DOCSLIB.ORG

A Related Key Attack on the Feistel Type Block Ciphers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Related Key Attack on the Feistel Type Block Ciphers International Journal of Network Security, Vol.8, No.3, PP.221{226, May 2009 221 A Related Key Attack on the Feistel Type Block Ciphers Ali Bagherzandi1;2, Mahmoud Salmasizadeh2, and Javad Mohajeri2 (Corresponding author: Ali Bagherzandi) Computer Engineering Department, Sharif University of Technology1 Electronic Research Center, Sharif University of Technology2 P. O. Box 11155-8639 Azadi Avenue 14588 Tehran, Iran (Email: [email protected]) (Received Jan. 3, 2006; revised and accepted Mar. 3, 2006) Abstract related-key attacks. In order to strengthen DES, several extensions have In this paper we show that Biham's chosen key attack can been developed including Triple-DES, DES-X, Biham- be generalized to include any block cipher and we give a DES, DES-X and NewDES. These extensions improved low complexity chosen key attack on any Feistel type ci- the resistance of DES against exhaustive search, linear pher. Then we show that the irregularities in the shift cryptanalysis and di®erential cryptanalysis; but not any pattern of DES key schedule algorithm is not su±cient signi¯cant improvement has been gained against related- for the cryptosystem to resist against related key attacks. key attacks and several related-key cryptanalysis have We have realized our proposition by a counter example been developed against these extensions [8, 9]. Even in in which the E-box of DES is slightly modi¯ed whiles the case of DES-X there has been introduced some novel other components and among those, the shift pattern in key related attacks [9]. It is believed that the irregularities key schedule algorithm is kept unchanged. We have ap- in the shift pattern of DES key schedule algorithm makes plied a new related key attack on the resulting DES-like DES immune against related key attacks [2]. Recently, it cryptosystem and demonstrated that the security of the has been shown that 1-bit shift in some less number of system decreases drastically. rounds in DES key schedule makes DES vulnerable to a Keywords: Chosen key attack, di®erential related key at- related-key attack [7]. tack, DES, feistel type cipher In this paper we show that Biham's chosen key attack can be generalized to include any block cipher. Though this attack is applicable to the ciphers having block length 1 Introduction less than key size, it leads to a low complexity chosen key attack against any Feistel type cipher. Then we show The major attacks on Feistel type block ciphers fall into that the resistance of DES against di®erential related key three groups of di®erential analysis [1], linear analysis [10] attack is not merely upon the irregularities in the shift and related-key attacks [2]. The related key attack intro- pattern of its key schedule algorithm which is widely be- duced by Biham [2] is a chosen key attack assaulting the lieved since the time it was mentioned in [2]. We have key schedule algorithm of the cipher. In this attack, at- realized our proposition by mounting a di®erential related tacker obtains the encryption of certain plaintexts under key attack similar to that of [7] against a DES-like cipher several keys having certain relationships with each other. with the same key schedule algorithm as the original DES The goal in this type of attack is to reveal the secret key to demonstrate that the security of the system decreases of the cryptosystem and it can be accomplished whenever drastically. Our variant of DES is di®erent from the origi- the attacker can chose the relationship between unknown nal DES in one index of its E-box. This makes it nonsense keys. So, it is best practical on key-exchange protocols to build the immunity of DES against related key attacks where key-integrity is not guaranteed thus an attacker can merely upon shift pattern irregularities. flip the key bits without knowing the key itself [6, 8, 9]. In Section 2 we formalize the chosen key attack and In di®erential related-key attacks [6], the relationship be- give a low complexity attack scenario against Feistel type tween the unknown keys is their di®erence; adversary can ciphers. Then in Section 3 we discuss the original DES choose the di®erence between the keys and seek for the algorithm and its mixed transformation representation keys themselves. The plaintext ciphertext pairs can be in brief and introduce our DES-like encryption scheme. chosen or known