Click for homepage
← Philips
Aroflex II →
Aroflex   UA-8116
Rapid offline encryption device - wanted item

Aroflex is probably the most successful cipher machine ever built by Philips Usfa. The machine was developed between 1976 and 1982 and more than 4500 units were produced. It features hardware-based encryption with NATO-style key management, and was used by NATO, the Dutch Government, the Dutch Department of Defence, and the governments of some friendly nations, such as Norway and Canada. Aroflex is also known as UA-8116, BID/1100 and T-1000CA.

The device consists of a Siemens T-1000 tele­printer, with a crypto unit in a black aluminium shell mounted to its bottom. In the image on the right, the crypto unit is visible as a low-profile black cabinet, with a red button and two physical key locks. One lock is used for the INSERT key whilst the other one is for the SPECAT key. This black and white photograph was used by Philips for promotional and instructional purposes [1].

Whenever the cipher was compromised, e.g. when an army unit was raided by the enemy, the operator just had to press the red button at the front of the crypto unit to flush the keys and all stored messages. This is called the ZEROIZE key.
Aroflex at the Royal Dutch Signals Museum

Aroflex was a highly automated encryption/decryption machine for rapid, reliable and efficient off-line operation. It could also be used as a stand-alone message tape preparation unit. Some machines were equiped with appropriate interfaces to allow them to be connected directly to the line. The T-1000 could be operated at 50, 75 and 100 baud on-line, and 100 baud off-line.

Aroflex is crypto compatible with NATO CEROFF equipment, such as RACE and Picoflex. As such, it complies with the the symmetrical ACP 127 standard (Allied Communications Publication) [8]. The plaintext was converted into 5-letter groups, with 10 groups on each line. The Aroflex could store upto 6 pages (i.e. 120 lines of 10 crypto groups each) in its internal memory. The name Aroflex is probably derrived from Automatic Rapid Offline Encryption Device. In the early 1990s, Aroflex was succeeded by the Aroflex II (T-1285CA), but it came too late to be successful.

Promotional photograph of the Aroflex Completely assembled Aroflex unit Exploded view of the critial Aroflex components The black Aroflex shell, before mounting the electronic components Opened Siemens T-1000 unit Mounting the Aroflex unit to the bottom of the T-1000 The Aroflex at the Royal Dutch Signals Museum The two key-locks and the emergency button
1 / 8
Promotional photograph of the Aroflex
2 / 8
Completely assembled Aroflex unit
3 / 8
Exploded view of the critial Aroflex components
4 / 8
The black Aroflex shell, before mounting the electronic components
5 / 8
Opened Siemens T-1000 unit
6 / 8
Mounting the Aroflex unit to the bottom of the T-1000
7 / 8
The Aroflex at the Royal Dutch Signals Museum
8 / 8
The two key-locks and the emergency button

Philips version
When the original Aroflex machine for the NATO evaluation CEROFF was ready, Philips developed a number of variants, such as a line-connected mode, a civil version (sold by Siemens), customer-unique key generators and numerous variations in operation. All machines for NATO/SHAPE were delivered as completely assembled machines, including the Siemens T-1000 teleprinter (telex).

The image on the right shows two essential parts of the Aroflex. The large board on the left is the mixer. It combines plaintext and key stream into ciphertext. Blue resistor packs are inserted into the sockets at board's edges, as a temporary measure to protect the highly sensitive CMOS chips against static discharge when in storage.

The yellow/brown block on the right is the actual crypto unit. It consists of a printed circuit board with a number of OQ4406 or OQ4407 custom chips. As it contains CMOS parts, resistor packs are installed to protect it against static damage.
Aroflex mixer-board and crypto-module

Apart from NATO, Aroflex was also sold to various departments of the Dutch government and also to the authorities of some friendly nations. As Philips Usfa had officialy won the CEROFF bidding, they received purchase orders from SHAPE and from most NATO countries, making Aroflex arguably Usfa's most successful cipher machine. It was very popular in Germany, Canada and Turkey. By the end of 1982, more than 2500 units had already been produced [4].

Siemens version   T-1000CA
In order to allow Siemens to sell the civil version of the Aroflex, Philips supplied the bare crypto module to Siemens. In this case, the combination was called T-1000-CA, in which the extension CA stands for Cryptographical Application. This variant was not sold to NATO customers.

In Jane's Military Communication, edition 1986, Siemens offers the machine as the T-1000CA, with a black (rather than white) body stored in a matching flight-case [3]. According to an internal Philips Usfa memo [4], just one batch of 1500 crypto add-on modules was made for Siemens.

