family of machines

by David H. Hamer, Geoff Sullivan and Frode Weierud

This is a hole with no bottom.

Further Questions

How does Enigma tie in with Crypto AG cipher machines?
Did Index of Coincidence work on Crypto AG machines’ output?
- since IoC worked on my somewhat enigma-like simulator, it probably did.