Comparisons of Blowfish and Cast-128 Algorithms As Per Their Cryptography Strength and Encryption

Total Page:16

File Type:pdf, Size:1020Kb

Comparisons of Blowfish and Cast-128 Algorithms As Per Their Cryptography Strength and Encryption COMPARISONS OF BLOWFISH AND CAST-128 ALGORITHMS AS PER THEIR CRYPTOGRAPHY STRENGTH AND ENCRYPTION 1HIRAL DESAI, 2SALOT PINAL, 3FIRDOS SHEIKH ALAM 1,2,3Pacific School of Engineering E-mail:1 [email protected], 2 [email protected], [email protected] Abstract— Rapid growth of internet required the need for securing information from eavesdropper or attacker. Encryption algorithms pay vital role to secure information. Encryption algorithms involve the process of converting plaintext to cipher text(unreadable text) with using different key size. This paper demonstrates the introduction of well known symmetric ciphers Blowfish and cast-128 also provide the security and performance analysis of blowfish and cast-128 algorithms as per key size, Cryptography strength and the function that is use in blowfish and cast-128 algorithms. Index Terms— Cipher Text, Eavesdropper, Encryption Algorithm, Plaintext, Key, Cryptographic Strength. I. INTRODUCTION II. DETAIL FEISTEL STRUCTURE OF BLOWFISH AND CAST-128 ALGORITHMS Cryptography is the art and science of protecting information from unwanted person and converting Figure 2.1.1 Shows the structure of Blowfish it into a form undistinguishable by its attackers algorithm and Figure 2.2.1 shows the Sructure of though stored and transmitted. The main aim of Cast-128 algorithm. cryptography is keeping data secure form unauthorized persons. Data cryptography mostly is 2.1. Blowfish Encryption the scramble of the content of data, such as text The plaintext is divided into two 32-bit halves LE0 data, image related data and audio, video related and E0. data to compose the data illegible, imperceptible or Encryption Side:- unintelligible during communication or storage LE1= RE0 ⊕ F(LE0,P1) called Encryption process. The reverse of data RE1= LEO ⊕ P1 encryption process is called data Decryption. LE1= REO ⊕ F(RE1) Cryptography provides a number of security goals For i=1 to 16 round do to avoid a security issue. Due to security REi=LEi-1 ⊕ Pi advantages of cryptography it is widely used today. LEi=REi-1 ⊕ F(REi) LE17=RE16 ⊕ P18 Blowfish is a symmetric block cipher developed by RE17=LE16 ⊕ P17 bruce schneier in1993.Blowfish uses a feistel Blowfish uses two primitive operations: structure. It encrypts 64-bit blocks of plaintext. 1) Addition : Addition of words, denoted by +, Blowfish makes use of key 14 32-bit key.(14*32=448 2) Bitwise exclusive-OR : This operation is denoted bit).That key is used to generate 18 32-bit by ⊕. subkeys(18*32=576 bit).Blowfish takes 16 round.The The 32-bit input to F is divided into 4 byte. keys are stored in a K array k1,k2….kj (1,2,….14). 4 S-Box is used each takes 8 bit as a input and gives 32 The sub keys are stored in the P array bit output.Thus each round includes the complex use :P1,p2,….p18.There are four S-boxes used in blowfish of XOR plus substitution using S-boxes. each with 256 32-bit entries. Total S-Box and P-array entry is 256*4=1024 So, 1024+18=1042 32-bit entry. CAST algorithms are introduce by Carlise Adams and Stafford Tavares. CAS-128 is a Symmetric encryption algorithm. CAST-128 uses a Feistel structure.64 bit block is input to the algorithm. Key size between 40 to 128 bits, in 8-bit increments(40,48,56,64…120,128).CAST-128 uses 12 or 16 round .For key size up to and including 80 bits , the algorithm uses 12 rounds instead of 16. For key sizes greater than 80 bits, the algorithm uses the full 16 round. Figure 2.1.1 : Structure of Blowfish encryption Proceedings of 7th IRF International Conference, 30th October 2015, Hyderabad, India, ISBN: 978-93-85832-30-7 37 Comparisons of Blowfish and Cast-128 Algorithms as Per Their Cryptography Strength and Encryption 2.2. CAST-128 Encryption Table 3.1 describe the security features of Blowfish algorithm and Table 3.2 describe the security features of CAST-128 algorithm. Table 3.1 Figure 2.2.1 : Structure of CAST-128 encryption Figure 2.2.1 shows the structure of cast-128.Split the plaintext into left and right 32-bit halves. Compute 16 pairs of subkeys (kmi,kri) from K. .Four S-Box is used each takes 8 bit as a input and gives 32 bit output. The Function of S-box F consist modular addition and subtraction and XOR operations. F is of Type 1, Type 2, or Type 3, depending on i. Exchange final L16 and R16 and concate result to produce final cipher text. Encryption Side: L1 = R0 Table 3.2 R1 = L0 ⊕ F(R0,kmi,kri) IV. COMPARISION OF ENCRYPTION TIME For i=1 to 16 round OF BLOWFISH AND CAST-128 Li = Ri-1 ALGORITHMS Ri = Li-1 ⊕ F(Ri-1,kmi,kri) If you are using Word, use either the Microsoft III. COMPARISION