Showing papers on "Cipher published in 1985"

An optimal class of symmetric key generation systems

Abstract: It is sometimes required that user pairs in a network share secret information to be used for mutual identification or as a key in a cipher system. If the network is large it becomes impractical or even impossible to store all keys securely at the users. A natural solution then is to supply each user with a relatively small amount of secret data from which he can derive all his keys. A scheme for this purpose will be presented and we call such a scheme a symmetric key generation system (SKGS). However, as all keys will be generated from a small amount of data, dependencies between keys will exist. Therefore by cooperation, users in the system might be able to decrease their uncertainty about keys they should not have access to.The objective of this paper is to present a class of SKGS for which the amount of secret information needed by each user to generate his keys is the least possible while at the same time a certain minimum number of users have to cooperate to resolve the uncertainty of unknown keys.

Decrypting a Class of Stream Ciphers Using Ciphertext Only

Abstract: Pseudonoise sequences generated by linear feedback shift registers [1] with some nonlinear combining function have been proposed [2]–[5] for cryptographic applications as running key generators in stream ciphers. In this correspondence it will be shown that the number of trials to break these ciphers can be significantly reduced by using correlation methods. By comparison of computer simulations and theoretical results based on a statistical model, the validity of this analysis is demonstrated. Rubin [6] has shown that it is computationally feasible to solve a cipher proposed by Pless [2] in a known plaintext attack, using as few as 15 characters. Here, the number of ciphertext symbols is determined to perform a ciphertext-only attack on the Pless cipher using the correlation attack. Our conclusion from the analysis is that the pseudonoise generator's output sequence and the sequences generated by the linear feedback shift registers should be uncorrelated. This leads to constraints for the nonlinear combining function to be used.

Advances in Cryptology: Proceedings of Crypto 84

Abstract: Public Key Cryptosystems and Signatures.- A Prototype Encryption System Using Public Key.- A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms.- A Public-Key Cryptosystem Based on the Word Problem.- Efficient Signature Schemes Based on Polynomial Equations (preliminary version).- Identity-Based Cryptosystems and Signature Schemes.- A Knapsack Type Public Key Cryptosystem Based On Arithmetic in Finite Fields (preliminary draft).- Some Public-Key Crypto-Functions as Intractable as Factorization.- Cryptosystems and Other Hard Problems.- Computing Logarithms in GF (2n).- Wyner's Analog Encryption Scheme: Results of a Simulation.- On Rotation Group and Encryption of Analog Signals.- The History of Book Ciphers.- An Update on Factorization at Sandia National Laboratories.- An LSI Digital Encryption Processor (DEP).- Efficient hardware and software implementations for the DES.- Efficient hardware implementation of the DES.- A Self-Synchronizing Cascaded Cipher System with Dynamic Control of Error Propagation.- Randomness and Its Concomitants.- Efficient and Secure Pseudo-Random Number Generation (Extended Abstract).- An LSI Random Number Generator (RNG).- Generalized Linear Threshold Scheme.- Security of Ramp Schemes.- A Fast Pseudo Random Permutation Generator With Applications to Cryptology.- On the Cryptographic Applications of Random Functions (Extended Abstract).- An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information.- Analysis and Cryptanalysis.- RSA/Rabin least significant bits are secure (Extended Abstract).- Information Theory without the Finiteness Assumption, I: Cryptosystems as Group-Theoretic Objects.- Cryptanalysis of Adfgvx Encipherment Systems.- Breaking Iterated Knapsacks.- Dependence of output on input in DES: Small avalanche characteristics.- Des has no Per Round Linear Factors.- Protocols and Authentication.- A Message Authenticator Algorithm Suitable for a Mainframe Computer.- Key Management for Secure Electronic Funds Transfer in a Retail Environment.- Authentication Theory/Coding Theory.- New Secret Codes Can Prevent a Computerized Big Brother.- Fair Exchange of Secrets (extended abstract).- Cryptoprotocols: Subscription to a Public Key, The Secret Blocking and The Multi-Player Mental Poker Game (extended abstract).- Poker Protocols.- Impromptu Talks.- A "Paradoxical" Solution to The Signature Problem.- Sequence Complexity as a Test for Cryptographic Systems.- An Update on Quantum Cryptography.- How to Keep a Secret Alive.

