Wednesday, September 6, 2023

Postwar Development of New Cipher Machines in the UK

Typex Mark 22

Although there were a few other encryption machines available to the UK at the end of the Second World War (eg Rockex, Morsex and 5 UCO), Typex and the CCM were the only general purpose off-line cypher machines available to the British Services. A new machine was needed, though it was clear that this would take some time – years – to be delivered and so modifications were made to the Mark II Typex (the model in most extensive use) and it was rechristened the Mark 22, or Mark 23 when adapted to take a CCM adaptor. 

At GC&CS Gordon Welchman had thought about a successor to Typex and had devised a rotor scrambler both to replace it and to be field-deployable. A key security feature was a daily change carried out using multi-point plugs, but in January 1945 Alan Turing's investigations showed this to be practically impossible. Welchman therefore decided to dispense with plugboards and found a solution, which he embodied in a paper of 6th March 1945, describing his final specifications for a 26-way scrambler - the RM 26.

A Canadian Army officer, Lt Col B de F "Pat" Bayly had developed Rockex, a one-time tape machine during the war, and thought a small and light machine embodying Welchman's scrambler could be made for use in the field.  In November 1945 he signed a five year contract with the Foreign Office to develop such a machine from his base in Canada. Bayly was told in 1946 that there was no idea of tying him down to a specification, because the whole object of the contract was to enable him to do some free research into the electromechanical application of the RM 26 principles.

In August 1947, a further letter requested a technical write up of progress: the Services were looking on RM 26 with interest, and had asked how Bayly might react to a US development engineer's being seconded to work with him. Bayly replied promptly, saying that he had completed his progress report, and reminded GCHQ that he had been told that this was a long-term project. As there were so many innovations and as considerable improvement in reliability would be necessary before this machine would be useful, Bayly did not believe the machine would be ready to show the Americans for another three or four years. (He also believed it would be a bad thing to attach an American to him, as the result might be the development of a purely American machine incorporating RM 26 ideas.) Further delays were incurred due to a serious illness suffered by Mrs Bayly.

After a couple of visits by British specialists to the Canada, Bayly was asked to send the model he had made to the United Kingdom no later than the end of August 1948, together with a detailed statement setting out what items in the project had been incorporated in the model, what had been found impracticable, and what had not been attempted. British experts concluded that the RM 26 proposals used unnecessarily over-complicated mechanical arrangements and that conventional engineering was preferred; and that the project was not worth while pursuing unless there was a specific operational need for a machine operating on RM 26 principles. The experimental model offered little prospect of providing a successful solution. As a result of this report the project was cancelled.

RM 26 is a good example of how not to organise a project. The aim was changed twice and lost clarity in the process; direction was faulty and supervision inadequate; resources were lacking for proper research and development; and both time and money were wasted through delay in investigating the practicability of the design. It probably didn't help either that the work was being carried out in Canada. In terms of development of a Typex replacement, these years of development had been wasted.

Meanwhile, a member of GCHQ had spoken about the need for a small, secure cipher machine with a tape output to the GPO, which produced a draft specification (codenamed Fruitex Minor) of a battery-operated machine, which the services accepted in December 1947 as a basis for design effort, though with the more prosaic name of DUP 1 (Development Unit Project No 1). This quickly ran into trouble. Its specification proved to be over-fussy: if a reliable machine were ever produced from it, it would be too delicate for use in forward areas, and it would be impossible to mass produce. A new specification was drawn up, and subject to security endorsement which was given in December 1949, was offered as a basis for contract discussions. Early in 1950, the Creed company agreed that if a contract were signed by September 1950, it would deliver 5 units a week starting in September 1951, and that 150 units would be delivered by March 1952. This was subject to the prototype passing service acceptance trials and the specification not changing subsequently. In the event, the trials overran, and the specification was developed into four variants, under the overall codename of Portex, delaying production further.

In exchange for an offer from the US for the UK to inspect a pinwheel machine designed for use by merchant shipping, the US authorities were sent the details of Portex. However, in May 1952, a US security evaluation for Portex was issued, saying that it was too weak for its use to be allowed. It turned out that the security approval given in December 1949 should not have been granted, and more design work was need to correct the errors. In the event it was only in September 1954 that production of Portex began, just under seven years from its being proposed.

The specification for a new Typex replacement specification (DUP 2) was only agreed in January 1949. The basic requirements were:

(a) it must be suitable for UK/US communications, which entailed a 26-way keyboard and scrambler;

(b) since many ships in the Fleet could only carry one machine, it would be required for intra-Naval communications, as well as for communications between the Navy and the other two Services;

(c) for Naval use size and weight should be kept to a minimum, and for ease of maintenance it should be mechanically and electrically simple;

(d) in the Army and RAF it should provide a satisfactory replacement for Typex 22, and it should be suitable for use at higher formation headquarters, where page printing and 32-way operation, needed for the rapid handling of traffic, were more important than limitations on size and weight.

It was clear that the small machine that could satisfy (a), (b), and (c), was a different machine from (d). Work on the former began under the codename Singlet, while a new specification was to be drawn up for the second (codenamed Pendragon). This work was delayed because the US was designing a new CCM and there weren't enough British specialists to work on the two projects simultaneously.

A prototype Singlet was completed in 1951 according to the 1949 specification, but the specification was modified in 1951 and a new prototype had to be developed. A prototype Pendragon had been built, but no subsequent modification was carried out. By October 1952, the Service requirements for Pendragon had changed sufficiently that it was decided that while design work would continue on both Singlet and Pendragon, for delivery as soon as possible, planning for a successor to both of them, with an expected delivery date of some five to seven years, should begin under the codename Copperfield.

In the event Singlet deliveries began in 1959, ten years after its first specification was issued, while the requirements for both Pendragon and Copperfield were subsumed into Alvis (which in its first incarnation had been codenamed Cheapex).

This piece complements other posts here about Sir Edward Bridges' thinking about whether the security mission belonged inside GCHQ. None of the machines being used at the end of the war had been designed by GC&CS (indeed, in the case of Typex, GC&CS input had been sedulously avoided) and the project management of RM 26, Portex and Singlet was so deficient, that it is probably not hard to see members of the Cypher Policy Board dreading the agenda item 'Machine Development' at their meetings.

There was a similar lack of development of machinery to support cryptanalysis at GCHQ during this period, though this was because the machines which were moved from Bletchley to Eastcote, and subsequently to Cheltenham, were believed adequate to the tasks at hand, and it was only the development of General Purpose Computers later in the 1950s that began to change ideas about how computers could be used.

There was a requirement for better cipher security after the Second World War, but, separate from the status of communications security in a primarily signals intelligence organisation, the Services' grip on Comsec was much greater by 1946 than it was on Sigint, and the Cypher Policy Board, which was where GCHQ and the Services met to collaborate on security, operated at too high a level to be able to provide the detailed oversight of development activity.

 

 

 

No comments:

Post a Comment