Konheim, A.G. (1981) Cryptography: A Primer, John Wiley, New York.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....that all messages end with a zero. The encryption algorithm has good statistical properties, even if it is reduced to two multiplications and one permutation. In fact it can be proven that the multiplication step is complete, i.e. the func tion fk( defined by 00 fk(x) k x is complete [3] for all k with gcd (k, 2n l) 1. 3. Secret key cryptosystem and random bit generator The sender and eceiver choose and agree on two n bit (n = 64, say) vectors V and W. The pair (V,W) represents the secret key. The sender and receiver also choose and agree on two n integer vectors X and Y ....

....= Mi 1 ) C. I, Ci) endfor. The function p 1 (K,H) is the same as P(K,H) except that the for loop goes from i=2 to n. 4. Conclusions Both systems introduced in this paper can easily be implemented. They withstand initial attempts to break them and possess no obvious statistical weaknesses [1,3]. More statistical and analytical valida tion will be done in the future. Notice that the second system is an example of a randomized encryption system, so if a message is encrypted twice under the same key, it will result in two different cyphertexts. ....

A.G. Konheim, Cryptography: a Primer, John Wiley, 1981.

....manipulation of individual bits. A data representation is described that allows the E expansion of DES to be accomplished by a simple register copy and yet al..lows a fast implementation of the function of DES without bit manipulation. This appendix assumes that the reader is familiar with the DES [6]. A.1 Overview of Crypt Crypt is a program used by the UNIX operating system to encrypt user passwords and is based on the DES encryption algorithm. Crypt is designed to be a one way function; given an input, it is easy to compute the output, but given an output, it is impossible to determine ....

Alan G. Konheim. Cryptography: A Primer. John Wiley & Sons, 1981.

....x coordinate of itself. After the initializations, the IS separation ( x,y) specified by array s) at (x, y) is computed by separation where separation (z (x,y) E (1 z (x,y) 3) 2 z (x, y) 3) In fact, separation is implanted from Eq. 1. 1 with (x,y) z(x,y)Dl and Ds = 2Da, where z e [0, 1] specified by array z is used originally in their paper representing the height of surfaces. To encode height (x, y) in the autostereogram, two corresponding pixels separated by O i( X, y) are set to have the same color. The x coordinates of these pixels are recorded in variables left and ....

....3. The reconstructed surface a(i)is shown in the figure using crosses . 3 . O. O O e e 2 . 0 .0 0 . 0 . 0 0 . d(i) [1 2 3 4 5 6 7 1 4 5 6 7 1 4 6 7 1 4 6] o J J J J J J J J J J J R(i) 1 2 3 4 5 6 7 I 4 5 6 7 I 4 6 7 I 4 6 1 2 3 4 5 6 7 1 4 5 6 7 I 4 6 7 1 4 6 1 2 3 4 5 6 7 I 4 5 6 7 1 4 6 7 1 4 6 I 2 3 4 5 6 7 1 4 5 6 7 1 4 6 7 1 4 6 Figure 2.10: Demonstrating autostereogram generations and reconstructions: a) one dimensional ....

[Article contains additional citation context not shown here]

A. G. Konheim, Cryptography: A Primer, John Wiley & Sons, 1981.

....with support from NSF grant DCR 8607494. Author s address: MIT Lab. for Computer Science, Cambridge, Massachusetts 02139 USA. Author s net address: rivest theory.lcs.mit.edu 2 The reader who wishes to explore further will nd available many excellent texts, collections, and survey articles [9, 13, 29, 45, 49, 48, 53, 54, 51, 66, 91, 99, 102, 117, 146, 150, 149, 148, 151], works of historical or political interest [12, 69, 92, 138, 157] relevant conference proceedings (CRYPTO, EUROCRYPT, FOCS, STOC, 46, 86, 100] and bibliographies [14, 129] 6 A key space K: a set of strings (keys) over some alphabet. An encryption algorithm E mapping K M into C. A ....

