From msuinfo!uwm.edu!linac!att!att!allegra!ulysses!ulysses!smb Mon Apr 19 11:51:21 1993 Newsgroups: sci.crypt,alt.privacy.clipper Path: msuinfo!uwm.edu!linac!att!att!allegra!ulysses!ulysses!smb From: smb@research.att.com (Steven Bellovin) Subject: Clipper chip -- technical details Message-ID: <1993Apr18.200737.14815@ulysses.att.com> Date: Sun, 18 Apr 1993 20:07:37 GMT Organization: AT&T Bell Laboratories Lines: 121 I received the following two notes from Martin Hellman with details on how Clipper will work. They are posted with his permission. The implications of some details are fascinating. ------- Date: Sat, 17 Apr 93 23:05:23 PDT From: "Martin Hellman" To: (a long list of recipients) Subject: Clipper Chip Most of you have seen the announcement in Friday's NY Times, etc. about NIST (National Institute of Standards & Technology) announcing the "Clipper Chip" crypto device. Several messges on the net have asked for more technical details, and some have been laboring under understandable misunderstandings given the lack of details in the news articles. So here to help out is your friendly NSA link: me. I was somewhat surprised Friday to get a call from the Agency which supplied many of the missing details. I was told the info was public, so here it is (the cc of this to Dennis Branstad at NIST is mostly as a double check on my facts since I assume he is aware of all this; please let me know if I have anything wrong): The Clipper Chip will have a secret crypto algorithm embedded in Silicon. Each chip will have two secret, 80-bit keys. One will be the same for all chips (ie a system-wide key) and the other will be unit specific. I don't know what NIST and NSA will call them, but I will call them the system key SK and unit key UK in this message. The IC will be designed to be extremely difficult to reverse so that the system key can be kept secret. (Aside: It is clear that they also want to keep the algorithm secret and, in my opinion, it may be as much for that as this stated purpose.) The unit key will be generated as the XOR of two 80-bit random numbers K1 and K2 (UK=K1+K2) which will be kept by the two escrow authorities. Who these escrow authorities will be is still to be decided by the Attorney General, but it was stressed to me that they will NOT be NSA or law enforcement agencies, that they must be parties acceptable to the users of the system as unbiased. When a law enforcement agency gets a court order, they will present it to these two escrow authorities and receive K1 and K2, thereby allowing access to the unit key UK. In addition to the system key, each user will get to choose his or her own key and change it as often as desired. Call this key plain old K. When a message is to be sent it will first be encrypted under K, then K will be encrypted under the unit key UK, and the serial number of the unit added to produce a three part message which will then be encrypted under the system key SK producing E{ E[M; K], E[K; UK], serial number; SK} When a court order obtains K1 and K2, and thence K, the law enforcement agency will use SK to decrypt all information flowing on the suspected link [Aside: It is my guess that they may do this constantly on all links, with or without a court order, since it is almost impossible to tell which links over which a message will flow.] This gives the agency access to E[M; K], E[K; UK], serial number in the above message. They then check the serial number of the unit and see if it is on the "watch list" for which they have a court order. If so, they will decrypt E[K; UK] to obtain K, and then decrypt E[M; K] to obtain M. I am still in the process of assessing this scheme, so please do not take the above as any kind of endorsement of the proposed scheme. All I am trying to do is help all of us assess the scheme more knowledgably. But I will say that the need for just one court order worries me. I would feel more comfortable (though not necessarily comfortable!) if two separate court orders were needed, one per escrow authority. While no explanation is needed, the following story adds some color: In researching some ideas that Silvio Micali and I have been kicking around, I spoke with Gerald Gunther, the constitutional law expert here at Stanford and he related the following story: When Edward Levi became Pres. Ford's attorney general (right after Watergate), he was visited by an FBI agent asking for "the wiretap authorizations." When Levy asked for the details so he could review the cases as required by law, the agent told him that his predecessors just turned over 40-50 blank, signed forms every time. Levi did not comply and changed the system, but the lesson is clear: No single person or authority should have the power to authorize wiretaps (or worse yet, divulging of personal keys). Sometimes he or she will be an Edward Levi and sometimes a John Mitchell. Martin Hellman ---- Date: Sun, 18 Apr 93 11:41:42 PDT From: "Martin Hellman" To: smb@research.att.com Subject: Re: Clipper Chip It is fine to post my previous message to sci.crypt if you also post this message with it in which: 1. I ask recipients to be sparse in their requesting further info from me or asking for comments on specific questions. By this posting I apologize for any messages I am unable to respond to. (I already spend too much time answering too much e-mail and am particularly overloaded this week with other responsibilities.) 