[IWAR] TECH Cryptanalysis of SkipJack

From: 7Pillars Partners (partnersat_private)
Date: Tue Jun 30 1998 - 14:50:51 PDT

Next message: Dr. Robert Scott: "(no subject)"

Previous message: Mark Hedges: "Re: [IWAR] CIA repression manuals declassified"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Follow the link in the attached email message for the technical details, but
one comment is interesting for what it indicates in the design intent and
constraints:

"This is still a preliminary result, but it reiterates our earlier
comment that SkipJack does not have a conservative design with a large
margin of safety."

_This_ is what was intended as 'mandatory use'?

MW
--------------------------------------------------------------------------
To: cryptographyat_private
Subject: More analysis of Skipjack by Biham et al.
Date: Tue, 30 Jun 1998 13:13:54 -0400
From: "Perry E. Metzger" <perryat_private>


I just received a note from Eli Biham indicating that he and his
colleagues have made some interesting and substantial progress in
attacking variants on Skipjack.

See:

http://www.cs.technion.ac.il/~biham/Reports/SkipJack/

for details. Here is a summary:


                       Cryptanalysis of SkipJack-4XOR

      Eli Biham, Alex Biryukov, Orr Dunkelman, Eran Richardson, Adi Shamir

                                June 30, 1998
                                  (DRAFT)

This note can be found in http://www.cs.technion.ac.il/~biham/Reports/SkipJack/
                           Feel free to distribute


Summary

SkipJack is the secret key encryption algorithm used by the US
government in the Clipper chip and Fortezza PC card.  It was
implemented in tamper-resistant hardware and its structure had been
classified since its introduction in 1993.  On June 24th, 1998,
SkipJack was unclassified, and its description is available at the web
site of NIST.

In a note from June 25th, we described our initial observations on
SkipJack, after several hours of analysis.  In this note we summarize
our new observations after several days of analysis.

The main new result in this note is an attack on a variant of SkipJack
which contains all 32 rounds but omits four XORs.  We call this
variant SkipJack-4XOR (SkipJack minus four XORs).  For the sake of
simplicity, we describe in this note an unoptimized attack which
requires 2^48 time, using about 2^25 chosen plaintexts or about 2^49
known plaintexts.  Improved attacks on SkipJack-4XOR and on other
variants which are even closer to SkipJack will be described in a
forthcoming note.

This is still a preliminary result, but it reiterates our earlier
comment that SkipJack does not have a conservative design with a large
margin of safety.

In the remainder of this note we first describe additional
observations and extensions of our previous note, and then describe a
new technical tool, which we call the Yoyo game.  Finally, we describe
a simple version of our attack on SkipJack-4XOR, which suffices to get
the above results.

Next message: Dr. Robert Scott: "(no subject)"
Previous message: Mark Hedges: "Re: [IWAR] CIA repression manuals declassified"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:10:11 PDT