Reprint of pp in Advances in Cryptology-EUROCRYPT'90 Proceedings, LNCS 473, Springer-Verlag, Xuejia Lai and James L.
|
|
- Meagan Wilkinson
- 6 years ago
- Views:
Transcription
1 Reprint of pp in Advances in Cryptology-EUROCRYPT'90 Proceedings, NCS 7, Springer-Verlag, 99. A Proposal for a New Block Encryption Standard Xuejia ai and James. Massey Institute for Signal and Information Processing Swiss Federal Institute of Technology CH{809 urich, Switzerland Abstract A new secret-key block cipher is proposed as a candidate for a new encryption standard. In the proposed cipher, the plaintext and the ciphertext are bit blocks, while the secret key is 8 bit long. The cipher is based on the design concept of \mixing operations from dierent algebraic groups". The cipher structure was chosen to provide confusion and diusion and to facilitate both hardware and software implementations. Introduction A new secret-key block cipher is proposed herein as a candidate for a new encryption standard. In the proposed cipher, the plaintext and the ciphertext are bit blocks, while the secret key is 8 bit long. The cipher is based on the design concept of \mixing operations from dierent algebraic groups". The required confusion is achieved by successively using three dierent group operations on pairs of -bit subblocks and the cipher structure was chosen to provide the necessary diusion. The cipher is so constructed that the deciphering process is the same as the enciphering process once the decryption key subblocks have been computed from the encryption key subblocks. The cipher structure was chosen to facilitate both hardware and software implementations. The cipher is described in Section. Section considers the relation of the three chosen dierent operations to one another and the eect of their \mixing". The design principles for the cipher are discussed in Section. Section discusses
2 the implementation of the cipher in software as well as in hardware. A C-language program of the cipher is given in Appendix B together with examples that can be used to test the correctness of implementations. Description of the Proposed Cipher The computational graph of the encryption process is shown in Fig.. The process consists of 8 similar rounds followed by an output transformation. The complete rst round and the output transformation are depicted in Fig.. In the encryption process shown in Fig., three dierent group operations on pairs of -bit subblocks are used, namely, { bit-by-bit exclusive-or of two -bit subblocks, denoted as ; { addition of integers modulo where the subblock is treated as the usual radix-two representation of an integer, the resulting operation is denoted as +; {multiplication of integers modulo + where the subblock is treated as the usual radix-two representation of an integer except that the all-zero subblock is treated as representing ; and the resulting operation is denoted as J. For example, because 0; :::; 0) J ; 0; :::; 0) = ; 0; :::; 0; ) mod +)= +: The -bit plaintext block is partitioned into four -bit subblocks, the i-th of which is denoted as X i in Fig.. The four plaintext subblocks are then transformed into four -bit ciphertext subblocks, Y ;Y ;Y and Y, under the control of key subblocks of bits, where the six key subblocks used in the r-th r=,..,8) round are denoted as r) ; ::; r) and where the four key subblocks used in the output transformation are denoted as 9) ; 9) ; 9) ; 9).
3 X X X X J J + +???? ) ) ) ) r r ) - - J - J?? r - + +?? -?? )?? r r - r 9 >= one round h hhhh h hhhh h hhhh h hhhh h hhhh h hhhh h hhh h hhh????. J. J???? ) 9) 9) 9) >; ) ) 7 more rounds output transformation???? Y Y Y Y X i : -bit plaintext subblock Y i : -bit ciphertext subblock r) i : -bit key subblock : bit-by-bit exclusive-or of -bit subblocks + : addition modulo of -bit integers J :multiplication modulo + of -bit integers with the zero subblock corresponding to Figure : Computational graph for encryption.
4 Decryption The computational graph of the decryption process is essentially the same as that of the encryption process, the only change being that the decryption key subblocks are computed from the encryption key subblocks as shown in the following table, where, denotes the multiplicative inverse modulo +)of, i.e., J, = and, denotes the additive inverse modulo )of, i.e.,,+ =0. Encryption key subblocks Decryption key subblocks -st ) ) ) ) -st 9), 9) round ) ) round 8) 8) -nd ) ) ) ) -nd 8), 8) round ) ) round 7) 7) -rd ) ) ) ) -rd 7), 7) round ) ) round ) ) -th ) ) ) ) -th ), ) round ) ) round ) ) -th ) ) ) ) -th ), ) round ) ) round ) ) -th ) ) ) ) -th ), ) round ) ) round ) ) 7-th 7) 7) 7) 7) 7-th ), ) round 7) 7) round ) ) 8-th 8) 8) 8) 8) 8-th ), ) round 8) 8) round ) ) output 9) 9) 9) 9) output ) transform. transform., ), 9),, 9), 8),, 8), 7),, 7), ),, ),, ), ),, ), ),, ), ),, ), ),, ), ) The key schedule The key subblocks used in the encryption process are generated from the 8 bit user-selected key as follows: The 8 bit user-selected key is partitioned into 8 subblocks that are directly used as the rst eight key subblocks, where the ordering of key subblocks is as follows: ), ),.., ), ),.., ),.., 8),.., 8), 9), 9), 9), 9). The 8 bit user-selected key is then cyclic shifted to the left by positions, after which the resulting 8 bit block is again partitioned into eight subblocks that are
5 taken as the next eight key subblocks. The obtained 8 bit block is cyclic shifted again to the left by positions to produce the next eight key subblocks, and this procedure is repeated until all key subblocks have been generated. Group Operations and Their Interaction The cipher is based on the design concept of \mixing operations from dierent algebraic groups having the same number of elements". Group operations were chosen because the statistical relation of random variables X; Y; related by a group operation as Y = X has the desired \perfect secrecy" property, i.e., if one of the random variables is chosen equally likely to be any group element, then the other two random variables are statistically independent. The interaction of dierent group operations contributes to the \confusion" required for a secure cipher. In this section, the interaction of dierent operations will be considered in terms of isotopism of quasigroups and in terms of polynomial expressions. The three operations as quasigroup operations Def. etsbeasetandlet denote an operation from pairs a; b) of elements of S to an element a b of S. Then S; ) is said to be an quasigroup if, for any a; b S; the equations a x = b and y a = b both have exactly one solution in S. A group is a quasigroup in which the