2. I note a probably correction sent to me by Dorothy Denning. She met with the person from NSA that I talked with by phone, so her understanding is likely to better than mine on this point: Where I said the transmitted info is E{ E[M; K], E[K; UK], serial number; SK} she says the message is not double encrypted. The system key (or family key as she was told it is called) only encrypts the serial number or the serial number and the encrypted unit key. This is not a major difference, but I thought it should be mentioned and thank her for bringing it to my attention. It makes more sense since it cuts down on encryption computation overhead. From msuinfo!uwm.edu!linac!att!att!allegra!ulysses!ulysses!smb Mon Apr 19 11:51:21 1993 Newsgroups: sci.crypt,alt.privacy.clipper Path: msuinfo!uwm.edu!linac!att!att!allegra!ulysses!ulysses!smb From: smb@research.att.com (Steven Bellovin) Subject: Re: Clipper chip -- technical details Message-ID: <1993Apr19.052005.20665@ulysses.att.com> Date: Mon, 19 Apr 1993 05:20:05 GMT References: <1993Apr18.200737.14815@ulysses.att.com> <1667.Apr1821.58.3593@silverton.berkeley.edu> Organization: AT&T Bell Laboratories Lines: 20 Xref: msuinfo sci.crypt:15242 alt.privacy.clipper:1 In article <1667.Apr1821.58.3593@silverton.berkeley.edu>, djb@silverton.berkeley.edu (D. J. Bernstein) writes: > Short summary of what Bellovin says Hellman says the NSA says: There is > a global key G, plus one key U_C for each chip C. The user can choose a > new session key K_P for each phone call P he makes. Chip C knows three > keys: G, its own U_C, and the user's K_P. The government as a whole > knows G and every U_C. Apparently a message M is encrypted as > E_G(E_{U_C}(K_P),C) , E_{K_P}(M). That's it. > > The system as described here can't possibly work. What happens when > someone plugs the above ciphertext into a receiving chip? To get M > the receiving chip needs K_P; to get K_P the receiving chip needs U_C. > The only information it can work with is C. If U_C can be computed > from C then the system is cryptographically useless and the ``key > escrow'' is bullshit. Otherwise how is a message decrypted? Via K_P, of course. Nothing was said about where K_P comes from. It's the session key, though, and it's chosen however you usually choose session keys --- exponential key exchange, shared secret, RSA, etc. But however you choose it, the chip will apparently emit the escrow header when you do. From msuinfo!uwm.edu!linac!att!att!allegra!ulysses!ulysses!smb Mon Apr 19 11:54:56 1993 Newsgroups: sci.crypt,alt.privacy.clipper Path: msuinfo!uwm.edu!linac!att!att!allegra!ulysses!ulysses!smb From: smb@research.att.com (Steven Bellovin) Subject: More technical details Message-ID: <1993Apr19.134346.2620@ulysses.att.com> Date: Mon, 19 Apr 1993 13:43:46 GMT Organization: AT&T Bell Laboratories Lines: 116 Xref: msuinfo sci.crypt:15268 alt.privacy.clipper:3 Here are some corrections and additions to Hellman's note, courtesy of Dorothy Denning. Again, this is reposted with permission. Two requests -- first, note the roles of S1 and S2. It appears to me and others that anyone who knows those values can construct the unit key. And the nature of the generation process for K1 and K2 is such that neither can be produced alone. Thus, the scheme cannot be implemented such that one repository generates the first half-key, and another generates the second. *That* is ominous. Second -- these postings are not revealed scripture, nor are they carefully-crafted spook postings. Don't attempt to draw out hidden meanings (as opposed to, say, the official announcements of Clipper). Leave Denning out of this; given Hellman's record of opposition to DES, which goes back before some folks on this newsgroup knew how to read, I don't think you can impugn his integrity. Oh yeah -- the folks who invented Clipper aren't stupid. If you think something doesn't make sense, it's almost certainly because you don't understand their goals. --Steve Bellovin ----- Date: Sun, 18 Apr 93 07:56:39 EDT From: denning@cs.georgetown.edu (Dorothy Denning) Subject: Re: Clipper Chip To: (a long list of folks) I was also briefed by the NSA and FBI, so let me add a few comments to Marty's message: The Clipper Chip will have a secret crypto algorithm embedded in The algorithm operates on 64-bit blocks (like DES) and the chip supports all 4 DES modes of operation. The algorithm uses 32 rounds of scrambling compared with 16 in DES. In addition to the system key, each user will get to choose his or her own key and change it as often as desired. Call this key plain old K. When a message is to be sent it will first be K is the session key shared by the sender and receiver. Any method (e.g., public key) can be used to establish the session key. In the AT&T telephone security devices, which will have the new chip, the key is negotiated using a public-key protocol. encrypted under K, then K will be encrypted under the unit key UK, and the serial number of the unit added to produce a three part message which will then be encrypted under the system key SK producing E{ E[M; K], E[K; UK], serial number; SK} My understanding is that E[M; K] is not encrypted under SK (called the "family key") and that the decrypt key corresponding to SK is held by law enforcement. Does anyone have first hand knowledge on this? I will also check it out, but this is 7am Sunday so I did not want to