Cryptography Reference
In-Depth Information
Digital signatures mean that we have to deal with a new quality of threats. The
probability of compromise may be smaller by several orders of magnitude than
the probability that conventional signatures can be forged perfectly by current
standards. Conversely, the potential damage is higher by orders of magnitude
one can hardly estimate. We discussed something similar in Section 4.5.6.
This is a real dilemma. How insecure we become with our ethical value system
when we have to decide in such a situation can be seen in the example of
the dispute about the threats emanating from nuclear power. In the case of
signatures, in contrast, we can expect a certain amount of help from cryptology,
provided we don't ignore the potential threats and look for ways out.
As a minimum requirement, you should use different pairs of private and public
keys for signatures and key distribution.
6.4 Key Escrow. Matt Blaze's Attack Against the EES
Protocol
We will be dealing with a totally different field in this section. It has been
(and hopefully never will be again!) fiercely discussed in the USA and Ger-
many. It concerns key escrow. More specifically, it concerns the US standard
EES (Escrowed Encryption Standard) briefly mentioned in Section 5.7.5. In
that section, we had just looked at Skipjack, the symmetric algorithm EES
uses. In this section, we want to have a closer look at the underlying crypto-
graphic protocol. Later, in Section 8.2.3, we will discuss the legal and political
consequences and backgrounds of key escrow.
As you know, two chips currently implement EES: the Clipper chip for
encrypted phone calls and the Capstone chip for data communication. In
addition to encrypting, Capstone can also sign digitally (using DAS, the
standard developed by the NSA), handle key exchange by means of an
asymmetric method, compute hash functions (using SHA, which belongs to
DSA), and many more things. Clipper is virtually a subset of Capstone.
Nevertheless, the hot debate on EES in the USA is conducted by the buzzword
'Clipper', because listening in on phone calls seems to still agitate more people
than insecure data communication.
6.4.1 How Clipper and Capstone Work
As mentioned earlier, most details of Skipjack and its implementation are secret
and hidden in non-analyzable hardware. The main reason for this hide-and-seek
