Rockex: Front and back views.  This example is on display at the Communications and Electronics Museum, Kingston ,Ontario (Photos by Jerry Proc)

DEVELOPMENT

Benjamin deForest Bayly, a Canadian wartime communications genius, was the developer of the Rockex. Originally from Moose Jaw, Saskatchewan, he became a professor at the University of Toronto. At the height of WWII,  he was hired by William Samuel Stephenson, the senior representative of British intelligence for the entire western hemisphere during World War II.
Stephenson was sent to the United States on June 21, 1940 to covertly open and run British Security Coordination (BSC) in New York City, over a year prior to the US entering the war. The BSC office, headquartered in room 3603 in Rockefeller Center, became an umbrella organization that by the end of the war, represented the British intelligence agencies MI5, MI6 (SIS or Secret Intelligence Service), SOE (Special Operations Executive) and PWE (Political Warfare Executive) throughout North America, South America and the Caribbean.

Bayly used the existing patented Telekrypton enciphering device and modified it in such a way that it did not encipher: a carriage return, a line feed, a space, a letter shift, figure/shift and the output formatted in 5-letter groups separated by spaces. One source says that the name Rockex was chosen after the designers saw a performance of the famous  Radio City Music Hall Rockettes dancers. Another source states that the name was derived from Rockefeller Center. Parts for the Rockex were supplied by The Teletype Corporation of Skokie, Illinois.

Not least in Stephenson's accomplishments and contributions to the war effort was the setting up by BSC of Camp X in Whitby, Ontario, the first training school for clandestine wartime operations in North America. Rockex first saw service at Camp X in 1943 to pass messages across the Atlantic and soldiered on in military and diplomatic applications until 1983.

Throughout 1943 and 1944, Rockex I remained the standard means of enciphering and deciphering almost all SIS telegrams between London and New York.  Clive Robinson posted some information in Bruce Schneier's blog. "Shortly after WWII  it was reported that the US government broke the UK automated One Time Pad system (Telekrypton/Rockex) used from New York to the UK used during the war. There are differing reports. The first one indicated that the code was cracked by looking at slight timing differences caused by the output relay  - visible with an oscilloscope that was placed across the comm line. The second indicated that the eavesdroppers were in an adjacent room in New York's Rockefeller Center and used an early equivalent of a spike microphone to listen to the unit. Either way, the Rockex was replaced with the Rockex II in 1944".

Canada used the Mk III and Mk V versions of the machine. Mk V was a security "enhancement" to the Mk III . Otherwise, the machines were functionally identical.

Ben Bayly died in 1996.

ROCKEX IN UK SERVICE

 In 1944, Rockex  Mk1 production commenced at  Hanslope, UK and later so did the Mk2. The Mk3,  Mk4 and Mk5 machines were produced at Borehamwood.  It was also assigned the following BID designators: BID08/05 08/06  08/07  08/08.

Only 12 MK1 Rockex machines were ever built. MK2 then went into production and one of the early examples was supplied to Bletchley Park during the last 6 months of WWII.  MK1  MK2  and MK3  were found to have possible security problems and were not Tempest compliant. Only the MK4, and finally the MK5  overcame these problems.

The real problem in any one-time system like Rockex was the production (and distribution) of vast quantities of genuinely random keystream tape.  Rockex twin master tapes ( and machines) were produced at Hanslope from 1944 to 1947. Then Rockex and key tape production was moved to the Palace of Industry at Wembley for a year and in early 1949, it all moved again to Borehamwood [3]  where production continued until the MK5 Rockex became obsolete during the late 1960's.
Watching the tape machine which produced the twin tapes was fascinating. It endlessly spewing forth two master tapes but was very labour intensive as someone had to check both tapes for accuracy and then they had to be sorted into different piles to be distributed to various clients. The Rockex keystream tape generating machine was code named "DONALD DUCK", perhaps because it spewed "gibberish".

