Spy sets
Burst encoders
Logo (click for homepage)
The Vernam Cipher
The Vernam Cipher is based on the principle that the plain text of a message is 'mixed' with random text from a One Time Pad (OTP). Because the resulting cipher text is still truely random, it can safely be sent over the air, without the risk of being deciphered by an interceptor. At the receiving end, the same OTP is used to 'unmix' the random text from the cipher text, which results in the original plain text. One only has to guarantee that the OTP is safe, that there are only two copies of it, and that both copies are destroyed immediately after use (see below).

The above became possible after the introduction of digital telegraphy, also known as Teletype, or Telex. With teletype, each character is substituted by a digital 5-bit code, often represented by the 5 holes in a punched paper tape that was commonly used with telex machines. Digital codes can also be represented by a series of '1's and '0's, where 1 represents the presence of a hole and 0 represents the absense of a hole. This is commonly known as the Baudot code.
The OTP was recorded onto a punched paper tape, which was called the key, or One Time Tape (OTT). The cipher text was generated by applying the logical XOR operation (Exclusive-OR, or Modulo-2 addition) to the plain text and the key. The advantage of using the XOR operation is that it can be undone with the same operation. In other words: XOR-ing the cipher text with the key, would reveal the plain text again.

In mathematics, the XOR operation is called modulo-2 addition. In this case, the individual bits of the plain text are XOR-ed with the key. The resulting bit will only be '1' if the two input bits are different; if they are equal, the result will be '0'. Let's asume that the letter A is represented by (11000) and that B is represented by: (10011). A bit-wise XOR operation would then yield (01011) which, in the Baudot table, is the letter 'G'. In fact, each bit from the key tells us whether or not the corresponding bit from the plaintext should be inverted.
The principle of the Vernam Cipher is perhaps easier explained by looking at a message stored on a punched paper tape. In the example below, we want to transmit the word HELLO which is stored on the plain text tape. We also have a pre-recorded key tape, with a series of random characters; in this case the sequence AXHJB. The contents of the plain text tape are now XOR-ed with the contents of the key tape. The result (KMIVE) is a truely random series of characters which we've stored on the cipher tape.
Mixing of the plain text and the key

Now let us see what happens if we repeat this operation on the resulting cipher tape. In the illustration below, the cipher tape is on the left. It is XOR-ed with a copy of the original key tape. The result is the original plain text.
Mixing of the cipher text and the key

The process of XOR-ing text and key is often called mixing, and the cipher machines that use the Vernam principle, are therefore often called mixers or mixer machines.
Cipher Security
The above procedure is 100% safe if, and only if, the following conditions are met:
  • There are only two copies of the key-tape,
  • Both sides of the communication path have the same tape,
  • The key-tape is used only once,
  • The key-tape is destroyed immediately after use,
  • The key-tape contains truely random characters.
If any of the above criteria is not met, the cipher will become less secure. This means, for example, that in a battlefield, sufficient supply of key-tapes have to be prepaired well in advance of a transmission. If you are communicating with a station several thousands of kilometers away, it will be very difficult to supply new key-tapes on a regular basis.

In practice, distribution of key tapes always was a big problem, resulting in many violations of the above rules. In some cases a key tape was used more than once, or was inserted the other way around (i.e. starting at the end). There were even cases where an operator would take a piece of key tape and use it as an endless loop, by joining both ends with a piece of cellotape.
Pseudo-random versus OTP
Although the OTP was, and still is, the only cipher that is totally secure, many systems based on the Vernam Cipher were replaced by cipher systems that used a pseudo-random key generator with a very long cipher period. If both ends of the communication link configure their pseudo-random key generators identically, the Vernam principle can still be applied.

With this method, the configuration of the pseudo-random generator has become the key or seed, or initialization vector, which is potentially much shorter than the message itself. Such a short key produces far less distribution problems, but also results in a reduced security of the cipher. It all depends on the secrecy and the strength of the key.
Generating OTP key tapes (OTT)
It is also very important to consider how key tapes were made. The cipher is only 100% safe, if the key tape contains evenly-spread truely random characters. That would be the case if the tape was filled with white noise from, say, a diode or an empty radio channel.

