DOCSLIB.ORG

Cryptanalysis of Ciphers and Protocols Elad Pinhas Barkan

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cryptanalysis of Ciphers and Protocols Elad Pinhas Barkan Cryptanalysis of Ciphers and Protocols Elad Pinhas Barkan Technion - Computer Science Department - Ph.D. Thesis PHD-2006-04 - 2006 Technion - Computer Science Department - Ph.D. Thesis PHD-2006-04 - 2006 Cryptanalysis of Ciphers and Protocols Research Thesis Submitted in partial fulfillment of the Requirements for the Degree of Doctor of Philosophy Elad Pinhas Barkan Submitted to the Senate of the Technion — Israel Institute of Technology Adar 5766 Haifa March 2006 Technion - Computer Science Department - Ph.D. Thesis PHD-2006-04 - 2006 Technion - Computer Science Department - Ph.D. Thesis PHD-2006-04 - 2006 The research thesis was done under the supervision of Prof. Eli Biham in the Faculty of Computer Science. It is my privilege to thank Eli Biham for his insightful support that made this work possible, and for bringing me up as a scientist and researcher. I especially acknowledge Eli for his respect and trust, and for providing me with a very high degree of independence. Eli found the golden path among education, rigorousness, and care. His unique ability to quickly communicate anything in a personal (and sometimes playful) way always leaves me with a smile on my face. I am thankful to Adi Shamir for our fruitful collaboration, for being highly avail- able around the clock (and around the globe), and for his patience and his wisdom. I acknowledge Nathan Keller for his wonderful and helpful curiosity, and for being an amazing brainmaker. It is a pleasure to thank my colleagues at the Technion, Orr Dunkelman and Rafi Chen, for fruitful discussions and for the wonderful time we had together. I feel that no words can express my deep gratitude to my loving family, which gave me unconditional love, support, and understanding through the better and worse times of my research. Special thanks goes to my future wife Tamar Kashti for listening to all my research ideas during our many speed-walking, for her love, for her good advices and encouragement, and for being a great companion. The generous financial help of Technion is gratefully acknowledged. Technion - Computer Science Department - Ph.D. Thesis PHD-2006-04 - 2006 Technion - Computer Science Department - Ph.D. Thesis PHD-2006-04 - 2006 Contents Abstract 1 1 Introduction 4 2 In How Many Ways Can You Write Rijndael? 11 2.1 Introduction . 11 2.2 Description of Rijndael . 14 2.3 Square Dual Ciphers . 16 2.4 Modifying the Polynomial . 20 2.5 Log Dual Ciphers . 22 2.6 Self-Dual Ciphers . 24 2.6.1 Higher-Order Self-Dual Cipher . 26 2.6.2 Cryptanalysis of Self-Dual Ciphers . 27 2.6.3 Application to BES . 28 2.7 Applications of Dual Ciphers . 29 2.8 Summary . 30 2.9 Appendix: The Affine Transformation of Rijndael and Rijndael2 . 31 2.10 Appendix: The Matrix Q ........................ 31 2.11 Appendix: The Matrix R ........................ 32 2.12 Appendix: Properties of the T (x) Transformation . 33 2.13 Appendix: How to Enumerate the Keys of Self-Dual Ciphers . 34 3 Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Commu- nications 38 3.1 Introduction . 39 3.1.1 Executive Summary of the New Attacks . 41 3.1.2 Organization of this Chapter . 43 3.2 Description of A5/2 . 43 3.3 Known Plaintext Attacks on A5/2 . 46 i Technion - Computer Science Department - Ph.D. Thesis PHD-2006-04 - 2006 3.3.1 Goldberg, Wagner, and Green’s Known Plaintext Attack on A5/2 ............................... 46 3.3.2 Our Non-Optimized Known-Plaintext Attack on A5/2 . 49 3.3.3 An Optimized Attack on A5/2 . 