Skipjack (cipher)
 |
This article includes a list of references, related reading or external links, but its sources remain unclear because it lacks inline citations. Please improve this article by introducing more precise citations. (March 2009) |
| General | |
|---|---|
| Designers | NSA |
| First published | 1998 (declassifed) |
| Cipher detail | |
| Key sizes | 80 bits |
| Block sizes | 64 bits |
| Structure | unbalanced Feistel network |
| Rounds | 32 |
| Best public cryptanalysis | |
| 31 rounds are susceptible to impossible differential cryptanalysis. | |
In cryptography, Skipjack is a block cipher—an algorithm for encryption—developed by the U.S. National Security Agency (NSA). Initially classified, it was originally intended for use in the controversial Clipper chip. Subsequently, the algorithm was declassified and now provides a unique insight into the cipher designs of a government intelligence agency.[1]
Contents |
[edit] History of Skipjack
Skipjack was proposed as the encryption algorithm in a US government-sponsored scheme of key escrow, and the cipher was provided for use in the Clipper chip, implemented in tamperproof hardware. Skipjack is used only for encryption; the key escrow is achieved through the use of a separate mechanism known as the Law Enforcement Access Field (LEAF).
The design was initially secret, and was regarded with considerable suspicion by many in the public cryptography community for that reason. It was declassified on 24 June 1998.
To ensure public confidence in the algorithm, several academic researchers from outside the government were called in to evaluate the algorithm (Brickell et al., 1993). The researchers found no problems with either the algorithm itself or the evaluation process. Moreover, their report gave some insight into the (classified) history and development of Skipjack:
- [Skipjack] is representative of a family of encryption algorithms developed in 1980 as part of the NSA suite of "Type I" algorithms... Skipjack was designed using building blocks and techniques that date back more than forty years. Many of the techniques are related to work that was evaluated by some of the world's most accomplished and famous experts in combinatorics and abstract algebra. Skipjack's more immediate heritage dates to around 1980, and its initial design to 1987...The specific structures included in Skipjack have a long evaluation history, and the cryptographic properties of those structures had many prior years of intense study before the formal process began in 1987.[2]
[edit] Description
Skipjack uses an 80-bit key to encrypt or decrypt 64-bit data blocks. It is an unbalanced Feistel network with 32 rounds.[3] It was designed to be used in secured phones.
[edit] Cryptanalysis
Eli Biham and Adi Shamir discovered an attack against 16 of the 32 rounds within one day of declassification,[4] and (with Alex Biryukov) extended this to 31 of the 32 rounds (but with an attack only slightly faster than exhaustive search) within months using impossible differential cryptanalysis.[5]
A truncated differential attack was also published against 28 rounds of Skipjack cipher.[6] This was later complemented by a slide attack on all 32 rounds.[citation needed] Biham, Shamir and Biryukov's attack continues to be the best cryptanalysis of Skipjack known to the public.
[edit] In pop culture
An algorithm named Skipjack forms part of the back-story to Dan Brown's 1998 novel Digital Fortress. In Brown's novel, Skipjack is proposed as the new public-key encryption standard, along with a back door secretly inserted by the NSA ("a few lines of cunning programming") which would have allowed them to decrypt Skipjack using a secret password and thereby "read the world's email". When details of the cipher are publicly released, programmer Greg Hale discovers and announces details of the backdoor. This is arguably similar to the Dual_EC_DRBG NSA controversy.
Additionally, in the Half-Life 2 modification Dystopia, the "encryption" program used in cyberspace apparently uses both Skipjack and Blowfish algorithms.[7]
Skipjack is also mentioned in the novels Hostile Intent and Shock Warning, both by author Michael Walsh.
[edit] References
- ^ Schneier, Bruce (July 15, 1998). "Declassifying Skipjack". http://www.schneier.com/crypto-gram-9807.html#skip.
- ^ Brickell; Denning (July 28, 1993). "SKIPJACK Review Interim Report The SKIPJACK Algorithm". http://www.cs.georgetown.edu/~denning/crypto/clipper/SKIPJACK.txt.
- ^ "SKIPJACK and KEA Algorithm Specifications" (PDF). May 29, 1998. http://csrc.nist.gov/groups/ST/toolkit/documents/skipjack/skipjack.pdf.
- ^ Eli Biham, Adi Shamir. "Initial observations on Skipjack (Biham et al.)". http://www.cs.technion.ac.il/~biham/Reports/SkipJack/note1.html.
- ^ Eli Biham, Adi Shamir, Alex Biryukov (1999). "Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials.". EUROCRYPT: 12–23. http://www.iacr.org/cryptodb/archive/1999/EUROCRYPT/15920012.pdf.
- ^ Lars Knudsen, M.J.B. Robshaw, David Wagner (1999). "Truncated differentials and Skipjack". CRYPTO. http://www.eecs.berkeley.edu/~daw/papers/skipjack-talk.ps.
- ^ "Dystopia Wiki". http://www.dystopia-game.com/wiki/index.php?title=Cyberspace_Interaction#Defensive_Programs.
[edit] Further reading
- L.Granboulan, "Flaws in differential cryptanalysis of Skipjack", FSE 2001.
- R.Chung-Wei Phan, "Cryptanalysis of full Skipjack block cipher", Electronics Letters, Volume 38, Issue 2, p. 69—71, 2002.
[edit] External links
|
||||||||||||||||||||||||||||||||||||||
