Friday, December 30, 2011

Update

Time for a holiday treat ! File HW 40/186 ''Activities of the Reichsluftfahrtministerium Forschungsamt (Research Bureau of the Air Ministry), mostly from POW reports'' has been uploaded to the Ticom folder.(110 pages - 40Mb)

Tuesday, December 27, 2011

Soviet Diplomatic Code 26 and the elusive Dr Roeder

The Soviet Union used several cryptologic systems in order to protect its communications from the rest of the world. The diplomatic service initially relied on the single transposition cipher and later 3-figure codes also transposed (1). In the early 1920’s a new basic system appeared. Several 2, 3 and 4-figure codes were used, enciphered with large additive tables (1.000 5-figure groups in 100 rows of 10 groups each).

These systems offered limited security and were read by codebreakers in Germany (2) and in Britain (ARCOS case). In 1927 the British authorities raided the Arcos company that acted as a front for Soviet espionage and in the ensuing investigations released information coming from deciphered Soviet telegrams. The compromise of their diplomatic codes led the Soviet authorities to introduce a new enciphering procedure.
From that time on the Soviet diplomatic service used figure codes enciphered with one time pads, a system which if used properly is theoretically unbreakable. Other Soviet agencies operating abroad such as the Trade organization and the intelligence services NKVD and GRU also used codebooks enciphered with one time pads.

However it seems that there were certain errors in the way the system was used and thus some communications were again compromised in the 1940’s.
Several sources claim that during WWII there were problems in printing the large number of random pads and someone decided to reuse those already printed in more than one link . This allowed the Americans to solve some Soviet intelligence service messages sent during the period 1942 -48. This program was called VENONA and it uncovered many high placed spies inside the US and Britain.

If the Anglo-Americans could read some Soviet communications enciphered with one time pad, could other countries have done the same? What about the Germans ? Did they have any success with Soviet diplomatic codes?

Let's take a look at the European Axis Signal Intelligence volumes :

From EASI vol6 - The Foreign Office cryptanalytic section  , p31
 
y. Russia. Work on Russian diplomatic systems does not seem to have been a Pers Z S commitment. Dr. Kunze made it clear that Russian systems had been read up until 1927, but that no success had been achieved after that time. Presumptively he had reference to the introduction of one-time pads. Lt. Colonel Mettig of Signal Intelligence Agency of the Supreme Command Armed Forces (OKW/Chi) stated that "after a certain date" (which he could not remember), no Russian diplomatic traffic was attempted, either by his agency or Pers Z S.
This paragraph creates more questions. If the Pers Z did not work on Soviet diplomatic traffic who did ? The only other organizations that tackled diplomatic traffic were OKW/Chi and the Forschungsamt.
   


From EASI vol7 -  Goering’s Research Bureau , p84

Russian Systems.
Diplomatic Code and Additive.
Sauerbier mentions a few  people who were engaged in a fruitless attack on Russian diplomatic traffic. This attack culminated in the belief that the system was a code with a non-repeating additive. (I-162.)

From EASI vol3 -  Intelligence Agency of the Supreme Command Armed Forces , p63
f. Russia. The Russian desk was under Professor Nowopaschenny. Wendland, the head of the practical cryptanalysis section, (Section V) was also interested in Russian. It is known that, as early as 1934, Nowopaschenny was connected with the Cipher Section, and was interested at that early date In Russian problems. At that time, Russian military traffic was being worked on. During the war, the Russian section was small, and it seems to have been able to accomplish nothing. Mettig stated definitely that Russian diplomatic traffic was enciphered with a one-time pad and was never read. Traffic was intercepted from time to time and tested, but the desk never had any luck.The Foreign Office People said that up to the time of Stalingrad the Army read a Russian diplomatic system based on a one-time pad.They were probably mistaken. The system read vas almost certainly a military system. We know that such a system was read. A diplomatic system would not have been handled by the Army.
The military one-time pad read in 1942 was of course the 5-figure code used by the Soviet High Command and not a diplomatic system.