It was shortly after WWII that engineer Don Horwood, working for GCHQ and ex-GPO COLOSSUS, produced a genuinely electronic random keystream tape  generator. In the new design, twin keystream tapes were produced from a noise generator which fed 5 flip-flops randomly.

The keystream tapes were produced in a special section run only by women.  The paragrapher device eliminated the stunt characters and gave 49 groups of 5 letter cypher in each block of 50 and also lined up everything on the teleprinter so it was all neatly laid out with the indicator groups in alphabetical order. In operation, the paragrapher unit formed  the 5 letter Rockex key code into blocks of 5 letter groups in blocks of 50 groups with a double space after every 5th group. Only 49 groups were encoded. The first one was an indicator group which the paragrapher slipped in at the end of every 50th group. The paragrapher punched the required information as a 6 level character on the key tape. The keystream tapes would be wound on a orange and blue marked spools. Blue was used for enciphering while the orange was used for deciphering.

Rockex traffic (non synchronous ) was always sent to Camp X at 45.5 baud, but all British Embassy and Consulate traffic was sent at 50 baud. The machine was always used in off-line mode along with a Model 15 Teletype, the associated Transmitter Distributor and also the Model 14 Reperforator.  Later, the printer was changed to a Creed Model 54. The Rockex system continued to be used for communications with Ottawa until the link closed in 1968 and also to the Camp X radio station (call sign VDL) until it closed down in 1969. ALVIS, having recently entered service, became the replacement system so private line communications were established between London and Washington/New York/Ottawa. The radio link to the US and Canada  was then collapsed.

The Foreign and Commonwealth Office considered the Rockex as the best cypher machine and that's why is was used from 1943 to 1973 in most British consulates and missions worldwide. Some of the more remote posts were still using Rockex into the 1980's. The British Army used Rockex as well.

OPERATING PRINCIPLES

Rockex uses the Vernam stream cipher method (circa 1919) in which plain text message is eXclusively OR'ed (XOR) with a random or pseudo random stream of data of the same length to generate the ciphertext.  Vernam did not use the term "XOR" in his patent, but he implemented that Boolean operation using relay logic. NSA has called this patent as one of the most important in the history of cryptography. Once both tapes were read and the enciphered output was produced, the  "keystream" or "keymat" tape was destroyed.

At the receive end, the process was reversed. An identical keystream tape was read alongside the encrypted tape which produced a plain text copy. The Rockex was operated in conjunction with a tape punch and a teleprinter.

The Rockex keystream tape consisted of six levels across, the bottom five of which were random but standard International Code Number 2 (Murray Code) [1]  perforations. The sixth level controlled functions for the 50 group makeup of the encrypted or decrypted text. Whenever there was a hole in the sixth position, the text tape would pause and the Murray Code perforations on the keytape would be printed or acted on. When there was no sixth hole, the standard encryption/decryption would take place. A discriminator was also in place to ensure that such things as figure-shift, letter-shift, end of line functions etc., would not appear in the encrypted text. Both a 5 level and 6 level tape reader was incorporated in the Rockex design.

One did not actually need a Rockex machine to code and decode messages. The 5 level plain text tape could be laid over the 6 level keystream tape (keeping levels 1 to 5 aligned on each tape along with the discriminator marks).  By holding both tapes to a light source and with the holes in the keymat tape showing behind, (ie no hole punched through), the message could simply be read in plain language Murray code figures and letters (difficult to explain with words alone.) This process was used occasionally but was not a practical way to process long messages.

In the heyday of Rockex, the speed of a telegraphic system was always stated in operations per minute, or abbreviated as OPM. Standard teletype was usually about 368.1 OPM, but Creed systems (and Rockex) measured at 428 OPM. The standard "word" back then was six sweeps of the commutator - five characters plus the space between words so the teletype speed was about 61.3 words per minute.

PHYSICAL LAYOUT

Rockex has three major assemblies. A "700 Unit" which sat on top, contained the mechanics and relays while the "804 Unit" directly below contained the electronics. The 804 unit was sometimes referred to as the "800 Unit" for short.  The Rockex could be fitted with one or two Keyer Units depending if the machine was installed in a busy communications center. The Step Up transformer was an optional item and was only used at installations that had 120 VAC power mains.
 