operation is associative, i.e., for which a b c) =a b) c for all a; b and c in S. Quasigroups S ; ); S ; ) are said to be isotopic if there are bijective mappings ; ; : S! S, such that, for all x; y S ;x) y) = x y): Such a triple ; ; ) is then called an isotopism of S ; )upons ; ). Two groups are said to be isomorphic if they are isotopic as quasigroups for which the isotopism is ; ; ). It can be shown that two groups are isomorphic if and only if they are isotopic []. et n be one of the integers,,,8 or so that the integer n + is a prime, and let n denote the ring of integers modulo n. et n + ; ) denote the multiplicative group of the non-zero elements of the eld +, let n n ; +) denote the additive group of the ring n, and let F n ; ) denote the group of n{tuples over F under the bitwise exclusive-or operation. Then the following theorem states some of the \incompatibility" properties of these groups. Theorem For n f; ; ; 8; g: ) Quasigroups F n; ) and n; +) are not isotopic for n. ) Quasigroups ; ) and F n; n + ) are not isotopic for n. ) ; ; ) is an isotopism of ; ) upon n + n; +) if and only if there exist constants c ;c n and a primitive element a of the eld n + such that, for all x in
6 n, x), c = x), c = x), c + c ) = log a x); ) i.e., any isotopism between these groups is essentially the logarithm. Moreover, if ; ; ) is an isotopism, none of these maps will be the \mixing mapping" m from n + to n dened bymi) =i; for i = n and m n )=0when n. Proof. ) For n, the groups F n ; ) and n; +) are not isomorphic because n; +) is a cyclic group while F n ; ) is not. Thus, they are not isotopic as quasigroups. ) ; ) and n + n; +) are isomorphic groups for n =; ; ; 8; because both groups are cyclic. Thus, ; ) is isotopic to F n ; n + ) if and only if n; +) is isotopic to F n ; ). ) If ) holds, then for any x; y in n +, x y) = log a x y)+c + c = log a x) + log a y)+c + c = x)+y): Now suppose that ; ; ) is an isotopism. Then for all x; y, x)+y) = n + x y). et x) =x), ); x) =x), ) and x) = x), ), then ; ; ) is also an isotopism and ) = ) = ) = 0. In the equation x)+ y) = xy); setting rst x and then y to results in y) = y) = y) so that x y) = x)+ y): et a be the element of such that n + a) =, then a i )=ifor i =; ;:: n,and a n )=0: This implies that a is a primitive element of +. Thus, for each x n +, there exists a t n n such that, x) = a t )=t = t log a a) = log a a t )=log a x): etting c = );c = ), we arrive at equation ). Finally, suppose that the mixing mapping m is an isotopism. Then mx) = log a x)+c implies = m) = log a ) + c = c; =m)=log a )+; which implies that a =,and0=m n ) = log n )+=n +, which implies that n=. Polynomial expressions for multiplication and addition Under the mixing mapping m, multiplication modulo n +, which is a bilinear function over the eld +, isatwo variable function over the ring n n, which we denote by J x y. Similarly, under the inverse mixing mapping m,, addition modulo n, which is an ane function in each argument over the ring n,isatwo variable function over the eld +, which we denote by F X; Y ): Here and hereafter in this n section, we denote arguments with lower-case letters when we consider them to be elements of n and with upper-case letters when we consider them to be elements of +. For example, when n =,wehave n x + y mod! F X; Y )=XY mod ; XY mod! x J y = x + y +mod:
7 Theorem For n f; ; 8; g :. For any xed X = n i:e:; x = 0), the function F X; Y ); corresponding to addition x + y mod n in n; isapolynomial in Y over n + with degree n, : Similarly, for any xed Y = n ; FX; Y ) is a polynomial in X over n + with degree n,.. For any xed x = 0; i.e., X = n ; ), the function x J y,corresponding to multiplication XY mod n + in n + cannot be written as a polynomial in y over n: Similarly, for any xed y = 0;, x J y is not a polynomial in x over n: Example For n =,in, the function F X; Y ) corresponding to x + y mod is F X; Y )=X Y + X Y )+X Y + XY )+X Y +X Y + XY ): Proof.. In any nite eld GF q), we have Y j=i; j =0 x, j ), i )= Q jj=i); j =0 i, j ), i )=, Q i =0 i = x = i 0 x = i ; 0: Thus, every function fx) from the set GF q),f0g to GF q),f0g can be written as a polynomial over GFq) of degree at most q, asfollows: fx) = X i GF q),f0g f i ) Y j = i ;0 x, j ), i ): ) The function F A; X) corresponding to a+x mod n is a function from GF n +),f0g to GF n +),f0g in X. According to ), this function can be written as A + X X n, A F A; X) = A + X + n, A<X n = = X n,a I= n X I= A+I) A + I) Y X n X,J),I)+ J=I I= n,a+ J n Y X, J),I)+ J=I J n The coecient ofx n, in F A; X) is = n X I= AX I= A + I),I)+ I = AA +) ; n X I= n,a+,i) =,A n X A+I +) Y Y X,J),I) J=I J n X, J),I): I= n,a+ J=I J n n X I= I, n X I= I + X, I=,A,I) which is zero if and only if A =0orA =, = n,which cases are excluded by the assumption. Thus, degf X; A) = n,.. We show rst the following lemma: 7
8 emma If fx) is a polynomial over n; then for all x n; fx) mod=f0) mod : Proof. et fx) =a k x k + a k, x k, + + a x + a 0 : Then for all x n, fx) =a k x) k + a k, x) k, + + a x + a 0 : Taking both sides of this equation modulo n,wehave fx) =e+a 0 mod n ; where e is an element in n.thus, fx) mod=a 0 mod = f0) mod : Now let n >; then for every integer a, < a < n, there exists an integer x 0 f; ;:::; n g such that n +< ax 0 < n + ) and 0 ax 0, ) < n +: The rst inequality is equivalent to that 0 < ax 0, n +) < n + and ax 0, n +) is an odd integer. Hence the function f a x) =a J x corresponding to AX mod n +) satises f a x 0 )mod=ax 0, n +))mod=: On the other hand, the inequality 0 ax 0, ) < n + implies that ax 0, ) is an even integer in f0; ; ::; n g so that f a x 0, )) mod = ax 0, ) mod = 0: By the emma, f a x) is not a polynomial over n: Design Principles for the Proposed Cipher Confusion Confusion see [, ] ) means that the ciphertext depends on the plaintext and key in a complicated and involved way. The confusion is achieved by mixing three dierent group operations. In the computational graph of the encryption process, the three dierent group operations are so arranged that the output of an operation of one type is never used as the input to an operation of the same type. The three operations are incompatible in the sense that:. No pair of the operations satises a distributive law. For example, a+b J c) = a+b) J a+c):. No pair of the operations satises an associative law. For example, a+b c) = a+b) c: 8