wait. The unit key will be generated as the XOR of two 80-bit random numbers K1 and K2 (UK=K1+K2) which will be kept by the two escrow The unit key, also called the "chip key," is generated from the serial number N as follows. Let N1, N2, and N3 be 64 bit blocks derived from N, and let S1 and S2 be two 80-bit seeds used as keys. Compute the 64-bit block R1 = E[D[E[N1; S1]; S2]; S1] (Note that this is like using the DES in triple encryption mode with two keys.) Similarly compute blocks R2 and R3 starting with N2 and N3. (I'm unlear about whether the keys S1 and S2 change. The fact that they're called seeds suggests they might.) Then R1, R2, and R3 are concatenated together giving 192 bits. The first 80 bits form K1 and the next 80 bits form K2. The remaining bits are discarded. authorities. Who these escrow authorities will be is still to be decided by the Attorney General, but it was stressed to me that they will NOT be NSA or law enforcement agencies, that they must be parties acceptable to the users of the system as unbiased. Marty is right on this and the FBI has asked me for suggestions. Please pass them to me along with your reasons. In addition to Marty's criteria, I would add that the agencies must have an established record of being able to safeguard highly sensitive information. Some suggestions I've received so far include SRI, Rand, Mitre, the national labs (Sandia, LANL, Los Alamos), Treasury, GAO. When a court order obtains K1 and K2, and thence K, the law enforcement agency will use SK to decrypt all information flowing on the suspected link [Aside: It is my guess that they may do this constantly on all links, with or without a court order, since it is almost impossible to tell which links over which a message will flow.] My understanding is that there will be only one decode box and that it will be operated by the FBI. The service provider will isolate the communications stream and pass it to the FBI where it will pass through the decode box, which will have been keyed with K. for "the wiretap authorizations." When Levy asked for the details so he could review the cases as required by law, the agent told him that his predecessors just turned over 40-50 blank, signed forms every time. Levi did not comply and changed the system, but the lesson is clear: No single person or authority should have the power to authorize wiretaps No single person does, at least for FBI taps. After completing a mound of paperwork, an agent must get the approval of several people on a chain that includes FBI legal counsel before the request is even taken to the Attorney General for final approval. Dorothy Denning From: denning@guvax.acc.georgetown.edu Newsgroups: sci.crypt Subject: THE CLIPPER CHIP: A TECHNICAL SUMMARY Date: 19 Apr 93 18:23:27 -0400 Distribution: world Organization: Georgetown University The following document summarizes the Clipper Chip, how it is used, how programming of the chip is coupled to key generation and the escrow process, and how law enforcement decrypts communications. Since there has been some speculation on this news group about my own involvement in this project, I'd like to add that I was not in any way involved. I found out about it when the FBI briefed me on Thursday evening, April 15. Since then I have spent considerable time talking with the NSA and FBI to learn more about this, and I attended the NIST briefing at the Department of Commerce on April 16. The document below is the result of that effort. Dorothy Denning --------------- THE CLIPPER CHIP: A TECHNICAL SUMMARY Dorothy Denning April 19, 1993 INTRODUCTION On April 16, the President announced a new initiative that will bring together the Federal Government and industry in a voluntary program to provide secure communications while meeting the legitimate needs of law enforcement. At the heart of the plan is a new tamper-proof encryption chip called the "Clipper Chip" together with a split-key approach to escrowing keys. Two escrow agencies are used, and the key parts from both are needed to reconstruct a key. CHIP STRUCTURE The Clipper Chip contains a classified 64-bit block encryption algorithm called "Skipjack." The algorithm uses 80 bit keys (compared with 56 for the DES) and has 32 rounds of scrambling (compared with 16 for the DES). It supports all 4 DES modes of operation. Throughput is 16 Mbits a second. Each chip includes the following components: the Skipjack encryption algorithm F, an 80-bit family key that is common to all chips N, a 30-bit serial number U, an 80-bit secret key that unlocks all messages encrypted with the chip ENCRYPTING WITH THE CHIP To see how the chip is used, imagine that it is embedded in the AT&T telephone security device (as it will be). Suppose I call someone and we both have such a device. After pushing a button to start a secure conversation, my security device will negotiate a session key K with the device at the other end (in general, any method of key exchange can be used). The key K and message stream M (i.e., digitized voice) are then fed into the Clipper Chip to produce two values: E[M; K], the encrypted message stream, and E[E[K; U] + N; F], a law enforcement block. The law enforcement block thus contains the session key K encrypted under the unit key U concatenated with the serial number N, all encrypted under the family key F. CHIP PROGRAMMING AND ESCROW All Clipper Chips are programmed inside