Abstract: This paper proposes a novel public-key cryptosystem, which is practical, provably secure and has some other interesting properties as follows: 1. Its trapdoor technique is essentially different from any other previous schemes including RSA-Rabin and Diffie-Hellman. 2. It is a probabilistic encryption scheme. 3. It can be proven to be as secure as the intractability of factoring n = p2q (in the sense of the security of the whole plaintext) against passive adversaries. 4. It is semantically secure under the p-subgroup assumption, which is comparable to the quadratic residue and higher degree residue assumptions. 5. Under the most practical environment, the encryption and decryption speeds of our scheme are comparable to (around twice slower than) those of elliptic curve cryptosystems. 6. It has a homomorphic property: E(m0, r0)E(m1, r1) mod n = E(@#@ m0 + m1, r2), where E(m, r) means a ciphertext of plaintext m as randomized by r and m0+ m1 < p. 7. Anyone can change a ciphertext, C = E(m, r), into another ciphertext, C′ = Chr' mod n, while preserving plaintext of C (i.e., C′ = E(m,r″)), and the relationship between C and C′ can be concealed.

Abstract: We compare the relative strengths of popular notions of security for public key encryption schemes. We consider the goals of privacy and non-malleability, each under chosen plaintext attack and two kinds of chosen ciphertext attack. For each of the resulting pairs of definitions we prove either an implication (every scheme meeting one notion must meet the other) or a separation (there is a scheme meeting one notion but not the other, assuming the first notion can be met at all). We similarly treat plaintext awareness, a notion of security in the random oracle model. An additional contribution of this paper is a new definition of non-malleability which we believe is simpler than the previous one.

Abstract: A method of accessing electronic resources via machine readable data embedded on a document which comprises compressing input data with a transmitter adapted to save a first bandwidth using a compression method adapted to minimize utilization of bandwidth by the compressed input data while retaining substantially all information content of the input data and appending a compression flag to the compressed input data indicative of the compression method enabling a receiver to decompress the compressed input data. The compression step further comprises utilizing a compression dictionary adapted to map the elements and strings of the input data to minimized representations having redundancies deleted. The compression dictionary may be appended to the compressed input data (as cleartext or cyphertext) under circumstances where a bandwidth occupied by the appended compression dictionary is less than the bandwidth saved by the step of compressing the input data. The compression dictionary may also be selected by the receiver independently from the transmitter independently indexes, pointer registration, application restricted subsets or customized according to the input data content. Also the input data may be encrypted, and an encryption flag appended which is indicative of the encryption method enabling decryption via public or private key cryptosystems as well as utilizing various authentication techniques such as digital signatures to ensure that the document was created by a licensed user.

Abstract: The security of the alleged RC4 stream cipher and some variants is investigated. Cryptanalytic algorithms are developed for a known plaintext attack where only a small segment of plaintext is assumed to be known. The analysis methods reveal intrinsic properties of alleged RC4 which are independent of the key scheduling and the key size. The complexity of one of the attacks is estimated to be less than the time of searching through the square root of all possible initial states. However, this still poses no threat to alleged RC4 in practical applications.

Abstract: The security of the alleged RC4 stream cipher and some variants is investigated Cryptanalytic algorithms are developed for a known plaintext attack where only a small segment of plaintext is assumed to be known The analysis methods reveal intrinsic properties of alleged RC4 which are independent of the key scheduling and the key size The complexity of one of the attacks is estimated to be less than the time of searching through the square root of all possible initial states However, this still poses no threat to alleged RC4 in practical applications

Abstract: A data deletion system and method detects data deletion notification data representing a desire to delete data, such as a data delete command from a storage management system such as an operating system or other software application. The system and method provides a system invoked deletion process that modifies the desired data to be deleted in response to the detected data deletion notification data. The system does not require continued user invocation to select data to be deleted. Modification of the desired data to be deleted includes actual deletion of the information by overwriting the desired data to be deleted with random data or other process such as overwriting original data multiple times, to ensure that there is no detectable electronic signature of the original data.

Abstract: This memo defines the NULL encryption algorithm and its use with the IPsec Encapsulating Security Payload (ESP). NULL does nothing to alter plaintext data. In fact, NULL, by itself, does nothing. NULL provides the means for ESP to provide authentication and integrity without confidentiality.

Abstract: When a secret is encrypted and stored, it is necessary to provide a countermeasure for the situation where a key is lost (key recovery system) In the present invention, a key recovery system for an enveloped data format in which a common key is used to encrypt a plaintext (secret) and a user's public key is used to encrypt the common key and attached to an encrypted text is provided In the present invention, only the common key is decrypted to recover the secret without reconstruction of split secret keys kept in a plurality of key storage apparatuses

Abstract: A bilateral system for authenticating remote transceiving stations through use of station identifiers (IDs), and through use of passwords which are used only one time, and thereafter exchanging messages through use of an encryption key which is changed after each system connection. Upon authentication, each of the stations independently creates a secret session encryption key in response to the other station's unique station identifier that is exchanged over a communication link in cleartext. The station identifiers are used as tags to look up a unique static secret and a unique dynamic secret which are known only by the two stations, but which are not exchanged over the communication link. The secrets are independently combined by a bit-shuffle algorithm, the result of which is applied to a secure hash function to produce a message digest. The secret session encryption key, a one-time password for the originating station, a one-time password for the receiving station, and a pseudo-random change value for updating the dynamic secret are derived from the message digest. The dynamic secret is updated by the pseudo-random change value and a prime constant after each system connection, thus causing the message digest to be updated upon the occurrence of a new system connection. Further, the system IDs also may be altered by a component of the message digest upon the occurrence of a new system connection to provide an additional protection against playback impersonation.

Abstract: In order to encrypt plaintext data while maintaining high security, the plaintext data is received and divided into a plurality of plaintext data blocks, each of which has the same bit length. A preset master key is used to obtain a set of round subkeys, and each of the plaintext data blocks is encrypted by using the preset master key and combining the encrypted blocks to thereby provide cipheitext data having a bit length which is identical to that of the plaintext data.

Abstract: Skipjack is the secret key encryption algorithm developed by the NSA for the Clipper chip and Fortezza PC card. It uses an 80-bit key, 128 table lookup operations, and 320 XOR operations to map a 64- bit plaintext into a 64-bit ciphertext in 32 rounds. This paper describes an efficient attack on a variant, which we call Skipjack-3XOR (Skipjack minus 3 XORs). The only difference between Skipjack and Skipjack- 3XOR is the removal of 3 out of the 320 XOR operations. The attack uses the ciphertexts derived from about 500 plaintexts and its total running time is equivalent to about one million Skipjack encryptions, which can be carried out in seconds on a personal computer. We also present a new cryptographic tool, which we call the Yoyo game, and efficient attacks on Skipjack reduced to 16 rounds. We conclude that Skipjack does not have a conservative design with a large margin of safety.

Abstract: A key used for deciphering ciphertext is safely transmitted, to establish simple encryption communication. A transmitter and a receiver are connected through a network such that they can communicate with each other. In the transmitter, plaintext is enciphered using a common key. Ciphertext, together with a key generation program in a public-key cryptosystem, is transmitted from the transmitter to the receiver. In the receiver, a pair of a public key and a secret key is generated in accordance with the key generation program, the public key is transmitted to the transmitter, and the secret key is held in the receiver. In the transmitter, the common key is enciphered using the public key transmitted from the receiver. An enciphered common key transmitted to the receiver is deciphered using the held secret key. The ciphertext is deciphered using the deciphered common key.

Abstract: We present a method for efficient conversion of differential (chosen plaintext) attacks into the more practical known plaintext and ciphertext-only attacks. Our observation may save up to a factor of 220 in data over the known methods, assuming that plaintext is ASCII encoded English (or some other types of highly redundant data). We demonstrate the effectiveness of our method by practical attacks on the block-cipher Madryga and on round-reduced versions of RC5 and DES.

Abstract: In a public-key cryptosystem based on a multiplicative group, n=p2q, where p and q are odd primes, and g, selected from (Z/nZ)* such that gp=gr−1 mod p2 has an order of p in (Z/ p2Z)*, are made public. A plaintext m, a random number and n are used to calculate m+rn, and n and g are used to compute C=gm+rn mod n to generate it as ciphertext. For the ciphertext C, C mod p2 is calculated, then Cp=Cp−1 mod p2 is calculated to obtain (Cp−1)/p=L(Cp), and L(Cp) is multiplied by a secret key L(gp)−1 mod p to obtain the plaintext m.

