Fact-checked by Grok 2 weeks ago

Lorenz cipher

The Lorenz cipher, also known as the Tunny cipher by Allied cryptanalysts, was a German electromechanical encryption device used during World War II for securing high-level teleprinter communications between the German Army High Command and field commanders.^[1] It operated as a Vernam stream cipher, generating a pseudo-random keystream via 12 rotating pinwheels—five Chi wheels (sizes 23, 26, 29, 31, and 41 pins), five Psi wheels (43, 47, 51, 53, and 59 pins), and two motor wheels (37 and 61 pins)—which produced a binary sequence added modulo-2 (XORed) to the 5-bit Baudot-encoded plaintext for encryption and decryption.^[2] This design yielded an enormous key space of roughly 1.6 × 10¹⁹ possible starting positions, further expanded by configurable pin settings to around 10¹⁷⁰ combinations, making it far more complex than the Enigma machine used for lower-level traffic.^[3] Developed by the Berlin-based firm C. Lorenz AG starting in the late 1930s, the cipher attachment (Schlüsselzusatz or SZ) models—SZ40 (introduced around 1940), SZ42a, and SZ42b—were specifically engineered for high-speed, secure transmission of strategic messages over radio teleprinter links, such as those connecting Adolf Hitler’s headquarters to front-line generals.^[1] The first Lorenz-encrypted message was intercepted by British authorities in early 1940, initially dismissed but later recognized at Bletchley Park as a novel high-grade system distinct from Enigma.^[4] By 1941, repeated use of identical wheel settings (known as "depths") allowed cryptanalysts like John Tiltman and Bill Tutte to reverse-engineer the machine's structure without physical access, enabling the construction of specialized decoding equipment.^[3] The breaking of the Lorenz cipher at Bletchley Park's Testery section, using the pioneering Colossus computer developed by Tommy Flowers and first operational in December 1943, provided the Allies with critical intelligence on German plans, including troop movements that informed the D-Day landings in 1944.^[4] An estimated 200 Lorenz machines were deployed during the war, but only four survived post-1945, with decrypts credited by historians as contributing to shortening the European conflict by up to two years through decrypted insights into Axis strategy.^[3] The system's secrecy was maintained until declassification in the 2000s, underscoring its role in the dawn of modern computing and signals intelligence.^[2]

Background

Vernam Cipher

The Vernam cipher, also known as the one-time pad, is a symmetric stream cipher that encrypts a plaintext message by performing bitwise exclusive-or (XOR) operations—equivalent to addition modulo 2—with a random key stream of identical length to the plaintext.^[5] This additive process ensures that each character or bit of the plaintext is combined independently with the corresponding element of the key, producing a ciphertext that appears completely random when the key is truly unpredictable. The method was originally designed for securing teletype communications, where messages are transmitted as binary signals.^[6] Invented in 1917 by Gilbert Sandford Vernam, an engineer at AT&T's Bell Laboratories, the cipher addressed the need for automated encryption in early electrical telegraphy systems.^[5] Vernam filed a patent application in 1918, which was granted as U.S. Patent 1,310,719 in 1919, describing a system where a prepared key tape is synchronized with the plaintext tape to generate the ciphertext via electrical addition circuits.^[7] This innovation marked a shift from manual substitution ciphers to machine-based stream encryption, enabling real-time protection of teleprinter traffic.^[8] Mathematically, the encryption for the i-th bit is defined as:

C_i = P_i \oplus K_i

where P_i is the i-th plaintext bit, K_i is the i-th key bit, and \oplus denotes XOR (modulo-2 addition). Decryption reverses this identically, as:

P_i = C_i \oplus K_i

since XOR is its own inverse.^[9] In 1949, Claude Shannon proved that this scheme achieves perfect secrecy—an information-theoretic guarantee that the ciphertext reveals no information about the plaintext—provided the key is uniformly random, at least as long as the message, and used only once.^[10] Despite its theoretical unbreakability, the Vernam cipher faces significant practical limitations, primarily the secure distribution of the lengthy random key to both parties and the need for precise synchronization between encryption and decryption devices to align the key stream with the message.^[11] These challenges often result in compromises, such as reusing key streams or generating pseudo-random keys mechanically, which reduce security in real-world applications like the German Lorenz cipher during World War II.^[6]

Pre-War German Telegraphy

In the 1920s and 1930s, Germany expanded its teleprinter infrastructure to support military and diplomatic communications, driven by advancements from Siemens & Halske and Telefunken. Siemens & Halske pioneered domestic teleprinter technology, introducing early models around 1930 for automated text transmission over dedicated wire networks, which were increasingly integrated into army signaling units for rapid message relay. Telefunken complemented these efforts by developing radio-based transmission systems, enabling wireless teleprinter links for mobile forces and overseas diplomatic channels, as seen in early naval and air force applications. These networks formed the backbone of secure, high-volume communication, replacing slower manual telegraphy with synchronized start-stop transmission protocols.^[12]^[13]^[14] The technical foundation of these systems relied on the Baudot 5-bit code, a standard adopted across Europe for teleprinters, which represented 32 symbols (including letters, figures, and controls) through combinations of five binary impulses (mark or space). Operating at a standard baud rate of 50 bits per second, these machines achieved speeds of approximately 60 to 70 words per minute (or about 350 to 450 characters per minute), balancing reliability with the era's electromechanical limitations while supporting both wire and radio propagation.^[15]^[16]^[14] Initial encryption efforts for teleprinter traffic employed simple substitution ciphers, where plaintext characters were manually or mechanically replaced according to fixed or periodic keys before transmission. These approaches, often applied to diplomatic and lower-level military messages, suffered from predictable patterns and limited key variation, rendering them susceptible to frequency analysis. Vulnerabilities were exposed through Allied intercepts in the 1930s, notably by Polish cryptanalysts who decrypted German communications, highlighting the inadequacy of such methods for protecting sensitive traffic against determined adversaries.^[16]^[17]^[18] In response to these shortcomings, the German Army in 1937 issued a formal requirement for an advanced secure teleprinter cipher machine to safeguard high-command communications from radio interception and cryptanalysis. This directive launched the Geheimfernschreibmaschine (GFM) project, aimed at creating an automated device capable of enciphering teleprinter output at line speeds without compromising message integrity. The initiative reflected growing concerns over espionage and the need for unbreakable systems in an era of escalating international tensions.^[16]^[19] This project marked a brief transition toward Vernam-style additive ciphers, which promised greater security through character-by-character modulo-2 addition of plaintext and key streams.^[19]

