Click for homepage
Crypto
BBC
Voice
Vericrypt →
  
BBC Cryptophon 1100
Time-division speech scrambler SV-11

Cryptophon 1100 was a time-division speech scrambling device, developed by Brown Boveri and Company (BBC) in Switzerland around 1974 [3]. It was intended for use with narrow band VHF or UHF 2-way radios and was widely used by Police Forces in Europe in the days before digital encryption became mainstream. It was succeeded in 1980 by the much smaller Vericrypt 1100.

In the late 1970s and early 80s, the Cryptophon 1100 was introduced with many police and law enforcement agencies world-wide. Examples are the German border police, the German Secret Service (BND) and the Dutch national police.

The image on the right shows a typical Crypto­phon 1100 unit. It is basically a grey metal box, with two connections and a set of thumbwheels (behind a sliding door) at the front. A separate breakout box was required for the connection of the various perpherals, such as microphone, speaker and the actual (police) radio itself.
  

All connections and controls are at the front of the unit. At the top left is the audio connector. It is a 12-pin DIN connector with audio-in, audio-out, push-to-talk (PTT), etc. At the bottom left is the 4-pin DIN power connector. It takes 12V from a car battery or external PSU. At the right is a black sliding door behind which the thumbwheels for setting the daily key are hidden (see below).

The time-division process introduces a delay of approx. 0.5 seconds with is typical for this type of time-domain voice scrambling. The unit is compatible with the Vericrypt 1100 and can also be used on telephone networks, although it does not have echo cancellation on 2-wire networks. The unit shown here was used for many years by a crime unit of the Dutch police, who used it in a number of high-profile cases. Note however, that this type of encryption is inherently unsafe.

BBC Cryptophon 1100
Close-up of the connections
Frontpanel with the thumbwheels uncovered
Cover closed
Revealing the thumbwheel switches
The thumbwheel switches
Setting the cryptographic key
Setting the daily key
A
×
A
1 / 8
BBC Cryptophon 1100
A
2 / 8
Close-up of the connections
A
3 / 8
Frontpanel with the thumbwheels uncovered
A
4 / 8
Cover closed
A
5 / 8
Revealing the thumbwheel switches
A
6 / 8
The thumbwheel switches
A
7 / 8
Setting the cryptographic key
A
8 / 8
Setting the daily key

Cryptographic key
The cryptographic key is made up of two elements: the basic key, which is fixed internally, and the daily key, which is set with the six thumbwheels at the front. The basic key can only be altered by opening the unit and replacing a small printed circuit board (PCB) with a set of solder links in a 5 x 12 matrix. It was different for each agency, and was not changed very often.

The daily key can easily be set by entering a 6-digit number with the thumbwheels at the front. A small sliding door hides the current setting, so that the number cannot be read by prying eyes or by a potential eavesdropper. It also protects the settings against accidental changes.

The 6-digit number allows 106 combinations. It is used to 'seed' the internal pseudo-random number generator (PRNG), which has a period of approx. 8.5 hours. This means that the number sequence produced by the PRNG does not repeat itself within 8.5 hours [2].
  

During a transmission, a Frequency Shift Keying (FSK) signal is broadcast with the speech, to allow the PRNG of the receiver to run 'in sync' with the transmitter. This FSK signal takes the form of a 1830 Hz pilot tone (± 100 Hz). At the start of a conversation, the system needs approx. 1.5 seconds to 'lock in'. During this time, no useful speech can be transmitted. Most operators would count 'twenty-one, twenty-two', before starting the message.

Once transmitter and receiver were 'in sync', the system would need only 0.2 seconds on a change-over. Because of the principle behind the type of scrambling used by the Cryptophon 1100, all audio was delayed by 0.5 seconds. This was considered a drawback of the system.


Compromised
Between 1978 and 1981, the Cryptophon 1100 and Vericrypt 1100 were tested by a number of West-German agencies, such as the police, the Ministry of Internal Affairs and the German Intelligence Agency (BND). They considered the system safe and between 1981 and 1982, a large number of Cryptophon and Vericrypt 1100 units were installed with the various agencies.

In 1983 the East-German cipher bureau managed to break the cipher by reconstructing the keys from a series of intercepts. They also built their own equivalent of the Cryptophon, known as the A-003, that was used in the breaks. Another device, the so-called A-004, was used to decipher the Vericrypt 1100. As a result, they managed to read about 90% of the West-German Cryptophon 1100 and Vericrypt 1100-based radio traffic during the 2nd quarter of 1988 [2].


