fips185.txt

《应用密码学》协议、算法与C原程序(第二版)配套源码。很多人都需要的

FEDERAL INFORMATION
PROCESSING STANDARDS PUBLICATION 185

1994 February 9




U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and Technology






ESCROWED ENCRYPTION STANDARD














CATEGORY:  TELECOMMUNICATIONS   SECURITY





U.S. DEPARTMENT OF COMMERCE, Ronald H. Brown, Secretary
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY,
Arati Prabhakar, Director


                          
Foreword


The Federal Information Processing Standards Publication Series of
the National Institute of Standards and Technology (NIST) is the
official series of publications relating to standards and
guidelines adopted and promulgated under the provisions of Section
111(d) of the Federal Property and Administrative Services Act of
1949 as amended by the Computer Security Act of 1987, Public Law
100-235.  These mandates have given the Secretary of Commerce and
NIST important responsibilities for improving the utilization and
management of computer and related telecommunications systems in
the Federal Government.  The NIST, through the Computer Systems
Laboratory, provides leadership, technical guidance, and
coordination of Government efforts in the development of standards
and guidelines in these areas. 

Comments concerning Federal Information Processing Standards
Publications are welcomed and should be addressed to the Director,
Computer Systems Laboratory, National Institute of Standards and
Technology, Gaithersburg, MD 20899.


James H. Burrows, Director
Computer Systems Laboratory 


Abstract

This standard specifies an encryption/decryption algorithm and a
Law Enforcement Access Field (LEAF) creation method which may be
implemented in electronic devices and used for protecting
government telecommunications when such protection is desired.  The
algorithm and the LEAF creation method are classified and are
referenced, but not specified, in the standard.  Electronic devices
implementing this standard may be designed into cryptographic
modules which are integrated into data security products and
systems for use in data security applications.  The LEAF is used in
a key escrow system that provides for decryption of
telecommunications when access to the telecommunications is
lawfully authorized. 

Key words:  Cryptography, Federal Information Processing Standard,
encryption, key escrow system,  security.


                                                  FIPS PUB 185


Federal Information
Processing Standards Publication 185

1994 February 9 

Announcing the

Escrowed Encryption Standard (EES)


Federal Information Processing Standards Publications (FIPS PUBS)
are issued by the National Institute of Standards and Technology
(NIST) after approval by the Secretary of Commerce pursuant to
Section 111(d) of the Federal Property and Administrative Services
Act of 1949 as amended by the Computer Security Act of 1987, Public
Law 100-235.

Name of Standard:  Escrowed Encryption  Standard (EES).

Category of Standard: Telecommunications Security.

Explanation: This Standard specifies use of a symmetric-key
encryption (and decryption) algorithm (SKIPJACK) and a Law
Enforcement Access Field (LEAF) creation method (one part of a key
escrow system) which provides for decryption of encrypted
telecommunications when interception of the telecommunications is
lawfully authorized.  Both the SKIPJACK algorithm and the LEAF
creation method are to be implemented in electronic devices (e.g.,
very large scale integration chips).  The devices may be
incorporated in security equipment used to encrypt (and decrypt)
sensitive unclassified telecommunications data.  Decryption of
lawfully intercepted telecommunications may be achieved through the
acquisition and use of the LEAF,  the decryption algorithm  and 
the two escrowed key components. 

One definition of "escrow" means that something (e.g., a document,
an encryption key)  is "delivered to a third person to be given to
the grantee only upon the fulfillment of a condition" (Webster's
Seventh New Collegiate Dictionary).  The term, "escrow", for
purposes of this standard, is restricted to this dictionary
definition. 

A key escrow system, for purposes of this standard,  is one that
entrusts the two components comprising  a cryptographic key (e.g.,
a device unique key) to two  key component holders (also called
"escrow agents").  In accordance with the above definition of
"escrow", the key component holders provide the components of a key
to a "grantee" (e.g., a law enforcement official) only upon
fulfillment of the condition that the grantee has properly
demonstrated legal authorization to conduct electronic surveillance
of telecommunications which are encrypted using the specific device
whose device unique key  is being requested.  The key components
obtained through this process are then used by the grantee to
reconstruct the device unique key and obtain the session key  which
is then used to  decrypt the telecommunications that are encrypted
with that session key. 

The SKIPJACK encryption/decryption algorithm has been approved for
government applications requiring encryption of sensitive but
unclassified data telecommunications as defined herein.  The
specific operations of the SKIPJACK algorithm and the LEAF creation
method are classified and hence are referenced, but not specified,
in this standard.

Data for purposes of this standard includes voice, facsimile and
computer information communicated in a telephone system.  A
telephone system for purposes of this standard is limited to a
system which is circuit switched and operating at data rates of
standard commercial modems over analog voice circuits or which uses
basic-rate ISDN or a similar grade wireless service.

Data that is considered sensitive by a responsible authority should
be encrypted if it is vulnerable to unauthorized disclosure during
telecommunications.  A risk analysis should be performed under the
direction of a responsible authority to determine potential threats
and risks.  The costs of providing encryption using this standard
as well as alternative methods and their respective costs should be
projected.  A responsible authority should then make a decision,
based on the risk and cost analyses, whether or not to use
encryption and then whether or not to use this standard.

Approving Authority:  Secretary of Commerce.

Maintenance Agency: Department of Commerce, National Institute of
Standards and Technology.

Applicability:   This standard is applicable to all Federal
departments and agencies and their contractors under the conditions
specified below.  This standard may be used in designing and
implementing security products and systems, which Federal
departments and agencies use or operate or which are operated for
them under contract.  These products may be used when replacing
Type II and Type III (DES) encryption devices and products owned by
the government and government contractors.  

This standard may be used  when the following conditions apply:

     1.  An authorized official or manager responsible for data
security or the security of a computer system decides that
encryption is required and cost justified as per OMB Circular A-
130; and
     2.  The data is not classified according to Executive Order
12356, entitled "National Security Information," or to its
successor orders, or to the Atomic Energy Act of 1954, as amended. 


However, Federal departments or agencies which use encryption
devices for protecting data that is classified according to either
of these acts may use those devices also for protecting
unclassified data in lieu of this standard. 

In addition, this standard may be adopted and used by non-Federal
Government organizations.  Such use is encouraged when it provides
the desired security.

Applications: This standard may be used in any unclassified
government and commercial communications.  Use of devices
conforming to this standard is voluntary for unclassified
government applications and for commercial security applications.

Implementations:   The encryption/decryption algorithm and the LEAF
creation method shall be implemented in electronic devices (e.g.,
electronic chip packages) which are protected against unauthorized
entry, modification and reverse engineering.  Implementations which
are tested and validated by NIST will be considered as complying
with this standard.  An electronic device shall be incorporated
into a cryptographic module in accordance with FIPS 140-1.  NIST
will test for conformance with FIPS 140-1.  Conforming
cryptographic modules can then be integrated into security
equipment for sale and use in a security application.  Information
about devices that have been validated,  procedures for testing
equipment for conformance with NIST standards, and information
about approved security equipment are available from  the Computer
Systems Laboratory, NIST, Gaithersburg, MD 20899.

Export Control: Implementations of this standard are subject to
Federal Government export controls as specified in Title 22, Code
of Federal Regulations, Parts 120 through 131 (International
Traffic of Arms Regulations - ITAR).  Exporters of encryption
devices, equipment and technical data are advised to contact the
U.S. Department of State, Office of Defense Trade Controls for more
information.

Patents: Implementations of  this standard may be covered by U.S.
and foreign patents.

Implementation Schedule: This standard becomes effective thirty
days following publication of this FIPS PUB.