DOCSLIB.ORG

Mathematical Introduction to Coding Theory and Cryptography Yi Ouyang

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mathematical Introduction to Coding Theory and Cryptography Yi Ouyang Mathematical Introduction to Coding Theory and Cryptography Yi Ouyang School of Mathematical Sciences, University of Science and Technology of China Email address: [email protected] Contents Chapter 1. Preliminaries 1 1. Theory of Integers 1 2. Polynomials over a field 4 3. Finite fields 6 Notations 9 Part 1. Coding Theory 11 Chapter 2. Introduction to Coding Theory 13 1. Background 13 2. Basic Definitions 15 Chapter 3. Linear Codes 19 1. Basic definitions 19 2. Hamming codes 23 3. Equivalence of codes 23 4. Encoding and decoding Algorithms 24 Chapter 4. Bounds of codes and codes with good bounds 29 1. Bounds of codes 29 2. Golay Codes 33 3. Other examples of optimal codes 36 Chapter 5. Constructing Codes from Other Codes 39 1. General Rules for Construction 39 2. Reed Muller Codes 41 Chapter 6. Weight Enumerators and the MacWilliams Theorem 47 1. MacWilliams Identity 47 Chapter 7. Sequences over finite fields 53 1. Sequences and Power Series over Finite Fields 53 2. Linear Feedback Shift Registers(LFSR) 57 3. Berlekamp-Massey Algorithm 60 Chapter 8. Cyclic codes and BCH codes 63 1. Cyclic codes 63 2. Trace Expression of Cyclic codes 67 iii iv CONTENTS 3. The BCH codes 69 4. Goppa Code 75 Chapter 9. Generalized GRS codes 79 1. Generalized GRS codes 79 2. Decoding GRS codes 80 Part 2. Cryptography 83 Chapter 10. History and Basic knowledge about Cryptography 85 1. Cryptography from early age 85 Chapter 11. Hard Computational Problems 91 1. Trapdoor function and One-way function 91 2. Factoring and RSA 92 Chapter 12. Primality Testing and Factoring 95 1. Primality Test 95 2. Factoring Algorithms 97 Chapter 13. Public Key Encryption Algorithms 103 1. Public Key Cryptography 103 2. Factoring and RSA-based algorithms 103 3. Discrete Logarithm Problem based algorithms 105 Chapter 14. Discrete Logarithms 107 1. Pohlig-Hellman Algorithm 107 2. Baby-Step/Giant-Step Method 109 3. Pollard Type Methods 109 4. Modern Method for DLP over Finite Fields 113 Chapter 15. Hash Functions 117 1. Hash Functions 117 2. Message Authentication Codes (MAC) 119 Chapter 16. Key Exchange and Signature Schemes 121 1. Diffie-Hellman Key Exchange 121 2. Digital Signature Schemes 122 3. Digital Signature Algorithm 123 4. Schnorr Signatures 125 5. Authenticated Key Agreement 125 Chapter 17. Elliptic Curves 127 1. Elliptic Curves over general fields 127 2. Elliptic Curves over Finite Fields 130 Chapter 18. Applications of Elliptic Curves 133 1. ECDLP-based algorithms 133 2. Elliptic curve primality test 134 CONTENTS v 3. Factorization Using Elliptic Curve 135 Chapter 19. Stream Cipher 137 1. Principles of Symmetric Ciphers 137 2. Stream Cipher basic 137 3. Linear feedback shift register 138 4. Combining LFSRs 139 Chapter 20. Block Cipher 141 1. Feistel Cipher and DES 141 2. AES (Rijndael) 145 CHAPTER 1 Preliminaries 1. Theory of Integers 1.1. Size of an integer. Let Z be the ring of integers and Z+ the subset of positive integers. For N 2 Z+, suppose the binary expansion of N is n−1 n N = a0 + ··· + an−1 · 2 + 2 ; ai = 0 or 1: Then n = [log2 N] + 1 is called the size or length of N, as it takes n bits to store the number N in a computer. 