Interior
Considering its age, the Cryptophon 1100 is extremely well built. Only first class components and PCBs are used. The units consists of three main PCBs, all mounted on an extendible frame. The image below shows the uncovered interior of the Cryptophone 1100.

The two digital boards are both mounted on one side (left) and can be folded away from the frame. A small 3rd board is mounted to the inner board as some kind of modification, that was introduced after the design was completed.

The analogue board is at the other side (right). It contains 9 high-quality LC audio filters that are used for filtering the FSK pilot tone and the audio. The rear of the unit contains the power supply unit (PSU) that converts the 12V of a car into suitable internal voltages. The unit shown here was probably built around 1975.
  

Interior of the Cryptophon 1100
Outer digital board
Inner digital board
Analogue board
Close-up of the filters
PSU mounted at the rear
Basic Key PCB at the front
Basic Key PCB
B
×
B
1 / 8
Interior of the Cryptophon 1100
B
2 / 8
Outer digital board
B
3 / 8
Inner digital board
B
4 / 8
Analogue board
B
5 / 8
Close-up of the filters
B
6 / 8
PSU mounted at the rear
B
7 / 8
Basic Key PCB at the front
B
8 / 8
Basic Key PCB

Operation
The cryptographic principle used in the Cryptophon 1100 and the Vericrypt 1100, is of the time-division speech scrambler type. Speech is recorded (sampled) and divided over the time domain (scrambling). The simplified diagram below, shows how this works. Speech is cut into small time segments of 30 ms each, and is scrambled with other time segments in an ever changing order. The order in which the packets are scrambled is determined by a pseudo random number generator, or PRNG, that is seeded by the settings of the 6 thumbwheels at the front panel.


In this diagram, the top row shows the clear speech (input) in time. The second row shows the speech after it is scrambled. Finally, the bottom row shows the speech once it is descrambled again (output). The process of scrambling and descrambling, causes a delay of approx. 0.5 sec.

As the time segments are scrambled in an ever changing pattern, it is important that transmitter and receiver are correctly synchronised. To ensure that both ends are kept 'in sync', a pilot signal (FSK) is transmitted with the scrambled speech.


Block diagram
Below is the blockdiagram of the Cryptophon 1100. The audio input is at the top left. In transmission mode, audio is filtered, digitised and stored in a temporary memory buffer. The order in which the samples are read out of the buffer, is determined by the number generator (PRN). The new (scrambled) signal is then converted back to the analogue domain again. In order to allow the receiving end to stay in sync, an FSK signal (pilot) is inserted in the output path.


In receiving mode, the synchronisation signal (pilot) is extracted from the incoming audio signal (top left) and decoded. It is then used by the program register (CPU) to keep the pseudo-random number generator (PRN) in sync, so that the packets are re-assembled in the correct order.


Documentation
When the Cryptophon 1100 was released in the mid-1970s, the manufacturer — BBC — also released a rather unusual brochure, in the shape of a 45 rpm vinyl audio disc, also known as a gramophone record or a phonograph record [5].

On the disc, which holds a 11-minute recording, a German-speaking gentleman explains how the 1100's time-division scrambling works, along with examples. It demonstrates what a properly decoded conversation sounds like, and what an unauthorised eavesdropper hears. Click the audio sample below to play the demonstration. 1
  

  1. Many thanks to Andreas Obermeier for making this recording available digitally [6].

References
  1. Barry Wels, Cryptophon 1100 - THANKS !
    Device kindly donated, Februari 2011.

  2. Jörg Drobick, Beschreibung des Cryptophon 1100 BStU176
    Der SAS- und Chiffrierdienst (SCD), German.

  3. W. Baschlin,Integration of time division speech scrambling
    into police telecommunication networks

    Ores Publications (USA), 1977.

  4. US Patent 4773092, Speech Scramblers
    Frederick Huang, Oxford (UK). Racal Research Ltd., Berkshire (UK).

  5. Wikipedia, Phonograph record
    Retrieved May 2019.

  6. Andreas Obermeier, Digitised audio recording of BBC vinyl record
    Demonstration of the Cryptophon 1100 (German). Received May 2019.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Tuesday 08 February 2011. Last changed: Friday, 03 July 2020 - 11:11 CET.
Click for homepage