Showing papers on "Cryptography published in 1983"
TL;DR: Several models are formulated in which the security of protocols can be discussed precisely, and algorithms and characterizations that can be used to determine protocol security in these models are given.
Abstract: Recently the use of public key encryption to provide secure network communication has received considerable attention. Such public key systems are usually effective against passive eavesdroppers, who merely tap the lines and try to decipher the message. It has been pointed out, however, that an improperly designed protocol could be vulnerable to an active saboteur, one who may impersonate another user or alter the message being transmitted. Several models are formulated in which the security of protocols can be discussed precisely. Algorithms and characterizations that can be used to determine protocol security in these models are given.
5,145 citations
01 Jan 1983
TL;DR: The use of quantum mechanical systems to record information gives rise to novel cryptographic phenomena, not achievable with classical recording media, including the multiplexing of two messages in such a way that either message may be recovered at the cost of irreversibly destroying the other.
Abstract: The use of quantum mechanical systems, such as polarized photons, to record information gives rise to novel cryptographic phenomena, not achievable with classical recording media: 1) A Verify Only Memory (VOM) that, with high probability, cannot be read or copied by someone ignorant of its contents; 2) the multiplexing of two messages in such a way that, with high probability, either message may be recovered at the cost of irreversibly destroying the other.
242 citations
TL;DR: The fundamental requirement is that no individual should see information classified above his clearance.
132 citations
TL;DR: This article on digital signature schemes is a survey of work done in the area since the concept was introduced in 1976.
Abstract: As paper gives way to electronic mail, a secure means for validating and authenticating messages is required. The answer could be one of several digital signature schemes. In the last few years, research in cryptography has provided various methods for generating digital signatures, both true and arbitrated. Some of these methods utilize conventional private-key cryptosystems such as the Data Encryption Standard (DES), while others are based on the so-called public-key approach. This article on digital signature schemes is a survey of work done in the area since the concept was introduced in 1976. For readers unfamiliar with modern cryptology several overview articles and a number of texts on the subject are noted among the list of references of this article.
96 citations
Patent•
13 Sep 1983
TL;DR: In this article, a system for a data protection executing financial transactions employing cryptographic techniques is described, which comprises an encoded card, which has been initially encrypted using the National Bureau of Standards Data Encryption Standard Algorithm.
Abstract: A system for a data protection executing financial transactions employing cryptographic techniques. The system comprises an encoded card, which has been initially encrypted using the National Bureau of Standards Data Encryption Standard Algorithm. A subsequent encryption utilizes a private key of a public key cryptosystem is completed resulting in an account number and an uncoded identifier which are placed on the card. The encoded card may be placed in a sender unit which decrypts the public key. The user that enters a personal identifier in the sender unit. The data is transferred to a receiving unit that decrypts the transmitted data utilizing the private key which is unknown to both the user and the sender unit.
84 citations
01 Jan 1983
TL;DR: A time-versus-storage trade-off is described for addressing the key management problem of enforcing multilevel security in a system where hierarchy is represented by a partially ordered set.
Abstract: A scheme based on cryptography is proposed for enforcing multilevel security in a system where hierarchy is represented by a partially ordered set (or poset) Straightforward implementation of the scheme requires users highly placed in the hierarchy to store a large number of cryptographic keys A time-versus-storage trade-off is then described for addressing this key management problem
64 citations
TL;DR: The main result presented here is the existence of a relativized model of computation under which there exists a provably secure transientkey cryptosystem.
Abstract: It appears to be very difficult to give a formal definition of computational security for public-key cryptography. A slightly different notion, called transient-key cryptography, is defined for which a natural definition of security against chosen-plaintext attacks is given. The main result presented here is the existence of a relativized model of computation under which there does exist a secure transient-key cryptosystem. Indeed, there exists a computable oracle that can be used by cryptographers to efficiently encipher and decipher messages, yet it is of no help to the cryptanalyst trying to decode messages not intended for him. As a corollary, there also exists a length-preserving permutation, the inverse of which is hard to compute on most elements of its domain, even if arbitrary evaluations of the function itself are allowed for free.
