The TSEC/KW-26, code named ROMULUS, (in 1966 the machine based encryption system was not code-named "Romulus," rather the code-name was "Orion," at least in the US Army's variant) was an encryption system used by the U.S. Government and, later, by

NATO The North Atlantic Treaty Organization (NATO, ; french: Organisation du traité de l'Atlantique nord, ), also called the North Atlantic Alliance, is an intergovernmental military alliance between 30 member states – 28 European and two N ...

countries. It was developed in the 1950s by the

National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...

(NSA) to secure fixed

teleprinter A teleprinter (teletypewriter, teletype or TTY) is an electromechanical device that can be used to send and receive typed messages through various communications channels, in both point-to-point and point-to-multipoint configurations. Init ...

circuits that operated 24 hours a day. It used

vacuum tube A vacuum tube, electron tube, valve (British usage), or tube (North America), is a device that controls electric current flow in a high vacuum between electrodes to which an electric potential difference has been applied. The type known as ...

s and

magnetic core A magnetic core is a piece of magnetic material with a high magnetic permeability used to confine and guide magnetic fields in electrical, electromechanical and magnetic devices such as electromagnets, transformers, electric motors, generators, ...

logic, replacing older systems, like

SIGABA In the history of cryptography, the ECM Mark II was a cipher machine used by the United States for message encryption from World War II until the 1950s. The machine was also known as the SIGABA or Converter M-134 by the Army, or CSP-888/889 by ...

and the British

5-UCO The 5-UCO (5-Unit Controlled)Ralph Erskine, "The 1944 Naval BRUSA Agreement and its Aftermath", ''Cryptologia'' 30(1), January 2006 pp14–15 was an on-line one-time tape Vernam cipher encryption system developed by the UK during World War II ...

, that used rotors and electromechanical

relay A relay Electromechanical relay schematic showing a control coil, four pairs of normally open and one pair of normally closed contacts An automotive-style miniature relay with the dust cover taken off A relay is an electrically operated switch ...

s. A KW-26 system (transmitter or receiver) contained over 800 cores and approximately 50 vacuum-tube driver circuits, occupying slightly more than one half of a standard

19-inch rack A 19-inch rack is a standardized frame or enclosure for mounting multiple electronic equipment modules. Each module has a front panel that is wide. The 19 inch dimension includes the edges or "ears" that protrude from each side of the equ ...

. Most of the space in the rack and most of the 1 kW input power were required for the special-purpose vacuum tube circuits needed to provide compatibility with multiple input and output circuit configurations. The military services' requirements for numerous modes and speeds significantly increased costs and delayed delivery. NSA says it is doubtful that more than three or four of the possible configurations were ever used. The KW-26 used an NSA-developed encryption algorithm based on

shift register A shift register is a type of digital circuit using a cascade of flip-flops where the output of one flip-flop is connected to the input of the next. They share a single clock signal, which causes the data stored in the system to shift from one loc ...

s. The algorithm produced a continuous stream of bits that were

xor Exclusive or or exclusive disjunction is a logical operation that is true if and only if its arguments differ (one is true, the other is false). It is symbolized by the prefix operator J and by the infix operators XOR ( or ), EOR, EXOR, , ...

ed with the five bit Baudot teleprinter code to produce

ciphertext In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintex ...

on the transmitting end and

plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of comp ...

on the receiving end. In NSA terminology, this stream of bits is called the key. The information needed to initialize the algorithm, what most cryptographers today would call the key, NSA calls a cryptovariable. Typically each KW-26 was given a new cryptovariable once a day. NSA designed a common fill device (CFD), for loading the cryptovariable. It used a Remington Rand (UNIVAC) format

punched card A punched card (also punch card or punched-card) is a piece of stiff paper that holds digital data represented by the presence or absence of holes in predefined positions. Punched cards were once common in data processing applications or to di ...

(45 columns, round holes). The operator inserted the daily key card into the CFD and closed the door securely, locking the card in place. Decks of cards were created by NSA and sent by courier. The cards were strictly accounted for. Because the KW-26 used a

stream cipher stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream ...

, if the same key card was ever used twice, the encryption could be broken. To prevent re-use, the card was automatically cut in half upon reopening the CFD. As the units aged, the card reader contacts became less dependable, and operators resorted to various tricks, such as hitting the card reader cover with a screwdriver, to get them to work properly. Card readers were cleaned and the spring loading of the contacts checked as part of the routine maintenance of the device. Because the KW-26 sent a continuous stream of bits, it offered

traffic-flow security Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication, it can be performed even when the messages are encrypted. In general, the greater the number of messages observed ...

. Someone intercepting the ciphertext stream had no way to judge how many real messages were being sent, making

traffic analysis Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication, it can be performed even when the messages are encrypted. In general, the greater the number of messages observe ...

impossible. One problem with the KW-26 was the need to keep the receiver and transmitter units synchronized. The crystal controlled clock in the KW-26 was capable of keeping both ends of the circuit in sync for many hours, even when physical contact was lost between the sending and receiving units. This capability made the KW-26 ideally suited for use on unreliable HF radio circuits. However, when the units did get out of sync, a new key card had to be inserted at each end. The benefit of

was lost each time new cards were inserted. In practice, operational protocol led to the cards being replaced more often than was desirable to maintain maximum security of the circuit. This was especially so on radio circuits, where operators often changed the cards many times each day in response to a loss of radio connectivity. In any case, it was necessary to change the cards at least once per day to prevent the cypher pattern from repeating. Early KW-26 units protected the CRITICOMM network, used to protect communications circuits used to coordinate

signals intelligence Signals intelligence (SIGINT) is intelligence-gathering by interception of '' signals'', whether communications between people (communications intelligence—abbreviated to COMINT) or from electronic signals not directly used in communication ...

gathering. The initial production order for this application, awarded to Burroughs in 1957, was for 1500 units. Other services demanded KW-26's and some 14000 units were eventually built, beginning in the early 1960s, for the U.S. Navy, Army, Air Force, Defense Communications Agency, State Department and the

CIA The Central Intelligence Agency (CIA ), known informally as the Agency and historically as the Company, is a civilian foreign intelligence service of the federal government of the United States, officially tasked with gathering, processing, ...

. It was provided to U.S. allies as well. When the USS ''Pueblo'' was captured by

North Korea North Korea, officially the Democratic People's Republic of Korea (DPRK), is a country in East Asia. It constitutes the northern half of the Korean Peninsula and shares borders with China and Russia to the north, at the Yalu (Amnok) and T ...

in 1968, KW-26's were on board. In response, the NSA had modifications made to other units in the field, presumably changing the crypto algorithm in some way, perhaps by changing the shift register feedback taps. Starting in the mid-1980s, the KW-26 system was decommissioned by NSA, being replaced by the more advanced solid-state data encryptor, TSEC/ KG-84.

External links

KW-26 history page

NSA brochure - Securing Record Communications: The TSEC/KW-26
{{Cryptography navbox , machines National Security Agency encryption devices

See also

External links