|
|
|
|
|
|
US rotor-based cipher machine
KL-7 was an electro-mechanical rotor-based off-line cipher machine,
developed by the National Security Agency (NSA) in the US.
It was introduced in 1952 and served for many years as the main cipher
machine of the US and NATO.
It is relatively light-weight (9.3 kg) and is basically a more advanced
version of the German Enigma machine.
It was a replacement for SIGABA (ECM Mk-II)
and in some countries, such as the UK and Canada,
also for the British Typex
and CCM machines.
|
The initial name for the machine was AFSAM-7,
but changed to TSEC/KL-7 in the early 1960s.
It is also known by key-procedure codenames ADONIS (high-level)
and POLLUX (low-level).
KL-7 was withdrawn from service in 1983.
Unlike Enigma, the KL-7 has eight rotors, seven of which are moved in a complex
irregular stepping pattern.
The machines came in several variations and were used by the US Army,
Navy and NATO for many years.
They were also used for communication by Foreign Affairs.
Unfortunately, KL-7 is still a classified item and only few of them have
survived. Most machines that are on public display today,
have been 'sanitized', and all wiring has been removed.
|
|
|
Despite the secrecy surrounding the KL-7 and its history, the mystery is
gradually being unravelled as the NSA releases more and more
historical documents and researchers manage to uncover the technical
details of the machine.
As a result, a very realistic computer simulation (for Windows)
of the KL-7 has been created in 2011 by crypto-historian Dirk Rijmenants
in Belgium, and in 2013 a JAVA-based KL-7 simulator by MIT (US),
both of which can be downloaded below.
|
The KL-7 was introduced in the 1950s and remained in service well into
the 1970s, when it was gradually phased out.
In some countries, KL-7 machines were kept for special purposes
and as backups for many years, until they finally were
officially withdrawn from service in 1983.
The last (unclassified) message was sent on 30 June 1983 by the Canadian Navy.
KL-7 was replaced by a range of electronic machines,
such as the KW-26,
the KW-37, the
KL-51 (RACE) and
Aroflex.
|
A complete KL-7 machine consists of the following basic components:
|
- KLB-7
This is the base unit that contains the motor, the generator and
the electronics (valves or vacuum tubes).
- KLK-7
The eight rotors of the KL-7 are mounted together on a spindle
inside a drum or rotor basket. The basket can be removed
from the machine by releasing two levers; one at either side of the basket.
- KLA-7
The complex stepping unit, that senses the notches on the 7 movable
rotors and controls the stepping motion of the other rotors.
- KLX-7 (option)
Expansion unit, developed by the German Army (Bundeswehr),
to allow two KL-7 units to run in parallel, in order to detect errors.
|
KL-7 was an electro-mechanical rotor-based cipher machine driven by
electronic circuits with valves (vacuum tubes). The machine is powered
by an external 24V DC source, such as a PSU or the battery of, say, a truck.
Timing of the machine is provided by a complex mechanical unit
with several rotating parts coupled by a common axle.
The block diagram below shows how this is done.
The main 24V motor runs at 6600 RPM. It drives the mechanical
parts as well a an AC generator that provides the 400V to drive the valves.
|
Pressing a key on the keyboard, grounds one of 26 lines
that is routed via the mode-switch,
through the coding wheels,
to one of the 26 coils of the pulse generator.
The pulses from the pulse generator are used to drive the printer.
As all rotating parts (DC motor, AC generator, pulse generator, printer
and stepping unit) are coupled, timing is guaranteed.
|
The KLB-7 is the actual chassis on which the machine is built, including
the electronic circuits and the (mechanical) gearbox.
The latter consists of the motor, the timing unit, the printer etc.
Note that the KLB-7 is not (and never was) a classified item.
Apparently, the electro-mechanical base unit was not considered to reveal
any cryptographic secrets.
|
The rotors of the KL-7 resemble those of the famous German
Enigma machine. Each rotor has a series of flat-faced
contacts on the right side, and the same number of spring-loaded contacts on the
left. It also has an adjustable index ring with the letters of the alphabet on
it, and an inner core which connects the contacts on one side with the contacts
on the other side.
