1. The Advanced Encryption Standard Process.- 2. Preliminaries.- 3. Specification of Rijndael.- 4. Implementation Aspects.- 5. Design Philosophy.- 6. The Data Encryption Standard.- 7. Correlation Matrices.- 8. Difference Propagation.- 9. The Wide Trail Strategy.- 10. Cryptanalysis.- 11. Related Block Ciphers.- Appendices.- A. Propagation Analysis in Galois Fields.- A.1.1 Difference Propagation.- A.l.2 Correlation.- A. 1.4 Functions that are Linear over GF(2).- A.2.1 Difference Propagation.- A.2.2 Correlation.- A.2.4 Functions that are Linear over GF(2).- A.3.3 Dual Bases.- A.4.2 Relationship Between Trace Patterns and Selection Patterns.- A.4.4 Illustration.- A.5 Rijndael-GF.- B. Trail Clustering.- B.1 Transformations with Maximum Branch Number.- B.2 Bounds for Two Rounds.- B.2.1 Difference Propagation.- B.2.2 Correlation.- B.3 Bounds for Four Rounds.- B.4 Two Case Studies.- B.4.1 Differential Trails.- B.4.2 Linear Trails.- C. Substitution Tables.- C.1 SRD.- C.2 Other Tables.- C.2.1 xtime.- C.2.2 Round Constants.- D. Test Vectors.- D.1 KeyExpansion.- D.2 Rijndael(128,128).- D.3 Other Block Lengths and Key Lengths.- E. Reference Code.

The Design of Rijndael: AES - The Advanced Encryption Standard

National Institute of Standards and Technology における超伝導研究及び生活

Review: Digital image steganography: Survey and analysis of current methods

This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements The document provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate the associated risks

/pdf/guide-to-industrial-control-systems-ics-security-48jy3kri07.pdf

Guide to Industrial Control Systems (ICS) Security

True randomness does not exist in classical physics, where randomness is necessarily a result of forces that may be unknown but exist. The quantum world, however, is intrinsically truly random. This is difficult to prove, as it is not readily distinguishable from noise and other uncontrollable factors. Now Pironio et al. present proof of a quantitative relationship between two fundamental concepts of quantum mechanics — randomness and the non-locality of entangled particles. They first show theoretically that the violation of a Bell inequality certifies the generation of new randomness, independently of any implementation details. To illustrate the approach, they then perform an experiment in which — as confirmed using the theoretical tools that they developed — 42 new random bits have been generated. As well as having conceptual implications, this work has practical implications for cryptography and for numerical simulation of physical and biological systems. Here it is shown, both theoretically and experimentally, that non-local correlations between entangled quantum particles can be used for a new cryptographic application — the generation of certified private random numbers — that is impossible to achieve classically. The results have implications for future device-independent quantum information experiments and for addressing fundamental issues regarding the randomness of quantum theory. Randomness is a fundamental feature of nature and a valuable resource for applications ranging from cryptography and gambling to numerical simulation of physical and biological systems. Random numbers, however, are difficult to characterize mathematically1, and their generation must rely on an unpredictable physical process2,3,4,5,6. Inaccuracies in the theoretical modelling of such processes or failures of the devices, possibly due to adversarial attacks, limit the reliability of random number generators in ways that are difficult to control and detect. Here, inspired by earlier work on non-locality-based7,8,9 and device-independent10,11,12,13,14 quantum information processing, we show that the non-local correlations of entangled quantum particles can be used to certify the presence of genuine randomness. It is thereby possible to design a cryptographically secure random number generator that does not require any assumption about the internal working of the device. Such a strong form of randomness generation is impossible classically and possible in quantum systems only if certified by a Bell inequality violation15. We carry out a proof-of-concept demonstration of this proposal in a system of two entangled atoms separated by approximately one metre. The observed Bell inequality violation, featuring near perfect detection efficiency, guarantees that 42 new random numbers are generated with 99 per cent confidence. Our results lay the groundwork for future device-independent quantum information experiments and for addressing fundamental issues raised by the intrinsic randomness of quantum theory.

/pdf/random-numbers-certified-by-bell-s-theorem-5chjbj1xv7.pdf

Random numbers certified by Bell's theorem.

: This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may he used in many cryptographic applications, such as the generation of key material. Generators suitable for use in cryptographic applications may need to meet stronger requirements than for other applications. In particular, their outputs must he unpredictable in the absence of knowledge of the inputs. Some criteria for characterizing and selecting appropriate generators are discussed in this document. The subject of statistical testing and its relation to cryptanalysis is also discussed, and some recommended statistical tests are provided. These tests may he useful as a first step in determining whether or not a generator is suitable for a particular cryptographic application. The design and cryptanalysis of generators is outside the scope of this paper.

/pdf/a-statistical-test-suite-for-random-and-pseudorandom-number-xf8s068cdk.pdf

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.

/pdf/recommendation-for-key-management-part-1-general-revision-3-1l1d32pzxc.pdf

Recommendation for Key Management, Part 1: General (Revision 3)

This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may be used in many cryptographic applications, such as the generation of key material. Generators suitable for use in cryptographic applications may need to meet stronger requirements than for other applications. In particular, their outputs must be unpredictable in the absence of knowledge of the inputs. Some criteria for characterizing and selecting appropriate generators are discussed in this document. The subject of statistical testing and its relation to cryptanalysis is also discussed, and some recommended statistical tests are provided. These tests may be useful as a first step in determining whether or not a generator is suitable for a particular cryptographic application. However, no set of statistical tests can absolutely certify a generator as appropriate for usage in a particular application, i.e., statistical testing cannot serve as a substitute for cryptanalysis. The design and cryptanalysis of generators is outside the scope of this paper.

SP 800-22 Rev. 1a. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

/pdf/recommendation-for-key-management-part-1-general-geoyt3gkn6.pdf

Recommendation for Key Management - Part 1 General

This standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative FIPS-approved cryptographic hash function, in combination with a shared secret key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. The HMAC specification in this standard is a generalization of Internet RFC 2104, HMAC, Keyed-Hashing for Message Authentication, and ANSI X9.71, Keyed Hash Message Authentication Code.

Elaine B. Barker

Papers

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

Recommendation for Key Management, Part 1: General (Revision 3)

SP 800-22 Rev. 1a. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

Recommendation for Key Management - Part 1 General

The Keyed-Hash Message Authentication Code (HMAC) | NIST