Development and Design

Historical Development

The Lorenz cipher was developed by engineers at C. Lorenz AG (an ITT subsidiary), who began designing the system in 1939 as a secure attachment for teleprinter communications based on Vernam cipher principles. The initial prototype, known as the Schlüsselausrüstung 40 (SZ40), was developed in 1940 and featured 12 wheels for keystream generation, marking the first implementation of this rotor-based additive cipher for high-level German Army use.^[20] Early testing of the SZ40 occurred in 1941 on networks operated by OKW/Chi, the signals intelligence division of the Oberkommando der Wehrmacht (Armed Forces High Command), to evaluate its performance in operational environments. These trials revealed limitations in the key period, leading to design iterations that shifted from initial configurations to the refined 12-wheel setup in the SZ42 model introduced in 1942, substantially increasing the cycle length for greater security. Production commenced in 1942 under C. Lorenz AG, with approximately 200 machines manufactured by war's end to equip strategic command links.^[21]^[22] Further refinements between 1942 and 1943 produced the SZ42a and SZ42b variants, which incorporated the full 12-wheel configuration (5 chi, 5 psi, and 2 motor wheels) to heighten keystream complexity, alongside motor-driven wheel stepping mechanisms that enabled irregular, non-periodic key advancement. These upgrades addressed identified weaknesses and adapted to wartime demands for robust encryption on teleprinter circuits, solidifying the Lorenz system's role in German high-command signaling.^[20]^[23]

Operating Principle

The Lorenz cipher operated as a stream cipher based on a modified Vernam system, encrypting plaintext messages encoded in the 5-bit International Telegraph Alphabet No. 2 (ITA2), also known as Baudot code, which represented each teleprinter character as a sequence of five binary impulses (dots or crosses).^[16] The encryption process applied a character-by-character bitwise addition—equivalent to modulo-2 XOR—between the plaintext impulses and a pseudorandom keystream, producing ciphertext impulses that were transmitted over radioteleprinter links for high-level German military communications.^[24] This method ensured that the resulting ciphertext appeared as seemingly random 5-bit sequences, obscuring the original message without altering its length or format.^[16] The keystream was generated by combining two independent streams: the chi stream (χ), which provided a baseline pseudorandom sequence, and the psi stream (ψ), which added further irregularity to disrupt potential patterns in the chi stream alone.^[24] Initially, the plaintext P was XORed with the chi stream to yield an intermediate ciphertext C' = P ⊕ χ; this was then re-encrypted by XORing with the psi stream to produce the final ciphertext C = C' ⊕ ψ.^[24] Mathematically, this simplifies to the overall encryption formula for the i-th bit:

C_i = P_i \oplus \chi_i \oplus \psi_i

where χ arose from a set of chi wheels and ψ from psi and motor wheels, ensuring the combined keystream lacked obvious periodicity.^[24] Decryption reversed the process using the same keystream, as XOR is its own inverse: P = C ⊕ χ ⊕ ψ.^[24] The security of the system relied on the keystream's irregularity, achieved through a total of 501 pins across the wheels, with a keystream period equal to the product of the wheel sizes (approximately 1.6 × 10¹⁹ bits), which aimed to approximate the randomness of a one-time pad while using a reusable mechanical key.^[25] This design obscured statistical patterns in the plaintext, such as those from natural language in German military dispatches, making the cipher suitable for secure teleprinter traffic but ultimately vulnerable to advanced cryptanalytic techniques due to the finite key space.^[26]

Machine Architecture

The Lorenz SZ42 cipher machine, developed by C. Lorenz AG as an attachment to teleprinter equipment, employed a mechanical rotor system comprising twelve wheels to generate the additive keystream for enciphering 5-bit Baudot code messages. These wheels were divided into three functional groups: five chi (χ) wheels with circumferences of 23, 26, 29, 31, and 41 positions, responsible for producing the primary keystream; five psi (ψ) wheels sized at 43, 47, 51, 53, and 59 positions, which added a second layer of obfuscation to the chi stream; and two motor (μ) wheels of 37 and 61 positions, which dictated the irregular advancement of the psi wheels to enhance security against predictable patterns.^[27]^[2]^[28] Each wheel featured a series of adjustable pins (also called cams) positioned around its circumference, one per contact point, that could be individually set to either protrude (on, outputting a binary 1 via electrical contact closure) or retract (off, outputting 0). This binary configuration allowed each wheel of size N to produce 2^N distinct patterns as it rotated, with the pins determining the specific bits contributed to the keystream at each step. Across all twelve wheels, the total number of pins summed to 501, yielding 2^{501} possible pin-setting combinations and a theoretical key space of roughly 10^{151}, far exceeding practical cryptanalytic feasibility during World War II.^[27]^[29]^[30] The machine's output relied on synchronized electrical contacts embedded in the wheels, which closed circuits to transmit the generated keystream bits in real-time as the wheels rotated. This output connected via a plugboard interface to the host Lorenz teleprinter, allowing seamless integration for both encryption and decryption without altering the teleprinter's native operation; the plugboard facilitated signal routing between the machine's five output lines and the teleprinter's impulse lines, ensuring bit-level alignment during transmission over landlines or radio.^[31]^[32] Earlier variants included the SZ40, developed in 1940 and tested in 1941, which used the 12-wheel configuration (five chi, five psi, and two motor wheels, with motor wheels providing irregular stepping for psi wheels). The SZ42a, deployed from 1942, expanded to the full twelve-wheel configuration with refined motor-driven psi movement, while the SZ42b variant, operational by mid-1944, modified the psi limitation mechanism by incorporating an additional chi wheel influence and shifted to lug-based settings on certain wheels for quicker reconfiguration compared to individual pin adjustments in the SZ42a.^[28]^[27]^[33]

