Konheim, A.G. (1981) Cryptography: A Primer, John Wiley, New York.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....that all messages end with a zero. The encryption algorithm has good statistical properties, even if it is reduced to two multiplications and one permutation. In fact it can be proven that the multiplication step is complete, i.e. the func tion fk( defined by 00 fk(x) k x is complete [3] for all k with gcd (k, 2n l) 1. 3. Secret key cryptosystem and random bit generator The sender and eceiver choose and agree on two n bit (n = 64, say) vectors V and W. The pair (V,W) represents the secret key. The sender and receiver also choose and agree on two n integer vectors X and Y ....

....= Mi 1 ) C. I, Ci) endfor. The function p 1 (K,H) is the same as P(K,H) except that the for loop goes from i=2 to n. 4. Conclusions Both systems introduced in this paper can easily be implemented. They withstand initial attempts to break them and possess no obvious statistical weaknesses [1,3]. More statistical and analytical valida tion will be done in the future. Notice that the second system is an example of a randomized encryption system, so if a message is encrypted twice under the same key, it will result in two different cyphertexts. ....

A.G. Konheim, Cryptography: a Primer, John Wiley, 1981.

....manipulation of individual bits. A data representation is described that allows the E expansion of DES to be accomplished by a simple register copy and yet al..lows a fast implementation of the function of DES without bit manipulation. This appendix assumes that the reader is familiar with the DES [6]. A.1 Overview of Crypt Crypt is a program used by the UNIX operating system to encrypt user passwords and is based on the DES encryption algorithm. Crypt is designed to be a one way function; given an input, it is easy to compute the output, but given an output, it is impossible to determine ....

Alan G. Konheim. Cryptography: A Primer. John Wiley & Sons, 1981.

....x coordinate of itself. After the initializations, the IS separation ( x,y) specified by array s) at (x, y) is computed by separation where separation (z (x,y) E (1 z (x,y) 3) 2 z (x, y) 3) In fact, separation is implanted from Eq. 1. 1 with (x,y) z(x,y)Dl and Ds = 2Da, where z e [0, 1] specified by array z is used originally in their paper representing the height of surfaces. To encode height (x, y) in the autostereogram, two corresponding pixels separated by O i( X, y) are set to have the same color. The x coordinates of these pixels are recorded in variables left and ....

....3. The reconstructed surface a(i)is shown in the figure using crosses . 3 . O. O O e e 2 . 0 .0 0 . 0 . 0 0 . d(i) [1 2 3 4 5 6 7 1 4 5 6 7 1 4 6 7 1 4 6] o J J J J J J J J J J J R(i) 1 2 3 4 5 6 7 I 4 5 6 7 I 4 6 7 I 4 6 1 2 3 4 5 6 7 1 4 5 6 7 I 4 6 7 1 4 6 1 2 3 4 5 6 7 I 4 5 6 7 1 4 6 7 1 4 6 I 2 3 4 5 6 7 1 4 5 6 7 1 4 6 7 1 4 6 Figure 2.10: Demonstrating autostereogram generations and reconstructions: a) one dimensional ....

[Article contains additional citation context not shown here]

A. G. Konheim, Cryptography: A Primer, John Wiley & Sons, 1981.

....with support from NSF grant DCR 8607494. Author s address: MIT Lab. for Computer Science, Cambridge, Massachusetts 02139 USA. Author s net address: rivest theory.lcs.mit.edu 2 The reader who wishes to explore further will nd available many excellent texts, collections, and survey articles [9, 13, 29, 45, 49, 48, 53, 54, 51, 66, 91, 99, 102, 117, 146, 150, 149, 148, 151], works of historical or political interest [12, 69, 92, 138, 157] relevant conference proceedings (CRYPTO, EUROCRYPT, FOCS, STOC, 46, 86, 100] and bibliographies [14, 129] 6 A key space K: a set of strings (keys) over some alphabet. An encryption algorithm E mapping K M into C. A ....

A. G. Konheim. Cryptography: A Primer. Wiley, 1981.

....are the most useful attacks on cryptosystems, since they require only passive eavesdropping from the attacker. Such attacks are usually hard to find, since the assumptions on the knowledge of the attacker are minimal. Exceptions include the most basic ciphers, like simple substitution or Vigen ere [14]. Although there exists a general method for converting any differential chosenplaintext attack into the more favorable known plaintext attack [1] this conversion becomes (almost) impractical due to the huge increase in the data requirements. If a differential attack uses m chosen plaintext ....