60 citations
01 Jan 1983
TL;DR: This paper explores various ways of using randomization in encryption by increasing the apparent size of the message space, eliminating the threat of chosen plaintext attacks, and improving the a priori statistics for the inputs to the encryption algorithms.
Abstract: A randomized encryption procedure enciphers a message by randomly choosing a ciphertext from a set of ciphertexts corresponding to the message under the current encryption key At the cost of increasing the required bandwidth, such procedures may achieve greater cryptographic security than their deterministic counterparts by increasing the apparent size of the message space, eliminating the threat of chosen plaintext attacks, and improving the a priori statistics for the inputs to the encryption algorithms In this paper we explore various ways of using randomization in encryption
53 citations
07 Nov 1983
TL;DR: This work defines the class of trapdoor pseudo-random number generators, and introduces a new technique for using these in cryptography, and presents a provably secure protocol for One-Bit Disclosures i.e. for giving a one-bit message in exchange for receipt.
Abstract: We define the class of trapdoor pseudo-random number generators, and introduce a new technique for using these in cryptography. As an application for this technique, we present a provably secure protocol for One-Bit Disclosures i.e. for giving a one-bit message in exchange for receipt.
53 citations
01 Dec 1983
TL;DR: It is shown that unless the cryptanalyst can completely break the RSA encryption, any heuristic he uses to determine the least significant bit of the cleartext must have an error probability greater than 1/4.
Abstract: The ability to “hide” one bit in trapdoor functions has recently gained much interest in cryptography research, and is of great importance in many transactions protocols. In this paper we study the cryptographic security of RSA bits. In particular, we show that unless the cryptanalyst can completely break the RSA encryption, any heuristic he uses to determine the least significant bit of the cleartext must have an error probability greater than 1/4—e A similar result is shown for Rabin's encryption scheme.
46 citations
25 Apr 1983
TL;DR: It is shown here that the Cipher Feedback (CFEI) mode of operation of the Data Encryption Standard (DES) exhibits similar weaknesses to a proposed MDC technique involving block-by-block Exclusive-ORing, and a Quadratic Congruential Manipulation Detection Code is proposed to avoid the problems of previous schemes.
Abstract: In many applications of cryptography, assuring the authenticity of communications is as important as protecting their secrecy. A well known and secure method of providing message authentication is to compute a Message Authentication Code (MAC) by encrypting the message. If only one key is used to both encrypt and authenticate a message, however, the system is subject to several forms of cryptographic attack. Techniques have also been sought for combining secrecy and authentication in only one encryption pass, using a Manipulation Detection Code generated by noncryptographic means. Previous investigations have shown that a proposed MDC technique involving block-by-block Exclusive-ORing is not secure when used with the Cipher Block Chaining (CBC) mode of operation of the Data Encryption Standard (DES]. It is shown here that the Cipher Feedback (CFEI) mode of operation exhibits similar weaknesses. A linear addition modulo 264 MDC is analyzed, including discussion of several novel attack scenarios. A Quadratic Congruential Manipulation Detection Code is proposed to avoid the problems of previous schemes.
TL;DR: This special issue describes many developments in the above-mentioned aspects of data security in networks.
Abstract: Security in networks differs in several aspects from security in a centralized computer system This is because (1) the switching nodes and concentrators are distributed physically and cannot be considered secure, and (2) the network protocols, if not properly designed, can be used by an intruder to gain access to the network data or have it misrouted This special issue describes many developments in the above-mentioned aspects of data security in networks The first article surveys digital signatures Both private-key and public-key encryption techniques can be used to generate digital signatures Since an unauthorized party can counterfeit public keys or use private keys that have been compromised, the use of public-key encryption alone does not ensure secrecy or a correct digital signature The next article discusses the protection of public keys and signature keys A protocol is a set of rules to be followed by users to ensure orderly communication The next work describes several issues in protocol design and implementation The importance of arbitrators in the design of secure protocols is explained and some implementations are described An application of the RSA digital signature to electronic mail is described in the last article
TL;DR: It is shown that after sufficiently many modular multiplications, any knapsack system becomes a trapdoor system that can be used in public-key cryptography.
