This preview shows page 1. Sign up to view the full content.
Unformatted text preview: uquelin, 75005 Paris, France. 13.12 Skipjack
Skipjack is the NSAdeveloped encryption algorithm for the Clipper and Capstone chips (see Sections 24.16 and 24.17). Since the algorithm is classified Secret, its details have never been published. It will only be implemented in tamperproof hardware. The algorithm is classified Secret, not because that enhances its security, but because the NSA doesn’t want Skipjack being used without the Clipper keyescrow mechanism. They don’t want the algorithm implemented in software and spread around the world. Is Skipjack secure? If the NSA wants to produce a secure algorithm, they presumably can. On the other hand, if the NSA wants to design an algorithm with a trapdoor, they can do that as well. Here’s what has been published [1154, 462]. — It’s an iterative block cipher. — The block size is 64 bits. — It has an 80bit key. — It can be used in ECB, CBC, 64bit OFB, or 1, 8, 16, 32 or 64bit CFB modes. — There are 32 rounds of processing per single encrypt or decrypt operation. — NSA started the design in 1985 and completed the evaluation in 1990. The documentation for the Mykotronx Clipper chip says that the latency for the Skipjack algorithm is 64 clock cycles. This means that each round consists of two clock cycles: presumably one for the Sbox substitution and another for the final XOR at the end of the round. (Remember: permutations take no time in hardware.) The Mykotronx documentation calls this twoclockcycle operation a “Gbox, ” and the whole thing a “shift.” (Some part of the Gbox is called an “Ftable, ” probably a table of constants but maybe a table of functions.) I heard a rumor that Skipjack uses 16 Sboxes, and another that the total memory requirement for storing the Sboxes is 128 bytes. It is unlikely that both of these rumors are true. Another rumor implies that Skipjack’s rounds, unlike DES’s, do not operate on half of the block size. This, combined with the notion of “shifts, ” an inadvertent statement...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details