Abstract: Apparatus and method for encrypting and decrypting using permutation, concatenation and decatenation together with rotation and arithmetic and logic combining with elements or digits or characters from random, pseudo-random, or arbitrary sources wherein the plaintext may be partitioned, block-by-block, the block size being a user selectable power of 2 in size. The data bytes in the input block are selected M bytes at a time, where M≧2, with permuted addressing to form a single concatenated data byte, CDB. The CDB is modified by rotating (or barrel shifting) a random bit distance. The CDB may also be modified before or after rotation by simple arithmetic/logic operations. After modification, the CDB is broken up into M bytes and each of the M bytes is placed into the output block with permuted addressing. The output block, or ciphertext, may again be used as an input block and the process repeated with a new output block. This scheme may be used as an encryption method by itself or in conjunction other block encryption methods. The latter may be accomplished by using this scheme between successive stages of other encryption methods on blocked data, or between an internal stage of these other methods. The sources of random numbers used to determine the distance for the random rotation operation can be from: a pseudo-random number generator, sampled music CD-ROMs, entries in tables, arrays, buffers, or any other digital source.

Abstract: An examination of the word skytale by Greek and Latin authors from the 7th century B.C. to the 12th century A.D. leads to the conclusion that the notion that it was a cryptograph employed by the Spartans rests on no reliable ancient evidence. That idea came into existence only in the 3rd century B.C. There is not the slightest indication in the works of nine Greek authors who used the word prior to that time that the skytale was a cryptograph. In these early authors the skytale was either a plaintext message or a device for keeping records.

Abstract: We present a method for efficient conversion of differential (chosen plaintext) attacks into the more practical known plaintext and ciphertext-only attacks. Our observation may save up to a factor of 2 20 in data over the known methods, assuming that plaintext is ASCII encoded English (or some other types of highly redundant data). We demonstrate the effectiveness of our method by practical attacks on the block-cipher Madryga and on round-reduced versions of RC5 and DES.

Abstract: The present invention takes advantage of a quadratic-only ambiguity for x-coordinates in elliptic curve algebra as a means for encrypting plaintext directly onto elliptic curves. The encrypting of plaintext directly onto elliptic curves if refered to herein as 'direct embedding'. When performing direct embedding, actual plaintext is embedded as a '+' or '-' x-coordinate. The sender specifies using an extra bit whether + or - is used so that the receiver can decrypt appropriately. In operation their are two public initial x-coordinates such that two points P1+ and P?1?- lie respectively on two curves E?+ and E-?. A parcel of text x?text? is selected that is no more than q bits in length. The curve (E?+ or E-?) that contains x?text? is determined. A random number r is chosen and used to generate a coordinate xq using the public key of a receiving party. An elliptic add operation is used with the coordinate xq and the parcel of text to generate a message coordinate xm. A clue xc is generated using the random number and the point P from the appropriate curve E+/-. The sign that holds for xtext is determined and called g. The message coordinate mm, the clue xc, and the sign g are sent as a triple to the receiving party. The receiving party uses the clue xc and its private key to generate coordinate xq. Using the sign g and coordinate xq, the text can be recovered.

Abstract: We describe a new symmetric product ciphering algorithm that operates iteratively on an arbitrary square block of plaintext with the only constraint that the blocklength has to be an integral power of 2. Permutations are induced by the highly unstable nonlinear dynamics of chaotic Kolmogorov flows, while substitutions are implemented using add-with-carry or subtract-with-borrow generators. The encryption performance is excellent in hardware and software which is based on the fact that only additions, subtractions and bit-shifts, but no time-consuming operations like multiplication or exponentiation are necessary for implementing the cipher.

Abstract: The present encryption apparatus is provided with a plurality of conversion means connected in multiple steps, an intermediate-key generating means for performing linear or non-linear conversion for an intermediate-key and subsequently generating an initial-value of the intermediate-key, and an intermediate-key memory means for updating and storing the intermediate-key update information. The present encryption apparatus provides a ciphertext which is refractory to a chosen plaintext cryptanalysis in the evaluation of the key update information. The present apparatus is capable of high speed operation by parallel processing and is also capable of maintaining high speed operation by higher multiplication of the parallel operation even when the number of repetitive conversion is increased.

Abstract: Adequate protection of digital copies of multimedia content - both audio and video - is a prerequisite to the distribution of this content over networks. Until recently digital audio and video content has been protected by its size: it is difficult to distribute and store without compression. Modern compression algorithms allow substantial bitrate reduction while maintaining high-fidelity reproduction. If distribution of these algorithms is controlled, cleartext uncompressed content is still protected by its size. However, once the compression algorithms are generally available cleartext content becomes extremely vulnerable to piracy. In this paper we explore the implications of this vulnerability and discuss the use of compression and watermarking in the control of piracy.

Abstract: Plaintext elements and masking array elements are converted into digits in another number base. The resulting digits are combined modulo the new number base and the result is converted back into elements using the original number base resulting in ciphertext elements. For recovery of the plaintext, the ciphertext elements and masking array elements are converted again into digits in the same number base as used for encryption and a reverse arithmetic combination of these digits is employed, modulo the new number base, and the result of the combination is converted back into elements in the original number base resulting in the original plaintext elements.

Abstract: A confusion data generator for the generation of non-linear confusion data utilizes a plurality of arrays acting as non-linear state machines to generate a stream of confusion data of a certain width. Each non-linear state machine contributes equally to the overall width of the confusion data. The output bit stream from the confusion data generator is then used with a combiner such as an XOR combiner to generate secure text from plaintext. The confusion data generator can be used to securely store data on a storage medium or transmit data over a communication medium. The confusion data generator is computationally inexpensive, scalable and provides good security when used with a combiner, such as an XOR combiner, to generate secure text.

Abstract: PROBLEM TO BE SOLVED: To safely transfer data, even in the case of transmitting information to an open network environment such as the Internet, when the information undergoing access limitation because of security, payment, etc., is offered. SOLUTION: This information providing device which offers requested information in response to the information offer request is provided with means 21, 24 and 25 which transmit requested information in an enciphered state, when the information is offered to an information requesting source via a public network and transmits the requested information in a plaintext state, when the information is offered to the information requesting source through a network which ensures confidentiality.

Abstract: We show how to construct an optimal context tree for a given plaintext and context order. Our algorithm runs in time linear in the size of the plaintext and the size of the context, and consumes space linear in the size of the plaintext. We evaluate the algorithm's performance on the CCITT test set for bilevel images with the Euclidean-norm context order.

Abstract: PROBLEM TO BE SOLVED: To enable the apparatus scale of secret keys cipher to be reduced, to enable the safety of the keys to be enhanced and to facilitate key management SOLUTION: The data processor which encrypts a plaintext to a ciphertext by using the key for excryption and/or decrypts a ciphertext to a plaintext by using the key for decryption has a key conversion section 2 which is constituted by successively connecting plural involutional key conversion functions fk to execute key conversion processing and the output of the magnification key in accordance with any of the keys or the results of the key conversion and sequentially or reversally transfers the results of the key conversion among the key conversion functions and an agitation section 1 which is constituted by successively connecting the plural involutional round functions to execute the encryption processing and/or decryption processing by using the magnification key and sequentially or reversally transfers the results of the processing at the round functions fr among the round functions

Abstract: An enhanced CMEA encryption system suitable for use in wireless telephony. A plaintext message is introduced into the system and subjected to a first iteration of a CMEA process, using a first CMEA key to produce an intermediate ciphertext. The intermediate ciphertext is then subjected to a second iteration of the CMEA process using a second CMEA key to produce a final ciphertext. Additional security is achieved by subjecting the plaintext and intermediate ciphertext to input and output transformations before and after each iteration of the CMEA process. The CMEA iterations may be performed using an improved use of a box function which adds permutations to a message or intermediate crypto-processed data. Decryption is achieved by subjecting a ciphertext message to the reverse order of the steps used for encryption, replacing the input and output transformations by inverse output and inverse input transformations, respectively, as appropriate.