a SCIF (secure computer information facility), which is essentially a vault. The SCIF contains a laptop computer and equipment to program the chips. About 300 chips are programmed during a single session. The SCIF is located at Mikotronx. At the beginning of a session, a trusted agent from each of the two key escrow agencies enters the vault. Agent 1 enters an 80-bit value S1 into the laptop and agent 2 enters an 80-bit value S2. These values serve as seeds to generate keys for a sequence of serial numbers. To generate the unit key for a serial number N, the 30-bit value N is first padded with a fixed 34-bit block to produce a 64-bit block N1. S1 and S2 are then used as keys to triple-encrypt N1, producing a 64-bit block R1: R1 = E[D[E[N1; S1]; S2]; S1] . Similarly, N is padded with two other 34-bit blocks to produce N2 and N3, and two additional 64-bit blocks R2 and R3 are computed: R2 = E[D[E[N2; S1]; S2]; S1] R3 = E[D[E[N3; S1]; S2]; S1] . R1, R2, and R3 are then concatenated together, giving 192 bits. The first 80 bits are assigned to U1 and the second 80 bits to U2. The rest are discarded. The unit key U is the XOR of U1 and U2. U1 and U2 are the key parts that are separately escrowed with the two escrow agencies. As a sequence of values for U1, U2, and U are generated, they are written onto three separate floppy disks. The first disk contains a file for each serial number that contains the corresponding key part U1. The second disk is similar but contains the U2 values. The third disk contains the unit keys U. Agent 1 takes the first disk and agent 2 takes the second disk. The third disk is used to program the chips. After the chips are programmed, all information is discarded from the vault and the agents leave. The laptop may be destroyed for additional assurance that no information is left behind. The protocol may be changed slightly so that four people are in the room instead of two. The first two would provide the seeds S1 and S2, and the second two (the escrow agents) would take the disks back to the escrow agencies. The escrow agencies have as yet to be determined, but they will not be the NSA, CIA, FBI, or any other law enforcement agency. One or both may be independent from the government. LAW ENFORCEMENT USE When law enforcement has been authorized to tap an encrypted line, they will first take the warrant to the service provider in order to get access to the communications line. Let us assume that the tap is in place and that they have determined that the line is encrypted with Clipper. They will first decrypt the law enforcement block with the family key F. This gives them E[K; U] + N. They will then take a warrant identifying the chip serial number N to each of the key escrow agents and get back U1 and U2. U1 and U2 are XORed together to produce the unit key U, and E[K; U] is decrypted to get the session key K. Finally the message stream is decrypted. All this will be accomplished through a special black box decoder operated by the FBI. ACKNOWLEDGMENT AND DISTRIBUTION NOTICE. All information is based on information provided by NSA, NIST, and the FBI. Permission to distribute this document is granted. From msuinfo!agate!howland.reston.ans.net!bogus.sura.net!darwin.sura.net!guvax.acc.georgetown.edu!denning Thu Apr 22 10:44:52 1993 Path: msuinfo!agate!howland.reston.ans.net!bogus.sura.net!darwin.sura.net!guvax.acc.georgetown.edu!denning From: denning@guvax.acc.georgetown.edu Newsgroups: sci.crypt Subject: REVISED TECHNICAL SUMMARY OF CLIPPER CHIP Message-ID: <1993Apr21.192615.3465@guvax.acc.georgetown.edu> Date: 21 Apr 93 19:26:15 -0400 Distribution: world Organization: Georgetown University Lines: 167 Here is a revised version of my summary which corrects some errors and provides some additional information and explanation. THE CLIPPER CHIP: A TECHNICAL SUMMARY Dorothy Denning Revised, April 21, 1993 INTRODUCTION On April 16, the President announced a new initiative that will bring together the Federal Government and industry in a voluntary program to provide secure communications while meeting the legitimate needs of law enforcement. At the heart of the plan is a new tamper-proof encryption chip called the "Clipper Chip" together with a split-key approach to escrowing keys. Two escrow agencies are used, and the key parts from both are needed to reconstruct a key. CHIP CONTENTS The Clipper Chip contains a classified single-key 64-bit block encryption algorithm called "Skipjack." The algorithm uses 80 bit keys (compared with 56 for the DES) and has 32 rounds of scrambling (compared with 16 for the DES). It supports all 4 DES modes of operation. The algorithm takes 32 clock ticks, and in Electronic Codebook (ECB) mode runs at 12 Mbits per second. Each chip includes the following components: the Skipjack encryption algorithm F, an 80-bit family key that is common to all chips N, a 30-bit serial number (this length is subject to change) U, an 80-bit secret key that unlocks all messages encrypted with the chip The chips are programmed by Mykotronx, Inc., which calls them the "MYK-78." The silicon is supplied by VLSI Technology Inc. They are implemented in 1 micron technology and will initially sell for about $30 each in quantities of 10,000 or more. The price should drop as the technology is shrunk to .8 micron. ENCRYPTING WITH THE CHIP To see how the chip is used, imagine that it is embedded in the AT&T