DOCSLIB.ORG

(12) United States Patent (10) Patent No.: US 6,182,216 B1 Luyster (45) Date of Patent: Jan

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
(12) United States Patent (10) Patent No.: US 6,182,216 B1 Luyster (45) Date of Patent: Jan US006182216B1 (12) United States Patent (10) Patent No.: US 6,182,216 B1 Luyster (45) Date of Patent: Jan. 30, 2001 (54) BLOCK CIPHER METHOD nology Laboratory National Institute of Standards and Technology. (76) Inventor: Frank C. Luyster, 100 Riverside La., Riverside, CT (US) 06878 Burton S. Kaliski Jr. and Yiqun Lisa Yin, On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm, (*) Notice: Under 35 U.S.C. 154(b), the term of this Lecture Notes in Computer Science, vol. 963, pp. 171-184, patent shall be extended for 0 days. Aug. 1995. (21) Appl. No.: 09/154.391 (List continued on next page.) (22) Filed: Sep. 16, 1998 Related U.S. Application Data Primary Examiner Thomas R. Peeso (60) Provisional application No. 60/059,142, filed on Sep. 17, 1997, provisional application No. 60/062.992, filed on Oct. (74) Attorney, Agent, or Firm-Cantor Colburn LLP 23, 1997, provisional application No. 60/064.331, filed on Oct. 30, 1997, provisional application No. 60/094,632, filed (57) ABSTRACT on Jul. 30, 1998, provisional application No. 60/096,788, filed on Aug. 17, 1998, provisional application No. 60/096, A data encryption System for encrypting an n-bit block of 921, filed on Aug. 18, 1998, and provisional application No. 60/098,905, filed on Sep. 2, 1998. input in a plurality of rounds is presented, where n is preferably 128 bits or more. The data encryption system (51) Int. Cl. ................................................. G06F 1/26 includes a computing unit for the execution of each round; (52) U.S. Cl. .......................... 713/168; 713/171; 713/200; memory for Storing and loading Segments, a bit-moving 713/201; 380/28; 380/44 (58) Field of Search ........................ 380/28, 44; 713/168, function capable of rotating, shifting, or bit-permute round 713/171, 182, 200, 201 Segments by predetermined numbers of bits preferably to achieve active and effective fixed rotation; a linear combi (56) References Cited nation function which provides new one-to-one round Seg U.S. PATENT DOCUMENTS ments using a round operator generally from one algebraic group to combine two different one-to-one round Segments 4,078,152 3/1978 Tuckerman, III ...................... 178/22 taken from one one-to-one round Segment Set, and a non 4,157,454 * 6/1979 Becker ................................... 380/37 4,160,120 * 7/1979 Barnes et al. .......................... 