Clipper chip
Encyclopedia
The Clipper chip was a chipset
that was developed and promoted by the U.S. National Security Agency
as an encryption
device to be adopted by telecommunications companies for voice transmission. It was announced in 1993 and by 1996 was entirely defunct.
called Skipjack
to transmit information and the Diffie-Hellman key exchange
-algorithm to distribute the cryptokeys between the peers. Skipjack was invented by the National Security Agency
of the U.S. Government; this algorithm was initially classified
SECRET, which prevented it from being subjected to peer review from the encryption research community. The government did state that it used an 80-bit key, that the algorithm was symmetric, and that it was similar to the DES
algorithm. The Skipjack algorithm was declassified and published by NSA on June 24, 1998. The initial cost of the chips was said to be $16 (unprogrammed) or $26 (programmed), with its logic designed by Mykotronx, and fabricated by VLSI Technology, Inc.
But the heart of the concept was key escrow
. In the factory, any new telephone or other device with a Clipper chip would be given a "cryptographic key
", that would then be provided to the government in "escrow
". If government agencies "established their authority" to listen to a communication, then the key would be given to those government agencies, who could then decrypt all data transmitted by that particular telephone. The newly formed Electronic Frontier Foundation
preferred the term "key surrender" to emphasize what they alleged was really occurring.
and the Electronic Frontier Foundation
challenged the Clipper chip proposal, saying that it would have the effect not only of subjecting citizens to increased and possibly illegal government surveillance
, but that the strength of the Clipper chip's encryption could not be evaluated by the public, as its design was classified secret, and that therefore individuals and businesses might be hobbled with an insecure communications system. Further, it was pointed out that while American companies could be forced to use the Clipper chip in their encryption products, foreign companies could not, and presumably phones with strong data encryption would be manufactured abroad and spread throughout the world and into the United States, defying the point of the whole exercise, and, of course, materially damaging U.S. manufacturers en route. Then-Senator John Ashcroft
and John Kerry
were opponents of the Clipper chip proposal, arguing in favor of the individual's right to encrypt messages and export encryption software.
The release and development of several strong cryptographic software packages such as Nautilus
, PGP
and PGPfone
was in response to the government push for the Clipper chip. The thinking was that if strong cryptography was freely available on the internet as an alternative, the government would be unable to stop its use. This strategy was mostly effective; and key escrow
in the form of the Clipper chip died.
published the paper Protocol Failure in the Escrowed Encryption Standard. It pointed out that the Clipper's escrow system has a serious vulnerability. The chip transmitted a 128-bit "Law Enforcement Access Field" (LEAF) that contained the information necessary to recover the encryption key. To prevent the software that transmitted the message from tampering with the LEAF, a 16-bit hash was included. The Clipper chip would not decode messages with an invalid hash; however, the 16 bit hash was too short to provide meaningful security. A brute force attack
would quickly produce another LEAF value that would give the same hash but not yield the correct keys after the escrow attempt. This would allow the Clipper chip to be used as an encryption device, while disabling the key escrow capability.
by offering incentives to manufacturers, allowing more relaxed export controls if key escrow were part of cryptographic software that was exported. These attempts were largely made moot by the widespread use of strong cryptographic technologies such as PGP
, which was not under the control of the U.S. government.
In 1998 Skipjack
, the encryption algorithm used in Clipper, was declassified.
Chipset
A chipset, PC chipset, or chip set refers to a group of integrated circuits, or chips, that are designed to work together. They are usually marketed as a single product.- Computers :...
that was developed and promoted by the U.S. National Security Agency
National Security Agency
The National Security Agency/Central Security Service is a cryptologic intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting U.S...
as an encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
device to be adopted by telecommunications companies for voice transmission. It was announced in 1993 and by 1996 was entirely defunct.
Key escrow
The Clipper chip used a data encryption algorithmAlgorithm
In mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...
called Skipjack
Skipjack (cipher)
In cryptography, Skipjack is a block cipher—an algorithm for encryption—developed by the U.S. National Security Agency . Initially classified, it was originally intended for use in the controversial Clipper chip...
to transmit information and the Diffie-Hellman key exchange
Diffie-Hellman key exchange
Diffie–Hellman key exchange Synonyms of Diffie–Hellman key exchange include:*Diffie–Hellman key agreement*Diffie–Hellman key establishment*Diffie–Hellman key negotiation...
-algorithm to distribute the cryptokeys between the peers. Skipjack was invented by the National Security Agency
National Security Agency
The National Security Agency/Central Security Service is a cryptologic intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting U.S...
of the U.S. Government; this algorithm was initially classified
Classified information in the United States
The United States government classification system is currently established under Executive Order 13526, the latest in a long series of executive orders on the topic. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the...
SECRET, which prevented it from being subjected to peer review from the encryption research community. The government did state that it used an 80-bit key, that the algorithm was symmetric, and that it was similar to the DES
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
algorithm. The Skipjack algorithm was declassified and published by NSA on June 24, 1998. The initial cost of the chips was said to be $16 (unprogrammed) or $26 (programmed), with its logic designed by Mykotronx, and fabricated by VLSI Technology, Inc.
But the heart of the concept was key escrow
Key escrow
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys...
. In the factory, any new telephone or other device with a Clipper chip would be given a "cryptographic key
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
", that would then be provided to the government in "escrow
Escrow
An escrow is:* an arrangement made under contractual provisions between transacting parties, whereby an independent trusted third party receives and disburses money and/or documents for the transacting parties, with the timing of such disbursement by the third party dependent on the fulfillment of...
". If government agencies "established their authority" to listen to a communication, then the key would be given to those government agencies, who could then decrypt all data transmitted by that particular telephone. The newly formed Electronic Frontier Foundation
Electronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
preferred the term "key surrender" to emphasize what they alleged was really occurring.