OF FIESTEL STRUCTURE Equation Editor or the MathType add-on OF BLOWFISH AND CAST-128 ALGORITHMS (http://www.mathtype.com) for equations in your paper (Insert | Object | Create New | Microsoft Blowfish and CAST-128 both algorithms are uses a Equation or MathType Equation). “Float over text” feistel structure,But have some different operations. should not be selected. Proceedings of 7th IRF International Conference, 30th October 2015, Hyderabad, India, ISBN: 978-93-85832-30-7 38 Comparisons of Blowfish and Cast-128 Algorithms as Per Their Cryptography Strength and Encryption V. UNITS The sentence punctuation follows the brackets [2]. Multiple references [2], [3] are each numbered with Use either SI (MKS) or CGS as primary units. (SI separate brackets [1]–[3]. When citing a section in a units are strongly encouraged.) English units may be book, please give the relevant page numbers [2]. In used as secondary units (in parentheses). This applies sentences, refer simply to the reference number, as in to papers in data storage. For example, write “15 [3]. Do not use “Ref. [3]” or “reference [3]” except at Gb/cm2 (100 Gb/in2).” An exception is when English the beginning of a sentence: “Reference [3] shows ... .” units are used as identifiers in trade, such as “3½ in Number footnotes separately in superscripts (Insert | disk drive.” Avoid combining SI and CGS units, such Footnote). Place the actual footnote at the bottom of as current in amperes and magnetic field in oversteps. the column in which it is cited; do not put footnotes in This often leads to confusion because equations do not the reference list (endnotes). Use letters for table balance dimensionally. If you must use mixed units, footnotes (see Table I). clearly state the units for each quantity in an equation. Please note that the references at the end of this The SI unit for magnetic field strength H is A/m. document are in the preferred referencing style. Give However, if you wish to use units of T, either refer to all authors’ names; do not use “et al.” unless there are magnetic flux density B or magnetic field strength six authors or more. Use a space after authors' initials. symbolized as µ0H. Use the center dot to separate Papers that have not been published should be cited as compound units, e.g., “A·m2.” “unpublished” [4]. Papers that have been submitted for publication should be cited as “submitted for VI. HELPFUL HINTS publication” [5]. Papers that have been accepted for publication, but not yet specified for an issue should be A. Figures and Tables cited as “to be published” [6]. Please give affiliations Because the final formatting of your paper is limited in and addresses for private communications [7]. scale, you need to position figures and tables at the top and bottom of each column. Large figures and tables C. Abbreviations and Acronyms may span both columns. Place figure captions below Define abbreviations and acronyms the first time they the figures; place table titles above the tables. If your are used in the text, even after they have already been figure has two parts, include the labels “(a)” and “(b)” defined in the abstract. Abbreviations such as SI, ac, as part of the artwork. Please verify that the figures and dc do not have to be defined. Abbreviations that and tables you mention in the text actually exist. Do incorporate periods should not have spaces: write not put borders around the outside of your figures. “C.N.R.S.,” not “C. N. R. S.” Do not use abbreviations Use the abbreviation “Fig.” even at the beginning of a in the title unless they are unavoidable (for example, sentence. Do not abbreviate “Table.” Tables are “INTERNATIONAL JOURNAL OF ENGINEERING numbered with Roman numerals. AND INNOVATIVE TECHNOLOGY” in the title of Include a note with your final paper indicating that this article). you request color printing. Do not use color unless it is necessary for the proper interpretation of your D. Equations figures. There is an additional charge for color Number equations consecutively with equation printing. numbers in parentheses flush with the right margin, as Figure axis labels are often a source of confusion. Use in (1). First use the equation editor to create the words rather than symbols. As an example, write the equation. Then select the “Equation” markup style. quantity “Magnetization,” or “Magnetization M,” not Press the tab key and write the equation number in just “M.” Put units in parentheses. Do not label axes parentheses. To make your equations more compact, only with units. As in Fig. 1, for example, write you may use the solidus ( / ), the exp function, or 1 “Magnetization (A/m)” or “Magnetization (A m ),” appropriate exponents. Use parentheses to avoid not just “A/m.” Do not label axes with a ratio of ambiguities in denominators.
