Electronic Cipher Machine (ECM) Mark II

By Rich Pekelney


ECM Mark II model, CSP 889/2900
Click on this small photograph to view an ECM Mark II model, CSP 889/2900 (128K image)

WHAT IS THE ECM MARK II AND WHY IT WAS IMPORTANT:

The ECM Mark II (also known in the Navy as CSP-888/889 or SIGABA by the Army) is a cipher machine. It was used aboard USS Pampanito to encipher messages from ordinary, or what cryptologist (people who study secret communications) call plain text, into secret language, which is called cipher text, under the control of a key (encipherment). A cryptographic system consists of the combination of cipher machine, operating procedures and management of keys. If the system is well designed and implemented correctly, cipher text can only be converted back to plain text (deciphered) by someone with all three elements of the system.

In early September 1944 U.S.Fleet Radio Unit Pacific (FRUPAC) in Hawaii recorded a Japanese cipher radio message that originated from Singapore. Unknown to the Japanese, U.S. forces had analyzed many Japanese messages and as a result of much brilliant and hard work were able to reproduce their enemy's inadequately designed and implemented cryptographic system. This is called cryptanalysis or "breaking the system". FRUPAC deciphered (and decoded) the message that announced the route of an important Japanese convoy from Singapore to Japan. The timing and expected path of the convoy from the message was enciphered on an ECM in Hawaii and sent to Pampanito where it was deciphered on an ECM. Although Pampanito's crew did not know how FRUPAC got its information, they were able to go directly to the convoy's path and attack with great efficiency. Pampanito's attack was kept secret by the superior U.S. cryptographic system that revolved around the ECM Mark II.

The ECM Mark II based cryptographic system is not known to have ever been broken by an enemy and was secure throughout WW II. The system was retired by the U.S. Navy in 1959 because it was too slow to meet the demands of modern naval communications. Axis powers (primarily Germany) did however periodically break the lower grade systems used by Allied forces. Early in the war (notably during the convoy battle of the Atlantic and the North Africa campaign) the breaking of Allied systems contributed to Axis success.

In contrast, the Allies were able to break Axis communications for most of the war supplying many of the targets attacked by Pampanito. Intercepted messages provided not only the location of potential targets, but often insight into the thinking of enemy commanders. In the Pacific, this information was critical to success in the battles of Midway and the Coral Sea in 1942. However, intelligence, including cryptanalysis, can be a double-edged sword. The intercepted message that directed Pampanito to attack the convoy during September 1944 did not indicate that 2000 Australian and British P.O.W.s were aboard the Japanese ships. The full story of this attack and Pampanito's rescue of 73 P.O.W.s is in the Third War Patrol Report. The combination of secure U.S. cryptographic systems and vulnerable Axis systems directly contributed the success of the Allied powers during WW II thereby shortening the war by years and saving countless human lives.

More Information On The ECM Mark II:

The ECM Mark II's Development
Where Is The ECM Mark II Today
What Cipher Equipment Was Aboard Pampanito During WW II
Details Of The ECM Mark II Cipher Unit
Keying (Operating) The ECM Mark II
Compliance With Operating Procedures
Some ECM Mark II Specifications
ECM Mark II Computer Simulation
References
Additional Reading

THE ECM MARK II'S DEVELOPMENT:

The ECM Mark II's critical cryptographic innovation (the Stepping Maze) over Hebern's and other precursors was created by Army cryptologists Frank B. Rowlett and William F. Friedman shortly before 15 Jun 1935. During October and November of 1935 Friedman disclosed the details of the "Stepping Maze" to the Navy's cryptologists including Lt. Joseph N. Wenger. Aside from filing secret patent application 70,412 on 23 Mar 1936 little additional development was performed by either the Army or Navy until Lt. Wenger discussed the patent with Cmdr. Laurence Safford during the winter of 1936-37. Cmdr. Safford recognized the potential of the invention and the Navy began sponsoring and financing a new machine including the "Stepping Maze". Additional innovations by Cmdr. Safford, Cmdr. Seiler and the Teletype Corporation including Mr. Reiber and Mr. Zenner added to the security, reliability and manufacturability of the ECM Mark II. Prototypes were soon delivered, and in February 1940 the machine's details were disclosed to the Army. Amazing as it may seem, the Navy had kept its continuing development of the machine secret from the Army. With minor changes suggested by the Army the machine was accepted as the primary cipher machine for use by both Army and Navy.

