Showing papers on "Cipher published in 2001"

Security Weaknesses in Bluetooth

Abstract: We point to three types of potential vulnerabilities in the Bluetooth standard, version 1.0B. The first vulnerability opens up the system to an attack in which an adversary under certain circumstances is able to determine the key exchanged by two victim devices, making eavesdropping and impersonation possible. This can be done either by exhaustively searching all possible PINs (but without interacting with the victim devices), or by mounting a so-called middle-person attack. We show that one part of the key exchange protocol - an exponential back-off method employed in case of incorrect PIN usage - adds no security, but in fact benefits an attacker. The second vulnerability makes possible an attack - which we call a location attack - in which an attacker is able to identify and determine the geographic location of victim devices. This, in turn, can be used for industrial espionage, blackmail, and other undesirable activities. The third vulnerability concerns the cipher. We show two attacks on the cipher, and one attack on the use of the cipher. The former two do not pose any practical threat, but the latter is serious. We conclude by exhibiting a range of methods that can be employed to strengthen the protocol and prevent the newly discovered attacks. Our suggested alterations are simple, and are expected to be possible to be implemented without major modifications.

The KHAZAD Legacy-Level Block Cipher

Abstract: Khazad is a 64-bit (legacy-level) block cipher that accepts a 128-bit key The cipher is a uniform substitution-permutation network whose inverse only differs from the forward operation in the key schedule The overall cipher design follows the Wide Trail strategy, favours component reuse, and permits a wide variety of implementation tradeoffs

CryptoManiac: a fast flexible architecture for secure communication

Abstract: The growth of the Internet as a vehicle for secure communication and electronic commerce has brought cryptographic processing performance to the forefront of high throughput system design. This trend will be further underscored with the widespread adoption of secure protocols such as secure IP (IPSEC) and virtual private networks (VPNs).In this paper, we introduce the CryptoManiac processor, a fast and flexible co-processor for cryptographic workloads. Our design is extremely efficient; we present analysis of a 0.25um physical design that runs the standard Rijndael cipher algorithm 2.25 times faster than a 600MHz Alpha 21264 processor. Moreover, our implementation requires 1/100th the area and power in the same technology. We demonstrate that the performance of our design rivals a state-of-the-art dedicated hardware implementation of the 3DES (triple DES) algorithm, while retaining the flexibility to simultaneously support multiple cipher algorithms. Finally, we define a scalable system architecture that combines CryptoManiac processing elements to exploit inter-session and inter-packet parallelism available in many communication protocols. Using I/O traces and detailed timing simulation, we show that chip multiprocessor configurations can effectively service high throughput applications including secure web and disk I/O processing.

Two Methods of Rijndael Implementation in Reconfigurable Hardware

Abstract: This paper presents an evaluation of the Rijndael cipher, the Advanced Encryption Standard winner, from the viewpoint of its implementation in a Field Programmable Devices (FPD). Starting with an analysis of algorithm's general characteristics a general cipher structure is described. Two different methods of Rijndael algorithm mapping to FPD are analyzed and suitability of available FPD families is evaluated. Finally, results of proposed mapping implemented in Altera FLEX, ACEX and APEX FPD are presented and compared with the fastest known Xilinx FPGA implementation. Results obtained are significantly faster than that of other implementations known up to now.

Fast Implementation and Fair Comparison of the Final Candidates for Advanced Encryption Standard Using Field Programmable Gate Arrays

Abstract: The results of fast implementations of all five AES final candidates using Virtex Xilinx Field Programmable Gate Arrays are presented and analyzed. Performance of several alternative hardware architectures is discussed and compared. One architecture optimum from the point of view of the throughput to area ratio is selected for each of the two major types of block cipher modes. For feedback cipher modes, all AES candidates have been implemented using the basic iterative architecture, and achieved speeds ranging from 61 Mbit/s for Mars to 431 Mbit/s for Serpent. For non-feedback cipher modes, four AES candidates have been implemented using a high-throughput architecture with pipelining inside and outside of cipher rounds, and achieved speeds ranging from 12.2 Gbit/s for Rijndael to 16.8 Gbit/s for Serpent. A new methodology for a fair comparison of the hardware performance of secret-key block ciphers has been developed and contrasted with methodology used by the NSA team.

