DOCSLIB.ORG

Post Quantum Secure Authentication Methods Suitable for Quantum Key Distribution

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Post Quantum Secure Authentication Methods Suitable for Quantum Key Distribution Eötvös Loránd University Faculty of Informatics Post Quantum Secure Authentication methods suitable for Quantum Key Distribution Dr. Zoltán Istenes Mohammad Rashid Zamani Professor at ELTE Computer Science Dr. Andreas Peter Assistant Professor at UTwente Dr. Benedek Kovács Senior Specialist at Ericsson Budapest, 2018. Statement of thesis submission and originality I hereby confirm the submission of the Master Thesis Work on the Computer Science MSc course with author and title: Name of Student: Mohammad Rashid Zamani Code of Student: FANMN7 Title of Thesis: Post Quantum Secure Authentication Methods Suitable for Quantum Key Distribution Supervisor: Dr. Zoltán Istenes Computer Science at Eötvös Loránd University, Faculty of Informatics. In consciousness of my full legal and disciplinary responsibility I hereby claim that the submitted thesis work is my own original intellectual product, the use of referenced literature is done according to the general rules of copyright. I understand that in the case of thesis works the following acts are considered plagiarism: • literal quotation without quotation marks and reference; • citation of content without reference; • presenting others’ published thoughts as own thoughts. Budapest, July 4, 2018 student i Abstract Quantum Key Distribution occurs over two communication channels: classical and quan- tum. While the quantum channel is somewhat secure by quantum principles, the classical channel need to be authenticated using cryptographic algorithms. Unfortunately, the au- thentication algorithms and the methods suggested are not taking into consideration the problems practical implementations are facing. Moreover, there are areas which has not been discussed by the literature such as the quantum application layer in communication over classical channel. This study identifies the hurdles practical implementations of QKD are facing and proposes a solution which take into consideration these needs. Moreover, it suggests new protocols and approaches suitable for QKD post processing authentication. ii Dedication To the butterfly and the bee. iii Acknowledgement "Always two there are, no more, no less. A master and an apprentice." — Yoda iv CONTENTS Contents 1 Background 1 1.1 Quantum Information Theory and Cryptography . .3 1.2 Quantum Key Distribution . .5 1.2.1 BB84 . .5 1.3 Cryptographic Authentication . .8 1.3.1 Authentication in QKD . .8 1.4 Scope . .9 1.5 Outline . 11 2 Related Literature Analysis 13 2.1 QKD Post Processing . 14 2.1.1 Key Sifting . 15 2.1.2 Confirmation . 15 2.1.3 Error Correction . 16 2.1.4 Privacy Amplification . 16 2.2 QKD Authentication . 17 2.2.1 Block Cipher Based MACs . 18 2.2.2 Cryptographic Hash Based MAC . 25 2.2.3 Universal Hash Based MAC . 30 2.3 QKD Network Implementations . 32 2.3.1 DARPA QKD Network . 34 2.3.2 SECQOC QKD Network . 36 2.3.3 SwissQuantum . 40 2.3.4 Wuhu QKD Network . 42 2.3.5 Los Alamos National Laboratory NQC . 43 2.4 Summary . 45 2.4.1 Post Processing . 45 v CONTENTS 2.4.2 Authentication . 47 2.4.3 QKD Networks . 56 3 Contribution 61 3.1 Solution Architecture . 61 3.2 Quantum Post Processing Daemon . 64 3.2.1 Authentication Algorithm . 66 3.3 Authenticated Post Processing Protocol . 67 3.4 Sample Run . 68 3.4.1 Error 0xE ................................. 70 3.4.2 Initial Setup 0x0 ............................. 71 3.4.3 Sifting 0x1 ................................ 74 3.5 Key Management Layer . 76 4 Discussion 79 4.1 Solution Design Philosophy . 79 4.1.1 Architecture . 81 4.1.2 Authentication . 82 4.1.3 APPP . 82 4.2 Solution Comparison . 82 4.3 Conclusion . 84 vi LIST OF FIGURES List of Figures 1.1 BB84 schematic run . .5 1.2 Photon polarization . .6 1.3 BB84 protocol flow . .7 2.1 Key transformation in post processing. 