Rockex main components. The keyer unit never had a designator.(Photo by Jerry Proc)

STEP UP TRANSFORMER

Rockex could operate on either 120 or 220 volts 50/60 Hz AC mains by using a step up transformer or not. Both 50 and 60 Hz power sources could be accommodated by interchanging the mechanical gears that connected the motor to the operating shaft. For 120 volt operation , the step up transformer was used. For 220 volt operation, the transformer was omitted.
 
 

Step up transformer detail. (Photo by Jerry Proc)

POWER SUPPLY

The Rockex did not have a standalone power supply in the normal sense of the word. Instead, the 240 VAC mains voltage or the 220V "stepped up" voltage was distributed from the rear of the 804 unit to all the other units which had their own independent transformers, rectifiers and filtering capacitors.

700 UNIT

The 700 unit  houses the electric motor, the distributor and the eight GPO (General Post Office) Type 3000 mechanical relays which control the voltages to the different tubes when the "stunt" characters appear. The 240 VAC power input was  rectified to produce an output of 198 volts DC. the back of
the 700 unit on the photo with the cover off.

This unit handles both the 6 hole keystream and 5 hole plaintext/encrypted tape signals. Its rotating distributor unit passes both signals to the 804 unit where they are mixed and paragraphed so that it can be seen on a teleprinter all neatly laid out. Paragraphing is controlled by the 6th level on the keystream tape.   The key tape also controls the 804 unit to tell it when to slip in the 5 letter indicator group at the beginning of each block of 50 groups,  hence only 49 groups of  each block were enciphered.

804 UNIT

The purpose of this electronic 18 tube unit is to ensure that the stunt characters do not appear in the enciphered message.

Tube Lineup: 8 x ECC91 (6J6 dual triode) ;  8 x 2D21 (tetrode thyratron) and  2 x EB91 (6AL5 dual diode).

Looking at the front panel of the electronic unit, there are two rows of lamps and switches one above the other. Reading from left to right on the top row = 1 Neon lamp   2 Neon lamp   3 Fuseholder  4 Fuseholder  5 Switch. Note that items 4 and 5 are not used when the Rockex is powered with a 120VAC power mains.

Bottom row  =  1 Switch  2 Switch  3 Fuseholder  4 Fuseholder  5 Switch. Switch 1 and Neon 1 are for the 6.3 volt tube  heaters.   Switch 2 and Neon 2 are for the +198 volts HT.  Fuse 3 and 4 are mains supply fuses. Fuse 4 is for the HT. Switch 5 is the discriminator switch. The operator started the Rockex by switching on Switch 1 and watching Neon 1 light up. Next, the operator waited about 30 seconds before switching on Switch 2 and watching  Neon 2 light up then finally turning on Switch 5 for the  discriminator.  An underneath view of the 804 chassis would only reveal a large tagboard with a lot of resistors neatly laid out in two rows.

KEYER UNIT

Its sole purpose was to key mark and space signals to a teleprinter or a reperforator after the message(s) had been enciphered. It used a pair of KT-66 beam tetrode tubes to accomplish this. Some photos of Rockex machines show two keyers. A second keyer would be fitted if message traffic volumes warranted it.  In UK service, two keyer units would be used at busy stations such as Hanslope, Delhi, Singapore and Pretoria.  Otherwise, one keyer unit per machine was the norm.

A single keyer could be mounted under the keytape spool or on the baseplate of the stand. The baseplate fitting was always the preferable way since it was easy to install and remove. In cases where there was no baseplate fitted, there was no choice but to mount the keyer under the keystream tape reel. This was an awkward task generally requiring the use of four arms.

When mounted on under the tape spool the keyer had to be oriented sideways.  That enabled the lid to be removed for troubleshooting thus precluding the task of having to be unscrew the four nuts and bolts. When placed on the baseplate, the keyer did not need any fasteners since it lined up into the baseplate on its four slots.