A. G. Konheim, Cryptography: A Primer, New York: John Wiley & Sons, 1981.

....number of operations required to decrypt individual ciphertexts at the cost of increasing the number of uses of A s decryption facility, and vice versa. The importance of this result is that the best currently known algorithms for factoring integers of the same size as n require L bit operations [2,8,9]. The memory required is L 1 2 bits for our attack, although it can be a very slow memory, such as a tape. Some factoring algorithms require negligible memory, while others also require L 1 2 . Therefore our attack on the RSA cryptosystem, although based on very special assumptions, appears ....

A. G. Konheim, Cryptography: A Primer, Wiley, 1981.

....If the ASL image sequence used previously is considered, it took 165 frames to record the 7 letter word gesture . Konheim reported a statistical study where the 1 state transition probabilities of the English Language were determined using 67,320 transitions between two successive letters [9]. As the 165 frames previously used produced an average of 20 frames per letter, this would constitute a training set in excess of 1.3 million frames not including transitional shapes between letters. As each frame produces a training shape this results in a training set which is of infeasible ....

....Similarly a 1st order Markov Chain can be constructed for the English language which provides a new PDF ( 1 t t L L P . Figure 6 shows the PDF gained from this Markov Chain as taken from Konheim and shows the 1 state transitions calculated from a sample text of over 67 thousand letters [9]. Figure 6 does not demonstrate a diagonal dominance, unlike Figure 7a. This is because the English language has few occurrences of repetitive letters in words whereas the previous PDF resulted from operations involving a high degree of repetition. The main trend that can be seen are the vertical ....

Konheim, A., G., Cryptography: A Primer, John Wiley, New York, 1982.

....q , where, 8k 2 K, c( Delta; k) S(R(i) k) j 0 i 1 ; with period P , which divides q m . A rotor machine with a set of displacement functions which are not odometer like can, at most, produce q m different substitutions. A fuller mathematical description of rotor machines is given in [45]. 60 3.4 Block Cipher Systems Block cipher systems are simple substitution systems which achieve security through increasing the size of the alphabet and employing a large keyspace. 48] gives a thorough description of block ciphers. Suppose we consider an alphabet which consists of all ....

....the 2 distribution with l Gamma 1 degrees of freedom, so a one or two sided hypothesis test using the tail ends of the 2 distribution can be constructed. Other tests of fit include the Likelihood Ratio test and the Kolmogorov Smirnoff test. See [77] for a full treatment of tests of fit and [45] for a description of their use in cryptography. For a block cipher, we are interested in testing whether either of the following holds: ffl some set of output bit coordinates, y 0 s , are dependent on some set of input bit coordinates, x 0 t , for a fixed key, k, or ffl some set of output ....

[Article contains additional citation context not shown here]

Alan G. Konheim. Cryptography:A Primer. John Wiley & Sons, 1981.

....k bits (n Gamma k) bits E output register k bits (n Gamma k) bits ffifl fflfi P Plaintext oe K Key Figure 2.6: k bit output feedback mode 13 Some variations of the standard mode summarized in this Section can be considered. Many variations are discussed in the open literature [39] [19] 46] 16] 2.2 Stream Cipher In a typical stream cipher shown in Fig. 2.7) a plaintext in binary representation is added exclusive or bit by bit to a binary keystream Z. Plaintext Source P ffifl fflfi Running Key Generator Key,K Z Running Key Generator Key,K oe ....

A.G. Konheim, Cryptography A Primer, John Wiley and Sons Inc. 1981.

....length vectors. The algorithm relies on using the Baum Welch procedure and a ML classification. Kundu and Paramrir [30] used a simpler approach to recognize scripts, obtaining 80 of accuracy. They associated one state for each letter, and estimated A and using simple results of cryptography [27]; the matrix B was estimated by a vector quantization (VQ) algorithm [17] finally, they employed the Viterbi algorithm to identify a word. Vlontzos and Kung [58, 59] proposed a hierarchical 1D HMM system for character recognition composed by three levels: letter, word, and sentence. The letter ....

A. G. Konheim, Cryptography -- A primer. John Wiley & Sons, Inc. 1981. Chapter 2, pp. 11--27.

....2 2 tests In this section we recall how to distinguish a random source with unknown probability distribution p X from a random source with uniform distribution p U . A common tool for this task is the 2 test, which is briefly recalled together with some useful facts (see e.g. 5] [6], 8] 11] We shall later use 2 tests to detect correlation between specific input and output subblocks of r round RC6. Let X = X 0 ; X 1 ; X n Gamma1 be independent and identically distributed random variables taking values in the set fa 0 ; a 1 ; am Gamma1 g with unknown ....

A.G. Konheim. Cryptography: A Primer. John Wiley & Sons, 1981.

....information theoretically secure bit commitment. For example, another application of the bit commitment above is a coin flipping protocol (introduced by Blum [B] with perfect security, and assuming only a one way permutations. For practical purposes consider the data encryption standard (DES) [Kon]. Given a k regular [GKL] one way function (i.e. the number of pre images of a point is k and is k on a significant fraction) one can transform it into a one way function which is 1 1 almost everywhere [GILVZ] We apply this to the function DES(k;m) y (k = key, m= message) where (actual ....

A. G. Konheim, Cryptography: a primer , Wiley, New York, 1981.

....using the iterative technique described in [1] The plaintext is assumed to be n independent realisations of a random variable defined on alphabet Z q , with probability distribution derived from observation of the single letter frequencies of English. The distribution we use is that given in [7]. The statistical measure of fitness is based on the fact that a two rotor machine with odometer like rotation is periodic, with period q 2 . If we map the ciphertext through the correct last rotor (with a known rotation pattern) and split this new ciphertext into q 2 ciphertext strings, ....

....by the sequence of substitutions S(R(i) Pi) j 0 i 1 ; with period P , which divides q m . A rotor machine with a set of displacement functions which are not odometer like can, at most, produce q m different substitutions. A fuller mathematical description of rotor machines is given in [7]. The key for a rotor machine must define: 1. the number of rotors, m, 2. the initial rotor substitutions, Pi, 3. the displacement functions, R. We assume the number of rotors is known and that the set of displacement functions follow the odometer like pattern described above. So the keyspace, ....

[Article contains additional citation context not shown here]

Alan G. Konheim. Cryptography:A Primer. John Wiley & Sons, 1981.

....are the most useful attacks on cryptosystems, since they require only passive eavesdropping from the attacker. Such attacks are usually hard to find, since the assumptions on the knowledge of the attacker are minimal. Exceptions include the most basic ciphers, like simple substitution or Vigen ere [11]. Although there exists a general method for converting any differential chosen plaintext attack into the more favorable known plaintext attack [1] this conversion becomes (almost) impractical due to the huge increase in the data requirements. If a differential attack uses m chosen plaintext ....

A. G. Konheim, Cryptography: A Primer, New York: John Wiley & Sons, 1981.

....possessing the key can decrypt the encrypted messages and the fact that both participants have to agree on a secret key before secure transmission can take place introduces problems beyond the scope of this report. These problems are addressed by the fields of key management and key distribution [39, 79]. We note that some modes of use of a block cipher require the use of what is termed an initialization value, IV. The value of the IV is often publicly known (since the security of the cryptosystem does not depend on this value being kept secret) and it is not considered to be part of the key. A ....

....the user supplied key so that the number of ones in each eight bit block is odd. More details on the workings of DES, and on the internal specifications can be obtained from FIPS Publication 46 [105] Full details of the algorithm are also published in the following textbooks (among many others) [6, 79, 142]. 4.3 Controversy From the start, DES was embroiled in controversy. Criticism was usually due to one of two factors, either the size of the key or the design of the S boxes. The latter is a particularly essential concern since the S boxes provide the non linearity to the block cipher. 4.3.1 Key ....

A.G. Konheim. Cryptography: A Primer. Wiley, New York, 1981.

....to map plaintext to ciphertext. Each such iteration is known as a round of the cipher. The composite operation performed at each round is typically a combination of the following primitive operations: translation, linear transformation, modular arithmetic and substitution (or table lookup) [6, 9, 21]. In particular, the combination of the transposition and substitution operations can produce a cryptographically strong nonlinear mapping when applied a sufficient number of times. In product ciphers such as LUCIFER [33] DES [25] and the SP networks [18] each round consists of an application ....

A. Konheim. Cryptography: a primer. Wiley, 1981.

.... pass Comments DES MacGuffin avalanche 6 14 strict avalanche 6 13 consistent with above test up to limits of statistical significance key dependence 6 5 MacGuffin passes so quickly because avalanche of its non linear key schedule sequence complexity 5 10 binary derivatives 5 10 bit dependencies 5 [3] 9 cycle lengths y y complexity of exhaustive testing too large to be practical small subgroup z z complexity of testing MacGuffin too large to be practical Notes: y DES passes limited cycling tests [3] MacGuffin passed a limited cycling test too. z DES does not generate a small subgroup [4] ....

