scispace - formally typeset
Search or ask a question

Showing papers on "Cipher published in 2007"


Book ChapterDOI
10 Sep 2007
TL;DR: An ultra-lightweight block cipher, present, which is competitive with today's leading compact stream ciphers and suitable for extremely constrained environments such as RFID tags and sensor networks.
Abstract: With the establishment of the AES the need for new block ciphers has been greatly diminished; for almost all block cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight block cipher, present . Both security and hardware efficiency have been equally important during the design of the cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream ciphers.

2,202 citations


Journal Article
TL;DR: In this paper, the authors describe an ultra-lightweight block cipher, present, which is suitable for extremely constrained environments such as RFID tags and sensor networks, but it is not suitable for very large networks such as sensor networks.
Abstract: With the establishment of the AES the need for new block ciphers has been greatly diminished; for almost all block cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight block cipher, present . Both security and hardware efficiency have been equally important during the design of the cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream ciphers.

1,750 citations


Journal ArticleDOI
TL;DR: A new stream cipher, Grain, is proposed, which targets hardware environments where gate count, power consumption and memory is very limited and has the additional feature that the speed can be increased at the expense of extra hardware.
Abstract: A new stream cipher, Grain, is proposed. The design targets hardware environments where gate count, power consumption and memory is very limited. It is based on two shift registers and a non-linear output function. The cipher has the additional feature that the speed can be increased at the expense of extra hardware. The key size is 80 bits and no attack faster than exhaustive key search has been identified. The hardware complexity and throughput compares favourably to other hardware oriented stream ciphers like E0 and A5/1.

570 citations


Book ChapterDOI
21 Jun 2007
TL;DR: All optimal 4 bit S-boxes are classified and it is shown that an S-box which is optimal against differential and linear attacks is always optimal with respect to algebraic attacks as well.
Abstract: In this paper we classify all optimal 4 bit S-boxes. Remarkably, up to affine equivalence, there are only 16 different optimal S-boxes. This observation can be used to efficiently generate optimal S-boxes fulfilling additional criteria. One result is that an S-box which is optimal against differential and linear attacks is always optimal with respect to algebraic attacks as well. We also classify all optimal S-boxes up to the so called CCZ equivalence. We furthermore generated all S-boxes fulfilling the conditions on nonlinearity and uniformity for S-boxes used in the block cipher Serpent. Up to a slightly modified notion of equivalence, there are only 14 different S-boxes. Due to this small number it is not surprising that some of the S-boxes of the Serpent cipher are linear equivalent. Another advantage of our characterization is that it eases the highly non-trivial task of choosing good S-boxes for hardware dedicated ciphers a lot.

212 citations


Book ChapterDOI
18 Dec 2007
TL;DR: In this article, the authors presented algebraic attacks on 6 rounds of DES and 12 rounds of AES S-boxes, using only one plaintext (instead of a very large quantity) for only six rounds.
Abstract: In spite of growing importance of the Advanced Encryption Standard (AES), the Data Encryption Standard (DES) is by no means obsolete. DES has never been broken from the practical point of view. The variant "triple DES" is believed very secure, is widely used, especially in the financial sector, and should remain so for many many years to come. In addition, some doubts have been risen whether its replacement AES is secure, given the extreme level of "algebraic vulnerability" of the AES S-boxes (their low I/O degree and exceptionally large number of quadratic I/O equations). Is DES secure from the point of view of algebraic cryptanalysis? We do not really hope to break it, but just to advance the field of cryptanalysis. At a first glance, DES seems to be a very poor target -- as there is (apparently) no strong algebraic structure of any kind in DES. However in [15] it was shown that "small" S-boxes always have a low I/O degree (cubic for DES as we show below). In addition, due to their low gate count requirements, by introducing additional variables, we can always get an extremely sparse system of quadratic equations. To assess the algebraic vulnerabilities of DES is the easy part, that may appear unproductive. In this paper we demonstrate that in this way, several interesting attacks on a real-life "industrial" block cipher can be found. One of our attacks is the fastest known algebraic attack on 6 rounds of DES. It requires only one single known plaintext (instead of a very large quantity) which is quite interesting in itself. Our attacks will recover the key using an ordinary PC, for only six rounds. Furthermore, in a much weaker sense, we can also attack 12 rounds of DES. These results are very interesting because DES is known to be a very robust cipher, and our methods are very generic. We discuss how they can be applied to DES with modified S-boxes, and potentially other reduced-round block ciphers.

