K 2r+8 PHT <<<1 MDS MDS

Size: px
Start display at page:

Download "K 2r+8 PHT <<<1 MDS MDS"

Transcription

1 )*.1,(/-+032 THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS 034- TECHNICAL REPORT OF IEICE. 7865'9 Twosh ;<= (:; 2) 3 B&C y 3 NTT FRUX_a[\]Ye`khE f Gnql #Hw~ ˆ g 1-1 y NTT Multimedia Communications Laboratories 250 Cambridge Ave., Palo Alto, CA 94306, USA ª «OŒ zkd!š AES Žƒ Q "œž ^b[z!š Twosh Lxp šdi}{ truncated dierential V šj%cys 2 057:3 žjt 16 W truncated dierential mœ šd 2 51 rvnm u c truncated dierential \good pair" 1 st c good pair i 2 77 st Ÿ} ž d šc Knudsen open problem Ÿ šc 5 W Twosh random permutationÿ Pž $oi truncated dierential mœ šd ± ³ ² µ, ¹, truncated dierential, Twosh, AES Cryptanalysis of Twosh (II) Shiho Moriai 3 Yiqun Lisa Yin y 3 NTT Information Sharing Platform Laboratories 1-1 Hikarinooka, Yokosuka, , Japan y NTT Multimedia Communications Laboratories 250 Cambridge Ave., Palo Alto, CA 94306, USA Abstract We present truncated dierential cryptanalysis of the block cipher Twosh, which is one of the ve nalists for the Advanced Encryption Standard (AES). From our experimental results, we found a 16-round truncated dierential with probability of about 2 057:3. One can expect to get one good pair following the truncated dierential from 2 51 chosen plaintexts, and there are a total of 2 77 such goodpairs. We also found 5-round truncated dierentials which can be useful in distinguishing Twosh reduced to 5 rounds from a random permutation. This was considered to be an open problem by Knudsen. key words cryptanalysis, dierential cryptanalysis, truncated dierential, Twosh, AES

2 1 Introduction Twosh is a 128-bit block cipher proposed by Schneier et al. [SKW+98]. It is one of the ve nalists of AES, and it is used in many products such as GnuPG, SSH Secure Shell, and so on [C99]. The best known attack on variants of Twosh claimed by the designers is an impossible dierential attack on 6-round Twosh [F99]. Recently Knudsen [K00] showed that there are dierentials for Twosh for up to 16 rounds, predicting at least 32 bits of nontrivial information in every round. The probability of the truncated dierentials are too small to distinguish Twosh with more than a few rounds from a random permutation, but he claimed that it is possible, at least in theory, to nd one good pair of plaintexts following the dierential through all 16 rounds. Murphy and Robshaw [MR00] made some observations on key-dependent S-boxes and dierential cryptanalysis of Twosh. Their approach was to choose the S-box to t the dierential characteristic, instead of choosing the dierential characteristic to t the S-box. They found a 6-round dierential characteristic which holds for a fraction of at least of the S-boxes and claimed possible attacks of 8-round Twosh. Table 1 summarizes the known results on cryptanalysis of Twosh. In this paper we study truncated dierential cryptanalysis of Twosh. The type of truncated dierentials to be used are \byte characteristics," that is, the values of the dierence in a byte are distinguished between non-zero and zero, and the measure of dierence is exclusive-or. Note that Knudsen's truncated dierentials were based on the integer subtraction dierence between two 32-bit words. By using byte wise characteristics instead, we can make a thorough investigation of the non-uniformity in the distribution of the dierences, which was left as an open question by Knudsen [K00]. Twosh consists of both byte-oriented and non-byte-oriented operations as shown in Figure 1. The non-byte-oriented operations include the 1-bit rotates, addition with subkeys, and PHT (pseudo-hadamard transform), which comprises of two additions modular To search for byte characteristics of Twosh, we begin by computing the truncated dierential probability of addition modular 2 n. Based on the ecient computation of dierential probability of addition modular 2 n shown in [M00], we give an ecient computation of truncated dierential probability of addition modular 2 n in Section 2. In Section 3, we consider truncated dierential probability of the MDS. Finally in Section 4 we present the truncated dierentials that we found by computer experiments. 2 Ecient Computation of Truncated Dierential Probabilities of Addition Modular 2 n In [M00], an ecient algorithm was presented for computing dierential probabilities of addition mod 2 n. The algorithm can be extended to compute truncated dierential probabilities of addition of 2 n, but a straightforward extension to the case of truncated dierentials can still be computationally very expensive. In this section, we study how to further speed up the round whitening key size cryptanalysis complexity conditions reference 4 w/ any distinguishing attack [K00] 6 w/o 128 impossible dierential [F99] 6 w/o 192 impossible dierential [F99] 6 w/o 256 impossible dierential [F99] 6 w/ 256 impossible dierential [F99] 8* w/ any dierential attack > fraction [MR00] of the S-boxes Table 1: Twosh cryptanalysis

3 K 0 K 1 K 2 K 3 input whitening S-box 0 S-box 1 S-box 2 MDS K 2r+8 PHT <<<1 S-box 3 <<<8 S-box 0 S-box 1 S-box 2 S-box 3 MDS K 2r+9 >>>1 1 round : 15 more rounds K 4 K 5 K 6 K 7 output whitening Figure 1: Twosh computation of truncated dierential probabilities. We will follow the denitions and notation in [M00], and here we will only restate some of them if they are directly related to our discussion below. For x; y; z 2 GF(2) n, the function addition mod 2 n is dened as follows: f(x; y) =x + y = z (mod2 n ): We divide 1x 2 GF(2) n into t-bit sub-blocks and denote them by 1x [t] least signicant sub-block. So 1x =(1x [t] m01 ;:::;1x[t] 1 ; 1x[t] 0 ); 0 ; 1x[t] 1 ;::: from the where m = n=t is the number of sub-blocks. A very ecient algorithm for computing dierential probabilities of f (denoted by DP f (1x; 1y;1z)) is given in [M00]. For each triplet (1x; 1y; 1z), the running time of the algorithm is O(n) 1, while a naive approach would require a running time of O(2 2n ). The truncated dierential probabilities for f are dened as follows. TDP f (x;y;z) = 1 c X (1x;1y;1z)=(x;y;z) DP f (1x; 1y; 1z); (1) where c is the number of pairs (1x; 1y) satisfying the condition (1x; 1y) =(x; y). Let w H (x) denote the Hamming weight ofx. Then it is easy to see that c =(2 t 0 1) w H(x)+w H (y) : In a typical setting (e.g., byte characteristics), we have n =32andt = 8. So the number of possible truncated dierentials is (2 n=t ) 3 =2 12. Some of these truncated dierentials may have a very large c value. For example, when w H (x) +w H (y) 6, we have c Therefore, computation of all truncated dierential probabilities using Equation (1) can still be very expensive, even when the dierential probabilities themselves can be calculated eciently. 1 Later the complexity was further improved to 2(log n) in the worst-case and 2(1) in the average-case.

4 2.1 Basic idea The main idea for speeding up the computation of truncated dierential probabilities is to treat each sub-block somewhat independently. More specically, we will rst compute some properly dened \partial sums of dierential probabilities" for each sub-block ignoring the carry from one sub-block to the next, and then we will join these probabilities together to obtain the total truncated dierential probability for f. For each sub-block, we need to consider both the dierence in the carryin (denoted by 1cin) from the previous sub-block and dierence in the carryout (denoted by 1cout) to the next sub-block. There are two possible values for 1cin: 0,1. Let P 1cout denote the probability that there is carry from one sub-block to the next. That is, P 1cout =Pr[1cout =1]: Based on the results in [M00], there are only three possible values for P 1cout : 0,0.5,1. For a give sub-block (the ith sub-block), let (x i ;y i ;z i ) be the values of (x; y; z) restricted to the sub-block. Below, we dene 6 partial sums for the dierential probabilities, one corresponding to a possible combination of (1cin; P 1cout )=(d; p) ford =0; 1andp =0; 0:5; 1. where Condition PS is 2.2 Detailed algorithm = X PS(x i ;y i ;z i ;d;p) Condition PS DP(1x [t] i ; 1y[t] i ; 1z[t] i ); (2) (1x [t] i ; 1y[t] i ; 1z[t] i ) = (x i;y i ;z i ); 1cin = d; P 1cout = p: Our algorithm for computing truncated dierential probabilities contains two major components: precomputing partial sums and joining partial sums of sub-blocks. Precomputing partial sums We observe that the partial sums dened by Equation (2) only depend on the values restricted to a particular sub-block. Therefore, these partial sums can be precomputed and stored in a table. Typically, eachx i ;y i ;z i is just a single bit. So the total number of partial sums to be stored is = 48. Joining sub-blocks Given the partial sums for anytwo consecutive sub-blocks H and L (each of length t bits), we can compute the partial sums for the sub-block HjjL of length 2t bits. Let PS L (x i ;y i ;z i ;d;p); PS H (x i+1 ;y i+1 ;z i+1 ;d;p); and PS HjjL (x i+1 jjx i ;y i+1 jjy i ;z i+1 jjz i ;d;p)

5 denote the partial sums of dierential probabilities for the corresponding sub-blocks. PS HjjL is computed as Then PS HjjL (1; 1; 1;d;p)=[ ]: PS H (1; 1; 1; 0;p) 2 PS L (1; 1; 1;d;0) + PS H (1; 1; 1; 1;p) 2 PS L (1; 1; 1;d;1) + PS H (1; 1; 1; 0;p) 2 PS L (1; 1; 1;d;0:5) 2 0:5 + PS H (1; 1; 1; 1;p) 2 PS L (1; 1; 1;d;0:5) 2 0:5 In general, the two sub-blocks H and L can have anynumberofbits,say t 1 and t 2, respectively. Using the above formula, we can compute the new partial sums for the sub-block HjjL of length (t 1 + t 2 ) bits. Computing the total TDP By repetitively joining successive sub-blocks, we can obtain the 6 partial sums PS(x;y;z; d;p) for the entire block of length n. Since 1cin = 0 for the least signicant sub-block, 3 of these partial sums (for which d = 1) actually have value zero. Therefore, the total truncated dierential probability is TDP f (x; y;z) = 1 2 [ PS(x; y; z; 0; 0) c + PS(x; y; z; 0; 1) ]: + PS(x; y; z; 0; 0:5) Eciency analysis The algorithm given in this section is independent of the Hamming weight of x and y. For n = 32 and t =8,eachofthe2 12 truncated dierential probabilities can be computed using a constantnumber of table lookups, additions, and multiplications. Experiments show that all the 2 12 probabilities can be computed in less than one second on a PC. 3 Truncated Dierential Probabilities of MDS The truncated dierential probabilities for the MDS are dened as follows. TDP MDS (x; y) = 1 c X (1x;1y)=(x;y) Pr[MDS(x) 8 MDS(x 8 1x) =1y]; (3) where c is the number of 1x satisfying the condition (1x) =x. The distribution of TDP MDS (x;y) is related to the weight distribution of the MDS (Maximum Distance Separable) code. TDP MDS (x;y) is determined by the Hamming weights of x and y, astable 2 shows. 4 Search for Truncated Dierentials of Twosh In this section, we present our search results for truncated dierentials of Twosh. Our search uses the dierential probabilities of PHT and MDS computed in Sections 2 and 3. For speeding up the search, we rst set the probability to be one for 1-bit rotations. Once we found the truncated dierentials, we then adjust the probability as follows. If the input dierence (32-bit) of the 1-bit rotation is f 2, the output dierence is still f. Otherwise, we need some adjustment. For example, if the input dierence of the 1-bit right rotation is 8, the output 2 In this section we usetypewriter font for the hexadecimal representation of truncated dierentials.

6 w H (y) w H (x) : : : : : : : : :023 Table 2: Truncated dierential probabilities of MDS dierence is 8 with probability 2 01, c with probability and 4 with probability 2 08 (here we have multiple paths, but in most cases the multiple paths join at the next MDS). For additions with subkeys (i.e., f(x; k) =x + k = z (mod 2 n ), where k is some subkey), the value corresponding to k = 0 in our precomputed table gives the truncated dierential probability when we average over all possible keys. For any xed subkey k, the probability depends on k, and it can be larger or smaller than the average probability: the maximum probability can be 1 for a fraction of the subkeys. For easy treatment of probability after the search, we set the probability to be one for additions with subkeys. 4.1 Truncated dierentials with high probability First, we searched for truncated dierentials that hold with relatively high probability, although they may not be exploited in general (well-known) cryptanalytic attacks. As Knudsen [K00] wrote, such dierentials can provide some bits of nontrivial information in every round. Our computer experiments found a 12-round truncated dierential with probability of about 2 040:9.InTable 3, the output dierence of each round are shown in hexadecimal representation. One can expect to get one good pair following the truncated dierential from about 2 34 chosen plaintexts by using a structure in the last byte of the plaintext. There are a total of 2 94 such good pairs. More interestingly, we found a truncated dierential for the full 16 rounds of Twosh with probability of about 2 057:3 (see Table 4). One can expect to get one good pair following the truncated dierential from about chosen plaintexts, and there are 2 28 such good pairs. In [K00] Knudsen showed a 16-round truncated dierential with probability The probability of our 16-round truncated dierential is much higher than what was found by Knudsen, and the total number of good pairs for our dierential is also much larger. 4.2 Truncated dierentials useful for distinguishing attacks We also searched for truncated dierentials that may be useful in distinguishing attacks. As a result, we found one 4-round truncated dierential, and four 5-round truncated dierentials (see Tables 6 and 5). The 4-round truncated dierential is a path included in the 4-round truncated dierential that Knudsen used for the 2 -tests in [K00, Section 5.2]. Note that Knudsen's 4-round truncated dierential contains multiple paths and the probability is much higher. Knudsen concluded that for more than 4 rounds, it is an open question how nonuniform the distribution of dierences can be. Now that we found 5-round truncated dierentials with probability slightly higher than a random permutation, in theory we can perform statistical tests such as 2 tests. Note that the probabilities in Table 5 can be a little smaller due to 1-bit rotations or a little larger due to the eect of multiple paths.

7 round probability : f f 2 00: f f f e 2 08: f e f f 2 08: f f 7 f 2 016: f f f 2 016: f f b f 2 024: b f f f 2 024: f f 7 f 2 032: f f f 2 032: f f b f 2 040: b f f f 2 040: Table 3: 12-round truncated dierential round probability : f f 2 00: f f f e 2 08: f e f f 2 08: f f 7 f 2 016: f f f 2 016: f f b f 2 024: b f f f 2 024: f f 7 f 2 032: f f f 2 032: f f b f 2 040: b f f f 2 040: f f 7 f 2 049: f f f 2 049: f f b f 2 057: b f f f 2 057: Table 4: 16-round truncated dierential 5 Conclusion We presented truncated dierential cryptanalysis of the block cipher Twosh. We performed the search by computer experiments, and found a 16-round truncated dierential with probability of about 2 057:3, which ismuch larger than previously known results. We also found 5-round truncated dierentials which can be useful in distinguishing Twosh reduced to 5 rounds from a random permutation. We will implement some tests to conrm our conjecture. References [C99] [F99] N. Ferguson, \Impossible dierentials in Twosh," Twosh Technical Report #5, October 5, [K00] [K95] [KN96] [KRW99] [M00] L. R. Knudsen, \Trawling Twosh (revisited)," Presentation at rump session of AES3. Public comment on AES Candidate Algorithms { Round 2. csrc.nist.gov/encryption/aes/round2/comments/ lknudsen-2.pdf L. R. Knudsen, \Truncated and Higher Order Dierentials," Fast Software Encryption Second International Workshop, Lecture Notes in Computer Science 1008, pp.196{211, Springer-Verlag, L. R. Knudsen and T. A. Berson, \Truncated dierentials of SAFER," Fast Software Encryption, 3rd International Workshop, Lecture Notes in Computer Science 1039, pp.15{26, Springer-Verlag, L. R. Knudsen, M. J. B. Robshaw, and D. Wagner, \Truncated Dierentials and Skipjack," Advances in Cryptology CRYPTO'99, Lecture Notes in Computer Science 1666, pp.165{180, Springer-Verlag, S. Moriai,\Cryptanalysis of Twosh (I)", In Proceedings of the 2000 Symposium on Cryptography and Information Security, Okinawa, Japan, January 26-28, 2000.

8 round probability : f f 2 00: f f : : : c 0 2 0: c 0 e e 2 08: e e c : c : c : e 0 2 0: e 0 c c 2 015: c c e : e : e : f 0 2 0: f : f : f : f : Table 5: 5-round truncated dierentials round probability : f f 2 00: f f : f f 2 055: Table 6: 4-round truncated dierential [MR00] S. Murphy and M.J.B Robshaw, \Dierential Cryptanalysis, Key-dependent S- boxes, and Twosh", Public comment on AES Candidate Algorithms - Round 2. pdf [MSAK99] [MT99] [SKW+98] S. Moriai, M. Sugita, K. Aoki, and M. Kanda, \Security of E2 against Truncated Dierential Cryptanalysis," SAC'99, 6th Annual International Workshop on Selected Areas in Cryptography, Workshop Record, pp.133{143, 1999, (to appear in Lecture Notes in Computer Science, Springer-Verlag, 2000). M. Matsui and T. Tokita, \Cryptanalysis of a Reduced Version of the Block Cipher E2," Fast Software Encryption, 6th International Workshop, Lecture Notes in Computer Science 1636, pp.71{80, Springer-Verlag, B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, \Twosh: A 128-Bit Block Cipher".

Specication of Camellia a 128-bit Block Cipher Kazumaro AOKI y, Tetsuya ICHIKAWA z, Masayuki KANDA y, Mitsuru MATSUI z, Shiho MORIAI y, Junko NAKAJIMA z, Toshio TOKITA z y Nippon Telegraph and Telephone

More information

Enhancing Advanced Encryption Standard S-Box Generation Based on Round Key

Enhancing Advanced Encryption Standard S-Box Generation Based on Round Key Enhancing Advanced Encryption Standard S-Box Generation Based on Round Key Julia Juremi Ramlan Mahmod Salasiah Sulaiman Jazrin Ramli Faculty of Computer Science and Information Technology, Universiti Putra

More information

The 128-bit Blockcipher CLEFIA Design Rationale

The 128-bit Blockcipher CLEFIA Design Rationale The 128-bit Blockcipher CLEFIA Design Rationale Revision 1.0 June 1, 2007 Sony Corporation NOTICE THIS DOCUMENT IS PROVIDED AS IS, WITH NO WARRANTIES WHATSOVER, INCLUDING ANY WARRANTY OF MERCHANTABIL-

More information

Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms Design and Analysis

Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms Design and Analysis Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms Design and Analysis Kazumaro Aoki Tetsuya Ichikawa Masayuki Kanda Mitsuru Matsui Shiho Moriai Junko Nakajima Toshio Tokita Nippon Telegraph

More information

The Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) The Advanced Encryption Standard (AES) Conception - Why A New Cipher? Conception - Why A New Cipher? DES had outlived its usefulness Vulnerabilities were becoming known 56-bit key was too small Too slow

More information

Dierential Cryptanalysis of DES-like Cryptosystems Eli Biham Adi Shamir The Weizmann Institute of Science Department of Apllied Mathematics July 19, 1990 Abstract The Data Encryption Standard (DES) is

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Secret Key Cryptography (I) 1 Introductory Remarks Roadmap Feistel Cipher DES AES Introduction

More information

6.857 Computer and Network Security Fall Term, 1997 Lecture 4 : 16 September 1997 Lecturer: Ron Rivest Scribe: Michelle Goldberg 1 Conditionally Secure Cryptography Conditionally (or computationally) secure

More information

Algebraic Attacks on SOBER-t32 and SOBER-t16 without stuttering

Algebraic Attacks on SOBER-t32 and SOBER-t16 without stuttering Algebraic Attacks on SOBER-t32 and SOBER-t16 without stuttering Joo Yeon Cho and Josef Pieprzyk Center for Advanced Computing Algorithms and Cryptography, Department of Computing, Macquarie University,

More information

Cryptography and Network Security Block Cipher

Cryptography and Network Security Block Cipher Cryptography and Network Security Block Cipher Xiang-Yang Li Modern Private Key Ciphers Stream ciphers The most famous: Vernam cipher Invented by Vernam, ( AT&T, in 1917) Process the message bit by bit

More information

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 12 Block Cipher Standards

More information

The Advanced Encryption Standard: Four Years On

The Advanced Encryption Standard: Four Years On The Advanced Encryption Standard: Four Years On Matt Robshaw Reader in Information Security Information Security Group Royal Holloway University of London September 21, 2004 The State of the AES 1 The

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1 Data Encryption Standard

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No. # 11 Block Cipher Standards (DES) (Refer Slide

More information

The Data Encryption Standard (DES)

The Data Encryption Standard (DES) The Data Encryption Standard (DES) As mentioned earlier there are two main types of cryptography in use today - symmetric or secret key cryptography and asymmetric or public key cryptography. Symmetric

More information

Timing Attacks on Implementations of Die-Hellman, RSA, DSS, and Other Systems Paul C. Kocher Cryptography Research, Inc. 607 Market Street, 5th Floor, San Francisco, CA 94105, USA. E-mail: paul@cryptography.com.

More information

A Practical Attack on Broadcast RC4

A Practical Attack on Broadcast RC4 A Practical Attack on Broadcast RC4 Itsik Mantin and Adi Shamir Computer Science Department, The Weizmann Institute, Rehovot 76100, Israel. {itsik,shamir}@wisdom.weizmann.ac.il Abstract. RC4is the most

More information

1 Data Encryption Algorithm

1 Data Encryption Algorithm Date: Monday, September 23, 2002 Prof.: Dr Jean-Yves Chouinard Design of Secure Computer Systems CSI4138/CEG4394 Notes on the Data Encryption Standard (DES) The Data Encryption Standard (DES) has been

More information

RC6. Marcel Felipe Weschenfelder

RC6. Marcel Felipe Weschenfelder RC6 Marcel Felipe Weschenfelder Introduction Operations Algorithm Performance Crypto analyse Highlight/lowlight Conclusion References Agenda RC6 Introduction Designed by: Ron Rivest, Matt Robshaw, Ray

More information

Lecture 4 Data Encryption Standard (DES)

Lecture 4 Data Encryption Standard (DES) Lecture 4 Data Encryption Standard (DES) 1 Block Ciphers Map n-bit plaintext blocks to n-bit ciphertext blocks (n = block length). For n-bit plaintext and ciphertext blocks and a fixed key, the encryption

More information

Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay

Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Attacks on Cryptosystems Up to this point, we have mainly seen how ciphers are implemented. We

More information

The Stream Cipher HC-128

The Stream Cipher HC-128 The Stream Cipher HC-128 Hongjun Wu Katholieke Universiteit Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium wu.hongjun@esat.kuleuven.be Statement 1. HC-128 supports 128-bit

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Karagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Karagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Karagpur Lecture No. #06 Cryptanalysis of Classical Ciphers (Refer

More information

Modern Block Cipher Standards (AES) Debdeep Mukhopadhyay

Modern Block Cipher Standards (AES) Debdeep Mukhopadhyay Modern Block Cipher Standards (AES) Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Introduction

More information

Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3 Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon

More information

Security Evaluation of the SPECTR-128. Block Cipher

Security Evaluation of the SPECTR-128. Block Cipher pplied Mathematical Sciences, ol. 7,, no. 4, 6945-696 HIKI td, www.m-hikari.com http://dx.doi.org/.988/ams..584 Security Evaluation of the SPECT-8 Block Cipher Manh Tuan Pham, am T. u Posts and Telecommunications

More information

Split Based Encryption in Secure File Transfer

Split Based Encryption in Secure File Transfer Split Based Encryption in Secure File Transfer Parul Rathor, Rohit Sehgal Assistant Professor, Dept. of CSE, IET, Nagpur University, India Assistant Professor, Dept. of CSE, IET, Alwar, Rajasthan Technical

More information

The Twofish Team s Final Comments on AES Selection

The Twofish Team s Final Comments on AES Selection The Twofish Team s Final Comments on AES Selection Bruce Schneier John Kelsey Doug Whiting David Wagner Chris Hall Niels Ferguson Tadayoshi Kohno Mike Stay May 15, 2000 1 Introduction In 1996, the National

More information

A NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION

A NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION A NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION Prof. Dr. Alaa Hussain Al- Hamami, Amman Arab University for Graduate Studies Alaa_hamami@yahoo.com Dr. Mohammad Alaa Al-

More information

On the Security of Double and 2-key Triple Modes of Operation

On the Security of Double and 2-key Triple Modes of Operation On the Security of Double and 2-key Triple Modes of Operation [Published in L. Knudsen, d., Fast Software ncryption, vol. 1636 of Lecture Notes in Computer Science, pp. 215 230, Springer-Verlag, 1999.]

More information

Remotely Keyed Encryption Using Non-Encrypting Smart Cards

Remotely Keyed Encryption Using Non-Encrypting Smart Cards THE ADVANCED COMPUTING SYSTEMS ASSOCIATION The following paper was originally published in the USENIX Workshop on Smartcard Technology Chicago, Illinois, USA, May 10 11, 1999 Remotely Keyed Encryption

More information

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015 CS-4920: Lecture 7 Secret key cryptography Reading Chapter 3 (pp. 59-75, 92-93) Today s Outcomes Discuss block and key length issues related to secret key cryptography Define several terms related to secret

More information

A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR

A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR William Stallings Copyright 20010 H.1 THE ORIGINS OF AES...2 H.2 AES EVALUATION...3 Supplement to Cryptography and Network Security, Fifth Edition

More information

Helix. Fast Encryption and Authentication in a Single Cryptographic Primitive

Helix. Fast Encryption and Authentication in a Single Cryptographic Primitive Helix Fast Encryption and Authentication in a Single Cryptographic Primitive Niels Ferguson 1, Doug Whiting 2, Bruce Schneier 3, John Kelsey 4, Stefan Lucks 5, and Tadayoshi Kohno 6 1 MacFergus, niels@ferguson.net

More information

The Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) The Advanced Encryption Standard (AES) All of the cryptographic algorithms we have looked at so far have some problem. The earlier ciphers can be broken with ease on modern computation systems. The DES

More information

A Comparative Study Of Two Symmetric Encryption Algorithms Across Different Platforms.

A Comparative Study Of Two Symmetric Encryption Algorithms Across Different Platforms. A Comparative Study Of Two Symmetric Algorithms Across Different Platforms. Dr. S.A.M Rizvi 1,Dr. Syed Zeeshan Hussain 2 and Neeta Wadhwa 3 Deptt. of Computer Science, Jamia Millia Islamia, New Delhi,

More information

Oscillations of the Sending Window in Compound TCP

Oscillations of the Sending Window in Compound TCP Oscillations of the Sending Window in Compound TCP Alberto Blanc 1, Denis Collange 1, and Konstantin Avrachenkov 2 1 Orange Labs, 905 rue Albert Einstein, 06921 Sophia Antipolis, France 2 I.N.R.I.A. 2004

More information

Block Ciphers that are Easier to Mask: How Far Can we Go?

