Showing papers on "Triple DES published in 2004"

SP 800-38C. Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality

Abstract: This Recommendation defines a mode of operation, called Counter with Cipher Block Chaining-Message Authentication Code (CCM), for a symmetric key block cipher algorithm. CCM may be used to provide assurance of the confidentiality and the authenticity of computer data by combining the techniques of the Counter (CTR) mode and the Cipher Block Chaining-Message Authentication Code (CBC-MAC) algorithm.

Code-Based Game-Playing Proofs and the Security of Triple Encryption.

Abstract: The game-playing technique is a powerful tool for analyzing cryptographic constructions. We illustrate this by using games as the central tool for proving security of three-key tripleencryption, a long-standing open problem. Our result, which is in the ideal-cipher model, demonstrates that for DES parameters (56-bit keys and 64-bit plaintexts) an adversary’s maximal advantage is small until it asks about 2 queries. Beyond this application, we develop the foundations for game playing, formalizing a general framework for game-playing proofs and discussing techniques used within such proofs. To further exercise the game-playing framework we show how to use games to get simple proofs for the PRP/PRF Switching Lemma, the security of the basic CBC MAC, and the chosen-plaintext-attack security of OAEP.

A Differential Fault Attack Against Early Rounds of (Triple-)DES

Abstract: Previously proposed differential fault analysis (DFA) techniques against iterated block ciphers mostly exploit computational errors in the last few rounds of the cipher to extract the secret key. In this paper we describe a DFA attack that exploits computational errors in early rounds of a Feistel cipher. The principle of the attack is to force collisions by inducing faults in intermediate results of the cipher. We put this attack into practice against DES implemented on a smart card and extracted the full round key of the first round within a few hours by inducing one bit errors in the second and third round, respectively.

Protection of digital content using block cipher crytography

Abstract: Protection of digital content using a specific application of block cipher cryptography is described. The digital content is encrypted using an encryption key and a calculated initialization vector. The digital content includes a plurality of strides of data and each stride includes a string of data to be encrypted and a block of data to be encrypted. The calculated initialization vector to be used to encrypt the block of data is derived from the string of data in the stride to be encrypted. Furthermore, the initialization vector is calculated by performing an exclusive disjunction function on a seed value and the string of data for each stride.

Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher

Abstract: This publication specifies the Triple Data Encryption Algorithm (TDEA), including its primary component cryptographic engine, the Data Encryption Algorithm (DEA). When implemented in an SP 800-38-series-compliant mode of operation and in a FIPS 140-2-compliant cryptographic module, TDEA may be used by Federal organizations to protect sensitive unclassified data. Protection of data during transmission or while in storage may be necessary to maintain the confidentiality and integrity of the information represented by the data. This Recommendation defines the mathematical steps required to cryptographically protect data using TDEA and to subsequently process such protected data. TDEA is made available for use by Federal agencies within the context of a total security program consisting of physical security procedures, good information management practices, and computer system/network access controls.

Towards an AES crypto-chip resistant to differential power analysis

Abstract: Differential power analysis (DPA) implies measuring the supply current of a cipher-circuit in an attempt to uncover part of a cipher-key. Cryptographic security gets compromised if the current waveforms so obtained correlate with those from a hypothetical power model of the circuit. Such correlations can be minimized by masking datapath operations with random bits in a reversible way. We analyze such countermeasures and discuss how they perform and how well they lend themselves to being incorporated into dedicated hardware implementations of the advanced encryption standard (AES) block cipher. Our favorite masking scheme entails a performance penalty of some 40-50%. We also present a VLSI design that can serve for practical experiments with DPA.

The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model

Abstract: This document describes a symmetric encryption protocol that supplements the protocols described in the User-based Security Model (USM), which is a Security Subsystem for version 3 of the Simple Network Management Protocol for use in the SNMP Architecture. The symmetric encryption protocol described in this document is based on the Advanced Encryption Standard (AES) cipher algorithm used in Cipher FeedBack Mode (CFB), with a key size of 128 bits. [STANDARDS-TRACK]

Rijndael block cipher apparatus and encryption/decryption method thereof

Abstract: A rijndael block cipher apparatus including an operational unit that efficiently performs a round operation for encrypting/decrypting a rijndael block cipher and an encryption/decryption method thereof are disclosed. The rijndael block cipher apparatus is mounted in a mobile terminal such as a cellular phone and a PDA or a smart card, which requires a high-rate and small-sized cipher processor, and can encrypt and decrypt important data that requires security at high speed and perform the round operation with respect to upper 64 bits and lower 64 bits which are divided from 128-bit input data. Thus, the cipher apparatus can reduce the time required for encryption/decryption of the rijndael block cipher and the size of the apparatus.

