Showing papers on "Triple DES published in 1998"

Serpent: A Proposal for the Advanced Encryption Standard

Abstract: We propose a new block cipher as a candidate for the Advanced Encryption Standard. Its design is highly conservative, yet still allows a very efficient implementation. It uses S-boxes similar to those of DES in a new structure that simultaneously allows a more rapid avalanche, a more efficient bitslice implementation, and an easy analysis that enables us to demonstrate its security against all known types of attack. With a 128-bit block size and a 256-bit key, it is as fast as DES on the market leading Intel Pentium/MMX platforms (and at least as fast on many others); yet we believe it to be more secure than three-key triple-DES.

The Block Cipher Rijndael

Abstract: In this paper we present the block cipher Rijndael, which is one of the fifteen candidate algorithms for the Advanced Encryption Standard (AES) We show that the cipher can be implemented very efficiently on Smart Cards

Serpent: A New Block Cipher Proposal

Abstract: We propose a new block cipher as a candidate for the Advanced Encryption Standard. Its design is highly conservative, yet still allows a very efficient implementation. It uses the well-understood DES S-boxes in a new structure that simultaneously allows a more rapid avalanche, a more efficient bitslice implementation, and an easy analysis that enables us to demonstrate its security against all known types of attack. With a 128-bit block size and a 256-bit key, it is almost as fast as DES on a wide range of platforms, yet conjectured to be at least as secure as three-key triple-DES.

The ESP DES-CBC Cipher Algorithm With Explicit IV

Abstract: This document describes the use of the DES Cipher algorithm in Cipher Block Chaining Mode, with an explicit IV, as a confidentiality mechanism within the context of the IPSec Encapsulating Security Payload (ESP).

The ESP CBC-Mode Cipher Algorithms

Abstract: This document describes how to use CBC-mode cipher algorithms with the IPSec ESP (Encapsulating Security Payload) Protocol. It not only clearly states how to use certain cipher algorithms, but also how to use all CBC-mode cipher algorithms.

DES cipher processor for full duplex interleaving encryption/decryption service

Abstract: A full duplex DES cipher processor (DCP) supports to execute sixteen rounds of data encryption standard (DES) operation in four encryption modes and four decryption modes, namely: Electronic Code Book (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher Feedback (CFB) mode, and Output Feedback (OFB) mode for both encryption and decryption. A DCP is composed of an I/O unit, an IV/key storage unit, a control unit, and an algorithm unit. The algorithm unit is used to encrypt/decrypt the incoming text message. The algorithm unit having a crypto engine allows encryption and decryption performed alternately, by sharing the same crypto engine. Since for crypto applications in communication services like T1, E1, V.35, the algorithm unit operation time is much shorter than the data I/O time; in other word, the algorithm unit is in the idle state mostly. The full duplex operation is achieved by storing the interim results of the DES encryption operation in a cipher text buffer (CTB) and the decryption results in a plain text buffer (PTB), where the CTB and PTB are in the crypto engine. The full duplex DCP has two ports, one for encrypting and the other for decrypting. In addition, the DCP can also be used for single port simplex or dual port simplex applications.

Attacking Triple Encryption

Abstract: The standard technique to attack triple encryption is the meet-in-the-middle attack which requires 2112 encryption steps. In this paper, more efficient attacks are presented. One of our attacks reduces the overall number of steps to roughly 2108. Other attacks optimize the number of encryptions at the cost of increasing the number of other operations. It is possible to break triple DES doing 290 single encryptions and no more than 2113 faster operations.

A Timing Attack on RC5

Abstract: This paper describes a timing attack on the RC5 block encryption algorithm. The analysis is motivated by the possibility that some implementations of RC5 could result in the data-dependent rotations taking a time that is a function of the data. Assuming that encryption timing measurements can be made which enable the cryptanalyst to deduce the total amount of rotations carried out during an encryption, it is shown that, for the nominal version of RC5, only a few thousand ciphertexts are required to determine 5 bits of the last half-round subkey with high probability. Further, it is shown that it is practical to determine the whole secret key with about 220 encryption timings with a time complexity that can be as low as 228.

Attacking triple encryption

Abstract: The standard technique to attack triple encryption is the meet-in-the-middle attack which requires 2 112 encryption steps. In this paper, more efficient attacks are presented. One of our attacks reduces the overall number of steps to roughly 2 108 . Other attacks optimize the number of encryptions at the cost of increasing the number of other operations. It is possible to break triple DES doing 2 90 single encryptions and no more than 2 113 faster operations.

