scispace - formally typeset
Search or ask a question

Showing papers on "Cryptography published in 1979"


Journal ArticleDOI
01 Mar 1979
TL;DR: The basic information theoretic and computational properties of classical and modern cryptographic systems are presented, followed by cryptanalytic examination of several important systems and an examination of the application of cryptography to the security of timesharing systems and computer networks.
Abstract: This paper presents a tutorial introduction to contemporary cryptography. The basic information theoretic and computational properties of classical and modern cryptographic systems are presented, followed by cryptanalytic examination of several important systems and an examination of the application of cryptography to the security of timesharing systems and computer networks. The paper concludes with a guide to the cryptographic literature.

574 citations


Proceedings ArticleDOI
29 Oct 1979
TL;DR: The fastest known algorithm for the discrete logarithm problem runs in RTIME O(2(O(/10g(q)loglog(q))) as mentioned in this paper.
Abstract: In 1870 Bouniakowsky [2 J publ ished an algorithm to solve the congruence aX _ bMOD (q). While his algorithm contained several clever ideas useful for small numbers, its asymptotic complexity was O(q). Despite its long history, no fast algorithm has ever emerged for the Discrete Logarithm Problem and the best published method, due to Shanks [lOJ requires O(ql/2) in time and space. The problem has attracted renewed interest in recent years because of its use in cryptography [7 ], [15J,[19J. In particular, the security of the Diffie-Hellman Public Key Distribution Sy s t em [7 J II de pen d s c r ucia 11yon the d iff i c u1t Y 0 f com put i ng log a r i t hms MOD q II • We present a new algorithm for this problem which runs in RTIME better than O(qE) for all E > O.t While no effort is made to present the most efficient incarnation of tActually our algorithm runs in RTIME O(2(O(/10g(q)loglog(q))). RTIME denotes Random Time and refers to algorithms which may use random numbers in their processing. For example, the well known composite testing algorithms of Solovay &Strassen [21J, Miller [11J and Rabin [16J run in RTIME (0(log3(q))). For precise definitions see [1], [llJ and [9J.

212 citations


Proceedings ArticleDOI
29 Oct 1979
TL;DR: Several new classes of hash functions with certain desirable properties are exhibited, and two novel applications for hashing which make use of these functions are introduced, including a provably secure authentication techniques for sending messages over insecure lines.
Abstract: In this paper we exhibit several new classes of hash functions with certain desirable properties, and introduce two novel applications for hashing which make use of these functions. One class of functions is small, yet is almost universal2. If the functions hash n-bit long names into m-bit indices, then specifying a member of the class requires only O((m + log2log2(n)) log2(n)) bits as compared to O(n) bits for earlier techniques. For long names, this is about a factor of m larger than the lower bound of m+log2n-log2m bits. An application of this class is a provably secure authentication techniques for sending messages over insecure lines. A second class of functions satisfies a much stronger property than universal2. We present the application of testing sets for equality. The authentication technique allows the receiver to be certain that a message is genuine. An 'enemy' - even one with infinite computer resources - cannot forge or modify a message without detection. The set equality technique allows the the operations 'add member to set', 'delete member from set' and 'test two sets for equality' to be performed in expected constant time and with less than a specified probability of error.

171 citations


Journal ArticleDOI
G. Brassard1
TL;DR: Evidence is given for the difficulty of an eventual proof of computational security for cryptosystems based on one-way functions, such as the one proposed by Diffie and Hellman.
Abstract: Evidence is given for the difficulty of an eventual proof of computational security for cryptosystems based on one-way functions, such as the one proposed by Diffie and Hellman. A proof of NP-completeness for the cryptanalytic effort would imply NP=CoNP.

84 citations


Proceedings ArticleDOI
30 Apr 1979
TL;DR: This paper considers the two classes of one-to-one and onto knapsack systems, analyzes the complexity of recognizing them and of solving their instances, introduces a new complexity measure (median complexity), and shows that this complexity is inversely proportional to the density of theknapsack system.
Abstract: A recent trend in cryptographic systems is to base their encryption/decryption functions on NP-complete problems, and in particular on the knapsack problem. To analyze the security of these systems, we need a complexity theory which is less worst-case oriented and which takes into account the extra conditions imposed on the problems to make them cryptographically useful. In this paper we consider the two classes of one-to-one and onto knapsack systems, analyze the complexity of recognizing them and of solving their instances, introduce a new complexity measure (median complexity), and show that this complexity is inversely proportional to the density of the knapsack system. The tradeoff result is based on a fast probabilistic knapsack solving algorithm which is applicable only to one-to-one systems, and it indicates that knapsack-based cryptographic systems in which one can both encrypt and sign messages are relatively insecure. We end the paper with new results about the security of some specific knapsack systems.

