Cyphernomicon Top
Cyphernomicon 9.10

Policy: Clipper,Key Escrow, and Digital Telephony:
Technical Details of Clipper, Skipjack, Tessera, and EES


   9.10.1. Clipper chip fabrication details
           + ARM6 core being used
             - but also rumors of MIPS core in Tessera
           - MIPS core reportedly being designed into future versions
           - National also built (and may operate) a secure wafer fab
              line for NSA, reportedly located on the grounds of Ft.
              Meade--though I can't confirm the location or just what
              National's current involvement still is. May only be for
              medium-density chips, such as key material (built under
              secure conditions).
   9.10.2. "Why is the Clipper algorithm classified?"
           - to prevent non-escrow versions, which could still use the
              (presumably strong) algorithm and hardware but not be
              escrowed
           - cryptanalysis is always easier if the algorithms are known
              :-}
           - general government secrecy
           - backdoors?
   9.10.3. If Clipper is flawed (the Blaze LEAF Blower), how can it
            still be useful to the NSA?
           - by undermining commercial alternatives through subsidized
              costs (which I don't think will happen, given the terrible
              PR Clipper has gotten)
           - mandated by law or export rules
           - and the Blaze attack is--at present--not easy to use (and
              anyone able to use it is likely to be sophisticated enough
              to use preencryption anyway)
   9.10.4. What about weaknesses of Clipper?
           - In the views of many, a flawed approach. That is, arguing
              about wrinkles plays into the hands of the Feds.
   9.10.5. "What are some of the weaknesses in Clipper?"
           - the basic idea of key escrow is an infringement on liberty
           + access to the keys
             - "
             + "There's a big door in the side with a
               - big neon sign saying "Cops and other Authorized People
                  Only";
               - the trapdoor is the fact that anybody with a fax
                  machine can make
               - themselves and "Authorized Person" badge and walk in.
                  <Bill Stewart, bill.stewart@pleasantonca.ncr.com, 4-15-
                  94, sci.crypt>
           - possible back doors in the Skipjace algorithm
           + generation of the escrow keys
             -
             + "There's another trapdoor, which is that if you can
                predict the escrow
               - keys by stealing the parameters used by the Key
                  Generation Bureau to
               - set them, you don't need to get the escrow keys from
                  the keymasters,
               - you can gen them yourselves. " <Bill Stewart,
                  bill.stewart@pleasantonca.ncr.com, 4-15-94, sci.crypt>
   9.10.6. Mykotronx
           - MYK-78e chip, delays, VTI, fuses
           - National Semiconductor is working with Mykotronx on a
              faster implementation of the
              Clipper/Capstone/Skipjack/whatever system. (May or may not
              be connected directly with the iPower product line.  Also,
              the MIPS processor core may be used, instead of the ARM
              core, which is said to be too slow.)
   9.10.7. Attacks on EES
           - sabotaging the escrow data base
           + stealing it, thus causing a collapse in confidence
             - Perry Metzger's proposal
           - FUD
   9.10.8. Why is the algorithm secret?
   9.10.9. Skipjack is 80 bits, which is 24 bits longer than the 56 bits
            of DES. so
  9.10.10. "What are the implications of the bug in Tessera found by
            Matt Blaze?"
           - Technically, Blaze's work was done on a Tessera card, which
              implements the Skipjace algorithm. The Clipper phone system
              may be slightly different and details may vary; the Blaze
              attack may not even work, at least not practically.
           - " The announcement last month was about a discovery that,
              with a half-hour or so of time on an average PC, a user
              could forge a bogus LEAF (the data used by the government
              to access the back door into Clipper encryption). With such
              a bogus LEAF, the Clipper chip on the other end would
              accept and decrypt the communication, but the back door
              would not work for the government." [ Steve Brinich,
              alt.privacy.clipper, 1994-07-04]
           - "The "final" pre-print version (dated August 20, 1994) of
              my paper, "Protocol Failure in the Escrowed Encryption
              Standard" is now available.  You can get it in PostScript
              form via anonymous ftp from research.att.com in the file
              /dist/mab/eesproto.ps .  This version replaces the
              preliminary draft (June 3) version that previously occupied
              the same file.  Most of the substance is identical,
              although few sections are expanded and a few minor errors
              are now corrected." [Matt Blaze, 1994-09-04]
 

Next Page: 9.11 Products, Versions -- Tessera, Skipjack, etc.
Previous Page: 9.9 Clipper, Escrowed Encyption Standard

By Tim May, see README

HTML by Jonathan Rochkind