Comparison of the hardware architectures and FPGA implementations of stream ciphers

Abstract: In this paper, the hardware implementations of five representative stream ciphers are compared in terms of performance and consumed area. The ciphers used for the comparison are the A5/1, W7, E0, RC4 and Helix. The first three ones have been used for the security part of well-known standards. The Helix cipher is a recently introduced fast, word oriented, stream cipher. The W7 algorithm has been recently proposed as a more trustworthy solution for GSM, due to the security problems that occurred concerning the A5/1 strength. The designs were coded using the VHDL language. For the hardware implementation of the designs, an FPGA device was used. The implementation results illustrate the hardware performance of each cipher in terms of throughput-to-area ratio. This ratio equals: 5.88 for the A5/1, 1.26 for the W7, 0.21 for the E0, 2.45 for the Helix and 0.86 for the RC4.

A Description of the Camellia Encryption Algorithm

Abstract: This document describes the Camellia encryption algorithm. Camellia is a block cipher with 128-bit block size and 128-, 192-, and 256-bit keys. The algorithm description is presented together with key scheduling part and data randomizing part.

Using High Security Features in Virtex-II Series FPGAs

Abstract: This application note shows how a designer can very simply implement a battery with the Virtex™-II series FPGAs for high bitstream security. It shows a number of Xilinx recommended designs. Introduction All Virtex-II family members (Virtex-II, Virtex-II Pro™, and Virtex-II Pro X FPGAs) have an on- chip decryptor that can be enabled to make the configuration bitstream (and thus the whole logic design) secure. Xilinx implements a standard triple DES (TDES) scheme for securing a bitstream. TDES is considered very safe in industry, military, and government applications. This scheme is used daily by banks to transfer trillions of dollars around the world. The user can encrypt the bitstream in the Xilinx software, and the Virtex-II chip then performs the reverse operation, decrypting the incoming bitstream and internally recreating the intended configuration. This method provides a very high degree of design security. The Virtex-II device families store the internal decryption keys in a few hundred bits of dedicated RAM, backed up by a small, externally connected battery. This battery backed-up key is the most secure solution since the keys are erased if the FPGA is tampered with. The key benefits of the Xilinx SecureChip security solution are summarized below: • Battery-backed volatile keys provide the highest degree of security • Simple, well-understood, and low-cost solution with widely available standard components

Related-Key attacks on reduced rounds of SHACAL-2

Abstract: SHACAL-2 is a 256-bit block cipher with up to 512 bits of key length based on the hash function SHA-2. It was submitted to the NESSIE project and was recommended as one of the NESSIE selections. In this paper we present two types of related-key attacks called the related-key differential-(non)linear and the related-key rectangle attacks, and we discuss the security of SHACAL-2 against these two types of attacks. Using the related-key differential-nonlinear attack we can break SHACAL-2 with 512-bit keys up to 35 out of its 64 rounds, and using the related-key rectangle attack we can break SHACAL-2 with 512-bit keys up to 37 rounds.

Cipher key setting system, access point, wireless LAN terminal, and cipher key setting method

Abstract: The invention intends to achieve new additions of terminals that use a wireless LAN with a simple process, while preventing leakage of data indicating cipher keys. The access point is notified of the cipher systems adaptable to the terminals. The access point narrows the cipher systems adaptable to itself, sets the cipher keys and notifies them, and also determines the station IDs for the cipher keys each. Thereafter, when the access point modifies the cipher systems based on the security policy, the access point adopts the station IDs corresponding to the cipher systems each. Therefore, the terminals specify the cipher systems based on the station IDs, and perform wireless communications by using the cipher keys notified in advance.

Differential-Linear Type Attacks on Reduced Rounds of SHACAL-2

Abstract: SHACAL-2 is a 256-bit block cipher with various key sizes based on the hash function SHA-2. Recently, it was recommended as one of the NESSIE selections. This paper presents differential-linear type attacks on SHACAL-2 with 512-bit keys up to 32 out of its 64 rounds. Our 32-round attack on the 512-bit keys variants is the best published attack on this cipher.

Method and apparatus for the generation of public key based on a user-defined id in a cryptosystem

Abstract: There is disclosed a method and apparatus for the generation of public key in a cryptosystem that is created based on a user definable and recognizable ID of ASCII characters. The apparatus comprises of a computer means (1) having at least a processor (2), a memory unit (3), an input device (4) and a key generation module (5) residing in the memory unit (3). When executed, the key generation module processes the user-definable and recognizable ID of ASCII characters inputted via the input device to generate the public key. Triple DES, Advance encryption system (AES), secure hash algorithm (SHA) and elliptic curve encryption algorithm are applied to arrive at the desired objectives. A PC-based implementation of such method is also preferred.

Finding Efficient Distinguishers for Cryptographic Mappings, with an Application to the Block Cipher TEA

Abstract: A simple way of creating new and very efficient distinguishers for cryptographic primitives, such as block ciphers or hash functions, is introduced. This technique is then successfully applied over reduced round versions of the block cipher TEA, which is proven to be weak with less than five cycles.

IC card with a cipher key conversion function

Abstract: Information recorded by an application provider in an IC card can be referred to, read out or changed by another application provider. The IC card has a plurality of cipher keys for reading out or writing the information recorded in the IC card, and provides a cipher key conversion function for encryption with a file capable of being managed, read out or written by the application provider himself using the cipher key. By the cipher key conversion function, data can be read out or written from or in the file of the other application provider.

Fast Software Encryption: 11th International Workshop, FSE 2004, Delhi, India, February 5-7, 2004, Revised Papers

Abstract: New Cryptographic Primitives Based on Multiword T-Functions.- Towards a Unifying View of Block Cipher Cryptanalysis.- Algebraic Attacks on Summation Generators.- Algebraic Attacks on SOBER-t32 and SOBER-t16 without Stuttering.- Improving Fast Algebraic Attacks.- Resistance of S-Boxes against Algebraic Attacks.- Differential Attacks against the Helix Stream Cipher.- Improved Linear Consistency Attack on Irregular Clocked Keystream Generators.- Correlation Attacks Using a New Class of Weak Feedback Polynomials.- Minimum Distance between Bent and 1-Resilient Boolean Functions.- Results on Rotation Symmetric Bent and Correlation Immune Boolean Functions.- A Weakness of the Linear Part of Stream Cipher MUGI.- Vulnerability of Nonlinear Filter Generators Based on Linear Finite State Machines.- VMPC One-Way Function and Stream Cipher.- A New Stream Cipher HC-256.- A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher.- Improving Immunity of Feistel Ciphers against Differential Cryptanalysis by Using Multiple MDS Matrices.- ICEBERG : An Involutional Cipher Efficient for Block Encryption in Reconfigurable Hardware.- Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST.- On the Additive Differential Probability of Exclusive-Or.- Two Power Analysis Attacks against One-Mask Methods.- Nonce-Based Symmetric Encryption.- Ciphers Secure against Related-Key Attacks.- Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance.- The EAX Mode of Operation.- CWC: A High-Performance Conventional Authenticated Encryption Mode.- New Security Proofs for the 3GPP Confidentiality and Integrity Algorithms.- Cryptanalysis of a Message Authentication Code due to Cary and Venkatesan.- Fast Software-Based Attacks on SecurID.- A MAC Forgery Attack on SOBER-128.- On Linear Approximation of Modulo Sum.

Apparatus and method for implementing a block cipher algorithm

Abstract: An apparatus and method for implementing a block cipher algorithm. In one embodiment, a cryptographic unit configured to implement a block cipher algorithm may include state storage configured to store cipher state, where the cipher state includes a plurality of rows and a plurality of columns. The cryptographic unit may further include a cipher pipeline comprising a plurality of pipeline stages, where each pipeline stage is configured to perform a corresponding step of the block cipher algorithm on the cipher state, and where a given one of the pipeline stages is configured to concurrently process fewer than all of the columns of the cipher state.

Detecting faults in four symmetric key block ciphers

Abstract: Fault detection in encryption algorithms is gaining in importance since fault attacks may compromise even recently developed cryptosystems. We analyze the different operations used by various symmetric ciphers and propose possible detection codes and frequency of checking. Several examples (i.e., AES, RC5, DES and IDEA) are presented to illustrate our analysis.

