The Clipper chip is an encryption chip using an algorithm called Skipjack. The Skipjack algorithm was developed by the National Security Agency (NSA) for the National Institute of Standards and Technology (NIST).
Data encrypted using the Skipjack algorithm can be decrypted using a secret process that requires two separate keys. These keys would be escrowed separately by NIST and the Department of Treasury. Under the plan, a law enforcement agency would require a court order to get the two keys that would have to be combined to decrypt a transmission, generated with a Clipper chip as well as to monitor the transmission itself.
Encryption algorithms use numbers called keys that are like combinations to a lock. Messages are encrypted and decrypted much the same as locks are locked and unlocked. The key to any Clipper encoded message is itself encrypted using a key derived from two other keys that are stored separately. The encrypted key and a number that identifies the chip that sent the message are then encrypted with another key that is common to many other chips, known as the family key. All of this is sent along with the encrypted original message in what is called a LEAF (Law Enforcement Access Field). This is done so if a law enforcement agency wants to decrypt a message the process can be reversed: The outer portion of the encrypted key is decrypted to get the number that identifies the unit that sent the message. This identification number is used to obtain the two separate escrowed keys that are then combined to decrypt the session key that allows the original message to be decrypted.
Let's look at another way. You have the session key S, the key E derived from the two escrowed keys, the family key F, the message M and the chip identification number C. It's all put together like this:
(M encrypted with key S)+(((S encrypted with key E) C )encrypted with F)
If everything goes right, according to the a panel of five cryptography experts who have reviewed it.
That is classified information.
The reasons cited are that compromising the algorithm would be detrimental to national security. This means that secret techniques are used in the algorithm.
That's the plan.
If you follow the NSA's logic, yes.
The algorithm could be subject to tampering. From our explanation in question two we would go from this: (M encrypted with key S)+(((S encrypted with key E) C) encrypted with F) to this (M encrypted with key S)+(S encrypted with key E) C. This would leave the chip number open to tampering. Also in theory it would allow a steady attack on the key E, that would compromise the unit. This attack is theoretically better than attacking a message without the law enforcement field, but even if the key S is known (by getting someone with a chip with to send you a message with a key you have negotiated) it would still be difficult with today's computer power. In any case anyone with anything to hide wouldn't use a Clipper chip for transmissions they wanted to keep secret from law enforcement authorities.
No. The nature of the Skipjack algorithm makes it only useful if it is released in a special tamper proof chip.
That would be a simple and obvious way to get around the Clipper chip.
According to the Clinton administration, yes.
For there to be a market there needs to be a reason for foreign purchasers to prefer Skipjack or Clipper technology to currently available algorithms. This has not been shown to be true. There a report in the British press that the NSA has a representative in London that is lobbying European governments to adopt the Clipper chip.
This question will need to be answered before any chips are exported. There are a limited number of options: We can give any country that imports the chips the keys up front, we can give them to them if they ask (and make case by case judgments), we can give them to an international third party, or we can not give the keys to them at all.
That is a question that needs public discussion.
We would be in a no win situation. Not only would we have an ethical problem, we would have a political one.
Whoever had the keys would have the same ethical and political problems.
It is not likely that foreign governments would find this acceptable.
Government officials have said to some people that the NSA will not get these keys. The NSA has not yet said this on the record.
Both the Software Publishing Association and the American Electronics Association, along with other industry groups, have asked that the DES algorithm be made available for easy export. The DES algorithm is already available all over the world. DES is classified as a munition by the US government and cannot be exported easily. The DES algorithm is thought by most cryptography professionals to be nearing the end of it's useful life and new exportable algorithms that can be implemented in software need to be standardized. The Skipjack algorithm does not answer this need.
No. These people will be able to encrypt with whatever algorithm they want.
Yes. There is work being done now on techniques that allow much more flexible ways of voluntarily escrowing keys. These techniques can be implemented in software and would not require government intervention.
Copyright © 1994-1996 Quadralay Corporation. All rights reserved.