Homepage
Crypto
Index
Glossary
Enigma
Hagelin
Fialka
Rotor
Pin-wheel
Voice
Data
Hand
OTP
EMU
Mixers
Phones
Bulk
FILL
Codebooks
Algorithms
Cryptanalysis
Toys
Countries
Manufacturers
Spy radio
Burst encoders
Intercept
Covert
Radio
PC
Telex
Telephones
People
Agencies
Manufacturers
DONATE
Publications
Standards
For sale
Kits
Shop
News
Events
Wanted
Contact
About us
Links
     Click for homepage
Crypto AG
Data
BND
CIA
  
HC-500 series →
  
Hagelin HC-550   HC-580
Desktop electronic cipher machine · CRYPTOMATIC

HC-550 and HC-580 are desktop cipher machines introduced in 1978 by Crypto AG (Hagelin) in Zug (Switzerland). It is the successor to the HC-570 and is compatible with other members of the 500-series, like the HC-520 and HC-530. The machine consists of a modified Siemens T-1000 teleprinter with a large black tray containing the cryptologic mounted at the bottom. The crypto­logic was developed by Motorola in Phoenix and uses an NSA-developed cryptographic algorithm.

The image on the right shows a typical HC-550, which is nearly identical to the Siemens T-1000 telex it is based on. In this case, the machine has a tape reader to the right of the keyboard and a tape puncher bolted on at the right. Suitable five-level paper tape should be fed in from the rear. The machine itself prints its output directly onto a paper roll that is also fed in from the rear.

A black slimline metal cabinet is mounted to the bottom of the teleprinter. At the front are two physical keys, one for entering the cryptographic key and one for selecting the mode of operation. 		  
Hagelin HC-550 cipher machine

The HC-550 is an off-line machine, whilst the HC-580 can also be used on-line. Both machines can also be used as an ordinary teleprinter when used in a line-connected mode. The teleprinter is only used as an input/output device, or terminal, whilst the cipher unit at the bottom bottom takes care of the actual encryption, similar to the Philips Aroflex and Timmann's TST-9669-11. Note however, that the Hagelin HC-550 is not compatible with either of these two machines.

The use of a standard teleprinter greatly simplifies the design and allows different typefaces to be used, such as Latin, Arabic, Farsi, etc. Furthermore, this machine can print on ordinary paper, unlike the HC-570 which prints on thermal paper. The advantage of the HC-570 on the other hand, is the higher speed at which it can process and print its data. The machines are compatible, and were available in two cryptologic-variants, one of which could be broken by NSA and BND [2]. The readable one was improved later, when it was found to be prone to known plaintext attacks.

Hagelin HC-550 cipher machine
Front view
Keyboard and control buttons
Tape puncher
Tape reader
Master key
Operator's key
Rear side
A
×
A
1 / 8
Hagelin HC-550 cipher machine
A
2 / 8
Front view
A
3 / 8
Keyboard and control buttons
A
4 / 8
Tape puncher
A
5 / 8
Tape reader
A
6 / 8
Master key
A
7 / 8
Operator's key
A
8 / 8
Rear side

Controls
The diagram below shows a typical Hagelin HC-550 in operation. The machine has all features of a standard Siemens T-1000 teletypewriter, including an external paper tape puncher mounted at the right. The actual cipher machine is mounted under the T-1000. It is operated through two physical keys and 6 push-buttons at its front panel. Additional features are available through the special function keys of the T-1000, some of which are not present on a regular T-1000 telex.

Click to see more

To operate the machine, the leftmost physical key is used to enter the Basic cryptographic Key (BK). The key is used to toggle between BK and operational mode. Turning the key in the opposite direction, allows the machine to be opened, much like the motor compartment of a car. The rightmost physical key is marked C/D and is used to toggle between ciphering and deciphering.


Compatible machines   Cryptomatic 500
Pocket version, resembling a calculator
Briefcase version
Desktop model, based on Siemens T-1000
Desktop model
Desktop model, based on Siemens T-1000
Rackmount model for serial computer signals
Similar machines   not compatible with Cryptomatic 500
Philips Aroflex
History
The HC-550 was developed at a time when the company – Crypto AG – was jointly owned by the German Bundesnachrichtendienst (BND) and the American Central Intelligence Agency (CIA). The two intelligence services had purchased the company in 1970, with the intention to get control over the cryptographic algorithms and — indirectly — Crypto AG's customers. This secret project was known as Operation RUBICON (also: THESAURUS) and turned out to be extremely effective [2].

The first machine of the 500-series – HC-570 – was the successor to the ill-fated H-460, Crypto AG's the first fully electronic cipher machine, that had been introduced just before BND and CIA became the owners of the company. It used a shift-register-based cryptologic, that had been designed by the NSA in 1966, in such a way that messages were readable 1 to them. When BND and CIA took over, it was decided that Crypto AG should sell high-end cipher machines that could compete with the designs from other manufacturers, such as Gretag, that were not under control.

The new machine was designated HC-570 and was partly designed in-house by Crypto AG, whilst Motorola was hired to do the design of the microprocessor-based cryptologic. The cryptographic algorithm was supplied by the US National Security Agency (NSA). The machine was introduced in early 1977, but did not become very popular. It was difficult to build, complicated to operate and expensive. A few years later it was replaced by the HC-550, which became an instant hit. There was also a portable version, the HC-520, that was meant as a competitor to the Gretacoder 905.

