DOCSLIB.ORG

Observations on the Cryptologic Properties of the AES Algorithm

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Observations on the Cryptologic Properties of the AES Algorithm NIVERSITY U OF WOLLONGONG Observations on the Cryptologic Properties of the AES Algorithm A thesis submitted in fulfillment of the requirements for the award of the degree Doctor of Philosophy from UNIVERSITY OF WOLLONGONG by Beomsik Song School of Information Technology and Computer Science April 2004 c Copyright 2004 by Beomsik Song All Rights Reserved ii Dedicated to my mother, father, daughter, son and wife iii Certification This is to certify that the work reported in this thesis was done by the author, unless specified otherwise, and that no part of it has been submitted in a thesis to any other university or similar institution. Beomsik Song April 5, 2004 iv Abstract The AES algorithm is a symmetric block cipher, which will replace DES for the next few decades. This cipher has been reputed to be secure against conventional cryptanalytic methods, such as DC (Differential Cryptanalysis) and LC (Linear Cryptanalysis), but the simple algebraic structure of the cipher has led to some commentators’ concerns about its security. The purpose of this study is to observe the cryptologic properties of the AES algorithm from a new point of view, and to examine the security of this cipher on the basis of these observations. Some well-known research studies on the security of the AES algorithm are reviewed first, classified into four categories. We then discuss the cyclic properties and consis- tent differential patterns of this cipher using our own observations, which have been introduced in [7, 8, 9]. In terms of the cyclic properties of the AES algorithm, we have observed that every function used in the AES algorithm has a very short period, and that each layer has a short period as well. But we note that although the maximal periods of both the non- linear layer and the linear layer are short, the maximal period is dramatically increased when these two layers are combined. However, more importantly, we have observed that the AES algorithm still has a very unusual cyclic property for certain types of input blocks even in the combined layer, so that input blocks having short periods have simple hidden algebraic relations with their corresponding output blocks. In conjunction with the consistent differential patterns of the AES algorithm, we note that the AES structure is very well designed to be secure against DC and LC, as has previously been known. But we have also observed that it leads to some consistent differential patterns after certain rounds, which can be used for its cryptanalysis. v Acknowledgements First of all, I sincerely and deeply thank Professor Jennifer Seberry, my supervisor. She has always helped me whenever I was in difficulty. I shall never forget her con- stant affection towards students. I hope that I will have an opportunity to requite her kindness some day. I also cordially acknowledge those who allowed me to do my Ph.D study and who reserved my position at work during my period of study. Without their help, I would not have been able to study. I will always remember their support. I would also like to thank Ken Finlayson for his cordial assistance during my studies. I do not know how to thank him for his kindness. Finally, my thanks go to Professor Reihaneh Safavi-Naini, Doctor Yejing Wang, and Doctor Tianbing Xia as well for the various ways in which they have supported me. vi List of Publications The author has published some papers in this area. The papers are listed below and show how much work the author did in the preparation of this thesis. • B. Song, H. Wang, and J. Seberry, “A New Cryptanalytic Method Using the Distribution Characteristics of Substitution Distances”, Proceedings of ICISC 2001, Lecture Notes In Computer Science Vol.2288, pp.18-31, Springer-Verlag, Berlin, 2002. • B. Song and J. Seberry, “Consistent Differential Patterns of Rijndael”, Proceed- ings of ICISC 2002, Lecture Notes In Computer Science Vol.2587, pp.149-163, Springer-Verlag, Berlin, 2003. • B. Song and J. Seberry, “Further Observations on the Structure of the AES Algo- rithm”, Proceedings of FSE 2003, Lecture Notes In Computer Science Vol.2887, pp.223-234, Springer-Verlag, Berlin, 2003. • B. Song, J. Seberry and T. Xia, “Design Concept of a Plaintext-Dependent Block Cipher” (submitted). vii Contents Abstract v Acknowledgements vi List of Publications vii 1 Introduction 1 2 Description of the AES Algorithm 5 2.1 Basicmathematicsoperations . 