At Crypto ’89 Ivan Damg˚ard [1] presented a method that allows one to construct a computationally collision free hash function that has provably the same level of security as the computationally collision free function with input of constant length that it is based upon. He also gave three examples of collision free functions to use in this construction. For two of these examples collisions have been found[2] [3], and the third one is attacked in this paper. Furthermore it is argued that his construction and proof, in spite of their theoretical importance, encourage inefficient designs in the case of practical hash functions. A framework is presented for the direct design of collision free hash functions. Finally a concrete proposal is presented named Cellhash. 1

matt�rsa.com

Dynamical systems are often described as "unpredictable" or "complex " as aspects of their behavior may bear a cryptic relationship with the simple evolution laws which define them. Some theorists work to quantify this complexity in various ways. Others try to turn the cryptic nature of dynamical systems to a practical end: encryption of messages to preserve their secrecy. Here some previous efforts to engineer cryptosystems based on dynamical systems are reviewed, leading up to a detailed proposal for a cellular automaton cryptosystem. Cryptosystems constructed from cellular automaton primitives can be implemented in simply constructed massively parallel hardware. They can be counted on to deliver high encryption/decryption rates at low cost. In addition to these practical features, cellular automaton cryptosystems may help illuminate some foundational issues in both dynamical systems theory and cryptology, since each of these disciplines rests heavily on the meanings given to the int...

We have developed statistical techniques to study the structure the state-transition graphs of cellular automata with periodic boundary conditions, in the limit of large system size. We organize our results around the concept of a topological skeleton. The topological skeleton is the set of physically relevant states. Covering this skeleton is a surface, typically thin and dense, which contains the bulk of the set of states. States in the skeleton have some long histories. States on the surface, by contrast, have only short histories; they are reached only near the beginning of cellular automaton evolution. We study in detail a sequence of rules which exhibit mostly skeletal to mostly surface structure. 1 Introduction Consider a cellular automaton operating on a periodic lattice of cells. If the number of cells in the lattice is s, and the number of cell states is k, then there are k s possible lattice configurations. Each configuration maps to a new configuration under the action...

Abstract. One-way hash functions are an important toolinachieving authentication and data integrity. The aim of this paper is to propose anovel one-way hash function based on cellular automata whose cryptographic properties have been extensivelystudiedover the past decade or so. Furthermore, security of the proposed one-way hash function is analyzed by the use of very recently published results on applications of cellular automata in cryptography. The analysis indicates that the one-way hash function is secure against all known attacks. An important feature of the proposed one-way hash function is that it is especially suitable for compact and fast implementation in hardware, which is particularly attractive to emerging security applications that employ smart cards, such asdigital identi cation cards and electronic cash payment protocols, 1

This is the final half of a review of selected problems in the theory of cellular automata. Contents 1 State Transition Graphs 3 2 Cryptography 9 3 Suggested Reading 17 1 State Transition Graphs In the first half of this article, we looked at the behavior of cellular automata on infinite lattices. In this final half we will examine some of the properties of CA acting on finite systems, and trace their relationships with properties of infinite-sized systems. Consider a one-dimensional cellular automaton operating on periodic lattices of cells each having two states. If the size of the periodic lattice is s, then there are 2 s possible configurations of cell states on the lattice. Each configuration maps to a new configuration under the action of the cellular automaton rule. Thus, we think of the configuration as a node in a graph, with an out-going arc leading to its successor configuration. As the number of possible configurations is finite, any initial configuration must map ...

Abstract. In this paper, we present some reduced complexity attacks on the Alternating Step Generator (ASG). The attacks are based on a quite general framework and mostly benefit from the low sampling resistance of the ASG, and of an abnormal behavior related to the distribution of the initial states of the stop/go LFSR’s which produce a given segment of the output sequence. Our results compare well with previous results as they show a greater flexibility with regard to known output of the ASG, which amounts in reduced complexity. We will also give a closed form for the complexity of attacks on ASG (and SG) as presented in [13].

We shall review the cellular automaton (CA)-based pseudorandom-number generators (PRNGs), and show that one of these PRNGs can generate high-quality random numbers which can pass all of the statistical tests provided by the National Institute of Standards and Technology (NIST). A CA is suitable for hardware imple mentation. We demonstrate that the CA-based stream cipher, which is implemented in the field-programmable gate arrays (FPGA), has a high encryption speed in a real-time video encryption and decryption system.

Computation in the physical world is restricted by the following spatial locality constraint: In a single unit of time, information can only travel a bounded distance in space. A simple computational model which captures this constraint is a cellular automaton: A discrete dynamical system in which cells are placed on a grid and the state of each cell is updated via a local deterministic rule that depends only on the few cells within its close neighborhood. Cellular automata are commonly used to model real world systems in nature and society. Cellular automata were shown to be capable of a highly complex behavior. However, it is not clear how fast this complexity can evolve and how common it is with respect to all possible initial configurations. We examine this question from a computational perspective, identifying “complexity ” with computational intractability. More concretely, we consider an n-cell automaton with a random initial configuration, and study the minimal number of computation steps t = t(n) after which the following problems can become computationally hard: • The inversion problem. Given the configuration y at time t, find an initial configuration x which leads to y in t steps.

Generation of pseudo random sequences by cellular automata, as well as by hybrid cellular automata is surveyed. An application to the fast evaluation and FPGA implementation of some classes of boolean functions is sketched out.