The joint Army-Navy ECM Mark II cryptographic system became effective on 1 Aug 1941, and the two services had the common high-security cryptographic system in place and in use prior to the attack on Pearl Harbor. The use of a common system was of great military value, particularly during the early stages of the war when the distribution of machines and codewheels was incomplete. By 1943, over 10,000 machines were in use. The "Stepping Maze" and use of electronic control were a generation ahead of the systems employed by other countries before and after WW II. No other country is known to have ever broken the ECM Mark II cryptographic system.

WHERE IS THE ECM MARK II TODAY:

After newer, faster cryptographic systems replaced the ECM Mark II the machines were systematically destroyed to protect the secrets of their design. Today only a few ECMs still exist. The National Cryptologic Museum (a part of the National Security Agency) has 3 machines (they may have more in storage), one of which is on display in their Fort George Meade, MD museum and the other is on display at the Smithsonian Museum of American History. The U.S. Naval Security Group has 2 machines. One is on display in Pensocola, FL. When contacted US Army historians did not believe they had any machines.

From July of 1996 until November of 2004 one of the NSG machines was on loan aboard Pampanito. After cleaning, lubrication and minor repair it was put on display. At the time it was returned to the Navy, it was the only fully operable ECM Mark II in existence. This machine was built in June of 1943 as a CSP-889, and sometime ca. 1950 it was modified into a CSP-889-2900. The minor modifications added one switch and a knob that allow operation compatible with CSP-889 machines, or enhanced security when operated as a CSP-2900. After reading the information about ECM Mark IIs on this page, those seeking to know even more about the CSP-2900 that was displayed onboard Pampanito can read the ECM Mark II Curatorial Report.

Cryptologic history researchers can operate an ECM Mark II Computer Program. This program and its JAVA language source code are provided for the benefit of researchers, it is not recommended that this algorithm be used for modern cryptography.

Pampanito is seeking the other cryptosystems that were used during the war. The Pampanito Wish List contains a list of equipment we are seeking.

WHAT CIPHER EQUIPMENT WAS ABOARD PAMPANITO DURING 1944:

Just before leaving on each war patrol, one officer and one enlisted man armed with a machine gun would draw the cipher equipment from its secure storage. There were two lists of cipher equipment and manuals, List A included an ECM Mark II and associated documents (Channel 105), List B did not include the ECM. For most patrols List A was used, if the patrol was particularly dangerous and in shallow waters List B was used. The CSP-1500 (Channel 110) would also be added as needed to either the List A or List B. The lists below was used by submarines in the Pacific during 1944.

A Channel is the combination of all the equipment, instructions, key lists, etc. that are needed for two parties to communicate in a cipher system.

Channel 105
CSP-888/889 = ECM Mark II = M-134-C = SIGABA. This was a high grade, electro-mechanical, rotor wheel cipher machine and the physical component of the primary cryptographic system used by the United States. High grade cryptographic systems are those that you believe cannot be broken by an enemy in a useful period of time even if they are in possession of the physical elements of the system, provided the other elements of the system are preserved (i.e. keys are kept secret, operating procedures are well designed and followed, number and size of messages per key are small, etc.) The first 651 units built were the CSP-888 model that lacked plugs necessary for tandem operation, but were otherwise identical to the later CSP-889 model.
CSP-890 = CSP-890(A) = SIGHEK Plugboard rotor for use in the CSP-888/889.
CSP-1100 ECM Instructions, also see SIGABA Instructions
CSP-1122 ECM Wheels
CSP-1190 ECM Key Lists.
CSP-1941 = SIGLUR-1 Instructions for CSP-890
ENG-108 Print unit for a CSP-889.
ENG-109 ECM spare parts kit.
Metal Safe Locker Type #8 - Special safe built into the radio room for CSP-889

Channel 108
CSP-845 = M138A = CSP-1088. This was a medium grade, paper strip cryptographic system that was used by U.S. Submarines when they were on such dangerous missions that they could not risk the capture of an ECM, or if the ECM broke down. It was also used to communicate with forces that did not have an ECM. Medium grade cryptographic systems can be read by an enemy in possession of the physical elements of the system, even if the other elements of the system are preserved. Details of CSP-845. The related CSP-488 system was used until mid 1943 by Naval forces and is also described.
CSP-847 Instructions for use of CSP-845 strip cipher.
CSP-1247/8 Key lists for use with strip cipher.

