Showing papers on "Ciphertext published in 1997"

All-or-Nothing Encryption and the Package Transform

Abstract: We present a new mode of encryption for block ciphers, which we call all-or-nothing encryption This mode has the interesting defining property that one must decrypt the entire ciphertext before one can determine even one message block This means that brute-force searches against all-or-nothing encryption are slowed down by a factor equal to the number of blocks in the ciphertext We give a specific way of implementing all-or-nothing encryption using a “package transform≓ as a pre-processing step to an ordinary encryption mode A package transform followed by ordinary codebook encryption also has the interesting property that it is very efficiently implemented in parallel All-or-nothing encryption can also provide protection against chosen-plaintext and related-message attacks

Self-authentication apparatus and method

Abstract: An apparatus, method, and computer program for providing authenticating indicia and verifying the image thereby. One particular embodiment is a biometric application such as a fingerprint-based authentication system. The apparatus includes an image receiver for receiving the original image with true image point, a false image point generator providing false image points, and a transient template generator that selectively combines the true image points and the false image points. The apparatus can also constrain false image points to be non-coinciding plausible impostors of the true image points. The apparatus can include a claimant image receiver, a transient template receiver and a comparator for comparing the claimant image points with the template image points and producing an authentication signal. The method can employ a hashing technique to produce an encoding key from the non-coincident plausible impostor false image points, and preselected encryption techniques to produce ciphertext from plaintext with the encoding key. The method can include extracting claimant image points from template image points and iteratively constructing candidate decoding keys from the post-extraction residual points. Authentication is indicated if the decoding key successfully produces a matching plaintext from the ciphertext.

Hiding the Hidden: A software system for concealing ciphertext as innocuous text

Abstract: In this paper we present a system for protecting the privacy of cryptograms to avoid detection by censors. The system transforms ciphertext into innocuous text which can be transformed back into the original ciphertext. The expandable set of tools allows experimentation with custom dictionaries, automatic simulation of writing style, and the use of Context-Free-Grammars to control text generation. The scope of this paper is to provide an overview of the basic transformation processes and to demonstrate the quality of the generated text.

Key management system for mixed-trust environments

Abstract: The invention allows for transporting, in different degrees of security strength, a symmetric key encrypted using an asymmetric encryption technique, and along with this transporting ciphertext derived from plaintext encrypted under this symmetric key. The encryptor encrypts the plaintext using a symmetric whose strength is commensurate with the trust level of the environment in which the encryptor is located. The encryptor encrypts this symmetric key for one or more intended recipients using an asymmetric technique commensurate with a high-trust environment. In the case of the encryptor residing in the low-trust environment, additionally encrypts this symmetric key using an asymmetric encryption public key of the originator itself (or alternatively, that of a third party). Decryption equipment in all environments uses the decryption process corresponding to an algorithm identifier included by the originator. In all cases, the asymmetric encryption/decryption process used for each specific recipient is of a strength commensurate with the trust level of that recipient's own environment.

A new public-key cryptosystem

Abstract: This paper describes a new public-key cryptosystem where the ciphertext is obtained by multiplying the public-keys indexed by the message bits and the cleartext is recovered by factoring the ciphertext raised to a secret power. Encryption requires four multiplications/byte and decryption is roughly equivalent to the generation of an RSA signature.

Chameleon - A New Kind of Stream Cipher

Abstract: Stream cipher systems are used to protect intellectual property in pay-TV and a number of other applications. In some of these, it would be convenient if a single ciphertext could be broadcast, and subscribers given slightly different deciphering keys that had the effect of producing slightly different plaintexts. In this way, a subscriber who illegally resold material licensed to him could be traced. Previously, such tracing could be done using a one-time pad, or with complicated key management schemes. In this paper we show how to endow any stream cipher with this potentially useful property. We also present a simple traitor tracing scheme based on random coding with which it can be used.

