Tuesday, January 23, 2007

Hagelin C-52 and CX-52

The C-52 and CX-52 from Hagelin Cryptos (Crypto AG, Switzerland) are one of the most successful state-of-the-art cipher machines ever build. Thanks to a simple but brilliant design these all-mechanical devices have a tremendous key space and cryptographic strength. The pin-and-lug type CX-52 cipher machine has a total of 4.13 x 1099 possible keys! The introduction of this machine caused quiet some disturbance in the cryptanalytic community. The C-52 and CX-52 are without a doubt the most popular Cold Ware era cipher machines. They were sold to more than 60 countries and remained popular for decades. A complete description, the technical details and working principle of this machine can be found on my website. Dutch readers can go to this page.

Picture courtesy Nicholas Gesslers Cryptology Collections

2 comments:

frank gerlach said...

Oh yeah impressive number 10^99. Except that this does not mean very much. It is rumored that NSA and Hagelin/Crypto AG were good friends. I am sure the good Mr Hagelin doctored the machine to make his American friend's work a bit easier. Google for "Iran Crypto AG" to learn more.

Dirk said...

I'm afraid you lost yourself in fuzzy facts. First of all, the M-209 was indeed already broken by the Germans in WW2. It's a much less secure design as the C-52. The M-209 had, simply put, a period of 101,405,850 possible different 6 bit values. It was designed as tactical machine (short time security). The C(X)52 with its irregular moving wheels was far more secure, and more important, a transparent design with higly customable featurs. The machine was open to the public and was analysed by many cipher bureaus and academics, other than NSA, without success. The open design of this pre-computer machine did not leave space for any 'backdoor'.

The alleged connections between Crypto AG and NSA refer to the electronic machines from the 1970's onwards, which 'could' incorporate hidden design features or weaknesses. However, these articles should be taken with lots of sceptism. First of all, no single academic (cryptanalistic) source supports the theory. Cryptanalysis of the C(X)-52 showed no weaknesses, even in todays computer era no ciphertext-only attacks are found, and yes, there are others than NSA, also very well capable to analyse crypto algorithms. By the way, are you familiar with crypto devices in any way?

Moreover, there is not one single source, only news papers and one book from Clark. Also, the different articles strangly are very similar. Never is mentioned about which machines it goes, no cryptanalitic details, and several facts in the articles about Hagelin are simply wrong. It is clear that the writers of the articles did not do their home work, or just copied 'what they heard'.

All quality crypto is always publicly available so that it's stength can be checked by other crypto experts (secrecy must depend on the secrecy of the key, not on a secret algortihm. This way of verifying has ensured quality crypto for decades with succes, and all modern crypto algorithms are publicly available and implementable. The case of the - open - CX-52 is a good example of this. It's impossible to rigg a machines like the CX-52. In worst case, it could be a matter of exploiting weaknesses in an algorithm. (the CX-52 was cryptanalyses for years, without success! No weaknesses found). But, as I said before, the later electronic 'black boxes' with propretary algorithms 'could' be rigged.

We could see this from another point of view. NSA had lots of reasons to descredit a foreign crypto manufacturor. The US has a long history of blocking or weakening good cryptography (see public key algoritm key sizes and downsizing Feistels's DES design, nota bene in their own country!). Putting Crypto AG in a bad light would surely be in the intrest of NSA and limit the proliferation of quality crypto in the world, due to suspicious customers. The lack of sources, academic proof or any hard evidence whatsoever about the Crypto AG ridging stuff does makes one wonder where the story really came from...

Everyone knows that NSA has bought the top mathematics, and is very capable. However, their capabilities are not unlimited and other fields of SIGINT are often used to support or evenreplace cryptanalysis. As a NSA guy once said, "in 99 percent of the case we don't even have to break anything', we get it before it's encrypted."

All together, we one should not base its conclusions on articles in newspapers before verifying the course and become familiar with the concerned crypto devices (of which is mentioned with not a single word)