Xuejia Lai, James L. Massey, Sean Murphy, Markov Ciphers and Differential Cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'91, pp. 17--38, 1991.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....than differences with respect to and fi. Further, with high probability, the best differential probability for a random 64 bit permutation with respect to XOR differences lies in the interval [2 ] 1 Introduction Differential approximations are the basis of differential cryptanalysis (DC) [2, 7], a well known chosenplaintext attack. The success of DC depends primarily on the probability of the differential approximation (s) used in the attack. The basis of this paper is a study of the distribution of probabilities for differential approximations to n bit permutations, with particular ....

X. Lai, J. Massey, and S. Murphy. Markov ciphers and differential cryptanalysis. Advances in Cryptology, EUROCRYPT'91, Lecture Notes in Computer Science, vol. 547, D. W. Davies ed., Springer-Verlag, pages 17--38, 1991.

....Stanford have performed a number of useful studies of wireless network usage. Recently, Tang and Baker [19] analyzed a 12 week trace collected from the wireless network used by the Stanford Computer Science department; this study built on earlier work involving fewer users and a shorter duration [12]. Their study provides a good qualitative description of how mobile users take advantage of a wireless network, although it does not give a 0 characterization of user workloads in the network. Earlier, Tang and Baker [18] also characterized user behavior in a metropolitanarea network, focusing ....

K. Lai, M. Roussopoulos, D. Tang, X. Zhao, and M. Baker. Experiences with a Mobile Testbed. Worldwide Computing and Its Applications, Lectures notes in Computer Science, pages 222--237, 1998.

....3 9 17 52 Throughput 16bits CT 16bits CT 4bits CT 1bit CT FIR Stages 6 6 14 17 Area[CLB] 332 432 678 635 Latency 5 11 57 260 Cycle Time(CT) 88.7ns 25.1ns 27.3ns 28.0 ns Throughput 16bits CT 16bits CT 4bits CT 1bit CT 6.2. IDEA Encryption IDEA (International Data Encryption Algorithm)[18] was developed by Xuejia Lai and James Massey. IDEA is a strong encryption algorithm developed for DSP microprocessors. IDEA encrypts or decrypts 64 bit data blocks, using symmetric 128 bit keys. The 128 bit keys are expanded further to 52 sub keys, 16 bits each. The kernel loop (or round) is ....

....IDCT. The StreaModule below is based on an optimized IDCT implementation [19] const int NUM BLOCK INPUTS=8; const int NUM BLOCK OUTPUTS=8; const int BITS = 14; const int COMP MODE=PARALLEL; const int coef[8] 16069, 15137, 13623, 11585, 11585, 3196, 6270, 9102 ; HWint BITS t[18]; IDCT: build( t[0] in[0] in[4] coef[4] 256) 9; t[1] in[0] in[4] coef[4] 256) 9; t[2] in[2] coef[6] in[6] coef[1] 256) 9; t[3] in[2] coef[1] in[6] coef[6] 256) 9; t[4] in[1] coef[0] in[7] coef[5] 256) 9; t[5] in[1] coef[5] in[7] coef[0] 256) 9; t[6] ....

X. Lai, J.L. Massey, S. Murphy, Markov Ciphers and Differential Cryptanalysis, EUROCRYPT '91, Lecture Notes in Computer Science 547, Springer-Verlag, 1991.

....of 52 sub keys, 16 bits each. The encoded block is returned in word1 to word4 after 8 rounds. in various technologies which serve as points of reference. IDEA was developed by Xuejia Lai and James Massey at the Swiss Federal Institute of Technology. It was first introduced at EUROCRYPT in 1991 [5]. IDEA encrypts or decrypts 64 bit data blocks, using symmetric 128 bit keys. The 128 bit keys are expanded further to 52 sub keys, 16 bits each. Section 2 describes the communication unit as a soft firmware defined radio. Section 3 introduces our methodology for hardware software tri design. ....

X. Lai, J.L. Massey, S. Murphy, Markov Ciphers and Differential Cryptanalysis, EUROCRYPT '91, Lecture Notes in Computer Science 547, Springer-Verlag, 1991.