Recommended publications
  • Blockchain Beyond Cryptocurrency Or Is Private Chain a Hoax Or How I Lose Money in Bitcoin but Still Decide to Get in the Research
    Blockchain Beyond Cryptocurrency Or Is Private Chain a Hoax Or How I Lose Money in Bitcoin but still Decide to Get in the Research Hong Wan Edward P. Fitts Department of Industrial and Systems Engineering Sept 2019 In this talk: • Blockchain and trust • Different kinds of blockchain • Cases and Examples • Discussions First Things First https://images.app.goo.gl/JuNznV8dZKTaHWEf9 Disclaimer Block and Chain https://youtu.be/SSo_EIwHSd4 https://youtu.be/SSo_EIwHSd4 Blockchain Design Questions • Who can access data: Private vs. Public • Who can validate data/add block: Permissioned vs Permissionless • Consensus to be used: Trade-off among security and efficiency. https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=2ahUKEwinjN2s7_DkAhXlmeAKHXxhAIUQjRx6BAgBEAQ&url=ht tps%3A%2F%2F101blockchains.com%2Fconsensus-algorithms-blockchain%2F&psig=AOvVaw23pKh4qS8W_xgyajJ3aFl9&ust=1569669093339830 Bad News First • “Private blockchains are completely uninteresting… -- the only reason to operate one is to ride on the blockchain hype…” Bruce Schneier Tonight we will talk about cryptocurrencies… .everything you don’t understand money combined by everything you don’t understand about computers…. Cryptocurrencies: Last Week Tonight with John Oliver (HBO) https://www.schneier.com/blog/archives/2019/02/blockchain_and_.html http://shorturl.at/ahsRU, shorturl.at/gETV2 https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=2ahUKEwj- https://d279m997dpfwgl.cloudfront.net/wp/2017/11/Trustp72L7vDkAhVjQt8KHU18CjsQjRx6BAgBEAQ&url=https%3A%2F%2Fwww.wbur.org%2Fonpoint%2F2017%2F11%2F20%2Fwho-can-cropped.jpg-you-
    [Show full text]
  • Impossible Differentials in Twofish
    Twofish Technical Report #5 Impossible differentials in Twofish Niels Ferguson∗ October 19, 1999 Abstract We show how an impossible-differential attack, first applied to DEAL by Knudsen, can be applied to Twofish. This attack breaks six rounds of the 256-bit key version using 2256 steps; it cannot be extended to seven or more Twofish rounds. Keywords: Twofish, cryptography, cryptanalysis, impossible differential, block cipher, AES. Current web site: http://www.counterpane.com/twofish.html 1 Introduction 2.1 Twofish as a pure Feistel cipher Twofish is one of the finalists for the AES [SKW+98, As mentioned in [SKW+98, section 7.9] and SKW+99]. In [Knu98a, Knu98b] Lars Knudsen used [SKW+99, section 7.9.3] we can rewrite Twofish to a 5-round impossible differential to attack DEAL. be a pure Feistel cipher. We will demonstrate how Eli Biham, Alex Biryukov, and Adi Shamir gave the this is done. The main idea is to save up all the ro- technique the name of `impossible differential', and tations until just before the output whitening, and applied it with great success to Skipjack [BBS99]. apply them there. We will use primes to denote the In this report we show how Knudsen's attack can values in our new representation. We start with the be applied to Twofish. We use the notation from round values: [SKW+98] and [SKW+99]; readers not familiar with R0 = ROL(Rr;0; (r + 1)=2 ) the notation should consult one of these references. r;0 b c R0 = ROR(Rr;1; (r + 1)=2 ) r;1 b c R0 = ROL(Rr;2; r=2 ) 2 The attack r;2 b c R0 = ROR(Rr;3; r=2 ) r;3 b c Knudsen's 5-round impossible differential works for To get the same output we update the rule to com- any Feistel cipher where the round function is in- pute the output whitening.
