Skipjack (cipher): Difference between revisions
Content deleted Content added
m →History of Skipjack: HTTP → HTTPS for Technion CS, replaced: http://www.cs.technion.ac.il/ → https://www.cs.technion.ac.il/ |
Add: chapter, title. | Use this tool. Report bugs. | #UCB_Gadget |
||
| (22 intermediate revisions by 15 users not shown) | |||
| Line 1: | Line 1: | ||
{{Short description|Block cipher}} |
|||
{{more footnotes|date=March 2009}} |
|||
{{use mdy dates|date=February 2023}} |
|||
{{Infobox block cipher |
{{Infobox block cipher |
||
|name = Skipjack |
|name = Skipjack |
||
| Line 6: | Line 7: | ||
|key size = 80 bits |
|key size = 80 bits |
||
|block size = 64 bits |
|block size = 64 bits |
||
|structure = [[Feistel cipher|unbalanced Feistel network]]<ref>{{cite |
|structure = [[Feistel cipher|unbalanced Feistel network]]<ref>{{cite book |last1=Hoang |first1=Viet Tung |last2=Rogaway |first2=Phillip |title=Advances in Cryptology – CRYPTO 2010 |chapter=On Generalized Feistel Networks |series=Lecture Notes in Computer Science |date=2010 |volume=6223 |publisher=Springer |pages=613–630 |doi=10.1007/978-3-642-14623-7_33 |isbn=978-3-642-14622-0 |doi-access=free |citeseerx=10.1.1.185.3033 }}</ref> |
||
|rounds = 32 |
|rounds = 32 |
||
|cryptanalysis = |
|cryptanalysis = |
||
ECRYPT II recommendations note that, as of 2012, ciphers with a key size of 80 bits provide only "Very short-term protection against agencies".<ref>[http://www.ecrypt.eu.org/documents/D.SPA.20.pdf Yearly Report on Algorithms and Keysizes] (2012), D.SPA.20 Rev. 1.0, ICT-2007-216676 ECRYPT II, 09/2012. {{webarchive |url=https://web.archive.org/web/20130721073131/http://www.ecrypt.eu.org/documents/D.SPA.20.pdf |date=July 21, 2013 }}</ref> NIST recommends not to use Skipjack after 2010.<ref> |
ECRYPT II recommendations note that, as of 2012, ciphers with a key size of 80 bits provide only "Very short-term protection against agencies".<ref>[http://www.ecrypt.eu.org/documents/D.SPA.20.pdf Yearly Report on Algorithms and Keysizes] (2012), D.SPA.20 Rev. 1.0, ICT-2007-216676 ECRYPT II, 09/2012. {{webarchive |url=https://web.archive.org/web/20130721073131/http://www.ecrypt.eu.org/documents/D.SPA.20.pdf |date=July 21, 2013 }}</ref> NIST recommends not to use Skipjack after 2010.<ref>{{cite web |url=http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf |title=Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths |publisher=NIST |date=January 2011 |first1=Elaine |last1=Barker |first2=Allen |last2=Roginsky}}</ref> Impossible differential cryptanalysis breaks 31 rounds (but only slightly faster than exhaustive search).<ref name="31round-attack" /> |
||
Impossible differential cryptanalysis breaks 31 rounds (but only slightly faster than exhaustive search).<ref name="31round-attack" /> |
|||
}} |
}} |
||
In [[cryptography]], '''Skipjack''' is a [[block cipher]]—an [[algorithm]] for encryption—developed by the [[United States|U.S.]] [[National Security Agency]] (NSA). Initially [[Classified information|classified]], it was originally intended for use in the controversial [[Clipper chip]]. Subsequently, the algorithm was declassified.<ref name="schneier">{{cite web |last=Schneier |first=Bruce |title=Declassifying Skipjack |url=https://www.schneier.com/crypto-gram-9807.html#skip |date=July 15, 1998}}</ref> |
In [[cryptography]], '''Skipjack''' is a [[block cipher]]—an [[algorithm]] for encryption—developed by the [[United States|U.S.]] [[National Security Agency]] (NSA). Initially [[Classified information|classified]], it was originally intended for use in the controversial [[Clipper chip]]. Subsequently, the algorithm was declassified.<ref name="schneier">{{cite web |last=Schneier |first=Bruce |author-link=Bruce Schneier |title=Declassifying Skipjack |url=https://www.schneier.com/crypto-gram-9807.html#skip |date=July 15, 1998}}</ref> |
||
==History of Skipjack== |
==History of Skipjack== |
||
Skipjack was proposed as the encryption algorithm in a US government-sponsored scheme of [[key escrow]], and the [[cipher]] was provided for use in the [[Clipper chip]], implemented in [[tamper resistance|tamperproof]] hardware. Skipjack is used only for encryption; the key escrow is achieved through the use of a separate mechanism known as the [[Clipper chip|Law Enforcement Access Field]] (LEAF).<ref name="schneier" /> |