Cryptanalysis of Multiple Modes of Operation

Abstract: In recent years, several new attacks on DES were introduced. These attacks have led researchers to suggest stronger replacements for DES, and in particular new modes of operation for DES. The most popular new modes are triple DES variants, which are claimed to be as secure as triple DES. To speed up hardware implementations of these modes, and to increase the avalanche, many suggestions apply several standard modes sequentially. In this paper we study these multiple (cascade) modes of operation. This study shows that many multiple modes are much weaker than multiple DES, and their strength is theoretically comparable to a single DES. We conjecture that operation modes should be designed around an underlying cryptosystem without any attempt to use intermediate data as feedback, or to mix the feedback into an intermediate round. Thus, in particular, triple DES used in CBC mode is more secure than three single DESs used in triple CBC mode. Alternatively, if several encryptions are applied to each block, the best choice is to concatenate them to one long encryption, and build the mode of operation around it.

Method and apparatus for advanced symmetric key block cipher with variable length key and block

Abstract: A method and apparatus for an advanced symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.

Cipher processing system

Abstract: A cipher processing apparatus which readily updates a cipher processing circuit for encrypting information communicated through a communication function. A service station side and a user side are connected. A receiving function receives a command for requesting a change of a cipher processing program and the cipher processing program which are transmitted from the service station side to the user side through the communication function. Circuit updating function updates a cipher processing circuit provided on the user side with the cipher processing program. With these functions, the cipher processing circuit provided on the user side can be readily rewritten in accordance with the cipher processing program transmitted from the service station side.

Method and apparatus for advanced byte-oriented symmetric key block cipher with variable length key and block

Abstract: A method and apparatus for an advanced byte-oriented symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation, and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.

Block cipher algorithm having a robust security against differential cryptanalysis, linear cryptanalysis and higher-order differential cryptanalysis

Abstract: The present invention relates to the block cipher algorithm based on the prior Feistel type block cipher algorithm (or similar to DES algorithm). Usually the security of Feistel type block cipher algorithm depends on the structure of its round function. More specifically, the present invention relates to the round function structure of the Feistel type block cipher algorithm, in the instance that the round input data block is divided into 8-bit blocks and the divided sub-blocks are fed, with the combined output data of the previous S-box, into 256×8 S-box, except for the first input sub-data block. The first sub-data block one is directly fed into the first S-box. The total output data block, after these steps, is rotated by 8-bits and this rotated result is the output of the current round function.

The PPP Triple-DES Encryption Protocol (3DESE)

Abstract: This document provides specific details for the use of the Triple-DES standard (3DES) for encrypting PPP encapsulated packets. [STANDARDS- TRACK]

Two-Key Triple Encryption

Abstract: In this paper we consider multiple encryption schemes built from conventional cryptosystems such as DES. The existing schemes are either vulnerable to variants of meet-in-the-middle attacks, i.e., they do not provide security corresponding to the full key length used or there is no proof that the schemes are as secure as the underlying cipher. We propose a variant of two-key triple encryption with a new method of generating three keys from two. Our scheme is not vulnerable to the meet-in-the-middle attack and, under an appropriate assumption, we can show that our scheme is at least about as hard to break as the underlying block cipher.

New operation for key insertion with folding

Abstract: MultiDES based systems with bit-slice implementation, one embodiment of the method of the present invention, is a new cipher based on a modification of bit-slice implementation of DES. Therein, the exclusive-or is replaced within the F function with a form of multiplication. Thus, every simultaneous encryption depends in all of the bits of input into the s-box on every other parallel encryption. Any invertable group operation could be used in place of multiplication. The principle requirement is that every input bit will influence every output bit. The operation need not be easily invertable, for example, common multiplication using exclusive-or to fold the upper and lower halves of the result yields a strong candidate. The method of the present invention uses a careful form of folding so that the inputs to any s-box depend on at least half of the input bits. MultiDES based systems with bit-slice implementation are particularly preferred, one embodiment of the method of the present invention. The recommended key schedule for Feistel and other blocks ciphers uses the block cipher to cause complete mixing of the key bits and pseudo-random expansion into conveniently sized subkeys. A subkey chaining mode for influencing future encryptions of block ciphers in place of cipher block chaining mode is proposed. A Feistel structure allowing for further extension of block length for subkey chaining output is proposed.

The Performance of Modern Block Ciphers in Java

Abstract: This paper explores the question of how fast modern block ciphers can be realized as machine-independent Java implementations. The ciphers we considered include well-known proven ones such as DES and IDEA and recent candidates for the proposed DES-successor AES.