KT-66 Tetrode specifications:

Filament Voltage 6.3 V
Filament Current 1.3 A
Plate Voltage (max) 550 V
Plate Current (max) 200 mA
Plate Dissipation (max) 25 W
 
 

After being in storage for many years, this new Rockex has just been unpacked by David White and is being set up for display at Bletchley Park in January 2006. The 700 unit is made by Creed.  (Photo by David White)

Rockex keyer unit: Normally, only one keyer was fitted but sometimes machines located in busy communications centres were fitted with two. The big tubes are KT-66 power tetrodes. (Photo by David White)

804 unit with chassis pulled out. (Photo by David White)

With cabling in place. (Photo by David White)

 

Tape spool detail. (Photo by Jerry Proc)

 

Rockex stand: These could be put to use as utility tables long after the machines were retired.   (Photo by Laurie Archibald)

FIVE LITTLE KNOWN FACTS ABOUT ROCKEX

Kevin Clarke, G8NHR complies these little known facts on the Rockex covered in file HW 9/44 [4]

1) Each ROCKEX keytape contained 208 sections. Each section consisted of a 5 letter indicator and 49 random 5 letter groups. That equates to almost 51000 cypher characters per tape.

2) Analysis of the random generator outputs used for keytape production showed a small deviation from true random. That amount of bias was deemed acceptable for use with the off-line ROCKEX system but unacceptable for use with the on-line 5UCO system.

3) The term "depths of two" described a situation brought about by the reuse of a keytape. At least three methods were proposed or tried to prevent this from happening. They were the tape slitter, the seventh hole perforator and an "Automatic Stop Feature". (In the UK,  the tape splitter was used)

4) In 1949 a miniaturised ROCKEX project for a Canadian customer was discussed but placed on hold. It was still on hold in 1954 when it seemed "unlikley that development effort will ever be available in view of small user requirements."

5 Project NUTMEG was a Canadian plan to produce a mechanical version of ROCKEX.

USING AND MAINTAINING THE ROCKEX

The horizontal tape reel was for the keystream tape. A yellow coloured reel for was used for encrypting  and red for decrypting. Also to be noted is  the centre post on the encrypt reel was higher than on the decrypt reel. There was a pressure switch that rode on the edge of the reel centre. This prevented the communicator from using the red reel for encrypting or the yellow reel for decrypting. The plain-text tape,  in the case of outgoing messages and the incoming encrypted tape, would be manually coiled and placed on the floor. It  would then feed through the T-D time in synchronization with the keystream tape.
 

A Rockex device in the Communications Centre of the Canadian embassy in New Delhi, India circa 1965. Here, the keystream tape reel is almost vertical whereas others were operated horizontally. Most communicators deemed the vertical configuration most practical. This photo also shows the mounting of the keyer. It was mounted on its side,  to the right-hand side of the 804 unit,  just below the key tape reel. (Photo courtesy Ray Fortin)

Originally, the keystream tape exited the reader and passed over a 'slitter' which, would cut the tape through the sprocket feed holes thus destroying it . Since the need for re-encryptions and check-decryptions was so great, the slitter had to be deactivated on all machines used by Canada's Foreign Service Communicators and by the Canadian Forces.

Some “blocks” of keytape would never be used for whatever reason. The most common problem was the  tape getting mangled while going through the gate.  A short message would then be sent to the other key tape holders advising of unused blocks. This was done just to clarify that it was not going to be used.

Depending on one's location in the world (and thus the time difference), it was smart to organize the incoming tapes and hard copies of coded messages in “block” alphabetical order thus ensuring decryption followed the sequence on the key tape.

Plain language messages for transmission were prepared in advance by a tape punch operator then coiled up. Coiling tape was an art form which one learned by experience. One of the most popular ways of coiling tape was to wind it on the right hand in a figure eight.  If the tape was wound properly, it would stay within itself. Once wound, one end was placed in the reader gate while the remainder of the tape was laid on the floor.

