|
|
|
|
USSR Cipher Rotor
Meteorologic cipher machine
- wanted item
The M-130, codenamed KORALL (Russian: КОРАЛЛ) is an electromechanical
rotor-based cipher machine,
developed around 1965 at NIIA
(Russian: НИИА, now Avtomatika) in Moscow
(Russia). The device is a numbers-only machine, and was used in the countries
of the former USSR
and the Warsaw Pact for the distribution of encrypted
weather reports.
In East-Germany (DDR) it was known as Koralle.
In 2010 and 2011, Crypto Museum was able to investigate a surviving
M-130 machine in Austria.
This page is based on that research, complemented by
other sources [2][3].
|
The M-130 is built on the chassis of an existing teleprinter,
which was also used as the basis for the
CM-1 (Vasilek)
[4].
Although the original one had an alpha-numeric character set,
a modified version — with numbers only — is used here [2].
This was sufficient for encryption and decryption of
meteorologic data which is numeric by nature.
The image on the right shows a typical M-130 machine ready for use.
It came with a matching 24V PSU.
The keyboard contains a single row of keys with the numbers 1 thru 0,
plus the letter 'X', a minus-sign (-) and a carriage return key.
|
|
|
A space is automatically inserted after each fifth number
(the usual 5-number groups).
A nice side-effect of using a numbers-only cipher machine, is that it is
language-independant. If letters are converted to numbers first,
the machine can be used for any language in the world.
This is also why the contemporary M-125 (Fialka)
machine had a lever to switch between characters (30) or numbers (10).
The M-130 was also available in a non-crypto version
(i.e. as a bare teleprinter).
|
During the Cold War,
the Soviet Union (USSR)
and its Warsaw Pact allies
used a variety of cipher machines, including the
M-125 (Fialka). The use of these devices for direct
communication between the Warsaw Pact states however, was strickly
forbidden. Each country had its own set of wheels (each wired differently)
and the machines were often adapted to the local language.
In case of war, the Warsaw Pact states would need to have quick access
to accurate weather reports. For this they did not want to depend on existing
(NATO) sources, as these were likely to be unavailable to them.
As a solution, a Warsaw Pact-wide network of Meteorologic Services
was created. They had the task to independantly collect all necessary
meteorologic data from a variety of sources and create a reliable
weather prediction from that.
Furthermore, they had to develop ways to circumvent possible (radio)
interference by the enemy.
|
Once complete, the weather report would be shared between the contributing
states.
As it was likely that the meteorologic data was further distributed
within each country via other cipher systems –
for example with the M-125 Fialka) –
it was necessary to encrypt the weather report, or else
it could be exploited by an evesdropper as a
crib (a piece of known plaintext).
This was done with the M-130 (KORALL), shown here with the front lid open.
In order to improve the cryptographic strength, separate pin-wheels were used
to control the irregular stepping.
|
|
|
In the former DDR (East-Germany), this service was known as the
Meteorologischer Dienst (MD) der Luftstreitkräfte/Luchtverteidigung
(LSK/LV), abbreviated to MD der LSK/LV [3].
They used the M-130 to share the weather report with
the Main Command Post (Hauptgevechtsstand, HGS) and the Air Defence
Departments of the other Warsaw Pact countries.
As there was another cipher machine that was also called Koralle,
the M-130 was sometimes nicknamed the Wetterkoralle.
The first DDR cipher operators were trained on the M-130 in Moscow in 1966 [3].
The image above shows the meteorologic bunker of the East-German command
post HGS-14, as it was in 1980.
The M-130 cipher machine was located in the so-called K-room ('K' for
KORALL or KRIPTO),
a small room behind the office of the Weather Information Service of Duty
(DWIZ).
Besides the operational M-130, the room also contained a spare
M-130 unit. The key-sheets were also stored in this room.
A cipher operator with sufficient security clearance could only
enter this room after collecting the key from the DWIZ.
A more detailed descripton (in German) can be found on the internet site
of the former Zentrale Flugwetterwarte (ZFWW) [3].
|
The M-130 can be used in three different modes: coding, decoding and
plain text. The desired mode of operation is selected by means of a
large rotary knob
at the right front of the machine, known as the
MODE-selector. The three settings are marked with the Russian letters
О, З
and Р.
|
Label
|
Russian
|
Phonetic
|
English
|
|
О
|
Открытый Текст
|
Otkrytyj Tekst
|
Plain text
|
З
|
ЗашифроватЬ
|
Zashifrovat
|
Cipher
|
Р
|
РасшифровыватЬ
|
Rasshifrovyvat'
|
Decipher
|
|
The M-130 is build on the chassis of an existing Russian teletype machine,
that was modified for the transmission of numbers only. The keyboard at the
front only contains the numbers 0 to 9, the letter 'X', a minus-sign (-) and
the carriage return key (CR).
|
The image on the right shows a typical M-130 cipher machine with its
top lid removed. At the front of the unit, right behind the keyboard,
is the actual cipher unit, which is explained further below.
The remaining part is the bare teletype unit,
which acts as a host to the cipher unit.
The teletype unit is a marvel of mechanical engineering. As it was developed
in the same era as the M-125 (Fialka),
it shares some of its characteristics. The entire unit is driven by a 22V motor mounted
at the rear right, in combination with a complex system
of cog-wheels and axles.
|
|
|
The encrypted or decrypted text is printed on a paper roll by means of a
set of 12 hammers, much like a typewriter.
The hammers are controlled by a set of solenoids
at the rear of the machine. When a solenoid is activated, the corresponding
hammer is released.
At the rear left is a built-in paper puncher
that allows the encrypted output to be stored on a punched paper strip.
The paper for the puncher is taken from a drawer
at the right. A knob at the right
is used to select the output device: printer (К),
puncher (П) or both (ПК).
Note that the puncher can only be used in encryption or plaintext mode.
It is disabled in decryption mode.
At the front left is a paper tape reader,
which can only be used in decryption and plaintext mode.
|
The actual crypto unit is located in the front part of the basic teletype machine.
It takes the form of a complete pre-assembled unit, built on a heavy aluminium
base plate, which is mounted in an empty space at the front.
It can be removed by releasing four bolts at the corners of the unit.
|
The image on the right shows the bare crypto unit once it is removed from the
machine. It connects with the teletype machine by means of a
contact block at the rear, which mates with a
set of 42 spring-loaded contacts
in the base of the teletype unit.
At the heart of the crypto unit are five electrical cipher wheels, each with 30
contacts at either side. They are described in greater detail below.
Four additional mechanical pin-wheels control the irregular stepping of the
cipher wheels. They are also explained in more detail below.
|
|
|
When the unit is running, the middle wheel (3) always makes a single step on every
key-press. It always moves upwards (i.e. the numbers move up when viewed from
the front). The outer two wheels (1 and 5) also move up, but their stepping may be
inhibited by the presence of a pin on one of the stepping wheels.
The remaining two wheels (2 and 4) move down on a key-press. Their stepping may
also be inhibited by the presence of a pin on the matching stepping wheel.
The cipher wheels are connected to the electric circuit of the cipher unit, by means
of a static entry disc at either side.
At the far left of the crypto unit are two patch panels, with 10 wires each.
A counter,
mounted on top of the unit, is used for counting the number of characters
entered on the keyboard. It can be reset by operating a lever at its right side.
The cipher wheels
can be removed
by releasing both static discs and pushing them sideways (outwards).
|
Although the construction of the crypto unit might look similar to that of
the German Enigma machine of WWII,
or the contemporary M-125 (Fialka), its operation is
quite different. Both Enigma and Fialka have an entry wheel at one end, and a
reflector at the other end. The M-130 however, does not have a reflector.
Instead, a character comes in at one end and leaves the crypto unit at the other end.
The double patch panel (at the left) can be used to alter the order of the
lines to both static discs (ED1, ED2). The simplified block diagram
of the M-130 is as follows:
The 10 lines from the keyboard (0-9) are first scrambled by the the leftmost
patch panel (plug board) and then fed to the leftmost entry disc (ED1).
The current then passes the 5 cipher wheels, until it hits the rightmost
entry disc (ED2).
As each wheel has 30 contacts (rather than just 10), 20 contacts are looped
back (much like a reflector). This principle is known as re-entry
or re-injection. Eventually, after one or more passes, the current
leaves the rightmost static disc (ED2), passes the second patch panel (PB2) and
activates the printer and/or the tape puncher.
In order to allow the same rotor-settings to be used for decryption, the entire
unit can be reversed (electrically), by operating the large
MODE-selector at the right front of the machine.
This switch has three settings: encrypt (З), plaintext (О)
and decrypt (Р). In plaintext mode (О), The input is connected
directly to the output. In encryption mode (З), the system works as
described above. In decryption mode (Р), the input and output wires are
swapped.
➤ Download the complete circuit diagram
|
In order to add extra complexity to the system, a double patch panel is present.
This works much like the plug board (Steckerbrett) of
an Enigma machine.
However, unlike the enigma, where the wires were swapped in pairs,
the M-103 is single-ended and allows any cross-connection.
