Nyheter

A secret mission in the basement: the Swedish engineer who built cipher machines by hand

Published: Jul 2, 2026
Kryptologins historia 2

For more than 30 years, a Swedish cipher machine built in a basement protected some of the country's most sensitive communications. The machine is known as PUD and was used by the Ministry for Foreign Affairs to encrypt messages.

Cajsa Pierrou is a computer scientist by training and has long been interested in cryptology. Her curiosity began long before she set foot at university; the interest was already there in the family. Cajsa's grandfather, Arne Pierrou, was the man behind PUD, a Swedish cipher machine used by the Ministry for Foreign Affairs for more than 30 years.

Arne Pierrou was born in 1924, trained as an engineer at KTH Royal Institute of Technology and was called up for military service around 1940. It was a turbulent year for Swedish cryptology. In parallel with mathematician Arne Beurling breaking the German Geheimschreiber, another effort was under way, one concerning the machines used by the Swedish armed forces themselves.

These were so-called Hagelin machines, which at the time were in use both in Sweden and around the world. Arne Pierrou encountered them during his military service and reacted immediately.

– He said fairly quickly that it was not a good machine, that it was not secure enough, and that statement soon reached the Ministry for Foreign Affairs, says Cajsa.

The Ministry recruited him. It was known at the time that the Hagelin machines could be broken in just a few hours. For communication in the field, this was considered acceptable; if a soldier reports that he is turning left, that information is rarely relevant four hours later. There were also administrative measures in place to improve the machines' security so that they could still be used. But for the Ministry, which exchanged sensitive information between embassies and countries, it was not enough. There, the information needed to remain secret for far longer.

A one-time pad in mechanical form

At the time, the Ministry used a so-called one-time pad system, known as BUD (Blankettchiffer UD). In theory, the system is perfectly secure: the message is combined with a key of exactly the same length. For the system to be secure, the key must firstly be random, secondly be kept secret, and thirdly never be reused. As long as the key remains secret and is never reused, the message cannot be broken. This was proven mathematically by the cryptologist Shannon around 1940.

But the problem was a practical one. The BUD system was operated by hand; the operators sat with a pad, a key and a text, combining each character manually. It was cumbersome, time-consuming and unpopular.

That was what Arne's machine solved. He built a mechanical one-time pad system, the first Swedish implementation of its kind. The key was held on a long, narrow paper strip with holes, similar to a punched card. It was inserted into the side of an ordinary Olympia typewriter, which Arne had stripped of its original workings and rebuilt from the inside. For each row, the key strip had up to five holes encoding five-bit symbols. This required five spring-loaded pins ("needles") in the key reader, one pin for each potential hole in each row. The pins read the key while the operator typed the message, and the machine automatically combined the key with the text. The result: the encrypted text came out directly on paper.

 

–  He removed the entire manual step. But also the problem of typing everything twice and keeping track of lots of different papers, says Cajsa.

The machine is said to have been completed in 1960 and was taken into service by the Ministry. It was then used for around 30 years.

The basement in Stockholm

What makes the story particularly special is how the machines were manufactured. Arne Pierrou built them himself, at home in his basement in Stockholm. The FRA (the National Defence Radio Establishment) visited the home to inspect the premises and approve them as sufficiently secure. The work then continued for around 30 years, at a rate of just over one machine a month.

Arne's wife Joan helped out. She drilled holes in circuit boards and soldered them by hand, often dressed up, on her way out to a dinner party. The neighbours never found out what was going on in the basement. The FRA continued to turn up at dinners to make sure everything was being done properly.

–  That would never fly today. But back then, Grandfather built most of what went into the machines, says Cajsa.

When Cajsa's father was young, he was allowed to help. He sat testing the machines once they were finished. A young lad with a summer job at his parents' house, in a basement full of circuit boards and equipment.

Arne later developed the machine further to make it more resistant to compromising emanations, the risk that mechanical sounds from the machine could reveal information about the key to someone sitting in the next room. Among other things, he switched to optical reading of the key strip and reduced the number of moving mechanical parts.

The machine was called PUD, or "Pudden". Exactly what the abbreviation stood for is somewhat unclear, most likely Pierrou UD, but it has also been suggested that it stood for punktchiffer UD (punched-hole cipher UD).

–  My family says it stands for Pierrou UD, and I have also read that in a few historical journals. But I have also heard that the P stands for punktchiffer, that is, a cipher produced by punching holes, says Cajsa.

A story that lives on

Cajsa never met her grandfather; he passed away before she was born. But her father often told her about him, and the stories sparked an interest that stayed with her.

– It sparked my interest in the whole industry, and it gave me a way of looking at questions I still ask myself today. What is it you are protecting, and what are you protecting it against? says Cajsa.

Those questions remain relevant. Today, the balance between security and usability is just as central as it was when Arne Pierrou sat down in his basement and built the Pudden. The systems look different, but the underlying principle is the same.

–  It was not that long ago. That is what is so remarkable about all this. It began in the 1940s. Then, in the 1990s, people were fine with a basement-built machine being sent around in courier bags. And now here we are, in a completely different era, says Cajsa.

Linked In 36
Linked In 37
Linked In 38

About Tutus

Tutus is a Swedish cybersecurity company providing comprehensive solutions in information and network security, with a particular focus on encryption and secure communication. Since 1992, we have developed advanced solutions for critical societal functions with high security requirements — offering products approved for handling security-classified information up to the level of Restricted at the national level, as well as EU Restricted and NATO Restricted.