DOCSLIB.ORG

Fpga-Targeted Hardware Implementations of K2

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Fpga-Targeted Hardware Implementations of K2 FPGA-TARGETED HARDWARE IMPLEMENTATIONS OF K2 Shinsaku Kiyomoto, Toshiaki Tanaka KDDI R & D Laboratories Inc., 2-1-15 Ohara Fujimino-shi Saitama 356-8502, Japan Kouichi Sakurai Kyushu University, 744 Motooka Nishi-ku Fukuoka 819-0395, Japan Keywords: Stream Cipher, K2, Pseudorandom Generator, Hardware Implementation, FPGA. Abstract: K2 is a new type of word oriented stream cipher that has dynamic feedback control. Existing research has shown that K2 v2.0 is a high performance stream cipher in software implementations and can be used in several applications. However, no evaluation results for its performance in hardware implementations have been published. In this paper, we presented two hardware implementations of K2 v2.0: a high speed implementation and a compact implementation. We then show the evaluation results on FPGA implementation simulations. The implementations of K2 demonstrated high efficiency compared with other stream ciphers, with K2 being 4-10 times higher than AES implementations. We think that the FPGA implementation of K2 is suitable for applications using high speed encryption/decryption. 1 INTRODUCTION tions. On the eSTREAM project 2, many evaluation results of hardware performances of stream ciphers Stream ciphers are used extensively to provide a re- have been reported. liable, efficient method for secure communications. K2 (Kiyomoto et al., 2007b) (Kiyomoto et al., A basic stream cipher uses several independent linear 2007a) is a new word-oriented stream cipher us- feedback shift registers (LFSRs) together with non- ing dynamic feedback control as irregular clocking. linear functions in order to produce a keystream. The The stream cipher has a dynamic feedback control keystream is then XORed with plaintext to produce mechanism for the byte-level feedback function of a ciphertext. Recently, word-oriented stream ciphers FSRs and realizes fast encryption/decryptionfor soft- have been developed in order to improve the perfor- ware implementations. Several cryptographic algo- mance of software implementations. In the NESSIE rithms have been considered hardware implementa- project 1, many word-oriented stream ciphers were tions (Rodr´ıguez-Henr´ıquez et al., 2007). Existing re- proposed, such as SNOW(Ekdahl and Johansson, search has shown that K2 v2.0 is a secure and high- 2000) and SOBER(Rose and Hawkes, 1999), and performance stream cipher in software implementa- demonstrated good performance in software. tions and can be used in several applications. How- The need for secure data exchange becomes im- ever, no evaluation results for the performance of portant not only for high-end PCs but also low-end hardware implementations have been published. In customer products. Most of low-end devices require this paper, we presented two hardware implementa- an additional hardware implementations for encryp- tions of K2 v2.0: a high speed implementation and tion/decryption of transaction data. Efficient hard- a compact implementation. We then show their eval- ware implementations of stream ciphers are impor- uation results on FPGA implementations. The eval- tant in both high-performanceand low-power applica- uation results suggested that the cipher is faster than existing ciphers and attains a reasonable level of ef- 1New European Schemes for Signatures, Integrity, and Encryption (NESSIE), https://www.cosic.esat. 2ECRYPT eSTREAM http://www.ecrypt.eu.org/ kuleuven.be/nessie/ stream/ 270 Kiyomoto S., Tanaka T. and Sakurai K. (2008). FPGA-TARGETED HARDWARE IMPLEMENTATIONS OF K2. In Proceedings of the International Conference on Security and Cryptography, pages 270-277 DOI: 10.5220/0001917002700277 Copyright c SciTePress FPGA-TARGETED HARDWARE IMPLEMENTATIONS OF K2 ficiency. We think that the FPGA implementation of K2 is suitable for applications using high speed en- cryption/decryption. 