T-310/50

T-310/50 is an electronic encryption machine consisting of two main parts: the main unit and the control panel. This clearly distinguishes this type of machine from many other encryption devices, widely known to the public, which mainly follow mechanical ( M-209 ) or electromechanical ( rotary keys ) principles. All functions are implemented in hardware using logic gates and triggers. The code converter, which replaces the control characters of the telegraphic alphabet, such as carriage return or line feed with two letters after encryption and cancels these replacements before decryption, was implemented in software using and the microprocessor . The code converter can be turned on or off manually. The output data generated by the encoder can be transmitted not only over a radiotelephone or telephone line, but also over a telegraph line. T-310/50 works in direct, partially direct and preliminary encryption with an operating speed of 50 or 100 Baud ^[1]

Encryption algorithms have always received a code name in the GDR . The T-310/50 algorithm was named ARGON. ARGON has symmetric stream encryption with a 240-bit key (time key) and a 61-bit initialization vector (talk key). The time key is read through the card and is changed weekly. A conversation key is generated for each message that must be encrypted by the machine itself using a random number generator . The conversation key is transmitted in plain text and ensures that each message is encrypted individually, despite using the same time key .

The ARGON algorithm is based on the use of a secure pseudo-random generator, which provides a total of 13 bits for encryption or decryption of each 5-bit character. The first five of these are related to the plain text of the bitwise XOR. The result of this XOR operation is stored in a linear feedback shift register or LFSR for short. Then, bits 7 through 11 of the output of the pseudo-random generator determine the number of steps by which the LFSR rotates. The contents of the LFSR are then output as a result of encryption. When decrypting, the LFSR operation is mirrored and the XOR operation is performed. Bits 6, 12, and 13 are discarded. .

Thus, the LFSR operation distinguishes ARGON from all previously known stream ciphers ^[2] .

The state of a pseudo-random generator, or short PRNG, is stored in a 36-bit register. The step of this state is realized through a function (denoted by Φ in ^[3] ), which takes 36 bits of the current state, 2 bits of the time key and one bit of the offer key, which produces 36 bits of the new state, as input. To generate the PRNG output bit, Φ is called a total of 127 times, each time with the change of the bits of the time key and the conversation, and finally, a bit is stored in the register.

As part of the implementation of the function Φ, the function T ^[4] is required, which decodes 29 bits to 9 bits. The 9 output bits of T are connected to the correctly selected bits of the old state via XOR, and then they replace the 9 bits in the old state, while the remaining 27 bits of the old state are shifted to the left by Φ. To implement the function Z ^[5] , a circuit that maps 6 bits to 1 bit is used as the main nonlinear element. Function Z is a decoder. With a valency of 0, 2, 4, 7 ... 12, 17, 18, 21, 24, 27 ... 30, 33, 35, 42, 43, 47, 49 ... 53, 56, 58, 59, 62 and 63, the output has a signal 1, otherwise 0.

The selection of the old status bits passed to Z, as well as the selection of the old status bits that are associated with the XOR result, are variables. This information, together with the position of the output bit and 36 bits of the initial value of the status register, makes up the so-called long-term key T-310 / 50. A special test device (T-034) existed to test candidates for possible long-term keys. The equipment modeled the T-310/50 and tested the suitability of key candidates ^[6] .

The T-310/50 algorithm is one of the few previously secret and symmetric encryption algorithms used by an industrialized country to ensure state secrets, which became known to the general public. Further research into the security of the algorithm led to the following conclusions:

• An effective key length of 230 bits is sufficient to exclude the possibility of enumeration of keys
• There is no evidence that the creators of the T-310 algorithm knew about differential or linear cryptanalysis.
• The use of parity bits in a secret key is a concept that was used by the creators of DES.
• Using XOR to generate a key is replaced by matrix multiplication
• When describing the algorithm, the creators did not specify the encryption speed, which allows us to conclude that performance is not a bottleneck ^[7] .

T-310 - an important cipher of the Cold War . This is essentially a block cipher from which very few bits are extracted for actual encryption. This property means that the T-310 is significantly stronger than other ciphers of the same historical period, such as DES . Very few examples are known in the cryptanalytic literature when a cipher can be cracked in such difficult conditions. In one such example, an attacker receives only 4 bits from each encryption. In T-310, bits 1 to 1397 are used to encrypt only the first character of the plaintext, which will already depend on all 240 bits of the key. It is very difficult to disassemble the T-310 in a completely general environment. A BSI security assessment was carried out by BSI after the reunification of Germany in 1990, and its conclusion was that the T-310 was “extremely safe” .

The main result is to show how to recover a T-310’s 240-bit key in an attack using only encrypted text, when the long-term key is such that the rounding function is not bijective. It is extremely rare to see an attack with only encrypted text on a valid government cipher. A strong attack requires very serious steps and preparation .

In general, in the case of key 206, an attack was simulated with a time complexity of 298 and a data complexity of about 259, which allows you to restore a 240-bit key in the setting for encrypted text only. The complexity is worse for the historical key, which lists several different known long-term keys for the T-310 from 1973-1990, which were accessed on January 21, 2017 when parsing and analyzing the capabilities of the T-310/50 .

A secure symmetric encryption standard must be robust. Reliability can mean, for example, that the stability of the system should not be reduced from 240 bits to less than 100 ^[8] .

• Klaus Schmeh : The East German Encryption Machine T-310 and the Algorithm It Used. In: Cryptologia. 30, 3, 2006, ISSN 0161-1194 , S. 251-257. DOI : 10.1080 / 01611190600632457 . (Abstract, englisch)
• Drobick (2017, Drobick, J. T-310/50 ARGON

• Zeitlicher Verlauf der Entwicklung der T-310/50
• Übergabe T310 / 50 an das ZSI
• Weitere Informationen und Bilder der T-310/50
• Zufallsgenerator der T-310/50
• Algorithm Analysis T-310/50
• The East German Encryption Machine T-310 and the Algorithm It Used

Category: Encryption Devices