Showing papers on "Cipher published in 1999"

The Boomerang Attack

Abstract: This paper describes a new differential-style attack, which we call the boomerang attack. This attack has several interesting applications. First, we disprove the of t-repeated claim that eliminating all high-probability differentials for the whole cipher is sufficient to guarantee security against differential attacks. Second, we show how to break COCONUT98, a cipher designed using decorrelation techniques to ensure provable security against differential attacks, with an advanced differential-style attack that needs just 216 adaptively chosen texts. Also, to illustrate the power of boomerang techniques, we give new attacks on Khufu-16, FEAL-6, and 16 rounds of CAST-256.

Slide Attacks

Abstract: It is a general belief among the designers of block-ciphers that even a relatively weak cipher may become very strong if its number of rounds is made very large. In this paper we describe a new generic known- (or sometimes chosen-) plaintext attack on product ciphers, which we call the slide attack and which in many cases is independent of the number of rounds of a cipher. We illustrate the power of this new tool by giving practical attacks on several recently designed ciphers: TREYFER, WAKE-ROFB, and variants of DES and Blowfish.

MARS - a candidate cipher for AES

Abstract: We describe MARS, a shared-key (symmetric) block cipher supporting 128-bit blocks and variable key size. MARS is designed to take advantage of the powerful operations supported in today’s computers, resulting in a much improved security/performance tradeoff over existing ciphers. As a result, MARS offers better security than triple DES while running significantly faster than single DES. The current C implementation runs at rates of about 65 Mbit/sec. on a 200 MHz Pentium-Pro, and 85 Mbit/sec. on a 200 MHz PowerPC. In hardware, MARS can achieve a 10 speedup factor. Still, both hardware and software implementations of MARS are remarkably compact, and easily fit on a smartcard and in other limited-resource environments. The combination of high security, high speed, and flexibility, makes MARS an excellent choice for the encryption needs of the information world well into the next century. MARS IBM submission to AES 1

Method for encrypting information and device for realization of the method

Abstract: The cryptographic system and method for securing data from unauthorized access includes, in one embodiment, an iterative probabilistic cipher for converting plaintext into ciphertext comprising at least two components, a core and a flag. A corresponding key and the core and flag may be output in one or more data channels. For each round of encryption additional keys, cores and flags can be generated. Unless all keys, cores and flags are known, no recovery of the plaintext can be possible.

Imprimitive Permutation Groups and Trapdoors in Iterated Block Ciphers

Abstract: An iterated block cipher can be regarded as a means of producing a set of permutations of a message space. Some properties of the group generated by the round functions of such a cipher are known to be of cryptanalytic interest. It is shown here that if this group acts imprimitively on the message space then there is an exploitable weakness in the cipher. It is demonstrated that a weakness of this type can be used to construct a trapdoor that may be difficult to detect. An example of a DES-like cipher, resistant to both linear and differential cryptanalysis that generates an imprimitive group and is easily broken, is given. Some implications for block cipher design are noted.

On the Construction of Variable-Input-Length Ciphers

Abstract: Whereas a block cipher enciphers messages of some one particular length (the blocklength), a variable-input-length cipher takes messages of varying (and preferably arbitrary) lengths. Still, the length of the ciphertext must equal the length of the plaintext. This paper introduces the problem of constructing such objects, and provides a practical solution. Our VIL mode of operation makes a variable-input-length cipher from any block cipher. The method is demonstrably secure in the provable-security sense of modern cryptography: we give a quantitative security analysis relating the difficulty of breaking the constructed (variable-input-length) cipher to the difficulty of breaking the underlying block cipher.

Physical coding sub-layer for transmission of data over multi-channel media

Abstract: A method and apparatus for transporting data over a plurality of serial channels. A plurality of parallel data word are generated from a parallel data word of greater width. The plurality of parallel data words are scrambled in a predetermined manner utilizing a side scrambler to generate a plurality of cipher data words. A first bit is generated for each channel as an exclusive OR function from the cipher data word in the respective channel. A second bit is generated for each channel as an exclusive or function of the respective cipher data word and certain control information. The first bit is appended to the cipher data word for the channel from which it was derived. The second bit is appended to the cipher data word for a channel other than the one from which it was derived. The cipher data word and the first and second bits comprise a parallel extended width information word. The extended width information words are serialized and transmitted across a plurality of serial data channels corresponding in number to the number of parallel extended width information words. Receive logic is provided for each serial channel which converts received serial data to parallel data, obtain word synchronization and achieves aligns the words received over the respective channels to assure avoid word skew misalignment across channels. The received data is descrambled and recombined in the receive logic to obtain the originally transmitted data word. Offset side scramblers are designed so as to reduce near end and far end crosstalk.

