Results 1  10
of
19
Ciphers with Arbitrary Finite Domains
, 2002
"... Abstract. We explore the problem of enciphering members of a finite set M where k = M  is arbitrary (in particular, it need not be a power of two). We want to achieve this goal starting from a block cipher (which requires a message space of size N =2 n, for some n). We look at a few solutions to t ..."
Abstract

Cited by 34 (7 self)
 Add to MetaCart
Abstract. We explore the problem of enciphering members of a finite set M where k = M  is arbitrary (in particular, it need not be a power of two). We want to achieve this goal starting from a block cipher (which requires a message space of size N =2 n, for some n). We look at a few solutions to this problem, focusing on the case when M =[0,k − 1]. We see ciphers with arbitrary domains as a worthwhile primitive in its own right, and as a potentially useful one for making higherlevel protocols.
On the Construction of VariableInputLength Ciphers
 In Fast Software Encryption
, 1998
"... We invesitgate how to construct ciphers which operate on messages of various (and effectively arbitrary) lengths. In particular, lengths not necessarily a multiple of some block length. (By a "cipher" we mean a keyindexed family of lengthpreserving permutations, with a "good" cipher being one that ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
We invesitgate how to construct ciphers which operate on messages of various (and effectively arbitrary) lengths. In particular, lengths not necessarily a multiple of some block length. (By a "cipher" we mean a keyindexed family of lengthpreserving permutations, with a "good" cipher being one that resembles a family of random lengthpreserving permutations.) Oddly enough, this question seems not to have been investiaged. We show how to construct variableinput length ciphers starting from any block cipher (ie, a cipher which operates on strings of some fixed length n). We do this by giving a general method starting from a particular kind of pseudorandom function and a particular kind of encryption scheme, and then we give example ways to realize these tools from a block cipher. All of our constructions are proven sound, in the provablesecurity sense of contemporary cryptography. Variableinputlength ciphers can be used to encrypt in the presence of the constraint that the ciphertex...
BEAST: A fast block cipher for arbitrary blocksizes
, 1996
"... This paper describes BEAST, a new blockcipher for arbitrary size blocks. It is a LubyRackoff cipher and fast when the blocks are large. BEAST is assembled from cryptographic hash functions and stream ciphers. It is provably secure if these building blocks are secure. For smartcard applications, a v ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
This paper describes BEAST, a new blockcipher for arbitrary size blocks. It is a LubyRackoff cipher and fast when the blocks are large. BEAST is assembled from cryptographic hash functions and stream ciphers. It is provably secure if these building blocks are secure. For smartcard applications, a variant BEASTRK is proposed, where the bulk operations can be done by the smartcard's host without knowing the key. Only fast keydependent operations remain to be done by the smartcard. 1 INTRODUCTION Based on random functions, Luby and Rackoff (1988) described provably secure block ciphers. This theoretical breakthrough is of practical interest, since it enables us to assemble a secure cipher from secure components. Components are known, which we can reasonably expect to be secure. In this paper, the hash function SHA1 (see Schneier, 1995) and the stream cipher SEAL (Rogaway and Coppersmith, 1993) are considered as components, though other choices would do, as well (Lucks, 1996). SHA1 ...
Towards Making LubyRackoff Ciphers Optimal and Practical
 In Proc. Fast Software Encryption 99, Lecture Notes in Computer Science
, 1999
"... We provide new constructions for LubyRackoff block ciphers which are efficient in terms of computations and key material used. Next, we show that we can make some security guarantees for LubyRackoff block ciphers under much weaker and more practical assumptions about the underlying function; namel ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
We provide new constructions for LubyRackoff block ciphers which are efficient in terms of computations and key material used. Next, we show that we can make some security guarantees for LubyRackoff block ciphers under much weaker and more practical assumptions about the underlying function; namely, that the underlying function is a secure Message Authentication Code. Finally, we provide a SHA1 based example block cipher called Shazam.
Guaranteeing the Diversity of Number Generators
 Information and Computation
, 2003
"... A major problem in using iterative number generators of the form x i = f(x i 1 ) is that they can enter unexpectedly short cycles. This is hard to analyze when the generator is designed, hard to detect in real time when the generator is used, and can have devastating cryptanalytic implications. ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
A major problem in using iterative number generators of the form x i = f(x i 1 ) is that they can enter unexpectedly short cycles. This is hard to analyze when the generator is designed, hard to detect in real time when the generator is used, and can have devastating cryptanalytic implications. In this paper we de ne a measure of security, called sequence diversity, which generalizes the notion of cyclelength for noniterative generators. We then introduce the class of counter assisted generators, and show how to turn any iterative generator (even a bad one designed or seeded by an adversary) into a counter assisted generator with a provably high diversity, without reducing the quality of generators which are already cryptographically strong.
A CollisionResistant Rate1 DoubleBlockLength Hash Function
"... (on the leave to BauhausUniversity Weimar, Germany) Abstract. This paper proposes a construction for collision resistant 2nbit hash functions, based on nbit block ciphers with 2nbit keys. The construction is analysed in the ideal cipher model; for n = 128 an adversary would need roughly 2 122 un ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(on the leave to BauhausUniversity Weimar, Germany) Abstract. This paper proposes a construction for collision resistant 2nbit hash functions, based on nbit block ciphers with 2nbit keys. The construction is analysed in the ideal cipher model; for n = 128 an adversary would need roughly 2 122 units of time to find a collision. The construction employs “combinatorial ” hashing as an underlying building block (like Universal Hashing for cryptographic message authentication by Wegman and Carter). The construction runs at rate 1, thus improving on a similar rate 1/2 approach by Hirose (FSE 2006). 1
Stackable File Systems as a Security Tool
, 1999
"... Programmers often prefer to use existing system security services, such as file system security, rather than implement their own in an application. Traditional Unix security is generally considered inadequate and few operating systems offer enhanced security features such as ACLs[24] or immutable fi ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Programmers often prefer to use existing system security services, such as file system security, rather than implement their own in an application. Traditional Unix security is generally considered inadequate and few operating systems offer enhanced security features such as ACLs[24] or immutable files[12]. Additional file system security features are always sought, but implementing them is a difficult task because modifying and porting existing file systems is costly or not possible.
Tweakable Enciphering Schemes Using Only the Encryption Function of a Block Cipher
"... Abstract. A new construction of block cipher based tweakable enciphering schemes (TES) is described. The major improvement over existing TES is that the construction uses only the encryption function of the underlying block cipher. Consequently, this leads to substantial savings in the size of hardw ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Abstract. A new construction of block cipher based tweakable enciphering schemes (TES) is described. The major improvement over existing TES is that the construction uses only the encryption function of the underlying block cipher. Consequently, this leads to substantial savings in the size of hardware implementation of TES applications such as disk encryption. This improvement is achieved without loss in efficiency of encryption and decryption compared to the best previously known schemes.
On the Security of Generalized Feistel Scheme with SP Round Function Abstract
, 2005
"... This paper studies the security against differential/linear cryptanalysis and the pseudorandomness of a class of generalized Feistel scheme with SP round function called GFSP. We consider the minimum number of active sboxes in four, eight and sixteen consecutive rounds of GFSP, which provide the upp ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
This paper studies the security against differential/linear cryptanalysis and the pseudorandomness of a class of generalized Feistel scheme with SP round function called GFSP. We consider the minimum number of active sboxes in four, eight and sixteen consecutive rounds of GFSP, which provide the upper bound of the maximum differential/linear probabilities of 16round GFSP scheme, in order to evaluate the strength against differential/linear cryptanalysis. Furthermore, we point out seven rounds GFSP is not pseudorandom for nonadaptive adversary, and prove that eight rounds GFSP is pseudorandom for any adversaries.