Showing papers on "Cipher published in 1994"

Weak keys for IDEA

Abstract: Large classes of weak keys have been found for the block cipher algorithm IDEA, previously known as IPES [2]. IDEA has a 128- bit key and encrypts blocks of 64 bits. For a class of 223 keys IDEA exhibits a linear factor. For a certain class of 235 keys the cipher has a global characteristic with probability 1. For another class of 251 keys only two encryptions and solving a set of 16 nonlinear boolean equations with 12 variables is sufficient to test if the used key belongs to this class. If it does, its particular value can be calculated efficiently. It is shown that the problem of weak keys can be eliminated by slightly modifying the key schedule of IDEA.

System and scheme of cipher communication

Abstract: A cipher communication system and scheme capable of realizing the cipher communication without affecting the already existing application programs and hardware, and establishing a synchronization at the start and end of the cipher communication. In the cipher communication, the session key generated by the key distribution center are obtained and shared at the first and second terminals at a timing of a request for establishing a cipher communication session between the first and second terminals, and then the cipher communication between the first and second terminals is carried out by using the shared session key. The synchronization at the start and end of the cipher communication is established by the matching of the synchronization data transmitted from the first terminal to second terminal or its enciphered form with the return data from the second terminal to the first terminal which is either the synchronization data as received at the second terminal, or its enciphered form depending on the communication state of the second terminal.

Objects to be checked for authenticity, and method and apparatus for checking whether or not objects are authentic

Abstract: An object to be checked contains a large number of magnetic polymer elements scattered at random. Each of magnetic polymer elements is made up of an element main body formed of a high molecular material, and magnetic metal powder contained in the element main body. The magnetic polymer elements are integrally incorporated in paper and tangled with the wood pulp fibers of the paper three-dimensionally. In the manufacturing process of the object, a processing apparatus magnetically scans the magnetic polymer elements incorporated in the scanning region of the object while moving the scanning region at a predetermined speed, converts a detection signal obtained by the magnetic scan into a cipher code, and records the cipher code in a code indicator section. In the authenticity checking process, the processing apparatus magnetically scans the magnetic polymer elements once again, and a detection signal obtained thereby is collated with the cipher code recorded in the code indicator section. When the detection signal and the cipher code agree with each other, the object is determined as being authentic.

Protocol failure in the escrowed encryption standard

Abstract: The Escrowed Encryption Standard (EES) defines a US Government family of cryptographic processors, popularly known as “Clipper” chips, intended to protect unclassified government and private-sector communications and data. A basic feature of key setup between pairs of EES processors involves the exchange of a “Law Enforcement Access Field” (LEAF) that contains an encrypted copy of the current session key. The LEAF is intended to facilitate government access to the cleartext of data encrypted under the system. Several aspects of the design of the EES, which employs a classified cipher algorithm and tamper-resistant hardware, attempt to make it infeasible to deploy the system without transmitting the LEAF. We evaluated the publicly released aspects of the EES protocols as well as a prototype version of a PCMCIA-based EES device. This paper outlines various techniques that enable cryptographic communication among EES processors without transmission of the valid LEAF. We identify two classes of techniques. The simplest allow communication only between pairs of “rogue” parties. The second, more complex methods permit rogue applications to take unilateral action to interoperate with legal EES users. We conclude with techniques that could make the fielded EES architecture more robust against these failures.

Enciphered communication system

Abstract: An enciphered communication system is provided which has a plurality of cipher keys selectively used for enciphering data, wherein even when a cipher key number used at a transmitting side is not correctly transmitted to a receiving side, the receiving side can change the cipher key to a correct one. A transmitter has appendant data affixing means for affixing appendant data to information to be enciphered, and a receiver has appendant data detecting means for detecting the appendant data from deciphered data, and cipher key determining means for successively changing the cipher key of the receiver when the appendant data is not accurately detected. Consequently, when the cipher key is changed, for example, the receiving side itself can restore data even if the cipher key number is not correctly transmitted thereto.

Properties of linear approximation tables

Abstract: Linear cryptanalysis is an attack that derives a linear approximation between bits of the plaintext, ciphertext and key. This global approximation is constructed from the linear approximation tables of the nonlinear mappings used by the cipher, usually the S-boxes, as in the case of DES. In this paper we will describe the distribution of these tables for bijective mappings (permutations), concentrating on the expected value of the largest entry, and use our results to construct Feistel ciphers provably resistant to linear cryptanalysis.

Using high-permeability magnetic elements randomly scattered in the objects

Abstract: An object to be checked has a scanning region which contains a large number of magnetic elements scattered at random. Each of the magnetic elements is made up of an element main body formed of a high molecular material, and magnetic metal powder contained in the element main body. A processing apparatus employed for checking whether or not the object is authentic has a magnetic sensor which is made up of a pair of MR elements and a magnet. The MR elements are arranged side by side in the direction in which the scanning region is scanned. In the manufacturing process of the object, a detection signal which is based on variations in the output ratio between the MR elements is produced, with the scanning region of the object being moved. The detection signal is converted into a cipher code, and this cipher code is recorded in a code indicator section. When the object is checked for authenticity, a detection signal obtained by scanning the scanning region is collated with the cipher code recorded in the code indicator section. When the detection signal and the cipher code agree with each other, the object is determined as being authentic.

Hardware arrangement for enciphering bit blocks while renewing a key at each iteration

Abstract: A plaintext is enciphered using a plurality of stages in tandem via a plurality of iterations. Each of the stages is arranged to perform a complex key-dependent computation. The stage includes a memory for storing a key. A cipher function circuit transposes, using the key, one block applied to the stage from a preceding stage. An exclusive-or circuit implements an exclusive-or operation of the output of the cipher function and the other block applied to the stage from the preceding stage. A unique arrangement is provided for transposing the output of the cipher function circuit and then applying the output thereof to the memory. Therefore, the key is replaced with the output of the unique arrangement.

On the security of the CAST encryption algorithm

Abstract: We examine a new private key encryption algorithm referred to as CAST. Specifically, we investigate the security of the cipher with respect to linear cryptanalysis. From our analysis we conclude that it is easy to select S-boxes so that an efficient implementation or the CAST algorithm is demonstrably resistant to linear cryptanalysis. >

Method and system of multistage referring data

Abstract: PURPOSE:To enable the reference of only specified partial data according to a reference processing stage of a data without complicating the processing of a data offer side. CONSTITUTION:The same number of cipher keys as the number of reference processing stages are generated or set beforehand in the data offer side 101, and when the data user ciphers the specified partial data corresponding to the reference processing stage by a cipher key corresponding to the reference processing stage, a ciphering partial data set ciphering all partial data referred after next stage by the cipher key corresponding to the reference processing stage is added to the specified partial data of the reference processing stage, and a processing ciphering a data set consisting of the specified partial data and the ciphering partial data set by the cipher key different from the next reference processing stage is performed by the same number of times as the number of reference processing stages, and the whole data set are ciphered to be offered to the data user, and the data user side 102 deciphers using the cipher key corresponding to the reference processing stage in order of the reference processing stage.

Advances in cryptology, EUROCRYPT '93 : Workshop on the Theory and Application of Cryptographic Techniques, Lofthus, Norway, May 23-27, 1993 : proceedings

Abstract: Authentication.- On the Relation Between A-Codes and Codes Correcting Independent Errors.- Optimal Authentication Systems.- Public Key.- Factoring Integers Using SIMD Sieves.- A New Elliptic Curve Based Analogue of RSA.- Weaknesses of a public-key cryptosystem based on factorizations of finite groups.- Block Ciphers.- Differentially uniform mappings for cryptography.- On Almost Perfect Nonlinear Permutations.- Two New Classes of Bent Functions.- Boolean functions satisfying a higher order strict avalanche criterion.- Secret Sharing.- Size of Shares and Probability of Cheating in Threshold Schemes.- Nonperfect Secret Sharing Schemes and Matroids.- Stream ciphers.- From the memoirs of a Norwegian cryptologist.- On the Linear Complexity of Products of Shift-Register Sequences.- Resynchronization Weaknesses in Synchronous Stream Ciphers.- Blind Synchronization of m-Sequences with Even Span.- On Constructions and Nonlinearity of Correlation Immune Functions.- Digital signatures.- Practical and Provably Secure Release of a Secret and Exchange of Signatures.- Subliminal Communication is Easy Using the DSA.- Can O.S.S. be Repaired? - Proposal for a New Practical Signature Scheme -.- Protocols I.- On a Limitation of BAN Logic.- Efficient Anonymous Channel and All/Nothing Election Scheme.- Untransferable Rights in a Client-Independent Server Environment.- Interactive Hashing Simplifies Zero-Knowledge Protocol Design.- Hash Functions.- One-Way Accumulators: A Decentralized Alternative to Digital Signatures.- The breaking of the AR Hash Function.- Collisions for the compression function of MD5.- How to Find and Avoid Collisions for the Knapsack Hash Function.- Payment Systems.- Single Term Off-Line Coins.- Improved Privacy in Wallets with Observers.- Distance-Bounding Protocols.- Cryptanalysis.- On the Distribution of Characteristics in Bijective Mappings.- On the Security of the IDEA Block Cipher.- Linear Cryptanalysis Method for DES Cipher.- New Types of Cryptanalytic Attacks Using Related Keys.- Protocols II.- Secret-Key Reconciliation by Public Discussion.- Global, Unpredictable Bit Generation Without Broadcast.- Rump Session.- On Schnorr's Preprocessing for Digital Signature Schemes.- Cryptanalysis of the Chang-Wu-Chen key distribution system.- An Alternate Explanation of two BAN-logic "failures".- The Consequences of Trust in Shared Secret Schemes.- Markov Ciphers and Alternating Groups.- On Key Distribution and Authentication in Mobile Radio Networks.

