Swenson bindex.tex V1 - 01/29/2008 1:28pm Page 229 Index A attacks addition, sum of two points, 53–57 boomerang attack, 220–222 AddRoundKey operation, Rijndael encryption brute force attack, 150–151 algorithm, 123, 127 chosen-ciphertext attack, 150 Adleman, Leonard, 49 chosen-plaintext attack, 150 Advanced Encryption Standard ciphertext-only attack, 149 (AES)/Rijndael), Rijndael encryption collision attack, 162 algorithm, 123–127 Hellman time-space trade-off, affine equations, 168 153–154 algebra, 43–48 interpolation attack, 222–223 associativity, 45 known-plaintext attack, 149 finitefields,45–48 meet-in-the-middle attack, 151–152 functions in, 44 miss-in-the-middle attack, 217–218 identity elements, 44–45 pre-image attack, 162 inverse elements, 44–45 probable plaintext attack, 149–150 operations in, 43–44 slide attack, 158–162 algorithm(s),62–67 exponential-time, 63, 68 factorization, categorizing, 68 B linear, 63 baby-step giant-step algorithm, 82–83 order (Big-Oh), 62–64 analysis of, 83 polynomial-time, 63 discrete logarithm, computing, 82–83 running time, 63–64 bias and storage complexity,COPYRIGHTED 63 linear MATERIAL cryptanalysis, 169, 175–178 subexponential, 63 random number generators, 144 superpolynomial-time, 63 big endian, 92, 94 writing binary numbers, conversion to hexidecimal best approach, 64–65 (table), 93 invented programming language, 64 binary XOR long division, 125–126 programming language, 64 binomial coefficient, 27 pseudocode, 64 birthday paradox inPython, 65–67 collision in, 32–33, 162 alphabets, keyed alphabets, 4–5 as cryptographic tool, 36 AND operator, 93 probability, measuring, 32–36 associativity, algebraic, 45 bit mask, 104 asymmetric logarithms, defined, 91 bitoperations,94–95 229 Swenson bindex.tex V1 - 01/29/2008 1:28pm Page 230 230 Index ■ B–C block ciphers hashing algorithm, 37–38 Advanced Encryption Standard chosen-ciphertext attacks, 150 (AES)/Rijndael), 122–129 chosen-plaintext attacks, 150, 158, 160 block in, 91 cipher(s) blowfish, 120–122 keying, 4–6 cipher block chaining (CBC), 131–132 monoalphabetic, 2–4 cipher feedback mode (CFM), 133 polyalphabetic, 7–8 counter (CTR) mode, 133 transposition, 9–10 Data Encryption Standard (DES), 110–114 cipher block chaining (CBC), 131–132 defined, 2, 91 decryption algorithms, 131 electronic codebook (ECB), 129–131 encryption algorithm, 131 fast encipherment algorithm (FEAL), cipher feedback mode (CFM), 133 114–119 keystream, 133 Feistel structures, 106–109 ciphertext-only attack, 149 hash algorithms, 138–142 COCONUT98 algorithm, 222 message digests, 137, 140–141 coin flip, probability, 26 one-time pad, 145–146 collision(s) output feedback (OFB) mode, 133 in birthday paradox, 32–33, 162 padding, 132–133 chain collision, 155, 157 P-boxes, 98–101 defined, 162 productciphers,95–96 probability of, 32–33 random number generators, 143–145 and rainbow tables, 157 shift registers, 100 collision attacks Skipjack, 134–136 defined, 162 stream cipher, 133 types of, 162 substitution-permutation networks, 100–106 columnar transposition ciphers substitutions, 96–98 breaking block replay, and electronic codebook (ECB), digraph, 18–20 130–131 sliding window technique, 19–21 Blowfish, 120–122 trigraph,18–20 compared to DES, 120 elements of, 9–10 encryption algorithm, 121 commutative group, 45 key schedule, 120–121 complementation slide attacks, 161–162 P-values, 120–121 complete set of residues (CSR), 41 round function, 121–122 complex numbers, defined, 39 S-boxes, 120–121 conditional characteristics, 213–214 Boolean expressions, in Python, 67 conditionals, in Python, 67 boomerang attack, 220–222 congruence bruteforcealgorithms,68–70 congruence class, 41 advantages of, 70 defined, 40 analysis of, 69–70 Euler totient, 42–43 for discrete logarithms, 82 modulus,40–41 factoringby,68–70 continued fraction factorization, 79–80 pre-computing, 82 analysis of, 79 brute force attacks, 150–151 continued fractions, defined, 79 advantages of, 151 floor function, 79 bytes, 92 quadraticresidues,finding, 79–80 counter (CTR) mode, 133 C cryptanalysis Caesar cipher, 2–3 columnar transposition ciphers, breaking, chain collisions, 155, 157 18–21 characteristic differential cryptanalysis, 195–226 conditional characteristics, 213–214 double columnar transposition ciphers, differential cryptanalysis, 196 breaking,21–23 iterative, 200, 207 hash functions, 162–163 S-boxes, combining, 200–201 linear cryptanalysis, 167–192 checksums monoalphabetic ciphers, breaking, 11–15 functions of, 139 polyalphabetic ciphers, breaking, 15–18 Swenson bindex.tex V1 - 01/29/2008 1:28pm Page 231 Index ■ C–E 231 random number generators, 163–165 s-box differentials, 197–201 time-space trade-offs, 151–158 second-order differentials, 214–215 cryptanalysis algorithms, as finite, 39–40 truncated differentials, 216–217 