380/29 linear function which affects a one-to-one round Segment from a particular one-to-one round Segment Set based on a (List continued on next page.) value which depends on a preselected number of bits in a FOREIGN PATENT DOCUMENTS preSelected location from a different one-to-one round Seg ment from the same one-to-one round Segment Set. The PCT/US99/ nonlinear function is a variable rotation function or an S-box. 13358 6/1999 (WO). A Subkey combining function is generally employed in each OTHER PUBLICATIONS round to provide new round Segments by combining a round AES-A Crypto Algorithm for the Twenty-first Century Segment typically linearly with a Subkey Segment. The First Advanced Encryption Standard Candidate Confer ence Aug. 20-22, 1998 Sponsored by: Information Tech 40 Claims, 14 Drawing Sheets N-8T BOOK (64.28.258 BITSEC: -53 RO Na BITS - 2 --34. 82 80 L2 88 64 R. xxx W W-LSBR) RCUN 78 *ist () 82 84 88 R M2 BITS 88 x-STBLOCK 84.28.258 ITSEC: US 6,182,216 B1 Page 2 U.S. PATENT DOCUMENTS Lars R. Knudsen and Willi Meier, Improved Differential 4,168,396 9/1979 Best ..................................... 380/244 Attacks on RC5, Lecture Notes in Computer Science, vol. 4,249,180 2/1981 Eberle et al. .. ... 375/2 1109, pp. 216-228, Aug. 1996. 4.255.811 3/1981 Adler ......... ... 375/2 Bruce Schneier and Doug Whiting, Fast Software Encryp 4,306,111 * 12/1981 Lu et al. ... ... 380/30 4,308.617 * 12/1981 German, Jr. ... ... 375/208 tion. Designing Encryption Algorithms for Optimal Soft 4,375,579 3/1983 Davida et al. ......................... 380/28 ware Speed on the Intel Pentium Processor, Lecture Notes in 4,724.541 2/1988 Mallick .................................. 380/28 Computer Science, vol. 1267, pp. 242-259, Jan. 1997. 4,982,429 1/1991 Takaragi et al.. 5,003,596 3/1991 Wood. Lars R. Knudsen & Willi Meier; Differential Cryptanalysis 5,003,597 3/1991 Merkle ................................... 380/37 of RC5 (1), Pub. European Transactions on Telecommuni 5,054,067 10/1991 Moroney et al. ...................... 380/37 cation, vol. 8, No. 5, Sep. 23, 1997. 5,103,479 4/1992 Takaragi et al.. 5,214,704 5/1993 Mittenthal .............................. 380/37 W.E. Madryga; A high Performance Encryption Algorithm, 5,317,638 5/1994 Kao et al. Pub. 1984. 5,351,299 9/1994 Matsuzaki et al. .................... 380/37 5,381,480 1/1995 Butter et al. Ronald L. Rivest, M.J.B. Robshaw, R. Sidney and Y.L. Yin; 5,454,039 9/1995 Coppersmith et al. ................ 380/28 The RC6 Block Cipher, Pub. Aug. 20, 1998. 5,835,600 10/1998 Rivest. John Kelsey, Bruce Schneir and David Wagner; Key-Sched OTHER PUBLICATIONS ule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Ronald L. Rivest, The RC5 Encryption Algorithm, Lecture Triple-DES. Notes in Computer Science, vol. 1008, pp. 86-96, Dec. 1994. * cited by examiner U.S. Patent Jan. 30, 2001 Sheet 1 of 14 US 6,182,216 B1 10 FIG. 1 N-BIT BLOCK (64. BIT) PRIOR ART RO (N/2 BITS) - 12 R1 (N/2 BITS) - 14 26 24 1 RO - 30 ROUND RC5 /Y-22 |ENCRYPTON 32 \/ J6 - - - -K4 4 O 42 RO (N/2 BITS) R1 (N/2 BITS) N - Bf T B E O C K U.S. Patent Jan. 30, 2001 Sheet 2 of 14 US 6,182,216 B1 FIG 2 PRIOR ART -16 18 KEY = RO-RO + KEY } R1-R, + KEY 2 KEY 2 = O 0000 100000000000 0000IOOOOOOOOOOO O -----------------|---------RO-RO (BR1 OOOOOOOOOOOOOOOO RO=RO<<<l SB(RI) : OOOOOOOOOOOOOOOO | KEY 3= RO-RO + P(EY 3 28 O OOOOOOOOOOOOOOOO Ri=R1 (D RO 22 OOOOIOOOOOOOOOOO - - - ST R1-Rik KLSB(RO) J4.32 ROUND OOOOOOOOOOOOOOO 36 RC5 ENCRYTION Ri=R1 + KEY 4 KEY 4 = 0000 100000000000 OJ |- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - V RO-RO (DR1 20 OOOOIOOOOOOOOOOO RO-RO<<<LSBCR1) 2624 OOOO IOOOOOOOOOOO KEY 5- RO-RO + KEY 5 28 O OOOOIOOOOOOOOOOO Ri=R1 (D RO 22 OOOOOOOOOOOOOOOO - - -2ND 34.32 ROUND R=Rik<<LSBCRO) A. RC5 OOOOOOOOOOOOOOOO 36 ENCRYPTION R}=R + KEY 6 KEY 6 = OOOOOOOOOOOOOOOO O R O 4 O R= 42 0000 100000000000 OOOOOOOOOOOOOOOO U.S. Patent Jan. 30, 2001 Sheet 3 of 14 US 6,182,216 B1 FIG 3 N-BIT BLOCK (64.128.256 BITS, ETC) 54 (E)-(2) W-LSB(R1) 7O 3 72 RO > f HC2) 86 RO (N/2. BITS) R (N/2. BITS) 88 N-BIT BLOCK (64.28.256 BITS, ETC) U.S. Patent Jan. 30, 2001 Sheet 4 of 14 US 6,182,216 B1 FIG 4 52 56 RO= Ry-Ri XOr KEY 7 KEY 1 = 0000 100000000000 0000 100000000000 O - - - - - - - - - - - - - - - - - -Sao TTTTTTTTTT KEY 2- RO-RO --((RDX)4) €9KEY2) w w O OOOO IOOOIOOOOOOO RO-RO) >>LSB(Ri) 64.66 0000|IOOOOOOOOOO 70,72.74 - - -ROUND ST RER0000IOOOIOOOIOOO (ROAREr3KEY 3O -: OF ENCRYPTION R=Ri>>>LSBCRO) 76.78 OOOOIOOOIOOOOOO - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - KEY 4= RO-RO -- (CRD)>4) €BKEY4) O IOOO IOOOOOOIOOO RO-ROXXY SBCRI) OOOOOOOOOO IOO1 70,72.74 - - - 2ND Ri=R1+(CRO)>>4) (DKEY5), KEY 5 = ROUND IOO 10010001OOOOOOOOO O ENCRYPTION R=Ri>>>LSB(RO)IOOO IOOOOOOIOO 76.78 OOOOIOOO IOOOIOO1 IOOO IOOOOOO!!OO WHERE THE LINEAR OPERATIONS ARE L2, L6 = xor L4. L8 F Xor L3, L7 = ADDITION L5, L9 = ADDITION U.S. Patent Jan. 30, 2001 Sheet 5 of 14 US 6,182,216 B1 FIG 5 K-BIT BLOCK (64.128.256 BITS, ETC) -90 92 94 KA (K/2 BITS) KB (K/2 BITS) U.S. Patent Jan. 30, 2001 Sheet 6 of 14 US 6,182,216 B1 FIG 6 N-BIT BLOCK (64.28.256 BITS, ETC) -10 RO (N/2 EITS)2 RI (N/2 BITS) ' N-BIT BLOCK (64.128.256 BITS, ETC) U.S. Patent Jan. 30, 2001 Sheet 7 of 14 US 6,182,216 B1 FIG 7 N-BIT BLOCK (128.256 BITS, ETC) 150 54 f 170 ROUND V=SBOXILSB(RO) (E 172 K3 174 176 178 18O 186 RO (N/2 BITS) R! (N/2 BITS) N-BIT BLOCK (128.256 BITS, ETC) U.S. Patent Jan. 30, 2001 Sheet 8 of 14 US 6,182,216 B1 FIG. 8 Ki =0 152 154 RO= - R=Rée Kl 0000 100000000000 0000 100000000000 - - - - - - - - - - - - 160T 5a - - - - - RO-RO €D V V=SBOXOOOO) 1011107O IOO! IOI! 1077 OOIO IOO! IOI RO-RO -- (CRD)>4) (DK2) IOI 2011 0001101) 172 - - - ST V=SBOXFOil R=R) (DV ROUND OF OOO7IIIO IOIOOOIO OOOO!!OOOOOO ENCRYPTION O 178.18O RO->>>4 f=R --((ROXXX4) (DK3) IOM Oil ION OOO! 1101 OOOO101 OO!! - -- - - - - - m - - - - - - - - - m - - - - - - - - - - RO-RO €D V V=SBOXIOOI OOOOOOOOOOO! III IOOOO!! IIIO FSA =O RO-RO --((RDX)4) (DK4) LRI->>>4 162 Oilill OIOOIOIO 00illiol looloolol 4. 17O' 172' --ND V=SBOXOO) Ri=R16DV ROUND OF OJOT 1111 OOIO IOO) 10001101011! IOIO ENCRYPTION 174 K50 78.80 RO=>>>4 1TY R=R! --((RO)))4) €DK5) IOIOO!!! Illi O100 Sf OOIOIO, OIO IIIO - - - - - - - - - - - - - - - - - - - - - 176 RO= 184 186 - R= ON 1117 OIOO IOIO OO11010101101110 WHERE SBOXIOOOO}=1011 OOIO IOOi O11 OPERATORS SBOXIO11)=OOO! (11O IOIO OOIO L2L8-XOr L5L11-xOr SBOXOOIL)=1111 |OOJ OOil IIIO L3L9-XOr L6L2=XOr SBOXIIO1Oji=OIOf 1111 OOIO IOO1 L4, LIO-Odd L7L (3=GGd U.S.
