[originally from Computer underground Digest 6.17] Date: 18 Feb 94 15:23:33 EST From: Mark Lloyd <73670.57@COMPUSERVE.COM> Subject: File 6--Clipper Questions and Answers in a Nutshell Clipper Q and A By W. Mark Lloyd WHAT IS THE CLIPPER CHIP? The Clipper chip is an encryption chip using an algorithm called Skipjack. The Skipjack algorithm was developed by the National Security Agency (NSA) for the National Institute of Standards and Technology (NIST). Data encrypted using the Skipjack algorithm can be decrypted using a secret process that requires two separate keys. These keys would be escrowed separately by NIST and the Department of Treasury. Under the plan, a law enforcement agency would require a court order to get the two keys that would have to be combined to decrypt a transmission generated with a Clipper chip. HOW DOES THE SKIPJACK ALGORITHM DO THIS? Encryption algorithms use numbers called keys that are like combinations to a lock. Messages are encrypted and decrypted much the same as locks are locked and unlocked. The key to any Clipper encoded message is itself encrypted using a key derived from two other keys that are stored separately. The encrypted key and a number that identifies the chip that sent the message are then encrypted with another key that is common to many other chips. All of this is sent along with the encrypted original message. This is done so if a law enforcement agency wants to decrypt a message the process can be reversed: The outer portion of the encrypted key is decrypted to get the number that identifies the unit that sent the message. This is used to obtain the two separate escrowed keys that are then combined to decrypt the session key that allows the original message to be decrypted. Let s look at another way. You have the session key S, the key E derived from the two escrowed keys, the family key F, the message M and the chip identification number C. It s all put together like this: (M encrypted with key S)+(((S encrypted with key E) C )encrypted with F) IS THE SYSTEM SECURE? If everything goes right, according to the a panel of five cryptography experts who have reviewed it. WHAT ALGORITHM DOES THE ACTUAL ENCRYPTION? That is classified information. BUT AREN'T GOOD ENCRYPTION ALGORITHMS SECURE, EVEN WHEN EVERYONE KNOWS WHAT THEY ARE, LIKE DES? Yes. THEN WHY NOT JUST PUBLISH THE ALGORITHM? The reasons cited are that compromising the algorithm would be detrimental to national security. This means that secret techniques are used in the algorithm. SO A GOVERNMENT SECRET IS GOING TO BE IN THOUSANDS OF THESE CLIPPER CHIPS SHIPPED ALL OVER THE WORLD? That's the plan. SO IF SOMEONE FIGURES OUT HOW TO GET THE ALGORITHM FROM THE CLIPPER CHIPS, OUR NATIONAL SECURITY COULD BE COMPROMISED? If you follow the NSA's logic, yes. Law enforcement officials are going to be using the algorithm and the family key many time to get unit identification numbers. Let s say that the algorithm is leaked. Or one of the black boxes that will be used to decrypt the chips is compromised and the algorithm and family keys are generally known? What will happens then? The algorithm could be subject to tampering. From our explanation in question two we would go from this: (M encrypted with key S)+(((S encrypted with key E) C )encrypted with F) to this (M encrypted with key S)+(S encrypted with key E) C. This would leave the chip number open to tampering. Also in theory it would allow a steady attack on the key E, that would compromise the unit. This attack is theoretically better than attacking a message without the law enforment field, but even if the key S is known (by getting someone with a chip with to send you a message with a key you have negotiated) it would still be difficult with today s computer power. In any case anyone with anything to hide wouldn t use a Clipper chip for transmissions they wanted to keep secret from law enforcement authorities. MOST ENCRYPTION IS DONE WITH SOFTWARE. CAN THE SKIPJACK ALGORITHM BE USED IN SOFTWARE ENCRYPTING SYSTEMS? No. The nature of the Skipjack algorithm makes it only useful if it is released in a special tamper proof chip. SO THE ALGORITHM IS ONLY USEFUL FOR APPLICATIONS THAT CAN USE HARDWARE ENCRYPTION? Yes. WHAT IF I WANT TO ENCRYPT A MESSAGE WITH A REALLY SECURE ALGORITHM BEFORE IT IS ENCRYPTED BY A CLIPPER CHIP? That would be a simple and obvious way to get around the Clipper chip. BUT ISN'T MOST ENCRYPTION CURRENTLY DONE USING SOFTWARE ON GENERAL PURPOSE MICROPROCESSORS? Yes. IS CLIPPER GOING TO BE EASIER TO EXPORT THAN DES? According to the Clinton administration, yes. IS THERE A FOREIGN MARKET FOR CLIPPER ENCRYPTION DEVICES? For there to be a market there needs to be a reason for foreign purchasers to prefer Skipjack or Clipper technology to currently available algorithms. This has not been shown to be true. There a report in the British press that the NSA has a representative in London that is lobbying European governments to adopt the Clipper chip. WHAT IF A FOREIGN GOVERNMENT WANTS TO SPY ON THEIR OWN CITIZENS, WILL WE GIVE THEM THE KEYS TO DO THIS? Good question. What if a foreign government allows the importation of Clipper chips, but only if they get the keys first? Would we be responsible for their abuse? That question has not been answered yet. If we only give them the key when they ask, what if we suspect the keys they want are to spy on a political adversay. What if a foreign government decides to make an issue of us not giving them the keys to a Clipper chip we sold them? How will we deal with this? We would be in a no win situation. WILL THE NSA GET THE KEYS TO SKIPJACK UNITS THAT ARE EXPORTED? Government officials have said to some people that the NSA will not get these keys. NSA has not yet said this on the record. HAVE ORGANIZATIONS THAT REPRESENT THE COMPUTER HARDWARE AND SOFTWARE INDUSTRIES ASKED FOR A NEW ALGORITHM TO EXPORT? No. Both the Software Publishing Association and the American Electronics Association, along with other industry groups, have asked that the DES algorithm be made available for easy export. The DES algorithm is already available all over the world. DES is classified as a munition by the US government and cannot be exported easily. THE ANNOUNCEMENT FROM THE WHITE HOUSE ON FEBRUARY 4 SPOKE ABOUT THE PROBLEM OF "TERRORISTS, DRUG DEALERS, AND OTHER CRIMINALS" USING ENCRYPTION. WILL THE CLIPPER CHIP DO ANYTHING TO PREVENT THESE PEOPLE FROM USING NON-ESCROWED ENCRYPTION TECHNIQUES? No. These prople will be able to encrypt with whatever algorithm they want. ARE THERE OTHER WAYS OF ESCROWING KEYS VOLUNTARILY, FOR GOVERNMENTAL AND BANKING NEEDS THAT REQUIRE BOTH CONFIDENTIALITY AND ACCOUNTABILITY? Yes. There is work being done now on techniques that allow much more flexible ways of voluntarily escrowing keys.