Abstract: This paper describes an investigation of a potential weakness in DES which leads to a statistical property observable in plaintext/ciphertext pairs and dependent on the key. However, the number of encryptions of known plaintext needed to exploit this property is comparable with the number of encryptions of an exhaustive key search, so the "weakness" is mainly of theoretical interest.

Abstract: This paper analyzes the security of the RC5 encryption algorithm against differential and linear cryptanalysis. RC5 is a new block cipher recently designed by Ron Rivest. It has a variable word size, a variable number of rounds, and a variable-length secret key. In RC5, the secret key is used to fill an expanded key table which is then used in encryption. Both our differential and linear attacks on RC5 recover every bit of the expanded key table without any exhaustive search. However, the plaintext requirement is strongly dependent on the number of rounds. For 64-bit block size, our differential attack on nine-round RC5 uses 245 chosen plaintext pairs (about the same as DES), while 262 pairs are needed for 12-round RC5. Similarly, our linear attack on live-round RC5 uses 247 known plaintexts (about the same as DES), and the plaintext requirement is impractical for more than six rounds. We conjecture that the linear approximations used in our linear cryptanalysis are optimal. Thus, we conclude that Rivest's suggested use of 12 rounds is sufficient to make differential and linear cryptanalysis of RC5 impractical.

Abstract: It is possible to cryptanalyze simple substitution ciphers (both mono- and polyalphabetic) by using a fast algorithm based on a process where an initial key guess is refined through a number of iterations. In each step the plaintext corresponding to the current key is evaluated and the result used as a measure of how close we are in having discovered the correct key. It turns out that only knowledge of the digram distribution of the ciphertext and the expected digram distribution of the plaintext is necessary to solve the cipher. The algorithm needs to compute the distribution matrix only once and subsequent plaintext evaluation is done by manipulating this matrix only, and not by decrypting the ciphertext and reparsing the resulting plaintext in every iteration. The paper explains the algorithm and it shows some of the results obtained with an implementation in Pascal. A generalized version of the algorithm can be used for attacking other simple ciphers as well.

Abstract: A device for and method of transmitting an encrypted message and an access field from a sender to a receiver, where a third party may intercept and process the transmission. The sender and receiver agree on a session key. The sender raises an element of a Galois Field to the session key; forms a temporary device unique key; encrypts the session key with the temporary device unique key; forms a temporary family key; encrypts an identifier of the sender and the encrypted session key using the temporary family key; encrypts a plaintext message using the session key; forms the access field by concatenating the element of a Galois Field raised to the session key to the encrypted version of the sender's identifier and the sender's encrypted session key; concatenates the ciphertext to the access field; and transmits the access field and the ciphertext to the receiver. The receiver may recover the plaintext from the sender's transmission. The third party may partially process the transmission to find the identity of the sender. The third party may then request an escrowed key that would allow the third party to recover the plaintext of the sender's message.

Abstract: A communications system for transmitting and receiving information encrypted by a cipher key to and from a remote communication apparatus includes a cipher key storage device for storing a cipher key table in which a plurality of cipher keys and their index numbers are registered and updated. A remote terminal data storage device stores a remote terminal data table including index numbers of the individual cipher keys registered in relation to predefined operation numbers. Input devices are provided for inputting the cipher keys, the index numbers, and the operation numbers. A registration mode setup device is provided for selectively activating a remote terminal data registration mode in which data is registered in the remote terminal data table or a cipher key registration mode in which data is registered in the cipher key table. A registration control device is provided for registering an index number in relation to an operation number in the remote terminal data registration mode and for registering a cipher number in relation to an index number in the cypher key registration mode. Control is provided for automatically switching to plaintext transmission or halting transmission and accepting encryption data when required encryption data is absent.

Abstract: This paper proposes fast RSA-type public-key schemes based on singular cubic curves y2 + axy = x3 over the ring Zn. The x and y coordinates of a 2 log n-bit long plaintext/ciphertext are transformed to a log n-bit long shadow plaintext/ciphertext by isomorphic mapping. Decryption is carried out by exponentiating this shorter shadow ciphertext over Zn. The decryption speed of the proposed schemes is about 2.0 times faster than that of the RSA scheme for a K-bit long message if [K/log n] is even. We prove that breaking each of the proposed schemes is computationally equivalent to breaking the RSA scheme in one-to-one communication circumstances. We also prove that the proposed schemes have the same security as the RSA scheme against the Hastad attack when linearly related plaintexts are encrypted i n broadcast applications.