There are however, some significant differences.
First of all, a KL-7 rotor has 36 contacts, whereas an Enigma wheel has 26
contacts. Of the 36 contacts, 26 are used for the encryption of the 26 letters
of the alphabet. The remaining 10 contacts are looped back to the
input (see below). This results in a re-encipherment of part of the text.
Each wheel has an index ring with 36 positions, each separated by a narrow gap.
Only 26 positions are identified with one of the letters of the alphabet.
The rest is empty. When unfolded, the index ring looks like this:
Another important difference, is the omission of the reflector (Umkehrwalze).
In encoding mode, one side of the rotor basket is the input and the other side
is the output. In decoding mode, all contacts are swapped, so that the output
becomes input and vice versa. This has the advantage that, unlike on Enigma,
a letter can become itself on a KL-7. Swapping all contacts however, does
involve a rather complex multi-contact switch, which is integrated with the
KL-7 keyboard.
The Drum or Rotor Basket of the KL-7 consists of a metal cage with
8 wheels on a spindle (KLK-7). The forth wheel from the left is fixed in position.
It never rotates and hence does not have a window to show its setting.
This wheel is sometimes referred to as the NSA rotor.
For each of the other 7 wheels, a window is present in the cage. Through
this window, three successive letters of the wheel are visible. The topmost
letter visible through the window, represents the current setting. This
position is indicated by a white line from left to right.
Each KL-7 machine was supplied with 12 rotors, marked A-L, in a metal box.
The L-rotor was the so-called stationary NSA wheel, that was used in position
4. Of the remaining 11 rotors (A-K), 7 would be placed in the rotor basket
on a given day, in a particular order, as per cipher instructions (codebook).
The user would remove the rotor basket from the machine by releasing two
levers; one at either side of the basket. Once removed, the rightmost end-plate
of the basket can be removed by releasing a pawl that locks it on the spindle.
After removing the rightmost end-plate, the rotors can be taken from the
spindle. The spindle itself stays in the basket at it is fixed to the leftmost
end-plate, that in turn is fixed to the cylindrical basket (see image above).
|
Each KL-7 wheel contains 36 wires which connect the flat-faced contacts from
one side with the spring-loaded contacts at the other side, in a seemingly
'random' fashion. The wiring of the KL-7 rotors has always been kept secret,
but whether or not this makes sense, remains to be seen.
According to security instructions, it was forbidden to trace the wheel wiring
of the KL-7. Even technical repair personnel was not allowed to trace each
individual contact for a faulty connection. They were only allowed to place
the spring-loaded contacts on a metal surface and test each flat-faced contact
for continuity only. This way, the wiring would not be revealed.
Faulty rotors had to be sent in for repair.
If you would happen to find a KL-7 now and trace the rotor wiring, it wouldn't
be of much use, as the rotor wiring was different for many of its users.
Furthermore, the wiring was changed frequently for safety reasons.
Nevertheless, the Russians managed to read a significant part of the US Navy
Submarine Command KL-7 traffic for many years (see below).
|
At the heart of the KL-7 is a very compact, yet complex, mechanical unit.
It consists of a DC motor, and AC high-voltage generator, a printer,
a pulse generator and a timing unit. All components are driven by the DC
motor, either directly, or through a 3:1 cog-wheel reduction.
The motor and the generator are mounted on the same axle, rotating at 6600
RPM (rotations per minute). Through a 3:1 reduction, the pulse generator
and printer are driven, making them rotate at 2200 RPM. Using a further
cog-wheel reduction, the Timing Unit is driven.
Unlike the other components, the Timing Unit does not rotate continuously.
Instead, a cluch, driven by the electronics, is used to couple it to the
main axle, after which it will complete one full revolution. Whilst doing
this, a set of 4 cam-controlled switches provide the timing signals for
the electronics. The Timing Unit also drives the KLA-7 Stepping Unit
(and hence the rotors), and the paper feed.
On each revolution, the rotors can be advanced by one position.
|
The complex unit is housed in the left half of the KL-7,
as shown in the image on the right.