Skipjack was proposed as the encryption algorithm in a US government-sponsored scheme of [[key escrow]], and the [[cipher]] was provided for use in the [[Clipper chip]], implemented in [[tamper resistance|tamperproof]] hardware. Skipjack is used only for encryption; the key escrow is achieved through the use of a separate mechanism known as the [[Clipper chip|Law Enforcement Access Field]] (LEAF).<ref name="schneier" /> |
||
The algorithm was initially secret, and was regarded with considerable suspicion by many for that reason. It was [[classified information|declassified]] on 24 June 1998, shortly after its basic design principle had been discovered independently by the public cryptography community.<ref name="schneier" /><ref> |
The algorithm was initially secret, and was regarded with considerable suspicion by many for that reason. It was [[classified information|declassified]] on 24 June 1998, shortly after its basic design principle had been discovered independently by the public cryptography community.<ref name="schneier" /><ref>{{cite web |quote=However, I have noted that the inconsistency involved may be more apparent than real. Between the statements cited, and the declassification of SKIPJACK, a paper was published by an academic researcher noting that Feistel ciphers of a particular type, specifically those in which the f-function was itself a series of Feistel rounds, could be proven to be immune to differential cryptanalysis. |url=http://www.quadibloc.com/crypto/co040303.htm |title=Skipjack |website=quadibloc |date=1999 |first=John J. G. |last=Savard}}</ref> |
||
To ensure public confidence in the algorithm, several academic researchers from outside the government were called in to evaluate the algorithm |
To ensure public confidence in the algorithm, several academic researchers from outside the government were called in to evaluate the algorithm.<ref name="brickell"/><ref name="schneier" /> The researchers found no problems with either the algorithm itself or the evaluation process. Moreover, their report gave some insight into the (classified) history and development of Skipjack: |
||
{{quote|[Skipjack] is representative of a family of encryption algorithms developed in 1980 as part of the NSA suite of "[[Type 1 product|Type I]]" algorithms... Skipjack was designed using building blocks and techniques that date back more than forty years. Many of the techniques are related to work that was evaluated by some of the world's most accomplished and famous experts in [[combinatorics]] and [[abstract algebra]]. Skipjack's more immediate heritage dates to around 1980, and its initial design to 1987...The specific structures included in Skipjack have a long evaluation history, and the cryptographic properties of those structures had many prior years of intense study before the formal process began in 1987.<ref name="brickell">{{cite web |first1=Ernest F. |last1=Brickell |first2=Dorothy E. |last2=Denning |first3=Stephen T. |last3=Kent |first4=David P. |last4=Maher |first5=Walter |last5=Tuchman |title=SKIPJACK Review Interim Report The SKIPJACK Algorithm |url=http://www.cs.georgetown.edu/~denning/crypto/clipper/SKIPJACK.txt |date=July 28, 1993 |archive-url=https://web.archive.org/web/20110608020227/http://www.cs.georgetown.edu/~denning/crypto/clipper/SKIPJACK.txt |archive-date=June 8, 2011}}</ref><ref name="biham">{{cite web |first1=Eli |last1=Biham |first2=Alex |last2=Biryukov |first3=Orr |last3=Dunkelman |first4=Eran |last4=Richardson |first5=Adi |last5=Shamir |author-link5=Adi Shamir |title=Initial Observations on the SkipJack Encryption Algorithm|date=June 25, 1998 |url=https://www.cs.technion.ac.il/~biham/Reports/SkipJack/note1.html}}</ref>}} |
|||
In March 2016, [[National Institute of Standards and Technology|NIST]] published a draft of its cryptographic standard which no longer certifies Skipjack for US government applications.<ref name="nist-800-175b">{{cite web |first=Elaine |last=Barker |date=March 2016 |title=NIST Special Publication 800-175B Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms |url=http://csrc.nist.gov/publications/drafts/800-175/sp800-175b_draft.pdf |publisher=[[National Institute of Standards and Technology|NIST]] |page=22}}</ref><ref>{{cite web |last=Schneier |first=Bruce |title=New NIST Encryption Guidelines |url=https://www.schneier.com/crypto-gram/archives/2016/0415.html#7 |date=April 15, 2016 | |