Encryption Process

Key Stream Generation

The key stream in the Lorenz cipher is produced as the bitwise exclusive-or (XOR) of two component streams: the chi (χ) stream and the psi (ψ) stream, each consisting of five bits corresponding to the levels of the International Telegraph Alphabet No. 2 (ITA2) encoding.^[16] This combination ensures a pseudo-random sequence that is added to the plaintext for encryption.^[24] The chi stream is generated by five chi wheels with position lengths of 23, 26, 29, 31, and 41.^[16] Each wheel handles one bit position, outputting a 1 (mark) or 0 (space) based on its current configuration setting.^[32] For every character processed, all five chi wheels advance synchronously by one position, producing a strictly regular, periodic contribution to the key stream.^[24] This uniform stepping maintains a consistent advancement without skips or irregularities.^[16] In contrast, the psi stream originates from five psi wheels with lengths of 43, 47, 51, 53, and 59 positions, also each dedicated to one bit level and outputting marks or spaces similarly.^[16] However, these wheels exhibit irregular stepping controlled by two motor wheels to enhance unpredictability: the first motor wheel (μ_{61}) has 61 positions, and the second (μ_{37}) has 37.^[16] The stepping algorithm operates as follows for each character: the μ_{61} wheel always advances one position; if its output is a mark, the μ_{37} wheel advances, and if the μ_{37} wheel then outputs a mark, all five psi wheels advance one position each; otherwise, the psi wheels remain stationary.^[16] This chained, probabilistic mechanism—where psi wheels either all step or all skip—results in non-uniform advancement, with the psi wheels moving approximately 70% of the time on average.^[24] The overall key stream, combining the regular chi and irregular psi components, achieves a vast period before repetition, determined by the least common multiple of the lengths of all twelve wheels (five chi, five psi, and two motor).^[16] Given that the lengths are pairwise coprime or have minimal common factors, this period approximates the product of the lengths: 23 \times 26 \times 29 \times 31 \times 41 \times 43 \times 47 \times 51 \times 53 \times 59 \times 37 \times 61 \approx 1.6 \times 10^{19} characters.^[16] In the SZ42 variants, a secondary influence from the chi wheels' positions could further modify psi stepping under specific conditions, adding complexity to the irregularity.^[16]

Addition and Transmission

The encryption process in the Lorenz SZ40/42 machine began with the operator inputting the plaintext message directly via a connected teleprinter keyboard, which encoded the text into 5-bit Baudot (International Telegraph Alphabet No. 2, or ITA2) characters for processing.^[32]^[34] Each character was represented as a parallel set of five binary bits, allowing the machine to handle one full character at a time during encryption.^[35] The machine then generated a pseudorandom key stream using its chi and psi wheel assemblies, which the plaintext bits were combined with through modulo-2 addition (exclusive OR, or XOR) performed bit-by-bit across each 5-bit character.^[34] This double encipherment proceeded in two stages: first, the plaintext P was XORed with the chi stream \chi to yield an intermediate result P \oplus \chi; second, this intermediate was XORed with the modified psi stream \psi' (adjusted by motor wheels for irregularity) to produce the final ciphertext Z = (P \oplus \chi) \oplus \psi'.^[34]^[36] The resulting ciphertext appeared as a random sequence of 5-bit pulses, indistinguishable from noise without the exact key settings.^[35] For transmission, the ciphertext was output directly from the machine to the teleprinter, which sent it as asynchronous 5-bit pulses over secure landlines or, less commonly, radio links to the receiving station.^[32] Synchronization between sender and receiver was maintained through start-stop signaling inherent to the teleprinter protocol, where each character began with a start bit and ended with 1.5 stop bits to align the bit stream without requiring additional clocking mechanisms.^[34] At the receiving end, an identical Lorenz machine, set to the same wheel configurations, decrypted the message by reversing the XOR operations with the chi and psi streams.^[35] Operational procedures included changing the wheel settings to generate a new daily key, with pin (cam) patterns for chi and psi wheels changed monthly until approximately January 1944, when daily changes were introduced on major links; motor wheel patterns changed daily earlier; and starting positions adjusted daily. Key lists for pin patterns were distributed monthly via secure couriers, while daily starting positions were coordinated using pre-shared codebooks or low-grade channels to prevent key reuse across multiple days.^[32]^[34]^[3] To mitigate risks from "depth" (where multiple messages encrypted with the same key segment could reveal patterns through XOR of ciphertexts), operators padded messages with null characters, such as repeated figure/letter shifts or random filler text (e.g., "quatsch" sequences), ensuring each transmission used a unique key portion and avoiding overlaps that could compromise security.^[35] This practice was strictly enforced, as depth occurrences were forbidden and could expose the key stream.^[35]