Note that the Siemens T-1000CA is electrically identical to the standard Philips Aroflex, but that the actual crypto heart is different. The one in the T-1000CA is built around OQ4407 custom chips, whereas the Philips variant (that was used by NATO) contains the pin-compatible OQ4406.

The image above shows the interior of the Siemens crypto heart that was based on the OQ4407. The algorithm of the OQ4407 (and hence the Siemens T-1000CA) is substantially weaker than that of the OQ4406 and could be broken with the right means, exploiting the redundancy in the encyphered message preamble. This would typically involve solving a set of binary equations, an exponentially large number of times, a task that was not trivial at the time.

Rumour has it that Philips designed and developed a special chip to speed up the analysis of OQ4407-based crypto-logics upon request of the Dutch authorities. The cryptograms produced by the T-1000CA machines, typically exhibit bias in the enciphered message preamble, an un­necessary shortcoming by design. This was certainly known by the agencies of other countries.

Also note that the crypto-logic with the OQ4407 had only one 16-pin connector by which it was connected to the mixer board, whereas the real Aroflex crypto-logic with the OQ4406 had two such connectors. The same is true for the mixer board. It is therefore possible to identify the chips inside the crypto-logic without opening them. One cable: OQ4407, two cables: OQ4406.

Test device
This small unit was used by Philips and Siemens to quickly test the voltages inside the Aroflex. The unit consists of a small PCB that is potted in epoxy inside a black plastic enclosure, with six red LEDs at one side. Each LED represents a voltage or a signal. The other side has a 16-pin header that plugs into an internal socket.

The diagnostics unit was known by its National Stock Number NSN 6625-12-179-5010. The Siemens designator was S22711-P105 GS1. When unused, it was stored in a wooden box.
Aroflex diagnostics tool

Wooden box with Aroflex power test unit Inside the wooden box Aroflex diagnostics tool Aroflex diagnostics tool LED on the Aroflex diagnostics tool
Key setting
Aroflex can store upto 26 keys:
  • 23 keys for 'ordinary' traffic.
  • 2 SPECAT (Special Category) keys (see note below).
  • 1 for encryption/decryption of the system indicators (i.e. the serial numbers of each key).
A new key is easily entered and takes the following steps:
  • Place the INSERT-key in the leftmost lock and turn it clockwise.
  • Enter the number of the required key store (address).
  • Enter (from the key list) the serial number of the key, the keying variables and the check word.
  • Remove the INSERT-key.
The two SPECAT keys can only be entered and/or used if the physical SPECAT-key is entered in the rightmost lock and turned clockwise.

As an alternative to the above procedure, it was also possible to enter the keys via a paper tape that was read by the built-in tape reader. In addition, the crypto unit has a special connector through which the keys can be entered using a 'key filler' or a 'key gun'.

In 1974, NATO was looking for a replacement for the ageing American KL-7 cipher machine, also known as ADONIS or POLLUX. They initiated an evaluation under the code name CEROFF and invited several manufacturers to take part in the bidding. Aroflex was Philips' contribution to the bidding. Another bidder was the STK from Norway, who offered RACE (KL-51) as an alternative.

When designing Aroflex, Philips wanted to use an existing teletype machine (telex) as its basis, and expand it with cipher capability. After dismissing AEG and PTI as possible partners in the project, they finally selected the Siemens T-1000. It was a modern telex machine which offered unparalleled expansion possibilities.

The downside of the T-1000 was the rather open construction, causing unwanted emission of radio signals (EMC). It took an enormous effort by both Siemens and Philips Usfa, to make the combined machine EMC and TEMPEST proof [4].
KL-51 (RACE) with open lid and expanded paper holder

The outcome of the NATO CEROFF bidding match was inconclusive and ended in a remittance between Aroflex and the Norwegian RACE. NATO chose for a split-procurement and left it to the end-user to decide what equipment to order. As a result, Philips allowed RACE to use the Aroflex algorithm, making both machines compatible [4]. Eventually, Aroflex turned out to be the more popular machine in Europe and Canada [5], whilst the more robust RACE was adopted by the US.

In 2009 we discovered a series of black & white photographs that were considered to have been lost when Philips Crypto BV was dissolved in 2003. The pictures show detailed images of the various assembly stages of the Aroflex. They were probably created for the service manual.

The image on the right shows an exploded view of the Aroflex' crypto add-on. It consists of four PCBs and a crypto-unit. The narrow board at the top left is the processor board. It contains an 8080 microprocessor and connects to the other boards via 6 flat-cables with 16 lines each.