Ciphering communication system

Abstract: PURPOSE:To correct a ciphering key number at a receiver side even when the ciphering key number is not correctly reported to the receiver side with respect to the ciphering communication system having plural ciphering keys used to cipher data and using one of them switchingly at any time. CONSTITUTION:A transmitter 100 is provided with additional data addition means 101 adding any additional data to data to be ciphered, and a receiver 200 is provided with an additional data detection means 202 detecting the additional data from the data after decoding and a ciphering key discrimination means 203 revising sequentially the ciphering key of the receiver 200 when the additional data cannot normally be detected. Thus, even when the number of a ciphering key is not normally reported on the revision of a ciphering key, it is recovered by the receiver side only.

The design of substitution-permutation networks resistant to differential and linear cryptanalysis

Abstract: In this paper we examine a class of product ciphers referred to as substitution-permutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differential characteristic probability and on the probability of a linear approximation as a function of the number of rounds of substitutions. Further, it is shown that using large S-boxes with good diffusion characteristics and replacing the permutation between rounds by an appropriate linear transformation is effective in improving the cipher security in relation to these two attacks.

The MacGuffin block cipher algorithm

Abstract: This paper introduces MacGuffin, a 64 bit “codebook” block cipher. Many of its characteristics (block size, application domain, performance and implementation structure) are similar to those of the U.S. Data Encryption Standard (DES). It is based on a Feistel network, in which the cleartext is split into two sides with one side repeatedly modified according to a keyed function of the other. Previous block ciphers of this design, such as DES, operate on equal length sides. MacGuffin is unusual in that it is based on a generalized unbalanced Feistel network (GUFN) in which each round of the cipher modifies only 16 bits according to a function of the other 48. We describe the general characteristics of MacGuffin architecture and implementation and give a complete specification for the 32-round, 128-bit key version of the cipher.

Authenticity checking of objects

Abstract: An object to be checked contains a large number of magnetic polymer elements (12) scattered at random. Each of magnetic polymer elements (12) is made up of an element main body (13) formed of a high molecular material, and magnetic metal powder (14) contained in the element main body (13). The magnetic polymer elements (12) are integrally incorporated in paper and tangled with the wood pulp fibers of the paper three-dimensionally. In the manufacturing process of the object, a processing apparatus magnetically scans the magnetic polymer elements (12) incorporated in the scanning region of the object while moving the scanning region at a predetermined speed, converts a detection signal obtained by the magnetic scan into a cipher code, and records the cipher code in a code indicator section. In the authenticity checking process, the processing apparatus magnetically scans the magnetic polymer elements (12) once again, and a detection signal obtained thereby is collated with the cipher code recorded in the code indicator section. When the detection signal and the cipher code agree with each other, the object is determined as being authentic.

A method and apparatus for generating a digital message authentication code

Abstract: A method and apparatus for generating a message authentication code (mac) or integrity check value (icv) for a digital message to be transmitted by way of a telecommunications medium. Modular arithmetic to a prime modulus is utilised to combine message data and pseudo-random cipher data so as to produce a mac or icv which has a cryptographic strength comparable to that of the source of cipher data. The method for generating the mac can be performed iteratively, this being suitable for use with stream cipher encryption methods.

Program execution device

Abstract: PURPOSE:To prevent operation excepting for a sales region by comparing sales area information in a storage unit which is freely attachable and detachable to a main body unit and sales area information in the storage means of the main body unit by the execution of a basic program so as to judge the possibility of the execution of an application program CONSTITUTION:CPU 10 reads out and compares an area discrimination code in an area discrimination code storage memory 12 and an area corresponding code in a program memory 14 When they are coincident, the checking of an area code is started CPU 10 reads out and compares a cipher code for area discrimination in the area discrimination code storage memory 12 and the area code in the program memory 14 When they are coincident, CPU 10 starts the execution of a game program in the program memory 4 but when they are not coincident, CPU 10 executes a program excepting for the game program For example, the impossibility of the usage of this program is displayed

Method and apparatus for checking whether or not objects are authentic

Abstract: An object (10) to be checked has a scanning region (17) which contains a large number of magnetic elements (12) scattered at random. Each of the magnetic elements (12) is made up of an element main body formed of a high molecular material, and magnetic metal powder contained in the element main body. A processing apparatus (20) employed for checking whether or not the object (10) is authentic has a magnetic sensor (30) which is made up of a pair of MR elements (31,32) and a magnet (33). The MR elements (31,32) are arranged side by side in the direction in which the scanning region (17) is scanned. In the manufacturing process of the object (10), a detection signal which is based on variations in the output ratio between the MR elements (31,32) is produced, with the scanning region (17) of the object (10) being moved. The detection signal is converted into a cipher code, and this cipher code is recorded in a code indicator section. When the object (10) is checked for authenticity, a detection signal obtained by scanning the scanning region (17) is collated with the cipher code recorded in the code indicator section. When the detection signal and the cipher code agree with each other, the object (10) is determined as being authentic.

Transmitter and receiver and communication processing system

Abstract: PURPOSE: To cipher hierarchical data by decoding the hierarchical data from m-sets of cipher decoding means respectively so as to allow only a privileged person to view a video signal. CONSTITUTION: A hierarchical coder divides a video signal into two layers and encodes them respectively. A ciphering device 65 ciphers low quality hierarchical data 57 based on a setting signal 63 from a cipher security degree setting device 61 and gives the result to a synthesizer 77. A ciphering device 73 ciphers high quality hierarchical data 59 based on a setting signal 71 from a cipher security degree setting device 69 and gives the result to the synthesizer 77. The ciphering device 73 conducts ciphering with higher security than that of the device 65. Synthesis data 79 from the synthesizer 77 are converted into communication data 83 by a communication modem 81 and the data are sent to a receiver.

Code book cipher system

Abstract: A new system is proposed to enhance the security of a stream ciphering algorithm that is based on non-linear J-K flip flop networks (Pless's system). The new system incorporates a multiplexing algorithm with a Pseudorandom Number Generator (PNG) to generate a random sequence that is totally independent of the corresponding input sequence. This multiplexing algorithm can be achieved by using a 32 MByte Random Access Memory (RAM) code book filled with random sequences where the (25 bit) input sequence will specify the address of the output bytes. Although the RAM code book algorithm is very secure, another level of complexity is added using a non-linear arithmetic operation at the output stage where the message text (400 bits) will be added to a (320 bits) random key and then evaluated for a (320 bits) random base. Both, key and base, are generated by the code book which has a period of 10E110. The overall system is considered an NP-complete problem and it is very secure under plain-text attack. >

Cipher communication method and cipher communication system

Abstract: PURPOSE:To share a cipher key with plural communication parties in the multi- address communication by generating a cipher sentence key by means of a master key which is common to the system CONSTITUTION:A terminal 100 at the side of transmission ciphers a simple sentence 150 by a data key 151 A cipher sentence key 156 is generated based on a data key 151, address information 153 specifying a receiver, and master key 154 common to the system A communication sentence consisting of the address information 153, cipher sentence key 156, and cipher sentence 152 is sent to a communication network 130 A terminal 101 at the side of reception generates the data key 151 from the address information 153 and cipher sentence key 156 included in the received communication sentence by means of the master key 154 By means of the generated data key 151, the cipher sentence 152 is decoded to generate the simple sentence 150 In short, as master key 154 is common to the system, the same data key 151 can be used between the transmitter and receiver terminals In addition, the data key 151 is disposable and its safety is dependable

Cipher device and inter-terminal communication method using the cipher device

Abstract: PURPOSE: To reduce the load on a key management center, to facilitate ciphering of a secret key by means of an IC card, and to reduce the processing quantity and time even in a broadcast cipher communication mode. CONSTITUTION: A key manager 113 writes a secret key 126 into an external memory 111 and carries it to an IC card 106. When the secret key 126 is inputted to the card 106 from the memory 111, the key 126 is ciphered by a stored master key 121 and a card specific number 129. This ciphering result is outputted. A ciphered key 125 is written into an external memory 110 and managed by a user 130. When the user 130 performs the cipher communication with another user 131, the key 125 stored in the memory 110 is inputted to the card 106 and then coded and stored by the key 121 and the number 129. Then a session key is generated for the cipher communication and ciphered by the key 126. The session key is sent to the opposite party of communication, and the card 106 receives the ciphered session key and acquires a session key against the one that is decoded by the key 126. COPYRIGHT: (C)1996,JPO