Operational Procedures

The Lorenz cipher machines were primarily deployed on dedicated teleprinter networks for secure high-level communications within the German Army High Command during World War II, including critical links such as "Schoen" and "Octopus" for transmitting commands from Adolf Hitler and the Oberkommando der Wehrmacht (OKW) to frontline headquarters. The "Octopus" link, for instance, connected Königsberg (near the Wolf's Lair) to southern Russia, facilitating strategic orders to the eastern front, while key settings for machine synchronization—such as wheel starting positions—were coordinated daily using pre-shared codebooks or low-grade radio channels, with pin patterns distributed monthly via secure couriers to prevent interception of the primary network.^[37]^[33] Operator training was confined to elite signals personnel in specialized units like the OKW's cipher division, who received rigorous instruction on machine setup, including aligning the 12 wheels to the prescribed indicator and ensuring precise synchronization between transmitting and receiving stations for online teleprinter operation. Procedures emphasized error handling, such as immediate retransmission of garbled messages using identical key settings to allow for verification without compromising security, though this practice occasionally led to detectable patterns in traffic. These trained operators, often numbering in the dozens per major headquarters, were selected for their technical aptitude and loyalty to maintain the system's operational integrity.^[16]^[33] By mid-1944, the deployment had scaled to approximately 200 machines across about 26 active links, supporting a network that handled up to several thousand messages monthly, with individual transmissions typically limited to bursts of 5,000 characters or less to reduce vulnerability during transmission.^[38]^[39] This limited scale reflected the machines' restricted use for top-echelon traffic, contrasting with the more widespread Enigma deployment. Security protocols strictly prohibited operators from repeating phrases or employing stereotyped language, as such habits could aid cryptanalytic attacks, and short messages under a certain length were required to alternate with hand ciphers to avoid over-reliance on the machine. These measures, combined with the periodic key changes, aimed to preserve the cipher's strength for vital command traffic.^[16]

Cryptanalysis During World War II

Interception Methods

The interception of Lorenz cipher signals, codenamed "Tunny" by British codebreakers, began with the detection of unusual non-Morse teleprinter transmissions by Y-station operators in 1941. These signals, operating on high-frequency radio bands between 3 and 30 MHz, were recognized as distinct from standard Morse code traffic due to their rhythmic, musical tone produced by the 5-bit Baudot code pulses. The first experimental Tunny link was intercepted in June 1941, marking the initial encounter with the German Army's high-level teleprinter encryption system.^[24]^[33] A pivotal event occurred on 30 August 1941, when Y-station operators at the Flowerdown station in Hampshire captured two complete messages sent "in depth"—meaning with the same key settings—on the Berlin-to-Athens link, providing about 4,000 characters of aligned ciphertext for later analysis. Interception relied on specialized equipment, including American RCA AR-88 communications receivers installed at dedicated sites like the Knockholt Y-station in Kent, which were used to tune into the narrow bandwidth signals and record the 5-bit pulses onto paper tape or magnetic recorders. These receivers, known for their sensitivity and coverage from 0.535 to 32 MHz, were essential for capturing the high-speed transmissions at rates of around 50 baud. However, operators faced significant technical challenges, including signal fading due to ionospheric variations and interference from atmospheric noise or enemy jamming on long-range links spanning thousands of kilometers across Europe.^[24]^[40]^[41] Traffic analysis played a crucial role in distinguishing Tunny from other German teleprinter systems, such as the Siemens T52 codenamed "Sturgeon." Operators identified Tunny by its consistent pulse patterns and message indicators, focusing on key strategic links like Berlin-to-Florence and Berlin-to-Rome, which carried high-command directives. By mid-1942, daily Tunny message volumes had grown to dozens per link, with total traffic reaching hundreds of messages per day across multiple circuits as German forces expanded operations. The network of interception stations proliferated from initial coastal sites to inland facilities by 1943, enabling coverage of up to 80% of all Tunny traffic through coordinated direction-finding and relay recording. These intercepts were then forwarded via landlines to Bletchley Park for processing.^[24]^[19]

Initial Code Breaking

In September 1941, cryptanalyst John Tiltman analyzed the depth intercepted on August 30, providing nearly 4,000 characters of keystream recovered through manual methods, which formed the basis for further structural deductions. The subsequent efforts to break the Lorenz cipher, codenamed Tunny at Bletchley Park, were influenced by Alan Turing's work on the Fish family of ciphers. Turing initiated the Fish project in the second half of 1941, focusing on intercepted teleprinter traffic from the Vienna-Athens link, and by July 1942, he developed "Turingery," a manual method using paper and pencil to analyze key streams through differencing techniques.^[37] These hand methods exploited message depths—cases where multiple messages shared identical wheel settings—to detect the 5-bit Baudot code structure and reveal patterns in the ciphertext, such as tabulating the fifth impulse of the second letter against message indicators to deduce wheel movements between subsequent letters.^[37] By December 1942, Turing's approaches had laid the groundwork for systematic attacks, enabling the first operational reads of Tunny traffic despite the absence of physical machines.^[37] A major breakthrough came from mathematician William Tutte in November 1942, who deduced the existence of rotating wheels generating the key stream from statistical analysis of repeated patterns in a depth of about 4,000 characters from two messages intercepted on August 30, 1941.^[24] Without access to the machine, Tutte inferred a 12-wheel structure by applying delta tests to the ciphertext, where the delta operator is defined as \Delta C_i = C_i \oplus C_{i+1}, with \oplus denoting bitwise XOR; this differencing highlighted regularities in the chi stream produced by five chi wheels that advanced consistently.^[37] His "1+2 break-in" method targeted the first two chi wheels, allowing reconstruction of the chi stream segments through probability-based scoring of delta alignments, marking the first viable attack on single messages without relying on depths.^[37] Tutte's insights extended to distinguishing the roles of the chi and psi components: the chi wheels generated a pseudo-random stream added to the plaintext, while five psi wheels produced an irregular stream added to the chi output, with psi movements controlled by two motor wheels that introduced predictable staggering—typically advancing four out of five times, favoring the binary '0' (dot) in about 70% of positions.^[24] He estimated wheel lengths via period hunting, identifying repeats in the streams to pinpoint sizes such as 23, 26, 29, 31, and 41 bits for the chi wheels, and longer patterns for the psi wheels (43, 47, 51, 53, 59 bits) and motor wheels (37, 61 bits), which facilitated targeted searches for alignments.^[37] These theoretical advances enabled the first reads of current Tunny traffic by July 1942, with the indicator method allowing consistent decrypts of operational messages shortly thereafter.^[37]