5 2.2 Outlineofthestructure .......................... 7 2.3 Specificationofthefunctions. .. 8 2.4 ExpansionoftheCipherKey . 12 2.5 Inversecipher ................................ 14 3 Cryptologic Properties of the AES Algorithm 16 3.1 ImmunityagainstDCandLC . 16 3.2 Distinctive output properties of the structure . ........ 19 3.3 Cryptologic properties of the key schedule . ..... 25 3.4 Algebraicpropertiesofthealgorithm . .... 29 4 Cyclic Properties of the AES Algorithm 39 4.1 Cyclicpropertiesofeachfunction . ... 40 4.1.1 Cyclic properties of the SubBytes transformation . ..... 41 4.1.2 Cyclic properties of the ShiftRows transformation . ...... 43 4.1.3 Cyclic properties of the MixColumns transformation . ..... 43 4.2 Cyclic properties of combined functions . ..... 46 4.2.1 Cyclic properties of the linear layer . .. 46 4.2.2 Cyclic properties of the combined layer . .. 48 viii 4.3 ComparisonwithDES ........................... 51 5 Security Impact of the Cyclic Property 54 5.1 Cyclic properties of the elementary structure . ....... 54 5.2 Cryptologicimpact ............................. 56 5.3 Interimconclusion ............................. 59 6 Distinctive Output Properties of the AES Algorithm 61 6.1 DifferentialpropertiesoftheS-box . ... 62 6.1.1 Distribution of output differences . 62 6.1.2 Relationship between the S-boxandthekeys . 64 6.1.3 Relationship between the ES-boxandthekeys . 65 6.1.4 Relationship between the elementary structure and the keys . 66 6.2 Distinctive output properties of MixColumn . ..... 67 6.3 Consistent differential patterns of the AES algorithm . ........ 68 6.3.1 Concept of the consistent differential pattern . ..... 69 6.3.2 Second-round consistent differential patterns . ...... 69 2 6.3.3 2 3 rd-round consistent differential patterns . 72 6.3.4 Third-round consistent differential pattern . ..... 73 6.3.5 Fourth-round consistent differential patterns . ...... 75 6.3.6 Fifth-round consistent differential pattern . ..... 78 7 Security Impact of the Consistent Differential Pattern 81 7.1 Threerounds ................................ 81 7.2 Fourrounds ................................. 83 7.3 Fiverounds ................................. 85 7.4 Sixrounds.................................. 87 7.5 Seven-roundextension ........................... 91 8 Conclusion 92 A Classifying the substitution values in the ES-box 94 B Distribution of output differences 101 C Implementation results of the five-round cryptanalysis 105 Bibliography 109 ix List of Figures 1.1 Elementary structure of the SPN structure block cipher . ........ 2 2.1 Outline of the AES algorithm ....................... 7 2.2 Mixingoffourbytesinacolumn . 11 2.3 Illustration of the InvShiftRows transformation . ........ 14 2.4 Mixing of four bytes in the InvMixColumns transformation....... 15 3.1 Illustration of the third-round balanced property . ......... 20 3.2 Fourth-round collision distinguisher of the AES algorithm........ 23 3.3 Correlations between the bytes of the expanded key . ...... 28 3.4 Re-grouping of the functions in the elementary structure ........ 30 4.1 Elementary structure of the AES algorithm . .... 40 4.2 Illustration of the ShiftRows transformation . ....... 43 4.3 Re-ordering of SubBytes and ShiftRows . ... 50 5.1 Simple plaintext-ciphertext algebraic relationship in the cipher itself . 58 6.1 Example of the distribution of output differences in the S-box ..... 63 6.2 Substitution in the S-box ......................... 64 6.3 Substitution in the composition of the S-box and MixColumn ..... 66 6.4 Elementary structure surrounded by round keys . ..... 