52 3.4 An Instant Ciphertext-Only Attack on A5/2 . 55 3.5 Withstanding Errors in the Reception . 57 3.6 A Passive Ciphertext-Only Cryptanalysis of A5/1 Encrypted Commu- nication . 60 3.7 Leveraging the Attacks to Any GSM Network by Active Attacks . 64 3.7.1 Class-Mark Attack . 66 3.7.2 Recovering Kc of Past or Future Conversations . 66 3.7.3 Man in the Middle Attack . 68 3.7.4 Attack on GPRS . 70 3.8 Possible Attack Scenarios . 71 3.8.1 Call Wire-Tapping . 71 3.8.2 Call Hijacking . 72 3.8.3 Altering of Data Messages (SMS) . 72 3.8.4 Call Theft — Dynamic Cloning . 72 3.9 How to Acquire a Specific Victim . 73 3.10 Summary . 75 3.11 Appendix: Enhancing The Attack of Goldberg, Wagner, and Green on GSM’s A5/2 to a Ciphertext-Only Attack . 76 3.12 Appendix: Technical Background on GSM . 78 3.12.1 GSM Call Establishment . 81 4 Conditional Estimators: an Effective Attack on A5/1 84 4.1 Introduction . 84 4.1.1 Previous Correlation Attacks on A5/1 . 85 4.1.2 Our Contribution . 86 4.1.3 Organization of the Chapter . 87 4.2 A Description of A5/1 . 87 4.3 Notations and Previous Works . 89 4.4 The New Observations . 92 4.4.1 The New Correlation — Conditional Estimators . 92 4.4.2 First Weakness of R2 — the Alignment Property . 93 4.4.3 Second Weakness of R2 — the Folding Property . 94 4.4.4 Third Weakness of R2 — the Symmetry Property . 95 4.5 The New Attack . 96 ii Technion - Computer Science Department - Ph.D. Thesis PHD-2006-04 - 2006 4.5.1 Step 2 — Decoding of Estimators . 97 4.6 Simulations of our Attacks . 101 4.6.1 Early Filtering . 103 4.6.2 Improved Estimators . 103 4.7 A New Source for Known-Keystream . 103 4.8 Summary . 104 4.9 Appendix: Overview of Step 2 and Step 3 of Maximov, Johansson, and Babbage’s Attack . 105 4.10 Appendix: Fast Calculation of funcl2,s1 [x] . 106 4.11 Appendix: Calculating Conditional Estimators . 107 4.12 Appendix: Step 3 — Recovering the Third Register . 114 4.12.1 Alternative Step 3 Using the Ten Zero Bits of Kc . 115 5 Rigorous Bounds on Cryptanalytic Time/Memory Tradeoffs 116 5.1 Introduction . 116 5.1.1 Previous Work . 117 5.1.2 The Contribution of This Chapter . 118 5.1.3 Structure of the Chapter . 120 5.2 The Stateful Random Graph Model . 120 5.2.1 Coverage Types and Collisions of Paths in the Stateful Random Graph . 124 5.3 A Rigorous Upper Bound on the Maximum Possible Net Coverage of M Chains in a Stateful Random Graph . 125 5.3.1 Reducing the Best Choice of Start Points to the Average Case 126 5.3.2 Bounding Prob(Wi,j = 1) . 127 5.3.3 Concluding the Proof . 131 5.4 A Lower Bound for S ..........................132 5.5 A Lower Bound on the Time Complexity . 132 5.5.1 A Lower Bound on the Time Complexity of Cryptanalytic Time/Memory/Data Tradeoffs . 134 5.6 Notes on Rainbow-Like Schemes . 134 5.6.1 A Note on the Rainbow Scheme . 134 5.6.2 Notes on Rainbow Time/Memory/Data Tradeoffs . 135 5.7 Summary . 136 5.8 Appendix: A Time/Memory Tradeoff with Hidden State that Depends Only on the Previous Values in the Chain 136 iii Technion - Computer Science Department - Ph.D. Thesis PHD-2006-04 - 2006 5.9 Appendix: Stretching Distinguished Points — A Time/Memory Trade- off Scheme with a Deeper Preprocessing . 137 5.10 Appendix: Time Complexity of Hellman Versus Rainbow . 140 5.11 Appendix: Analysis of the New Cryptanalytic Time/Memory/Data Tradeoffs . 141 5.11.1 Trivial Rainbow Time/Memory/Data Tradeoff: TM 2D = N 2 ...........................141 5.11.2 Thin-Rainbow Time/Memory/Data Tradeoff: TM 2D2 = N 2 ..........................141 5.11.3 Fuzzy-Rainbow Time/Memory/Data Tradeoff: 2TM 2D2 = N 2 + ND2M ....................142 5.11.4 Analysis of the Matrix Stop Rule in the Modified Rainbow Scheme . 