25 Apr 1983
TL;DR: Two implementations of a general scheme which allows a user to generate from his own key the keys of users below him in the hierarchy are proposed and compared in terms of security and efficiency to an existing one.
Abstract: This paper addresses one aspect of the problem of access control in a hierarchy. A general scheme is described which allows a user to generate from his own key the keys of users below him in the hierarchy. Two implementations of this scheme are then proposed and compared in terms of security and efficiency to an existing one.
TL;DR: In this paper, the authors introduce the concept of a transaction key which provides automatic key management at almost no extra cost, and consider some of the security problems that arise within a large electronic fund transfer point of sale (EFTPOS) system, paying particular attention to the difficulties of key management.
Abstract: In the letter we will consider some of the security problems that arise within a large electronic fund transfer point of sale (EFTPOS) system, paying particular attention to the difficulties of key management. In particular, we will introduce the concept of a transaction key which provides automatic key management at almost no extra cost.
TL;DR: This paper investigates two DES-based hashing methods and it is shown that neither method seems to introduce any statistical regularities in the generated checksums.
Abstract: Secrecy and authentication are two important features of a secure communication system. Public Key Cryptosystems, based, e.g., on the Rivest-Shamir-Adleman (RSA) algorithm, provide a very elegant solution to the problem of authenticity verification or true electronic signatures. Practical problems, however, mainly the lack of execution speed, prevent a straightforward application. In order to sign a long message it is much faster to first calculate a short digest or checksum and then sign the compressed message. For this checksum calculation the fast, inexpensive and extensively tested Data Encryption Standard (DES) can be used. But care must be taken that this additional processing step does not introduce any weakness into the signature scheme. This paper investigates two DES-based hashing methods. It is shown that neither method seems to introduce any statistical regularities in the generated checksums. The “Cipher/Message to Plain Feedback,” however, is not secure under a modification compensation atta...
25 Apr 1983
TL;DR: The many-time pad attack arises in three different contexts: cryptographic systems, where digital signatures can be forged or messages decrypted; statistical databases, where trackers can be used to obtain confidential data; and programming systems,where Trojan Horses can be planted in programs to leak sensitive input data.
Abstract: The man-time pad is a method of subverting the security controls of a system to obtain data that is not directly accessible(e.g., because the data is confidential, classified, or otherwise deemed sensitive). It is the antithesis of the one-time pad, the only theoretically unbreakable cipher, in two respects: 1) whereas the one-time pad is a method of protection,the many-time pad is a method of attack; and 2) whereas the one-time pad is used just once, the many-time pad is reusable. A1so, whereas the interpretation of "pad" m the one-time pad comes from a "pad of paper", its interpretation in the many-time pad comes from "stuffing". What makes the many-time pad attack interesting is that it arises in three different contexts: cryptographic systems, where digital signatures can be forged or messages decrypted; statistical databases, where trackers can be used to obtain confidential data; and programming systems, where Trojan Horses can be planted in programs to leak sensitive input data, We shall first describe the basic structure of the attack and countermeasures for foiling it. We shall then show how these three seemingly unrelated security threats are variations of a common theme.
Book•
01 Jan 1983
TL;DR: This paper presents a new algorithm for the solution of the Knapsack Problem and discusses Finite Semigroups and The RSA-Cryptosystem.