If the Germans had no success with Soviet diplomatic codes during the war how can we explain the following message by Oliver Kirby :



[Source: Robert Louis Benson and Cecil J. Phillips, History of Venona (Ft. George G. Meade: Center for Cryptologic History, 1995)]

The diplomatic code 26 was one of the codebooks captured by the Finns at the Soviet Consulate at Petsamo on 22 June 1941.The other books were the NKVD Pobeda code , a GRU codebook and a Naval GRU codebook (3).These were shared with the Germans and Japanese.

Strangely there is no mention of these books in the European Axis Signals Intelligence volumes. In volume 8 p77 two Russian systems are mentioned as being  physically compromised ,during the war, but no further details are given…
I’ve tried to find information on dr Roeder but I have been unable to locate any person by that name working at Pers Z. Another possibility is that Roeder worked for another German agency. There was a Roeder, head of group VI of OKH/GdNA but in his interrogation it is mentioned that he was captured by Allied troops in the South of Germany. Kirby was in the North.
Were the Germans able to read Soviet diplomatic messages? Cryptologia article ‘’The road to German Diplomatic ciphers’’ by Michael van der Meulen mentions that Paschke of the Pers Z in his memoirs clearly states that Soviet diplomatic messages were read. The book in question is  ‘’ Das Chiffrier und Fernmeldewesen im Auswärtigen Amt’’,Bonn-1957.

According to EASI vol6 ‘’While junior in grade to Schauffler, Dr.Paschke during the latter years of the war became, with Schauffler, the joint head of Pers Z S. So he should know…
Dr Adolf Paschke worked in the Foreign Ministry's deciphering department Pers Z and was head of the linguistic cryptanalysis group. In the recently declassified TICOM report DF-111 ‘Comments on various cryptologic matters’ he says that Soviet diplomatic communications were indeed solved in the period 1927-1930 since the Soviets used each additive page twice (4).
From 1930 the system was changed and the pads were no longer reused. However Paschke had identified the use of the same tables more than once in the same circuits and he believed that if the entire traffic of different organizations (diplomatic and NKVD) was examined more of these repetitions would be uncovered (5).
Regarding solution of the current Soviet OTP system he did not mention any success but cryptically stated that Russian material of the Forschungsamt and the High Command’s deciphering department OKW/Chi were destroyed during the war (6).
Could the Germans have solved any messages during the war? There are three theoretical possibilities on how they could have done so :
1).The one-time tables were reused. This was the basis of the American Venona breakthrough. The Germans were able to read Soviet military messages enciphered with one-time pad thanks to reuse of the tables. Perhaps they did something similar with diplomatic traffic.


2).The success was achieved not against the one-time pad but against the emergency enciphering procedure. This was a simpler way to encipher messages when there was no supply of OTP. The Japanese read messages on this system from embassies/consulates in Seoul, Dairen, Australia, Harbin, Hakodate (7).


3).They were able to reconstruct the one-time pad algorithm. The Anglo-Americans were able to discover the algorithm used by the German Foreign Ministry in creating their ‘’random’’ additive tables in late ’44 and messages were decoded in 1945. Did the Germans have similar success? A major effort to identify the OTP algorithm was carried out during the war by the Army’s Signal intelligence agency but it yielded no results (8).

I believe that there is more to this story than has been presented so far. Unfortunately we are at the mercy of the NSA and GCHQ .If/when they release new material then we will know more.

Notes:

(1). TICOM DF-111, p4-5
(2). TICOM DF-111, p6

(3). ‘Venona’ p4 by Nigel West
(4). DF-111, p7

(5). DF-111, p12-15
(6). DF-111, p18

(7). JMA/SAC 77 plus others found in British archives HW 40/29
(8). Ticom I-205 ‘Detailed interrogation report of former Regierungsbaurat Johannes Anton Marquart of OKH/Gen.d.NA’


Sunday, December 25, 2011

Bletchley Park vs Berlin – The North African Seesaw

 All told, Britain arguably lost the signals intelligence war in that theatre between January 1941 and May 1942, and certainly did worse and suffered more damage there than it ever did in the Atlantic.