Backlash
Organizations such as the Electronic Privacy Information CenterElectronic Privacy Information Center
Electronic Privacy Information Center is a public interest research group in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values in the information age...
and the Electronic Frontier Foundation
Electronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
challenged the Clipper chip proposal, saying that it would have the effect not only of subjecting citizens to increased and possibly illegal government surveillance
Surveillance
Surveillance is the monitoring of the behavior, activities, or other changing information, usually of people. It is sometimes done in a surreptitious manner...
, but that the strength of the Clipper chip's encryption could not be evaluated by the public, as its design was classified secret, and that therefore individuals and businesses might be hobbled with an insecure communications system. Further, it was pointed out that while American companies could be forced to use the Clipper chip in their encryption products, foreign companies could not, and presumably phones with strong data encryption would be manufactured abroad and spread throughout the world and into the United States, defying the point of the whole exercise, and, of course, materially damaging U.S. manufacturers en route. Then-Senator John Ashcroft
John Ashcroft
John David Ashcroft is a United States politician who served as the 79th United States Attorney General, from 2001 until 2005, appointed by President George W. Bush. Ashcroft previously served as the 50th Governor of Missouri and a U.S...
and John Kerry
John Kerry
John Forbes Kerry is the senior United States Senator from Massachusetts, the 10th most senior U.S. Senator and chairman of the Senate Foreign Relations Committee. He was the presidential nominee of the Democratic Party in the 2004 presidential election, but lost to former President George W...
were opponents of the Clipper chip proposal, arguing in favor of the individual's right to encrypt messages and export encryption software.
The release and development of several strong cryptographic software packages such as Nautilus
Nautilus (secure telephone)
Nautilus is a program which allows two parties to securely communicate using modems or TCP/IP. It runs from a command line and is available for the Linux and Windows operating systems...
, PGP
Pretty Good Privacy
Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
and PGPfone
PGPfone
PGPfone was a secure voice telephony system developed by Philip Zimmermann in 1995. The PGPfone protocol had little in common with Zimmermann's popular PGP email encryption package, except for the use of the name. It used ephemeral Diffie-Hellman protocol to establish a session key, which was...
was in response to the government push for the Clipper chip. The thinking was that if strong cryptography was freely available on the internet as an alternative, the government would be unable to stop its use. This strategy was mostly effective; and key escrow
Key escrow
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys...
in the form of the Clipper chip died.
Vulnerability
In 1994, Matt BlazeMatt Blaze
Matt Blaze is a researcher in the areas of secure systems, cryptography, and trust management. He is currently an Associate Professor of Computer and Information Science at the University of Pennsylvania; he received his PhD in Computer Science from Princeton University.In 1992, while working for...
published the paper Protocol Failure in the Escrowed Encryption Standard. It pointed out that the Clipper's escrow system has a serious vulnerability. The chip transmitted a 128-bit "Law Enforcement Access Field" (LEAF) that contained the information necessary to recover the encryption key. To prevent the software that transmitted the message from tampering with the LEAF, a 16-bit hash was included. The Clipper chip would not decode messages with an invalid hash; however, the 16 bit hash was too short to provide meaningful security. A brute force attack
Brute force attack
In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...
would quickly produce another LEAF value that would give the same hash but not yield the correct keys after the escrow attempt. This would allow the Clipper chip to be used as an encryption device, while disabling the key escrow capability.
Lack of adoption
The Clipper chip was not embraced by consumers or manufacturers and the chip itself was a dead issue by 1996. The U.S. government continued to press for key escrowKey escrow
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys...
by offering incentives to manufacturers, allowing more relaxed export controls if key escrow were part of cryptographic software that was exported. These attempts were largely made moot by the widespread use of strong cryptographic technologies such as PGP
Pretty Good Privacy
Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
, which was not under the control of the U.S. government.
In 1998 Skipjack
Skipjack (cipher)
In cryptography, Skipjack is a block cipher—an algorithm for encryption—developed by the U.S. National Security Agency . Initially classified, it was originally intended for use in the controversial Clipper chip...
, the encryption algorithm used in Clipper, was declassified.
See also
- Backdoor (computing)
- Cryptoprocessor
- Key escrowKey escrowKey escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys...
- Trusted Platform ModuleTrusted Platform ModuleIn computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
External links
- Clipper Chip Q&A
- Clipper Chip White House Statement
- Oral history interview with Martin Hellman Oral history interview 2004, Palo Alto, California. Charles Babbage InstituteCharles Babbage InstituteThe Charles Babbage Institute is a research center at the University of Minnesota specializing in the history of information technology, particularly the history since 1935 of digital computing, programming/software, and computer networking....
, University of Minnesota, Minneapolis. HellmanMartin HellmanMartin Edward Hellman is an American cryptologist, and is best known for his invention of public key cryptography in cooperation with Whitfield Diffie and Ralph Merkle...
describes his invention of public key cryptography with collaborators Whitfield DiffieWhitfield DiffieBailey Whitfield 'Whit' Diffie is an American cryptographer and one of the pioneers of public-key cryptography.Diffie and Martin Hellman's paper New Directions in Cryptography was published in 1976...
and Ralph MerkleRalph MerkleRalph C. Merkle is a researcher in public key cryptography, and more recently a researcher and speaker on molecular nanotechnology and cryonics...
at Stanford University in the mid-1970s. He also relates his subsequent work in cryptography with Steve Pohlig (the Pohlig-Hellman system) and others. Hellman addresses key escrow (the so-called Clipper chip). He also touches on the commercialization of cryptography with RSA Data Security and VeriSignVeriSignVerisign, Inc. is an American company based in Dulles, Virginia that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc and .tv country-code...
.