Block Ciphers that are Easier to Mask: How Far Can we Go? Block Ciphers that are Easier to Mask: How Far Can we Go? Benoît Gérard 1,2, Vincent Grosso 1, María Naya-Plasencia 3, François-Xavier Standaert 1 1 ICTEAM/ELEN/Crypto Group, Université catholique de Louvain,

More information

Encryption Quality Analysis and Security Evaluation of CAST-128 Algorithm and its Modified Version using Digital Images

Encryption Quality Analysis and Security Evaluation of CAST-128 Algorithm and its Modified Version using Digital Images Encryption Quality Analysis and Security Evaluation CAST-128 Algorithm and its Modified Version using Digital s Krishnamurthy G N, Dr. V Ramaswamy Abstract this paper demonstrates analysis well known block

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. #01 Lecture No. #10 Symmetric Key Ciphers (Refer

More information

Unknown Plaintext Template Attacks

Unknown Plaintext Template Attacks Unknown Plaintext Template Attacks Neil Hanley, Michael Tunstall 2, and William P. Marnane Department of Electrical and Electronic Engineering, University College Cork, Ireland. neilh@eleceng.ucc.ie, l.marnane@ucc.ie

More information

A PPENDIX G S IMPLIFIED DES

A PPENDIX G S IMPLIFIED DES A PPENDIX G S IMPLIFIED DES William Stallings opyright 2010 G.1 OVERVIEW...2! G.2 S-DES KEY GENERATION...3! G.3 S-DES ENRYPTION...4! Initial and Final Permutations...4! The Function f K...5! The Switch

More information

KALE: A High-Degree Algebraic-Resistant Variant of The Advanced Encryption Standard

KALE: A High-Degree Algebraic-Resistant Variant of The Advanced Encryption Standard KALE: A High-Degree Algebraic-Resistant Variant of The Advanced Encryption Standard Dr. Gavekort c/o Vakiopaine Bar Kauppakatu 6, 41 Jyväskylä FINLAND mjos@iki.fi Abstract. We have discovered that the

More information

Rijndael Encryption implementation on different platforms, with emphasis on performance

Rijndael Encryption implementation on different platforms, with emphasis on performance Rijndael Encryption implementation on different platforms, with emphasis on performance KAFUUMA JOHN SSENYONJO Bsc (Hons) Computer Software Theory University of Bath May 2005 Rijndael Encryption implementation

More information

Hash Function JH and the NIST SHA3 Hash Competition

Hash Function JH and the NIST SHA3 Hash Competition Hash Function JH and the NIST SHA3 Hash Competition Hongjun Wu Nanyang Technological University Presented at ACNS 2012 1 Introduction to Hash Function Hash Function Design Basics Hash function JH Design

More information

Preimage Attacks on 41-Step SHA-256 and 46-Step SHA-512

Preimage Attacks on 41-Step SHA-256 and 46-Step SHA-512 Preimage Attacks on 4-Step SHA-256 and 46-Step SHA-52 Yu Sasaki, Lei Wang 2, and Kazumaro Aoki NTT Information Sharing Platform Laboratories, NTT Corporation 3-9- Midori-cho, Musashino-shi, Tokyo, 8-8585

More information

Differential Cryptanalysis of PUFFIN and PUFFIN.

Differential Cryptanalysis of PUFFIN and PUFFIN. Differential Cryptanalysis of PUFFIN and PUFFIN2 Céline Blondeau 1 and Benoît Gérard 2 1 Aalto University School of Science, Department of Information and Computer Science 2 Université catholique de Louvain,

More information

A New Digital Encryption Scheme: Binary Matrix Rotations Encryption Algorithm

A New Digital Encryption Scheme: Binary Matrix Rotations Encryption Algorithm International Journal of Research Studies in Computer Science and Engineering (IJRSCSE) Volume 2, Issue 2, February 2015, PP 18-27 ISSN 2349-4840 (Print) & ISSN 2349-4859 (Online) www.arcjournals.org A

More information

Cryptanalysis of Dynamic SHA(2)

Cryptanalysis of Dynamic SHA(2) Cryptanalysis of Dynamic SHA(2) Jean-Philippe Aumasson 1,, Orr Dunkelman 2,, Sebastiaan Indesteege 3,4,, and Bart Preneel 3,4 1 FHNW, Windisch, Switzerland. 2 École Normale Supérieure, INRIA, CNRS, Paris,

More information

Differential Fault Analysis of Secret Key Cryptosystems

Differential Fault Analysis of Secret Key Cryptosystems Differential Fault Analysis of Secret Key Cryptosystems Eli Biham Computer Science Department Technion - Israel Institute of Technology Haifa 32000, Israel bihamocs.technion.ac.il http://www.cs.technion.ac.il/-

More information

Analysis of Non-fortuitous Predictive States of the RC4 Keystream Generator

Analysis of Non-fortuitous Predictive States of the RC4 Keystream Generator Analysis of Non-fortuitous Predictive States of the RC4 Keystream Generator Souradyuti Paul and Bart Preneel Katholieke Universiteit Leuven, Dept. ESAT/COSIC, Kasteelpark Arenberg 10, B 3001 Leuven-Heverlee,

More information

Statistical weakness in Spritz against VMPC-R: in search for the RC4 replacement

Statistical weakness in Spritz against VMPC-R: in search for the RC4 replacement Statistical weakness in Spritz against VMPC-R: in search for the RC4 replacement Bartosz Zoltak www.vmpcfunction.com bzoltak@vmpcfunction.com Abstract. We found a statistical weakness in the Spritz algorithm

More information

AStudyofEncryptionAlgorithmsAESDESandRSAforSecurity

AStudyofEncryptionAlgorithmsAESDESandRSAforSecurity Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 15 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals

More information

On the Influence of the Algebraic Degree of the Algebraic Degree of

On the Influence of the Algebraic Degree of the Algebraic Degree of IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 59, NO. 1, JANUARY 2013 691 On the Influence of the Algebraic Degree of the Algebraic Degree of Christina Boura and Anne Canteaut on Abstract We present a

More information

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch 1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

More information

Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT

Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT Jorge Nakahara Jr 1, Pouyan Sepehrdad 1, Bingsheng Zhang 2, Meiqin Wang 3 1 EPFL, Lausanne, Switzerland 2 Cybernetica AS, Estonia and

More information

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC Laxminath Tripathy 1 Nayan Ranjan Paul 2 1Department of Information technology, Eastern Academy of Science and

More information

A New 128-bit Key Stream Cipher LEX

A New 128-bit Key Stream Cipher LEX A New 128-it Key Stream Cipher LEX Alex Biryukov Katholieke Universiteit Leuven, Dept. ESAT/SCD-COSIC, Kasteelpark Arenerg 10, B 3001 Heverlee, Belgium http://www.esat.kuleuven.ac.e/~airyuko/ Astract.

More information

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition

More information

The Skein Hash Function Family

The Skein Hash Function Family The Skein Hash Function Family Version 1.3 1 Oct 2010 Niels Ferguson Stefan Lucks Bruce Schneier Doug Whiting Mihir Bellare Tadayoshi Kohno Jon Callas Jesse Walker Microsoft Corp., niels@microsoft.com

More information

Elementary Number Theory We begin with a bit of elementary number theory, which is concerned

Elementary Number Theory We begin with a bit of elementary number theory, which is concerned CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,

More information

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

More information

Application of cube attack to block and stream ciphers

Application of cube attack to block and stream ciphers Application of cube attack to block and stream ciphers Janusz Szmidt joint work with Piotr Mroczkowski Military University of Technology Military Telecommunication Institute Poland 23 czerwca 2009 1. Papers

More information

ECE 842 Report Implementation of Elliptic Curve Cryptography

ECE 842 Report Implementation of Elliptic Curve Cryptography ECE 842 Report Implementation of Elliptic Curve Cryptography Wei-Yang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic

More information

The Misuse of RC4 in Microsoft Word and Excel

The Misuse of RC4 in Microsoft Word and Excel The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft

More information

Randomly Encryption Using Genetic Algorithm

Randomly Encryption Using Genetic Algorithm Randomly Encryption Using Genetic Algorithm ALI JASSIM MOHAMED ALI Department of physics, College of Science, Al-Mustansiriyah University, Baghdad, Iraq. SUMMARY In this research work a genetic algorithm

More information

CSE331: Introduction to Networks and Security. Lecture 20 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 20 Fall 2006 CSE331: Introduction to Networks and Security Lecture 20 Fall 2006 Announcements Homework 2 has been assigned: **NEW DUE DATE** It's now due on Friday, November 3rd. Midterm 2 is Friday, November 10th

More information

Developing and Investigation of a New Technique Combining Message Authentication and Encryption

Developing and Investigation of a New Technique Combining Message Authentication and Encryption Developing and Investigation of a New Technique Combining Message Authentication and Encryption Eyas El-Qawasmeh and Saleem Masadeh Computer Science Dept. Jordan University for Science and Technology P.O.

More information

Symmetric Key cryptosystem

Symmetric Key cryptosystem SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single

More information

Bounds for Balanced and Generalized Feistel Constructions

Bounds for Balanced and Generalized Feistel Constructions Bounds for Balanced and Generalized Feistel Constructions Andrey Bogdanov Katholieke Universiteit Leuven, Belgium ECRYPT II SymLab Bounds 2010 Outline Feistel Constructions Efficiency Metrics Bounds for

More information

Serpent: A Proposal for the Advanced Encryption Standard

Serpent: A Proposal for the Advanced Encryption Standard Serpent: A Proposal for the Advanced Encryption Standard Ross Anderson 1 Eli Biham 2 Lars Knudsen 3 1 Cambridge University, England; email rja14@cl.cam.ac.uk 2 Technion, Haifa, Israel; email biham@cs.technion.ac.il

More information

Multi-Layered Cryptographic Processor for Network Security

Multi-Layered Cryptographic Processor for Network Security International Journal of Scientific and Research Publications, Volume 2, Issue 10, October 2012 1 Multi-Layered Cryptographic Processor for Network Security Pushp Lata *, V. Anitha ** * M.tech Student,

More information

Sosemanuk, a fast software-oriented stream cipher

Sosemanuk, a fast software-oriented stream cipher Sosemanuk, a fast software-oriented stream cipher C. Berbain 1, O. Billet 1, A. Canteaut 2, N. Courtois 3, H. Gilbert 1, L. Goubin 4, A. Gouget 5, L. Granboulan 6, C. Lauradoux 2, M. Minier 2, T. Pornin

More information

Useful Number Systems

Useful Number Systems Useful Number Systems Decimal Base = 10 Digit Set = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9} Binary Base = 2 Digit Set = {0, 1} Octal Base = 8 = 2 3 Digit Set = {0, 1, 2, 3, 4, 5, 6, 7} Hexadecimal Base = 16 = 2

More information

Secret File Sharing Techniques using AES algorithm. C. Navya Latha 200201066 Garima Agarwal 200305032 Anila Kumar GVN 200305002

Secret File Sharing Techniques using AES algorithm. C. Navya Latha 200201066 Garima Agarwal 200305032 Anila Kumar GVN 200305002 Secret File Sharing Techniques using AES algorithm C. Navya Latha 200201066 Garima Agarwal 200305032 Anila Kumar GVN 200305002 1. Feature Overview The Advanced Encryption Standard (AES) feature adds support

More information

Keywords Web Service, security, DES, cryptography.

