| |
CLIPPER CHIP TECHNOLOGY
CLIPPERis an NSA developed, hardware oriented, cryptographic device
that implements a symmetric encryption/decryption algorithm and
a law enforcement satisfying key escrow system. While the escrow
management system design is not completely designed, the cryptographic
algorithm (SKIPJACK) is completely specified (and classified SECRET).
The cryptographic algorithm (called CA in this paper) has the
following characteristics:
| 1. Symmetric, 80-bit key encryption/decryption algorithm;
| 2. Similar in function to DES (i.e., basically a 64-bit code
book transformation that can be used in the same four modes of
operation as specified for DES in FIPS 81);
| 3. 32 rounds of processing per single encrypt/decrypt operation;
| 4. Design started by NSA in 1985; evaluation completed in
1990.
| | | |
The CLIPPER CHIP is just one implementation of the CA. The CLIPPER
CHIP designed for the AT&T commercial secure voice products
has the following characteristics:
| 1. Functions specified by NSA; logic designed by MYKOTRONX;
chip fabricated by VLSI, Inc.: manufactured chip programmed (made
unique) by MYKOTRONX to security equipment manufacturers willing
to follow proper security procedures for handling and storage
of the programmed chip; equipment sold to customers;
| 2. Resistant to reverse engineering against a very sophisticated,
well funded adversary;
| 3. 15-20 MB/S encryption/decryption constant throughout once
cryptographic synchronization is established with distant CLIPPER
Chip;
| 4. The chip programming equipment writes (one time) the following
information into a special memory (called VROM or VIA-Link) on
the chip:
| a. (unique) serial number
| b. (unique) unit key
| c. family key
| d. specialized control software
| | | |
| | | |
| 5. Upon generation (or entry) of a session key in the chip,
the chip performs the following actions:
| a. Encrypts the 80-bit session key under the unit key producing
an 80-bit intermediate result;
| b. Concatenates the 80-bit result with the 25-bit serial number
and a 23-bit authentication pattern (total of 128 bits);
| c. Enciphers this 128 bits with family key to produce a 128-bit
cipher block chain called the Law Enforcement Field (LEF);
| d. Transmits the LEF at least once to the intended receiving
CLIPPER chip;
| e. The two communicating CLIPPER chips use this field together
with a random IV to establish Cryptographic Synchronization.
| | | | |
|
| 6. Once synchronized, the CLIPPER chips use the session key
to encrypt/decrypt data in both directions;
| 7. The chips can be programmed to not enter secure mode if
the LEF field has been tampered with (e.g., modified, superencrypted,
replaced);
| 8. CLIPPER chips will be available from a second source in
the future;
| 9. CLIPPER chips will be modified and upgraded in the future;
| 10. CLIPPER chips presently cost $16.00 (unprogrammed) and
$26.00 (programmed).
| | | | |
4/30/93
|