Spy sets
Burst encoders
Logo (click for homepage)
Spendex 50 (UA-8246)
Digital Wide-band Secure Terminal - Wanted item

Spendex-50 is an advanced secure digital speech and data terminal, developed in the early 1980s by Philips Usfa in Eindhoven (Netherlands) for the Dutch Armed Forces as part the ZODIAC tactical digital integrated communications network. It is known by the Dutch Army as Digitaal Beveiligd Telefoontoestel (Digital Secure Phone) or DBT. It is also known by its Philips Usfa designator UA-8246 and as NSN 5805-17-055-9132. Approximately 750 units were built.
The phone is housed in a ruggedized military-grade die-cast aluminium case. All controls are at the top surface. It has a 16-button key-pad with a red LED-display directly above it. To the right of the display is a sealed red flap that hides the ZEROIZE button.

At the top-right are the two terminals for connection to a 2-wire telephone network. At the bottom right is the power input (24V). The image on the right shows a typical Spendex-50 unit, with the CIK present (rear) and the handset (left) locked in place with a rubber strap [1].
Spendex-50 courtesy of Mathieu Goudsmits [1]

Spendex-50 was a wide-band terminal, allowing speech and computer data to be sent securely at 16 kbits/sec. All speech data was digitised using Delta Modulation (CVSD), which was also used with the narrow-band Spendex-10 ten years earlier. It communicated with the outside world through a 2-wire Conditioned Biphase Signalling (CDS) line interface, consisting of an interwoven data and a signalling path. For signalling, it exchanged Cyclic Permutable Codewords (CPC) with the digital telephone exchange (switch) [2]. It uses the SAVILLE cryptographic algorithm.

For its time, Spendex-50 was a very advanced piece of equipment. Initially the Dutch Army had ordered 1500 units, but given their high price (approx. 20,000 Euro in 1983) the order was reduced to a mere 750 units. Spendex-50 entered service in 1987 and was decommissioned in the early 2000s when ZODIAC was replaced by TITAAN. It has since become a rare find.
Spendex-50 secure terminal Spendex-50 secure terminal Lifting the handset Handset of the Spendex-50 Volume settings The Crypto Ignition Key (CIK) installed on a Spendex-50 ZEROIZE button Spendex-50 without handset and CIK (close-up)

Key management
As Public Key Encryption (PKE) was not commonly accepted in the military world in the early 1980s, Spendex-50 used symmetric encryption, with a patented technology for storing and distributing the key pairs [7]. Each Spendex-50 unit was capable of communicating securely with every other Spendex-50 subscriber in the network. For each link, it used a unique set of keys (key pair) that had to be stored in the unit's own memory. If the key-set of one subscriber was compromised, the rest of the network would still be secure.
The problem of storing key-pairs in the unit's memory is two-fold: (1) at the time, large non-volatile memory systems were not generally available and (2) a large number of subscribers would quickly exhaust the available memory.

The first problem was solved by using a 1Mbit bubble memory [8] that had just become available from Intel. The image on the right shows the Memtech (later: Intel) 7110 bubble memory block inside the Spendex-50. Using bubble memory introduced a range of other problems however (see below)..
Bubble-memory (1Mb)

The second problem, storing a large number of key-pairs, was solved by implementing a clever key-distribution system, called Key-Cube key [5], that would greatly reduce the amount of memory needed for the key-pairs. This system was later patented by Philips [7].
Keys were loaded into the Spendex-50 with a NATO-standard key-fill device, such as the KYK-13. The key-loader was connected to the CRYPTO input towards the rear of the unit.

All keys were stored in the bubble memory in an encrypted form that was unique to the terminal, by using a Key Encryption Key (KEK) that was randomly generated by the terminal. The KEK was partly stored in the Crypto Ignition Key (CIK), and partly in a battery-backed CMOS memory inside the terminal. The KEK was recovered by adding the two key parts with an XOR operation.
The Crypto Ignition Key (CIK) installed on a Spendex-50

Once the keys were loaded, the CIK and the terminal were paired (and classified). Without that particular CIK the (loaded) terminal would be useless. Using the CIK on another (loaded) Spendex-50 was pointless, as the CIK only contains half the randomly-generated key of the Spendex-50 it was originally paired with. In case of any emergency, the user could remove the CIK in order to render the Spendex-50, and hence the stored keys, useless. Users were instructed to destroy the CIK in case of a compromise, but that was rather difficult, as it was extremely robust.
For that reason, the Spendex-50 also had a ZEROIZE button that was hidden under a clearly visible sealed red metal flap, marked with the crossed-out word CRYPTO. When security was compromised, the user would lift the flap and press the button in order to erase the key-half stored in the battery-backed CMOS memory.

In practice, keys were often lost, as operators sometimes accidentally pressed the ZEROIZE button. This is why a thin wire with a lead-seal was added to the red flap. The user then had to break the seal first before lifting the flap.
ZEROIZE button

It is unclear why the red flap carries the crossed-out word CRYPTO, rather than the more common expression ZEROIZE, but this was probably the way it was specified by the Dutch DoD. As the Spendex 50 used the GCHQ/NSA-developed SAVILLE cryptographic algorithm, each key has a length of 128 bits: 120 key-bits plus an 8-bit checksum.
Bubble-memory (1Mb) The Crypto Ignition Key (CIK) installed on a Spendex-50 ZEROIZE button Key-fill device Key-fill device with barcode pen Key-fill device Zeroizing the key-filler Key-fill device

Key loader
Philips Usfa even developed their own Key-fill device as an alternative to the American KYK-13. It was similar in appearance and size to the KYK-13, but had 30 key variable compartments, rather than just 6. The image below shows a prototype of the UP-2101 key filler.
At the bottom is a standard 9-pin RS-232 port that allowed crypto keys, that were printed on paper as barcodes, to be read using a barcode-reader. This made it possible to distribute crypto keys on paper using a PFDX secure fax.

It is unlikely that this key filler was ever produced in large quantities.

 More information
Key-fill device

Spendex-50 was developed as part of the ZODIAC tactical digital integrated communications network that was used by the Dutch Armed Forces between 1987 and the early 2000s. ZODIAC itself was developed by Philips subsidary Holland Signaal (HSA) in Hengelo (Netherlands), with Philips Telecommunicatie Industrie (PTI) and Philips Usfa as sub-contractors.

Initially, PTI would develop the main Spendex-50 unit (control unit, line interface, power supply, etc.) whilst Usfa would only produce the crypto-unit. However, after a series of problems and miscommunications, Philips Usfa took over the entire development of the unit.

For digitization of speech, the Department of Defense (DoD) had the choice between PCM and Delta Modulation. It was decided that Continuous Variable Slope Delta Modulation (CVSD) produced the best quality speech in noisy environments. Furthermore, it is more error-tolerant than PCM. The terminal was specified to withstand extreme conditions, such as thunder-strikes (EMP). This was particularly important as, at the hight of the Cold War, the enemy was suspected of being capable of producing EMP-blasts by causing a nuclear explosion high up in the air.
EMP-tests were conducted at the FEL-TNO lab in The Hague (Netherlands), where the unit had to survive a 1500 Amp. direct hit on its 2-wire line terminals. The surge-arresters used in the line-interface had done their job and after restarting, the Spendex-50 was still working.

Spendex-50 also had to be able to operate under military temperature conditions, such as extreme heat and extreme cold. All temperature tests were conducted by Philips Usfa themselves is a special climate room. The image on the right shows the Spendex-50 at -40° centigrade.
Spendex-50 undergoing a cold test at -40C

As the images of the cold-test were taken around 1983 with an analog camera under poor lighting conditions, their quality is somewhat substandard and blurry. They do show however, that after turning the unit on at -40°C, it was still working. And so it also passed this test.
All military equipment has to be water-proof to some extent. It must withstand rain and in some cases even has to be submersable. Spendex-50 was, of course, no exception to this rule.

Rain tests were usually carried out by Philips Usfa themselves at their premises in Eindhoven. Although hardly any photographic evidence of the work at Philips Usfa has survived, we were very pleased by the donation in 2011 of a series of slides by a former Spendex-developer [1]. The image on the right shows the Spendex-50 undergoing a rain-test in an improvised setup.
Spendex-50 water test

Rain tests were usually carried out in Usfa's own backyard, just like they did several years earlier during the development of the Ecolex-X cipher machine. More images of the spendex-50 rain-test below. Like the images of the cold-test, they were taken nearly 30 years ago with an analog camera. Nevertheless, their quality is remarkably good after all these years.
Spendex-50 undergoing a cold test at -40C Still working at -40C Still working at -40C Spendex-50 water test Spendex-50 water test Spendex-50 water test Spendex-50 water test

Spendex-50 is extremely well-built and complies with the most stringent military demands, probably even by today's standards. All electronics are housed in a beautifully crafted rugged aluminium die-cast case with several compartments at the rear and at the bottom.
Opening the unit at the rear, reveals 4 different compartments. At the bottom right is the power supply unit (PSU) that converts the incoming 24V to the various voltages needed by the circuitry. It is a highly efficient switched-mode PSU with very low self-dissipation.