The motor is at the rear of the unit (at the right in the image).
Imediately before the motor is the generator (sometimes called invertor),
with two large bolts at the top.
The printer is the the other end of the unit (left in the picture).
The black cap protects the print head and the ink ribbon against dust.
|
|
|
|
The rotors are held in position by a locking lever (1).
This is a spring-loaded arm that reaches under the wheel from the rear.
At the end of the arm is a small sharp notch, that locks into a narrow rig
(gap) between the index letters on the circumfere of the wheel.
Further towards the front, at the bottom of the rotor basket,
is the transport notch (2).
These notches are driven by the main gear and lock into the same
gaps on the index ring. They move forward to rotate the wheel to the next
position.
On each key-press a rotor can only make a single step.
|
Whether or not a rotor moves when a key is pressed, depends on the presence
or absense of a notch on the stepping ring of one of the other rotors.
The stepping ring
of each rotor is sensed by a switch (3) towards the front of
the basket.
Please note that the switches sense the stepping ring 10 positions further
on the circumfere of the rotor. In other words: when the rotor is at
A (visible in the window at the white line), the notch of position
H is sensed.
The switch in turn activates a solenoid (L1 thru L7) that allows the rotor
to be moved by the main gear.
|
|
|
When setting they daily key, the starting position of the rotors can be
changed manually by pressing the keys (4) whilst in plain-text mode
(P). When the key is pressed briefly, the rotor advances a single step.
Holding the key down, makes the rotor step continuously.
|
|
|
|
|
|
|
Rotor movement control is complex, but is fixed by the internal wiring.
Although details about the rotor stepping mechanism have never been published,
it is possible to deduce the wiring of the switches, simply from observing
rotor movement. Two European researchers who wish to remain anonymous,
recently sent us a table with rotor movements as they have observed them.
From this table, we have been able to reconstruct a possible wiring of the
switches, which is given in the diagram below.
| |
|
KLA-7/TSEC Circuit Diagram
|
Please note that the sensing switches at the top are in the proper order
(1 thru 7), but that the order of the manual stepping switches and the
solenoids is mixed. This is done to make the circuit diagram less cluttered.
At present, we are uncertain whether this circuit diagram is correct or not,
as we have not been able to compare it with a working machine.
Update February 2011:
Dirk Rijmenants' KL-7 Simulator has now been
updated to include the above stepping mechanism.
Download the latest version below.
|
The keyboard of the KL-7 is part of the KLB-7 base unit.
It consists of 29 green keys and a black space bar.
It has the standard QWERTY layout divided over three rows.
The numbers are shared with the top row.
At the bottom right are 3 special keys marked LET, FIG
and RPT.
|
Each key is in fact an electric switch, consisting of a contact and a spring,
mounted below the key. Whenever a key is pressed, the contact is grounded
(i.e. connected to the 0V rail), allowing the pulse-generator
to issue a pulse.
The keyboard interior is visible in the images below.
When entering numbers, the user first needs to press the FIG-key (figures).
This acts like some kind of shift-key. As long as the machine is in
numbers-shift mode, a large neon lamp behind the keyboard is lit.
When reverting to letters, the LET-key has to be pressed first.
|
|
|
|
A coded KL-7 message consists only of the 26 letters of the Latin alphabet.
In order to allow the source text to contain letters, numbers and spaces,
special tricks have to be used.
This is done by surendering a couple of letters and using them for SPACE,
Letter-shift (LET) and Figures-shift (FIG). The surendered letters are then
no longer available and must be replaced by another one.
|
Furthermore, the operation has to be reversed when switching from encoding
to decoding. All this is done with the MODE-switch that is hidden under the
keyboard. The MODE-switch consists of a large pertinax board with contacts
at either side, much like a PCB (but thicker).