0 2 STREAM CIPHER K2 V2.0 At FSR-A At+4 Dynamic Feedback In this section, we describe the stream cipher algo- Controller rithm K2 v2.0 (Kiyomoto et al., 2007a), which has a dynamic feedback control mechanism. 1 1 2.1 Linear Feedback Shift Registers or or 3 2 The K2 v2.0 stream cipher consists of two feedback shift registers (FSRs), FSR-A and FSR-B, a non-linear Bt+10 FSR-B Bt function with four internal registers R1, R2, L1, and L2, and a dynamic feedback controller as shown in Fig. 1. FSR-B is a dynamic feedback shift register. The size of each register is 32 bits. FSR-A has five Non-Linear Function registers, and FSR-B has eleven registers. Let β be the roots of the primitive polynomial; H L z t z t x8 + x7 + x6 + x + 1 ∈ GF(2)[x] Keystream (64bits) Figure 1: K2 v2.0 Stream Cipher. A byte string y denotes (y7,y6,...,y1,y0), where y7 is the most significant bit and y0 is the least significant bit. y is represented by x4 + δ34x3 + δ16x2 + δ199x + δ248 ∈ GF(28)[x] 7 6 4 ζ157 3 ζ253 2 ζ56 ζ16 8 y = y7β + y6β + ... + y1β + y0 x + x + x + x + ∈ GF(2 )[x] In the same way, let γ, δ, ζ be the roots of the primitive respectively. polynomials, The feedback polynomials fA(x), and fB(x) of FSR-A and FSR-B, respectively, are as follows; x8 + x5 + x3 + x2 + 1 ∈ GF(2)[x] α 5 2 x8 + x6 + x3 + x2 + 1 ∈ GF(2)[x] fA(x)= 0x + x + 1 8 6 5 2 αcl1t α1−cl1t 11 10 5 αcl2t 3 x + x + x + x + 1 ∈ GF(2)[x] fB(x) = ( 1 + 2 −1)x +x +x + 3 x +1 respectively. Let cl1 and cl2 be the sequences describing the output Let α0 be the root of the irreducible polynomial of of the dynamic feedback controller. The outputs at degree four time t are defined in terms of some bits of FSR-A. Let Ax denote the output of FSR-A at time x, and Ax[y]= {0,1} denote the yth bit of Ax, where Ax[31] is the x4 + β24x3 + β3x2 + β12x + β71 ∈ GF(28)[x] most significant bit of Ax. Then cl1 and cl2 (called clock control bits) are described as follows; A 32-bit string Y denotes (Y3,Y2,Y1,Y0), where Yi is a byte string and Y is the most significant byte. Y is 3 cl1 = A [30], cl2 = A [31] represented by t t+2 t t+2 3 2 Both cl1t and cl2t are binary variables; more pre- Y = Y3α +Y2α +Y1α0 +Y0 0 0 cisely, cl1t = {0,1}, and cl2t = {0,1}. Stop-and-go clocking is effective in terms of computational cost, Let α1, α2, α3 be the roots of the irreducible polyno- mials of degree four because no computation is required in the case of 0. However, the feedback function has no transfor- mation for feedback registers with a probability 1/4 x4 + γ230x3 + γ156x2 + γ93x + γ29 ∈ GF(28)[x] where all clockings are stop-and-go clockings. Thus, 271 SECRYPT 2008 - International Conference on Security and Cryptography we use two types of clocking for the feedback func- FSR-A tion. FSR-B is defined by a primitive polynomial, 0 2 4 where cl2t = 0. Dynamic Feedback Controller 2.2 Nonlinear Function FSR-B 10 9 4 0 The non-linear function of K2 v2.0 is fed the values of two registers of FSR-A and four registers of FSR- B and that of internal registers R1, R2, L1, L2, and L2 R2 outputs 64 bits of the keystream every cycle. Fig. 2 shows the non-linear function of K2 v2.0. The non- Sub Sub Sub Sub linear function includes four substitution steps that are indicated by Sub. L1 R1 The Sub step divides the 32-bit input string into four 1-byte