Results 1  10
of
28
Description of a New VariableLength Key, 64bit Block Cipher (Blowfish
 In Fast Software Encryption, Cambridge Security Workshop Proceedings
, 1994
"... Blowfish, a new secretkey block cipher, is proposed. It is a Feistel network, iterating a simple encryption function 16 times. The block size is 64 bits, and the key can be any length up to 448 bits. Although there is a complex initialization phase required before any encryption can take place, the ..."
Abstract

Cited by 215 (13 self)
 Add to MetaCart
(Show Context)
Blowfish, a new secretkey block cipher, is proposed. It is a Feistel network, iterating a simple encryption function 16 times. The block size is 64 bits, and the key can be any length up to 448 bits. Although there is a complex initialization phase required before any encryption can take place, the actual encryption of data is very efficient on large microprocessors. The cryptographic community needs to provide the world with a new encryption standard. DES [16], the workhorse encryption algorithm for the past fifteen years, is nearing the end of its useful life. Its 56bit key size is vulnerable to a bruteforce attack [22], and recent advances in differential cryptanalysis [1] and linear cryptanalysis [10] indicate that DES is vulnerable to other attacks as well. Many of the other unbroken algorithms in the literatureKhufu [11,12], REDOC II [2,23, 20], and IDEA [7,8,9]are protected by patents. RC2 and RC4, approved for export with a small key size, are proprietary [18]. GOST [6], a Soviet government algorithm, is specified without the Sboxes. The U.S. government is moving towards secret algorithms, such as the Skipjack algorithm in the Clipper and Capstone chips [17].
Differential Cryptanalysis of Feal and NHash
, 1991
"... In [1,2] we introduced the notion of differential cryptanalysis and described its application to DES[11] and several of its variants. In this paper we show the applicability of differential cryptanalysis to the Feal family of encryption algorithms and to the NHash hash function. In addition, we sho ..."
Abstract

Cited by 34 (2 self)
 Add to MetaCart
(Show Context)
In [1,2] we introduced the notion of differential cryptanalysis and described its application to DES[11] and several of its variants. In this paper we show the applicability of differential cryptanalysis to the Feal family of encryption algorithms and to the NHash hash function. In addition, we show how to transform differential cryptanalytic chosen plaintext attacks into known plaintext attacks. 1 Introduction Feal is a family of encryption algorithms, which are designed to have simple and efficient software implementations on eightbit microprocessors. The original member of this family, called Feal4[13], had four rounds. This version was broken by Den Boer[3] using a chosen plaintext attack with 100 to 10000 ciphertexts. The designers of Feal reacted by creating a second version, called Feal8[12,9] in which the number of rounds was increased to eight, while the F function was not changed. Feal8 was broken by the differential cryptanalytic chosen plaintext attack described in thi...
Constructing symmetric ciphers using the CAST design procedure
 DESIGNS, CODES, AND CRYPTOGRAPHY
, 1997
"... This paper describes the CAST design procedure for constructing a family of DESlike SubstitutionPermutation Network (SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear cryptanalysis, and relatedkey cryptanalysis, along with a number of other desirable ..."
Abstract

Cited by 27 (1 self)
 Add to MetaCart
This paper describes the CAST design procedure for constructing a family of DESlike SubstitutionPermutation Network (SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear cryptanalysis, and relatedkey cryptanalysis, along with a number of other desirable cryptographic properties. Details of the design choices in the procedure are given, including those regarding the component substitution boxes (sboxes), the overall framework, the key schedule, and the round function. An example CAST cipher, an output of this design procedure, is presented as an aid to understanding the concepts and to encourage detailed analysis by the cryptologic community.
How to Forge DESEncrypted Messages in 2^28 Steps
, 1996
"... In this paper we suggest keycollision attacks, and show that the theoretic strength of a cipher cannot exceed the square root of the size of the key space. As a result, in some circumstances, some DES keys can be recovered while they are still in use, and these keys can then be used to forge messag ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
In this paper we suggest keycollision attacks, and show that the theoretic strength of a cipher cannot exceed the square root of the size of the key space. As a result, in some circumstances, some DES keys can be recovered while they are still in use, and these keys can then be used to forge messages: in particular, one key of DES can be recovered with complexity 2 28 , and one key of (threekey) tripleDES can be recovered with complexity 2 84 .
Recent Developments in the Design of Conventional Cryptographic Algorithms
 Computer Security and Industrial Cryptography  State of the Art and Evolution, LNCS
, 1998
"... This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing nonlinearity ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing nonlinearity and diffusion, and the key schedule. The software performance of about twenty primitives is compared based on highly optimized implementations for the Pentium. The goal of the paper is to provided a technical perspective on the wide variety of primitives that exist today.
Relationship Between Propagation Characteristics and Nonlinearity of Cryptographic Functions
 Journal of Universal Computer Science
, 1995
"... Abstract: The connections among the various nonlinearity criteria is currently an important topic in the area of designing and analyzing cryptographic functions. In this paper we show a quantitative relationship between propagation characteristics and nonlinearity, two critical indicators of the cry ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Abstract: The connections among the various nonlinearity criteria is currently an important topic in the area of designing and analyzing cryptographic functions. In this paper we show a quantitative relationship between propagation characteristics and nonlinearity, two critical indicators of the cryptographic strength of a Boolean function. We also present a tight lower bound on the nonlinearity of a cryptographic function that has propagation characteristics.
Design principles for dedicated hash functions
 LECTURE NOTES IN THE COMPUTER JOURNAL, 2007 COMPUTER SCIENCE
, 1994
"... Dedicated hash functions are cryptographically secure compression functions which are designed specifically for hashing. They intend to form a practical alternative for hash functions based on another cryptographic primitive like a block cipher or modular squaring. About a dozen of dedicated hash ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Dedicated hash functions are cryptographically secure compression functions which are designed specifically for hashing. They intend to form a practical alternative for hash functions based on another cryptographic primitive like a block cipher or modular squaring. About a dozen of dedicated hash functions have been proposed in the literature. This paper discusses the design principles on which these hash functions are based.
A Generalised Testbed for Analysing Block and Stream Ciphers
 in Proceedings of the Seventh In tern a tion IFIP TC1l Conference on Information Security
, 1991
"... ..."
(Show Context)
Arithmetic Addition over Boolean Masking Towards First and SecondOrder Resistance in Hardware
"... Abstract. A common countermeasure to thwart sidechannel analysis attacks is algorithmic masking. For this, algorithms that mix Boolean and arithmetic operations need to either apply two different masking schemes with secure conversions or use dedicated arithmetic units that can process Boolean mask ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. A common countermeasure to thwart sidechannel analysis attacks is algorithmic masking. For this, algorithms that mix Boolean and arithmetic operations need to either apply two different masking schemes with secure conversions or use dedicated arithmetic units that can process Boolean masked values. Several proposals have been published that can realize these approaches securely and efficiently in software. But to the best of our knowledge, no hardware design exists that fulfills relevant properties such as efficiency and security at the same time. In this paper, we present two design strategies to realize a secure and efficient arithmetic adder for Booleanmasked values. First, we introduce an architecture based on the ripplecarry adder that targets lowcost applications. The second architecture is based on a pipelined KoggeStone adder and targets highperformance applications. In particular, all our implementations adopt the threshold implementation approach to improve their resistance against SCA attacks even in the presence of glitches. We evaluated the security of our designs practically against SCA using a nonspecific statistical ttest. Based on our analysis, we show that our constructions not only achieve resistance against firstand (univariate) secondorder attacks but also require fewer random bits per operation compared to any existing softwarebased approach.