Abstract: In an encryption and decryption system, information in plaintext is encrypted by adding to each group of signals in the information a digital chaos signal in accordance with a chaos function, a delay, an initial value, and parameters of the chaos function determined using a cryptographic key which can be any length and any combination of letters, numerals, or words. The encrypted information is decrypted by decrypting each group of signals in the encrypted information using a digital chaos signal which is generated using the same key as that used in the encryption. Accordingly, it is possible to provide enhanced secrecy and to perform encryption and decryption of information at high speed.

Abstract: In a pseudo-random transposition cipher system and method, sender and receiver each have sets of corresponding identical pseudo-random number generators. To encrypt a message, the sender generates a pseudo-random initializing integer, transmitted along with the encrypted message. The sender, using a key secretly shared with the receiver, selects a set of seed integers for the pseudo-random number generators from the initializing integer. The first number generator produces a set of numerical synonyms (numerical codings) associated one-to-one with a set of sequentially indexed addresses of cardinality at least as great as that of the plaintext alphabet. The second number generator determines a one-to-one mapping of the plaintext alphabet into the set of addresses. Whenever a plaintext alphabet character appears in the message, the numerical synonym sharing the same address is used as the corresponding ciphertext character. After use of a plaintext character, a third number generator locates a new address so that the numerical synonym residing there can be transposed with the one last used for, and at the address of, the plaintext character. To decrypt, the receiver uses the secret key and initializing integer to recover the pseudo-random number generator seeds and undoes the encrypting process described above.

Abstract: Cryptology is the science and study of systems for secret communications. It consists of two complementary fields of study: cryptography and cryptanalysis. In this paper, we propose a cryptanalysis method based on genetic algorithms to break the Vernam cipher. The proposed approach is a ciphertext-only attack in which we don't know any plaintext; the only thing we have to know is that the plaintext is an English document. Let M=m/sub 1/, m/sub 2/, ... denote a plaintext bit stream and K=k/sub 1/, k/sub 2/, ... a key bit stream. The Vernam cipher generates a ciphertext bit stream C=E/sub k/(M)=c/sub 1/, c/sub 2/, ..., where c/sub i/=(m/sub i/+k/sub i/) mod p, p is a base. In our work, we first tried to find out the key stream K=k/sub 1/, k/sub 2/, ... from an intercepted ciphertext C by genetic algorithms and then use them to break the cipher.

Abstract: The pseudorandom process iteratively applies a selected CRC encryption process on the information to be encrypted. The encryption process is selected by testing one of the digits comprising the number to be encrypted. A first encryption process is used if the tested digit is a 1; a second encryption process is used if the tested digit is a 0. The process is repeated a plurality of times, e.g. once for each digit in the number to be encrypted, resulting in a highly encrypted value that is not easily reverse engineered by chosen or known plaintext attack.

Abstract: The invention provides a public-key cryptographic apparatus which does not leak information regarding a plaintext and can prevent an increase in block length. A quadratic residue calculation circuit calculates a residue when the square of the lower n-1 bits of the plaintext of n bits is divided by public-key, and an exclusive OR circuit calculates an exclusive OR of the least significant bit of a result of the calculation and the most significant bit of the plaintext. Then, public-key encipherment such as the RSA cryptosystem or a modified Rabin cryptosystem is performed twice repetitively for totaling n bits of the output of exclusive OR circuit and the lower n-1 bits of plaintext by public-key enciphering circuits so as to make it impossible to estimate the most significant bit of the plaintext from the ciphertext.

Abstract: ELT transformation circuits 101₁ to 101m are preliminarily supplied with ELT transformation parameters ai, bi, and pi (i = 1, 2, ..., m). When a plaintext of n bits long is supplied to the ELT transformation circuit 101₁ via an input terminal 104, the ELT transformation circuit 101₁ carries out ELT transformation on the plaintext by the use of ELT transformation parameters a₁, b₁, and p₁ supplied from an input terminal 105₁. An enciphering circuit 102₁ enciphers an n/2-bit input with reference to a cryptographic key K₁ from an input terminal 106₁. Supplied with two n-bit inputs, an exclusive-OR circuit 103₁ carries out an exclusive-OR operation between every corresponding bits of the same order. Subsequently, similar operation as mentioned above is repeated. The ELT transformation circuit 101m at a final stage delivers a ciphertext to an output terminal 107.