Decryption Machines

Following the initial theoretical breakthroughs in cryptanalyzing the Lorenz cipher, British engineers at the Government Code and Cypher School developed specialized machines to automate the decryption process, transitioning from manual methods to electromechanical and electronic systems. The first such device was the Heath Robinson, a prototype introduced in 1943 to correlate key streams with intercepted ciphertexts.^[40] Designed by Max Newman and built at the Post Office Research Station in Dollis Hill, it employed two optical tape readers derived from those used in Turing's Bombe machines for Enigma decryption.^[42] One reader processed the punched paper tape of the intercepted ciphertext, while the other generated candidate key streams mimicking the chi-wheel patterns of the Lorenz machine, allowing the system to perform XOR operations and count coincidences to identify likely wheel settings.^[43] Delivered to Bletchley Park in June 1943, Heath Robinson operated at speeds exceeding 1,000 characters per second but was severely limited by the mechanical synchronization of its dual tape readers.^[42] The tapes, driven by motorized sprockets and later friction mechanisms, frequently stretched or tore under high-speed looping, causing misalignment and reducing reliability for longer messages.^[42] To overcome these mechanical constraints, engineer Tommy Flowers proposed an all-electronic alternative that eliminated the need for a second physical tape by generating key streams via vacuum tube circuits. The resulting Colossus, the world's first large-scale programmable electronic digital computer, was completed in December 1943 and operational at Bletchley Park by January 1944.^[44] Flowers' design incorporated approximately 1,600 to 2,500 vacuum tubes (thermionic valves) for logic and counting operations, enabling parallel processing of the intercepted tape against multiple candidate wheel settings simultaneously.^[45]^[46] A single high-speed optical reader ingested the ciphertext tape at up to 5,000 characters per second, while electronic thyratron rings and diode-based gates produced chi-wheel patterns on-the-fly.^[47]^[48] The machine's core functionality involved computing delta-chi (Δχ) differences between the ciphertext and test key streams, then counting coincidences—matches in the resulting patterns—to score and rank potential wheel start positions, with the highest scores indicating correct configurations.^[44]^[47] Subsequent iterations, particularly the Colossus Mark II introduced in June 1944, expanded capabilities to include decoding of the psi wheels after chi settings were established, using similar coincidence-counting techniques adapted for the more complex psi patterns.^[47] These improvements allowed Colossus to handle the full wheel-setting process more efficiently, processing messages through Boolean functions and cross-correlations in a single pass. By the end of World War II in 1945, ten Colossus machines were deployed at Bletchley Park, collectively decrypting tens of millions of characters from Lorenz-encrypted traffic, often reducing the time from interception to readable plaintext to mere hours.^[44]^[48] This electronic automation marked a pivotal advance, enabling the timely exploitation of high-level German communications.

Key Personnel and Teams

The breaking of the Lorenz cipher at Bletchley Park relied heavily on coordinated teams and key individuals who combined mathematical insight, linguistic expertise, and engineering prowess under strict secrecy protocols. The effort was divided primarily between two specialized sections: the Testery, responsible for recovering message settings through manual methods, and the Newmanry, focused on determining wheel patterns using statistical and mechanized approaches. These teams operated within the broader Ultra program, which enforced compartmentalization and oaths of secrecy to protect the intelligence derived from decrypted German high-command communications.^[37] Leadership of the Testery fell to Major Ralph Tester, who established the section in July 1942 with a small group of founding cryptanalysts including Captain Jerry Roberts, Captain Peter Ericsson, and Major Denis Oswald. Roberts served as a shift leader, managing daily operations alongside linguists and codebreakers who handled the intricate task of settings recovery. The Testery grew to include over 200 personnel by the war's end, organized into three rotating shifts—9 a.m. to 4 p.m., 4 p.m. to midnight, and midnight to 9 a.m.—enabling continuous 24/7 decryption efforts that processed tens of thousands of intercepted messages.^[49]^[37]^[50] The Newmanry, founded in mid-1943 under the oversight of mathematician Max Newman, complemented the Testery by tackling the logical structure of the Lorenz machine and developing aids for wheel pattern identification. Newmanry teams, numbering over 100 personnel including around 325 by April 1945 (with 22 cryptographers, 28 engineers, and 273 Women's Royal Naval Service operators), were instrumental in advancing the use of early computing devices for decryption. Key cryptanalysts in the Newmanry included William Tutte, who deduced the machine's wheel configuration, and I. J. Good, who applied statistical methods to refine breaking techniques; Donald Michie also contributed significantly to these efforts as a young cryptanalyst. Engineers like Tommy Flowers collaborated closely to support machine operations, ensuring the teams could handle the volume of traffic efficiently.^[37]^[49]^[50] Support roles were vital, with Women's Royal Naval Service (WRNS) members—comprising about 75% of Bletchley Park's workforce by 1945—preparing punched tapes and operating equipment across both sections. This organizational structure, marked by shift-based collaboration and unwavering secrecy, allowed the teams to decrypt up to 90% of Lorenz traffic during peak periods, providing critical intelligence without compromising operational security.^[50]^[51]^[49]

