Showing papers on "Transposition cipher published in 1998"
31 May 1998
TL;DR: Strong quantitative bounds on the value of data-dependent re-keying in the Shannon model of an ideal cipher are proved, and some initial steps towards an analysis in the standard model are taken.
Abstract: We argue that the invertibility of a block cipher can reduce the security of schemes that use it, and a better starting point for scheme design is the non-invertible analog of a block cipher, that is, a pseudorandom function (PRF). Since a block cipher may be viewed as a pseudorandom permutation, we are led to investigate the reverse of the problem studied by Luby and Rackoff, and ask: “how can one transform a PRP into a PRF in as security-preserving a way as possible?” The solution we propose is data- dependent re- keying. As an illustrative special case, let E: {0, 1}n x {0, 1}n → {0, 1}n be the block cipher. Then we can construct the PRF F from the PRP E by setting F(k, x) = E(E(k, x), x). We generalize this to allow for arbitrary block and key lengths, and to improve efficiency. We prove strong quantitative bounds on the value of data-dependent re-keying in the Shannon model of an ideal cipher, and take some initial steps towards an analysis in the standard model.
129 citations
23 Aug 1998
TL;DR: A slower construction which preserves the security of the PRP and a faster construction which has less security are presented, one application of which is to build a wider block cipher given a block cipher as a building tool.
Abstract: We evaluate constructions for building pseudo-random functions (PRFs) from pseudo-random permutations (PRPs). We present two constructions: a slower construction which preserves the security of the PRP and a faster construction which has less security. One application of our construction is to build a wider block cipher given a block cipher as a building tool. We do not require any additional constructions—e.g. pseudo-random generators—to create the wider block cipher. The security of the resulting cipher will be as strong as the original block cipher.
101 citations
23 Aug 1998
TL;DR: The first proof that composition actually increases the security of constructions corresponding to double and (two-key) triple DES is obtained, and it is shown that meet in the middle is the best possible generic attack against the double cipher.
Abstract: We investigate, in the Shannon model, the security of constructions corresponding to double and (two-key) triple DES. That is, we consider \(F_{k_1 } (F_{k_2 } ( \cdot ))\) and \(F_{k_1 } (F_{k_2 }^{ - 1} (F_{k_1 } ( \cdot )))\) with the component functions being ideal ciphers. This models the resistance of these constructions to “generic” attacks like meet in the middle attacks. We obtain the first proof that composition actually increases the security in some meaningful sense. We compute a bound on the probability of breaking the double cipher as a function of the number of computations of the base cipher made, and the number of examples of the composed cipher seen, and show that the success probability is the square of that for a single key cipher. The same bound holds for the two-key triple cipher. The first bound is tight and shows that meet in the middle is the best possible generic attack against the double cipher.
54 citations
Patent•
IBM1
TL;DR: In this article, a method and apparatus for an advanced symmetric key cipher for encryption and decryption, using a block cipher algorithm, is presented, where different block sizes and key sizes are supported, and a different sub-key is used in each round.
Abstract: A method and apparatus for an advanced symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.
45 citations
14 Sep 1998
TL;DR: A new 96-bit block cipher called BKSQ is presented, which can be implemented efficiently on a wide range of processors (including smartcards) and in hardware.
Abstract: In this paper we present a new 96-bit block cipher called BKSQ. The cipher can be implemented efficiently on a wide range of processors (including smartcards) and in hardware.
32 citations
Patent•
IBM1
TL;DR: In this paper, a byte-oriented symmetric key cipher for encryption and decryption is proposed, where different block sizes and key sizes are supported, and a different sub-key is used in each round.
Abstract: A method and apparatus for an advanced byte-oriented symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation, and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.
30 citations
Patent•
IBM1
TL;DR: In this paper, a modified Type-3 and Type-1 ciphers are interleaved, and provide excellent resistance to both linear and differential attacks, and a minimal amount of computer storage is required to implement this cipher.
Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. This cipher uses multiple stages with a modified Type-3 Feistel network, and a modified Unbalanced Type-1 Feistel network in an expansion box forward function. The cipher allows the block size, key size, number of rounds of expansion, and number of stages of ciphering to vary. The modified Type-3 cipher modifies the word used as input to the expansion box in certain rounds, to speed the diffusion properties of the ciphering. The modified Type-3 and Type-1 ciphers are interleaved, and provide excellent resistance to both linear and differential attacks. The variable-length subkeys and the S-box can be precomputed. A minimal amount of computer storage is required to implement this cipher, which can be implemented equally well in hardware or software (or some combination thereof).
25 citations
Patent•
18 Sep 1998TL;DR: The first and second block-ciphers differ from each other as mentioned in this paper, and the first and the second block cipher mechanisms differ from the first block cipher mechanism in the sense that they differ in the output of the random number generator is also encrypted by a third block cipher.
Abstract: An encryption device has a random number generator whose output is combined by exclusive-or with plaintext input which has been encrypted by a first block cipher. The combined exclusive-or output is encrypted with a second block cipher mechanism which produces a second enciphered output. The output of the random number generator is also encrypted by a third block cipher mechanism which produces a third enciphered output. The first and second block cipher mechanisms differ from each other.
25 citations
Journal Article•
TL;DR: In this paper, the authors studied the security of constructions corresponding to double and (two-key) triple DES with the component functions being ideal ciphers in the Shannon model.
Abstract: We investigate, in the Shannon model, the security of constructions corresponding to double and (two-key) triple DES. That is, we consider F k1 (F k2 (.)) and F k1 (F -1 k2 (F k1 (.))) with the component functions being ideal ciphers. This models the resistance of these constructions to generic attacks like meet in the middle attacks. We obtain the first proof that composition actually increases the security in some meaningful sense. We compute a bound on the probability of breaking the double cipher as a function of the number of computations of the base cipher made, and the number of examples of the composed cipher seen, and show that the success probability is the square of that for a single key cipher. The same bound holds for the two-key triple cipher. The first bound is tight and shows that meet in the middle is the best possible generic attack against the double cipher.
14 citations
17 Aug 1998
TL;DR: The method discussed uses bits of the primary key to directly manipulate the s-boxes in such a way that their contents are changed but their cryptographic properties are preserved, so a stronger cipher with identical encryption / decryption performance characteristics may be constructed with little additional overhead or computational complexity.
Abstract: This paper discusses a method of enhancing the security of block ciphers which use s-boxes, a group which includes the ciphers DES, CAST-128, and Blowfish We focus on CAST-128 and consider Blowfish; Biham and Biryukov [2] have made some similar proposals for DES
The method discussed uses bits of the primary key to directly manipulate the s-boxes in such a way that their contents are changed but their cryptographic properties are preserved Such a strategy appears to significantly strengthen the cipher against certain attacks, at the expense of a relatively modest one-time computational procedure during the set-up phase Thus, a stronger cipher with identical encryption / decryption performance characteristics may be constructed with little additional overhead or computational complexity
8 citations
Journal Article•
TL;DR: In this article, constructions for building pseudo-random functions (PRFs) from PRP permutations were evaluated and two constructions were presented: a slower construction which preserves the security of the PRP and a faster construction which has less security.
Abstract: We evaluate constructions for building pseudo-random functions (PRFs) from pseudo-random permutations (PRPs). We present two constructions: a slower construction which preserves the security of the PRP and a faster construction which has less security. One application of our construction is to build a wider block cipher given a block cipher as a building tool. We do not require any additional constructions-e.g. pseudo-random generators-to create the wider block cipher. The security of the resulting cipher will be as strong as the original block cipher.
23 Feb 1998
TL;DR: This paper cryptanalyzes the proposed cipher family SPEED, and shows how to efficiently break the SPEED hashing mode using differential related-key techniques, and proposes a differential attack on 48-round SPEED.
