General | |
---|---|
Designers | National Security Agency |
Cipher detail | |
Key sizes | 320 bits (160 effective) |
Block sizes | 96, 128 bits |
BATON is a Type 1 block cipher in use since at least 1995 by the United States government to secure classified information.
While the BATON algorithm itself is secret (as is the case with all algorithms in the NSA's Suite A), the public PKCS#11 standard includes some general information about how it is used. It has a 320-bit key and uses a 128-bit block in most modes, and also supports a 96-bit electronic codebook mode. 160 bits of the key are checksum material. It supports a "shuffle" mode of operation, like the NSA cipher JUNIPER. It may use up to 192 bits as an initialization vector, regardless of the block size.[1]
In response to a Senate question about encrypted video links, the NSA said that BATON could be used for encryption at speeds higher than those possible with Skipjack.[2]
Usage
BATON is used in a variety of products and standards:
- APCO Project 25 (Public standard for land mobile radio) (Algorithm IDs 01 and 41)
- PKCS#11 (Public standard for encryption tokens)
- CDSA/CSSM (Another public standard)
- HAIPE-IS (NSA's version of IPsec)
- FNBDT (Advanced flexible voice security protocol)
- Thales Datacryptor 2000 (a British network-encryption box)
- SecNet-11 (a crypto-secure 802.11b PC Card, based on the Sierra chip)
- Fortezza Plus (a PC Card product, used in the STE)
- SafeXcel-3340 (a HAIPIS network-encryption box)
- Numerous embeddable encryption modules: AIM, CYPRIS, MYK-85, Sierra (microchip), etc.