Post-War Legacy

Surviving Machines and Artifacts

Few original Lorenz cipher machines survive from World War II, with estimates indicating only four complete examples remain. One such machine, an SZ42 with serial number 1137 used at the German headquarters in Lillehammer, Norway, was seized by Norwegian secret services at the war's end in 1945 and is now on long-term loan to The National Museum of Computing (TNMOC) at Bletchley Park, United Kingdom.^[40]^[52] Another original SZ42 is preserved at the Heinz Nixdorf MuseumsForum in Paderborn, Germany, where it was demonstrated during a 2007 international cipher event involving live encryption and transmission.^[53] A Tunny variant of the Lorenz machine is exhibited at the National Cryptologic Museum in Fort Meade, Maryland, United States. The fourth complete example is held at the Deutsches Museum in Munich, Germany. In 2016, TNMOC acquired a rare teleprinter component from an SZ42 cipher machine, originally listed for sale on eBay as a generic "telegram machine," enhancing their collection of German encryption artifacts.^[54] British efforts to reconstruct decryption equipment related to Lorenz cryptanalysis have resulted in functional replicas. A working rebuild of the Colossus computer, first operational in 2007, is maintained at TNMOC and demonstrates the electronic processing used against Lorenz-encrypted messages.^[51] Additionally, a reconstruction of the Heath Robinson machine—a mechanical precursor to Colossus—was completed and restored in 2019 at the same museum, featuring original-style paper tape readers and logic circuits.^[55] Other preserved artifacts include intercepted paper tapes containing Lorenz-encrypted messages, spare wheel sets, and operational documents, which are archived at the UK National Archives in Kew; many were declassified in the early 2000s following Government Communications Headquarters (GCHQ) releases.^[56] Today, surviving machines and artifacts enable public demonstrations of Lorenz encryption at venues like TNMOC and the Heinz Nixdorf MuseumsForum, while online software simulations provide accessible recreations of the cipher's operation. No operational original German receiver units for Lorenz transmissions are known to exist.^[57]^[58]

Historical Significance and Impact

The decryption of Lorenz cipher messages, known as Tunny at Bletchley Park, provided the Allies with critical high-level intelligence on German military strategy, significantly influencing key wartime decisions and contributing to the shortening of World War II in Europe by several months.^[44] By mid-1944, with the deployment of multiple Colossus machines, the British were able to process and decrypt substantial volumes of traffic in a timely manner, enabling rapid responses to German plans such as counter-preparations against the anticipated Allied invasion of Normandy.^[56] Overall, the Colossi decrypted more than 63 million characters of Tunny text by the war's end, underscoring the scale of intelligence gained from this effort.^[59] The development of Colossus for breaking the Lorenz cipher marked a pivotal advancement in computing history, establishing it as the world's first large-scale programmable electronic digital computer.^[56] Although its existence remained classified until the late 20th century, the engineering innovations—such as the use of over 1,500 vacuum tubes for parallel processing—laid foundational principles for electronic computation that indirectly accelerated post-war projects, including the design of stored-program computers like EDSAC at the University of Cambridge in 1949.^[24] The secrecy surrounding Colossus limited immediate knowledge transfer, yet the expertise gained by British engineers in high-speed electronic systems hastened the transition from electromechanical to fully electronic architectures in subsequent decades.^[56] The successful cryptanalysis of the Lorenz cipher exposed fundamental weaknesses in mechanical stream ciphers, particularly their susceptibility to statistical methods exploiting operator habits and key periodicity, which influenced post-war cryptographic design toward more robust digital systems resistant to machine-assisted attacks.^[24] This lesson underscored the need for ciphers with greater key space and randomness, paving the way for electronic encryption standards that prioritized computational complexity over mechanical generation.^[60] Declassifications beginning in the 1970s with initial revelations about Bletchley Park's operations, followed by detailed releases in the 2000s including Testery reports, have enabled deeper historical study of the Lorenz effort. In the 2020s, scholarly analyses have used modern computing to simulate WWII codebreaking techniques, demonstrating the high efficiency of manual and mechanized methods in recovering over 88% of Tunny dechiperments by April 1945 and quantifying their role in rapid plaintext recovery.^[61] Surviving artifacts, such as reconstructed Lorenz machines, continue to support these investigations into wartime cryptology.