On the power of cascade ciphers

Abstract: The unicity distance of a cascade of random ciphers, with respect to known plaintext attack, is shown to be the sum of the key lengths. A time-space trade-off for the exhaustive cracking of a cascade of ciphers is shown. The structure of the set of permutations realized by a cascade is studied; it is shown that only l.2k exhaustive experiments are necessary to determine the behavior of a cascade of l stages, each having k key bits. It is concluded that the cascade of random ciphers is not a random cipher. Yet, it is shown that, with high probability, the number of permutations realizable by a cascade of l random ciphers, each having k key bits, is 2lk. Next, it is shown that two stages are not worse than one, by a simple reduction of the cracking problem of any of the stages to the cracking problem of the cascade. Finally, it is shown that proving a nonpolynomial lower bound on the cracking problem of long cascades is a hard task, since such a bound implies that P n NP.

Broadcast system for scrambled programming signals

Abstract: A pay program signal is scrambled in an exclusive OR circuiit by a scrambling signal (Ks) derived from a random number generator. The pay program signal is converted into a broadcasting signal by a converter. A transmission information processor alters every month, for example, the contents of an initial value signal applied to the random number generator in order to change a scramble mode. The information processor transmits, via the converter, cipher signal (Ei) for descrambling the pay program signal in, for example, the next month. The cipher signal (Ei1) is stored in a RAM of a subscriber. At this time, a memory area into which the cipher signal (Ei1) is to be stored is designated by a distribution page flag (DP) transmitted from the information processor. The information processor also designates the memory area storing the cipher signal (Ei1), by means of a reference page flag (RF), which is to be used. The key data is used as data to determine a descramble mode of the random number generator.

How to (Selectively) Broadcast A Secret

Abstract: At the 1982 Symposium on Security and Privacy, a software protection scheme [1] devised by George Purdy, James Studier and the present author was presented. Unfortunately, the cryptographic protocol in that scheme was fatally flawed making it possible for a "pirate" who observed the communica-tions between a software vendor and a legitimate licensee to forge a license that would permit him to also use the protected software. In the course of analyzing the reasons for this weakness in the protocol and of finding an improved one, the cryptographic protocol reported here was found that permits the originator of a cipher message to specify precisely the subset of receivers out of a much larger potential audience who will be able to decrypt the cipher but who will be unable to pass along this ability to any other receiver not designated by the originator of the message. We shall first describe the flaw in the original software protection scheme that prompted this work, and then systematically develop the selective broadcast protocol . Finally, almost as a footnote to the discussion of the secure broadcast protocol, we show how the original software protection problem has also been solved.

Method and device of increasing the execution speed of cipher feedback mode of the DES by an arbitrary multiplier

Abstract: In an encryption system comprising DES in a cipher feedback mode of k bits, a plain text bit stream is fed into n individual DES encryptors. The DES encryptor operates in parallel from a common input register containing cipher text bit streams so that the overall throughput of the system is increased approximately by a factor of n. If k=1 then the system is self-synchronizing.

“Cipher” in the Classroom: The Invisible Child

Abstract: (1985). “Cipher” in the Classroom: The Invisible Child. Childhood Education: Vol. 62, No. 2, pp. 91-97.

