thumb|upright=1.2|SIGABA cipher machine at the [[National Cryptologic Museum, with removable rotor assembly on top]]
In the history of cryptography, the ECM Mark II was a cipher machine used by the United States for message encryption from World War II until the 1950s. The machine was also known as the SIGABA or Converter M-134 by the Army, or CSP-888/889 by the Navy, and a modified Navy version was termed the CSP-2900.
Like many machines of the era it used an electromechanical system of rotors to encipher messages, but with a number of security improvements over previous designs. No successful cryptanalysis of the machine during its service lifetime is publicly known.
History
thumb|M-134 Converter, without paper tape reader
thumb|Key tape for the M-134
It was clear to US cryptographers well before World War II that the single-stepping mechanical motion of rotor machines (e.g. the Hebern machine) could be exploited by attackers. In the case of the famous Enigma machine, these attacks were supposed to be upset by moving the rotors to random locations at the start of each new message. This, however, proved not to be secure enough, and German Enigma messages were frequently broken by cryptanalysis during World War II.
William Friedman, director of the US Army's Signals Intelligence Service, devised a system to correct for this attack by truly randomizing the motion of the rotors. His modification consisted of a paper tape reader from a teletype machine attached to a small device with metal "feelers" positioned to pass electricity through the holes. When a letter was pressed on the keyboard the signal would be sent through the rotors as it was in the Enigma, producing an encrypted version. In addition, the current would also flow through the paper tape attachment, and any holes in the tape at its current location would cause the corresponding rotor to turn, and then advance the paper tape one position. In comparison, the Enigma rotated its rotors one position with each key press, with no random variation. The resulting design went into limited production as the M-134 Converter, and its message settings included the position of the tape and the settings of a plugboard that indicated which line of holes on the tape controlled which rotors. However, there were problems using fragile paper tapes under field conditions.
Friedman's associate, Frank Rowlett, then came up with a different way to advance the rotors, using another set of rotors. In Rowlett's design, each rotor must be constructed such that between one and four output signals were generated, advancing one or more of the rotors (rotors normally have one output for every input). There was little money for encryption development in the US before the war, so Friedman and Rowlett built a series of "add on" devices called the SIGGOO (or M-229) that were used with the existing M-134s in place of the paper tape reader. These were external boxes containing a three rotor setup in which five of the inputs were live, as if someone had pressed five keys at the same time on an Enigma, and the outputs were "gathered up" into five groups as well — that is all the letters from A to E would be wired together for instance. That way the five signals on the input side would be randomized through the rotors, and come out the far side with power in one of five lines. Now the movement of the rotors could be controlled with a day code, and the paper tape was eliminated. They referred to the combination of machines as the M-134-C.
In 1935 they showed their work to Joseph Wenger, a cryptographer in the OP-20-G section of the U.S. Navy. He found little interest for it in the Navy until early 1937, when he showed it to Commander Laurance Safford, Friedman's counterpart in the Office of Naval Intelligence. He immediately saw the potential of the machine, and he and Commander Seiler then added a number of features to make the machine easier to build, resulting in the Electric Code Machine Mark II (or ECM Mark II), which the navy then produced as the CSP-889 (or 888).
right|320px|thumbnail|SIGABA is described in , filed in 1944 but not issued until 2001.
Oddly, the Army was unaware of either the changes or the mass production of the system, but were "let in" on the secret in early 1940. In 1941 the Army and Navy joined in a joint cryptographic system, based on the machine. The Army then started using it as the SIGABA. Just over 10,000 machines were built.
On 26 June 1942, the Army and Navy agreed not to allow SIGABA machines to be placed in foreign territory except where armed American personnel were able to protect the machine. The SIGABA would be made available to another Allied country only if personnel of that country were denied direct access to the machine or its operation by an American liaison officer who would operate it.
Operation
thumb|Top view of SIGABA showing rotor assembly and Controller switch
Because SIGABA did not have a reflector, a 26+ pole switch was needed to change the signal paths through the alphabet maze between the encryption and decryption modes. The long “controller” switch was mounted vertically, with its knob on the top of the housing. See image. It had five positions, O, P, R, E and D. Besides encrypt (E) and decrypt (D), it had a plain text position (P) that printed whatever was typed on the output tape, and a reset position (R) that was used to set the rotors and to zeroize the machine. The O position turned the machine off. The P setting was used to print the indicators and date/time groups on the output tape. It was the only mode that printed numbers. No printing took place in the R setting, but digit keys were active to increment rotors.
During encryption, the Z key was connected to the X key and the space bar produced a Z input to the alphabet maze. A Z was printed as a space on decryption. The reader was expected to understand that a word like “xebra” in a decrypted message was actually “zebra.” The printer automatically added a space between each group of five characters during encryption.
The SIGABA was zeroized when all the index rotors read zero in their low order digit and all the alphabet and code rotors were set to the letter O. Each rotor had a cam that caused the rotor to stop in the proper position during the zeroize process.
SIGABA's rotors were all housed in a removable frame held in place by four thumb screws. This allowed the most sensitive elements of the machine to be stored in more secure safes and to be quickly thrown overboard or otherwise destroyed if capture was threatened. It also allowed a machine to quickly switch between networks that used different rotor orders. Messages had two 5- character indicators, an exterior indicator that specified the system being used and the security classification and an interior indicator that determined the initial settings of the code and alphabet rotors. The key list included separate index rotor settings for each security classification. This prevented lower classification messages from being used as cribs to attack higher classification messages.
The Navy and Army had different procedures for the interior indicator. Both started by zeroizing the machine and having the operator select a random 5-character string for each new message. This was then encrypted to produce the interior indicator. Army key lists included an initial setting for the rotors that was used to encrypt the random string. The Navy operators used the keyboard to increment the code rotors until they matched the random character string. The alphabet rotor would move during this process and their final position was the internal indicator. In case of joint operations, the Army procedures were followed.
The key lists included a “26-30” check string. After the rotors were reordered according to the current key, the operator would zeroize the machine, encrypt 25 characters and then encrypt “AAAAA”. The ciphertext resulting from the five A's had to match the check string. The manual warned that typographical errors were possible in key lists and that a four character match should be accepted.
The manual also gave suggestions on how to generate random strings for creating indicators. These included using playing cards and poker chips, to selecting characters from cipher texts and using the SIGABA itself as a random character generator.
Security
thumb|Key generator for SIGABA cipher machines. In a central facility in Washington, a rotor machine at right produced randomized daily settings for SIGABA, which were recorded on [[punch cards using the IBM 513 Reproducing Punch at left. A month's worth of keys were printed on a single sheet.
SIGABA systems were closely guarded at all times, with separate safes for the system base and the code-wheel assembly, but there was one incident where a unit was lost for a time. On February 3, 1945, a truck carrying a SIGABA system in three safes was stolen while its guards were visiting a brothel in recently liberated Colmar, France. General Eisenhower ordered an extensive search, which finally discovered the safes six weeks later in a nearby river.
Interoperability with Allied counterparts
The need for cooperation among US, British, and Canadian forces in carrying out joint military operations against Axis forces gave rise to the need for a cipher system that could be used by all Allied forces. This functionality was achieved in three different ways. Firstly, the ECM Adapter (CSP 1000), which could be retrofitted on Allied cipher machines, was produced at the Washington Naval Yard ECM Repair Shop. A total of 3,500 adapters were produced.