which categorizes the related key attack Then in Section 4 we discuss our di®erential related key into two groups of known-related-key attacks and chosen- attack against the proposed DES-like system. International Journal of Network Security, Vol.8, No.3, PP.221{226, May 2009 222 2 Generalized Biham Chosen Key one can found k1 satisfying both conditions above and 0 0 0 consider (c; c ) satisfying c = F (c; k1) since p = F (p; k1), Attack 0 k1 is the ¯rst and last subkey of the keys K and K re- The chosen key attack is based on the observation that spectively. Reversing the encryption process one gets the 0 in many block ciphers we can view the key scheduling al- intermediate encryptions of p one round shifted as that gorithm as a set of algorithms each of which extracts one of p. particular subkey from the subkeys of previous rounds. If n Proposition 2: By 2 2 random n-bit plaintext-ciphertext all the algorithms of extracting the subkeys of the various n pair encrypted under key K and 2 2 plaintext-ciphertext rounds are the same then for a given a key we can shift pair encrypted under key K0 one expects to ¯nd a slid all the subkeys one round backwards and get a new set pair. of valid subkeys which can be derived from some other keys [12]. These keys are called related. The same argu- Proof. Consider plaintexts selected to encrypt under K ment is true for slide attacks introduced in [3, 4]. Slide and K0 as the set X and Y respectively. According to attacks can be viewed as a particular case of related-key birthday paradox the sets X and Y have a common ele- attack in which the relation is between the key and itself ment (so two elements with a determined relation) with a 1 [1]. Extending this idea, in this section, we introduce a probability greater than 2 . Thus, exposing to encryption generalization of chosen key attack to include any block under K and K0 we expect to have a slid pair. cipher and give low complexity attack scenarios against n Feistel type ciphers. Several related key analysis of block Proposition 3: By 2 4 random n-bit plaintext-ciphertext pair of the form Pi = Li k X encrypted under key K by a ciphers can be found in [2, 6, 8, 9]. n Feistel type cipher and 2 4 plaintext-ciphertext pair of the 0 De¯nition 1. (Block cipher): Our abstraction of block form Pj = X k Rj encrypted under key K one expects cipher is a triple C(n; r; K) in which n is the data block to ¯nd a slid pair. length, r the number of rounds and K the underlying key. Proof. Apply the birthday paradox to the half of the data We also write K ! (k1; k2; : : : ; kr) to denote the deriva- block. tion of round keys and F (x; ki) to denote the round func- K tion of C(n; r; K). we also write p!c to indicate the en- Attack model for general case: cryption process. n 2 0 1) Acquire 2 plaintext-ciphertext pair encrypted un- De¯nition 2. (Slid keys): The keys (K; K ) are called n der key K and 2 2 plaintext-ciphertext pair encrypted slid keys if they led to the same derivation of round keys under key K0: but one round out of phase. More formally (K; K0) are 0 0 called slid pairs if 2) For each pair½ ((p; c); (p ; c )) solve the simultaneous F (p; k) = p0 0 equation: K ! (k1; k2; : : : ; kr) () K ! (k2; k3; : : : ; kr; kr+1): F (c; k) = c0 0 If kr+1 = k1 then we call (K; K ) strong slid keys. According to Proposition 1 if the system has solution k then ((p; c); (p0; c0)) is a slid pair. And according to De¯nition 3. (Slid pair): A pair of plaintext-ciphertext Proposition 2 there is at list one slid pair. Thus in worst pairs ((p; c); (p0; c0)) in which p and p0 are encrypted under case performing O(2n) task, one can retrieve k . the keys K and K0 respectively, is called slid pair if: 1 1) (K; K0) are strong slid keys, Attack model for special case of Feistel ciphers: In Feistel ciphers the round function is F (L k R) = 0 2) P = F (P; k1). (R k L © f(R)). So the slid pair can be recognized more easily. Theorem 1. (Birthday Paradox): Let H : M ! C be m n a random function in which jCj = 2 and let X and Y be 1) Acquire 2 2 plaintext-ciphertext pair encrypted un- n two randomly chosen subsets of M with jXj = jY j = n. 2 m der key K and 2 plaintext-ciphertext pair encrypted If n ¸ 2 2 then the probability of ¯nding one collision under key K0. 1 between sets X and Y exceeds 2 . [11] 2) Sort (pi; ci) encrypted with key K according to right Proposition 1: The pair ((p; c); (p0; c0)) is slid pair if and 0 0 halves of pi and ci and sort (pi; ci) encrypted with only if it satis¯es the following conditions.