This increases the number of permutations
and avoids the self-reciprocity of the Enigma Steckerbrett.
|
In addition, the M-103 has in two plug boards instead of one,
which allows the entry and exit
wires to be swapped independently. This adds another layer of complexity,
and increases the cryptographic strength of the cipher.
The image on the right shows the double patch panel, which is mounted to the
left of the cipher unit.
It is wired to the rest of the unit at the bottom.
A white line divides the patch panel in two.
The left half controls the wiring to the
leftmost static disc (ED1), whilst the right half is connected to the rightmost static disc (ED2).
|
|
|
The patch panel is configured by 20 short blue patch cables,
each with a plug at either end. All 10 cables must be present on each half of the patch
panel, and the cable may not be connected between the two halves.
Configuring the patch panel was part of setting the cryptographic key.
|
The M-130 has five cipher wheels, each with 30 contacts at either side.
The 30 flat-faced contacts at the left side are wired in a randomized manner
to the 30 spring-loaded contacts at the right. The reason why each wheel has
30 contacts rather than just 10, is that the same wheels were also used with
other Russian cipher machines of the era, like the CM-1 Vasilek
[4].
|
As we only need 10 contacts (for the numbers 0-9), the remaining contacts of both
static discs are wired as a reflector, much like the UKW, or Umkehrwalze,
of an Enigma machine.
As a result, the electric current may be reflected several times until it finally
leaves the static disc at the other end (see the block diagram above).
The image on the right shows the five cipher wheels after removing them from the
crypto unit. Wheels 1, 2 and 3 are still on the shaft, with wheels 4 and 5 in front
of them. Wheel number 5 is showing its flat-faced contacts.
|
|
|
A coding disc can be at any position on the shaft,
allowing a total of 120 different wheel orders.
Just like the starting position of each wheel, this was part of the
daily key settings (see below). As an extra encryption layer, it was also
possible to rewire the cipher wheels in the field.
|
Two pin-wheels are mounted at either side of the coding discs.
They all have a different number of steps and their pins are at
different positions. As the mechanical parts of the crypto module
have been carefully aligned, each pin-wheel can only be used in
one position. The order of the wheels should be: 1 and 2 on the left,
3 and 4 on the right. Pin-wheel 1 looks like this:
Note that the black numbering at the circumference of the wheel is
different from the red numbering on the disc at the right.
A sharp cut-out in the circumfere is used when setting the wheels
to their neutral position (00). A notch on the zeroize axle will
catch this cut-out when the reset lever is engaged (see below).
|
ID
|
Steps
|
Notches
|
Notch positions *
|
|
1
|
37
|
14
|
02 04 05 08 11 15 16 21 23 24 28 32 33 36
|
2
|
31
|
11
|
01 04 07 08 11 15 18 19 22 24 28
|
3
|
43
|
14
|
03 07 10 11 12 15 24 28 30 33 37 38 39 42
|
4
|
41
|
16
|
01 03 07 09 12 13 14 16 18 19 21 25 29 33 35 38
|
|
*) The notch positions are referenced by the numbers on the circumfere
of the wheel. This information is likely to change in the future as
and when our recorded data has been processed.
|
Unlike the German Enigma machine,
the M-130 features irregular wheel stepping,
very similar to the M-125 (Fialka).
If we number the wheels from left to right (1-5), the middle wheel (3) always
makes a single step upwards on each key-press. The outer two wheels (1 and 5)
also move up, but the remaining wheels (2 and 4) move down.
Irregular stepping is controlled by 2 pin-wheels at either side of the
coding discs. This is illustrated by the drawing below:
Stepping of cipher wheel 1 is controlled by pin-wheel 2.
Stepping of cipher wheel 2 is controlled by pin-wheel 1, as indicated by
the red arrows at the bottom. At the right hand side, pin-wheel 3 controls
the stepping of code wheel 5, whilst pin-wheel 4 controls the stepping
of code wheel 4.
The pin-wheels are sensed by a small lever below the wheel.
|
The image on the right shows a close-up of the leftmost pin-wheels (1 and 2).
They can be removed by unlocking its axle with a pin at the left. Although the
order of the pin-wheels was never changed, the position of the pins could be
changed by a service technician.
Each pin-wheel has a different number of steps in order to maximize the total
period of the machine (i.e. the number of steps before the sequence is repeated).
The number of steps on each pin-wheel is always a relative prime to the 30
contacts on each cipher wheel.
|
|
|
The four pin-wheels always make a single step on each key-press and they
always move up (when viewed from the font).
