The Right To Create Your Own Encryption Keys: Meet the Clipper Chip and Skipjack
The Right To Create Your Own Encryption Keys: Meet the Clipper Chip and Skipjack
In the 1990s, the Internet was just a baby, and few could see its potential. At the time, there was virtually no encrypted traffic. But, how could users keep their communications private, but where law enforcement would still be able to listen to the communications? Well, in 1993, the NSA proposed that communications equipment should be fitted with the Clipper chip and where a copy of the encryption key used would be stored in escrow. Law enforcement agents would then be able to use this key when they were required to snoop on communications.
The NSA, at the time, was quoted as saying:
In the future, we fear that our traditional surveillance tools might be rendered inoperative. In preparation for that day, let’s all agree to voluntarily move the existing surveillance apparatus into the future. It will be just like wiretapping, but now online! We’ll still have to go to a judge and get permission to listen in, but that’s what we already have to do. This will allow us to essentially do the same thing. But before we can do so, we have to bake in this hardware component first, or we’ll be back at square one.
At the time, many people accepted this approach, as there was a worry that the Internet would be used by bad people and that surveillance was thus necessary. It must be remembered that this was a simpler time, and where the surveillance of the telephone and postal network was common practice and where Internet interception would just be a natural extension to this. For the NSA, the usage of the key escrow would allow them to keep a key under the doormat — just in case they needed it. Of course, a warrant would be required for the usage of the escrow key — in order to protect against abuse.
But, some thought that there would be abuses of this and that the encryption method used was not available for review. This included the newly formed EFF (Electronic Frontier Foundation), and who felt that communications could be weak, as there had been no review of the method. Another significant weakness was that US companies would need to integrate the chip, but there would be no such requirement for non-US companies. Luckily, the rights of the citizens to encrypt their own data won the day, and the usage of the Clipper chip faded in just a few years. One restriction was the usage of export limitations for encryption software, but the rise of encryption software, such as with PGP, limited these restrictions.
With the Clipper chip, the Skipjack encryption method was used to encrypt data, and where the Diffie-Hellman method would be used to distribute session keys to hosts. Skipjack was initially kept secret, but its details were released in June 1998. Overall, it uses an 80-bit key and 64-bit cipher blocks, with an unbalanced Feistel network with 32 rounds.
The following is the coding [here]:
namespace Skipjack
{
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Paddings;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Security;
class Program
{
static void Main(string[] args)
{
var msg="Hello";
var iv="00112233445566778899AABBCCDDEEFF00";
var size=128;
var mode="CBC";
if (args.Length >0) msg=args[0];
if (args.Length >1) iv=args[1];
if (args.Length >2) size=Convert.ToInt32(args[2]);
if (args.Length >3) mode=args[3];
try {
var plainTextData=System.Text.Encoding.UTF8.GetBytes(msg);
var cipher = SkipjackEngine();
byte[] nonce = new byte[8];
Array.Copy(Convert.FromHexString(iv), nonce, 8);
PaddedBufferedBlockCipher cipherMode = new PaddedBufferedBlockCipher(new CbcBlockCipher(cipher), new Pkcs7Padding());
if (mode=="ECB") cipherMode = new PaddedBufferedBlockCipher(new EcbBlockCipher (cipher), new Pkcs7Padding());
else if (mode=="CFB") cipherMode = new PaddedBufferedBlockCipher(new CfbBlockCipher (cipher,128 ), new Pkcs7Padding());
CipherKeyGenerator keyGen = new CipherKeyGenerator();
keyGen.Init(new KeyGenerationParameters(new SecureRandom(), size));
KeyParameter keyParam = keyGen.GenerateKeyParameter();
cipherMode.Init(true,keyParam);
int outputSize = cipherMode.GetOutputSize(plainTextData.Length);
byte[] cipherTextData = new byte[outputSize];
int result = cipherMode.ProcessBytes(plainTextData, 0, plainTextData.Length, cipherTextData, 0);
cipherMode.DoFinal(cipherTextData, result);
var rtn = cipherTextData;
// Decrypt
cipherMode.Init(false,keyParam);
outputSize = cipherMode.GetOutputSize(cipherTextData.Length);
plainTextData = new byte[outputSize];
result = cipherMode.ProcessBytes(cipherTextData, 0, cipherTextData.Length,plainTextData, 0);
cipherMode.DoFinal(plainTextData, result);
var pln=plainTextData;
Console.WriteLine("=== {0} ==",cipher.AlgorithmName);
Console.WriteLine("Message:\t\t{0}",msg);
Console.WriteLine("Block size:\t\t{0} bits",cipher.GetBlockSize()*8);
Console.WriteLine("Mode:\t\t\t{0}",mode);
Console.WriteLine("IV:\t\t\t{0}",iv);
Console.WriteLine("Key size:\t\t{0} bits",size);
Console.WriteLine("Key:\t\t\t{0} [{1}]",Convert.ToHexString(keyParam.GetKey()),Convert.ToBase64String(keyParam.GetKey()));
Console.WriteLine("\nCipher (hex):\t\t{0}",Convert.ToHexString(rtn));
Console.WriteLine("Cipher (Base64):\t{0}",Convert.ToBase64String(rtn));
Console.WriteLine("\nPlain:\t\t\t{0}",System.Text.Encoding.ASCII.GetString(pln).TrimEnd('\0'));
} catch (Exception e) {
Console.WriteLine("Error: {0}",e.Message);
}
}
}
}A sample run is [here]:
=== SKIPJACK ==
Message: Hello 123
Block size: 64 bits
Mode: ECB
IV: 00112233445566778899AABBCCDDEEFF00
Key size: 80 bits
Key: 8B06890B764A30FA3937 [iwaJC3ZKMPo5Nw==]
Cipher (hex): F1C39206481C5DB6D7468C3D095F521B
Cipher (Base64): 8cOSBkgcXbbXRow9CV9SGw==
Plain: Hello 123Conclusions
Luckily, the NSA’s drive to use the Clipper chip and Skipjack failed, but we have since continually been faced with efforts by law enforcement to insert back doors into encryption. Luckily, most of this has failed. Basically encryption saved the Internet from being a massive survalience network, and would should not weaken it in the future.