It is controlled with a simple knob to the left of the keyboard. The image
on the right shows the MODE-switch being operated. It has 4 settings:
Off (O), paintext (P), encoding (E) and decoding (D). In the picture, it is
set to encoding (E). The MODE-switch also acts as the power switch.
|
|
|
The MODE-switch is in fact a big slide-switch. By rotating the knob,
the large brown pertinax board is moved from right to left. It has
4 different positions. When pressing a key, a spring-loaded contact is
pushed down onto one of the oval contact on the top side of the board.
The oval contacts on the top side are connected to a different set of
contacts at the bottom. The contacts at the bottom, are in turn connected
with a set of fixed spring-loaded contacts in the base unit.
|
|
|
|
|
|
|
The timing for the printer is delivered by a pulse generator that is coupled
to all other rotating parts by the main gear. The pulse generator consists
of 36 coils divided over two rings, with a rotating magnet at the center.
26 coils are used for the 26 letters of the alphabet. The remaining 10 coils
are for the numbers. They are each connected in series with one of the letters,
but are mounted on the ring at a slightly different angle. This causes a short
delay when in numbers-mode (FIG), just enough to select the next character
on the printing wheel.
|
The KL-7 has a built-in printer with a continuously rotating print head.
The output is printed on a narrow paper strip, similar to
the American M-209
and the Russian Fialka.
The printer is part of the main gear assembly on the left.
The paper roll is located to the right of the printer.
|
The letters and numbers are all located on the circumfere of the print head.
When a letter is to be printed (i.e. when the pulse generator issues a pulse),
the paper tape is advanced by one position and the print hammer is released.
This causes a character to be printed on the paper tape. Timing is guaranteed,
as the pulse generator and the print head are driven by the same axle.
Hidden under the black cap, is a small ink ribbon, that travels in between
the print head and the paper tape. The hammer pushes the paper against the
ribbon.
|
|
|
The design of the printer is nearly identical to the printer of the
SIGABA, the war-time predecessor of the KL-7.
Like the KL-7 it featured a rotating print head with two ink ribbon
reels in more or less the same arrangement. The paper strip also went
under the print head.
|
In operation, the KL-7 was not one of the most reliable machines.
It fact, it was known for its many contact problems, some of which
were, no doubt, related to bad or improper maintenance. Many former
users recall their struggles with the KL-7 in order to properly
(de)code a message.
The German Bundeswehr even developed an assembly known as the KLX-7,
that allowed two machines to be used in tandem (i.e. in parallel)
so that errors could be detected.
|
The only items that are classified are the rotor basket with the rotors
(KLK-7/TSEC), the stepping mechanism (KLA-7/TSEC) and the circuit diagram.
All other parts are unclassified. Given the age of the KL-7
and the fact that more and more of the operating principe is being discovered
by researchers, it is assumed that the machine will be declassified before long.
The NSA recently released a document that describes the history of the
development of the KL-7 [3].
Some of the protographs on this page were taken at the
Royal Dutch Signals Museum in 2009 shortly before the museum was
closed.
As becomes clear from these pictures, that machine is in beautiful
condition. Unfortunately, however, the machine has been 'sanitized'
and the rotors are empty. The full wiring is missing from the rotors
and even the spring-loaded contacts have been removed.
In April 2011, the NSA released the KL-7 Operating Instructions for
both Pollux and Adonis, which were rediscovered in 2013 and are now
available for download from the references section below
[8][9][10].
This new information has led to an update of the
KL-7 simulators.
|
During its lifetime, KL-7 was compromised several times.
It is believed that the Russians were able to read (break) messages
encrypted with a number of high-level US cipher machines, including
the KW-7,
the KL-7
and the KL-47.
The latter is a variant of the KL-7, used by the US Navy's Command
Center for Atlantic submarine forces [5]. It is slightly bigger
than the KL-7 and features a paper tape reader, a tape puncher and
a different (teletype) keyboard.
|
The most famous story of cipher compromise is that of John Anthony
Walker, born 1937, who worked for the US Navy and successfully spied for the
Russians for nearly 17 years [4].
Walker joined the US Navy in 1955 and started spying for the Soviets in
December 1967, when he had financial difficulties [6].
From that moment, until his retirement from the navy in 1983,
he supplied the Russians with the key lists and other critical cipher
material of the KL-47, the KW-7 and other cipher machines.