1.2. Division with remainder. Theorem 1.1. For a; b 2 Z and b =6 0, there exist unique integers q (called quotient) and r (called remainder) in Z, such that a = bq + r; 0 ≤ r < jbj: Recall that an ideal I of a commutative ring R is a nonempty subset of R such that for any a; b 2 I and r; s 2 R, ra + sb 2 I. Certainly any subset (a) = aR for a 2 R is an ideal of R, which is called a principal ideal of R. R is called a principal ideal domain (PID) if every ideal of R is principal Theorem 1.2. The ring of integers Z is a PID. Proof. Let I be any non-zero ideal of Z, let 0 =6 a 2 I, then a 2 I and hence I \ Z+ =6 ;. Let d be the smallest positive integer in I. Then on one hand, by definition dZ ⊆ I. On the other hand, for any b 2 I, write b = dq + r, 0 ≤ r < d. Then r = b − dq 2 I. By the minimality of d, r = 0, b 2 dZ and hence I ⊆ dZ. □ Theorem 1.3 (Bezout). For a; b 2 Z not all zero, there exist u; v 2 Z such that ua + vb = gcd(a; b). Moreover, gcd(a; b) = 1 if and only if there exist u, v 2 Z such that ua + vb = 1. Proof. Let I be the ideal generated by a and b. Then I = dZ for some d > 0 by Theorem 1.2. It suffices to show d = gcd(a; b). On one hand, d is a Z-linear combination of a and b, hence a multiple of gcd(a; b) and d ≥ gcd(a; b). On the other hand, Let a = qd + r, 0 ≤ r < d, then r = a − qd 2 I and by the minimality of d, one must have r = 0 and d j a. Similarly d j b. Hence d is a common divisor of a and b, and d ≤ gcd(a; b). Thus d = gcd(a; b). □ 1 2 1. PRELIMINARIES Problem 1.1. Find all possible u’s (and v’s) such that the Bezout iden- tity ua + vb = gcd(a; b) is satisfied. 1.3. Euclidean Algorithm. The Euclidean Algorithm is an algorithm finding the greatest common divisor of two integers. The algorithm wasfirst described in Euclid’s Elements 2300 years ago but is still effective and widely used in practice nowadays. Algerithm 1.1 (Euclidean Algorithm). Input: a; b 2 Z, not simultane- ously zero. Output: gcd(a; b) 2 Z+, u and v in Z such that ua + vb = gcd(a; b). • Let q0 = a and r0 = jbj > 0. Perform the division algorithm: q0 = r0q1 + r1, 0 ≤ r1 < r0. • If r1 = 0, then gcd(a; b) = r0; if r1 > 0, repeat the division algo- rithm: r0 = r1q2 + r2. • Continue until rn−1 = rnqn+1 (i.e., rn+1 = 0), then rn = gcd(a; b). • Moreover, rn = rn−2 − rn−1qn = ··· = ua + vb: Example 1.1. Compute gcd(33; 111). Problem 1.2. Decide the complexity of Euclidean Algorithm. 1.4. Congruent theory. For n 2 Z+. The integer a is congruent to b modulo n, denoted by a ≡ b mod n, if n divides a − b, i.e., a and b have the same remainder if divided by n. The congruent relation is an equivalence relation: (1) (reflexive) a ≡ a mod n for any a 2 Z; (2) (symmetric) If a ≡ b mod n, then b ≡ a mod n; (3) (transitive) If a ≡ b mod n and b ≡ c mod n, then a ≡ c mod n. Moreover, if a ≡ b mod n and c ≡ d mod n, then a c ≡ b d mod n; ac ≡ bd mod n: For i 2 Z, the congruent class ¯i of i modulo n is the subset i+nZ = fi+nk j k 2 nZg of Z. Then Zn = Z=nZ := f0¯; 1¯; ··· ; n −¯ 1g is the set of all congruent classes of Z modulo n. Proposition 1.1. The set Z=nZ is a commutative ring under the fol- lowing addition and multiplication: a¯ + ¯b = a + b; a¯ · ¯b = ab: Moreover, (0) The reduction map Z ! Z=nZ, i 7! ¯i is a surjective homomorphism of commutative rings. (1) The multiplicative group (Z=nZ)×, i.e. the set of invertible elements in Z=nZ, is the set fa¯ j 0 < a < n; gcd(a; n) = 1g. 1. THEORY