Both oiled and dry reperforator tape was used with Rockex. In most instances oiled tape was preferred  since it slipped through the gates much better, wasn't susceptible to humidity, coiled nicely without snagging and it even smelled good! Oiled tape could be purchased in varying degrees of saturation and the degree of saturation was expressed as a percentage (ie 10 percent oil, etc ). Canada's Foreign Service Communicators always requisitioned oiled reperforator tape wherever the machines were operated in hot climates.  For example, in New Delhi, India,  dry tape was stored in a ceiling loft  which had no air conditioning. As found out the hard way,  the dry tape was almost useless after months of storage under those conditions.
 
 

Tape reader detail. The keystream tape was fed to the left reader while the 5 level plain text or encrypted text was fed to the right reader. (Photo by Jerry Proc)

To begin the process of having the Rockex read both the 5 and 6 level tapes, a protruding rod or wire (akin to a railway gate) had to be lowered so it straddled the tapes just ahead of the reader gates.  If the source tape, looped as a figure 8 would not unwind as it did from time to time (too often actually), the coil would catch the wire lever and if the communicator was lucky it would raise the rod sufficiently so it halted the machine. If not, the tape would be drawn through the reader gate and tear. If only a few letters were affected, one would simply hunt for the same letters somewhere else in the tape and "stunt" them through one at a time.  Alternatively, you could go to a punch and retype a bit of tape with the letters you needed.  One could get very proficient "stepping" the Rockex, one character at a time.  It was probably hard on the clutches but most communicators did not give much concern to that.

Once ready to Encrypt, the communicator simply placed the plain language tape under the reader gate and positioned it on a few spaces or line feeds that the punching operator would have inserted ahead of the text.

The keymat or keystream tape had "Indicators "punched into level 6  (all in Murray Code) and it was the communicator's job to keep careful track of these indicators. As each message was encrypted, the indicators used on the keymat tape would be crossed off on a red or yellow "indicator" card. If all functioned well, the communicator could simply walk away from the machine and perform other duties while the message was being processed.

Click to enlarge images

	Keytape Indicator - In Card. Actual Colour. Used during message deciphering.
	Keytape Indicator - Out Card. Actual Colour. Used during message enciphering.
A communicator was well advised to keep careful track of the indicators since the worst sin they could probably commit would be to use the same indicator block (about a yard of tape) more than once.  It could be done, it was done and they were suitably chagrined during those rare times. (Images courtesy David Smith)

Under Foreign Affairs Canada, Rockex messages were organized into blocks of 10 groups of 5 letters per line, 5 lines to a block.  Each block began with the indicator group of the key tape, and ran alphabetically.  Thus, one could easily ask for a repeat from the sending party for one block or a number of blocks simply by citing the indicator groups required.  This was often required when a communications line experienced brief outages.  On other occasions it would require a complete repeat (ZDK) of a certain portion of the encrypted message.

When the OCAMS/NOCAMS [2] electronic messaging system first made its appearance in Foreign Affairs Canada,  the task of requisitioning a repeat was simplified. Once the remote end sent an OCAMS/NOCAMS message requesting a repeat, the duty communicator displayed the message on his screen, selected the blocks which were requested, placed a "header" and "ender" on it so OCAMS/NOCAMS would be able to route the message to the destination. That was simpler than the old days when a communicator would have to roll off paper reperforator tape from a monitor reel to find the portion required and then re-transmit  in a rather convoluted method.

 Under certain circumstances, the Rockex could be used to make extra hardcopies of messages or additional copies of plain language tapes using a procedure called runoff. By inserting a very thin strip of metal (always kept handy) under the gate of keystream tape reader, it would enable the Rockex to read the 5 level tape and the output of the Rockex would then be directed to a run off printer or run off tape reperforator. This procedure was especially useful should the in-service printer or in-service reperforator become faulty.