67 6.5 Second-round consistent differential patterns 1 . ........ 71 6.6 Second-round consistent differential patterns 2 . ........ 71 2 6.7 2 3 rd-round consistent differential patterns . .. 73 6.8 Third-round consistent differential pattern . ....... 74 7.1 Checking the fourth-round consistent differential pattern ........ 88 x List of Tables 1.1 Fifteen candidates for the Advanced Encryption Standard ....... 1 2.1 S-boxoftheAESalgorithm ........................ 9 2.2 S-box−1 oftheAESalgorithm....................... 14 3.1 Complexities of the Square attack against the AES algorithm...... 21 3.2 Complexities of the IDC against the AES algorithm . ..... 22 4.1 Classifying the substitution values in the S-box ............. 41 4.2 ES-box ................................... 49 4.3 Classifying the substitution values in the ES-box ............ 51 4.4 P-boxofDES ................................ 52 xi Chapter 1 Introduction In 1997, the NIST (National Institute of Standards and Technology) initiated an open call to develop the AES (Advanced Encryption Standard) algorithm to replace DES (Data Encryption Standard) for the next few decades [60]. Fifteen cipher algorithms summarised in Table 1.1 were announced as candidates at the first AES Candidate Conference in August 1998 [61], and then five algorithms were selected as the finalists in August 1999, after the second AES Candidate Conference [62]. These are MARS [11], RC6TM [66], Rijndael [28], Serpent [65], and Twofish [3]. Algorithm Origin Structure(Rounds) CRYPTON Korea SPNstructure(12) CAST-256 Canada ModifiedFeistelstructure(48)
Load more

Recommended publications
  • Basic Cryptography
    Basic cryptography • How cryptography works... • Symmetric cryptography... • Public key cryptography... • Online Resources... • Printed Resources... I VP R 1 © Copyright 2002-2007 Haim Levkowitz How cryptography works • Plaintext • Ciphertext • Cryptographic algorithm • Key Decryption Key Algorithm Plaintext Ciphertext Encryption I VP R 2 © Copyright 2002-2007 Haim Levkowitz Simple cryptosystem ... ! ABCDEFGHIJKLMNOPQRSTUVWXYZ ! DEFGHIJKLMNOPQRSTUVWXYZABC • Caesar Cipher • Simple substitution cipher • ROT-13 • rotate by half the alphabet • A => N B => O I VP R 3 © Copyright 2002-2007 Haim Levkowitz Keys cryptosystems … • keys and keyspace ... • secret-key and public-key ... • key management ... • strength of key systems ... I VP R 4 © Copyright 2002-2007 Haim Levkowitz Keys and keyspace … • ROT: key is N • Brute force: 25 values of N • IDEA (international data encryption algorithm) in PGP: 2128 numeric keys • 1 billion keys / sec ==> >10,781,000,000,000,000,000,000 years I VP R 5 © Copyright 2002-2007 Haim Levkowitz Symmetric cryptography • DES • Triple DES, DESX, GDES, RDES • RC2, RC4, RC5 • IDEA Key • Blowfish Plaintext Encryption Ciphertext Decryption Plaintext Sender Recipient I VP R 6 © Copyright 2002-2007 Haim Levkowitz DES • Data Encryption Standard • US NIST (‘70s) • 56-bit key • Good then • Not enough now (cracked June 1997) • Discrete blocks of 64 bits • Often w/ CBC (cipherblock chaining) • Each blocks encr. depends on contents of previous => detect missing block I VP R 7 © Copyright 2002-2007 Haim Levkowitz Triple DES, DESX,
    [Show full text]
  • The Data Encryption Standard (DES) – History
    Chair for Network Architectures and Services Department of Informatics TU München – Prof. Carle Network Security Chapter 2 Basics 2.1 Symmetric Cryptography • Overview of Cryptographic Algorithms • Attacking Cryptographic Algorithms • Historical Approaches • Foundations of Modern Cryptography • Modes of Encryption • Data Encryption Standard (DES) • Advanced Encryption Standard (AES) Cryptographic algorithms: outline Cryptographic Algorithms Symmetric Asymmetric Cryptographic Overview En- / Decryption En- / Decryption Hash Functions Modes of Cryptanalysis Background MDC’s / MACs Operation Properties DES RSA MD-5 AES Diffie-Hellman SHA-1 RC4 ElGamal CBC-MAC Network Security, WS 2010/11, Chapter 2.1 2 Basic Terms: Plaintext and Ciphertext Plaintext P The original readable content of a message (or data). P_netsec = „This is network security“ Ciphertext C The encrypted version of the plaintext. C_netsec = „Ff iThtIiDjlyHLPRFxvowf“ encrypt key k1 C P key k2 decrypt In case of symmetric cryptography, k1 = k2. Network Security, WS 2010/11, Chapter 2.1 3 Basic Terms: Block cipher and Stream cipher Block cipher A cipher that encrypts / decrypts inputs of length n to outputs of length n given the corresponding key k. • n is block length Most modern symmetric ciphers are block ciphers, e.g. AES, DES, Twofish, … Stream cipher A symmetric cipher that generats a random bitstream, called key stream, from the symmetric key k. Ciphertext = key stream XOR plaintext Network Security, WS 2010/11, Chapter 2.1 4 Cryptographic algorithms: overview
    [Show full text]
  • Seed Maturity in White Fir and Red Fir. Pacific Southwest Forest and Range Exp
    PACIFIC SOUTHWEST Forest and Range FOREST SERVICE U. S. DEPARTMENT OF AGRICULTURE P.O. BOX 245, BERKELEY, CALIFORNIA 94701 Experiment Station USDA FOREST SERVICE RESEARCH PAPER PSW-99 /1974 CONTENTS Page Summary ................................................... 1 Introduction ................................................. 3 Methods .................................................... 3 Testing Fresh Seeds ....................................... 3 Testing Stratified Seeds .................................... 3 Seedling Vigor Tests ...................................... 4 Artificial Ripening Trial ................................... 4 Other Observations ........................................ 4 Results and Discussion ....................................... 5 Cone Specific Gravity ..................................... 5 Seed Germination, byCollection Date ....................... 5 Seed GerminationandCone Specific Gravity ................ 7 Red Fir Seedling Vigor .................................... 9 ArtificialRipening of White Fir Seeds ....................... 9 OtherMaturity Indices ..................................... 9 Application ................................................. 10 Literature Cited.............................................. 12 THE AUTHOR WILLIAM W. OLIVER is doing silvicultural research on Sierra Nevada conifer types with headquarters at Redding, California. He earned a B.S. degree (1956) in forestry from the University of New Hampshire, and an M.F. degree (1960) from the University of Michigan. A native of
    [Show full text]
  • Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, Newdes, RC2, and TEA
    Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, NewDES, RC2, and TEA John Kelsey Bruce Schneier David Wagner Counterpane Systems U.C. Berkeley kelsey,schneier @counterpane.com [email protected] f g Abstract. We present new related-key attacks on the block ciphers 3- WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. Differen- tial related-key attacks allow both keys and plaintexts to be chosen with specific differences [KSW96]. Our attacks build on the original work, showing how to adapt the general attack to deal with the difficulties of the individual algorithms. We also give specific design principles to protect against these attacks. 1 Introduction Related-key cryptanalysis assumes that the attacker learns the encryption of certain plaintexts not only under the original (unknown) key K, but also under some derived keys K0 = f(K). In a chosen-related-key attack, the attacker specifies how the key is to be changed; known-related-key attacks are those where the key difference is known, but cannot be chosen by the attacker. We emphasize that the attacker knows or chooses the relationship between keys, not the actual key values. These techniques have been developed in [Knu93b, Bih94, KSW96]. Related-key cryptanalysis is a practical attack on key-exchange protocols that do not guarantee key-integrity|an attacker may be able to flip bits in the key without knowing the key|and key-update protocols that update keys using a known function: e.g., K, K + 1, K + 2, etc. Related-key attacks were also used against rotor machines: operators sometimes set rotors incorrectly.