                           Robert Ferris ,‘’ Intelligence and strategy: selected essays’’ chapter 4

In my posts so far I’ve only dealt with the good people of Bletchley Park in the Typex compromise story. Now it’s time to change that and take a closer look at the performance of German vs British  codebreakers in actual campaigns of WWII.

This part will be about the fighting in N.Africa. My goal is to look at the codesystems of both countries and see which side had the advantage and for how long. Obviously I’ll also have to mention the successes each side had with other codes ( Italian ,American, Free French),however my main focus is on German and British codes.

From all the information I’ve seen it’s clear that the German side had a major advantage in the period 1941 to summer 1942 both in high level and tactical systems. The Enigma keys used by Rommel proved to be too much for Bletchley Park and the keys of the German navy in the Med also resisted attack.

The Brits were successful with the Luftwaffe keys used in the Med (‘’Red’’,‘’Light blue’’,’’Scorpion’’ among others) plus the could read Italian codes. They only read Rommel’s key Chaffinch (Chaffinch I : General , Chaffinch II : Comm between Panzerarmee Afrika and higher authority , Chaffinch III : Administrative ) thanks to captured material  in 17 Sept -19 Oct '41 and from 2 Noc -6 Dec '41 ,with some regularity and  often a week or more late. The operational Enigma key of Panzerarmee Afrika Phoenix (for use between Army,Corps and Divisions) was captured during Crusader (18 Nov ’41) and traffic read up to 23 Nov ’41 , then not broken until summer ’42.

The Chaffinch key was broken again on 10 April 1942 when 50% was read with a delay of a week or more. For the rest of ’42 all three keys were broken but with differing degrees of success. On average half the days were ‘broken’ and half of the breaks were achieved within 48h after receiving the messages.

June was also the month that the Phoenix key was broken  but it was usually read after a delay of several days.

Here are the detailed statistics concerning British success with German army ‘keys’ in N.Africa in 1942:


German army 'keys' broken by Bletchley Park -N.Africa 1942
Month
Chaffinch I
Chaffinch II
Chaffinch III
Phoenix
Jun-42
2
11
20
16
Jul-42
6
16
13
7
Aug-42
8
15
13
16
Sep-42
14
19
14
25
Oct-42
18
22
21
27
Nov-42
17
28
23
18
Dec-42
12
14
19
12

 

It should however be mentioned that at the same time that Bletchley Park was finally able to decode Rommel’s Enigma ‘keys’ another means of communication had become available to him. This was a microwave link from Derna, Libya to Athens, Greece via Crete. From there communications could be routed to Rome and Berlin. As far as I know this link was secure from eavesdroppers.

Regarding naval Enigma the U-boats in the Med used a modified form of the Home waters key from 1st October 1941 .GCCS was able to read their traffic till the key was changed in February 1942.Then no success until December 1942.

Surface ships and shore authorities in the Med and the Black Sea used the Porpoise key, which resisted attack until August 1942. By September it was being read regularly.

During the campaign low level Italian military codes were read continuously but their high level codebooks proved more secure (almost completely in 1942). The main problem for the Italians was that their naval machine ciphers were decoded and resulted in the sinking of convoys carrying supplies to Rommel’s forces. The machines in question were the commercial Enigma and the Hagelin C-38 (the main culprit).

While the Brits unsuccessfully tried to read Rommel’s communications ,the German codebreakers were  decoding messages in British high level systems :

The Army’s War Office Cypher (Army universal high-grade codebook, carried traffic between Whitehall, commands, armies, corps and, later, divisions) was read in the Med area from summer 1941 to January 1942.It gave accurate information on  8th Army’s strength and order of battle. The information on British tank strength seen in German decoded messages was so accurate that the War office ‘’was very concerned’’. [Source: British intelligence in the Second World War vol2,p298]

The RAF Cypher (high-grade codebook) was read in the Med from early 1941 until November 1942.Most messages were solved ‘’within 5-10 days’’ according to Voegele chief cryptanalyst of the GAF.

