Newsgroups: sci.crypt
Path: cantaloupe.srv.cs.cmu.edu!rochester!udel!gatech!usenet.ufl.edu!eng.ufl.edu!spool.mu.edu!news.cs.indiana.edu!mvanheyn@cs.indiana.edu
From: Marc VanHeyningen <mvanheyn@cs.indiana.edu>
Subject: How does it really work? (was Re: text of White House announcement and Q&As on clipper chip encryption)
Message-ID: <29758.735074950@moose.cs.indiana.edu>
Sender: mvanheyn@cs.indiana.edu
Organization: Computer Science Dept, Indiana University
References: <C5L17v.GH5@dove.nist.gov>
Distribution: na
Date: Sat, 17 Apr 1993 14:29:10 -0500
Lines: 57

This announcement is somewhat disconcerting; it doesn't do anything
evil in and of itself, but bodes badly for the future of open
algorithms and standards in information security.  I won't start
panicking until/unless DES or RSA or stuff like that is prohibited, but
I'm a little anxious.  (No doubt it won't be long before someone posts
explaining how this just a small part of some far-ranging and
long-lived NSA-PKP-IRS-FBI-CIA-HandgunControlInc-Clinton conspiracy to
subvert freedom, democracy, and mathematics.)  My feeling is that the
administration probably isn't that worried about things like DES and
RSA and PGP and RIPEM, since they'll never be used by a group much
wider than us computer geeks.

The fact that this just came out now suggests one of two things:

1.  The NSA has been working on this for a long time, and it only just
    now happened to be ``ready'' to release to the world at this time.

2.  The NSA has been working on this for a long time, but wasn't able
    to get the Bush administration to go along with this plan.  (I
    find it unlikely that this would have been because of a sympathy
    for the unescrowed use of cryptography; more likely the
    administration felt that even escrowed, secret-algorithm and, for
    all we know, trivially breakable cryptography should not be made
    widely available.)

Thus said clipper@csrc.ncsl.nist.gov (Clipper Chip Announcement):
>This new technology will help companies protect proprietary
>information, protect the privacy of personal phone conversations
>and prevent unauthorized release of data transmitted
>electronically.  At the same time this technology preserves the
>ability of federal, state and local law enforcement agencies to
>intercept lawfully the phone conversations of criminals. 

The majority of the discussion involving this "Clipper Chip" seems to
pertain to the encryption of telephone conversations.  Does anyone
know if that means this chip is designed to work primarily with analog
signals?  The language sort of suggests this, but it's hard to say.

The main thing I just don't get is whether this chip implements
symmetric or asymmetric cryptographic techniques.  Anybody know?

I'm guessing symmetric, but they don't get very clear about it.  If it
is symmetric, how is it useful for anything other than link-level
encryption with an identical chip at each end?  How can you negotiate
a per-session key using symmetric cryptography without using a trusted
third party who knows your key?  (Or does it even use a per-session
key?)

If it's asymmetric, what about PKP's patents, which they claim cover
all methods of doing asymmetric cryptography?  Are they getting
royalties, or is hiding infringement the real reason for keeping the
algorithm secret? :-)
--
Marc VanHeyningen   mvanheyn@cs.indiana.edu   MIME & RIPEM accepted
Kirk:  I won't hurt you.
Alien: You hit me!
Kirk:  Well, I won't hit you again.
