Skipjack is an
encryption algorithm, a
symmetric block cipher designed by the
NSA. It is best known for its part in the infamous
Capstone and
Clipper key escrow systems pushed by the
American government. The algorithm was kept secret by the
NSA until June 23, 1998, when problems arose with the Capstone-enabled
Fortezza secure communication system. The NSA was forced to abandon
tamper-proof hardware, and in doing so, violated its rules for the use of
classified algorithms. The cost of declassifying Skipjack must have been less than reworking Fortezza.
The algorithm itself is a 64-bit block cipher, which means it takes 64 bits of information as input, and produces 64 bits of scrambled output. The key is always 80 bits long. It is a hybrid of Feistel network and shift register designs. Despite being part of Capstone and Clipper, Skipjack does not have any key escrow built-in; that aspect of those systems was provided by sending part of the Skipjack key encrypted with a different algorithm. A public key of the escrow agency was used encrypt it, and the carefully guarded private key would be used to recover it, allowing the authorities to recover enough of the Skipjack key to enable a brute force attack.
Although Skipjack has been analyzed far less than other algorithms such as DES due to its relative newness, it is widely believed to be secure. Skipjack was designed primarily as a replacement for DES, an older, widely-used, standard algorithm. It improves on DES in a few areas:
- the key length is longer (Skipjack uses 80 bits versus 56 bits for DES) making brute force attacks millions of times slower; however 80 bits is still regarded as too short by many
- DES has some known weaknesses, such as bad keys (a small subset of DES keys produce highly recognizable ciphertext); Skipjack avoids these problems
- Skipjack is more simple to implement and is about twice as fast as DES on comparable hardware
The algorithm was always intended to be widely deployed in consumer goods employing Capstone and Clipper, so even with tamper-proof hardware the algorithm was likely to be uncovered. There is nothing exceptional in Skipjack, and many speculate that the NSA avoided its most advanced cryptography when designing it.