Tropical Software
  PC Security 
  Private Desktop 
  Private Pix 
  Private Encryptor 
  Secure Browser 
  Strong Encryption 
  Winvestigator 
  Ergotimer 
  Download 
   Buy Now 
  Technical Support
  Prices 
  Join Mailing List
  About Us 
  Links 
  Site Map
 
Purchase Product
Information		 Screen
Shots		 Technical
Information
 

Skipjack Encryption

Overview

Skipjack is a recent algorithm that was developed in 1987 and put into service in 1993. It is a formerly secret NSA encryption algorithm that was declassified on June 23, 1998. Skipjack is a representative of a family of encryption algorithms developed in 1980 as part of the NSA suite of "Type I" algorithms, which are suitable for protecting all levels of classified data. Type I algorithms are typically extremely secure and are usually classified as secret. Skipjack was used to encrypt sensitive, but not classified, government data. It was implemented in two government encryption devices: the Clipper chip and Fortezza PC card. These devices have many uses and are are widely employed by agencies such as the FBI and NSA. They provide a high level of security for sensitive communications while enabling the interception of telecommunications by law enforcement officials for such things as criminal investigations. For example, Clipper chips can be used to provide secure telephone transmissions and Fortezza cards can be used to encrypt such things as e-mail and network traffic. The key characteristic of both devices is that they were designed with "back doors" that allow government agents to monitor encrypted transmissions given the proper authority. This feature is covered under the Escrowed Encryption Standard, of which Skipjack is a part. It is implemented via a mechanism called a LEAF (Law Enforcement Access Field). It is important to note that Skipjack itself has nothing to do with this "back door" functionality! Skipjack is entirely separate from the LEAF in the Clipper and Fortezza products and is not affected in any way by its presence.

Skipjack has been extensively cryptanalyzed, and has no weaknesses. There are no known shortcut attacks that can break Skipjack. However, the small key size makes this algorithm inferior to the newer candidate algorithms for the Advanced Encryption Standard (AES) competition being held by NIST. Despite this shortcoming, Skipjack still provides very strong security and it should be many years before the algorithm is broken by a brute force attack. Note that it was declassified in order to provide a software implementation of Fortezza enabled applications. NSA does not intend for the algorithm to be a candidate for the AES. Like Triple DES, Skipjack is an interim solution to be used until the final AES is completed and widely implemented. It offers a safe alternative to DES without having to rely on the AES.

In 1993 an Interim Report was released that gave a thorough analysis of Skipjack and discussed issues relating to Skipjack's integration in the Clipper and Fortezza hardware. Although this report is many years old, it provides some interesting information and a good perspective on what it would take to break Skipjack with a brute force attack. While reading the document, keep in mind that the algorithm was still a closely guarded secret at the time the report was written. The Final Report mentioned in this document was never written, so this document is the closest thing there is to an official analysis of the Skipjack algorithm.

In Depth

Skipjack encrypts and decrypts data in 64-bit blocks, using an 80-bit key. It takes a 64-bit block of plaintext as input and outputs a 64-bit block of ciphertext. Skipjack has 32 rounds, meaning the main algorithm is repeated 32 times to produce the ciphertext. It has been found that the number of rounds is exponentially proportional to the amount of time required to find a key using a brute-force attack. So as the number of rounds increases, the security of the algorithm increases exponentially.

The detailed description of the actual algorithm is contained in the official Skipjack specification provided by the NSA after the algorithm was declassified. Another algorithm called KEA was declassified at the same time as Skipjack, so the specification contains information about both Skipjack and KEA. The first half of the document concerns Skipjack and the second half focuses on KEA. The paper is rather technical and a certain degree of mathematical proficiency is required of the reader in order to understand it.

Download the Skipjack and KEA algorithm specification: Skipjack.pdf

Modes of Operation

ECB (Electronic Code Book)

This is the regular Skipjack algorithm, exactly as described above. Data is divided into 64-bit blocks and each block is encrypted one at a time. Separate encryptions with different blocks are totally independent of each other. This means that if data is transmitted over a network or phone line, transmission errors will only affect the block containing the error. It also means, however, that the blocks can be rearranged, thus scrambling a file beyond recognition, and this action would go undetected. ECB is the weakest of the various modes because no additional security measures are implemented besides the basic Skipjack algorithm. However, ECB is the fastest and easiest to implement. There is no information available about which mode of operation the government preferred to use, but for most types of block ciphers ECB is the most commonly implemented mode. This is the mode of operation used by Private Encryptor.

CBC (Cipher Block Chaining)

In this mode of operation, each block of ECB encrypted ciphertext is XORed with the next plaintext block to be encrypted, thus making all the blocks dependent on all the previous blocks. This means that in order to find the plaintext of a particular block, you need to know the ciphertext, the key, and the ciphertext for the previous block. The first block to be encrypted has no previous ciphertext, so the plaintext is XORed with an 80-bit number called the Initialization Vector, or IV for short. So if data is transmitted over a network or phone line and there is a transmission error, the error will be carried forward to all subsequent blocks since each block is dependent upon the last. This mode of operation is more secure than ECB because the extra XOR step adds one more layer to the encryption process.

CFB (Cipher Feedback)

In this mode, blocks of plaintext that are less than 64 bits long can be encrypted. Normally, special processing has to be used to handle files whose size is not a perfect multiple of 8 bytes, but this mode removes that necessity (Private Encryptor handles this case by adding several dummy bytes to the end of a file before encrypting it). The plaintext itself is not actually passed through the Skipjack algorithm, but merely XORed with an output block from it, in the following manner: A 64-bit block called the Shift Register is used as the input plaintext to Skipjack. This is initially set to some arbitrary value, and encrypted with the Skipjack algorithm. The ciphertext is then passed through an extra component called the M-box, which simply selects the left-most M bits of the ciphertext, where M is the number of bits in the block we wish to encrypt. This value is XORed with the real plaintext, and the output of that is the final ciphertext. Finally, the ciphertext is fed back into the Shift Register, and used as the plaintext seed for the next block to be encrypted. As with CBC mode, an error in one block affects all subsequent blocks during data transmission. This mode of operation is similar to CBC and is very secure, but it is slower than ECB due to the added complexity.

OFB (Output Feedback)

This is similar to CFB mode, except that the ciphertext output of Skipjack is fed back into the Shift Register, rather than the actual final ciphertext. The Shift Register is set to an arbitrary initial value, and passed through the Skipjack algorithm. The output from Skipjack is passed through the M-box and then fed back into the Shift Register to prepare for the next block. This value is then XORed with the real plaintext (which may be less than 64 bits in length, like CFB mode), and the result is the final ciphertext. Note that unlike CFB and CBC, a transmission error in one block will not affect subsequent blocks because once the recipient has the initial Shift Register value, it will continue to generate new Shift Register plaintext inputs without any further data input. However, this mode of operation is less secure than CFB mode because only the real ciphertext and Skipjack ciphertext output is needed to find the plaintext of the most recent block. Knowledge of the key is not required.

Buy Strong Encryption Package™ Now!
  Back to Product Information
 
Purchase Product
Information		 Screen
Shots		 Technical
Information