telephone security device (as it will be). Suppose I call someone and we both have such a device. After pushing a button to start a secure conversation, my security device will negotiate an 80-bit session key K with the device at the other end. This key negotiation takes place without the Clipper Chip. In general, any method of key exchange can be used such as the Diffie-Hellman public-key distribution method. Once the session key K is established, the Clipper Chip is used to encrypt the conversation or message stream M (digitized voice). The telephone security device feeds K and M into the chip to produce two values: E[M; K], the encrypted message stream, and E[E[K; U] + N; F], a law enforcement field , which are transmitted over the telephone line. The law enforcement field thus contains the session key K encrypted under the unit key U concatenated with the serial number N, all encrypted under the family key F. The law enforcement field is decrypted by law enforcement after an authorized wiretap has been installed. The ciphertext E[M; K] is decrypted by the receiver's device using the session key: D[E[M; K]; K] = M . CHIP PROGRAMMING AND ESCROW All Clipper Chips are programmed inside a SCIF (Secure Compartmented Information Facility), which is essentially a vault. The SCIF contains a laptop computer and equipment to program the chips. About 300 chips are programmed during a single session. The SCIF is located at Mykotronx. At the beginning of a session, a trusted agent from each of the two key escrow agencies enters the vault. Agent 1 enters a secret, random 80-bit value S1 into the laptop and agent 2 enters a secret, random 80-bit value S2. These random values serve as seeds to generate unit keys for a sequence of serial numbers. Thus, the unit keys are a function of 160 secret, random bits, where each agent knows only 80. To generate the unit key for a serial number N, the 30-bit value N is first padded with a fixed 34-bit block to produce a 64-bit block N1. S1 and S2 are then used as keys to triple-encrypt N1, producing a 64-bit block R1: R1 = E[D[E[N1; S1]; S2]; S1] . Similarly, N is padded with two other 34-bit blocks to produce N2 and N3, and two additional 64-bit blocks R2 and R3 are computed: R2 = E[D[E[N2; S1]; S2]; S1] R3 = E[D[E[N3; S1]; S2]; S1] . R1, R2, and R3 are then concatenated together, giving 192 bits. The first 80 bits are assigned to U1 and the second 80 bits to U2. The rest are discarded. The unit key U is the XOR of U1 and U2. U1 and U2 are the key parts that are separately escrowed with the two escrow agencies. As a sequence of values for U1, U2, and U are generated, they are written onto three separate floppy disks. The first disk contains a file for each serial number that contains the corresponding key part U1. The second disk is similar but contains the U2 values. The third disk contains the unit keys U. Agent 1 takes the first disk and agent 2 takes the second disk. Thus each agent walks away knowing an 80-bit seed and the 80-bit key parts. However, the agent does not know the other 80 bits used to generate the keys or the other 80-bit key parts. The third disk is used to program the chips. After the chips are programmed, all information is discarded from the vault and the agents leave. The laptop may be destroyed for additional assurance that no information is left behind. The protocol may be changed slightly so that four people are in the room instead of two. The first two would provide the seeds S1 and S2, and the second two (the escrow agents) would take the disks back to the escrow agencies. The escrow agencies have as yet to be determined, but they will not be the NSA, CIA, FBI, or any other law enforcement agency. One or both may be independent from the government. LAW ENFORCEMENT USE When law enforcement has been authorized to tap an encrypted line, they will first take the warrant to the service provider in order to get access to the communications line. Let us assume that the tap is in place and that they have determined that the line is encrypted with the Clipper Chip. The law enforcement field is first decrypted with the family key F, giving E[K; U] + N. Documentation certifying that a tap has been authorized for the party associated with serial number N is then sent (e.g., via secure FAX) to each of the key escrow agents, who return (e.g., also via secure FAX) U1 and U2. U1 and U2 are XORed together to produce the unit key U, and E[K; U] is decrypted to get the session key K. Finally the message stream is decrypted. All this will be accomplished through a special black box decoder. CAPSTONE: THE NEXT GENERATION A successor to the Clipper Chip, called "Capstone" by the government and "MYK-80" by Mykotronx, has already been developed. It will include the Skipjack algorithm, the Digital Signature Standard (DSS), the Secure Hash Algorithm (SHA), a method of key exchange, a fast exponentiator, and a randomizer. A prototoype will be available for testing on April 22, and the chips are expected to be ready for delivery in June or July. ACKNOWLEDGMENT AND DISTRIBUTION NOTICE. This article is based on information provided by NSA, NIST, FBI, and Mykotronx. Permission to distribute this document is granted. From msuinfo!uwm.edu!zaphod.mps.ohio-state.edu!darwin.sura.net!haven.umd.edu!wam.umd.edu!psionic Thu Apr 22 10:47:19 1993 Newsgroups: sci.crypt,alt.security.pgp,alt.privacy.clipper