This contains important information regarding the Skipjack standard encryption system. Please do not ask me who I am, I have no intention of revealing my identity.
I will start at the beginning. The Skipjack encryption system, initially known as Clipper, was first publicly announced in mid-1993. After an initial storm of controversy died down, escrow agents were selected and the chip went into production in early 1994. Several major hardware vendors used Skipjack, and sales began to accelerate in the third quarter of 1994 as business users recognized the advantages of the convenient, inexpensive, and highly secure system. By the first quarter of 1995, Mykotronx could no longer keep up with the orders, and demand was still increasing rapidly.
Several other electronics companies came forward, arguing that they could manufacture Skipjack chips more cheaply than Mykotronx, in larger volume, and with at least equal security. The NSA hesitated to give more companies its classified algorithm, but at the same time, they certainly did not want Skipjack to die from lack of available hardware just as it was becoming a standard. After a delay and threats of restraint-of- trade lawsuits, NIST released a set of security requirements. Any company which met them could receive the classified algorithm and make Skipjack chips. Numerous companies jumped in immediately.
By Christmas 1995, the price of Skipjack chips had fallen sharply. Secure telephones were rapidly becoming a consumer product, just as the telecom companies started their Christmas advertising drive. Remember these slogans?
"This Christmas, Give The Gift Of Privacy. AT&T Secure Telephones!"
"Motorola Secure Cellular Network. Because It's Nobody's Business But Yours!"
The promotion worked - secure phones were the hottest-selling product of the season. At the start of 1996, there was an installed base of over ten million, with no end in sight. Companies were making secure faxes, secure modems, secure LAN's, and secure microwave systems. The long- awaited crypto revolution had begun, and NSA was thrilled. Skipjack would soon be used for all types of business communications as well as telephones - everything which needed protection could be taken care of with a single solution.
At the time, I was a senior in college and working evenings for a company which had just received its security clearance. I did not have access to any classified data; my job was to operate and maintain their front-end system, which took orders, kept track of stock, etc. There was a separate, isolated LAN for the classified work of designing and programming chips. The company tried to follow all of the technical rules, but the people were hackers and business-people, not spooks. And most security problems are people problems.
My boss did have a security clearance. He was working late one Friday on one of the classified machines used to write microcode. When everyone else had left, he asked me to fix a problem with the network. That was a violation of security, but I did know more about networks than he did, and all the classified data was supposed to be locked up for the weekend. The safe had a time lock, which could not be opened until Monday.
My boss had made a mistake while he was logged in as root, and he did an excellent job of hosing the file server. He was not supposed to have the root password at all. He'd had an argument with his supervisor about computer access. The supervisor refused to give him the password, so he stole it. Now his ass was on the line - if the file server wasn't fixed by the next morning, he was history. He didn't exactly admit it all at once, but that's what happened.
We took a look at the damage, and began the long, slow job of recreating the filesystems, reinstalling Unix, restoring the data from backup tapes, and, most importantly, hiding the evidence. By 8 o'clock, we were both starved. I was doing most of the work - he was watching, reading manuals, and sweating bullets - so he decided to go for food.
While waiting for a backup tape to run, I opened the desk drawer out of boredom, and - whoops! - there was a manual stamped SECRET. Some programmer was using it to write the microcode for a new low-power CMOS Skipjack chip, and he hadn't locked it up. After all, this is a secure building. Nobody without a security clearance is even allowed in this room, right? So what's the big deal? People problems! I couldn't resist taking a look, and there was a complete description of the Skipjack algorithm, among other things, with each page marked SECRET at the top and bottom. I had about 20 minutes until my boss returned. There was a Xerox machine, warmed up and ready to go, in the next room. What would you do?
So I stood there, turning pages and hitting the button, listening to my heart pound, waiting for the click of the outer door as my boss walked in. I wasn't hungry any more. If I heard that click, I had just enough time to toss everything behind the copier, run back to the workstation, and hope to put the manual back later.
But there was no click. By the time my boss returned with a pizza, the copies were in my car and the manual was in the drawer. My appetite returned with a vengeance as the adrenaline wore off. By 2am, the machine was restored to normal. My boss shook my hand and thanked me, and then I went home and passed out cold.
The next day, I woke up around noon and took a look at my loot. The algorithm strongly resembles DES. It's a highly improved DES, of course, but the structure is similar. It uses 32 rounds, and an 80-bit key, and they process the key before using it to eliminate weak keys. I started coding it at home in C to hack around with, not having any particular plans as to what I'd do with it. I was just enjoying the thrill of having something few others had.
The program worked, but it was horribly slow. Skipjack is optimized for a pipelined hardware implementation, using 32 processing elements, one for each round. Even a good software implementation is almost uselessly slow.
Once I had the basic electronic- codebook function working, I started implementing the rest of the Skipjack protocol around it. After a month of on-and-off hacking, I had a complete software clone of a Skipjack chip, which could be assigned any serial number and device-unique key. Without the family key, however, there was no way to create a proper LEAF. The version of Skipjack in this file is much improved, but similar in structure, to the original.
For a long time, that was all I did with it. Without hardware, it wasn't fast enough for a no-LEAF secure telephone. I scanned the copies I'd made, encrypted the image files, and made a bonfire with the paper copies. Not the kind of thing one should keep around.
Then I started experimenting with a programming technique called genetic algorithms. These are algorithms which evolve their outputs by creating successively better results. Multiple results are generated and evaluated, the best are copied, the rest erased. The remaining ones are then "crossed", simulating sexual reproduction, and the cycle repeats. Looking for an application, I decided to see how far a genetic algorithm could go in attacking Skipjack. At the time, I'd have been thrilled if it broke one round. What happened next - I didn't do it! I didn't know then and don't know now how it works.
Using keys as the strings my algorithm would create was no good. Genetic algorithms make incremental progress; with crypto, if one bit is off, it's useless. Instead, my strings were programs written in a little interpreted language, specifically designed for cryptography. The genetic algorithm would evolve programs. This app