The commutator assembly for the 6 level keystream tape was located in the 700 unit just below the top surface. A shaft, affixed with a two  pole armature, rotated against two commutator rings. One was solid while the other was split into 7 segments. This was not a "start/stop' system as the International code number 2 was. The makeup of the Rockex commutator was six "intelligence" bits, followed by two "Mark" bits for synchronization purposes.

Attached to each and of the armature arm were replaceable copper-braid contacts. As they rotated against the commutator, the braid wore out and became unreliable. The commutator itself also oxidized thus producing errors. Often the simple task of using a pencil eraser to clean the commutator was all that was required to make things function again.  In later versions of the machine, the copper braid was replaced with carbon brushes.

There was another commutator in the Rockex which processed the five-level information. This was a "start/stop" system and was composed of one start bit,  five data bits, and 1.42 stop bits. The system actually came to a stop on each sweep of the commutator and recommenced on reception of the "Space" start bit, followed by the 5 data bits and then the 1.42 "Mark" stop bits.
 

Two views of the 6 level commutator assembly for the keystream tape. (Photos by Laurie Archibald)

Old or worn out Rockex commutators never die. They are reincarnated as clocks! Select here to see other clock conversions.    (Photo by Laurie Archibald)

Stan Fockner explains the problem of mixing governed and synchronous motors. "I recall we had very few "governed" motors which required a tuning fork (forking) adjustment. These motors were sparingly purchased for use in Model 28 printers, tape perforators and transmitter distributor units which were sometimes also equipped with "gear shifts" for different communication speeds. The idea was that the motor, once tuned to speed, would operate on 48 through 65 Hz. and could operate "on-line" almost anywhere it was needed. Well, that was the idea!

Our Rockex always used synchronous induction motors as did the associated Teletype equipment. They ran at the same relative speed so the mains frequency wasn't really relevant. But... we could requisition 50 and 60 Hz gear sets if we had a special requirement. Speed synchronization problems would occur when a "governed" motor Teletype product was attached to a Rockex. A governed Teletype motor continued to turn at a constant speed while the synchronous Rockex motor changed speed slightly with the mains frequency. We could not get a governed motor fitted inside the Rockex.

Stan Dabrowski was one of Foreign Affairs technical legends who fine tuned a Rockex to the point where it could decypher traffic at 100 wpm. It was aptly nicknamed "The Dabrowski Turbo Rockex" and could only sustain this speed only under his care. Otherwise it balked while it was in the proximity of other technicians. No tech could duplicate his precision tuning methods and no communicator could stand the mechanical noise it made!"

John Roy relates a 6 level armature adjustment technique which is not meant for the eyes of any technician. "I was once told to apply some pencil lead shavings to the commutator surface, then let the rotor rotate once. Now put a sheet of white paper on the rotor head and let it rotate once. You should only see a very light trace of pencil  lead if everything was adjusted properly.  No pencil lead markings meant that contact pressure was too light and the machine would generate garbled characters. If the trace was too dark there was too much pressure and that meant excessive contact wear.  This technique actually worked".

When messages arrived that were too badly garbled to be decrypted, one had to roll off the keymat material (using the required indicators as a guide) and then ask for a ZDK (repeat) from the sender. Sometimes that could  take days from some remote locations.  Sometimes keymat  (keystream tape) would be inadvertently destroyed - yes it happened occasionally - and there would be no recourse but to ask the originator to redo the entire message from scratch.

David Smith relates some of his experiences with Rockex. "On my first posting to Rome in the 1960's, we were a relay station, relaying messages to Ankara Turkey, Cairo Egypt and one other place that escapes me. Our traffic in turn was relayed from Geneva - there were few direct lines in those days.  That meant that often we would have to decrypt and then turn around and encrypt the same message using one of the relay stations 2-way (or 3-way) keymat reels.  Cairo was on a quarter-speed circuit in those days - brutally slow.  To amuse myself while on an evening shift, I would take the incoming encrypted  teletype tape still being transmitted by Geneva, drag it into the Rockex room, decrypt it, re-encrypt it for Cairo and drag the still being encrypted tape to the 1/4 speed Cairo circuit and actually be transmitting a re-encrypted message to Cairo while it was still being transmitted from Geneva.  Of course, one hoped there were no disruptions with the Geneva-Rome circuit or the tapes didn't snag but it was more successful than one might think.  Something to amuse oneself in a relatively boring chore".

