This article includes a list of references, but its sources remain unclear because it has insufficient inline citations. (March 2009) (Learn how and when to remove this template message)
KL-7 Cipher Machine 
|Common manufacturers||NSA, NATO|
The TSEC/KL-7 (also known as high-level NSA secret military codename Adonis) was an off-line non-reciprocal rotor encryption machine.:p.33ff The KL-7 had rotors to encrypt the text, most of which moved in a complex pattern, controlled by notched rings. The non-moving rotor was in fourth from the left of the stack. The KL-7 with 12 rotors also encrypted the message indicator and was code named ADONIS.
History and development
In 1952, the machine was introduced by AFSA's successor, the U.S. National Security Agency, in the US Army, Navy and Air Force. In the early 1960s, the AFSAM-7 was renamed TSEC/KL-7, following the new standard crypto nomenclature. It was the most widely used crypto machine in the US armed forces until the mid-1960s and was the first machine capable of supporting large networks that was considered secure against known plaintext attack. Some 25,000 machines were in use in the mid-1960s.:p.37 The KL-7 was also used by several NATO countries until 1983.
An 8-rotor version sent indicators in the clear and was code named POLLUX. The encrypted or decrypted output of the machine was printed on a small paper ribbon. It was the first cipher machine to use the re-entry (re-flexing) principle, discovered by Albert W. Small, which re-introduces the encryption output back into the encryption process to re-encipher it again. The research for the new cipher machine, designated MX-507, was initiated in 1945 by the Army Security Agency (ASA) as a successor for the SIGABA and the less secure Hagelin M-209. Its development was turned over to the newly formed Armed Forces Security Agency (AFSA) in 1949. The machine was renamed AFSAM-7, which stands for Armed Forces Security Agency Machine No 7. It was the first crypto machine, developed under one centralized cryptologic organisation as a standard machine for all parts of the armed forces, and it was the first cipher machine to use electronics (vacuum tubes), apart from the British ROCKEX, which was developed during World War 2.
The KL-7 was designed for off-line operation. It was about the size of a Teletype machine and had a similar three-row keyboard, with shift keys for letters and figures. The KL-7 produced printed output on narrow paper strips that were then glued to message pads. When encrypting, it automatically inserted a space between five-letter code groups. One of the reasons for the five letter groups was messages might be given to a morse code operator. The number of five letter groups was easily verified when transmitted. There was an adaptor available, the HL-1/X22, that allowed 5-level Baudot punched paper tape from Teletype equipment to be read for decryption. The standard KL-7 had no ability to punch tapes. A variant of the KL-7, the KL-47, could also punch paper tape for direct input to teleprinters.
Each rotor had 36 contacts. To establish a new encryption setting, operators would select a rotor and place it in a plastic outer ring at a certain offset. The ring and the offset to use for each position were specified in a printed key list. This process would be repeated eight times until all rotor positions were filled. Key settings were usually changed every day at midnight, GMT. The basket containing the rotors was removable, and it was common to have a second basket and set of rotors, allowing the rotors to be set up prior to key change. The old basket could then be kept intact for most of the day to decode messages sent the previous day, but received after midnight. Rotor wiring was changed every 1 to 3 years.:p.36
The keyboard itself was a large sliding switch, also called permutor board. A signal, coming from a letter key, went through the rotors, back to the permutor board to continue to the printer. The KL-7 was non-reciprocal. Therefore, depending on the Encipher or Decipher position of the permutor board, the direction of the signal through the rotors was changed.
The rotor basket had two sets of connectors, two with 26 pins and two with 10 pins, at each end that mated with the main assembly. Both 26 pin connectors were connected to the keyboard to enable the switching of the signal direction through the rotors. Both 10 pin connectors on each side were hard-wired with each other. If a signal that entered on one of the 26 pins left the rotor pack on one of these 10 pins, that signal was redirected back into the rotors on the entry side to perform a new pass through the rotors. This loop-back, the so-called re-entry, created complex scrambling of the signal and could result in multiple passes through the rotor pack, depending on the current state of the rotor wiring.
There was also a switch pile-up under each movable rotor that was operated by cams on its plastic outer ring. Different outer rings had different arrangements of cams. The circuitry of the switches controlled solenoids which in turn enabled the movement of the rotors. The combination of cam rings and the controlling of a rotor by several switches created a most complex and irregular stepping. The exact wiring between switches and solenoids is still classified.
The KL-7 was largely replaced by electronic systems such as the KW-26 ROMULUS and the KW-37 JASON in the 1970s, but KL-7s were kept in service as backups and for special uses. In 1967, when John Anthony Walker (a sailor in the U.S. Navy) walked into the embassy of the Soviet Union in Washington, DC seeking employment as a spy, he carried with him a copy of a key list for the KL-47. KL-7s were compromised at other times as well. A unit captured by North Vietnam is on display at NSA's National Cryptologic Museum. The KL-7 was withdrawn from service in June 1983, and Canada's last KL-7-encrypted message was sent on June 30, 1983, "after 27 years of service."
The successor to the KL-7 was the KL-51, an off-line, paper tape encryption system that used digital electronics instead of rotors.
- "KL-7". Cryptomuseum.com.
- Proc, Jerry. "KL-7". Jproc.ca. Retrieved 25 July 2018.
- A History of U.S. Communications Security; the David G. Boak Lectures, National Security Agency (NSA), Volume I, 1973, partially released 2008, additional portions declassified October 14, 2015
- Proc, Jerry. "KL-7". Jproc.ca.
- Method and apparatus for cryptography
- Proc, Jerry. "KL-7". Jproc.ca. Retrieved 25 July 2018.
- Jerry Proc's page on the KL-7, retrieved 2012-08-28.
- NSA Crypto Almanac 50th Anniversary - The development of the AFSAM-7, retrieved 27 February 2011.
- Technical details and history of the TSEC/KL-7, from Dirk Rijmenants' Cipher Machines & Cryptology, retrieved 27 February 2011.
- Patent for Rotor Re-entry by Albert W Small, filed 1944 from Free Patents On-line, retrieved 27 February 2011.
- "Cryptology", Encyclopædia Britannica. Retrieved 22 June 2005 from Encyclopædia Britannica Online.
- Card attached to KL-51 on display at the National Cryptologic Museum, 2005.
- TSEC/KL-7 with detailed information and many images on the Crypto Museum website
- Accurate TSEC/KL-7 Simulator (Windows), on Dirk Rijmenants' Cipher Machines & Cryptology