|
|
|
|
|
|
|
Hagelin Data NSA CIA BND HC-550 →
Electronic shift-register based cipher machine
H-460 was an electromechanical
cipher machine
introduced in 1970 by
Crypto AG (Hagelin) in Zug (Switzerland).
It was the company's first machine that used a shift-register based
cryptologic.
The basic machine, which still incorporated electromechanical parts,
was designed in-house in Zug, whilst the cryptologic
had been developed in 1966 by the
US National Security Agency (NSA).
|
The machine is housed in a shiny grey plastic enclosure and is powered directly
from the 220V AC mains. It has a full 26-button keyboard at the front and
a double strip-printer at the top.
With the H-460, Crypto AG was clearly steering away from its successful
mechanical pin-and-lug cipher machines,
like the C-446
and CX-52, that it had sold for nearly 30 years.
Development started in 1965 but as the company had virtually no experience with
electronics, there was a steep learning curve. After its introduction in 1970,
it was withdrawn, and then re-released in 1972.
|
|
|
|
In 1977, the machine was succeeded by the fully electronic
HC-500 series of machines
— also known as the CRYPTOMATIC family —
of which the HC-570
was the first one to appear. It was partly developed by
Motorola
and featured a cryptologic based on an 6800 microprocessor.
|
The H-460 measures 355 x 296 x 163 mm and weights 11.5 kg. It is housed in
a grey plastic enclosure, and can be operated from a desktop or from within
the bottom shell of the transport case. The device is enabled with
the power switch at the front right. Next, the desired MODE of operation
is selected with the white keys at the front right. Note that for entering the
BASIC KEY – also known as the INTERNAL KEY – the
key-lock at the right hand side
should be engaged first.
The machine's output (ciphertext and/or plaintext) is printed directly onto
a narrow paper strip that leaves the machine at the top (to the left of the
letter counter). A suitable paper roll has to be installed behind a
hinged lid at the rear. When printing, the paper is
automatically sliced in two halfs, that can be used to create the final
telegram. If multiple copies of the output are required (and a copying
machine is not available), the
external PEH-72 tape reader/puncher can be used.
|
O Plaintext C Cipher (encrypt) D Decipher (decrypt) I Internal key input (basic key) — 25 letters 1 E External key input (message key) — 5 letters
|
-
The basic key (I) can only be entered when the
keylock to the right of the keyboard
(at the side panel of the machine) is engaged. This involves
inserting of the key, and turning it clockwise.
|
|
As the machine does not have a spacebar, one of the 26 letters of the
alphabet has been assigned as replacement for the space character. This
character can not be used as part of the text. Based on the language
(and the wishes of the customer) the least frequently used letter will
be assigned for this. On the keyboard it is marked in red (rather than
white). If the letter occurs in a text, it should be replaced by
another letter, or by two other letters, for example:
|
W VV e.g. Spanish, Italian X KS e.g. German Z TS e.g. English K CC e.g. French
|
Development of the H-460 began in 1965, at a time when
Crypto AG's designs
were influenced by the American NSA.
It was the result of the so-called
Licencing Agreement
that existed between Boris Hagelin
and the American CIA since 1960. 1
It made certain machines readable 2 for NSA.
The cryptologic for the H-460 was developed by
Peter Jenks
at NSA. Jenks
was able to manipulate the shift registers
in such a way that they appeared random from the outside.
In reality however, the sequence was more or less predictable and
could successfully be broken with by NSA.
There were many problems. When the machine was announced in the late 1960s,
the Italian Army promptly ordered 280 units. The first 82 units were
delivered in 1970 — around the time that the company
– Crypto AG –
was taken over by the German
Bundesnachrichtendienst (BND)
and the US
Central Intelligence Agency (CIA).
But the machines didn't work. The design was too complex and the machines
were vulnerable to temperature changes and vibrations.
In particular the electronic parts
– i.e. the cryptologic – appeared to be unreliable.
The Italians returned the entire shipment.
The German cryptographic authority –
Zentralstelle für das Chiffrierwesen (ZfCh)
– intervened and mounted a redesign, using the German technology giant
Siemens as a consultant.
With Siemens' help, Crypto AG was able to fix the H-460 to the best of its
abilities, and by 1972, ZfCh 3 was confident
that the machine could be released. Crypto AG then delivered the outstanding
orders.
|
 |
-
Not to be confused with the so-called
Gentleman's Agreement
that existed between Hagelin and the NSA from approx. 1951 to 1960.
It was superceeded by the
Licencing Agreement with the CIA.
-
In this context, readable means that the cryptographic algorithms
could be broken by the NSA.
Also known as friendly. In contrast:
algorithms that are not breakable by NSA,
are called unfriendly or unreadable.
-
At the time, ZfCh was an independent German authority that worked closely
together with the German intelligence service BND. In 1973, it was
placed under Department IV of the BND.
|
|
Despite the fact that the ill-fated machine had been fixed and
re-released in 1972, its problems haunted the company for several more
years. Customers kept complaining about the mechanical stability, and
there were complaints about the strength of the cryptologic.