The RN’s Code and Cypher plus low level codes were read. According to report ADM 1/27186 messages in Naval Code No1 were read in 1941.In May ’41 a copy of Naval Code No1 was captured from HMS York ,sunk in Suda Bay Crete. It’s successor Naval Code No2 was broken in 1942 and a high proportion of traffic recoded by Auxiliary Vessels Tables was read.

The more high level Naval Cypher No2 (in use from Aug’40 to Jan’42) and No4 (used from Jan’42 to June’43) were also compromised. A summary of B-Dienst’s success with them follows :

1.     Naval Cypher No2 :First read Sept '40.Oct' 40 setback (change in encyphering procedure) .From March '41  until Sept '41 limited ~10%, ,from then on  high.

2.     Naval Cypher No4: First read March '42.By Oct '42 reconstructed. Messages relating to convoy movements in the Pacific ,Indian ocean and Red sea were read.

The Interdepartmental Cypher (used by Foreign Office,Colonial,Dominions and India offices and the services. Also used by Admiralty for Naval Attaches,Consular Officers,Reporting Officers)  was read extensively. It allowed the Germans to keep track of negotiations between Turkey and Britain. [Source: HW 40/85]

As if all these compromises were not enough the Brits were the victim of one of the most embarrassing episodes of the war. The American military attaché in Cairo colonel Bonner Fellers continuously transmitted (in the Military Intelligence Code) British plans , appreciations and strength and loss reports.

The Free French were also guilty of using faulty codes but Fellers telegrams were so important that everything was organized to intercept them and decode them in the fastest way possible. From early 1942 until July he was unintentionally providing the Germans with invaluable information.

In the tactical field the Brits did even worse. Due to the lack of a machine cipher for division downwards they had to rely on hand ciphers of limited security. They also resorted often to radio telephone communications that offered no secrecy. Attempts to disguise their conversations by using code words did not usually hinder the German eavesdroppers.

Unfortunately these security lapses on behalf of the British forces meant that  Rommel’s intelligence unit NFAK 621 ,headed by the able Captain Seebohm, was much more successful than it ought to be.

By solving low level codes , overhearing British commanders talk on the radiotelephone and using direction-finding and traffic analysis they were able to provide Rommel with a more or less accurate Allied  order of battle. The effect of this unit was a major multiplier of German military strength.

Especially in conditions of mobile warfare ,when messages were exchanged quickly with little regard for security ,Seebohm’s men gave Rommel the edge.

Their loss in 10 July 1942 when the unit was overrun by the Australian 2/24th Battalion crippled Rommel’s signal intelligence capability at a moment he needed it most .

So how did the Brits manage to win that campaign? From what I’ve mentioned so far it seems they were seriously beaten in the intelligence field ( in the period 1941-summer 1942)

First of all both sides were able to get some information about each other’s strengths and dispositions from various sources ( aerial photo-reconnaissance ,spies , army recon units , low level codes ,traffic analysis and D/F ).  Also both sides made mistakes and miscalculations from the intelligence they got. But more importantly there were many more factors influencing victory and defeat than merely signals intelligence.

Rommel’s main problem was his inability to provide supplies for his forces at long distances from his supply ports.Even though the RN was able to sink a lot of Italian supply ships the problem was not lack of supplies but inability to transport them far from the ports. This fact is discussed in detail by Martin van Creveld in ‘’Supplying War: Logistics from Wallenstein to Patton’’ . Rommel’s trucks burned more gas than they were carrying to the front because of the long distances involved. No amount of codebreaking could change that….

Even though Rommel was defeated at El Alamein he only managed to get so far with the help of signals intelligence. His reckless style of command would have led to disaster without this ‘’hidden ace’’. Such successes however heavily depended on silly British mistakes.

After July 1942 things changed fast. Once the British forces captured Seebohm’s unit they realized the extent of their compromise and immediately changed their signal procedures and codes. From then on the Brits would be considered ,by the Germans ,to have the most secure signal communications of any  Allied nation.