    [Show full text]
  • Episode 230: Click Here to Kill Everybody
    Episode 230: Click Here to Kill Everybody Stewart Baker: [00:00:03] Welcome to Episode 230 of The Cyberlaw Podcast brought to you by Steptoe & Johnson. We are back and full of energy. Thank you for joining us. We're lawyers talking about technology, security, privacy, and government. And if you want me to talk about hiking through the rain forest of Costa Rica and just how tough my six-year-old granddaughter is, I'm glad to do that too. But today I'm joined by our guest interviewee Bruce Schneier, an internationally renowned technologist, privacy and security guru, and the author of the new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. We'll be talking to him shortly. For the News Roundup, we have Jamil Jaffer, who's the founder of the estimable and ever-growing National Security Institute. He's also an adjunct professor at George Mason University. Welcome, Jamil. Jamil Jaffer: [00:00:57] Thanks, Stewart. Good to be here. Stewart Baker: [00:00:58] And David Kris, formerly the assistant attorney general in charge of the Justice Department's National Security Division. David, welcome. David Kris: [00:01:07] Thank, you. Good to be here. Stewart Baker: [00:01:08] And he is with his partner in their latest venture, Nate Jones, veteran of the Justice Department, the National Security Council, and Microsoft where he was an assistant general counsel. Nate, welcome. Nate Jones: [00:01:23] Thank you. Stewart Baker: [00:01:25] I'm Stewart Baker, formerly with the NSA and DHS and the host of today's program.
    [Show full text]
  • Bruce Schneier 2
    Committee on Energy and Commerce U.S. House of Representatives Witness Disclosure Requirement - "Truth in Testimony" Required by House Rule XI, Clause 2(g)(5) 1. Your Name: Bruce Schneier 2. Your Title: none 3. The Entity(ies) You are Representing: none 4. Are you testifying on behalf of the Federal, or a State or local Yes No government entity? X 5. Please list any Federal grants or contracts, or contracts or payments originating with a foreign government, that you or the entity(ies) you represent have received on or after January 1, 2015. Only grants, contracts, or payments related to the subject matter of the hearing must be listed. 6. Please attach your curriculum vitae to your completed disclosure form. Signatur Date: 31 October 2017 Bruce Schneier Background Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of 14 books—including the New York Times best-seller Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World—as well as hundreds of articles, essays, and academic papers. His influential newsletter Crypto-Gram and blog Schneier on Security are read by over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet and Society at Harvard University, a Lecturer in Public Policy at the Harvard Kennedy School, a board member of the Electronic Frontier Foundation and the Tor Project, and an advisory board member of EPIC and VerifiedVoting.org. He is also a special advisor to IBM Security and the Chief Technology Officer of IBM Resilient.
