Cryptography Reference
In-Depth Information
A Practical Application
This heading is not totally serious. I just want to hint what consequences
breaking the EES protocol could have.
Bob works undercover in the drug-trafficking underworld. He is excellent at
reading people, he is a first-class shooter and fighter, and he is extremely wary
at the same time. Though he doesn't know much about cryptology, he knows
that Alice (presumably the big boss) sends him encrypted messages that can be
wiretapped by the FBI. He thinks that Alice is also aware of that. She encrypts
nevertheless, because it prevents her major competitor Carol from listening in
on her.
Alice knows a cryptologist who modifies her Clipper software as described
above. When she discovers Bob's identity, she sets up a trap for him: Bob is
to show up at a certain location at a certain time.
Bob has a dim feeling but eventually relies on the fact that Alice's communi-
cation is wiretapped. He thinks: 'After all, Alice knows that they listen in on
her. So she won't be as naıve as to lure me into a trap over the phone.' Bob
has no way of knowing that Alice's LEAF was forged (and he cannot know
theoretically either, because he doesn't know her device's serial number). He
shows up at the location agreed upon and, trusting that his colleagues will help
him out if need be, gets shot.
Court Evidence
Schneier [SchnCr, 24.16] lists more objections to Clipper. This chip should only
work in OFB mode, i.e., as a stream cipher. When plaintext and ciphertext are
known, then both can be used to reveal and reuse the key sequence. This means
that an OFB-encrypted data stream does not necessarily have to have been
constructed by the owner of the secret key. This is why a Clipper conversation
(or a Capstone-encrypted file transmitted) cannot be attributed to Alice in court
for the simple fact that it was encrypted with Alice's key (or more exactly,
because the session key encrypted with Alice's unit key is contained in the
LEAF). Alice can at least say that a dishonest investigator tampered with the
recording.
In cases of doubt, the LEAF cannot be recognized as a legal authentication.
We can think of enough scenarios where fraud is possible. For example, Alice
could mount a
squeezing attack
to have Bob call her and conduct a harmless
conversation with him. In reality, however, she is after his LEAF with the