In March 2016, [[National Institute of Standards and Technology|NIST]] published a draft of its cryptographic standard which no longer certifies Skipjack for US government applications.<ref name="nist-800-175b">{{cite web |first=Elaine |last=Barker |date=March 2016 |title=NIST Special Publication 800-175B Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms |url=http://csrc.nist.gov/publications/drafts/800-175/sp800-175b_draft.pdf |publisher=[[National Institute of Standards and Technology|NIST]] |page=22}}</ref><ref>{{cite web |last=Schneier |first=Bruce |author-link=Bruce Schneier |title=New NIST Encryption Guidelines |url=https://www.schneier.com/crypto-gram/archives/2016/0415.html#7 |date=April 15, 2016 |access-date=April 17, 2016}}</ref> |
||
==Description== |
==Description== |
||
Skipjack uses an [[key size|80-bit]] [[key (cryptography)|key]] to encrypt or decrypt [[block size (cryptography)|64-bit]] data blocks. It is an [[Feistel cipher#Unbalanced Feistel cipher|unbalanced Feistel network]] with 32 rounds.<ref>{{cite web |
Skipjack uses an [[key size|80-bit]] [[key (cryptography)|key]] to encrypt or decrypt [[block size (cryptography)|64-bit]] data blocks. It is an [[Feistel cipher#Unbalanced Feistel cipher|unbalanced Feistel network]] with 32 rounds.<ref>{{cite web |title=SKIPJACK and KEA Algorithm Specifications |date=May 29, 1998 |url=https://csrc.nist.gov/CSRC/media//Projects/Cryptographic-Algorithm-Validation-Program/documents/skipjack/skipjack.pdf}}</ref> It was designed to be used in secured phones. |
||
| title = SKIPJACK and KEA Algorithm Specifications |
|||
| date = May 29, 1998 |
|||
| url = https://csrc.nist.gov/CSRC/media//Projects/Cryptographic-Algorithm-Validation-Program/documents/skipjack/skipjack.pdf |
|||
}} |
|||
</ref> |
|||
It was designed to be used in secured phones. |
|||
==Cryptanalysis== |
==Cryptanalysis== |
||
[[Eli Biham]] and [[Adi Shamir]] discovered an attack against 16 of the 32 rounds within one day of declassification,<ref name="biham" /> and (with [[Alex Biryukov]]) extended this to 31 of the 32 rounds (but with an attack only slightly faster than exhaustive search) within months using [[impossible differential cryptanalysis]].<ref name="31round-attack">{{cite |
[[Eli Biham]] and [[Adi Shamir]] discovered an attack against 16 of the 32 rounds within one day of declassification,<ref name="biham" /> and (with [[Alex Biryukov]]) extended this to 31 of the 32 rounds (but with an attack only slightly faster than exhaustive search) within months using [[impossible differential cryptanalysis]].<ref name="31round-attack">{{cite book |
||
|first1=Eli |last1=Biham |author-link1=Eli Biham |first2=Adi |last2=Shamir |author-link2=Adi Shamir |first3=Alex |last3=Biryukov |title=Advances in Cryptology — EUROCRYPT '99 |chapter=Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials |series=Lecture Notes in Computer Science |author-link3=Alex Biryukov |
|||
|author = [[Eli Biham]], [[Adi Shamir]], [[Alex Biryukov]] |
|||
|title = Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. |
|||
|journal = Eurocrypt |
|||
|pages = 12–23 |
|pages = 12–23 |
||
|url = https://www.iacr.org/cryptodb/archive/1999/EUROCRYPT/15920012.pdf |
|chapter-url = https://www.iacr.org/cryptodb/archive/1999/EUROCRYPT/15920012.pdf |
||
|year = 1999 |
|year = 1999 |
||
| |
|volume=1592 |url-status = dead |
||
| |
|archive-url = https://web.archive.org/web/20120627202429/http://www.iacr.org/cryptodb/archive/1999/EUROCRYPT/15920012.pdf |
||
| |
|archive-date = 2012-06-27 |
||
|doi=10.1007/3-540-48910-X_2 |
|||
| ⚫ | |||
|isbn=978-3-540-65889-4 }} |
|||
}} |
|||
</ref> |
</ref> |
||
A truncated differential attack was also published against 28 rounds of Skipjack cipher.<ref>{{cite journal |
