Quasigroups and stream cipher Edon80
|
|
- Rodger Johnson
- 6 years ago
- Views:
Transcription
1 Department of Algebra, Charles University in Prague June 3, 2010
2 Stream cipher Edon80 Edon80 is a binary additive stream cipher Input stream m i ( c i ) K Edon80 KEYSTREAM GENERATOR k i Output stream c i ( m i ) K k i m i c i is a key is a ith bit of the keystream is a ith bit of the message is a ith bit of the ciphertext
3 Properties of keystream The keystream should
4 Properties of keystream The keystream should be a psedorandom sequence
5 Properties of keystream The keystream should be a psedorandom sequence have no period (or period longer than any admissible message)
6 Properties of keystream The keystream should be a psedorandom sequence have no period (or period longer than any admissible message)
7 Properties of keystream The keystream should be a psedorandom sequence have no period (or period longer than any admissible message) If this condition is not satisfied, two parts of the message will be encrypted by the same binary sequence, which opens ways to attack the cipher:
8 Why is the period of keystream a security problem? Let + be an operation of addition in Z t 2 Then c = m + k c = m + k
9 Why is the period of keystream a security problem? Let + be an operation of addition in Z t 2 Then c = m + k c = m + k and c + c = (m + k) + (m + k) = m + (k + k) + m = m + m
10 Why is the period of keystream a security problem? Let + be an operation of addition in Z t 2 Then c = m + k c = m + k and c + c = (m + k) + (m + k) = m + (k + k) + m = m + m Hence m = c + c + m
11 Why is the period of keystream a security problem? Let + be an operation of addition in Z t 2 Then c = m + k c = m + k and c + c = (m + k) + (m + k) = m + (k + k) + m = m + m Hence m = c + c + m Because most messages contain enough redundancy, it is possible to recover both m and m from m + m
12 Description of the keystream generator
13 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3}
14 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0
15 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79
16 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3}
17 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3}
18 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3}
19 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} K 0 K 1 K 79
20 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} 0 K 79 1 K K 0 K 0 K 1 K 79
21 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} 0 K 79 K 79 0 K 0 1 K K 0 K 0 K 1 K 79
22 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} K 0 K 1 K 79 0 K 79 K 79 0 K 0 (K 79 0 K 0 ) 0 K 1 1 K K 0
23 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} K 0 K 1 K 79 0 K 79 K 79 0 K 0 (K 79 0 K 0 ) 0 K 1 1 K K 0
24 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} K 0 K 1 K 79 0 K 79 K 79 0 K 0 (K 79 0 K 0 ) 0 K 1 1 K 78 K 78 1 (K 79 0 K 0 ) 79 K 0
25 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} K 0 K 1 K 79 0 K 79 K 79 0 K 0 (K 79 0 K 0 ) 0 K 1 1 K 78 K 78 1 (K 79 0 K 0 ) 79 K 0
26 Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} K 0 K 1 K 79 0 K 79 K 79 0 K 0 (K 79 0 K 0 ) 0 K 1 1 K 78 K 78 1 (K 79 0 K 0 ) 79 K 0 y 0 y 1 y 79
27 Description of the keystream generator Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3}
28 Description of the keystream generator Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} Formally y = τ K0, 79 τ K1, 78 τ K79, 0 (K 0,, K 79 ), where τ y, : (a i ) (b i ) such that b 0 = y a 0, b i = b i 1 a i for i > 0
29 Description of the keystream generator Step 3: y, 0,, 79 keystream
30 Description of the keystream generator Step 3: y, 0,, 79 keystream Figure: System A
31 Description of the keystream generator Step 3: y, 0,, 79 keystream Figure: System A
32 Description of the keystream generator Step 3: y, 0,, 79 keystream 0 y 0 1 y 1 79 y 79 Figure: System A
33 Description of the keystream generator Step 3: y, 0,, 79 keystream 0 y 0 1 y 1 79 y Figure: System A
34 Description of the keystream generator Step 3: y, 0,, 79 keystream y 0 y (y 0 0 0) y 1 79 y 79 Figure: System A
35 Description of the keystream generator Step 3: y, 0,, 79 keystream y 0 y (y 0 0 0) y 1 y 1 1 (y 0 0 0) 79 y 79 Figure: System A
36 Description of the keystream generator Step 3: y, 0,, 79 keystream y 0 y (y 0 0 0) y 1 y 1 1 (y 0 0 0) 79 y 79 Figure: System A
37 Description of the keystream generator Step 3: y, 0,, 79 keystream y 0 y (y 0 0 0) y 1 y 1 1 (y 0 0 0) 79 y 79 a 79,0 k 0 a 79,2 k 1 a 79,4 k 2 Figure: System A
38 Periods of the Edon80 keystream