Key-Schedule Cryptanalysis of DEAL

Abstract: . DEAL is a six- or eight-round Luby-Rackoff cipher that uses DES as its round function, with allowed key lengths of 128, 192, and 256 bits. In this paper, we discuss two new results on the DEAL key schedule. First, we discuss the existence of equivalent keys for all three key lengths; pairs of equivalent keys in DEAL-128 require about 264 DES encryptions to find, while equivalent keys in DEAL-192 and DEAL-256 require only six or eight DES encryptions to find. Second, we discuss a new related-key attack on DEAL-192 and DEAL-256. This attack requires 233 related key queries, the same 3 plaintexts encrypted under each key, and may be implemented with a variety of time-memory tradeoffs; Given 3 × 269 bytes of memory, the attack requires 2113 DES encryptions, and given 3×245 bytes of memory, the attack requires 2137 DES encryptions. We conclude with some questions raised by the analysis.

Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)

Abstract: This document proposes the addition of new cipher suites to the TLS protocol [1] to support Kerberos-based authentication. Kerberos credentials are used to achieve mutual authentication and to establish a master secret which is subsequently used to secure client-server communication.

On the Security of CS-Cipher

Abstract: CS-Cipher is a block cipher which has been proposed at FSE 1998. It is a Markov cipher in which diffusion is performed by multipermutations. In this paper we first provide a formal treatment for differential, linear and truncated differential cryptanalysis, and we apply it to CS-Cipher in order to prove that there exists no good characteristic for these attacks. This holds under the approximation that all round keys of CS-Cipher are uniformly distributed and independent. For this we introduce some new technique for counting active Sboxes in computational networks by the Floyd-Warshall algorithm.

On the Decorrelated Fast Cipher (DFC) and Its Theory

Abstract: In the first part of this paper the decorrelation theory of Vaudenay is analysed. It is shown that the theory behind the proposed constructions does not guarantee security against state-of-the-art differential attacks. In the second part of this paper the proposed Decorrelated Fast Cipher (DFC), a candidate for the Advanced Encryption Standard, is analysed. It is argued that the cipher does not obtain provable security against a differential attack. Also, an attack on DFC reduced to 6 rounds is given.

Ic card using device, ic card, and storage medium

Abstract: PROBLEM TO BE SOLVED: To improve the safety by obstructing the leak of a key by analyzing an IC card device. SOLUTION: When PIN(personal identification number) data are inputted, an application software part 70 generates a temporary common key K used for cipher communication when the function of an IC card 20 is used and transfers the temporary common key K and inputted PIN data to the IC card 20. Thus, the cipher key which is temporarily effective is used only when the application software part 70 and IC card 20 are connected which hold no cipher key normally.

Unconditional Security in Cryptography

Abstract: The fact that most presently- used cryptosystems cannot be rigorously proven secure and hence permanently face the risk of being broken motivates the search for schemes with unconditional security. The corresponding proofs however must be based on information theory rather than complexity theory. One reason for this is the lack of known lower bounds on the running time of algorithms solving certain computational problems such as the discrete-logarithm problem or the integer-factoring problem. At the beginning of an information-theoretic analysis of cryptosystems stands Shannon's definition of perfect secrecy, unquestionably the strongest possible security definition, and his wellknown inequality giving a lower bound on the key length of every perfectly secret cipher, thus suggesting that such a high level of confidentiality cannot be realized in any practical scheme. This pessimism has later been qualified by several authors who showed that unconditional security can be achieved in many special but realistic scenarios. Some of these approaches are described in this introductory overview article.

The FPGA implementation of the RC6 and CAST-256 encryption algorithms

Abstract: The National Institute of Standards and Technology (NIST) in the U.S. has initiated a process to develop an Advanced Encryption Standard (AES) specifying a private-key encryption algorithm based on a 128-bit block size as a replacement for the Data Encryption Standard (DES). We investigate the efficiency of two AES candidates, RC6 and CAST-256, from the hardware implementation perspective with field programmable gate arrays (FPGAs) as the target technology. Our analysis and synthesis studies of the ciphers suggest that it would be desirable for FPGA implementations to have a simpler cipher design that makes use of simpler operations that not only possess good cryptographic properties, but also make the overall cipher design efficient from the hardware implementation perspective.

Processing method and apparatus for converting information from a first format into a second format

Abstract: A data processing method and apparatus are proposed for used in the encryption, decryption and authentication of messages. A memory for storing input information, a set of operations and a processor for executing the operations on the stored input information are provided. The input information is utilized to select the order and number of operations performed. The operations are devised such that any possible input string will be interpreted as a valid program and the memory is extensible. Furthermore, data is output as a function of the input information. As a result the state of the memory generated during execution is indeterminate prior to execution and the process evolves differently for each possible input string. Accordingly, the process performed by the module cannot be described by an algorithm. The method and apparatus according to the invention have a number of different applications particularly in the field of cryptography including a random number generator, a one way hash function generator or as a key generator for a cipher primitive in encryption and decryption.

Coding Theory and Cryptography: From Enigma and Geheimschreiber to Quantum Theory

Abstract: P Hilton 'Reminiscences and Reflections of a Codebreaker'- W T Tutte 'FISH and I'- F Weierud 'Sturgeon, The FISH BP Never Really Caught'- L Ulfving and F Weierud 'The Geheimschreiber Secret'- D Hatch 'Enigma and Purple: How the allies exploited enemy communications in WWII'- A Shokrollahi 'On the weight distribution of elliptic codes'- AShokrollahi 'Counting prime divisors on elliptic curves and efficient multiplication in finite fields'- A Shokrollahi 'On cyclic MDS codes'- AShokrollahi and S Gao 'Finding roots of polynomials over function fields'- D Joyner and S Shokranian 'Remarks on codes from modular curves: MAPLE applications'- J Cosgrave 'Teaching Number Theory and Cryptography using Maple'- B Wardlaw 'The RSA Public Key Cipher Algorithm '- T S Micheal he rigidity theorem of Hamada and Ohmori, revisited- S J Lomonaco 'Quantum Cryptography'

Information distributing device, receiving device and communication method

Abstract: PROBLEM TO BE SOLVED: To extend copy protection technique to a digital contents circulation by executing a transport protocol processing required for transferring contents information, creating a basic transport header which indicates that contents information is enciphered and transmitting a packet including desired information to a communication opposite party by way of a network. SOLUTION: MPEG4 data outputted from an MPEG4 data creating part 301 are enciphered by a data enciphering part 302. An authentication and key exchange processing part 311 generates a new cipher key for an enciphering processing in the case of the updating timing of the cipher key and gives it to the data enciphering part 302. Together with it, the value of information to be a source for generating a common key is increased and given to the part 302. The value of information to be the source for generating the common key is given from the part 302 to a cipher extension header giving part 304. An MPEG4 extending header is exempted from a ciphering object.

DES chip processor capable of executing data encryption standard (DES) operation

Abstract: A DES chip processor capable of executing 16 rounds of DES operation, comprises a gold key generator, an encipher/decipher unit, a mode selector, and an output multiplexer. The gold key generator is used to create a plurality of sub-keys for use in 16 rounds of encipher/decipher process. The encipher/decipher unit consists of an input buffer zone for temporary storage of data to be enciphered/deciphered; a cipher engine to obtain corresponding cipher text/plain text according to data input into the buffer zone by the gold key; cipher text buffer zone, for temporary storage of cipher text obtained by cipher engine; and plain text buffer zone for temporary storage of plain text obtained by cipher engine. Mode selector is used to receive in sequence the input to be enciphered and cipher text in cipher text buffer zone, and the input to be deciphered and plain text in plain text buffer zone, and carries out processing according to the selected encipher/decipher mode.