Method and apparatus for providing hierarchical key system in restricted-access television system

Abstract: An encryption system for restricted-access television systems. Decryption keys, which are used to decrypt program material, are transmitted to customers in a restricted-access television system. The keys are transmitted as a hierarchy, wherein one key unlocks another key, and the last key unlocked is used to decrypt program material. Such a hierarchy is sometimes called "key-upon-key" encryption. The system transmits a second key that produces a first key from a cipher text (which first key decrypts a first program material) and wherein the second key also decrypts a second program material.

Method and apparatus for providing a cryptographically secure interface between the decryption engine and the system decoder of a digital television receiver

Abstract: A method for providing a secure interface between a decryption engine and a system decoder of a digital receiver, e.g., an MPEG-2 digital television receiver. The system decoder receives an encrypted bitstream and produces a cipher text bitstream which is supplied to the decryption engine via a first parallel data bus which includes a plurality N of parallel bit lines corresponding to respective N bits of the cipher text bitstream. The decryption engine decrypts the cipher text bitstream and produces a plain text bitstream which is supplied to the system decoder via a second parallel data bus which includes a plurality N of parallel bit lines corresponding to respective N bits of the plain text bitstream. The method includes the steps of scrambling the bit order of the N bits of the cipher text bitstream on the respective N bit lines of the first data bus, to thereby produce a scrambled cipher text bitstream N-bits wide, descrambling the bit order of the N bits of the scrambled cipher text bitstream, to thereby produce a descrambled cipher text bitstream which is the same as the original cipher text bitstream, employing the decryption engine to decrypt the descrambled cipher text bitstream, to thereby produce the plain text bitstream, scrambling the bit order of the N bits of the plain text bitstream on the respective N bit lines of the second data bus, to thereby produce a scrambled plain text bitstream N-bits wide, and descrambling the bit order of the N bits of the scrambled plain text bitstream, to thereby produce a descrambled plain text bitstream which is the same as the original plain text bitstream. A digital receiver which implements this method is also disclosed.

Method and apparatus for encrypting long blocks using a short-block encryption procedure

Abstract: A system for encrypting a plaintext block using a block encryption algorithm having a block size smaller than that of the plaintext block. The plaintext block is transformed into a masked plaintext block using an invertible transformation optionally dependent on additional data and defined such that each bit of the masked plaintext block depends on every bit of the original plaintext block. A subportion of the masked plaintext block is encrypted using the encryption algorithm to generate an encrypted portion of the masked plaintext block. A ciphertext block is generated from the thus encrypted portion of the masked plaintext block and the remaining portion of the masked plaintext block. The ciphertext block is transmitted to a data recipient, who reverses the procedure to recover the original plaintext block. Since the entire masked plaintext block is necessary to reconstruct the original plaintext block and since the encrypted portion cannot be derived from the remaining portion, the remaining portion of the masked plaintext block may be transmitted to the recipient in unencrypted form. Two, three or four masking rounds are performed, depending on the location of secret data that is infeasible to exhaust and the location of the portion of the masked block that is encrypted.

Computer implemented secret object key block cipher encryption and digital signature device and method

Abstract: A computer implemented method and device for creating object keys to be used with a 4096-bit secret key block cipher data encryption process and a 2048-bit secret key digital signature process. The object keys are dynamic keys, i.e., changing throughout the encryption process. The dynamic object keys are composed of a static initial state that is created by the user and a method that modifies the keys based on seeding from a random session key object. The object key modification is performed for each plaintext data block so that each data block is encrypted using a different key. The initial state of the object key is also used in a block cipher encryption process to encrypt a 512-bit random session key. Data blocks of 64 bytes each are encrypted utilizing a different key, provided by the object key, for each block. The ciphertext (encrypted file) is transmitted into a keyed hashed function that utilizes a 2048-bit object key to produce a unique 2048-bit digital signature that is appended to the ciphertext. The digital signature object key is seeded with the input data. Decryption is accomplished by reversing the encryption process.