9 . The operations are combined by the mixing mapping m, which inhibits isotopisms as was shown in Theorem. Thus, using any bijections on the operands, it is impossible to realize any one of the three operations by another operation.. Under the mixing mapping, multiplication modulo +,which is a bilinear function over +, corresponds a non-polynomial function over ; Under the inverse mixing mapping, addition modulo, which is an ane function in each argument over, corresponds a two variable polynomial of degree, in each variable over +. Diusion The diusion requirement on a cipher is that each plaintext bit should inuence every ciphertext bit and each key bit should inuence every ciphertext bitsee [, ]). For the proposed cipher, a check by computer has shown that the diusion requirement is satised after the rst round, i.e., each output bit of the rst round depends on every bit of the plaintext and on every bit of the key used for that round. Diusion is provided by the transformation called the multiplication-addition MA) structure. The computational graph of the MA structure is shown in Fig.. The MA structure transforms two bit subblocks into two bit subblocks controlled by two bit key subblocks. This structure has the following properties: { for any choice of the key subblocks and, MA; ; ; )isaninvertible transformation; for any choice of U and U, MAU ;U ; ; ) is also an invertible transformation; { this structure has a \complete diusion" eect in the sense that each output subblock depends on every input subblock, and { this structure uses the least number of operations four) required to achieve such complete diusion see Appendix A for the proof). U U J?? ??J?? V V Figure : Computational graph of the MA structure. 9
10 Similarity of encryption and decryption The similarity of encryption and decryption means that decryption is essentially the same process as encryption, the only dierence being that dierent key subblocks are used. This similarity results from { using the output transformation in the encryption process so that the eect of ; ; ; ) can be cancelled by using inverse key subblocks,,,,,,, ) in the decryption process, and from { using an involution i.e., a self-inverse function) with a bit input and a bit output controlled by a bit key within the cipher. The involution used in the cipher is shown in Fig.. The self-inverse property is a consequence of the fact that the exclusive-or of S ;S ) and S ;S ) is equal to the exclusive-or of T ;T ) and T ;T ); Thus, the input to the MA structure in Fig. is unchanged when S ;S ;S and S are replaced by T ;T ;T and T. Thus, if T ;T ;T and T are the inputs to the involution, the left half of the output is T ;T ) MAT ;T ) T ;T ); ; ) = S ;S ) MAS ;S ) S ;S ); ; ) MAS ;S ) S ;S ); ; ) = S ;S ): Similarly, the right half of the output is S ;S ). S ;S ) S ;S ) r -? MA?? - r ; ) h hhhh h hhh h?? T ;T ) T ;T ) Figure : Computational graph of the involution. Perfect secrecy for a \one-time" key Perfect secrecy in the sense of Shannon is obtained in each round of encryption if a \one-time" key is used. In fact, such perfect secrecy is achieved at the input transformation in the rst round because each operation is a group operation. In addition, 0
11 for every choice of p ;p ;p ;p ) and of q ;q ;q ;q )inf, there are exactly different choices of the key subblocks ; ::; ) such that the rst round of the cipher transforms p ;p ;p ;p )into q ;q ;q ;q ). Implementations of the Cipher The cipher structure was chosen to facilitate both hardware and software implementations. In the encryption process, a regular modular structure was chosen so that the cipher can be easily implemented in hardware. A VSI implementation of the cipher is being carried out at the Integrated Systems aboratory of the ETH, urich. The estimated data rate of this chip varies from Mbits per second to Mbits per second, depending on the complexity of the architecture chosen. The cipher can also be easily implemented in software because only operations on pairs of -bit subblocks are used in the encryption process. The most dicult part in the implementation, multiplication modulo + ), can be implemented in the way suggested by the following lemma. emma et a; b be two n-bit non-zero integers in +, then n ab mod ab mod n n ), ab div +)= n ) if ab mod n ) ab div n ) ab mod n ), ab div n )+ n + if ab mod n ) < ab div n ) where ab div n ) denotes the quotient when ab is divided by n. Note that ab mod n ) corresponds to the n least signicant bits of ab, and ab div n ) is just the right-shift of ab by n bits. Note also that ab mod n ) = ab div n ) implies that ab mod n + ) = 0 and hence cannot occur when n +is a prime. Proof. For any non-zero a and b in n +, there exist unique integers q and r such that ab = q n +)+r; 0 r< n +; 0 q< n : Moreover, q + r< n+ : Note that r = ab mod n +): We have q if q + r< ab div n n )= q + if q + r n and Thus q + r if q + r< ab mod n n )= q + r, n if q + r n : ab mod n ), ab div r = n ) if q + r< n ab mod n ), ab div n )+ n + if q + r n :
12 But q + r< n if and only if ab mod n ) ab div n ): This proves the emma. A C-program of the cipher together with some examples for checking the correctness of the implementation are given in Appendix B. Conclusion The cipher described above is proposed as a possible candidate for a new encryption standard. The cipher is based on the design concept of \mixing dierent group operations" to achieve the required confusion and diusion. Confusion is achieved by arranging the operations in a way that no pair of successive operations are of the same type and by the fact that operations of dierent types are incompatible. The structure of the cipher is so chosen that diusion can be achieved using a small number of operations. Enciphering and deciphering are essentially the same process, but with dierent key subblocks. Because of the use of -bit operations and a regular modular structure, the cipher can be implemented eciently in both hardware and software. In particular, bit-level permutations are avoided in the encryption process because such permutations are dicult to implement in software. In all of the statistical testings conducted up to now, we have not found any signicant dierence between the permutation of F determined by the cipher with a randomly chosen key and a permutation equiprobably chosen from all possible permutations of F. The security of the proposed cipher needs further intensive investigation. The authors hereby invite interested parties to attack this proposed cipher and will be grateful to receive the results positive or negative) of any such attacks. References [] C. E. Shannon, \Communication Theory of Secrecy Systems", B.S.T.J., Vol. 8, pp.-7, Oct. 99. [] J.. Massey, \An Introduction to Contemporary Cryptology", Proc. IEEE, Vol. 7, No., pp. {9, May 988. [] J.Denes, A.D.Keedwell, atin squares and their applications, Akademiai Kiado, Budapest 97.
13 Appendix A: Number of Operations Required for Diusion An operation is a mapping from two variables to one variable. A computational graph is a directed graph in which the vertices are operations, the edges entering a vertex are the inputs to the operation, the edges leaving a vertex are the outputs of the operation, the edges entering no vertex are the graph outputs, and the edges leaving no vertex are the graph inputs. An algorithm to compute a function determines a computational graph where the graph inputs are the inputs of the algorithm and the graph outputs are the outputs of the algorithm. Consider a function having the form Y ;Y )=EX ;X ; ; ); X i ;Y i F m ; i F k ) such that, for every choice of ; ), E; ; ; )isinvertible. Such a function will be called a cipher function. A cipher function is said to have complete diusion if each of its output variable depends non-idly on every input variable. Theorem If a cipher function of the form ) has complete diusion, then the computational graph of any algorithm that computes the function contains at least operations. Proof. et Y = E X ;X ; ; ); and Y = E X ;X ; ; ): Then if E has complete diusion, it contains at least operations because there are four input variables. Suppose E contains operations. The invertibility of the cipher function implies that E = E and complete diusion requires that E not equal any intermediate result that appears in E : Thus, at least one operation not appearing in E is required in E.Thisproves the theorem. It is easy to check that the MA structure shown in Fig., which has four operations, is a cipher function with complete diusion, i.e., that each of the output variables depends non-idly on all four input variables. Appendix B: C-program of the Cipher and Sample Data /* C - program blockcipher */ # define maxim 7 # define fuyi # define one # define round 8 void cipunsigned IN[],unsigned OUT[],unsigned [7][0]); void key short unsigned uskey[9],unsigned [7][0] ); void de_keyunsigned [7][0],unsigned DK[7][0]); unsigned invunsigned xin); unsigned mulunsigned a, unsigned b);
14 main) { unsigned [7][0], DK[7][0], XX[],TT[], YY[]; short unsigned uskey[9]; /* to generate encryption key blocks */ keyuskey,); /* to generate decryption key blocks */ de_key,dk); /* to encipher plaintext XX to ciphertext YY by key blocks */ cipxx,yy,); /* to decipher ciphertext YY to TT by decryption key blocks DK */ cipyy,tt,dk); /* encryption algorithm */ void cipunsigned IN[],unsigned OUT[],unsigned [7][0]) { unsigned r, x,x,x,x,kk,t,t,a; x=in[]; x=in[]; x= IN[]; x=in[]; for r= ; r<= 8; r++) { x =mulx,[][r]); x =mulx,[][r]); x = x+ [][r] ) & one; x = x + [][r] ) & one; kk = mul [][r], x^x ) ); t = mul [][r], kk+ x^x) )& one); t = kk+ t ) & one; a = x^t; x = x^t; x = a; a = x^t; x = x^t; x = a; OUT[] = mul x,[][round+] ); OUT[] = mul x,[][round+] ); OUT[] = x + [][round +] )& one; OUT[] = x + [][round+] ) & one; /* the multiplication */ unsigned mulunsigned a, unsigned b) { long int p; long unsigned q; if a==0) p = maxim-b; else if b==0 ) p = maxim-a; else { q=a*b; p= q & one) - q>>); if p<=0) p= p+maxim; return unsigned)p & one); /* compute multiplication inverse of integer xin by Euclidean gcd algorithm */ unsigned invunsigned xin) { long n,n,q,r,b,b,t; if xin == 0 ) b = 0;
15 else { n=maxim; n = xin; b= ; b= 0; do { r = n % n); q = n-r)/n ; if r== 0) {if b<0 ) b = maxim+b; else { n= n; n= r; t = b; b= b- q*b; b= t; while r!= 0); return unsigned)b; /* generate key blocks [i][r] from user key uskey */ void key short unsigned uskey[9], unsigned [7][0] ) { short unsigned S[]; int i,j,r; /* shifts */ for i = ; i<9; i++) S[i-] = uskey[i]; for i = 8; i< ; i++ ) { if i+)%8 == 0 ) /* for S[],S[],.. */ S[i] = S[i-7]<<9 )^ S[i-]>>7 ); else if i+)%8 ==0 ) /* for S[],S[],.. */ S[i] = S[i-]<<9 )^ S[i-]>>7 ); else /* for other S[i] */ S[i] = S[i-7]<<9 )^ S[i-]>>7 ); /* get encryption key blocks */ for r= ; r<=round+; r++) forj= ;j<7; j++) [j][r] = S[*r-) + j-]; /* compute decryption key blocks DK[i][r] from encryption key blocks [i][r] */ void de_keyunsigned [7][0],unsigned DK[7][0]) { int j; for j = ; j<=round+; j++) { DK[][round-j+] = inv[][j]); DK[][round-j+] = inv[][j]); DK[][round-j+] = fuyi-[][j] ) & one; DK[][round-j+] = fuyi-[][j] ) & one; for j= ;j<=round+;j++) { DK[][round+-j] = [][j]; DK[][round+-j] = [][j]; Some sample data for checking the correctness of implementations are given below. The numbers are -bit integers in the decimal form. the eight -bit user key subblocks: uskey[i] 7 8 encryption key subblocks [i][r]
16 [][r] [][r] [][r] [][r] [][r] [][r] -st round -nd round rd round th round 8 8 -th round th round th round th round output transf decryption key subblocks DK[i][r] -st round nd round rd round 0 -th round th round th round th round th round output transf plaintext XX 0 after -st round after -nd round after -rd round after -th round after -th round after -th round after 7-th round after 8-th round YY =cipxx,) TT=cipYY,DK) 0
An average case analysis of a dierential attack. on a class of SP-networks. Distributed Systems Technology Centre, and
An average case analysis of a dierential attack on a class of SP-networks Luke O'Connor Distributed Systems Technology Centre, and Information Security Research Center, QUT Brisbane, Australia Abstract
More informationTransform Domain Analysis of DES. Guang Gong and Solomon W. Golomb. University of Southern California. Tels and
Transform Domain Analysis of DES Guang Gong and Solomon W. Golomb Communication Sciences Institute University of Southern California Electrical Engineering-Systems, EEB # 500 Los Angeles, California 90089-2565
More informationDK-2800 Lyngby, Denmark, Mercierlaan 94, B{3001 Heverlee, Belgium,
The Interpolation Attack on Block Ciphers? Thomas Jakobsen 1 and Lars R. Knudsen 2 1 Department of Mathematics, Building 303, Technical University of Denmark, DK-2800 Lyngby, Denmark, email:jakobsen@mat.dtu.dk.
More informationhold or a eistel cipher. We nevertheless prove that the bound given by Nyberg and Knudsen still holds or any round keys. This stronger result implies
Dierential cryptanalysis o eistel ciphers and dierentially uniorm mappings Anne Canteaut INRIA Projet codes Domaine de Voluceau BP 105 78153 Le Chesnay Cedex rance Abstract In this paper we study the round
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationAES side channel attacks protection using random isomorphisms
Rostovtsev A.G., Shemyakina O.V., St. Petersburg State Polytechnic University AES side channel attacks protection using random isomorphisms General method of side-channel attacks protection, based on random
More informationLECTURE NOTES IN CRYPTOGRAPHY
1 LECTURE NOTES IN CRYPTOGRAPHY Thomas Johansson 2005/2006 c Thomas Johansson 2006 2 Chapter 1 Abstract algebra and Number theory Before we start the treatment of cryptography we need to review some basic
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationCODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.
CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES A selection of the following questions will be chosen by the lecturer to form the Cryptology Assignment. The Cryptology Assignment is due by 5pm Sunday 1
More informationPerfect Diffusion Primitives for Block Ciphers
Perfect Diffusion Primitives for Block Ciphers Building Efficient MDS Matrices Pascal Junod and Serge Vaudenay École Polytechnique Fédérale de Lausanne (Switzerland) {pascaljunod, sergevaudenay}@epflch
More informationQuasigroups and Related Systems 9 (2002), Galina B. Belyavskaya. Abstract
Quasigroups and Related Systems 9 (2002), 1 17 Quasigroup power sets and cyclic Ssystems Galina B. Belyavskaya Abstract We give new constructions of power sets of quasigroups (latin squares) based on pairwise
More informationAnalysis of Some Quasigroup Transformations as Boolean Functions
M a t h e m a t i c a B a l k a n i c a New Series Vol. 26, 202, Fasc. 3 4 Analysis of Some Quasigroup Transformations as Boolean Functions Aleksandra Mileva Presented at MASSEE International Conference
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationTHE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018
THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018 CPSC 418/MATH 318 L01 October 17, 2018 Time: 50 minutes
More informationComputing in GF(p m ) and in gff(n m ) using Maple
Quasigroups and Related Systems 13 (2005), 245 264 Computing in GF(p m ) and in gff(n m ) using Maple Czesªaw Ko±cielny Abstract It is mentioned in [1] that the author intends to show how to construct
More informationOutline. 1 Arithmetic on Bytes and 4-Byte Vectors. 2 The Rijndael Algorithm. 3 AES Key Schedule and Decryption. 4 Strengths and Weaknesses of Rijndael
Outline CPSC 418/MATH 318 Introduction to Cryptography Advanced Encryption Standard Renate Scheidler Department of Mathematics & Statistics Department of Computer Science University of Calgary Based in
More informationCorrelation Attack to the Block Cipher RC5. and the Simplied Variants of RC6. 3 Fujitsu Laboratories LTD.
Correlation Attack to the Block Cipher RC5 and the Simplied Variants of RC6 Takeshi Shimoyama 3, Kiyofumi Takeuchi y, Juri Hayakawa y 3 Fujitsu Laboratories LTD. 4-1-1 Kamikodanaka, Nakahara-ku, Kawasaki
More informationNonlinear feedback shift registers and generating of binary de Bruijn sequences
Nonlinear feedback shift registers and generating of binary de Bruijn sequences Christian Ebne Vivelid November 21, 2016 Master's thesis Department of Informatics University of Bergen 1 Introduction Cryptology
More informationDifferential properties of power functions
Differential properties of power functions Céline Blondeau, Anne Canteaut and Pascale Charpin SECRET Project-Team - INRIA Paris-Rocquencourt Domaine de Voluceau - B.P. 105-8153 Le Chesnay Cedex - France
More informationLecture 12: Block ciphers
Lecture 12: Block ciphers Thomas Johansson T. Johansson (Lund University) 1 / 19 Block ciphers A block cipher encrypts a block of plaintext bits x to a block of ciphertext bits y. The transformation is
More informationprotocols such as protocols in quantum cryptography and secret-key agreement by public discussion [8]. Before we formalize the main problem considered
Privacy Amplication Secure Against Active Adversaries? Ueli Maurer Stefan Wolf Department of Computer Science Swiss Federal Institute of Technology (ETH Zurich) CH-8092 Zurich, Switzerland E-mail addresses:
More informationCellular Automata in Cryptography" Information Security Group,Royal Holloway, Abstract The cipher systems based on Cellular Automata proposed by Nandi
Comments on \Theory and Applications of Cellular Automata in Cryptography" S.R. Blackburn, S. Murphy y and K.G. Paterson z Information Security Group,Royal Holloway, University of London, Surrey TW20 0EX,
More informationExercise Sheet Cryptography 1, 2011
Cryptography 1 http://www.cs.ut.ee/~unruh/crypto1-11/ Exercise Sheet Cryptography 1, 2011 Exercise 1 DES The Data Encryption Standard (DES) is a very famous and widely used block cipher. It maps 64-bit
More informationB. Encryption using quasigroup
Sequence Randomization Using Quasigroups and Number Theoretic s Vaignana Spoorthy Ella Department of Computer Science Oklahoma State University Stillwater, Oklahoma, USA spoorthyella@okstateedu Abstract
More information} has dimension = k rank A > 0 over F. For any vector b!
FINAL EXAM Math 115B, UCSB, Winter 2009 - SOLUTIONS Due in SH6518 or as an email attachment at 12:00pm, March 16, 2009. You are to work on your own, and may only consult your notes, text and the class
More informationCryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages
Cryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages MEI-NA WANG Institute for Information Industry Networks and Multimedia Institute TAIWAN, R.O.C. myrawang@iii.org.tw SUNG-MING
More informationA PUBLIC-KEY THRESHOLD CRYPTOSYSTEM BASED ON RESIDUE RINGS
A PUBLIC-KEY THRESHOLD CRYPTOSYSTEM BASED ON RESIDUE RINGS STEPHANIE DEACON, EDUARDO DUEÑEZ, AND JOSÉ IOVINO Abstract. We present a generalization of Pedersen s public-key threshold cryptosystem. Pedersen
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Appendix A: Symmetric Techniques Block Ciphers A block cipher f of block-size
More informationMitsuru Matsui , Ofuna, Kamakura, Kanagawa, 247, Japan. which are block ciphers with a 128-bit key, a 64-bit block and a variable
New Block Encryption Algorithm MISTY Mitsuru Matsui Inormation Technology R&D Center Mitsubishi Electric Corporation 5-1-1, Ouna, Kamakura, Kanagawa, 247, Japan matsui@iss.isl.melco.co.jp Abstract. We
More informationCryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev
Cryptography Lecture 2: Perfect Secrecy and its Limitations Gil Segev Last Week Symmetric-key encryption (KeyGen, Enc, Dec) Historical ciphers that are completely broken The basic principles of modern
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationof the Data Encryption Standard Fauzan Mirza
Linear and S-Box Pairs Cryptanalysis of the Data Encryption Standard Fauzan Mirza Third Year Undergraduate Project October 1996 { April 1997!()+, -./01 23456 Department ofcomputerscience Egham, Surrey
More information17 Galois Fields Introduction Primitive Elements Roots of Polynomials... 8
Contents 17 Galois Fields 2 17.1 Introduction............................... 2 17.2 Irreducible Polynomials, Construction of GF(q m )... 3 17.3 Primitive Elements... 6 17.4 Roots of Polynomials..........................
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design: Secret Key Systems Encrypting a small block of text (say 64 bits) General considerations
More informationOn Fast and Provably Secure Message Authentication Based on. Universal Hashing. Victor Shoup. December 4, 1996.
On Fast and Provably Secure Message Authentication Based on Universal Hashing Victor Shoup Bellcore, 445 South St., Morristown, NJ 07960 shoup@bellcore.com December 4, 1996 Abstract There are well-known
More informationTheme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS
1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!
More informationIntroduction to Modern Cryptography. (1) Finite Groups, Rings and Fields. (2) AES - Advanced Encryption Standard
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard +,0, and -a are only notations! Review - Groups Def (group): A set G with a binary
More informationClassical Cryptography
Classical Cryptography CSG 252 Fall 2006 Riccardo Pucella Goals of Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to communications Alice and Bob share a key K Alice
More informationVirtual isomorphisms of ciphers: is AES secure against differential / linear attack?
Alexander Rostovtsev alexander. rostovtsev@ibks.ftk.spbstu.ru St. Petersburg State Polytechnic University Virtual isomorphisms of ciphers: is AES secure against differential / linear attack? In [eprint.iacr.org/2009/117]
More informationImpossible Differential-Linear Cryptanalysis of Reduced-Round CLEFIA-128
Impossible Differential-Linear Cryptanalysis of Reduced-Round CLEFIA-8 Zheng Yuan,,, ian Li, Beijing Electronic Science & Technology Institute, Beijing 7, P.R. China zyuan@tsinghua.edu.cn, sharonlee95@6.com
More informationx 3 2x = (x 2) (x 2 2x + 1) + (x 2) x 2 2x + 1 = (x 4) (x + 2) + 9 (x + 2) = ( 1 9 x ) (9) + 0
1. (a) i. State and prove Wilson's Theorem. ii. Show that, if p is a prime number congruent to 1 modulo 4, then there exists a solution to the congruence x 2 1 mod p. (b) i. Let p(x), q(x) be polynomials
More informationFast Signature Generation with a. Fiat Shamir { Like Scheme. Fachbereich Mathematik / Informatik. Abstract
Fast Signature Generation with a Fiat Shamir { Like Scheme H. Ong Deutsche Bank AG Stuttgarter Str. 16{24 D { 6236 Eschborn C.P. Schnorr Fachbereich Mathematik / Informatik Universitat Frankfurt Postfach
More informationA Five-Round Algebraic Property of the Advanced Encryption Standard
A Five-Round Algebraic Property of the Advanced Encryption Standard Jianyong Huang, Jennifer Seberry and Willy Susilo Centre for Computer and Information Security Research (CCI) School of Computer Science
More informationCryptanalysis of Akelarre Niels Ferguson Bruce Schneier DigiCash bv Counterpane Systems Kruislaan E Minnehaha Parkway 1098 VA Amsterdam, Nethe
Cryptanalysis of Akelarre Niels Ferguson Bruce Schneier DigiCash bv Counterpane Systems Kruislaan 9 0 E Minnehaha Parkway 098 VA Amsterdam, Netherlands Minneapolis, MN 559, USA niels@digicash.com schneier@counterpane.com
More informationCryptographic Protocols FS2011 1
Cryptographic Protocols FS2011 1 Stefan Heule August 30, 2011 1 License: Creative Commons Attribution-Share Alike 3.0 Unported (http://creativecommons.org/ licenses/by-sa/3.0/) Contents I Interactive Proofs
More informationCryptanalysis of Patarin s 2-Round Public Key System with S Boxes (2R)
Cryptanalysis of Patarin s 2-Round Public Key System with S Boxes (2R) Eli Biham Computer Science Department Technion Israel Institute of Technology Haifa 32000, Israel biham@cs.technion.ac.il http://www.cs.technion.ac.il/~biham/
More informationFinite Fields. Mike Reiter
1 Finite Fields Mike Reiter reiter@cs.unc.edu Based on Chapter 4 of: W. Stallings. Cryptography and Network Security, Principles and Practices. 3 rd Edition, 2003. Groups 2 A group G, is a set G of elements
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationLecture Notes. Advanced Discrete Structures COT S
Lecture Notes Advanced Discrete Structures COT 4115.001 S15 2015-01-27 Recap ADFGX Cipher Block Cipher Modes of Operation Hill Cipher Inverting a Matrix (mod n) Encryption: Hill Cipher Example Multiple
More informationDM49-2. Obligatoriske Opgave
DM49-2. Obligatoriske Opgave Jacob Christiansen, moffe42, 130282 Thomas Nordahl Pedersen, nordahl, 270282 1/4-05 Indhold 1 Opgave 1 - Public Exponent 2 1.1 a.................................. 2 1.2 b..................................
