Showing papers on "Ciphertext published in 1993"

Cryptography and Secure Communications

Abstract: From the Publisher: This book provides a practical introduction to cryptographic principles and algorithms for communication security and data privacy-both commercial and military-written by one of the world's leading authorities on encryption and coding. Covering the latest developments in cryptography for all data communication professionals who need an understanding of cryptographic technology,the book explains the Data Encryption Standard,stream ciphers,public-key cryptosystems,arithmetic operating circuits,important classes of BCH and Reed-Solomon codes for multiple-error correction,ciphertext protection against illegal deletion or injection of information,practical cryptographic applications,and more.

Immunizing public key cryptosystems against chosen ciphertext attacks

Abstract: Three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks are presented. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertext except for the exact object ciphertext to be cryptanalyzed. The first strengthening method is based on the use of one-way hash functions, the second on the use of universal hash functions, and the third on the use of digital signature schemes. Each method is illustrated by an example of a public key cryptosystem based on the intractability of computing discrete logarithms in finite fields. Security of the three example cryptosystems is formally proved. Two other issues, namely, applications of the methods to public key cryptosystems based on other intractable problems and enhancement of information authentication capability to the cryptosystems, are also discussed. >

Device and method for data encryption

Abstract: A cryptographic device and method provide a repertoire of mappings and associated inverse mappings between plaintext and ciphertext vectors. The plaintext is partitioned block-by-block, the block size being user-selectable, such as N characters. Each mapping maps between a pair of N-dimensional plaintext and ciphertext vectors. The mapping or associated inverse mapping is implemented by a matrix with N×N matrix elements, where each element is allowed to take on a range of L values. By permuting the matrix elements within their range, the repertoire has a size≈L N ×N. This size is immense even for moderate values of N and L. The users select one mapping or associated inverse mapping among the repertoire for respectively effecting the encryption or decryption. A secret key shared between the users includes information about the selected mapping or associated inverse mapping and may include values of N and L. To an outsider not privy to the secret key, the task of exhaustive research in the repertoire is computationally infeasible, especially if N and L are not known. In the preferred embodiment, a pseudo-random vector that varies block-by-block is added as another component to the ciphertext vector. A quick computational method is also described.

Another method for attaining security against adaptively chosen ciphertext attacks

Abstract: Practical approaches to constructing public key cryptosystems secure against chosen ciphertext attacks were first initiated by Damgard and further extended by Zheng and Seberry. In this paper we first point out that in some cryptosystems proposed by Zheng and Seberry the method for adding authentication capability may fail just under known plaintext attacks. Next, we present a new method for immunizing public key cryptosystems against adaptively chosen ciphertext attacks. In the proposed immunization method, the deciphering algorithm first checks that the ciphertext is legitimate and then outputs the matching plaintext only when the check is successful. This is in contrast with the Zheng and Seberry's methods, where the deciphering algorithm first recovers the plaintext and then outputs it only when the checking condition on it is satisfied. Such a ciphertext-based validity check will be particularly useful for an application to group-oriented cryptosystems, where almost all deciphering operations are performed by third parties, not by the actual receiver.

A Bulk Data Encription Algorithm

Abstract: A fast software encryption algorithm is described. The computation cost is about 20 simple machine code instructions per word, although a key dependent table has to be constructed for each new key. Table construction time is some hundreds of word encryption times. It is a word based algorithm with a running key.

Method and apparatus for variable-overhead cached encryption

Abstract: A digital encryption structure allows the varying of the computational overhead by selectively reusing, according to the desired level of security, a pseudorandom encoding sequence at the transmitter end and by storing and reusing pseudorandom decoding sequences, associated with one or more transmitters at the receiver end. A public initialization vector is combined with a secret key to produce a deterministic sequence from a pseudorandom number generator. This pseudorandom sequence in turn, is used to convert plaintext to ciphertext. The sequence may be selectively reused by storing the sequence to a transmitter memory cache and iteratively reading the sequence from memory according to a counter which controls the level of security of the encryption system. The ciphertext is decrypted on the receiver end by invertibly combining the ciphertext with the same pseudorandom sequence used by the transmitter to originally encode the plaintext. The pseudorandom sequence is independently generated by the receiver end using the original key and initialization vector used in the transmitter end. Once generated in the receiver, the pseudorandom sequence is stored in a receiver cache for reuse with each iterative use of the stored transmitter pseudorandom sequence.

Statistical techniques for language recognition: an introduction and guide for cryptanalysts

Abstract: We explain how to apply statistical techniques to solve several language-recognition problems that arise in cryptanalysis and other domains. Language recognition is important in cryptanalysis because, among other applications, an exhaustive key search of any cryptosystem from ciphertext alone requires a test that recognizes valid plaintext. Written for cryptanalysts, this guide should also be helpful to others as an introduction to statistical inference on Markov chains. Modeling language as a finite stationary Markov process, we adapt a statistical model of pattern recognition to language recognition. Within this framework we consider four well-defined language-recognition problems: 1) recognizing a known language, 2) distinguishing a known language from uniform noise, 3) distinguishing unknown 0th-order noise from unknown lst-order language, and 4) detecting non-uniform unknown language. For the second problem we give a most powerful test based on the Neyman-Pearson Lemma. For the other problems, which ...

Random sum cipher system and method

Abstract: A cipher system for use by a sender and receiver provides a plaintext alphabet, each character of which is coded by a numerical synonym, the set of numerical synonyms comprising a collection of non-negative integers of common length and known to both sender and receiver. The system further provides a concatenation of the numerical synonyms comprising a plaintext message string integer corresponding to a plaintext message and a masking tape string integer comprising a randomly or pseudo-randomly accessed sequence of digits extracted from a string of digits accessible to both sender and receiver and added to the plaintext message string to form a ciphertext string. The numerical synonyms of plaintext alphabet characters may be permuted, relative to the normal listing of the alphabet, from message to message according to prior secret arrangement of sender and receiver. Also, the ciphertext string may be adulterated by prefixing, suffixing, or inserting integers of possibly variable length generated by a number generator, according to secret prior arrangement between sender and receiver. Still further, the ciphertext string may be subjected to permutations of blocks of its (adulterated) digits, according to secret prior arrangement between sender and receiver.

Ciphering preprocessor and deciphering postprocessor by cipher

Abstract: PURPOSE:To provide a ciphering device and a deciphering device which prevent a cipher key from easily being estimated even when a 3rd party knows both a plaintext and a ciphertext by inserting random bits into the plaintext by a cipher system. CONSTITUTION:The ciphering preprocessor which preprocesses the input of the ciphering device has an input means 11 which inputs an array of plaintexts to be ciphered, a block dividing means 12 which sections the inputted plaintext array by predetermined length into blocks, and a random number generating means 13 which repeatedly generate the random bits. Further, the processor has an inserting means 14 which inserts the random bits generated by the random number generating means 13 at predetermined positions of the respective blocks generated by the block dividing means 12 and an output means 15 which passes the blocks, having the random bits inserted by the inserting means 14, to the ciphering device in order.

Arrangement for transforming plaintext into ciphertext for use in a data communications system

Abstract: A hardware arrangement is provided for transforming plaintext into corresponding ciphertext The plaintext includes a plurality of words each having a predetermined bit length The hardware arrangement sequentially acquires the words and exhibits a predetermined number of arithmetic operations on the word acquired Each of the arithmetic operations includes a plurality of arithmetic processes The hardware arrangement outputs an enciphered word therefrom when completing the predetermined number of arithmetic operations A selector is arranged to receive two inputs and selectively output one of the two inputs One of the two inputs corresponds to the word acquired A multiplier is coupled to receive the output of the selector The multiplier multiplies the output of the selector by a multiplier and outputs a product therefrom An adder is coupled to receive the product The adder adds the product and an addend and then outputs a sum A divider is coupled to receive the sum such as to divide the sum by a modulus and outputs a residue therefrom The value of the modulus is subject to change at each of the arithmetic operations The residue is applied to the selector as the other of the two inputs

Enciphering method by hierarchic key control and information communication system

Abstract: PURPOSE:To improve the safety of a file that plural users shares in environment where users are hierarchically sectioned according to kinds of information which can be accessed and to correctly decode a ciphertext file, controlled by a user belonging to one layer, by a user belonging to a layer above the layer. CONSTITUTION:A terminal 100 reads a key generation right list 131 and a ciphertext 132, making a group with a file name 130 that the user inputs, out of a storage device 120 and sends only the key generation right list 131 to an IC card 110. When the received key generation right list 131 and the card identification number 133 of an IC card 110 satisfy specific relation, the IC card 110 generates a data key 135 on the basis of a master key selected from among the key generation right list 131 and its card master key list 134 and sends the data key to the terminal 100. The terminal 100 decodes the ciphertext 132 with the received data key 135 to generate a plaintext 136.

Sequential ciphering system

Abstract: PURPOSE: To provide the safe sequential ciphering system which copes with the absence of a frame and a bit error by using a pseudo-random number generator using a linear feedback register (LFSR) small in hardware scale or program scale. CONSTITUTION: A ciphering part 100 sets initial values K0-K3 to respective LFSRs at the head of a frame, exclusively ORs generated pseudo-random number data PNi and normal data Pi, and sends out ciphertext data Ci. The ciphertext data Ci is added to the stored value of the LFSRs by exclusive OR and the results are stored in the LFSRs again. A deciphering part 101 sets secret initial values K0-K3, used in common to the ciphering part 100, in the respective LFSRs at the head of the frame and exclusively ORed with received ciphertext data C'i and the results are stored in the LFSRs again. The same pseudo-random number data PNi with the side of the ciphering part 100 are generated. The received ciphertext C'i and pseudo-random number data PNi are exclusively ORed to obtain ciphertext data P'i. COPYRIGHT: (C)1994,JPO

Ciphering preprocessor and deciphering postprocessor for cipher chain

Abstract: PURPOSE:To provide a cipher chaining device which can make use of the advantages of a cipher chaining system and a deciphering device for deciphering a cipher text by the cipher chaining device even when a plaintext is only one block long like it is used for certification by eliminating the weakness that starting one block has in a cipher chaining system and increasing the difficulty of deciphering. CONSTITUTION:The ciphering preprocessor which preprocesses the input of the cipher chaining device is provided with a means 11 which inputs an array of plaintexts to be ciphered, a random number generating means 12 which generates a random number array with predetermined bit length, a coupling means 13 which couples the random bit array generated by the random number generating means 12 with the head of the array of plaintexts, and an output means 14 which sends and receives the array consisting of the coupled random numbers and plaintexts to and from the cipher chaining device.

Technical note: complementarity attacks and control vectors

Abstract: A control vector is a data structure that specifies the nature and role of an associated cryptographic key. The control vector is checked by software and cryptographic hardware in order to limit the range of permissible operations to be undertaken with ciphertext produced with the key. The linking of the control vector and cryptographic key is such that attempts to modify, or substitute, control vectors will cause the subsequent processing to operate with a corrupted key, and hence ensure protection of data encrypted with the genuine key. A potential attack on the control vector approach is described in which the complement of the control vector is substituted. The manner in which such attacks are thwarted by the IBM implementation of control vectors is also described.

Transmitting multiple secrets securely in broadcasting networks

Abstract: A method is presented which permits a broadcasting mechanism to securely transmit a single ciphertext with multiple messages. These messages will only be readable by those users who have the appropriate read key(s). The other messages will be undecipherable. This is a generalization of the secure broadcasting problem stated by G. H. Chiou and W. T. Chen (1989) and C. C. Chang and C. H. Lin (1988). The proposed generalized secure broadcasting cryptosystem is based on Newton's interpolating polynomials and the Chinese remainder theorem. It is observed that the key management by a Central Authority is simple. In order to broadcast distinct messages to different users, one is only required to construct a polynomial and to compute a constant. To reveal a message, the authorized receiver only has to reveal his key by taking the constant modulo his identification number, evaluate the received polynomial with the obtained key, and then decrypt the resulting ciphertext by using his secret key. The sender can randomly choose any number of users who are authorized to know distinct messages within one broadcast. >

Introduction to Differential Cryptanalysis

Abstract: Differential cryptanalysis is a method which analyzes the effect of particular differences in plaintext pairs on the differences of the resultant ciphertext pairs. These differences can be used to assign probabilities to the possible keys and to locate the most probable key. This method usually works on many pairs of plaintexts with the same particular difference using the resultant ciphertext pairs. For DES and many other DES-like cryptosystems the difference is chosen as a fixed XORed value of the two plaintexts. In this introduction we show how these differences can be analyzed and exploited. Due to its importance, we use DES as the canonical example of an iterated cryptosystem, but try to make the definitions and theorems applicable to other cryptosystems as well.