OF INTEGERS 3 (2) As a cyclic group, the set of generators of Z=nZ is (Z=nZ)×. Con- sequently, the set of generators of a cyclic group of order n with a generator g is fga j 0 < a < n; gcd(a; n) = 1g. (3) Z=nZ is a domain if and only if n = p is a prime. When this is the case, Fp := Z=pZ is a field of p elements. Proof. We prove (1). On one hand, if gcd(a; n) = 1, then there exist u and v such that au + vn = 1, hence u¯ is the inverse of a¯. On the other hand, if a¯ is invertible in Z=nZ, let ¯b be its inverse. Then ab = 1¯ and hence ab ≡ 1 mod n. Then ab = 1 + kn and gcd(a; n) = 1. □ Remark 1.1. From now on, we drop ¯ and write Z=nZ = f0; 1; ··· ; n − 1g, and call it the residue ring modulo n. Let '(n) be the order of the group (Z=nZ)×. The function n 7! '(n) is called Euler’s totient function. By Proposition 1.1(2), '(n) is the number of generators of a cyclic group of order n. One also has Corollary 1.1. The following identities hold: X (1.1) n = '(d); djn X n (1.2) '(n) = µ(d) d djn where µ(d) is the Möbius function: µ(d) = (−1)s if d is squarefree of s prime factors and 0 if d is not squarefree. Proof. The set X = f0; 1; ··· ; n−1g is the disjoint union of Xd = fa 2 j g ≤ j f j ≤ n n g X gcd(a; n) = d for 1 d Pn. But Xd = Pcd 0 c < d ; gcd(c; d ) = 1 is of order '(n=d), hence n = djn '(n=d) = djn '(d).
Load more

Recommended publications
  • COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Cryptography Is Everywhere a Long & Rich History
    COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Cryptography Is Everywhere A Long & Rich History Examples: • ~50 B.C. – Caesar Cipher • 1587 – Babington Plot • WWI – Zimmermann Telegram • WWII – Enigma • 1976/77 – Public Key Cryptography • 1990’s – Widespread adoption on the Internet Increasingly Important COS 433 Practice Theory Inherent to the study of crypto • Working knowledge of fundamentals is crucial • Cannot discern security by experimentation • Proofs, reductions, probability are necessary COS 433 What you should expect to learn: • Foundations and principles of modern cryptography • Core building blocks • Applications Bonus: • Debunking some Hollywood crypto • Better understanding of crypto news COS 433 What you will not learn: • Hacking • Crypto implementations • How to design secure systems • Viruses, worms, buffer overflows, etc Administrivia Course Information Instructor: Mark Zhandry (mzhandry@p) TA: Fermi Ma (fermima1@g) Lectures: MW 1:30-2:50pm Webpage: cs.princeton.edu/~mzhandry/2017-Spring-COS433/ Office Hours: please fill out Doodle poll Piazza piaZZa.com/princeton/spring2017/cos433mat473_s2017 Main channel of communication • Course announcements • Discuss homework problems with other students • Find study groups • Ask content questions to instructors, other students Prerequisites • Ability to read and write mathematical proofs • Familiarity with algorithms, analyZing running time, proving correctness, O notation • Basic probability (random variables, expectation) Helpful: • Familiarity with NP-Completeness, reductions • Basic number theory (modular arithmetic, etc) Reading No required text Computer Science/Mathematics Chapman & Hall/CRC If you want a text to follow along with: Second CRYPTOGRAPHY AND NETWORK SECURITY Cryptography is ubiquitous and plays a key role in ensuring data secrecy and Edition integrity as well as in securing computer systems more broadly.