In the second half of 1942 the Germans not only lost their access to the British code systems that I mentioned earlier but  practically all their codes were being read. By reading Rommel’s keys the Brits got the strength reports for his troops and vehicles. The biggest success of Bletchley Park was a decoded signal sent to Middle East Command on 17 August 1942.This was  ‘’perhaps the most important single item of information that the Enigma had yet contributed to the desert campaign’’ [Source: British intelligence in the Second World War vol2,p298]. The decrypt of a Panzer Army appreciation ,It contained an outline of Rommel’s intentions for the coming offensive.

However the location of his units was not revealed from the Enigma :  No Enigma decrypt giving a comprehensive account of the Panzer army’s dispositions was obtained after 30 April 1942 ; that of 30 April -a Chaffinch decrypt- showed that the bulk of the enemy’s armour was in the north, but mentioned that some  elements of the DAK were ‘at the moment’ operating at the south of the line ‘to secure the southern flank’. [Source: British intelligence in the Second World War vol2,p722]

How was Rommel able to save his forces from annihilation and retreat to Tynisia in good order ? The answer is the same as before .Signals intelligence although of great importance cannot win battles. The Germans still had well equipped ,well trained and well led troops and they did not hesitate to move new units to Tunisia to counter the Allied landings.

In Tunisia the field was leveled as the American forces were very careless with the use of radio. The Free French forces also continued to make mistakes and use insecure codes. Still after a few successes the Axis forces were defeated.

So what are the lessons to be learned from the North African campaign?

First of all it is more important to protect your own codes than it is to read the enemy ones. The Germans definitely did much better than they should have against British codes in N.Africa. If the Brits had a machine cipher in widespread use for forward units things would definitely have been different for Rommel .A simple machine like the Hagelin C-38 if used correctly would be beyond the capability of his mobile unit NFAK 621 and messages could only be solved at higher headquarters with significant delay if at all. A small number of speech scramblers would also have meant that his units would have been destroyed in June 1942.

It is also apparent that codebreaking is important but not decisive. Having information is of no use if you can’t exploit it to your benefit. For example by reading Italian naval codes the Brits were able to sink a lot of supply ships. However due to bad luck on 18 Dec ’41 their naval K force (2 cruisers plus 2 destroyers) operating out of Malta drifted into a minefield and out of 4 ships 2 were sunk and 2 heavily damaged. This disaster coupled with the Luftwaffe campaign against Malta meant that during the first half of ‘42 the Italian navy was able to transport supplies virtually unmolested despite the Allies knowledge of their routes and schedule.

Rommel’s successes can definitely be attributed in some part to his superiority in signals intelligence but that advantage would have meant nothing if his forces didn’t also have good equipment , communications , logistics and training.

In the end the German successes with British codes have to be attributed in part to poor security on the part of the Brits. They continued to use codebooks that they knew were in German hands , they used tactical codes that were easy to solve and for inexplicable reasons they used the radiotelephone as if they were back home talking to a friend. Once these silly errors were corrected and once Bletchley Park started solving German army and navy enigma keys the roles were reversed .In a month Rommel’s best source of intelligence dried up for good.

Authors and academics that present the Ultra story in triumphant terms should take a good look at the N.African campaign and the defeat of Allied codes in the period 1941-summer 1942. The people at Bletchley Park were not the only ones skilled in codebreaking.

Sources : Intelligence and strategy: selected essays , British intelligence in the Second World War vol2 , Ticom reports: I-112 , I-113 , I-51 , War Secrets in the Ether , Rommel's intelligence in the desert campaign, 1941-1943 , FMS P-038 German Radio Intelligence , CSDIC SIR 1704 , American Signal Intelligence in Northwest Africa and Western Europe , HW 40/85

Acknowledgments: I have to thank Ralph Erskine for the Chaffinch and Phoenix key statistics.

Thursday, December 22, 2011

Update

I uploaded file TICOM DF-112 ‘’Russian decryption in the former German army’’ by Alex Dettmann chief of the Russian section of the Army Signal intelligence agency OKH/GdNA (previously In. 7/VI ).