References

[1]
The Lorenz Machine
This was a way of sending electrical impulses to represent letters of the alphabet. Each letter can be represented by a 5-bit code of impulses or their absence.
[2]
Lorenz Cipher - Practical Cryptography
The Lorenz SZ 40 and SZ 42 (Schlüsselzusatz, meaning "cipher attachment") were German cipher machines used during World War II for teleprinter circuits.
[3]
How Lorenz was different from Enigma - The History Press
Feb 28, 2017 · Lorenz decrypts helped shorten the Second World War in Europe. Lorenz cipher machine Lorenz. Enigma was used on lower-level messages from the ...
[4]
The History of the Lorenz Cipher and the Colossus Machine
The first message encrypted using the Lorenz cipher was intercepted in early 1940 by a group of policemen in the UK.
[5]
Secret signaling system - US1310719A - Google Patents
This invention relates to signaling sys tems and especially to telegraph systems. Its object is to insure secrecy in the transmission of messages.
[6]
Vernam - Crypto Museum
Aug 11, 2012 · The Vernam Cipher is a symmetric cryptographic principle for adding a key stream to a plaintext, invented in 1917 by Gilbert Vernam (1890-1960).
[7]
[PDF] gs vernam. - secret signaling system. - Crypto Museum
GILBERT S. VERNAM, OF BROOKLYN, NEW YORK, ASSIGNOR TO AMERICAN TELEPHONE. AND TELEGRAPH COMPANY, A CORPORATION OF NEW YORK. SECRET SIGNALING SYSTEM.
[8]
[PDF] Cryptology, the Secret Battlefield of World War I:
Another brand new technology invented during WWI was the one-time tape teletype system. This was invented in 1917 by Gilbert S. Vernam, an engineer at Bell ...
[9]
[PDF] APPLIED CRYPTOGRAPHY AND DATA SECURITY
modulo 2 addition yields the same truth table as the XOR operation. 3. Encryption and decryption are the same operation, namely modulo 2 addition (or. XOR).
[10]
[PDF] Communication Theory of Secrecy Systems - cs.wisc.edu
Shannon, "Communication T heory of Secrecy Systems", Bell System T echnical. Journal, vol.28-4, page656--715, Oct. 1949. Page 2. symbols in accordance with ...
[11]
Theoretical Foundations - Paul Krzyzanowski
Sep 15, 2025 · The one-time pad requires the key to be as long as the data and never reused. This causes several practical problems: Key distribution: Securely ...
[12]
Telegraphy and Telex - Siemens Global
In 1927, the first picture telegraphy system went into operation, reaching beyond Germany's borders at the same time: The “Siemens-Karolus-Telefunken” system ...Missing: evolution 1920s 1930s diplomatic
[13]
Telefunken - Engineering and Technology History Wiki
Apr 28, 2014 · It created wireless systems for the German navy and army, including a station that could reach German submarines. In addition to developing ...Missing: evolution teleprinter networks 1920s 1930s diplomatic
[14]
Telex - Crypto Museum
Apr 7, 2012 · For many years, Telex was the de-facto standard for communication with the Armies world-wide. It was introduced long before WWII (in 1849) ...Missing: evolution 1920s diplomatic
[15]
Baudot - Crypto Museum
Jan 20, 2015 · In digital telegraphy (teleprinter, telex) a 5-bit encoding standard ... The most common baud rates are 45.45, 50, 75 and 100 baud ...
[16]
[PDF] German Cipher Machines of World War II - National Security Agency
Encryption and decryption followed the same procedure. Under the general name of Geheimschreiber (secret writer), the Germans used two devices for enciphering ...
[17]
[PDF] Alan Turing, Enigma, and the Breaking of German Machine Ciphers ...
During World War II, the notion of a machine imitating another machine was to be implemented in the Polish "bomba" and British "bombe." These machines simulated ...
[18]
T-52 Geheimschreiber - Crypto Museum
Aug 5, 2009 · It was a stand-alone wheel-based unit that was connected between the teleprinter and the line. The Germans used it at the highest level. The ...
[19]
The Lorenz Cipher and how Bletchley Park broke it
The German Army High Command asked the Lorenz company to produce for them a high security teleprinter cipher machine to enable them to communicate by radio in ...
[20]
The Lorenz Cipher and how Bletchley Park broke it
The Lorenz company designed a cipher machine based on the additive method for enciphering teleprinter messages invented in 1918 by Gilbert Vernam in America.
[21]
The Lorenz Machine
The Lorenz SZ40, SZ42A and SZ24B were a range of teleprinter cipher ... There were to be 10 wheels which moved constantly unless interrupted.
[22]
Bletchley Park's Sturgeon, the Fish that - The Rutherford Journal
The German armed forces employed three different types of teleprinter cipher machines during the Second World War, the Lorenz machines SZ40 and SZ42 also called ...
[23]
Colossus: Breaking the German 'Tunny' Code - The Rutherford Journal
The internal mechanism of the Tunny machine produced its own stream of letters, known at B.P. as the 'key-stream', or simply key. Each letter of the ciphertext ...
[24]
[PDF] Vernam's Key
Lorenz Cipher Machine. 11. JILL WWII Crypto Spring 2006 - Class 2: Breaking Fish. Lorenz Wheels. 12 wheels. 501 pins total (set to control wheels). 12. JILL ...
[25]
6.11 THE LORENZ SCHLÜSSELZUSATZ - Computer Security and ...
The Lorenz Schlüsselzusatz (Fig. 6.16) is an additive encipherment cryptosystem; a key stream determined by more than 501 key bits is XORed to 5-bit Baudot- ...
[26]
Lorenz SZ · gchq/CyberChef Wiki - GitHub
Nov 6, 2019 · There are three models of Lorenz SZ simulated; the SZ40, the SZ42a and the SZ42b but the main difference in each is how the Psi wheels are moved ...
[27]
The Lorenz Models
The regular SZ 40 model consists of five "spaltencaesar" (Chi) wheels which all stepped in unison for each character enciphered. These drive two "vorgelege" ( ...
[28]
https://lorenz.virtualcolossus.co.uk/models.html
[29]
Lorenz Cryptographic Rotor Machine | Crypto-IT
The key sequence generated by the Lorenz rotor machine depended on its initial configuration: The patterns of cams on the wheels. The starting rotor positions.Missing: architecture components
[30]
Anoraks Corner by Tony Sale - Virtual Bletchley Park
The Lorenz cipher machine used two sets of five wheels to generate the two five element obscuring characters. These wheels, which were all of different ...
[31]
The Lorenz Schluesselzusatz SZ40/42 - Stanford Computer Science
The Lorenz machine has two sets of wheels, a regularly stepping set called the Chi-Wheels and an irregularly stepping set called the Psi-Wheels. The wheels all ...Missing: SZ42 components<|control11|><|separator|>
