From: nobody@REPLAY.COM (Anonymous)
To: cypherpunks@toad.com
Message Hash: cd56a660d12a0e62b7459d7ef01bb35f245156182ff388ace290c08a63df999a
Message ID: <199509221230.OAA06528@utopia.hacktic.nl>
Reply To: N/A
UTC Datetime: 1995-09-22 12:30:42 UTC
Raw Date: Fri, 22 Sep 95 05:30:42 PDT
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 22 Sep 95 05:30:42 PDT
To: cypherpunks@toad.com
Subject: Re: Project: a standard cell random number generator
Message-ID: <199509221230.OAA06528@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain
These supplement JG's post on CAPSTONE -- which is itself
available with related crypto papers at csrc.ncsl.gov:
------------------
URL: http://csrc.ncsl.nist.gov/nistgen/clip.txt
CLIPPER CHIP TECHNOLOGY
CLIPPER is an NSA developed, hardware oriented,
cryptographic device that implements a symmetric
encryption/decryption algorithm and a law enforcement
satisfying key escrow system. While the escrow management
system design is not completely designed, the
cryptographic algorithm (SKIPJACK) is completely
specified (and classified SECRET).
The cryptographic algorithm (called CA in this paper) has
the following characteristics:
1. Symmetric, 80-bit key encryption/decryption
algorithm;
2. Similar in function to DES (i.e., basically a 64-bit
code book transformation that can be used in the
same four modes of operation as specified for DES in
FIPS 81);
3. 32 rounds of processing per single encrypt/decrypt
operation;
4. Design started by NSA in 1985; evaluation completed
in 1990.
The CLIPPER CHIP is just one implementation of the CA.
The CLIPPER CHIP designed for the AT&T commercial secure
voice products has the following characteristics:
1. Functions specified by NSA; logic designed by
MYKOTRONX; chip fabricated by VLSI, Inc.:
manufactured chip programmed (made unique) by
MYKOTRONX to security equipment manufacturers
willing to follow proper security procedures for
handling and storage of the programmed chip;
equipment sold to customers;
2. Resistant to reverse engineering against a very
sophisticated, well funded adversary;
3. 15-20 MB/S encryption/decryption constant throughout
once cryptographic synchronization is established
with distant CLIPPER Chip;
4. The chip programming equipment writes (one time) the
following information into a special memory (called
VROM or VIA-Link) on the chip:
a. (unique) serial number
b. (unique) unit key
c. family key
d. specialized control software
5. Upon generation (or entry) of a session key in the
chip, the chip performs the following actions:
a. Encrypts the 80-bit session key under the unit
key producing an 80-bit intermediate result;
b. Concatenates the 80-bit result with the 25-bit
serial number and a 23-bit authentication
pattern (total of 128 bits);
c. Enciphers this 128 bits with family key to
produce a 128-bit cipher block chain called the
Law Enforcement Field (LEF);
d. Transmits the LEF at least once to the intended
receiving CLIPPER chip;
e. The two communicating CLIPPER chips use this
field together with a random IV to establish
Cryptographic Synchronization.
6. Once synchronized, the CLIPPER chips use the session
key to encrypt/decrypt data in both directions;
7. The chips can be programmed to not enter secure mode
if the LEF field has been tampered with (e.g.,
modified, superencrypted, replaced);
8. CLIPPER chips will be available from a second source
in the future;
9. CLIPPER chips will be modified and upgraded in the
future;
10. CLIPPER chips presently cost $16.00 (unprogrammed)
and $26.00 (programmed).
4/30/93
-------------------
URL: http://csrc.ncsl.nist.gov/nistnews/esc_key2.txt
February 4, 1994
AUTHORIZATION PROCEDURES
FOR RELEASE OF ENCRYPTION KEY COMPONENTS
IN CONJUNCTION WITH INTERCEPTS PURSUANT TO FISA
The following are the procedures for the release of
escrowed key components in conjunction with lawfully
authorized interception of communications encrypted with
a key-escrow encryption method. These procedures cover
all electronic surveillance conducted pursuant to the
Foreign Intelligence Surveillance Act (FISA), Pub. L.
95-511, which appears at Title 50, U.S. Code, Section
1801 et seq.
1) In each case there shall be a legal authorization
for the interception of wire and/or electronic
communications.
2) In the event that federal authorities discover
during the course of any lawfully authorized
interception that communications encrypted with a
key-escrow encryption method are being utilized,
they may obtain a certification from an agency
authorized to participate in the conduct of the
interception, or from the Attorney General of the
United States or designee thereof. Such
certification shall
(a) identify the agency participating in the conduct
of the interception and the person providing the
certification;
(b) certify that necessary legal authorization has
been obtained to conduct electronic surveillance
regarding these communications;
(c) specify the termination date of the period for
which interception has been authorized;
(d) identify by docket number or other suitable
method of specification the source of the
authorization;
(e) certify that communications covered by that
authorization are being encrypted with a
key-escrow encryption method;
(f) specify the identifier (ID) number of the
key-escrow encryption chip providing such
encryption; and
(g) specify the serial (ID) number of the key-escrow
decryption device that will be used by the
agency participating in the conduct of the
interception for decryption of the intercepted
communications.
4) This certification shall be submitted to each of the
designated key component escrow agents. If the
certification has been provided by an agency
authorized to participate in the conduct of the
interception, a copy shall be provided to the
Department of Justice, Office of Intelligence Policy
and Review. As soon as possible, an attorney
associated with that office shall provide each of
the key component escrow agents with written
confirmation of the certification.
5) Upon receiving the certification, each key component
escrow agent shall release the necessary key
component to the agency participating in the conduct
of the interception. The key components shall be
provided in a manner that assures they cannot be
used other than in conjunction with the lawfully
authorized electronic surveillance for which they
were requested.
6) Each of the key component escrow agents shall retain
a copy of the certification, as well as the
subsequent written confirmation of the Department of
Justice, Office of Intelligence Policy and Review.
7) Upon, or prior to, completion of the electronic
surveillance phase of the investigation, the ability
of the agency participating in the conduct of the
interception to decrypt intercepted communications
shall terminate, and such agency may not retain the
key components.
8) The Department of Justice shall, in each such case,
(a) ascertain the existence of authorizations for
electronic surveillance in cases for which
escrowed key components have been released;
(b) ascertain that key components for a particular
key-escrow encryption chip are being used only
by an agency authorized to participate in the
conduct of the interception of communications
encrypted with that chip; and
(c) ascertain that, no later than the completion of
the electronic surveillance phase of the
investigation, the ability of the agency
participating in the conduct of the interception
to decrypt intercepted communications is
terminated.
9) Reports to the House Permanent Select Committee on
Intelligence and the Senate Select Committee on
Intelligence, pursuant to Section 108 of FISA,
shall, with respect to any order for authorized
electronic surveillance for which escrowed
encryption components were released and used for
decryption, specifically note that fact.
These procedures do not create, and are not intended to
create, any substantive rights for individuals
intercepted through electronic surveillance, and
noncompliance with these procedures shall not provide the
basis for any motion to suppress or other objection to
the introduction of electronic surveillance evidence
lawfully acquired.
------------------
Return to September 1995
Return to “nobody@REPLAY.COM (Anonymous)”
1995-09-22 (Fri, 22 Sep 95 05:30:42 PDT) - Re: Project: a standard cell random number generator - nobody@REPLAY.COM (Anonymous)