Register scheduling in iterative block encryption to reduce memory operations

Abstract: Systems and methods encrypt data according to a multi-round, block encryption algorithm, In some embodiments, each round includes transforming data held in a group of registers of a processor register set and maintaining round output in the group of registers to use as input in a subsequent round. In some embodiments, the multi-round, block encryption algorithm is the Advanced Encryption Standard algorithm.

Magnetic disk apparatus, cipher processing method and program

Abstract: A cipher key used for encoding and decoding of data is stored in a cipher key memory unit. A cipher encode unit encodes data input from an upper apparatus via a host interface using the cipher key and records it onto a record medium. A cipher decode unit decodes the encoded data read out from the record medium using the cipher key and outputs it via the host interface to the upper apparatus. When a magnetic disk apparatus is discarded, the decoding is made impossible by changing the cipher key stored in the cipher key memory unit with a cipher key change unit.

Side channel cryptanalysis on SEED

Abstract: The Korea standard block cipher, SEED, is a 128-bit symmetric block cipher with a more complex F function than DES. This paper shows that SEED is vulnerable to two types of side channel attacks, a fault analysis attack and a power analysis attack. The first one is a fault insertion analysis which induces permanent faults on the whole left register of 15-round. This attack allows one to obtain the secret key by using only two faulty cipher texts for encryption and decryption processing respectively. The second attack is a more realistic differential power analysis. This attack requires about 1000 power traces to find the full secret key. The above two attacks use a reverse property of the F function to obtain secret key, where the reverse property is derived from the our research.

VMPC-MAC: A Stream Cipher Based Authenticated Encryption Scheme.

Abstract: A stream cipher based algorithm for computing Message Authentication Codes is described. The algorithm employs the internal state of the underlying cipher to minimize the required additional-toencryption computational effort and maintain general simplicity of the design. The scheme appears to provide proper statistical properties, a comfortable level of resistance against forgery attacks in a chosen ciphertext attack model and high efficiency in software implementations.

A modification of RC6/sup tm/ block cipher algorithm for data security (MRC6)

Abstract: In this paper, a modijkation of RC6 block cipher (MRC6) is introduced. MRC6 is a symmetric encryption algorithm designed to meet the requirements of the Advanced Encryption Standard (AES). It is an enhanced extension of RC6 with improving performance. It makes essential heavy use of data-dependent rotations. Its features include using of sixteen (I@-working registers instead of four registers in RC6. Using the integer multiplication with sixteen working registers greatly increases the diSfusion achieved per round, and allows for greater security with fewer rounds. It is also capable to handle 512-bit plaintext and ciphertext block sizes with decreasing in encryptioddecryption time and increasing in throughput. Comparative performance evaluation of MRC6 with ERC6, RC6, and RC5 is introduced. Simulation results show that MRC6 achieves minimum encryptioddecryption time and maximum throughput. So, the proposed modijication is expected to satis& market demands and system security developers using advanced processors available.

Kamkar symmetric block cipher

Abstract: This paper presents a new block cipher (KAMKAR 1.0). It uses a structure that resembles that of the famous cipher Rijndael [Joan Daeman et al., (1999), Brain Gladman, (2003)] chosen as advanced encryption standard (AES) in October 2000. The difference between the two ciphers is that in our proposal the encryption process is made more key-dependent in order to have more strength against known famous attacks. The strength of this system is compared to Rijndael and it gives excellent statistical results as shown in our discussion.

Encryption method and apparatus

Abstract: An encryption method and apparatus for implementing an overlapping operation, a variable clock operation, and a combination of the two operations. In the encryption method based on an overlapping operation technique, first, first through N-th fault sources effect first through N-th rounds of a first hardware engine to output a first cipher text. Thereafter, the second through (N+1)th fault sources effect first through N-th rounds of a second hardware engine, respectively, to output a second cipher text. The first and second cipher texts are compared to each other, and if the first and second cipher texts are identical, the first or second cipher text is output. The first and second hardware engines operate according to a data encryption standard (DES) algorithm. As described above, if the first and second cipher texts are identical, the first or second cipher text is output. Thus, a highly stable encryption algorithm is provided.