Results 1  10
of
24
A Digital Signature Scheme Secure Against Adaptive ChosenMessage Attacks
, 1995
"... We present a digital signature scheme based on the computational diculty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosenmessage attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a ..."
Abstract

Cited by 838 (47 self)
 Add to MetaCart
We present a digital signature scheme based on the computational diculty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosenmessage attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a way that depends on the signatures of previously chosen messages) can not later forge the signature of even a single additional message. This may be somewhat surprising, since the properties of having forgery being equivalent to factoring and being invulnerable to an adaptive chosenmessage attack were considered in the folklore to be contradictory. More generally, we show how to construct a signature scheme with such properties based on the existence of a "clawfree" pair of permutations  a potentially weaker assumption than the intractibility of integer factorization. The new scheme is potentially practical: signing and verifying signatures are reasonably fast, and signatures are compact.
An Application of a Fast Data Encryption Standard Implementation
 Computing Systems
, 1988
"... ABSTRACT: The Data Encryption Standard is used as the basis for the UNIX password encryption scheme. Some of the security of that scheme depends on the speed of the implementation. This paper presents a mathematical formulation of a fast implementation of the DES in software, discusses how the mathe ..."
Abstract

Cited by 20 (5 self)
 Add to MetaCart
ABSTRACT: The Data Encryption Standard is used as the basis for the UNIX password encryption scheme. Some of the security of that scheme depends on the speed of the implementation. This paper presents a mathematical formulation of a fast implementation of the DES in software, discusses how the mathematics can be translated into code, and then analyzes the UNIX password scheme to show how these results can be used to implement it. Experimental results are provided for several computers to show that the given method speeds up the computation of a password by roughly 20 times (depending on the specifrc computer).
On the Construction of VariableInputLength Ciphers
 In Fast Software Encryption
, 1998
"... We invesitgate how to construct ciphers which operate on messages of various (and effectively arbitrary) lengths. In particular, lengths not necessarily a multiple of some block length. (By a "cipher" we mean a keyindexed family of lengthpreserving permutations, with a "good" c ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
We invesitgate how to construct ciphers which operate on messages of various (and effectively arbitrary) lengths. In particular, lengths not necessarily a multiple of some block length. (By a "cipher" we mean a keyindexed family of lengthpreserving permutations, with a "good" cipher being one that resembles a family of random lengthpreserving permutations.) Oddly enough, this question seems not to have been investiaged. We show how to construct variableinput length ciphers starting from any block cipher (ie, a cipher which operates on strings of some fixed length n). We do this by giving a general method starting from a particular kind of pseudorandom function and a particular kind of encryption scheme, and then we give example ways to realize these tools from a block cipher. All of our constructions are proven sound, in the provablesecurity sense of contemporary cryptography. Variableinputlength ciphers can be used to encrypt in the presence of the constraint that the ciphertex...
Key Scheduling in DES Type Cryptosystems
 in Advances in Cryptology: Auscrypt '90 (Lecture Notes in Computer Science
, 1990
"... This paper reviews some possible design criteria for the key schedule in a DES style cryptosystem. The key schedule involves a Key Rotation component, and the permutation PC2. Together these provide for a diffusion of dependency ofciphertext bits on key bits. Some empirical rules which seem to accou ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
This paper reviews some possible design criteria for the key schedule in a DES style cryptosystem. The key schedule involves a Key Rotation component, and the permutation PC2. Together these provide for a diffusion of dependency ofciphertext bits on key bits. Some empirical rules which seem to account for the derivation of the key schedule used in the DES are first presented. Anumber of trials were run with various key schedules, and some further design rules were derived. An alternative form of key schedule was then tested. This used either a null PC2, or one in which permutations only occurred within the inputs to a given Sbox, and a much larger rotation schedule than used in the DES. This was found to be as effective as the key schedule used in the current DES, and is proposed for use in new cryptosystems. 1.