Encryption of data packets using a sequence of private keys generated from a public key exchange

Abstract: A first cipher stream generated from a private key negotiated as a result of a public key exchange is partitioned to form a sequence of secondary keys. The secondary keys are then indexed. In one instance, each plaintext data packet is encrypted with a second cipher streams generated from a different one of the secondary keys. In another instance, a second cipher stream generated from a single secondary key is used to encrypt a plurality of plaintext data packets. A new second cipher stream generated from another one of the secondary keys is then used for encryption following each instance of the loss of a ciphertext data packet. The index is communicated with the ciphertext to identify which secondary key is to be used in generating the second cipher stream needed for decryption. With knowledge of the secondary key to be used, re-synchronization (along with new private key negotiation) at each instance of a ciphertext data packet loss is obviated.

Secret communication and authentication scheme based on public key cryptosystem using N-adic expansion

Abstract: A secret communication and authentication scheme based on a public key cryptosystem in which a decryption speed is improved while maintaining a security level. In the RSA type secret communication, a plaintext is expressed in a form of a k-digit n-adic number and a ciphertext is obtained by applying a calculation using the first public key n and the second public key e to the n-adic number and transmitted. Then, from the received ciphertext, a lowest digit of the n-adic number is decrypted by using the first public key n and the second secret key d, upper digits of the n-adic number are sequentially decrypted by using a decrypted value of the lowest digit of the n-adic number at the receiver side, and the plaintext is recovered by using decrypted values of respective digits of the n-adic number. The Rabin type secret communication can also be realized by the similar scheme. Moreover, the same principle of the n-adic pubic key cryptosystem can also be used in realizing the RSA type or the Rabin type Authentication.

System and method of operation for providing user's security on-demand over insecure networks

Abstract: Secure communication may be conducted between two or more parties over a network, e.g the Internet without prior security arrangements among the parties or agreed to encryption/decryption software. A sending party is connected to a data network through a computer and has access to a communications network, e.g. a public switched telephone network. The sender prepares a file designated, e.g. “X” containing confidential information for secure transmission over the Internet or the like to one or more receivers. In one embodiment, the sender downloads encryption/decryption or “crypto” software stored at a location on the Internet e.g. location “U” in a Uniform Resource Locator (URL). The “crypto” software is written in executable code or an interpretive language such as JAVA. The sender selects a key “K” and encrypts the plain text file “X” into cipher text. At some point the communication network is accessed and the receiver(s) is notified of the URL U where the “crypto” software is located and the key “K” for decrypting the file “X”. Afterwards, the receiver(s) accesses the URL U using his computer and a web browser. The crypto software is pointed to in Hyper Text Mark Up Language (HTML) and displayed on the receiver screen(s). The HTML page requests the “Key” which the receiver enters. The file “X” is downloaded and decrypted using the key “K” and displayed at the receiver screen(s).

Method and system for message delivery utilizing zero knowledge interactive proof protocol

Abstract: A message delivery system which can guarantee the authenticity of a user, the reliability of a message delivery, and the authenticity of the message delivery, while preventing an illegal act, and which can prove them at a later time. The system has an information provider terminal including a user authentication unit for carrying out a user authentication of the user according to a zero knowledge interactive proof protocol using check bits E generated according to a work key W, and a transmission unit for transmitting to the user a ciphertext C in which a message M to be delivered to the user is enciphered according to a secret key cryptosystem by using the work key W, and the check bits E. The system also has a user terminal including a message reception unit for taking out the work key W by using at least the check bits E, and obtaining the message M by deciphering the ciphertext C according to the secret key cryptosystem by using the work key W.

Locking the e-safe

Abstract: A variety of cryptographic techniques are being used to minimize threats to electronic financial transactions. The explosion of the Internet has permitted even small merchants to sell goods and services to a worldwide market, yet it has also exposed them to the depredations of a large pool of attackers whose motives range from greed to boredom. Fear of these risks has created a demand for security features built directly into electronic commerce systems. The good news is that existing security mechanisms can be combined to minimize a wide range of threats to electronic commerce. Security isn't the only problem. European banks will soon have electronic stored value cards that are as good as cash. Forgetting the password for a stored value card could be as troublesome as losing a wallet. The mechanisms used to solve security problems can be divided into four areas-privacy, authentication, integrity, and scalability-though a single mechanism can often mitigate more than one kind of problem. The cornerstone of all privacy mechanisms is encryption. An encryption algorithm transforms a plaintext message into an unreadable ciphertext using a key. The correct key can reverse the process, permitting anyone who knows it to get the plaintext message.

Method and apparatus for encrypting data

Abstract: In the process of compressing and encrypting data, without increase of a processing time, a cipher capability is secured against the latest cryptanalysis such as differential and linear cryptanalyses. The differential and linear cryptanalyses are executed to collect plural pair of plaintext and cryptosystem for the same key and perform the statistical operation for estimating the key. An I/O process is executed to receive plaintext data and generate a random number. Then, an operation is executed to generate a different key for each data on the random number and set the key to a work key. The encrypted intermediate result or the pre-encrypted result is fed back for frequently changing the work key. These series of operations makes it possible to protect the ciphertext from the differential and the linear cryptanalyses. On the work key, the changing operation is executed to change correspondence between the plaintext data and the compressed data in the compressing process, for providing the compression with the encryption.

The Cryptanalysis of a Three Rotor Machine Using a Genetic Algorithm.

Abstract: This paper describes a method of decipher ing messages encrypted with rotor machines utilising a Genetic Algorithm to search the keyspace A tness measure based on the phi test for non randomness of text is described and the results show that an unknown three rotor machine can generally be cryptanalysed with about letters of ciphertext The results are compared to those given using a previously published technique and found to be superior

On the importance of securing your bins: the garbage-man-in-the-middle attack

Abstract: In this paper, we address the following problem: “ Is it possible to weaken/attack a scheme when a (provably) secure cryptosystem is used? ”. The answer is yes. We exploit weak error-handling methods. Our attack relies on the cryptanalyst being able to modify some ciphertext and then getting access to the decryption of this modified ciphertext. Moreover, it applies on many cryptosystems, including RSA, Rabin, LUC, KMOV, Demytko, ElGamal and its analogues, 3-pass system, knapsack scheme, etc. . .

The SPEED Cipher

Abstract: SPEED is a private key block cipher. It supports three variable parameters: (1) data length — the length of a plaintext/ciphertext of SPEED can be 64, 128 or 256 bits. (2) key length — the length of an encryption/decryption key of SPEED can be any integer between 48 and 256 (inclusive) and divisible by 16. (3) rounds — the number of rounds involved in encryption/decryption can be any integer divisible by 4 but not smaller than 32.

Data encryption technique

Abstract: A method of encrypting data is described in which a random variable (6A-6D) is generated in binary digital form. A first set of data (8A-8J) representing a plaintext message in binary digital form is combined with the random variable (6A-6D) to generate a second data set (9A-9J) in binary digital form. The data bits representing the random variable (6A-6D) are inserted into the second data set (9A-9J) according to a first predetermined set of rules and the order of the data bits in the second data set (9A-9J) is altered according to a second predetermined set of rules. A third data set (17A-17N) for transmission as a ciphertext message is thus generated.

Cryptanalysis of a Diophantine equation oriented public key cryptosystem

Abstract: C.H. Lin et al. (1995) proposed a new public-key cipher system whose security is based upon the Diophantine equations. In this note, we show that their scheme is insecure under the ciphertext only attack.

Method, apparatus and computer program for activating an alternate encryption using an identifier embedded in data

Abstract: The present invention prevents code breaking of an important text or data even if a plain text and a cipher text are wire-tapped. An identifier judgment circuit judges whether data (a plain message) created by a user contains an identifier such as “>”. If such an identifier is detected, the text or data specified by that identifier is supplied to a first encryption circuit, and the rest of the text or data is supplied to a second encryption circuit. The first encryption circuit enciphers the text or data using a first algorithm and supplies the enciphered data to a transmission circuit. The second encryption circuit enciphers the text or data using a second algorithm and supplies the enciphered data to the transmission circuit. The transmission circuit transmits the enciphered data through the Internet to another server.

Key distribution for communication network

Abstract: In a cryptosystem, communication terminals and encryptors can be grouped physically and logically. The communication mode can be switched by the encryptor between ciphertext communication and plaintext communication. The encryptor includes the session key memorizing unit for memorizing the session key and the mode switch for switching the communication mode between ciphertext communication and plaintext communication. The key manager distributes the session key generated by the session key generating unit and the valid/invalid information set by the valid/invalid setting unit to each encryptor. The valid/invalid judging unit judges whether the communication data should be sent in ciphertext or plaintext using the mode switch and the valid/invalid information.

Communication equipment with enciphered key system

Abstract: PROBLEM TO BE SOLVED: To provide communication equipment with an increased key system in which the security of communication can be increased by reducing the danger decoding a cryptographic key one by one corresponding to key plaintext block and a block and a ciphertext block, and dynamically changing the cryptographic key to be used for communication. SOLUTION: A next cryptographic key generated by a next cryprtographic key generating device 4 is divided into an afbitrary size by a next cryptographic key dividing device 5, and the next cryptographic key divided data held by a next cryptogtraphic key data holding part 6 are connected with a plaintext block to be enciphered by a data connecting device 3. Then, the whole data are enciphered by present cryptographic key by an enciphering device 8, and transmitted. Thus, one part of the next cryptographic key is connected with the plaintext block, and enciphered so that the danger of cryptographic key decoding one by one corresponding to the plaintext block and the ciphertext block can be reduced, and the dynamic change of the cryptographic key can be attained at the same time.

Efficient Error-Propagating Block Chaining

Abstract: This document presents EPBC, Efficient Error-Propagating Block Chaining, a new and efficient block encryption mode using both plaintext and ciphertext feedback This encryption mode is similar to another one, IOBC, and was likewise designed to propagate erroneous decryptions of tampered blocks of ciphered data to all following blocks, hence allowing to validate the integrity of that data using a predefined trailing value However, EPBC is more secure than IOBC, as it is not vulnerable to any known-plaintext attacks, and is more efficient than IOBC Performance tests ran on a SPARCstation 10/40 show that EPBC is in average 12 times faster than IOBC, and 63 to 109 times faster than a common combination of an encryption mode and a one-way hash function (CBC and MD5)

ATM cell encryption and key update synchronization

Abstract: This paper presents a data compaction/randomization based approach as a mode of block encryption for ATM (Asynchronous Transfer Mode) cells. The presented approach converts a plaintext into pseudo?random plaintext before ciphering to conceal patterns in the plaintext. The underlying idea behind this scheme is the Shannon's principles of "confusion" and "diffusion" which involve breaking dependencies and introducing as much randomness as possible into the ciphertext. In this scheme, confusion and diffusion are introduced into the system by first compressing the ATM cell payload and then spreading a continuously changing random data over the entire content of the cell. As a mode of operation for block ciphering, this scheme offers the following attractive features:(i) plaintext patterns are pseudo?randomized and chained with ciphertext (thereby, preventing against "dictionary", "known plaintext", and "statistical analysis" attacks), (ii) it is self?synchronizing, (iii) cell loss has no additional negative effect, (iv) no IV (Initialization Vector) storage is required, (v) it is encryption?algorithm independent, (vi) there is no cell?to?cell dependency (no feedback from previous cells), and (vii) it is highly scalable (i.e., cells from the same stream can be ciphered and deciphered in parallel). This paper also presents a secure mechanism for in?band synchronization of encryption/decryption key updates using a "marker?cell" that is carried within the data channel. An important aspect of both the above mechanisms is that they do not require any changes to the ATM cell header or ATM infrastructure.

Method and apparatus for block encryption

Abstract: A system for encrypting a plaintext block using a block encryption algorithm having a block size smaller than that of the plaintext block. The plaintext block is transformed into a masked plaintext block using an invertible transformation optionally dependent on additional data and defined such that each bit of the masked plaintext block depends on every bit of the original plaintext block. A subportion of the masked plaintext block is encrypted using the encryption algorithm to generate an encrypted portion of the masked plaintext block. A ciphertext block is generated from the thus encrypted portion of the masked plaintext block and the remaining portion of the masked plaintext block. The ciphertext block is transmitted to a data recipient, who reverses the procedure to recover the original plaintext block. Since the entire masked plaintext block is necessary to reconstruct the original plaintext block and since the encrypted portion cannot be derived from the remaining portion, the remaining portion of the masked plaintext block may be transmitted to the recipient in unencrypted form. To thwart certain cryptanalytic attacks, either the plaintext block or the optional additional data is uniquely modified for each encryption of a plaintext block, using an incrementing counter, time stamp, random number or other mechanism. In an exemplary embodiment, an elliptic curve algorithm having a block size on the order of 160 bits is used to encrypt a 512-bit block containing a symmetric encryption key.

Protection of Data and Delegated Keys in Digital Distribution

Abstract: A cryptography is quite effective in protecting digital information from unauthorized access. But if a receiver of information is determined after the encryption of the information, e.g. a posted encrypted news is withdrawn by an arbitrary user in open networks, we need an additional mechanism for converting the encrypted information into a form accessible only to an admissible user. Even though such a transformation is done by the consecutive execution of decryption of a ciphertext and re-encryption of a recovered plaintext, an intermediary plaintext may be stolen during the re-encryption. In this paper we examine secure digital distribution systems, information storage system and information provider system, in which encrypted information is directly transformed into a ciphertext of an admissible user. We show that the technique of a proxy cryptosystem is useful for establishing these distribution systems. Proposed protocols can be constructed base on the ElGamal cryptosystem or the RSA cryptosystem. Meanwhile, a blind decryption protocol provides privacy protection with respect to the selection of a ciphertext to be decrypted. In terms of digital distribution it also provides a secure information delivery. An information provider system using a blind decryption protocol possesses a problem such that a decrypting person computes exponentiation for a message freely selected by a requesting person. For such an oracle problem, a solution is known with use of a transformable signature. In this paper we show another measure prohibiting the abuse of the blind decryption protocol.

Key distribution for communication network

Abstract: In a cryptosystem, communication terminals and encryptors can be grouped physically and logically. The communication mode can be switched by the encryptor between ciphertext communication and plaintext communication. The encryptor includes the session key memorizing unit for memorizing the session key and the mode switch for switching the communication mode between ciphertext communication and plaintext communication. The key manager distributes the session key generated by the session key generating unit and the valid/invalid information set by the valid/invalid setting unit to each encryptor. The valid/invalid judging unit judges whether the communication data should be sent in ciphertext or plaintext using the mode switch and the valid/invalid information.

Encryption device and encryption method

Abstract: PROBLEM TO BE SOLVED: To enhance the safety of cipher text by updating a stored content state by an internal state updating means every time encryption conversion is executed. SOLUTION: An F function 1 as an encryption conversion means receives the plaintext to be encrypted, an encryption key 5 and the internal state 6, executes the prescribed encryption conversion and produces an output 7. An internal state updating function 3 updates the internal state 6 every time the encryption conversion in an internal state storing means 2 for storing the internal state 6 and the F function 1 is executed, i.e., simultaneously with the encryption conversion. Even if the same plaintext and the cipher key are inputted, the output is changed by the updatable internal state according to such constitution and, therefore, the safety of a round function which can be an effective defense method against the differential attack based on the analysis of the input and output functions of the round function is enhanced. The device may be composed of the round functions of a smaller number of stages when the safety of about the same degree is taken into consideration.