Calling the file interesting would be an understatement of massive proportions. Dettmann gives an overview of all the Russian code systems plus the success that German sigint had against them. The information on the high level codes ( Army and Airforce 5-figure, NKVD 4-figure) is the most important.

I have to thank mr Michael van der Meulen for sending me this file.

Tuesday, December 20, 2011

French Hagelin cipher machines

During the 1930’s and 40’s the military and civilian authorities of many countries began to purchase and use cipher machines in order to secure their confidential radio traffic. Cipher machines were more secure than the book systems that they replaced and they encoded/decoded faster. The main players in the international market were the well known Enigma machine in its commercial version and the products of Boris Hagelin, mainly the ‘small Hagelin’ C-36 and ‘large Hagelin’ B-21/211.

French Army codes and ciphers

The French military and civilian authorities used for their secret communications several codebooks, both enciphered and unenciphered. Individually these systems did not have a very high degree of security but it seems that the French strategy was to overwhelm enemy codebreakers through the simultaneous use of a large number of different codebooks (1). Additionally, it is possible that the French Army’s cipher bureau overestimated the security of the encipherment procedures used with the codebooks.

The French Army acquired cipher machines in the second half of the 1930’s, specifically the Hagelin models C-36 and B-211. By 1939 there were about 2.000 C-36 and 115 B-211 machines in use. The B-211 was used at the level of Army Corps and by the High Command. The C-36 was used as a mid level cipher for Armies and Divisions in France and N. Africa (2).

The B-211 and C-36 continued to be used by the Free French Forces during the period 1942-45 in N. Africa and Italy. However, from 1943 the C-36 was gradually replaced by the US M-209 cipher machine (3). 

German solution of French Army cryptosystems

According to the available information the B-211 machine proved secure during the period of the Phoney war and the Battle of FranceOn the other hand C-36 machines were captured and by July ’40 that traffic was read (4).

After hostilities ended the cryptanalysts of the German Army’s signal intelligence agency Inspectorate 7/VI (later OKH/GdNA) managed to acquire these cipher machines and they found ways to retrieve the internal settings and read this traffic. Initially their research was only of a theoretical character since no new traffic was being intercepted on these systems. However once the Free French forces of General De Gaulle started using them again in 1942 they were in a position to benefit from their earlier research.

In the case of the C-36 the methods of solution were successful against field traffic in the period 1942-45. Messages of the large Hagelin B-211 however could not be solved. The reason was that the French had anticipated the German efforts to read their codes so they physically modified the B-211.

Thanks to the solution of the C-36 the Germans were able to decode French traffic in North Africa and Italy in the period 1942-44. The Anglo-American authorities however were aware of the insecurity of French codes so they provided the M-209 (American version of Hagelin C-38) to the French forces fighting in Italy. The Germans were also able to read traffic on this system but not as much as they had with the C-36. The M-209 was an inherently more secure cipher machine (6 wheels instead of 5 in the C-36). (5)

Apart from the Army agency In. 7/VI the Signal intelligence agency of the Supreme Command - OKW/Chi seems to have successfully solved the C-36, however not many details are known about their work. The methods of solution are given in Ticom I-45 ‘OKW/Chi Cryptanalytic research on Enigma, Hagelin and Cipher Teleprinter machines’ (6) 
Overview of German exploitation of French cipher machines
Information on the German exploitation of French Hagelin cipher machines is available from various TICOM reports (7) and from the War diary of Inspectorate 7/VI.

A summary is given by colonel Mettig, head of In. 7/VI from November 1941 to June 1943. From TICOM I-78 Interrogation of Oberstlt Mettig on the History and Achievements of OKH/AHA/ln 7/VI, p4 and 9

France
With the opening of the offensive in May 40, the French began to use ciphers in increasing quantities. The Germans soon felt an acute shortage of forward cryptographers and were therefore unable to undertake much work on the French forward ciphers. As a result, the forward units concentrated on the two French cipher machines, the B-211 and C-36. Progress was slow, but as a result of research on two captured C-36 machines, Army Group C was in a position, by Jul 40, to undertake satisfactory reading of the traffic. Likewise it was impossible to break the B-211 machines in time for that information to be of any value. Nevertheless the research undertaken during this period was to justify itself later.