    [Show full text]
  • Data Encryption Standard
    Data Encryption Standard The Data Encryption Standard (DES /ˌdiːˌiːˈɛs, dɛz/) is a Data Encryption Standard symmetric-key algorithm for the encryption of electronic data. Although insecure, it was highly influential in the advancement of modern cryptography. Developed in the early 1970s atIBM and based on an earlier design by Horst Feistel, the algorithm was submitted to the National Bureau of Standards (NBS) following the agency's invitation to propose a candidate for the protection of sensitive, unclassified electronic government data. In 1976, after consultation with theNational Security Agency (NSA), the NBS eventually selected a slightly modified version (strengthened against differential cryptanalysis, but weakened against brute-force attacks), which was published as an official Federal Information Processing Standard (FIPS) for the United States in 1977. The publication of an NSA-approved encryption standard simultaneously resulted in its quick international adoption and widespread academic scrutiny. Controversies arose out of classified The Feistel function (F function) of DES design elements, a relatively short key length of the symmetric-key General block cipher design, and the involvement of the NSA, nourishing Designers IBM suspicions about a backdoor. Today it is known that the S-boxes that had raised those suspicions were in fact designed by the NSA to First 1975 (Federal Register) actually remove a backdoor they secretly knew (differential published (standardized in January 1977) cryptanalysis). However, the NSA also ensured that the key size was Derived Lucifer drastically reduced such that they could break it by brute force from [2] attack. The intense academic scrutiny the algorithm received over Successors Triple DES, G-DES, DES-X, time led to the modern understanding of block ciphers and their LOKI89, ICE cryptanalysis.
    [Show full text]
  • Designing Encryption Algorithms for Optimal Software Speed on the Intel Pentium Processor
    Fast Software Encryption: Designing Encryption Algorithms for Optimal Software Speed on the Intel Pentium Processor Bruce Schneier Doug Whiting Counterpane Systems Stac Electronics 101 E Minnehaha Parkway 12636 High Bluff Drive Minneapolis, MN 55419 San Diego, CA 92130 [email protected] [email protected] Abstract. Most encryption algorithms are designed without regard to their performance on top-of-the-line microprocessors. This paper dis- cusses general optimization principles algorithms designers should keep in mind when designing algorithms, and analyzes the performance of RC4, SEAL, RC5, Blowfish, and Khufu/Khafre on the Intel Pentium with respect to those principles. Finally, we suggest directions for algo- rithm design, and give example algorithms, that take performance into account. 1 Overview The principal goal guiding the design of any encryption algorithm must be se- curity. In the real world, however, performance and implementation cost are always of concern. The increasing need for secure digital communication and the incredible processing power of desktop computers make performing software bulk encryption both more desirable and more feasible than ever. The purpose of this paper is to discuss low-level software optimization tech- niques and how they should be applied in the design of encryption algorithms. General design principles are presented that apply to almost all modern CPUs, but specific attention is also given to relevant characteristics of the ubiquitous Intel X86 CPU family (e.g., 486, Pentium, Pentium Pro). Several well-known algorithms are examined to show where these principles are violated, leading to sub-optimal performance. This paper concerns itself with number of clock cy- cles per byte encrypted|given a basic encryption algorithm \style." Factors of two, three, four, or more in speed can be easily obtained by careful design and implementation, and such speedups are very significant in the real world.
    [Show full text]
  • With Bruce Schneier ’84
    Friday, October 5 2–3 p.m. 1400 Wegmans Hall Securing a World of Physically Capable Computers With Bruce Schneier ’84 Computer security is no longer about data; it’s about life and property. This change will shake up our industry in many ways. First, data authentication and integrity will become more important than confidentiality. And second, our largely regulation-free Internet will become a thing of the past. Soon we will no longer have a choice between government regulation and no government regulation; our choice will be between smart government regulation and stupid government regulation. It’s vital that we look back at what we’ve learned from past attempts to secure these systems and forward at what technologies, laws, regulations, economic incentives, and social norms we need to secure them. Internationally renowned security technologist Bruce Schneier ’84, called a security guru by the Economist, is the author of 14 books, including the New York Times best-seller Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, and hundreds of articles, essays, and academic papers. His influential newsletter Crypto-Gram and blog Schneier on Security are widely read. Schneier is a fellow at the Berkman Klein Center for Internet and Society at Harvard University; a lecturer in public policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of EPIC and VerifiedVoting.org. PHOTOGRAPH BY DAVID BETTS DAVID BY PHOTOGRAPH GOERGEN INSTITUTE FOR DATA SCIENCE DISTINGUISHED RESEARCH SEMINAR SERIES • PRESENTED BY THE GOERGEN INSTITUTE FOR DATA SCIENCE IN COOPERATION WITH THE NATIONAL SCIENCE FOUNDATION RESEARCH TRAINEESHIP DATA-ENABLED SCIENCE AND ENGINEERING (NRT-DESE) AWARD FOR GRADUATE TRAINING IN DATA-ENABLED RESEARCH INTO HUMAN BEHAVIOR AND ITS COGNITIVE AND NEURAL MECHANISMS.
    [Show full text]
  • Data Encryption Standard (DES)
    6 Data Encryption Standard (DES) Objectives In this chapter, we discuss the Data Encryption Standard (DES), the modern symmetric-key block cipher. The following are our main objectives for this chapter: + To review a short history of DES + To defi ne the basic structure of DES + To describe the details of building elements of DES + To describe the round keys generation process + To analyze DES he emphasis is on how DES uses a Feistel cipher to achieve confusion and diffusion of bits from the Tplaintext to the ciphertext. 6.1 INTRODUCTION The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute of Standards and Technology (NIST). 6.1.1 History In 1973, NIST published a request for proposals for a national symmetric-key cryptosystem. A proposal from IBM, a modifi cation of a project called Lucifer, was accepted as DES. DES was published in the Federal Register in March 1975 as a draft of the Federal Information Processing Standard (FIPS). After the publication, the draft was criticized severely for two reasons. First, critics questioned the small key length (only 56 bits), which could make the cipher vulnerable to brute-force attack. Second, critics were concerned about some hidden design behind the internal structure of DES. They were suspicious that some part of the structure (the S-boxes) may have some hidden trapdoor that would allow the National Security Agency (NSA) to decrypt the messages without the need for the key. Later IBM designers mentioned that the internal structure was designed to prevent differential cryptanalysis.
    [Show full text]
  • On the Twofish Key Schedule
    On the Two sh Key Schedule ? ?? ??? y Bruce Schneier , John Kelsey , Doug Whiting ,David Wagner , Chris z x Hall , and Niels Ferguson Abstract. Two sh is a new blo ck cipher with a 128 bit blo ck, and a key length of 128, 192, or 256 bits, which has b een submitted as an AES candidate. In this pap er, we brie y review the structure of Two sh, and then discuss the key schedule of Two sh, and its resistance to attack. We close with some op en questions on the securityofTwo sh's key schedule. 1 Intro duction NIST announced the Advanced Encryption Standard AES program in 1997 [NIST97a]. NIST solicited comments from the public on the prop osed standard, and eventually issued a call for algorithms to satisfy the standard [NIST97b]. The intention is for NIST to make all submissions public and eventually, through a pro cess of public review and comment, cho ose a new encryption standard to replace DES. Two sh is our submission to the AES selection pro cess. It meets all the required NIST criteria|128-bit blo ck; 128-, 192-, and 256-bit key; ecienton various platforms; etc.|and some strenuous design requirements, p erformance as well as cryptographic, of our own. Two sh was designed to meet NIST's design criteria for AES [NIST97b]. Sp eci cally, they are: { A 128-bit symmetric blo ck cipher. { Key lengths of 128 bits, 192 bits, and 256 bits. { No weak keys. { Eciency, b oth on the Intel Pentium Pro and other software and hardware platforms.
    [Show full text]
  • Block Ciphers & the Data Encryption Standard 4/10/20
    Block Ciphers & The Data Encryption Standard 4/10/20 CS 330 Block Ciphers 1 Administrivia • “Live” lecture on Monday (4/13) instead of recording • Expect new HW assignment soon • Talk by Lauren Harris (‘14) on Tuesday CS 330 Block Ciphers Guest Speaker! • Secure File Transfer Protcol by Trang Tran CS 330 Block Ciphers There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. -- Preface to Applied Cryptography by Bruce Schneier CS 330 Block Ciphers 4 Modern computer-based ciphers • modern cipher systems take the idea of using multiple, changing substitution alphabets from the mechanical systems developed during WW2 and extend them to the binary representation of data in modern computers. • still two basic types of systems – substitution, which comes in two flavors • symmetric, and • asymmetric – and transposition CS 330 Block Ciphers 5 Symmetric cipher systems • Issues – key management – speed – key-length – ease of programming (and embedding in hardware) – ease of use • the ideal is to make the system invisible to the user. CS 330 Block Ciphers 6 Block vs. Stream Ciphers • block ciphers process messages in blocks, each of which is then en/decrypted – like a substitution on very big characters – or like the polygraphic systems we looked at (Playfair) – 64-bits or more – most current symmetric cipher algorithms are block ciphers (e.g., DES, AES, Blowfish, Twofish, IDEA, TEA) CS 330 Block Ciphers 7 Block vs. Stream Ciphers • stream ciphers process messages a bit or byte at a time when en/decrypting – these systems also may change the key as they encipher, attempting to emulate a one-time pad.
