Showing papers on "40-bit encryption published in 1997"

Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption)

Abstract: Secure and authenticated message delivery/storage is one of the major aims of computer and communication security research. The current standard method to achieve this aim is “(digital) signature followed by encryption”. In this paper, we address a question on the cost of secure and authenticated message delivery/storage, namely, whether it is possible to transport/store messages of varying length in a secure and authenticated way with an expense less than that required by “signature followed by encryption”. This question seems to have never been addressed in the literature since the invention of public key cryptography. We then present a positive answer to the question. In particular, we discover a new cryptographic primitive termed as “signcryption” which simultaneously fulfills both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly lower than that required by “signature followed by encryption”. For typical security parameters for high level security applications (size of public moduli = 1536 bits), signcryption costs 50% (31%, respectively) less in computation time and 85% (91%, respectively) less in message expansion than does “signature followed by encryption” based on the discrete logarithm problem (factorization problem, respectively).

A concrete security treatment of symmetric encryption

Abstract: We study notions and schemes for symmetric (ie. private key) encryption in a concrete security framework. We give four different notions of security against chosen plaintext attack and analyze the concrete complexity of reductions among them, providing both upper and lower bounds, and obtaining tight relations. In this way we classify notions (even though polynomially reducible to each other) as stronger or weaker in terms of concrete security. Next we provide concrete security analyses of methods to encrypt using a block cipher, including the most popular encryption method, CBC. We establish tight bounds (meaning matching upper bounds and attacks) on the success of adversaries as a function of their resources.

All-or-Nothing Encryption and the Package Transform

Abstract: We present a new mode of encryption for block ciphers, which we call all-or-nothing encryption This mode has the interesting defining property that one must decrypt the entire ciphertext before one can determine even one message block This means that brute-force searches against all-or-nothing encryption are slowed down by a factor equal to the number of blocks in the ciphertext We give a specific way of implementing all-or-nothing encryption using a “package transform≓ as a pre-processing step to an ordinary encryption mode A package transform followed by ordinary codebook encryption also has the interesting property that it is very efficiently implemented in parallel All-or-nothing encryption can also provide protection against chosen-plaintext and related-message attacks

Encryption-based selection system for steganography

Abstract: A data security system which produces a steganographic selection key by using an encryption key as both the key and as the data to be encrypted. First an encryption key is copied multiple times to form a data block which is then encrypted using the same key. The resulting ciphertext is then used as a selection key to select locations in a secondary data stream. These selected locations are then modified with the original data to be encoded. Restoration of the original data is accomplished by using the selection key to locate the modified areas of the data stream, extracting the data found there, and then decrypting the extracted data with the cyphertext.

Method for providing a secure communication between two devices and application of this method

Abstract: In a method for providing a secure communication between two devices, a first device generates a random key (Ci) and transfers this key to a second device in a first message encrypted using a plublic key. The second device decrypts the first encrypted message by means of a corresponding secret key to obtain the random key (Ci) and this random key is used to encrypt and decrypt all transmissions between these devices. In a decoder for a pay TV system, comprising a conditional access module and a smart card, this method is applied to provide a secure communication between the control access module and the smart card and/or between the decoder and the conditional access module.

The CAST-128 Encryption Algorithm

Abstract: There is a need in the Internet community for an unencumbered encryption algorithm with a range of key sizes that can provide security for a variety of cryptographic applications and protocols.

Public key cryptographic apparatus and method

Abstract: The method and the apparatus improve public key encryption schemes that employ a composite number formed from three or more distinct primes. The apparatus includes a CPU (14), a processor (20), a memory (22), and a DES unit (24). The apparatus further includes an I/O bus (30), a plurality of exponentiators (33a, 33b, 33c, 33n), and an externel memory (34). In addition, the apparatus has a bus interface (16) for interfacing the apparatus with another bus (12).

Encryption apparatus for ensuring security in communication between devices

Abstract: In the first devices, MPU 53 generates random number R1 as challenge data. Random number R3 is generated by first encryption IC 54, and then combined with random number R1, encrypted, and sent to second device 52 as encrypted text C1. When encrypted text C2 is similarly received from second device 52, first encryption IC 54 decrypts C2 and separates the decrypted result into first separated data RR2 and second separated data RR4. The first encryption IC 54 returns the first separated data to second device 52 as response data. MPU 53 compares the first separated data returned from second device 52 with random number R1, and in the event of a match, authenticates second device 52 as a legitimate device. The first encryption IC 54 generates the time-varying data transfer key by combining second separated data RR4 with random number R3, and transfers the digital copyrighted data to second device 52 by using the data transfer key.

