next up previous contents
Next: Clinton Administration Up: Merchants on an Army Previous: A Standard   Contents

Trading Blood and Wine

Nation States clearly benefit from the popular use of cryptography to protect data; however any government sponsored use of the technology is also a blow to their ability to monitor the uses of cryptography that the government does not endorse. This is because most uses of cryptography, while encrypting information, also leak information. This may be sender and recipient information, however more fundamentally, the use of cryptography is in and of itself an indicator of the nature of the information. What hurts governmental authority is that as cryptography becomes more and more prevalent, the usefulness of this relationship decreases.

In 1993, the US government announced a voluntary standard for encryption known as Clipper [7]. This standard involved a secret encryption algorithm, SKIPJACK, implemented by tamper-proof hardware. This standard also provides for a key escrow. A key escrow maintains a copy of the encryption key in a secure manner, only revealing the key through a court order or as otherwise required by law. From the standpoint of the US government, this satisfies the needs of those who would use encryption on the right side of the law, while seriously hurting those who would misuse it. Adoption of the scheme met huge resistance along three lines: First, the secrecy of the scheme made potential users wary about the strength of its encryption. Publicly used cryptosystems are generally not secret, and peer review of the encryption allows for some degree of confidence in the system. While the US government did have outside experts review the system, its private nature makes confidence in it that much less. Second, the key escrow itself could be compromised. It is a single point of failure for the system, because once it is compromised, every message protected by SKIPJACK would no longer be protected. Lastly, some people simply prefer that the government remains locked out of their information [6]. There were further concerns that the ``voluntary'' status of Clipper could evolve to what voluntary payment of taxes is now.

Upon declassification in 1998, SKIPJACK was revealed to be a highly fragile system, in that it withstands cryptanalysis however any small change to it yields a significantly weaker cipher. Within a day, attacks were formulated for reduced round versions of SKIPJACK, and later ones could handle up to 31 of SKIPJACK's 32 rounds[4, SKIPJACK]. While these attacks do not work against the full SKIPJACK, they lead to strong doubts regarding the overall security of the scheme.

For comparison, England takes a more practical tact on government access to keys. Simply put, if asked, an English subject is compelled to provide his keys or face two years in jail.


next up previous contents
Next: Clinton Administration Up: Merchants on an Army Previous: A Standard   Contents
Paul Ingemi 2004-10-25