Abstract: Bruce Schneier published his Blowfish Encryption algorithm in the April, 1994 issue of Dr. Dobb's Journal. I have done an analysis of the encryption portion of this algorithm and have obtained an implementation-independent form of it which can be used to model changes in overhead in either the Blowfish algorithm or in an implementation of it. Blowfish is a new block-encryption algorithm. It takes as input a 64-bit block of plaintext and returns a 64-bit block of ciphertext. The algorithm is constructed as a Feistel network of 16 rounds. Within each round, the Blowfish function F is executed. The Blowfish function F takes as input a 32-bit string. This input string is broken up into four 8-bit strings. Each of these 8-bit strings is input to its own 8-in 32-out S-box. Additional manipulations of the data are performed and the single result is returned to the Feistel network. Key generation is lengthy; however, if long messages are encrypted the overhead of the key generation diminishes rapidly. Once the keys have been generated, the performance of the entire encryption portion of Blowfish is heavily dependent on the performance of the Blowfish function F. For this reason, I concentrate on the Blowfish function F. Blowfish is a heavily implementation-dependent algorithm. In order to gain a better understanding of Blowfish, I remove many of these dependencies. Among other tools, the methods of both parallel and sequential algorithms are used to determine work and time according to the dictates of each kind of analysis. For the parallel analysis, I use the perspective of the Work-Time framework. As a result of the various analyses and removal of dependencies, I have come up with a general form or template for Blowfish. When this template is instantiated, changes to the Blowfish algorithm itself can be exactly measured whereas changes in the implementation of Blowfish are only substantially measured. Three examples are given in support of my template's ability to predict changes in both implementation and modification of the algorithm.

Abstract: Stream ciphers usually employ some sort of pseudo-randomly generated bit strings to be added to the plaintext. The cryptographic properties of such binary sequences can be stated in terms of the so-called linear complexity profile. This paper shows that the set of all sequences with an almost perfect linear complexity profile maps onto a fractal subset of [0, 1].

Abstract: In 1993, Jan and Kowng proposed a cryptographic system based on the continued fraction. In their system, to encipher and to decipher only needs some simple multiplications and additions. Therefore, the scheme is efficient in enciphering and deciphering. Yet, in this paper, we will show that Jan and Kowng's scheme can not withstand the chosen plaintext and known plaintext attacks.

Abstract: Even, Goldreich and Micali showed at Crypto'89 that the existence of signature schemes secure against known message attacks implies the existence of schemes secure against adaptively chosen message attacks. Unfortunately, this transformation leads to a rather impractical scheme. We exhibit a similar security amplification, which takes the given scheme to a new signature scheme that is not even existentially forgeable under adaptively chosen message attacks. Additionally, however, our transformation will be practical: The complexity of the resulting scheme is twice that of the original scheme. The principles of both transformations carry over to block encryption systems. It is shown how they can be used to convert a block encryption system secure against known plaintext attacks to a system secure against chosen plaintext attacks. For both schemes it is shown that if the transformed scheme can be broken given a number, $T$, of encryptions of adaptively chosen plaintexts, then the original scheme can be broken given encryptions of $T$ uniformly chosen plaintexts. In this case, however, the application of the technique of Even, Goldreich and Micali leads to the more efficient scheme. The transformed scheme has the same key length as the original, and ciphertexts are doubled in length. As an example, when applied to DES the transformed scheme is secure against differential cryptanalysis, which relies on the ability to get encryptions of plaintext pairs with proper differences.

Abstract: In a conventional cryptosystem, decryption must be conducted when we need to do some arithmetic operations on two encrypted data. That is, one has to convert the encrypted data to their plaintext form before doing arithmetic operations. This will cause the explosure of secret data. In this paper, we propose a method based on the theory of quadratic residue Theory to process data in their encrypted forms directly. From the method, the security of processed data can be greatly enchanced.

Abstract: I Introduction On February 9 1994, when National Institute of Standards and Technology, (NIST) announced the federal Escrowed Encryption Standard (EES),(1) the simmering debate over encryption policy in the United States bolied over Public interest groups argued that the standard would jeopardize an individual's right to privacy US multinationals voiced concerns that the government would undercut private encryption technology, and limit their choice of encryption products for sensitive transmissions Computer software groups claimed that EES lacked commercial appeal and would adversely affect their ability to compete Pitted against these concerns were those of the law enforcement and national security communities, which countered that the interests of national security required the adoption of EES A quick study(2) of EES reveals little that would explain this uproar The NIST issued EES as an encryption methodology for use in its government information processing(3) pursuant to the Computer Security Act of 1987(4) The EES is intended to supersede the existing government standard, Data Encryption Standard (DES), which has been in US since 1977 and is very popular(5) The new standard's methodology is classified, but the government has stated that it represents the state of the art in- security protection The catch in this positive scenario is that the government keeps a backdoor key that will allow it to decrypt encrypted messages So why did an obscure and seemingly insignificant announcement cause so much commotion? Upon closer examination, one discovers that encryption, though still obscure to many, is a hot commodity, in the information age It is the sliver shield that protects personal, financial, trade, and national security information And, until recently, the government has enjoyed a monopoly over its development and use Viewed from this perspective, the NIST announcement was seen by many, as a government attempt to maintain its monopoly to the detriment of potential users and private developers The ensuing clash of interests has created an impasse Encryption users and privacy advocates refuse to accept the government's EES standard For its part, the government maintains stringent export controls to undermine the development of feasible alternative standards and to deny software producers economics of scale This Note will undertake a number of examinations First, it will review the government's role in cryptography Second, it will study EES in detail Third, it will explore how the EES scheme works with other aspects of the government's encryption policies to trigger legal, economic, and political concerns Fourth, it will survey the alternatives to EES Finally, it will suggest how the interests in the current policy debate may achieve an accommodation that would sufficiently address privacy and competitiveness concerns, on the one hand, while meeting national security and law enforcement concerns on the other II A Quick Ccrypography Primer A What is Cryptography? Before proceeding further into this complex area, it may be useful to go over some fundamentals At its base, cryptography is the practice of transforming a message into gibberish (encryption), transmitting it, and transforming it back into "plaintext" (decryption) at the other end(6) Though once the province of spies, diplomats, and generals as a device to protect sensitive communications, encryption has moved gradually into the mainstream With the increasing prevalence of networked computing(7) and its increasing vulnerability to tampering,(8) cryptography has become a valued tool both for businesses and consumers in the protection of proprietary and personal information Properly employed, cryptography can perform three distinct functions: (1) authenticate the sender by means of a unique "signature"; (2) protect the confidentiality of the message during transmission and in storage; and (3) assure the integrity of the message through encrypting a digest …

Abstract: Two different techniques are used to secure communication between military aircraft and control centers; the conventional secret key system and the public key system. In the public key system, the most famous technique is the RIVEST-SHAMIR-ADLEMAN (RSA) method. In the RSA system, the modular exponential function is used to encipher the plaintext message and to decipher the ciphertext message. The problem considered here is how to speed-up the calculation of the modular exponential function. An improved binary algorithm based on the binary redundant representa-lion (BRR) is proposed. This algorithm requires the minimum number of basic operations (modular multiplications) among all possible binary redundant representations. Compared to the binary algorithm, the proposed algorithm reduces the number of basic operations by 33%. Systolic array of Montgomery is used to decrease the needed number of operations in the calculations. Results show that the time needed to compute the modular multiplication became less than 50% of the original time needed to perform the same operation without using systolic array of Montgomery. The final results show that, the needed time to calculate the modular exponential function will decrease by 66% of the original time.

Abstract: This papers explores the relations between the generation of solved instances of optimization problem and the design of private key cipher. A class of ciphers derived from complementary slackness conditions of multiconstraint knapsack problem (MKP) are presented and discussed. It is shown that under plaintext attack, any algorithm that predicts the embedded key sequence generator of the ciphers also solves a sequence of instances of MKP. It is also shown that even under P=NP and additional assumption, security under plaintext attack of the proposed ciphers is equivalent to their associative key sequence generator.

Abstract: This paper develops analytical models for the avalanche characteristics of a class of block ciphers usually referred to as substitution-permutation encryption networks or SPNs. An SPN is considered to display good avalanche characteristics if a one bit change in the plaintext input is expected to result in close to half the ciphertext output bits changing. Good avalanche characteristics are important to ensure that a cipher is not susceptible to statistical attacks and the strength of an SPN's avalanche characteristics may be considered as a measure of the randomness of the ciphertext. The results presented in this paper demonstrate that the avalanche behavior of encryption networks can be improved by using larger S-boxes. As well, it is shown that increasing the diffusion properties of the S-boxes or replacing the permutations by diffusive linear transformations is effective in improving the network avalanche characteristics. >