A truncated differential attack was also published against 28 rounds of Skipjack cipher.<ref>{{cite journal |first1=Lars |last1=Knudsen |author-link1=Lars Knudsen |first2=M.J.B. |last2=Robshaw |first3=David |last3=Wagner |author-link3=David A. Wagner |title=Truncated differentials and Skipjack |url=http://www.eecs.berkeley.edu/~daw/papers/skipjack-talk.ps |journal=CRYPTO |year=1999}}</ref> |
||
| author = [[Lars Knudsen]], M.J.B. Robshaw, [[David A. Wagner|David Wagner]] |
|||
| title = Truncated differentials and Skipjack |
|||
| url = http://www.eecs.berkeley.edu/~daw/papers/skipjack-talk.ps |
|||
| journal = CRYPTO |
|||
| year = 1999 |
|||
}}</ref> |
|||
A claimed attack against the full cipher was published in 2002,<ref>{{cite journal |
A claimed attack against the full cipher was published in 2002,<ref>{{cite journal |
||
| |
|first = Raphaël Chung-Wei |
||
| ⚫ | |||
|title = Cryptanalysis of full Skipjack block cipher |
|title = Cryptanalysis of full Skipjack block cipher |
||
|journal = Electronics Letters |
|journal = Electronics Letters |
||
| Line 69: | Line 55: | ||
|year = 2002 |
|year = 2002 |
||
|doi = 10.1049/el:20020051 |
|doi = 10.1049/el:20020051 |
||
|bibcode = 2002ElL....38...69P |
|||
|deadurl = yes |
|||
|url-status = dead |
|||
| |
|archive-url = https://web.archive.org/web/20130921055228/http://csis.bits-pilani.ac.in/faculty/murali/netsec-10/seminar/refs/apoorv2.pdf |
||
| |
|archive-date = 2013-09-21 |
||
|df = |
|||
}}</ref> but a |
}}</ref> but a later paper with attack designer as a co-author clarified in 2009 that no attack on the full 32 round cipher was then known.<ref>{{cite journal |first1=Jongsung |last1=Kim |first2=Raphaël Chung-Wei |last2=Phan |date=2009 |title=Advanced Differential-Style Cryptanalysis of the NSA's Skipjack Block Cipher |journal=Figshare |url=https://dspace.lboro.ac.uk/dspace-jspui/bitstream/2134/8159/1/kim.pdf |quote=an attack on the full 32-round Skipjack remains elusive until now. ''[Paper by the same author as the 2002 attack]'' }}</ref> |
||
==In pop culture== |
==In pop culture== |
||
| Line 89: | Line 75: | ||
{{refbegin}} |
{{refbegin}} |
||
*{{cite web |title=SKIPJACK and KEA Algorithm Specifications |url=http://csrc.nist.gov/encryption/skipjack/skipjack.pdf |archive-url=https://web.archive.org/web/20010603000755/http://csrc.nist.gov/encryption/skipjack/skipjack.pdf |date=May 29, 1998 |archive-date=June 3, 2001 |access-date=April 27, 2019 |publisher=U.S. National Institute of Standards and Technology}} |
*{{cite web |title=SKIPJACK and KEA Algorithm Specifications |url=http://csrc.nist.gov/encryption/skipjack/skipjack.pdf |archive-url=https://web.archive.org/web/20010603000755/http://csrc.nist.gov/encryption/skipjack/skipjack.pdf |date=May 29, 1998 |archive-date=June 3, 2001 |access-date=April 27, 2019 |publisher=U.S. National Institute of Standards and Technology}} |
||
*{{cite book |last1=Granboulan |first1=Louis |title=Flaws in Differential Cryptanalysis of Skipjack |
*{{cite book |last1=Granboulan |first1=Louis |title=Fast Software Encryption |chapter=Flaws in Differential Cryptanalysis of Skipjack |volume=2355 |date=2002-06-21 |pages=328–335 |doi=10.1007/3-540-45473-x_27 |doi-access=free |language=en |location=Berlin |publisher=Springer |series=Lecture Notes in Computer Science |edition=1st |isbn=978-3-540-43869-4 }} |
||
*{{cite journal |last1=Phan |first1= |
*{{cite journal |last1=Phan |first1=Raphaël Chung-Wei |title=Cryptanalysis of full Skipjack block cipher |journal=[[Electronics Letters]] |date=2002-01-07 |volume=38 |issue=2 |pages=69–71 |doi=10.1049/el:20020051|bibcode=2002ElL....38...69P }} |
||
{{refend}} |
{{refend}} |
||
| Line 96: | Line 82: | ||
* [http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#SKIPJACK SCAN's entry for the cipher] |
* [http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#SKIPJACK SCAN's entry for the cipher] |
||
* [https://web.archive.org/web/20050308093014/http://www.itl.nist.gov/fipspubs/fip185.htm fip185 Escrowed Encryption Standard EES] |
* [https://web.archive.org/web/20050308093014/http://www.itl.nist.gov/fipspubs/fip185.htm fip185 Escrowed Encryption Standard EES] |
||
* [https://www.skipjackhub.com/superencryp-block-cipher/ Superencryp Block cipher, technology behind encrypcurrency] |
|||
{{Cryptography navbox | block}} |
{{Cryptography navbox | block}} |
||
