What is the correct sequence which enables an authorized agency to use the Law Enforcement
Access Field (LEAF) to decrypt a message sent by using the Clipper Chip? The following designations
are used for the respective keys involved Kf, the family key; Ks, the session key; U, a unique identifier
for each Clipper Chip and Ku, the unit key that is unique to each Clipper Chip.
A.
Decrypt the LEAF with the family key, Kf; recover U; obtain a court order to obtain Ks, the session
key. Use the session key to decrypt the message.
B.
Decrypt the LEAF with the family key, Kf; recover U; obtain a court order to obtain the two halves
of Ku; recover Ku; and then recover Ks, the session key. Use the session key to decrypt the message.
C.
Obtain a court order to acquire the family key, Kf; recover U and Ku; then recover Ks, the session
key. Use the session key to decrypt the message.
D.
Obtain a court order to acquire the two halves of Ku, the unit key. Recover Ku. Decrypt the LEAF
with Ku and then recover Ks, the session key. Use the session key to decrypt the message.
Explanation:
The explanation is based on the LEAF as shown in the Figure. The message is encrypted with the
symmetric session key, Ks. In order to decrypt the message, then, Ks must be recovered. The LEAF
contains the session key, but the LEAF is encrypted with the family key, Kf , that is common to all
Clipper Chips. The authorized agency has access to Kf and decrypts the LEAf. However, the session
key is still encrypted by the 80-bit unit key, Ku, that is unique to each Clipper Chip and is identified
by the unique identifier, U. Ku is divided into two halves, and each half is deposited with an escrow
agency. The law enforcement agency obtains the two halves of Ku by presenting the escrow
agencies with a court order for the key identified by U. The two halves of the key obtained by the
court order are XORed together to obtain Ku. Then, Ku is used to recover the session key, Ks, and Ks
is used to decrypt the message. The decryption sequence to obtain Ks can be summarized as: This is
the sequence described in answer “Decrypt the LEAF with the family key, Kf; recover U; obtain a
court order to obtain the two halves of Ku; recover Ku; and then recover Ks, the session key. Use the
session key to decrypt the message”. The sequences described in the other answers are incorrect.