Channel 135
CSP-1403/4 Key lists. We have not identified these yet.

Channel 143
CSP-1286 Two card style authentication cipher. Details of CSP-1286.
CSP-1521 Authentication Instructions.

Channel 144
CSP-1270 = SIGMEN = SIGYAP Chart style authentication cipher. Details of CSP-1270.
CSP-1272 Instructions for CSP-1270.

Channel 171
CSP-1524 Call sign instructions.
CSP-1525/26 Emergency use call sign instructions.
CSP-1750 = Call device MK 2 Call sign cipher. Details of CSP-1750 and CSP-1756.
CSP-1751 are CSP-1750 instructions. Postwar instructions for CSP-1750 and CSP-1756
CSP-1756 Strip cipher compatible with CSP-1750. Made of mahogany. Details of CSP-1750 and CSP-1756.
CSP-1757 ??
CSP-1752 Key lists.

Channel Weather
CSP-1300 Weather cipher.
CSP-Weather Handbook for Submarines.

Channel 110
CSP-1500 = M-209 = C-38. This is a low grade, Hagelin derivative, mechanical cryptographic system. Over 140,000 of these were used by Allied forces during the war and they were regularly broken by the enemy, primarily when the instructions for use were not followed. Pampanito would have used this to communicate with forces that did not have an ECM. Low grade cryptographic systems can be broken by an enemy by purely cryptoanalytical means without possession of any parts of the system. Details of CSP-1500.

Note that CSP stands for Code and Signal Publication, its usage started during WW I. We would appreciate your help in gathering information on any of the systems that are not well described here. Researchers may find our list of cryptographic designators useful.

DETAILS OF THE ECM MARK II CIPHER UNIT:

Prior to the ECM Mark II many cipher machines incorporated encipherment by means of an electric current passing through a series of cipher wheels or rotors. A character is typed on a keyboard, passed through the rotors and either printed or displayed in a light board for the operator. The rotors are thin disks with contacts on each side that are wired at random to the other side one wire per contact. Typically a rotor will have 26 contacts on each side, each contact representing a letter of the alphabet. A current passing through the rotor disk might enter in the position of letter B and exit in the position of letter G. Encipherment occurs by passing the current through several rotors that are side by side and rotating one or more of the rotors between each character enciphered. If the deciphering machine starts with rotors of the same design and in the same positions as the enciphering machine, it will repeat the motion of the rotors thereby deciphering the text. The most important difference between previous machines and the ECM is how the enciphering rotors are stepped. The "Stepping Maze" uses rotors in cascade formation to produce a more random stepping of the cipher rotors than existed on previous electromechanical cipher machines.

Photo of large rotor on left which is a cipher or control rotor and the rotor on right which is an index rotor.
The rotor on left is a Cipher or Control rotor, on right an Index rotor.

The ECM has fifteen rotors arranged in three rotor banks. The five rotors in the rear are the cipher rotors that convert a plain-text letter into a cipher-text letter as they are irregularly stepped. Electrical currents passing first through the control (middle) rotor bank and then through the index (front) rotor bank determine which cipher rotor(s) step. The center three of five control rotors step in a metered fashion. Control rotor 3 is the fast rotor and steps once for each character typed. Control rotor 4 is the medium rotor and steps once each time control rotor 3 completes a full rotation. Control rotor 2 is the slow rotor and steps once each time control rotor 4 completes a full rotation. Control rotors 1 and 5 do not step. The index rotors are positioned once each day and do not move while operating. The 10 cipher and control rotors are large 26 contact rotors that may be used interchangeably in the cipher or control bank and are reversible. The five smaller, 10 contact, index rotors are only used in the index bank. Four contacts are energized on the first rotor of the control rotor bank. The connections between the last rotor of the 26 contact control bank and the first rotor of the 10 contact index bank are in 9 groups of between 1 and 6 wire(s) each. One of the index bank contacts is not used. The 10 outputs of the last index rotor are attached in pairs to 5 magnets that step cipher rotors when energized. Between 1 and 4 cipher rotors are stepped for each character enchiphered.

