• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

BATON cryptographic algorithm.

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Thu Mar 18, 2004 6:43 am    Post subject: BATON cryptographic algorithm. Reply with quote

I was read in Information Security mag. by Erik Sherman in the March edition, on "Digital Warriors" Iraq and IT.

They refered to using NSA Type 1 encryption and standard. I was able to find some more info on it at http://www.govcomm.harris.com/secure-comm/Docs/SecNet11Briefing.pdf where it states using the "Baton cryptogrpahic algorithm".

I can't find a basic level explaination of this, and also never heard of it. This method is only for secret and below level data traffic. It also may or may not be for wireless only, I'm not sure.

So what is it and how does it compare to the more standard ones we are familar with?
Back to top
View user's profile Send private message Visit poster's website
mog
Just Arrived
Just Arrived


Joined: 26 Dec 2003
Posts: 0


Offline

PostPosted: Thu Mar 18, 2004 8:24 am    Post subject: Reply with quote

From Slashdot...

'It's called "Baton" and it was developed by the NSA, the details of the algorithm are Top Secret/Propreitary. It's a Type-1 encryption algorithm, the kind that can be used to encrypt Secret/Top-Secret information, for example, on SIPRNET. Harris/Intersil was licensed to create a security module that implements the algorithm.

Baton is a symmetric key cypher, by the way. I read somewhere it's a 160 or 320-bit key and of course it has various chaining modes. So it's definitely strong. It uses the SHA-1 hash in the protocol too."

The full discussion is here
Back to top
View user's profile Send private message
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Offline

PostPosted: Thu Mar 18, 2004 9:53 am    Post subject: Classified algorithms. Reply with quote

mog wrote:

Baton is a symmetric key cypher, by the way. I read somewhere it's a 160 or 320-bit key and of course it has various chaining modes. So it's definitely strong. It uses the SHA-1 hash in the protocol too."


First, there is nothing to say that it is "definitely strong,", based on just a length of key. Assuming key exhaustion is the only route of attack, then sure, a key of this size is regarded as sufficiently safe, in that case. Of course, one can't assume that when contemplating the secure use of an algorithm.

Right, BATON is symmetric cipher. To be more precise, it's a 128-bit block cipher, as is JUNIPER, another likewise-classed algorithm. They are both briefly specified in PKCS #11 v2.11 (Cryptographic Token Interface Standard), as secret key objects which use 40-byte (320-bit) keys, of who's 160 parity bits must be properly set. This is vital, to avoid an error.

It was established that BATON provided an efficient, and critical, increase in encryption speed, via technology at that time, that SKIPJACK could not, thus allowing it to exceed the boundaries of Capstone confinement in terms of compatibility, of which they desired. This source is around a decade in age, and directly from the government.

Another, older, proposed instance of its use was that of TEED. TEED, or Tactical End-to-End Encryption Device, was designed to initiate end-to-end cryptographic security of base-level Secret and higher-level Top Secret communications, as two possible applications. Further improvements were theorized to provide encryption for both ATM and IP traffic. This is as much as I recall from a source that has aged over five years, but it gives you a briefing on its applicable use. BATON happened to be the candidate for these schematics.

Take this information with a grain of salt (or the entire container, if you'd like) and realize that due to lack of publicly available documentation of these algorithms, the information may be a bit rusty from aged sources and is not worthy of being taken for the gospel. However, what I have mentioned can be referenced, easily, if need be, albeit of little extensive nature. Much of it is dispersed throughout discussion among gurus and protocol specifications, but in a very brief manner - since brief is what we know, in regards to them.

All in all, as mathematical cryptanalysis and cryptographic design standards are my focus, please correct me if my lack of depth in this area is leaving me in the dark of any other public information that might exist.

But as these classified algorithms go, only block and key lengths are usually published or readily available to civilian cryptographers. You'd be surprised at how many algorithms of this nature are floating around, regardless of their class. They just seem to spark little interest, to be honest.

As far as comparing these algorithms to modern household entities, such as Twofish or AES, I won't even begin, as it would be irrelevant, and a disservice, for me to make assumptions. However, it appears that with a 128-bit block length, these algorithms could likely exhibit similar efficient design criteria, performance- and implementation-wise, but as for their juxtaposed security - that is something I can't honestly answer. I have my opinionated theories, but don't we all.

The one conjecture that I will jump to make, which isn't a comparison at all, is that it is highly likely that this algorithm and other similarly-classed algorithms are highly efficient in various hardware implementations. But, that concludes it, for what I'm aware of.

I like to think that this further keeps the lid on the mystery that subsides after the iteration of the letters "N", "S", and "A."
Back to top
View user's profile Send private message Visit poster's website
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Thu Mar 18, 2004 5:18 pm    Post subject: Reply with quote

Quote:
The one conjecture that I will jump to make, which isn't a comparison at all, is that it is highly likely that this algorithm and other similarly-classed algorithms are highly efficient in various hardware implementations. But, that concludes it, for what I'm aware of.


Yes "much of the equipment is off the shelf", per Major Tom Lantzy U.S. Army, 335th Theater Signal Commander. Just me reading into this, it would seem to be very business or possibly consumer hardware level friendly to run on.

Your point of comparing what we are not given any details on with well known algorithms is really not possible and clearly true. I just didn't know how much or how little was publiclly known other than general overviews like the one in my post above.

Thanks,
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register