Path: msuinfo!uwm.edu!zaphod.mps.ohio-state.edu!darwin.sura.net!haven.umd.edu!wam.umd.edu!psionic From: psionic@wam.umd.edu (Haywood J. Blowme) Subject: new encryption Message-ID: <1993Apr21.225435.6292@wam.umd.edu> Sender: usenet@wam.umd.edu (USENET News system) Nntp-Posting-Host: rac3.wam.umd.edu Organization: University of Maryland, College Park References: <1993Apr20.192105.11751@ulysses.att.com> <1993Apr21.001230.26384@lokkur.dexter.mi.us> <1r4e9d$pdo@sol.TIS.COM> Date: Wed, 21 Apr 1993 22:54:35 GMT Lines: 120 Xref: msuinfo sci.crypt:15524 alt.security.pgp:2651 alt.privacy.clipper:72 As promised, I spoke today with the company mentioned in a Washington Times article about the Clipper chip announcement. The name of the company is Secure Communicatiions Technology (Information will be given at the end of this message on how to contact them). Basically they are disturbed about the announcement for many reasons that we are. More specifically however, Mr. Bryen of Secure Communications brought to light many points that might interest most of the readers. His belief is that AT&T was made known of the clipper well before the rest of the industry. This is for several reasons, several of which are: - A company of AT&T's size could never be able to make a decision to use the new chip on the SAME DAY it was announced. - Months ago they proposed using their own chip for AT&T's secure telephone devices. AT&T basically blew them off as being not interested at all. This stuck them as strange, until now... Also I spoke with Art Melnick, their cryptographer, he expressed several concerns over the new Clipper Chip: - The obvious backdoor will be able to let many people decrypt the code. - Once the key is released to authorities the security of the crypto system is lost forever. These keys can end up in the hands of any agency of the government. - The fact that the escrowed keys never change means that the algorithm is vulnerable over time to an attacker. - The classified algorithm may hide another backdoor. But he feels that it is probably to keep people from forging fake serial numbers, or changing the keys themselves. - Additionally he feels that the NSA has probably spent enough time and money in working on a way to keep this chip from being reversed engineered, that he feels that reverse engineering it will be very difficult to do. He feels that they have developed a suitable technique to protect the chip from this attack. Also he feels that the chip is hardware encoded with the algorithm and not microcoded onto the chip. Additonally I spoke with Mr. Melnick about their algorithm. He couldn't tell me much about their new agorithm because it hasn't been patented yet. However he told me a little: - The algorithm will be released for public review after patents have been granted for it. This is so the crypto community can see that it is secure. - The algorithm is called NEA for New Encryption Algorithm. The details were sketchy because now it is held as a trade secret until the patent was issued, but I was told that it will incorporate the following: - It will have fast encryption of data (Exact specs not given, but Mr. Melnick stated "Much faster than what an RS-232 can put out.") - It is a symmetric cipher, just like IDEA and DES. - It will use 64 bit data blocks for encryption (like DES and IDEA). - The key length was not given to me, but Mr. Melnick states that it is _adujustable_ and is "More than adequate for security." - The algorithm is written in C and Assembler in software form, and can be ported to many platforms (Unlike the the Clipper Chip which is hardware ONLY and cannot be made into software) This I consider a definite plus for the NEA for widespread use. - The algorithm will accomodate public key distribution techniques such as RSA or Diffie-Hellman. This will also be supported in the hardware chip. - Right now the projected cost of the NEA chip will be about 10 dollars for each!! (Clipper will run 25 each chip [that is if it is produced enough, which probably won't happen]). - They currently sell a program called C-COM that uses the algorithm and a special streaming protocol that does not divide the encrypted data into "blocks." This could prevent plaintext attacks if you know what the block header is. This program operates at all supported RS-232 speeds and uses the software implementation of the algorithm. - Most importantly: IT DOES NOT HAVE A BACKDOOR!! Right now the company is afraid that the new clipper chip will put them out of business. This is a very real possibility. So they really need help in stopping the clipper chip from becoming a standard. If you want to contact them, they can be reached at.. Secure Communications Technology 8700 Georgia Ave. Suite 302 Silver Spring, MD (301) 588-2200 I talked to Mr. Bryen who represents the company. He can answer any questions you have. Any factual errors occurring in this write up are my own and I apologize for them ahead of time. ============================================================================= /// | psionic@wam.umd.edu | Fight the WIRETAP CHIP!! Ask me how! __ /// C= | -Craig H. Rowland- | \\\/// Amiga| PGP Key Available | "Those who would give up liberty for \/// 1200 | by request. | security deserve neither." ============================================================================= A CLIPPER CHIP TECHNOLOGY CLIPPER is an NSA developed, hardware oriented, cryptographic device that implements a symmetric encryption/decryption algorithm and a law enforcement satisfying key escrow system. While the escrow management system design is not completely designed, the cryptographic algorithm (SKIPJACK) is completely specified (and classified SECRET). The cryptographic algorithm (called CA in this paper) has the following characteristics: 1. Symmetric, 80-bit key encryption/decryption algorithm; 2. Similar in function to DES (i.e., basically a 64-bit code book transformation that can be used in the same four modes of operation as specified for DES in FIPS 81); 3. 