Is DES a Pure Cipher? (Results of More Cycling Experiments on DES) (Preliminary Abstract)

Abstract: During summer 1985, we performed eight cycling experiments on the Data Encryption Standard (DES) to see if DES has certain algebraic weaknesses Using special-purpose hardware, we applied the cycling closure test described in our Eurocrypt 85 paper to determine whether DES is a pure cipher We also carried out a stronger version of this test (A cipher is pure if, for any keys i, j, k, there exists some key l such that T i T j −1 T k = T l, where T w denotes encryption under key w) In addition, we followed the orbit of a randomly chosen DES transformation for 236 steps, as well as the orbit of the composition of two of the “weak key” transformations Except for the weak key experiment, our results are consistent with the hypothesis that DES acts like a set of randomly chosen permutations In particular, our results show with overwhelming confidence that DES is not pure The weak key experiment produced a short cycle of about 233 steps, the consequence of hitting a fixed point for each weak key

Class of binary cipher sequences with best possible autocorrelation function

Abstract: A new class of binary sequences called here `m-like cipher sequences? are introduced which have rather interesting properties for use as cipher sequences. These are derived by interleaving the so-called `elementary m-sequences? along with some null sequences in a particular order. The resulting composite sequences are not m-sequences, but require deciphering and storage of a much larger number of bits for their complete prediction from the observed cipher text than that needed for predicting m-sequences of the same length. At the same time, the method of construction of these sequences ensures that their autocorrelation function is identical to that of an m-sequence of the same length.

Ciphered digital broadcast equipment

Abstract: PURPOSE:To decode individually a ciphered signal of a receiver of a specific contractor and also to obtain a ciphered broadcast equipment with high security by providing two kinds of identification codes at transmission and reception sides and allowing one of them to attain individual control of the receiver and the other to cipher and code a signal. CONSTITUTION:Two kinds of identification codes, 1st and 2nd codes are provided to contracted receivers at transmission side. A ciphered key of plural kinds generated from a cipher key generating means 2 are selected by a cipher key selecting means 20 and an plain sentence is ciphered to a plain sentence input terminal 1 by using the selected ciphered key. Furthermore, the secret key from the means 2 is ciphered by the 2nd identification code. A ciphered sentence, cipher key selecting information, the ciphered ciphering key and the 1st identification code are transmitted from the transmission side, the coincidence between the 1st identification code stored in a ROM13 and the transmitted identification code is obtained at the reception side, the ciphered ciphering key is decoded by using the 2nd identification code in the ROM14 so as to decode the ciphered sentence.

Broadcasting method and transmitter and receiver for this method

Abstract: PURPOSE:To obtain the correct TV signal for specified contractors by transmitting the signal which indicates the program together with the TV signal and designating algorithm at the scrambler and disc rumble. CONSTITUTION:At the broadcast station 21 side, the tear code is supplied to the key file 27 and output Ki works as the key Ki of the cipher device 29. Output of the cipher device 29 becomes the key Ks of the scrambler 25. The TV signal is transmitted by encryption at the scrambler 25 and the signal is supplied to the receiver 23 through the artificial satellite 20. The receiving signal is separated to the TV signal and bit row, and the tier code is separated at the separator 33. The tier code is supplied to the key module 35, this output becomes the key of the cipher device 31, alternating algorithm is designated and the TV signal is regenerated. The pay TV system is obtained which is impossible to intercept.

A self-synchronizing cascaded cipher system with dynamic control of error propagation

Abstract: A cipher system used for secure communication over a noisy channel can automatically synchronize the sender and receiver by computing a stateless function of a key and a limited amount of the recent cipher-text The more ciphertext feedback is used, the more the errors from the noisy channel are propagated The less feedback is used, the easier ciphertext-only and chosen-plaintext attacks become There is a trade-off between security and noise that must be made when a self-synchronizing system is builtThis paper presents a self-synchronizing cascaded cipher system that permits most combinations of key and ciphertext feedback lengths and also allows adjustment of the trade-off between security and noise during system operation At times when maximum security is not needed, the error propagation can be reduced temporarilyAs implemented in hardware, the cascaded cipher has a storage register for each stage The function computed would normally depend on the state of this storage, but different clocks are used at each stage to render the function stateless The use of a cascade helps to keep the hardware cost down

Cipher system using a variant key matrix

Abstract: of EP0035048This is a cipher system for enciphering or deciphering a stream of binary data by means of a product cipher. A clear message (16) represented in a binary data format is transformed into a cipher message or vice versa by operating on each consecutive bit of clear information with a complex modulo-two addition function (18). This function is dependent on previous internal cipher digits fedback (24) and varies for each message bit processed. The function is developed by continually shifting a key matrix (10) under the control of a varying control matrix (34). The control matrix is formed from the subproducts (24) of the complex function (18) developed in generating each cipher bit (22).