158 citations


Proceedings ArticleDOI
24 Jun 2007
TL;DR: In this paper, the level of information security provided by random linear network coding in network scenarios in which all nodes comply with the communication protocols yet are assumed to be potential eavesdroppers is investigated.
Abstract: We consider the level of information security provided by random linear network coding in network scenarios in which all nodes comply with the communication protocols yet are assumed to be potential eavesdroppers (i.e. "nice but curious"). For this setup, which differs from wiretapping scenarios considered previously, we develop a natural algebraic security criterion, and prove several of its key properties. A preliminary analysis of the impact of network topology on the overall network coding security, in particular for complete directed acyclic graphs, is also included.

158 citations


Posted Content
TL;DR: A natural algebraic security criterion is developed, and several of its key properties are proved, for random linear network coding in network scenarios in which all nodes comply with the communication protocols yet are assumed to be potential eavesdroppers.
Abstract: We consider the level of information security provided by random linear network coding in network scenarios in which all nodes comply with the communication protocols yet are assumed to be potential eavesdroppers (i.e. "nice but curious"). For this setup, which differs from wiretapping scenarios considered previously, we develop a natural algebraic security criterion, and prove several of its key properties. A preliminary analysis of the impact of network topology on the overall network coding security, in particular for complete directed acyclic graphs, is also included.

131 citations


Book ChapterDOI
10 Sep 2007
TL;DR: It is demonstrated that some bitsliced ciphers have a remarkable performance gain on Intel's Core2 processor due to its enhanced SIMD architecture, and it is shown that KASUMI, a UMTS/GSM mobile standard block cipher, can be four times faster when implemented using a bitslice technique on this processor.
Abstract: This paper discusses the state-of-the-art fast software implementation of block ciphers on Intel's new microprocessor Core2, particularly concentrating on "bitslice implementation". The bitslice parallel encryption technique, initially proposed by Biham for speeding-up DES, has been successful on RISC processors with many long registers, but on the other side bitsliced ciphers are not widely used in real applications on PC platforms, because in many cases they were actually not very fast on previous PC processors. Moreover the bitslice mode requires a non-standard data format and hence an additional format conversion is needed for compatibility with an existing parallel mode of operation, which was considered to be expensive. This paper demonstrates that some bitsliced ciphers have a remarkable performance gain on Intel's Core2 processor due to its enhanced SIMD architecture. We show that KASUMI, a UMTS/GSM mobile standard block cipher, can be four times faster when implemented using a bitslice technique on this processor. Also our bitsliced AES code runs at the speed of 9.2 cycles/byte, which is the performance record of AES ever made on a PC processor. Next we for the first time focus on how to optimize a conversion algorithm between a bitslice format and a standard format on a specific processor. As a result, the bitsliced AES code can be faster than a highly optimized "standard AES" code on Core2, even taking an overhead of the conversion into consideration. This means that in the CTR mode, bitsliced AES is not only fast but also fully compatible with an existing implementation and moreover secure against cache timing attacks, since a bitsliced cipher does not use any lookup tables with key/data-dependent address.

110 citations


Book ChapterDOI
10 Sep 2007
TL;DR: This work presents novel approaches for the implementation of the AES block cipher encryption algorithm on these GPUs, and serves as a precursor for future cipher implementations on the most advanced GPU architecture, the recently released Nvidia G80, which now includes integer support and a simplified programming interface.
Abstract: Graphics Processing Units (GPUs) present large potential performance gains within stream processing applications over the standard CPU. These performance gains are best realised when high computational intensity is required across large amounts of mostly independent input elements. The GPU's success in general purpose stream processing has been demonstrated in many diverse fields, though attempts to port cryptographic algorithms to the GPU have thus far met little success. In recent years, GPU architectures have continued to develop a more flexible and uniform programming environment. These developments have overcome a lot of previously encountered restrictions in cipher implementations. We present novel approaches for the implementation of the AES block cipher encryption algorithm on these GPUs. This work also serves as a precursor for future cipher implementations on the most advanced GPU architecture, the recently released Nvidia G80, which now includes integer support and a simplified programming interface.

103 citations


Journal ArticleDOI
TL;DR: Numerical investigation shows that the cryptographic properties of the generated keystream are satisfactory, and the cipher seems to have higher security, higher efficiency and lower computation expense than the stream cipher based on a spatiotemporal chaotic system proposed recently.
Abstract: A stream cipher based on a spatiotemporal chaotic system is proposed. A one-way coupled map lattice consisting of logistic maps is served as the spatiotemporal chaotic system. Multiple keystreams are generated from the coupled map lattice by using simple algebraic computations, and then are used to encrypt plaintext via bitwise XOR. These make the cipher rather simple and efficient. Numerical investigation shows that the cryptographic properties of the generated keystream are satisfactory. The cipher seems to have higher security, higher efficiency and lower computation expense than the stream cipher based on a spatiotemporal chaotic system proposed recently.

86 citations


Proceedings Article
01 Jan 2007
TL;DR: A system able to perform steganographic and cryptography at the same time using images as cover objects for steganography and as keys for cryptography is presented.
Abstract: In this paper we describe a method for integrating together cryptography and steganography through image processing. In particular, we present a system able to perform steganography and cryptography at the same time using images as cover objects for steganography and as keys for cryptography. We will show such system is an effective steganographic one (making a comparison with the well known F5 algorithm) and is also a theoretically unbreakable cryptographic one (demonstrating its equivalence to the Vernam Cipher).

Journal ArticleDOI
TL;DR: The stream cipher based on a discrete piecewise linear chaotic map satisfies the security requirement of cipher design and is secure in perception, efficient and format compliant, which is suitable for practical video protection.
Abstract: In this paper, a chaotic stream cipher is constructed and used to encrypt video data selectively. The stream cipher based on a discrete piecewise linear chaotic map satisfies the security requirement of cipher design. The video encryption scheme based on the stream cipher is secure in perception, efficient and format compliant, which is suitable for practical video protection. The video encryption scheme’s performances prove the stream cipher’s practicability.

Journal ArticleDOI
TL;DR: An algorithm that computes the exact MEDP and MELP for the two-round Advanced Encryption Standard (AES) is presented, and the computational results of the algor- ithm are provided.
Abstract: The current standard approach to demonstrate provable security of a block cipher against differential and linear cryptanalysis is based on the maximum expected differential and linear prob- ability (MEDP and MELP) over a sequence of core cipher rounds. Often information about these values for a small number of rounds leads to significant insights concerning the security of the cipher for larger numbers of rounds, including the full cipher. Recent results have tightened the bounds on the MEDP and MELP for the two-round Advanced Encryption Standard (AES), but no previous approach has determined them exactly. An algorithm that computes the exact MEDP and MELP for the two-round AES is presented, and the computational results of our algor- ithm are provided. In addition to resolving this outstanding question for the AES, these exact values also lead to improved upper bounds on the MEDP and MELP for four or more AES rounds.

