German Naval Enigma
Encryption Procedures and Operations
Introduction
The German Naval Enigma machines, while mechanically almost identical to their Army counterparts, employed significantly different operational procedures that made them considerably more secure—at least in theory. These differences in implementation, combined with the Navy’s more disciplined approach to cipher operations, created substantial challenges for Allied cryptanalysts attempting to break German naval communications during World War II.
Understanding these procedures reveals not only the sophistication of German cryptographic methods but also the critical vulnerabilities that ultimately allowed the Allies to penetrate what should have been an unbreakable system. This document provides a comprehensive examination of Naval Enigma operations, from basic message formatting to the complete encryption and decryption process.
Fundamental Differences from Army Enigma
Message Formatting
The most immediately obvious difference between Naval and Army Enigma systems lay in their basic message formatting conventions. While Army units grouped their encrypted text into five-letter blocks, the Kriegsmarine standardized on four-letter groups as their default format. This seemingly minor distinction had significant implications for message handling and transmission procedures.
The four-letter grouping system aligned more naturally with certain aspects of naval communications protocols and made message length calculations more straightforward for radio operators working in challenging maritime conditions. However, some specialized encryption procedures—particularly those used for diplomatic communications—still employed the Army’s five-letter grouping system, requiring naval cipher personnel to maintain proficiency in both methods.
Message Padding and Obfuscation
Similar to Army practice, when a message did not conclude precisely on a group boundary, padding letters were inserted to ensure proper alignment. The most common padding sequence was “XXX,” though other combinations were occasionally used. This padding served the dual purpose of completing the final group and providing a clear indicator to receiving operators that the message had ended.
The Navy also employed a sophisticated message obfuscation technique that the Army used less consistently. Cipher clerks would frequently append additional German words at both the beginning and end of messages—words that were not actually part of the operational content. These “dummy words” served to increase message complexity and potentially mislead cryptanalysts attempting to identify message patterns or use known plaintext attacks.
These dummy words were carefully selected to be recognizably standard German vocabulary, making it obvious to legitimate recipients that they were padding rather than operational content. Common choices included everyday words like “BAKERS” or “ELEPHANTS” ,words unlikely to appear in genuine naval communications. This practice added an extra layer of security while remaining transparent to authorized personnel.
The Message Header Structure
Every Naval Enigma message began with a critical eight-character header consisting of two four-letter groups. This header contained all the information necessary for a receiving station to properly decrypt the message, and its security was paramount.
The first four-letter group served as the indicator group. This group identified which communication network was being used and which specific encryption key from that network’s daily settings should be employed. The indicator group essentially told the receiving operator, “This message belongs to network X, and you should use key Y to decrypt it.”
The second four-letter group contained the message key—the specific rotor starting positions that would be used to encrypt the actual message content. However, this group did not directly reveal those positions; instead, it provided an encrypted version that had to be processed using the day’s base settings before the actual message key could be determined.
The KENNGRUPPEN Codebook (K-Book)
Structure and Purpose
The KENNGRUPPEN (indicator groups) codebook, universally referred to as the “K-Book,” was a fundamental component of Naval Enigma operations. This multi-page document was issued to all German cipher personnel at naval stations and aboard vessels, providing a standardized method for converting between numbers and three-letter groups called trigrams.
The K-Book represented a significant improvement over the Army and Luftwaffe practice of allowing operators to select “random” starting positions manually. Human-selected “random” values invariably contain patterns and biases that cryptanalysts can exploit. The K-Book eliminated this vulnerability by providing genuinely random trigrams selected during the book’s preparation.
Part A: Numbers to Letters
Part A of the K-Book consisted of 733 columns, with each column containing 24 rows (except column 733, which was shortened). This created a massive spreadsheet containing 17,576 enough to include every possible three-letter combination exactly once. Each cell contained a trigram: three randomly selected letters.
To use Part A, an operator would identify a column number and a row number, then look up the corresponding trigram. For example, referring to column 12:
Column 12, row 6 yields the trigram AHA. This could also be expressed as position 126 (combining the column and row numbers).
Part B: Letters to Numbers
Part B contained exactly the same information as Part A but organized in reverse—indexed by the trigrams themselves rather than by numbers. This allowed operators to perform reverse lookups quickly when decrypting messages.
For example, the “AH” column page might contain:
Looking up AHA (column “AH”, letter “A”) would immediately yield column 12, row 6—the reverse of the Part A lookup.
This bidirectional structure made the K-Book equally efficient for both encoding and decoding operations, ensuring that cipher clerks could work quickly regardless of which direction the conversion needed to proceed.
A Critical Security Flaw
Despite its sophisticated design, the K-Book suffered from one catastrophic weakness: the Germans never changed it throughout the entire war. The same trigrams remained in the same positions from 1939 through 1945, meaning that once the Allies captured a single copy, they possessed a permanent key to this aspect of the encryption system.
