A Cryptanalytic View of the NSA’s Skipjack Block Cipher Design

  • Jongsung Kim
  • Raphael C. -W. Phan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5576)


Skipjack is a block cipher designed by the NSA for use in US government phones, and commercial mobile and wireless products by AT&T. Among its initial implementations in hardware were the Clipper chip and Fortezza PC cards, which have since influenced the private communications market to be compatible with this technology. For instance, the Fortezza card comes in PCMCIA interface and is a very easy plug-n-play device to add on to mobile and wireless systems to provide encryption for wireless transmissions. Initially classified when it was first proposed, Skipjack was declassified in 1998 and sparked numerous security analyses from security researchers worldwide because it provides insight into the state-of-the-art security design techniques used by a highly secretive government intelligence agency such as the NSA. In this paper, commemorating over a decade since Skipjack’s public revelation, we revisit the security of Skipjack against cryptanalytic results and discuss why certain attack approaches fare better with reference to Skipjack’s design structure.


Block Ciphers Skipjack NSA Distinguisher Cryptanalysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  2. 2.
    Biham, E., Biryukov, A., Dunkelman, O., Richardson, E., Shamir, A.: Initial Observations on Skipjack − Cryptanalysis of Skipjack-3XOR. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 362–370. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds using Impossible Differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Biham, E., Biryukov, A., Shamir, A.: Miss in the Middle Attacks on IDEA, Khufu and Khafre. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 124–138. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Biham, E., Dunkelman, O., Keller, N.: The Rectangle Attack − Rectangling the Serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340–357. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Biham, E., Dunkelman, O., Keller, N.: New Results on Boomerang and Rectangle Attacks. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 1–16. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Biham, E., Dunkelman, O., Keller, N.: Related-Key Boomerang and Rectangle Attacks. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 507–525. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Biham, E., Dunkelman, O., Keller, N.: A Related-Key Rectangle Attack on the Full KASUMI. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 443–461. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Biham, E., Dunkelman, O., Keller, N.: Related-Key Impossible Differential Attacks on 8-Round AES-192. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 21–33. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. Journal of Cryptology 4(1), 3–72 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Biryukov, A.: The Boomerang Attack on 5 and 6-round Reduced AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 1–5. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Brickell, E.F., Denning, D.E., Kent, S.T., Maher, D.P., Tuchman, W.: SKIPJACK Review: The SKIPJACK Algorithm, Interim Report, July 28 (1993)Google Scholar
  13. 13.
    Diffie, W., Landau, S.: Privacy on the Line. MIT Press, Cambridge (1998)zbMATHGoogle Scholar
  14. 14.
    Granboulan, L.: Flaws in the Differential Cryptanalysis of Skipjack. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 328–335. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Hong, S., Kim, J., Kim, G., Lee, S., Preneel, B.: Related-key Rectangle Attacks on Reduced Versions of SHACAL-1 and AES-192. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 368–383. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Hui, L.C.K., Wang, X.Y., Chow, K.P., Tsang, W.W., Chong, C.F., Chan, H.W.: The Differential Analysis of Reduced Skipjack Variants. In: Chinacrypt 2002 (2002)Google Scholar
  17. 17.
    Hwang, K., Lee, W., Lee, S., Lim, J.: Saturation Attacks on Reduced Round Skipjack. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 100–111. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Jakimoski, G., Desmedt, Y.: Related-key Differential Cryptanalysis of 192-bit Key AES Variants. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 208–221. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Kelsey, J., Kohno, T., Schneier, B.: Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 75–93. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Kim, J., Kim, G., Hong, S., Lee, S., Hong, D.: The Related-key Rectangle Attacks – Application to SHACAL-1. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 123–136. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Kim, J., Phan, R.C.-W.: Advanced Differential-Style Cryptanalysis of the NSA’s Skipjack Block Cipher. Cryptologia (in press)Google Scholar
  22. 22.
    Knudsen, L.R.: Truncated and Higher Order Differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  23. 23.
    Knudsen, L.R.: DEAL - a 128-bit Block Cipher., Technical Report 151, Department of Informatics, University of Bergen, Norway, Submitted as an AES candidate (February 1998)Google Scholar
  24. 24.
    Knudsen, L.R., Robshaw, M.J.B., Wagner, D.: Truncated Differentials and Skipjack. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 163–180. Springer, Heidelberg (1999)Google Scholar
  25. 25.
    Knudsen, L.R., Wagner, D.: On the Structure of Skipjack. Discrete Applied Mathematics 111, 103–116 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Lucks, S., Weis, R.: A Related-key Attack against 14 Rounds of Skipjack., Technical Report, Universitat Mannheim (1999)Google Scholar
  27. 27.
    Matsui, M.: Linear Cryptoanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  28. 28.
    Nakahara Jr., J., Preneel, B., Vandewalle, J.: Square Attacks on Reduced-Round Variants of the Skipjack Block Cipher, IACR ePrint Archive, 2002/003 (2002)Google Scholar
  29. 29.
    National Institute of Standards and Technology (NIST), Skipjack and KEA Algorithm Specifications. Version 2 (1998)Google Scholar
  30. 30.
    Phan, R.C.-W.: Cryptanalysis of the Advanced Encryption Standard (AES) & Skipjack. M. Eng. Sc. Thesis, Multimedia University (May 2001)Google Scholar
  31. 31.
    Phan, R.C.-W.: Related-key Impossible Differential Cryptanalysis of Skipjack (2002) (unpublished manuscript) (submitted)Google Scholar
  32. 32.
    Phan, R.C.-W.: Cryptanalysis of the Full Skipjack Block Cipher. Electronics Letters 38(2), 69–71 (2002)CrossRefGoogle Scholar
  33. 33.
    Reichardt, B., Wagner, D.: Markov Truncated Differential Cryptanalysis of Skipjack. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 110–128. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  34. 34.
    Schneier, B., Banisar, D.: The Electronic Privacy Papers. John Wiley & Sons, Chichester (1997)Google Scholar
  35. 35.
    Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jongsung Kim
    • 1
  • Raphael C. -W. Phan
    • 2
  1. 1.Center for Information Security Technologies (CIST)Korea University, Anam DongSungbuk Gu, SeoulKorea
  2. 2.Electronic & Electrical Engineering DepartmentLoughborough UniversityUnited Kingdom

Personalised recommendations