T-310/50

from Wikipedia, the free encyclopedia

The T-310/50 was an encryption machine for the encryption of telex , which was developed in the GDR from 1973 and used from 1982 to 1990. A total of around 3700 devices were built in the VEB Steremat Berlin " Hermann Schlimme ". The T-310/50 was used by the MfS , the Interior Ministry of the GDR, the People's Police , the Council of Ministers of the GDR , the Ministry for National Defense , the FDJ, the FDGB, in combines and companies of the GDR as well as the Central Committee of the SED .

On 16/17. In August 1990, the GDR ZCO's central cipher unit handed over a complete set of T-310/50 equipment to the Central Office for Information Security in the FRG (today's Federal Office for Information Security , formerly the Central Office for Encryption of the BND), with the proviso that Establish and operate cipher connections from the Ministry of National Defense (MfNV) and the Ministry of Internal Affairs ( MfIA ) of the GDR to the Federal Ministry of Defense and the Ministry of the Interior of the FRG . The locations were HNZ-3 Prenden to Bonn and the main news center of the MfNV in Strausberg to Bonn.

technology

The T-310/50 consists of the power supply unit, the main unit and the control unit

The T-310/50 is an electronic encryption machine. This clearly distinguishes it from many other encryption devices known to the public in detail, which mostly followed mechanical ( M-209 ) or electromechanical ( rotor key machine ) principles. All functions are implemented in hardware using logic gates and flip-flops . The code converter, which replaces the control characters of the telegraph alphabet such as carriage return or line feed with two letters after encryption and reverses these replacements before decryption, was implemented in software using the K 1520 microcomputer system and the U880 ( Z80 ) microprocessor . The code converter can be switched on or off manually. The outputs generated by the code converter can be transmitted not only via radio teletype or telex lines, but also via telegraphy or telephony. The T-310/50 works with direct, partial direct and pre-encryption at a speed of 50 or 100 baud .

Encryption algorithm

Hollerith punch card with stamped time key

Encryption algorithms were always given a code name in the GDR. The algorithm of the T-310/50 was christened ARGON. ARGON is a symmetrical stream cipher with a 240-bit long key (time key) and a 61-bit long initialization vector ( saying key ). The time key is read in via a punch card and changed weekly. The slogan key is generated for each message to be encrypted by the machine itself using a physical random number generator. The message key is transmitted in clear text and ensures that each message is individually encrypted despite the use of the same time key.

The core of ARGON is a cryptographically secure pseudo-random generator , which supplies a total of 13 bits for the encryption or decryption of each 5-bit long character (see Baudot code ). The first five of these are linked with the plaintext bit by bit xor . The result of this XOR operation was stored in a linear feedback shift register, or LFSR for short. Bits 7 to 11 of the output of the pseudo-random generator then determine the number of steps the LFSR is rotated. The content of the LFSR is then output as the result of the encryption. When deciphering, the LFSR operation is mirrored and the XOR operation is carried out. Bits 6, 12 and 13 are discarded.

The downstream LFSR operation distinguishes ARGON from all previously known stream ciphers.

Structure of the pseudo-random generator

The status of the pseudo-random generator or PRNG for short is stored in a register with a length of 36 bits. The progression of this state is implemented via a function (denoted by Φ in), which requires the 36 bits of the current state, 2 time key bits and one bit of the message key as input and which outputs the 36 bits of the new state. To generate an output bit of the PRNG, Φ was called a total of 127 times with changing time key and saying key bits and finally one bit of the status reached was output.

In the context of the implementation of the function Φ, the function T is required, which decodes 29 bits to 9 bits. The 9 output bits of T were combined with suitably selected bits of the old state xor and then replaced 9 bits in the old state, while the remaining 27 bits of the old state were only shifted to the left by Φ. As part of the implementation of function Z, a circuit is used as an essential non-linear element, which maps 6 bits to 1 bit. The Z function represents a decoder. With the valency of 0, 2, 4, 7 ... 12, 17, 18, 21, 24, 27 ... 30, 33, 35, 42, 43, 47, 49 ... 53, 56, 58, 59, 62 and 63 the output has signal 1 otherwise 0.

Circuit board that realizes the long-term key

The selection of the bits of the old state transferred to Z and the selection of the bits of the old state linked to the result of Z xor is variable. This information, together with the position of the output bit and the 36 bits of the initial value of the status register, represented the so-called long-term key of the T-310/50. A special test device (T-034) was available to check candidates for possible long-term keys Hardware that simulates the T-310/50 and verified the suitability of the key candidates.

safety

The algorithm of the T-310/50 is one of the few previously secret and symmetrical encryption algorithms used by an industrialized nation to protect state secrets that have become known to the public. The studies on the security of the algorithm carried out by the Central Cipher Organization of the GDR (ZCO) are not yet matched by an investigation of its cryptographic strength by open cryptological science.

literature

Web links

Individual evidence

  1. ^ Klaus Schmeh : The East German Encryption Machine T-310 and the Algorithm It Used , Cryptologia, 30: 3, 2006, 251-257 p. 253
  2. http://scz.bplaced.net/t310.html
  3. Handover of the T310 / 50 to the ZSI
  4. The T-310 / 50's random generator
  5. Klaus Schmeh : The East German Encryption Machine T-310 and the Algorithm It Used , Cryptologia, 30: 3, 2006, 251-257