The KzU-63 is a wide-band
speech encryption device
developed in the former Yugoslavia
in 1985 and built by the Rudi Čajavec factory in Banja Luka
(Bosnia and Herzegovina) to replace the less secure
KzU-61 voice scrambler unit.
It was used
in combination with the RUP-12
and RU-2 VHF infantry radio
by the Yugoslav National Army (JNA) .
It has a period of approx. 1060.
The KzU-63 is also known as Digital Voice Protection module (DVP)
and as NSN 3215-1083-15822.
The abbreviation KzU stands for Kripto-zaštitni Uređaj
(crypto protective device). It is housed in an extruded aluminium enclosure
that measures 30 x 15 x 7 cm and can easily be mounted aside the radio
to which it is connected by means of a
short U-shaped cable.
Unlike its predecessor, the insecure
KzU-61 voice scrambler,
the KzU-63 offers secure - digital - voice encryption.
The image on the right shows a typical KzU-63 voice encryption unit.
At least two variants are known to exist. The one shown here and
one with the front panel texts printed upside down.
The KzU-63 was designed especially for use with radio stations that
operate in the lower VHF band (30-90 MHz) with a channel spacing of
50 kHz. Such devices generally offer wide-band FM modulation, making
them ideal for uncompressed voice/data encryption.
In order to obtain the maximum bandwidth needed by the encryption
device, the radio has to be able to bypass any input and output filters,
which is the case for example with the
RU-2/2K semi-portable radio.
The KzU-63 played an important role during the Yugoslav Wars (1991-2001) 
in which they were used to protect certain important radio communication
channels. It was thought to be unbreakable at the time .
A narrow band version of the KzU-63 is available as the
which is suitable for narrow-band VHF/UHF FM radios, offering
a data transfer rate of 9600 bps.
Despite its high age (30+ years), the KzU-63 was still in use with the
Serbian Army in 2015.
All controls and connections of the KzU-63 are at the front panel as show
in the image below. The device is usually mounted aside or on top of the
RU-2/2K wide-band VHF FM radio
and is connected to it by means of a fixed
via the socket marked RUP
at the top right.
The unit is powered by a 12V DC source, which is also supplied via
the large RUP connector.
A standard handset (speaker/microphone) is connected to the 7-pin
socket at the bottom left. Although this is not the
standard (US) U-299 connector,
it is the same one that is used on many NATO devices
throughout the last decades.
An external FILL device
is used to load the cryptographic keys into
Two Traffic Encryption Keys (TEKs) can be stored and
a toggle switch at the bottom right is used to selection between them.
At the top left is a three-position MODE-selector.
The following settings are available:
RZeroise (resetovanje) press Activate
The meaning of each of these settings is currently unknown, so the above
is an educated guess. If you know more about the operation of the
KzU-63, please contact us.
The KzU-63 offers true cryptographic protection by digitizing the
speech and then using a self-synchronising stream cipher (autoclave)
for the encryption. The stream cipher itself is purely built in hardware
comprising a range of nonlinear feedback shift-registers
in CMOS technology. The initial state of these registers is set by
means of an external KEY or Initialisation Vector (IV).
The KEY consists of a (currently unknown) series of digits
that are entered into the device by means of an
external device (key loader)
that is connected to the socket marked 'PU'.
The device used for loading the keys into the KzU-63 (i.e. the fill gun)
is the PK-1, which is house in a case that is similar to the one of
the KzU-63 itself, with a keypad that can be extracted from the front
panel, like the drawer of a desk.
PK the abbreviation of Punjac Kljuceva (Key loader).
The PK-1 was modified twice. Once in 1991 when the war with Croatia started,
and once more in 2006 after Montenegro declared independence.
Two cryptographic keys can be stored in the KzU-63.
Once loaded, the keys are retained by a small
3.6V Tadiran battery,
mounted behind the front panel.
The desired key is selected with the toggle switch (1 or 2).
In 2015, both the KzU-63 and the PK-1 were still in use in Serbia.
If you have more information, please contact us.
Apparently there are two variants of the KzU-63, or at least of its
front panel. In addition to the one shown here, there is also a photograph
circulating on the internet of a version
on which all text on the front panel is printed upside down .
This image is shown here (click to enlarge):
It is uncertain however, whether this actually is a KzU-63.
Apart from the front panel being orientated upside-down, it has a
different socket for connection of the handset (marked SI rather than MTK)
and the MODE-selector (which should be at the bottom right) seems to be missing.