143 5.11.5 Notes . 144 5.12 Appendix: Extended Coverage Theorem . 145 A Introduction to some of the Contemporary Methods of Cryptanal- ysis 148 A.1 Introduction to Differential Cryptanalysis . 148 A.1.1 Simple Examples . 148 A.2 Introduction to Linear Cryptanalysis . 150 A.2.1 Simple Examples . 151 A.3 Time Memory Tradeoffs . 153 A.4 Algebraic Attacks . 157 A.4.1 Linearization . 158 A.4.2 Relinearization . 159 A.4.3 The XL Method . 160 A.5 Introduction to Stream Ciphers and Their Analysis . 161 A.6 Correlation Attacks . 162 A.7 Time/Memory/Data Tradeoff for Stream Ciphers . 163 Bibliography 166 Abstract in Hebrew f iv Technion - Computer Science Department - Ph.D. Thesis PHD-2006-04 - 2006 List of Tables 2.1 The Table T (x) with Generator 03x and Irreducible Polynomial 11Bx (Rijndael) . 35 2.2 The Element Cycles Under the Squaring Operation . 36 2.3 The Key Cycles Under the Squaring Operation . 37 3.1 Four Points on the Time/Memory/Data Tradeoff Curve for a Ciphertext- Only attack on A5/1 . 62 4.1 Comparison Between Our Attacks and Passive Attacks of Previous Works . 102 4.2 A Comparison of Distribution Tables for d = 4 . 108 4.3 The Pattern Table for d = 4 and the Frame Clock Symbol 00112 . 112 4.4 The United Pattern Table for d = 4 and the Frame Clock Symbol 00112 113 5.1 Experiments Results of the Stretching Algorithm . 140 v Technion - Computer Science Department - Ph.D. Thesis PHD-2006-04 - 2006 List of Figures 3.1 The Internal Structure of A5/2 . 44 3.2 The Key Setup of A5/2 . 45 3.3 The Man-in-the-Middle Attack . 68 3.4 A TDMA frame . 78 3.5 The coding of COUNT . 79 3.6 The SDCCH/8 channel — downlink. 80 3.7 The SDCCH/8 channel — uplink.
Load more

Recommended publications
  • The Design of Rijndael: AES - the Advanced Encryption Standard/Joan Daemen, Vincent Rijmen
    Joan Daernen · Vincent Rijrnen Theof Design Rijndael AES - The Advanced Encryption Standard With 48 Figures and 17 Tables Springer Berlin Heidelberg New York Barcelona Hong Kong London Milan Paris Springer TnL-1Jn Joan Daemen Foreword Proton World International (PWI) Zweefvliegtuigstraat 10 1130 Brussels, Belgium Vincent Rijmen Cryptomathic NV Lei Sa 3000 Leuven, Belgium Rijndael was the surprise winner of the contest for the new Advanced En­ cryption Standard (AES) for the United States. This contest was organized and run by the National Institute for Standards and Technology (NIST) be­ ginning in January 1997; Rij ndael was announced as the winner in October 2000. It was the "surprise winner" because many observers (and even some participants) expressed scepticism that the U.S. government would adopt as Library of Congress Cataloging-in-Publication Data an encryption standard any algorithm that was not designed by U.S. citizens. Daemen, Joan, 1965- Yet NIST ran an open, international, selection process that should serve The design of Rijndael: AES - The Advanced Encryption Standard/Joan Daemen, Vincent Rijmen. as model for other standards organizations. For example, NIST held their p.cm. Includes bibliographical references and index. 1999 AES meeting in Rome, Italy. The five finalist algorithms were designed ISBN 3540425802 (alk. paper) . .. by teams from all over the world. 1. Computer security - Passwords. 2. Data encryption (Computer sCIence) I. RIJmen, In the end, the elegance, efficiency, security, and principled design of Vincent, 1970- II. Title Rijndael won the day for its two Belgian designers, Joan Daemen and Vincent QA76.9.A25 D32 2001 Rijmen, over the competing finalist designs from RSA, IBl\!I, Counterpane 2001049851 005.8-dc21 Systems, and an English/Israeli/Danish team.