.... non linear key schedule sequence complexity 5 10 binary derivatives 5 10 bit dependencies 5 [3] 9 cycle lengths y y complexity of exhaustive testing too large to be practical small subgroup z z complexity of testing MacGuffin too large to be practical Notes: y DES passes limited cycling tests [3]; MacGuffin passed a limited cycling test too. z DES does not generate a small subgroup [4] MacGuffin s status is unknown. statistical regularities detected by the strict avalanche test to break MacGuffin16. The second attack takes advantage of correlations caused when S boxes in nearby rounds ....

Alan G. Konheim. Cryptography: A Primer. John Wiley and Sons, New York, 1981.

.... the plaintext and ciphertext nonlinearly, then the block size of the cipher can be effectively increased by running the cipher in a chaining mode, which links dependencies from the current block to all previous blocks [5] For a discussion of other design criteria for block ciphers see [8] 9][18][20] 26] Degeneracy will be informally defined as the absence of a dependency between two parameters in a cipher. Degeneracy in the key allows the keyspace to be partitioned into several smaller subspaces that can be searched independently, and hence provides a divide and conquer approach to ....

....2 Delta Delta Delta km . The mapping EK (X) may be expressed as a system AE of n equations in m n unknowns, where the unknowns are the n plaintext bits x i , and the m key bits k i . It is expected that each equation will have a number of terms that is exponential in m n, as noted by Konheim [18] and Schaumuller Bichl [27] Let C = EK (X) where C = c 1 ; c 2 ; Delta Delta Delta ; c n , c i 2 Z 2 . Then there are equations f i : Z n 2 Theta Z m 2 Z n 2 such that f i (X; K) c i . For each fixed key, an n bit cipher E realizes a invertible substitution or an n bit ....

[Article contains additional citation context not shown here]

A. Konheim. Cryptography: a primer. Wiley, 1981.

.... of workload allocation of parallel unrelated machines with setup times gives rise to a 0 1 integer program in which coefficient reduction can be achieved by solving some subset sum problems ( see Dietrich and Escudero [3, 4] The subset sum problem is also useful in cryptography ( see Konheim [8] ) and the calculation of power indices in cooperative voting games ( see Prasad and Kelly [12] and Chakravarti et al. 1] In this paper, we consider the following optimization version of the problem. Problem Subset Sum Maximize P n j=1 w j x j Subject to P n j=1 w j x j c; x j 2 f0; 1g 1 ....

A. G. Konheim, Cryptography: A Primer. John Wiley & Sons (1981).

....cryptographic strength of MacGuffin and to test that central hypothesis. 2 Description of MacGuffin and DES This section provides only a cursory introduction to DES and MacGuffin. A more comprehensive treatment can be found in many texts the original DES standard can be found in [1] while [4, 6, 7] provide more readable descriptions. MacGuffin is fully described and implemented in [5] For a general introduction to cryptography and block ciphers, the reader is referred to [4, 8, 6, 7, 9] 2.1 DES In any (balanced) Feistel network, the plaintext block is split up evenly into a left half ....

....more comprehensive treatment can be found in many texts the original DES standard can be found in [1] while [4, 6, 7] provide more readable descriptions. MacGuffin is fully described and implemented in [5] For a general introduction to cryptography and block ciphers, the reader is referred to [4, 8, 6, 7, 9]. 2.1 DES In any (balanced) Feistel network, the plaintext block is split up evenly into a left half and a right half. DES uses 64 bit blocks, so the left and right registers are 32 bits wide. A pictorial view of one DES round is shown in Figure 1. r f round subkey l r l l l Phi f(r) l; ....

[Article contains additional citation context not shown here]

Alan G. Konheim. Cryptography: A Primer. John Wiley and Sons, New York, 1981.

No context found.

Konheim, A.G. (1981) Cryptography: A Primer, John Wiley, New York.

No context found.

A. G. Konheim, Cryptography: a primer , Wiley, New York, 1981.

No context found.

Konheim, Alan G. Cryptography: a Primer. John Wiley & Sons, 1981.

No context found.

A. G. Konheim, Cryptography: A Primer, Wiley, 19981.

No context found.

Alan G. Konheim. Cryptography: A Primer. John Wiley & Sons, 1981.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC