Showing papers on "Block cipher published in 1997"

The Block Cipher Square

Abstract: In this paper we present a new 128-bit block cipher called Square. The original design of Square concentrates on the resistance against differential and linear cryptanalysis. However, after the initial design a dedicated attack was mounted that forced us to augment the number of rounds. The goal of this paper is the publication of the resulting cipher for public scrutiny. A C implementation of Square is available that runs at 2.63 MByte/s on a 100 MHz Pentium. Our M68HC05 Smart Card implementation fits in 547 bytes and takes less than 2 msec. (4 MHz Clock). The high degree of parallellism allows hardware implementations in the Gbit/s range today.

All-or-Nothing Encryption and the Package Transform

Abstract: We present a new mode of encryption for block ciphers, which we call all-or-nothing encryption This mode has the interesting defining property that one must decrypt the entire ciphertext before one can determine even one message block This means that brute-force searches against all-or-nothing encryption are slowed down by a factor equal to the number of blocks in the ciphertext We give a specific way of implementing all-or-nothing encryption using a “package transform≓ as a pre-processing step to an ordinary encryption mode A package transform followed by ordinary codebook encryption also has the interesting property that it is very efficiently implemented in parallel All-or-nothing encryption can also provide protection against chosen-plaintext and related-message attacks

New Block Encryption Algorithm MISTY

Abstract: We propose secret-key cryptosystems MISTY1 and MISTY2, which are block ciphers with a 128-bit key, a 64-bit block and a variable number of rounds. MISTY is a generic name for MISTY1 and MISTY2. They are designed on the basis of the theory of provable security against differential and linear cryptanalysis, and moreover they realize high speed encryption on hardware platforms as well as on software environments. Our software implementation shows that MISTY1 with eight rounds can encrypt a data stream in CBC mode at a speed of 20Mbps and 40Mbps on Pentium/100MHz and PA-7200/120MHz, respectively. For its hardware performance, we have produced a prototype LSI by a process of 0.5Μ CMOS gate-array and confirmed a speed of 450Mbps. In this paper, we describe the detailed specifications and design principles of MISTY1 and MISTY2.

The Interpolation Attack on Block Ciphers

Abstract: In this paper we introduce a new method of attacks on block ciphers, the interpolation attack. This new method is useful for attacking ciphers using simple algebraic functions (in particular quadratic functions) as S-boxes. Also, ciphers of low non-linear order are vulnerable to attacks based on higher order differentials. Recently, Knudsen and Nyberg presented a 6-round prototype cipher which is provably secure against ordinary differential cryptanalysis. We show how to attack the cipher by using higher order differentials and a variant of the cipher by the interpolation attack. It is possible to successfully cryptanalyse up to 32 rounds of the variant using about 232 chosen plaintexts with a running time less than 264. Using higher order differentials, a new design concept for block ciphers by Kiefer is also shown to be insecure. Rijmen et al presented a design strategy for block ciphers and the cipher SHARK. We show that there exist ciphers constructed according to this design strategy which can be broken faster than claimed. In particular, we cryptanalyse 5 rounds of a variant of SHARK, which deviates only slightly from the proposed SHARK.

Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA

Abstract: We present new related-key attacks on the block ciphers 3WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. Differential related-key attacks allow both keys and plaintexts to be chosen with specific differences [KSW96]. Our attacks build on the original work, showing how to adapt the general attack to deal with the difficulties of the individual algorithms. We also give specific design principles to protect against these attacks.

Constructing Symmetric Ciphers Using the CAST Design Procedure

Abstract: This paper describes the CAST design procedure for constructing a family of DES-like Substitution-Permutation Network (SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis, along with a number of other desirable cryptographic properties. Details of the design choices in the procedure are given, including those regarding the component substitution boxes (s-boxes), the overall framework, the key schedule, and the round function. An example CAST cipher, an output of this design procedure, is presented as an aid to understanding the concepts and to encourage detailed analysis by the cryptologic community.