    [Show full text]
  • The Mathemathics of Secrets.Pdf
    THE MATHEMATICS OF SECRETS THE MATHEMATICS OF SECRETS CRYPTOGRAPHY FROM CAESAR CIPHERS TO DIGITAL ENCRYPTION JOSHUA HOLDEN PRINCETON UNIVERSITY PRESS PRINCETON AND OXFORD Copyright c 2017 by Princeton University Press Published by Princeton University Press, 41 William Street, Princeton, New Jersey 08540 In the United Kingdom: Princeton University Press, 6 Oxford Street, Woodstock, Oxfordshire OX20 1TR press.princeton.edu Jacket image courtesy of Shutterstock; design by Lorraine Betz Doneker All Rights Reserved Library of Congress Cataloging-in-Publication Data Names: Holden, Joshua, 1970– author. Title: The mathematics of secrets : cryptography from Caesar ciphers to digital encryption / Joshua Holden. Description: Princeton : Princeton University Press, [2017] | Includes bibliographical references and index. Identifiers: LCCN 2016014840 | ISBN 9780691141756 (hardcover : alk. paper) Subjects: LCSH: Cryptography—Mathematics. | Ciphers. | Computer security. Classification: LCC Z103 .H664 2017 | DDC 005.8/2—dc23 LC record available at https://lccn.loc.gov/2016014840 British Library Cataloging-in-Publication Data is available This book has been composed in Linux Libertine Printed on acid-free paper. ∞ Printed in the United States of America 13579108642 To Lana and Richard for their love and support CONTENTS Preface xi Acknowledgments xiii Introduction to Ciphers and Substitution 1 1.1 Alice and Bob and Carl and Julius: Terminology and Caesar Cipher 1 1.2 The Key to the Matter: Generalizing the Caesar Cipher 4 1.3 Multiplicative Ciphers 6
    [Show full text]
  • A Study of Non-Abelian Public Key Cryptography
    International Journal of Network Security, Vol.20, No.2, PP.278-290, Mar. 2018 (DOI: 10.6633/IJNS.201803.20(2).09) 278 A Study of Non-Abelian Public Key Cryptography Tzu-Chun Lin Department of Applied Mathematics, Feng Chia University 100, Wenhwa Road, Taichung 40724, Taiwan, R.O.C. (Email: [email protected]) (Received Feb. 12, 2017; revised and accepted June 12, 2017) Abstract P.W. Shor pointed out that there are polynomial-time algorithms for solving the factorization and discrete log- Nonabelian group-based public key cryptography is a rel- arithmic problems based on abelian groups during the atively new and exciting research field. Rapidly increas- functions of a quantum computer. Research in new cryp- ing computing power and the futurity quantum comput- tographic methods is also imperative, as research on non- ers [52] that have since led to, the security of public key abelian group-based cryptosystems will be one of new re- cryptosystems in use today, will be questioned. Research search priorities. In fact, the pioneering work for non- in new cryptographic methods is also imperative. Re- abelian group-based public key cryptosystem was pro- search on nonabelian group-based cryptosystems will be- posed by N. R. Wagner and M. R. Magyarik [61] in 1985. come one of contemporary research priorities. Many inno- Their idea just is not suitable for practical applications. vative ideas for them have been presented for the past two For nearly two decades, numerous nonabelian groups have decades, and many corresponding problems remain to be been discussed to design efficient cryptographic systems.
    [Show full text]
  • The Algebraic Eraser: a Linear Asymmetric Protocol for Low-Resource Environments
    The Algebraic Eraser: a linear asymmetric protocol for low-resource environments Derek Atkins, Paul E. Gunnells SecureRF Corporation IETF92 (3/25/15) Algebraic Eraser I I. Anshel, M. Anshel, D. Goldfeld, and S. Lemieux, Key agreement, the Algebraic EraserTM, and lightweight cryptography, Algebraic methods in cryptography, Contemp. Math., vol. 418, Amer. Math. Soc., Providence, RI, 2006, pp. 1{34. I Asymmetric key agreement protocol I Designed for low-cost platforms with constrained computational resources I RFID I Bluetooth I NFC I \Internet of Things" I Complexity scales linearly with desired security level, unlike RSA, ECC. AE Performance vs ECC 2128 Security level (AES{128) ECC 283 AE B16, F256 Gain Cycles Gates Wtd. Perf. Cycles Gates Wtd. Perf. 164,823 29,458 4,855,355,934 71.7x 85,367 77,858 6,646,503,866 3,352 20,206 67,730,512 98.1x 70,469 195,382 13,768,374,158 203.3x Wtd. Perf. is Weighted Performance (clock cycles × gate count) and represents time and power usage. Gate counts are for 65nm CMOS. ECC data taken from A Flexible Soft IP Core for Standard Implementations of Elliptic Curve Cryptography in Hardware, B. Ferreira and N. Calazans, 2013 IEEE 20th International Conference on Electronics, Circuits, and Systems (ICECS), 12/2013. Overview of AE I The AE key exchange is a nonabelian Diffie–Hellman exchange. × I The underlying algebraic structure is not (Z=NZ) or E(Fq), but rather I Mn(Fq)(n × n matrices over Fq), I Bn (the braid group on n strands). I Private keys: a pair R = (m; µ) of a matrix and braid.