14 2.2 CMAC . 20 2.3 PMAC . 21 2.4 GCTR . 22 2.5 GCM . 23 2.6 GHASH . 24 2.7 Sponge Construction . 27 2.8 Hash Benchmark . 29 2.9 QKD Network . 32 2.10 QKD Network Architecture . 33 2.11 DARPA Architecture . 35 2.12 QBB link . 37 2.13 QBB node . 38 2.14 SECQOC network . 39 2.15 Q3P protocol stack . 40 2.16 Q3P packet header. 41 2.17 Wuhu network. 42 2.18 Los Alamos QKD network . 43 2.19 Los Alamos user registration . 44 3.1 Solution Architecture . 63 3.2 IPSec AH . 66 3.3 Solution Protocol Stack . 66 3.4 APPP constant header. 67 vii LIST OF FIGURES 3.5 APPP communication sequence . 70 3.6 QKD Error header. 70 3.7 APPP Initial Setup header QKD instantiation request . 71 3.8 APPP chunk request . 73 3.9 APPP constant header 2 . 74 3.10 APPP sifting . 75 3.11 APPP Post Processing Sifting Confirmation. 75 3.12 Keys transformation though the system. 78 viii LIST OF TABLES List of Tables 2.1 Stream ciphers benchmark . 51 2.2 Skylake benchmark . 52 2.3 auth256 benchmark . 55 3.1 APPP constant header fields. 68 3.2 APPP version 0b000 Header Type values. 69 3.3 Sb values. 75 ix Acronyms Acronyms AES Advanced Encryption System. 4, 18, 19, 23, 24, 35, 43, 49–54, 77, 80 AH Internet Protocol Security Authentication Header. vii, 65–67, 76, 83, 84 AL Application Layer. 34, 62, 77 API Application Programming Interface. 40, 57, 62, 77 APPP Authenticated Post Processing Protocol. vi– ix, 12, 65, 67–76, 79–82, 85 BB84 QKD protocol, Bennett and Brassard pro- posed in 1984. v, 5–7, 9, 10, 13–17, 35, 36, 42, 44–47, 59, 61, 68, 69 CBC Cipher Block Chaining. 20, 21, 24, 25 CMAC Cipher-based Message Authentication Code. 20, 51 cpb Cycles per Byte. 10, 27, 29, 31, 49, 51, 53, 54 CPU Centeral Processing Unit. 19, 27, 28, 31, 48–52 CRC Cyclic Redundancy Check. 44 CTR Counter Mode. 22, 23, 31, 51, 52 DARPA Defense Advanced Research Projects Agency. v, 34–37, 57, 59, 65, 80 DES Data Encryption Standard. 2, 25, 50 x Acronyms ECB Electronic Codebook. 21 ESP Internet Protocol Security Encapsulating Se- curity Payload. 35, 84 ETSI European Telecommunications Standards In- stitute. 57, 63, 80 FFT Fast Fourier Transform. 31 FIPS Federal Information Processing Standard. 28, 30 Gbps Giga bit per second. 10, 80, 81 GCM Galois/Counter Mode. vii, 22, 23, 51–54 GHz Giga Hertz. 49 GMAC Galois/Counter Mode Message Authentica- tion Code. 22–24, 31, 52, 55 HAIFA HAsh Iterative FrAmework. 26, 30 HMAC Hash-Based Message Authentication Code. 29, 30, 35, 53, 55, 59 ICB Initial Counter Block. 22 ICV Integrity Checking Value. 66 IETF Internet Engineering Task Force. 50, 52 IKE Internet Key Encapsulation protocol. 35, 36, 57 IP Internet Protocol. 34, 38, 39, 42, 48, 49, 63–65, 67, 71, 73, 74, 76, 82–84 IPSec Internet Protocol Security. vii, 34–36, 41, 48, 49, 61, 62, 65–67, 76, 77, 81–84 ITS Information-Theoretic Secure. 2–4, 10, 18, 31, 34, 36–38, 43, 48, 50, 54–56, 66, 76, 80, 85 IV Initial Vector. 22 KDF Key Derivation Function. 30, 35, 55, 59, 65, 72 xi Acronyms KEP Key Encapsulation Protocols. 34, 35, 57, 64 KMAC KECCAK-family Message Authentication Code. 29, 30, 53, 55, 76 KML Key Management Layer. vi, 34, 43, 62–64, 67, 76, 77, 80, 85 LDPC Low-Density Parity-Check code. 16, 44, 46, 47 MAC Message Authentication Code. v, 8, 9, 13, 14, 17–21, 23–25, 28–31, 49–51, 53, 54, 80, 85 MBps Mega Bytes per Second. 49, 80 Mbps Mega bits per Second. 80 MD Merkle-Damgård. 26, 30, 59 MHz Mega Hertz. 27 MITM Man-In-The-Middle. 8, 10, 15, 46 MTU Maximum Transfer Unit. 65, 83 NIC Network Interface Controller. 49 NIST National Institute of Standards and Technol- ogy. 28, 30, 50, 52, 54, 64 NQC Network-centric Quantum Communication. v, 43 NSA National Security Agency. 50 OSI Open Systems Interconnection. 34, 38, 41, 62, 64, 67 OTP One Time Pad. 2, 3, 36, 37, 41, 43, 57, 58, 77, 80, 85 PDU Payload Data Unit. 65 PKI Public Key Infrastructure. 2, 41 PMAC Parallelized Message Authentication Code. 21, 24 xii Acronyms PRF Psuedo Random Function. 18, 19, 23, 30 Q3P Quantum Point-to-Point Protocol. vii, 37–40, 48, 49, 59, 64, 82–84 QAN Quantum Access Node. 38 QBB Quantum BackBone. vii, 36–39, 41, 58, 62 QBER qubit Error Rate. 14–16, 46, 69, 72 QID Quantum-device Identifier. 63, 71, 72 QKD Quantum Key Distribution. ii, v–viii, 4, 5, 9– 14, 17, 28, 32–43, 45–49, 56–59, 61–63, 65, 68– 72, 76, 77, 79, 80, 82, 84, 85 QKDAL Quantum Key Distribution Application Layer. 40, 83 QKDLL Quantum Key Distribution Link.
Load more

Recommended publications
  • FIPS 140-2 Non-Proprietary Security Policy
    Kernel Crypto API Cryptographic Module version 1.0 FIPS 140-2 Non-Proprietary Security Policy Version 1.3 Last update: 2020-03-02 Prepared by: atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 www.atsec.com © 2020 Canonical Ltd. / atsec information security This document can be reproduced and distributed only whole and intact, including this copyright notice. Kernel Crypto API Cryptographic Module FIPS 140-2 Non-Proprietary Security Policy Table of Contents 1. Cryptographic Module Specification ..................................................................................................... 5 1.1. Module Overview ..................................................................................................................................... 5 1.2. Modes of Operation ................................................................................................................................. 9 2. Cryptographic Module Ports and Interfaces ........................................................................................ 10 3. Roles, Services and Authentication ..................................................................................................... 11 3.1. Roles .......................................................................................................................................................11 3.2. Services ...................................................................................................................................................11
    [Show full text]
  • IMPLEMENTATION and BENCHMARKING of PADDING UNITS and HMAC for SHA-3 CANDIDATES in FPGAS and ASICS by Ambarish Vyas a Thesis Subm
    IMPLEMENTATION AND BENCHMARKING OF PADDING UNITS AND HMAC FOR SHA-3 CANDIDATES IN FPGAS AND ASICS by Ambarish Vyas A Thesis Submitted to the Graduate Faculty of George Mason University in Partial Fulfillment of The Requirements for the Degree of Master of Science Computer Engineering Committee: Dr. Kris Gaj, Thesis Director Dr. Jens-Peter Kaps. Committee Member Dr. Bernd-Peter Paris. Committee Member Dr. Andre Manitius, Department Chair of Electrical and Computer Engineering Dr. Lloyd J. Griffiths. Dean, Volgenau School of Engineering Date: ---J d. / q /9- 0 II Fall Semester 2011 George Mason University Fairfax, VA Implementation and Benchmarking of Padding Units and HMAC for SHA-3 Candidates in FPGAs and ASICs A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science at George Mason University By Ambarish Vyas Bachelor of Science University of Pune, 2009 Director: Dr. Kris Gaj, Associate Professor Department of Electrical and Computer Engineering Fall Semester 2011 George Mason University Fairfax, VA Copyright c 2011 by Ambarish Vyas All Rights Reserved ii Acknowledgments I would like to use this oppurtunity to thank the people who have supported me throughout my thesis. First and foremost my advisor Dr.Kris Gaj, without his zeal, his motivation, his patience, his confidence in me, his humility, his diverse knowledge, and his great efforts this thesis wouldn't be possible. It is difficult to exaggerate my gratitude towards him. I also thank Ekawat Homsirikamol for his contributions to this project. He has significantly contributed to the designs and implementations of the architectures. Additionally, I am indebted to my student colleagues in CERG for providing a fun environment to learn and giving invaluable tips and support.
    [Show full text]
  • RESOURCE-EFFICIENT CRYPTOGRAPHY for UBIQUITOUS COMPUTING Lightweight Cryptographic Primitives from a Hardware & Software Perspective
    RESOURCE-EFFICIENT CRYPTOGRAPHY FOR UBIQUITOUS COMPUTING Lightweight Cryptographic Primitives from a Hardware & Software Perspective DISSERTATION for the degree of Doktor-Ingenieur of the Faculty of Electrical Engineering and Information Technology at the Ruhr University Bochum, Germany by Elif Bilge Kavun Bochum, December 2014 Copyright © 2014 by Elif Bilge Kavun. All rights reserved. Printed in Germany. Anneme ve babama... Elif Bilge Kavun Place of birth: Izmir,˙ Turkey Author’s contact information: [email protected] www.emsec.rub.de/chair/ staff/elif bilge kavun Thesis Advisor: Prof. Dr.-Ing. Christof Paar Ruhr-Universit¨atBochum, Germany Secondary Referee: Prof. Christian Rechberger Danmarks Tekniske Universitet, Denmark Thesis submitted: December 19, 2014 Thesis defense: February 6, 2015 v Abstract Technological advancements in the semiconductor industry over the last few decades made the mass production of very small-scale computing devices possible. Thanks to the compactness and mobility of these devices, they can be deployed “pervasively”, in other words, everywhere and anywhere – such as in smart homes, logistics, e-commerce, and medical technology. Em- bedding the small-scale devices into everyday objects pervasively also indicates the realization of the foreseen “ubiquitous computing” concept. However, ubiquitous computing and the mass deployment of the pervasive devices in turn brought some concerns – especially, security and privacy. Many people criticize the security and privacy management in the ubiquitous context. It is even believed that an inadequate level of security may be the greatest barrier to the long-term success of ubiquitous computing. For ubiquitous computing, the adversary model and the se- curity level is not the same as in traditional applications due to limited resources in pervasive devices – area, power, and energy are actually harsh constraints for such devices.
    [Show full text]
  • SHA-3 Update
    SHA+3%update% %% % Quynh%Dang% Computer%Security%Division% ITL,%NIST% IETF%86% SHA-3 Competition 11/2/2007% SHA+3%CompeDDon%Began.% 10/2/2012% Keccak&announced&as&the&SHA13&winner.& IETF%86% Secure Hash Algorithms Outlook ► SHA-2 looks strong. ► We expect Keccak (SHA-3) to co-exist with SHA-2. ► Keccak complements SHA-2 in many ways. Keccak is good in different environments. Keccak is a sponge - a different design concept from SHA-2. IETF%86% Sponge Construction Sponge capacity corresponds to a security level: s = c/2. IETF%86% SHA-3 Selection ► We chose Keccak as the winner because of many different reasons and below are some of them: ► It has a high security margin. ► It received good amount of high-quality analyses. ► It has excellent hardware performance. ► It has good overall performance. ► It is very different from SHA-2. ► It provides a lot of flexibility. IETF%86% Keccak Features ► Keccak supports the same hash-output sizes as SHA-2 (i.e., SHA-224, -256, -384, -512). ► Keccak works fine with existing applications, such as DRBGs, KDFs, HMAC and digital signatures. ► Keccak offers flexibility in performance/security tradeoffs. ► Keccak supports tree hashing. ► Keccak supports variable-length output. IETF%86% Under Consideration for SHA-3 ► Support for variable-length hashes ► Considering options: ► One capacity: c = 512, with output size encoding, ► Two capacities: c = 256 and c = 512, with output size encoding, or ► Four capacities: c = 224, c = 256, c=384, and c = 512 without output size encoding (preferred by the Keccak team). ► Input format for SHA-3 hash function(s) will contain a padding scheme to support tree hashing in the future.
    [Show full text]
  • Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using Fpgas
    Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using FPGAs Kris Gaj, Ekawat Homsirikamol, and Marcin Rogawski ECE Department, George Mason University, Fairfax, VA 22030, U.S.A. {kgaj,ehomsiri,mrogawsk}@gmu.edu http://cryptography.gmu.edu Abstract. Performance in hardware has been demonstrated to be an important factor in the evaluation of candidates for cryptographic stan- dards. Up to now, no consensus exists on how such an evaluation should be performed in order to make it fair, transparent, practical, and ac- ceptable for the majority of the cryptographic community. In this pa- per, we formulate a proposal for a fair and comprehensive evaluation methodology, and apply it to the comparison of hardware performance of 14 Round 2 SHA-3 candidates. The most important aspects of our methodology include the definition of clear performance metrics, the de- velopment of a uniform and practical interface, generation of multiple sets of results for several representative FPGA families from two major vendors, and the application of a simple procedure to convert multiple sets of results into a single ranking. Keywords: benchmarking, hash functions, SHA-3, FPGA. 1 Introduction and Motivation Starting from the Advanced Encryption Standard (AES) contest organized by NIST in 1997-2000 [1], open contests have become a method of choice for select- ing cryptographic standards in the U.S. and over the world. The AES contest in the U.S. was followed by the NESSIE competition in Europe [2], CRYPTREC in Japan, and eSTREAM in Europe [3]. Four typical criteria taken into account in the evaluation of candidates are: security, performance in software, performance in hardware, and flexibility.
    [Show full text]
  • The Software Performance of Authenticated-Encryption Modes 1
    An earlier version of this paper appears at Fast Software Encryption 2011 (FSE 2011). The Software Performance of Authenticated-Encryption Modes Ted Krovetz∗ Phillip Rogawayy March 21, 2011 Abstract We study the software performance of authenticated-encryption modes CCM, GCM, and OCB. Across a variety of platforms, we find OCB to be substantially faster than either alternative. For example, on an Intel i5 (\Clarkdale") processor, good implementations of CCM, GCM, and OCB encrypt at around 4.2 cpb, 3.7 cpb, and 1.5 cpb, while CTR mode requires about 1.3 cpb. Still we find room for algorithmic improvements to OCB, showing how to trim one blockcipher call (most of the time, assuming a counter-based nonce) and reduce latency. Our findings contrast with those of McGrew and Viega (2004), who claimed similar performance for GCM and OCB. Key words: authenticated encryption, cryptographic standards, encryption speed, modes of operation, CCM, GCM, OCB. 1 Introduction Background. Over the past few years, considerable effort has been spent constructing schemes for authenticated encryption (AE). One reason is recognition of the fact that a scheme that delivers both privacy and authenticity may be more efficient than the straightforward amalgamation of separate privacy and authenticity techniques. A second reason is the realization that an AE scheme is less likely to be incorrectly used than an encryption scheme designed for privacy alone. While other possibilities exist, it is natural to build AE schemes from blockciphers, employing some mode of operation. There are two approaches. In a composed (\two-pass") AE scheme one conjoins essentially separate privacy and authenticity modes.
