|
OTP Mixers
 |
|
One-Time Tape machines
Mixers
|
|
|
Teleprinter version of the OTP
One-Time Tape, or OTT, is an automated digital variant of the so-called
One-Time Pad,
or OTP.
When correctly applied, OTT-encrypted messages are unbreakable.
OTT is best explained as a practical implementation
of the OTP system for use with telegraph equipment,
also known as Teleprinters
or Telex,
using a 5-bit digital code (often ITA-2, baudot)
for the exchange of data.
|
A key tape is generated by recording the data of a random number generator
(noise).
The Vernam Principle is then used to combine each
plaintext character with a single character from the key tape.
As a simple XOR-operation is used for this process
of 'mixing', the same key tape can be mixed again with the ciphertext
at the receiving end, in order to recover the plaintext again.
Machines that use OTT, are commonly called mixers.
A good example is the ETCRRM
that was used for many years during the Cold War
on the Washington-Moscow teleprinter hotline.
|
|
|
Another good example of a mixer, that was also used on the
Washington-Moscow Hotline,
is the Siemens M-190.
Over the years, a variety of mixers
have been developed and produced world-wide
by various manufacturers. They were generally used at the top
level of a command chain, for messages that had to remain secret
indefinitely.
Contrary to popular belief, mixers are (and have always been)
unclassified devices. It is the combination of the machine with a
keytape that is classified to the level of the keytape.
|
UNCLASSIFIED —
It is often thought that, like most cipher machines, mixers are
classified items. However, due to the way the mixer works, there is nothing
secret about its operation. Besides, when the machine is used
correctly, the code is unbreakable anyway.
Most mixer machines were therefore unclassified, although
circuit diagrams and user manuals may have been restricted at the time.
With machines of this class, it is the key tape that protects the
secret. This is the reason why the key tapes were only used once and were
destroyed immediately after use, so that they could not fall into enemy
hands. Operational key tapes were always classified.
They often carried labels like NATO Secret.
Placing a classified keytape on a machine, makes the entire system classified
to the level of the keytape.
Most mixers, or OTT machines, use data from a teleprinter machine
or from a paper-tape reader as input.
Such data is generally stored in 5-bit digital format,
commonly in ITA2 code (baudot),
but other data formats are also possible.
Plain text is either entered directly on the keyboard of the teleprinter
(online), or is stored on a punched paper-tape first and replayed
later (offline).
The above illustration explains how the mixer works.
Each letter of the Plaintext is added to a letter from
a Key tape, using an exclusive-OR, or XOR, operation.
In mathematics this is known as modulo-2 addition.
In cryptography it is known as the Vernam Cipher.
It has the advantage of being reversible: by adding the key stream
to the ciphertext, the original plaintext is retrieved.
➤ More about the Vernam Cipher
|
Many companies and countries claim the invention of the
One-Time Tape
cipher machine (mixer). Although the
Philips Ecolex was definitely not the
first machine in this class, its inventor
was payed for his patents
for many years. STK (now: Thales)
claims that it was a Norwegian invention,
but their patent of 1952 1 is predated by the
Siemens T-43,
the British 5-UCO
and the British-Canadian Rockex,
all of which were developed during WWII and were
introduced in 1943.
Although all mixers are based on the so-called
Vernam Cipher,
an invention of Gilbert Sandford Vernam in 1918, and that Vernam
is also the (co)inventor of the One-Time Pad (OTP),
the first machine that was based on the
Vernam Cipher
(Telekrypton, 1926)
used a looped key tape and was therefore not a One-Time Tape machine.
This means that, based on the currently available information,
the Siemens T-43,
the British Rockex
and the 5-UCO
should be recognised as firsts.
|
-
Although this patent is frequenty mentioned in literature, for example
in [5], we have not been able to find it. If anyone has access to this
patent, please contact us.
|
|
When using OTT equipment, or mixers,
a sufficient supply of key tapes
was mandatory in order to keep up with the constant flow of messages.
Key tapes were initially produced manually with so-called manual
tape punchers, but this had numerous drawbacks, such as the long time
it took to produce a single tape and the lack of randomness in the
human mind when pressing the buttons.
|
To overcome these drawbacks, the process was automated and machines
were developed for creating the (pseudo) random key streams and punching
them onto 5-level paper tape. Initially, mechanical methods were used
for producing the key stream, but as these too lacked sufficient randomness,
noise generators were introduced.
The image on the right shows the
5224, one of the first key tape generators
that were available on the market, made by
Reichert Elektronik
in Germany (now: Mils in Austria).
It has a built-in white noise generator and produces two tapes.
|
|
|
In order to ensure that both key tapes are identical, they are punched
simultaneously in a single tape puncher. Futhermore, the machine has 10
counters, to keep track of the number of zeros and ones that are generated.
In a truely random system, they should be distributed evenly.
|
Although noise generators were already in use during WWII for
creation of one-time keys for the SIGSALY transatlantic secure voice
link between the UK and the US,
most OTP and OTT systems that were used during the war
and shortly thereafter, used mechanically generated (and therefore
deterministic) pseudo random keys.
The Siemens T-43 mixer,
for example, used two Siemens T-52 Geheimschreibers
in series for the generation of its key tapes. If the codebreakers at
Bletchley Park had known this, it would have been relatively
easy for them to break the cipher.
|
|
|
In 1952, Dr. Werner Liebknecht, a developer at C. Lorenz AG in Stuttgart
(Germany) was the first one to publicly file a patent for a
Random Number Generator (RNG) based on a white noise source.
It produced evenly spread non-deterministic
numbers that were idealy suited for the generation of One-Time Tapes.
The patent was bought by Willy Reichert
in Trier (Germany) who used it
to build the first commercially available OTT generator on the market:
the Würfel (Dice).
➤ More about the 5224
|
|
Like with the manual OTP cipher, OTT systems suffer from the same
key distribution problem. Especially in applications where communication
takes place on a large scale, such as in the Army,
one has to ensure that a sufficient supply of fresh (unused)
key tapes is available at all times.
|
Although this may seem a simple requirement, it often caused
logistics problems with Army units in remote locations and
aboard ships. Key distribution would be seriously hampered, or indeed
be completely impossible, in the event of a war, e.g. when
operating behind enemy lines.
Key-tape shortages have led to several security incidents
and compromises in the past.
Some operators re-used an old key-tape, or used
it in reverse direction. There are even stories about operators
who taped a one-metre piece of key-tape together and used it
as an endless loop...
|
|
|
For this reason, most Armies abandonned the use of OTT machines and
replaced them by cipher machines with a built-in key generator.
Such key generators generally consisted of a (pseudo) random number
generator (PRNG) that was seeded by a much shorter KEY. Good examples
of such machines are the Philips Ecolex X,
the Philips Aroflex
and the KL-51 (RACE).
Although such machines are often advertised as a more practical
implementation of the OTP, they do not meet the requirements of an OTP
and are never absolutely safe. They are just much more practical.
Nevertheless, OTT machines remained in service for many years,
for messages that had to remain secret indefinitely, such as
at the highest level at NATO, in diplomacy and on the
Washington-Moscow Hotline.
Today, the principle of the OTP/OTT is often implemented with computers,
but this poses a real security threat as there is
no such thing as a secure personal computer.
|
|