The KzU-63 is housed in a water-resistant extruded aluminium enclosure,
consisting of a single-piece body that is open at one end only,
and a front panel that holds the controls and connectors.
The front panel is mounted at the open end of the enclosure
and is held by 4 bolts at the corners.
The backup battery
is mounted inside the frame of the front panel
and is used for retaining the cryptographic keys. Removing the front panel,
cuts the backup power to the PCBs and destroys the keys. The 3.6V AA-size
Tadiran lithium battery was sufficient for many years of operation,
which is why the wires are directly soldered to it. The battery was
probably never swapped during the lifetime of the device.
The one shown here was installed in 1989
and still has 3.6V (in 2015).
Considering the age of the device, the circuits are surprisingly modern
and well-designed. The KzU-63 consists of three eurocard-size PCBs
(10 x 16 cm) with a single-row DIN connector at one of the short sides.
These DIN connectors are slotted directly into one of the three sockets
that form the backplane which connects the boards to each other
and to the front panel controls.
The upper PCB
is the logic board and contains a wide variety of CMOS
logic chips. The lower board
is the (de)modulator which contains a
mixture of analogue and digital components.
The middle board
contains the actual cipher unit that is built around
seven MC14557 chips,
each of which is a 1-64 bit variable length shift register .
Together they form a complex network of configurable
Non-Linear Shift Registers (NLFSRs),
which are known to be more resistant to cryptanalytic attacks than
Linear Feedback Shift Registers (LFSRs) .
The configuration and the initial state of the NLFSRs it determined by
the cryptographic Key, which is why the Key is also known as
the Initialisation Vector (IV).
A similar approach is used, for example, in the
Philips Spendex 10.
The block diagram below should explain the operation of the KzU-63.
The upper half shows the receiving audio path, whilst the lower half
represents the transmission path. The Crypto Logic is at the center.
It is a symmetric stream cipher that is used for both
encryption and decryption. In the transmission path, audio from the
microphone is converted into a single-bit data stream with a
so-called Delta Modulator. The Crypto Logic changes this data
stream into an encrypted one which is then fed directly to the
transmitter, bypassing any audio filtering in the transmitter.
When receiving, the unfiltered output from the demodulator is
reshaped, so that a nice digital pulse-train is obtained. This
data stream is then led through the Crypto Logic which converts
it back into the original unencrypted stream. A Delta Demodulator
is now used to convert the single-bit data stream into analogue
audio again, which is passed to the speaker at the top right.
This method of adding encryption and decryption to an existing
transceiver, can only work if the standard audio filtering in the
receiver and transmitter is bypassed. For this reason,
some radios used to have a so-called X-switch. In the RU-2
radio, such a switch was not present, which is why a special
socket was added on the RU-2/2K, making it suitable for use with
The RUP-12 was a solid state (i.e. built with transistors) VHF
transceiver (30-70 MHz)
that was built in 1966 by the Rudi Čajavec company in Banja Luka.
It replaced the old valve-based RUP-1 and RUP-2 radios, which
were actually Yugoslav copies of the American BC-1000 (which was
supplied as military aid by the Americans in the period following WWII).
The RU-2 radio was a family of low-band VHF transceivers (30-70 MHz),
that were intended for communication between infantry companies
and battalions. In practice however, it became the 'work horse'
for the entire Yugoslav National Army (JNA) from the 1980s
well into the 1990s.
There are three known variants of the RU-2, of which only the last one,
is suitable for connection of the KzU-63 voce encryptor.
➤ More information
The image below shows the 6-pin male socket marked PU on the front panel.
It is used for the connection of a KEY FILL device, but the wiring and
protocol are currently unknown. The colours of the internal wiring are
given when looking into the socket from the front panel of the device.
Connector PU - Fill Device
The drawing below shows the wiring of the 7-pin socket marked MTK
at the bottom left.
It is used for the connection of a handset, headset or another
microphone/speaker combination. The colours are of the internal wiring
when looking into the socket from the front panel of the device.
Connector MTK - Handset
The drawing below shows the identification of the pins of the socket
marked RUP. It is used for connection to the RU-2/2K radio set and
provides access to the unfiltered audio signals of the transmitter
and the receiver. It also supplied 12V DC to the KzU-63.
Wiring currently unknown.
Connector RUP - Radio
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?|
© Crypto Museum. Created: Saturday 11 April 2015. Last changed: Sunday, 25 February 2018 - 18:21 CET.