|
Crypto Algorithm USA NSA KG-81 →
NSA Type 1 cryptographic algorithm
WALBURN is a cryptographic algorithm,
that is widely used by the US Army and by NATO,
in high-level data encryption devices. It was mainly
used in link encryption devices, such as the KG-81.
|
 |
|
WALBURN-based products on this website
|
|
|
IMPORTANT — The following notes present some global characteristics of the
WALBURN cipher.
It should be clear that no secret information is revealed.
Rather, information was used from old unclassified documents and
websites (most of which unfortunately are no longer available on the internet).
Notes from a former cryptographer
[1]
December 2012
The WALBURN cryptographic algorithm is a stream cipher algorithm, used
in cryptographic equipment of the USA and NATO countries.
Like the SAVILLE algorithm, WALBURN is an
NSA development and was most likely designed in the 1960s
or 1970s. The algorithm is used in the WALBURN family of high-speed
Key Generators, i.e. bulk data encryption devices with speeds
up to tens of megabits per second.
The KG-81 is the earliest known device of the WALBURN family.
It has a maximum data transfer speed of 20 Mbps,
which was extremely high at the time.
|
The crypto logic in the KG-81 was implemented in classified custom-designed
integrated circuits (ASICs).
Other WALBURN family members are the KG-94
the KG-95
and the KG-194.
The image on the right shows the front panel of the KG-81,
the first member of the WALBURN family [3].
Like SAVILLE, WALBURN is a bit-stream cipher and has two
modes-of-use: KAK (OFB) and CTAK (CFB).
Also, being a KAK (OFB) stream cipher, WALBURN has no driving function
that gives a minimum period guarantee of the key stream.
The internal structure of WALBURN is based on the use of the so-called
Hairpin Registers.
|
|
|
These registers comprise many one-bit registers
(flip-flops) interconnected in a complex non-linear way.
This complex structure lends itself hardly for software implementation,
but is ideally suited for implementation in hardware.
The use of the standard key loading devices on KG-81,
such as the KYK-13,
KOI-18 and
KYX-15, implies a key length of 120 bits plus an
8-bit parity. Please note that in the WALBURN cipher the eight parity
bits also play a cryptographic role.
|
|
Typical for the link ecryptors of the time, is the selector knob
with an activate button to its right.
The selector shows some function names, such as LOAD,
LOCAL UPDATE and CHNG VAR.
LOAD is used to load a key through the
KYK-13 interface, using the FILL connector at the front
panel.
|
LOCAL UPDATE is the name used for applying a deterministic
one-way function to the secret key, to obtain a new key.
This is done to protect plain text against compromise of the new key.
This LOCAL UPDATE function would typically use the crypto logic
in a different mode than used for encryption of data.
CHNG VAR stands for change variable, i.e. a change
of a secret key (called crypto variables in NSA language),
which would involve some inband signalling to the receiving equipment
at the other end of the link.
The image on the right shows the front panel of a
KG-194, a later member of the WALBURN family.
The wording around the function selector knob is slightly different
to the wording on the KG-81, but the meaning is identical.
|
|
|
|
HISPEED
was the codename of a NATO evaluation in the mid-1970s, for a
high-speed Trunk Encryption Device (TED).
Philips Usfa contributed to this project by developing
the so-called SATCOLEX crypto device;
an 8 Mb/s line encryptor for multiplexed voice and telex signals.
|
Development took from 1975 to 1977,
but in the end SATCOLEX
was withdrawn right before the actual evaluation,
in return for co-production (for the European market) of the
KG-81.
From 1982 onwards, Philips built complete KG-81
units for many years for the entire European market under NSA license.
Several modifications were made especially for NICSMA.
➤ More about Philips HISPEED
|
|
|
|
Philips Usfa implemented the WALBURN cryptographic
algorithm in the mid-1980s in its BVO-T, also known as UA-8245, a Trunk
Encryption Device (TED) that was designed by Philips as part of the
ZODIAC project of the Dutch Army.
The speed requirement for both the propretary BVO-M and the KG-81
compatible BVO-T was only 2 Mbps, although the electronic components
at the time (5400-series schottkey) were capable of running at
much higher clock frequencies.
|
Therefore, the Philips Usfa senior hardware developer at the time
managed to design an elegant time multiplexed (4 clock pulses per
key stream bit) version of the algorithm, in order to keep the
hardware real estate to a minimum.
Within Philips Usfa, the crypto logic was referred to as TED/Pert Logic
and as KG-81 Logic.
➤ More about Philips BVO-T
➤ More about ZODIAC
|
|
|
|
CFB
|
|
Cipher Feedback
A block cipher mode that enhanced ECB mode by chaining together
blocks of cipher text it produces, and operating on plaintext segments
of variable length, less than or equal to the block length.
|
|
CTAK
|
|
Cipher Text Auto-Key
Cryptographic logic that uses previous cipher text to generate a key stream.
(Depricated terminology, superceeded by CFB)
|
|
KAK
|
|
Key-auto-key
Cryptographic logic using a previous key to produce a key.
(Depricated terminology, superceeded by OFB)
|
|
NATO
|
|
North Atlantic Treaty Organization
(Wikipedia)
(Website)
|
|
NICSMA
|
|
NATO Integrated Communications Systems Management Agency
|
|
OFB
|
|
Output feedback
a block cipher mode that modifies ECB mode to operate on
plaintext segments of variable length lesss than or equal to the
block length.
|
|
TED
|
|
Trunk Encryption Device
American KG-81 cipher device for muliplexed digital data streams, used as a
common standard between NATO countries.
|
|
![Font view of the KG-81. Photograph by Ralph Simpson [3].](img/kg81_large.jpg)
![Front view of the KG-194. Photograph: NSPA [4].](img/kg194_large.jpg)