Photo of the rotor cage removed from the cipher machine with two  rotors removed.
Click on this small photograph to view an ECM Rotor Cage (128K image)

To properly encipher a message, the three banks of rotors must be arranged and aligned in such a way that they can be reproduced by the deciphering operator. The particular arrangement and alignment of the rotors selected by the enciphering operator and transmitted to the deciphering operator in disguised form constitutes the keying instructions.

The design of the ECM limited the erratic stepping so that at least 1, and not more than 4 cipher rotors step at a time. Even so, a crude, exhaustive search would require an enemy to check around 10 to the 14th permutations of code, index and control rotor starting positions. The combination of modern algorithms and the availability of high speed computers mean this system is no longer secure, but during its term of service it provided an unprecedented level of security.

Photo of CSP 889/2900 with cover removed.Photo of CSP  889/2900 with cover removed from rear.
Click on these small photographs to view the inside of an ECM Mark II, CSP 889/2900 (128K and 152K images)

KEYING (OPERATING) THE ECM MARK II:

This outline of the June 1945 (SIGQZF-2) keying procedure describes how key lists were used to assemble and align the rotors before enciphering a message. The first instructions from July 1941 (SIGQZF) were changed in June 1945 (SIGQZF-2) and again November 1945 (SGIQZF-3). For example, SIGQZF-3 uses a totally different method of determining message indicators that eliminated the need for a daily rotor alignment of the control and cipher rotors. Changes were made to minimize operator errors, enhance security and speed up the operation. A sample Navy operating manual from 1944 and a sample Army operating manual from 1949 are available online.

Although the index rotors were reassembled (changing the order of the rotors) once a day during most of the war (SIGQZF), starting with SIGQZF-2 they were kept in a fixed order not requiring daily reassembly. The operator consults the secret daily keylist and aligns (rotates) the index rotor wheels differently for secret, confidential and restricted messages. The index rotor alignment is only changed when either the day ends, or the classification of message to be encrypted changes.

Control and cipher rotors are also reassembled once a day from the secret daily keylist, their alignment however, was changed with each message. After the daily assembly of all rotors and the alignment of the index rotors, a check group is used to verify the initialization and operation of the machine before any real messages are encrypted. The rotors are zeroized, (cipher and control rotors positioned on "O") and the letter A is repeatedly encrypted until 30 cipher text characters are printed. Then the 26th-30th letters are matched with the check group supplied in the secret daily keys.

For each message, the secret daily keylist is consulted, and the control and cipher rotors are aligned to an initial position depending on the classification of the message. Now the operator selects a group of any five letters, except Z, at random to be the internal message indicator. This internal message indicator is then enciphered and the external message indicator (enciphered internal message indicator) is printed on the tape and transmitted with the message. The control and cipher rotors are then aligned without printing to the internal message indicator. The rotors are never aligned to the external message indicator (the letters printed on the tape), but always to the internal message indicator. Now the body of the message may be enciphered and transmitted with the external message indicator. If the plain text exceeds 350 5-letter groups, the plain text must be divided into 2 or more equal parts so that no part exceeds 350 groups. For each part a new internal message indicator is selected.

COMPLIANCE WITH OPERATING PROCEDURES:

The security of a cryptographic system relies as much on the operation of the cipher machine as the machine itself. During WW II the U.S. created organizations to formally train operators and to monitor U.S. operators compliance with procedure. When an error was found the first response was often a memorandum such as the one replicated below. It provides a list of the most common errors that could compromise the security of the cryptographic system.

Navy Department
Office of Chief of Naval Operations
Washington, D.C.

CLASSIFICATION: CONFIDENTIAL Date: 27 Dec 1943

MEMORANDUM
COMMUNICATION IMPROVEMENT ITEM

From: Director Naval Communications
To: Commandant, Twelfth Naval District

The principles of communication security cannot be over stressed, for such security is vital to the success of operations. Errors which seem minor in themselves may, when accumulated, offer to the enemy an entering wedge for the eventual compromise of a system. The object of this memorandum is to enlist your cooperation in protecting our cipher systems and hence our national security.