strings and applies a non-linear permuta- tion to each byte using an 8-to-8 bit substitution, and then applies a 32-to-32 bit linear permutation. The 8-to-8 bit substitution is the same as s-boxes of AES (Daemen and Rijmen, 1998), and the permutation is the same as AES Mix Column operation. The 8-to- 8 bit substitution consists of two functions: g and Keystream (64bits) f . The g calculates the multiplicative inverse modulo Figure 2: Non-Linear Function of K2 v2.0. of the irreducible polynomial m(x)= x8 + x4 + x3 + x + 1 without 0x00, and 0x00 is transformed to itself H ⊞ (0x00). f is an affine transformation defined by; zt = Bt+10 L2t ⊕ L1t ⊕ At b7 11111000 a7 0 where Ax and Bx denote outputs of FSR-A and FSR- b6 01111100 a6 1 b 00111110 a 1 B at time x, and R1x, R2x, L1x, and L2x denote the 5 5 b 00011111 a 0 internal registers at time x. The symbol ⊕ denotes 4 = × 4 ⊕ ⊞ b3 10001111 a3 0 bitwise exclusive-or operation and the symbol de- b2 11000111 a2 0 notes a 32-bit addition. Finally, the internal registers b1 11100011 a1 1 are updated as follows; b0 11110001 a0 1 where a = (a7,...,a0) is the input and b = (b7,...,b0) R1t+1 = Sub(L2t ⊞ Bt+9), R2t+1 = Sub(R1t) is the output, and a0 and b0 are the least significant bit (LSB). L1t+1 = Sub(R2t ⊞ Bt+4), L2t+1 = Sub(L1t) Let C be (c3,c2,c1,c0) and output D be (d ,d ,d ,d ), where c , d are 8-bit values. The lin- 3 2 1 0 i i where Sub(X) is an output of the Sub step for X. ear permutation D = p(C) is described as follows; d0 02 03 01 01 c0 2.4 Initialization Process d 01 02 03 01c 1 = 1 d 01 01 02 03 c 2 2 d3 03 01 01 02c3 The initialization process of K2 v2.0 consists of two steps, a key loading step and an internal state 8 8 in GF(2 ) of the irreducible polynomial m(x)= x + initialization step.
Load more

Recommended publications
  • Hardness Evaluation of Solving MQ Problems
    MQ Challenge: Hardness Evaluation of Solving MQ Problems Takanori Yasuda (ISIT), Xavier Dahan (ISIT), Yun-Ju Huang (Kyushu Univ.), Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ., ISIT) This work was supported by “Strategic Information and Communications R&D Promotion Programme (SCOPE), no. 0159-0091”, Ministry of Internal Affairs and Communications, Japan. The first author is supported by Grant-in-Aid for Young Scientists (B), Grant number 24740078. Fukuoka MQ challenge MQ challenge started on April 1st. https://www.mqchallenge.org/ ETSI Quantum Safe Workshop 2015/4/3 2 Why we need MQ challenge? • Several public key cryptosystems held contests which solve the associated basic mathematical problems. o RSA challenge(RSA Laboratories), ECC challenge(Certicom), Lattice challenge(TU Darmstadt) • Lattice challenge (http://www.latticechallenge.org/) o Target: Short vector problem o 2008 – now continued • Multivariate public-key cryptsystem (MPKC) also need to evaluate the current state-of-the-art in practical MQ problem solvers. We planed to hold MQ challenge. ETSI Quantum Safe Workshop 2015/4/3 3 Multivariate Public Key Cryptosystem (MPKC) • Advantage o Candidate for post-quantum cryptography o Used for both encryption and signature schemes • Encryption: Simple Matrix scheme (ABC scheme), ZHFE scheme • Signature: UOV, Rainbow o Efficient encryption and decryption and signature generation and verification. • Problems o Exact estimate of security of MPKC schemes o Huge length of secret and public keys in comparison with RSA o New application and function ETSI Quantum Safe Workshop 2015/4/3 4 MQ problem MPKC are public key cryptosystems whose security depends on the difficulty in solving a system of multivariate quadratic polynomials with coefficients in a finite field .
