(fwd) Re: Will SKIPJACK's algorithm get out? (Non-technical)
Here's a posting I did on how Skipjack (which I deliberately called "Clipjack") can be likely broken by groups like ours. The anonymous remailers, and the alt.whistleblowing group, can be used to publish details of the whole Skipjack/Capstone/Mykotronx/MYK-78/etc. ball of wax as they become available. Whether we can actually be the ones to analyze the chips or not is immaterial: spreading reports that Clipjack is vulnerable will be useful disinformation (reduced confidence, fewer commercial sales, more acceptance of more provably strong software-based alternatives, etc.) -Tim Newsgroups: sci.crypt,alt.privacy.clipper From: tcmay@netcom.com (Timothy C. May) Subject: Re: Will SKIPJACK's algorithm get out? (Non-technical) Message-ID: <tcmayCBBJCr.BsK@netcom.com> Date: Fri, 6 Aug 1993 03:36:27 GMT Larry Loen (lwloen@rchland.vnet.ibm.com) wrote: : Myself, I confidently expect to see Skipjack published in some Eurocrypt : proceedings or other in the next 4 or 5 years, especially if the darn thing : is actually produced in any volumes. There is a decidely : different attitude in W. Europe towards this sort of thing. : It's mostly a question of economics. Will someone, somewhere put out the : bucks to do a "tear down" of the chip and figure out how it works. I could : imagine some crypto company in Europe doing just that and being also motivated : to publish what they find for competitive reasons. . . Some of us plan to do just this: once "Clipjack" phones are finalized and on sale and/or Mykotronx is selling finalized chips, they'll be looked at. I once ran Intel's electron-beam testing lab, so I have some familiarity with looking at chips, including ostensibly tamper-resistant modules. VLSI Technology is fabbing the chips, using a process said to be quite tamper-resistant. We'll see. (While publishing the algorithm may or may not be illegal, there's no reasonable law saying you can't look at something, unless perhaps it's formally classified....will the Clipjack chips have "Top Secret" stamped on them? Somehow I can't quite picture this in phones sold across the country and outside!) (I'm not saying it'll be easy to do this reverse-engineering, mind you. Between mechanical barriers to access (carbide-like particles in the packaging compound to deter grinding), complex-chemistry epoxies to deter plasma- and chemical-decapping, various chip-level countermeasures (storing bits on floating gates, using multiple layers of metal, etc.), the access to the die surface may be very difficult. The "smartcard" chip makers have led the way in devising tamper-resistant chip processes, though their task is quite a bit easier (stopping access to an active chip on an active smartcard, to modify the money amounts) than Clipjack faces (stopping any examination of the chip topology and programming which would reveal the algorithms used) But given enough samples, enough time, and some commitment, the secrets of Clipjack will fall.) As a "Cypherpunk" (cf. cover of "Wired" #2, "Whole Earth Review" Summer '93, and the current (8-2-93) "Village Voice" cover story), I see no reason not to publish the details. This'll let other folks build phones and other comm systems which spoof or defeat the Clipjack system, especially the disgusting and thoroughly un-American "key escrow" system. Naturally, we'll use our "anonymous remailers" (multiple reroutings of messages, with each node decrypting with its key and passing on what's left to the next chosen node....diffusion and confusion, a la Chaum's 1981 "CACM" paper on "digital mixes") to protect ourselves. No sense taking chances that the Feds will view our "liberation" efforts with disfavor and hit us with charges they devise (violations of Munitions Act, RICO, sedition, etc.). This is how some of our members were able to "liberate" secret Mykotoxin documents from the dumpsters of Mykotoxin (something the Supremes have said is OK for law enforcement to do, by the way) and post them anonymously to our mailing list (I believe these docs were then posted to alt.whistleblowers, but they were only _mentioned_ on sci.crypt, not actually posted). I expect at least _three_ separate groups are preparing to break the Clipjack algorithm, at least as embodied in the Clipper/Skipjack chips that come on the market. Breaking the system also allows independent observers to see if it does in fact contain deliberate weaknesses (though the focus on "weaknesses" is secondary to the basic issue of "key escrow" as a concept--it is key escrow, especially mandatory key escrow, that is the real issue. (Mandatory key escrow is not yet part of law, to be fair, but still "in the wind"...we won't really know for a few more years whether the "voluntary" key escrow system will become mandatory) It'll also be interesting to see how Clipjack phone customers react to the revelations of the algorithms. Crypto anarchy means never having to say you're sorry. Yours in the struggle, -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it.
participants (1)
-
tcmay@netcom.com