    [Show full text]
  • MERGING+ANUBIS User Manual
    USER MANUAL V27.09.2021 2 Contents Thank you for purchasing MERGING+ANUBIS ........................................................................................... 6 Important Safety and Installation Instructions ........................................................................................... 7 Product Regulatory Compliance .................................................................................................................... 9 MERGING+ANUBIS Warranty Information................................................................................................ 11 INTRODUCTION .............................................................................................................................................. 12 Package Content ........................................................................................................................................ 12 OVERVIEW ................................................................................................................................................... 13 MERGING+ANUBIS VARIANTS AND KEY FEATURES ........................................................................ 13 ABOUT RAVENNA ...................................................................................................................................... 16 MISSION CONTROL - MODULAR BY SOFTWARE ............................................................................... 16 MERGING+ANUBIS panels description ....................................................................................................
    [Show full text]
  • Optimization of AES Encryption Algorithm with S- Box
    International Journal of Engineering Research and Technology. ISSN 0974-3154 Volume 6, Number 2 (2013), pp. 259-268 © International Research Publication House http://www.irphouse.com Optimization of AES Encryption Algorithm with S- Box Dr. J. Abdul Jaleel1, Anu Assis2 and Sherla A.3 Dept. Of Electrical and Electronics Engineering1,3, Dept. Of Electronics and Communication2 [email protected], [email protected] [email protected] Abstract In any wireless communication, security is crucial during data transmission. The encryption and decryption of data is the major challenge faced in the wireless communication for security of the data. These algorithms are used to ensure the security in the transmission channels. Similarly hardware utilization and power consumption are another major things to be considered since most of the mobile terminals are battery operated. In this paper, we use the Advanced Encryption Standard (AES) which works on a 128 bit data encrypting it with 128, 192 or 256 bits of keys for ensuring security. In this paper, we compare AES encryption with two different S-Boxes: S-box with 256 byte lookup table (Rijndael S-Box) and AES with 16 byte S-Box (Anubis S-Box). Optimized and synthesized VHDL code is used for AES encryption. Xilinx ISE 13.2i software is used for VHDL code implementation and Modelsim simulator is used for the simulation. Keywords: AES(Advanced Encryption Standard ), Rijndael, Cryptography, VHDL. Introduction As we move into twenty-first century, almost all information processing and telecommunication are in digital formats. In any wireless communication, security is crucial during data transmission. The encryption and decryption of data is the major challenge faced in the wireless communication for security of the data.
    [Show full text]
  • Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1
    International Journal of Grid and Distributed Computing Vol. 10, No. 11 (2017), pp.79-98 http://dx.doi.org/10.14257/ijgdc.2017.10.11.08 Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1 Rahul Saha1, G. Geetha2, Gulshan Kumar3 and Hye-Jim Kim4 1,3School of Computer Science and Engineering, Lovely Professional University, Punjab, India 2Division of Research and Development, Lovely Professional University, Punjab, India 4Business Administration Research Institute, Sungshin W. University, 2 Bomun-ro 34da gil, Seongbuk-gu, Seoul, Republic of Korea Abstract Cryptography has always been a core component of security domain. Different security services such as confidentiality, integrity, availability, authentication, non-repudiation and access control, are provided by a number of cryptographic algorithms including block ciphers, stream ciphers and hash functions. Though the algorithms are public and cryptographic strength depends on the usage of the keys, the ciphertext analysis using different functions and operations used in the algorithms can lead to the path of revealing a key completely or partially. It is hard to find any survey till date which identifies different operations and functions used in cryptography. In this paper, we have categorized our survey of cryptographic functions and operations in the algorithms in three categories: block ciphers, stream ciphers and cryptanalysis attacks which are executable in different parts of the algorithms. This survey will help the budding researchers in the society of crypto for identifying different operations and functions in cryptographic algorithms. Keywords: cryptography; block; stream; cipher; plaintext; ciphertext; functions; research problems 1. Introduction Cryptography [1] in the previous time was analogous to encryption where the main task was to convert the readable message to an unreadable format.
