From 73670.57@compuserve.com Mon Feb 28 19:18:01 1994 Received: from sparc02.cc.ncsu.edu by scss3.cl.msu.edu (4.1/4.7) id AA07127; Mon, 28 Feb 94 19:18:00 EST Received: from math.ncsu.edu by sparc02.cc.ncsu.edu (4.1/SYSTEMS 12-28-92 15:15:00) id AA16384; Mon, 28 Feb 94 19:17:22 EST Received: from dub-img-1.compuserve.com by math.ncsu.edu (4.1/SAM 07-20-90 10:07:54/m) id AA22506; Mon, 28 Feb 94 19:14:07 EST Posted-Date: 28 Feb 94 19:08:47 EST Received: from localhost by dub-img-1.compuserve.com (8.6.4/5.930129sam) id TAA25799; Mon, 28 Feb 1994 19:16:26 -0500 Date: 28 Feb 94 19:08:47 EST From: Mark Lloyd <73670.57@compuserve.com> To: Altcrypt Subject: Clipper FAQ Message-Id: <940301000847_73670.57_DHE58-1@CompuServe.COM> Status: OR TWIMC: I put this together on the Clipper controvery, but it seems to get garbled when I try to post this from my shell account up on the newsgroups that discuss the Clipper issue. I've had this checked out for accurarcy by some friends in The crypto biz. If you think this is appropriate could you find an place for this on the net or let me know if it needs some modifications? A slightly different version of this was published in Computer Underground Digest a week ago. There are some issues, especially dealing with exportabililty, that I think need more discussion on the newsgroups that I've been following on the issue. --------------- Clipper FAQ W. Mark Lloyd 73670,57@compuserve.com ----------------------- WHAT IS THE CLIPPER CHIP? The Clipper chip is an encryption chip using an algorithm called Skipjack. The Skipjack algorithm was developed by the National Security Agency (NSA) for the National Institute of Standards and Technology (NIST). Data encrypted using the Skipjack algorithm can be decrypted using a secret process that requires two separate keys. These keys would be escrowed separately by NIST and the Department of Treasury. Under the plan, a law enforcement agency would require a court order to get the two keys that would have to be combined to decrypt a transmission, generated with a Clipper chip as well as to monitor the transmission itself. HOW DOES THE SKIPJACK ALGORITHM DO THIS? Encryption algorithms use numbers called keys that are like combinations to a lock. Messages are encrypted and decrypted much the same as locks are locked and unlocked. The key to any Clipper encoded message is itself encrypted using a key derived from two other keys that are stored separately. The encrypted key and a number that identifies the chip that sent the message are then encrypted with another key that is common to many other chips, known as the family key. All of this is sent along with the encrypted original message in what is called a LEAF (Law Enforcement Access Field). This is done so if a law enforcement agency wants to decrypt a message the process can be reversed: The outer portion of the encrypted key is decrypted to get the number that identifies the unit that sent the message. This identification number is used to obtain the two separate escrowed keys that are then combined to decrypt the session key that allows the original message to be decrypted. Let's look at another way. You have the session key S, the key E derived from the two escrowed keys, the family key F, the message M and the chip identification number C. It's all put together like this: (M encrypted with key S)+(((S encrypted with key E) C )encrypted with F) IS THE SYSTEM SECURE? If everything goes right, according to the a panel of five cryptography experts who have reviewed it. WHAT ALGORITHM DOES THE ACTUAL ENCRYPTION? That is classified information. BUT AREN'T GOOD ENCRYPTION ALGORITHMS SECURE, EVEN WHEN EVERYONE KNOWS WHAT THEY ARE, LIKE DES? Yes. THEN WHY NOT JUST PUBLISH THE ALGORITHM? The reasons cited are that compromising the algorithm would be detrimental to national security. This means that secret techniques are used in the algorithm. SO A GOVERNMENT SECRET IS GOING TO BE IN THOUSANDS OF THESE CLIPPER CHIPS SHIPPED ALL OVER THE WORLD? That's the plan. SO IF SOMEONE FIGURES OUT HOW TO GET THE ALGORITHM FROM THE CLIPPER CHIPS, OUR NATIONAL SECURITY COULD BE COMPROMISED? If you follow the NSA's logic, yes. LAW ENFORCEMENT OFFICIALS ARE GOING TO BE USING THE ALGORITHM AND THE FAMILY KEY MANY TIME TO GET UNIT IDENTIFICATION NUMBERS. LET'S SAY THAT THE ALGORITHM IS LEAKED. OR ONE OF THE BLACK BOXES THAT WILL BE USED TO DECRYPT THE CHIPS IS COMPROMISED AND THE ALGORITHM AND FAMILY KEYS ARE GENERALLY KNOWN. WHAT WILL HAPPENS THEN? The algorithm could be subject to tampering. From our explanation in question two we would go from this: (M encrypted with key S)+(((S encrypted with key E) C )encrypted with F) to this (M encrypted with key S)+(S encrypted with key E) C. This would leave the chip number open to tampering. Also in theory it would allow a steady attack on the key E, that would compromise the unit. This attack is theoretically better than attacking a message without the law enforcement field, but even if the key S is known (by getting someone with a chip with to send you a message with a key you have negotiated) it would still be difficult with today's computer power. In any case anyone with anything to hide wouldn't use a Clipper chip for transmissions they wanted to keep secret from law enforcement authorities. MOST ENCRYPTION IS DONE WITH SOFTWARE. CAN THE SKIPJACK ALGORITHM BE USED IN SOFTWARE ENCRYPTING SYSTEMS? No. The nature of the Skipjack algorithm makes it only useful if it is released in a special tamper proof chip. SO THE ALGORITHM IS ONLY USEFUL FOR APPLICATIONS THAT CAN USE HARDWARE ENCRYPTION? Yes. WHAT IF I WANT TO ENCRYPT A MESSAGE WITH A REALLY SECURE ALGORITHM BEFORE IT IS ENCRYPTED BY A CLIPPER CHIP? That would be a simple and obvious way to get around the Clipper chip. BUT ISN'T MOST ENCRYPTION CURRENTLY DONE USING SOFTWARE ON GENERAL PURPOSE MICROPROCESSORS? Yes. SO CLIPPER WON'T BE USEFUL FOR MOST ENCRYPTION APPLICATIONS? Yes. IS CLIPPER GOING TO BE EASIER TO EXPORT THAN DES? According to the Clinton administration, yes. IS THERE A FOREIGN MARKET FOR CLIPPER ENCRYPTION DEVICES? For there to be a market there needs to be a reason for foreign purchasers to prefer Skipjack or Clipper technology to currently available algorithms. This has not been shown to be true. There a report in the British press that the NSA has a representative in London that is lobbying European governments to adopt the Clipper chip. WHAT IF A FOREIGN GOVERNMENT WANTS TO SPY ON THEIR OWN CITIZENS, WILL WE GIVE THEM THE KEYS TO DO THIS? This question will need to be answered before any chips are exported. There are a limited number of options: We can give any country that imports the chips the keys up front, we can give them to them if they ask (and make case by case judgments), we can give them to an international third party, or we can not give the keys to them at all. WHAT IF A FOREIGN GOVERNMENT ALLOWS THE IMPORTATION OF CLIPPER CHIPS, BUT ONLY IF THEY GET THE KEYS FIRST? WOULD WE BE RESPONSIBLE FOR THEIR ABUSE? That is a question that needs public discussion. IF WE ONLY GIVE THEM THE KEY WHEN THEY ASK, WHAT IF WE SUSPECT THE KEYS THEY WANT ARE TO SPY ON A POLITICAL ADVERSE. WHAT IF A FOREIGN GOVERNMENT DECIDES TO MAKE AN ISSUE OF US NOT GIVING THEM THE KEYS TO A CLIPPER CHIP WE SOLD THEM? HOW WILL WE DEAL WITH THIS? We would be in a no win situation. Not only would we have an ethical problem, we would have a political one. WHAT ABOUT GIVING THE KEYS TO CHIPS WE EXPORT TO AN INTERNATIONAL THIRD PARTY BODY? WOULD THIS MAKE THE PROBLEM EASIER? Whoever had the keys would have the same ethical and political problems IF WE DON'T GIVE THE KEYS TO ANY EXPORTED CHIPS TO IMPORTING COUNTRIES, WILL THESE COUNTRIES ALLOW THIS? It is not likely that foreign governments would find this acceptable. WILL THE NSA GET THE KEYS TO SKIPJACK UNITS THAT ARE EXPORTED? Government officials have said to some people that the NSA will not get these keys. The NSA has not yet said this on the record. HAVE ORGANIZATIONS THAT REPRESENT THE COMPUTER HARDWARE AND SOFTWARE INDUSTRIES ASKED FOR A NEW ALGORITHM TO EXPORT? Both the Software Publishing Association and the American Electronics Association, along with other industry groups, have asked that the DES algorithm be made available for easy export. The DES algorithm is already available all over the world. DES is classified as a munition by the US government and cannot be exported easily. The DES algorithm is thought by most cryptography professionals to be nearing the end of it's useful life and new exportable algorithms that can be implemented in software need to be standardized. The Skipjack algorithm does not answer this need. THE ANNOUNCEMENT FROM THE WHITE HOUSE ON FEBRUARY 4, 1994 SPOKE ABOUT THE PROBLEM OF "TERRORISTS, DRUG DEALERS, AND OTHER CRIMINALS" USING ENCRYPTION. WILL THE CLIPPER CHIP DO ANYTHING TO PREVENT THESE PEOPLE FROM USING NON-ESCROWED ENCRYPTION TECHNIQUES? No. These people will be able to encrypt with whatever algorithm they want. ARE THERE OTHER WAYS OF ESCROWING KEYS VOLUNTARILY, FOR GOVERNMENTAL AND BANKING NEEDS THAT REQUIRE BOTH CONFIDENTIALITY AND ACCOUNTABILITY? Yes. There is work being done now on techniques that allow much more flexible ways of voluntarily escrowing keys. These techniques can be implemented in software and would not require government intervention.