Showing papers on "Cipher published in 1991"

A proposal for a new block encryption standard

Abstract: A new secret-key block cipher is proposed as a candidate for a new encryption standard. In the proposed cipher, the plaintext and the ciphertext are 64 bit blocks, while the secret key is 128 bit long. The cipher is based on the design concept of "mixing operations from different algebraic groups". The cipher structure was chosen to provide confusion and diffusion and to facilitate both hardware and software implementations.

Non-interactive Public-Key Cryptography

Abstract: An identity-based non-interactive public key distribution system is presented that is based on a novel trapdoor one-way function allowing a trusted authority to compute the discrete logarithm of a given number modulo a publicly known composite number m while this is infeasible for an adversary not knowing the factorization of m. Without interaction with a key distribution center or with the recipient of a given message a user can generate a mutual secure cipher key based solely on the recipient’s identity and his own secret key and send the message, encrypted with the generated cipher key using a conventional cipher, over an insecure channel to the recipient. Unlike in previously proposed identity-based systems, no public keys, certificates for public keys or other information need to be exchanged and thus the system is suitable for many applications such as electronic mail that do not allow for interaction.

Method and apparatus for providing secure access to a limited access system

Abstract: Disclosed is a method and apparatus that protects user passwords and identification numbers by using dynamic and fixed cipher keys to generate one-time access codes that are recognized by an authorization center. The authorization center provides a user with a pool of user selectable algorithms that are easily remembered by a user. When access is desired the user mentally generates and subsequently enters a non-machine generated access code formed by using the selected algorithm, the password, and a dynamic variable. The authorization center also generates a corresponding access code using stored user data. If the two access codes match access is granted.

New approaches to the design of self-synchronizing stream ciphers

Abstract: Self-synchronizing stream ciphers (SSSC) are a commonly used encryption technique for channels with low bit error rate but for which bit synchronization can present a problem. Most presently used such ciphers are based on a block cipher (e.g. DES) in 1-bit cipher feedback mode. In this paper, several alternative design approaches for SSSCs are proposed that are superior to the design based on a block cipher with respect to encryption speed and potentially also with respect to security. A method for combining several SSSCs is presented that allows to prove that the combined SSSC is at least as secure as any of the component ciphers. The problem of designing SSSCs is contrasted with the problem of designing conventional synchronous additive stream ciphers and it is shown that different security criteria must be applied. Furthermore, an efficient algorithm is presented for finding a function of low degree that approximates a given Boolean function, if such an approximation exists. Its significance for the cryptographic security of SSSCs and its applications in coding theory are discussed.

Continuous cipher synchronization for cellular communication system

Abstract: A system for the synchronization of encryption devices in a digital cellular communications system. Each of the encryption devices includes a multi-bit counter and generates a pseudo-random keystream which is combined with the data to be encrypted. The keystream is a function of the multi-bit counter value which is periodically incremented in response to a series of clock pulses. To allow proper decryption of the encrypted data, the system of the present invention provides continuous or very frequent updates of the transmitter counter value which may be used to reset the receiver counter and to resynchronize the system without the necessity of reinitialization and repetition of the intervening clock pulses.

Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI

Abstract: Differential Cryptanalysis is currently the most powerful tool available for analysing block ciphers, and new block ciphers need to be designed to resist it. It has been suggested that the use of S-boxes based on bent functions, with a flat XOR profile, would be immune. However our studies of differential cryptanalysis, particularly applied to the LOKI cipher, have shown that this is not the case. In fact, this results in a relatively easily broken scheme. We show that an XOR profile with carefully placed zeroes is required. We also show that in order to avoid some variant forms of differential cryptanalysis, permutation P needs to be chosen to prevent easy propagation of a constant XOR value back into the same S-box. We redesign the LOKI cipher to form LOKI91, to illustrate these results, as well as to correct the key schedule to remove the formation of equivalent keys. We conclude with an overview of the security of the new cipher.

