Results 11  20
of
54
Cascade Ciphers: The Importance of Being First
, 1993
"... The security of cascade ciphers, in which by definition the keys of the component ciphers are independent, is considered. It is shown by a counterexample that the intuitive result, formally stated and proved in the literature, that a cascade is at least as strong as the strongest component cipher, ..."
Abstract

Cited by 25 (2 self)
 Add to MetaCart
The security of cascade ciphers, in which by definition the keys of the component ciphers are independent, is considered. It is shown by a counterexample that the intuitive result, formally stated and proved in the literature, that a cascade is at least as strong as the strongest component cipher, requires the uninterestingly restrictive assumption that the enemy cannot exploit information about the plaintext statistics. It is proved, for very general notions of breaking a cipher and of problem difficulty, that a cascade is at least as difficult to break as the first component cipher. A consequence of this result is that, if the ciphers commute, then a cascade is at least as difficult to break as the mostdifficulttobreak component cipher, i.e., the intuition that a cryptographic chain is at least as strong as its strongest link is then provably correct. It is noted that additive stream ciphers do commute, and this fact is used to suggest a strategy for designing secure practical ci...
DEAL  A 128bit Block Cipher
 NIST AES Proposal
, 1998
"... We propose a new block cipher, DEAL, based on the DES (DEA). DEAL has a block size of 128 bits and allows for three key sizes of 128, 192, and 256 bits respectively. Our proposal has several advantages to other schemes: because of the large blocks, the problem of the "matching ciphertext attacks" ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
We propose a new block cipher, DEAL, based on the DES (DEA). DEAL has a block size of 128 bits and allows for three key sizes of 128, 192, and 256 bits respectively. Our proposal has several advantages to other schemes: because of the large blocks, the problem of the "matching ciphertext attacks" is made small, and the encryption rate is similar to that of tripleDES. We conjecture that the most realistic (or the least unrealistic) attack on all versions of DEAL is an exhaustive search for the keys. We have suggested ANSI to include DEAL in the ANSI standard X9.52. We also suggest DEAL as a candidate for the NIST AES standard. 1 Introduction The DES (or DEA) [14] is a 64bit block cipher taking a 64bit key, of which 56 bits are effective. It is an iterated 16round cipher, where the ciphertext is processed by applying a round function iteratively to the plaintext. The DES has a socalled Feistel structure: in each round one half of the ciphertext is fed through a nonlinear f...
How to Strengthen DES Using Existing Hardware
"... Differential, linear and improved Davies' attacks are capable of breaking DES faster than exhaustive search, but are usually impractical due to enormous amounts of data required. In [20] Wiener designed a million dollar special purpose computer capable of breaking DES in 3.5 hours in average by e ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
Differential, linear and improved Davies' attacks are capable of breaking DES faster than exhaustive search, but are usually impractical due to enormous amounts of data required. In [20] Wiener designed a million dollar special purpose computer capable of breaking DES in 3.5 hours in average by exhaustive search. In this paper we describe methods of strengthening DES against exhaustive search, differential attacks, linear attacks and improved Davies' attacks that can be applied on existing DES hardware. We use the fact that there are DES chips in the market that permit replacement of the Sboxes. We introduce the concept of keydependent invariant Sbox transformations. Differential and linear properties of the cipher are invariant under these transformations. We show how to expand the key using such transformations. Possible reorderings of Sboxes are discussed; we present orders of the original DES Sboxes which are slightly stronger than the standard order of Sboxes. Finally we suggest a concrete scheme to strengthen DES which uses the methods described above. This modified DES can be used with existing DES hardware and is much stronger than the standard DES.
Domany E: Finding motifs in promoter regions
 J Comput Biol
"... A central issue in molecular biology is understanding the regulatory mechanisms that control gene expression. The availability of whole genome sequences opens the way for computational methods to search for the key elements in transcription regulation. These include methods for discovering the bindi ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
A central issue in molecular biology is understanding the regulatory mechanisms that control gene expression. The availability of whole genome sequences opens the way for computational methods to search for the key elements in transcription regulation. These include methods for discovering the binding sites of DNAbinding proteins, such as transcription factors. A common representation of transcription factor binding sites is a position specific score matrix (PSSM). We developed a probabilistic approach for searching for putative binding sites. Given a promoter sequence and a PSSM, we scan the promoter and find the position with the maximal score. Then we calculate the probability to get such a maximal score or higher on a random promoter. This is the pvalue of the putative binding site. In this way, we searched for putative binding sites in the upstream sequences of Saccharomyces cerevisiae, where some binding sites are known (according to the Saccharomyces cerevisiae Promoters Database, SCPD). Our method produces either exact pvalues, or a better estimate for them than other methods, and this improves the results of the search. For each gene we found its statistically significant putative binding sites. We measured the rates of true positives, by a comparison to the known binding sites, and also compared our results to these of MatInspector, a commercially available software that looks for putative binding sites in DNA sequences according to PSSMs. Our results were significantly better. In contrast with us, MatInspector doesn’t calculate the exact statistical significance of its results.
Transform Domain Analysis of DES
, 1998
"... DES can be regarded as a nonlinear feedback shift register (NLFSR) with input. From this point of view, the tools for pseudorandom sequence analysis are applied to the Sboxes in DES. The properties of the Sboxes of DES under Fourier transform, Hadamard transform, extended Hadamard transform and A ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
DES can be regarded as a nonlinear feedback shift register (NLFSR) with input. From this point of view, the tools for pseudorandom sequence analysis are applied to the Sboxes in DES. The properties of the Sboxes of DES under Fourier transform, Hadamard transform, extended Hadamard transform and Avalanche transform are investigated. Two important results about the Sboxes of DES are found. The first result is that nearly twothirds of the total 32 functions from GF(2 6 ) to GF (2) which are associated with the 8 Sboxes of DES have the maximal linear span 63, and the other onethird have linear span greater than or equal to 57. The second result is that for all Sboxes, the distances of the Sboxes approximated by monomial functions has the same distribution as for the Sboxes approximated by linear functions. Some new criteria for the design of permutation functions for use in block cipher algorithms are discussed. Index Terms DES, nonlinear feedback shift register, transform do...
Security Amplification by Composition: The case of DoublyIterated, Ideal Ciphers
, 1998
"... We investigate, in the Shannon model, the security of constructions corresponding to double and (twokey) triple DES. That is, we consider Fk1 (Fk2(\Delta)) and Fk1(F \Gamma 1 k2 (Fk1 (\Delta))) with the component functions being ideal ciphers. This models the resistance of these constructions to " ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
We investigate, in the Shannon model, the security of constructions corresponding to double and (twokey) triple DES. That is, we consider Fk1 (Fk2(\Delta)) and Fk1(F \Gamma 1 k2 (Fk1 (\Delta))) with the component functions being ideal ciphers. This models the resistance of these constructions to "generic" attacks like meet in the middle attacks. We obtain
Automated analysis of security APIs
, 2005
"... Attacks on security systems within the past decade have revealed that security Application Programming Interfaces (APIs) expose a large and real attack surface but remain to be a relatively unexplored problem. In 2000, Bond et al. discovered APIchaining and typeconfusion attacks on hardware securit ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Attacks on security systems within the past decade have revealed that security Application Programming Interfaces (APIs) expose a large and real attack surface but remain to be a relatively unexplored problem. In 2000, Bond et al. discovered APIchaining and typeconfusion attacks on hardware security modules used in large banking systems. While these first attacks were found through human inspection of the API specifications, we take the approach of modeling these APIs formally and using an automatedreasoning tool to discover attacks. In particular, we discuss the techniques we used to model the Trusted Platform Module (TPM) vl.2 API and how we used OTTER, a theoremprover, and ALLOY, a modelfinder, to find both APIchaining attacks and to manage API complexity. Using ALLOY, we also developed techniques to capture attacks that weaken, but not fully compromise, a system's security. Finally, we demonstrate a number of real and "nearmiss " vulnerabilities that were discovered against the TPM.
On the Design of Permutation P in DES Type Cryptosystems
 Advances in Cryptology: Proceedings of EUROCRYPT ’89
, 1990
"... This paper reviews some possible design criteria for the permutation P in a DES style cryptosystem. These permutations provide the diffusion component in a substitutionpermutation network. Some empirical rules which seem to account for the derivation of the permutation used in the DES are first pre ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
This paper reviews some possible design criteria for the permutation P in a DES style cryptosystem. These permutations provide the diffusion component in a substitutionpermutation network. Some empirical rules which seem to account for the derivation of the permutation used in the DES are first presented. Then it is noted that these permutations may be regarded as latinsquares which link the outputs of Sboxes to their inputs at the next stage. A subset of these with an extremely regular structure, and which perform well in a dependency analysis are then presented and suggested for use in future schemes of both current and extended versions of the DES. 1.
Architectural Considerations for Cryptanalytic Hardware
 Secrets of Encryption Research, Wiretap Politics & Chip Design
, 1996
"... We examine issues in highperformance cryptanalysis, focusing on the use of programmable logic. Several standard techniques from computer architecture are adapted and applied to this application. We present performance measurements for RC4, A5, DES, and CDMF; these measurements were taken from actua ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
We examine issues in highperformance cryptanalysis, focusing on the use of programmable logic. Several standard techniques from computer architecture are adapted and applied to this application. We present performance measurements for RC4, A5, DES, and CDMF; these measurements were taken from actual implementations. We conclude by estimating the resources needed to break these encryption algorithms. 1 Introduction Largescale open electronic communications networks are spreading: for example, mobile computing is on the rise, the Internet is experiencing exponential growth, and electronic commerice is a hot topic. With these advances comes a need for robust security mechanisms, and they in turn depend critically on cryptographic protection. At the same time, computer power has been growing at dizzying rates, matching or exceeding Moore's Law. Therefore, in this rapidly changing environment, it is important to assess the strength of deployed encryption algorithms against the tremendous...
A Better Key Schedule for DESLike Ciphers
 in Advances in Cryptology: Proceedings of Pragocrypt '96
, 1996
"... Several DESlike ciphers aren’t utilizing their full potential strength, because of the short key and linear or otherwise easily tractable algorithms they use to generate their key schedules. Using DES as example, we show a way to generate round subkeys to increase the cipher strength substantially ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Several DESlike ciphers aren’t utilizing their full potential strength, because of the short key and linear or otherwise easily tractable algorithms they use to generate their key schedules. Using DES as example, we show a way to generate round subkeys to increase the cipher strength substantially by making relations between the round subkeys practically intractable. 1