    [Show full text]
  • An Investigation Into Mathematical Cryptography with Applications
    Project Report BSc (Hons) Mathematics An Investigation into Mathematical Cryptography with Applications Samuel Worton 1 CONTENTS Page: 1. Summary 3 2. Introduction to Cryptography 4 3. A History of Cryptography 6 4. Introduction to Modular Arithmetic 12 5. Caesar Cipher 16 6. Affine Cipher 17 7. Vigenère Cipher 19 8. Autokey Cipher 21 9. One-Time Pad 22 10. Pohlig-Hellman Encryption 24 11. RSA Encryption 27 12. MATLAB 30 13. Conclusion 35 14. Glossary 36 15. References 38 2 1. SUMMARY AND ACKNOWLEDGEMENTS In this report, I will explore the history of cryptography, looking at the origins of cryptosystems in the BC years all the way through to the current RSA cryptosystem which governs the digital era we live in. I will explain the mathematics behind cryptography and cryptanalysis, which is largely based around number theory and in particular, modular arithmetic. I will relate this to several famous, important and relevant cryptosystems, and finally I will use the MATLAB program to write codes for a few of these cryptosystems. I would like to thank Mr. Kuldeep Singh for his feedback and advice during all stages of my report, as well as enthusiasm towards the subject. I would also like to thank Mr. Laurence Taylor for generously giving his time to help me in understanding and producing the MATLAB coding used towards the end of this investigation. Throughout this report I have been aided by the book ‘Elementary Number Theory’ by Mr. David M. Burton, amongst others, which was highly useful in refreshing my number theory knowledge and introducing me to the concepts of cryptography; also Mr.
    [Show full text]
  • A Practical Cryptanalysis of the Algebraic Eraser
    A Practical Cryptanalysis of the Algebraic Eraser B Adi Ben-Zvi1, Simon R. Blackburn2( ), and Boaz Tsaban1 1 Department of Mathematics, Bar-Ilan University, Ramat Gan 5290002, Israel 2 Department of Mathematics, Royal Holloway University of London, Egham TW20 0EX, Surrey, UK [email protected] Abstract. We present a novel cryptanalysis of the Algebraic Eraser prim- itive. This key agreement scheme, based on techniques from permutation groups, matrix groups and braid groups, is proposed as an underlying technology for ISO/IEC 29167-20, which is intended for authentication of RFID tags. SecureRF, the company owning the trademark Algebraic Eraser, markets it as suitable in general for lightweight environments such as RFID tags and other IoT applications. Our attack is practical on stan- dard hardware: for parameter sizes corresponding to claimed 128-bit secu- rity, our implementation recovers the shared key using less than 8 CPU hours, and less than 64 MB of memory. 1 Introduction The Algebraic EraserTM is a key agreement scheme using techniques from non- commutative group theory. It was announced by Anshel, Anshel, Goldfeld and Lemieaux in 2004; the corresponding paper [1] appeared in 2006. The Algebraic Eraser is defined in a very general fashion: various algebraic structures (monoids, groups and actions) need to be specified in order to be suitable for implementation. Anshel et al. provide most of this extra information, and name this concrete realisa- tion of the Algebraic Eraser the Colored Burau Key Agreement Protocol (CBKAP). This concrete representation involves a novel blend of finite matrix groups and per- mutation groups with infinite braid groups.