[32]
Lorenz SZ-40/42 TUNNY - Crypto Museum
Jan 10, 2012 · The Siemens T-43 was a so-called mixer machine that operated as a One-Time Pad and was therefore never broken. The first non-morse transmissions ...
[33]
The statistical attack on Lorenz - Virtual Colossus
When the Lorenz SZ42 was built, it was decided to make the movement more complex by adding in the two motor wheels which meant that the Psi wheels took much ...Peeking Through The Psi... · Stripping The Chi Wheels To... · Counting The Dots<|separator|>
[34]
[PDF] The Lorenz Cipher Machine How it was broken at Bletchley Park
Key - The cryptographic coding that is used to encipher the message. In the SZ- 40 series of Lorenz machines this was 501 bits long. Modulo Two Arithmetic ...
[35]
[PDF] breaking teleprinter ciphers at bletchley park - IEEE Milestones
... Early organisation and difficulties. 40. 15C: Period of expansion. 40. Part 2 ... German TP links. 220. 27C: German TP operating practices. 221. 27D: Crib ...<|separator|>
[36]
From encrypt to decrypt - the full Lorenz story
Apr 7, 2016 · It is estimated that about 200 Lorenz machines were in existence during World War II, but only four are known to have survived. The particular ...
[37]
World War II: German Code Systems--Lorenz/Tunny Cipher
Jul 28, 2020 · Each link in the Lorenz system was assigned a fish name by the British, the overall name of the system was called Tunny. The first Tunny link ...
[38]
Tunny and Heath Robinson - The National Museum of Computing
On 30 August 1941, against all the rules, a Lorenz message was re-sent between Berlin and Athens because the first was not received properly. They used the same ...
[39]
Bletchley Park's codebreaking equipment is rebuilt - Computer Weekly
May 26, 2011 · The majority of the radio receivers installed at Knockholt were the American RCA 88 - now on display and restored to full working order in the Tunny Gallery.
[40]
[PDF] The rebuilding of Heath Robinson. - WW II Codes and Ciphers
The German Lorenz machine was used to encipher teleprinter traffic between command centres of the German Army. The cipher used the Additive method invented in ...Missing: decryption | Show results with:decryption
[41]
Heath Robinson - Crypto Museum
Jan 11, 2014 · Heath Robinson was an electronic machine that was used as an aid in breaking the German Lorenz SZ-40/42 cipher machine during WWII. It was ...
[42]
Colossus - The National Museum of Computing
Colossus, the world's first electronic computer, had a single purpose: to help decipher the Lorenz-encrypted (Tunny) messages between Hitler and his generals ...Missing: tubes | Show results with:tubes<|control11|><|separator|>
[43]
Thomas H. Flowers: the hidden story of the Bletchley Park engineer ...
Aug 16, 2018 · “The first Colossus is said to have included about 1,600 vacuum tubes. It was built and assembled at Dollis Hill under the close supervision of ...Missing: decryption | Show results with:decryption
[44]
Thomas H. (Tommy) Flowers (Biographies) - IEEE Computer Society
Colossus has 2,500 vacuum tubes. It was digital, though experience with digital circuits was then very limited. The vacuum tubes of the day were mainly ...
[45]
The Colossus - Tony Sale
He approached TRE at Malvern to design an electronic machine to implement the double-delta method of finding wheel start positions which Bill Tutte had devised.Missing: breakthrough | Show results with:breakthrough
[46]
Colossus | British Codebreaking Computer | Britannica
Operating at 5,000 characters per second, it was soon analyzing over 100 messages a week. Not content to leave things there, Flowers used parallel processing ...
[47]
The Testery - The Bill Tutte Memorial Fund
The Testery used hand methods to break Lorenz and consisted of linguists and codebreakers. The Newmanry was founded in mid-1943 under Max Newman to develop ...
[48]
Who were the Codebreakers? - Bletchley Park
Many famous Codebreakers including Alan Turing, Gordon Welchman and Bill Tutte were found this way. Others such as Dilly Knox and Nigel de Grey had started ...
[49]
Colossus & the Breaking of Lorenz - Google Arts & Culture
The SZ42 had 12 wheels with different numbers of cams or pins that could produce 1.6 billion different combinations.The Allies did not see a Lorenz machine ...Missing: architecture | Show results with:architecture
[50]
Lorenz code machine motor to be rebuilt using 3D technology - BBC
Mar 4, 2017 · The machine was used by German forces in Norway and seized by the Norwegian secret services after the war. It has been given to the UK on long- ...Missing: captured 1945
[51]
Milestones:Special Citation Heinz Nixdorf Museum, 1996
Mar 18, 2024 · During the first event in 2007, a secret message was encrypted using an original Lorenz SZ42 machine from WWII and sent from Paderborn to ...
[52]
Museum finds part of Nazi cipher machine on eBay - The History Blog
May 31, 2016 · Post Office engineer Tommy Flowers devised Colossus to calculate the positions of the 12 wheels of the Lorenz code machine in hours rather than ...
[53]
Heath Robinson: WW2 codebreaking machine reconstructed - BBC
Apr 5, 2019 · The Heath Robinson has been restored at The National Museum of Computing in Milton Keynes by a team of six. The machine was an early attempt to ...Missing: surviving | Show results with:surviving
[54]
Milestone-Proposal:Colossus
Jul 8, 2025 · The Lorenz machine did this well: it had twelve rotating wheels which were divided into two sets of 5 named χ and ψ respectively and a pair of “ ...
[55]
Veterans see Lorenz encrypt to decrypt
Jun 6, 2016 · The newly arrived equipment representing the German operations includes an original Lorenz SZ42 encryption device on long loan from the ...
[56]
Virtual Lorenz SZ42 - Virtual Colossus
This website has an online simulation of the Lorenz machines so you can actually encipher and decipher secret messages, exactly as they did during the war.
[57]
Weapons of War: Colossus Codebreaking Computer - Key Military
May 28, 2020 · A LORENZ DECRYPT FROM FEBRUARY 1945 SHOWING A MESSAGE FROM BERLIN TO GERMAN ARMY GROUP COURLAND, MOST LIKELY DECIPHERED BY COLOSSUS. The ...
[58]
https://lorenz.virtualcolossus.co.uk/
[59]
[PDF] Solving a Tunny Challenge with Computerized “Testery” Methods
In Section 1, Equation 6, it was shown that the dechi stream D = Z ⊕χ = P⊕ψ0. We analyze here the frequency distribution of the symbols in the dechi stream D.Missing: double encipherment