In practice, however, military organisations often used pseudo-random number generators for the creation of the key tape. The simple fact that such a generator is pseudo-random, makes the cipher less secure. There is always the danger that a potential enemy finds out what algorithm is used to generate the pseudo-random sequence; either by mathematical methods or by espionage. An example of a key tape generator is the EROLET.
Mixer machines
Cipher machines, intended for operation with teletype signals, that use the Vernam Cipher, are generally called mixers or mixer machines. In most cases, they are equipped with two paper-tape readers. Several such mixer machines are described on this website. More...   
Click here for an overview of mixer machines on this website

The Vernam Cipher is named after Gilbert Sandford Vernam (1890-1960) who, in 1917, invented the stream cipher and later co-invented the OTP. His patent US1310719 [1] was filed in 1918 and is, according to the NSA, perhaps one of the most important in the history of cryptography.

Snapshot from Gilbert Vernam's Patent US1310719. Click to read the complete document.

Over the years, many have claimed the invention of the mixer machine. In 1921, the German manufacturer Siemens filed patent DE371087 in which a nearly identical principle is claimed. The patent drawing even shows two puched paper readers side-by-side. One of Siemens' claims is that it could be used as an online cipher system by driving the telegraph relay directly [2].

Snapshot from German Patent DE371087. Click to read the complete document.

During WWII, the German Army relied on hand ciphers and rotor-based cipher machines, such as the Enigma, the Siemens T-52 Geheimschreiber and the Lorenz SZ-40/42. In 1943, Siemens developed their first online mixer machine based on the above principle. It was named T-43 and less than 50 of them were built. At the end of WWII, the Germans destroyed most of these T-43 machines. The ones that survived were captured by the Americans and later the British.

In 1952, a similar patent was filed by Bjørn Røhrholdt, a Colonel, engineer, veteran and liason of the Norwegian Army, and Kåre Meisingset of STK in Norway [3]. The collaboration of the two engineers eventually resulted in the release of the ETCRRM, a mixer machine that used valves (tubes) rather than electric relays. The machine was soon adopted by the Americans for communication at the highest level and later also by the newly established NATO. At height of the Cold War, the ETCRRM was used at the heart of the Washington-Moscow Hotline.

In the late 1950s, the Dutch PTT developed their own range of mixer machines, again based on the same principle. As the PTT didn't have sufficient production capacity, the machines were manufactured by Philips Usfa in Eindhoven (Netherlands). The first machine to be released in 1656 was the Ecolex I. Like the ETCRRM, it was valve-based. It was followed in 1960 by the fully transistorized Ecolex II. After that, Philips Usfa took over the development of cipher machines, resulting in 1963 in the Ecolex IV. According to a former company director, Philips had to pay royalties to the principal inventor at the Dutch PTT for many years, for the use of his patents [4].
Modern use of the Vernam Cipher
The Vernam Cipher can also be applied to modern computer systems. Instead of the 5-bit word of a teletype system, computers use 8-bit or even longer words. The principle, however, remains the same as the XOR-operation is applied to the individual bits of the data word. The use of the XOR-operation is still at the heart of many cryptographic algorithms today.
  1. Gilbert S. Vernam, US Patent 1310719
    Filed 13 September 1918.

  2. Siemens und Halske, German Patent DE371087
    Filed 10 July 1921.

  3. Norwegian National Security Authority (NSM), Årsmelding 2008
    NSM Annual Report 2008 (Norwegian). Noen kryptosuksesser. p. 15.

  4. Anonymous former company director of Philips Usfa
    Interview at Crypto Museum. April 2013.

Further information

Any links shown in red are currently unavailable. If you like this website, why not make a donation?
Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Tuesday, 07 May 2013 - 10:01 CET
Click for homepage