SKIPJACK Analysis by Biham, Shamir et al

This file is available on a Cryptome DVD offered by Cryptome. Donate $25 for a DVD of the Cryptome 10-year archives of 35,000 files from June 1996 to June 2006 (~3.5 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. Archives include all files of cryptome.org, cryptome2.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org. Cryptome offers with the Cryptome DVD an INSCOM DVD of about 18,000 pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985. No additional contribution required -- $25 for both. The DVDs will be sent anywhere worldwide without extra cost.

30 June 1998: Link to later analysis by the team

25 June 1998

To: cryptography@c2.net
Subject: Biham, et al, on Skipjack
Date: Thu, 25 Jun 1998 16:50:51 -0400
From: Matt Blaze <mab@research.att.com>

------- Forwarded Message

Date: Thu, 25 Jun 1998 23:39:19 +0300
Message-Id: <199806252039.XAA19484@CS.Technion.AC.IL>
From: biham@csa.CS.Technion.AC.IL
To: <headers omitted>

Dear colleages,

Since the publication of the SkipJack encryption algorithm by NIST, we
were studying its design, and we are now making our initial
observations public.

They can be found in http://www.cs.technion.ac.il/~biham/Reports/SkipJack/.
Feel free to distribute.

The summary is enclosed below.

Sincerely,

Eli Biham, Alex Biryukov, Or Dunkelman, Eran Richardson, Adi Shamir

- ---------------------------------------------------------------------------

Initial Observations on the SkipJack Encryption Algorithm

    Eli Biham, Alex Biryukov, Or Dunkelman, Eran Richardson, Adi Shamir

                               June 25, 1998

                                   (DRAFT)

This note can be found in http://www.cs.technion.ac.il/~biham/Reports/SkipJack/

                              Feel free to distribute

Summary

SkipJack is the secret key encryption algorithm used by the US
government in the Clipper chip and Fortezza PC card. It was
implemented in tamper-resistant hardware and its structure had been
classified since its introduction in 1993. On June 24th, 1998,
SkipJack was unclassified, and described in the web site of NIST.

This note summarizes our main observations, after several hours of
analysis. Our main finding so far is that SkipJack reduced from 32 to
16 rounds can be broken by an attack which is faster than an
exhaustive search. This is obviously a very initial result, and may
indicate that SkipJack does not have a conservative design with large
margins of safety.

In the remainder of this note we describe an efficient implementation of
SkipJack, which will be also used as the basis for the subsequent
analysis, and then we use the standard terminology of differential and
linear cryptanalysis to describe our best results so far.

- -------------------------------------------------------------------- 

Eli Biham                          Tel:   +972-4-8294308 
Computer Science Department        Fax:   +972-4-8221128 
Technion, Haifa 32000, Israel      email: biham@cs.technion.ac.il 
                                   WWW: http://www.cs.technion.ac.il/~biham/ 
Please do not send any unsolicited mail/email to this account.

------- End of Forwarded Message