Abstract: Classical Cryptography.- Cryptology - Methods and Maxims.- Mechanical Cryptographic Devices.- Cryptanalysis of a Kryha Machine.- Enigma Variations.- Mathematical Foundations.- Encrypting by Random Rotations.- Analogue Scrambling Schemes.- Analogue Speech Security Systems.- A Voice Scrambling System for Testing and Demonstration.- The Rating of Understanding in Secure Voice Communications Systems.- Analysis of Multiple Access Channel Using Multiple Level FSK.- Analog Scrambling by the General Fast Fourier Transform.- Stream Ciphers.- Stream Ciphers.- Multiplexed Sequences: Some Properties of the Minimum Polynomial.- On Using Prime Polynomials in Crypto Generators.- Cryptography in Large communication Systems.- Communication Security in Remote Controlled Computer Systems.- Privacy and Data Protection in Medicine.- The Data Encryption Standard.- Cryptanalysis of the Data Encryption Standard by the Method of Formal Coding.- Are Big S-Boxes Best?.- The Average Cycle Size of The Key Stream in Output Feedback Encipherment.- Authentication Systems.- Authentication Procedures.- Fast Authentication in a Trapdoor-Knapsack Public Key Cryptosystem.- The Merkle - Hellman - Scheme.- A New Algorithm for the Solution of the Knapsack Problem.- Trapdoors in Knapsack Kryptosystems.- The Rivest - Shamir - Adleman - Scheme.- Is the RSA - Scheme safe? (Abstract).- Ein Effizienzvergleich der Faktorisierungsverfahren von Morrison-Brillhart und Schroeppel (Extended Abstract).- Finite Semigroups and The RSA-Cryptosystem.- How to Share a Secret.
TL;DR: Several trapdoor techniques are outlined that are not dependent on hiding superincreasing sequences that can be used as a trapdoor technique for breaking Merkle-Hellman public-key schemes.
TL;DR: The original Merkle-Hellman knapsack algorithm is the most practical of the public key algorithms, but is considered insecure, so improvements have been proposed.
Abstract: The original Merkle-Hellman knapsack algorithm is the most practical of the public key algorithms, but is considered insecure. Improvements have been proposed. In the letter the improvements are unified and extended using linear algebra and extended mappings.
01 Jan 1983
TL;DR: Individual weak ciphers can be combined into a network to give a hopefully strong cryptographic system: an obvious example here is the Data Encryption Standard, or DES, developed by IBM, which is built up by concatenating substitution and transposition cipher.
Abstract: Substitution ciphers are a rather unsophisticated and time-honoured class of ciphers, to the extent that one may feel that they appeal to aesthetical-minded mathematicians rather than to communications engineers or to computer scientists. However, one should not overlook the fact that individually weak ciphers can be combined into a network to give a hopefully strong cryptographic system: an obvious example here is the Data Encryption Standard, or DES, developed by IBM, which is built up by concatenating substitution and transposition ciphers.
01 Jan 1983
TL;DR: This paper describes some properties of exponentiation modulo a polynomial and suggests its use for encryption in a mode that can be cryptanalyzed in approximatelyO(pd3) time, whered is the size of the message frame and p is the prime modulo which the rankwise computations are carried out.
Abstract: This paper describes some properties of exponentiation modulo a polynomial and suggests its use for encryption in a mode that can be cryptanalyzed in approximatelyO(pd3) time, whered is the size of the message frame andp is the prime modulo which the rankwise computations are carried out. While for sufficiently largepd (∼105) this appears to provide a one-way function which can be used in a public-key cryptosystem, we show that since encryption/ decryption effort is defined inO(d2 logpd log logp) time, a practical application of the proposed algorithm would be either in a secret key or in a tamper-proof, hardwired secret polynomial system.
TL;DR: This chapter discusses recent advancements in cryptographic techniques, known as public key cryptography, which provides elegant solutions not only to secrecy and authentication, but also to protection against forgery through a provision called digital signatures.