The Rijndael block cipher (AES proposal) : a comparison with DES

Abstract: In October 2000, after three years of competition between 15 candidate algorithms, the National Standards and Technology (NIST) chose the Rijndael algorithm to be adopted as Advanced Encryption Standard (AES) by the U.S. Department of Commerce, replacing to Data Encryption Algorithm (DES), which has been the standard since 1977. The authors analyze the structure and design of new AES, following three criteria: a) resistance against all known attacks; b) speed and code compactness on a wide range of platforms; and c) design simplicity; as well as its similarities and dissimilarities with other symmetric ciphers. On the other side, the principal advantages of new AES with respect to DES and T-DES, as well as its limitations, are investigated. Thus, for example, the fact that the new cipher and its inverse use different components, which practically eliminates the possibility for weak and semi-weak keys, as existing for DES, and the non-linearity of the key expansion, which practically eliminates the possibility of equivalent keys, are two of the principal advantages of new cipher. Finally, the implementation aspects of Rijndael cipher and its inverse are treated. Thus, although Rijndael is well suited to be implemented efficiently on a wide range of processors and in dedicated hardware, we have concentrated our study on 8-bit processors, typical for current smart cards and on 32-bit processors, typical for PCs.

Absolute public key cryptographic system and method surviving private-key compromise with other advantages

Abstract: The present invention presents a public key cryptographic system and method called Absolute Public Key Cryptography that survives private key compromise and offers two-way communication security. Communications are secured even when the private key is revealed. It provides security to the private-to-public side communications and also allows short keys to be used with mobile devices that have low processing power. The system uses keys with two or more components and encrypts a message into the same number of cipher versions. The cipher versions are delivered to the destination in source routing mode, or hop-by-hop routing mode with a small time gap. The recipient performs certain mathematical operations on all the cipher versions and obtains the original message. All the versions are necessary for obtaining the original message. Even a single version missing leads to produce a junk for an attacker. As an attacker at an intermediary IP router can not have all the cipher versions available, he can not obtain the original message even when he knows the private key. This is why the system is called Absolute Public Key Cryptography. The robustness against private key compromise is achieved by blinding the public key through adding a random number to each of its components before encryption. When the encryption process is complete, the random number is discarded and the cipher versions are delivered to the recipient. The effect of blinding is made void by the actual intended recipient, who has all the cipher versions available. Robustness is also achieved another way, that is, by choosing the encrypting key such that each of its components has a common factor with Euler Totient Function of the key modulus, and there is no common factor among all the components. This makes it harder for an attacker to decrypt a single cipher version of the message into the original message and thereby allows smaller keys to be used for mobile communications. Communication in both directions is secured by using two different key pairs, one for public-to-private-side and the other for private-to-public-side communications.

Fast implementations of secret-key block ciphers using mixed inner- and outer-round pipelining

Abstract: The new design methodology for secret-key block ciphers, based on introducing an optimum number of pipeline stages inside of a cipher round is presented and evaluated. This methodology is applied to five well-known modern ciphers, Triple DES, Rijndael, RC6, Serpent, and Twofish, with the goal to first obtain the architecture with the optimum throughput to area ratio, and then the architecture with the highest possible throughput. All ciphers are modeled in VHDL, and implemented using Xilinx Virtex FPGA devices. It is demonstrated that all investigated ciphers can operate with similar maximum clock frequencies, in the range from 95 to 131 MHz, limited only by the delay of a single CLB layer and delays of interconnects. Rijndael, RC6, Twofish, and Serpent achieve throughputs in the range from 12.1 Gbit/s to 16.8 Gbit/s; and Triple DES achieves the throughput of 7.5 Gbit/s. Because of the optimum speed to cost ratio, the proposed architecture seems to be very well suited for practical implementations of secret-key block ciphers using both FPGAs and custom ASICs. We also show that using this architecture for comparing hardware performance of secret-key block ciphers, such as AES candidates, operating in non-feedback cipher modes, leads to the more prudent and fairer analysis than comparisons based on other types of pipelined architectures.

Scheme for transferring copyright protected contents data using radio link layer authentication/encryption

Abstract: Between a transmitting device and a receiving device, a first authentication and key exchange procedure depending on a radio link layer network is carried out, and then a whole or a part of a second authentication and key exchange procedure depending on the copyright protected contents data is carried out by using the cipher communication using a first encryption key that is shared between the transmitting device and the receiving device by the first authentication and key exchange procedure, so that the contents data transfer by the cipher communication using a second encryption key can be carried out only between legitimate pair of the transmitting device and the receiving device that can successfully complete the first authentication.

Methods for encrypting and decrypting electronically stored medical records and other digital documents for secure storage, retrieval and sharing of such documents

Abstract: Methods and systems for encrypting and decrypting electronic files and then limiting the ability to copy, alter or send the decrypted information so as to preserve the integrity of the file. The encryption and decryption systems involve an essentially symmetric cipher or key system in which the same key is used to both encrypt the original plaintext and decrypt the resulting ciphertext. The key, or cipher, includes public and private components. The “public key” is typically stored and sent together with the encrypted file in the form of a unique file type that includes the public key appended to the front encrypted file portion. A new public key is typically generated for each electronic file that is encrypted. The “private key” is known only to the encrypting and decrypting parties and may be used to encrypt and decrypt multiple files, or it may be uniquely generated for each encrypted file. It may be hard-coded within the decryption software provided to the decrypting party, or it may be obtained by means of a secure password-protected login procedure. The software utilized in decrypting the encrypted file may also provide limited output, such as merely the ability to view and/or print a hard copy of the decrypted file.

Slide Attacks with a Known-Plaintext Cryptanalysis

Abstract: Although many strong cryptanalytic tools exploit weaknesses in the data-randomizing part of a block cipher, relatively few general tools for cryptanalyzing on the other part, the key scheduling part, are known. A slide attack is an instance of attacks exploiting the keyschedule weakness. In this paper, currently proposed slide attacks can be still enhanced so that all currently published known-plaintext analytic technique can be applied to smaller part of a cipher with a weak keyscheduling part. As an example, we demonstrate applications of a slide attack to linear cryptanalysis, a DES variant case. In addition, we also show that our enhancement enables to declassify the unknown primitive used in a block cipher. We test a block cipher, GOST, and show how to de-classify the hidden 4-bit substitution tables.

Encryption method and apparatus with forward secrecy and random-access key updating method

Abstract: An encryption method and apparatus that provides forward secrecy, by updating the key using a one-way function after each encryption. By providing forward secrecy within a cipher, rather than through a key management system, forward secrecy may be added to cryptographic systems and protocols by using the cipher within an existing framework. A random-access key updating method can efficiently generate one or more future keys in any order. Embodiments are applicable to forward secret ciphers that are used to protect protocols with unreliable transport, to ciphers that are used in multicast or other group settings, and to protection of packets using the IPSec protocols.

Square Attack on Reduced Camellia Cipher

Abstract: Camellia block cipher, which is 128-bit block size and supports 128-, 192- and 256-bit keys, is one of the NESSIE (New European Schemes for Signatures, Integrity and Encryption) candidates. The Square attack on Camellia is studied in this paper. With the detail analysis of round function in Camellia, Square attack extension to 6 rounds faster than exhaustive key search was found. The result of the paper shows that Square attack is the best attack on Camellia.

A Technique with an Information-Theoretic Basis for Protecting Secret Data from Differential Power Attacks

Abstract: The classic "black-box" view of cryptographic devices such as smart cards has been invalidated by the advent of the technique of Differential Power Analysis (DPA) for observing intermediate variables during normal operation through side-channel observations. An information-theoretic approach leads to optimal DPA attacks and can provide an upper bound on the rate of information leakage, and thus provides a sound basis for evaluating countermeasures. This paper presents a novel technique of random affine mappings as a DPA countermeasure. The technique increases the number of intermediate variables that must be observed before gleaning any secret information and randomly varies these variables on every run. This is done without duplication of the processing of variables, allowing very efficient DPA resistant cipher implementations where the ciphers are designed to minimise overheads. A real-world system has been developed within the tight computational constraints of a smart card to exhibit first-order DPA-resistance for all key processing.

Content distribution system

Abstract: A content distribution system includes a data processing apparatus of a user for receiving a content supplied from a content transmitter, a data processing apparatus of a third party trusted by both the content transmitter and the user, and a communications network connecting the data processing apparatuses of the user and the third party for mutual data communication The data processing apparatus of the user is provided with a tamper-resistant device storing data inaccessible from outside The data processing apparatus of the third party transmits first data to the data processing apparatus of the user, wherein the first data relates to an encryption key that decodes a cipher generated by the content transmitter The encryption key is obtained only within the tamper-resistant device The tamper-resistant device decodes the cipher by using the first data from the data processing apparatus of the third party

The Saturation Attack - A Bait for Twofish

Abstract: This paper introduces the notion of a "saturation attack". Consider a permutation p over w-bit words. If p is applied to all 2w disjoint words, the set of outputs is exactly the same as the set of inputs. A saturation attack exploits this fact. The current paper applies saturation attacks on reduced-round variants of the Twofish block cipher with up to seven rounds with full whitening or eight rounds without whitening at the end (i.e., half of the cipher). The attacks take up to 2127 chosen plaintexts (half of the codebook) and are 2-4 times faster than exhaustive search. The attacks are based on key-independent distinguishers for up to six rounds of Twofish, making extensive use of saturation properties.

Optimized Self-Synchronizing Mode of Operation

Abstract: Modes of operation adapt block ciphers to many applications. Among the encryption modes, only CFB (Cipher Feedback) has both of the following properties: Firstly it allows transmission units shorter than the block-cipher length to be encrypted and sent without delay and message expansion. Secondly, it can resynchronize after the loss of such transmission units.However, CFB is inefficient in such applications, since for every transmission unit, regardless how short, a call to the block cipher is needed. We propose a new mode of operation based on CFB which remedies this problem. Our proposal, OCFB, is almost optimally efficient (i.e., almost as many message bits are encrypted as block-cipher output bits produced) and it can self-synchronize after the loss or insertion of transmission units. We prove the security of CFB and OCFB in the sense of modern cryptography.

Configurable hardware implementation of triple-DES encryption algorithm for wireless local area network

Abstract: This paper presents three implementations of triple data encryption standard (3DES) algorithm on a configurable platform. Implementations are aimed at the medium access control (MAC) protocol of a multimedia-capable wireless local area network (WLAN). For this reason, very strict timing constraints as well as demands for area-efficiency are present. The MAC processing is handled by a digital signal processor (DSP) and a Xilinx Virtex field programmable gate array (FPGA) chip. The latter one is also used for the presented encryption implementations. As a result of the study, 3DES implementations with small area and reasonable throughput and, on the contrary, with large area and very high throughput are realized. Even though 3DES turns out to be quite large and resource-demanding, the implementations still leave enough chip area for the other MAC functions. Consequently, the set requirements are met and the cipher can be integrated into the system.

End to end real-time encrypting process of a mobile commerce wap data transmission section and the module of the same

Abstract: An end to end real-time encrypting process of a mobile commerce WAP data transmission section and the module of the same are disclosed. The wireless application environment (WAE) is used as a technical platform. An information encryption code security system matching a public key infrastructure is installed in the WML server end. This system includes a handset software encryption and decryption module, a cipher server, and a key management. The added cipher server dynamically downloads a public key using the HTTP service through a WAP gateway of WAN, GSM/GPRS/CDMA and other digital mobile system. When the user is desired to execute an M-commerce, the user may input commerce service according WML and then the input data is up-linked through an encryption and decryption process of the handset encryption and decryption module. After the information transfers to the WML server, it is decrypted by a public key.

Formal Security Proofs for a Signature Scheme with Partial Message Recovery

Abstract: The Pintsov-Vanstone signature scheme with partial message recovery (PVSSR) is a signature scheme with low message expansion (overhead) and variable length recoverable and non-recoverable message parts The scheme uses three cryptographic primitives: a symmetric cipher, hash function and an elliptic curve group We give three security proofs for PVSSR in this paper Each proof makes a concrete and necessary assumption about one primitive, and models the other two primitives by idealizations Thus, PVSSR with a strong cipher may offer greater security than other common variants of ElGamal signatures

Universal electronic information network authentication system and method

Abstract: A universal authentication system and method for electronic information network features use of client/server mode to ensure the network information security. It is characterised by that user accounting plus cipher for authentication, network signature and authentication, transmission of 128-bid random key(s) between users, electronic seal, high-security information sharing, and monodirectional or bidirectional authentication between two users.

Chaos for Stream Cipher

Abstract: This paper discusses mixing of chaotic systems as a dependable method for secure communication. Distribution of the entropy function for steady state as well as plaintext input sequences are analyzed. It is shown that the mixing of chaotic sequences results in a sequence that does not have any state dependence on the information encrypted by them. The generated output states of such a cipher approach the theoretical maximum for both complexity measures and cycle length. These features are then compared with some popular ciphers.

Invitation to cryptology

Abstract: 1. Origins, Examples, and Ideas in Cryptology. A Crypto-Chronology. Cryptology and Mathematics: Functions. Crypto: Models, Maxims, and Mystique. 2. Classical Cryptographic Techniques. Shift Ciphers and Modular Arithmetic. Affine Ciphers More Modular Arithmetic. Substitution Ciphers. Transposition Ciphers. Polyalphabetic Substitutions. Probability and Expectation. The Friedman and Kasiski Tests. Cryptanalysis of the Vingenere Cipher. The Hill Cipher Matrices. 3. Symmetric Computer-Based Cryptology. Number Representation. Boolean and Numerical Functions. Computational Complexity. Stream Ciphers and Feedback Shift Registers. Block Ciphers. Hash Functions. 4. Public-Key Cryptography. Primes, Factorization, and the Euclidean Algorithm. The Merkle-Hellman Knapsack. Fermat's Little Theorem. The RSA Public-Key Cryptosystem. Key Agreement. Digital Signatures. Zero-Knowledge Identification Protocols. 5. Case Studies and Issues. Case Study I: DES. Case Study II: PGP. Public-Key Infrastructure. Law and Issues Regarding Cryptography. Glossary. Bibliography. Table of Primes. Answers to Selected Exercises. Index.

Method and apparatus for simultaneous encryption and decryption of publicly distributed media

Abstract: The present invention provides secure communication from one encryption domain to another using a trusted module. In one embodiment, the invention includes generating a cipher stream based on a first key for encrypted streamed content, and generating a second cipher stream based on a second key to re-encrypt the streamed content. The invention further includes receiving the encrypted streamed content, simultaneously decrypting and re-encrypting the encrypted content using a combination of the first and the second cipher streams and conveying the re-encrypted content to a sink.

Cryptographic Modes of Operation for the Internet

Abstract: Modes that may be appropriate and secure in one application or environment some­ times fail badly in others. This is especially true of stream modes where, e.g., re-use of the same segment of keystream to protect different plaintext renders the cipher inse­ cure. The circumstances that can render a mode insecure are not always obvious, nor are the relevant characteristics of a particular application always apparent. Application and protocol designers, even those with experience and training in cryptography, cannot be expected to always identify accurately the requirements that must be met for a mode to be used securely or the conditions that apply to the applica­ tion at hand. We strongly urge that, for each adopted mode, the standard include a clear statement of the requirements and assumptions that must be met in order for the mode to be used securely and what security properties the mode can be assumed to have and not have. Furthermore, we urge that detailed examples of acceptable and unacceptable application for each mode be provided as well. In this draft, we discuss some of the security properties, and pitfalls, of several pro­ posed stream modes, and we note several ways in which these modes would be difficult to use securely in the context of Internet Network-, Transportand Application-layer protocols

Concealed electronic cipher remote controller

Abstract: The invention provides a kind of hidden electron code remote controller, which belongs to a kind of anti-burglary device in electron information technology field. It is made up of a host machine on door or other controlled part and the electron key in user. The host machine includes electron switch circuit, receiving and transmitting control circuit, transmitting circuit, receiving circuit and decoding circuit; the electron key includes receiving and transmitting control circuit, transmitting circuit, receiving circuit and coding circuit. The uses presses the electron switch circuit on the host machine, its receiving and transmitting control circuit control the transmitting circuit to transmit special signal, the electron key receives and transmits another special cipher, the host machine receives the cipher and outputs control signal to unlock the door or other appliance. It changes the unidirectional control mode which using remote controller to transmit cipher, and using the host machine to receive and output control signal, it is changed into two-way affirmation technology.

Client device and network printing system

Abstract: PROBLEM TO BE SOLVED: To prevent leakage of secrets during the network transfer of a printing data, to shorten processing times when protection of secrets is unnecessary, and to prevent increase in the amount of data. SOLUTION: When 'an automatic judgment' is selected (affirmative decision in step 106), it is determined whether or not the Internet is required by the communication protocol and an output port corresponding to an output side printer (steps 108, 110) and whether or not the client device and the output side printer are the same sub-net (step 120). Thereby, it is decided as to whether encipherment is required. In the case 'encipherment is to be carried out to transmit' is selected (affirmation decision in step 126), at the time of encipherment of step 122, encipherment is carried out by the selected cipher kind. In the case a plurality of kinds are used in combination (affirmative decision in step 128), the kind of cipher used is changed every at a predetermined data unit, according to an encipherment order information extracted to carry out the encipherment.

An analysis of the statistical self-synchronization of stream ciphers

Abstract: In this paper, we examine a recently proposed mode of operation for block ciphers which we refer to as statistical cipher feedback (SCFB) mode. SCFB mode configures the block cipher as a keystream generator for use in a stream cipher such that it has the property of statistical self-synchronization, thereby allowing the stream cipher to recover from slips in the communications channel. Statistical self-synchronization involves feeding back ciphertext to the input of the keystream generator similar to the conventional cipher feedback (CFB) mode of block ciphers, except that the feedback only occurs when a special pattern is recognized in the ciphertext. In the paper, we examine the efficiency, resynchronization, and error propagation characteristics of SCFB and compare these to the conventional modes of CFB, output feedback (OFB), and counter mode. In particular, we study these characteristics of SCFB as a function of the synchronization pattern size. We conclude that, although it can take significantly longer to resynchronize, SCFB mode can be used to provide self-synchronizing implementations for stream ciphers that are much more efficient than conventional CFB mode and that have error propagation characteristics similar to CFB mode.

Transferring copyright protected contents using radio link layer authentication/encryption

Abstract: Between a transmitting device (101) and a receiving device (102), a first authentication and key exchange procedure (13) depending on a radio link layer network is carried out, and then a whole or a part of a second authentication and key exchange procedure (16) depending on the copyright protected contents data is carried out by using the cipher communication using a first encryption key that is shared between the transmitting device (101) and the receiving device (102) by the first authentication and key exchange procedure, so that the contents data transfer by the cipher communication using a second encryption key can be carried out only between legitimate pair of the transmitting device (101) and the receiving device (102) that can successfully complete the first authentication.

Method and device for working document cipher, document cipher working processing program and recording medium therefor

Abstract: PROBLEM TO BE SOLVED: To easily distribute a document by providing automatic cipher working processing for a privacy information part in the document. SOLUTION: This device is provided with a means 111 for storing a word (replacing word) for replacing a relevant word set by a user unspecifiably in a word dictionary 130 and performing morpheme analysis concerning an input document while referring to the word dictionary, a means 112 for extracting a peculiar noun part concerning privacy information on the basis of the morpheme analysis result, a means 122 for working the replacing word of the extracted peculiar noun part into cipher by acquiring it from the word dictionary, further, means 123, 124 and 125 for replacing the extracted peculiar noun part into unspecifiable symbol, alphabet letter or initial letter and a means 121 for selecting any one of the means 122-125 corresponding to the kind of a working target character string or the like.