Skipjack (cipher)
|
In cryptography, Skipjack is a block cipher — an algorithm for encryption — developed by the US National Security Agency (NSA). Initially classified, it was originally intended for use in the controversial Clipper chip. Subsequently, the algorithm was declassified and now provides as a unique insight into the cipher designs of a government intelligence agency.
Contents |
History of Skipjack
Skipjack was proposed as the encryption algorithm in a US government-sponsored scheme of key escrow, and the cipher was provided for use in the Clipper chip, implemented in tamperproof hardware. Skipjack is used only for encryption; the key escrow is achieved through the use of a separate mechanism known as the Law Enforcement Access Field (LEAF).
The design was originally secret, and was regarded with considerable suspicion by many in the public cryptography community for that reason. It was declassified on 24 June 1998.
To ensure public confidence in the algorithm, several academic researchers from outside the government were called in to evaluate the algorithm (Brickell et. al., 1993). The researchers found no problems with either the algorithm itself or the evaluation process. Moreover, their report gave some insight into the (classified) history and development of Skipjack:
- [Skipjack] is representative of a family of encryption algorithms developed in 1980 as part of the NSA suite of "Type I" algorithms... SKIPJACK was designed using building blocks and techniques that date back more than forty years. Many of the techniques are related to work that was evaluated by some of the world's most accomplished and famous experts in combinatorics and abstract algebra. SKIPJACK's more immediate heritage dates to around 1980, and its initial design to 1987...The specific structures included in SKIPJACK have a long evaluation history, and the cryptographic properties of those structures had many prior years of intense study before the formal process began in 1987. — SKIPJACK Review, Interim Report, 1993.
Description
Skipjack uses an 80-bit key to encrypt 64-bit data blocks. It is an unbalanced Feistel network with 32 rounds.
Cryptanalysis
Eli Biham and Adi Shamir discovered an attack against 16 of the 32 rounds within one day of declassification, and (with Alex Biryukov) extended this to 31 of the 32 rounds within months using impossible differential cryptanalysis.
As of 2004, no better attack has been discovered.
See also
References
- Biham, E., Biryukov, A., Shamir, A. (1999). Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. EUROCRYPT 1999, pp12–23.
- E.F.Brickell, D.E.Denning, S.T.Kent, D.P.Mahler, W.Tuchman, "SKIPJACK Review ", Interim Report, July 28, (1993), 8 pages. Available at: http://www.cs.georgetown.edu/~denning/crypto/clipper/SKIPJACK.txt
External Links
- Initial observations on Skipjack (Biham et al.) (http://www.cs.technion.ac.il/~biham/Reports/SkipJack/note1.html)
- Specification of Skipjack (http://csrc.nist.gov/encryption/skipjack/skipjack.pdf) (PDF)
- SCAN's entry for the cipher (http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#SKIPJACK)
- Bruce Schneier's comments on declassification (http://www.schneier.com/crypto-gram-9807.html#skip)
- fip185 Escrowed Encryption Standard EES (http://www.itl.nist.gov/fipspubs/fip185.htm)
Block ciphers edit (https://academickids.com:443/encyclopedia/index.php?title=Template:Block_ciphers&action=edit) |
Algorithms: 3-Way | AES | Akelarre | Blowfish | Camellia | CAST-128 | CAST-256 | CMEA | DEAL | DES | DES-X | FEAL | FOX | FROG | G-DES | GOST | ICE | IDEA | Iraqi | KASUMI | KHAZAD | Khufu and Khafre | LOKI89/91 | LOKI97 | Lucifer | MacGuffin | Madryga | MAGENTA | MARS | MISTY1 | MMB | NewDES | RC2 | RC5 | RC6 | REDOC | Red Pike | S-1 | SAFER | SEED | Serpent | SHACAL | SHARK | Skipjack | Square | TEA | Triple DES | Twofish | XTEA |
Design: Feistel network | Key schedule | Product cipher | S-box | SPN Attacks: Brute force | Linear / Differential cryptanalysis | Mod n | XSL Standardisation: AES process | CRYPTREC | NESSIE Misc: Avalanche effect | Block size | IV | Key size | Modes of operation | Piling-up lemma | Weak key |