[IWAR] TECH Cryptanalysis of SkipJack

From: 7Pillars Partners (partnersat_private)
Date: Tue Jun 30 1998 - 14:50:51 PDT

  • Next message: Dr. Robert Scott: "(no subject)"

    Follow the link in the attached email message for the technical details, but
    one comment is interesting for what it indicates in the design intent and
    constraints:
    
    "This is still a preliminary result, but it reiterates our earlier
    comment that SkipJack does not have a conservative design with a large
    margin of safety."
    
    _This_ is what was intended as 'mandatory use'?
    
    MW
    --------------------------------------------------------------------------
    To: cryptographyat_private
    Subject: More analysis of Skipjack by Biham et al.
    Date: Tue, 30 Jun 1998 13:13:54 -0400
    From: "Perry E. Metzger" <perryat_private>
    
    
    I just received a note from Eli Biham indicating that he and his
    colleagues have made some interesting and substantial progress in
    attacking variants on Skipjack.
    
    See:
    
    http://www.cs.technion.ac.il/~biham/Reports/SkipJack/
    
    for details. Here is a summary:
    
    
                           Cryptanalysis of SkipJack-4XOR
    
          Eli Biham, Alex Biryukov, Orr Dunkelman, Eran Richardson, Adi Shamir
    
                                    June 30, 1998
                                      (DRAFT)
    
    This note can be found in http://www.cs.technion.ac.il/~biham/Reports/SkipJack/
                               Feel free to distribute
    
    
    Summary
    
    SkipJack is the secret key encryption algorithm used by the US
    government in the Clipper chip and Fortezza PC card.  It was
    implemented in tamper-resistant hardware and its structure had been
    classified since its introduction in 1993.  On June 24th, 1998,
    SkipJack was unclassified, and its description is available at the web
    site of NIST.
    
    In a note from June 25th, we described our initial observations on
    SkipJack, after several hours of analysis.  In this note we summarize
    our new observations after several days of analysis.
    
    The main new result in this note is an attack on a variant of SkipJack
    which contains all 32 rounds but omits four XORs.  We call this
    variant SkipJack-4XOR (SkipJack minus four XORs).  For the sake of
    simplicity, we describe in this note an unoptimized attack which
    requires 2^48 time, using about 2^25 chosen plaintexts or about 2^49
    known plaintexts.  Improved attacks on SkipJack-4XOR and on other
    variants which are even closer to SkipJack will be described in a
    forthcoming note.
    
    This is still a preliminary result, but it reiterates our earlier
    comment that SkipJack does not have a conservative design with a large
    margin of safety.
    
    In the remainder of this note we first describe additional
    observations and extensions of our previous note, and then describe a
    new technical tool, which we call the Yoyo game.  Finally, we describe
    a simple version of our attack on SkipJack-4XOR, which suffices to get
    the above results.
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:10:11 PDT