The three boards in the middle are (from top to bottom) the memory-board, the mixer-board and the interface-board. The latter also contains the switched-mode power supply unit. All the voltages needed for the electronics are derived from a single 24V source inside the T-1000.
Exploded view of the critial Aroflex components

The small grey rectangle at the right is the crypto-module, also known as the crypto-heart. It contains a number of custom chips and was classified as confidential at the time. All units are connected together by means of a series of short flatcables, with plugs that fit into an IC socket.

During the Cold War, Aroflex, or actually the Siemens T-1000CA, was researched extensively by the Russian KGB and the East-German Ministerium für Staatssicherheit (MfS or Stasi). In 1982 or 1983 they managed to get hold of a machine that had mysteriously disappeared from a show. In 1986/1987, Department XI of the Stasi spent 30% of its capacity on targetting the machine. They tried to exploit the machine's unwanted emanations (TEMPEST), but were not successful [6].

Although they didn't manage to break the machine, they had a constant supply of keylists from someone at NATO. It was the same person who had supplied them with the ELCROTEL keylists from 1972 onwards [7]. Although this means that the key was compromised, it does not mean that the machine was compromised as well. As far as we know, Aroflex was never broken.

Compatible machines
Race   KL-51
Aroflex was not the only machine that took part in the NATO bidding for CEROFF. In fact, the evaluation was inconclusive and listed both Aroflex and the Norwegian RACE as winners.

As a result, Philips made the Aroflex algorithm available to STK, who subsequently implemented it in RACE. Although in practice Aroflex was the real winner, with most machine sold, RACE was adopted by the US as the KL-51.

 More information
KL-51 (RACE) with open lid and expanded paper holder

For other NATO bidding races in 1976, known as MERCS and CALL SIGN, Philips developed the portable and modular Picoflex in co-operation with Telefunken. It was crypto compatible with Aroflex and could be used over standard PSTN telephone lines and via radio.

Picoflex was introduced in 1982, but only modest quantities were built over the years.

 More information
Pico flex with acoustic coupler

Similar machines
A modified Siemens T-1000 teleprinter was used also by Crypto AG (Hagelin) for its HC-550 and HC-580 cipher machines. Like Aroflex, these machines had an external crypto unit bolted to its bottom. A simpler solution was made by the German company Tele Security Timmann (TST).

In their machines, the Leitungs-Anpassungs-Teil board (LAT or line adapter) of the Siemens T-1000 was replaced by an OEM-version of Timmann's universal TST-9669 crypto card [9].

Please note that although the Hagelin and TST machines visually resemble the Aroflex, they were not compatible with Aroflex nor with any other NATO cipher machine. Each manufacturer used their own cryptographic algorithm.

 More about the Hagelin HC-550
Hagelin HC-550 cipher machine


AEG   Algemeine Elektricitäts Gesellschaft
Former German manufacturer of electronic equipment and components. Started co-operation with Telefunken in 1967 and with Siemens in 1969, trading as AEG Telefunken. More...
CEROFF   Cipher Equipment Rapid Off-Line
Code name of a NATO evaluation in 1974 to find a replacement for the ageing KL-7 cipher machine. Examples of CEROFF compatible equipment are Aroflex, RACE (KL-51) and Picoflex.
NATO   North Atlantic Treaty Organization
(Wikipedia) (Website)
PTI   Philips Telecommunicatie Industrie
Former Philips subsidary specializing in telecomminication solutions.
RACE   Rapid Automatic Cryptographic Equipment
Acronym used for the NATO KL-51 cipher machine that was used for NATO CEROFF communication alongside the Philips Aroflex. RACE was manufactured by Standard Telefon og Kabelfabrik A/S in Norway.
SHAPE   Supreme Headquarters Allied Powers Europe
Headquarters of the Allied Command Operations (ACO), one of NATO's two strategic military commands. (Website)
SPECAT   Special Category
ZEROIZE   General expression for deleting the cryptographic keys and other variables from an encryption device in case of a compromise or seizure.

To keep track of the various (incompatible) Aroflex and T-1000 variants, Philips used a complex scheme of model numbers, version designators and internal 12NC numbers. Generally speaking, most Aroflex machines were marked as model UA-8116, but the version designator (e.g. '/02') identified the actual variant and, hence, the crypto-logic. In addition, some machine were given a completely different module number. These models are currently known:

Model Ver Philips 12NC Customer Remark CL 1
UA-8116 /00 ? ? ? A
UA-8116 /01 ? ? ? A
UA-8116 /02 ? NATO Ministry of Defense A
UA-8116 /03 ? ? ? A
UA-8116 /04 ? Government Austria, Switzerland, Italy, France A
UA-8116 /05 ? ? ? A
UA-8116 /06 ? NATO, SHAPE No SPECAT function A
UA-8116 /09 4322 082 7130 Dutch Police Politieflex 2 A
UA-8116 /10 4322 082 7150 Turkey Gov. Modified Beroflex UA-8489/01 B
UA-8116 /50 ? Austria ? A
UA-8116 /51 ? BND ? A
UA-8138 /00 4322 082 7255 Philips Concern T-1000PC B
UA-8139 /00 4322 082 7250 Hong Kong T-1000PH B
UA-8473 /00 4322 081 79740 NATO Battery set (replaced)  
UA-8494 /02 ? NATO Field Test set  
UA-8498 /10 4322 082 7156 Turkey Test set  
UA-8510 /09 4322 082 7155 Turkey Key generation program  
UA-8511 /10 ? NATO Case for Test Set  
UA-8513 /00 4322 081 82600 NATO Battery set  
UA-8520 - ? NATO Exerciser (depot repair)  
Crypto modules
UA-8486 /00 ? - Crypto Module A
UA-8489 /00 ? Siemens T1000CA B
UA-8489 /01 ? - Crypto Module B
  1. Crypto-logic. A = Aroflex, B = Beroflex (i.e. T-1000CA).
  2. Special Aroflex variant for the Dutch Police. Not compatible with the NATO version.

  1. Aroflex Brochure
    Philips Usfa. April 1979. 4 pages.

  2. Aroflex Operating Instructions
    Philips Usfa. 13929-E-0581. May 1981. 50 pages. Restricted.

  3. Aroflex Operating Instructions
    AMSO-762(A). September 1987. 66 pages. NATO Confidential.

  4. Aroflex Crypto Equipment UA8116 series. Narrative Description Part 1: Text
    13928-E-0381. March 1983. 33 pages. Confidential.

  5. Aroflex Illustrated Parts List
    AMSM 765. August 1985. NATO Restricted.

  6. Aroflex Illustrated Parts List for Crypto Module UA-8486/02
    Philips Usfa. January 1987. 56 pages. NATO Restricted.

  7. Algemene beschrijving Aroflex (Global description, Dutch)
    Philips Usfa. Document 13813-N-1182. Date unknown. 10 pages.

  8. Aroflex Extended Functional Test
    Shape Contract SHNMO 80-9017. November 1980. 41 pages. Restricted.

  9. Aroflex, Description of Key Generator
    13928-E-0381. March 1981. 22 pages. Secret.

  10. Aroflex Key Generator description
    Information for interfacing key generator UA-8485/00 as used in UA-8116/02 and UA-8116/06. July 1982. 36 pages. NATO Confidential.

  11. Aroflex Key-Manufacturing Program UA-8510
    Operating instructions. October 1981. Confidential.

  12. Goedkeuringsdocument AROFLEX
    Approval document Aroflex (Dutch). VBV 92002(A), Nummer 2. Ongerubriceerd. 1
  1. Unclassified.

  1. Philips Usfa BV, Aroflex promotional photograph
    Crypto Museum Archive.

  2. Philips Usfa BV, Aroflex internal assembly photographs
    Crypto Museum Archive.

  3. Jane's Military Communication 1986
    ISBN: 0-7106-0824-1

  4. Philips Usfa, Internal Memo L/5636/AvdP/JG
    23 August 1982, page 5.

  5. Museum pages of Canada's Foreign Service Communicators
    RACE: Rapid Automatic Cryptographic Equipment

  6. Jörg Drobick, KGB and MfS research of the Siemens T-1000-CA ELCROTEL.
    Website: Der SAS- und Chiffrierdienst (SCD). German. Retreived Augus 2011.

  7. Bode Wegman, Militäraufklärung der NVA, der Geheimdienst der NVA
    ISBN 3-89574-580-4. p. 217-218.

  8. Combined Communication-Electronics Board, Tape Relay Procedures
    ACP-127(G) Standard. November 1988.

  9. Helmut 'Jim' Meyer, HS0ZHK, My way to Ham - Radio and beyond
    Website QRZ.COM. Personal correspondence. March 2015.

  10. H.P. Kraan, Overzicht Aroflex
    Aroflex Overview (Dutch). Internal Memo UNB 20-23- 5180. 7 April 1986.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Wednesday 05 August 2009. Last changed: Tuesday, 13 November 2018 - 08:49 CET.
Click for homepage