THE PRICE OF SECURITY IS ETERNAL VIGILANCE.

A communication such as COM 112 222105 DECEMBER may endanger our interests because it appears to violate security principles in the following respect(s):

DRAFTING: Plain language reference to encrypted dispatches.

No reply to this memorandum is necessary, but your cooperation in suppressing dangerous communication practices is earnestly solicited.

CARELESS COMMUNICATIONS COST LIVES

The following is a list of some of common violations of security principles:

DRAFTING:

Unnecessary word repetition
Unnecessary or improper punctuation
Plain language reply to encrypted dispatch
Classification too high
Precedence too high
Cancellation in plain language of an encrypted dispatch

ENCRYPTION:

"XYX" or "X"'s for nulls
"XX" & "KK" to separate padding from text
Same letters at both ends to separate padding from text
Continuity of padding
Seasonal and stereotyped padding
Repetition of generatrices (Ed. Note: CSP-845)
Systematic selection of generatrices (Ed. Note: CSP-845)
Using plain text column for encryption (Ed. Note: CSP-845)
Proper strips not eliminated as prescribed by internal indicator (Ed. Note: CSP- 845)
Improper set-up according to date
Using system not held by all addressees
Failing to use system of narrowest distribution

CALLS:

Enciphering indefinite call sign
Enciphering call signs of shore activities
CODRESS might have been used

TRANSMISSION:

Classified dispatch transmitted in plain language by wire or radio, when not specifically authorized.
Dispatch might have gone to some or all addressees by mail.
 

SOME ECM MARK II SPECIFICATIONS:

Input: Keyboard or electric via tandem plug.
Output: Printed tape or electric via tandem plug.
Speed: 45 to 50 Words per minute.
Power Supply: 40/70 cycle, 105-125 VAC or 105-125 VDC or 24 VDC
2 amps at 120 volts AC or DC, 3 amps at 24 VDC.

Approximate Size:
In operation: 15" x 19.25" x 12" or 2.1 cubic feet
In carrying case: 17.125" x 23" x 15.5" or 3.5 cubic feet
Packed for long term: 19.5" x 27.5" x 18" or 5.6 cubic feet

Approximate Weight:
In operation: 93.5 lbs.
In carrying case: 133.5 lbs.
Packed for long term: 195 lbs.

Cost:
By 1943, 10, 060 ECM Mark II's were purchased at an estimated cost of $2,040 a piece. This does not include the cost of spare parts; additional code wheel sets, code wheel wiring that was done by the military; modifications and upgrades, precursor machine development, etc.

REFERENCES:

The information enclosed here relating to the ECM Mark II was edited and excerpted from:
Army Signal Security Agency (1946) History Of Converter M-134-C (Sigaba) Vol I, II And III This is available from the US National Archives and Records Administration (NARA); NSA Historical Collections 190/37/7/1, Box 799, F: 2292, pp 468.
Safford, L.F. (1943) History of Invention And Development of the Mark II ECM (Electric Cipher Machine) This available from NARA. SRH-360 in RG 0457: NSA/CSS Finding Aid A1, 9020 US Navy Records Relating to Cryptology 1918- 1950 Stack 190 Begin Loc 36/12/04 Location 1-19. In Feb 1996 the version at NARA was redacted, but the full document is now declassified.
Rowlett, F.B. (1998) The Story of Magic. Laguna Hills, CA: Agean Park Press. A first hand description of its invention.

Specifications for an ECM Mark II are from:
Army Security Agency (1948) Historical and Cryptologic Summary of Cryptosystems; ASAG 23; Vol 1.

ECM Mark II Keying, Operating and Maintenance instructions are in:
War Department Office of The Chief Signal Officer (1941) Operating Instructions for Converter M-134-C (short title: SIGBWJ)
War Department Office of The Chief Signal Officer (1941) Operating Instructions for Converter M-134-C (short title: SIGLVC)
Department of the Army (1941) Crypto-Operating Instructions for Converter M-134-C (short title: SIGQZF)
Department of the Army (1945) Crypto-Operating Instructions for Converter M-134-C (short title: SIGQZF-2)
Department of the Army (1946) Crypto-Operating Instructions for Converter M-134-C (short title: SIGQZF-3)
Department of the Army (1949) ASAM 1/1 Crypto-Operating Instructions for ASAM 1. Note the new designation of ASAM 1 for the ECM Mark II after the war. This is available online sample Army manual.
War Department (1942) Maintenance Instructions for Converter M-134-C (short title: SIGKKK)
War Department (1945) Maintenance Instructions for Converter M-134-C (short title: SIGKKK-2)
SIGQZF, SIGBWJ, SIGLVC, SIGKKK, SIGKKK-2 are available from NARA; NSA Historical Collections 190/37/7/1, NR 2292 CBLL36 10622A 19410300.

