Results 1  10
of
13
A Digital Signature Scheme Secure Against Adaptive ChosenMessage Attacks
, 1995
"... We present a digital signature scheme based on the computational diculty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosenmessage attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a ..."
Abstract

Cited by 827 (48 self)
 Add to MetaCart
We present a digital signature scheme based on the computational diculty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosenmessage attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a way that depends on the signatures of previously chosen messages) can not later forge the signature of even a single additional message. This may be somewhat surprising, since the properties of having forgery being equivalent to factoring and being invulnerable to an adaptive chosenmessage attack were considered in the folklore to be contradictory. More generally, we show how to construct a signature scheme with such properties based on the existence of a "clawfree" pair of permutations  a potentially weaker assumption than the intractibility of integer factorization. The new scheme is potentially practical: signing and verifying signatures are reasonably fast, and signatures are compact.
An Application of a Fast Data Encryption Standard Implementation
 Computing Systems
, 1988
"... ABSTRACT: The Data Encryption Standard is used as the basis for the UNIX password encryption scheme. Some of the security of that scheme depends on the speed of the implementation. This paper presents a mathematical formulation of a fast implementation of the DES in software, discusses how the mathe ..."
Abstract

Cited by 21 (4 self)
 Add to MetaCart
ABSTRACT: The Data Encryption Standard is used as the basis for the UNIX password encryption scheme. Some of the security of that scheme depends on the speed of the implementation. This paper presents a mathematical formulation of a fast implementation of the DES in software, discusses how the mathematics can be translated into code, and then analyzes the UNIX password scheme to show how these results can be used to implement it. Experimental results are provided for several computers to show that the given method speeds up the computation of a password by roughly 20 times (depending on the specifrc computer).
On the Construction of VariableInputLength Ciphers
 In Fast Software Encryption
, 1998
"... We invesitgate how to construct ciphers which operate on messages of various (and effectively arbitrary) lengths. In particular, lengths not necessarily a multiple of some block length. (By a "cipher" we mean a keyindexed family of lengthpreserving permutations, with a "good" cipher being one that ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
We invesitgate how to construct ciphers which operate on messages of various (and effectively arbitrary) lengths. In particular, lengths not necessarily a multiple of some block length. (By a "cipher" we mean a keyindexed family of lengthpreserving permutations, with a "good" cipher being one that resembles a family of random lengthpreserving permutations.) Oddly enough, this question seems not to have been investiaged. We show how to construct variableinput length ciphers starting from any block cipher (ie, a cipher which operates on strings of some fixed length n). We do this by giving a general method starting from a particular kind of pseudorandom function and a particular kind of encryption scheme, and then we give example ways to realize these tools from a block cipher. All of our constructions are proven sound, in the provablesecurity sense of contemporary cryptography. Variableinputlength ciphers can be used to encrypt in the presence of the constraint that the ciphertex...
Key Scheduling in DES Type Cryptosystems
 in Advances in Cryptology: Auscrypt '90 (Lecture Notes in Computer Science
, 1990
"... This paper reviews some possible design criteria for the key schedule in a DES style cryptosystem. The key schedule involves a Key Rotation component, and the permutation PC2. Together these provide for a diffusion of dependency ofciphertext bits on key bits. Some empirical rules which seem to accou ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
This paper reviews some possible design criteria for the key schedule in a DES style cryptosystem. The key schedule involves a Key Rotation component, and the permutation PC2. Together these provide for a diffusion of dependency ofciphertext bits on key bits. Some empirical rules which seem to account for the derivation of the key schedule used in the DES are first presented. Anumber of trials were run with various key schedules, and some further design rules were derived. An alternative form of key schedule was then tested. This used either a null PC2, or one in which permutations only occurred within the inputs to a given Sbox, and a much larger rotation schedule than used in the DES. This was found to be as effective as the key schedule used in the current DES, and is proposed for use in new cryptosystems. 1.
On the Design of Permutation P in DES Type Cryptosystems
 Advances in Cryptology: Proceedings of EUROCRYPT ’89
, 1990
"... This paper reviews some possible design criteria for the permutation P in a DES style cryptosystem. These permutations provide the diffusion component in a substitutionpermutation network. Some empirical rules which seem to account for the derivation of the permutation used in the DES are first pre ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
This paper reviews some possible design criteria for the permutation P in a DES style cryptosystem. These permutations provide the diffusion component in a substitutionpermutation network. Some empirical rules which seem to account for the derivation of the permutation used in the DES are first presented. Then it is noted that these permutations may be regarded as latinsquares which link the outputs of Sboxes to their inputs at the next stage. A subset of these with an extremely regular structure, and which perform well in a dependency analysis are then presented and suggested for use in future schemes of both current and extended versions of the DES. 1.