The smallest compartment (bottom right in the image) is used for protection of the 2-wire interface against an EMP. The surge-arresters are clearly visible at the top. In case of an over-voltage, such as an EMP, the gas-filled arresters will conduct all energy to the ground.
Interior, rear compartment (close-up)

All other electronics are at the bottom of the unit. Removing the bottom plate, provides access to the line interface, the analog sound processing, the (digital) logic and the crypto-heart. All boards, except for the line interface, are inter-connected via a backplane at the bottom.
The image on the right shows an opened Spendex-50 unit, seen from the bottom rear. At the far end is the line interface that is built into a seperate compartment for safety reasons.

Mounted to the side of the line-interface compartment is the so-called tamper-switch. It ensures that the half of the Key Encryption Key (KEK) that is stored in battery-backed CMOS RAM is deleted when the case is opened.

The largest compartment has room for 10 PCBs, numbered 1 thru 10 from left to right.
Perspective view of the interior

In the first prototype, all 10 slots were used. During development however, Spendex-50 was improved and (partly) redesigned serveral times, which resulted in a reduced number of boards. This is the reason why boards 3 and 4 are missing from the final design.
Board number (1) is the Delta Modulator. It contains the audio amplifiers and two OQ-2229 Continously Variable Slope Delta Modulators (CVSD). They were manufactured by Philips for internal use only, hence the OQ-numbering.

The entire unit is controlled by an Intel 8085 processor running at 6 MHz. It is located on board number (8) together with 2 EPROMS of 32KB each and 4KB of RAM. Right behind the processor board was the Bubble Memory (9) which occupied a double slot. More about the Bubble Memory in the next section below.
Close-up of the Delta Modulators

The most interesting part of every cryptographic device is arguably the so-called Crypto-Heart. In the Spendex-50, the crypto-heart takes the form of a single PCB in slot number 5.
The image on the right shows a close-up of one of three OQ-4430 crypto-engines, designed by Philips Usfa. The same chip was used in the Spendex-40. According to the date stamp on the chip, it was manufactured mid-1989. At the time, these chips were classified as confidential.

The crypto-heart contains three more-or-less identical circuits, each consisting of an OQ-4430 and 2KB RAM. In a full duplex system, one crypto-unit was used for reception. The other two were used for transmission, raising an alarm if the outputs of these two were not identical.
Close-up of one of the crypto-chips

The OQ-4430 was a proprietary chip that contained Philips' implementation of the highly secure SAVILLE cryptographic alpgorithm that was developed in the late 1960s by GCHQ (UK) and the NSA (US). Philips was the first company outside of the US and the UK to be licensed to implement SAVILLE in their own hardware chip. Although the same algorithm is used in other crypto phones, such as the Spendex 40 and the STU-II, the Spendex 50 is not interoperable with them. It uses a CVSD vocoder, whereas the other phones have an LPC-10 vocoder.
Interior, rear compartment (close-up) PSU Line connection (protected against EMP) Interior (seen from the rear) Interior (bottom view) Perspective view of the interior Line interface compartment Tamper detection (switch)
Early prototype with all 10 boards fitted Delta Modulator board Close-up of the Delta Modulators Processor board Bubble memory and interface boards Crypto-heart extracted from the terminal Crypto-board Close-up of one of the crypto-chips

Bubble memory
As Spendex-50 used symmetric encryption, it needed to store key-pairs for every possible connection in the network. In a network of, say, 2000 subscribers, this would quickly exhaust the available memory. This was partly solved by using a clever scheme of key-distribution, which greatly reduced the memory needed for the key-pair tables (Key-Cube key) [5].
The major problem however, was the storage space needed for the keys, as large non-volatile memory systems were not commonly available at the time. This problem was solved by using the 1Mbit 7110 bubble memory that had just become available from Memtech (later: Intel).

