[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Project: a standard cell random number generator




These supplement JG's post on CAPSTONE -- which is itself
available with related crypto papers at csrc.ncsl.gov:

------------------

URL: http://csrc.ncsl.nist.gov/nistgen/clip.txt


                CLIPPER CHIP TECHNOLOGY


CLIPPER is an NSA developed, hardware oriented,
cryptographic device that implements a symmetric
encryption/decryption algorithm and a law enforcement
satisfying key escrow system. While the escrow management
system design is not completely designed, the
cryptographic algorithm (SKIPJACK) is completely
specified (and classified SECRET).

The cryptographic algorithm (called CA in this paper) has
the following characteristics:

1.  Symmetric, 80-bit key encryption/decryption
    algorithm;

2.  Similar in function to DES (i.e., basically a 64-bit
    code book transformation that can be used in the
    same four modes of operation as specified for DES in
    FIPS 81);

3.  32 rounds of processing per single encrypt/decrypt
    operation;

4.  Design started by NSA in 1985; evaluation completed
    in 1990.

The CLIPPER CHIP is just one implementation of the CA. 
The CLIPPER CHIP designed for the AT&T commercial secure
voice products has the following characteristics:

1.  Functions specified by NSA; logic designed by
    MYKOTRONX; chip fabricated by VLSI, Inc.: 
    manufactured chip programmed (made unique) by
    MYKOTRONX to security equipment manufacturers
    willing to follow proper security procedures for
    handling and storage of the programmed chip;
    equipment sold to customers;

2.  Resistant to reverse engineering against a very
    sophisticated, well funded adversary;

3.  15-20 MB/S encryption/decryption constant throughout
    once cryptographic synchronization is established
    with distant CLIPPER Chip;

4.  The chip programming equipment writes (one time) the
    following information into a special memory (called
    VROM or VIA-Link) on the chip:

    a.  (unique) serial number
    b.  (unique) unit key
    c.  family key
    d.  specialized control software

5.  Upon generation (or entry) of a session key in the
    chip, the chip performs the following actions:

    a.  Encrypts the 80-bit session key under the unit
        key producing an 80-bit intermediate result;

    b.  Concatenates the 80-bit result with the 25-bit
        serial number and a 23-bit authentication
        pattern (total of 128 bits);

    c.  Enciphers this 128 bits with family key to
        produce a 128-bit cipher block chain called the
        Law Enforcement Field (LEF);

    d.  Transmits the LEF at least once to the intended
        receiving CLIPPER chip;

    e.  The two communicating CLIPPER chips use this
        field together with a random IV to establish
        Cryptographic Synchronization.

6.  Once synchronized, the CLIPPER chips use the session
    key to encrypt/decrypt data in both directions;

7.  The chips can be programmed to not enter secure mode
    if the LEF field has been tampered with (e.g.,
    modified, superencrypted, replaced);

8.  CLIPPER chips will be available from a second source
    in the future;

9.  CLIPPER chips will be modified and upgraded in the
    future;

10. CLIPPER chips presently cost $16.00 (unprogrammed)
    and $26.00 (programmed).

4/30/93

-------------------

URL: http://csrc.ncsl.nist.gov/nistnews/esc_key2.txt


                   February 4, 1994

               AUTHORIZATION PROCEDURES
       FOR RELEASE OF ENCRYPTION KEY COMPONENTS
    IN CONJUNCTION WITH INTERCEPTS PURSUANT TO FISA

The following are the procedures for the release of
escrowed key components in conjunction with lawfully
authorized interception of communications encrypted with
a key-escrow encryption method. These procedures cover
all electronic surveillance conducted pursuant to the
Foreign Intelligence Surveillance Act (FISA), Pub. L.
95-511, which appears at Title 50, U.S. Code, Section
1801 et seq.

1)  In each case there shall be a legal authorization
    for the interception of wire and/or electronic
    communications.

2)  In the event that federal authorities discover
    during the course of any lawfully authorized
    interception that communications encrypted with a
    key-escrow encryption method are being utilized,
    they may obtain a certification from an agency
    authorized to participate in the conduct of the
    interception, or from the Attorney General of the
    United States or designee thereof.  Such
    certification shall

    (a) identify the agency participating in the conduct
        of the interception and the person providing the
        certification;

    (b) certify that necessary legal authorization has
        been obtained to conduct electronic surveillance
        regarding these communications;

    (c) specify the termination date of the period for
        which interception has been authorized;

    (d) identify by docket number or other suitable
        method of specification the source of the
        authorization;

    (e) certify that communications covered by that
        authorization are being encrypted with a
        key-escrow encryption method;

    (f) specify the identifier (ID) number of the
        key-escrow encryption chip providing such
        encryption; and

    (g) specify the serial (ID) number of the key-escrow
        decryption device that will be used by the
        agency participating in the conduct of the
        interception for decryption of the intercepted
        communications.

4)  This certification shall be submitted to each of the
    designated key component escrow agents.  If the
    certification has been provided by an agency
    authorized to participate in the conduct of the
    interception, a copy shall be provided to the
    Department of Justice, Office of Intelligence Policy
    and Review.  As soon as possible, an attorney
    associated with that office shall provide each of
    the key component escrow agents with written
    confirmation of the certification.

5)  Upon receiving the certification, each key component
    escrow agent shall release the necessary key
    component to the agency participating in the conduct
    of the interception.  The key components shall be
    provided in a manner that assures they cannot be
    used other than in conjunction with the lawfully
    authorized electronic surveillance for which they
    were requested.

6)  Each of the key component escrow agents shall retain
    a copy of the certification, as well as the
    subsequent written confirmation of the Department of
    Justice, Office of Intelligence Policy and Review.

7)  Upon, or prior to, completion of the electronic
    surveillance phase of the investigation, the ability
    of the agency participating in the conduct of the
    interception to decrypt intercepted communications
    shall terminate, and such agency may not retain the
    key components.

8)  The Department of Justice shall, in each such case,

    (a) ascertain the existence of authorizations for
        electronic surveillance in cases for which
        escrowed key components have been released;

    (b) ascertain that key components for a particular
        key-escrow encryption chip are being used only
        by an agency authorized to participate in the
        conduct of the interception of communications
        encrypted with that chip; and

    (c) ascertain that, no later than the completion of
        the electronic surveillance phase of the
        investigation, the ability of the agency
        participating in the conduct of the interception
        to decrypt intercepted communications is
        terminated.

9) Reports to the House Permanent Select Committee on
    Intelligence and the Senate Select Committee on    
    Intelligence, pursuant to Section 108 of FISA,
    shall, with respect to any order for authorized
    electronic surveillance for which escrowed
    encryption components were released and used for
    decryption, specifically note that fact.

These procedures do not create, and are not intended to
create, any substantive rights for individuals
intercepted through electronic surveillance, and
noncompliance with these procedures shall not provide the
basis for any motion to suppress or other objection to
the introduction of electronic surveillance evidence
lawfully acquired.

------------------