Chameleon - A New Kind of Stream Cipher

Abstract: Stream cipher systems are used to protect intellectual property in pay-TV and a number of other applications. In some of these, it would be convenient if a single ciphertext could be broadcast, and subscribers given slightly different deciphering keys that had the effect of producing slightly different plaintexts. In this way, a subscriber who illegally resold material licensed to him could be traced. Previously, such tracing could be done using a one-time pad, or with complicated key management schemes. In this paper we show how to endow any stream cipher with this potentially useful property. We also present a simple traitor tracing scheme based on random coding with which it can be used.

Practice-Oriented Provable-Security

Abstract: This short article is intended to complement my talk. I would like to try to introduce you to a certain, relatively new sub-area of cryptography that we have been calling practice-oriented provable-security. It is about applying the ideas of “provably security” to the derivation of practical, secure protocols. I believe it is a fruitful blend of theory and practice that is able to enrich both sides and has by now had some impact on real world security.

Multi-cycle non-parallel data encryption engine

Abstract: A multi-cycle, non-parallel DES encryption scheme that supports CBC, OFB, CFB, and ECB modes of operation. Three independent cipher stages are coupled together in series in order to implement a high-speed DES core. Sixteen cipher operations are required for DES encryption and decryption. Hence, the data is routed through the DES core five times. On the sixth pass, the encrypted/decrypted data is taken from the output of the first cipher stage. This output can then be used to encrypt/decrypt any subsequent input data. A different key is supplied to each of the cipher stages for each cycle.

Comments on "Theory and applications of cellular automata in cryptography" [with reply]

Abstract: This paper argues that the cipher systems based on cellular automata (CA) proposed by S. Nandi et al. (1994) are affine and are insecure. A reply by S. Nandi and P. Pal Chaudhuri is given. The reply emphasizes the point that the regular, modular, cascadable structure of local neighborhood CA can be employed for building low cost cipher system hardware. This cost effective engineering solution can achieve desired level of security with larger size CA.

Comments on “Theory and applications of cellular automata in cryptography”

Abstract: The cipher systems based on Cellular Automata proposed by Nandi et al are a ne and are insecure Index Terms Cryptography block ciphers stream ciphers cellular automata

Fast Software Encryption: Designing Encryption Algorithms for Optimal Software Speed on the Intel Pentium Processor

Abstract: Most encryption algorithms are designed without regard to their performance on top-of-the-line microprocessors This paper discusses general optimization principles algorithms designers should keep in mind when designing algorithms, and analyzes the performance of RC4, SEAL, RC5, Blowfish, and Khufu/Khafre on the Intel Pentium with respect to those principles Finally, we suggest directions for algorithm design, and give example algorithms, that take performance into account

Two attacks on reduced IDEA

Abstract: In 1991 Lai, Massey and Murphy introduced the IPES (Improved Proposed Encryption Standard), later renamed IDEA (International Data Encryption Algorithm). In this paper we give two new attacks on a reduced number of rounds of IDEA. A truncated differential attack on IDEA reduced to 3.5 rounds and a differential-linear attack on IDEA reduced to 3 rounds. The truncated differential attack contains a novel method for determining the secret key.

A method for obtaining cryptographically strong 8/spl times/8 S-boxes

Abstract: A method for obtaining cryptographically strong 8/spl times/8 S-boxes is presented. The method is based on the "mini version" of a new block cipher with block size of 8 bits and can be easily and efficiently performed on a computer. The cryptographic strength of some 8/spl times/8 S-boxes randomly produced by the method is analyzed. The results show (1) all of them are bijective; (2) the nonlinearity of each output bit of is usually about 100; (3) all of them approximately satisfy the strict avalanche criterion and output bits independence criterion; (4) they all have an almost equiprobable input/output XOR distribution; and (5) their inverse S-boxes also possess the former four properties.

Cryptanalysis of the cellular message encryption algorithm

Abstract: This paper analyzes the Telecommunications Industry Association's Cellular Message Encryption Algorithm (CMEA), which is used for confidentiality of the control channel in the most recent American digital cellular telephony systems. We describe an attack on CMEA which requires 40–80 known plaintexts, has time complexity about 224–232, and finishes in minutes or hours of computation on a standard workstation. This demonstrates that CMEA is deeply flawed.

