Results 1  10
of
74
How to protect DES against exhaustive key search
 Journal of Cryptology
, 1996
"... Abstract The block cipher DESX is defined by DESX k:k1:k2 (x) = k2 \Phi DES k (k1 \Phi x), where \Phi denotes bitwise exclusiveor. This construction was first suggested by Rivest as a computationallycheap way to protect DES against exhaustive keysearch attacks. This paper proves, in a formal mode ..."
Abstract

Cited by 93 (12 self)
 Add to MetaCart
Abstract The block cipher DESX is defined by DESX k:k1:k2 (x) = k2 \Phi DES k (k1 \Phi x), where \Phi denotes bitwise exclusiveor. This construction was first suggested by Rivest as a computationallycheap way to protect DES against exhaustive keysearch attacks. This paper proves, in a formal model, that the DESX construction is sound. We show that, when F is an idealized block cipher, FX
MDxMAC and building fast MACs from hash functions
 Advances in Cryptology, Lecture Notes in Computer Science 963
, 1995
"... ..."
(Show Context)
Breaking DES Using a Molecular Computer
, 1995
"... Recently Adleman [1] has shown that a small traveling salesman problem can be solved by molecular operations. In this paper we show how the same principles can be applied to breaking the Data Encryption Standard (DES). Our method is based on an encoding technique presented in Lipton [8]. We describe ..."
Abstract

Cited by 59 (4 self)
 Add to MetaCart
(Show Context)
Recently Adleman [1] has shown that a small traveling salesman problem can be solved by molecular operations. In this paper we show how the same principles can be applied to breaking the Data Encryption Standard (DES). Our method is based on an encoding technique presented in Lipton [8]. We describe in detail a library of operations which are useful when working with a molecular computer. We estimate that given one arbitrary (plaintext, ciphertext) pair, one can recover the DES key in about 4 months of work. Furthermore, if one is given ciphertext, but the plain text is only known to be one of several candidates then it is still possible to recover the key in about 4 months of work. Finally, under chosen ciphertext attack it is possible to recover the DES key in one day using some preprocessing. 1 Introduction Due to advances in molecular biology it is nowadays possible to create a soup of roughly 10 18 DNA strands that fits in a small glass of water. Adleman [1] has shown that e...
The ESP DESCBC Cipher Algorithm With Explicit IV", RFC 2405
, 1998
"... This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards " (STD 1) for the standardization state and status of this pro ..."
Abstract

Cited by 58 (1 self)
 Add to MetaCart
(Show Context)
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards " (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (1998). All Rights Reserved. This document describes the use of the DES Cipher algorithm in Cipher Block Chaining Mode, with an explicit IV, as a confidentiality mechanism within the context of the IPSec Encapsulating Security Payload (ESP). 1.
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 58 (8 self)
 Add to MetaCart
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
On Applying Molecular Computation To The Data Encryption Standard
"... this paper we consider the so called plaintextciphertext attack. Here the cryptanalyst obtains a plaintext and its corresponding ciphertext and wishes to determine the key used to perform the encryption. The most naive approach to this problem is to try all 2 ..."
Abstract

Cited by 42 (1 self)
 Add to MetaCart
(Show Context)
this paper we consider the so called plaintextciphertext attack. Here the cryptanalyst obtains a plaintext and its corresponding ciphertext and wishes to determine the key used to perform the encryption. The most naive approach to this problem is to try all 2
Breaking Ciphers with COPACOBANA  A CostOptimized Parallel Code Breaker
 IN WORKSHOP ON CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS — CHES 2006,YOKOHAMA
, 2006
"... Cryptanalysis of symmetric and asymmetric ciphers is computationally extremely demanding. Since the security parameters (in particular the key length) of almost all practical crypto algorithms are chosen such that attacks with conventional computers are computationally infeasible, the only promising ..."
Abstract