    [Show full text]
  • Network Security
    Cristina Nita-Rotaru CS6740: Network security Additional material: Cryptography 1: Terminology and classic ciphers Readings for this lecture Required readings: } Cryptography on Wikipedia Interesting reading } The Code Book by Simon Singh 3 Cryptography The science of secrets… } Cryptography: the study of mathematical techniques related to aspects of providing information security services (create) } Cryptanalysis: the study of mathematical techniques for attempting to defeat information security services (break) } Cryptology: the study of cryptography and cryptanalysis (both) 4 Cryptography Basic terminology in cryptography } cryptography } plaintexts } cryptanalysis } ciphertexts } cryptology } keys } encryption } decryption plaintext ciphertext plaintext Encryption Decryption Key_Encryption Key_Decryption 5 Cryptography Cryptographic protocols } Protocols that } Enable parties } Achieve objectives (goals) } Overcome adversaries (attacks) } Need to understand } Who are the parties and the context in which they act } What are the goals of the protocols } What are the capabilities of adversaries 6 Cryptography Cryptographic protocols: Parties } The good guys } The bad guys Alice Carl Bob Eve Introduction of Alice and Bob Check out wikipedia for a longer attributed to the original RSA paper. list of malicious crypto players. 7 Cryptography Cryptographic protocols: Objectives/Goals } Most basic problem: } Ensure security of communication over an insecure medium } Basic security goals: } Confidentiality (secrecy, confidentiality) } Only the
    [Show full text]
  • Reed-Solomon Encoding and Decoding
    Bachelor's Thesis Degree Programme in Information Technology 2011 León van de Pavert REED-SOLOMON ENCODING AND DECODING A Visual Representation i Bachelor's Thesis | Abstract Turku University of Applied Sciences Degree Programme in Information Technology Spring 2011 | 37 pages Instructor: Hazem Al-Bermanei León van de Pavert REED-SOLOMON ENCODING AND DECODING The capacity of a binary channel is increased by adding extra bits to this data. This improves the quality of digital data. The process of adding redundant bits is known as channel encod- ing. In many situations, errors are not distributed at random but occur in bursts. For example, scratches, dust or fingerprints on a compact disc (CD) introduce errors on neighbouring data bits. Cross-interleaved Reed-Solomon codes (CIRC) are particularly well-suited for detection and correction of burst errors and erasures. Interleaving redistributes the data over many blocks of code. The double encoding has the first code declaring erasures. The second code corrects them. The purpose of this thesis is to present Reed-Solomon error correction codes in relation to burst errors. In particular, this thesis visualises the mechanism of cross-interleaving and its ability to allow for detection and correction of burst errors. KEYWORDS: Coding theory, Reed-Solomon code, burst errors, cross-interleaving, compact disc ii ACKNOWLEDGEMENTS It is a pleasure to thank those who supported me making this thesis possible. I am thankful to my supervisor, Hazem Al-Bermanei, whose intricate know- ledge of coding theory inspired me, and whose lectures, encouragement, and support enabled me to develop an understanding of this subject.
    [Show full text]
  • A Practical Cryptanalysis of the Algebraic Eraser
    A Practical Cryptanalysis of the Algebraic Eraser Adi Ben-Zvi∗ Simon R. Blackburn† Boaz Tsaban∗ June 3, 2016 Abstract We present a novel cryptanalysis of the Algebraic Eraser primitive. This key agreement scheme, based on techniques from permutation groups, matrix groups and braid groups, is proposed as an underlying technology for ISO/IEC 29167-20, which is intended for authentica- tion of RFID tags. SecureRF, the company owning the trademark Algebraic Eraser, markets it as suitable in general for lightweight en- vironments such as RFID tags and other IoT applications. Our attack is practical on standard hardware: for parameter sizes corresponding to claimed 128-bit security, our implementation recovers the shared key using less than 8 CPU hours, and less than 64MB of memory. 1 Introduction arXiv:1511.03870v2 [math.GR] 2 Jun 2016 The Algebraic Eraser™ is a key agreement scheme using techniques from non-commutative group theory. It was announced by Anshel, Anshel, Gold- feld and Lemieaux in 2004; the corresponding paper [1] appeared in 2006. ∗Department of Mathematics, Bar-Ilan University, Ramat Gan 5290002, Israel †Department of Mathematics, Royal Holloway University of London, Egham, Surrey TW20 0EX, United Kingdom © IACR 2016. This article is the final version submitted by the author(s) to the IACR and to Springer-Verlag on 1 June 2016. The version published by Springer-Verlag is available at [DOI to follow]. 1 The Algebraic Eraser is defined in a very general fashion: various algebraic structures (monoids, groups and actions) need to be specified in order to be suitable for implementation. Anshel et al.
    [Show full text]
  • Cryptanalysis of Selected Block Ciphers
    Downloaded from orbit.dtu.dk on: Sep 24, 2021 Cryptanalysis of Selected Block Ciphers Alkhzaimi, Hoda A. Publication date: 2016 Document Version Publisher's PDF, also known as Version of record Link back to DTU Orbit Citation (APA): Alkhzaimi, H. A. (2016). Cryptanalysis of Selected Block Ciphers. Technical University of Denmark. DTU Compute PHD-2015 No. 360 General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. Users may download and print one copy of any publication from the public portal for the purpose of private study or research. You may not further distribute the material or use it for any profit-making activity or commercial gain You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. Cryptanalysis of Selected Block Ciphers Dissertation Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy at the Department of Mathematics and Computer Science-COMPUTE in The Technical University of Denmark by Hoda A.Alkhzaimi December 2014 To my Sanctuary in life Bladi, Baba Zayed and My family with love Title of Thesis Cryptanalysis of Selected Block Ciphers PhD Project Supervisor Professor Lars R. Knudsen(DTU Compute, Denmark) PhD Student Hoda A.Alkhzaimi Assessment Committee Associate Professor Christian Rechberger (DTU Compute, Denmark) Professor Thomas Johansson (Lund University, Sweden) Professor Bart Preneel (Katholieke Universiteit Leuven, Belgium) Abstract The focus of this dissertation is to present cryptanalytic results on selected block ci- phers.