Safe distribution system for digital content

Abstract: PROBLEM TO BE SOLVED: To attain the safe distribution of the digital content by enciphering the digital content by means of the key information and a cipher algorithm and providing a service server, etc., to transmit the enciphered digital content and a header to a terminal device. SOLUTION: A terminal device 10 transfers an ID card of a user to a service server 12, receives the key information coincident with the ID card from the server 12 and stores the key information. Then the key information is received from the server 12 together with a protocol and the enciphered digital information requested by the user. The device 10 decodes and reproduces the digital content by means of the stored key information and a decoding algorithm. The server 12 generates a header consisting of the user's authorization information including a content cipher key and also adds the enciphered digital information into the header to generate a protocol that supports the protection of copyright.

Efficient homophonic coding

Abstract: Homophonic coding, or homophonic substitution, is referred to as a technique that contributes to reliability of the secret key cipher systems. Its main goal is to convert the plaintext into a sequence of completely random (equiprobable and independent) code letters. In solving this problem three characteristics are to be considered: (i) redundancy, defined as the difference between the mean codeword length and the source entropy, (ii) an average number of random bits used in encoding, and (iii) complexity of the encoder and decoder, measured by memory size (in bits) and computation time (in bit operations). A class of homophonic codes is suggested for which both the redundancy and the average number of random bits can be made as small as required with nonexponential growth of memory size and roughly logarithmic growth of computation time.

The bombe—a remarkable logic machine

Abstract: The bombe was an electromechanical machine devised by Alan Turing and Gordon Welchman for breaking the. German Enigma cipher in World War II. The way in which it used a reductio ad absurdum logic to reduce 263 possibilities to a few is a unique example of ingenious circuit design, which is described in detail. Its relationship to the Polish version of the ‘bombe’ is explored. The importance of the diagonal board is shown as is the threat that this device faced from the German's use of the ‘Enigma-Uhr’.

Method and device for communication

Abstract: PROBLEM TO BE SOLVED: To fast perform key exchange in the case of performing cipher communication using a key in a network in which secrecy is not guaranteed. SOLUTION: The processing quantity needed for key exchange processing is reduced by using a key exchanged by using a network in which secrecy where there is seldom a possibility of being intercepted by a third person is guaranteed as the key of the cipher communication so as to eliminate the used for performing intensive cipher processing to the key itself. COPYRIGHT: (C)2001,JPO

Storage medium and cosntents managing method using the medium

Abstract: PROBLEM TO BE SOLVED: To surely detect and make ineffective a device which has a problem and to use discrimination information characteristic of an unusable storage medium to cipher or decipher contents or a contents key when a device which is not made ineffective is made ineffective. SOLUTION: In an open ROM area 132 secured on a PM (storage medium) 13, a revocation list RL is previously registered and when the PM 13 is used to record contents by, for example, an LCM (contents use management system) 1, a controller 130 of the PM 13 receives discrimination information IDLCM (ciphered information of which) of the LCM 1, refers to the list RL according to the information, and decides whether or not the LCM 1 is made ineffective according to the reference result. Only when it is decided that the LCM is not made ineffective, a media key KM made secret in a secret area 134 is (ciphered and) passed to the LCM 1 and used to cipher the contents key KC.

Cipher radio communication equipment

Abstract: PROBLEM TO BE SOLVED: To independently execute security management in each organization user (e.g. a company) while using the same machine type of terminal equipment, control stations and base stations in radio communication. SOLUTION: A radio communication equipment consists of plural terminal equipments 1 for transmitting/receiving information, plural control stations 2 for transmitting/receiving information and executing security management and at least one base station 3 for transmitting/receiving radio waves. Each control station 2 generates a 1st cipher key different in each terminal equipment and a 2nd cipher key different in each communication group. The control station 2 is arranged close to a corresponding terminal equipment and electrically connected to the terminal to store the 1st cipher key in the corresponding terminal equipment. The 2nd cipher key is ciphered by the 1st cipher key and distributed. Application information is ciphered by the 2nd cipher key and transmitted. Before using the radio communication device by a certain organized user after shipping it from a plant, the 1st cipher key can be secretly packaged. Since the 2nd cipher key to be used for group communication can be wirelessly distributed, the secrecy of communication can be individually maintained in each organized user.