    [Show full text]
  • Side Channel Analysis Attacks on Stream Ciphers
    Side Channel Analysis Attacks on Stream Ciphers Daehyun Strobel 23.03.2009 Masterarbeit Ruhr-Universität Bochum Lehrstuhl Embedded Security Prof. Dr.-Ing. Christof Paar Betreuer: Dipl.-Ing. Markus Kasper Erklärung Ich versichere, dass ich die Arbeit ohne fremde Hilfe und ohne Benutzung anderer als der angegebenen Quellen angefertigt habe und dass die Arbeit in gleicher oder ähnlicher Form noch keiner anderen Prüfungsbehörde vorgelegen hat und von dieser als Teil einer Prüfungsleistung angenommen wurde. Alle Ausführungen, die wörtlich oder sinngemäß übernommen wurden, sind als solche gekennzeichnet. Bochum, 23.März 2009 Daehyun Strobel ii Abstract In this thesis, we present results from practical differential power analysis attacks on the stream ciphers Grain and Trivium. While most published works on practical side channel analysis describe attacks on block ciphers, this work is among the first ones giving report on practical results of power analysis attacks on stream ciphers. Power analyses of stream ciphers require different methods than the ones used in todays most popular attacks. While for the majority of block ciphers it is sufficient to attack the first or last round only, to analyze a stream cipher typically the information leakages of many rounds have to be considered. Furthermore the analysis of hardware implementations of stream ciphers based on feedback shift registers inevitably leads to methods combining algebraic attacks with methods from the field of side channel analysis. Instead of a direct recovery of key bits, only terms composed of several key bits and bits from the initialization vector can be recovered. An attacker first has to identify a sufficient set of accessible terms to finally solve for the key bits.
    [Show full text]
  • Petawatt and Exawatt Class Lasers Worldwide
    Petawatt and exawatt class lasers worldwide Colin Danson, Constantin Haefner, Jake Bromage, Thomas Butcher, Jean-Christophe Chanteloup, Enam Chowdhury, Almantas Galvanauskas, Leonida Gizzi, Joachim Hein, David Hillier, et al. To cite this version: Colin Danson, Constantin Haefner, Jake Bromage, Thomas Butcher, Jean-Christophe Chanteloup, et al.. Petawatt and exawatt class lasers worldwide. High Power Laser Science and Engineering, Cambridge University Press, 2019, 7, 10.1017/hpl.2019.36. hal-03037682 HAL Id: hal-03037682 https://hal.archives-ouvertes.fr/hal-03037682 Submitted on 3 Dec 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. High Power Laser Science and Engineering, (2019), Vol. 7, e54, 54 pages. © The Author(s) 2019. This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/ licenses/by/4.0/), which permits unrestricted re-use, distribution, and reproduction in any medium, provided the original work is properly cited. doi:10.1017/hpl.2019.36 Petawatt and exawatt class lasers worldwide Colin N. Danson1;2;3, Constantin Haefner4;5;6, Jake Bromage7, Thomas Butcher8, Jean-Christophe F. Chanteloup9, Enam A. Chowdhury10, Almantas Galvanauskas11, Leonida A.