    [Show full text]
  • On the Security of the Algebraic Eraser Tag Authentication Protocol
    On the Security of the Algebraic Eraser Tag Authentication Protocol Simon R. Blackburn Information Security Group Royal Holloway University of London Egham, TW20 0EX, United Kingdom and M.J.B. Robshaw Impinj 400 Fairview Ave. N., Suite 1200 Seattle, WA 98109, USA October 31, 2018 Abstract The Algebraic Eraser has been gaining prominence as SecureRF, the company commercializing the algorithm, increases its marketing reach. The scheme is claimed to be well-suited to IoT applications but a lack of detail in available documentation has hampered peer- review. Recently more details of the system have emerged after a tag arXiv:1602.00860v2 [cs.CR] 2 Jun 2016 authentication protocol built using the Algebraic Eraser was proposed for standardization in ISO/IEC SC31 and SecureRF provided an open public description of the protocol. In this paper we describe a range of attacks on this protocol that include very efficient and practical tag impersonation as well as partial, and total, tag secret key recovery. Most of these results have been practically verified, they contrast with the 80-bit security that is claimed for the protocol, and they emphasize the importance of independent public review for any cryptographic proposal. Keywords: Algebraic Eraser, cryptanalysis, tag authentication, IoT. 1 1 Introduction Extending security features to RAIN RFID tags1 and other severely con- strained devices in the Internet of Things is not easy. However the different pieces of the deployment puzzle are falling into place. Over-the-air (OTA) commands supporting security features have now been standardized [11] and both tag and reader manufacturers can build to these specifications knowing that interoperability will follow.
    [Show full text]
  • Cryptology: an Historical Introduction DRAFT
    Cryptology: An Historical Introduction DRAFT Jim Sauerberg February 5, 2013 2 Copyright 2013 All rights reserved Jim Sauerberg Saint Mary's College Contents List of Figures 8 1 Caesar Ciphers 9 1.1 Saint Cyr Slide . 12 1.2 Running Down the Alphabet . 14 1.3 Frequency Analysis . 15 1.4 Linquist's Method . 20 1.5 Summary . 22 1.6 Topics and Techniques . 22 1.7 Exercises . 23 2 Cryptologic Terms 29 3 The Introduction of Numbers 31 3.1 The Remainder Operator . 33 3.2 Modular Arithmetic . 38 3.3 Decimation Ciphers . 40 3.4 Deciphering Decimation Ciphers . 42 3.5 Multiplication vs. Addition . 44 3.6 Koblitz's Kid-RSA and Public Key Codes . 44 3.7 Summary . 48 3.8 Topics and Techniques . 48 3.9 Exercises . 49 4 The Euclidean Algorithm 55 4.1 Linear Ciphers . 55 4.2 GCD's and the Euclidean Algorithm . 56 4.3 Multiplicative Inverses . 59 4.4 Deciphering Decimation and Linear Ciphers . 63 4.5 Breaking Decimation and Linear Ciphers . 65 4.6 Summary . 67 4.7 Topics and Techniques . 67 4.8 Exercises . 68 3 4 CONTENTS 5 Monoalphabetic Ciphers 71 5.1 Keyword Ciphers . 72 5.2 Keyword Mixed Ciphers . 73 5.3 Keyword Transposed Ciphers . 74 5.4 Interrupted Keyword Ciphers . 75 5.5 Frequency Counts and Exhaustion . 76 5.6 Basic Letter Characteristics . 77 5.7 Aristocrats . 78 5.8 Summary . 80 5.9 Topics and Techniques . 81 5.10 Exercises . 81 6 Decrypting Monoalphabetic Ciphers 89 6.1 Letter Interactions . 90 6.2 Decrypting Monoalphabetic Ciphers .
    [Show full text]