For his information he received several thousand dollars from the Soviets
each month. In 1969 he began searching for assistance and befriended
Jerry Whitworth, a student who would become a Navy Senior Petty Officer.
In 1973, he was able to enlist Whitworth in his spy-ring.
In 1976, Walker left the Navy to become a Private Investigator (PI), but kept
spying for the Russians. By 1984, he had recruted his older brother Arthur
and his son Michael, who kept the endless flow of classified documents going.
|
|
|
He also tried to recruit his youngest daughter who had started to work
for the US Army, but this attempt failed when she became pregnant and
abandoned her military career.
Earlier, around 1976, Walker and his wife Barbara divorced.
When he refused to pay alimony in 1985, Barbara tipped-off the FBI,
which eventually led to Walker's arrest.
After his arrest, Walker cooperated with the authorities
and pleaded guilty, in order to lower the sentence of his son Michael.
|
The information passed by John Walker and his spy ring,
allowed the Russians to build an analog of the KL-7
and to find ways to mount a cryptanalytical attack on the machine [5].
This allowed the Russians to decrypt at least one million sensitive
classified (TOP SECRET) messages [7].
|
The Russians even supplied him with a small device, called a rotor reader,
that allowed him to easily trace the internal wiring of each rotor [2].
The image on the right shows the device, as it was confiscated by the FBI.
It was small enough to be carried inconspiciously, and could easily be
hidden in a pocket. When folded it measures approx. 7.5 x 10 cm
(about a pack of cigarettes).
The device consists of two halves that are kept together by springs and
hinges. Once opened, 36 flat-faced contacts become visible. They
mate with the 36 spring-loaded contacts of a KL-7 rotor
(photograph supplied by Keith Melton) [2].
|
|
|
A hand-operated slide contact, hidden inside a storage compartment at the
top left, was then inserted through the center hole of the rotor.
It kept the rotor in place, provided the correct pressure for the spring-loaded
contacts, and allowed the slide contact to 'brush' over each individual rotor
contact at the other side. The rotor would be placed with index arrow
opposite the position 0 index of the reader. The slide contact was then moved
over the individual contacts of the rotor, and each time one of 36 lamps on the
lamp panel (at the left) would be lit.
Below is a 3-D drawing of the rotor reader. It gives a good idea of
how it was used. The manually operated slide contact is here taken out
of its storage compartment. It has a rectangular 'key' at the bottom
(left in the drawing) that is inserted in the rectangluar hole
at the center of the reader.
It is assumed that the rotor reader was not one-of-a-kind,
but that at least a modest quantity of them was built.
The Soviets supplied Walker with the device only three weeks after he
started spying for them in 1967. Furthermore, Walker was not the only
person who compromised the KL-7 and similar machines.
When Army Sergeant Joseph Helmich was caught spying in the mid-1970s,
an identical rotor reader was found on him [5].
|
|
|
KL-7 Simulator for Windows
|
 |
|
|
In 2009, Dirk Rijmenants managed to crack part of the KL-7 mystery.
From the information that he received from researchers and former KL-7
users all over the world, he managed to put together a good-looking
KL-7 Simulator for Windows™.
Since then, he received numerous e-mails with new information about the
working principle of the machine.
In May 2013, new information was found in the Operating Instructions
for the TSEC/KL-7 ADONIS and POLLUX, that have recently been declassified
by the NSA in 2011
[8][9][10].
Based on this new information, both KL-7 simulators below have
been updated (version 5.0 or later).
|
Version 5.0.1
- 27 May 2013
In february 2011, after we uncovered the secrets of the stepping unit
of the KL-7 (KLA-7/TSEC),
Dirk released a major update of his simulator,
that includes the new stepping unit plus a number of corrections to the
operation of the mode-switch switch under the keyboard.
It also includes realistic sounds, sampled from a real KL-7 in operation.
Although the KL-7 has not yet been declassified, we are about 99% certain
that this simulation is accurate.
The image on the right shows a screenshot of the KL-7 Simulator running on
Windows XP.