Referat France
This section lost a lot of its importance after the campaign of 1940. It concentrated on watching the communications of the VICHY Government which was supposed to inform the Germans of their cipher procedures. Breaches of regulations committed by the French were reported to the Disarmament Commission at WIESBADEN and rectified. The retention of captured French documents and the further investigation of the French cipher machines C-36 and B-211 justified itself in that the initial de Gaullist WT traffic in NORTH AFRICA for 1942-43 was undertaken through those methods. It was possible to read all these techniques at the start but how far the success was maintained during 1943 PW cannot say.



These statements can be verified from the war diary of Inspectorate 7/VI.

Hagelin C-36 and C-38 (M-209)
The monthly reports show that in 1941 the C-36 device was extensively investigated and methods of solution found. The methods were refined to the extent that even small messages could be solved.

Report of May 1941:

Report of June 1941:


According to the Army cryptanalyst dr Otto Buggisch (8) the methods of solution were:

C-36 - The theoretical analysis of this in 1940 developed two theoretical methods.
1) Based on frequency of K. as word separator.

2) Statistical - various, depending on the most usable feature of the traffic, low, high letters, etc. The studies made by B. et al. were used by Oberinsp. Kuehn to forestall the introduction of the device into the German Army, as advocated by Major JUNG.
B. says the statistical method was later used in practice and needed 300 letters. He makes general statements about considerable later success with C-36, from 1942 on. (Not pinned down on this.)

In late 1942 French radio traffic on the link Algeria-Morocco was identified as being enciphered on the C-36 and thanks to the previous studies these messages were solved. In German reports the French C-36 was identified as procedure F-19.
Report of December 1942:


In January the internal settings of the C-36 and the indicator system were changed but in February they were solved and for the period March - December 1943 the process could be read continuously with the results communicated quickly to KONA 7 (Kommandeur der Nachrichtenaufklärung - Signals Intelligence Regiment), based in Italy.

Report of May 1943:



By the summer of ’43 KONA 7 could handle the solution of the C-36 with In. 7/VI only processing corrupted messages that did not decode properly. The traffic solved was from N. Africa and had the indicators xab and fva. In October 1943 messages between Algiers and Corsica were also read. In December the traffic dropped off and the Germans suspected that the US M-209 cipher machine had been introduced in French networks.

They weren’t wrong, since according to a British report (9) in early 1944 the US military supplied M-209 machines to the French Forces fighting in Italy. The M-209 was much harder to solve than the C-36 since the internal settings could only be retrieved by finding messages in depth.


However the C-36 continued to be used by French forces and their traffic could be solved. In the first half of 1944 a new indicator procedure hindered the German efforts and messages had to be attacked individually. Information on the new indicator is given by Buggisch in TICOM I-92 ‘Final Interrogation of Wachtmeister Otto Buggisch (OKH/In 7/VI and OKW/Chi), p3
3. Complications in C36. Buggisch could recall no ‘complicated enciphering device’, unless he had meant to refer to the new indicator method introduced in January of 1944. The old indicator system, changed in its details in 1942, had been a letter substitution table, which had been simple. The new system was based on numbers, but he could give no details. Relative internal settings continued to be recovered and a high percent of the traffic solved on cribs and statistics (for any message over 400 letters) until the indicator system was broken in the late summer of 1944. About the same time in 1944 the French had adopted a system of sending internal settings by mean of an ordinary sentence for each wheel, of which the first so many non repeating letters gave the active lug positions. This system was first reported in a broken code message; the knowledge that it existed was of academic interest only, as no keys wore gained from other systems.

