NSA's CIRCE Cryptosystem (KAL-55B, KTC-800A)

追加: 2026-05-31

[00:00:00]Let's have a look at this crypto  system from the Cold War era.

[00:00:04]The KAL-55B, also known as KAK, officially known as CIRCE inspired by the goddess of the Greek mythology.

[00:00:15]As we read in JProc's website about it... This is a tactical authentication  system used during the Vietnam war era.

[00:00:24]Doug Neil used the KAL-55B as a forward observer  with the 196th Light Infantry Brigade in Vietnam.

[00:00:34]He recalls... It was called a KAK wheel and was used to  call artillery registration coordinates when not in a contact fire mission.

[00:00:45]There was a page that told us  what cipher to use each day.

[00:00:48]Every day was different.

[00:00:50]So, apparently this wasn't for operational  or strategic communication security but for tactical communications that only  had to remain secret for a few hours.

[00:01:00]This allowed its designers, the NSA, to come up with a very user-friendly system.

[00:01:07]As we read in this DoD article by Brian  C. O'Reilly from January of 2025... Numerical map coordinates were  seen as particularly critical since intercepting the coordinates could allow  enemy forces to evade US and Allied attacks while being able to accurately  ambush and shell US troops.

[00:01:30]In response to a 1969 request by the US military,  NSA's S14, the Tactical Applications Division developed a new field numerical  cipher wheel called the CIRCE system consisting of the KAL-55B wheel  and the KTC-800 code matrix to replace a hodgepodge of homemade  and older manual ciphers for field use.

[00:01:56]The system was deployed in the thousands  to the field in Vietnam starting in 1970 to protect numbers and especially map coordinates.

[00:02:05]Before diving deeper into its history, here's how it works.

[00:02:09]As you can see, it says "Day 18" here.

[00:02:12]That's because there were  separate ones issued for each day so that even if one of them was compromised,  it wouldn't compromise the entire system.

[00:02:20]And it worked like that.

[00:02:22]The circular grille is what NSA called the KAL-55 And this code table here is  what NSA called the KTC-800 As you can see, it had five  alphabets in random order.

[00:02:41]Say you were a radio operator in Vietnam and  wanted to encrypt your message with this.

[00:02:46]You'd first pick any of those... Say "D" here and then select a random letter from it Say "X" here Then you'll transmit this over radio in clear NSA called this the alignment indicator Specifically, you'd say... I SET DELTA XRAY The recipient would have an identical  system, of course, and set it accordingly After this alignment, you pick the  next letter after the one communicated meaning "Y" in this case and if you had picked the last  one, like "N" in this example then you'd use the first from the same alphabet.

[00:03:26]So, "G" All right, since our alignment was "D" "X" we select "Y" and set the  KAL-55 accordingly, like this Now you can use the outer disc  to encrypt the coordinates Say you want to encrypt 1123 You could pick any of those  three for the number 1 and NSA recommended to use different  ones if you had repeated numbers So 11 could be "Y" "X" and 2... Let's say "B" and lastly 3, "U" So, then we send over radio "YXBU" and for each message and as a states you  should be using a different alignment basically, repeating that process altogether Clearly, the decryption was the reverse process You can imagine that something so simple wasn't  very well-received by NSA's crypto experts And going back to the  aforementioned article, we read... Years later, in 1981, NSA COMSEC  expert Donzel Betts would comment... Our people who approved  cryptosystems did not really like our using a system that we knew was not as  strong as we could build and make it but it was a compromise It was a tradeoff What was the value of having a system if it was so complicated to use  that it wasn't going to be used?

[00:05:24]Is better to have something that  is medium good and have it used than have a perfect system that's not used And in that same article, we also  read this memo from NSA's S14 the creators of this, from October 8th, 1970 giving even more insights behind this decision The system has been assigned a  mythological designator CIRCE As discussed in the reference, the  decision to agree to expanded use of CIRCE was influenced by our estimate that the Viet Cong could not successfully recover results  in time to permit tactical exploitation Coupled with the above, and  also of prime consideration was our feeling that despite its  relatively weak cryptographic nature implementation of CIRCE was preferable  to the continued use of homemade systems by US tactical forces And only a year after its release  for operational use, in 1971 NSA was already worried of  its low security levels CIRCE is not safe for the currently  approved volume of 500 messages per day Using the same assumptions and  derivations, it is estimated that CIRCE will fail by the time a 100 messages of any  known kind have been transmitted in the key And a year later, in August of  1972, the inevitable happened As we read... While operating the Ho Bo  Woods of Binh Duong Province the ARVN Fifth Division, that's  the Army of the Republic of Vietnam captured a number of Viet Cong  documents, including a complete 22-page Viet Cong cryptanalysis report of  the American and ARVN radio communications This Viet Cong cryptanalysis report was centered  on a complete analysis of the CIRCE system with copies of the "Day 2"  cipher tables, CIRCE weaknesses and step-by-step instructions  on how to exploit the system, reconstruct the daily keys,  and decrypt the coordinates The translated captured document was sent by the  US Military Assistance Command, Vietnam (MACV) on December 11th, 1972, and relayed to NSA.

[00:07:43]And by 1973, NSA started working  on its replacement, the KAL-61B codenamed DRYAD Again, inspired from Greek mythology We might look at DRYAD in a future episode but that was the secret history of  the KAL-55B from its start to its end And that perfectly highlights a challenge that  exists to this day for security professionals What's the right balance of security that is  frictionless enough so that people will use it but still provide an  appropriate level of protection?

[00:08:20]And this little system here, is  a perfect representation of this And despite not many people knowing about it it acts as a reminder that in the spy world... Nothing is as it seems