A. G. Konheim. Cryptography: A Primer. Wiley, 1981.

....are the most useful attacks on cryptosystems, since they require only passive eavesdropping from the attacker. Such attacks are usually hard to find, since the assumptions on the knowledge of the attacker are minimal. Exceptions include the most basic ciphers, like simple substitution or Vigen ere [14]. Although there exists a general method for converting any differential chosenplaintext attack into the more favorable known plaintext attack [1] this conversion becomes (almost) impractical due to the huge increase in the data requirements. If a differential attack uses m chosen plaintext ....

A. G. Konheim, Cryptography: A Primer, New York: John Wiley & Sons, 1981.

....number of operations required to decrypt individual ciphertexts at the cost of increasing the number of uses of A s decryption facility, and vice versa. The importance of this result is that the best currently known algorithms for factoring integers of the same size as n require L bit operations [2,8,9]. The memory required is L 1 2 bits for our attack, although it can be a very slow memory, such as a tape. Some factoring algorithms require negligible memory, while others also require L 1 2 . Therefore our attack on the RSA cryptosystem, although based on very special assumptions, appears ....

A. G. Konheim, Cryptography: A Primer, Wiley, 1981.

....If the ASL image sequence used previously is considered, it took 165 frames to record the 7 letter word gesture . Konheim reported a statistical study where the 1 state transition probabilities of the English Language were determined using 67,320 transitions between two successive letters [9]. As the 165 frames previously used produced an average of 20 frames per letter, this would constitute a training set in excess of 1.3 million frames not including transitional shapes between letters. As each frame produces a training shape this results in a training set which is of infeasible ....

....Similarly a 1st order Markov Chain can be constructed for the English language which provides a new PDF ( 1 t t L L P . Figure 6 shows the PDF gained from this Markov Chain as taken from Konheim and shows the 1 state transitions calculated from a sample text of over 67 thousand letters [9]. Figure 6 does not demonstrate a diagonal dominance, unlike Figure 7a. This is because the English language has few occurrences of repetitive letters in words whereas the previous PDF resulted from operations involving a high degree of repetition. The main trend that can be seen are the vertical ....

Konheim, A., G., Cryptography: A Primer, John Wiley, New York, 1982.

....q , where, 8k 2 K, c( Delta; k) S(R(i) k) j 0 i 1 ; with period P , which divides q m . A rotor machine with a set of displacement functions which are not odometer like can, at most, produce q m different substitutions. A fuller mathematical description of rotor machines is given in [45]. 60 3.4 Block Cipher Systems Block cipher systems are simple substitution systems which achieve security through increasing the size of the alphabet and employing a large keyspace. 48] gives a thorough description of block ciphers. Suppose we consider an alphabet which consists of all ....

....the 2 distribution with l Gamma 1 degrees of freedom, so a one or two sided hypothesis test using the tail ends of the 2 distribution can be constructed. Other tests of fit include the Likelihood Ratio test and the Kolmogorov Smirnoff test. See [77] for a full treatment of tests of fit and [45] for a description of their use in cryptography. For a block cipher, we are interested in testing whether either of the following holds: ffl some set of output bit coordinates, y 0 s , are dependent on some set of input bit coordinates, x 0 t , for a fixed key, k, or ffl some set of output ....

[Article contains additional citation context not shown here]

Alan G. Konheim. Cryptography:A Primer. John Wiley & Sons, 1981.

....k bits (n Gamma k) bits E output register k bits (n Gamma k) bits ffifl fflfi P Plaintext oe K Key Figure 2.6: k bit output feedback mode 13 Some variations of the standard mode summarized in this Section can be considered. Many variations are discussed in the open literature [39] [19] 46] 16] 2.2 Stream Cipher In a typical stream cipher shown in Fig. 2.7) a plaintext in binary representation is added exclusive or bit by bit to a binary keystream Z. Plaintext Source P ffifl fflfi Running Key Generator Key,K Z Running Key Generator Key,K oe ....

A.G. Konheim, Cryptography A Primer, John Wiley and Sons Inc. 1981.