This decision—presumably made for operational convenience and to avoid the massive logistical challenge of distributing new K-Books to every vessel and station—proved to be one of the Navy’s most significant cryptographic failures.
The BIGRAM Tables
Purpose and Structure
The eight-character message header, containing as it did the critical network identifier and message key, required additional protection beyond the standard Enigma encryption. The Germans implemented this through a system of BIGRAM tables—substitution tables that converted pairs of letters into different pairs of letters.
As the name suggests, BIGRAM tables operated on two-letter units. Each table was structured as a 26×26 grid (676 cells), covering every possible two-letter combination. Crucially, BIGRAM encoding was bidirectional: applying the same table twice returned the original letters, allowing the same table to be used for both encryption and decryption.
Table Sets and Rotation
BIGRAM tables were issued in sets of ten tables, labeled A through J. During the war, the Germans issued a total of five complete sets, each with its own code name:
(Note: The dates for Quelle and Meer in some sources conflict; the table above reflects commonly cited dates, though variations exist in historical records.)
The Tauschtafelplan (Table Selection Plan)
To determine which of the ten tables should be used on any given day, cipher personnel consulted the Tauschtafelplan (table exchange plan). This document specified which table letter (A through J) corresponded to each day of the month.
For example, a Tauschtafelplan entry might show:
November 1: Table A
November 2: Table E
November 3: Table H
November 4: Table B
November 5: Table C
The plan rotated through the ten tables in a pseudo-random order, ensuring that consecutive days used different tables. This rotation provided an additional layer of security, as intercepted messages from different days would have differently encrypted headers even if all other settings remained constant.
Network Keys and Daily Settings
The Master Network Table
Naval communications were divided into multiple networks, each serving specific geographical areas, vessel types, or operational purposes. A master table assigned number ranges to each network name. For example:
Each network had its own daily key sheets specifying the Enigma machine settings for each day of the month.
Daily Key Components
For each day, the key sheet specified both internal and external machine settings:
Internal Settings (changed every other day at German midnight, set by duty officer and then locked):
Reflector type (typically B or G for four-rotor machines)
Which naval rotor to use (Beta or Gamma)
Which three rotors from the set of eight available (I through VIII)
Ring settings (Ringstellung) for each rotor
External Settings (changed daily, set by cipher clerk):
Plugboard connections (Steckerverbindungen)
Basic rotor starting position (Grundstellung)
For example, M Potsdam settings for the 29th might be:
Complete Encryption Example
Let us now work through a complete encryption procedure to demonstrate how all these elements combined in practice.
Preparing the Message
Original message: THE LAZY FOX JUMPED OVER THE DOG
Network: M Potsdam
Date: 29th
Message length: 27 letters (7 words)
Since this is a short message, we add dummy words for obfuscation:
Extended message: THE LAZY FOX JUMPED OVER THE DOG KB KB KB BAKERS ELEPHANTSS
Formatted in four-letter groups:
THEL AZYF OXJU MPED OVER THED OGKB KBKB BAKE RSEL EPHA NTSS
Creating the Indicator Group
From the master table, M Potsdam uses number range 1–20. We randomly select column 12.
Next, we randomly select row 6. From the K-Book Part A, column 12, row 6 gives us AHA.
We need a four-letter group, so we add a random letter: S
First header group: SAHA
Creating the Message Key
Using random selection, we choose a four-letter starting position: EDKA
This will be our actual rotor starting position for encrypting the message body.
Encrypting the Message Key
The duty officer has already set the internal settings and locked the machine. The cipher clerk now sets up the external settings for day 29:
Plugboard: 20/13 2/3 10/4 21/24 12/1 6/5 16/18 15/8 7/11 23/26
Start position: OMSR
With the rotors at OMSR, the clerk types EDKA, which encrypts to (for example) HGED.
Second header group: HGED
Double-Encrypting the Header
Now we have: SAHA HGED
First, rearrange into vertical pairs:
SA
HA
HG
ED
Apply the day’s BIGRAM table (determined from the Tauschtafelplan):
SA → GH
HA → LK
HG → QW
ED → IK
Rearrange back horizontally: GHLK QWIK
Encrypting the Message Body
The clerk resets the rotors to EDKA (the actual message key) and types the message:
THEL AZYF OXJU MPED OVER THED OGKB KBKB BAKE RSEL EPHA NTSS
This encrypts to (for example):
KQMJ WFZR BTXL PHCN GDVS YUAE RTWP MNZK FXBQ LJCV SGHY AUME
Final Message Format
The complete transmission message includes administrative information:
MMA 1234/29/3 16 GHLK QWIK KQMJ WFZR BTXL PHCN GDVS YUAE RTWP MNZK FXBQ LJCV SGHY AUME GHLK QWIK
Breaking this down:
MMA: Originating station identifier
1234: Transmission time (1234 hours)
29: Day of month
3: Serial number (third message of the day)
16: Number of four-letter groups in the message
GHLK QWIK: Double-encrypted header
KQMJ...AUME: Encrypted message body (12 groups)
GHLK QWIK: Header repeated for error checking
Decryption Process
Decryption was considerably faster and simpler than encryption, particularly for receiving stations that only handled messages from a single network.
