VERY Technical Information

You asked for it!!

The Clipper chip is implemented with an encryption algorithm called SKIPJACK. SKIPJACK is a completely specified and classified SECRET by the government.

Clipper chips have the following characteristics:

  1. Symmetric, 80-bit key encryption/decryption algorithm (vs 56 for DES).
  2. Similar in function to DES. (It supports all 4 modes of operation - a bulk data encryption algorithm, a digital signature algorithm, a key exchange protocol, and a hash function.)
  3. 32 rounds of processing per single encrypt/decrypt operation.
  4. Design started by NSA in 1985; evaluation completed in 1990.
  5. Runs at 15-20 MBs per second.
  6. Functions specified by NSA; logic designed by MYKOTRONX; chip fabricated by VLSI, INC.
  7. Resistant to reverse engineering against a very sophisticated, well funded adversary.
  8. Programmed to not enter into secure mode if the LEAF (explained below) has been tampered with.
  9. Available from a second source in the future.
  10. Presently cost $16.00 (unprogrammed) and $26.00 (programmed).

Each Clipper chip contains the following components:

  1. The SKIPJACK encryption algorithm
  2. F, an 80-bit family key that is common to all chips
  3. N, a 30-bit serial number
  4. U, an 80-bit secret key that unlocks all messages encrypted with this chip

Encryption with the Clipper Chip

Once the connection is established between two Clipper chips, the chip that started the connection negotiates an 80-bit session key with the chip at the other end. Once the veracity is established, the Clipper chip is used to encrypt the message stream. The telephone security device feeds K and M into the chip to produce two values:

E[M; K], the encryption message stream, and
E[E[K; U] + N; F], a law enforcement field (LEAF),

which are transmitted over the telephone line. The law enforcement field thus contains the session key K encrypted under the unit key U concatenated with the serial number N, all encrypted under the family key F (this is 80 bits for the session key, 25 bits for the serial number, and 23 bits for the authentication pattern for a total of 128 bits). The law enforcement field is decrypted by law enforcement after an authorized wiretap has been installed.

The ciphertext E[M; K] is decrypted by the receiver's device using the session key: D[E[M; K]; K] = M.

Click on icon to go back to debate.

Click on icon to go back to abstract.

Click on icon to go to Sources and Acknowledgements.