    [Show full text]
  • Hardware Implementation of Four Byte Per Clock RC4 Algorithm Rourab Paul, Amlan Chakrabarti, Senior Member, IEEE, and Ranjan Ghosh
    JOURNAL OF LATEX CLASS FILES, VOL. 6, NO. 1, JANUARY 2007 1 Hardware Implementation of four byte per clock RC4 algorithm Rourab Paul, Amlan Chakrabarti, Senior Member, IEEE, and Ranjan Ghosh, Abstract—In the field of cryptography till date the 2-byte in 1-clock is the best known RC4 hardware design [1], while 1-byte in 1-clock [2], and the 1-byte in 3 clocks [3][4] are the best known implementation. The design algorithm in[2] considers two consecutive bytes together and processes them in 2 clocks. The design [1] is a pipelining architecture of [2]. The design of 1-byte in 3-clocks is too much modular and clock hungry. In this paper considering the RC4 algorithm, as it is, a simpler RC4 hardware design providing higher throughput is proposed in which 6 different architecture has been proposed. In design 1, 1-byte is processed in 1-clock, design 2 is a dynamic KSA-PRGA architecture of Design 1. Design 3 can process 2 byte in a single clock, where as Design 4 is Dynamic KSA-PRGA architecture of Design 3. Design 5 and Design 6 are parallelization architecture design 2 and design 4 which can compute 4 byte in a single clock. The maturity in terms of throughput, power consumption and resource usage, has been achieved from design 1 to design 6. The RC4 encryption and decryption designs are respectively embedded on two FPGA boards as co-processor hardware, the communication between the two boards performed using Ethernet. Keywords—Computer Society, IEEEtran, journal, LATEX, paper, template.
    [Show full text]
  • *UPDATED Canadian Values 07-04 201 7/26/2016 4:42:21 PM *UPDATED Canadian Values 07-04 202 COIN VALUES: CANADA 02 .0 .0 12
    CANADIAN VALUES By Michael Findlay Large Cents VG-8 F-12 VF-20 EF-40 MS-60 MS-63R 1917 1.00 1.25 1.50 2.50 13. 45. CANADA COIN VALUES: 1918 1.00 1.25 1.50 2.50 13. 45. 1919 1.00 1.25 1.50 2.50 13. 45. 1920 1.00 1.25 1.50 3.00 18. 70. CANADIAN COIN VALUES Small Cents PRICE GUIDE VG-8 F-12 VF-20 EF-40 MS-60 MS-63R GEORGE V All prices are in U.S. dollars LargeL Cents C t 1920 0.20 0.35 0.75 1.50 12. 45. Canadian Coin Values is a comprehensive retail value VG-8 F-12 VF-20 EF-40 MS-60 MS-63R 1921 0.50 0.75 1.50 4.00 30. 250. guide of Canadian coins published online regularly at Coin VICTORIA 1922 20. 23. 28. 40. 200. 1200. World’s website. Canadian Coin Values is provided as a 1858 70. 90. 120. 200. 475. 1800. 1923 30. 33. 42. 55. 250. 2000. reader service to collectors desiring independent informa- 1858 Coin Turn NI NI 2500. 5000. BNE BNE 1924 6.00 8.00 11. 16. 120. 800. tion about a coin’s potential retail value. 1859 4.00 5.00 6.00 10. 50. 200. 1925 25. 28. 35. 45. 200. 900. Sources for pricing include actual transactions, public auc- 1859 Brass 16000. 22000. 30000. BNE BNE BNE 1926 3.50 4.50 7.00 12. 90. 650. tions, fi xed-price lists and any additional information acquired 1859 Dbl P 9 #1 225.