    [Show full text]
  • Cryptanalysis of Feistel Networks with Secret Round Functions ⋆
    Cryptanalysis of Feistel Networks with Secret Round Functions ? Alex Biryukov1, Gaëtan Leurent2, and Léo Perrin3 1 [email protected], University of Luxembourg 2 [email protected], Inria, France 3 [email protected], SnT,University of Luxembourg Abstract. Generic distinguishers against Feistel Network with up to 5 rounds exist in the regular setting and up to 6 rounds in a multi-key setting. We present new cryptanalyses against Feistel Networks with 5, 6 and 7 rounds which are not simply distinguishers but actually recover completely the unknown Feistel functions. When an exclusive-or is used to combine the output of the round function with the other branch, we use the so-called yoyo game which we improved using a heuristic based on particular cycle structures. The complexity of a complete recovery is equivalent to O(22n) encryptions where n is the branch size. This attack can be used against 6- and 7-round Feistel n−1 n Networks in time respectively O(2n2 +2n) and O(2n2 +2n). However when modular addition is used, this attack does not work. In this case, we use an optimized guess-and-determine strategy to attack 5 rounds 3n=4 with complexity O(2n2 ). Our results are, to the best of our knowledge, the first recovery attacks against generic 5-, 6- and 7-round Feistel Networks. Keywords: Feistel Network, Yoyo, Generic Attack, Guess-and-determine 1 Introduction The design of block ciphers is a well researched area. An overwhelming majority of modern block ciphers fall in one of two categories: Substitution-Permutation Networks (SPN) and Feistel Networks (FN).
    [Show full text]
  • Design and Analysis of Lightweight Block Ciphers : a Focus on the Linear
    Design and Analysis of Lightweight Block Ciphers: A Focus on the Linear Layer Christof Beierle Doctoral Dissertation Faculty of Mathematics Ruhr-Universit¨atBochum December 2017 Design and Analysis of Lightweight Block Ciphers: A Focus on the Linear Layer vorgelegt von Christof Beierle Dissertation zur Erlangung des Doktorgrades der Naturwissenschaften an der Fakult¨atf¨urMathematik der Ruhr-Universit¨atBochum Dezember 2017 First reviewer: Prof. Dr. Gregor Leander Second reviewer: Prof. Dr. Alexander May Date of oral examination: February 9, 2018 Abstract Lots of cryptographic schemes are based on block ciphers. Formally, a block cipher can be defined as a family of permutations on a finite binary vector space. A majority of modern constructions is based on the alternation of a nonlinear and a linear operation. The scope of this work is to study the linear operation with regard to optimized efficiency and necessary security requirements. Our main topics are • the problem of efficiently implementing multiplication with fixed elements in finite fields of characteristic two. • a method for finding optimal alternatives for the ShiftRows operation in AES-like ciphers. • the tweakable block ciphers Skinny and Mantis. • the effect of the choice of the linear operation and the round constants with regard to the resistance against invariant attacks. • the derivation of a security argument for the block cipher Simon that does not rely on computer-aided methods. Zusammenfassung Viele kryptographische Verfahren basieren auf Blockchiffren. Formal kann eine Blockchiffre als eine Familie von Permutationen auf einem endlichen bin¨arenVek- torraum definiert werden. Eine Vielzahl moderner Konstruktionen basiert auf der wechselseitigen Anwendung von nicht-linearen und linearen Abbildungen.
    [Show full text]
  • Cerberus.Pdf
    (lP,IIP,U' By Gaynor Borade Greek mythology comprises a huge pantheon, extensive use of anthropomorphism and mythical creatures that ore symbotic. Cerberus, the three headed dog was believed to be the guardian of the reotm of death, or Hades. Cerberus, it was believed, prevented those who crossed the river of death, Styx, from escoping. River Styx was supposed to be the boundory belween the Underworld and Earth. Greek mythology propounded thot Hodes or ihe Underworld wos encircled nine times by River Styx and thot the rivers Phlegethon, Cocytus, Lelhe, Eridanos and Acheron converged with Styx on the 'Great Marsh'. Cerberus guorded the Great Marsh. Importance of Styx in Greek Mythotogy: Hades ond Persephone were believed to be the mortol portals in the Underworld. This reotm wos atso home to Phlegyos or guardian of the River Phlegethon, Charon or Kharon, the ferrymon, ond the living waters of Styx. Styx wos believed to have miraculous powers thot could make o person immorfol, resulting in the grove need for it to be guorded. This reolm relates to the concept of 'hel[' in Christianity and the 'Paradise losf', in the Iiterary genius of 'The Divine Comedy'. In Greek myihology, the ferrymon Charon was in charge of iransporting souls across the Styx, into the Underworld. Here, it was believed thaf the sullen were drowned in Sfyx's muddy waters. Cerberus:The Guardion Cerberus, the mythical guordian of River Styx has been immorlalized through many works of ancient Greek liferoture, ort ond orchitecture. Cerberus is easity recognizabte among the other members of the pontheon due to his three heads.
