NSA Invites Special Friends For Tea.


SECRET
UNITED STATES GOVERNMENT
MEMORANDUM
Serial:  EQ-010-93

DATE:  20 January 1993
REPLY TO ATTN OF:   XXXXXX NAME WITHHELD PER NSA XXXXXXXXX

SUBJECT:  Outside Crypto-mathematicians to Examine CLIPPER -
DECISION MEMORANDUM

TO:  Director

THRU:  D/DIR____,  ExDIR_____

1.  Assuming that there will be vocal public doubts expressed
about having a classified algorithm in the device we propose for
the U.S. law enforcement problem, the CLIPPER chip, we recommend
the following to address this:

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXX  PARAGRAPH 2 BLACKED OUT  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXX  AS STILL SECRET PER NSA  XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

3.  If such people agree to this clearance and non-disclosure
process, we could go over the algorithm with them to let them
develop confidence in its security, and we could also let them
examine the detail design of the CLIPPER chip made for the U.S.
law enforcement problem to assure themselves that there were no
trapdoors or other techniques built in.  This would likely
require crypto-mathematicians for the algorithm examination and
microelectronics chip design engineers for the chip examination.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXX  LINES BLACKED OUT AS STILL SECRET XXXXXXXXXXXXXX
XXXXXXXXXXXXXX              PER NSA               XXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

CLINTON C. BROOKS
XXXXX LINE BLACKED OUT PER NSA XXXXXX

Decision:

___  Agree with this approach

___  Want to hear thoughts of others on Distribution

___  Let's discuss

OPTIONAL FORM NO 10
(REV. 1-80)
GSA FPMR (41 CFR) 101-11.6
CLASSIFIED BY NSA/CSSM 193-2
SECRET

Source: ELECTRONIC PRIVACY INFORMATION CENTER, FOIA by Marc Rotenberg, page C-16, 1995 EPIC Cryptography and Privacy Sourcebook.


SNIPS FROM THE Insider Report on SKIPJACK


1. Background

On April 16, the President announced a new initiative aimed at providing a high level of security for sensitive, unclassified communications, while enabling lawfully authorized intercepts of telecommunications by law enforcement officials for criminal investigations. The initiative includes several components:


This report reviews the security provided by the first component, namely the SKIPJACK algorithm.

We attended an initial meeting at the Institute for Defense Analyses Supercomputing Research Center (SRC) from June 21-23. At that meeting, the designer of SKIPJACK provided a complete, detailed description of the algorithm, the rationale for each feature, and the history of the design. The head of the NSA evaluation team described the evaluation process and its results. Other NSA staff briefed us on the LEAF structure and protocols for use, generation of device keys, protection of the devices against reverse engineering, and NSA's history in the design and evaluation of encryption methods contained in SKIPJACK. Additional NSA and NIST staff were present at the meeting to answer our questions and provide assistance. All staff members were forthcoming in providing us with requested information.

At the June meeting, we agreed to integrate our individual evaluations into this joint report. We also agreed to reconvene at SRC from July 19-21 for further discussions and to complete a draft of the report. In the interim, we undertook independent task according to our individual interests and availability.

We investigated more than just SKIPJACK because the security of communications encrypted with the escrowed encryption technology depends on the security provided by all the components of the initiative, including protection of the keys stored on the devices, protection o the key components stored with the escrow agents, the security provided by the LEAF and LEAF decoder, protection of keys after they have been transmitted to law enforcement under court order, and the resistance of the devices to reverse engineering. In addition, the success of the technology initiative depends on factors besides security, for example, performance of the chips. Because some of the components of the escrowed encryption system, particularly the key escrow system, are still under design, we decided to issue this Interim Report on the security of the SKIPJACK algorithm and to defer our Final Report until we could complete our evaluation of the system as a whole.

2. Overview of the SKIPJACK Algorithm

SKIPJACK is a 64-bit "electronic codebook" algorithm that transforms a 64-bit input block into a 64-bit output block. The transformation is parameterized by an 80-bit key, and involves performing 32 steps or iterations of a complex, nonlinear function. The algorithm can be used in any one of the four operating modes defined in FIPS 81 for use with the Data Encryption Standard (DES).

The SKIPJACK algorithm was developed by NSA and is classified SECRET. It is representative of a family of encryption algorithms developed in 1980 as part of the NSA suite of "Type I" algorithms, suitable for protecting all levels of classified data. The specific algorithm, SKIPJACK, is intended to be used with sensitive but unclassified information.



All content COPYRIGHT SOFTWAR (C) 2000. Any reproduction or use of content herein must be approved by SOFTWAR.