    [Show full text]
  • 9/11 Report”), July 2, 2004, Pp
    Final FM.1pp 7/17/04 5:25 PM Page i THE 9/11 COMMISSION REPORT Final FM.1pp 7/17/04 5:25 PM Page v CONTENTS List of Illustrations and Tables ix Member List xi Staff List xiii–xiv Preface xv 1. “WE HAVE SOME PLANES” 1 1.1 Inside the Four Flights 1 1.2 Improvising a Homeland Defense 14 1.3 National Crisis Management 35 2. THE FOUNDATION OF THE NEW TERRORISM 47 2.1 A Declaration of War 47 2.2 Bin Ladin’s Appeal in the Islamic World 48 2.3 The Rise of Bin Ladin and al Qaeda (1988–1992) 55 2.4 Building an Organization, Declaring War on the United States (1992–1996) 59 2.5 Al Qaeda’s Renewal in Afghanistan (1996–1998) 63 3. COUNTERTERRORISM EVOLVES 71 3.1 From the Old Terrorism to the New: The First World Trade Center Bombing 71 3.2 Adaptation—and Nonadaptation— ...in the Law Enforcement Community 73 3.3 . and in the Federal Aviation Administration 82 3.4 . and in the Intelligence Community 86 v Final FM.1pp 7/17/04 5:25 PM Page vi 3.5 . and in the State Department and the Defense Department 93 3.6 . and in the White House 98 3.7 . and in the Congress 102 4. RESPONSES TO AL QAEDA’S INITIAL ASSAULTS 108 4.1 Before the Bombings in Kenya and Tanzania 108 4.2 Crisis:August 1998 115 4.3 Diplomacy 121 4.4 Covert Action 126 4.5 Searching for Fresh Options 134 5.
    [Show full text]
  • How to Find Short RC4 Colliding Key Pairs
    How to Find Short RC4 Colliding Key Pairs Jiageng Chen ? and Atsuko Miyaji?? School of Information Science, Japan Advanced Institute of Science and Technology, 1-1 Asahidai, Nomi, Ishikawa 923-1292, Japan jg-chen, miyaji @jaist.ac.jp { } Abstract. The property that the stream cipher RC4 can generate the same keystream outputs under two di↵erent secret keys has been discov- ered recently. The principle that how the two di↵erent keys can achieve a collision is well known by investigating the key scheduling algorithm of RC4. However, how to find those colliding key pairs is a di↵erent story, which has been largely remained unexploited. Previous researches have demonstrated that finding colliding key pairs becomes more difficult as the key size decreases. The main contribution of this paper is propos- ing an efficient searching algorithm which can successfully find 22-byte colliding key pairs, which are by far the shortest colliding key pairs ever found. 1 Introduction The stream cipher RC4 is one of the oldest and most wildly used stream ciphers in the world. It has been deployed to innumerable real world applications including Microsoft Office, Secure Socket Layer (SSL), Wired Equivalent Privacy (WEP), etc. Since its debut in 1994 [1], many cryptanalysis works have been done on it, and many weaknesses have been exploited, such as [5] [6] and [7]. However, if RC4 is used in a proper way, it is still considered to be secure. Thus it is still considered to be a high valuable cryptanalysis target both in the industrial and academic world. In this paper, we focus on exploiting the weakness that RC4 can generate colliding key pairs, namely, two di↵erent keys will result in the same keystream output.
    [Show full text]
  • Stream Cipher Designs: a Review
    SCIENCE CHINA Information Sciences March 2020, Vol. 63 131101:1–131101:25 . REVIEW . https://doi.org/10.1007/s11432-018-9929-x Stream cipher designs: a review Lin JIAO1*, Yonglin HAO1 & Dengguo FENG1,2* 1 State Key Laboratory of Cryptology, Beijing 100878, China; 2 State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China Received 13 August 2018/Accepted 30 June 2019/Published online 10 February 2020 Abstract Stream cipher is an important branch of symmetric cryptosystems, which takes obvious advan- tages in speed and scale of hardware implementation. It is suitable for using in the cases of massive data transfer or resource constraints, and has always been a hot and central research topic in cryptography. With the rapid development of network and communication technology, cipher algorithms play more and more crucial role in information security. Simultaneously, the application environment of cipher algorithms is in- creasingly complex, which challenges the existing cipher algorithms and calls for novel suitable designs. To accommodate new strict requirements and provide systematic scientific basis for future designs, this paper reviews the development history of stream ciphers, classifies and summarizes the design principles of typical stream ciphers in groups, briefly discusses the advantages and weakness of various stream ciphers in terms of security and implementation. Finally, it tries to foresee the prospective design directions of stream ciphers. Keywords stream cipher, survey, lightweight, authenticated encryption, homomorphic encryption Citation Jiao L, Hao Y L, Feng D G. Stream cipher designs: a review. Sci China Inf Sci, 2020, 63(3): 131101, https://doi.org/10.1007/s11432-018-9929-x 1 Introduction The widely applied e-commerce, e-government, along with the fast developing cloud computing, big data, have triggered high demands in both efficiency and security of information processing.
