1.4 Simple XOR

We have now learned about several very important cryptographic objects, including block ciphers, encryption schemes, message authentication schemes, and hash functions. Moreover, we discussed how to construct instances of some of these cryptographic objects such that the constructs are provably secure under reasonable assumptions. For example, in Theorem 5.19 we show that CBC $ is a secure encryption scheme under chosen-plaintext attacks if we assume that the base block cipher is a secure PRF or PRP with a large block size. We have also shown that some cryptographic objects are insecure, e.g., the attack against CBCC in Section 5.5.3. Let us now step back for a moment and ask ourselves how to apply what we have learned in practice. Suppose that our employer asks us to design and implement the cryptographic portion of some software application. How should we proceed and, more importantly, what should we be careful about? Similarly, what should we look out for when deciding whether to use someone else's cryptographic product? There are plenty of mistakes that one could accidentally make when designing and implementing the cryptographic portion of a system. Here we look at some of the most common pitfalls, and we discuss how these pitfalls relate to what we have already learned in class. At a very high level, to avoid the most common pitfalls, we suggest that people implementing cryptography: 1. Use widely accepted and believed to be secure cryptographic primitives (like AES). 2. Use a construction that is provably secure under reasonable assumptions (like CBC$; Theorem

. In this paper we show that we are close at the proof that the type of characteristics used by Biham and Shamir in their differential attack on DES [3] are in fact the best characteristics we can find for DES. Furthermore we show that the criteria for the construction of DES-like S-boxes proposed by Kim [6] are insufficient to assure resistance against differential attacks. We show several good iterative characteristics for these S-boxes to be used in differential attacks. Finally we examine the probabilities of the two characteristics used by Biham and Shamir in [3]. We found that for some keys we do not get the probabilities used in the attack. We suggest the use of 5 characteristics instead of two in the attack on DES. 1 Introduction In 1990 Eli Biham and Adi Shamir introduced differential cryptanalysis, a chosen plaintext attack on block ciphers that are based on iterating a cryptographically weak function r times (e.g. the 16-round Data Encryption Standard (DES)). The method pro...

This paper presents an efficient stream cipher using an internal state with variable structure and evolution. Arbitrarily large internal states can be used in order to defeat brute-force guessing attacks without compromising the performance of cipher, and possibly improving it. Attacking is made even more complicated by dynamically chosing different topologies and evolutions for the cipher's internal state. The cipher controls the evolution of its internal state by using both an external keyed pseudo-random generator (EKPRG), either cryptographically strong or weak, and plaintext feedback. The plaintext feedback reduces the probability of producing cyclic keystreams without compromising the security of the cipher. The parameters controlling the structure and evolution of the cipher's internal state can be chosen in order to achieve different levels of security, memory consumption and performance. In terms of security, we evaluate the impact of this parameters in the strength of the c...

We analyze the security of the SEED block cipher against differential attacks. SEED is a 16-round Feistel cipher developed by the Korea Information Security Agency. The SEED proposers estimated their cipher against differential cryptanalysis in a self-estimation document and found a six-round differential characteristic with probability 2 . We present an improved method of examining the differential characteristics of SEED and show three six-round differential characteristics with probability 2 . These characteristics allow us to attack seven-round SEED, which surpasses the proposers estimation.

Radio Frequency Identification (RFID) systems are a common and useful tool in manufacturing, supply chain management and retail inventory control. Optical barcodes, another common automatic identification system, have been a familiar packaging feature on consumer items for years.