Load more

Recommended publications
  • US 2007/0043.668A1 Baxter Et Al
    US 2007.0043.668A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2007/0043.668A1 Baxter et al. (43) Pub. Date: Feb. 22, 2007 (54) METHODS AND SYSTEMS FOR Related U.S. Application Data NEGOTABLE-INSTRUMENT FRAUD PREVENTION (63) Continuation of application No. 10/371,984, filed on Feb. 20, 2003, now Pat. No. 7,072,868. (75) Inventors: Craig A. Baxter, Castle Rock, CO (US); John Charles Ciaccia, Parker, Publication Classification CO (US); Rodney J. Esch, Littleton, CO (US) (51) Int. Cl. G06Q 99/00 (2006.01) Correspondence Address: (52) U.S. Cl. ................................................................ 705/50 TOWNSEND AND TOWNSEND AND CREW, LLP (57) ABSTRACT TWO EMBARCADERO CENTER EIGHTH FLOOR SAN FRANCISCO, CA 94111-3834 (US) An authentication value is provided in a magnetic-ink field of a negotiable instrument. The authentication value is (73) Assignee: First Data Corporation, Greenwood derived from application of an encryption algorithm defined Village, CO (US) by a secure key. The authentication value may be used to authenticate the instrument through reapplication of the (21) Appl. No.: 11/481,062 encryption algorithm and comparing the result with the authentication value. The instrument is authenticated if there (22) Filed: Jul. 3, 2006 is a match between the two. 530 instrument Presented at Port of Sae instrument Conveyed to First Financial MCR line Scanned and instrument 534 Institution Authenticated at Point of Sale 538 Electronic Package Generated with MICR-Line Information andlor image 542 Electronic
    [Show full text]
  • Miss in the Middle
    Miss in the middle By: Gal Leonard Keret Miss in the Middle Attacks on IDEA, Khufu and Khafre • Written by: – Prof. Eli Biham. – Prof. Alex Biryukov. – Prof. Adi Shamir. Introduction • So far we used traditional differential which predict and detect statistical events of highest possible probability. Introduction • A new approach is to search for events with probability one, whose condition cannot be met together (events that never happen). Impossible Differential • Random permutation: 휎 푀0 = 푎푛푦 퐶 표푓 푠푖푧푒 푀0. • Cipher (not perfect): 퐸 푀0 = 푠표푚푒 퐶 표푓 푠푖푧푒 푀0. • Events (푚 ↛ 푐) that never happen distinguish a cipher from a random permutation. Impossible Differential • Impossible events (푚 ↛ 푐) can help performing key elimination. • All the keys that lead to impossibility are obviously wrong. • This way we can filter wrong key guesses and leaving the correct key. Enigma – for example • Some of the attacks on Enigma were based on the observation that letters can not be encrypted to themselves. 퐸푛푖푔푚푎(푀0) ≠ 푀0 In General • (푀0, 퐶1) is a pair. If 푀0 푀0 → 퐶1. • 푀 ↛ 퐶 . 0 0 Some rounds For any key • ∀ 푘푒푦| 퐶1 → 퐶0 ↛ is an impossible key. Cannot lead to 퐶0. Some rounds Find each keys Decrypt 퐶1back to 퐶0. IDEA • International Data Encryption Algorithm. • First described in 1991. • Block cipher. • Symmetric. • Key sizes: 128 bits. • Block sizes: 64 bits. ⊕ - XOR. ⊞ - Addition modulo 216 ⊙ - Multiplication modulo 216+1 Encryption security • Combination of different mathematical groups. • Creation of "incompatibility“: ∗ • 푍216+1 → 푍216 ∗ • 푍216 → 푍216+1 ∗ ∗ Remark: 푍216+1 doesn’t contain 0 like 푍216 , so in 푍216+1 0 will be converted to 216 since 0 ≡ 216(푚표푑 216).
    [Show full text]
  • Miss in the Middle Attacks on IDEA and Khufu
    Miss in the Middle Attacks on IDEA and Khufu Eli Biham? Alex Biryukov?? Adi Shamir??? Abstract. In a recent paper we developed a new cryptanalytic techni- que based on impossible differentials, and used it to attack the Skipjack encryption algorithm reduced from 32 to 31 rounds. In this paper we describe the application of this technique to the block ciphers IDEA and Khufu. In both cases the new attacks cover more rounds than the best currently known attacks. This demonstrates the power of the new cryptanalytic technique, shows that it is applicable to a larger class of cryptosystems, and develops new technical tools for applying it in new situations. 1 Introduction In [5,17] a new cryptanalytic technique based on impossible differentials was proposed, and its application to Skipjack [28] and DEAL [17] was described. In this paper we apply this technique to the IDEA and Khufu cryptosystems. Our new attacks are much more efficient and cover more rounds than the best previously known attacks on these ciphers. The main idea behind these new attacks is a bit counter-intuitive. Unlike tra- ditional differential and linear cryptanalysis which predict and detect statistical events of highest possible probability, our new approach is to search for events that never happen. Such impossible events are then used to distinguish the ci- pher from a random permutation, or to perform key elimination (a candidate key is obviously wrong if it leads to an impossible event). The fact that impossible events can be useful in cryptanalysis is an old idea (for example, some of the attacks on Enigma were based on the observation that letters can not be encrypted to themselves).