    [Show full text]
  • Copyright Infringement
    COPYRIGHT INFRINGEMENT Mark Miller Jackson Walker L.L.P. 112 E. Pecan, Suite 2400 San Antonio, Texas 78205 (210) 978-7700 [email protected] This paper was first published in the State Bar of Texas Corporate Counsel Section Corporate Counsel Review, Vol. 30, No. 1 (2011) The author appreciates the State Bar’s permission to update and re-publish it. THE AUTHOR Mark Miller is a shareholder with Jackson Walker L.L.P., a Texas law firm with offices in San Antonio, Dallas, Houston, Austin, Ft. Worth, and San Angelo. He is Chair of the firm’s intellectual property section and concentrates on transactions and litigation concerning intellectual property, franchising, and antitrust. Mr. Miller received his B.A. in Chemistry from Austin College in 1974 and his J.D. from St. Mary’s University in 1978. He was an Associate Editor for St. Mary’s Law Journal; admitted to practice before the United States Patent and Trademark Office in 1978; served on the Admissions Committee for the U.S. District Court, Western District of Texas, and been selected as one of the best intellectual property lawyers in San Antonio. He is admitted to practice before the United States Supreme Court, the Federal Circuit Court of Appeals, the United States Court of Appeals for the Fifth and Tenth Circuits, the District Courts for the Western, Southern, and Northern Districts of Texas, and the Texas Supreme Court. He is a member of the American Bar Association’s Forum Committee on Franchising, and the ABA Antitrust Section’s Committee on Franchising. Mr. Miller is a frequent speaker and writer, including “Neglected Copyright Litigation Issues,” State Bar of Texas, Intellectual Property Section, Annual Meeting, 2009, “Unintentional Franchising,” 36 St.
    [Show full text]
  • MQ Challenge: Hardness Evaluation of Solving MQ Problems
    MQ Challenge: Hardness Evaluation of Solving Multivariate Quadratic Problems * * y * z * x Takanori Yasuda Xavier Dahan Yun-Ju Huang Tsuyoshi Takagi * { Kouichi Sakurai Abstract rity of MPKC is thus based on the one-wayness of the multivariate polynomial maps. In the same vein, Multivariate polynomial (MP) problem is the basis of QUAD [3] is a stream cipher (symmetric key cryp­ security for potentially post-quantum cryptosystems. tography) whose security is guaranteed by the one­ The hardness of solving MP problem depends on a wayness of the multivariate polynomial maps. number of parameters, most importantly the number The one-wayness of multivariate polynomial maps of variables and the degree of the polynomials, as resides in the difficulty to find solutions of a system of well as the number of equations, the size of the base multivariate polynomial equations (MP problem). In field etc. When the degree is two, we investigate the particular, if the multivariate polynomials involved in relation among these parameters and the hardness a MP problem consist only of quadratic polynomials, of solving MP problem, in order to construct hard the problem is called MQ problem: instances of MP problem. These instances are X X used to create a challenge, which may be helpful in (1) (1) (1) f1(x1; : : : ; xn) = aij xixj + bi xi + c = d1; determining appropriate parameters for multivariate 1 i j n 1 i n X X (2) (2) public key cryptosystems, and stimulate furthermore (2) f2(x1; : : : ; xn) = aij xixj + bi xi + c = d2; the research in solving MP problem. 1 i j n 1 i n .