39 Periods of the Edon80 keystream J Hong, Remarks on the Period of Edon80 He showed that there is quite a large number of the pairs ({ 0,, 80 }, y) that produce the same sequence of period 2 and also that a random key produces a short period of the keystream (2 55, 2 63 ) with some probability (2 71, 2 60 )
40 Periods of the Edon80 keystream J Hong, Remarks on the Period of Edon80 He showed that there is quite a large number of the pairs ({ 0,, 80 }, y) that produce the same sequence of period 2 and also that a random key produces a short period of the keystream (2 55, 2 63 ) with some probability (2 71, 2 60 ) D Gligoroski, S Markovski, L Kocarev and M Gušev, Understanding Periods in Edon80- Response on Remarks on the Period of Edon80, by Jin Hong Based on the previous paper they made a statistical model of Edon80 which indicates the existence of weak keys But they claim that Edon80 is a good cipher anyway because the best attack on Edon80 is still the exhaustive search in the space of all keys It is also possible to increase the security by using 160 operations instead of 80
41 Our setting We suppose that
42 Our setting We suppose that = i for all i = 1, 2,, 79, but we work with a general finite quasigroup (Q, ),
43 Our setting We suppose that = i for all i = 1, 2,, 79, but we work with a general finite quasigroup (Q, ), X = (x i ) Q N a periodic sequence with a period P X instead of sequence , and
44 Our setting We suppose that = i for all i = 1, 2,, 79, but we work with a general finite quasigroup (Q, ), X = (x i ) Q N a periodic sequence with a period P X instead of sequence , and Y = (y i ) Q N a sequence with no special property (we have arbitrary number of rows)
45 System B x 0 x 1 x 2 x 3 y 0 y 0 x 0 (y 0 x 0 ) x 1 y 1 y 1 (y 0 x 0 ) (y 1 (y 0 x 0 )) ((y 0 x 0 ) x 1 ) y 2 y 2 (y 1 (y 0 x 0 )) y 3 Figure: System B
46 Periods of System A and System B Proposition Each row of System B is periodic, for any sequence Y = (y i ) i=1 QN
47 Periods of System A and System B Proposition Each row of System B is periodic, for any sequence Y = (y i ) i=1 QN Moreover, denote by P 0 be the period of the sequence X and by P i the period of the ith row of System B Then there exists k i {1, 2,, Q } such that P i = k i P i 1 for each i 1
48 Periods of System A and System B Proposition Each row of System B is periodic, for any sequence Y = (y i ) i=1 QN Moreover, denote by P 0 be the period of the sequence X and by P i the period of the ith row of System B Then there exists k i {1, 2,, Q } such that Corollary P i = k i P i 1 for each i 1 Each row of System A is periodic
49 Periods of System A and System B Proposition Each row of System B is periodic, for any sequence Y = (y i ) i=1 QN Moreover, denote by P 0 be the period of the sequence X and by P i the period of the ith row of System B Then there exists k i {1, 2,, Q } such that Corollary P i = k i P i 1 for each i 1 Each row of System A is periodic The keystream has period 2 n for some n = 0,, 161
50 Periods for central quasigroups
51 Periods for central quasigroups A central quasigroup (T-quasigroup, linear over an Abelian group) is a quasigroup (Q, ) such that there exists an Abelian group G = (Q, +), α, β Aut(G), and c Q such that x y = α(x) + β(y) + c for all x, y Q
52 Periods for central quasigroups A central quasigroup (T-quasigroup, linear over an Abelian group) is a quasigroup (Q, ) such that there exists an Abelian group G = (Q, +), α, β Aut(G), and c Q such that x y = α(x) + β(y) + c for all x, y Q A medial quasigroup (entropic quasigroup) is a central quasigroup such that the automorphisms α and β commute
53 Periods for central quasigroups A central quasigroup (T-quasigroup, linear over an Abelian group) is a quasigroup (Q, ) such that there exists an Abelian group G = (Q, +), α, β Aut(G), and c Q such that x y = α(x) + β(y) + c for all x, y Q A medial quasigroup (entropic quasigroup) is a central quasigroup such that the automorphisms α and β commute For central quasigroups, the problem to compute periods of System B leads to the problem to compute periods in the group ring Z eg [Aut(G)]
54 Periods for central quasigroups id G α α 2 β αβ + βα α 2 β + αβα + βα 2 β 2 αβ 2 + βαβ + β 2 α α 2 β 2 + αβαβ + αβ 2 α + βα 2 β + βαβα + β 2 α 2 β 3 αβ 3 + βαβ 2 + β 2 αβ + β 3 α β 4 αβ 4 + βαβ 3 + β 2 αβ 2 + β 3 αβ + β 4 α Figure: System C