Terminal interface equipment with answer function to call of public communication circuit

Abstract: PURPOSE: To ensure the safe and accurate transmission of the important information via a public communication circuit, by using an interface device which contains a cipher code reading function and a collating function for personal identification codes to the public communication circuit. CONSTITUTION: A terminal interface device with an answer function to call of public communication circuit is provided with a card reader 13 which reads the cipher codes recorded on a magnetic card or an IC card, a keyboard part 11 for input the cipher codes, a central processor 8, a MODEM 4, a network controller 2, etc. The processor 8 possesses the cipher codes which cannot be decoded from outside in a production stage of them in the form of the codes proper to the interface device and sends the cipher codes read with collation through the reader 13 and the part 11 to a host computer via a public circuit. The host computer specifies and confirms the card user and an individual interface device and controls the progress of an application program. COPYRIGHT: (C)1986,JPO&Japio

Method for storing privacy information

Abstract: PURPOSE: To secure the privacy by forming register elements, certification elements, cipher keys and the cipher original keys by means of the secret keys and therefore unabling the change of the register elements, etc., as long as these secret keys are known by outsiders. CONSTITUTION: A system controller 12 produces an open key K 2 =M α modN based on its own secret key α. A constant M is raised to α-th power by the key K 2 and the residue is defined as M α modN when the division is carried out with a constant N. Then the key K 2 is informed to all access operators 13W16 and these access operators produce open keys K 2 WK 4 based on the secret keys βWe and give M β modNWM e modN of keys K 2 WK 4 to the memory file 30 of a storage 11. The file 30 includes a storing area 31 for ciphering storage information, a storing area 32 for register elements, a storing area 33 for table of certification elements and a storing area 34 for table of cipher original keys. Then the register elements, certification elements, cipher keys and cipher original keys are all formed based on the secret keys. Thus the privacy is secured completely. COPYRIGHT: (C)1987,JPO&Japio

Data ciphering system

Abstract: PURPOSE:To replace optionally a ciphering circuit so as to correspond to each person by selecting an algorithm number corresponding to a job name from plural ciphering algorithm devices and converting data in accordance with the selected algorithm number. CONSTITUTION:When a job to be ciphered starts to be executed, a cipher algorithm number is requested to a terminal 1 and the cipher algorithm number is inputted from the terminal 1. A cipher algorithm device 6 registers data conversion algorithm corresponding to a person. In accordance with the inputted cipher algorithm number, the corresponding algorithm is stored from the device 6 to a ciphering circuit 9. A ciphering control device 8 converts data on the basis of the algorithm.

Locking release system of lock

Abstract: PURPOSE:To enable to prevent a dishonest act by the third person not being able to open a lock as long as the identification information and the opening means are not regular, and changing the identification information every time when the lock is opened. CONSTITUTION:A receiver of a safe goes to the site, and telephones a reception stand 11 of a telephone station 2 from a public telephone set 1. The receiver and the correspondent of the receipt stand 11 execute calling, and the receiver transmits the ID number by using the pushbutton dial or transmits a cipher by the voice during the calling. Then, the correspondent of the receipt stand 11 collate the ID number or the cipher, if it turns out to be regular, the lock opening instruction is transmitted to the public telephone set 1, and at the same time, the present ID number or the cipher becomes invalid. Then, the new ID number or the new cipher is set. A mechanism 4 of a lock A of the bublic telephone set 1 is opened by the lock opening instruction, and the receiver of a safe opens a mechanism 5 of a lock B by using the spare key.