cryptograms, 1 Diffie-Hellman Key Exchange Protocol cryptographic hash algorithm as discrete logarithm, 81 defined, 38 elements of, 51–52 digital signatures, 138–139 with elliptical curve, 59 one-way hashes, 38 on finite field, 81 cryptographic hash functions, 138–139 digital signatures, cryptographic hash cryptoquips, 1 algorithm, 138–139 cyclic redundancy checks (CRC), 139–140 digraph, columnar transposition ciphers, breaking,18–20 D discretelogarithm(s),51–52,81–86 Daemen, Joan, 123 baby-step giant-step algorithm, 82–83 Data Encryption Standard (DES), 110–114 brute force method, 82 DESX, 113 compared to continuous logarithm, 51 differential cryptanalysis, 207–210 defined, 81 encryption algorithm, 110 Diffie-Hellman Key Exchange Protocol, key schedule, 111 51–52, 59, 81 linear cryptanalysis, 181–184 elements of, 51 Randomized DES, 213–214 index calculus method, 86 round function, 110–112 Pollard’s λ logarithmfor,83–85 successor to. See Advanced Encryption Pollard’s rho (ρ) methodfor,83–85 Standard (AES)/Rijndael) distinguished endpoint method, 156 3DES, 112–113, 152, 225–226 divisibility, prime numbers, 39 decryption algorithms double columnar transpositions cipher block chaining (CBC), 131 breaking Feistel structures, 109 method of, 21–22 Rijndael algorithm, 127–128 elements of, 10 Skipjack, 136 demultiplexing E fast encipherment algorithm (FEAL), Easy1 cipher 117–118 differential cryptanalysis, 197–198, 201–202, Python code for, 104 205 dependence linear cryptanalysis, 175–179 dependent events, 28 operation of, 102 versus independent events, 28 in Python, 102–106, 116–117 probability, measuring, 27–32 substitution-permutation networks, 101–102 dice roll, probability, 27–28 electronic codebook (ECB), 129–131 differential cryptanalysis weaknesses of, 130–131 advantages of, 210–211 El Gamal public key encryption, 81 boomerang attack, 220–222 elliptical curve factorization method (ECM), characteristic, 213–214 77–78 characteristics in, 196 analysis of, 78 Data Encryption Standard (DES), 207–210 factoring example, 77–78 defined, 195 elliptic curve(s), 52–59 differential-linear cryptanalysis, 211–212 defined, 52 differentials in, 196 Diffie-Hellman Key Exchange Protocol Easy1 cipher, 197–198, 201–202, 205 applied to, 59 fast encipherment algorithm (FEAL), 207 infinity, point at, 53–55 Feistel structures, 206–207 operations, performing, 58 higher-order differentials, 214–215 points,adding,53–57 impossible differentials, 217–219 tanget to curve, 55 interpolation attack, 222–223 Weierstrass form, 53 key derivative, 202–203 elliptic curve cryptography, 57–59 probability, 196, 210 advantages of, 52 in Python, 203–206 information, representing as points on related-key attack, 223–226 curve,57–58 Swenson bindex.tex V1 - 01/29/2008 1:28pm Page 232 232 Index ■ E–I encryption algorithms round function, 106–109 blowfish, 121 slide attacks, 160 cipher block chaining (CBC), 131 unbalanced, 107 Data Encryption Standard (DES), 110 Fermat’s difference of squares, 70–72 Feistel structures, 107–108 analysis of, 72 Rijndael algorithm, 123–127 factoring with, 70–72 Skipjack, 134–135 Fermat’s little theorem, and Pollard’s p − 1 Euclidean algorithm, 46–48 method,75–76 defined, 47 finite fields extended Euclidean algorithm, 48 defined, 45 inverse of finite field, finding, 46–48 as Galois fields, 45 Euler totient theorem, 42–43 inverses, Euclidean algorithm, 46–48 exponential factoring, 68–70 flipping, and XOR operator, 94 bruteforce,68–70 floor function, continued fraction discrete logarithms, 81–86 factorization, 79 elliptical curve factorization method (ECM), fraction(s), continued fractions, 79 77–78 frequency analysis Fermat’s difference of squares, 70–72 frequency distribution table, producing, Pollard’s p − 1 method,75–76 11–13 Pollard’s rho (ρ) method,72–75 monoalphabetic ciphers, breaking, 11–12 square forms factorization, 76–77 functions subexponential factoring, 78–81 algebraic, 44 exponential time algorithms, defined, 63, 68 in Python, 67 extended Euclidean algorithm elements of, 48 G with RSA algorithm, 50 Galois fields, finite fields as, 45 general number field sieve, factoring by, F 80–81 factorial, of number, defined, 27 German Enigma machine, 217 factoring-based cryptography, 49–51 glue operator, 94 RSA algorithm, 49–51 GOST cipher, related-key attack, 224 factorization greatest common divisor (GCD), 39 elements of, 61–62 group(s) elliptical curve factorization method (ECM), abelian group, 45 77–78 commutative group, 45 factoring problem, in cryptography, 49 exponential factoring methods, 67–78 index calculus method, 86 H hash algorithms and RSA algorithm, 62 checksums, 139 speed, meaning of, 67–68 collision attack, 37 subexponential factoring methods, 78–81 cryptographic hashes, 37–38 See also individual methods fast encipherment algorithm (FEAL),