    [Show full text]
  • Giza and the Pyramids, Veteran Hosni Mubarak
    An aeroplane flies over the pyramids and Sphinx on the Giza Plateau near Cairo. ARCHAEOLOGY The wonder of the pyramids Andrew Robinson enjoys a volume rounding up research on the complex at Giza, Egypt. n Giza and the Pyramids, veteran Hosni Mubarak. After AERAGRAM 16(2), 8–14; 2015), the tomb’s Egyptologists Mark Lehner and Zahi Mubarak fell from four sides, each a little more than 230 metres Hawass cite an Arab proverb: “Man power during the long, vary by at most just 18.3 centimetres. Ifears time, but time fears the pyramids.” It’s Arab Spring that year, Lehner and Hawass reject the idea that a reminder that the great Egyptian complex Hawass resigned, amid armies of Egyptian slaves constructed the on the Giza Plateau has endured for some controversy. pyramids, as the classical Greek historian four and a half millennia — the last monu- The Giza complex Herodotus suggested. They do, however, ment standing of that classical-era must-see invites speculation embrace the concept that the innovative list, the Seven Wonders of the World. and debate. Its three administrative and social organization Lehner and Hawass have produced an pyramids are the Giza and the demanded by the enormous task of build- astonishingly comprehensive study of the tombs of pharaohs Pyramids ing the complex were key factors in creating excavations and scientific investigations Khufu, Khafre and MARK LEHNER & ZAHI Egyptian civilization. CREATIVE GEOGRAPHIC L. STANFIELD/NATL JAMES that have, over two centuries, uncovered Menkaure, also known HAWASS The authors are also in accord over a the engineering techniques, religious and as Cheops, Chephren Thames & Hudson: theory regarding the purpose of the Giza cultural significance and other aspects of and Mycerinus, 2017.
    [Show full text]
  • Encryption Block Cipher
    10/29/2007 Encryption Encryption Block Cipher Dr.Talal Alkharobi 2 Block Cipher A symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. When encrypting, a block cipher take n-bit block of plaintext as input, and output a corresponding n-bit block of ciphertext. The exact transformation is controlled using a secret key. Decryption is similar: the decryption algorithm takes n-bit block of ciphertext together with the secret key, and yields the original n-bit block of plaintext. Mode of operation is used to encrypt messages longer than the block size. 1 Dr.Talal Alkharobi 10/29/2007 Encryption 3 Encryption 4 Decryption 2 Dr.Talal Alkharobi 10/29/2007 Encryption 5 Block Cipher Consists of two algorithms, encryption, E, and decryption, D. Both require two inputs: n-bits block of data and key of size k bits, The output is an n-bit block. Decryption is the inverse function of encryption: D(E(B,K),K) = B For each key K, E is a permutation over the set of input blocks. n Each key K selects one permutation from the possible set of 2 !. 6 Block Cipher The block size, n, is typically 64 or 128 bits, although some ciphers have a variable block size. 64 bits was the most common length until the mid-1990s, when new designs began to switch to 128-bit. Padding scheme is used to allow plaintexts of arbitrary lengths to be encrypted. Typical key sizes (k) include 40, 56, 64, 80, 128, 192 and 256 bits.