Software protecting method

Abstract: PURPOSE:To prevent a copied program from being executed in another computer by using identification numbers different by individual computers to generate a cipher and decipher it. CONSTITUTION:A cipher registering work is performed for the purpose of preventing wrong registration at a software sale time, and the registering processing is performed if results of check of the cipher due to ''input of cipher'' and ''coincidence of cipher?'' are correct. Next, the processing which obtains the identification number of a computer is performed. That is, the processing which uses an identification number (x) to obtain a function f(x) of the number (x) is performed in case of reading of a sequence number added to the computer, and the result is stored in an external cipher file. When the program is started, a result (y) of the function f(x) is taken out from the external cipher file, and the identification number (x) is taken out, and a function g(x, y) of (x) and (y) is obtained. This result g(x, y) is compared with an expected value (z), and the program is stopped if they do not coincide with each other, but the program processing is executed if they coincide.

Equivocations for homophonic ciphers

Abstract: Substitution ciphers can be quite weak when the probability distribution of the message letters is distinctly non-uniform. A time-honoured solution to remove this weakness is to "split" each high-probability letter into a number of "homophones" and use a substitution cipher for the resulting extended alphabet. Here the performance of a homophonic cipher is studied from a Shannon-theoretic point of view. The key and message equivocations (conditional entropies given the intercepted cryptogram) are computed both for finite-length messages and "very long" messages. The results obtained are strictly related to those found by Blom and Dunham for substitution ciphers. The key space of a homophonic cipher is specified carefully, so as to avoid misunder standings which appear to have occurred on this subject.

Cipher control method of communication terminal

Abstract: PURPOSE:To prevent the leak of a cipher by updating the cipher at every communication call for every communication destination. CONSTITUTION:When a communication is terminated, a cipher number generating circuit 26 of a terminal 2 is started, and a cipher is generated by, for example, rangom numbers and is sent to a terminal number cipher storage circuit 24. This circuit 24 updates contents of a memory corresponding to a destination terminal 1, with which a terminal 2 comunicates just before the communication is terminated, to said generated cipher. This new cipher is sent to the destination terminal 1 through a cipher transmitting circuit 27. Consequently, the new cipher is used for the next communication between terminals 1 and 2. Thus, even if the cipher used in the preceding communication is deciphered, communication contents are not leaked because another new cipher is used for communication.

Personal confirming method using ic card

Abstract: PURPOSE:To reduce the cost compared with a case where an exclusive cipher device is used by providing a protocol necessary for coding and signature within an IC card and obtaining the ID generation function, the generating times of signature functions and a decoding key at the bank side. CONSTITUTION:An ID cards 6 sends its own card number N to a bank 4. The bank 4 multiplies the number N by the generation function P(x, y) of the signature function to produce a signature Q*(x). At the same time, the bank 4 sends a parameter beta to the card 6. Then the card 6 transmits the parameter beta through a signature Q(x) and produces a signature Q(beta) to send it to bank 4. The bank 4 compares a signature function Q*(beta) produced by the bank 4 itself with use of the parameter beta with the function Q(beta) sent from the card 6. Then it is decided only when the coincidence is obtained from the comparison that the signature is done. In this case, both the parameter beta and the function Q(beta) are stored to a store area of the card 6 itself.

Method and device for encryption and decryption of data

Abstract: The central component of the device is a standard cipher module (DES) which uniquely generates a 64-bit output vector (A1) from a 64-bit input vector (E1) on the basis of a 56-bit secret key (K) A logic circuit (11) is connected to the output of the DES module which combines a pre-defined selection of the bits of the output vector according to a pre-defined pattern in each case to form one bit, which bits are then modulo-2 mixed with the clear data in order to produce the encrypted data The encrypted data are fed back bit-by-bit via a 64-bit shift register (9) to the input of the DES module The logic circuit (11) can be bypassed by means of a switch (S) in order to render the device compatible with conventional devices of this type A substantial variety of secret elements and thus substantial cryptological security is achieved by means of the logic circuit