55 Periods for central quasigroups id G α α 2 β αβ + βα α 2 β + αβα + βα 2 β 2 αβ 2 + βαβ + β 2 α α 2 β 2 + αβαβ + αβ 2 α + βα 2 β + βαβα + β 2 α 2 β 3 αβ 3 + βαβ 2 + β 2 αβ + β 3 α β 4 αβ 4 + βαβ 3 + β 2 αβ 2 + β 3 αβ + β 4 α Figure: System C Proposition Denote by P X be the period of the sequence X and by P i the period of the ith row of System C Then for each i N, e G lcm(p X, P i ) is a period (not necessary minimal) of the ith row of System B
56 Periods for central quasigroups Proposition Let e G = p r 1 1 prn n, where p k are distinct primes Let (Q, ) be a medial quasigroup Denote by P i the period of the ith row of System B Then there is a constant C > 0 such that P i < C i n holds for all sufficiently large i
57 Periods for central quasigroups Proposition Let e G = p r 1 1 prn n, where p k are distinct primes Let (Q, ) be a medial quasigroup Denote by P i the period of the ith row of System B Then there is a constant C > 0 such that P i < C i n holds for all sufficiently large i Proposition Let (Q, ) be a central quasigroup of order 4 Denote by P i the period of the ith row of System B Then there is a constant C > 0 such that P i < C i holds for all sufficiently large i
58 Periods for central quasigroups We have found that for central quasigroup (Q, ) of order 4 the periods increase at most linearly, but Edon80 needs to generate sequences whose periods grow rapidly This implies that the central quasigroups are not suitable for implementation of Edon80
59 Further directions of research Analyse System B for non-central quasigroups
60 Further directions of research Analyse System B for non-central quasigroups Prove the conjecture that periods increase exponentially for non-central quasigroups
61 Further directions of research Analyse System B for non-central quasigroups Prove the conjecture that periods increase exponentially for non-central quasigroups Find a concrete weak key for Edon80 or disprove its existence
Large Quasigroups in Cryptography and their Properties Testing
Large Quasigroups in Cryptography and their Properties Testing Jiří Dvorský, Eliška Ochodková, Václav Snášel Department of Computer Science, VŠB - Technical University of Ostrava 17. listopadu 15, 708
More informationClassical Cryptography
Classical Cryptography CSG 252 Fall 2006 Riccardo Pucella Goals of Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to communications Alice and Bob share a key K Alice
More informationOn periods of Edon-(2m, 2k) Family of Stream Ciphers
On periods of Edon-2m, 2k Family of Stream Ciphers Danilo Gligoroski,2, Smile Markovski 2, and Svein Johan Knapskog Centre for Quantifiable Quality of Service in Communication Systems, Norwegian University
More informationTesting the Properties of Large Quasigroups
Testing the Properties of Large Quasigroups Eliška Ochodková, Jiří Dvorský, Václav Snášel Department of Computer Science Technical University of Ostrava 17. listopadu 15, Ostrava - Poruba Czech Republic
More informationAll-Or-Nothing Transforms Using Quasigroups
All-Or-Nothing Transforms Using Quasigroups Stelios I Marnas, Lefteris Angelis, and George L Bleris Department of Informatics, Aristotle University 54124 Thessaloniki, Greece Email: {marnas,lef,bleris}@csdauthgr
More informationCombinatorics of p-ary Bent Functions
Combinatorics of p-ary Bent Functions MIDN 1/C Steven Walsh United States Naval Academy 25 April 2014 Objectives Introduction/Motivation Definitions Important Theorems Main Results: Connecting Bent Functions
More informationCPA-Security. Definition: A private-key encryption scheme
CPA-Security The CPA Indistinguishability Experiment PrivK cpa A,Π n : 1. A key k is generated by running Gen 1 n. 2. The adversary A is given input 1 n and oracle access to Enc k, and outputs a pair of
More informationSolution of Exercise Sheet 7
saarland Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University university computer science Solution of Exercise Sheet 7 1 Variants of Modes of Operation Let (K,
More informationA Weak Cipher that Generates the Symmetric Group
A Weak Cipher that Generates the Symmetric Group Sean Murphy Kenneth Paterson Peter Wild Information Security Group, Royal Holloway and Bedford New College, University of London, Egham, Surrey TW20 0EX,
More informationUnpredictable Binary Strings
San Jose State University From the SelectedWorks of Mark Stamp 2005 Unpredictable Binary Strings Richard M. Low, San Jose State University Mark Stamp, San Jose State University R. Craigen, University of
More informationA survey of algebraic attacks against stream ciphers
A survey of algebraic attacks against stream ciphers Frederik Armknecht NEC Europe Ltd. Network Laboratories frederik.armknecht@netlab.nec.de Special semester on Gröbner bases and related methods, May