More informationMATH3302 Cryptography Problem Set 2
MATH3302 Cryptography Problem Set 2 These questions are based on the material in Section 4: Shannon s Theory, Section 5: Modern Cryptography, Section 6: The Data Encryption Standard, Section 7: International
More informationA Weak Cipher that Generates the Symmetric Group
A Weak Cipher that Generates the Symmetric Group Sean Murphy Kenneth Paterson Peter Wild Information Security Group, Royal Holloway and Bedford New College, University of London, Egham, Surrey TW20 0EX,
More informationCSE 311 Lecture 13: Primes and GCD. Emina Torlak and Kevin Zatloukal
CSE 311 Lecture 13: Primes and GCD Emina Torlak and Kevin Zatloukal 1 Topics Modular arithmetic applications A quick wrap-up of Lecture 12. Primes Fundamental theorem of arithmetic, Euclid s theorem, factoring.
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 08 Shannon s Theory (Contd.)
More informationD-MATH Algebra I HS18 Prof. Rahul Pandharipande. Solution 1. Arithmetic, Zorn s Lemma.
D-MATH Algebra I HS18 Prof. Rahul Pandharipande Solution 1 Arithmetic, Zorn s Lemma. 1. (a) Using the Euclidean division, determine gcd(160, 399). (b) Find m 0, n 0 Z such that gcd(160, 399) = 160m 0 +
More informationImproved Analysis of Some Simplified Variants of RC6
Improved Analysis of Some Simplified Variants of RC6 Scott Contini 1, Ronald L. Rivest 2, M.J.B. Robshaw 1, and Yiqun Lisa Yin 1 1 RSA Laboratories, 2955 Campus Drive San Mateo, CA 94403, USA {scontini,matt,yiqun}@rsa.com
More informationCOMBINED LFSR GENERATORS PIERRE L'ECUYER. 1. Introduction. Tausworthe generators, are based on linear recurrences modulo 2 with primitive
TABLES OF MAXIMALLY-EQUIDISTRIBUTED COMBINED LFSR GENERATORS PIERRE L'ECUYER Abstract. We give the results of a computer search for maximally-equidistributed combined linear feedback shift register (or
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationBlock Cipher Cryptanalysis: An Overview
0/52 Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata 17 th May, 2017 0/52 Outline Iterated Block Cipher 1 Iterated Block Cipher 2 S-Boxes 3 A Basic Substitution
More informationRevisit and Cryptanalysis of a CAST Cipher
2017 3rd International Conference on Electronic Information Technology and Intellectualization (ICEITI 2017) ISBN: 978-1-60595-512-4 Revisit and Cryptanalysis of a CAST Cipher Xiao Zhou, Jingwei Li, Xuejia
More information8.1 Principles of Public-Key Cryptosystems
Public-key cryptography is a radical departure from all that has gone before. Right up to modern times all cryptographic systems have been based on the elementary tools of substitution and permutation.
More informationFinite Fields. SOLUTIONS Network Coding - Prof. Frank H.P. Fitzek
Finite Fields In practice most finite field applications e.g. cryptography and error correcting codes utilizes a specific type of finite fields, namely the binary extension fields. The following exercises
More informationUniv.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.
Cryptography Univ.-Prof. Dr. rer. nat. Rudolf Mathar 1 2 3 4 15 15 15 15 60 Written Examination Cryptography Tuesday, August 29, 2017, 01:30 p.m. Name: Matr.-No.: Field of study: Please pay attention to
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationA New Class of Product-sum Type Public Key Cryptosystem, K(V)ΣΠPKC, Constructed Based on Maximum Length Code
A New Class of Product-sum Type Public Key Cryptosystem, K(V)ΣΠPKC, Constructed Based on Maximum Length Code Masao KASAHARA Abstract The author recently proposed a new class of knapsack type PKC referred
More informationDivision Property: a New Attack Against Block Ciphers
Division Property: a New Attack Against Block Ciphers Christina Boura (joint on-going work with Anne Canteaut) Séminaire du groupe Algèbre et Géometrie, LMV November 24, 2015 1 / 50 Symmetric-key encryption
More informationFall 2015 Lecture 14: Modular congruences. cse 311: foundations of computing
Fall 2015 Lecture 14: Modular congruences cse 311: foundations of computing If a and b are positive integers, then gcd a, b = gcd (b, a mod b) Useful GCD Fact Proof: By definition a = a div b b + (a mod
More informationThe rest of this paper is organized as follows. In x2 we explain how both detectable and undetectable trapdoors can be built into S-boxes. x3 deals wi
A Family of Trapdoor Ciphers Vincent Rijmen? Bart Preneel?? Katholieke Universiteit Leuven, Department Electrical Engineering-ESAT/COSIC K. Mercierlaan 94, B-3001 Heverlee, Belgium fvincent.rijmen,bart.preneelg@kuleuven.ac.be
More informationType 1.x Generalized Feistel Structures
Noname manuscript No. (will be inserted by the editor) Type 1.x Generalized eistel Structures Shingo Yanagihara Tetsu Iwata Received: date / Accepted: date Abstract We formalize the Type 1.x Generalized
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationOne can use elliptic curves to factor integers, although probably not RSA moduli.
Elliptic Curves Elliptic curves are groups created by defining a binary operation (addition) on the points of the graph of certain polynomial equations in two variables. These groups have several properties
More informationA Block Cipher using an Iterative Method involving a Permutation
Journal of Discrete Mathematical Sciences & Cryptography Vol. 18 (015), No. 3, pp. 75 9 DOI : 10.1080/097059.014.96853 A Block Cipher using an Iterative Method involving a Permutation Lakshmi Bhavani Madhuri
More information5199/IOC5063 Theory of Cryptology, 2014 Fall
5199/IOC5063 Theory of Cryptology, 2014 Fall Homework 2 Reference Solution 1. This is about the RSA common modulus problem. Consider that two users A and B use the same modulus n = 146171 for the RSA encryption.