Initial Setup
Most vessels operated within a single geographical area and thus used only one network’s keys. This meant cipher personnel could set up their machines at the beginning of each day and leave them configured for all messages received that day. Since the day officially began at German midnight, this timing was standardized across all stations.
For receiving stations that handled multiple networks, the Navy designed the system so that internal settings (rotors, rings, reflector) were typically common across networks on a particular day. Only the external settings (plugboard and starting position) needed to be changed when switching between networks.
Receiving and Validating the Message
Upon receiving: MMA 1234/29/3 16 GHLK QWIK KQMJ WFZR BTXL PHCN GDVS YUAE RTWP MNZK FXBQ LJCV SGHY AUME GHLK QWIK
The operator performs several validation steps:
Identify origin: MMA indicates the message came from the central communication station (in this case, La Rochelle, France)
Verify header repetition: Confirm that the first two four-letter groups (GHLK QWIK) match the last two groups
Count groups: Verify that exactly 16 four-letter groups follow the administrative header
If these checks pass, the operator knows the message was received completely, though individual letters might still contain errors.
Removing Double Encryption
Using the Tauschtafelplan, the operator determines which BIGRAM table applies to this day. Then, applying that table to the header:
GHLK QWIK breaks into:
GH → SA
LK → HA
QW → HG
IK → ED
Rearranged: SAHA HGED
Determining the Network
Remove the random letter (S) from the first group, leaving AHA.
Look up AHA in K-Book Part B: column 12, row 6 (giving 126).
Discard the row number, leaving column 12.
Consult the master network table: column 12 falls within the range 1–20, identifying network M Potsdam.
Setting Up the Machine
The operator configures the machine using M Potsdam settings for the 29th (internal settings should already be configured; external settings are now applied).
With the machine at the day’s starting position (OMSR), type HGED. This decrypts to EDKA—the message key.
Decrypting the Message
Reset the rotors to EDKA and type the encrypted message body:
KQMJ WFZR BTXL PHCN GDVS YUAE RTWP MNZK FXBQ LJCV SGHY AUME
This produces:
THEL AZYF OXJU MPED OVER THED OGKB KBKB BAKE RSEL EPHA NTSS
Final Processing
The operator reformats the four-letter groups into readable text, recognizing and removing dummy words:
THE LAZY FOX JUMPED OVER THE DOG [KB KB KB BAKERS ELEPHANTSS removed]
Experienced operators could complete this entire process in just a few minutes.
Security Weaknesses
Despite the theoretical strength of this multi-layered encryption system, several critical German errors made Naval Enigma penetrable:
Static Reference Materials
The most egregious error was never updating the K-Book throughout the entire war. Once the Allies captured a copy, this element of the system became permanently compromised. Similarly, issuing only six BIGRAM table sets and then reusing them provided Allied cryptanalysts with valuable continuity for their attacks.
Table Update Procedures
The Germans failed to update different tables simultaneously. When new tables were introduced, they were rolled out in stages rather than all at once. This allowed cryptanalysts to compare messages encrypted with old (already broken) tables against messages encrypted with new tables, facilitating the breaking of the new systems.
Lack of Randomness
Despite the sophistication of the K-Book system, Germans preparing other tables often fell back on alphabetical or numerical ordering rather than using truly random sequences. Human beings are notoriously poor at generating randomness, and these patterns proved exploitable.
Operational Assumptions
Perhaps most critically, the Germans apparently never seriously considered that the Allies might have successfully captured K-Books, BIGRAM tables, daily key sheets, and even intact Enigma machines from U-boats and surface vessels. While Navy operators avoided many of the procedural mistakes that plagued Army and Luftwaffe communications, this fundamental assumption of material security proved catastrophically wrong.
Conclusion
The German Naval Enigma system represented a remarkable achievement in cryptographic engineering and operational procedure. The layered security—combining rotor-based encryption, plugboard complications, double-encrypted headers, rotating BIGRAM tables, and the K-Book trigram system—should have created an unbreakable cipher.
That Allied cryptanalysts at Bletchley Park and elsewhere succeeded in breaking Naval Enigma was not due to any fundamental weakness in the system’s design. Rather, it resulted from a combination of German procedural failures, the capture of key materials, and the extraordinary ingenuity and persistence of Allied codebreakers.
The Naval Enigma procedures described here reveal both the sophisticated approach the Kriegsmarine took to communications security and the subtle vulnerabilities that no amount of mechanical complexity could fully eliminate. The lesson remains relevant today: even the most sophisticated cryptographic system can be compromised by poor key management, predictable procedures, or the underestimation of adversary capabilities.
Understanding these procedures provides insight not only into a fascinating chapter of World War II history but also into fundamental principles of cryptographic security that remain applicable in our digital age.
Appendix