More informationUsing semidirect product of (semi)groups in public key cryptography
Using semidirect product of (semi)groups in public key cryptography Delaram Kahrobaei City University of New York Graduate Center: PhD Program in Computer Science NYCCT: Mathematics Department University
More informationAbout Vigenere cipher modifications
Proceedings of the Workshop on Foundations of Informatics FOI-2015, August 24-29, 2015, Chisinau, Republic of Moldova About Vigenere cipher modifications Eugene Kuznetsov Abstract TheaimofthisworkisamodificationoftheclassicalVigenere
More informationLecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004
CMSC 858K Advanced Topics in Cryptography February 5, 2004 Lecturer: Jonathan Katz Lecture 4 Scribe(s): Chiu Yuen Koo Nikolai Yakovenko Jeffrey Blank 1 Summary The focus of this lecture is efficient public-key
More informationResistance to Statistical Attacks of Parastrophic Quasigroup Transformation
Vol. 6, No. 9, 05 Resistance to Statistical Attacks of Parastrophic Quasigroup Transformation Verica Bakeva, Aleksandra Popovska-Mitrovikj and Vesna Dimitrova University Ss Cyril and Methodius - Skopje,
More informationDifferential Fault Analysis of Trivium
Differential Fault Analysis of Trivium Michal Hojsík 1,2 and Bohuslav Rudolf 2,3 1 Department of Informatics, University of Bergen, N-5020 Bergen, Norway 2 Department of Algebra, Charles University in
More informationCube Attacks on Stream Ciphers Based on Division Property
Cube Attacks on Stream Ciphers Based on Division Property Chaoyun Li ESAT-COSIC, KU Leuven 12-10-2017, Crete Chaoyun Li (ESAT-COSIC, KU Leuven) Cube attacks 12-10-2017, Crete 1 / 23 Plan 1 Cube Attack:
More informationAnalysis of Some Quasigroup Transformations as Boolean Functions
M a t h e m a t i c a B a l k a n i c a New Series Vol. 26, 202, Fasc. 3 4 Analysis of Some Quasigroup Transformations as Boolean Functions Aleksandra Mileva Presented at MASSEE International Conference
More informationChapter 4 Mathematics of Cryptography
Chapter 4 Mathematics of Cryptography Part II: Algebraic Structures Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 4.1 Chapter 4 Objectives To review the concept
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationCryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev
Cryptography Lecture 2: Perfect Secrecy and its Limitations Gil Segev Last Week Symmetric-key encryption (KeyGen, Enc, Dec) Historical ciphers that are completely broken The basic principles of modern
More informationA block cipher enciphers each block with the same key.
Ciphers are classified as block or stream ciphers. All ciphers split long messages into blocks and encipher each block separately. Block sizes range from one bit to thousands of bits per block. A block
More informationPublic Key Encryption
Public Key Encryption KG October 17, 2017 Contents 1 Introduction 1 2 Public Key Encryption 2 3 Schemes Based on Diffie-Hellman 3 3.1 ElGamal.................................... 5 4 RSA 7 4.1 Preliminaries.................................
More informationAkelarre. Akelarre 1
Akelarre Akelarre 1 Akelarre Block cipher Combines features of 2 strong ciphers o IDEA mixed mode arithmetic o RC5 keyed rotations Goal is a more efficient strong cipher Proposed in 1996, broken within
More informationAlgebraic Aspects of Symmetric-key Cryptography
Algebraic Aspects of Symmetric-key Cryptography Carlos Cid (carlos.cid@rhul.ac.uk) Information Security Group Royal Holloway, University of London 04.May.2007 ECRYPT Summer School 1 Algebraic Techniques
More informationReal scripts backgrounder 3 - Polyalphabetic encipherment - XOR as a cipher - RSA algorithm. David Morgan
Real scripts backgrounder 3 - Polyalphabetic encipherment - XOR as a cipher - RSA algorithm David Morgan XOR as a cipher Bit element encipherment elements are 0 and 1 use modulo-2 arithmetic Example: 1
More informationIntroduction to Cryptology. Lecture 2
Introduction to Cryptology Lecture 2 Announcements 2 nd vs. 1 st edition of textbook HW1 due Tuesday 2/9 Readings/quizzes (on Canvas) due Friday 2/12 Agenda Last time Historical ciphers and their cryptanalysis
More informationA Multiplicative Operation on Matrices with Entries in an Arbitrary Abelian Group
A Multiplicative Operation on Matrices with Entries in an Arbitrary Abelian Group Cyrus Hettle (cyrus.h@uky.edu) Robert P. Schneider (robert.schneider@uky.edu) University of Kentucky Abstract We define
More informationCOMS W4995 Introduction to Cryptography October 12, Lecture 12: RSA, and a summary of One Way Function Candidates.
