Crypto Wiki


The Clipper chip is a chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission. It was announced in 1993 and by 1996 was entirely defunct.

Key escrow[]

This article does not cite any sources. Please help improve this article by adding citations to reliable sources. (December 2009)

The Clipper chip used a data encryption algorithm called Skipjack to transmit information and the Diffie-Hellman key exchange-algorithm to distribute the cryptokeys between the peers. Skipjack was invented by the National Security Agency of the U.S. Government; this algorithm was initially classified SECRET so that it could not be subjected to the peer review that was usual in the encryption research community. The government did state that it used an 80-bit key, that the algorithm was symmetric, and that it was similar to the DES algorithm. The Skipjack algorithm was declassified and published by NSA on June 24, 1998. The initial cost of the chips was said to be $16 (unprogrammed) or $26 (programmed), with its logic designed by Mykotronx, and fabricated by VLSI Technology, Inc.

But the heart of the concept was key escrow. In the factory, any new telephone or other device with a Clipper chip would be given a "cryptographic key", that would then be provided to the government in "escrow". If government agencies "established their authority" to listen to a communication, then the key would be given to those government agencies, who could then decrypt all data transmitted by that particular telephone. The newly formed Electronic Frontier Foundation preferred the term "key surrender" to emphasize what they alleged was really occurring.


In announcing the Clipper chip initiative, the government did not state that it intended to try to make data encryption illegal, but several statements seemed to point in this direction, such as the following paragraph from Presidential Decision Directive 5, issued by President Bill Clinton in 1993:

In making this decision, I do not intend to prevent the private sector from developing, or the government from approving, other microcircuits or algorithms that are equally effective in assuring both privacy and a secure key-escrow system.[1]

Organizations such as the Electronic Privacy Information Center and the Electronic Frontier Foundation challenged the Clipper chip proposal, saying that it would have the effect not only of subjecting citizens to increased and possibly illegal government surveillance, but that the strength of the Clipper chip's encryption could not be evaluated by the public, as its design was classified secret, and that therefore individuals and businesses might be hobbled with an insecure communications system. Further, it was pointed out that while American companies could be forced to use the Clipper chip in their encryption products, foreign companies could not, and presumably phones with strong data encryption would be manufactured abroad and spread throughout the world and into the United States, defying the point of the whole exercise, and, of course, materially damaging U.S. manufacturers en route. Then-Senator John Ashcroft and John Kerry were opponents of the Clipper chip proposal, arguing in favor of the individual's right to encrypt messages and export encryption software.[2]

The release and development of several strong cryptographic software packages such as Nautilus, PGP[3] and PGPfone was in response to the government push for the Clipper chip. The thinking was that if strong cryptography was freely available on the internet as an alternative, the government would be unable to stop its use. This strategy was mostly effective; and key escrow in the form of the Clipper chip died.


In 1994, Matt Blaze published the paper Protocol Failure in the Escrowed Encryption Standard.[4] It pointed out that the Clipper's escrow system has a serious vulnerability. The chip transmitted a 128-bit "Law Enforcement Access Field" (LEAF) that contained the information necessary to recover the encryption key. To prevent the software that transmitted the message from tampering with the LEAF, a 16-bit hash was included. The Clipper chip would not decode messages with an invalid hash; however, the 16 bit hash was too short to provide meaningful security. A brute force attack would quickly produce another LEAF value that would give the same hash but not yield the correct keys after the escrow attempt. This would allow the Clipper chip to be used as an encryption device, while disabling the key escrow capability.

Dead on the vine[]

The Clipper chip was not embraced by consumers or manufacturers and the chip itself was a dead issue by 1996. The U.S. government continued to press for key escrow by offering incentives to manufacturers, allowing more relaxed export controls if key escrow were part of cryptographic software that was exported. These attempts were largely made moot by the widespread use of strong cryptographic technologies such as PGP, which was not under the control of the U.S. government.

In 1998 Skipjack, the encryption algorithm used in Clipper, was declassified.

See also[]

  • Backdoor (computing)
  • Cryptoprocessor
  • Key escrow
  • Trusted Platform Module


External links[]

  • Clipper Chip Q&A
  • Clipper Chip White House Statement
  • Oral history interview with Martin Hellman Oral history interview 2004, Palo Alto, California. Charles Babbage Institute, University of Minnesota, Minneapolis. Hellman describes his invention of public key cryptography with collaborators Whitfield Diffie and Ralph Merkle at Stanford University in the mid-1970s. He also relates his subsequent work in cryptography with Steve Pohlig (the Pohlig-Hellman system) and others. Hellman addresses key escrow (the so-called Clipper chip). He also touches on the commercialization of cryptography with RSA Data Security and VeriSign.

es:Chip Clipper fr:Clipper chip ja:クリッパーチップ pl:Układ Clipper