Buggisch spoke especially of the successful solution of C36 in 1943, on de GAULLE traffic to CORSICA. He also said that the Southern France landings were largely given away as to date and strength of force by broken C36 traffic.
In June and July 1944 the indicator system was completely solved and the traffic of the previous months decoded. The statement by Buggisch on operation Dragoon can be confirmed in part by British report HW 40/7 ‘German Naval Intelligence successes against Allied cyphers, prefixed by a general survey of German Sigint’, p29

In the Mediterranean area the Germans continued to derive a certain amount of information from low grade French traffic. On 11th August, 1944 a German Army B reports seen in Special Intelligence quoting a Free French signal, thought to be made in Hagelin, which gave details of the allocation of shipping space for the eminent Allied landing in Southern France. The time lag in issue was only about 10 hours, and on the basis of this B-report the German Admiral commanding South coast of France was warned on 14th August of the probability of a landing in his area in the near future.


The German army’s codebreakers continued to solve the C-36 settings till the end of the war.

Hagelin B-211
The ‘large Hagelin’ B-211 was also investigated by the Germans and in December 1941 a breakthrough was made in the solution of the device.

Report of December 1941:


In 1942 research continued and frequency counts were made on the solved messages from past traffic. However in late 1942, when French traffic from N.Africa was intercepted, only C-36 messages could be solved. The reasons were that only a small number of B-211 messages were intercepted and that the French B-211 had been modified in some way. The investigations on the B-211 (called procedure F-20 in the German reports) continued in 1943 and they were carried out at Referat F - Forschung (Research department).
Report of May 1943:

Eventually the German codebreakers reached the conclusion that they could only solve this traffic if they had access to a large volume of messages or captured cipher material.
Report of August 1943:

Hagelin B-211 traffic continued to be investigated during the war but no messages were solved. According to a US report from October 1944 the modified B-211 had a high level of security for the reasons identified by the German codebreakers, specifically the modifications made on the device and the low level of traffic (10).



Conclusion
In conclusion we can say that the French did not fare well in the cryptologic field during WWII .The Germans considered their methods outdated and the Anglo-Americans were constantly irritated by their security compromises (11). 




During the 1930’s and up to the Battle of France their high level codes were read by the Germans (12). In N.Africa and Italy their low and mid level codes compromised Allied plans. Moreover it seems that they continued to use weak cryptosystems even after the end of the war up to the 1960’s (13).
The best thing that can be said about the French is that although they lost the cryptologic war by facilitating the Polish success with the Enigma they fatally compromised the basis of German communications

Notes:
(1). TICOM report DF-187B, p6 and SRH-349 ‘The Achievements of the Signal Security Agency (SSA) in World War II’, p31

(2).  ‘Bulletin de l’ARCSI’ article: Bulletin N°3 1975: Essai d'historique du Chiffre (Add. N°3).

(3). ‘Bulletin de l’ARCSI’ article: Bulletin N°4 1976: Essai d'historique du Chiffre (N°5).

(4). Various TICOM reports including I-78

(5). Various TICOM reports, War diary of Inspectorate 7/VI


(7). TICOM reports I-18, I-23, I-45, I-58, I-78, I-92, I-160


(9). British national archives HW 40/258 ‘Enemy Sigint successes against Allied communications

(10). NARA - RG 457 - Entry 9032 - box 1432 - NR4779 ‘Hagelin use by French’

(11). British national archives HW 40/258 ‘Enemy Sigint successes against Allied communications


(13). Histoire de la machine Myosotis


Solution of the Hagelin C-36 at OKW/Chi:

The Hagelin C-36 cipher machine was not a secure device and it seems that in the 1930’s the codebreakers of OKW/Chi (codebreaking department of the Armed Forces High Command) developed methods of solving it.

According to the NSA report ‘Regierungs-Oberinspektor Fritz Menzer: Cryptographic Inventor Extraordinaire’, p21 in 1936 Fritz Menzer developed two methods for solving the C-36.

Also in TICOM report I-31, p7 dr Huttenhain (chief cryptanalyst of OKW/Chi) stated that the French C-36 type could be solved cryptanalytically (without the use of stereotyped beginnings).

Unfortunately, there is no information on the work they did on the C-36 during the late 1930’s and in 1940. Considering their statements on the security afforded by the device it is possible that at OKW/Chi some French Hagelin C-36 traffic was solved during that time.