Abstract: This paper is primarily concerned with the CBC block cipher mode. The impact on the usability of this mode of recently proposed padding oracle attacks, together with other related attacks described in this paper, is considered. For applications where unauthenticated encryption is required, the use of CBC mode is compared with its major symmetric rival, namely the stream cipher. It is argued that, where possible, authenticated encryption should be used, and, where this is not possible, a stream cipher would appear to be a superior choice. This raises a major question mark over the future use of CBC mode, except as part of a more complex mode designed to provide authenticated encryption.

Abstract: Data cipher processors, advanced encryption standard (AES) cipher system, and AES cipher methods using a masking method perform round operations using a round key, a plain text, a cipher text, and masking data. Some of the round operations are implemented over a composite Galois Field GF(•). Original data and predetermined masking data are processed according to a predetermined rule. Sub-byte transformation operations used in the cipher method and system may include an affine transformation, an inverse affine transformation, an isomorphic transformation, and an inverse isomorphic transformation which are linear transformations, and an inverse transformation that is a non-linear transformation.

Abstract: At ISNN'04, a novel symmetric cipher was proposed, by combining a chaotic signal and a clipped neural network (CNN) for encryption. The present paper analyzes the security of this chaotic cipher against chosen-plaintext attacks, and points out that this cipher can be broken by a chosen-plaintext attack. Experimental analyses are given to support the feasibility of the proposed attack.

Abstract: Decim is a new stream cipher designed for hardware applications with restricted resources. The design of the cipher is based on both a nonlinear filter LFSR and an irregular decimation mechanism recently introduced and called the ABSG. Apart from the security aspects, the design goal is to produce a stream cipher with a compact hardware implementation and operating at high rates. Excluding the tricky case of Time-Memory-Data trade-off attacks, the best attacks that have been identified by the authors are at least as difficult as exhaustive search.

Abstract: At ISNN'04, a novel symmetric cipher was proposed, by combining a chaotic signal and a clipped neural network (CNN) for encryption. The present paper analyzes the security of this chaotic cipher against chosen-plaintext attacks, and points out that this cipher can be broken by a chosen-plaintext attack. Experimental analyses are given to support the feasibility of the proposed attack.

Abstract: In this paper we present a distinguisher targeting towards irregularly clocked filter generators. The attack is applied on the irregularly clocked stream cipher called LILI-II. LILI-II is the successor of the cipher LILI-128 and its design was published in [1]. There have been no known attacks better than exhaustive key search on LILI-II. Our attack is the first of this kind that distinguishes the cipher output from a random source using 2103 bits of keystream using computational complexity of approximately 2103 operations.

Abstract: As a general design criterion, a symmetric key cipher should not be closed under functional composition due to the implications on the security of the cipher. However, there are scenarios in which this property is desirable and can be obtained without reducing the security of a cipher by increasing the computational workload of the cipher. We expand the idea of a symmetric key cipher being closed under functional composition to a more general scenario where there exists a function that converts the ciphertext resulting from encryption under a specific key to the ciphertext corresponding to encryption with another key. We show how to perform such a conversion without exposing the plaintext. We discuss the tradeoff between the computational workload and security, and the relationship between such conversions and proxy cryptography. We conclude with a description of some practical applications of our results.

Abstract: A new fast stream cipher, MAJE4 is designed and developed with a variable key size of 128-bit or 256-bit. The randomness property of the stream cipher is analysed by using the statistical tests. The performance evaluation of the stream cipher is done in comparison with another fast stream cipher called JEROBOAM. The focus is to generate a long unpredictable key stream with better performance, which can be used for cryptographic applications.

Abstract: Nawaz, Gupta and Gong recently proposed a 32-bit RC4-like stream cipher. In this paper, we show that the keystream generated from their stream cipher is not random. The keystream can be distinguished from random with only about 100 outputs (3200 bits) in 2 milliseconds on Intel Centrino 1.6GHz processor.

Abstract: The ”PYRAMIDS” Block Cipher is a symmetric encryption algorithm of a 64, 128, 256-bit plaintext block, that accepts a variable key length of 128, 192, 256 bits. The algorithm is an iterated cipher consisting of repeated applications of simple round transformations with different operations and different sequences in each round.

Abstract: ARIA is a 128-bit symmetric block cipher having 128-bit, 192-bit, or 256-bit key lengths. The cipher is a substitution-permutation encryption network (SPN) that uses an involutional binary matrix. This paper shows that a careless implementation of ARIA on smartcards is vulnerable to a differential power analysis attack. This attack is realistic because we can measure power consumption signals at two kinds of S-boxes and two types of substitution layers. By analyzing the power traces, we can find all round keys and also extract a master key from only two round keys using circular rotation, XOR, and involutional operations for two types of layers.

Abstract: In this paper, we show several known-plaintext attacks on the stream cipher HBB which was proposed recently at INDOCRYPT 2003. The cipher can operate either as a classical stream cipher in the “B mode” or as an asynchronous stream cipher in the “SS mode”. In the case of the SS mode, we present known-plaintext attacks recovering 128-bit key with the complexity 2 and 256-bit key with the complexity 2. In the case of B mode with 256-bit key, we show a known-plaintext attack recovering the whole plaintext with the complexity 2. All attacks need only a small part of the plaintext to be known.

Abstract: Disclosed is a cipher key setting system wherein the access point detects the terminals connected to the wireless LAN through the access point itself repeatedly at each predetermined time, reviews the adopted cipher systems when there are replacements of the terminals participating in the wireless LAN and a decrease in the number of the terminals, and adopts a cipher system according to the guideline ‘selecting the cipher system of the highest security level among the cipher systems that the devices building up the network can commonly adopt’. The system prevents the security setting from being maintained at a needlessly low level, after a certain terminal withdrew from the network or after some terminals were replaced.

Abstract: Data cipher processors, advanced encryption standard (AES) cipher system, and AES cipher methods using a masking method perform round operations using a round key, a plain text, a cipher text, and masking data. Some of the round operations are implemented over a composite Galois Field GF(•). Original data and predetermined masking data are processed according to a predetermined rule. Sub-byte transformation operations used in the cipher method and system may include an affine transformation, an inverse affine transformation, an isomorphic transformation, and an inverse isomorphic transformation which are linear transformations, and an inverse transformation that is a non-linear transformation.

Abstract: PROBLEM TO BE SOLVED: To generate different random number patterns by blocks without specially using random number generation algorithm for cipher key change. SOLUTION: The cipher text generation device divides a plaintext into blocks of designated length and performs cipher text generation using block key in the divided block units to obtain cipher texts. This cipher text generation device is equipped with a counter which counts up whenever a cipher text of each block has been generated, and a block key generation means of generating block keys by blocks to be ciphered by using a cipher text ciphered specified blocks before a block for which a cipher text is currently generated, the counter value of the counter, and cipher key data. COPYRIGHT: (C)2007,JPO&INPIT

Abstract: Dynamic cipher has the property that the key-size, the number of round, and the plaintext-size are scalable simultaneously. We present the method for designing secure Dynamic cipher against meet-in-the-middle attack and linear cryptanalysis. Also, we show that the differential cryptanalysis to Dynamic cipher is hard. In this paper we propose a new network called Dynamic network for symmetric block ciphers.

Abstract: We investigate the mode of block cipher encryption which a random number is added into the process of an encryption. Many manners to add a random number are examined for the capabilities to defeat brute-force, differential and linear attacks. Then, we claim that if the underlying block cipher withstand brute-force attack, some manners will be secure even though the underlying block cipher is vulnerable to differential and linear attacks.

Abstract: We investigate the Yuen 2000 (so-called Y-00)-protocol, which can realize a randomized stream cipher with high bit rate (Gbit/s) for long distances (several hundreds km). The randomized stream cipher with randomization by quantum noise based on the Y-00 protocol is called a quantum stream cipher in this paper, and it may have security against known plaintext attacks which has no analog with any conventional symmetric key ciphers. We present a simple cryptanalysis based on an attacker's heterodyne measurement and a quantum unambiguous measurement to make clear the strength of the Y-00 protocol in real communication. In addition, we give a design for the implementation of an intensity-modulation scheme and report an experimental demonstration of $1\phantom{\rule{0.3em}{0ex}}\mathrm{Gbit}∕\mathrm{s}$ quantum stream cipher through a $20\text{\ensuremath{-}}\mathrm{km}$-long transmission line.