Homepage
Crypto
Index
Enigma
Hagelin
Fialka
Siemens
Philips
Nema
Racal
Motorola
STK
Transvertex
Gretag
Telsy
Tadiran
USA
USSR
UK
Voice
Hand
Mixers
Phones
Spy sets
Burst encoders
Intercept
Covert
Radio
PC
Telex
Donate
Kits
Shop
News
Events
Wanted
Contact
Links
Logo (click for homepage)
BBC Cryptophon 1100
Time-division speech scrambler SV-11

The Cryptophon 1100 was a time-division speech scrambling device, developed by Brown Boveri and Company (BBC) in Switzerland around 1974 [3] . The time-division process introduces a delay of approx. 0.5 seconds. The unit is compatible with the Vericrypt 1100 and can also be used on telephone networks, although it does not have echo cancellation on 2-wire networks.
 
In the late 1970s and the early 1980s, the Cryptophon 1100 was introduced at many police and law enforcement agencies world-wide. Examples are the German border police, the German Secret Service (BND) and the Dutch police force.

The image on the right shows a Cryptophon 1100 unit. It is basically a grey metal box, with two connections and a set of thumbwheels at the front (covered by a sliding door). A separate breakout box was required for the connection of the various perpherals, such as microphone, speaker and radio. The unit shown here was used by the Dutch police for many years. 		  
Close-up of the connections
Cryptophon 1100 donated by Barry Wels [1]

All connections and controls are at the front of the unit. At the top left is the audio connector. It is a 12-pin DIN connector with audio-in, audio-out, push-to-talk (PTT), etc. At the bottom left is the 4-pin DIN power connector. It takes 12V from a car battery or external PSU. At the right is a black sliding door behind which the thumbwheels for setting the daily key are hidden (below).
 
BBC Cryptophon 1100 Close-up of the connections Frontpanel with the thumbwheels uncovered Cover closed Revealing the thumbwheel switches The thumbwheel switches Setting the cryptographic key Setting the daily key

 
Cryptographic key
The cryptographic key is made up of two elements: the basic key, which is fixed internally, and the daily key, which is set with the six thumbwheels at the front. The basic key can only be altered by opening the unit and replacing a small printed circuit board (PCB) with a set of solder links in a 5 x 12 matrix. It was different for each agency, and was not changed very often.
 
The daily key can easily be set by entering a 6-digit number with the thumbwheels at the front. A small sliding door hides the current setting, so that the number cannot be read by a potential eavesdropper. It also protects the switches against accidental changes.

The 6-digit number allows 106 combinations. It is used to 'seed' the internal pseudo-random number generator (PRNG), which has a period of approx. 8.5 hours. This means that the number sequence produced by the PRNG does not repeat itself within 8.5 hours [2] . 		  
Setting the daily key

During a transmission, a Frequency Shift Keying (FSK) signal is broadcast with the speech, to allow the PRNG of the receiver to run 'in sync' with the transmitter. This FSK signal takes the form of a 1830 Hz pilot tone (± 100 Hz). At the start of a conversation, the system needs approx. 1.5 seconds to 'lock in'. During this time, no useful speech can be transmitted. Most operators would count 'twenty-one, twenty-two', before starting the message.

Once transmitter and receiver were 'in sync', the system would need only 0.2 seconds on a change-over. Because of the principle behind the type of scrambling used by the Cryptophon 1100, all audio was delayed by 0.5 seconds. This was considered a drawback.
 
Compromised
Between 1978 and 1981, the Cryptophon 1100 and Vericrypt 1100 were tested by a number of West-German agencies, such as the police, the Ministry of Internal Affairs and the German Secret Service (BND). They considered the system safe and between 1981 and 1982, a large number of Cryptophon 1100 units were installed with the various agencies.

In 1983 the East-German cipher bureau managed to break the cipher by reconstructing the keys from a series of intercepts. They also built their own equivalent of the Cryptophon, called the A-003, that was used in the breaks. Another device, the so-called A-004, was used to decipher the Vericrypt 1100. As a result, they managed to read about 90% of the West-German Cryptophon 1100-based radio traffic during the 2nd quarter of 1988 [2] .
 
Interior
Considering its age, the Cryptophon 1100 is extremely well built. Only first class components and PCBs are used. The units consists of three main PCBs, all mounted on an extendible frame. The image below shows the uncovered interior of the Cryptophone 1100.
 
The two digital boards are both mounted on one side (left) and can be folded away from the frame. A small 3rd board is mounted to the inner board as some kind of modification, that was introduced after the design was completed.

The analogue board is at the other side (right). It contains 9 high-quality LC audio filters that are used for filtering the FSK pilot tone and the audio. The rear of the unit contains the power supply unit (PSU) that converts the 12V of a car into suitable internal voltages. The unit shown here was probably built around 1975. 		  
Interior of the Cryptophon 1100

 
Outer digital board Inner digital board Analogue board Close-up of the filters PSU mounted at the rear Basic Key PCB at the front Basic Key PCB

 
Operation
The cryptographic principle used in the Cryptophon 1100, is of the type time-division speech scrambler. Speech is recorded (sampled) and divided over the time domain (scrambling). The simplified diagram below, shows how this works. Speech is cut into small time segments and is scrambled with other time segments in an ever changing order. The order in which the packets are scrambled is determined by a pseudo random number generated that is seeded by the setting of the 6 thumbwheels at the front of the unit.


In this diagram, the top row shows the clear speech (input) in time. The second row shows the speech after it is scrambled. Finally, the bottom row shows the speech once it is descrambled again (output). The whole process of scrambling and descrambling, causes a delay of approx. 0.5 seconds.

As the time segments are scrambled in an ever changing pattern, it is important that transmitter and receiver are correctly synchronised. To ensure that both ends are kept 'in sync', a pilot signal (FSK) is transmitted with the scrambled speech.
 
Block diagram
Below is the blockdiagram of the Cryptophon 1100. The audio input is at the top left. In transmission mode, audio is filtered, digitised and stored in a temporary memory buffer. The order in which the samples are read out of the buffer, is determined by the number generator (PRN). The new (scrambled) signal is then converted back to the analogue domain again. In order to allow the receiving end to stay in sync, an FSK signal (pilot) is inserted in the output path.


In receiving mode, the synchronisation signal (pilot) is extracted from the incoming audio signal (top left) and decoded. It is then used by the program register (CPU) to keep the number generator (PRN) in sync.
 
References
  1. Barry Wels
    Donator of the Cryptophon 1100 featuered on this page.

  2. Jörg Drobick, Beschreibung des Cryptophon 1100 BStU176
    Der SAS- und Chiffrierdienst (SCD), German.

  3. W. Baschlin,Integration of time division speech scrambling
    into police telecommunication networks
    Ores Publications (USA), 1977.

  4. US Patent 4773092, Speech Scramblers
    Frederick Huang, Oxford (UK). Racal Research Ltd., Berkshire (UK).

Further information

Any links shown in red are currently unavailable. If you like this website, why not make a donation?
© Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Friday, 25 March 2011 - 13:38 CET
Click for homepage