Digital Wide-band Secure Terminal
- Wanted item
Spendex-50 is an advanced secure digital speech and data terminal,
developed in the early 1980s by Philips Usfa in Eindhoven
(Netherlands) for the Dutch Armed Forces as part the
tactical digital integrated communications network.
It is known by the Dutch Army as Digitaal Beveiligd Telefoontoestel
(Digital Secure Phone) or DBT.
It is also known by its Philips Usfa designator UA-8246
and as NSN 5805-17-055-9132.
Approximately 750 units were built.
The phone is housed in a ruggedized military-grade
die-cast aluminium case. All controls are at the top surface.
It has a 16-button key-pad with a red LED-display directly
above it. To the right of the display is a sealed red flap
that hides the ZEROIZE button.
At the top-right are the two terminals for connection to a 2-wire
telephone network. At the bottom right is the power input (24V).
The image on the right shows a typical Spendex-50 unit,
with the CIK present (rear) and the handset (left)
locked in place with a rubber strap .
Spendex-50 was a wide-band terminal, allowing speech and computer data
to be sent securely at 16 kbits/sec. All speech data was digitised
using Delta Modulation (CVSD), which was also used with the narrow-band
Spendex-10 ten years earlier.
It communicated with the outside world through a 2-wire
Conditioned Biphase Signalling (CDS) line interface, consisting of an
interwoven data and a signalling path. For signalling, it exchanged
Cyclic Permutable Codewords (CPC) with the digital telephone exchange
It uses the SAVILLE cryptographic algorithm.
For its time, Spendex-50 was a very advanced piece of equipment. Initially
the Dutch Army had ordered 1500 units, but given their high price (approx.
20,000 Euro in 1983) the order was reduced to a mere 750 units.
Spendex-50 entered service in 1987 and was decommissioned in the early 2000s
when ZODIAC was replaced
It has since become a rare find.
As Public Key Encryption (PKE) was not commonly accepted in the military world
in the early 1980s, Spendex-50 used symmetric encryption, with a patented
technology for storing and distributing the key pairs
Each Spendex-50 unit was capable of communicating securely with every other
Spendex-50 subscriber in the network. For each link, it used a unique set of
keys (key pair) that had to be stored in the unit's own memory.
If the key-set of one subscriber was compromised,
the rest of the network would still be secure.
The problem of storing key-pairs in the unit's memory is two-fold:
(1) at the time, large non-volatile memory systems were not generally available
and (2) a large number of subscribers would quickly exhaust the available
The first problem was solved by using a 1Mbit bubble memory  that had just
become available from Intel. The image on the right shows the Memtech
(later: Intel) 7110 bubble memory block inside the Spendex-50.
Using bubble memory introduced a range of other problems however
The second problem, storing a large number of key-pairs, was solved by
implementing a clever key-distribution system, called Key-Cube key ,
that would greatly reduce the amount of memory needed for the key-pairs.
This system was later patented by Philips .
Keys were loaded into the Spendex-50 with a NATO-standard
such as the KYK-13.
The key-loader was connected to the CRYPTO input towards the rear of the unit.
All keys were stored in the bubble memory in an encrypted form that was
unique to the terminal, by using a Key Encryption Key (KEK) that was
randomly generated by the terminal.
The KEK was partly stored in the
Crypto Ignition Key (CIK),
and partly in a battery-backed CMOS memory inside the terminal.
The KEK was recovered by adding the two key parts with an XOR operation.
Once the keys were loaded, the CIK and the terminal were paired
Without that particular CIK the (loaded) terminal would be useless.
Using the CIK on another (loaded) Spendex-50 was pointless, as the CIK only
contains half the randomly-generated key of the Spendex-50 it was originally
In case of any emergency, the user could remove the CIK
in order to render the Spendex-50, and hence the stored keys, useless.
Users were instructed to destroy the CIK in case of a compromise,
but that was rather difficult, as it was extremely robust.