Information processing method, information processor and recording medium storing information processing program

Abstract: PROBLEM TO BE SOLVED: To prevent data from being illegally decoded by another person by providing a processor for binding a scholar feature vector from biometrics data, a processing for calculating a key to be used for cipher decoding processing, based on the feature vector, a processor for decoding data by using the key, etc. SOLUTION: A cryptograph key calculation part 4 calculates a cipher decoding key for decoding data based on the scholar feature vector called a fingerprint characteristic value bound by a fingerprint characteristic value calculation part 3. A data enciphering part 5 executes enciphering processing by using the calculated key, and the obtained cipher is stored in an enciphered data storing part 6. In decoding the stored enciphered data, a user inputs the same fingerprint to a fingerprint sensor 10 and the fingerprint characteristic value is similarly calculated. Based on the characteristic value, the part 4 calculates a key to be used for decoding and a data decoding part 7 executes decoding processing by using the stored enciphered data and this key.

Attacks on MacDES MAC algorithm

Abstract: Two new attacks are given on a cipher block chaining-message authentication code algorithm which is in the final stages of being standardised as MAC algorithm 4 in ISO/IEC FDIS 9797-1. The attacks are significantly more efficient than previously known attacks, which means that the inclusion of this scheme in the standard will need to be reconsidered.

Cipher communication system

Abstract: PROBLEM TO BE SOLVED: To minimize the burden on a manager despite a large and complicated network constitution and to prevent the cipher communication and wrong accesses by using a key retrieval packet to collect the key information on the cipher devices placed on an inter-terminal communication path, learning automatically the cipher key information based on those collected key information and then enciphering and decoding the communication data and also relaying transmissively these data between the terminals via every cipher device. SOLUTION: When a cipher device 1 receives communication data from a local port 7, a transmission/reception processing part 9 of the local port side retrieves whether or not the processing method is registered on a cipher key table 8 to deal with both destination and transmitter terminal addresses of the communication data. If the processing method is registered, the part 9 hands over its processing to a decoding processing part 2, a transmissive relay processing part 3 or a disuse processing part 4. Receiving the communication data, a transmission/reception processing part 10 transfers the data to a public port 5 to transmit them. In the same way, a retrieval operation is performed via the table 8 even when the device 1 receives the communication data from the port 5.

An analysis of the CAST-256 cipher

Abstract: We examine the cryptographic security of the CAST-256 symmetric block encryption algorithm. The CAST-256 cipher has been proposed as a candidate for the Advanced Encryption Standard currently under consideration by the U.S. National Institute of Standards and Technology (NTST). It has been designed for a 128-bit block size and variable key sizes of up to 256 bits to suit AES requirements. We specifically consider the cryptographic security of the cipher in relation to the cryptanalytic property of diffusion and the cryptanalysis techniques of linear and differential cryptanalysis.

Recordable optical disk encrypted with disk identification and multiple keys

Abstract: An optical disk recordable by a recording device and having first and second recording areas, the second recording area having recorded therein disk identification information unique to the disk, and multiple cipher keys, the first recording area being capable of having recorded therein information that is encrypted by using the disk identification information and one of the multiple cipher keys during recording.

Cipher communication system

Abstract: PROBLEM TO BE SOLVED: To provide key synchronization in a short time by transmitting a random number generated by a random number generation means to a decoder, nonlinearly or linearly transforming the random number by a key stored in a key storage part and setting it as a cipher key SOLUTION: A ciphering part 28 appropriately generates the random number of n bits in a random number generation part 29 so as to take the key synchronization, sets it to the head of a data frame and simultaneously outputs it to a nonlinear or linear transformation part 33 The nonlinear or linear transformation part 33 linearly or nonlinearly transforms the random number of n bits by using the key stored in the key storage part 31 and outputs it to a synchronization type key stream cipher part 35 The synchronization type key stream cipher part 35 sets output from the nonlinear or linear transformation part 33 as a ciphering key and ciphers a plain sentence by using the key The ciphered plain sentence (cipher sentence) is outputted following the random number of n bits of the data frame during m bits until the random number generation part 29 generates the next random number Thus, the key synchronization is realized by a small hardware scale