COMS W4995 Introduction to Cryptography October 12, 2005 Lecture 12: RSA, and a summary of One Way Function Candidates. Lecturer: Tal Malkin Scribes: Justin Cranshaw and Mike Verbalis 1 Introduction In
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationNotes 10: Public-key cryptography
MTH6115 Cryptography Notes 10: Public-key cryptography In this section we look at two other schemes that have been proposed for publickey ciphers. The first is interesting because it was the earliest such
More informationORYX. ORYX not an acronym, but upper case Designed for use with cell phones. Standard developed by. Cipher design process not open
ORYX ORYX 1 ORYX ORYX not an acronym, but upper case Designed for use with cell phones o To protect confidentiality of voice/data o For data channel, not control channel o Control channel encrypted with
More information9 Knapsack Cryptography
9 Knapsack Cryptography In the past four weeks, we ve discussed public-key encryption systems that depend on various problems that we believe to be hard: prime factorization, the discrete logarithm, and
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationCSc 466/566. Computer Security. 5 : Cryptography Basics
1/84 CSc 466/566 Computer Security 5 : Cryptography Basics Version: 2012/03/03 10:44:26 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg Christian
More informationWhat is a semigroup? What is a group? What is the difference between a semigroup and a group?
The second exam will be on Thursday, July 5, 2012. The syllabus will be Sections IV.5 (RSA Encryption), III.1, III.2, III.3, III.4 and III.8, III.9, plus the handout on Burnside coloring arguments. Of
More informationLecture 9 Julie Staub Avi Dalal Abheek Anand Gelareh Taban. 1 Introduction. 2 Background. CMSC 858K Advanced Topics in Cryptography February 24, 2004
CMSC 858K Advanced Topics in Cryptography February 24, 2004 Lecturer: Jonathan Katz Lecture 9 Scribe(s): Julie Staub Avi Dalal Abheek Anand Gelareh Taban 1 Introduction In previous lectures, we constructed
More informationMathematical Foundations of Cryptography
Mathematical Foundations of Cryptography Cryptography is based on mathematics In this chapter we study finite fields, the basis of the Advanced Encryption Standard (AES) and elliptical curve cryptography
More informationCryptographic Hash Function
Cryptographic Hash Function EDON-R Norwegian University of Science and Technology Trondheim, Norway Danilo Gligoroski Rune Steinsmo Ødegård Marija Mihova Svein Johan Knapskog Ljupco Kocarev Aleš Drápal
More informationAlgebraic Attack Against Trivium
Algebraic Attack Against Trivium Ilaria Simonetti, Ludovic Perret and Jean Charles Faugère Abstract. Trivium is a synchronous stream cipher designed to provide a flexible trade-off between speed and gate
More informationBlock ciphers And modes of operation. Table of contents
Block ciphers And modes of operation Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction Pseudorandom permutations Block Ciphers Modes of Operation
More informationLecture 12: Block ciphers
Lecture 12: Block ciphers Thomas Johansson T. Johansson (Lund University) 1 / 19 Block ciphers A block cipher encrypts a block of plaintext bits x to a block of ciphertext bits y. The transformation is
More informationAnalysis of Modern Stream Ciphers
Analysis of Modern Stream Ciphers Josef Pieprzyk Centre for Advanced Computing Algorithms and Cryptography, Macquarie University, Australia CANS - Singapore - December 2007 estream Outline 1. estream Project
More informationREU 2015: Complexity Across Disciplines. Introduction to Cryptography
REU 2015: Complexity Across Disciplines Introduction to Cryptography Symmetric Key Cryptosystems Iterated Block Ciphers Definition Let KS : K K s be a function that produces a set of subkeys k i K, 1 i
More informationProblem 4 (Wed Jan 29) Let G be a finite abelian group. Prove that the following are equivalent
Last revised: May 16, 2014 A.Miller M542 www.math.wisc.edu/ miller/ Problem 1 (Fri Jan 24) (a) Find an integer x such that x = 6 mod 10 and x = 15 mod 21 and 0 x 210. (b) Find the smallest positive integer
More informationWinter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2
0368.3049.01 Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod Assignment #2 Published Sunday, February 17, 2008 and very slightly revised Feb. 18. Due Tues., March 4, in Rani Hod
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationFinal Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.
Final Exam Math 10: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 0 April 2002 :0 11:00 a.m. Instructions: Please be as neat as possible (use a pencil), and show
More informationMath 299 Supplement: Modular Arithmetic Nov 8, 2013
Math 299 Supplement: Modular Arithmetic Nov 8, 2013 Numbers modulo n. We have previously seen examples of clock arithmetic, an algebraic system with only finitely many numbers. In this lecture, we make
More informationL9: Galois Fields. Reading material
L9: Galois Fields Reading material Muzio & Wesselkamper Multiple-valued switching theory, p. 3-5, - 4 Sasao, Switching theory for logic synthesis, pp. 43-44 p. 2 - Advanced Logic Design L9 - Elena Dubrova
More informationVirtual isomorphisms of ciphers: is AES secure against differential / linear attack?