Cited by 39 (15 self)
 Add to MetaCart
(Show Context)
Cryptanalysis of symmetric and asymmetric ciphers is computationally extremely demanding. Since the security parameters (in particular the key length) of almost all practical crypto algorithms are chosen such that attacks with conventional computers are computationally infeasible, the only promising way to tackle existing ciphers (assuming no mathematical breakthrough) is to build specialpurpose hardware. Dedicating those machines to the task of cryptanalysis holds the promise of a dramatically improved costperformance ratio so that breaking of commercial ciphers comes within reach. This contribution presents the design and realization of the COPACOBANA (CostOptimized Parallel Code Breaker) machine, which is optimized for running cryptanalytical algorithms and can be realized for less than US $ 10,000. It will be shown that, depending on the actual algorithm, the architecture can outperform conventional computers by several orders in magnitude. COPACOBANA hosts 120 lowcost FPGAs and is able to, e.g., perform an exhaustive key search of the Data Encryption Standard (DES) in less than nine days on average. As a realworld application, our architecture can be used to attack machine readable travel documents (ePass). COPACOBANA is intended, but not necessarily restricted to solving problems related to cryptanalysis. The hardware architecture is suitable for computational problems which are parallelizable and have low communication requirements. The hardware can be used, e.g., to attack elliptic curve cryptosystems and to factor numbers. Even though breaking fullsize RSA (1024 bit or more) or elliptic curves (ECC with 160 bit or more) is out of reach with COPACOBANA, it can be used to analyze cryptosystems with a (deliberately chosen) small bitlength to provide reliable security estimates of RSA and ECC by extrapolation.
Fast DES Implementations for FPGAs and its Application to a Universal KeySearch Machine
 Queen's University
"... . Most modern security protocols and security applications are defined to be algorithm independent, that is, they allow a choice from a set of cryptographic algorithms for the same function. Therefore a keysearch machine which is also defined to be algorithm independent might be interesting. We res ..."
Abstract

Cited by 29 (5 self)
 Add to MetaCart
(Show Context)
. Most modern security protocols and security applications are defined to be algorithm independent, that is, they allow a choice from a set of cryptographic algorithms for the same function. Therefore a keysearch machine which is also defined to be algorithm independent might be interesting. We researched the feasibility of a universal keysearch machine using the Data Encryption Standard (DES) as an example algorithm. Field Programmable Gate Arrays (FPGA) provide an ideal match for an algorithm independent cracker as they can switch algorithms onthefly and run much faster than software. We designed, implemented and compared various architecture options of DES with strong emphasis on highspeed performance. Techniques like pipelining and loop unrolling were used and their effectiveness for DES on FPGAs investigated. The most interesting result is that we could achieve data rates of up to 403 Mbit/s using a standard Xilinx FPGA. This result is by a factor 31 faster than software imp...
Probable Plaintext Cryptanalysis of the IP Security Protocols
 PROCEEDINGS OF THE SYMPOSIUM ON NETWORK AND DISTRIBUTED SYSTEM SECURITY
, 1997
"... The Internet Engineering Task Force (IETF) is in the process of adopting standards for IPlayer encryption and authentication (IPSEC). We describe how "probable plaintext" can be used to aid in cryptanalytic attacks, and analyze the protocol to show how much probable plaintext is available ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
(Show Context)
The Internet Engineering Task Force (IETF) is in the process of adopting standards for IPlayer encryption and authentication (IPSEC). We describe how "probable plaintext" can be used to aid in cryptanalytic attacks, and analyze the protocol to show how much probable plaintext is available. We also show how traffic analysis is a powerful aid to the cryptanalyst. We conclude by outlining some likely changes to the underlying protocols that may strengthen them against these attacks.
Experience Using a LowCost FPGA Design to Crack DES Keys
 Cryptographic Hardware and Embedded Systems  CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, volume 2523 of series, pages 579 – 592
, 2003
"... This paper describes the authors' experiences attacking the IBM 4758 CCA, used in retail banking to protect the ATM infrastructure. ..."
Abstract

Cited by 26 (2 self)
 Add to MetaCart
(Show Context)
This paper describes the authors' experiences attacking the IBM 4758 CCA, used in retail banking to protect the ATM infrastructure.