    [Show full text]
  • Lecture9.Pdf
    Merkle- Suppose H is a Damgaord hash function built from a secure compression function : several to build a function ways keyed : m : = H Ilm 1 . end FCK ) (k ) Prep key , " " ↳ - Insecure due to structure of Merkle : can mount an extension attack: H (KH m) can Barnyard given , compute ' Hlkllmllm ) by extending Merkle- Danged chain = : m : 2 . FCK ) 11k) Append key , Hlm ↳ - - to : Similar to hash then MAC construction and vulnerable same offline attack adversary finds a collision in the - - > Merkle and uses that to construct a for SHA I used PDF files Barnyard prefix forgery f , they ↳ - Structure in SHA I (can matches exploited collision demonstration generate arbitrary collisions once prefix ) ' = : FCK m - H on h 3. method , ) ( K HMH K) for reasonable randomness ( both Envelope pseudo assumptions e.g , : = - = i - - : F ( m m } : h K m h m k 4. nest ( ki ) H Ck H (k m ( , and m ( ) is a PRF both Two , kz , ) (ka HH , )) F- , ) ) Falk , ) , ) key , - of these constructions are secure PRFS on a variable size domain hash- based MAC ✓ a the - nest with correlated : HMAC is PRF / MAC based on two key (though keys) : = m H H ka m HMACCK ( K H ( , )) , ) , where k ← k ④ and kz ← k to , ipad opad and and are fixed ( in the HMAC standard) ipad opad strings specified I 0×36 repeated %x5C repeated : k . a Since , and ka are correlated need to make on h remains under Sety , stronger assumption security leg , pseudorandom related attack) Instantiations : denoted HMAC- H where H is the hash function Typically , HMAC- SHAI %" - - HMAC SHA256
    [Show full text]
  • GCM) for Confidentiality And
    NIST Special Publication 800-38D Recommendation for Block DRAFT (April, 2006) Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication Morris Dworkin C O M P U T E R S E C U R I T Y Abstract This Recommendation specifies the Galois/Counter Mode (GCM), an authenticated encryption mode of operation for a symmetric key block cipher. KEY WORDS: authentication; block cipher; cryptography; information security; integrity; message authentication code; mode of operation. i Table of Contents 1 PURPOSE...........................................................................................................................................................1 2 AUTHORITY.....................................................................................................................................................1 3 INTRODUCTION..............................................................................................................................................1 4 DEFINITIONS, ABBREVIATIONS, AND SYMBOLS.................................................................................2 4.1 DEFINITIONS AND ABBREVIATIONS .............................................................................................................2 4.2 SYMBOLS ....................................................................................................................................................4 4.2.1 Variables................................................................................................................................................4
    [Show full text]
  • Item Box Subject Author Title Exps Pages Size Inches Pub. Date Grand
    Item Box Subject Author Title Exps Pages Size Inches Pub. Date Grand Total: 3, 139, 369, 104, 343, 159, [and the 210 Namibian 51, 612, 191, 21, 44, 1, 39, 95, 428, docs so far is 2809] (2599) Central Africa:3 1 Central Africa—General Economics UNECA Subregional Strategies 19 32 8x11.5 Hints to Businessmen Visiting The London Board of 2 Central Africa—General Economics Congo (Brazzaville), Chad, Gabon 19 32 4.75x7.125 Trade and Central African Republic Purpose and Perfection Pottery as 3 Central Africa—General Art The Smithsonian Institution 3 4 8x9.25 a Woman's Art in Central Africa Botswana:139 National Institute of Access to Manual Skills Training in 1 Botswana—Bibliographies Bibliography Development and Cultural Botswana: An Annotated 9 13 8x11.5 Research Bibliography Social Thandiwe Kgosidintsi and 2 Botswana—Bibliographies Sciences—Information Publishing in Botswana 2 2 8.5x11 Neil Parsons Science National Institute of 3 Botswana—Bibliographies Bibliography Development Rearch and Working Papers 5 8 5.75x8.25 Documentation University of Botswana and Department of Library Studies 1 Botswana—Social Sciences Social Sciences 28 25 8.25x11.75 Swaziland Prospectus Social Refugees In Botswana: a Policy of 2 Botswana—Social Sciences United Nations 3 7 4.125x10.5 Sciences—Refugees Resettlement Projet De College Exterieur Du 3 Botswana—Social Sciences Social Sciences unknown 3 3 8.25x11.75 Botswana Community Relations in Botswana, with special reference to Francistown. Statement 4 Botswana—Social Sciences Social Sciences Republic of Botswana Delivered to the National Assembly 4 5 5.5x8 1971 by His Honor the Vice President Dt.
    [Show full text]
  • Indian Hieroglyphs
    Indian hieroglyphs Indus script corpora, archaeo-metallurgy and Meluhha (Mleccha) Jules Bloch’s work on formation of the Marathi language (Bloch, Jules. 2008, Formation of the Marathi Language. (Reprint, Translation from French), New Delhi, Motilal Banarsidass. ISBN: 978-8120823228) has to be expanded further to provide for a study of evolution and formation of Indian languages in the Indian language union (sprachbund). The paper analyses the stages in the evolution of early writing systems which began with the evolution of counting in the ancient Near East. Providing an example from the Indian Hieroglyphs used in Indus Script as a writing system, a stage anterior to the stage of syllabic representation of sounds of a language, is identified. Unique geometric shapes required for tokens to categorize objects became too large to handle to abstract hundreds of categories of goods and metallurgical processes during the production of bronze-age goods. In such a situation, it became necessary to use glyphs which could distinctly identify, orthographically, specific descriptions of or cataloging of ores, alloys, and metallurgical processes. About 3500 BCE, Indus script as a writing system was developed to use hieroglyphs to represent the ‘spoken words’ identifying each of the goods and processes. A rebus method of representing similar sounding words of the lingua franca of the artisans was used in Indus script. This method is recognized and consistently applied for the lingua franca of the Indian sprachbund. That the ancient languages of India, constituted a sprachbund (or language union) is now recognized by many linguists. The sprachbund area is proximate to the area where most of the Indus script inscriptions were discovered, as documented in the corpora.
    [Show full text]
  • The Boomerang Attacks on the Round-Reduced Skein-512 *
    The Boomerang Attacks on the Round-Reduced Skein-512 ? Hongbo Yu1, Jiazhe Chen3, and Xiaoyun Wang2;3 1 Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China 2 Institute for Advanced Study, Tsinghua University, Beijing 100084, China fyuhongbo,[email protected] 3 Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, School of Mathematics, Shandong University, Jinan 250100, China [email protected] Abstract. The hash function Skein is one of the ¯ve ¯nalists of the NIST SHA-3 competition; it is based on the block cipher Three¯sh which only uses three primitive operations: modular addition, rotation and bitwise XOR (ARX). This paper studies the boomerang attacks on Skein-512. Boomerang distinguishers on the compression function reduced to 32 and 36 rounds are proposed, with complexities 2104:5 and 2454 respectively. Examples of the distinguishers on 28-round and 31- round are also given. In addition, the boomerang distinguishers are applicable to the key-recovery attacks on reduced Three¯sh-512. The complexities for key-recovery attacks reduced to 32-/33- /34-round are about 2181, 2305 and 2424. Because Laurent et al. [14] pointed out that the previous boomerang distinguishers for Three¯sh-512 are in fact not compatible, our attacks are the ¯rst valid boomerang attacks for the ¯nal round Skein-512. Key words: Hash function, Boomerang attack, Three¯sh, Skein 1 Introduction Cryptographic hash functions, which provide integrity, authentication and etc., are very impor- tant in modern cryptology. In 2005, as the most widely used hash functions MD5 and SHA-1 were broken by Wang et al.
    [Show full text]
  • SHA-3 Conference, March 2012, Skein: More Than Just a Hash Function
    Skein More than just a hash function Third SHA-3 Candidate Conference 23 March 2012 Washington DC 1 Skein is Skein-512 • Confusion is common, partially our fault • Skein has two special-purpose siblings: – Skein-256 for extreme memory constraints – Skein-1024 for the ultra-high security margin • But for SHA-3, Skein is Skein-512 – One hash function for all output sizes 2 Skein Architecture • Mix function is 64-bit ARX • Permutation: relocation of eight 64-bit words • Threefish: tweakable block cipher – Mix + Permutation – Simple key schedule – 72 rounds, subkey injection every four rounds – Tweakable-cipher design key to speed, security • Skein chains Threefish with UBI chaining mode – Tweakable mode based on MMO – Provable properties – Every hashed block is unique • Variable size output means flexible to use! – One function for any size output 3 The Skein/Threefish Mix 4 Four Threefish Rounds 5 Skein and UBI chaining 6 Fastest in Software • 5.5 cycles/byte on 64-bit reference platform • 17.4 cycles/byte on 32-bit reference platform • 4.7 cycles/byte on Itanium • 15.2 cycles/byte on ARM Cortex A8 (ARMv7) – New numbers, best finalist on ARMv7 (iOS, Samsung, etc.) 7 Fast and Compact in Hardware • Fast – Skein-512 at 32 Gbit/s in 32 nm in 58 k gates – (57 Gbit/s if processing two messages in parallel) • To maximize hardware performance: – Use a fast adder, rely on simple control structure, and exploit Threefish's opportunities for pipelining – Do not trust your EDA tool to generate an efficient implementation • Compact design: – Small FPGA
    [Show full text]