As it was not possible to produce error-free bubble memory at the time, bad secors were marked on the label as a table of Hexadecimal numbers. The more Fs, the better the memory was. Bad sectors had to be avoided and were mapped-out in software.
Bubble-memory (1Mb)

As bubble-memories were not too reliable, Philips engineers had to build-in some level of redundancy in order to be able to 'repair' any failures in the field entirely in software. As the buying price for the Intel 7110 was several thousand Dutch Guilders (NLG) at the time, it added considerably to the overall cost of the Spendex-50, which is one of the reasons why the DoD halved the ordered quantity to 750 units.
Removing the bubble memory Bubble memory and interface boards Bubble memory and interface boards Bubble-memory board Close-up of the Intel bubble-memory controller Bubble-memory (1Mb) Bubble-memory (1Mb) Re-seating the bubble memory board

Although the Spendex-50 terminal could be used on its own, it was intended for the ZODIAC tactical network. After ZODIAC was phased out, a working HSA telephone exchange, complete with all cryptographic equipment and a series of Spendex-50 units (DBTs) was installed at the Royal Dutch Signals Museum.

 More about ZODIAC

DWBST 55 (UA-8328)
An adapted version of the Spendex 50 was available for NATO use. It was known as the DWBST 55 or UA-8238. DWBST stands for Digital Wide-Band Secure Terminal. In appearance it was identical to the version described above. It conformed to EUROCOM standards was a stand-alone tactical wide-band secure voice terminal designed for secure communication of speech and data (either digital or analogue). It could operate at 16 or 32 kbits/s [5].

The terminal enables a subscriber to set up end-to-end automatic connection for secure communication on a digital basis with another US-8328 (or compatible equipment) in the network. The terminal can also be used as an automatic telephone set for plain-language communication.

For the compression of speech (80-3400 kHz), is uses delta modulation at 16 or 32 kbit/s. Data can be transferred at 2400 baud (asynchronous). For secure crypto traffic it can hold up to 18 sets of common net keys which can be pre-loaded into any terminal. It can also be used for up to 2000 subscribers in a UA-8238 network, in which case the terminal stores KeyCube key-settings in its built-in bubble memory. According to [5], the DWBST 55 was in production in 1986, but it is doubtful weather any Spendex-50 units were ever sold under this name.
American look-alike
Approximately 10 years after the conception of the Spendex 50, the US Army and US Navy introduced a similar device, with nearly identical specifications: the KY-68 Digital Subscriber Voice Terminal (DSVT). The device is similar is size, weight, specification and operation.
The image on the right shows a typical KY-68 unit. Like the Philips Spendex 50 it uses CVSD modulation, biphase signaling and 8-bit cyclic permutable codewords (CPC). The main differences are the lack of a display and CIK.

The DSVT was introduced in 1992 and was gradually phased out in 2010, when it was replaced by the (incompatible) Secure Terminal Equipment (STE).

 More information
KY-68 Digital Secure Voice Terminal

Wanted item
Crypto Museum is still looking for one or more Spendex-50 (DBT) units for its own collection. If possible, we would like to be able to demonstrate a working Spendex-50 unit at some stage. We are also looking for additional information, such as user instructions and service manuals. If you have any information, please contact us.
  1. Mathieu Goudsmits, Spendex-50 developer at Philips Usfa
    Interview, Crypto Museum. July 2011.

  2. Fysisch en Elektronisch Laboratorium TNO,
    Definitie rapport taktisch LAN demonstratie (Dutch)

    Unclassified. June 1990, p. 28 - Het DBT interface.

  3. AJW van Daal & P van der Vlist, DELTACS - a versatile tactical communication system
    Philips Telecommunicatie Industrie BV (PTI), Hilversum (Netherlands), 1984.
    Reprint from Philips Telecommunication Review, Vol. 42, No. 2, pages 74-89.

  4. Royal Dutch Signals Museum
    Museum Verbindingsdienst.

  5. Jane's Military Communication 1986
    ISBN: 0-7106-0824-1. p. 446.

  6. CJA Jansen, Classical Key Management
    Proceedings of the Fifth Symposium on Information Theory in the Benelux,
    Aalten, The Netherlands, 24-25 May 1984, pp. 94-101.

  7. US Patent 4607137, Method of distributing and utilizing enciphering keys
    CJA Jansen, AJM vd Pas, P vd Vlist, F Hafkamp. US Philips Corporation.
    Filed 13 April 1984, issued 19 August 1986.

  8. Wikipedia, Bubble memory
    Retrieved May 2012.

Further information

Any links shown in red are currently unavailable. If you like this website, why not make a donation?
Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Saturday, 08 February 2014 - 21:28 CET
Click for homepage