A provably-secure strongly-randomized cipher

Abstract: Shannon's pessimistic theorem, which states that a cipher can be perfect only when the entropy of the secret key is at least, as great as that of the plaintext, is relativized by the demonstration of a randomized cipher in which the secret key is short but the plaintext can be very long. This cipher is shown to be "perfect with high probability". More precisely, the enemy is unable to obtain any information about the plaintext when a certain security event occurs, and the probability of this event is shown to be arbitrarily close to one unless the enemy performs an infeasible computation. This cipher exploits the existence of a publicly-accessible string of random bits whose length is much greater than that of all the plaintext to be encrypted before the secret key and the randomizer itself are changed. Two modifications of this cipher are discussed that may lead to practical provably-secure ciphers based on either of two assumptions that appear to be novel in cryptography, viz., the (sole) assumption that the enemy's memory capacity (but not his computing power) is restricted and the assumption that an explicit function is, in a specified sense, controllably-difficult to compute, but not necessarily one-way.

Cryptographic method and apparatus

Abstract: Cryptographic techniques for enciphering computer messages or the like include a unit for generating a cipher program for enciphering message data or plaintext by using a plurality of kinds of basic involution processing programs and desired key data, and a unit for enciphering the message data into ciphertext by executing the generated cipher program for the message data. A part of the involution processing program includes a substitution transformation portion and a permutation transformation portion. In accordance with the bit pattern of the above key data, a sequence for executing each of the involution processing programs and a sequence for executing the substitution transformation portion and the permutation transformation portion are determined. The above plurality of transformation processes include an operation of circular shifting to the right or left by X bits and an operation of circular shifting to the right or left by Y bits, with the X and Y being mutually different numbers. An indication of detailed numerical values of the X and Y and the right or left direction for a circular shift is given by key data. According to the above structure, a part of the functions for structuring the encipherment algorithms and the sequence for executing the functions are changed by key data. With the above arrangement, a large amount of algorithm transformation patterns are generated by the product of a number of changes of a part of the functions and a sum of combinations of permutation in the sequence of executing the functions, thus making it extremely difficult to crack the algorithms.

Key data sharing device

Abstract: PURPOSE:To eliminate a need of decoding processing to share a session key between communicators while confirming it by communicators of each other. CONSTITUTION:An information processing terminal 100 and an IC card 110 transmit generated random numbers 10 and 20 to each other and cipher the transmitted random numbers to obtain cipher data 12 and 22. Thereafter, they cipher received random numbers of each other to transmit cipher data 24 and 14. They compare received cipher data and data ciphered by themselves with each other; and in the case of coincidence, they use secret key data and operated cipher data to obtain key data common to them by operation.

Correlation properties of combiners with memory in stream ciphers (extended abstract)

Abstract: In stream cipher design pseudo random generators have been proposed which combine the output of one or several LFSRs in order to produce the key stream For memoryless combiners it is known that the produced sequence has correlation to sums of certain LFSR-sequences whose correlation coefficients ci satisfy the equation ?i ci2 = 1 It is proved that a corresponding result also holds for combiners with memoryIf correlation probabilities are conditioned on side information, eg on known output digits, it is shown that new or stronger correlations may occur This is exemplified for the summation cipher with two LFSRs where such correlations can be exploited in a known plaintext attack A cryptanalytic algorithm is given which is shown to be successful for LFSRs of considerable length and with arbitrary feedback connection

Cipher communicating method and cipher communicating system

Abstract: PURPOSE: To make it possible to cope with the transfer of the electronic mail without complicating a communication system by decoding a ciphered simple sentence by the terminal station itself on a transmission side based on the key sharing information for unknown destinations even when a receiver of electronic mail is not present on a destination. CONSTITUTION: A terminal station (i) transmitting ciphers generates the key of the transmission side based on not only the open information prepared by a central station 201, the station secret information but also the random number information Yi generated by the terminal station (i) on the transmission side and generates the key sharing information Xiy by further adding time information t. A terminal station (j) on the reception side confirms at first the validity of the reception time information (t), regards the information as a normal cipher and generates the key on the reception side based on the open information prepared by the central station 201, the station secret information, the received key sharing information Xij and the time information t. Next, whether the generated key of the reception side and the key generated at the terminal station (i) on the transmission side coincide or not is certified based on the ciphering communication. When they coincide, the sharing of the key is formed. COPYRIGHT: (C)1992,JPO&Japio

Portable cipher key storage device

Abstract: PURPOSE:To facilitate the disclosure key management and to improve the system efficiency by holding separately only a disclosure key of the other user used frequently in each user in a small scale list in addition of storage of a secret key. CONSTITUTION:A portable cipher key storage device (IC card) 7 is provided with a storage means 10 having a disclosure key storage area 10A of a comparatively small capacity which stores a secret key of the own device, and also, can store plural disclosure keys of the other device to which a communication is executed frequently. Accordingly, when the disclosure key of only the other device to which a communication is executed frequently is stored in the disclosure key storage area 10A of this storage means 10, a cipher communication can be executed to the other user by only the own disclosure key in many cases. In such a way, the management of the disclosure key is facilitated, and the system efficiency can be improved.

A General Purpose Technique for Locating Key Scheduling Weakness in DES-like Cryptosystems (Extended Abstract)

Abstract: The security of DES-style block ciphers rests largely upon their non-linear S-boxes. If different pairs of input data and key can produce identical inputs to all of a cipher's S-boxes, then for those pairs the system is weakened. A technique is described here which enables a cryptanalyst to find how many of these pairs, if any, exist for a given cryptosystem, and how to exploit those pairs under a chosen plaintext attack.

Key control system for id base file cipher in compliance with job form

Abstract: PURPOSE:To enhance the safety of key management and to facilitate the management by providing a means applying file ciphering or deciphering of a file based on a cipher key generated by an open public key and input information CONSTITUTION:An open public key 6 is generated from secrecy information 6-1 of a person in charge of each file 5 and a series of identification information 6-2 specifying the file and an open public key storage means 1 stores persons in charge of each file in advance Thus, the person in charge of each file 5 uses open public key 6 and an input means 2 receives the required privacy information 7-1 and identification information 7-2 of the file 5 and a key generating means 3 generates a cipher key 8 Thus, each manager generates the key 8 to access the file 5 of each employee by using the key Thus, the manager needs not to have a key corresponding to each employee, thus key control is made easy

Preventing system for illegal use of program

Abstract: PURPOSE:To prevent a program from being used illegally for other system than a user system for which it is supplied by enciphering the program by using an encipherment key inherent to a program user system for which the program is supplied. CONSTITUTION:In the case of supplying a program to a user system 7, a suppli er 4 of the program prepares the program 1 supplied to the user system 7 and an intrinsic encipherment key 2, and actuates an enciphering means 3. The enciphering means 3 executes an encipherment by using the program 1 and the encipherment key 2 and generates a system intrinsic encipherment supplying program 5. In the case a user 6 executes the program 5, a program executing means 11 is actuated, and an enciphered program decoding means 8 is actuated. In such a manner, the decoding means 8 inputs the system intrinsic encipherment supply program 5 and a system intrinsic cipher decoding key 9, and outputs a decoding program 10.

Transaction system security method and device

Abstract: PURPOSE: To give system security protection by realizing user permission in the form of an independent profile capable of being constitute and programmed by an application owner by following the production of an IC card. CONSTITUTION: The center of a cipher adapter card is a cipher module 31 which prevents intrusion for a storage device including a ciphering processor 85 and a cipher key. This adapter is controlled by a microprocessor 71 by using a secret memory in the form of RAM 73 and ROM 75. The cipher key is stored in RAM 73 maintained to be active by a battery 79 and a battery backup circuit 77. In order to interrupt an attack to this secret module, the circuit 77 is operated under an intrusion protecting and detecting circuit 81 detecting an access to the module 31 by a physical method. The microprocessor 71 uses RAM 83 being outside of the cipher module 31 in addition to the security memory.