Perfect protection method of software

Abstract: PURPOSE:To obtain the software which can run only with a specific computer by incorporating an LSI which contains an ROM serving as a primary part and functions as a black box. CONSTITUTION:An LSI chip consists of a microprocessor and an ROM (cipher ROM) to which access is possible only through said microprocessor. The microprocessor uses the data given from a computer and the data of the cipher ROM to parameters and produces random numbers repetitively by a congruence equation method, etc. Then the random numbers obtained finally are sent back to the computer. Thus it is impossible for outsiders to know the data of the cipher ROM although they know the regeneration algorithm of random numbers by repeating the generation of random number many times.

Earth station of time division multiple access system

Abstract: PURPOSE:To make it unnecessary to provide a cipher device on every terminal equipment by providing one set of cipher device for concealing satellite communication on an earth station without providing it on every terminal equipment, compressing continuous data of plural terminal equipments and converting them to one burst data, and thereafter, ciphering it. CONSTITUTION:One set of cipher device 8 is provided in an earth station 7 to which plural terminal equipment 6 have been connected by a circuit. Continuous data transmitted from plural terminal equipments 6 are compressed by a speed converting part 9, become one burst data, and it is ciphered by a cipher part 11 burst-operated by a burst control part 10, error-corrected and encoded by an error correcting and encoding part 12, and thereafter, modulated by a modulating part 13 and transmitted from an antenna 14. Received data is demodulated by a demodulating part 15, error-corrected by an error correcting part 16, and thereafter, cipher data is decoded by a decoding part 17. This decoding part 17 also executes decoding of a burst unit by control of the burst control part 10. The decoded burst data is expanded by the speed converting part 9 and sent as continuous data to the terminal equipment 6.

A trigraph cipher with a short key for hand use

Abstract: The cipher presented here is trigraphic, because triples of letters are mapped into triples of letters, and it is truly tri-graphic because all three letters of the triple are treated in the same fashion. The key consists of a square or rectangular array of letters (like that used for the Playfair), which must have an odd number of rows and an odd number of columns. The cipher is a very simple algebraic cipher, but it is suitable for hand ciphering and deciphering. It is believed to be almost as easy to use as a Play-fair or Delastelle, and possibly more secure against cryptanalysis.

Information theoretic approach to secure lsfr ciphers

Abstract: To break a normal LFSR cipher, a cryptanalyst needs only 2n bits of corresponding plain and ciphertext, where n is the number of stages of the shift register.[l] In this paper, a method of substituting completely random characters into the ciphertext and therefore preventing the encipherment of a full 2n-length sequence (under its proper key) will be discussed. Due to the high redundancy of English, a cipher containing several completely random characters will still be readable.

Machanical cipher lock

Abstract: The utility model discloses a machanical cipher lock, which belongs to locksets used for house doors, furniture, and special safety equipment. The utility model is composed of a positioning wheel, a rotation shaft, a turn button, a casing, a concave and protruding chip, a cipher changing pin screw, a foxtail, etc. The utility model has the advantages of no keys, no handle, convenient open, strong confidentiality, long service life, beautiful appearance, etc.

Channel selecting device

Abstract: PURPOSE:To make it possible that only a person who knows a cipher selects a special channel electronically by storing and setting the special channel in cipher and selecting it in cipher. CONSTITUTION:For example, a channel 8 and ''123'' are stored as a cipher channel and a cipher number in a memory 5 respectively by an operating means 1. When ''08'' is inputted by the operating means 1 in case of selection of the cipher channel, data stored in the current channel area 10 of the memory 5 and that in a cipher channel area 11 coincide with each other, and therefore, a signal S1 is outputted to a decoder circuit 4. Next, when the cipher number ''123'' is inputted, the decoder circuit 4 permits a three-digit input by the signal S1, and a cipher comparing circuit 7 compares this inputted cipher number ''123'' with data ''123'' in the cipher number area of the memory 5, and the selection of the channel 8 is permitted because they coincide with each other.