For that reason, the Spendex-50 also had a ZEROIZE button that was
hidden under a clearly visible sealed red metal flap, marked with the
crossed-out word CRYPTO.
When security was compromised, the user would lift the flap and press the
button in order to erase the key-half stored in the battery-backed CMOS memory.
In practice, keys were often lost, as operators sometimes accidentally pressed
the ZEROIZE button. This is why a thin wire with a lead-seal was added
to the red flap.
The user then had to break the seal first before lifting the flap.
It is unclear why the red flap carries the crossed-out word CRYPTO,
rather than the more common expression ZEROIZE, but this was probably
the way it was specified by the Dutch DoD.
As the Spendex 50 used the GCHQ/NSA-developed SAVILLE
cryptographic algorithm, each key has a length of 128 bits: 120 key-bits
plus an 8-bit checksum.
Philips Usfa even developed their own Key-fill device
as an alternative to the American KYK-13.
It was similar in appearance and size to the KYK-13, but had 30 key
variable compartments, rather than just 6.
The image below shows a prototype of the UP-2101 key filler.
At the bottom is a standard 9-pin RS-232 port that allowed crypto keys,
that were printed on paper as barcodes, to be read using
This made it possible to distribute crypto keys on paper
using a PFDX secure fax.
It is unlikely that this key filler was ever produced in large quantities.
Spendex-50 was developed as part of the ZODIAC
tactical digital integrated communications network that was used by the
Dutch Armed Forces between 1987 and the early 2000s. ZODIAC itself was
developed by Philips subsidary Holland Signaal (HSA) in Hengelo
(Netherlands), with Philips Telecommunicatie Industrie (PTI) and
Philips Usfa as sub-contractors.
Initially, PTI would develop the main Spendex-50 unit (control unit,
line interface, power supply, etc.) whilst Usfa would
only produce the crypto-unit. However, after a series of problems and
miscommunications, Philips Usfa took over the entire development of the unit.
For digitization of speech, the Department of Defense (DoD) had the choice
between PCM and Delta Modulation. It was decided that Continuous Variable Slope Delta Modulation (CVSD) produced the best quality speech in noisy environments.
Furthermore, it is more error-tolerant than PCM.
The terminal was specified to withstand extreme conditions, such as
thunder-strikes (EMP). This was particularly important as, at the hight
of the Cold War, the enemy was suspected of being capable of producing
EMP-blasts by causing a nuclear explosion high up in the air.
EMP-tests were conducted at the FEL-TNO lab in The Hague (Netherlands),
where the unit had to survive a 1500 Amp. direct hit on its 2-wire line terminals.
The surge-arresters used in the line-interface had done their job and
after restarting, the Spendex-50 was still working.
Spendex-50 also had to be able to operate under military temperature
conditions, such as extreme heat and extreme cold.
All temperature tests were conducted by Philips Usfa themselves is a special
climate room. The image on the right shows the Spendex-50 at -40° centigrade.
As the images of the cold-test were taken around 1983 with an analog camera
under poor lighting conditions,
their quality is somewhat substandard and blurry.
They do show however, that after turning the unit on at -40°C,
it was still working. And so it also passed this test.
All military equipment has to be water-proof to some extent.
It must withstand rain and in some cases even has to be submersable.
Spendex-50 was, of course, no exception to this rule.
Rain tests were usually carried out by Philips Usfa themselves
at their premises in Eindhoven. Although hardly any photographic evidence
of the work at Philips Usfa has survived, we were very pleased by the donation
in 2011 of a series of slides by a former Spendex-developer .
The image on the right shows the Spendex-50 undergoing a rain-test
in an improvised setup.
Rain tests were usually carried out in Usfa's own backyard, just like they
did several years earlier during the development of the
Ecolex-X cipher machine.
More images of the spendex-50 rain-test below. Like the images of the
cold-test, they were taken nearly 30 years ago with an analog camera.
Nevertheless, their quality is remarkably good after all these years.
