Lorenz Cryptographic Rotor Machine

The Lorenz rotor machines were used by the Germans during World War II for strategic communication between major cities in German–occupied Europe.

Three versions of the Lorenz machine were created during the 1940s: SZ40 (started being used in 1941), SZ42A (1943) and SZ42B (1944). The letters SZ, which form the model names, originated from the German word Schlüsselzusatz, which means cipher attachment. And indeed, these machines were constructed as an attachment to a standard Lorenz teleprinter. Thus, the cryptographic extension could be attached to a teleprinter and extend its functionality.


The Lorenz rotor machine was developed in 1940 by a German company Lorenz, which was a major telecommunication producer in Germany at that time.


The Lorenz cryptographic machine was supposed to implement the OTP encryption. The idea was to use an electro-mechanical machine to overcome the problem of distribution of keystream characters (the task would be even more difficult during the war). The rotors would turn with different speeds, thus generating a random sequence. The sequence would be possible to regenerate by the receiver, if they used the same rotors and the same initial parameters.

All characters in the Lorenz teleprinter were encoded by using 5-bit Baudot codes. Both input and output letters were encoded on a paper tape. Each plaintext letter was XOR-ed with a secret-key character, which was also encoded by using 5 bits. A pseudorandom keystream was generated character-by-character by the internal rotor mechanism.

Lorenz machine diagram
A diagram of the Lorenz machine

Pseudorandom key bits were generated by 10 rotors. Fife rotors were turned after every keystroke, whereas the other five ones rotated not after every character, depending from the output from additional two discs, called the motor wheels.

The main rotors were connected in pairs. Each bit out of fife plaintext bits (which encoded one letter) first was moving through an always-rotating wheel and then through a corresponding sometimes-rotating wheel. The signal value could have been changed by any of them, depending on the rotor positions.

The two motor rotors were connected one after another. The movement of the second motor rotor was triggered by the first one. The fife sometimes-rotating wheels would move together, if the position of the second motor rotor triggered that.

Each wheel was fitted with a different number of cams, thus they all rotated with different speeds. Also, the numbers were all co-prime with each other, to provide the longest possible time before the pattern repeated.

The key sequence generated by the Lorenz rotor machine depended on its initial configuration:

  • The patterns of cams on the wheels.
  • The starting rotor positions.

The cam settings had been changed daily since the second part of 1944 (and much less frequently before). They were distributed in the secret codebooks.

The initial wheel positions (12-letter indicator) were chosen by the operator before each transmission and sent without encryption at the beginning of the message. Later, the procedure changed and the operators sent 2-digit codes, which could be found in a codebook called the QEP book. The codes corresponded to the initial wheel positions.

Security of the Lorenz rotor machine

The Allies were able to break the Lorenz cipher relatively quickly.

One of the typical danger related to the usage of one-time encryption by radio operators was sending the same message twice, encrypted by using the same secret key (the same initial settings). This situation might have place, when the receiver had some problems with recording the message.

If the sender used exactly the same secret key to encrypt exactly the same message, intercepting the communication would not provide any information to the eavesdropper. Unfortunately, during sending the second message, the sender could make some small changes in the text, like adding abbreviations or changing single words.

The Allies were lucky to intercept the message that allowed them to break the cipher in the middle of 1941. It was broadcast twice, by using the same secret key. The second message had some abbreviations made at the beginning of it. Also, it was long enough to allow the British to break the code and to recover both plaintexts and the keystream characters.

After discovering the secret keystream, the Allies managed to determine the internal structure of the machine, in spite of the fact that almost until the end of the war they hadn't seen any Lorenz machine. The rotor mechanism design was not optimal and the true security provided by the machine turned out to be much weaker than predicted by the Germans.

According to the German inventors, the number of possible combinations of internal rotor positions was impressive, too large to make it possible to break the security by using brute force attacks. However, due to the fact that each bit of the letter was encoded separately (each bit was passed through only two rotors), the actual number of possible combinations was much smaller.

Also, because all the sometimes-rotating wheels turned at the some moment, the machine produced relatively long parts of ciphertext that were not affected by those wheels (between their turns). This turned out to be the crucial drawback of the cipher.

As a result, the team of British code breakers managed to build their own machine for decrypting intercepted messages. The Allies were able to read all German communication encrypted by Lorenz machine.


Lorenz SZ42 machine
The Lorenz SZ42 machine