escrow

ESCROW算法的实现算法！

  Implementations: The encryption/decryption algorithm and the LEAF
 creation method shall be implemented in electronic devices (e.g.,
 electronic chip packages) that can be physically protected against
 unauthorized entry, modification and reverse engineering.
 Implementations which are tested and validated by NIST will be
 considered as complying with this standard. An electronic device
 shall be incorporated into a cyptographic module in accordance
 with FIPS 140-1. NIST will test for conformance with FIPS 140-1.
 Cryptographic modules can then be integrated into security
 equipment for sale and use in an application. Information about
 devices that have been validated, procedures for testing equipment
 for conformance with NIST standards, and information about
 obtaining approval of security equipment are available from the
 Computer Systems Laboratory, NIST, Gaithersburg, MD 20899.

  Export Control: Implementations of this standard are subject to
 Federal Government export controls as specified in title 22, Code
 of Federal Regulations, parts 120 through 131 (International
 Traffic of Arms Regulations -ITAR). Exporters of encryption
 devices, equipment and technical data are advised to contact the
 U.S. Department of State, Office of Defense Trade Controls for
 more information.   Patents: Implementations of this standard may
 be covered by U.S. and foreign patents.

  Implementation Schedule: This standard becomes effective thirty
 days following publication of this FIPS PUB.

  Specifications: Federal Information Processing Standard (FIPS
 XXX)(affixed).

  Cross Index:

    a. FIPS PUB 46-2, Data Encryption Standard.

    b. FIPS PUB 81, Modes of Operation of the DES

    c. FIPS PUB 140-1, Security Requirements for Cryptographic
 Modules.


  Glossary:

    The following terms are used as defined below for purposes of
 this standard:

    Data-Voice, facsimile and computer information communicated in
 a telephone system.

    Decryption-Conversion of ciphertext to plaintext through the
 use of a cryptographic algorithm.

    Device (cryptographic)-An electronic implementation of the
 encryption/decryption algorithm and the LEAF creation method as
 specified in this standard.

    Digital data-Data that have been converted to a binary
 representation.

    Encryption-Conversion of plaintext to ciphertext through the
 use of a cryptographic algorithm.

    Key components-The values from which a key can be derived
 (e.g., KU sub 1 + KU sub 2).

    Key escrow -A process involving transferring one or more
 components of a cryptographic key to one or more trusted key
 component escrow agents for storage and later use by government
 agencies to decrypt ciphertext if access to the plaintext is
 lawfully authorized.

    LEAF Creation Method 1-A part of a  key escrow  system that is
 implemented in a cryptographic device and creates a Law
 Enforcement Access Field.

    Type I cryptography-A cryptographic algorithm or device
 approved by the National Security Agency for protecting classified
 information.

    Type II cryptography-A cryptographic algorithm or device
 approved by the National Security Agency for protecting sensitive
 unclassified information in systems as specified in section 2315
 of Title 10 United State Code, or section 3502(2) of Title 44,
 United States Code.

    Type III cryptography-A cryptographic algorithm or device
 approved as a Federal Information Processing Standard.

    Type III(E) cryptography-A Type III algorithm or device that is
 approved for export from the United States.

  Qualifications. The protection provided by a security product or
 system is dependent on several factors. The protection provided by
 this standard against key search attacks is greater than that
 provided by the DES (e.g., the cryptographic key is longer).
 However, provisions of this standard are intended to ensure that
 information encrypted through use of devices implementing this
 standard can be decrypted by a legally authorized entity.

  Where to Obtain Copies of the Standard: Copies of this
 publication are for sale by the National Technical Information
 Service, U.S. Department of Commerce, Springfield, VA 22161. When
 ordering, refer to Federal Information Processing Standards
 Publication XX (FIPS PUB XX), and identify the title. When
 microfiche is desired, this should be specified. Prices are
 published by NTIS in current catalogs and other issuances. Payment
 may be made by check, money order, deposit account or charged to a
 credit card accepted by NTIS.
  Specifications for the Escrowed Encryption Standard


  1. Introduction

    This publication specifies Escrowed Encryption Standard (EES)
 functions and parameters.


  2. General

    This standard specifies use of the SKIPJACK cryptographic
 algorithm and the LEAF Creation Method 1 (LCM-1) to be implemented
 in an approved electronic device (e.g., a very large scale
 integration electronic chip). The device is contained in a logical
 cryptographic module which is then integrated in a security
 product for encrypting and decrypting telecommunications.

    Approved implementations may be procured by authorized
 organizations for integration into security equipment. Devices
 must be tested and validated by NIST for conformance to this
 standard. Cryptographic modules must be tested and validated by
 NIST for conformance to FIPS 140-1.


  3. Algorithm Specifications

    The specifications of the encryption/decryption algorithm
 (SKIPJACK) and the LEAF Creation Method 1 (LCM-1) are classified.
 The National Security Agency maintains these classified
 specifications and approves the manufacture of devices which
 implement the specifications. NIST tests for conformance of the
 devices implementing this standard in cryptographic modules to
 FIPS 140-1 and FIPS 81.


  4. Functions and Parameters


  4.1 Functions

    The following functions, at a minimum, shall be implemented:

    1. Data Encryption: A session key (80 bits) shall be used to
 encrypt plaintext information in one or more of the following
 modes of operation as specified in FIPS 81: ECB, CBC, OFB (64) CFB
 (1, 8, 16, 32, 64).

    2. Data Decryption: The session key (80 bits) used to encrypt
 the data shall be used to decrypt resulting ciphertext to obtain
 the data.

    3.  Key Escrow:  The Family Key (KF) shall be used to create
 the Law Enforcement Access Field (LEAF) in accordance with the
 LEAF Creation Method 1 (LCM-1). The Session Key shall be encrypted
 with the Device Unique Key and transmitted as part of the LEAF.
 The security equipment shall ensure that the LEAF is transmitted
 in such a manner that the LEAF and ciphertext may be decrypted
 with legal authorization. No additional encryption or modification
 of the LEAF is permitted.


  4.2 Parameters

    The following parameters shall be used in performing the
 prescribed functions:

    1. Device Identifier (DID): The identifier unique to a
 particular device and used by the  Key Escrow  System.

    2. Device Unique Key (KU): The cryptographic key unique to a
 particular device and used by the  Key Escrow  System.

    3. Cryptographic Protocol Field (CPF): The field identifying
 the registered cryptographic protocol used by a particular
 application and used by the  Key Escrow  System (reserved for
 future specification and use).

    4. Escrow Authenticator (EA): A binary pattern that is inserted
 in the LEAF to ensure that the LEAF is transmitted and received
 properly and has not been modified, deleted or replaced in an
 unauthorized manner.

    5. Initialization Vector (IV): A mode and application dependent
 vector of bytes used to initialize, synchronize and verify the
 encryption, decryption and key escrow  functions.

    6. Family Key (KF): The cryptographic key stored in all devices
 designated as a family that is used to create the LEAF.

    7. Session Key (KS): The cryptographic key used by a device to
 encrypt and decrypt data during a session.