....reduce the average investment in each found key. The last tradeoff is also valid for even m s. Key Theoretic Ciphers Size Strength 56 2 28 DES 40 2 20 US exportable ciphers 64 2 32 LOKI[7,6] Feal N[20] SAFER SK64[15] 80 2 40 Skipjack 128 2 64 Feal NX[19] SAFER SK128[15] IDEA[14] k 2 k=2 Any cipher Table 3. The Complexities of Attacking Ciphers. Scheme Key Theoretic Required Size Strength Ciphertexts Double DES 112 2 56 1 Two key triple DES 112 2 56 2 56 3 MAK DES[9] 112 2 56 2 56 Three key triple DES 168 2 84 2 28 Any scheme k 2 k=2 2 k=2 Any ....

....valid also in this case. Table 4 summarizes the complexities of attacking many multiple encryption schemes. When modes of operation with random initial values are used, and the keysize is Key Steps Ciphers Size 80 2 72 Skipjack 112 2 88 3 MAK DES 128 2 96 Feal NX[19] SAFER SK128[15] IDEA[14] Table 5. The Complexities of Attacking Modes (such as CBC) with Random Initial Values. larger than the blocksize, the attack has the results described in Table 5. The simplest countermeasure against this attack is to reduce the frequency of key replacement; this solution is however unacceptable, ....

Xuejia Lai, James L. Massey, Sean Murphy, Markov Ciphers and Differential Cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'91, pp. 17--38, 1991.

....Skipjack from which only the first or the last round is removed) slightly faster than exhaustive search, and to distinguish whether a black box applies a 24 round variant of Skipjack, or a random permutation. In a related paper [5] we describe the application of this type of cryptanalysis to IDEA [10] and to Khufu [12] which improves the best known attacks on these schemes. For conventional cryptanalysis of Skipjack with smaller numbers of rounds we refer the reader to [4] and to [9] The paper is organized as follows: The description of Skipjack is given in Section 2. The 24 round impossible ....

....impossible differentials of various blockciphers, such as a 7 round impossible differential of Feal [15,13] 5 round impossible differential of DES [14] 20 round impossible differential of CAST 256 [1] 18 round impossible differential of Khufu [12] and 2. 5 round impossible differential of IDEA [10]. In a related paper [5] we use these impossible differentials to cryptanalyze IDEA with up to 4.5 rounds, and to cryptanalyze Khufu with up to 20 rounds. Both attacks analyze more rounds than any other published attack against these 10ciphers. There are many modifications and extensions of the ....

Xuejia Lai, James L. Massey, Sean Murphy, Markov Ciphers and Differential Cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'91, pp. 17--38, 1991.

....if DES is replaced by triple DES (whose 168 bits of key were assumed to make it practically invulnerable) essentially the same attack can break it with essentially the same number of given ciphertexts. Differential Fault Analysis can break many additional secret key cryptosystems, including IDEA[9], RC5[19] and Feal[21,16,14,15] Some ciphers, such as Khufu[13] Khafre[13] and Blowfish[20] compute their S boxes from the key material. In such ciphers, it may be even possible to extract the S boxes themselves, and the keys, using the techniques of Differential Fault Analysis. Differential ....

Xuejia Lai, James L. Massey, Sean Murphy, Markov Ciphers and Differential Cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'91, pp. 17--38, 1991.

No context found.

Xuejia Lai, James L. Massey, Sean Murphy, Markov Ciphers and Differential Cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'91, pp. 17--38, 1991.

....####### ### #### ######## In this short note we describe a novel optimization method to fasten encryption of the cipher Idea, by optimizing the computation of the modular multiplication operation. 1 Optimization of Idea Idea is a block cipher designed by Lai and Massey [2]. It consists of 8.5 rounds, each consist of the following operations: 1. addition modulo 2 2. multiplication modulo 2 1 where the 16 bit zero value represents 2 . 3. XOR In September 2000 Idea was submitted [3] to the Nessie project [4] as a candidate in the class of legacy block ....

Xuejia Lai, James L. Massey, Sean Murphy, ###### ####### ### ########### #############, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'91, pp. 17-38, 1991.

....with the eventual goal of providing parameters that could be used in simulating mobile networks in the future. Our current focus is on radio movement rather than radio behavior characteristics such as latency and bandwidth. We previously performed a study of a combined wireless and wired network [4]. However, this study was limited in that only eight users participated rather than the 24,773 in our trace. Also, the Stanford study concentrated more on comparing which enduser applications were used in the wireless versus wired arena, and on determining the characteristics of the wireless ....

