-----BEGIN PGP SIGNED MESSAGE-----
From: jim@bilbo.suite.com (Jim Miller) Date: Wed, 13 Dec 95 15:10:25 -0600
Could this timing attack be used to obtain the various keys used by Clipper devices?
Jim, Without having the details of the algorithm, I suspect the answer is 'remotely possible, at best'. However, to extend what I suspect you were getting at: It would be very interesting to determine if the NSA knew about this crypto-design problem and put effort into making Clipper chips resistant to this timing based attack. Without access to internal documents, I suspect this would be hard to determine. We could learn something about the NSA by studying the Clipper chip (or the follow-on PCMCIA product containing SKIPJACK, Capstone). If it could be shown that Clipper chips require a different amount of time/current to encode/decode traffic, then we could conclude one of the following: (A1) The NSA knew about the problem, expected to be able to use the behavior as an illegal backdoor and thus did nothing to close it. (A2) The NSA knew about the problem, expected that no one (including themselves) would be able to exploit the behavior, and thus did nothing to close it. (A3) The NSA didn't know about the problem. Conclusions A1 and A3 would tend to make the NSA look bad. A2 would be fine, if the NSA expectation was found to be valid. To restate, without internal documents, outsiders would have little ability to determine which conclusion to draw even if differences in behavior were detected. If it could be shown that Clipper chips require a fixed amount of time/current to encode/decode traffic, then we could conclude one of the following: (B1) The NSA knew about the issue and compensated for it. (B2) The NSA didn't know about the issue and got lucky. I discount B2 as a valid option. Actually, if the answer was B1, my respect for the NSA would creep up a notch. :-) Regards, Loren - -- Loren J. Rittle (rittle@comm.mot.com) PGP KeyIDs: 1024/B98B3249 2048/ADCE34A5 Systems Technology Research (IL02/2240) FP1024:6810D8AB3029874DD7065BC52067EAFD Motorola, Inc. FP2048:FDC0292446937F2A240BC07D42763672 (708) 576-7794 Call for verification of fingerprints. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMM+HTf8de8m5izJJAQGWJwP8CUJIagN5cyZhRc9Qxq4+u4d/1H7wfAzi OKa+m4XlfEsCKxF9x6vnYXcC2jGKpU43RbCVsLN/FLJjptWuBczXzPMdS1Uu0nPU yVWse7eVx0Jl0dbTpUxm0Z966G4cwmnX0Npq6BnVFlp7mNFJGZv157K17vsHwvYB apf4IwtPqdI= =CDP6 -----END PGP SIGNATURE-----