The Enigma Machine — How It Worked and Why It Failed

The Enigma machine was a polyalphabetic electromechanical cipher device used by German military forces from the 1920s through World War II. It was considered mathematically unbreakable by its designers — and it almost was. Its failure reveals how operational security, not mathematics, is always the weakest link in any cryptosystem.

Key Facts

• Military Enigma used 3 rotors (naval Enigma M4 added a 4th in 1942)
• Possible settings: ~10²³ — more configurations than atoms in many macroscopic objects
• Plugboard alone contributed >150 trillion configurations with 10 cable pairs
• Polish Cipher Bureau broke it first, in 1932 — and gave the solution to Britain in 1939
• The Bombe (Turing + Welchman, 1940) reduced a 20-minute-per-check test to near-automated screening
• Breaking Enigma is estimated to have shortened WWII by 2–4 years

How the Enigma Worked

The Three Layers of Substitution

Enigma encrypted through three successive transformations, each depending on the current machine state:

1. Plugboard (Steckerbrett) — Before entering the rotors, each keystroke passed through a plugboard of up to 13 cable pairs that swapped letter pairs. With 10 cables (standard military setting), this alone gave 150,738,274,937,250 configurations. The plugboard was symmetric: if A→N, then N→A.

2. Rotor stack — Three rotors (each a disc with 26 electrical contacts on each face) performed a fixed scrambled substitution, but the rotors stepped with each keypress — the rightmost rotor advanced every keypress, the middle advanced when the right reached its notch position, and the left advanced when the middle reached its notch. This created a non-periodic polyalphabetic cipher: pressing the same letter never produced the same output twice in sequence.

3. Reflector (Umkehrwalze) — At the back of the rotor stack, a fixed reflector bounced the signal back through the rotors in reverse. This gave Enigma its critical operational convenience: decipherment was identical to encipherment — you just type the ciphertext and the plaintext lights up.

The Fatal Self-Symmetry

The reflector’s convenience was also Enigma’s fatal cryptographic flaw: a letter could never encrypt to itself. The electrical signal passed through the reflector, which by design never completed a cycle back to the input letter. This meant:

• No letter in the ciphertext ever matched the corresponding plaintext letter
• Cribs (guessed plaintext fragments) could be ruled out by testing any position where a letter matched

This constraint sounds minor but was devastating: it turned the search for valid decryptions from a random search into a logical elimination problem.

The Polish Contribution (1932–1939)

The breaking of Enigma began not at Bletchley Park but in Warsaw. Marian Rejewski, a 27-year-old mathematician at the Polish Cipher Bureau, exploited an early German operational error in 1932: each message began with a repeated 3-letter indicator (e.g., “ABCABC” encrypted twice). This redundancy let Rejewski apply permutation group theory to reconstruct the rotor wirings from intercepted traffic — without ever seeing the machine.

By 1938, Rejewski’s team had built the first automated breaker, the bomba kryptologiczna — six interconnected Enigma replicas searching rotor positions automatically. It could recover a day’s settings in about 2 hours.

The German response: in December 1938, they added two new rotors to their supply (increasing possible rotor combinations from 6 to 60) and expanded the plugboard. This overwhelmed Polish resources. In July 1939, with war imminent, the Poles transferred everything — their mathematical reconstruction, their equipment, their methods — to British and French intelligence. This handoff is one of history’s most consequential intelligence transfers.

Turing’s Breakthrough: Cribs and Logical Deduction

Alan Turing arrived at Bletchley Park in September 1939. His redesign of the bombe was conceptually different from the Polish bomba: rather than brute-forcing rotor positions, it used cribs — known or predicted plaintext fragments — to generate logical constraints that eliminated impossible settings.

Cribs as Constraints

German military communications were formulaic. Operators knew:

• Weather reports always contained WETTER (weather)
• Daily situation reports often began KEINEBESONDERENEREIGNISSE (nothing special to report)
• Messages ended with operator identifiers and often HEIL HITLER

A crib was a guess that some known phrase appeared at a specific position in the ciphertext. Because Enigma could never encrypt a letter to itself, every position where a crib letter matched the ciphertext letter was immediately ruled out as a valid alignment. Only positions with no matches survived as candidates.