Latest revision as of 03:22, 29 November 2024
| General | |
|---|---|
| Designers | NSA |
| First published | 1998 (declassified) |
| Cipher detail | |
| Key sizes | 80 bits |
| Block sizes | 64 bits |
| Structure | unbalanced Feistel network[1] |
| Rounds | 32 |
| Best public cryptanalysis | |
| ECRYPT II recommendations note that, as of 2012, ciphers with a key size of 80 bits provide only "Very short-term protection against agencies".[2] NIST recommends not to use Skipjack after 2010.[3] Impossible differential cryptanalysis breaks 31 rounds (but only slightly faster than exhaustive search).[4] | |
In cryptography, Skipjack is a block cipher—an algorithm for encryption—developed by the U.S. National Security Agency (NSA). Initially classified, it was originally intended for use in the controversial Clipper chip. Subsequently, the algorithm was declassified.[5]
History of Skipjack
[edit]Skipjack was proposed as the encryption algorithm in a US government-sponsored scheme of key escrow, and the cipher was provided for use in the Clipper chip, implemented in tamperproof hardware. Skipjack is used only for encryption; the key escrow is achieved through the use of a separate mechanism known as the Law Enforcement Access Field (LEAF).[5]
The algorithm was initially secret, and was regarded with considerable suspicion by many for that reason. It was declassified on 24 June 1998, shortly after its basic design principle had been discovered independently by the public cryptography community.[5][6]
To ensure public confidence in the algorithm, several academic researchers from outside the government were called in to evaluate the algorithm.[7][5] The researchers found no problems with either the algorithm itself or the evaluation process. Moreover, their report gave some insight into the (classified) history and development of Skipjack:
[Skipjack] is representative of a family of encryption algorithms developed in 1980 as part of the NSA suite of "Type I" algorithms... Skipjack was designed using building blocks and techniques that date back more than forty years. Many of the techniques are related to work that was evaluated by some of the world's most accomplished and famous experts in combinatorics and abstract algebra. Skipjack's more immediate heritage dates to around 1980, and its initial design to 1987...The specific structures included in Skipjack have a long evaluation history, and the cryptographic properties of those structures had many prior years of intense study before the formal process began in 1987.[7][8]
In March 2016, NIST published a draft of its cryptographic standard which no longer certifies Skipjack for US government applications.[9][10]
Description
[edit]Skipjack uses an 80-bit key to encrypt or decrypt 64-bit data blocks. It is an unbalanced Feistel network with 32 rounds.[11] It was designed to be used in secured phones.
Cryptanalysis
[edit]Eli Biham and Adi Shamir discovered an attack against 16 of the 32 rounds within one day of declassification,[8] and (with Alex Biryukov) extended this to 31 of the 32 rounds (but with an attack only slightly faster than exhaustive search) within months using impossible differential cryptanalysis.[4]
A truncated differential attack was also published against 28 rounds of Skipjack cipher.[12]
A claimed attack against the full cipher was published in 2002,[13] but a later paper with attack designer as a co-author clarified in 2009 that no attack on the full 32 round cipher was then known.[14]
In pop culture
[edit]An algorithm named Skipjack forms part of the back-story to Dan Brown's 1998 novel Digital Fortress. In Brown's novel, Skipjack is proposed as the new public-key encryption standard, along with a back door secretly inserted by the NSA ("a few lines of cunning programming") which would have allowed them to decrypt Skipjack using a secret password and thereby "read the world's email". When details of the cipher are publicly released, programmer Greg Hale discovers and announces details of the backdoor. In real life there is evidence to suggest that the NSA has added back doors to at least one algorithm; the Dual_EC_DRBG random number algorithm may contain a backdoor accessible only to the NSA.