More informationrecover the secret key [14]. More recently, the resistance of smart-card implementations of the AES candidates against monitoring power consumption wa
Resistance against Dierential Power Analysis for Elliptic Curve Cryptosystems Jean-Sebastien Coron Ecole Normale Superieure Gemplus Card International 45 rue d'ulm 34 rue Guynemer Paris, F-75230, France
More informationConcurrent Error Detection in S-boxes 1
International Journal of Computer Science & Applications Vol. 4, No. 1, pp. 27 32 2007 Technomathematics Research Foundation Concurrent Error Detection in S-boxes 1 Ewa Idzikowska, Krzysztof Bucholc Poznan
More informationJay Daigle Occidental College Math 401: Cryptology
3 Block Ciphers Every encryption method we ve studied so far has been a substitution cipher: that is, each letter is replaced by exactly one other letter. In fact, we ve studied stream ciphers, which produce
More informationPolynomial encryption
Polynomial encryption Yeray Cachón Santana May 0, 018 This paper proposes a new method to encrypt and decrypt a message by special functions formed by Hermite, Laguerre, Tchebychev and Bessel The idea
More informationMATH 158 FINAL EXAM 20 DECEMBER 2016
MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page
More informationMULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
Calculus I - Homework Chapter 2 Name MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question. Determine whether the graph is the graph of a function. 1) 1)
More informationContents. 4 Arithmetic and Unique Factorization in Integral Domains. 4.1 Euclidean Domains and Principal Ideal Domains
Ring Theory (part 4): Arithmetic and Unique Factorization in Integral Domains (by Evan Dummit, 018, v. 1.00) Contents 4 Arithmetic and Unique Factorization in Integral Domains 1 4.1 Euclidean Domains and
More informationBellare and Rogaway presented a generic and ecient way to convert a trap-door one-way permutation to an IND-CCA2 secure scheme in the random oracle mo
Specication of PSEC: Provably Secure Elliptic Curve Encryption Scheme 1 Introduction We describe an elliptic curve encryption scheme, PSEC (provably secure elliptic curve encryption scheme), which has
More informationChapter 4 Finite Fields
Chapter 4 Finite Fields Introduction will now introduce finite fields of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public Key concern operations on numbers what constitutes a number
More informationSol: First, calculate the number of integers which are relative prime with = (1 1 7 ) (1 1 3 ) = = 2268
ò{çd@àt ø 2005.0.3. Suppose the plaintext alphabets include a z, A Z, 0 9, and the space character, therefore, we work on 63 instead of 26 for an affine cipher. How many keys are possible? What if we add
More informationCryptanalysis of a homomorphic public-key cryptosystem over a finite group
Cryptanalysis of a homomorphic public-key cryptosystem over a finite group Su-Jeong Choi Simon R. Blackburn and Peter R. Wild Department of Mathematics Royal Holloway, University of London Egham, Surrey
More informationMasao KASAHARA. Graduate School of Osaka Gakuin University
Abstract Construction of New Classes of Knapsack Type Public Key Cryptosystem Using Uniform Secret Sequence, K(II)ΣΠPKC, Constructed Based on Maximum Length Code Masao KASAHARA Graduate School of Osaka
More informationFast Cryptanalysis of the Matsumoto-Imai Public Key Scheme
Fast Cryptanalysis of the Matsumoto-Imai Public Key Scheme P. Delsarte Philips Research Laboratory, Avenue Van Becelaere, 2 B-1170 Brussels, Belgium Y. Desmedt Katholieke Universiteit Leuven, Laboratorium
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 9 September 30, 2015 CPSC 467, Lecture 9 1/47 Fast Exponentiation Algorithms Number Theory Needed for RSA Elementary Number Theory
More informationQuadratic Equations from APN Power Functions
IEICE TRANS. FUNDAMENTALS, VOL.E89 A, NO.1 JANUARY 2006 1 PAPER Special Section on Cryptography and Information Security Quadratic Equations from APN Power Functions Jung Hee CHEON, Member and Dong Hoon
More informationThe following can also be obtained from this WWW address: the papers [8, 9], more examples, comments on the implementation and a short description of
An algorithm for computing the Weierstrass normal form Mark van Hoeij Department of mathematics University of Nijmegen 6525 ED Nijmegen The Netherlands e-mail: hoeij@sci.kun.nl April 9, 1995 Abstract This
More informationAnalysis of SHA-1 in Encryption Mode
Analysis of SHA- in Encryption Mode [Published in D. Naccache, Ed., Topics in Cryptology CT-RSA 00, vol. 00 of Lecture Notes in Computer Science, pp. 70 83, Springer-Verlag, 00.] Helena Handschuh, Lars
More informationPrivate-key Systems. Block ciphers. Stream ciphers
Chapter 2 Stream Ciphers Further Reading: [Sim92, Chapter 2] 21 Introduction Remember classication: Private-key Systems Block ciphers Stream ciphers Figure 21: Private-key cipher classication Block Cipher:
More informationCascade Encryption Revisited
Cascade Encryption Revisited Peter Gaži 1,2 and Ueli Maurer 1 1 ETH Zürich, Switzerland Department of Computer Science {gazipete,maurer}@inf.ethz.ch 2 Comenius University, Bratislava, Slovakia Department
More informationComputer Science A Cryptography and Data Security. Claude Crépeau
Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)
More informationLecture 22. We first consider some constructions of standard commitment schemes. 2.1 Constructions Based on One-Way (Trapdoor) Permutations
CMSC 858K Advanced Topics in Cryptography April 20, 2004 Lecturer: Jonathan Katz Lecture 22 Scribe(s): agaraj Anthapadmanabhan, Ji Sun Shin 1 Introduction to These otes In the previous lectures, we saw
More informationDetection and Exploitation of Small Correlations in Stream Ciphers
Detection and Exploitation of Small Correlations in Stream Ciphers Masterthesis conducted under the guidance of Prof. Dr. Joachim Rosenthal and Dr. Gérard Maze Institute of Mathematics, University of Zurich
More information2 More on Congruences
2 More on Congruences 2.1 Fermat s Theorem and Euler s Theorem definition 2.1 Let m be a positive integer. A set S = {x 0,x 1,,x m 1 x i Z} is called a complete residue system if x i x j (mod m) whenever
More information14 Diffie-Hellman Key Agreement
14 Diffie-Hellman Key Agreement 14.1 Cyclic Groups Definition 14.1 Example Let д Z n. Define д n = {д i % n i Z}, the set of all powers of д reduced mod n. Then д is called a generator of д n, and д n
More informationImpossible Differential Attacks on 13-Round CLEFIA-128
Mala H, Dakhilalian M, Shakiba M. Impossible differential attacks on 13-round CLEFIA-128. JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY 26(4): 744 750 July 2011. DOI 10.1007/s11390-011-1173-0 Impossible Differential
More information