....length vectors. The algorithm relies on using the Baum Welch procedure and a ML classification. Kundu and Paramrir [30] used a simpler approach to recognize scripts, obtaining 80 of accuracy. They associated one state for each letter, and estimated A and using simple results of cryptography [27]; the matrix B was estimated by a vector quantization (VQ) algorithm [17] finally, they employed the Viterbi algorithm to identify a word. Vlontzos and Kung [58, 59] proposed a hierarchical 1D HMM system for character recognition composed by three levels: letter, word, and sentence. The letter ....

A. G. Konheim, Cryptography -- A primer. John Wiley & Sons, Inc. 1981. Chapter 2, pp. 11--27.

....2 2 tests In this section we recall how to distinguish a random source with unknown probability distribution p X from a random source with uniform distribution p U . A common tool for this task is the 2 test, which is briefly recalled together with some useful facts (see e.g. 5] [6], 8] 11] We shall later use 2 tests to detect correlation between specific input and output subblocks of r round RC6. Let X = X 0 ; X 1 ; X n Gamma1 be independent and identically distributed random variables taking values in the set fa 0 ; a 1 ; am Gamma1 g with unknown ....

A.G. Konheim. Cryptography: A Primer. John Wiley & Sons, 1981.

....information theoretically secure bit commitment. For example, another application of the bit commitment above is a coin flipping protocol (introduced by Blum [B] with perfect security, and assuming only a one way permutations. For practical purposes consider the data encryption standard (DES) [Kon]. Given a k regular [GKL] one way function (i.e. the number of pre images of a point is k and is k on a significant fraction) one can transform it into a one way function which is 1 1 almost everywhere [GILVZ] We apply this to the function DES(k;m) y (k = key, m= message) where (actual ....

A. G. Konheim, Cryptography: a primer , Wiley, New York, 1981.

....using the iterative technique described in [1] The plaintext is assumed to be n independent realisations of a random variable defined on alphabet Z q , with probability distribution derived from observation of the single letter frequencies of English. The distribution we use is that given in [7]. The statistical measure of fitness is based on the fact that a two rotor machine with odometer like rotation is periodic, with period q 2 . If we map the ciphertext through the correct last rotor (with a known rotation pattern) and split this new ciphertext into q 2 ciphertext strings, ....

....by the sequence of substitutions S(R(i) Pi) j 0 i 1 ; with period P , which divides q m . A rotor machine with a set of displacement functions which are not odometer like can, at most, produce q m different substitutions. A fuller mathematical description of rotor machines is given in [7]. The key for a rotor machine must define: 1. the number of rotors, m, 2. the initial rotor substitutions, Pi, 3. the displacement functions, R. We assume the number of rotors is known and that the set of displacement functions follow the odometer like pattern described above. So the keyspace, ....

[Article contains additional citation context not shown here]

Alan G. Konheim. Cryptography:A Primer. John Wiley & Sons, 1981.

....are the most useful attacks on cryptosystems, since they require only passive eavesdropping from the attacker. Such attacks are usually hard to find, since the assumptions on the knowledge of the attacker are minimal. Exceptions include the most basic ciphers, like simple substitution or Vigen ere [11]. Although there exists a general method for converting any differential chosen plaintext attack into the more favorable known plaintext attack [1] this conversion becomes (almost) impractical due to the huge increase in the data requirements. If a differential attack uses m chosen plaintext ....

A. G. Konheim, Cryptography: A Primer, New York: John Wiley & Sons, 1981.

....possessing the key can decrypt the encrypted messages and the fact that both participants have to agree on a secret key before secure transmission can take place introduces problems beyond the scope of this report. These problems are addressed by the fields of key management and key distribution [39, 79]. We note that some modes of use of a block cipher require the use of what is termed an initialization value, IV. The value of the IV is often publicly known (since the security of the cryptosystem does not depend on this value being kept secret) and it is not considered to be part of the key. A ....

....the user supplied key so that the number of ones in each eight bit block is odd. More details on the workings of DES, and on the internal specifications can be obtained from FIPS Publication 46 [105] Full details of the algorithm are also published in the following textbooks (among many others) [6, 79, 142]. 4.3 Controversy From the start, DES was embroiled in controversy. Criticism was usually due to one of two factors, either the size of the key or the design of the S boxes. The latter is a particularly essential concern since the S boxes provide the non linearity to the block cipher. 4.3.1 Key ....