New Integrated proof method on Iterated Hash Structure and New Structures
, 2006
"... A secure hash structure in Random Oracle Model may not be a secure model in true design. In this paper, we give an integrated proof method on security proof of iterated hash structure. Based on the proof method, we can distinguish the security of MerkelDamagård structure, widepipe hash, doublepi ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
A secure hash structure in Random Oracle Model may not be a secure model in true design. In this paper, we give an integrated proof method on security proof of iterated hash structure. Based on the proof method, we can distinguish the security of MerkelDamagård structure, widepipe hash, doublepipe hash and 3c hash and know the requirement of true design on compression function, and give a new recommend structure. At last, we give new hash structure, MAC structure, encryption model, which use same block cipher round function and key schedule algorithm, the security proofs on those structures are given.
A Generalised Testbed for Analysing Block and Stream Ciphers
 in Information Security
, 1991
"... With the recent development of a number of new ciphers, especially block ciphers, there is a need for a set of tools to help analyse them, in order to obtain some comparative measure of their relative security, and to assist in identifying any shortcomings in their design. This project uses a number ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
With the recent development of a number of new ciphers, especially block ciphers, there is a need for a set of tools to help analyse them, in order to obtain some comparative measure of their relative security, and to assist in identifying any shortcomings in their design. This project uses a number of tests to provide a better determination of a cipher's capabilities than previous attempts, and incorporates them into a framework to aid extension of the testbed, through both the addition of new ciphers, and new tests. The testbed will be used for a comparative analysis of some of the new families of block ciphers, including LOKI, FEAL, Khufu, Khafre, and KSX against the older generation which includes Lucifer and DES. Some preliminary results from this analysis on DES, FEAL, and LOKI are presented here. 1 Introduction With the increasing need for new ciphers for use in new communications systems, a number of new ciphers, particularly block ciphers, have been developed. There is a need...
Modes of Operation of a Block Cipher
"... this article which does not hide patterns (such as repetitions) in the plaintext. Usage of this mode should be strongly discouraged. In the past the ECB mode was sometimes 1 recommended for the encryption of keys; however, authenticated encryption would be much better for this application (or the A ..."
Abstract
 Add to MetaCart
this article which does not hide patterns (such as repetitions) in the plaintext. Usage of this mode should be strongly discouraged. In the past the ECB mode was sometimes 1 recommended for the encryption of keys; however, authenticated encryption would be much better for this application (or the AES key wrapping algorithm proposed by NIST)
Online Ciphers from Tweakable Blockciphers
"... Abstract. Online ciphers are deterministic lengthpreserving permutations EK: ({0, 1} n) + → ({0, 1} n) + where the ith block of ciphertext depends only on the first i blocks of plaintext. Definitions, constructions, and applications for these objects were first given by Bellare, Boldyreva, Knudsen ..."
Abstract
 Add to MetaCart
Abstract. Online ciphers are deterministic lengthpreserving permutations EK: ({0, 1} n) + → ({0, 1} n) + where the ith block of ciphertext depends only on the first i blocks of plaintext. Definitions, constructions, and applications for these objects were first given by Bellare, Boldyreva, Knudsen, and Namprempre. We simplify and generalize their work, showing that online ciphers are rather trivially constructed from tweakable blockciphers, a notion of Liskov, Rivest, and Wagner. We go on to show how to define and achieve online ciphers for settings in which messages need not be a multiple of n bits. Key words: Online ciphers, modes of operation, provable security, symmetric encryption, tweakable blockciphers. 1
A Generic Method to Extend Message Space of a Strong Pseudorandom Permutation
"... Abstract. In this paper we present an efficient and secure generic method which can encrypt messages of size at least n. This generic encryption algorithm needs a secure encryption algorithm for messages of multiple of n. The first generic construction, XLS, has been proposed by Ristenpart and Rogaw ..."
Abstract
 Add to MetaCart
Abstract. In this paper we present an efficient and secure generic method which can encrypt messages of size at least n. This generic encryption algorithm needs a secure encryption algorithm for messages of multiple of n. The first generic construction, XLS, has been proposed by Ristenpart and Rogaway in FSE07. It needs two extra invocations of an independently chosen strong pseudorandom permutation or SPRP defined over {0, 1} n for encryption of an incomplete message block. Whereas our construction needs only one invocation of a weak pseudorandom function and two multiplications over a finite field (equivalently, two invocations of an universal hash function). We prove here that the proposed method preserves (tweakable) SPRP. This new construction is meaningful for two reasons. Firstly, it is based on weak pseudorandom function which is a weaker security notion than SPRP. Thus we are able to achieve stronger security from a weaker one. Secondly, in practice, finite field multiplication is more efficient than an invocation of SPRP. Hence our method can be more efficient than XLS. 1