    [Show full text]
  • Supreme Court of the United States
    No. 19-783 IN THE Supreme Court of the United States NATHAN VAN BUREN, Petitioner, v. UNITED STATES, Respondent. ON WRIT OF CERTIORARI TO THE UNITED STATES CouRT OF APPEALS FOR THE ELEVENTH CIRcuIT BRIEF OF AMICI CURIAE COMPUTER SECURITY RESEARCHERS, ELECTRONIC FRONTIER FOUNDATION, CENTER FOR DEMOCRACY & TECHNOLOGY, BUGCROWD, RAPID7, SCYTHE, AND TENABLE IN SUPPORT OF PETITIONER ANDREW CROCKER Counsel of Record NAOMI GILENS ELECTRONic FRONTIER FOUNDATION 815 Eddy Street San Francisco, California 94109 (415) 436-9333 [email protected] Counsel for Amici Curiae 296514 A (800) 274-3321 • (800) 359-6859 i TABLE OF CONTENTS Page TABLE OF CONTENTS..........................i TABLE OF CITED AUTHORITIES ..............iii INTEREST OF AMICI CURIAE ..................1 SUMMARY OF ARGUMENT .....................4 ARGUMENT....................................5 I. The Work of the Computer Security Research Community Is Vital to the Public Interest...................................5 A. Computer Security Benefits from the Involvement of Independent Researchers ...........................5 B. Security Researchers Have Made Important Contributions to the Public Interest by Identifying Security Threats in Essential Infrastructure, Voting Systems, Medical Devices, Vehicle Software, and More ...................10 II. The Broad Interpretation of the CFAA Adopted by the Eleventh Circuit Chills Valuable Security Research. ................16 ii Table of Contents Page A. The Eleventh Circuit’s Interpretation of the CFAA Would Extend to Violations of Website Terms of Service and Other Written Restrictions on Computer Use. .................................16 B. Standard Computer Security Research Methods Can Violate Written Access Restrictions...........................18 C. The Broad Interpretation of the CFAA Discourages Researchers from Pursuing and Disclosing Security Flaws ...............................22 D. Voluntary Disclosure Guidelines and Industry-Sponsored Bug Bounty Programs A re Not Sufficient to Mitigate the Chill .
    [Show full text]
  • Antonio Tajani MEP President of the European Parliament [email protected]
    Antonio Tajani MEP President of the European Parliament [email protected] 12 June 2018 Mr President, Article 13 of the EU Copyright Directive Threatens the Internet As a group of the Internet’s original architects and pioneers and their successors, we write to you as a matter of urgency about an imminent threat to the future of this global network. The European Commission’s proposal for Article 13 of the proposed Directive for Copyright in the Digital Single Market Directive was well-intended. As creators ourselves, we share the concern that there should be a fair distribution of revenues from the online use of copyright works, that benefits creators, publishers, and platforms alike. But Article 13 is not the right way to achieve this. By requiring Internet platforms to perform automatic filtering all of the content that their users upload, Article 13 takes an unprecedented step towards the transformation of the Internet from an open platform for sharing and innovation, into a tool for the automated surveillance and control of its users. Europe has been served well by the balanced liability model established under the Ecommerce Directive, under which those who upload content to the Internet bear the principal responsibility for its legality, while platforms are responsible to take action to remove such content once its illegality has been brought to their attention. By inverting this liability model and essentially making platforms directly responsible for ensuring the legality of content in the first instance, the business models and investments of platforms large and small will be impacted. The damage that this may do to the free and open Internet as we know it is hard to predict, but in our opinions could be substantial.
    [Show full text]