    [Show full text]
  • Statistical Cryptanalysis of Block Ciphers
    STATISTICAL CRYPTANALYSIS OF BLOCK CIPHERS THÈSE NO 3179 (2005) PRÉSENTÉE À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS Institut de systèmes de communication SECTION DES SYSTÈMES DE COMMUNICATION ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES PAR Pascal JUNOD ingénieur informaticien dilpômé EPF de nationalité suisse et originaire de Sainte-Croix (VD) acceptée sur proposition du jury: Prof. S. Vaudenay, directeur de thèse Prof. J. Massey, rapporteur Prof. W. Meier, rapporteur Prof. S. Morgenthaler, rapporteur Prof. J. Stern, rapporteur Lausanne, EPFL 2005 to Mimi and Chlo´e Acknowledgments First of all, I would like to warmly thank my supervisor, Prof. Serge Vaude- nay, for having given to me such a wonderful opportunity to perform research in a friendly environment, and for having been the perfect supervisor that every PhD would dream of. I am also very grateful to the president of the jury, Prof. Emre Telatar, and to the reviewers Prof. em. James L. Massey, Prof. Jacques Stern, Prof. Willi Meier, and Prof. Stephan Morgenthaler for having accepted to be part of the jury and for having invested such a lot of time for reviewing this thesis. I would like to express my gratitude to all my (former and current) col- leagues at LASEC for their support and for their friendship: Gildas Avoine, Thomas Baign`eres, Nenad Buncic, Brice Canvel, Martine Corval, Matthieu Finiasz, Yi Lu, Jean Monnerat, Philippe Oechslin, and John Pliam. With- out them, the EPFL (and the crypto) would not be so fun! Without their support, trust and encouragement, the last part of this thesis, FOX, would certainly not be born: I owe to MediaCrypt AG, espe- cially to Ralf Kastmann and Richard Straub many, many, many hours of interesting work.
    [Show full text]
  • Hardware Performance Characterization of Block Cipher Structures∗
    Hardware Performance Characterization of Block Cipher Structures∗ Lu Xiao and Howard M. Heys Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial University of Newfoundland St. John's, NF, Canada A1B 3X5 fxiao, [email protected] Abstract In this paper, we present a general framework for evaluating the performance char- acteristics of block cipher structures composed of S-boxes and Maximum Distance Sep- arable (MDS) mappings. In particular, we examine nested Substitution-Permutation Networks (SPNs) and Feistel networks with round functions composed of S-boxes and MDS mappings. Within each cipher structure, many cases are considered based on two types of S-boxes (i.e., 4×4 and 8×8) and parameterized MDS mappings. In our study of each case, the hardware complexity and performance are analyzed. Cipher security, in the form of resistance to differential, linear, and Square attacks, is used to deter- mine the minimum number of rounds required for a particular parameterized structure. Because the discussed structures are similar to many existing ciphers (e.g., Rijndael, Camellia, Hierocrypt, and Anubis), the analysis provides a meaningful mechanism for seeking efficient ciphers through a wide comparison of performance, complexity, and security. 1 Introduction In product ciphers like DES [1] and Rijndael [2], the concepts of confusion and diffusion are vital to security. The Feistel network and the Substitution-Permutation Network (SPN) are two typical architectures to achieve this. In both architectures, Substitution-boxes (S- boxes) are typically used to perform substitution on small sub-blocks. An S-box is a nonlinear mapping from input bits to output bits, which meets many security requirements.
