Cryptography Reference
In-Depth Information
game is officially that Skipjack may be used only together with key escrow.
How does this work?
Each chip contains:
•
a serial number (
unit ID
);
•
a secret chip-specific key (
unit key
); and
•
another secret key, the so-called
global family key
. It is identical for all
chips in communicating devices.
All chips are
tamperproof
, which means that their secrets cannot (allegedly)
be read. During the production of the chips, the unit keys are split into two
subsecrets via secret sharing, as described in Section 6.2. Together with the unit
IDs, the manufacturer hands the two lists of subsecrets over to two trustworthy
authorities, in this case the NIST and the Department of the Treasury.
In a communication, the chip at the sender's end uses the unit key to encrypt the
session key and then accommodates it in a 128-bit field, the so-called
LEAF
,
an acronym for
Law Enforcement Access Field
. Together with an initialization
vector (IV), this LEAF is created at the beginning of a communication ses-
sion and transmitted. A chip begins to work only once it has received a valid
LEAF - IV pair. The session key and the IV can be loaded into the chip reg-
isters only after they have been submitted together with the pertaining LEAF.
This prevents modified software from feeding the chip with old LEAFs and
then continuing to work with a different session key - IV pair.
Now, if a court wants to listen in on somebody, they first record an encrypted
conversation. They then determine the unit ID of the sender chip from the
LEAF. Subsequently, they use this number to request the 'halves' of the unit
key from the two authorities via the FBI, and then XOR the two pieces. Using
the unit key thus produced, they can compute the session key and decrypt the
conversation. For more calls from the same chip, they can continue decrypting
without checking back with the two authorities. Once the sender has been
busted, they delete the key
...
What does a secret communication look like with the Clipper chip?
1. Alice wants to call Bob. The two of them agree on a session key (e.g.,
by means of an asymmetric method).
