At 8:02 AM -0500 2/12/2000, Peter Gutmann wrote:
>Late last year the Capstone spec ("CAPSTONE (MYK-80) Specifications",
>R21-TECH-30-95) was partially declassified as the result of a FOIA lawsuit[0].
>The document is stamped "TOP SECRET UMBRA" on every page. UMBRA is a SIGINT
>codeword, not an INFOSEC one, so the people who designed the thing were very
>clear about what it was to be used for at a time when it was still
>being touted
>as a privacy device (the fact that it's described in the abstract as "a SIGINT
>friendly replacement for DES" probably doesn't help either).
>
>Peter.
>
>[0] I don't know if it's online, they were handed out at Crypto'99.
The Capstone spec is available at http://cryptome.org/capstone.htm
Clipper/Capstone was always advertised to the public as providing a
higher level (80-bits) of security than DES while allowing access by
law enforcement agencies. I don't see anything in the spec that is
at variance with this. The abstract says in full:
"(U) CAPSTONE started as an embodiment of a Law Enforcement SIGINT
friendly replacement for the Data Encryption Standard (DES). This
requirement would offer greater security than DES while permitting
legitimate access to traffic. Given these restraints, the project
goals were a commercially viable, single-chip solution offering data
integrity, confidentiality, public key based key management and
authentication. R21 undertook the development of an algorithm suited
for CAPSTONE in support of the aforementioned requirements and goals.
"
More tantalizing is the stuff that was censored , e.g.:
III. Anti-Reverse Engineering Circuitry and Techniques
1. (S) [Five lines redacted.]
2. (TSC-NF) [Six lines redacted.]
3. (TSC-NF) [Seven lines redacted.]
...
B. Random Power Fluctuations
1. (TSC-NF) [Six lines redacted.]
2. (S) [Four lines redacted.]
...
VI. Key Escrow Circuitry
1. (S U.S./Can Eyes Only) [Eight lines redacted.]
2. (S U.S./Can Eyes Only) [Fifty lines redacted.]
3. (S U.S./Can Eyes Only) [Three lines redacted.]
...
VIII. Randomization and Key Variable Generation
A.
1. (S-NF) [Forty-five lines redacted.]
etc.
The UMBRA code word may have been required due to SIGINT-sensitive
references in the censored sections to vulnerabilities that NSA has
exploited in the past.
Arnold Reinhold