Alexander Rostovtsev alexander. rostovtsev@ibks.ftk.spbstu.ru St. Petersburg State Polytechnic University Virtual isomorphisms of ciphers: is AES secure against differential / linear attack? In [eprint.iacr.org/2009/117]
More informationSecurity of Networks (12) Exercises
(12) Exercises 1.1 Below are given four examples of ciphertext, one obtained from a Substitution Cipher, one from a Vigenere Cipher, one from an Affine Cipher, and one unspecified. In each case, the task
More informationIn fact, 3 2. It is not known whether 3 1. All three problems seem hard, although Shor showed that one can solve 3 quickly on a quantum computer.
Attacks on RSA, some using LLL Recall RSA: N = pq hard to factor. Choose e with gcd(e,φ(n)) = 1, where φ(n) = (p 1)(q 1). Via extended Euclid, find d with ed 1 (mod φ(n)). Discard p and q. Public key is
More informationThe RSA Cipher and its Algorithmic Foundations
Chapter 1 The RSA Cipher and its Algorithmic Foundations The most important that is, most applied and most analyzed asymmetric cipher is RSA, named after its inventors Ron Rivest, Adi Shamir, and Len Adleman.
More informationPrimitive Ideals of Semigroup Graded Rings
Sacred Heart University DigitalCommons@SHU Mathematics Faculty Publications Mathematics Department 2004 Primitive Ideals of Semigroup Graded Rings Hema Gopalakrishnan Sacred Heart University, gopalakrishnanh@sacredheart.edu
More informationChapter 2 : Perfectly-Secret Encryption
COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 2 : Perfectly-Secret Encryption 1 2.1 Definitions and Basic Properties We refer to probability
More informationAlgebraic Cryptanalysis of MQQ Public Key Cryptosystem by MutantXL
Algebraic Cryptanalysis of MQQ Public Key Cryptosystem by MutantXL Mohamed Saied Emam Mohamed 1, Jintai Ding 2, and Johannes Buchmann 1 1 TU Darmstadt, FB Informatik Hochschulstrasse 10, 64289 Darmstadt,
More informationPrivate-key Systems. Block ciphers. Stream ciphers
Chapter 2 Stream Ciphers Further Reading: [Sim92, Chapter 2] 21 Introduction Remember classication: Private-key Systems Block ciphers Stream ciphers Figure 21: Private-key cipher classication Block Cipher:
More informationUNPREDICTABLE BINARY STRINGS
UNPREDICTABLE BINARY STRINGS R.M. LOW, M. STAMP, R. CRAIGEN, AND G. FAUCHER Abstract. We examine a class of binary strings arising from considerations about stream cipher encryption: to what degree can
More informationLinear Approximations for 2-round Trivium
Linear Approximations for 2-round Trivium Meltem Sönmez Turan 1, Orhun Kara 2 1 Institute of Applied Mathematics, Middle East Technical University Ankara, Turkey msonmez@metu.edu.tr 2 TUBITAK-UEKAE, Gebze,
More informationIntroduction to Modern Cryptography. (1) Finite Groups, Rings and Fields. (2) AES - Advanced Encryption Standard
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard +,0, and -a are only notations! Review - Groups Def (group): A set G with a binary
More informationBreaking an encryption scheme based on chaotic Baker map
Breaking an encryption scheme based on chaotic Baker map Gonzalo Alvarez a, and Shujun Li b a Instituto de Física Aplicada, Consejo Superior de Investigaciones Científicas, Serrano 144 28006 Madrid, Spain
More informationCryptanalysis of Hiji-bij-bij (HBB)
Cryptanalysis of Hiji-bij-bij (HBB) Vlastimil Klíma LEC s.r.o., Národní 9, Prague, Czech Republic v.klima@volny.cz Abstract. In this paper, we show several known-plaintext attacks on the stream cipher
More information-Cryptosystem: A Chaos Based Public Key Cryptosystem
International Journal of Cryptology Research 1(2): 149-163 (2009) -Cryptosystem: A Chaos Based Public Key Cryptosystem 1 M.R.K. Ariffin and 2 N.A. Abu 1 Al-Kindi Cryptography Research Laboratory, Laboratory
More informationLattice Reduction Attack on the Knapsack
Lattice Reduction Attack on the Knapsack Mark Stamp 1 Merkle Hellman Knapsack Every private in the French army carries a Field Marshal wand in his knapsack. Napoleon Bonaparte The Merkle Hellman knapsack
More informationShift Cipher. For 0 i 25, the ith plaintext character is. E.g. k = 3
Shift Cipher For 0 i 25, the ith plaintext character is shifted by some value 0 k 25 (mod 26). E.g. k = 3 a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y
More informationDesign of Filter Functions for Key Stream Generators using Boolean Power Functions Jong-Min Baek
Design of Filter Functions for Key Stream Generators using Boolean Power Functions Jong-Min Baek The Graduate School Yonsei University Department of Electrical and Electronic Engineering Design of Filter