Load more

Recommended publications
  • Improved Related-Key Attacks on DESX and DESX+
    Improved Related-key Attacks on DESX and DESX+ Raphael C.-W. Phan1 and Adi Shamir3 1 Laboratoire de s´ecurit´eet de cryptographie (LASEC), Ecole Polytechnique F´ed´erale de Lausanne (EPFL), CH-1015 Lausanne, Switzerland [email protected] 2 Faculty of Mathematics & Computer Science, The Weizmann Institute of Science, Rehovot 76100, Israel [email protected] Abstract. In this paper, we present improved related-key attacks on the original DESX, and DESX+, a variant of the DESX with its pre- and post-whitening XOR operations replaced with addition modulo 264. Compared to previous results, our attack on DESX has reduced text complexity, while our best attack on DESX+ eliminates the memory requirements at the same processing complexity. Keywords: DESX, DESX+, related-key attack, fault attack. 1 Introduction Due to the DES’ small key length of 56 bits, variants of the DES under multiple encryption have been considered, including double-DES under one or two 56-bit key(s), and triple-DES under two or three 56-bit keys. Another popular variant based on the DES is the DESX [15], where the basic keylength of single DES is extended to 120 bits by wrapping this DES with two outer pre- and post-whitening keys of 64 bits each. Also, the endorsement of single DES had been officially withdrawn by NIST in the summer of 2004 [19], due to its insecurity against exhaustive search. Future use of single DES is recommended only as a component of the triple-DES. This makes it more important to study the security of variants of single DES which increase the key length to avoid this attack.
    [Show full text]
  • Basic Cryptography
    Basic cryptography • How cryptography works... • Symmetric cryptography... • Public key cryptography... • Online Resources... • Printed Resources... I VP R 1 © Copyright 2002-2007 Haim Levkowitz How cryptography works • Plaintext • Ciphertext • Cryptographic algorithm • Key Decryption Key Algorithm Plaintext Ciphertext Encryption I VP R 2 © Copyright 2002-2007 Haim Levkowitz Simple cryptosystem ... ! ABCDEFGHIJKLMNOPQRSTUVWXYZ ! DEFGHIJKLMNOPQRSTUVWXYZABC • Caesar Cipher • Simple substitution cipher • ROT-13 • rotate by half the alphabet • A => N B => O I VP R 3 © Copyright 2002-2007 Haim Levkowitz Keys cryptosystems … • keys and keyspace ... • secret-key and public-key ... • key management ... • strength of key systems ... I VP R 4 © Copyright 2002-2007 Haim Levkowitz Keys and keyspace … • ROT: key is N • Brute force: 25 values of N • IDEA (international data encryption algorithm) in PGP: 2128 numeric keys • 1 billion keys / sec ==> >10,781,000,000,000,000,000,000 years I VP R 5 © Copyright 2002-2007 Haim Levkowitz Symmetric cryptography • DES • Triple DES, DESX, GDES, RDES • RC2, RC4, RC5 • IDEA Key • Blowfish Plaintext Encryption Ciphertext Decryption Plaintext Sender Recipient I VP R 6 © Copyright 2002-2007 Haim Levkowitz DES • Data Encryption Standard • US NIST (‘70s) • 56-bit key • Good then • Not enough now (cracked June 1997) • Discrete blocks of 64 bits • Often w/ CBC (cipherblock chaining) • Each blocks encr. depends on contents of previous => detect missing block I VP R 7 © Copyright 2002-2007 Haim Levkowitz Triple DES, DESX,
    [Show full text]
  • Related-Key Statistical Cryptanalysis
    Related-Key Statistical Cryptanalysis Darakhshan J. Mir∗ Poorvi L. Vora Department of Computer Science, Department of Computer Science, Rutgers, The State University of New Jersey George Washington University July 6, 2007 Abstract This paper presents the Cryptanalytic Channel Model (CCM). The model treats statistical key recovery as communication over a low capacity channel, where the channel and the encoding are determined by the cipher and the specific attack. A new attack, related-key recovery – the use of n related keys generated from k independent ones – is defined for all ciphers vulnera- ble to single-key recovery. Unlike classical related-key attacks such as differential related-key cryptanalysis, this attack does not exploit a special structural weakness in the cipher or key schedule, but amplifies the weakness exploited in the basic single key recovery. The related- key-recovery attack is shown to correspond to the use of a concatenated code over the channel, where the relationship among the keys determines the outer code, and the cipher and the attack the inner code. It is shown that there exists a relationship among keys for which the communi- cation complexity per bit of independent key is finite, for any probability of key recovery error. This may be compared to the unbounded communication complexity per bit of the single-key- recovery attack. The practical implications of this result are demonstrated through experiments on reduced-round DES. Keywords: related keys, concatenated codes, communication channel, statistical cryptanalysis, linear cryptanalysis, DES Communicating Author: Poorvi L. Vora, [email protected] ∗This work was done while the author was in the M.S.