A Family of Trapdoor Ciphers

Abstract: This paper presents several methods to construct trapdoor block ciphers. A trapdoor cipher contains some hidden structure; knowledge of this structure allows an attacker to obtain information on the key or to decrypt certain ciphertexts. Without this trapdoor information the block cipher seems to be secure. It is demonstrated that for certain block ciphers, trapdoors can be built-in that make the cipher susceptible to linear cryptanalysis; however, finding these trapdoors can be made very hard, even if one knows the general form of the trapdoor. In principle such a trapdoor can be used to design a public key encryption scheme based on a conventional block cipher.

Fast and Secure Hashing Based on Codes

Abstract: This paper considers hash functions based on block ciphers. It presents a new attack on the compression function of the 128-bit hash function MDC-4 using DES with a complexity far less that one would expect, and proposes new constructions of fast and secure compression functions based on error-correcting codes and m-bit block ciphers with an m-bit key. This leads to simple and practical hash function constructions based on block ciphers such as DES, where the key size is slightly smaller than the block size, IDEA, where the key size is twice the block size and to MD4-like hash functions. Under reasonable assumptions about the underlying block cipher, we obtain collision resistant compression functions. Finally we provide examples of hashing constructions based on both DES and IDEA more efficient than previous proposals and discuss applications of our approach for MD4-Iike hash functions.

On Weaknesses of Non–surjective Round Functions

Abstract: We propose a new attack on Feistel ciphers with a non-surjective round function such as the CAST cipher family and LOKI91. We extend the attack towards block ciphers that use a non-uniformly distributed round function and apply the extended attack to the CAST family. This attack demonstrates that the round function of a Feistel cipher with six to eight rounds needs to be surjective and sufficiently uniform.

Reinventing the Travois: Encryption/MAC in 30 ROM Bytes

Abstract: By using a large number of round, we hope to be able to scrounge an Sbox out of nowhere, in an environment for which even TEA and the SAFERs are gross overdesign

x2 Cryptanalysis of the SEAL Encryption Algorithm

Abstract: SEAL was first introduced in [1] by Rogaway and Coppersmith as a fast software-oriented encryption algorithm. It is a pseudorandom function which stretches a short index into a much longer pseudorandom string under control of a secret key pre-processed into internal tables. In this paper we first describe an attack of a simplified version of SEAL, which provides large parts of the secret tables from approximately 224 algorithm computations. As far as the original algorithm is concerned, we construct a test capable of distinguishing SEAL from a random function using approximately 230 computations. Moreover, we describe how to derive some bits of information about the secret tables. These results were confirmed by computer experiments.

On the Security of Remotely Keyed Encryption

Abstract: The purpose of remotely keyed encryption is to efficiently realize a secret-key block cipher by sharing the computational burden between a fast untrusted device and a slow device trusted with the key. This paper deals with how to define the security of remotely keyed encryption schemes. Since the attacker can take over the slow device and actually take part in the encryption process, common definitions of the security of block ciphers have to be reconsidered.

The Design of the ICE Encryption Algorithm

Abstract: This paper describes the design and implementation of the ICE cryptosystem, a 64-bit Feistel block cipher. It describes the design process, with the various aims and tradeoffs involved. It also introduces the concept of keyed permutation to improve resistance to differential and linear cryptanalysis, and the use of an extensible key schedule to achieve an explict tradeoff between speed and security.

A parallel genetic algorithm for cryptanalysis of the polyalphabetic substitution cipher

Abstract: A new method for attacking the simple substitution cipher is presented which utilises a parallel version of the genetic algorithm. A suitable strategy is devised which allows communication between a number of parallel nodes each solving a separate part of the problem. An analysis of the fitness function is also performed.

Apparatus for and method of overhead reduction in a block cipher

Abstract: An apparatus and method for reducing the overhead of a block cipher includes shortening the length of the initialization vector so that its length is less than the length of each block of information processed by the block cipher. The block cipher is utilized in cipher block chaining mode. The shortened vector is loaded into the block cipher with other pseudo-random bits. Cipher block chaining prevents the overall cycle length of the block cipher from decreasing. Thus, channel burden of repeatedly transmitting the initialization vector is reduced because it is shorter, but security is not unduly diminished because cycle length is not diminished. Late entry can be achieved. Also, combination of this method with coasting can increase accurate synchronization even in severely corrupted channels. Security level versus amount of vector shortening can be selected.

Implementation efficient encryption and message authentication

Abstract: Encryption and authentication techniques which can be implemented on inexpensive, e.g., 8-bit, microprocessors and micro-controllers, using very little of the microprocessor's memory, are described. While the described techniques require little system resources to implement they still provide a good degree of security. In accordance with the present invention, in order to avoid having to specifically dedicate a portion of the microprocessor's limited memory for use as a substitution box, a portion of the code stored in the microprocessor's memory, dedicated to performing another function, is selected to serve as an S-box. This memory saving technique is used to implement a block cipher. The block cipher is used in combination with a series of other data manipulation operations, including XOR operations and rotate operations, to provide a good degree of system security. The operations used to implement the techniques of the present invention are capable of being implemented using 8 bit instructions making the techniques of the present invention well suited for implementation on 8 bit systems such as those used in home and auto control applications. The message protocol and encryption scheme of the present invention involves the subtracting of current message payloads from previously received message payloads to distinguish between new messages and repeated messages which have already been acted upon. Messages are acted upon only once thereby rendering the recording and playing back of previous messages ineffective at defeating system security.

The SPEED Cipher

Abstract: SPEED is a private key block cipher. It supports three variable parameters: (1) data length — the length of a plaintext/ciphertext of SPEED can be 64, 128 or 256 bits. (2) key length — the length of an encryption/decryption key of SPEED can be any integer between 48 and 256 (inclusive) and divisible by 16. (3) rounds — the number of rounds involved in encryption/decryption can be any integer divisible by 4 but not smaller than 32.

BEAST: a fast block cipher for arbitrary blocksizes

Abstract: This paper describes BEAST, a new blockcipher for arbitrary size blocks. It is a Luby-Rackoff cipher and fast when the blocks are large. BEAST is assembled from cryptographic hash functions and stream ciphers. It is provably secure if these building blocks are secure.

Fast software encryption : 4th International Workshop, FSE '97, Haifa, Israel, January 20-22, 1997 : proceedings

Abstract: ?2 cryptanalysis of the SEAL encryption algorithm.- Partitioning cryptanalysis.- The interpolation attack on block ciphers.- Best differential characteristic search of FEAL.- New block encryption algorithm MISTY.- The design of the ICE encryption algorithm.- Advanced Encryption Standard.- TWOPRIME: A fast stream ciphering algorithm.- On nonlinear filter generators.- Chameleon - A new kind of stream cipher.- Improving linear cryptanalysis of LOKI91 by probabilistic counting method.- Cryptanalysis of Ladder-DES.- A family of trapdoor ciphers.- The block cipher Square.- XMX: A firmware-oriented block cipher based on modular multiplications.- MMH: Software message authentication in the Gbit/second rates.- Fast message authentication using efficient polynomial evaluation.- Reinventing the travois: Encryption/MAC in 30 ROM bytes.- All-or-nothing encryption and the package transform.- On the security of remotely keyed encryption.- Sliding encryption: A cryptographic tool for mobile agents.- Fast software encryption: Designing encryption algorithms for optimal software speed on the Intel Pentium processor.- A fast new DES implementation in software.- Optimizing a fast stream cipher for VLIW, SIMD, and superscalar processors.

Optimizing a Fast Stream Cipher for VLIW, SIMD, and Superscalar Processors

Abstract: The mismatch between traditional cipher designs and efficient operation on modern Very Long Instruction Word, Single Instruction Multiple Data, superscalar, and deeply pipelined processors is explored. Guidelines are developed for efficiently exploiting the instruction-level parallelism of these processor architectures.

Hash Functions and MAC Algorithms Based on Block Ciphers

Abstract: This paper reviews constructions of hash functions and MAC algorithms based on block ciphers. It discusses the main requirements for these cryptographic primitives, motivates these constructions, and presents the state of the art of both attacks and security proofs.