48 citations


Proceedings ArticleDOI
29 Oct 1979
TL;DR: The main result presented here is the existence of a relativized model of computation under which there exists a provably secure transientkey cryptosystem.
Abstract: It seems very difficult to give a formal definition of computational security for Public Key Cryptography. We define a slightly different notion, called Transient-Key Cryptography, for which a natural definition of security against chosen-plaintext-attacks can be given. The main result presented here is the existence of a relativized model of computation under which there exists a provably secure transientkey cryptosystem. Indeed, there exists a computable oracle that can be used by cryptographers to efficiently encipher and decipher messages, yet it is of no help to the cryptanalyst trying to decode messages not intended for him. As a corollary, there exists a length-preserving permutation, the inverse of which is hard to compute on most elements of its domain even if arbitrary evaluations of the function itself are allowed for free.

40 citations


Journal ArticleDOI
TL;DR: In response to a growing commercial need, the National Bureau of Standards has promulgated a national Data Encryption Standard, developed by IBM, which can be implemented in software or on a single LSI chip and can be used with any computer to encrypt and decrypt transmitted data.
Abstract: Cryptography. The very name conjures up images of secrecy and spying, with project code names like ?Magic? and ?Lucifer.? And indeed until fairly recently data encryption was a shrouded capability, used almost exclusively by military and diplomatic organizations. The computerization of information processing and transmission has changed this. In response to a growing commercial need, the National Bureau of Standards has promulgated a national Data Encryption Standard, developed by IBM. The standard, called DES, can be implemented in software or on a single LSI chip and can be used with any computer to encrypt and decrypt transmitted data. A single-chip version should sell for about $10 in quantity production. But just how good is the protection offered by DES?

32 citations



Journal ArticleDOI
Rubin1
TL;DR: Pless has proposed a stream cipher that uses 8 linear shift registers with feedback, having a combined length of 97 bits, 4 J–K flip-flops, and a 4-stage cycling counter, and generates a presumably pseudorandom stream whose period is 1.52 × 1029bits.
Abstract: Pless has proposed a stream cipher based on J–K flip-flops that uses 8 linear shift registers with feedback, having a combined length of 97 bits, 4 J–K flip-flops, and a 4-stage cycling counter. The cipher has 2.54 × 1051initial states (keys), and generates a presumably pseudorandom stream whose period is 1.52 × 1029bits. Despite these impressive statistics, it is computationally feasible to solve such a cipher with a known-plaintext attack, using as few as 15 characters

13 citations


Journal ArticleDOI
TL;DR: By using the Fano inequality it is shown that the average probability of correct decryptment of a message digit is bounded away from one when the key rate is greater than the message redundancy for a given class of cryptosystems.
Abstract: A general result related to Shannon's "random" cipher result is presented. By using the Fano inequality it is shown that the average probability of correct decryptment of a message digit is bounded away from one when the key rate is greater than the message redundancy for a given class of cryptosystems.

7 citations


Journal ArticleDOI
TL;DR: It is proposed that a theory of cryptography covering both substitution and transposition ciphers in a general way be considered so as to not overlook, various characteristics of cipher systems.
Abstract: It Is proposed that a theory of cryptography covering both substitution and transposition ciphers in a general way be considered so as to not overlook, various characteristics of cipher systems. A cipher consists of correspondence classes and their sequence, the classes being roughly equal to equivalence classes in algebra. Examples are given.


Journal ArticleDOI
TL;DR: The nature of cryptographic transformation and its application to the protection of data contained in files use by computer-based information systems are explored and the significance of such transformations for information systems is discussed.
Abstract: This article explores the nature of cryptographic transformation and its application to the protection of data contained in files use by computer-based information systems. It presents some of the basic concepts of cryptography and structures of taxonomy of cryptographic transformations. The implications of computer oriented implementations of cryptographic protection are explored and the significance of such transformations for information systems is discussed.

Journal ArticleDOI
TL;DR: A recent and controversial series of events offers what I believe to be a paradigm of this problem of purpose.