Method for collating id number and its device

Abstract: PURPOSE:To provide an ID number collating method and its device in an information terminal equipment to be connected to an IC card and an ID number input device. CONSTITUTION:The ID number input device 120 computes a random number 130 formed by an IC card 100 and obtained through an information processing terminal 110 and an inputted ID number 136 by an arithmetic means 123, ciphers the computed result 137 by a ciphering means 122 and transmits the ciphered result to the terminal 110. Similarly to the device 120, the IC card 100 computes the random number 130 and a previously stored ID number 132 by an arithmetic means 106, and ciphers the result 133 by a ciphering means 104. The cipher data 134 are collated with cipher data obtained through the terminal 110 and the collated result is returned to the terminal 110.

Cipher using method and means therefor

Abstract: PURPOSE: To make a ciphering method to be used differ for every user. CONSTITUTION: When at a terminal 1A, a ciphering means 2A is given the instruction of a key sharing method, the ciphering means 2A ciphers a common key KS2 by an initial key KS1, and sends this cipher text C 2 to the terminal 1A. The terminal 1A sends C 2 to the terminal 1B, and the terminal 1B sends C 2 to the ciphering means 2B. The ciphering means 2B decodes C 2 by the initial key KS1, and obtains the common key KS2. In the terinals 1A and 1B, data is cipher-processed by the common key KS2 by each ciphering means 2A, 2B, and is sent to the terminal, and is sent to an opposite party. The ciphering means 2A, 2B can be exchanged to the terminals 1A, 1B, and another ciphering method can be used by exchanging the ciphering means. The terminal can not know what ciphering program is used. COPYRIGHT: (C)1992,JPO&Japio

Digit-control puzzle lock

Abstract: The utility model relates to a digit-control puzzle lock, comprising a keyboard, a code device, a pulse converter, a program counter, a memory, a single-way switch, a programmable controller, a comparison controller, a switch delayer, an electronic switch, a micro motor, a warning delayer, an alarm and an electrical source. The utility model adopts the techniques of digital encoding and memory; cipher is memoried; when an input cipher is the same as the cipher, the lock is opened; when the input cipher is not the same as the cipher, the alarm alarms; cipher is changed conveniently. The digit-control cipher lock adopts a CMOS digital integrated circuit and a new solid electronic device, the utility model has the advantages of compact structure, low power consumption and strong anti-interference capability; the digit-control cipher lock can be widely used for door locks, strongboxes and file cabinets.

Ic memory card system

Abstract: PURPOSE:To prevent the leakage of data by generating cipher data by mixing false data generated by converting true data into random number data, and making this code data capable of being written and read in/from an IC memory card. CONSTITUTION:In respect of a reader writer 200 which can read and write the data of the memory 110 of the IC memory card 100, the true data is converted into the random number data by a first encipherment means 240 by using a random number generating means 230, and the cipher data is generated from this random number data by a second encipherment means 250. Further, this cipher data is written in the memory 110 by a writing means 220, and this written data is read by a reading means 260, and is decoded by a decoding means 270.

Puzzling safety box

Abstract: This portable cipher safety case is composed of case body, destroying mechanism, electromagnetic lock, protection key and cipher keys, cipher circuit and the circuit protecting from loss and steal, can prevent it from being pried up, sawn, or shocked, and has cipher safety It also has a function of self destroying the checks and documents stored in it

Method of using the key, whichis coded in computer network, as the key identifier in data packet

Abstract: PURPOSE: To make it unnecessary to allow a key table memory to reside in an adapter by allowing each node in a network to have a specific master key, and enciphering a common key under each master key of the two nodes. CONSTITUTION: An adapter 40 is constituted of an adapter controller 31, memory controller 32, cipher function 33, medium access controller 34, and network interface 35. The cipher function 33 enciphers and/or calculates a maintenance inspection vector for a data packet to be outputted, or decodes an inputted data packet, and/or inspects the maintenance without using a key table memory of an adapter in a conventional technique. Each node is provided with a specific master key, and after negotiation for a common key is successfully executed in an operation, this common key is separately enciphered under each specific master key by an encipherment algorithm.

Enciphering method and deciphering method

Abstract: PURPOSE: To improve the communication throughput of enciphered data by using a buffer storage for both encipherment and non-encipherment processes and generating a cipher bit stream when it's needed for a system. CONSTITUTION: A plaintext message X is supplied to a mathematical function f1 that is shown in a block 41, and a cipher bit stream R is supplied to the block 41 and combined with the message X. Thus, a cipher text message Y is generated and sent to a similar block 51 included in a receiving device 50. An enchipherment mechanism (g) of a block 42 of a transmitting device 40 and a non-encipherment mechanism (g) of a block 52 of the device 50 previously generate the streams R and store them in the buffers 43 and 53 respectively. Therefore, the blocks 41 and 51 can immediately use the streams R when the plaintext and the cipher text are received. As a result, the throughput is improved for the encipherment and non-encipherment of data.

Telephone set with answer message selective function

Abstract: PURPOSE:To change an answer message in accordance with an action of an answer message sending-out person and other state of the other party, etc., by storing in advance plural answer messages in a telephone set, and selecting its answer message by an identification number from the telephone set itself or a telephone set of the outside. CONSTITUTION:In the case of selecting an answer message stored by an external telephone set 11, when an outgoing is executed to a telephone set body in which an automatic answering telephone mode set button 15 is in a depressed state, and '#2' is pushed as cipher information, an answer message selecting circuit 6 is switched, for instance, to a second storage part 8 from a selected storage part 7 by transferred cipher information. In the case of selecting the answer message from the telephone set 1, when one of answer message selection control button is pushed, cipher information corresponding to the pushed answer message selection control button is sent out to a cipher information recognizing circuit 3 from a cipher information storage part 4, and the storage parts 7, 8, 9 and 10 corresponding to the answer message selection control button are selected.

Cipher communication system

Abstract: PURPOSE: To arbitrarily set a cipher rule given in the case of executing a communication, whenever the communication is executed. CONSTITUTION: In a terminal interface part 2 attached or connected to an outgoing terminal 1, a cipher rule selector 6 for selecting one from plural cipher rules by generating a random number at the time of outgoing is prepared, and by a cipher rule number 5 for generating a cipher rule by the selected cipher rule number, a communication is enciphered and decoded. Also, a cipher rule number informing device 7 for informing the selected cipher rule number to an incoming side is provided, the cipher rule number received by a cipher rule number receiver 8 of the terminal interface 2 of the incoming side is given to a cipher rule generator 5, and by a cipher rule generated by the cipher rule generator 5, an encipherer 3 and a decoder 4 of the incoming side are operated. COPYRIGHT: (C)1993,JPO&Japio

Medical data accumulation management communication system

Abstract: PURPOSE:To protect the patient information from wiretapping and falsification of information by adding not only communication line encoding but also information source encipherment. CONSTITUTION:First of all, with respect to image data, information source encipherment is performed by an enciphering device 8, communication line encoding is executed by a communication line encoder 10, and its data is modulated 12, and thereafter, transmitted to a communication line 14. On the reception side, first of all, the data is demodulated 13, and thereafter, communication line decoding is executed by a communication decoder 11, information source decoding is performed by a decoder 9, and the data is returned to original image data. For instance, in the case of a single character conversion type cipher, at the time of enciphering the data, key codes a0, a1, and a2(43) in common as a medical image accumulation management communication system are given to the enciphering device 8, and inputs d0, d1-d7(41) to the enciphering device are enciphered. At the time of decoding the data, with respect to inputs f0, f1-f7(46) to the decoder 9 from the communication line decoder 11, key codes a0, a1, and a2(43) in common as the medical image accumulation management communication system are given to the decoder 9, and outputs e0, e1-e7(45) are decoded.

Simultaneous Attacks in Differential Cryptanalysis (Getting More Pairs Per Encryption)

Abstract: One aspect of differential cryptanalysis that appears to have been largely overlooked is the use of several differences to attack a cipher simultaneously. While the use of quartets and octets have been briefly described by Biham and Shamir [1], this was not carried to its logical conclusion — namely, how many different attacks can you use and still get an improvement. The issues involved are briefly covered here.