SECRET UNITED STATES GOVERNMENT MEMORANDUM Serial: EQ-010-93 DATE: 20 January 1993 REPLY TO ATTN OF: XXXXXX NAME WITHHELD PER NSA XXXXXXXXX SUBJECT: Outside Crypto-mathematicians to Examine CLIPPER - DECISION MEMORANDUM TO: Director THRU: D/DIR____, ExDIR_____ 1. Assuming that there will be vocal public doubts expressed about having a classified algorithm in the device we propose for the U.S. law enforcement problem, the CLIPPER chip, we recommend the following to address this: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXX PARAGRAPH 2 BLACKED OUT XXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXX AS STILL SECRET PER NSA XXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 3. If such people agree to this clearance and non-disclosure process, we could go over the algorithm with them to let them develop confidence in its security, and we could also let them examine the detail design of the CLIPPER chip made for the U.S. law enforcement problem to assure themselves that there were no trapdoors or other techniques built in. This would likely require crypto-mathematicians for the algorithm examination and microelectronics chip design engineers for the chip examination. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXX LINES BLACKED OUT AS STILL SECRET XXXXXXXXXXXXXX XXXXXXXXXXXXXX PER NSA XXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX CLINTON C. BROOKS XXXXX LINE BLACKED OUT PER NSA XXXXXX Decision: ___ Agree with this approach ___ Want to hear thoughts of others on Distribution ___ Let's discuss OPTIONAL FORM NO 10 (REV. 1-80) GSA FPMR (41 CFR) 101-11.6 CLASSIFIED BY NSA/CSSM 193-2 SECRET
Source: ELECTRONIC PRIVACY INFORMATION CENTER, FOIA by Marc Rotenberg, page C-16, 1995 EPIC Cryptography and Privacy Sourcebook.
On April 16, the President announced a new initiative aimed at providing a high level of security for sensitive, unclassified communications, while enabling lawfully authorized intercepts of telecommunications by law enforcement officials for criminal investigations. The initiative includes several components:
This report reviews the security provided by the first component, namely the SKIPJACK algorithm.
We attended an initial meeting at the Institute for Defense Analyses Supercomputing Research Center (SRC) from June 21-23. At that meeting, the designer of SKIPJACK provided a complete, detailed description of the algorithm, the rationale for each feature, and the history of the design. The head of the NSA evaluation team described the evaluation process and its results. Other NSA staff briefed us on the LEAF structure and protocols for use, generation of device keys, protection of the devices against reverse engineering, and NSA's history in the design and evaluation of encryption methods contained in SKIPJACK. Additional NSA and NIST staff were present at the meeting to answer our questions and provide assistance. All staff members were forthcoming in providing us with requested information.
At the June meeting, we agreed to integrate our individual evaluations into this joint report. We also agreed to reconvene at SRC from July 19-21 for further discussions and to complete a draft of the report. In the interim, we undertook independent task according to our individual interests and availability.
We investigated more than just SKIPJACK because the security of communications encrypted with the escrowed encryption technology depends on the security provided by all the components of the initiative, including protection of the keys stored on the devices, protection o the key components stored with the escrow agents, the security provided by the LEAF and LEAF decoder, protection of keys after they have been transmitted to law enforcement under court order, and the resistance of the devices to reverse engineering. In addition, the success of the technology initiative depends on factors besides security, for example, performance of the chips. Because some of the components of the escrowed encryption system, particularly the key escrow system, are still under design, we decided to issue this Interim Report on the security of the SKIPJACK algorithm and to defer our Final Report until we could complete our evaluation of the system as a whole.
SKIPJACK is a 64-bit "electronic codebook" algorithm that transforms a 64-bit input block into a 64-bit output block. The transformation is parameterized by an 80-bit key, and involves performing 32 steps or iterations of a complex, nonlinear function. The algorithm can be used in any one of the four operating modes defined in FIPS 81 for use with the Data Encryption Standard (DES).
The SKIPJACK algorithm was developed by NSA and is classified SECRET. It is representative of a family of encryption algorithms developed in 1980 as part of the NSA suite of "Type I" algorithms, suitable for protecting all levels of classified data. The specific algorithm, SKIPJACK, is intended to be used with sensitive but unclassified information.
All content COPYRIGHT SOFTWAR (C) 2000. Any reproduction or use of content herein must be approved by SOFTWAR.