Ray White notes "When it worked well , Rockex was a superb system and, at 75 wpm, you could move a lot of traffic in a hurry.  But there were so many variables, such as a poor electrical ground (a common problem in the Arctic and other areas), made the system very difficult to operate.

A technician who worked on the Rockex,  provides the following description about its operation.
"The Rockex hardware consists of two tape readers, plain text (pl) for one and the key tape (kt) for the other and associate electronic circuitry. The kt has a 6th hole, which is used for formatting the printout. The format of a Rockex printout consist of paragraphs of  ten lines and each line consists of ten 5 letter groups. So the key tape starts with a carriage return (cr)., 2 line feeds (lf) and a five letter group that indicates the beginning of the encryption block and all with a 6th hole. There is a 6th hole for every 5 letter group which would produce a space on the print out and two 6th hole after 5 of those groups which would show up as a double space on the print out. After 10 groups we have a full line and the 2 6th holes would generate a cr and a lf to start a new line ...and so on until the end of the 5th line which would have a double lf and a single cr and a new encryption block. An operator should confirm or correct this format.

In the encipher mode, when the reader senses a 6th hole, it holds the pl tape and outputs its function or letter to the printer.  The Rockex works on the principle of an exclusive or (XOR) where two ones give you a zero, two zeros give you a zero and a one and a zero gives you a one. By XOR'ing the two tapes we get a character or a function. Those functions would disrupt the format with spurious lf or cr or a space or letter shift or figure shift and even a blank. These last six functions are called stunts and must be eliminated from the enciphered text. The Rockex electronics can detect these stunts. I can't remember the detection logic but it is not hard to imagine such circuitry. When a stunt is detected at the end of the XOR'ing function, the PL tape is held back and only the kt is read, its letter is passed to the reperforator and printer and the key tape moves up to the next letter. If it is a valid match, the result is passed on. And so on until the message has been encrypted.

In the decipher mode, the operator lines up the two tapes in their readers using the first 5 letter group printed in the encipher mode which is identical to the kt. The XOR'ing function takes place again and this time the results of those first 8 characters and functions generate blanks as they are identical. When a blank is detected, the printer is held up and nothing prints and both tapes advance. But when the result of the XOR'ing is not a blank, the printer receives that character or function as they were in the original pl tape and the text is recovered".

The encrypted Rockex signal was never sent directly to the communications line by the Canadian military nor the Foreign Service. While it would have been theoretically possible to do so, there were many variables which would have made it impractical.  The practice was to produce a five-level encrypted paper tape and then use this tape to transmit. Not counting the unreliability of communication circuits, among the things that would render transmission to  line impractical was the speed of the Rockex versus the speed of the communication circuit.  Rockex ran at about 75 wpm while communication circuits ran as slow as 15 wpm, 30 wpm on others, the normal 60 wpm on most and up to 120 wpm on higher speed circuits.

Rockex was used in many Canadian Embassies and missions abroad for processing special traffic. There were times when the resident EL (technician) would pull his hair out trying to get the device to be operational. In many locations there was no resident technician. As an example, Beirut was serviced from Athens. In Bangkok, the closet technician was in  Kuala Lumpur. Whenever a  machine broke down, approval had to be secured from Ottawa for the technician's travel expenses. This process could take almost a week before the technician was on site. As a result, the communicators who operated the Rockex became proficient at making minor or band-aid type repairs.

At Naval Radio Station Aklavik, a technician had placed a sign above the Rockex machines stating something to the effect "In the event emergency destruction is ordered, do not destroy. Call Petty Officer ........ who will personally demolish the &%$#@^& thing !!!"

READER'S FEEDBACK

Reader Thierry Moreau provides the some feedback about Rockex security.

