escrow

ESCROW算法的实现算法！

                          VOL. 58, No. 145

                      DEPARTMENT OF COMMERCE (DOC)
         National Institute of Standards and Technology (NIST)

                      Docket No. 930659-3159
                          RIN 0693-AB19

 A Proposed Federal Information Processing Standard for an Escrowed
 Encryption Standard (EES)

                         58 FR 40791

                      Friday, July 30, 1993

 Notice; request for comments.

 SUMMARY: A Federal Information Processing Standard (FIPS) for an
 Escrowed Encryption Standard (EES) is being proposed. This
 proposed standard specifies use of a symmetric-key
 encryption/decryption algorithm and a key escrowing method which
 are to be implemented in electronic devices and used for
 protecting certain unclassified government communications when
 such protection is required. The algorithm and the key escrowing
 method are classified and are referenced, but not specified, in
 the standard.

    This proposed standard adopts encryption technology developed
 by the Federal government to provide strong protection for
 unclassified information and to enable the keys used in the
 encryption and decryption processes to be escrowed. This latter
 feature will assist law enforcement and other government agencies,
 under the proper legal authority, in the collection and decryption
 of electronically transmitted information. This proposed standard
 does not include identification of  key escrow  agents who will
 hold the keys for the  key escrow  microcircuits or the procedures
 for access to the keys. These issues will be addressed by the
 Department of Justice.

    The purpose of this notice is to solicit views from the public,
 manufacturers, and Federal, state, and local government users so
 that their needs can be considered prior to submission of this
 proposed standard to the Secretary of Commerce for review and
 approval.

    The proposed standard contains two sections: (1) An
 announcement section, which provides information concerning the
 applicability, implementation, and maintenance of the standard;
 and (2) a specifications section which deals with the technical
 aspects of the standard. Both sections are provided in this
 notice.


 DATES: Comments on this proposed standard must be received on or
 before September 28, 1993.


 ADDRESSES: Written comments concerning the proposed standard
 should be sent to: Director, Computer Systems Laboratory, ATTN:
 Proposed FIPS for Escrowed Encryption Standard, Technology
 Building, room B-154, National Institute of Standards and
 Technology, Gaithersburg, MD 20899.

    Written comments received in response to this notice will be
 made part of the public record and will be made available for
 inspection and copying in the Central Reference and Records
 Inspection Facility, room 6020, Herbert C. Hoover Building, 14th
 Street between Pennsylvania and Constitution Avenues, NW.,
 Washington, DC 20230.


 FOR FURTHER INFORMATION CONTACT: Dr. Dennis Branstad, National
 Institute of Standards and Technology, Gaithersburg, MD 20899,
 telephone (301) 975-2913.


    SUPPLEMENTARY INFORMATION: This proposed FIPS implements the
 initiative announced by the White House Office of the Press
 Secretary on April 16, 1993. The President of the U.S. approved a
 Public Encryption Management directive, which among other actions,
 called for standards to facilitate the procurement and use of
 encryption devices fitted with  key-escrow  microcircuits in
 Federal communication systems that process sensitive, but
 unclassified information.

    Dated: July 26, 1993.

  Arati Prabhakar,
  Director.(NIST)


 - ----------------------------------------------------
  Federal Information Processing Standards Publication XX
  1993 XX
  Announcing the Escrowed Encryption Standard (EES)

    Federal Information Processing Standards Publications (FIPS
 PUBS) are issued by the National Institute of Standards and
 Technology (NIST) after approval by the Secretary of Commerce
 pursuant to section 111(d) of the Federal Property and
 Administrative Services Act of 1949 as amended by the Computer
 Security Act of 1987, Public Law 100-235.

  Name of Standard: Escrowed Encryption Standard (EES).

  Category of Standard: Telecommunications Security.

  Explanation: This Standard specifies use of a symmetric-key
 encryption (and decryption) algorithm and a Law Enforcement Access
 Field (LEAF) creation method (one part of a  key escrow  system)
 which provide for decryption of encrypted telecommunications when
 interception of the telecommunications is lawfully authorized.
 Both the algorithm and the LEAF creation method are to be
 implemented in electronic devices (e.g., very large scale
 integration chips). The devices may be incorporated in security
 equipment used to encrypt (and decrypt) sensitive unclassified
 telecommunications data. Decryption of lawfully intercepted
 telecommunications may be achieved through the acquisition and use
 of the LEAF, the decryption algorithm and escrowed key components.

    To escrow something (e.g., a document, an encryption key) means
 that it is "delivered to a third person to be given to the grantee
 only upon the fulfillment of a condition" (Webster's Seventh New
 Collegiate Dictionary). A key escrow  system is one that entrusts
 components of a key used to encrypt telecommunications to third
 persons, called key component escrow agents. In accordance with
 the common definition of "escrow", the key component escrow agents
 provide the key components to a "grantee" (i.e., a government
 agency) only upon fulfillment of the condition that the grantee
 properly demonstrates legal authorization to conduct electronic
 surveillance of communications which are encrypted using the
 specific device whose key component is requested. The key
 components obtained through this process are then used by the
 grantee to reconstruct the device unique key and obtain the
 session key (contained in the LEAF) which is used to decrypt the
 telecommunications that are encrypted with that device. The term,
 "escrow", for purposes of this standard, is restricted to the
 dictionary definition.

    The encryption/decryption algorithm has been approved for
 government applications requiring encryption of sensitive
 unclassified telecommunications of data as defined herein. The
 specific operations of the algorithm and the LEAF creation method
 are classified and hence are referenced, but not specified, in
 this standard.

    Data, for purposes of this standard, includes voice, facsimile
 and computer information communicated in a telephone system.
 Telephone system, for purposes of this standard, is limited to
 systems circuit-switched up to no more than 14.4 kbs or which use
 basic-rate ISDN, or to a similar grade wireless service.

    Data that is considered sensitive by a responsible authority
 should be encrypted if it is vulnerable to unauthorized disclosure
 during telecommunications. A risk analysis should be performed
 under the direction of a responsible authority to determine
 potential threats and risks. The costs of providing encryption
 using this standard as well as alternative methods and their
 respective costs should be projected. A responsible authority
 should then make a decision, based on the risk and cost analyses,
 whether or not to use encryption and then whether or not to use
 this standard.

  Approving Authority: Secretary of Commerce.

  Maintenance Agency: Department of Commerce, National Institute of
 Standards and Technology.

  Applicability: This standard is applicable to all Federal
 departments and agencies and their contractors under the
 conditions specified below. This standard may be used in designing
 and implementing security products and systems which Federal
 departments and agencies use or operate or which are operated for
 them under contract. These products may be used when replacing
 Type II and Type III (DES) encryption devices and products owned
 by the government and government contractors.

    This standard may be used when the following conditions apply:

    1. An authorized official or manager responsible for data
 security or the security of a computer system decides that
 encryption is required and cost justified as per OMB Circular A-
 130; and

    2. The data is not classified according to the National
 Security Act of 1947, as amended, or the Atomic Energy Act of
 1954, as amended.

    However, Federal departments or agencies which use encryption
 devices for protecting data that is classified according to either
 of these acts may use those devices also for protecting
 unclassified data in lieu of this standard.

    In addition, this standard may be adopted and used by non-
 Federal Government organizations. Such use is encouraged when it
 provides the desired security.

 Applications: Devices conforming to this standard may be used for
 protecting unclassified communications.