32 rounds of processing per single encrypt/decrypt operation; 4. Design started by NSA in 1985; evaluation completed in 1990. The CLIPPER CHIP is just one implementation of the CA. The CLIPPER CHIP designed for the AT&T commercial secure voice products has the following characteristics: 1. Functions specified by NSA; logic designed by MYKOTRONX; chip fabricated by VLSI, Inc.: manufactured chip programmed (made unique) by MYKOTRONX to security equipment manufacturers willing to follow proper security procedures for handling and storage of the programmed chip; equipment sold to customers; 2. Resistant to reverse engineering against a very sophisticated, well funded adversary; 3. 15-20 MB/S encryption/decryption constant throughout once cryptographic synchronization is established with distant CLIPPER Chip; 4. The chip programming equipment writes (one time) the following information into a special memory (called VROM or VIA-Link) on the chip: a. (unique) serial number b. (unique) unit key c. family key d. specialized control software 5. Upon generation (or entry) of a session key in the chip, the chip performs the following actions: a. Encrypts the 80-bit session key under the unit key producing an 80-bit intermediate result; b. Concatenates the 80-bit result with the 25-bit serial number and a 23-bit authentication pattern (total of 128 bits); c. Enciphers this 128 bits with family key to produce a 128-bit cipher block chain called the Law Enforcement Field (LEF); d. Transmits the LEF at least once to the intended receiving CLIPPER chip; e. The two communicating CLIPPER chips use this field together with a random IV to establish Cryptographic Synchronization. 6. Once synchronized, the CLIPPER chips use the session key to encrypt/decrypt data in both directions; 7. The chips can be programmed to not enter secure mode if the LEF field has been tampered with (e.g., modified, superencrypted, replaced); 8. CLIPPER chips will be available from a second source in the future; 9. CLIPPER chips will be modified and upgraded in the future; 10. CLIPPER chips presently cost $16.00 (unprogrammed) and $26.00 (programmed). 4/30/93 From msuinfo!agate!howland.reston.ans.net!usc!elroy.jpl.nasa.gov!decwrl!world!dreams!composer Wed May 5 19:42:13 1993 Newsgroups: comp.org.usenix,alt.privacy.clipper,sci.crypt,comp.org.eff.talk,alt.security Path: msuinfo!agate!howland.reston.ans.net!usc!elroy.jpl.nasa.gov!decwrl!world!dreams!composer From: composer@Beyond.Dreams.ORG (Jeff Kellem) Subject: quick non-technical writeup on Clipper Chip announcement Followup-To: poster Sender: composer@world.std.com (Jeff Kellem) Organization: Beyond Dreams Date: Wed, 5 May 1993 19:32:28 GMT Message-ID: Reply-To: composer@Beyond.Dreams.ORG Lines: 196 Xref: msuinfo comp.org.usenix:4074 alt.privacy.clipper:328 sci.crypt:16317 comp.org.eff.talk:17628 alt.security:10277 Included below is an excerpt regarding the Clipper Chip announcement from a column I write titled "What's Out There?". It's primarily more for pointers on where to find more information, and a quick non-technical sketch of the announcement. [ This excerpt was written over a week ago. ] I'm posting the excerpt now, since the hardcopy won't be available until June, 1993 and some people may find this of interest. This excerpt is posted with permission, of course -- I'm the author. :) FYI... -jeff Jeff Kellem Internet: composer@Beyond.Dreams.ORG ===CUT HERE=== [ NOTE: Please see the COPYRIGHT/LICENSE notice at the end of this document before any redistribution. ] The following is a portion of Volume 1, Issue 03 of "What's Out There?" written by Jeff Kellem . This is expected to appear in the May/June 1993 issue of the USENIX Association's hardcopy newsletter, ";login:". Excerpted from "What's Out There?", Volume 1, Issue 03... White House and NSA (Encryption) Clipper Chip Announcement ---------------------------------------------------------- On April 16, 1993, the White House announced the development of an encryption chip for voice communications developed in conjunction with the National Security Agency (NSA) called the Clipper Chip, along with an initiative regarding telecommunications and privacy which could literally affect almost every citizen in the United States. On the same day, AT&T announced a "secure" phone which incorporated this chip. Some important things to point out: o the encryption algorithm is remaining classified [ In the cryptography community, an encryption algorithm is only considered secure after it has been examined extensively and independently by a wide array of experts around the world. With an algorithm which is kept secret, there is no guarantee that it is secure and that the encryption method has no "back door" (allowing easy decryption for those, such as the NSA, that