    [Show full text]
  • LNCS 4593, Pp
    Analysis of QUAD Bo-Yin Yang1,OwenChia-HsinChen2, Daniel J. Bernstein3, and Jiun-Ming Chen4 1 Academia Sinica and Taiwan Information Security Center [email protected] 2 National Taiwan University [email protected] 3 University of Illinois at Chicago [email protected] 4 Nat’l Taiwan University and Nat’l Cheng Kung University [email protected] Abstract. In a Eurocrypt 2006 article entitled “QUAD: A Practical Stream Cipher with Provable Security,” Berbain, Gilbert, and Patarin introduced QUAD, a parametrized family of stream ciphers. The arti- cle stated that “the security of the novel stream cipher is provably reducible to the intractability of the MQ problem”; this reduction de- duces the infeasibility of attacks on QUAD from the hypothesized infeasi- bility (with an extra looseness factor) of attacks on the well-known hard problem of solving systems of multivariate quadratic equations over fi- nite fields. The QUAD talk at Eurocrypt 2006 reported speeds for QUAD instances with 160-bit state and output block over the fields GF(2), GF(16), and GF(256). This paper discusses both theoretical and practical aspects of attack- ing QUAD and of attacking the underlying hard problem. For example, this paper shows how to use XL-Wiedemann to break the GF(256) instance QUAD(256, 20, 20) in approximately 266 Opteron cycles, and to break the underlying hard problem in approximately 245 cycles. For each of the QUAD parameters presented at Eurocrypt 2006, this analysis shows the implications and limitations of the security proofs, pointing out which QUAD instances are not secure, and which ones will never be proven se- cure.
    [Show full text]
  • Voice Encryption Using Twin Stream Cipher Algorithm تشفير الصوت باستخدام خوارزمية التوأم
    Voice Encryption Using Twin Stream Cipher Algorithm تشفير الصوت باستخدام خوارزمية التوأم اﻻنسيابية Prepared by Omar Mejbel Hammad Aljouani ((401320142)) Supervisor Dr. Hebah H. O. Nasereddin Dr. Abdulkareem O. Ibadi Master Thesis Submitted in Partial Fulfillment of the Requirements of the Master Degree in Computer Science Department of Computer Science Faculty of Information Technology Middle East University Amman - Jordan January - 2016 II ((بسم هللا الرحمن الرحيم(( ّ يَ ْر ف عَََللاَهَا ّل ذي نََآ مَ هنواَ م ْن هك ْمََ وَا ّلَ ذي نََ} ه ه ْ ْ {أَوتواَال عل مََ دَ ر جات ))صدق هللا العظيم(( II III IV Acknowledgment I utilize this opportunity to thank everyone helped me reach this stage and everyone who encourage me during performing this thesis. I want to thank Dr. Hebah H. O. Nasereddin for her guidance and supervision during writing this thesis. Extended thanks are also for my family and friends who encourage me during writing this thesis. I also want to thank everyone who believes that the knowledge is right for everyone. The greatest thank ever to assistant prof. Abdulkareem O. Ibadi, the head of software engineering department at Baghdad College for economic sciences. V Dedication اهدي خﻻصة جهدي العلمي المتواضع الى : قرة عيني الرسول محمد عليه افضل الصﻻة واتم التسليم ...... وطني العراق الجريح .................................... اخي الشهيد الحاضر الغائب صهيب ................... والدي ووالدتي واختي رفاق دربي ومسيرتي ............... كل من كان له بصمة بجهدي العلمي هذا............. كل الشهداء الذين استشهدوا برصاص الغدر والخيانة ...... كل من كان يدعي لي ويوجهني ويتمنى لي الخير ......... جامعة بغداد أخص بها كلية التربية ابن الهيثم ....... اﻻعدادية المركزية للبنين .................. VI Table of Contents AUTHORIZATION STATEMENT ..........................................................
    [Show full text]