    [Show full text]
  • Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, Newdes, RC2, and TEA
    Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, NewDES, RC2, and TEA John Kelsey Bruce Schneier David Wagner Counterpane Systems U.C. Berkeley kelsey,schneier @counterpane.com [email protected] f g Abstract. We present new related-key attacks on the block ciphers 3- WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. Differen- tial related-key attacks allow both keys and plaintexts to be chosen with specific differences [KSW96]. Our attacks build on the original work, showing how to adapt the general attack to deal with the difficulties of the individual algorithms. We also give specific design principles to protect against these attacks. 1 Introduction Related-key cryptanalysis assumes that the attacker learns the encryption of certain plaintexts not only under the original (unknown) key K, but also under some derived keys K0 = f(K). In a chosen-related-key attack, the attacker specifies how the key is to be changed; known-related-key attacks are those where the key difference is known, but cannot be chosen by the attacker. We emphasize that the attacker knows or chooses the relationship between keys, not the actual key values. These techniques have been developed in [Knu93b, Bih94, KSW96]. Related-key cryptanalysis is a practical attack on key-exchange protocols that do not guarantee key-integrity|an attacker may be able to flip bits in the key without knowing the key|and key-update protocols that update keys using a known function: e.g., K, K + 1, K + 2, etc. Related-key attacks were also used against rotor machines: operators sometimes set rotors incorrectly.
    [Show full text]
  • Performance and Energy Efficiency of Block Ciphers in Personal Digital Assistants
    Performance and Energy Efficiency of Block Ciphers in Personal Digital Assistants Creighton T. R. Hager, Scott F. Midkiff, Jung-Min Park, Thomas L. Martin Bradley Department of Electrical and Computer Engineering Virginia Polytechnic Institute and State University Blacksburg, Virginia 24061 USA {chager, midkiff, jungmin, tlmartin} @ vt.edu Abstract algorithms may consume more energy and drain the PDA battery faster than using less secure algorithms. Due to Encryption algorithms can be used to help secure the processing requirements and the limited computing wireless communications, but securing data also power in many PDAs, using strong cryptographic consumes resources. The goal of this research is to algorithms may also significantly increase the delay provide users or system developers of personal digital between data transmissions. Thus, users and, perhaps assistants and applications with the associated time and more importantly, software and system designers need to energy costs of using specific encryption algorithms. be aware of the benefits and costs of using various Four block ciphers (RC2, Blowfish, XTEA, and AES) were encryption algorithms. considered. The experiments included encryption and This research answers questions regarding energy decryption tasks with different cipher and file size consumption and execution time for various encryption combinations. The resource impact of the block ciphers algorithms executing on a PDA platform with the goal of were evaluated using the latency, throughput, energy- helping software and system developers design more latency product, and throughput/energy ratio metrics. effective applications and systems and of allowing end We found that RC2 encrypts faster and uses less users to better utilize the capabilities of PDA devices.
    [Show full text]
  • Serpent: a Proposal for the Advanced Encryption Standard
    Serpent: A Proposal for the Advanced Encryption Standard Ross Anderson1 Eli Biham2 Lars Knudsen3 1 Cambridge University, England; email [email protected] 2 Technion, Haifa, Israel; email [email protected] 3 University of Bergen, Norway; email [email protected] Abstract. We propose a new block cipher as a candidate for the Ad- vanced Encryption Standard. Its design is highly conservative, yet still allows a very efficient implementation. It uses S-boxes similar to those of DES in a new structure that simultaneously allows a more rapid avalanche, a more efficient bitslice implementation, and an easy anal- ysis that enables us to demonstrate its security against all known types of attack. With a 128-bit block size and a 256-bit key, it is as fast as DES on the market leading Intel Pentium/MMX platforms (and at least as fast on many others); yet we believe it to be more secure than three-key triple-DES. 1 Introduction For many applications, the Data Encryption Standard algorithm is nearing the end of its useful life. Its 56-bit key is too small, as shown by a recent distributed key search exercise [28]. Although triple-DES can solve the key length problem, the DES algorithm was also designed primarily for hardware encryption, yet the great majority of applications that use it today implement it in software, where it is relatively inefficient. For these reasons, the US National Institute of Standards and Technology has issued a call for a successor algorithm, to be called the Advanced Encryption Standard or AES.