Keywords Web Service, security, DES, cryptography. Volume 3, Issue 10, October 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Provide the

More information

PRESENT: An Ultra-Lightweight Block Cipher

PRESENT: An Ultra-Lightweight Block Cipher PRESENT: An Ultra-Lightweight Block Cipher A. Bogdanov 1, L.R. Knudsen 2, G. Leander 1, C. Paar 1, A. Poschmann 1, M.J.B. Robshaw 3, Y. Seurin 3, and C. Vikkelsoe 2 1 Horst-Görtz-Institute for IT-Security,

More information

The mathematics of RAID-6

The mathematics of RAID-6 The mathematics of RAID-6 H. Peter Anvin 1 December 2004 RAID-6 supports losing any two drives. The way this is done is by computing two syndromes, generally referred P and Q. 1 A quick

More information

7! Cryptographic Techniques! A Brief Introduction

7! Cryptographic Techniques! A Brief Introduction 7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures

More information

Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

More information

Advanced Cryptography

Advanced Cryptography Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

More information

How to Break MD5 and Other Hash Functions

How to Break MD5 and Other Hash Functions How to Break MD5 and Other Hash Functions Xiaoyun Wang and Hongbo Yu Shandong University, Jinan 250100, China xywang@sdu.edu.cn yhb@mail.sdu.edu.cn Abstract. MD5 is one of the most widely used cryptographic

More information

Implementation and Design of AES S-Box on FPGA

Implementation and Design of AES S-Box on FPGA International Journal of Research in Engineering and Science (IJRES) ISSN (Online): 232-9364, ISSN (Print): 232-9356 Volume 3 Issue ǁ Jan. 25 ǁ PP.9-4 Implementation and Design of AES S-Box on FPGA Chandrasekhar

More information

6 Data Encryption Standard (DES)

6 Data Encryption Standard (DES) 6 Data Encryption Standard (DES) Objectives In this chapter, we discuss the Data Encryption Standard (DES), the modern symmetric-key block cipher. The following are our main objectives for this chapter:

More information

A Study of New Trends in Blowfish Algorithm

A Study of New Trends in Blowfish Algorithm A Study of New Trends in Blowfish Algorithm Gurjeevan Singh*, Ashwani Kumar**, K. S. Sandha*** *(Department of ECE, Shaheed Bhagat Singh College of Engg. & Tech. (Polywing), Ferozepur-152004) **(Department

More information

Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

More information

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?

More information

Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT

Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT Onur Özen1, Kerem Varıcı 2, Cihangir Tezcan 3, and Çelebi Kocair 4 1 EPFL IC LACAL Station 14. CH-1015 Lausanne, Switzerland

More information

Basic Algorithms In Computer Algebra

Basic Algorithms In Computer Algebra Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,

More information

Effective Secure Encryption Scheme [One Time Pad] Using Complement Approach Sharad Patil 1 Ajay Kumar 2

Effective Secure Encryption Scheme [One Time Pad] Using Complement Approach Sharad Patil 1 Ajay Kumar 2 Effective Secure Encryption Scheme [One Time Pad] Using Complement Approach Sharad Patil 1 Ajay Kumar 2 Research Student, Bharti Vidyapeeth, Pune, India sd_patil057@rediffmail.com Modern College of Engineering,

More information

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

More information

1 Formulating The Low Degree Testing Problem

1 Formulating The Low Degree Testing Problem 6.895 PCP and Hardness of Approximation MIT, Fall 2010 Lecture 5: Linearity Testing Lecturer: Dana Moshkovitz Scribe: Gregory Minton and Dana Moshkovitz In the last lecture, we proved a weak PCP Theorem,

More information

A SOFTWARE COMPARISON OF RSA AND ECC

A SOFTWARE COMPARISON OF RSA AND ECC International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

More information

Design and Analysis of Parallel AES Encryption and Decryption Algorithm for Multi Processor Arrays

Design and Analysis of Parallel AES Encryption and Decryption Algorithm for Multi Processor Arrays IOSR Journal of VLSI and Signal Processing (IOSR-JVSP) Volume 5, Issue, Ver. III (Jan - Feb. 205), PP 0- e-issn: 239 4200, p-issn No. : 239 497 www.iosrjournals.org Design and Analysis of Parallel AES

More information

RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks. By Abdulaziz Alrasheed and Fatima RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

More information

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Error oracle attacks and CBC encryption Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Agenda 1. Introduction 2. CBC mode 3. Error oracles 4. Example 1 5. Example 2 6. Example 3 7. Stream ciphers

More information

Implementation of Full -Parallelism AES Encryption and Decryption

Implementation of Full -Parallelism AES Encryption and Decryption Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption

More information

Network Security - ISA 656 Introduction to Cryptography

Network Security - ISA 656 Introduction to Cryptography Network Security - ISA 656 Angelos Stavrou September 18, 2007 Codes vs. K = {0, 1} l P = {0, 1} m C = {0, 1} n, C C E : P K C D : C K P p P, k K : D(E(p, k), k) = p It is infeasible to find F : P C K Let

More information

SD12 REPLACES: N19780

SD12 REPLACES: N19780 ISO/IEC JTC 1/SC 27 N13432 ISO/IEC JTC 1/SC 27 Information technology - Security techniques Secretariat: DIN, Germany SD12 REPLACES: N19780 DOC TYPE: TITLE: Standing document ISO/IEC JTC 1/SC 27 Standing

More information