More informationAlgebraic attack on stream ciphers Master s Thesis
Comenius University Faculty of Mathematics, Physics and Informatics Department of Computer Science Algebraic attack on stream ciphers Master s Thesis Martin Vörös Bratislava, 2007 Comenius University Faculty
More informationExercise Sheet Cryptography 1, 2011
Cryptography 1 http://www.cs.ut.ee/~unruh/crypto1-11/ Exercise Sheet Cryptography 1, 2011 Exercise 1 DES The Data Encryption Standard (DES) is a very famous and widely used block cipher. It maps 64-bit
More informationBlock vs. Stream cipher
Block vs. Stream cipher Idea of a block cipher: partition the text into relatively large (e.g. 128 bits) blocks and encode each block separately. The encoding of each block generally depends on at most
More informationLeft almost semigroups dened by a free algebra. 1. Introduction
Quasigroups and Related Systems 16 (2008), 69 76 Left almost semigroups dened by a free algebra Qaiser Mushtaq and Muhammad Inam Abstract We have constructed LA-semigroups through a free algebra, and the
More informationLecture 24: MAC for Arbitrary Length Messages. MAC Long Messages
Lecture 24: MAC for Arbitrary Length Messages Recall Previous lecture, we constructed MACs for fixed length messages The GGM Pseudo-random Function (PRF) Construction Given. Pseudo-random Generator (PRG)
More informationAES side channel attacks protection using random isomorphisms
Rostovtsev A.G., Shemyakina O.V., St. Petersburg State Polytechnic University AES side channel attacks protection using random isomorphisms General method of side-channel attacks protection, based on random
More informationDependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA
Dependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA Sourav Sen Gupta 1 Subhamoy Maitra 1 Willi Meier 2 Goutam Paul 1 Santanu Sarkar 3 Indian Statistical Institute, India FHNW, Windisch,
More informationOn the security of a realization of cryptosystem MST 3
On the security of a realization of cryptosystem MST 3 Spyros S. Magliveras Department of Mathematical Sciences Center for Cryptology and Information Security Florida Atlantic University Boca Raton, FL
More informationOn some properties of PRNGs based on block ciphers in counter mode
On some properties of PRNGs based on block ciphers in counter mode Alexey Urivskiy, Andrey Rybkin, Mikhail Borodin JSC InfoTeCS, Moscow, Russia alexey.urivskiy@mail.ru 2016 Pseudo Random Number Generators
More informationA Low Data Complexity Attack on the GMR-2 Cipher Used in the Satellite Phones
A Low Data Complexity Attack on the GMR-2 Cipher Used in the atellite Phones Ruilin Li, Heng Li, Chao Li, Bing un National University of Defense Technology, Changsha, China FE 2013, ingapore 11 th ~13
More informationPublic key cryptosystem MST 3 : cryptanalysis and realization
Public key cryptosystem MST 3 : cryptanalysis and realization Pavol Svaba Tran van Trung Institut für Experimentelle Mathematik Universität Duisburg-Essen Ellernstrasse 29 45326 Essen, Germany {svaba,trung}@iem.uni-due.de
More informationFundamentals of Modern Cryptography
Fundamentals of Modern Cryptography BRUCE MOMJIAN This presentation explains the fundamentals of modern cryptographic methods. Creative Commons Attribution License http://momjian.us/presentations Last
More informationCOMP424 Computer Security
COMP424 Computer Security Prof. Wiegley jeffw@csun.edu Rivest, Shamir & Adelman (RSA) Implementation 1 Relatively prime Prime: n, is prime if its only two factors are 1 and n. (and n 1). Relatively prime:
More informationPERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY
PERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY BURTON ROSENBERG UNIVERSITY OF MIAMI Contents 1. Perfect Secrecy 1 1.1. A Perfectly Secret Cipher 2 1.2. Odds Ratio and Bias 3 1.3. Conditions for Perfect
More informationEnhancing the Signal to Noise Ratio
Enhancing the Signal to Noise Ratio in Differential Cryptanalysis, using Algebra Martin Albrecht, Carlos Cid, Thomas Dullien, Jean-Charles Faugère and Ludovic Perret ESC 2010, Remich, 10.01.2010 Outline
More informationHistorical cryptography. cryptography encryption main applications: military and diplomacy
Historical cryptography cryptography encryption main applications: military and diplomacy ancient times world war II Historical cryptography All historical cryptosystems badly broken! No clear understanding
More informationFields and Galois Theory. Below are some results dealing with fields, up to and including the fundamental theorem of Galois theory.