    [Show full text]
  • Foreword by Whitfield Diffie Preface About the Author Chapter 1
    Applied Cryptography: Second Edition - Bruce Schneier Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C by Bruce Schneier Wiley Computer Publishing, John Wiley & Sons, Inc. ISBN: 0471128457 Pub Date: 01/01/96 Foreword By Whitfield Diffie Preface About the Author Chapter 1—Foundations 1.1 Terminology 1.2 Steganography 1.3 Substitution Ciphers and Transposition Ciphers 1.4 Simple XOR 1.5 One-Time Pads 1.6 Computer Algorithms 1.7 Large Numbers Part I—Cryptographic Protocols Chapter 2—Protocol Building Blocks 2.1 Introduction to Protocols 2.2 Communications Using Symmetric Cryptography 2.3 One-Way Functions 2.4 One-Way Hash Functions 2.5 Communications Using Public-Key Cryptography 2.6 Digital Signatures 2.7 Digital Signatures with Encryption 2.8 Random and Pseudo-Random-Sequence Generation Chapter 3—Basic Protocols 3.1 Key Exchange 3.2 Authentication 3.3 Authentication and Key Exchange 3.4 Formal Analysis of Authentication and Key-Exchange Protocols 3.5 Multiple-Key Public-Key Cryptography 3.6 Secret Splitting 3.7 Secret Sharing 3.8 Cryptographic Protection of Databases Chapter 4—Intermediate Protocols 4.1 Timestamping Services 4.2 Subliminal Channel 4.3 Undeniable Digital Signatures 4.4 Designated Confirmer Signatures 4.5 Proxy Signatures 4.6 Group Signatures 4.7 Fail-Stop Digital Signatures 4.8 Computing with Encrypted Data 4.9 Bit Commitment 4.10 Fair Coin Flips 4.11 Mental Poker 4.12 One-Way Accumulators 4.13 All-or-Nothing Disclosure of Secrets Page 1 of 666 Applied Cryptography: Second Edition - Bruce
    [Show full text]
  • On Probability of Success in Linear and Differential Cryptanalysis
    J. Cryptol. (2008) 21: 131–147 DOI: 10.1007/s00145-007-9013-7 On Probability of Success in Linear and Differential Cryptanalysis Ali Aydın Selçuk Department of Computer Engineering, Bilkent University, Ankara, 06800, Turkey [email protected] Communicated by Eli Biham Received 28 April 2003 and revised 7 August 2007 Online publication 14 September 2007 Abstract. Despite their widespread usage in block cipher security, linear and dif- ferential cryptanalysis still lack a robust treatment of their success probability, and the success chances of these attacks have commonly been estimated in a rather ad hoc fashion. In this paper, we present an analytical calculation of the success probability of linear and differential cryptanalytic attacks. The results apply to an extended sense of the term “success” where the correct key is found not necessarily as the highest-ranking candidate but within a set of high-ranking candidates. Experimental results show that the analysis provides accurate results in most cases, especially in linear cryptanalysis. In cases where the results are less accurate, as in certain cases of differential cryptanaly- sis, the results are useful to provide approximate estimates of the success probability and the necessary plaintext requirement. The analysis also reveals that the attacked key length in differential cryptanalysis is one of the factors that affect the success probabil- ity directly besides the signal-to-noise ratio and the available plaintext amount. Key words. Block ciphers, Linear cryptanalysis, Differential cryptanalysis, Success probability, Order statistics. 1. Introduction Differential cryptanalysis (DC) [1] and linear cryptanalysis (LC) [11,12]aretwoofthe most important techniques in block cipher cryptanalysis today.
    [Show full text]
  • Analyses of Curupira Block Cipher
    VIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais 89 Analyses of Curupira Block Cipher Jorge Nakahara Jr 1jorge [email protected] Abstract. Curupira is a 96-bit block cipher, with keys of 96, 144 or 192 bits, and variable number of rounds, an algorithm described at SBRC 2007. This paper1 presents impossible-differential, boomerang and higher-order multiset attacks on reduced-round versions of Curupira, that were not previously considered in the security analysis by its designers. Also, we provide security analyses based solely on the block size and on the key size of the cipher, such as plaintext leakage and related-key attacks. Our analyses indicate new attacks on up to 6-round Curupira. 1. Introduction Curupira is a block cipher designed by Barreto and Simpl´ıcio and presented at SBRC 2007 [Barreto and Simpl´ıcio Jr 2007]. This cipher has a Substitution Permutation Net- work (SPN) structure, like the AES [AES 1997] and is based on the wide-trail design strategy [Daemen 1995]. In [Barreto and Simpl´ıcio Jr 2007], the designers of Curupira argued about its security under several attack settings. The best reported attack was the square or saturation attack [Daemen et al. 1997] on up to seven rounds of Curupira, with a complexity smaller than that of an exhaustive key search. In this paper, we describe impossible-differential (ID), boomerang and higher-order multiset attacks on reduced- round versions of Curupira. The motivation for the ID and boomerang attacks are the fact that these techniques exploit the cipher from both the encryption and decryption di- rections, namely, the corresponding distinguishers are based on differentials constructed from both ends of a given cipher.