Spendex-50 is extremely well-built and complies with the most
stringent military demands, probably even by today's standards.
All electronics are housed in a beautifully crafted rugged
aluminium die-cast case with several compartments at the rear
and at the bottom.
Opening the unit at the rear, reveals 4 different
At the bottom right is the
power supply unit (PSU) that converts
the incoming 24V to the various voltages needed by the circuitry.
It is a highly efficient switched-mode PSU with very low
The smallest compartment (bottom right in the image)
is used for protection of the
2-wire interface against an EMP.
are clearly visible at the top.
In case of an over-voltage, such as an EMP, the gas-filled
arresters will conduct all energy to the ground.
All other electronics are at the bottom of the unit. Removing
the bottom plate, provides access to the line interface,
the analog sound processing, the (digital) logic and the crypto-heart.
All boards, except for the line interface, are inter-connected
via a backplane at the bottom.
The image on the right shows an opened Spendex-50 unit, seen from
the bottom rear. At the far end is the
line interface that is built
into a seperate compartment for safety reasons.
Mounted to the side of the line-interface compartment is the so-called
tamper-switch. It ensures that the half of the
Key Encryption Key (KEK) that is stored in battery-backed CMOS RAM is
deleted when the case is opened.
The largest compartment has room for 10 PCBs, numbered
1 thru 10 from left to right.
In the first prototype, all 10 slots were used.
During development however, Spendex-50 was improved and (partly) redesigned
serveral times, which resulted in a reduced number of boards. This is the
reason why boards 3 and 4 are missing from the final design.
Board number (1) is the Delta Modulator.
It contains the audio amplifiers
and two OQ-2229
Continously Variable Slope Delta Modulators (CVSD).
They were manufactured by Philips for internal use only,
hence the OQ-numbering.
The entire unit is controlled by an Intel 8085 processor running at 6 MHz.
It is located on board number (8)
together with 2 EPROMS of 32KB each and 4KB of RAM.
Right behind the processor board was the
Bubble Memory (9)
which occupied a double slot.
More about the Bubble Memory in the next section below.
The most interesting part of every cryptographic device is arguably the
so-called Crypto-Heart. In the Spendex-50, the crypto-heart takes the
form of a single PCB in slot number 5.
The image on the right shows a close-up of one of three
designed by Philips Usfa. The same chip was used in the
According to the date stamp on the chip, it was manufactured mid-1989.
At the time, these chips were classified as confidential.
The crypto-heart contains three more-or-less identical circuits,
each consisting of an OQ-4430 and 2KB RAM. In a full duplex system, one
crypto-unit was used for reception. The other two were used for
transmission, raising an alarm if the outputs of these two were not identical.
The OQ-4430 was a proprietary chip that contained Philips' implementation
of the highly secure SAVILLE cryptographic alpgorithm
that was developed in the late 1960s by
and the NSA (US). Philips was the first company outside
of the US and the UK to be licensed to implement SAVILLE in their own
hardware chip. Although the same algorithm is used in other crypto phones,
such as the Spendex 40
and the STU-II, the Spendex 50 is not interoperable
with them. It uses a CVSD vocoder, whereas the other phones have an
As Spendex-50 used symmetric encryption, it needed to store key-pairs for
every possible connection in the network. In a network of, say, 2000
subscribers, this would quickly exhaust the available memory. This was
partly solved by using a clever scheme of key-distribution, which greatly
reduced the memory needed for the key-pair tables (Key-Cube key) .
The major problem however, was the storage space needed for the keys,
as large non-volatile memory systems were not commonly available at the time.
This problem was solved by using the 1Mbit 7110 bubble memory that had just
become available from Memtech (later: Intel).
As it was not possible to produce error-free bubble memory at the time,
bad secors were marked on the label as a table of Hexadecimal numbers.
The more Fs, the better the memory was. Bad sectors had to be avoided and
were mapped-out in software.
As bubble-memories were not too reliable, Philips engineers had to
build-in some level of redundancy in order to be able to 'repair' any failures
in the field entirely in software.