By 1976, the Italians and the Egyptians were aware of the weakness in the
algorithm, and demanded an explanation.
|
Crypto AG's CEO Heinz Wagner managed to fend it off with his well-known charm.
The machines were returned to the factory, where an improved
cryptologic — unique for each customer — was fitted.
The variant was denoted by a single-digit suffix to the module number,
such as H-4603,
H-4604
and H-4605.
The strength of the cryptographic algorithm had indeed been fixed,
but the machines were still redable to the NSA,
albeit with a much greater cryptanalytic effort.
The image on the right shows the hand-wired cryptologic
of an H-4605, of September 1977.
|
|
|
The issue with the H-460 led to friction between the owers of the company
— CIA
and BND — when in 1972,
the American NSA flatout refused to share the details
of the H-460 cryptologic
with the ZfCh – the German codebreaking authority.
NSA's Frank Raven did not want to share anything that predated the purchase
of the company (1970) with the partner. The matter was cleared in the spring
of 1973, when Raven finally allowed the H-460 to be informally discussed with
the ZfCh, as long as the details of the (informal) discussions were not
documented [2].
➤ Operation RUBICON
|
It is likely that the Cubans were able to break the H-460 – or at least
some of its traffic – from 1984 onwards. The details of the analysis and
software for its decryption were shared with the
Ministerium für Staatssicherheit (MfS, or Stasi) of the former East-Germany
(DDR) in 1988 [7].
|
All versions of the machine (H-4601, H-4602, etc.) have the same outer
dimensions and fit snugly inside the transport case.
It can be used on a table top, but can also be operated whilst seated
in the bottom half of the transport case.
All that is required for operating the machine is a connection to the
110/220V AC mains and a fresh roll of paper.
|
|
|
The machine has two lock, both of which accept each of the supplied
keys. The lock at the right side, is used for entering the BASIC key
(i.e. the internal key). It is also used – together with the lock
at the rear – to get access to the interior.
In the latter case, the two black spring-loaded knobs at the sides of
the machine, should be pushed towards the rear, after which the top
case shell can be removed.
|
|
|
When the machine is permanently installed on a desktop, for example in the
communications centre of an embassy, it might not be prcatical to repack it
in the transport case each time after use. For such situations, the soft grey
dust cover shown in the image on the right is supplied.
When unused, the dust cover is stowed with the operating instructions,
in the bottom part of the transport case,
under the machine.
|
|
|
For regular maintenance (not for repair) a set of high-quality tools was
supplied, stowed in the top lid of the transport case. Present are
two screwdrivers, a brush (for removing dust) and a thin metal blade that
can be used for removing paper from a blocked printer.
Also present in this compartment, is a special pair of tongs for
handling the print head
and an canister with ink (similar to an oil can).
|
|
|
Several spare parts were supplied with the machine, such as fuses
(typically in a plastic bag), spare screws and a fresh pre-inked
double print head, as shown in the image on the right.
The printhead is made of porous rubber that can accumulate ink.
A special tool is supplied for removing and replacing the print head.
Suitable ink was supplied in a special ink canister.
|
|
|
This purpose-made pair of tongs is supplied for handling the
print head.
It consists of two curved tongs, one of which is hinged. The tongs can be
fitted around the centre part of the print head, and should be pressed
together when removing or replacing it.
When unused, it is
stowed in the tools compartment
inside the top lid of the storage case.
|
|
|
Suitable ink for the print head, was supplied in the special ink
canister shown in the image on the right. It is similar to a regular
oil can, but contains ink instead of oil.
If the printed image becomes faded, the print head should be removed
and ink should be applied to the black circumference with the embossed
letters, which is made of porous rubber. Only approved ink should be
used.
|
|
|
The machine has a double printer that produces two rows of letters:
the plaintext and the ciphertext.
It accepts a paper roll with a width of
17.46 mm (11/16") — the same width as standard five-level teleprinter tape
(telex).
Note however, that the core is much smaller than that of a regular telex
paper tape.
|
|
|
An A5-sized booklet with a blue cover was supplied with each machine.
It contains the operating instructions in five languages: Italian,
Spanish, English, French and German.
At the back of the booklet are fold-outs with drawings and photographs.
The complete manual can be downloaded below.
➤ Download H-4605 manual
➤ Download PEH-72 manual
|
|
|
A regular power cable
is supplied, with a 3-pin female euro plug at one end.
The other end is stripped, but no plug is mounted. This allows the user to
fit a suitable one for the local wall sockets (which are different in most
countries).
If the PEH-72 tape puncher (see below)
is also present, an extra power cable is needed, plus a
special data cable to link it to the H-460x.
The latter is shown in the image on the right.
|
|
|
|
|
Tape reader/puncher
PEH-72
|
|
|
The PEH-72 tape reader/puncher shown here, was available
as an option. It can be connected to the data socket at the rear of the
H-460x, and allows a decoded to text to be stored on paper tape,
so that multiple copies can be printed on a regular teleprinter machine. 1
The device can also be used as a tape reader, in which case a pre-recorded
ciphertext message (for example received on a teleprinter) can be read as
if it was typed on the keyboard.
|
|
|
-
In the 1960s and 70s, up to 10 copies of a (decoded) message were generally
needed, whilst – for security reasons – a copying machine was not available
in an embassy's communications centre.
|
|
The machine is housed in a grey plastic enclosure that consists of two
shells: a bottom one – that holds the internal parts –
and an upper one, that can be removed by releasing two locks
(one at the right
and one at the rear), and pushing two black
knobs (one at either side) towards the rear.
|
The upper case shell can now be taken away, revealing the interior of the
machine, as shown in the image on the right. The machine roughly consists
of three sections: the keyboard at the front,
a double paper strip printer
at the left, and the secret
electronic cryptologic unit at the right.
Behind the printer
is an electromotor that drives the mechanical parts, and
– towards the centre of the machine – the mains power transformer. The shiny
grey cilinder below the front of the keyboard, is an electrolytic capacitor.
With the transformer and a circuit board, it forms the PSU.
|
|
|
|
The double printer is driven by the electromotor, via a
set of gears at the left side.
Each unit can be stepped individually, and rotates one half of
the double print head at the centre.
Inside the mechanism is a rotating knife
that cuts the paper strip in two seperable halfs whilst printing.
|
The rectangular metal box
at the rear right of the machine, contains the
electronic circuits, which includes the shift-register based
cryptologic —
the part that contains the cryptographic algorithm.
It was designed in 1966 1 by the NSA.
The metal box can be opened by removing two screws (one at the front and
one at the rear) and lifting off the lid. In the original version of the
H-460 that was released in 1970 2 it contained five printed circuit
board (PCBs), numbered 1 thru 5.
Each board represented the electronic
equivalent of a single cipher wheel from the mechanical era.
|
|
|
|
The design with the five PCBs, that was partly electronic and partly
mechanical, appeared to be too vulnerable to shock and temperature
variations and caused all machines to be returned to the factory.
In 1972, the machine was re-released with a redesigned
cryptologic, made by Siemens.
|
The new design consisted of three PCBs that were plugged into a
motherboard at the bottom:
a driver board,
a digital board and a
board with the cryptologic.
All boards are built with
CMOS integrated circuits (ICs) of the 4000-series [4].
Like the previous design, it was based on shift-register technology,
designed by the US
National Security Agency (NSA),
but without moving parts.
A standard 9V battery was used to retain the cryptographic key.
It is housed in a transparent plastic holder that it fitted to the
motherboard. The 9V battery should be replaced once a year.
|
|
|
|
In 1976, the Italians and the Egyptians discovered the (exploitable)
weakness in the encryption algorithm, and started complaining to
Crypto AG. All machines were returned to the factory, and were
retrofitted with an updated cryptologic that had been designed
by Dave Frasier at the NSA.
|
Although the new algorithm was stronger,
it was still readable by NSA
(albeit with greater effort).
The cryptologic update was released in 1977, and each
country received an individual unique variant, denoted by an extension to the
model number (e.g. H-4601). This made it impossible to decrypt the traffic
of a neighbouring country.
The image on the right shows a close-up of the cryptologic
board of the H-4605 machine in our collection. Each board is completely
hand-wired with a complicated – difficult to trace – maze of insulated copper
wires, similar to a spider web.
|
|
|
|
Although the shift-register logic was state-of-the-art when it was
produced in the 1970s, there are several flaws in the design.
Although the hand-routed wiring was probably needed to allow for
individual variations, fault finding must have been a nightmare.
More importantly, the design completely lacks decoupling capacitors
near the power lines of each individual integrated circuit.
|
Please help us to expand this page.
We are currently looking for technical documentation, circuit
diagrams and in particular a detailed description of the
cryptologic of any version of the H-460x.
If you are able to help any way, please contact us.
|
Basic key 25 letters Message key 5 letters Power 110/220V AC mains +15%/-10% (selector), 50 Hz Dimensions 355 × 296 × 163 mm (case: 400 × 370 × 230 mm) Weight 11.5 kg (with case: 16 kg)
|
|
-
Retrieved from HAMFU History, December 2018.
-
Full name: Bundesbeauftragte für die Unterlagen des Staatssicherheitsdienstes
der ehemaligen Deutschen Demokratischen Republik
(DDR) —
Federal Commissioner for the Records of the
State Security Service
of the former German Democratic Republic (GDR) —
officially abbreviated to BStU.
-
Document obtained from BStU [6] and kindly supplied
by Jörg Drobick.
|
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Sunday 15 December 2019. Last changed: Thursday, 17 November 2022 - 20:51 CET.
|
|
|
|
|