Is MPEG encryption by using random list instead of zigzag order secure

Abstract: This paper discusses the problems of the MPEG video encryption algorithm by using a random permutation list instead of a zigzag order within the MPEG compression process. We show that (1) the encryption method causes a significant size increase of the MPEG video stream, hence defeats the purpose of compression, and (2) the encryption method can not withstand the known-plaintext attack, therefore, should not be considered as secure. We also discuss other solutions to achieve secure, time-efficient, and size-preserving MPEG-video encryption.

Method of public key cryptography that includes key escrow

Abstract: A key escrow encryption method, where two users each have secret encryption keys and corresponding public encryption keys. One user receives the public encryption keys of the other user and generates a first datum based on them, an identifier of the other user, the secret encryption keys and identifier of the user, and an access restriction. The user generates a second datum based on the first datum and another access restriction. The user generates a key based on the first and second datums. The user encrypts a message using the key and sends it to the other user. Key escrow is included by requiring each user to distribute its secret encryption keys among escrow agents. The escrow agents transform, sign, and transmit it to a certifying authority. The certifying authority signs and publishes it as user's public key certificate. To communicate, a user retrieves the certificate of the other user, forms a key, encrypts a message, and transmits it to the other user. The other user retrieves the certificate of the user, forms the key, and decrypts the message. A key encryption key scheme may be used. A third party may intercept the message, receive authorization, receive portions of the key from the escrow agents, recover the key, and recover the message. A data recovery scheme may be used.

Mobile computer and method of packet encryption and authentication in mobile computing based on security policy of visited network

Abstract: A mobile computer and a packet encryption and authentication method which are capable of controlling an activation of a packet encryption and authentication device belonging to the mobile computer according to the security policy at the visited network of the mobile computer. The mobile computer is provided with a packet encryption and authentication unit having an ON/OFF switchable function for applying an encryption and authentication processing on input/output packets of the mobile computer. Then, one of the packet encryption and authentication unit and an external packet processing device is selectively controlled to carry out the encryption and authentication processing on the input/output packets, where the external packet processing device being provided in a visited network at which the mobile computer is located and having a function for relaying packets transferred between a computer located in the visited network and a computer located in another network by applying the encryption and authentication processing.

Device and method for dynamic encryption

Abstract: An apparatus and method for dynamic encryption of information including data, voice, and graphics, consisting of a random access memory containing encryption and decryption programs and the information to be encrypted and decrypted, an encryption processor executing the encryption and decryption programs, the encryption and decryption programs being a code set whose members are distinct encryption/decryption codes executed serially by the encryption processor to encrypt and decrypt the information, and also being optionally repetitively executed, and a data set in the random access memory specifying the order and execution and number of repetitions of each member of the code set.

Two attacks on reduced IDEA

Abstract: In 1991 Lai, Massey and Murphy introduced the IPES (Improved Proposed Encryption Standard), later renamed IDEA (International Data Encryption Algorithm). In this paper we give two new attacks on a reduced number of rounds of IDEA. A truncated differential attack on IDEA reduced to 3.5 rounds and a differential-linear attack on IDEA reduced to 3 rounds. The truncated differential attack contains a novel method for determining the secret key.

Method for secure communications in a telecommunications system

Abstract: A method for sending a secure message in a telecommunications system utilizing public encryption keys. All authentication parameters of each of the users, including each user's decryption key that is known only to the user, are used to verify, by public key methods, the identity of a user sending a communication to another user of the system. During the authentication process, an encryption key for use in communications between the two users may also be generated. The generated encryption key may be a private session key. Once the initial authentication is completed, the private session key can be used to perform encryption that is less computationally demanding than public key methods. In an embodiment of the invention, two communicating users may use the method to authenticate each other and generate an encryption key that is used to encrypt subsequent communications between the users. During the process of this embodiment, two encryption keys are generated. A first encryption key is used only in the authentication process, and, a second encryption key is used in both the authentication process and as the key for encrypting subsequent communications. Use of two encryption keys requires that each of the two users apply its decryption key to complete the authentication and encryption key agreement process successfully.