 Download KL-7 for Windows (off-site)
|
|
|
|
In September 2012, we teamed up with some researchers of
the Cyber Systems and Technology
Department of the Lincoln Laboratory of the Massachusetts Institute of
Technology (MIT) in Lexington (MA, USA), to produce a JAVA version of
Dirk Rijmenants' KL-7 Simulator for Windows (see above). The main
advantage of using the JAVA language is that the application
can run on virtually any platform,
including Windows, Apple (Macintosh), Unix and Linux.
|
Version 5.0
- 26 May 2013
In February 2013, Uri Blumenthal of MIT, released the first version of
the JAVA KL-7 Simulator. As it uses the graphics from Dirk Rijmenants'
KL-7 Simulator for Windows (above) and the sounds and other information from
this website, the two simulators show great resemblance.
The software comes as a JAR archive and works 'out of the box'
on most platforms, including the Apple Macintosh. An extensive 30-page manual
is included with the software. Simply click the question mark (?) at
the top bar to read it. It even has a built-in codebook generator.
Download JAVA KL-7 Simulator
|
|
|
Please note that the above KL-7 simulator requires the latest version
of JAVA (7) to be installed on your computer. For security reasons it is
always recommended to use the latest version of JAVA. To check your
current version and download the latest version of JAVA, click here.
If you are still using JAVA version 6 and do not want to upgrade yet,
you may download the JAVA-6 compatible version of the KL-7 simulator below.
Download JAVA-6 compatible version of KL-7 Simulator
|
The audio file below illustrates the use of the KL-7.
First, the machine is turned on.
Then 10 keys are typed in plain text mode. The unit is then switched to
encryption, after which 7 letters and 5 spaces are typed. It is then switched
to decryption, after which 8 letters are typed. We then switch to encryption
and then to plain text. Next, the rotor positions are changed.
Finally, the KL-7 is switched off again and you can hear the motor fading out.
|
- KAO-83/TSEC
This is the official operator's manual for the KL-7,
which is still classified.
|
- H. Keith Melton, Ultimate Spy
ISBN: 0-7513-4791-4. 1996-2002. p. 54.
- H. Keith Melton, The Ultimate Spy Book
ISBN: 07894074435. 2009.
- NSA, Cryptologic Almanac 50th Anniversary Series, AFSAM-7
- TruTV, Family of Spies: The John Walker Jr. Spy Case
- Laura H. Heath, Analysis of Systematic Security Weaknesses of the US Navy...
M.S., Georgia Institute of Technology, 2001.
Fort Leavensworth, Kansas (USA), 2005.
Thesis of Major Laura Heath, detailing how John Walker exploited weaknesses
in the US Navy Broadcasting System between 1967 and 1974.
- Wikipedia, John Anthony Walker
Retrieved November 2010.
- FBI, The Year of the Spy
Famous Cases and Criminals. John Anthony Walter Jr.
Retrieved November 2010.
- NSA, TSEC/KL-7 Canadian User Report After First Year of Operation
National Security Agency. CSEC 115. 1 May 1959, 15 pages. SECRET. 1
- NSA, Operating Instructions for TSEC/KL-7 ADONIS Operation
Department of Defense. National Security Agency. Washington, DC 20305.
KAO-41C/TSEC. September 1966, 28 pages, Confidential - Crypto. 1
- NSA, Interim Operating Instructions for Pollux Cryptosystems-Joint
Department of Defense. Armed Forces Security Agency. Washington 25, DC.
AFSAG 1236. January 1953, 45 pages, Confidential Security Information. 1
|
 |
|
-
NSA information declassified and approved for release on 21 April 2011.
FIOA Case # 64246.
CSEC information declassified and approved for release on 28 April 2011.
CSEC ATIP Case # A-2010-00015.
|
|
|
|
Any links shown in red are currently unavailable.
If you like this website, why not make a donation?
© Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Saturday, 18 January 2014 - 10:18 CET
|
|
|
|
TSEC/KL-7 (ADONIS) Block Diagram (version 0.90)