    [Show full text]
  • Hemiunu Used Numerically Tagged Surface Ratios to Mark Ceilings Inside the Great Pyramid Hinting at Designed Spaces Still Hidden Within
    Archaeological Discovery, 2018, 6, 319-337 http://www.scirp.org/journal/ad ISSN Online: 2331-1967 ISSN Print: 2331-1959 Hemiunu Used Numerically Tagged Surface Ratios to Mark Ceilings inside the Great Pyramid Hinting at Designed Spaces Still Hidden Within Manu Seyfzadeh Institute for the Study of the Origins of Civilization (ISOC)1, Boston University’s College of General Studies, Boston, USA How to cite this paper: Seyfzadeh, M. Abstract (2018). Hemiunu Used Numerically Tagged Surface Ratios to Mark Ceilings inside the In 1883, W. M. Flinders Petrie noticed that the vertical thickness and height Great Pyramid Hinting at Designed Spaces of certain stone courses of the Great Pyramid2 of Khufu/Cheops at Giza, Still Hidden Within. Archaeological Dis- Egypt markedly increase compared to those immediately lower periodically covery, 6, 319-337. https://doi.org/10.4236/ad.2018.64016 and conspicuously interrupting a general trend of progressive course thinning towards the summit. Having calculated the surface area of each course, Petrie Received: September 10, 2018 further noted that the courses immediately below such discrete stone thick- Accepted: October 5, 2018 Published: October 8, 2018 ness peaks tended to mark integer multiples of 1/25th of the surface area at ground level. Here I show that the probable architect of the Great Pyramid, Copyright © 2018 by author and Khufu’s vizier Hemiunu, conceptualized its vertical construction design using Scientific Research Publishing Inc. surface areas based on the same numerical principles used to design his own This work is licensed under the Creative Commons Attribution International mastaba in Giza’s western cemetery and conspicuously used this numerical License (CC BY 4.0).
    [Show full text]
  • Development of the Advanced Encryption Standard
    Volume 126, Article No. 126024 (2021) https://doi.org/10.6028/jres.126.024 Journal of Research of the National Institute of Standards and Technology Development of the Advanced Encryption Standard Miles E. Smid Formerly: Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD 20899, USA [email protected] Strong cryptographic algorithms are essential for the protection of stored and transmitted data throughout the world. This publication discusses the development of Federal Information Processing Standards Publication (FIPS) 197, which specifies a cryptographic algorithm known as the Advanced Encryption Standard (AES). The AES was the result of a cooperative multiyear effort involving the U.S. government, industry, and the academic community. Several difficult problems that had to be resolved during the standard’s development are discussed, and the eventual solutions are presented. The author writes from his viewpoint as former leader of the Security Technology Group and later as acting director of the Computer Security Division at the National Institute of Standards and Technology, where he was responsible for the AES development. Key words: Advanced Encryption Standard (AES); consensus process; cryptography; Data Encryption Standard (DES); security requirements, SKIPJACK. Accepted: June 18, 2021 Published: August 16, 2021; Current Version: August 23, 2021 This article was sponsored by James Foti, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology (NIST). The views expressed represent those of the author and not necessarily those of NIST. https://doi.org/10.6028/jres.126.024 1. Introduction In the late 1990s, the National Institute of Standards and Technology (NIST) was about to decide if it was going to specify a new cryptographic algorithm standard for the protection of U.S.
    [Show full text]
  • Bruce Schneier 2
    Committee on Energy and Commerce U.S. House of Representatives Witness Disclosure Requirement - "Truth in Testimony" Required by House Rule XI, Clause 2(g)(5) 1. Your Name: Bruce Schneier 2. Your Title: none 3. The Entity(ies) You are Representing: none 4. Are you testifying on behalf of the Federal, or a State or local Yes No government entity? X 5. Please list any Federal grants or contracts, or contracts or payments originating with a foreign government, that you or the entity(ies) you represent have received on or after January 1, 2015. Only grants, contracts, or payments related to the subject matter of the hearing must be listed. 6. Please attach your curriculum vitae to your completed disclosure form. Signatur Date: 31 October 2017 Bruce Schneier Background Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of 14 books—including the New York Times best-seller Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World—as well as hundreds of articles, essays, and academic papers. His influential newsletter Crypto-Gram and blog Schneier on Security are read by over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet and Society at Harvard University, a Lecturer in Public Policy at the Harvard Kennedy School, a board member of the Electronic Frontier Foundation and the Tor Project, and an advisory board member of EPIC and VerifiedVoting.org. He is also a special advisor to IBM Security and the Chief Technology Officer of IBM Resilient.
    [Show full text]
  • Data Encryption Standard
    Data Encryption Standard The Data Encryption Standard (DES /ˌdiːˌiːˈɛs, dɛz/) is a Data Encryption Standard symmetric-key algorithm for the encryption of electronic data. Although insecure, it was highly influential in the advancement of modern cryptography. Developed in the early 1970s atIBM and based on an earlier design by Horst Feistel, the algorithm was submitted to the National Bureau of Standards (NBS) following the agency's invitation to propose a candidate for the protection of sensitive, unclassified electronic government data. In 1976, after consultation with theNational Security Agency (NSA), the NBS eventually selected a slightly modified version (strengthened against differential cryptanalysis, but weakened against brute-force attacks), which was published as an official Federal Information Processing Standard (FIPS) for the United States in 1977. The publication of an NSA-approved encryption standard simultaneously resulted in its quick international adoption and widespread academic scrutiny. Controversies arose out of classified The Feistel function (F function) of DES design elements, a relatively short key length of the symmetric-key General block cipher design, and the involvement of the NSA, nourishing Designers IBM suspicions about a backdoor. Today it is known that the S-boxes that had raised those suspicions were in fact designed by the NSA to First 1975 (Federal Register) actually remove a backdoor they secretly knew (differential published (standardized in January 1977) cryptanalysis). However, the NSA also ensured that the key size was Derived Lucifer drastically reduced such that they could break it by brute force from [2] attack. The intense academic scrutiny the algorithm received over Successors Triple DES, G-DES, DES-X, time led to the modern understanding of block ciphers and their LOKI89, ICE cryptanalysis.
    [Show full text]
  • Investigations of Cellular Automata-Based Stream Ciphers
    Rochester Institute of Technology RIT Scholar Works Theses 2008 Investigations of cellular automata-based stream ciphers Joseph S. Testa Follow this and additional works at: https://scholarworks.rit.edu/theses Recommended Citation Testa, Joseph S., "Investigations of cellular automata-based stream ciphers" (2008). Thesis. Rochester Institute of Technology. Accessed from This Thesis is brought to you for free and open access by RIT Scholar Works. It has been accepted for inclusion in Theses by an authorized administrator of RIT Scholar Works. For more information, please contact [email protected]. Investigations of Cellular Automata-based Stream Ciphers by Joseph S. Testa II A Thesis Submitted to the Faculty of the ROCHESTER INSTITUTE OF TECHNOLOGY In partial fulfillment of the requirements for the Degree of Master of Science in Computer Security and Information Assurance by _________________________________ May 12, 2008 APPROVED: __________________________________ Professor Alan Kaminsky, Thesis Advisor __________________________________ Professor Hans-Peter Bischof, Reader __________________________________ Professor Peter Lutz, Observer ABSTRACT In this thesis paper, we survey the literature arising from Stephan Wolfram©s original paper, ªCryptography with Cellular Automataº [WOL86] that first suggested stream ciphers could be constructed with cellular automata. All published research directly and indirectly quoting this paper are summarized up until the present. We also present a novel stream cipher design called Sum-4 that is shown to have good randomness properties and resistance to approximation using linear finite shift registers. Sum-4 is further studied to determine its effective strength with respect to key size given that an attack with a SAT solver is more efficient than a brute-force attack.
    [Show full text]
  • Security in Sensor Networks in Section 6
    CS 588: Cryptography SSeeccuurriittyy iinn SSeennssoorr NNeettwwoorrkkss By: Stavan Parikh Tracy Barger David Friedman Date: December 6, 2001 Table of Contents 1. INTRODUCTION .................................................................................................................................... 1 2. SENSOR NETWORKS............................................................................................................................ 2 2.1. CONSTRAINTS...................................................................................................................................... 2 2.1.1. Hardware .................................................................................................................................... 2 2.1.2. Energy......................................................................................................................................... 2 2.1.3. Communication & Addressing .................................................................................................... 3 2.1.4. Trust Model................................................................................................................................. 3 2.2. SECURITY REQUIREMENTS .................................................................................................................. 3 2.2.1. Confidentiality............................................................................................................................. 3 2.2.2. Authenticity ................................................................................................................................
    [Show full text]