know the "back door"). ] o though the government has announced plans to use the chip in their own phones, they do NOT plan to use it for CLASSIFIED information, only for unclassified information. o this chip has been in the making for 4 years; it would seem that the Clinton Administration has already made plans to use the chip, without public comment or discussion on a matter which is so important to the privacy of that same public. o it would seem that the Government might be granting a monopoly to Mykotronx, Inc. and VLSI Technology. As far as I know, VLSI fabricates the chip and Mykotronx programs the keys into it. o the key, which allows the information encrypted with this chip to be decrypted, is embedded in the chip [ This means that once the key is known, the chip needs to be replaced to maintain private communications. This would usually mean replacing the entire device (e.g. telephone), anytime that the key was divulged, whether legally or not. The key is also transmitted along with your encrypted data, so that law enforcement can obtain it, which would allow them to decrypt your data without your knowledge. ] o the 80-bit key is made from the xor of two (2) 80-bit keys, which are kept in databases at two different escrow agencies [ It's not clear how the key databases will be kept secure. It is also unknown if the classified encryption algorithm is any less secure to brute-force attacks, once half the key is known. ] o a successor chip has already been announced, called the Capstone chip. The Capstone chip is supposed to be a "superset" of the Clipper chip and will include the "digital signature standard" (DSS), which many in the cyprotgraphy community seem to consider insecure, as I recall. The NSA also developed DSS, which wasn't disclosed until CPSR filed a FOIA request with NIST (the National Institute of Standards & Technology). This announcement, in one way, is a step in the right direction -- privacy and encryption technology are important to the general public and for international economic competitiveness. An inquiry on whether export restrictions on encryption technology is good or bad is also a good thing. Currently, companies that want to include encryption as part of their products need to make two versions -- one for domestic distribution and one for international distribution. On the other hand, there are too many things about the announcement which are bothersome and need to be discussed publicly. Some of these items have been mentioned above. The Clipper Chip basically seems like it might provide privacy from some people, but not from the government. I recommend talking with your local congressman, writing letters, and discussing this with friends. Both the Electronic Frontier Foundation (EFF) and the Computer Professionals for Social Responsibility (CPSR) have made public statements against the announcement. The EFF supports the idea of reviewing cryptographic and privacy policies, but believes that the Clipper Chip announcement was premature and should be delayed until after the overall review and discussion. The CPSR has filed Freedom of Information Act (FOIA) requests regarding the plan. Online discussions of the announcement have been occurring all over the Net in various USENET newsgroups and mailing lists. Here's a sample of where you might find discussions of the Clipper Chip: USENET newsgroups: alt.privacy.clipper sci.crypt alt.security alt.privacy comp.org.eff.talk comp.security.misc comp.society.cu-digest comp.risks Mailing lists: cypherpunks-request@toad.com Also, check the archives for the various groups listed above, as things may have changed by the time this comes to print in hardcopy come June 1993. The official White House press release of the Clipper Chip can be found via anonymous ftp from: csrc.ncsl.nist.gov in the /pub/nistnews directory, or via the NIST Computer Security BBS at +1 301 948 5717. It should also be available with the rest of the White House press release archives mentioned above. The EFF comments were first published in the EFFector Online Issue 5.06, which is available via anonymous ftp from: ftp.eff.org in the /pub/EFF/newsletters directory. Information from CPSR is available online via anonymous ftp from: ftp.cpsr.org in the /cpsr directory. The cypherpunks mailing list also maintains an archive. Information on the Clipper Chip can be found via anonymous ftp from: soda.berkeley.edu in the /pub/cypherpunks/clipper directory. Please do read the announcement of the Clipper Chip encryption technology, think about and discuss the implications of this with your friends, congressmen, and anyone else. ...End of excerpt. COPYRIGHT/LICENSE: This document is Copyright (c) 1993 Jeff Kellem/Beyond Dreams, composer@Beyond.Dreams.ORG. This copyright notice must be kept with each document. You have permission to freely redistribute this for non-commercial and non-profit purposes. It would be nice if you let the author know about any redistributions that are expected to reach more than a single person. :-) (This would include mirroring ftp sites, etc.) Please contact the author if you wish to use this document in ANY other fashion. Most likely, there won't be a problem. If you wish to redistribute this document for commercial purposes, you MUST contact the author for permission. Thank you. Jeff Kellem Composer of Dreams Beyond Dreams Internet: composer@Beyond.Dreams.ORG