HC-500 Crisis
In February 1979, less than two years after the introduction of the HC-500 series, CAG-employee Jürg Spörndli, discovered that it was possible to break the machine with just 100 characters of known plaintext, probably after attending a seminar by American mathematician Martin Hellman.

Although rather theoretical, it proved that the cipher was prone to a known plain-text attack, or KPTA as it was known in the cryptologic world. To Crypto AG this was bad news, as the company couldn't afford another debacle after the H-460 crisis. In two years time, the HC-500 series had become Crypto AG's leading product, of which more than 1700 had already been sold worldwide.

The original algorithm had been developed by NSA's Peter Jenks, and was intended to last for at least 20 years. But Jürg Spörndli had now exposed a weakness, whch urgently needed to be fixed before customers would discover it themselves. At NSA, Dave Frasier designed a drop-in fix that defeated a known plaintext attack, but was considerably more difficult to break by NSA and ZfCh. A few months later, mid-1979, Peter Jenks left the NSA and Dave Frasier committed suicide.

 More about Operation RUBICON

  1. In this context, readable means that the cryptographic algorithms could be broken by the NSA. Also known as friendly. In contrast: algorithms that are not breakable by NSA, are called unfriendly or unreadable.

Interior
The Hagelin HC-550 cipher machine is mounted to the bottom of the Siemens T-1000 telex, with a hinge at the rear acting as a pivoting point. The interior can be accessed by turning the leftmost physical key at the black front panel counterclockwise. This unlocks a latch at the front centre.

Once the latch is unlocked, the teleprinter can be tilted backwards by lifting it at the front. After tilting the machine by approx. 45°, a metal stub at the right can be raised to prevent the machine from falling back, in a similar manner as the hood of the engine compartment of a vehicle.

Inside the device are two large printed circuit boards (PCBs), each of which takes up about half the available space. The PCB at the front holds the microprocessor, the I/O interface and some logic, whilst the board at the rear holds the RAM memory and the EEPROMs with the firmware. 		  
Close-up of the contents of the black tray

The cable at the front right connects the cryptologic to the push-buttons at the front panel. At the left is a small PCB that is mounted to the side. It holds a 15-pin sub-D test connector and button marked EMCY (emergency). It is covered by a protective black plastic cap and acts as the co-called ZEROIZE-button. Pressing it, clears the memory and purges the cryptographic keys.

The cryptologic was developed at the secret Government Electronics Division of Motorola in Phoenix, at the request of the NSA and CIA. In order to hide their true identity from Motorola engineers, NSA and CIA officers pretended to be working for cover company Intercom Associates, when they visited the plant in Phoenix (Arizona).

Motorola was hired in 1974, after the NSA had failed to do the design itself. When the proto­types were delivered in 1975, it was probably the first time an algorithm had been imple­mented entirely in software, in a small microprocessor. 		  
Processor detail

The image above shows the MC6800 microprocessor, that had just been introduced by Motorola in 1974 [3]. The actual algorithm — developed by Peter Jenks at the NSA — was implemented in software and was held in a set of EPROMs. 1 Motorola also acted as a cover for the NSA, so that it would not be obvious to Crypto AG engineers that the algorithm was influenced by the NSA [2].

  1. EPROM = Erasable Programmable Read-Only Memory.

HC-550 interior
Close-up of the contents of the black tray
Processor detail
Firmware
Connection to the Siemens T-1000
Leftmost physical key
Switch behind physical key
Test connector and zeroize button
B
×
B
1 / 8
HC-550 interior
B
2 / 8
Close-up of the contents of the black tray
B
3 / 8
Processor detail
B
4 / 8
Firmware
B
5 / 8
Connection to the Siemens T-1000
B
6 / 8
Leftmost physical key
B
7 / 8
Switch behind physical key
B
8 / 8
Test connector and zeroize button

Technical specifications
HC-550
  • Mode: off-line
  • Line input: Receipt of cryptograms via lines
  • Basic key: 7 keys can be stored, each with 1028 variations
  • Message key: 1.4 x 10 variations.
  • Period: 1054 steps
  • Memory: 8000 characters
  • Speed: 50, 75 or 100 baud
HC-580
  • Mode: off-line and on-line
  • Line input: 7 and 7½ unit start/stop (plain or cipher text)
  • Basic key: 21 keys can be stored, each with 1028 variations
  • Message key: 1.4 x 10 variations.
  • Period: 1054 steps
  • Memory: 8000 characters
  • Speed: 50, 75 or 100 baud
Documentation
  1. HC-550 ML, Short-Form Instructions
    3K639b. Crypto AG. Date unknown.

  2. Cryptomatic HC-550, Bedienungsanleitung
    Operating Manual (German). 1B641. Crypto AG. Date unknown.
References
  1. Jane's Military Communication 1986
    ISBN: 0-7106-0824-1

  2. Crypto Museum, Operation RUBICON
    February 2020.

  3. Wikipedia, Motorola 6800
    Retrieved December 2019.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Friday 22 April 2016. Last changed: Friday, 04 February 2022 - 10:21 CET.
Click for homepage