    [Show full text]
  • Ontario Superior Court of Justice
    CourtFileNo.: CV-17- -OOCP ONTARIO SUPERIOR COURT OF JUSTICE MATTER OF a Proceeding under the Class Proceedings Act, 1992, S.O. 1992, C. 6 ARLENE MCDOWELL and BRYAN MADRYGA Plaintiffs - and- FORTRESS REAL CAPITAL INC., FORTRESS REAL DEVELOPMENTS INC., JAWAD RA TH ORE, VINCENZO PETROZZA, LAMB CALGARY INC., ORCHARD CALGARY INC., BUILDING & DEVELOPMENT MORTGAGES CANADA INC., ILDINA GALATI, FFM CAPITAL INC., ROSALIA SPADAFORA, KRISH KOCHHAR, TONY MAZZO LI, SAUL PERLOV, FMP MORTGAGE INVESTMENTS INC., MICHAEL DARAMOLA, TONINO AMENDOLA, GRAHAM MCWATERS, DEREK SORRENTI, GRANT MORGAN, SORRENTI LAW PROFESSIONAL CORPORATION, OLYMPIA TRUST COMPANY Defendants STATEMENT OF CLAIM TO THE DEFENDANT(S): A LEGAL PROCEEDING HAS BEEN COMMENCED AGAINST YOU by the Plaintiff. The Claim made against you is set out in the following pages. IF YOU WISH TO DEFEND THIS PROCEEDING, you or an Ontario lawyer acting for you must prepare a Statement of Defence in Form l 8A prescribed by the Rules of Civil Procedure, serve it on the Plaintiff lawyer or, where the Plaintiff do not have a lawyer, serve it on the Plaintiff, and file it, with proof of service, in this court office, WITHIN TWENTY DAYS after this Statement of Claim is served on you, if you are served in Ontario. If you are served in another province or territory of Canada or in the United States of America, the period for serving and filing your Statement of Defence is forty days. If you are served outside Canada and the United States of America, the period is sixty days. Instead of serving and filing a Statement of Defence, you may serve and file a Notice of Intent to Defend in Form 18B prescribed by the Rules of Civil Procedure.
    [Show full text]
  • Pyramids of the Giza Plateau Pyramid Complexes of Khufu, Khafre, and Menkaure
    Pyramids of the Giza Plateau Pyramid Complexes of Khufu, Khafre, and Menkaure Charles Rigano AuthorHouse™ 1663 Liberty Drive Bloomington, IN 47403 www.authorhouse.com Phone: 1-800-839-8640 © 2014 Charles Rigano. All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted by any means without the written permission of the author. Published by AuthorHouse 05/14/2015 ISBN: 978-1-4969-5249-3 (sc) ISBN: 978-1-4969-5248-6 (e) Any people depicted in stock imagery provided by Thinkstock are models, and such images are being used for illustrative purposes only. Certain stock imagery © Thinkstock. Because of the dynamic nature of the Internet, any web addresses or links contained in this book may have changed since publication and may no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect the views of the publisher, and the publisher hereby disclaims any responsibility for them. Front Cover: - Khufu’s Great Pyramid at dusk as seen from near the Sphinx. Photo by the author. Back Cover: Top - The three Giza Pyramids from close to far: Menkaure and subsidiary pyramids, Khafre, and Khufu. Photo by author. Bottom - Author Charles Rigano with Menkaure’s Pyramid in the background. Author’s photo. Contents Preface The Gizeh Plateau Area Surrounding the Giza Plateau Giza Plateau Pyramid Complexes Chapter 1: The Giza Plateau Chapter 2: Khufu’s Pyramid Exterior Chapter 3: Khufu’s Pyramid Interior Chapter 4: Khufu’s Mortuary Complex Chapter 5: Khufu’s Pyramid – Designing, Closing, and Opening Chapter 6: Khafre’s Pyramid Site Chapter 7: Khafre’s Pyramid Interior Chapter 8: Khafre’s Mortuary Complex Chapter 9: The Sphinx Complex Chapter 10: Menkaure’s Pyramid Exterior Chapter 11: Menkaure’s Pyramid Interior Chapter 12: Menkaure’s Mortuary Complex Appendix: The Tuthmosis IV Stele Between the Sphinx Paws Photo Credits Suggested Reading and References Preface I remember the moment in 1970 that my fascination for Ancient Egypt started.
