[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
clip.txt on NIST ftp
csrc.ncsl.nist.gov has some new uploads in /pub/nistnews,
including Krammer(NIST)'s testimony to Markey, and clip.txt,
a more recent Clipper description. It's short enough I'm
attaching it below; the interesting part in Section 5
is that it says the wiretap block has 80-bit session key
crypted with unit key, 25-bit serial number!, and 23-bit
"authentication pattern" making a total of 128 narc bits.
It also gets transmitted "at least once" to the receiver.
Also, chip prices include "programmed and unprogrammed" -
I wonder if real people will be able to buy them unprogrammed?
Bill Stewart
------ clip here -----
CLIPPER CHIP TECHNOLOGY
CLIPPER is an NSA developed, hardware oriented, cryptographic
device that implements a symmetric encryption/decryption
algorithm and a law enforcement satisfying key escrow system.
While the escrow management system design is not completely
designed, the cryptographic algorithm (SKIPJACK) is completely
specified (and classified SECRET).
The cryptographic algorithm (called CA in this paper) has the
following characteristics:
1. Symmetric, 80-bit key encryption/decryption algorithm;
2. Similar in function to DES (i.e., basically a 64-bit
code book transformation that can be used in the same
four modes of operation as specified for DES in FIPS
81);
3. 32 rounds of processing per single encrypt/decrypt
operation;
4. Design started by NSA in 1985; evaluation completed in
1990.
The CLIPPER CHIP is just one implementation of the CA. The
CLIPPER CHIP designed for the AT&T commercial secure voice
products has the following characteristics:
1. Functions specified by NSA; logic designed by
MYKOTRONX; chip fabricated by VLSI, Inc.: manufactured
chip programmed (made unique) by MYKOTRONX to security
equipment manufacturers willing to follow proper
security procedures for handling and storage of the
programmed chip; equipment sold to customers;
2. Resistant to reverse engineering against a very
sophisticated, well funded adversary;
3. 15-20 MB/S encryption/decryption constant throughout
once cryptographic synchronization is established with
distant CLIPPER Chip;
4. The chip programming equipment writes (one time) the
following information into a special memory (called
VROM or VIA-Link) on the chip:
a. (unique) serial number
b. (unique) unit key
c. family key
d. specialized control software
5. Upon generation (or entry) of a session key in the
chip, the chip performs the following actions:
a. Encrypts the 80-bit session key under the unit key
producing an 80-bit intermediate result;
b. Concatenates the 80-bit result with the 25-bit
serial number and a 23-bit authentication pattern
(total of 128 bits);
c. Enciphers this 128 bits with family key to produce
a 128-bit cipher block chain called the Law
Enforcement Field (LEF);
d. Transmits the LEF at least once to the intended
receiving CLIPPER chip;
e. The two communicating CLIPPER chips use this field
together with a random IV to establish
Cryptographic Synchronization.
6. Once synchronized, the CLIPPER chips use the session
key to encrypt/decrypt data in both directions;
7. The chips can be programmed to not enter secure mode if
the LEF field has been tampered with (e.g., modified,
superencrypted, replaced);
8. CLIPPER chips will be available from a second source in
the future;
9. CLIPPER chips will be modified and upgraded in the
future;
10. CLIPPER chips presently cost $16.00 (unprogrammed) and
$26.00 (programmed).
4/30/93