    [Show full text]
  • Performance and Energy Efficiency of Block Ciphers in Personal Digital Assistants
    Performance and Energy Efficiency of Block Ciphers in Personal Digital Assistants Creighton T. R. Hager, Scott F. Midkiff, Jung-Min Park, Thomas L. Martin Bradley Department of Electrical and Computer Engineering Virginia Polytechnic Institute and State University Blacksburg, Virginia 24061 USA {chager, midkiff, jungmin, tlmartin} @ vt.edu Abstract algorithms may consume more energy and drain the PDA battery faster than using less secure algorithms. Due to Encryption algorithms can be used to help secure the processing requirements and the limited computing wireless communications, but securing data also power in many PDAs, using strong cryptographic consumes resources. The goal of this research is to algorithms may also significantly increase the delay provide users or system developers of personal digital between data transmissions. Thus, users and, perhaps assistants and applications with the associated time and more importantly, software and system designers need to energy costs of using specific encryption algorithms. be aware of the benefits and costs of using various Four block ciphers (RC2, Blowfish, XTEA, and AES) were encryption algorithms. considered. The experiments included encryption and This research answers questions regarding energy decryption tasks with different cipher and file size consumption and execution time for various encryption combinations. The resource impact of the block ciphers algorithms executing on a PDA platform with the goal of were evaluated using the latency, throughput, energy- helping software and system developers design more latency product, and throughput/energy ratio metrics. effective applications and systems and of allowing end We found that RC2 encrypts faster and uses less users to better utilize the capabilities of PDA devices.
    [Show full text]
  • Serpent: a Proposal for the Advanced Encryption Standard
    Serpent: A Proposal for the Advanced Encryption Standard Ross Anderson1 Eli Biham2 Lars Knudsen3 1 Cambridge University, England; email [email protected] 2 Technion, Haifa, Israel; email [email protected] 3 University of Bergen, Norway; email [email protected] Abstract. We propose a new block cipher as a candidate for the Ad- vanced Encryption Standard. Its design is highly conservative, yet still allows a very efficient implementation. It uses S-boxes similar to those of DES in a new structure that simultaneously allows a more rapid avalanche, a more efficient bitslice implementation, and an easy anal- ysis that enables us to demonstrate its security against all known types of attack. With a 128-bit block size and a 256-bit key, it is as fast as DES on the market leading Intel Pentium/MMX platforms (and at least as fast on many others); yet we believe it to be more secure than three-key triple-DES. 1 Introduction For many applications, the Data Encryption Standard algorithm is nearing the end of its useful life. Its 56-bit key is too small, as shown by a recent distributed key search exercise [28]. Although triple-DES can solve the key length problem, the DES algorithm was also designed primarily for hardware encryption, yet the great majority of applications that use it today implement it in software, where it is relatively inefficient. For these reasons, the US National Institute of Standards and Technology has issued a call for a successor algorithm, to be called the Advanced Encryption Standard or AES.
    [Show full text]
  • Hemiunu Used Numerically Tagged Surface Ratios to Mark Ceilings Inside the Great Pyramid Hinting at Designed Spaces Still Hidden Within
    Archaeological Discovery, 2018, 6, 319-337 http://www.scirp.org/journal/ad ISSN Online: 2331-1967 ISSN Print: 2331-1959 Hemiunu Used Numerically Tagged Surface Ratios to Mark Ceilings inside the Great Pyramid Hinting at Designed Spaces Still Hidden Within Manu Seyfzadeh Institute for the Study of the Origins of Civilization (ISOC)1, Boston University’s College of General Studies, Boston, USA How to cite this paper: Seyfzadeh, M. Abstract (2018). Hemiunu Used Numerically Tagged Surface Ratios to Mark Ceilings inside the In 1883, W. M. Flinders Petrie noticed that the vertical thickness and height Great Pyramid Hinting at Designed Spaces of certain stone courses of the Great Pyramid2 of Khufu/Cheops at Giza, Still Hidden Within. Archaeological Dis- Egypt markedly increase compared to those immediately lower periodically covery, 6, 319-337. https://doi.org/10.4236/ad.2018.64016 and conspicuously interrupting a general trend of progressive course thinning towards the summit. Having calculated the surface area of each course, Petrie Received: September 10, 2018 further noted that the courses immediately below such discrete stone thick- Accepted: October 5, 2018 Published: October 8, 2018 ness peaks tended to mark integer multiples of 1/25th of the surface area at ground level. Here I show that the probable architect of the Great Pyramid, Copyright © 2018 by author and Khufu’s vizier Hemiunu, conceptualized its vertical construction design using Scientific Research Publishing Inc. surface areas based on the same numerical principles used to design his own This work is licensed under the Creative Commons Attribution International mastaba in Giza’s western cemetery and conspicuously used this numerical License (CC BY 4.0).
    [Show full text]
  • Report on the AES Candidates
    Rep ort on the AES Candidates 1 2 1 3 Olivier Baudron , Henri Gilb ert , Louis Granb oulan , Helena Handschuh , 4 1 5 1 Antoine Joux , Phong Nguyen ,Fabrice Noilhan ,David Pointcheval , 1 1 1 1 Thomas Pornin , Guillaume Poupard , Jacques Stern , and Serge Vaudenay 1 Ecole Normale Sup erieure { CNRS 2 France Telecom 3 Gemplus { ENST 4 SCSSI 5 Universit e d'Orsay { LRI Contact e-mail: [email protected] Abstract This do cument rep orts the activities of the AES working group organized at the Ecole Normale Sup erieure. Several candidates are evaluated. In particular we outline some weaknesses in the designs of some candidates. We mainly discuss selection criteria b etween the can- didates, and make case-by-case comments. We nally recommend the selection of Mars, RC6, Serp ent, ... and DFC. As the rep ort is b eing nalized, we also added some new preliminary cryptanalysis on RC6 and Crypton in the App endix which are not considered in the main b o dy of the rep ort. Designing the encryption standard of the rst twentyyears of the twenty rst century is a challenging task: we need to predict p ossible future technologies, and wehavetotake unknown future attacks in account. Following the AES pro cess initiated by NIST, we organized an op en working group at the Ecole Normale Sup erieure. This group met two hours a week to review the AES candidates. The present do cument rep orts its results. Another task of this group was to up date the DFC candidate submitted by CNRS [16, 17] and to answer questions which had b een omitted in previous 1 rep orts on DFC.
    [Show full text]
  • Development of the Advanced Encryption Standard
    Volume 126, Article No. 126024 (2021) https://doi.org/10.6028/jres.126.024 Journal of Research of the National Institute of Standards and Technology Development of the Advanced Encryption Standard Miles E. Smid Formerly: Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD 20899, USA [email protected] Strong cryptographic algorithms are essential for the protection of stored and transmitted data throughout the world. This publication discusses the development of Federal Information Processing Standards Publication (FIPS) 197, which specifies a cryptographic algorithm known as the Advanced Encryption Standard (AES). The AES was the result of a cooperative multiyear effort involving the U.S. government, industry, and the academic community. Several difficult problems that had to be resolved during the standard’s development are discussed, and the eventual solutions are presented. The author writes from his viewpoint as former leader of the Security Technology Group and later as acting director of the Computer Security Division at the National Institute of Standards and Technology, where he was responsible for the AES development. Key words: Advanced Encryption Standard (AES); consensus process; cryptography; Data Encryption Standard (DES); security requirements, SKIPJACK. Accepted: June 18, 2021 Published: August 16, 2021; Current Version: August 23, 2021 This article was sponsored by James Foti, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology (NIST). The views expressed represent those of the author and not necessarily those of NIST. https://doi.org/10.6028/jres.126.024 1. Introduction In the late 1990s, the National Institute of Standards and Technology (NIST) was about to decide if it was going to specify a new cryptographic algorithm standard for the protection of U.S.
    [Show full text]
  • Symmetric Encryption: AES
    Symmetric Encryption: AES Yan Huang Credits: David Evans (UVA) Advanced Encryption Standard ▪ 1997: NIST initiates program to choose Advanced Encryption Standard to replace DES ▪ Why not just use 3DES? 2 AES Process ▪ Open Design • DES: design criteria for S-boxes kept secret ▪ Many good choices • DES: only one acceptable algorithm ▪ Public cryptanalysis efforts before choice • Heavy involvements of academic community, leading public cryptographers ▪ Conservative (but “quick”): 4 year process 3 AES Requirements ▪ Secure for next 50-100 years ▪ Royalty free ▪ Performance: faster than 3DES ▪ Support 128, 192 and 256 bit keys • Brute force search of 2128 keys at 1 Trillion keys/ second would take 1019 years (109 * age of universe) 4 AES Round 1 ▪ 15 submissions accepted ▪ Weak ciphers quickly eliminated • Magenta broken at conference! ▪ 5 finalists selected: • MARS (IBM) • RC6 (Rivest, et. al.) • Rijndael (Belgian cryptographers) • Serpent (Anderson, Biham, Knudsen) • Twofish (Schneier, et. al.) 5 AES Evaluation Criteria 1. Security Most important, but hardest to measure Resistance to cryptanalysis, randomness of output 2. Cost and Implementation Characteristics Licensing, Computational, Memory Flexibility (different key/block sizes), hardware implementation 6 AES Criteria Tradeoffs ▪ Security v. Performance • How do you measure security? ▪ Simplicity v. Complexity • Need complexity for confusion • Need simplicity to be able to analyze and implement efficiently 7 Breaking a Cipher ▪ Intuitive Impression • Attacker can decrypt secret messages • Reasonable amount of work, actual amount of ciphertext ▪ “Academic” Ideology • Attacker can determine something about the message • Given unlimited number of chosen plaintext-ciphertext pairs • Can perform a very large number of computations, up to, but not including, 2n, where n is the key size in bits (i.e.