A.G. Konheim. Cryptography: A Primer. Wiley, New York, 1981.

....to map plaintext to ciphertext. Each such iteration is known as a round of the cipher. The composite operation performed at each round is typically a combination of the following primitive operations: translation, linear transformation, modular arithmetic and substitution (or table lookup) [6, 9, 21]. In particular, the combination of the transposition and substitution operations can produce a cryptographically strong nonlinear mapping when applied a sufficient number of times. In product ciphers such as LUCIFER [33] DES [25] and the SP networks [18] each round consists of an application ....

A. Konheim. Cryptography: a primer. Wiley, 1981.

.... pass Comments DES MacGuffin avalanche 6 14 strict avalanche 6 13 consistent with above test up to limits of statistical significance key dependence 6 5 MacGuffin passes so quickly because avalanche of its non linear key schedule sequence complexity 5 10 binary derivatives 5 10 bit dependencies 5 [3] 9 cycle lengths y y complexity of exhaustive testing too large to be practical small subgroup z z complexity of testing MacGuffin too large to be practical Notes: y DES passes limited cycling tests [3] MacGuffin passed a limited cycling test too. z DES does not generate a small subgroup [4] ....

.... non linear key schedule sequence complexity 5 10 binary derivatives 5 10 bit dependencies 5 [3] 9 cycle lengths y y complexity of exhaustive testing too large to be practical small subgroup z z complexity of testing MacGuffin too large to be practical Notes: y DES passes limited cycling tests [3]; MacGuffin passed a limited cycling test too. z DES does not generate a small subgroup [4] MacGuffin s status is unknown. statistical regularities detected by the strict avalanche test to break MacGuffin16. The second attack takes advantage of correlations caused when S boxes in nearby rounds ....

Alan G. Konheim. Cryptography: A Primer. John Wiley and Sons, New York, 1981.

.... the plaintext and ciphertext nonlinearly, then the block size of the cipher can be effectively increased by running the cipher in a chaining mode, which links dependencies from the current block to all previous blocks [5] For a discussion of other design criteria for block ciphers see [8] 9][18][20] 26] Degeneracy will be informally defined as the absence of a dependency between two parameters in a cipher. Degeneracy in the key allows the keyspace to be partitioned into several smaller subspaces that can be searched independently, and hence provides a divide and conquer approach to ....

....2 Delta Delta Delta km . The mapping EK (X) may be expressed as a system AE of n equations in m n unknowns, where the unknowns are the n plaintext bits x i , and the m key bits k i . It is expected that each equation will have a number of terms that is exponential in m n, as noted by Konheim [18] and Schaumuller Bichl [27] Let C = EK (X) where C = c 1 ; c 2 ; Delta Delta Delta ; c n , c i 2 Z 2 . Then there are equations f i : Z n 2 Theta Z m 2 Z n 2 such that f i (X; K) c i . For each fixed key, an n bit cipher E realizes a invertible substitution or an n bit ....

[Article contains additional citation context not shown here]

A. Konheim. Cryptography: a primer. Wiley, 1981.

.... of workload allocation of parallel unrelated machines with setup times gives rise to a 0 1 integer program in which coefficient reduction can be achieved by solving some subset sum problems ( see Dietrich and Escudero [3, 4] The subset sum problem is also useful in cryptography ( see Konheim [8] ) and the calculation of power indices in cooperative voting games ( see Prasad and Kelly [12] and Chakravarti et al. 1] In this paper, we consider the following optimization version of the problem. Problem Subset Sum Maximize P n j=1 w j x j Subject to P n j=1 w j x j c; x j 2 f0; 1g 1 ....

A. G. Konheim, Cryptography: A Primer. John Wiley & Sons (1981).

....cryptographic strength of MacGuffin and to test that central hypothesis. 2 Description of MacGuffin and DES This section provides only a cursory introduction to DES and MacGuffin. A more comprehensive treatment can be found in many texts the original DES standard can be found in [1] while [4, 6, 7] provide more readable descriptions. MacGuffin is fully described and implemented in [5] For a general introduction to cryptography and block ciphers, the reader is referred to [4, 8, 6, 7, 9] 2.1 DES In any (balanced) Feistel network, the plaintext block is split up evenly into a left half ....

