Results 1  10
of
48
Description of a New VariableLength Key, 64bit Block Cipher (Blowfish
 In Fast Software Encryption, Cambridge Security Workshop Proceedings
, 1994
"... Blowfish, a new secretkey block cipher, is proposed. It is a Feistel network, iterating a simple encryption function 16 times. The block size is 64 bits, and the key can be any length up to 448 bits. Although there is a complex initialization phase required before any encryption can take place, the ..."
Abstract

Cited by 215 (13 self)
 Add to MetaCart
(Show Context)
Blowfish, a new secretkey block cipher, is proposed. It is a Feistel network, iterating a simple encryption function 16 times. The block size is 64 bits, and the key can be any length up to 448 bits. Although there is a complex initialization phase required before any encryption can take place, the actual encryption of data is very efficient on large microprocessors. The cryptographic community needs to provide the world with a new encryption standard. DES [16], the workhorse encryption algorithm for the past fifteen years, is nearing the end of its useful life. Its 56bit key size is vulnerable to a bruteforce attack [22], and recent advances in differential cryptanalysis [1] and linear cryptanalysis [10] indicate that DES is vulnerable to other attacks as well. Many of the other unbroken algorithms in the literatureKhufu [11,12], REDOC II [2,23, 20], and IDEA [7,8,9]are protected by patents. RC2 and RC4, approved for export with a small key size, are proprietary [18]. GOST [6], a Soviet government algorithm, is specified without the Sboxes. The U.S. government is moving towards secret algorithms, such as the Skipjack algorithm in the Clipper and Capstone chips [17].
Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials
, 1999
"... Abstract. In this paper we present a new cryptanalytic technique, based on impossible differentials, and use it to show that Skipjack reduced from 32 to 31 rounds can be broken by an attack which is faster than exhaustive search. ..."
Abstract

Cited by 146 (12 self)
 Add to MetaCart
Abstract. In this paper we present a new cryptanalytic technique, based on impossible differentials, and use it to show that Skipjack reduced from 32 to 31 rounds can be broken by an attack which is faster than exhaustive search.
Side Channel Cryptanalysis of Product Ciphers
 JOURNAL OF COMPUTER SECURITY
, 1998
"... Building on the work of Kocher [Koc96], Jaffe, and Yun [KJY98], we discuss the notion of sidechannel cryptanalysis: cryptanalysis using implementation data. We discuss the notion of sidechannel attacks and the vulnerabilities they introduce, demonstrate sidechannel attacks against three produ ..."
Abstract

Cited by 112 (8 self)
 Add to MetaCart
Building on the work of Kocher [Koc96], Jaffe, and Yun [KJY98], we discuss the notion of sidechannel cryptanalysis: cryptanalysis using implementation data. We discuss the notion of sidechannel attacks and the vulnerabilities they introduce, demonstrate sidechannel attacks against three product ciphers  timing attack against IDEA, processorflag attack against RC5, and Hamming weight attack against DES  and then generalize our research to other cryptosystems.
A Fast New DES Implementation in Software
, 1997
"... . In this paper we describe a fast new DES implementation. This implementation is about five times faster than the fastest known DES implementation on a (64bit) Alpha computer, and about three times faster than than our new optimized DES implementation on 64bit computers. This implementation uses ..."
Abstract

Cited by 83 (2 self)
 Add to MetaCart
(Show Context)
. In this paper we describe a fast new DES implementation. This implementation is about five times faster than the fastest known DES implementation on a (64bit) Alpha computer, and about three times faster than than our new optimized DES implementation on 64bit computers. This implementation uses a nonstandard representation, and view the processor as a SIMD computer, i.e., as 64 parallel onebit processors computing the same instruction. We also discuss the application of this implementation to other ciphers. We describe a new optimized standard implementation of DES on 64bit processors, which is about twice faster than the fastest known standard DES implementation on the same processor. Our implementations can also be used for fast exhaustive search in software, which can find a key in only a few days or a few weeks on existing parallel computers and computer networks. 1 Introduction In this paper we describe a new implementation of DES[4], which can be very efficiently executed ...
Theoretical Use of Cache Memory as a Cryptanalytic SideChannel
, 2002
"... We expand on the idea, proposed by Kelsey et al. [14], of cache memory being used as a sidechannel which leaks information during the run of a cryptographic algorithm. By using this sidechannel, an attacker may be able to reveal or narrow the possible values of secret information held on the ta ..."
Abstract

Cited by 78 (1 self)
 Add to MetaCart
We expand on the idea, proposed by Kelsey et al. [14], of cache memory being used as a sidechannel which leaks information during the run of a cryptographic algorithm. By using this sidechannel, an attacker may be able to reveal or narrow the possible values of secret information held on the target device. We describe an attack which encrypts 2 chosen plaintexts on the target processor in order to collect cache profiles and then performs around 2 computational steps to recover the key. As well as describing and simulating the theoretical attack, we discuss how hardware and algorithmic alterations can be used to defend against such techniques.
Unbalanced Feistel Networks and BlockCipher Design
 Fast Software Encryption, 3rd International Workshop Proceedings
, 1996
"... We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of eq ..."
Abstract

Cited by 72 (5 self)
 Add to MetaCart
We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of equal size. Removing this limitation on Feistel networks has interesting implications for designing ciphers secure against linear and differential attacks. We describe UFNs and a terminology for discussing their properties, present and analyze some UFN constructions, and make some initial observations about their security. It is notable that almost all the proposed ciphers that are based on Feistel networks follow the same design construction: half the bits operate on the other half. There is no inherent reason that this should be so; as we will demonstrate, it is possible to design Feistel networks across a much wider, richer design space. In this paper, we examine the nature of the...
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 66 (8 self)
 Add to MetaCart
(Show Context)
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
Chaos and Cryptography: Block Encryption Ciphers Based on Chaotic Maps
 IEEE Transactions on Circuits and SystemsI: Fundamental Theory and Applications
, 2001
"... Abstract—This paper is devoted to the analysis of the impact of chaosbased techniques on block encryption ciphers. We present several chaos based ciphers. Using the wellknown principles in the cryptanalysis we show that these ciphers do not behave worse than the standard ones, opening in this way ..."
Abstract

Cited by 62 (1 self)
 Add to MetaCart
(Show Context)
Abstract—This paper is devoted to the analysis of the impact of chaosbased techniques on block encryption ciphers. We present several chaos based ciphers. Using the wellknown principles in the cryptanalysis we show that these ciphers do not behave worse than the standard ones, opening in this way a novel approach to the design of block encryption ciphers. Index Terms—Block encryption ciphers, chaos, cryptography, Sboxes. I.
A SoftwareOptimized Encryption Algorithm
, 1997
"... We describe a softwareefficient encryption algorithm named SEAL 3.0. Computational cost on a modern 32bit processor is about 4 clock cycles per byte of text. The cipher is a pseudorandom function family: under control of a key (first preprocessed into an internal table) it stretches a 32bit ..."
Abstract

Cited by 59 (0 self)
 Add to MetaCart
We describe a softwareefficient encryption algorithm named SEAL 3.0. Computational cost on a modern 32bit processor is about 4 clock cycles per byte of text. The cipher is a pseudorandom function family: under control of a key (first preprocessed into an internal table) it stretches a 32bit position index into a long, pseudorandom string. This string