Security amplification by composition : The case of doubly-iterated, ideal ciphers

Abstract: We investigate, in the Shannon model, the security of constructions corresponding to double and (two-key) triple DES. That is, we consider F k1 (F k2 (.)) and F k1 (F -1 k2 (F k1 (.))) with the component functions being ideal ciphers. This models the resistance of these constructions to generic attacks like meet in the middle attacks. We obtain the first proof that composition actually increases the security in some meaningful sense. We compute a bound on the probability of breaking the double cipher as a function of the number of computations of the base cipher made, and the number of examples of the composed cipher seen, and show that the success probability is the square of that for a single key cipher. The same bound holds for the two-key triple cipher. The first bound is tight and shows that meet in the middle is the best possible generic attack against the double cipher.

High assurance encryption system and method

Abstract: A processor ( 22 ) of an encryption system ( 20 ) receives plain text ( 24 ) and operates an encryption algorithm to convert the plain text ( 24 ) to cipher text ( 26 ). A state monitor ( 30 ) confirms a conversion sequence within each of a plurality of conversion cycles performed by the encryption algorithm. The state monitor ( 30 ) produces a first enablement signal ( 38 ) when the conversion sequence is confirmed. An encryption activity monitor ( 34 ) determines a number of blocks of cipher text ( 24 ) that are not encrypted. The encryption activity monitor ( 34 ) produces a second enablement signal ( 42 ) when the number of unencrypted blocks of cipher text ( 26 ) is less than a predetermined failure threshold ( 86 ). A monitor gate ( 36 ) enables output of the cipher text ( 26 ) in response to the first and second enablement signals ( 38, 42 ).

Serpent and Smartcards

Abstract: We proposed a new block cipher, Serpent, as a candidate for the Advanced Encryption Standard. This algorithm uses a new structure that simultaneously allows a more rapid avalanche, a more efficient bitslice implementation, and an easy analysis that enables us to demonstrate its security against all known types of attack. Although designed primarily for efficient implementation on Intel Pentium/MMX platforms, it is also suited for implementation on smartcards and other 8-bit processors. In this note we describe why. We also describe why many other candidates are not suitable.

Key-Dependent S-Box Manipulations

Abstract: This paper discusses a method of enhancing the security of block ciphers which use s-boxes, a group which includes the ciphers DES, CAST-128, and Blowfish We focus on CAST-128 and consider Blowfish; Biham and Biryukov [2] have made some similar proposals for DES The method discussed uses bits of the primary key to directly manipulate the s-boxes in such a way that their contents are changed but their cryptographic properties are preserved Such a strategy appears to significantly strengthen the cipher against certain attacks, at the expense of a relatively modest one-time computational procedure during the set-up phase Thus, a stronger cipher with identical encryption / decryption performance characteristics may be constructed with little additional overhead or computational complexity

Building PRFs from PRPs

Abstract: We evaluate constructions for building pseudo-random functions (PRFs) from pseudo-random permutations (PRPs). We present two constructions: a slower construction which preserves the security of the PRP and a faster construction which has less security. One application of our construction is to build a wider block cipher given a block cipher as a building tool. We do not require any additional constructions-e.g. pseudo-random generators-to create the wider block cipher. The security of the resulting cipher will be as strong as the original block cipher.

A new byte-oriented block cipher

Abstract: In this paper, a new byte-oriented block cipher with a key of length 64 bits is proposed. In the proposed cipher, the block length is 64 bits and only byte operations are utilized. The cipher structure is composed of two simple operations (exclusive-or and addition) and three cryptographically strong S-boxes (one is 8 x 8 S-box, two are 8-bit involution S-boxes) and chosen to provide necessary confusion and diffusion and facilitate both hardware and software implementation. The design principles of the proposed cipher are explained and a sample data is given.

Security amplification by composition: The case of doubly-iterated, ideal ciphers

Abstract: We investigate, in the Shannon model, the security of constructions corresponding to double and (two-key) triple DES. That is, we consider F_{k1}(F_{k2}(.)) and F_{k1}(F_{k2}^{-1}(F_{k1}(.))) with the component functions being ideal ciphers. This models the resistance of these constructions to ``generic'' attacks like meet in the middle attacks. We obtain the first proof that composition actually increases the security of these constructions in some meaningful sense. We compute a bound on the probability of breaking the double cipher as a function of the number of computations of the base cipher made, and the number of examples of the composed cipher seen, and show that the success probability is the square of that for a single key cipher. The same bound holds for the two-key triple cipher. The first bound is tight and shows that meet in the middle is the best possible generic attack against the double cipher.