Abstract: The cipher family SPEED (and an associated hashing mode) was recently proposed in Financial Cryptography '97. This paper cryptanalyzes that proposal, in two parts: First, we discuss several troubling potential weaknesses in the cipher. Next, we show how to efficiently break the SPEED hashing mode using differential related-key techniques, and propose a differential attack on 48-round SPEED. These results raise some significant questions about the security of the SPEED design.
Patent•
29 Jun 1998
TL;DR: In this paper, the problem of providing a cipher communication system capable of decrypting encrypted ciphers and reducing the cost for management and distribution of keys by providing the system with a key formation means, an encryption means for forming ciphertext by encryption of plaintext and transmitting the formed ciphertext and a cryptoanalysis means for cryptoanalyzing the transmitted ciphertext.
Abstract: PROBLEM TO BE SOLVED: To provide a cipher communication system capable of decrypting encrypted ciphers and reducing the cost for management and distribution of keys by providing the system with a key formation means, an encryption means for forming ciphertext by encryption of plaintext and transmitting the formed ciphertext and a cryptoanalysis means for cryptoanalyzing the transmitted ciphertext. SOLUTION: An encryption section 143 forms the ciphertext by encrypting the plaintext read out by using a prescribed encryption algorithm and outputs an instruction for starting the cipher transmission to a transmission and reception section 145. The key formation section 112 of a cryptoanalysis device 110 of a level 1 outputs a calculated integer b1 as a decryption key to a data storage section 114, outputs an integer a1 as an encryption key and the calculated n1 to a transmission and reception section 111 and transmits the decryption key, etc., through the communication circuit 161 to the key formation section 112 of the cryptoanalysis device 110 of the level 1. A cryptoanalysis section 123 forms the common key by using the decryption key 127 received from an input section 125 and the cipher common key, cryptoanalyzes the ciphertext by using the formed common key and forms the plaintext.
TL;DR: Cryptanalysis of the stream cipher 'Labyrinth', a cipher recently proposed by Lin and Shepherd (1997), is performed and the 119 bit key of Labyrinth is recovered in under a second of computation using a DEC Alpha.
Abstract: Cryptanalysis of the stream cipher 'Labyrinth', a cipher recently proposed by Lin and Shepherd (1997), is performed. Given only 2/sup 30/ known bits of keystream, the 119 bit key of Labyrinth is recovered in under a second of computation using a DEC Alpha.
01 Jul 1998
TL;DR: In this paper, a secret-key block cipher based on mixing operations of different algebraic groups is treated, and the results show that the cipher is resistant to differential attack, even in the presence of differential attacks.
Abstract: In this paper differential cryptanalysis of a secret-key block cipher based on mixing operations of different algebraic groups is treated. The results show the cipher is resistant to differential attack.
Proceedings Article•
01 Mar 1998
TL;DR: Two improved results for the hardware and software implementation of a DES-like cipher which has a provable security against differential cryptanalysis are presented.
Abstract: K Nyberg and LR Knudsen showed a prototype of a DES-like cipher which has a provable security against differential cryptanalysis But in the last year, at FSE'97 T Jakobsen ane LRKnudsen broked it by using higher order differential attack and interpolation attack Furthermore the cipher was just a theoretically proposed one to demonstrate how to construct a cipher which is procably secure against differential cryptanalysis and it was suspected to have a large complexity for its implementationInthis paper the two improved results for the dfficidnt hardware and software implementation
Journal Article•
TL;DR: In this paper, a new byte-oriented block cipher with a key of length 64 bits is proposed and the design principles of the proposed cipher are explained and a sample data is given.
Abstract: In this paper, a new byte-oriented block cipher with a key of length 64 bits is proposed. In the proposed cipher, the block length is 64 bits and only byte operations are utilized. The cipher structure is composed of two simple operations (exclusive-or and addition) and three cryptographically strong S-boxes (one is 8 x 8 S-box, two are 8-bit involution S-boxes) and chosen to provide necessary confusion and diffusion and facilitate both hardware and software implementation. The design principles of the proposed cipher are explained and a sample data is given.