Fields and Galois Theory Below are some results dealing with fields, up to and including the fundamental theorem of Galois theory. This should be a reasonably logical ordering, so that a result here should
More informationOptimized Interpolation Attacks on LowMC
Optimized Interpolation Attacks on LowMC Itai Dinur 1, Yunwen Liu 2, Willi Meier 3, and Qingju Wang 2,4 1 Département d Informatique, École Normale Supérieure, Paris, France 2 Dept. Electrical Engineering
More informationOn the pseudo-random generator ISAAC
On the pseudo-random generator ISAAC Jean-Philippe Aumasson FHNW, 5210 Windisch, Switzerland Abstract. This paper presents some properties of he deterministic random bit generator ISAAC (FSE 96), contradicting
More informationCryptographic Hash Function
Cryptographic Hash Function EDON-R Norwegian University of Science and Technology Trondheim, Norway Danilo Gligoroski Rune Steinsmo Ødegård Marija Mihova Svein Johan Knapskog Ljupco Kocarev Aleš Drápal
More informationCryptography Lecture 4 Block ciphers, DES, breaking DES
Cryptography Lecture 4 Block ciphers, DES, breaking DES Breaking a cipher Eavesdropper recieves n cryptograms created from n plaintexts in sequence, using the same key Redundancy exists in the messages
More informationQuestion 2.1. Show that. is non-negligible. 2. Since. is non-negligible so is μ n +
Homework #2 Question 2.1 Show that 1 p n + μ n is non-negligible 1. μ n + 1 p n > 1 p n 2. Since 1 p n is non-negligible so is μ n + 1 p n Question 2.1 Show that 1 p n - μ n is non-negligible 1. μ n O(
More informationModern Cryptography Lecture 4
Modern Cryptography Lecture 4 Pseudorandom Functions Block-Ciphers Modes of Operation Chosen-Ciphertext Security 1 October 30th, 2018 2 Webpage Page for first part, Homeworks, Slides http://pub.ist.ac.at/crypto/moderncrypto18.html
More informationStructural Cryptanalysis of SASAS
tructural Cryptanalysis of AA Alex Biryukov and Adi hamir Computer cience department The Weizmann Institute Rehovot 76100, Israel. Abstract. In this paper we consider the security of block ciphers which
More informationLecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography
CS 7880 Graduate Cryptography September 10, 2015 Lecture 1: Perfect Secrecy and Statistical Authentication Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Definition of perfect secrecy One-time
More informationSecure RAID Schemes from EVENODD and STAR Codes
Secure RAID Schemes from EVENODD and STAR Codes Wentao Huang and Jehoshua Bruck California Institute of Technology, Pasadena, USA {whuang,bruck}@caltechedu Abstract We study secure RAID, ie, low-complexity
More informationSecret Key: stream ciphers & block ciphers
Secret Key: stream ciphers & block ciphers Stream Ciphers Idea: try to simulate one-time pad define a secret key ( seed ) Using the seed generates a byte stream (Keystream): i-th byte is function only
More informationover a field F with char F 2: we define
Chapter 3 Involutions In this chapter, we define the standard involution (also called conjugation) on a quaternion algebra. In this way, we characterize division quaternion algebras as noncommutative division
More informationAlgebraic Immunity of S-boxes and Augmented Functions
Algebraic Immunity of S-boxes and Augmented Functions Simon Fischer and Willi Meier S. Fischer and W. Meier AI of Sbox and AF 1 / 23 Outline 1 Algebraic Properties of S-boxes 2 Augmented Functions 3 Application
More informationKrull Dimension and Going-Down in Fixed Rings
David Dobbs Jay Shapiro April 19, 2006 Basics R will always be a commutative ring and G a group of (ring) automorphisms of R. We let R G denote the fixed ring, that is, Thus R G is a subring of R R G =
More informationImproved Slender-set Linear Cryptanalysis
1 / 37 Improved Slender-set Linear Cryptanalysis Guo-Qiang Liu 1 Chen-Hui Jin 1 Chuan-Da Qi 2 1 Information Science Technology Institute Zhengzhou, Henan, China 2 Xinyang Normal University Xinyang, Henan,
More informationPractical Complexity Cube Attacks on Round-Reduced Keccak Sponge Function
Practical Complexity Cube Attacks on Round-Reduced Keccak Sponge Function Itai Dinur 1, Pawe l Morawiecki 2,3, Josef Pieprzyk 4 Marian Srebrny 2,3, and Micha l Straus 3 1 Computer Science Department, École
More informationGenetic Search for Quasigroups with Heterogeneous Power Sequences
Genetic Search for Quasigroups with Heterogeneous Power Sequences Eliška Ochodková, Pavel Krömer, Jiří Dvorský, Jan Platoš, Ajith Abraham, Václav Snášel Department of Computer Science FEECS, VŠB Technical
More information