Cryptography Reference
In-Depth Information
5.7.5 NSA and Skipjack
In April 1993, the President of the United States started a Technology Initiative
related to the
Escrowed Encryption Standard
(
EES
), the
Clipper chip
, and
the
Capstone chip
, among other things. The initiative was intended to provide
for cryptologically secure data and voice transmission, however, with some
reservation: governmental agencies should have access to the secret key upon
demand. This would be done by
key escrow
using a device-specific key, which
can be used, in turn, to decipher the session key. We are only interested in the
underlying symmetric algorithm called
Skipjack
.
Nothing was known about its structure for many years. The reason was that
Skipjack was developed by the NSA and subject to secrecy. It was permitted for
use in 'non-analyzable' hardware (tamperproof chips) only, more specifically
in the
Clipper
chip (for telephone and telefax) and in the
Capstone
chip (for
data communication; embedded in the
Fortezza
card for notebooks). Though
a group of cryptologists were allowed to look at the algorithm [BrickDenn],
their results showed no vulnerabilities whatsoever — neither statistically nor by
means of differential cryptanalysis, and weak keys had obviously not been
found either. Nevertheless, this is not very convincing since nobody else was
permitted to have a look at the algorithm.
It is presumed in [SchnCr, 13.12] that Skipjack has a structure similar to DES.
The presumption was substantiated: in the unlikely event that somebody man-
ages to analyze either Clipper or Capstone, they should at least not be able to
learn a novel cryptographic method of the NSA. Anderson and Ross mentioned
in their remarkable article [AndKuhn.tamp] that the chip was read at the Sandia
National Laboratories.
However, when Matthew Blaze showed how the Skipjack algorithm imple-
mented in the Clipper chip can be exploited
without
key escrow, the EES
Initiative was all of a sudden not pushed at full stream anymore. He may have
hit a sore point, apart from hefty animosities against the Initiative by civil right-
ists and many cryptologists. More about this issue in Sections 6.4 and 8.2.3.
The Secrecy Concept Fails—Skipjack is Revealed
Skipjack was not supposed to become known, because nobody was supposed
to learn anything about the level of knowledge at the NSA. As a consequence,
only the NSA itself or suppliers under its strict supervision were permitted to
