Results 1  10
of
11
On The Design Of SBoxes
, 1986
"... each of which contains n bits, or avalanche variables. If this procedure is repeated for all i such that 1 < i < m, and one half of the avalanche variables are equal to 1 for each i, then the function f has good avalanche effect. Of course this method can be pursued only if m is fairly small; ..."
Abstract

Cited by 138 (9 self)
 Add to MetaCart
(Show Context)
each of which contains n bits, or avalanche variables. If this procedure is repeated for all i such that 1 < i < m, and one half of the avalanche variables are equal to 1 for each i, then the function f has good avalanche effect. Of course this method can be pursued only if m is fairly small; otherwise, the number of plaintext vectors becomes too large. If that is the case then the best that can be done is to take a random sample of plaintext vectors X, and for each value of i calculate all the avalanche vectors V i . If approximately one half the resulting avalanche variables are equal to 1 for all values of i, then we can conclude that the function has a good avalanche effect. THE STRICT AVALANCHE CRITERION AND THE INDEPENBENCE OF AVALANCHE VARIABLES The concepts of completeness and the avalanche effect can be combined to define a new prope
A Proposed Design For An Extended DES
, 1999
"... The Data Encryption standard (DES) has achieved wide utilization, especially in the financial industry. Whilst DES is a standard, the design criteria used in its development have been classified by the US government. This paper reviews what is known about the design criteria for the Sboxes, Pboxes ..."
Abstract

Cited by 10 (6 self)
 Add to MetaCart
The Data Encryption standard (DES) has achieved wide utilization, especially in the financial industry. Whilst DES is a standard, the design criteria used in its development have been classified by the US government. This paper reviews what is known about the design criteria for the Sboxes, Pboxes, and key scheduling in the current DES. It then indicates how this information could be used to design an extended scheme with a double length key. There are two main objectives indoing this. One is because of increasing doubts about the ability of DES to withstand an attack based on exhaustive keyspace searches, using specialized hardware. The other is to develop an encryption scheme for which the design rules used are known, and hence open to analysis and criticism. 1.
On the Design of Permutation P in DES Type Cryptosystems
 Advances in Cryptology: Proceedings of EUROCRYPT ’89
, 1990
"... This paper reviews some possible design criteria for the permutation P in a DES style cryptosystem. These permutations provide the diffusion component in a substitutionpermutation network. Some empirical rules which seem to account for the derivation of the permutation used in the DES are first pre ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
This paper reviews some possible design criteria for the permutation P in a DES style cryptosystem. These permutations provide the diffusion component in a substitutionpermutation network. Some empirical rules which seem to account for the derivation of the permutation used in the DES are first presented. Then it is noted that these permutations may be regarded as latinsquares which link the outputs of Sboxes to their inputs at the next stage. A subset of these with an extremely regular structure, and which perform well in a dependency analysis are then presented and suggested for use in future schemes of both current and extended versions of the DES. 1.
Principles for Designing Secure Block Ciphers and OneWay Hash Functions
, 1990
"... This thesis is concerned with issues of designing secure (secretkey) block ciphers and constructing oneway hash functions. Both block ciphers and oneway hash functions are indispensable to secure information systems built on cryptographic techniques. With a block cipher, we can safeguard our impo ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
This thesis is concerned with issues of designing secure (secretkey) block ciphers and constructing oneway hash functions. Both block ciphers and oneway hash functions are indispensable to secure information systems built on cryptographic techniques. With a block cipher, we can safeguard our important information transmitted over insecure communication networks. And with a oneway hash function, we can safely compress very long messages into relatively short ones to improve the overall efficiency of an information system or to detect unauthorized modifications to these messages. The thesis consists of two parts. Part I deals with designing secure block ciphers and Part II with constructing oneway hash functions. The outlines of the two parts are as follows. In Part I, we first prove an impossibility result on constructing pseudorandom permutations from random functions, which is closely related to the design of secure block ciphers. Then we consider the problem of constructing bl...
Nondegenerate Functions and Permutations
"... One of the basic design criteria for a block encryption function is to ensure that for each fixed key, each ciphertext bit depends nonlinearly on each plaintext bit. When the ciphertext is represented using boolean equations depending on the key and plaintext, these equations should then be nondegen ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
One of the basic design criteria for a block encryption function is to ensure that for each fixed key, each ciphertext bit depends nonlinearly on each plaintext bit. When the ciphertext is represented using boolean equations depending on the key and plaintext, these equations should then be nondegenerate so that it is possible that each bit of the key and plaintext can influence each ciphertext bit. We prove that nondegeneracy in a boolean function can be verified in linear time on average. We study higher order nondegeneracy and prove that for balanced nbit functions, on average, at least n \Gamma dlog ne \Gamma 2 input bits must be held constant before a degenerate subfunction is induced. We also prove that the fraction of nbit permutations within the symmetric group that are realized by nondegenerate boolean functions tends to one as n increases. Letting N n;n be the set of nondegenerate permutations, we formally prove that 1 \Gamma L n ! jN n;n j 2 n ! ! 1 \Gamma L n + ...