Lai, K., Roussopoulos, M., Tang, D., Zhao, X., and Baker, M. Experiences with a Mobile Testbed. Worldwide Computing and Its Applications, Lectures notes in Computer Science (1368). Berlin: Springer, 1998, 222-237.

....of providing parameters that could be used in simulating mobile networks in the future. In Chapter 2, we especially focus on radio movement rather than radio behavior characteristics such as latency and bandwidth. We and others previously performed a study of a combined wireless and wired network [31] which investigated how users took advantage of both a wired and wireless network. However, this study was limited in that only eight users participated. Another area of work is related to some results that can be derived from our analyses, specifically, mobility models. There are currently two ....

Lai, K., Roussopoulos, M., Tang, D., Zhao, X., and Baker, M. Experiences with a Mobile Testbed. Worldwide Computing and Its Applications, Lectures notes in Computer Science (1368). Berlin: Springer, 1998, 222-237.

....with the eventual goal of providing parameters that could be used in simulating mobile networks in the future. Our current focus is on radio movement rather than radio behavior characteristics such as latency and bandwidth. We previously performed a study of a combined wireless and wired network [5]. However, this study was limited in that only eight users participated rather than the 24,773 in our trace. Also, the Stanford study concentrated more on comparing which end user applications were used in the wireless versus wired arena, and on determining the characteristics of the wireless ....

Lai, K., Roussopoulos, M., Tang, D., Zhao, X., and Baker, M. Experiences with a Mobile Testbed. Worldwide Computing and Its Applications, Lectures notes in Computer Science (1368). Berlin: Springer, 1998, 222-237.

....analysis. Also, that network had very different characteristics, including number of users, geographical size, network delay and bandwidth, than the network analyzed in this paper. Also at Stanford University, our research group performed an earlier study of a combined wireless and wired network [10]. However, this study was limited in that only eight users participated and the trace only lasted eight days. 8. FUTURE WORK The greatest weakness in our work is its possible specificity: our results only necessarily apply to our network and user community. While we believe many of our ....

Lai, K., Roussopoulos, M., Tang, D., Zhao, X., and Baker, M. Experiences with a Mobile Testbed. Worldwide Computing and Its Applications, Lectures notes in Computer Science (1368). Berlin: Springer, 1998, 222-237.

No context found.

Xuejia Lai, James L. Massey, Sean Murphy, Markov Ciphers and Differential Cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'91, pp. 17--38, 1991.

No context found.

Xuejia Lai, James L. Massey, Sean Murphy, Markov Ciphers and Differential Cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'91, pp. 17--38, 1991.

....search (using 2 34 chosen plaintexts and 2 64 memory) 2) attack shorter variants efficiently, and (3) distinguish whether a black box applies a 24 round variant of Skipjack, or a random permutation. In a related paper [5] we describe the application of this type of cryptanalysis to IDEA [10] and to Khufu [12] which improves the best known attacks on these schemes. For conventional cryptanalysis of Skipjack with smaller numbers of rounds we refer the reader to [4] and to [9] The paper is organized as follows: The description of Skipjack is given in Section 2. The 24 round impossible ....

....impossible differentials of various blockciphers, such as a 9 round impossible differential of Feal [16, 13] 7 round impossible differential of DES [14] 20 round impossible differential of CAST 256 [1] 18 round impossible differential of Khufu [12] and 2. 5 round impossible differential of IDEA [10]. In a related paper [5] we use these impossible differentials to cryptanalyze IDEA with up to 4.5 rounds, and to cryptanalyze Khufu with up to 20 rounds. Both attacks analyze more rounds than any other published attack against these ciphers. There are many modifications and extensions of the ....

Xuejia Lai, James L. Massey, Sean Murphy, Markov Ciphers and Differential Cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'91, pp. 17--38, 1991.

No context found.

Xuejia Lai, James L. Massey, Sean Murphy, Markov Ciphers and Di#erential Cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'91, pp. 17#38, 1991.

No context found.

Xuejia Lai, James L. Massey, Sean Murphy, Markov Ciphers and Differential Cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'91, pp. 17--38, 1991.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC