(fwd) Re: Will SKIPJACK's algorithm get out? (Non-technical)

Timothy C. May tcmay at netcom.com
Thu Aug 5 20:48:39 PDT 1993


Here's a posting I did on how Skipjack (which I deliberately called
"Clipjack") can be likely broken by groups like ours. The anonymous
remailers, and the alt.whistleblowing group, can be used to publish
details of the whole Skipjack/Capstone/Mykotronx/MYK-78/etc. ball of
wax as they become available.

Whether we can actually be the ones to analyze the chips or not is
immaterial: spreading reports that Clipjack is vulnerable will be
useful disinformation (reduced confidence, fewer commercial sales,
more acceptance of more provably strong software-based alternatives,
etc.)

-Tim


Newsgroups: sci.crypt,alt.privacy.clipper
From: tcmay at netcom.com (Timothy C. May)
Subject: Re: Will SKIPJACK's algorithm get out? (Non-technical)
Message-ID: <tcmayCBBJCr.BsK at netcom.com>
Date: Fri, 6 Aug 1993 03:36:27 GMT


Larry Loen (lwloen at rchland.vnet.ibm.com) wrote:

: Myself, I confidently expect to see Skipjack published in some Eurocrypt
: proceedings or other in the next 4 or 5 years, especially if the darn thing
: is actually produced in any volumes.  There is a decidely
: different attitude in W. Europe towards this sort of thing.

: It's mostly a question of economics.  Will someone, somewhere put out the
: bucks to do a "tear down" of the chip and figure out how it works.  I could
: imagine some crypto company in Europe doing just that and being also motivated
: to publish what they find for competitive reasons. . . 

Some of us plan to do just this: once "Clipjack" phones are finalized
and on sale and/or Mykotronx is selling finalized chips, they'll be
looked at.

I once ran Intel's electron-beam testing lab, so I have some
familiarity with looking at chips, including ostensibly
tamper-resistant modules. VLSI Technology is fabbing the chips, using
a process said to be quite tamper-resistant. We'll see. (While
publishing the algorithm may or may not be illegal, there's no
reasonable law saying you can't look at something, unless perhaps it's
formally classified....will the Clipjack chips have "Top Secret"
stamped on them? Somehow I can't quite picture this in phones sold
across the country and outside!)

(I'm not saying it'll be easy to do this reverse-engineering, mind
you.  Between mechanical barriers to access (carbide-like particles in
the packaging compound to deter grinding), complex-chemistry epoxies
to deter plasma- and chemical-decapping, various chip-level
countermeasures (storing bits on floating gates, using multiple layers
of metal, etc.), the access to the die surface may be very difficult.
The "smartcard" chip makers have led the way in devising
tamper-resistant chip processes, though their task is quite a bit
easier (stopping access to an active chip on an active smartcard, to
modify the money amounts) than Clipjack faces (stopping any
examination of the chip topology and programming which would reveal
the algorithms used) 

But given enough samples, enough time, and some
commitment, the secrets of Clipjack will fall.)

As a "Cypherpunk" (cf. cover of "Wired" #2, "Whole Earth Review" Summer '93,
and the current (8-2-93) "Village Voice" cover story), I see no reason
not to publish the details. This'll let other folks build phones and other
comm systems which spoof or defeat the Clipjack system, especially the
disgusting and thoroughly un-American "key escrow" system.

Naturally, we'll use our "anonymous remailers" (multiple reroutings of
messages, with each node decrypting with its key and passing on what's
left to the next chosen node....diffusion and confusion, a la Chaum's
1981 "CACM" paper on "digital mixes") to protect ourselves. No sense
taking chances that the Feds will view our "liberation" efforts with
disfavor and hit us with charges they devise (violations of Munitions
Act, RICO, sedition, etc.). This is how some of our members were able
to "liberate" secret Mykotoxin documents from the dumpsters of
Mykotoxin (something the Supremes have said is OK for law enforcement
to do, by the way) and post them anonymously to our mailing list (I
believe these docs were then posted to alt.whistleblowers, but they were
only _mentioned_ on sci.crypt, not actually posted).

I expect at least _three_ separate groups are preparing to break the
Clipjack algorithm, at least as embodied in the Clipper/Skipjack chips
that come on the market.

Breaking the system also allows independent observers to see if it
does in fact contain deliberate weaknesses (though the focus on
"weaknesses" is secondary to the basic issue of "key escrow" as a
concept--it is key escrow, especially mandatory key escrow, that is
the real issue. (Mandatory key escrow is not yet part of law, to be
fair, but still "in the wind"...we won't really know for a few more
years whether the "voluntary" key escrow system will become mandatory)

It'll also be interesting to see how Clipjack phone customers react to
the revelations of the algorithms.

Crypto anarchy means never having to say you're sorry.


Yours in the struggle, 

-Tim May
-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.
Note: I put time and money into writing this posting. I hope you enjoy it.






More information about the cypherpunks-legacy mailing list