    [Show full text]
  • 2019: Alexandria, Virginia
    THE 70TH ANNUAL MEETING OF THE AMERICAN RESEARCH CENTER IN EGYPT April 12-14, 2019 Washington, D.C. ANNUAL MEETING OF THE AMERICAN RESEARCH CENTER IN EGYPT April 12-14, 2019 Washington, D.C. U.S. Headquarters 909 North Washington Street, Suite 320 Alexandria, Virginia, 22314 703.721.3479 Cairo Center 2 Midan Simón Bolívar Garden City, Cairo, 11461 20.2.2794.8239 [email protected] 2 3 *Dr. Ahmed Abu-Zayed, Head of Libraries and Archives TABLE CONTENTS Janie Abdul Aziz, Grant Administrator of *Djodi Deutsch, Academic Programs Manager Itinerary 12 Zakaria Yacoub, IT Manager Session Schedule 14 *Sally El Sabbahy, Communications & Outreach Associate *Samira El Adawy, Programs Coordinator Presentation Abstracts 18 Andreas Kostopoulos, Project Archives Specialist Student Poster Abstracts 99 Noha Atef Halim, Assistant Finance Manager Yasser Tharwat, Project Financial & Reporting Manager ARCE STAFF Doaa Adel, Accountant U.S. Staff Salah Metwally, Associate for Governmental Affairs Osama Abdel Fatah Mohamed , Supervising Librarian *Dr. Fatma Ismail, Interim US Operations Director Amira Gamal, Cataloguing Librarian *Michael Wiles, Chief Financial Officier Reda Anwar, Administrative Assistant to Office Manager *Laura Rheintgen, Director of Development Salah Rawash, Security & Reception Coordinator *Dr. Heba Abdel Salam, US Programs Advisor Abdrabou Ali Hassan, Maintenance Assistant & Director’s Driver *Claire Haymes, Board Relations Manager Ahmed Hassan, Senior Traffic Department Officer & Driver *Megan Allday, Annual Meeting Coordinator (Consultant) Ramadan Khalil Abdou, ARCE Representative Ellen Flanagan, US Human Resources Coordinator (Consultant) Mohamed Hassan Mohamed, Transportation Assistant & Messenger *Rebecca Cook, Membership & Development Manager Eid Fawzy, Technical Clerk & Messenger Freddy Feliz, IT Manager Nour Ibrahim, Messenger *Beth Wang, Development & Research Assistant ARCE STAFF ARCE STAFF Cairo Staff Luxor Staff *Dr.
    [Show full text]
  • Petrie, W. M. Flinders. the Pyramids and Temples of Gizeh. London
    THE PYRAMIDS AND TEMPLES OF GIZEH Drawing by F. Petrie W.M FLINDERS PETRIE with an update by ZAHI HAWASS THE PYRAMIDS AND TEMPLES OF GIZEH. GREAT PYRAMID. SMALL PYRAMIDS. PE.R1 BOLUS. SMALL PYRAMIDS. THIRD PYRAMID. PERlBOLUS. EXCAVATION. SEGOND PYRAMID. THE NINE PYRAMIDS OF GIZEH. FROM THE SOUTH . THE PYRAMIDS AND TEMPLES OF GIZEH. BY W. M. FLINDERS PETRIE, Author of "Inductive Metrology," "Stonehenge," "Tanis," &c. NEW AND REVISED EDITION. HISTORIES & MYSTERIES OF MAN LTD. LONDON, ENGLAND 1990 Printed in the U.S.A. © Zahi Hawass Further Titles in Series include: I) BALLAS by J. E. Quibell II) The RAMESSEUM by J. E. Quibell & The Tomb of PTAHHETEP by F. L. L. Griffith III) EL KAB by J. E. Quibell IV) HIERAKONPOLIS I by J. E. Quibell V) HIERAKONPOLIS II by F. W. Green and J. E. Quibell VI) EL ARABAH by J. Garstang VII) MAHASNA by J. Garstang VIII) TEMPLE OF THE KINGS AT ABYDOS by A. St. G. Caulfield IX) The OSIREION by Margaret Alice Murray X) SAQQARA MASTABAS I by Margaret Alice Murray SAQQARA MASTABAS II by Margaret Alice Murray HYKSOS & ISRAELITE CITIES Double Volume by Petrie & Duncan ANCIENT RECORDS OF EGYPT by James Henry Breasted ANCIENT RECORDS OF ASSYRIA by David Luckenbill THE CHRONOLOGY OF ANCIENT KINGDOMS AMENDED by Sir Isaac Newton STONEHENGE by Petrie. Updated by Gerald Hawkins TELL EL HESY (LACHISH) by W. M. Flinders Petrie A HISTORY OF EGYPTIAN ARCHITECTURE by Alexander Badawy For further details please write for catalogue to HISTORIES & MYSTERIES OF MAN LTD. The Glassmill 1, Battersea Bridge Road London SW11 3BG ENGLAND ISBN 1-85417-051-1 THE FIRST EDITION OF THIS WORK WAS PUBLISHED WITH THE ASSISTANCE OF A VOTE OF ONE HUNDRED POUNDS FROM THE GOVERNMENT-GRANT COMMITTEE OF THE ROYAL SOCIETY.
    [Show full text]