Showing papers on "On-the-fly encryption published in 1981"
TL;DR: It is shown that key distribution protocols with timestamps prevent replays of compromised keys and have the additional benefit of replacing a two-step handshake.
Abstract: The distribution of keys in a computer network using single key or public key encryption is discussed. We consider the possibility that communication keys may be compromised, and show that key distribution protocols with timestamps prevent replays of compromised keys. The timestamps have the additional benefit of replacing a two-step handshake.
787 citations
TL;DR: It is shown that although either technique significantly improves security over single encryption, the new technique does not significantly increase security over simple double encryption.
Abstract: Double encryption has been suggested to strengthen the Federal Data Encryption Standard (DES). A recent proposal suggests that using two 56-bit keys but enciphering 3 times (encrypt with a first key, decrypt with a second key, then encrypt with the first key again) increases security over simple double encryption. This paper shows that although either technique significantly improves security over single encryption, the new technique does not significantly increase security over simple double encryption. Cryptanalysis of the 112-bit key requires about 256 operations and words of memory, using a chosen plaintext attack. While DES is used as an example, the technique is applicable to any similar cipher.
240 citations
TL;DR: A new cryptosystem that is suitable for database encryption is presented, based on the Chinese Remainder Theorem, which has the important property of having subkeys that allow the encryption and decryption of fields within a record.
Abstract: A new cryptosystem that is suitable for database encryption is presented. The system has the important property of having subkeys that allow the encryption and decryption of fields within a record. The system is based on the Chinese Remainder Theorem.
178 citations
Patent•
IBM1
TL;DR: In this article, the identity verification of a user in a data communication network with a central switch is discussed, where the secret data is first encrypted at the terminal under a transfer-in key for transmission to an associated data processing system.
Abstract: In a data communication network which includes terminals interconnected via a central switch, a process for verifying the identity of a terminal user who is provided with secret data associated with his identity. In carrying out the verification process, the secret data is first encrypted at the terminal under a transfer-in key for transmission to an associated data processing system. When it is determined that the terminal user maintains an account at the associated data processing system, a first translate operation is performed to translate the data from encryption under the transfer-in key to encryption under an authentication key, both of which keys are protected under other keys which are different from each other, thereby providing an authentication parameter which may be used to verify the identity of the terminal user. When it is determined that the terminal user does not maintain an account at the associated data processing system, a second translate operation is performed to translate the data from encryption under the transfer-in key to encryption under a transfer-out key for transmission to the next associated host system, the switch or a remote host system. At each such node, except the switch, a determination is made as to whether a verification process can be performed otherwise, the encrypted data is translated for transmission to the next or a remote node of the network for such verification.
66 citations
TL;DR: The NBS Data Encryption Standard may be integrated into computer networks to protect personal (nonshared) files, to communicate securely both on- and off-line with local and remote users, to protect against key substitution, to authenticate system users,to authenticate data, and to provide digital signatures using a nonpublic key encryption algorithm.
Abstract: The NBS Data Encryption Standard may be integrated into computer networks to protect personal (nonshared) files, to communicate securely both on- and off-line with local and remote users, to protect against key substitution, to authenticate system users, to authenticate data, and to provide digital signatures using a nonpublic key encryption algorithm. Key notarization facilities give users the capability of exercising a set of commands for key management as well as for data encryption functions. The facilities perform notarization which, upon encryption, seals a key or password with the identities of the transmitter and intended receiver. Thus, in order to decrypt a message, the receiver must authenticate himself and supply the correct identity of the transmitter. This feature eliminates the threat of key substitution which must be protected against to attain a high level of security.
19 citations
Patent•
16 Jun 1981
TL;DR: In this article, the authors proposed to avoid a wiretapper from obtaining a hold to decription by dividing a secret key into two, using one for normal encryption communication and the other for a check pattern to the propriety of the secret key.
Abstract: PURPOSE:To avoid a wiretapper from obtaining a hold to decription by dividing a secret key into two, using one for normal encryption communication and the other for a check pattern to the propriety of the secret key. CONSTITUTION:Transmission and reception parties operate X and Y respectively and obtain the value of a common key through the exchange of the value of operation. As to the common key K, the A side divides the key K1 into a test pattern and an encryption part and applies the test pattern part to an encryptor part CDC via a switch SW1 for encryption. An encripted signal reaches the reception party B via a transmission line TL. The reception party B uses the encryption key part of the common key K2 at a decryptor CDC and decrypts the signal and transmits it to a comparator to confirm the keys K1 and K2 equal with each other. From the A side, a communication message from a decryption signal source CL is inputted to the encryptor CDC and the message is transmitted to the B side, where the message can correctly be decrypted. In this case, even if the wiretapper WTP listens in the communication, no hold can be given for the decryption.
3 citations
TL;DR: It is possible to apply DES twice to a message without encountering the problems Merkle and Hellman describe, and a clever hardware design could make this algorithm run nearly half as fast as DES.
Abstract: [] The technical note \"On the Security of Multiple Encryption\" by Ralph C. Merkle and Martin E. Hellman in the July 1981 Communications [1] points out the weakness of trying to improve the Federal Data Encryption Standard (DES) by simply applying it twice to a message, using two different keys. I believe it is possible to apply DES twice to a message without encountering the problems Merkle and Hellman describe. Rather than encoding each 64-bit block several times, use a 4096-bit block arranged as 64 rows of 64 columns. Encode the rows using the first key, and then the columns using the second. Since the effect of DES is to spread the information in each of 64 bits evenly over all 64, the effect of this method would be to spread the information in each of 4096 bits evenly over all 4096. A clever hardware design could make this algorithm run nearly half as fast as DES.