Showing papers on "Transposition cipher published in 1999"

Imprimitive Permutation Groups and Trapdoors in Iterated Block Ciphers

Abstract: An iterated block cipher can be regarded as a means of producing a set of permutations of a message space. Some properties of the group generated by the round functions of such a cipher are known to be of cryptanalytic interest. It is shown here that if this group acts imprimitively on the message space then there is an exploitable weakness in the cipher. It is demonstrated that a weakness of this type can be used to construct a trapdoor that may be difficult to detect. An example of a DES-like cipher, resistant to both linear and differential cryptanalysis that generates an imprimitive group and is easily broken, is given. Some implications for block cipher design are noted.

On the Construction of Variable-Input-Length Ciphers

Abstract: Whereas a block cipher enciphers messages of some one particular length (the blocklength), a variable-input-length cipher takes messages of varying (and preferably arbitrary) lengths. Still, the length of the ciphertext must equal the length of the plaintext. This paper introduces the problem of constructing such objects, and provides a practical solution. Our VIL mode of operation makes a variable-input-length cipher from any block cipher. The method is demonstrably secure in the provable-security sense of modern cryptography: we give a quantitative security analysis relating the difficulty of breaking the constructed (variable-input-length) cipher to the difficulty of breaking the underlying block cipher.

Cryptographic apparatus and method

Abstract: An encryption system comprises a pseudo-random number generator (KS) for generating a long pseudo-random sequence (S) from a shorter encryption key (K) and, if necessary, a nonce value (N), and a mixing function (MX) for combining the sequence with a plaintext message (P) on a block-by-block basis, where successive blocks (S(i)) of 128 bits of the sequence are combined with successive 64-bit blocks of plaintext (P(i)) to produce successive 64-bit blocks of ciphertext. The blockwise use of a long pseudo-random sequence preserves the advantages of a block cipher in terms of data confidentiality and data integrity, as well as benefiting from the speed advantages of a stream cipher.

On the Security of CS-Cipher

Abstract: CS-Cipher is a block cipher which has been proposed at FSE 1998. It is a Markov cipher in which diffusion is performed by multipermutations. In this paper we first provide a formal treatment for differential, linear and truncated differential cryptanalysis, and we apply it to CS-Cipher in order to prove that there exists no good characteristic for these attacks. This holds under the approximation that all round keys of CS-Cipher are uniformly distributed and independent. For this we introduce some new technique for counting active Sboxes in computational networks by the Floyd-Warshall algorithm.

On Security of the 128-Bit Block Cipher DEAL

Abstract: DEAL is a DES-based block cipher proposed by Knudsen. The block size of DEAL is 128 bits, twice as much as the DES block size. The main result of the current paper is a certificational attack on DEAL- 192, the DEAL variant with a 192-bit key. The attack allows a trade-off between the number of plaintext/ciphertext pairs and the time for the attacker's computations. Nevertheless, the DEAL design principle seems to be a useful way of doubling the block size of a given block cipher.

Method of and system for encrypting messages

Abstract: A technique for encrypting and decrypting a data message is described herein and includes a stream cipher, a block cipher and a key generation embodiment which use a process of Summary Reduction. This overall technique uses a secret key to generate ciphertext from plaintext and in doing so, the technique isolates the nature of the secret key values from the nature of the cipher text created.

Improved Higher Order Differential Attack and Its Application to Nyberg-Knudsen's Designed Block Cipher

Abstract: Since the proposal of differential cryptanalysis and linear cryptanalysis in 1991 and 1993, respectively, the resistance to these cryptanalysis has been studied. In FSE2, Knudsen proposed a method of attacking block ciphers that used the higher order differential, and in FSE4, Jakobsen and Knudsen applied it to a cipher proposed by Nyberg and Knudsen. Their approach, however, requires large complexity of running time. In this paper, we improve this attack and show that our improved algorithm requires much fewer chosen texts and much less complexity than those of previous works. key words: block cipher, higher order differential attack, KN cipher, algebraic equation

Guesswork and Variation Distance as Measures of Cipher Security

Abstract: Absolute lower limits to the cost of cryptanalytic attacks are quantified, via a theory of guesswork. Conditional guesswork naturally expresses limits to known and chosen plaintext attacks. New inequalities are derived between various forms of guesswork and variation distance. The machinery thus offers a new technique for establishing the security of a cipher: When the work-factor of the optimal known or chosen plaintext attack against a cipher is bounded below by a prohibitively large number, then no practical attack against the cipher can succeed. As an example, we apply the technique to iterated cryptosystems, as the Markov property which results from an independent subkey assumption makes them particularly amenable to analysis.

Enciphering method, and decoding method and device

Abstract: PROBLEM TO BE SOLVED: To provide an enciphering method and decoding method and device having higher secrecy by setting a cipher use mode. SOLUTION: A key data storing part 105 stores a cryptographic key including the cipher use mode. A cipher use mode selection signal generating part 104 reads the cryptographic key from the part 105 and outputs a selection signal selecting the cipher use mode. A cipher use mode controlling part 102 sets the cipher use mode of a cipher/decode algorithm part 101 by the selection signal. An encipher/decode processing part 103 converts plaintext or cryptography from a data inputting and outputting part 106 into the data of cryptography or plaintext according to the above setting and outputs the data. Secrecy can be improved because a cipher operation mode is set in addition to the cryptographic key of encipher/decoding by including the information of the cipher use mode (chain technique) in the cryptographic key.

Dual use block/stream cipher

Abstract: A dual use block/stream cipher is provided with a first key section and a data section. The first key section is to be initialized with a first cipher key, and to successively transform the first cipher key or a modified version of the first cipher key. The data section, coupled to the first key section, is to be initialized with either a block of plain text or a random number, and to successively and dependently, on the first key section, transform the plain text/random number. The cipher is further provided with a second key section and a mapping function. The second key section, coupled to the first key section, is selectively enableable to modify the first cipher key. The mapping section, coupled to the first key section, is to generate a pseudo random bit sequence when the second key section is selectably enabled to modify the stored first cipher key.

Information ciphering and deciphering device

Abstract: PROBLEM TO BE SOLVED: To share new cipher algorithm safely and to improve the security of cipher communication. SOLUTION: In a center device 10, a mode switching part 11 uses new cipher algorithm instead of a message M when updating current cipher algorithm AL into the new cipher algorithm Al' to add a signature h(Al') to the new cipher algorithm and cipher it with the current cipher algorithm, and sends the obtained ciphered data to an opposite terminal device 20i, which receives the ciphered data including the new cipher algorithm and its signature address to itself from the center device and updates current cipher algorithm into the new cipher algorithm after verifying that the signature is proper.

Product cipher negotiation with on-line evaluation for private communication over computer networks

Abstract: A method is proposed to offer privacy in computer communications, using symmetric product block ciphers. The security protocol involved a cipher negotiation stage, in which two communicating parties select privately a cipher from a public cipher space. The cipher negotiation process includes an on-line cipher evaluation stage, in which the cryptographic strength of the proposed cipher is estimated. The cryptographic strength of the ciphers is measured by confusion and diffusion. A method is proposed to describe quantitatively these two properties. For the calculation of confusion and diffusion a number of parameters are defined, such as the confusion and diffusion matrices and the marginal diffusion. These parameters involve computationally intensive calculations that are performed off-line, before any communication takes place. Once they are calculated, they are used to obtain estimation equations, which are used for on-line, fast evaluation of the confusion and diffusion of the negotiated cipher. A technique proposed in this thesis describes how to calculate the parameters and how to use the results for fast estimation of confusion and diffusion for any cipher instance within the defined cipher space.