Abstract: Publisher Summary This chapter discusses recent advancements in cryptographic techniques, known as public key cryptography, which provides elegant solutions not only to secrecy and authentication, but also to protection against forgery through a provision called digital signatures. The chapter begins by introducing a few useful concepts, definitions, and notations. The process of transforming the message or plain text and locking its contents from being known to others is called encryption or enciphering. Decryption is the unlocking of the ciphered text to get back the original plain text. The locking and unlocking is done by a key, which is known only to the legitimate sender-receiver and the encryption-decryption pair constitutes a cryptosystem. Cryptography deals with the analysis and design of cryptosystems. The modern public-key cryptosystem uses different keys for the encryption and decryption process. The chapter presents various algorithms for public key cryptosystems and describes its various applications, such as authentication, digital signatures, read-only secure communications, conference key distribution systems, and data-base security.
01 Jan 1983
TL;DR: A technique is presented here which permits a reduction in the enciphering complexity of private key schemes without a loss in security.
Abstract: Computational efficiency is of prime importance to any micro-processor based cryptosystem. A technique is presented here which permits a reduction in the enciphering complexity of private key schemes without a loss in security. The net result can be a simplification of the system’s implementation, a reduction in cryptographic overhead and the potential for a simple mathematical analysis of the security system.
Patent•
21 Apr 1983
TL;DR: In this article, the authors propose a method for a large number of applications in which information is transmitted from a source (transmitter) to a sink (receiver) and need to be authenticated for security reasons and/or needs to be encoded in the transmitter for data protection or other secrecy reasons and converted back into open information in the receiver, where the transaction time can be incorruptibly restricted within the system to a specific time and correspondingly documented.
Abstract: In data processing system memory areas protected by passwords and technical system measures or in transceiver units of office computer or microelectronic systems designed according to esoteric principles, in which access to protected memory areas is secured by means of a personal identification number, on the basis of the date and time of a transaction time synchronised between the source (transmitter) and the sink (receiver) or the difference between a synchronised time and the transaction time with a secret, irreversible algorithm, either an address is calculated in a protected memory area and at this location in the transceiver unit a code number of defined length is used for the encryption or decryption of information, where identical (two-way) or complementary (one-way) codes may be involved in the transceiver unit or a two-way code is calculated directly. The method is suitable for a large number of applications in which information is transmitted from a source (transmitter) to a sink (receiver) and needs to be authenticated for security reasons and/or needs to be encoded in the transmitter for data protection or other secrecy reasons and converted back into open information in the receiver, where the transaction time can be incorruptibly restricted within the system to a specific time and/or can be correspondingly documented.
01 Oct 1983
TL;DR: A general formulation for "asynchronous speech encryption" is proposed, in which the synchronization becomes completely unnecessary, and it will be found that the two asynchronous techniques proposed recently become two special cases of the general formulation here.
Abstract: Speech encryption techniques have always been very important for military communications, but most useful techniques require perfect synchronization between the transmitter and the receiver. This not only complicates the implementation, but makes the transmission very sensitive to channel conditions because slight synchronization error might completely break the transmission. In this paper, a general formulation for "asynchronous speech encryption" is proposed, in which the synchronization becomes completely unnecessary. It will be found that the two asynchronous techniques proposed recently become two special cases of the general formulation here. Also, an effective and practical method to evaluate the system performance when operated with a realistic telephone channel is developed and simulation results for such asynchronous techniques are presented finally.
TL;DR: Control features have been implemented in ROTERM which permit keyboard and/or remote control of the encipherment and decipherment of ASCII character strings.
Abstract: Microprocessors are playing an increasingly important role in cryptographic systems. ROTERM is an implementation of a cipher terminal using an inexpensive microcomputer system. ROTERM behaves like a mechanical rotor system of eight rotors with 96 elements each. Control features have been implemented in ROTERM which permit keyboard and/or remote control of the encipherment and decipherment of ASCII character strings. Examples are given demonstrating the use of ROTERM in user-user communications as well as user-electronic mail system posting and reading of messages.