Additionally, in the Half-Life 2 modification Dystopia, the "encryption" program used in cyberspace apparently uses both Skipjack and Blowfish algorithms.[15]
References
[edit]- ^ Hoang, Viet Tung; Rogaway, Phillip (2010). "On Generalized Feistel Networks". Advances in Cryptology – CRYPTO 2010. Lecture Notes in Computer Science. Vol. 6223. Springer. pp. 613–630. CiteSeerX 10.1.1.185.3033. doi:10.1007/978-3-642-14623-7_33. ISBN 978-3-642-14622-0.
- ^ Yearly Report on Algorithms and Keysizes (2012), D.SPA.20 Rev. 1.0, ICT-2007-216676 ECRYPT II, 09/2012. Archived July 21, 2013, at the Wayback Machine
- ^ Barker, Elaine; Roginsky, Allen (January 2011). "Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths" (PDF). NIST.
- ^ a b Biham, Eli; Shamir, Adi; Biryukov, Alex (1999). "Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials" (PDF). Advances in Cryptology — EUROCRYPT '99. Lecture Notes in Computer Science. Vol. 1592. pp. 12–23. doi:10.1007/3-540-48910-X_2. ISBN 978-3-540-65889-4. Archived from the original (PDF) on June 27, 2012.
- ^ a b c d Schneier, Bruce (July 15, 1998). "Declassifying Skipjack".
- ^ Savard, John J. G. (1999). "Skipjack". quadibloc.
However, I have noted that the inconsistency involved may be more apparent than real. Between the statements cited, and the declassification of SKIPJACK, a paper was published by an academic researcher noting that Feistel ciphers of a particular type, specifically those in which the f-function was itself a series of Feistel rounds, could be proven to be immune to differential cryptanalysis.
- ^ a b Brickell, Ernest F.; Denning, Dorothy E.; Kent, Stephen T.; Maher, David P.; Tuchman, Walter (July 28, 1993). "SKIPJACK Review Interim Report The SKIPJACK Algorithm". Archived from the original on June 8, 2011.
- ^ a b Biham, Eli; Biryukov, Alex; Dunkelman, Orr; Richardson, Eran; Shamir, Adi (June 25, 1998). "Initial Observations on the SkipJack Encryption Algorithm".
- ^ Barker, Elaine (March 2016). "NIST Special Publication 800-175B Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms" (PDF). NIST. p. 22.
- ^ Schneier, Bruce (April 15, 2016). "New NIST Encryption Guidelines". Retrieved April 17, 2016.
- ^ "SKIPJACK and KEA Algorithm Specifications" (PDF). May 29, 1998.
- ^ Knudsen, Lars; Robshaw, M.J.B.; Wagner, David (1999). "Truncated differentials and Skipjack". CRYPTO.
- ^ Phan, Raphaël Chung-Wei (2002). "Cryptanalysis of full Skipjack block cipher" (PDF). Electronics Letters. 38 (2): 69–71. Bibcode:2002ElL....38...69P. doi:10.1049/el:20020051. Archived from the original (PDF) on September 21, 2013.
- ^ Kim, Jongsung; Phan, Raphaël Chung-Wei (2009). "Advanced Differential-Style Cryptanalysis of the NSA's Skipjack Block Cipher" (PDF). Figshare.
an attack on the full 32-round Skipjack remains elusive until now. [Paper by the same author as the 2002 attack]
- ^ "Dystopia Wiki".
Further reading
[edit]- "SKIPJACK and KEA Algorithm Specifications" (PDF). U.S. National Institute of Standards and Technology. May 29, 1998. Archived from the original (PDF) on June 3, 2001. Retrieved April 27, 2019.
- Granboulan, Louis (June 21, 2002). "Flaws in Differential Cryptanalysis of Skipjack". Fast Software Encryption. Lecture Notes in Computer Science. Vol. 2355 (1st ed.). Berlin: Springer. pp. 328–335. doi:10.1007/3-540-45473-x_27. ISBN 978-3-540-43869-4.
- Phan, Raphaël Chung-Wei (January 7, 2002). "Cryptanalysis of full Skipjack block cipher". Electronics Letters. 38 (2): 69–71. Bibcode:2002ElL....38...69P. doi:10.1049/el:20020051.