Book
29 Jan 2007
TL;DR: This book discusses Cryptography and Computers, the Lexicon of Cryptography, and how to find the Key of Vernam-Vigene're Ciphertext with Known Period by Correlation in a Cryptosystem.
Abstract: FOREWORD. PREFACE. ABOUT THE AUTHOR. CHAPTER 1: APERITIFS. 1.1 The Lexicon of Cryptography. 1.2 Cryptographic Systems. 1.3 Cryptanalysis. 1.4 Side Information. 1.5 Thomas Jefferson and the M-94. 1.6 Cryptography and History. 1.7 Cryptography and Computers. 1.8 The National Security Agency. 1.9 The Giants. 1.10 No Sex, Money, Crime or ... Love. 1.11 An Example of the Inference Process in Cryptanalysis. 1.12 Warning! CHAPTER 2: COLUMNAR TRANSPOSITION. 2.1 Shannon's Classification of Secrecy Transformations. 2.2 The Rules of Columnar Transposition Encipherment. 2.3 Cribbing. 2.4 Examples of Cribbing. 2.5 Plaintext Language Models. 2.6 Counting k-Grams. 2.7 Deriving the Parameters of a Markov Model from Sliding Window Counts. 2.8 Markov Scoring. 2.9 The ADFGVX Transposition System. 2.10 CODA. 2.11 Columnar Transposition Problems. CHAPTER 3: MONOALPHABETIC SUBSTITUTION. 3.1 Monoalphabetic Substitution. 3.2 Caesar's Cipher. 3.3 Cribbing Using Isomorphs. 3.4 The x2-Test of a Hypothesis. 3.5 Pruning from the Table of Isomorphs. 3.6 Partial Maximum Likelihood Estimation of a Monoalphabetic Substitution. 3.7 The Hidden Markov Model (HMM). 3.8 Hill Encipherment of ASCII N-Grams. 3.9 Gaussian Elimination. 3.10 Monoalphabetic Substitution Problems. CHAPTER 4: POLYALPHABETIC SUBSTITUTION. 4.1 Running Keys. 4.2 Blaise de Vigene're. 4.3 Gilbert S. Vernam. 4.4 The One-Time Pad. 4.5 Finding the Key of Vernam-Vigene're Ciphertext with Known Period by Correlation. 4.6 Coincidence. 4.7 Venona. 4.8 Polyalphabetic Substitution Problems. CHAPTER 5: STATISTICAL TESTS. 5.1 Weaknesses in a Cryptosystem. 5.2 The Kolmogorov-Smirnov Test. 5.3 NIST's Proposed Statistical Tests. 5.4 Diagnosis. 5.5 Statistical Tests Problems. CHAPTER 6: THE EMERGENCE OF CIPHER MACHINES. 6.1 The Rotor. 6.2 Rotor Systems. 6.3 Rotor Patents. 6.4 A Characteristic Property of Conjugacy. 6.5 Analysis of a 1-Rotor System: Ciphertext Only. 6.6 The Displacement Sequence of a Permutation. 6.7 Arthur Scherbius. 6.8 Enigma Key Distribution Protocol. 6.9 Cryptanalysis of the Enigma. 6.10 Cribbing Enigma Ciphertext. 6.11 The Lorenz Schlu sselzusatz. 6.12 The SZ40 Pin Wheels. 6.13 SZ40 Cryptanalysis Problems. 6.14 Cribbing SZ40 Ciphertext. CHAPTER 7: THE JAPANESE CIPHER MACHINES. 7.1 Japanese Signaling Conventions. 7.2 Half-Rotors. 7.3 Components of the RED Machine. 7.4 Cribbing RED Ciphertext. 7.5 Generalized Vowels and Consonants. 7.6 "Climb Mount Itaka" - War! 7.7 Components of the PURPLE Machine. 7.8 The PURPLE Keys. 7.9 Cribbing PURPLE: Finding the V-Stepper. 7.10 Cribbing PURPLE: Finding the C-Steppers. CHAPTER 8: STREAM CIPHERS. 8.1 Stream Ciphers. 8.2 Feedback Shift Registers. 8.3 The Algebra of Polynomials over Z2. 8.4 The Characteristic Polynomial of a Linear Feedback Shift Register. 8.5 Properties of Maximal Length LFSR Sequences. 8.6 Linear Equivalence. 8.7 Combining Multiple Linear Feedback Shift Registers. 8.8 Matrix Representation of the LFSR. 8.9 Cribbing of Stream Enciphered ASCII Plaintext. 8.10 Nonlinear Feedback Shift Registers. 8.11 Nonlinear Key Stream Generation. 8.12 Irregular Clocking. 8.13 RC4. 8.14 Stream Encipherment Problems. CHAPTER 9: BLOCK-CIPHERS: LUCIFER, DES, AND AES. 9.1 LUCIFER. 9.2 DES. 9.3 The DES S-Boxes, P-Box, and Initial Permutation (IP). 9.4 DES Key Schedule. 9.5 Sample DES Encipherment. 9.6 Chaining. 9.7 Is DES a Random Mapping? 9.8 DES in the Output-Feedback Mode (OFB). 9.9 Cryptanalysis of DES. 9.10 Differential Cryptanalysis. 9.11 The EFS DES-Cracker. 9.12 What Now? 9.13 The Future Advanced Data Encryption Standard. 9.14 And the Winner Is! 9.15 The Rijndael Operations. 9.16 The Rijndael Cipher. 9.17 Rijndael's Strength: Propagation of Patterns. 9.18 When is a Product Block-Cipher Secure? 9.19 Generating the Symmetric Group. 9.20 A Class of Block Ciphers. 9.21 The IDEA Block Cipher. CHAPTER 10: THE PARADIGM OF PUBLIC KEY CRYPTOGRAPHY. 10.1 In the Beginning... 10.2 Key Distribution. 10.3 E-Commerce. 10.4 Public-Key Cryptosystems: Easy and Hard Computational Problems. 10.5 Do PKCS Solve the Problem of Key Distribution? 10.6 P.S. CHAPTER 11: THE KNAPSACK CRYPTOSYSTEM. 11.1 Subset Sum and Knapsack Problems. 11.2 Modular Arithmetic and the Euclidean Algorithm. 11.3 A Modular Arithmetic Knapsack Problem. 11.4 Trap-Door Knapsacks. 11.5 Knapsack Encipherment and Decipherment of ASCII-Plaintext. 11.6 Cryptanalysis of the Merkle-Hellman Knapsack System (Modular Mapping). 11.7 Diophantine Approximation. 11.8 Short Vectors in a Lattice. 11.9 Knapsack-Like Cryptosystems. 11.10 Knapsack Cryptosystem Problems. CHAPTER 12: THE RSA CRYPTOSYSTEM. 12.1 A Short Number-Theoretic Digression. 12.2 RSA. 12.3 The RSA Encipherment and Decipherment of ASCII-Plaintext. 12.4 Attack on RSA. 12.5 Williams Variation of RSA. 12.6 Multiprecision Modular Arithmetic. CHAPTER 13: PRIME NUMBERS AND FACTORIZATION. 13.1 Number Theory and Cryptography. 13.2 Prime Numbers and the Sieve of Eratosthenes. 13.3 Pollard's p 2 1 Method. 13.4 Pollard's r-Algorithm. 13.5 Quadratic Residues. 13.6 Random Factorization. 13.7 The Quadratic Sieve (QS). 13.8 Testing if an Integer is a Prime. 13.9 The RSA Challenge. 13.10 Perfect Numbers and the Mersenne Primes. 13.11 Multiprecision Arithmetic. 13.12 Prime Number Testing and Factorization Problems. CHAPTER 14: THE DISCRETE LOGARITHM PROBLEM. 14.1 The Discrete Logarithm Problem Modulo p. 14.2 Solution of the DLP Modulo p Given a Factorization of p - 1. 14.3 Adelman's Subexponential Algorithm for the Discrete Logarithm Problem. 14.4 The Baby-Step, Giant-Step Algorithm. 14.5 The Index-Calculus Method. 14.6 Pollard's &rho -Algorithm. 14.7 Extension Fields. 14.8 The Current State of Discrete Logarithm Research. CHAPTER 15: ELLIPTIC CURVE CRYPTOGRAPHY. 15.1 Elliptic Curves. 15.2 The Elliptic Group over the Reals. 15.3 Lenstra's Factorization Algorithm. 15.4 The Elliptic Group over Zp ( p > 3). 15.5 Elliptic Groups over the Field Zm,2. 15.6 Computations in the Elliptic Group EZm,2(a, b). 15.7 Supersingular Elliptic Curves. 15.8 Diffie-Hellman Key Exchange Using an Elliptic Curve. 15.9 The Menezes-Vanstone Elliptic Curve Cryptosystem. 15.10 The Elliptic Curve Digital Signature Algorithm. 15.11 The Certicom Challenge. 15.12 NSA and Elliptic Curve Cryptography. CHAPTER 16: KEY EXCHANGE IN A NETWORK. 16.1 Key Distribution in a Network. 16.2 U.S. Patent '770. 16.3 Spoofing. 16.4 El Gamal's Extension of Diffie-Hellman. 16.5 Shamir's Autonomous Key Exchange. 16.6 X9.17 Key Exchange Architecture. 16.7 The Needham-Schroeder Key Distribution Protocol. CHAPTER 17: DIGITAL SIGNATURES AND AUTHENTICATION. 17.1 The Need for Signatures. 17.2 Threats to Network Transactions. 17.3 Secrecy, Digital Signatures, and Authentication. 17.4 The Desiderata of a Digital Signature. 17.5 Public-Key Cryptography and Signature Systems. 17.6 Rabin's Quadratic Residue Signature Protocol. 17.7 Hash Functions. 17.8 MD5. 17.9 The Secure Hash Algorithm. 17.10 NIST's Digital Signature Algorithm. 17.11 El Gamal's Signature Protocol. 17.12 The Fiat-Shamir Identification and Signature Schema. 17.13 The Oblivious Transfer. CHAPTER 18: APPLICATIONS OF CRYPTOGRAPHY. 18.1 UNIX Password Encipherment. 18.2 Magnetic Stripe Technology. 18.3 Protecting ATM Transactions. 18.4 Keyed-Access Cards. 18.5 Smart Cards. 18.6 Who Can You Trust?: Kohnfelder's Certificates. 18.7 X.509 Certificates. 18.8 The Secure Socket Layer (SSL). 18.9 Making a Secure Credit Card Payment on the Web. CHAPTER 19: CRYPTOGRAPHIC PATENTS. 19.1 What is a Patent? 19.2 Patentability of Ideas. 19.3 The Format of a Patent. 19.4 Patentable versus Nonpatentable Subjects. 19.5 Infringement. 19.6 The Role of Patents in Cryptography. 19.7 U.S. Patent 3,543,904. 19.8 U.S. Patent 4,200,770. 19.9 U.S. Patent 4,218,582. 19.10 U.S. Patent 4,405,829. 19.11 PKS/RSADSI Litigation. 19.12 Leon Stambler. INDEX.

Journal ArticleDOI
TL;DR: A general framework for error detection in symmetric ciphers based on an operation-centered approach is proposed and recommended based on the arithmetic and logic operations included in the cipher and the efficacy and hardware complexity of several error-detecting codes for each such operation.
Abstract: One of the most effective ways of attacking a cryptographic device is by deliberate fault injection during computation, which allows retrieving the secret key with a small number of attempts. Several attacks on symmetric and public-key cryptosystems have been described in the literature and some dedicated error-detection techniques have been proposed to foil them. The proposed techniques are ad hoc ones and exploit specific properties of the cryptographic algorithms. In this paper, we propose a general framework for error detection in symmetric ciphers based on an operation-centered approach. We first enumerate the arithmetic and logic operations included in the cipher and analyze the efficacy and hardware complexity of several error-detecting codes for each such operation. We then recommend an error-detecting code for the cipher as a whole based on the operations it employs. We also deal with the trade-off between the frequency of checking for errors and the error coverage. We demonstrate our framework on a representative group of 11 symmetric ciphers. Our conclusions are supported by both analytical proofs and extensive simulation experiments

Posted Content
TL;DR: A general framework for the application of the ideas of differential cryptanalysis to stream ciphers is presented and it is demonstrated that some differences in the key (or the initial state or the plaintext) are likely to cause predicted differences inThe key stream or in the internal state.
Abstract: In this paper we present a general framework for the application of the ideas of differential cryptanalysis to stream ciphers. We demonstrate that some differences in the key (or the initial state or the plaintext) are likely to cause predicted differences in the key stream or in the internal state. These stream differences can then be used to analyze the internal state of the cipher and retrieve it efficiently. We apply our proposed ideas to stream ciphers of various designs, e.g., regularly clocked LFSRs, irregularly clocked LFSRs such as A5/1, and permutation-based stream ciphers such as RC4.

Book ChapterDOI
26 Mar 2007
TL;DR: This paper formally establishes the security of a well known generic construction for deriving an IV-dependent stream cipher, namely the composition of a key and IV setup pseudo-random function (PRF) with a keystream generation pseudo- random number generator (PRNG).
Abstract: Almost all the existing stream ciphers are using two inputs: a secret key and an initial value (IV). However recent attacks indicate that designing a secure IV-dependent stream cipher and especially the key and IV setup component of such a cipher remains a difficult task. In this paper we first formally establish the security of a well known generic construction for deriving an IV-dependent stream cipher, namely the composition of a key and IV setup pseudo-random function (PRF) with a keystream generation pseudo-random number generator (PRNG). We then present a tree-based construction allowing to derive a IV-dependent stream cipher from a PRNG for a moderate cost that can be viewed as a subcase of the former generic construction. Finally we show that the recently proposed stream cipher quad [3] uses this tree-based construction and that consequently the security proof for quad's keystream generation part given in [3] can be extended to incorporate the key and IV setup.

Proceedings ArticleDOI
18 Jun 2007
TL;DR: An 64-bit FPGA implementation of the 128- bit block and 128 bit-key AES cipher, designed by Joan Daemen and Vincent Rijmen, and operating at 224 Mbps (maximum throughput).
Abstract: The Rijndael cipher, designed by Joan Daemen and Vincent Rijmen, has been selected as the official advanced encryption standard (AES) and it is well suited for hardware use. This implementation can be carried out through several trade-offs between area and speed. This paper presents an 64-bit FPGA implementation of the 128- bit block and 128 bit-key AES cipher. Selected FPGA Family is Spartan 3. The cipher consumes 52 clock cycles for algorithm encryption, resulting in a throughput of 120 Mbps. Synthesis results in the use of 1643 slices, 975 flip flops, 3055 4-input look up tables and operates at 224 Mbps (maximum throughput). The design target was optimization of speed and cost.

Book ChapterDOI
26 Mar 2007
TL;DR: In this paper, a cipher e* = XLS[e,E] that can encipher messages of l + s bits for any s < n was constructed, and the construction works even in the tweakable and variable-input-length settings.
Abstract: Given (deterministic) ciphers e and E that can enciphermessages of l and n bits, respectively, we construct a cipher e* = XLS[e,E] that can encipher messages of l + s bits for any s < n Enciphering such a string will take one call to E and two calls to E We prove that e is a strong pseudorandom permutation as long as e and E are Our construction works even in the tweakable and VIL (variable-input-length) settings It makes use of a multipermutation (a pair of orthogonal Latin squares), a combinatorial object not previously used to get a provablesecurity result

Journal ArticleDOI
TL;DR: A cryptanalytic attack that employs the tree representation of this cipher and introduces an abstraction in the form of general conditions for managing the information about its internal state is presented.

Journal Article
TL;DR: The first known attack on 6-round IDEA was presented in this article, which exploits the weak keyschedule algorithm of IDEA, and combines Square-like techniques with linear cryptanalysis to increase the number of rounds that can be attacked.
Abstract: IDEA is a 64-bit block cipher with 128-bit keys introduced by Lai and Massey in 1991. IDEA is one of the most widely used block ciphers, due to its inclusion in several cryptographic packages, such as PGP. Since its introduction in 1991, IDEA has withstood extensive cryptanalytic effort, but no attack was found on the full (8.5-round) variant of the cipher. In this paper we present the first known attack on 6-round IDEA faster than exhaustive key search. The attack exploits the weak keyschedule algorithm of IDEA, and combines Square-like techniques with linear cryptanalysis to increase the number of rounds that can be attacked. The attack is the best known attack on IDEA. We also improve previous attacks on 5-round IDEA and introduce a 5-round attack which uses only 16 known plaintexts.

12 Nov 2007
TL;DR: Two techniques are proposed for enhancing the message secrecy using image based steganography based on the use of punctuation marks and modified scytale cipher to hide a secret message in an image file.
Abstract: Image based steganography is the most popular method for message concealment. In this paper, two techniques are proposed for enhancing the message secrecy using image based steganography. The first technique is based on the use of punctuation marks to encode a secret message before embedding it into the image file. The second technique is based on the use of modified scytale cipher to hide a secret message in an image file. Both of these techniques have been implemented and tested using the S-Tools software package. The original and stego-images both are shown for the purpose of comparison

Journal ArticleDOI
TL;DR: The Tiny Encryption Algorithm is described, its simplicity of design and ease of use, its cryptographic strength, and the wide range of implementations and applications of the cipher.
Abstract: The Tiny Encryption Algorithm (TEA) has been around for just over ten years. It is probably the most "minimal"-and hence fastest-block cipher ever devised and yet appears resistant to most attacks. In this article, we describe the algorithm, its simplicity of design and ease of use, its cryptographic strength, and the wide range of implementations and applications of the cipher.

Patent
29 Aug 2007
TL;DR: In this paper, a global variable parameter is setup and a parameter variable of file is set up, and the file is marked as hidden attribute or normal attribute in order to save and display private data or normal data.
Abstract: Interfaces of handset are divided into two modes: hidden and normal. A global variable parameter is setup. When being as 1, 2, n or true, the value of the parameter denotes that current mode is hidden; when being as 0, or false, the value of the parameter denotes that current mode is normal. Moreover, a parameter variable of file is set up. When being as 1, 2, n or true, the file is marked as hidden attribute; when being as 0, or false, the file is marked as normal attribute in order to save and display private data or normal data. Key in hidden cipher of handset makes switch between hidden mode and normal mode. Thus, owner of handset can look normal data and hidden data, and non-owner can only look normal data so as to protect all private data. Features are: simple operation and smart method for setting up cipher.

Patent
25 Jul 2007
TL;DR: In this article, Wang et al. proposed a method for updating authentication cipher (AC) remotely, which includes steps: server end calculates random seed and random number to generate verification data; server end carries out encryption operation for original AC and verification data, and transfers random seed this article and result of encryption operation to client end.
Abstract: The invention is to solve issues: not security of transferring authentication cipher key through network by using plaintext; and managing bother, and high cost by using cryptograph format to transfer authentication cipher (AC). The disclosed method for updating AC remotely includes steps: server end calculates random seed and random number to generate verification data; server end carries out encryption operation for original AC and verification data, and transfers random seed and result of encryption operation to client end; information security equipment validates correctness of random seed; carrying out same encryption operation for random seed and original AC inside the information security equipment, and at server end so as to generate new AC, which is in use for updating AC inside the information security equipment, and database in server. The invention also discloses system for updating AC.

Proceedings ArticleDOI
16 Apr 2007
TL;DR: The results of several experimental, statistical analysis and key sensitivity tests show that the proposed image encryption scheme provides an efficient and secure way for image encryption and transmission.
Abstract: The chaos based cryptographic algorithms have suggested some new and efficient ways to develop secure image encryption techniques. A new approach to image encryption based on hyperchaotic map is proposed in order to meet the requirements of the secure image transfer. The ergodic matrix of one hyperchaotic sequence is used to permute image, the form of which is decided by a chaotic logistic map, the other hyperchaotic sequence is used to diffuse permuted image. To make the cipher more robust against any attack, several rounds of permutation and diffusion are processed. And after each round, the initial conditions of the hyperchaotic map are modified. The results of several experimental, statistical analysis and key sensitivity tests show that the proposed image encryption scheme provides an efficient and secure way for image encryption and transmission.

Patent
29 Aug 2007
TL;DR: In this article, the authors proposed a high-security cryptographic processing apparatus that increases difficulty in analyzing the key of a common-key-block cipher, and a method therefor, to realize cryptographic processing whereby resistance to linear cryptanalysis attacks in the Common-Key-Block cipher is improved.
Abstract: The invention realizes a high-security cryptographic processing apparatus that increases difficulty in analyzing its key and a method therefor. In Feistel-type common-key-block cryptographic processing that repeatedly executes an SPN-type F-function having the nonlinear conversion section and the linear conversion section over a plurality of rounds, Linear conversion processing of an F-function corresponding to each of the plurality of rounds is carried out by linear conversion processing that applies square MDS (Maximum Distance Separable) matrices. The invention uses a setting that arbitrary m column vectors included in inverse matrices of square MDS matrices being set up at least in consecutive even-numbered rounds and in consecutive odd-numbered rounds, respectively, constitute a square MDS matrix. This structure realizes cryptographic processing whereby resistance to linear cryptanalysis attacks in the common-key-block cipher is improved.

Proceedings ArticleDOI
08 Oct 2007
TL;DR: The results indicate that genetic algorithm is successful at breaking the four-round DES cipher, but perhaps more significantly, this is a promising method applied to break other Feistel block cipher.
Abstract: In this paper, we present a new approach for cryptanalysis of four-round DES based on genetic algorithm. An efficient fitness measure is used to find some optimum keys with higher fitness values. Some valuable bits in these optimum keys which generate apparent deviation from the other observed bits will turn up. Then, these valuable bits can be applied to find other bits. The results indicate that genetic algorithm is successful at breaking the four-round DES cipher, but perhaps more significantly, this is a promising method applied to break other Feistel block cipher.

Patent
Li Fung Chang1, Andrew du Preez1
26 Sep 2007
TL;DR: In this article, a combined data packing, cipher and multiplexing engine for high speed uplink packet access (HS-UPA) within user equipment (UE) is provided.
Abstract: A combined data packing, cipher and multiplexing engine operable to support high speed uplink packet access (HS-UPA) within user equipment (UE) is provided. This combined cipher multiplexing engine includes a master port, a radio link control (RLC) data packer, and a cipher multiplexing processing module. The master port couples to an advanced microprocessor bus architecture (AMBA) high speed buss (AHB) on which control information for the combined cipher and multiplexing engine is provided. The RLC couples to the master port and receives RLC service data units (SDUs) from the AHB. Then the RLC data packer may concatenate or segment RLC SDUs into RLC packet data units (PDUs) which are stored for use by a cipher multiplexing processing module. The cipher multiplexing processing module retrieves the RLC PDU from the RLC PDU buffer and ciphers to produce ciphered data, if cipher is enabled and multiplexes the ciphered/non-ciphered data together with the RLC header, MAC-es header, MAC-e header and enters the multiplexed results to a hybrid automatic repeat request (HARQ) buffer. A protocol stack executed within the UE activates and provides an array on the formation of the RLC PDU, RLC header information to the combined cipher and multiplexing engine for RLC PDU ciphering and medium access control (MAC) multiplexing of the enhanced data transport channel (E-DCH).

Proceedings ArticleDOI
15 Apr 2007
TL;DR: This work proposes a look-up-table (LUT) based cipher, similar to Andersen's Chameleon cipher, for securely embedding spread-spectrum watermarks, which are noise robust and detectable without the original content and develops fast detection mechanisms that make the watermark detection feasible for tracking systems with large number of clients.
Abstract: In an electronic content distribution system, it is preferable to embed forensic tracking watermarks at the client-side to limit bandwidth usage and server complexity. Embedding in these untrusted clients, however, requires secure embedding methods that do not leak unmarked contents or the watermarking secrets. In this work, we propose a look-up-table (LUT) based cipher, similar to Andersen's Chameleon cipher, for securely embedding spread-spectrum watermarks, which are noise robust and detectable without the original content. We also develop fast detection mechanisms that make the watermark detection feasible for tracking systems with large number of clients. Our fast detection algorithm improves detection speed six orders of magnitude in a typical system.