....more comprehensive treatment can be found in many texts the original DES standard can be found in [1] while [4, 6, 7] provide more readable descriptions. MacGuffin is fully described and implemented in [5] For a general introduction to cryptography and block ciphers, the reader is referred to [4, 8, 6, 7, 9]. 2.1 DES In any (balanced) Feistel network, the plaintext block is split up evenly into a left half and a right half. DES uses 64 bit blocks, so the left and right registers are 32 bits wide. A pictorial view of one DES round is shown in Figure 1. r f round subkey l r l l l Phi f(r) l; ....

[Article contains additional citation context not shown here]

Alan G. Konheim. Cryptography: A Primer. John Wiley and Sons, New York, 1981.

....If it were possible to explicitly generate and then inspect the f i we could make exact inferences concerning the nonlinearity (as well as other properties) of the ciphertext. However, since obtaining a description of any f i is unlikely due to the expected exponential size of such a description [12], we are forced to accept certains assumptions and then to make probabilistic inferences based on these assumptions. For example it is reasonable to assume, since there is no evidence to the contrary, that the boolean functions which describe DES have properties similar to those possessed by ....

A. Konheim. Cryptography: a primer. Wiley, 1981.

....with support from NSF grant DCR 8607494. Author s address: MIT Lab. for Computer Science, Cambridge, Massachusetts 02139 USA. Author s net address: rivest theory.lcs.mit.edu 2 The reader who wishes to explore further will find available many excellent texts, collections, and survey articles [9, 13, 29, 45, 49, 48, 53, 54, 51, 66, 91, 99, 102, 117, 146, 150, 149, 148, 151], works of historical or political interest [12, 69, 92, 138, 157] relevant conference proceedings (CRYPTO, EUROCRYPT, FOCS, STOC, 46, 86, 100] and bibliographies [14, 129] ffl A key space K: a set of strings (keys) over some alphabet. ffl An encryption algorithm E mapping K Theta M into ....

A. G. Konheim. Cryptography: A Primer. Wiley, 1981.

....is playing an ever increasing role. One of the main methods of achieving communication security is encryption; therefore it is important to teach encryption and decryption algorithms. Cryptography is complex. Modern cryptographic algorithms, such as DES, IDEA, etc. are very complex (see, e.g. [1, 3, 4, 2]) and therefore difficult to learn. Textbooks explain in detail how these algorithms work, but they usually do not explain why these algorithms were designed as they were. In this paper, we explain why, and thus, hopefully, make cryptographic algorithms easier to learn. Requirements for ....

A. Konheim, Cryptography: A Primer, John Wiley & Sons, 1981.

....technique allows complete compatibility with Sun s des program. In Sun s implementation, padding is done with random bytes rather than bytes containing all zero bits. Cryptographically, this makes no difference, as the DES is a sufficiently good random cipher to obscure the input (see for example [2], Chapter 6) and known plaintext attacks are very difficult [1] 5. Differences Between the Standard CFB and OFB Modes and bdes The UNIX operating system treats all files as streams of 8 bit bytes. In order to implement the CFB and OFB modes properly, it would be necessary to read k bits from ....

A. Konheim, Cryptography: A Primer, John Wiley and Sons, Inc., New York, NY (1981).

....the keyspace. In one of the the worst cases the cipher is a linear mapping, allowing the cipher to be totally determined after inspecting a relatively small amount of ciphertext. Several such dependencies, including the linearity just mentioned, can be detected through statistical methods [10, 15], such as the 2 test. In the next few sections we examine several form of linearity in block ciphers. 2.1 The Standard Linear Relationship Suppose that we have a block cipher with block length of n and an encryption function denoted by E. This block cipher is affine if for each key there ....