Method and apparatus for secure communications with encryption key scheduling

Abstract: A communication device (122) supports secure communications using automated encryption key scheduling. The communication device (122) is provided with access to one or more schedules having entries of specific time periods, such as date and time of day information, that govern selection of encryption keys. A schedule is selected and accessed using current time information to obtain an encryption key (310, 320, 330). Subsequent communications are conducted using the obtained encryption key (340).

Authentication system, its method, authentication device and its method

Abstract: PROBLEM TO BE SOLVED: To reduce a time required for authentication in the case of conducting authentication by using a plurality of encryption keys. SOLUTION: In the case that encryption keys 1-5 are required respectively to access areas 1-5 of a memory 31 of an IC card 3, a reader/writer 2 reports a plurality of areas to be accessed to the IC card 3, a plurality of encryption keys corresponding to the areas (e.g. encryption keys 1, 2 and 4) are read and a degeneration processing section 32 generates a degeneration key. Furthermore, a random number generated by a random number generating section 23 of the reader/writer 2 is transferred to the IC card 3 and an encryption section 34 encrypts data by using the degeneration key. The reader/writer 2 receives the transferred encrypted random number from the IC card 3, decodes the random number by using the degeneration key and discriminates the IC card 3 to be proper when the decoded random number is equal to the generated random number. COPYRIGHT: (C)1998,JPO

On the Security of Remotely Keyed Encryption

Abstract: The purpose of remotely keyed encryption is to efficiently realize a secret-key block cipher by sharing the computational burden between a fast untrusted device and a slow device trusted with the key. This paper deals with how to define the security of remotely keyed encryption schemes. Since the attacker can take over the slow device and actually take part in the encryption process, common definitions of the security of block ciphers have to be reconsidered.

Improved cryptographically secure pseudo-random bit generator for fast and secure encryption

Abstract: The cryptographically secure pseudo-random bit generator (100) includes a front-end generator (102), a selector (104), a random function processor (106), a graph processor (108), and a bit-wise exclusive-or circuit (110). This cryptographically secure pseudo-random bit generator (100) stretches bit strings by the use of certain one-way functions acting on the bit strings. In addition, bit strings are generated from other input bit strings using expander graphs. The stretched bit strings and the bit strings from the expander graphs are combined in the bit-wise exclusive-or circuit.

Cryptographic system with masking

Abstract: A system for cryptographically transforming a sequence of input blocks of plaintext or ciphertext data into corresponding sequence of output blocks of data while providing enhanced protection against cryptographic attacks. Each input block is enciphered using a first key to generate a first encryption product, which is combined with a first secret masking value generated independently of the input blocks to generate a masked first encryption product. Each masked first encryption product is then enciphered using a second key to generate a second encryption product, which is combined with a second secret masking value generated independently of the input blocks to generate a masked second encryption product. Finally, each masked second encryption result is enciphered using a third key to generate an output block corresponding to the input block.

Conditional access system using messages with multiple encryption keys

Abstract: The invention relates to a conditional access system making it possible for a service provider to supply his services solely to users having acquired entitlements to these services. The services supplied by a service provider consist of an item scrambled by control words. To keep these control words secret, they are supplied in messages (MEC) after having been encrypted with an encryption algorithm with key K. According to the invention, one and the same message (MEC) contains the same control word (Cwi) encrypted several times, each encryption (E(Cwi)Kj) of the control word depending on a different encryption key (Kj). The invention applies to any type of conditional access system, be this system either of "off-line" or "on-line" type.

Fast software encryption : 4th International Workshop, FSE '97, Haifa, Israel, January 20-22, 1997 : proceedings

Abstract: ?2 cryptanalysis of the SEAL encryption algorithm.- Partitioning cryptanalysis.- The interpolation attack on block ciphers.- Best differential characteristic search of FEAL.- New block encryption algorithm MISTY.- The design of the ICE encryption algorithm.- Advanced Encryption Standard.- TWOPRIME: A fast stream ciphering algorithm.- On nonlinear filter generators.- Chameleon - A new kind of stream cipher.- Improving linear cryptanalysis of LOKI91 by probabilistic counting method.- Cryptanalysis of Ladder-DES.- A family of trapdoor ciphers.- The block cipher Square.- XMX: A firmware-oriented block cipher based on modular multiplications.- MMH: Software message authentication in the Gbit/second rates.- Fast message authentication using efficient polynomial evaluation.- Reinventing the travois: Encryption/MAC in 30 ROM bytes.- All-or-nothing encryption and the package transform.- On the security of remotely keyed encryption.- Sliding encryption: A cryptographic tool for mobile agents.- Fast software encryption: Designing encryption algorithms for optimal software speed on the Intel Pentium processor.- A fast new DES implementation in software.- Optimizing a fast stream cipher for VLIW, SIMD, and superscalar processors.