General information including security of the ECM Mark II are in:
War Department (1945) General Instructions For Converter M-134-C (short title: SIGBRE-1) This is available from NARA; NSA Historical Collections 190/37/7/1, NR 4588 ZEMA35 13909A 19450600

A list of cipher equipment carried by submarines in the Pacific is in:
Submarine Force U.S. Pacific Fleet (1944) Cryptographic Aids Check-Off List This is available from NARA, Pacific Sierra Regional Archive, 181-58-3201, S1313, S372, A6-3/N36 Cryptographic Aids.

Information on the overall history of Naval Communications during WW II may be found in:
US Naval Administration in WW II, History of Naval Communications, 1939-1945. Op-20A-asz, A12, Serial 00362P20, 7 Apr 1948. This is available from the Naval Historical Center; WW II Command File CNO; Communications History; Microfiche No. F3561.

Compliance with Operating Instructions notes are from:
Office of Chief of Naval Operations (1943) Memorandum Communication Improvement Item. This is available from the NARA, Pacific Sierra Regional Archive, RG 181-58-3224, 12th ND Commandants Office General Correspondence, A6-2(1) Complaints - Discrepencies, Security-etc.

Descriptions of the the Authentication Systems may be found in:
Survey Of Authentication Systems 1942-45 (1945) This is available from NARA; NSA Historical Collections 190/37/7/1, NR 3526 CBRK24 12960A 19420728.

Many of the primary sources cited are from documents declassified and made available in NARA at College Park, MD by the NSA.

ADDITIONAL READING:

Other cryptologic history web sites include:
The National Cryptologic Museum is part of the United States National Security Agency http://www.nsa.gov.
Bletchly Park, was the primary site of the successful British WW II cryptanalytic effort.
Cryptologia is a quarterly journal devoted to cryptology.
Jerry Proc's Crypto Pages describe the KL-7 and KWR-37 cipher systems that replaced the WW II systems during the late 1950s.

History of cryptology:
Kahn, D. (1996) The Codebreakers. New York, NY: Scribner. This is the revised and updated version of the 1967 classic.

Background on the history of intelligence in the Pacific may be found in:
Holmes, W.J. (1979) Double-Edged Secrets. Annapolis, MD: Naval Institute Press.
Layton, E., Pineau, R., Costello, J (19 ) And I Was There. New York, NY: William Morrow and Company, Inc.
Prados, J. (1995) Combined Fleet Decoded. New York, NY: Random House.

The story of Pampanito's third war patrol is in:
Blair, C., Blair, J. (1979) Return From the River Kwai. New York, NY: Simon and Schuster.

On the subject of Cryptanalysis of rotor systems:
Chan, W.O., Cryptanalysis of Sigaba, San Jose State University, May 2007. http://www.cs.sjsu.edu/faculty/stamp/students/Sigaba298report.pdf
Lee, M., Cryptanalysis of the SIGABA, University of California Santa Barbara, June 2003. http://www.cs.ucsb.edu/~kirbysdl/broadcast/thesis/thesis.pdf
Savard, J.G., Pekelney, R.S. (1999) The ECM Mark II: Design, History and Cryptology. Cryptologia, Vol XXIII, Number 3, July 1999.
Andleman, D., Reeds, J. (1982) On Cryptanalysis of Rotor Machines and Substitution-Permutation Networks. IEEE Transactions on Information Theory, IT-28(4), 578-584.
Deavours, C., Kruh, L. (1985) Machine Cryptography and Modern Cryptanalysis. 35-92. Dedham, MA: Artech House Inc.

 

Copyright © 2006-2010, Maritime Park Association
All Rights Reserved
Legal Notices and Privacy Policy
Version 2.06