The Bombe Circuit

For each valid crib alignment, Turing constructed a logical menu — a network of letters that must be consistent if the crib is correct. The Bombe tested this menu electrically: for each of the 17,576 possible rotor starting positions, it checked whether the menu produced a logical contradiction. Most positions did; the few that didn’t caused the Bombe to stop — a “stop” was a candidate setting requiring human examination.

A single Bombe tested all starting positions for one set of rotor arrangements in roughly 20 minutes. But there were 60 possible rotor arrangements for 3 rotors out of 5 — requiring 60 machine-hours per day without Welchman’s improvement.

Welchman’s Diagonal Board (1940)

Gordon Welchman independently realized that the Enigma’s plug-board symmetry created additional constraints Turing’s original design ignored. The diagonal board was an attachment that wired each possible pair of letters together, exploiting the reciprocal property: if A→B through the plugboard, then B→A. This constraint propagated through the menu automatically, dramatically reducing false stops.

The effect: a network of 12 Bombes running before Welchman’s improvement did less work than 3 Bombes running with it. By 1944, Bletchley Park operated over 200 Bombes.

Why Enigma Was Ultimately Vulnerable

The mathematics of Enigma was never broken — no algorithm found the key from ciphertext alone. What failed was the operational security:

• Message indicators repeated daily — the first break was possible only because operators sent the same 3-letter key twice
• Cribs existed — operational formatting requirements forced predictable plaintext into every message
• Operators made personal patterns — some operators always chose “AAA” or their girlfriend’s initials as indicators; these became known “cillis”
• No letter could encrypt to itself — a fundamental property of the reflector design, not correctable without redesigning the machine
• The plugboard only scrambled, it didn’t obscure the rotor logic — it multiplied the search space but didn’t change the algebraic structure

Shannon’s later framework helps explain this precisely: Enigma’s key entropy was genuinely high (~76 bits), but the message redundancy (predictable German military language, required formatting, operator habits) continuously supplied known-plaintext constraints that collapsed the effective search space. Perfect cipher + imperfect use = broken cipher.

Naval Enigma: The Harder Problem

Naval Enigma (M3, then M4 from February 1942) used 4 rotors — tripling the search space and rendering the existing Bombes useless overnight. The U-boat blackout between February and December 1942 was the darkest period of the cryptographic war: without decryption, Allied merchant shipping losses spiked catastrophically.

Breaking M4 required both technical solutions (a new 4-rotor Bombe, eventually American-built) and human daring — the capture of German ships carrying intact machines, rotors, and codebooks. The physical captures by commandos were as important as any mathematical advance.

The Structural Lesson

The Enigma story is a proof by example of Shannon’s maxim: the enemy knows the system (Kerckhoffs’s principle). Security must never depend on algorithmic secrecy. Enigma’s designers believed their machine’s complexity made interception harmless — they were wrong. What made it breakable was not the algorithm’s weakness but the coupling between mathematical structure and human operational habit. The same lesson applies to every cryptosystem ever built.

Cross-realm: Enigma’s failure mirrors the one-time pad’s success — the OTP has no message structure to exploit, no cribs possible, no “no letter encrypts to itself” constraint. Shannon’s 1949 proof of OTP perfect secrecy is partly a proof that Enigma-class ciphers are structurally deficient. See concept-one-time-pad, concept-information-theory, concept-beale-ciphers.

Confidence: Established

Freshness note: core mechanics and cryptanalytic history are settled; Welchman’s notes partially declassified 1986; Polish contribution fully credited from 1999 (GCHQ declassification). Turing Welchman Bombe at The National Museum of Computing (Bletchley Park) is a working reconstruction.

See Also

• concept-one-time-pad — the cipher Enigma failed to be (mathematically proven perfect)
• concept-information-theory — Shannon’s framework that explains exactly why Enigma was breakable
• concept-beale-ciphers — another cipher mystery; Shannon entropy as the key diagnostic tool
• concept-linear-a — still-undeciphered ancient script; AI approaches echo the Bombe’s logical elimination
• concept-indus-valley-script — statistical patterns in ciphertext vs. meaningful script
• concept-zero-knowledge-proofs — the modern mathematical inverse of Enigma’s known-plaintext vulnerability
• concept-halting-problem — undecidability as the deeper mathematical cousin of cryptographic hardness
• concept-matilda-effect — Welchman’s contribution was long underplayed; the women who operated the Bombes were under Official Secrets Act silence for 30+ years