A Proposed Design For An Extended DES
, 1999
"... The Data Encryption standard (DES) has achieved wide utilization, especially in the financial industry. Whilst DES is a standard, the design criteria used in its development have been classified by the US government. This paper reviews what is known about the design criteria for the Sboxes, Pboxes ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
The Data Encryption standard (DES) has achieved wide utilization, especially in the financial industry. Whilst DES is a standard, the design criteria used in its development have been classified by the US government. This paper reviews what is known about the design criteria for the Sboxes, Pboxes, and key scheduling in the current DES. It then indicates how this information could be used to design an extended scheme with a double length key. There are two main objectives indoing this. One is because of increasing doubts about the ability of DES to withstand an attack based on exhaustive keyspace searches, using specialized hardware. The other is to develop an encryption scheme for which the design rules used are known, and hence open to analysis and criticism. 1.
On the Design of Permutation P in DES Type Cryptosystems
 Advances in Cryptology: Proceedings of EUROCRYPT ’89
, 1990
"... This paper reviews some possible design criteria for the permutation P in a DES style cryptosystem. These permutations provide the diffusion component in a substitutionpermutation network. Some empirical rules which seem to account for the derivation of the permutation used in the DES are first pre ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
This paper reviews some possible design criteria for the permutation P in a DES style cryptosystem. These permutations provide the diffusion component in a substitutionpermutation network. Some empirical rules which seem to account for the derivation of the permutation used in the DES are first presented. Then it is noted that these permutations may be regarded as latinsquares which link the outputs of Sboxes to their inputs at the next stage. A subset of these with an extremely regular structure, and which perform well in a dependency analysis are then presented and suggested for use in future schemes of both current and extended versions of the DES. 1.
New Integrated proof method on Iterated Hash Structure and New Structures
, 2006
"... A secure hash structure in Random Oracle Model may not be a secure model in true design. In this paper, we give an integrated proof method on security proof of iterated hash structure. Based on the proof method, we can distinguish the security of MerkelDamagård structure, widepipe hash, doublepi ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
A secure hash structure in Random Oracle Model may not be a secure model in true design. In this paper, we give an integrated proof method on security proof of iterated hash structure. Based on the proof method, we can distinguish the security of MerkelDamagård structure, widepipe hash, doublepipe hash and 3c hash and know the requirement of true design on compression function, and give a new recommend structure. At last, we give new hash structure, MAC structure, encryption model, which use same block cipher round function and key schedule algorithm, the security proofs on those structures are given.
Online Ciphers from Tweakable Blockciphers
"... Abstract. Online ciphers are deterministic lengthpreserving permutations EK: ({0, 1} n) + → ({0, 1} n) + where the ith block of ciphertext depends only on the first i blocks of plaintext. Definitions, constructions, and applications for these objects were first given by Bellare, Boldyreva, Knudsen ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. Online ciphers are deterministic lengthpreserving permutations EK: ({0, 1} n) + → ({0, 1} n) + where the ith block of ciphertext depends only on the first i blocks of plaintext. Definitions, constructions, and applications for these objects were first given by Bellare, Boldyreva, Knudsen, and Namprempre. We simplify and generalize their work, showing that online ciphers are rather trivially constructed from tweakable blockciphers, a notion of Liskov, Rivest, and Wagner. We go on to show how to define and achieve online ciphers for settings in which messages need not be a multiple of n bits. Key words: Online ciphers, modes of operation, provable security, symmetric encryption, tweakable blockciphers. 1
A Generalised Testbed for Analysing Block and Stream Ciphers
 in Information Security
, 1991
"... ..."
Revisiting Key Schedule’s Diffusion In Relation With Round Function’s Diffusion
"... Abstract. We study the weakness of key schedules from an observation: many existing attacks use the fact that the key schedules poorly distribute key bits in the diffusion path of round function. This reminds us of the importance of the diffusion’s relation between key schedule and round function. W ..."
Abstract
 Add to MetaCart
Abstract. We study the weakness of key schedules from an observation: many existing attacks use the fact that the key schedules poorly distribute key bits in the diffusion path of round function. This reminds us of the importance of the diffusion’s relation between key schedule and round function. We present new cryptanalysis results by exploring such diffusion relation and propose a new criterion for necessary key schedule diffusion. We discuss potential attacks and summarize the causes for key schedules without satisfying this criterion. One major cause is that overlapping between the diffusion of key schedule and round function leads to information leakage of key bits. Finally, a measure to estimate our criterion for recursive key schedules is presented. Today designing key schedule still lacks practical and necessary principles. For a practical key schedule with limited diffusion, our work adds more insight to its requirements and helps to maximize the security level. 1