Gary C. Fisher1
01 Jan 1979
TL;DR: The creation of a set of FORTRAN programs for use with the DF and the experiments using Herlestam's cryptanaiytic attack were not successful at breaking the RSA cryptosystem.
Abstract: This thesis deals with the creation of a set of FORTRAN programs for use with the DF.Csystem-20 computer for Implementing the public-key cryptosvstem invented by R. Rlvest, A. Shamir, and L. Adieman (RSA) of M.i.T. In addition a FORTRAN program was written to subject the cryptosystem to a cryptanalytic attack proposed by T. Herlestam. A brief summary of the field of crvptology is provided. Use of conventional crvptology in providing privacy and security in computer and communications systems is reviewed. Recent research Indicates that the best commercially available cryptographic svstem, the National Bureau of Standards Data Rncryptlon Standard, may not provide adeguate protection for many more years due to the possibility of building an inexpensive machine utilizing microprocessors capable of oerforming the cryptanalysis using exhaustive search. Discussed is the implications to key distribution protocols which recommend that a key be split into several pieces which are then distributed over several channels. Tt is concluded that if the chance of any portion of a DES key being compromised is significant then this is not a safe protocol considering the reduced keyspace over which an antagonist must perform a search. Public-key cryptosystems are not olaaued by the necessity of first distributing the cryptographic keys over a secure channel. This plus the fact that they provide a method of implementing signatures and receipts makes such a system ideal for use with an electronic mail system. The RSA public-key cryDtosystem was found to be much slower than the DES. The RSA system reguires the use of multiprecision integer arithmatic. The multiprecision routines used are presented. Key generation reguires the ability to find prime numbers at least 40-digits long for adeguate security. A program was written that can find prime numbers of this magnitude in less than half a minute of CPU time with high reliability. The process for encrypting a plaintext message M into a ciphertext C is: CSM(mod n) X the decryption function is: M=C(mod n) where n is the product of two laroe primes; e and d chosen by special criteria. Based on experimental results it was found that e and d should have a high proportion of zeroes in their binary representations for rapid encryption/decryption. EncryDtion/decrvPtion time was found to increase linearly with the size of n and linearly, but discontinuously with the size of e and d. The system developed is not useful for a high traffic volume system. It could be used to Inexpensively secure an insecure channel for the distribution of the keys of a conventional cryptosystem. A suacrestion is made for using a public-key cryptosystem to provide signature capabiliy while security and privacy are orovided using a conventional cryptosystem. The experiments using Herlestam's cryptanaiytic attack were not successful at breaking the RSA cryptosystem. Only in trivial cases where very unrealistically small n were used was there the slightest success. It is concluded that for large n a cryotanalvtlc attack based upon factoring n would be less costly, and more likely to succeed.

01 Jan 1979
TL;DR: The main result presented here is the existence of a relativized model of computation under which there exists a provably secure transient­ key cryptosystem.
Abstract: It seems very difficult to give a formal definition of computational security for Public Key Cryptography. We define a slightly differ­ ent notion, called Transient-Key Cryptography, for which a natural definition of security against chosen-plaintext-attacks can be given. The main result presented here is the existence of a relativized model of computation under which there exists a provably secure transient­ key cryptosystem. Indeed, there exists a compu­ table oracle that can be used by cryptographers to efficiently encipher and decipher messages, yet it is of no help to the cryptanalyst trying to decode messages not intended for him. As a corollary, there exists a length-preserving permutation, the inverse of which is hard to compute on most elements of its domain even if arbitrary evaluations of the function itself are allowed for free.

Book ChapterDOI
03 Sep 1979
TL;DR: This paper presents a discussion and summary of results obtained jointly with K.Culik and M.Nivat on the use of nanofiltration membranes for the recovery of phosphorous with a second type of technology called “nanofiltration”.
Abstract: This paper presents a discussion and summary of results obtained jointly with KCulik [1] and MNivat [2]

Book ChapterDOI
01 Jan 1979
TL;DR: In this section the authors shall describe what modern cryptographic methods are expected to achieve - the criteria of security they have to meet.
Abstract: In this section we shall describe what modern cryptographic methods are expected to achieve - the criteria of security they have to meet. It would be convenient if there were proofs of the security of a cryptographic algorithm but this is not so. At best they can be shown to resist the known methods of attack.