Secret-file erasing method

Abstract: PURPOSE: To safely erase a specific file by using an encryption algorithm to prevent file contents from being retrieved by other users after erasing them. CONSTITUTION: A file 20 stored in a permanent storage medium 15 of a computer system 16 which prevents the file from being accessed by unauthorized persons is processed as follows; the stored file 20 is selected, and an erase command 11 is inputted, and a random key 21 is used to cipher the stored file 20, and the file 20 is operated by an encryption algorithm 13 to erase a file dictionary pointer 23 to the file 20 (14). At the time of reproducing the file, a method 10 reproduces the file dictionary point 23 to the file 20, and the random key 21 is used to decode the ciphered stored file 20 for the purpose of permitting the access to data included in the stored file 20.

How to break Gifford's cipher (extended abstract)

Abstract: We present. and implement a ,ciphertext-only algorithm to break Gifford’s cipher, a stream cipher designed in 1984 by David Gifford of MIT and used to encrypt New York Times and Associated Press wire reports. Applying linear algebra over finite fields, we exploit a time-space tradeoff to separately determine key segments derived from a decomposition of the feedback function. This work, the first proposed attack on Gifford’s cipher, illustrates a powerful attack on stream ciphers and shows that Gifford’s cipher is ill-suited for encrypting broadcast data in the MIT-based Boston Community In-, formation System (BCIS). Gifford’s cipher is a filter generator-a linear feedback shift register with nonlinear output. Our cryptanalytic problem is to determine the secret 64-bit initial fill, which is changed for each news article. Representing the feedback function as a binary matrix F, we decompose the vector space of register states into a direct sum of four F-invariant *Support for this research was provided in part by the University of Maryland Graduate School, Baltimore, through a 1991-92 Graduate Merit Fellowship. ‘Part of this work was carried out while Sherman was a member of the Institute for Advanced Computer Studies, University of Maryland College Park. Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association of Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. CCS ‘94 1 l/94 Fairfax Va.. USA

Block cipher processor

Abstract: PURPOSE:To enhance secrecy by section-dividing an input block to be subjected by an initial transposing part of a data randomizing par, moving a bit train in accordance with a key, and thereafter, and processing it in accordance with an intermediate key by plural stages of involution processing parts of a non- linear function part. CONSTITUTION:An input block of a plain text is divided in two by an initial transposing part of a data randomizing part 1, and also, each bit string is subjected to position movement by setting a key as an address becomes the left and the right blocks L, R, and is inputted to a first stage involution processing part 6. Subsequently, it is subjected to involution processing by a function corresponding to an intermediate key 1 formed, based on the key and the bit string is converted, the right and the left outputs R, L become the left and the right inputs L, R of the processing part 6 of the next respectively, and after the same repetition, from a reverse initial transposing part 5, a Fast Data Encipherment Algorithm (FEAL) cipher high in secrecy in outputted. Besides, decoding is also executed in the same way.

Public key stream ciphers

Abstract: Most public key ciphers, notably the RSA system, are block ciphers. Although ideal for many purposes, they are quite unsuitable for voice channel encoding where a stream cipher is needed. This paper introduces pubic key stream ciphers and gives details of the recently invented quadratic residue cipher (QRC) as an example.

Method and device for checking authenticity of object to be detected

Abstract: PURPOSE:To provide a method/device which are effective for the prevention of the forgery of an object to be detected, which do not become the generated source of noise and which do not cause a problem when a metallic line is embedded CONSTITUTION:Multiple magnetic polymer elements 12 are mixed in the scan area 17 of the object to be detected 10 at random The magnetic polymer elements 12 consist of element main bodies composed of high polymer material and of magnetic metallic powder contained in the element main bodies A processor 20 has a magnetic sensor 30 provided with a pair of MR elements 31 and 32 and a magnet 33 In a process for generating the object to be detected 10, a detection signal corresponding to the change of the output ratio of the respective MR elements 31 and 32, it is converted into a cipher code and the cipher code is recorded in a code display part while the scan area 17 of the object to be detected 10 is shifted At the time of judging the authenticity of the object to be detected 10, the detection signal obtained by scanning the scan area 17 is collated with the cipher code recorded in the code display part, and the object is judged to be authenticity when the signal and the code correspond each other

New information on the history of the siemens and halske t52 cipher machines

Abstract: Two earlier papers in Cryptologia [1, 2] described the WWII German on-line cipher machine known as T52. The circuit which controls the irregular movement of the cam wheels appeared in two forms and it seemed likely that alterations had been made. The reason for these alterations can now be explained. The paper which follows this one is from the person who made the changes.