Results 1  10
of
1,403
Correlated Keystreams in Moustique
"... Abstract. Moustique is one of the sixteen finalists in the eSTREAM stream cipher project. Unlike the other finalists it is a selfsynchronising cipher and therefore offers very different functional properties, compared to the other candidates. We present simple relatedkey phenomena in Moustique tha ..."
Abstract
 Add to MetaCart
that lead to the generation of strongly correlated keystreams and to powerful keyrecovery attacks. Our best keyrecovery attack requires only 2 38 steps in the relatedkey scenario. Since the relevance of relatedkey properties is sometimes called into question, we also show how the described effects can
Near Optimal Signal Recovery From Random Projections: Universal Encoding Strategies?
, 2004
"... Suppose we are given a vector f in RN. How many linear measurements do we need to make about f to be able to recover f to within precision ɛ in the Euclidean (ℓ2) metric? Or more exactly, suppose we are interested in a class F of such objects— discrete digital signals, images, etc; how many linear m ..."
Abstract

Cited by 1513 (20 self)
 Add to MetaCart
Suppose we are given a vector f in RN. How many linear measurements do we need to make about f to be able to recover f to within precision ɛ in the Euclidean (ℓ2) metric? Or more exactly, suppose we are interested in a class F of such objects— discrete digital signals, images, etc; how many linear measurements do we need to recover objects from this class to within accuracy ɛ? This paper shows that if the objects of interest are sparse or compressible in the sense that the reordered entries of a signal f ∈ F decay like a powerlaw (or if the coefficient sequence of f in a fixed basis decays like a powerlaw), then it is possible to reconstruct f to within very high accuracy from a small number of random measurements. typical result is as follows: we rearrange the entries of f (or its coefficients in a fixed basis) in decreasing order of magnitude f  (1) ≥ f  (2) ≥... ≥ f  (N), and define the weakℓp ball as the class F of those elements whose entries obey the power decay law f  (n) ≤ C · n −1/p. We take measurements 〈f, Xk〉, k = 1,..., K, where the Xk are Ndimensional Gaussian
On The Limits of Steganography
 IEEE Journal of Selected Areas in Communications
, 1998
"... In this paper, we clarify what steganography is and what it can do. We contrast it with the related disciplines of cryptography and tra#c security, present a unified terminology agreed at the first international workshop on the subject, and outline a number of approachesmany of them developed to ..."
Abstract

Cited by 402 (2 self)
 Add to MetaCart
In this paper, we clarify what steganography is and what it can do. We contrast it with the related disciplines of cryptography and tra#c security, present a unified terminology agreed at the first international workshop on the subject, and outline a number of approachesmany of them developed to hide encrypted copyright marks or serial numbers in digital audio or video. We then present a number of attacks, some new, on such information hiding schemes. This leads to a discussion of the formidable obstacles that lie in the way of a general theory of information hiding systems (in the sense that Shannon gave us a general theory of secrecy systems). However, theoretical considerations lead to ideas of practical value, such as the use of parity checks to amplify covertness and provide public key steganography. Finally, we show that public key information hiding systems exist, and are not necessarily constrained to the case where the warden is passive. Keywords Cryptography, Copyright...
The LILI128 Keystream Generator
"... The LILI128 keystream generator is a LFSR based synchronous stream cipher with a 128 bit key. The design offers large period and linear complexity, and is resistant to currently known styles of attack. LILI is simple to implement in hardware or software. ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
The LILI128 keystream generator is a LFSR based synchronous stream cipher with a 128 bit key. The design offers large period and linear complexity, and is resistant to currently known styles of attack. LILI is simple to implement in hardware or software.
On Fibonacci Keystream Generators
 Fast Software Encryption, 2nd International Workshop Proceedings
, 1994
"... . A number of keystream generators have been proposed which are based on Fibonacci sequences, and at least one has been fielded. They are attractive in that they can use some of the security results from the theory of shift register based keystream generators, while running much more quickly in soft ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
. A number of keystream generators have been proposed which are based on Fibonacci sequences, and at least one has been fielded. They are attractive in that they can use some of the security results from the theory of shift register based keystream generators, while running much more quickly
Algebraic Attacks on Stream Ciphers with Linear Feedback
, 2003
"... A classical construction of stream ciphers is to combine several LFSRs and a highly nonlinear Boolean function f . Their security is usually studied in terms of correlation attacks, that can be seen as solving a system of multivariate linear equations, true with some probability. At ICISC'0 ..."
Abstract

Cited by 260 (21 self)
 Add to MetaCart
A classical construction of stream ciphers is to combine several LFSRs and a highly nonlinear Boolean function f . Their security is usually studied in terms of correlation attacks, that can be seen as solving a system of multivariate linear equations, true with some probability. At ICISC
The LILI128 Keystream Generator
"... The LILI128 keystream generator is a LFSR based synchronous stream cipher with a 128 bit key. The design offers large period and linear complexity, and is resistant to currently known styles of attack. LILI is simple to implement in hardware or software. 1 ..."
Abstract
 Add to MetaCart
The LILI128 keystream generator is a LFSR based synchronous stream cipher with a 128 bit key. The design offers large period and linear complexity, and is resistant to currently known styles of attack. LILI is simple to implement in hardware or software. 1
BDDbased cryptanalysis of keystream generators
 Advances in Cryptology – EUROCRYPT’02, LNCS 1462
, 2002
"... Abstract. Many of the keystream generators which are used in practice are LFSRbased in the sense that they produce the keystream according to a rule y = C(L(x)), where L(x) denotes an internal linear bitstream, produced by a small number of parallel linear feedback shift registers (LFSRs), and C de ..."
Abstract

Cited by 29 (1 self)
 Add to MetaCart
Abstract. Many of the keystream generators which are used in practice are LFSRbased in the sense that they produce the keystream according to a rule y = C(L(x)), where L(x) denotes an internal linear bitstream, produced by a small number of parallel linear feedback shift registers (LFSRs), and C
Weaknesses in the Key Scheduling Algorithm of RC4
 PROCEEDINGS OF THE 4TH ANNUAL WORKSHOP ON SELECTED AREAS OF CRYPTOGRAPHY
, 2001
"... In this paper we present several weaknesses in the key scheduling algorithm of RC4, and describe their cryptanalytic significance. We identify a large number of weak keys, in which knowledge of a small number of key bits suffices to determine many state and output bits with nonnegligible probabilit ..."
Abstract

Cited by 257 (1 self)
 Add to MetaCart
In this paper we present several weaknesses in the key scheduling algorithm of RC4, and describe their cryptanalytic significance. We identify a large number of weak keys, in which knowledge of a small number of key bits suffices to determine many state and output bits with nonnegligible probability. We use these weak keys to construct new distinguishers for RC4, and to mount related key attacks with practical complexities. Finally, we show that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol (WEP, which is part of the 802.11 standard), in which a fixed secret key is concatenated with known IV modifiers in order to encrypt different messages. Our new passive ciphertextonly attack on this mode can recover an arbitrarily long key in a negligible amount of time which grows only linearly with its size, both for 24 and 128 bit IV modifiers.
Results 1  10
of
1,403