    [Show full text]
  • Critical Assessment of Reaction Mechanisms Using the Lisbon Kinetics Tool Suit
    XXXIV ICPIG & ICRP-10, July 14-19, 2019, Sapporo, Hokkaido, Japan Critical assessment of reaction mechanisms using the LisbOn KInetics tool suit 1 1 1 2 P P P P P A. Tejero-del-Caz P , V.U Guerra UP , M. Lino da Silva P , L. Marques P , 1 1,3 1 1 P P P N. Pinhão P , C. D. Pintassilgo P , T. Silva P and L. L. Alves P 1 P P Instituto de Plasmas e Fusão Nuclear, Instituto Superior Técnico, Universidade de Lisboa, Av. Rovisco Pais, Lisboa, Portugal 2 P P Centro de Física da Universidade do Minho, Campus de Gualtar, Braga, Portugal 3 P P Faculdade de Engenharia da Universidade do Porto, Porto, Portugal This work uses the LisbOn KInetics (LoKI) tool suit to perform a critical assessment and correction of the collisional, radiative and transport mechanisms and data describing the kinetics of several gas/plasma systems. LoKI comprises two modules: a Boltzmann solver, LoKI-B (to become open- source), and a chemistry solver, LoKI-C. Both modules can run as standalone tools or coupled in a self-consistent manner. LoKI handles simulations in any atomic / molecular gas mixture, considering collisions with any target state (electronic, vibrational and rotational), specified in the reaction mechanism adopted. As output, the tool provides the electron energy distribution function and the corresponding electron macroscopic parameters, along with the densities of species and the corresponding creation / destruction rates. 1. Introduction for the heavy species (charged and neutral) present in Predictive tools for non-equilibrium low- the plasma, receiving as input data the KIT(s) for the temperature plasmas (LTPs) should properly describe gas/plasma system under study, and using several the kinetics of both the electrons and the heavy- modules to describe the mechanisms (collisional, species, the former responsible for inducing plasma radiative and transport) controlling the creation / reactivity and the latter providing the pathways for destruction of species.
    [Show full text]
  • Bruce Schneier 2
    Committee on Energy and Commerce U.S. House of Representatives Witness Disclosure Requirement - "Truth in Testimony" Required by House Rule XI, Clause 2(g)(5) 1. Your Name: Bruce Schneier 2. Your Title: none 3. The Entity(ies) You are Representing: none 4. Are you testifying on behalf of the Federal, or a State or local Yes No government entity? X 5. Please list any Federal grants or contracts, or contracts or payments originating with a foreign government, that you or the entity(ies) you represent have received on or after January 1, 2015. Only grants, contracts, or payments related to the subject matter of the hearing must be listed. 6. Please attach your curriculum vitae to your completed disclosure form. Signatur Date: 31 October 2017 Bruce Schneier Background Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of 14 books—including the New York Times best-seller Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World—as well as hundreds of articles, essays, and academic papers. His influential newsletter Crypto-Gram and blog Schneier on Security are read by over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet and Society at Harvard University, a Lecturer in Public Policy at the Harvard Kennedy School, a board member of the Electronic Frontier Foundation and the Tor Project, and an advisory board member of EPIC and VerifiedVoting.org. He is also a special advisor to IBM Security and the Chief Technology Officer of IBM Resilient.
    [Show full text]