Whenever a pin is present at a certain position on the wheel, the sensing lever
at the bottom of the wheel is pushed down.
This in turn pushes down a metal arm that disables the wheel
stepping of the mating code wheel.
Movement of all wheels is controlled by a single axle mounted to the rear
of the wheels. The timing of the machine is controlled by the position
of a series of cams on that axle, much like the camshaft of a car engine.
The illustration above shows the stepping mechanism viewed from the top of the
machine, after removing all wheels. The camshaft (C) is towards the top of the drawing.
The position of the cams also controls the stepping direction of each wheel.
It is clearly visible in the drawing above that the position of the stepping arms
of code wheels 2 and 4 is different from the rest.
The pin-wheels can be reset to their neutral position (00) by pusing a lever (R)
to the rear and using the crank (inserted at the right of the machine) until all
four wheels have stopped. This process is called zeroizing.
Pressing (R) in fact rotates the zeroize axle (Z) by several degrees.
As a result, four notches on this axle (N) will move forward and catch a cut-out
in the circumfere of the pin-wheels (see above).
The crank should be operated until all pin-wheels are at 00.
|
|
Setting the cryptographic key
|
|
|
Setting the cryptographic key was done in several stages, based on the so-called
key sheets. These were perforated paper blocks with the key settings for several
weeks in advance. Three different types of keys were marked:
|
- Patch key
- Weekly key
- Daily key
|
The patch key (1) defined the wiring of both patch panels
to the left of the crypto unit. It is currently unknown how often the patch key was
changed. The Germans called it the Decade Key, but this only refers to the number
of wires on each patch panel (10).
|
The weekly key consisted of rewiring each of the five cipher wheels. For that,
each wheel had to be opened and the internal wiring pins had to be reconfigured
carefully. This was a difficult task with many chances for making mistakes.
Inside a cipher wheel, each wire is soldered
directly to the wheel at one end, whilst the other end has a numbered pin.
This pin can be inserted in one of the numbered holes inside the wheel.
The image on the right shows the interior of a cipher wheel, with pins 01 and 25
clearly visible. More detailed images below.
|
|
|
Once all cipher wheels were rewired, the wheels were closed and were mounted on
the shaft in a prescribed order. It is currently unknown whether the wheel order
was part of the weekly key or whether it was changed daily.
Changing it only once a week, would reduce crypto security.
Before going live with freshly rewired wheels, the operator first had to check
whether the wiring was correct. This was done by encrypting two simple five-letter
groups (12345 67890) on the main machine and decrypting it on the spare one.
If the output matched, the wiring was assumed to be correct. If it failed, all five
wheels had to be disassembled again [3].
The daily key consisted of setting the start positions of the five cipher wheels.
The numbers on the key-sheet, e.g. 28 22 10 26 07 had to be aligned with a
metal ruler in front of the wheels.
It is currently unknown whether the pin-wheels at the sides were given a unique
starting position as well, or whether they were always restarted at 00.
|
Summarising, the following cryptographic variables can be set:
|
- Patch panels
- Wheel wiring
- Wheel order
- Start position of the cipher wheels
- Start position of the pin-wheels
|
The M-130 was also available as a non-crypto version, which was in fact the
simple teleprinter machine it was based on. The exact module number of this
teleprinter is currently unknown, because it is not engraved on the type plate
of the surviving machines we have seen so far.
|
The non-crypto version was used for local weather reports (that did not
require encryption) and, more importantly, to relay pre-encrypted weather
reports over long distances, where the intermediate operator(s) did not need
to know the contents or the nature of the message.
In the non-crypto version, the crypto-unit was replaced by a 'dummy' unit,
consisting of a metal plate with a connector. The contacts of the connector
were wired in such a way that the input to the crypto-unit was connected
directly to the output (simulating plaintext mode).
|
|
|
A non-crypto version could easily be converted into a full M-130, simply by
mounting a suitable crypto-unit instead of the dummy plate. The crypto-unit
would connect directly to the forementioned connector, and all data
was automatically re-routed through the crypto-unit.
The diagram above shows how relaying via simple non-crypto M-130 machines
might have worked for long-distance transmissions. At the left is the originator
of the report. The message (P) is encrypted with the daily key and then sent
(C) to the first station. As this station has a non-crypto version of the M-130
(called T-130 here), he can not decrypt it but simply passes it on (C)
to the next station and so on, until it finally reaches the M-130 at the
far end where it is decoded.
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Wednesday 03 August 2011. Last changed: Monday, 17 April 2023 - 12:22 CET.
|
|
|
|
|
| |