As the buying price for the Intel 7110 was several thousand Dutch
Guilders (NLG) at the time,
it added considerably to the overall cost of the Spendex-50, which is one
of the reasons why the DoD halved the ordered quantity to 750 units.
Although the Spendex-50 terminal could be used on its own, it was intended
for the ZODIAC tactical network. After
ZODIAC was phased out, a working HSA telephone exchange, complete with all
cryptographic equipment and a series of Spendex-50 units (DBTs) was installed
at the Royal Dutch Signals Museum.
More about ZODIAC
An adapted version of the Spendex 50 was available for NATO use. It was known
as the DWBST 55 or UA-8238.
DWBST stands for Digital Wide-Band Secure Terminal.
In appearance it was identical to the version described above.
It conformed to EUROCOM standards was a stand-alone tactical wide-band secure
voice terminal designed for secure communication of speech and data (either
digital or analogue). It could operate at 16 or 32 kbits/s .
The terminal enables a subscriber to set up end-to-end automatic connection
for secure communication on a digital basis with another US-8328 (or
compatible equipment) in the network. The terminal can also be used as an
automatic telephone set for plain-language communication.
For the compression of speech (80-3400 kHz), is uses delta modulation at 16 or
32 kbit/s. Data can be transferred at 2400 baud (asynchronous).
For secure crypto traffic it can hold up to 18 sets of common net keys which
can be pre-loaded into any terminal. It can also be used for up to 2000
subscribers in a UA-8238 network, in which case the terminal stores
KeyCube key-settings in its built-in bubble memory.
According to , the DWBST 55 was in production in 1986, but it is
doubtful weather any Spendex-50 units were ever sold under this name.
Approximately 10 years after the conception of the Spendex 50,
the US Army and US Navy introduced a similar device, with nearly identical
specifications: the KY-68 Digital Subscriber Voice Terminal (DSVT).
The device is similar is size, weight, specification and operation.
The image on the right shows a typical KY-68 unit.
Like the Philips Spendex 50 it uses CVSD modulation, biphase signaling
and 8-bit cyclic permutable codewords (CPC).
The main differences are the lack of a display and CIK.
The DSVT was
introduced in 1992 and was gradually phased out in 2010, when it was
replaced by the (incompatible)
Secure Terminal Equipment (STE).
Crypto Museum is still looking for one or more Spendex-50 (DBT) units for our
own collection. If possible, we would like to be able to demonstrate a
working Spendex-50 unit at some stage. We are also looking for additional
information, such as user instructions and service manuals. If you have
any information, please contact us.
- Mathieu Goudsmits, Spendex-50 developer at Philips Usfa
Interview, Crypto Museum. July 2011.
- Fysisch en Elektronisch Laboratorium TNO,
Definitie rapport taktisch LAN demonstratie (Dutch)
Unclassified. June 1990, p. 28 - Het DBT interface.
- AJW van Daal & P van der Vlist, DELTACS - a versatile tactical communication system
Philips Telecommunicatie Industrie BV (PTI), Hilversum (Netherlands), 1984.
Reprint from Philips Telecommunication Review, Vol. 42, No. 2, pages 74-89.
- Royal Dutch Signals Museum
- Jane's Military Communication 1986
ISBN: 0-7106-0824-1. p. 446.
- CJA Jansen, Classical Key Management
Proceedings of the Fifth Symposium on Information Theory in the Benelux,
Aalten, The Netherlands, 24-25 May 1984, pp. 94-101.
- US Patent 4607137, Method of distributing and utilizing enciphering keys
CJA Jansen, AJM vd Pas, P vd Vlist, F Hafkamp. US Philips Corporation.
Filed 13 April 1984, issued 19 August 1986.
- Wikipedia, Bubble memory
Retrieved Mau 2012.
Any links shown in red are currently unavailable.
If you like this website, why not make a donation?|
© Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Wednesday, 01 May 2013 - 15:40 CET