A. Konheim. Cryptography: a primer. Wiley, 1981.

....The classical portion covered basic information theory, monoalphabetic and polyalphabetic substitution, linear feedback shift registers, rotor systems, and the Data Encryption Standard; students are taught both how the ciphers work and how to cryptanalyze them. The course text for this portion [13] provided the framework and many of the analytical techniques for this part of the course, although we supplemented it with outside reading as appropriate (for example, the students read several papers from recent conferences when we discussed the DES) Our goal was to show first, the building ....

A. Konheim, Cryptography: A Primer, John Wiley & Sons, New York, NY (1981).

....By restricting the encryption and decryption to the I frames, this method reduces the cryptographic computation by half. This reduction is significant because the decryption of the I frames and I blocks can take as much as one third of the decoding time[6] However, a little cryptanalysis (e.g. [3]) would reveal that, although a single P or B frame on its own is meaningless without the corresponding I frame, a series of P or B frames carries much information if their base frames are correlated. For example, in a MPEG sequence of an ongoing meeting, the base frames (the I frames) often ....

A.G. Konheim. Cryptography: A Primer. John Wiley & Sons, Inc., New York, 1981.

....in [45, 41, 48] 8] provides a logic for analyzing authentication protocols, and [23] extends the formalism. General security cryptography information can be found in [12] and the government standards Orange book [13] and Red book [14] General information on cryptography can be found in [33, 29]. ....

A. G. Konheim. Cryptography: A Primer. Wiley, 1981.

....any other distribution will give a lower diversity. The RNGs which we felt intuitively were poor can be objectively rejected on the grounds that they have too low a k diversity. The importance of this measure can be justified on theoretical grounds by its close relation to the index of coincidence [10], an important tool in cryptanalysis. 5.3 Use for Key Generation The security of public key cryptosystems relies on the values of private keys not being known to potential attackers. To maintain this secrecy, there must be security mechanisms to prevent unauthorised access to stored keys; this ....

A. Konheim. Cryptography: A Primer. John Wiley and Sons, 1981.

....By restricting the encryption and decryption to the I frames, this method reduces the cryptographic computation by half. This reduction is significant because the decryption of the I frames and I blocks can take as much as one third of the decoding time[6] However, a little cryptanalysis (e.g. [3]) would reveal that, although a single P or B frame on its own is meaningless without the corresponding I frame, a series of P or B frames carries much information if their base frames are correlated. For example, in a MPEG sequence of an ongoing meeting, the base frames (the I frames) often ....

A.G. Konheim. Cryptography: A Primer. John Wiley & Sons, Inc., New York, 1981.

....implementation described in this paper can do either ECB or CBC mode encryption and decryption; CBC mode is the default. Also, the IV is set to all zeros to be compatible with other DES implementations. This has been a basic introduction to the DES algorithm. For a more complete description, see [6, 7]. 3 DES Implementation This section describes some of the ideas behind the implementation of the DES algorithm and why it is fast. The implementation is designed for 32 bit machines; it is possible to run it on other size machines with minor modifications. 3.1 Algorithm Modifications The basic ....

Alan G. Konheim, Cryptography: A Primer, John Wiley & Sons, 1981.

....number of characters, L, for the current word. Except for the initialization step, the match is identical at each level. Through the level building, contextual knowledge, like the transition probabilities between characters, is incorporated. We have used the probabilities reported by Konheim [9], which give the probabilities for 1 state transitions between two sucessive letters in the English language. Transitions from small letters to capital letters were not allowed, nor were transitions between capital letters and period or comma. Transition from a small letter to a comma or a period ....

A. G. Konheim: "Cryptography: A Primer.", John Wiley, New York, 1982 This article was processed using the L a T E X macro package with LLNCS style

No context found.

Konheim, A.G. (1981) Cryptography: A Primer, John Wiley, New York.

No context found.

A. G. Konheim, Cryptography: a primer , Wiley, New York, 1981.

No context found.

Konheim, Alan G. Cryptography: a Primer. John Wiley & Sons, 1981.

No context found.

A. G. Konheim, Cryptography: A Primer, Wiley, 19981.

No context found.

Alan G. Konheim. Cryptography: A Primer. John Wiley & Sons, 1981.

No context found.

[31 Konheim, A.G.: Cryptography: a Primer. John Wiley and Sons, New York (1981)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC