Showing papers on "Cryptography published in 1980"

Reaching Agreement in the Presence of Faults

Abstract: The problem addressed here concerns a set of isolated processors, some unknown subset of which may be faulty, that communicate only by means of two-party messages. Each nonfaulty processor has a private value of information that must be communicated to each other nonfaulty processor. Nonfaulty processors always communicate honestly, whereas faulty processors may lie. The problem is to devise an algorithm in which processors communicate their own values and relay values received from others that allows each nonfaulty processor to infer a value for each other processor. The value inferred for a nonfaulty processor must be that processor's private value, and the value inferred for a faulty one must be consistent with the corresponding value inferred by each other nonfaulty processor.It is shown that the problem is solvable for, and only for, n ≥ 3m + 1, where m is the number of faulty processors and n is the total number. It is also shown that if faulty processors can refuse to pass on information but cannot falsely relay information, the problem is solvable for arbitrary n ≥ m ≥ 0. This weaker assumption can be approximated in practice using cryptographic methods.

A cryptanalytic time-memory trade-off

Abstract: A probabilistic method is presented which cryptanalyzes any N key cryptosystem in N^{2/3} operational with N^{2/3} words of memory (average values) after a precomputation which requires N operations. If the precomputation can be performed in a reasonable time period (e.g, several years), the additional computation required to recover each key compares very favorably with the N operations required by an exhaustive search and the N words of memory required by table lookup. When applied to the Data Encryption Standard (DES) used in block mode, it indicates that solutions should cost between 1 and 100 each. The method works in a chosen plaintext attack and, if cipher block chaining is not used, can also be used in a ciphertext-only attack.

High security system for electronic signature verification

Abstract: The system provides both electronic signature and message verification with a minimum of excess coding information on an instantaneous basis and is easily restartable in a store and forward environment. The system is based on the concept of a vault or central authority. The vault is in essence a physically secured Authenticator designed as a hardware automation which is not under control of any operating system. The system is a terminal based network wherein all terminals or users may communicate directly or through a central CPU. All secure electronic signature verification transactions must be transacted through the central facility which includes said vault. The vault and all terminals include an identical key-controlled block-cipher cryptographic facility wherein each user at a terminal has access only to his own key and wherein the vault has access to all user keys. At the end of a transaction, a user A (originator) and a user B (receiver) each have uniquely encrypted messages which can be utilized in later arbitration proceedings wherein user A cannot later deny having sent a message or its contents and similarly user B cannot deny having received the message or its specific content. The vault provides facilities for effective legal arbitration and is also simple to operate in such a n-to-n network without using more than one key per person.

The Design of a Cryptography Based Secure File System

Abstract: The design of a secure file system based on user controlled cryptographic (UCC) transformations is investigated. With UCC transformations, cryptography not only complements other protection mechanisms, but can also enforce protection specifications. Files with different access permissions are enciphered by different cryptographic keys supplied by authorized users at access time. Several classes of protection policies such as: compartmentalized, hierarchical, and data dependent are discussed. Several protection implementation schemes are suggested and analyzed according to criteria such as: security, efficiency, and user convenience. These schemes provide a versatile and powerful set of design alternatives.

On the Power of Commutativity in Cryptography

Abstract: Every field needs some unifying ideas which are applicable to a wide variety of situations. In cryptography, the notion of commutativity seems to play such a role. This paper surveys its potential applications, such as the generation of common keys, challenge-and-response identification, signature generation and verification, key-less communication and remote game playing.

On the security of the Merkle- Hellman cryptographic scheme (Corresp.)

Abstract: A simplified version of the Merkle-Hellman public key cryptographic system is breakable. While their full-fledged system seems to be resistant to the cryptanalytic attack we propose, the result suggests some ways in which the security of their system can be enhanced.

One time Pads are Key Safegaurding Schemes, not Cryptosystems. Fast Key Safeguarding Schemes (Threshold Schemes) Exist.

Abstract: Common sense, David Kahn [KA67] and Gilles Brassard [BR79] all argue that there are no unbreakable cryptosystems. What, then, is to be made of the -- provably [D179a, pp. 399-400] unbreakable -- Vernam one-time pad? The somewhat surprising answer is that it is not a cryptosystem at all, but rather a key safeguarding scheme [BL79] used, as all such schemes can be, in the courier mode. This suggests that proofs of invulnerability of key safeguarding schemes, what A. Shamir [SH79] calls threshold schemes, are as natural as proofs of difficulty of breaking cryptosystems are un-natural (perhaps impossible). Indeed, such an approach sets the Vernam one-time pad securely into context. Both the projective geometric threshold scheme [BL79] and the Lagrange interpolation threshold scheme [SH79] profit from being generalized from the field of integers modulo some prime p to arbitrary Galois fields. In particular, their computer implementations are particularly felicitous in some fields with 2n elements.

Deliberate noise in a modern cryptographic system (Corresp.)

Abstract: Methods for incorporating deliberate noise into classical or public key cryptosystems are discussed.

Cryptology goes public

Abstract: As the public demands more security for computerized records, the government weighs its need to protect state secrets.

Addition to 'The Existence of Good Cryptosystems for Key Rates Greater Than the Message Redundancy'

Abstract: Three points related to a previous correspondence are reported here. Two new classes of cryptosystems are shown to share the property of additive-like instantaneous block (ALIB) ciphers; namely, good cryptosystems exist for key rates greater than the message redundancy. Furthermore, the optimality of the independence of the key and the message in a cryptosystem is established.

The IPS cryptographic programs

Abstract: Cryptographic methods of data protection have taken on new importance as computers have become faster and as strong cryptographic algorithms, such as the Data Encryption Standard (DES), have become available. But a standard encipherment technique is only the first step in applying cryptography in a computing center. This paper discusses the Information Protection System (IPS), a set of cryptographic application programs designed to use the DES algorithm in a working computing center. In designing IPS, several important augmentations of DES were formulated. IPS was first implemented to help increase computing-center security at the IBM Thomas J. Watson Research Center and is now widely installed at other IBM locations. IPS is not an IBM product and is not available for use outside IBM, but many cryptographic techniques in IPS were incorporated into the IBM cryptographic products announced in 1977.

A trapdoor multiple mapping (Corresp.)

Abstract: A public key cryptosystem is suggested in which a message is enciphered by adding its numerical value to a sum of elements selected randomly from a publicly known knapsack, thus enabling multiple mapping of the message. Data expansion is moderate while reasonable security is maintained. Since the selected knapsack elements are message-independent, the encryption is very fast.

The Cryptographic Security of Compact Knapsacks (Preliminary Report)

Abstract: In 1978, Merkle and Hellman introduced a knapsack-based public-key cryptosystem, which received widespread attention. The two major open problems concerning this cryptosystem are: (i) Security: How difficult are the Merkle-Hellman knapsacks? (ii) Efficiency: Can the huge key size be reduced? In this paper we analyze the cryptographic security of knapsack problems with small keys, develop a new (non-enumerative)type of algorithm for solving them, and use the algorithm to show that under certain assumptions it is as difficult to find the hidden trapdoors in Merkle-Hellman knapsacks as it is to solve general knapsack problems.

A time-luck tradeoff in cryptography

Abstract: New definitions are proposed for the security of Transient-Key Cryptography (a variant on Public-Key Cryptography) that account for the possibility of super-polynomial-time, Monte Carlo cryptanalytic attacks. The basic question we address is: how can one relate the amount of time a cryptanalyst is willing to spend decoding cryptograms to his likelihood of success? This question and others are partially answered in a relativized model of computation in which there provably exists a transient-key cryptosystem such that even a cryptanalyst willing to spend as much as (almost) O(2n/log n) steps on length n cryptograms cannot hope to break but an exponentially small fraction of them, even if he is allowed to make use of a true random bit generator.

The Master Key Problem

Abstract: Four methods for generating and distributing shared group encryption keys in a cryptographic system are described. All four methods can be used to implement secure broadcasts among groups of users in computer networks. Two methods use n secret keys to construct a master key for 2n -1 keys.