Tsutomu Matsumoto
, 1989
"... Abstract One of the ultimate goals of cryptography researchers is to construct a (secretekey) block cipher which has the following ideal properties: (1) The cipher is provably secure, (2) Security of the cipher does not depend on any unproved hypotheses, (3) The cipher can be easily implemented wit ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract One of the ultimate goals of cryptography researchers is to construct a (secretekey) block cipher which has the following ideal properties: (1) The cipher is provably secure, (2) Security of the cipher does not depend on any unproved hypotheses, (3) The cipher can be easily implemented with current technology, and (4) All design criteria for the cipher are made public. It is currently unclear whether or not there really exists such an ideal block cipher. So to meet the requirements of practical applications, the best thing we can do is to construct a block cipher such that it approximates the ideal one as closely as possible. In this paper, we make a significant step in this direction. In particular, we construct several block ciphers each of which has the above mentioned properties (2), (3) and (4) as well as the following one: (1′) Security of the cipher is supported by convincing evidence. Our construction builds upon profound mathematical bases for information security recently established in a series of excellent papers. 1. Motivations and Summary of Results Data Encryption Standard (DES) designed by IBM about fifteen years ago
Cryptanalysis Of Des With A Reduced Number Of Rounds
 Advances in Cryptology, CRYPTO 85
, 1986
"... this paper, we use a slightly modified version of DES in which IP,IP  ],PC1 are not used and E,P are com bined to one table EP (cf. Davio et al [83], pp. 184185). Thus the following mappings are used in our version of DES: EP::232:248: EPx is formed from x as follows: first y=Px is formed by p ..."
Abstract
 Add to MetaCart
this paper, we use a slightly modified version of DES in which IP,IP  ],PC1 are not used and E,P are com bined to one table EP (cf. Davio et al [83], pp. 184185). Thus the following mappings are used in our version of DES: EP::232:248: EPx is formed from x as follows: first y=Px is formed by permuting the 32 bits of x; then EPx=Ey is formed by taking 16 of the 32 bits of y once and the other 16 twice; . 6 4 Sj.I:2>: 2 (.]' = I, ,8): the mappings defined by the Sboxes; S:F24S>:232:S(x)=(S]x, ' '  ,S8x8) for x=(xl, ' ,x8) with L.r56 ,48 (i = 1,  16): LikPC2(Cr(i)kl,Cr(i)k2) for k=0q,k2) with kl,k 2 :228. Here t.r 2 >1" 2 , Cx is formed from x by applying a cyclic left shift to the bits of x, r(i) is an integer determined by the shift pattern in the NBSdescription of the keyscheduling and PC2(x,y) is formed from x,y by selecting 24 bits from x, selecting 24 bits from y and permuting the selected 48 bits in some order
Designing Product Ciphers using Markov Chains
"... In this paper we consider the design of product ciphers based on Markov chains. We examine two particular chains which are related to the differential and linear cryptanalysis attacks. Both of these chains approach the uniform distribution which indicates that appropriately designed ciphers are secu ..."
Abstract
 Add to MetaCart
In this paper we consider the design of product ciphers based on Markov chains. We examine two particular chains which are related to the differential and linear cryptanalysis attacks. Both of these chains approach the uniform distribution which indicates that appropriately designed ciphers are secure against these attacks. The maximum deviation from the uniform distribution can be used as guide for the number of rounds the cipher should iterate. 1 Introduction Horst Feistel 1 has made the observation that `all cryptography amounts to substitution'. A substitution S is simply a mapping that replaces one character sequence P , called a plaintext, by another character sequence C, called a ciphertext. The class of algorithms for substitutions we will examine in this paper are known as product ciphers [8, 9, 22]. This term was originally introduced by Shannon [22] who envisaged secure ciphers based on the successive iteration of two or more noncommutative operations. The idea is that pr...
On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses
, 1989
"... ) Yuliang Zheng Tsutomu Matsumoto Hideki Imai Division of Electrical and Computer Engineering Yokohama National University 156 Tokiwadai, Hodogaya, Yokohama, 240 Japan August 1989 Abstract One of the ultimate goals of cryptography researchers is to construct a (secretekey) block cipher which has ..."
Abstract
 Add to MetaCart
) Yuliang Zheng Tsutomu Matsumoto Hideki Imai Division of Electrical and Computer Engineering Yokohama National University 156 Tokiwadai, Hodogaya, Yokohama, 240 Japan August 1989 Abstract One of the ultimate goals of cryptography researchers is to construct a (secretekey) block cipher which has the following ideal properties: (1) The cipher is provably secure, (2) Security of the cipher does not depend on any unproved hypotheses, (3) The cipher can be easily implemented with current technology, and (4) All design criteria for the cipher are made public. It is currently unclear whether or not there really exists such an ideal block cipher. So to meet the requirements of practical applications, the best thing we can do is to construct a block cipher such that it approximates the ideal one as closely as possible. In this paper, we make a significant step in this direction. In particular, we construct several block ciphers each of which has the above mentioned properties (2), (3) and (...
Australian Defence Force Academy,
"... The Data Encryption standard (DES) has achieved wide utilization, especially in the financial industry. Whilst DES is a standard, the design criteria used in its development have been classified by the US government. This paper reviews what is known about the design criteria for the Sboxes, Pboxes ..."
Abstract
 Add to MetaCart
(Show Context)
The Data Encryption standard (DES) has achieved wide utilization, especially in the financial industry. Whilst DES is a standard, the design criteria used in its development have been classified by the US government. This paper reviews what is known about the design criteria for the Sboxes, Pboxes, and key scheduling in the current DES. It then indicates how this information could be used to design an extended scheme with a double length key. There are two main objectives indoing this. One is because of increasing doubts about the ability of DES to withstand an attack based on exhaustive keyspace searches, using specialized hardware. The other is to develop an encryption scheme for which the design rules used are known, and hence open to analysis and criticism.