Click for homepage
KG-81 →
NSA Type 1 cryptographic algorithm

WALBURN is a cryptographic algorithm, that is widely used by the US Army and by NATO, in high-level data encryption devices. It was mainly used in link encryption devices, such as the KG-81.

WALBURN-based products on this website
KG-81 digital high-speed trunk encryption device
Advanced INFOSEC Module
Advanced INFOSEC machine II
Harris SIERRA cryptographic engine
Harris SIERRA II cryptographic engine
IMPORTANT — The following notes present some global characteristics of the WALBURN cipher. It should be clear that no secret information is revealed. Rather, information was used from old unclassified documents and websites (most of which unfortunately are no longer available on the internet).
The WALBURN cipher
Notes from a former cryptographer [1]
December 2012

The WALBURN cryptographic algorithm is a stream cipher algorithm, used in cryptographic equipment of the USA and NATO countries. Like the SAVILLE algorithm, WALBURN is an NSA development and was most likely designed in the 1960s or 1970s. The algorithm is used in the WALBURN family of high-speed Key Generators, i.e. bulk data encryption devices with speeds up to tens of megabits per second. The KG-81 is the earliest known device of the WALBURN family. It has a maximum data transfer speed of 20 Mbps, which was extremely high at the time.

The crypto logic in the KG-81 was implemented in classified custom-designed integrated circuits (ASICs). Other WALBURN family members are the KG-94 the KG-95 and the KG-194. The image on the right shows the front panel of the KG-81, the first member of the WALBURN family [3].

Like SAVILLE, WALBURN is a bit-stream cipher and has two modes-of-use: KAK (OFB) and CTAK (CFB). Also, being a KAK (OFB) stream cipher, WALBURN has no driving function that gives a minimum period guarantee of the key stream.

The internal structure of WALBURN is based on the use of the so-called Hairpin Registers.
Font view of the KG-81. Photograph by Ralph Simpson [3].

These registers comprise many one-bit registers (flip-flops) interconnected in a complex non-linear way. This complex structure lends itself hardly for software implementation, but is ideally suited for implementation in hardware. The use of the standard key loading devices on KG-81, such as the KYK-13, KOI-18 and KYX-15, implies a key length of 120 bits plus an 8-bit parity. Please note that in the WALBURN cipher the eight parity bits also play a cryptographic role.

Link encryption
Typical for the link ecryptors of the time, is the selector knob with an activate button to its right. The selector shows some function names, such as LOAD, LOCAL UPDATE and CHNG VAR. LOAD is used to load a key through the KYK-13 interface, using the FILL connector at the front panel.

LOCAL UPDATE is the name used for applying a deterministic one-way function to the secret key, to obtain a new key. This is done to protect plain text against compromise of the new key.

This LOCAL UPDATE function would typically use the crypto logic in a different mode than used for encryption of data. CHNG VAR stands for change variable, i.e. a change of a secret key (called crypto variables in NSA language), which would involve some inband signalling to the receiving equipment at the other end of the link.

The image on the right shows the front panel of a KG-194, a later member of the WALBURN family. The wording around the function selector knob is slightly different to the wording on the KG-81, but the meaning is identical.

Front view of the KG-194. Photograph: NSPA [4].

HISPEED was the codename of a NATO evaluation in the mid-1970s, for a high-speed Trunk Encryption Device (TED). Philips Usfa contributed to this project by developing the so-called SATCOLEX crypto device; an 8 Mb/s line encryptor for multiplexed voice and telex signals.

Development took from 1975 to 1977, but in the end SATCOLEX was withdrawn right before the actual evaluation, in return for co-production (for the European market) of the KG-81.

From 1982 onwards, Philips built complete KG-81 units for many years for the entire European market under NSA license. Several modifications were made especially for NICSMA.

 More about Philips HISPEED

Close-up of a 19'' rack with KG-81 units

Philips and ZODIAC
Philips Usfa implemented the WALBURN cryptographic algorithm in the mid-1980s in its BVO-T, also known as UA-8245, a Trunk Encryption Device (TED) that was designed by Philips as part of the ZODIAC project of the Dutch Army. The speed requirement for both the propretary BVO-M and the KG-81 compatible BVO-T was only 2 Mbps, although the electronic components at the time (5400-series schottkey) were capable of running at much higher clock frequencies.

Therefore, the Philips Usfa senior hardware developer at the time managed to design an elegant time multiplexed (4 clock pulses per key stream bit) version of the algorithm, in order to keep the hardware real estate to a minimum.

Within Philips Usfa, the crypto logic was referred to as TED/Pert Logic and as KG-81 Logic.

 More about Philips BVO-T
 More about ZODIAC

BVO-M Trunk Encryption Device


CFB   Cipher Feedback
A block cipher mode that enhanced ECB mode by chaining together blocks of cipher text it produces, and operating on plaintext segments of variable length, less than or equal to the block length.
CTAK   Cipher Text Auto-Key
Cryptographic logic that uses previous cipher text to generate a key stream. (Depricated terminology, superceeded by CFB)
KAK   Key-auto-key
Cryptographic logic using a previous key to produce a key. (Depricated terminology, superceeded by OFB)
NATO   North Atlantic Treaty Organization
(Wikipedia) (Website)
NICSMA   NATO Integrated Communications Systems Management Agency
OFB   Output feedback
a block cipher mode that modifies ECB mode to operate on plaintext segments of variable length lesss than or equal to the block length.
TED   Trunk Encryption Device
American KG-81 cipher device for muliplexed digital data streams, used as a common standard between NATO countries.
  1. Anonymous source, The WALBURN cipher
    Notes from the former cryptographer of Philips Usfa.
    Interview at Crypto Museum. December 2012.

  2. Federation of American Scientists (FAS), WALBURN Family and KIV-19
    FAS website. 5 May 1998. Retrieved December 2012.

  3. Ralph Simpson, Photograph of KG-81 front panel
    Retrieved December 2012.

  4. NATO Support Agency, Cryptographic Equipment
    Retrieved December 2012.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Monday 25 March 2013. Last changed: Tuesday, 17 May 2022 - 07:15 CET.
Click for homepage