Encryption apparatus for enabling encryption and non-encryption terminals to be connected on the same network

Abstract: An encryption apparatus enables encrypted communications using existing network equipment which does not have an encryption function, such as a server, a client, or a router. The encryption apparatus is connected to a section between a terminal and a network, data from the terminal is encrypted and sent to the network, data from the network is decrypted and sent to the terminal, and a connection control frame between the terminal and the network is not encrypted.

Encryption communication system and encryption communication repeater

Abstract: PROBLEM TO BE SOLVED: To provide the encryption communication system and encryption communication repeater where troublesome processing of keys for a transmitter computer conducting encryption communication is not required, consumption of a memory capacity for storing the keys is avoided, and key management required for encryption communication among lots of computers is conducted efficiently. SOLUTION: A repeater 7 is introduced between computers 1, 14 that conduct mutual encryption communication, the repeater 7 stores a common key between the transmitter computer 1 and the receiver computer 4, an encrypted message from the transmitter computer 1 is decoded and encrypted with a common key to the receiver computer 4 and the encrypted message is sent to the receiver computer 4. Thus, the transmitter computer 1 manages only the common key to the repeater 7 to make the encryption communication with lots of destination computers 4-7 thereby facilitating the key management. COPYRIGHT: (C)1998,JPO

Scalable end-to-end encryption technology for supra-gigabit/second networking

Abstract: End-to-end encryption can protect proprietary information as it passes through a complex inter-city computer network, even if the intermediate systems are untrusted. This technique involves encrypting the body of computer messages while leaving network addressing and control information unencrypted for processing by intermediate network nodes. Because high speed implementations of end-to-end encryption with easy key management for standard network protocols are unavailable, this technique is not widely used today. Specifically, no end-to-end encryptors exist to protect Asynchronous Transfer Mode (ATM) traffic, nor to protect Switched Multi-megabit Data Service (SMDS), which is the first ``Broadband Integrated Services Digital Network`` (BISDN) service now being used by long distance telephone companies. This encryption technology is required for the protection of data in transit between industrial sites and central Massively Parallel Supercomputing Centers over high bandwidth, variable bit rate (BISDN) services. This research effort investigated techniques to scale end-to-end encryption technology from today`s state of the art ({approximately} 0.001 Gb/s) to 2.4 Gb/s and higher. A cryptosystem design has been developed which scales for implementation beyond SONET OC-48 (2.4Gb/s) data rates. A prototype for use with OC-3 (0.155 Gb/s) ATM variable bit rate services was developed.

Coding algorithm development assisting device and coding program development assisting device

Abstract: PROBLEM TO BE SOLVED: To efficiently assist the development of encryption algorithm which is adaptive to new decoding technology by assisting the description and editing of block encryption algorithm according to a predetermined block encryption algorithm scale. SOLUTION: A user describes and edits block encryption algorithm diagram representation on the basis of the block encryption algorithm scale by using an encryption diagram editing device 201, and stores it in an encryption diagram storage device 204. To confirm that block encryption algorithm stored in the encryption diagram storage device 204 operates as the user intends, the block encryption algorithm is actually executed by using an encryption diagram interpretation execution device 202. This execution result is stored as a table in an encryption diagram execution environment storage device 205. Lastly, the user examines the execution result in detail by using an encryption diagram execution environment inspecting device 203. COPYRIGHT: (C)1998,JPO

Establishing a key hierarchy for conditional access without encryption

Abstract: Conditional Access systems use special key management schemes which ensure that encrypted broadcast services can only be accessed by those who are entitled to receive them. In many cases, a key hierarchy is used for this purpose. In this article, solutions are presented to improve existing Conditional Access systems by using deeper key hierarchies, and by establishing these hierarchies without the use of encryption techniques.