    [Show full text]
  • Constructions of Involutions Over Finite Fields
    Constructions of involutions over finite fields Dabin Zheng1 Mu Yuan1 Nian Li1 Lei Hu2 Xiangyong Zeng1 1 Hubei Key Laboratory of Applied Mathematics, Faculty of Mathematics and Statistics, Hubei University, Wuhan 430062, China 2 Institute of Information Engineering, CAS, Beijing 100093, China Abstract An involution over finite fields is a permutation polynomial whose inverse is itself. Owing to this property, involutions over finite fields have been widely used in applications such as cryptography and coding theory. As far as we know, there are not many involutions, and there isn’t a general way to construct involutions over finite fields. This paper gives a necessary and sufficient condition for the r s polynomials of the form x h(x ) ∈ Fq[x] to be involutions over the finite field Fq, where r ≥ 1 and s | (q − 1). By using this criterion we propose a general method r s to construct involutions of the form x h(x ) over Fq from given involutions over F∗ the corresponding subgroup of q . Then, many classes of explicit involutions of r s the form x h(x ) over Fq are obtained. Key Words permutation polynomial, involution, block cipher 1 Introduction F F∗ Let q be a power of a prime. Let q be a finite field with q elements and q de- note its multiplicative group. A polynomial f(x) ∈ Fq[x] is called a permutation polynomial if its associated polynomial mapping f : c 7→ f(c) from Fq to itself is a bijection. Moreover, f is called an involution if the compositional inverse of f is itself.
    [Show full text]
  • Pharaoh's Scribe
    June 2020 Pharaoh’s Scribe The Newsletter of the Pharaoh Hound Club of America In this issue: Page 2 President’s Message Page 6 New Members Page 9 AKC News Page 15 CODE of ETHICS Page 23 & 28 AKC Titles Page 24 Points Schedule Page 31 Memorable Page 33 Financial Report Page 35 Candids Her courage was her crown, and she wore it like a Queen. The PHARAOHS SCRIBE is the official newsletter of the Pharaoh Hound Club of America, Inc. and is published four (4) times a year on a quarterly basis. The opinions within are those of the writers and do not necessarily represent the views of the PHCA. This publication is available to members in good standing of the Pharaoh Hound Club of America only. Pharaoh Scribe June 2020 President’s Message Hello All: I hope you and yours are doing well. As many of you know, there were some lengthy discussions regarding the 2020 PHCA National and Eastern Regional Specialties. The conversation was at times heated and not always nice, productive or constructive. It did, however, provide us - and by that I mean the collective "us" - both the Board of Directors and the membership - with some lessons that we can take away from the entire unfortunate situation. First of all, we shouldn't ALWAYS assume we know the motives behind the other side in a disagreement. If uncertain, we should ask those questions that are nagging at us or that we find suspect, instead of attributing the worst possible motive and running with it. Secondly, we should ALL remain open to communications - once one side assumes a position or draws the proverbial "line in the sand" any effective opportunity for further communication or compromise has been lost.
    [Show full text]
  • GNU Anubis an SMTP Message Submission Daemon
    GNU Anubis An SMTP message submission daemon. GNU Anubis Version 4.2.90 6 June 2020 Wojciech Polak and Sergey Poznyakoff Copyright c 2001, 2002, 2003, 2004, 2007, 2008, 2009, 2011, 2014 Wojciech Polak and Sergey Poznyakoff. Permission is granted to copy, distribute and/or modify this document un- der the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with the Front-Cover texts being “A GNU Manual”, and with the Back-Cover Texts as in (a) below. A copy of the license is included in the section entitled “GNU Free Documentation License”. (a) The FSF’s Back-Cover Text is: “You have freedom to copy and modify this GNU Manual, like GNU software. Copies published by the Free Software Foundation raise funds for GNU development.” i Short Contents 1 Overview ............................................ 1 2 Glossary of Frequently Used Terms ....................... 3 3 Authentication ....................................... 5 4 Configuration ....................................... 15 5 The Rule System .................................... 27 6 Invoking GNU Anubis ................................ 45 7 Quick Start ......................................... 47 8 Using the TLS/SSL Encryption ......................... 49 9 Using S/MIME Signatures ............................. 51 10 Using Anubis to Process Incoming Mail .................. 53 11 Using Mutt with Anubis............................... 55 12 Reporting Bugs .....................................
    [Show full text]