"These days, "stream ciphers" are used as components of elaborate cryptographic schemes (e.g. AES-CCM is indeed a stream cipher), and the mistake of re-using a key for two messages is still present. Another aspect of the Vernam cipher is its vulnerability to message modification in transit. Changing "YOU WILL BE ATTACKED BY TEN SQUADS" to "YOU WILL BE ATTACKED BY TWO SQUADS" may be done by manipulating the ciphertext only, with a hint or guess about the plaintext structure. (AES-CCM is indeed an arrangement countering this vulnerability.)

I did not see any echo of this ciphertext tampering vulnerability with the Rockex. Here are my hypotheses:

1) Mounting an ciphertext-tampering-in-transit attack was difficult to do at that time.
2) The cleartext structure was not readily guessable by interested enemies.
3) The SPACE plaintext insertion logic in the Rockex for to restrict the ciphertext to the A-Z code provided some protection as a side-effect: it randomly altered the plaintext structure that might be otherwise guess able by interested enemies.

These days, such defenses are not considered valid for a stream cipher arrangement".
 

FOOTNOTES:

[1]  The original 5 level Baudot code became known as the International Telegraph Code No. 1. Sometime around 1900, another 5-bit code called the Murray Code was invented. The Murray Code eventually displaced the Baudot Code and became known as the International Telegraph Code No. 2. Unfortunately, everyone was hopelessly confused by this time -- to the extent that Murray's name sank into obscurity, while Baudot's name became associated with almost every 5-bit code on the face of the planet, including the International Telegraph Code No. 2. (From http://www.maxmon.com/1880ad.htm)

[2] CAMS - Ottawa Communications Automated Message Switch
      NOCAMS - New Ottawa Communications Automated Message Switch

[3]  The reason why manufacturing was switched from Wembley to Borehamwood was that Richard Gambier Parry, head of MI6 comms was very concerned  about security.  To overcome this he bought a personal lease on an anonymous  Borehamwood factory and employed private labour from the local  labour exchange. The whole outfit was run as a private business with no connection with government except for the MI6 staff who inputted a few critical functions. He then sold the machines and tapes to government as any other private supplier would do. When the Treasury  found out about it, they were understandably concerned. What would happened if Parry were to meet with an accident and be killed? His relatives would then own the factory!  They understood the reason for why it was set up the way it was, but they needed to provide some kind of financial auditing system that involved only a couple of people at the highest security level.

[4] Cryptographic Security:  ROCKEX cypher machine. The file covers the period March 1954 to October 1955 and is available from the National Archives in the UK

---

References and Credits:

1) http://en.wikipedia.org/wiki/Vernam_cipher
2) Ray White <r.p.white(at)sympatico.ca> Formerly with Foreign Affairs Canada
3) Laurie Archibald <laurie.archibald(at)sympatico.ca> Formerly with Foreign Affairs Canada
4) John Roy <john.roy3(at)sympatico.ca> Formerly with Foreign Affairs Canada
5) David Smith <drdee(at)sympatico.ca> Formerly with Foreign Affairs Canada
6) Stan Fockner <Savant(at)rogers.com> Formerly with Foreign Affairs Canada
7) Ray Fortin <raymondfortin(at)rogers.com> Formerly with Foreign Affairs Canada
8) http://www.schneier.com/blog/archives/2005/09/snooping_on_tex.html
9) http://en.wikipedia.org/wiki/Sir_William_Stephenson
10) http://www.findarticles.com/p/articles/mi_qa3926/is_200104/ai_n8932999
11) http://www.sandiegomag.com/issues/july97/cult.shtml
12) David Hamer <dhhamer(at)comcast.net> National Cryptologic Museum
13) David White <davidwhite400(at)hotmail.com>
14) StanAmes  <StanAmes (at)aol.com>
15) Kevin Clarke G8NHR <g8nhr(at)yahoo.co.uk>
16) Frode Weierud <frode.weierud(at)gmail.com>
17) Thierry Moreau <[thierry.moreau(at)connotech.com>
 

Sept 6/19