HOME || chapter index || sitemap

chapter 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25

Previous Table of Contents Next


Index

A5, 389, 662–667
Abadi, Martin, 66
Absolute rate, of language, 234
Accreditation, 103
Active attacks, 27
Active cheaters, 27
Adams, Carlisle, 334
Adaptive-chosen-plaintext attack, 6
Addition chaining, 244
Additive generators, 390–392
Adjudicated protocol, 26, 71
Adjudicator, 26
Adleman, Leonard M., 163–164, 467
Adler, Roy, 266
Agnew, G. B., 423
Algebraic structure, DES, 282–283
Algorithm M, 393–394
Algorithms, 2–4, 17
all-or-nothing disclosure of secrets, 543–546
Asmuth-Bloom, 529–530
Barrett’s, 244
Berlekamp-Massey algorithm, 380, 404
block
chain mode, 206–207
choosing, 354–355
replay, 191–193
breaking, 8
CAST, 334–335
choosing, 214–216
cipher block chaining mode, 193–197, 208–210
cipher block chaining of plaintext difference mode, 208
cipher block chaining with checksum, 207–208
cipher-feedback mode, 200–202, 208–210
cipher mode
choosing, 208–210
summary, 209
classes, 217
coin flipping
using Blum integers, 543
using exponentiation modulo p, 542–543
using square roots, 541–542
complexity, 237–239
constant, 238
convertible undeniable signatures, 538–539
counter mode, 205–206, 209
cubic, 238
data compression, 226
designated confirmer signatures, 539–540
Diffie-Hellman, fair, 546–547
digital signatures, 39
exponential, 238
for export, 215–216
extended Euclidean, 246–248
factoring, 256
ISO/IEC 9979 registered, 607
Karnin-Greene-Hellman, 530
Khafre, 317–318
Khufu, 317
linear, 238
linear syndrome, 381
modes, DES, 277–278
multiple block
cascading, 367–368
combining, 368
multiple-key public-key cryptography, 527–528
oblivious transfer, 550
one-way accumulators, 543
output-feedback mode, 203–205, 208–210
output feedback with a nonlinear function, 208
plaintext block chaining mode, 208
plaintext feedback mode, 208
polynomial, 238
polynomial-time, 238
probabilistic encryption, 552–554
propagating cipher block chaining mode, 207
public-key, 4–5, 33
quadratic, 238
quantum cryptography, 554–557
restricted, 3
running times, 238–239
secret-sharing algorithms, 528–531
secure multiparty computation, 551–552
Algorithms (Cont.)
security, 8–9
self-synchronizing stream cipher, 198–199
stream ciphers, 197–198
subliminal-channel signature, 79
superpolynomial, 238
symmetric, 4
synchronous stream cipher, 202–203
TEA, 346
types, 189
unconditionally secure, 8
undeniable digital signatures, 536–539
using, 213–229
vector scheme, 529
zero-knowledge proofs, 548–550
See also Block ciphers; Stream ciphers
All-or-nothing disclosure of secrets, 96, 543–546
voting with a single central facility, 128–130
Alternating stop-and-go generator, 383, 385, 410–411
American National Standards Institute, DES approval, 267–268
Anderson, Ross, 391
ANDOS, see All-or-nothing disclosure of secrets
Anonymous message broadcast, 137–139
ANSI X3.105, 267
ANSI X3.106, 267
ANSI X9.8, 267
ANSI X9.17, 268, 359
key generation, 175
ANSI X9.19, 267
ANSI X9.26, 268
Arbitrated protocol, 23–26
Arbitration, timestamping, 75–76
Arbitrator, 23
document signing with, 35–37
group signatures with, 84–85
AR hash function, 453
Arithmetic, modular, 242–245
Arms Export Control Act, 610
Asmuth-Bloom scheme, 529–530
Association for Computing Machinery, 608
Asymmetric algorithms, see Public-key algorithms
Atomic Energy Act, 610
Attack, 5
AT&T Model 3600 Telephone Security Device, 594–595
Authentication, 2, 52–56
DASS, 62
Denning-Sacco protocol, 63
dictionary attacks, 52
ISO framework, 574–577
Kerberos, 60
message, 56
Needham-Schroeder protocol, 58–59
Neuman-Stubblebine protocol, 60–62
Otway-Rees protocol, 59–60
protocols, formal analysis, 65–68
salt, 52–53
Schnorr, 511
SESAME, 572
SKEY, 53
SKID, 55–56
using interlock protocol, 54–55
using one-way functions, 52
using public-key cryptography, 53–54
Wide-Mouth Frog protocol, 56–57
Woo-Lam protocol, 63–64
Yahalom, 57–58
Authenticators, 568
Avalanche effect, 273
Backup keys, 181–182
BAN logic, 66–67
Barrett’s algorithm, 244
BaseKing, 346
Basis, polarization measurement, 555
Battista, Leon, 11
BBS generator, 417
add to spelled out, 553–554
Beacons, 64
Bellovin, Steve, 518, 520–521, 571
Bennett, Charles, 555, 557
Berlekamp-Massey algorithm, 380, 404
Bernstein, Dan, 616
Berson, Tom, 441
Best affine approximation attack, 381
Beth-Piper stop-and-go generator, 383–384
Bias, 425
Bidirectional message authentication codes, 457
Biham, Eli, 284–285, 288, 296, 301, 303, 306, 308, 311–312, 314, 316, 319, 354, 361, 434
Bilateral stop-and-go generator, 384–385
Binary trees, 78
Biotechnology, as cryptanalysis tool, 156–157
Birthday attack, 165–166, 430
Bit commitment, 86–88
using one-way functions, 87–88
using pseudo-random-sequence generators, 88
using symmetric cryptography, 86–87
Blakley, George, 72, 529
Blaze, Matt, 346, 364
Blinding factor, 112
Blind signatures, 112–115, 549–550
patents, 115
voting with, 126–127
Blobs, 88
Block algorithms, 4
Block chain mode, 206–207
Block ciphers, 4, 189
Blowfish, 336–339
CA-1.1, 327–328
cascading algorithms, 367–368
CAST, 334–335
CDMF key shortening, 366
choosing algorithms, 354–355
combining algorithms, 368
counter mode, 205–206, 209
Crab, 342–344
CRYPTO-MECCANO, 346
designing, 351
design theory, 346–351
Feistel networks, 347
group structure, 348
S-box, 349–351
simple relations, 347–348
strength against differential and linear cryptanalysis, 348–349
weak keys, 348
double encryption, 357–358
double OFB/counter, 363–364
doubling length, 363
electronic codebook mode, 189–191, 208–210
encryption speeds, 355
FEAL, 308–312
feedback, 193
GOST, 331–334
IDEA, 319–325
iterated, 347
Li-Wang algorithm, 346
LOKI, 314–316
Lucifer, 303–304
Madryga, 304–306
McEliece algorithm, 346
MMB, 325–327
multiple encryption, 357
NewDES, 306–308
Rao-Nam algorithm, 346
RC2, 318–319
RC5, 344–346
REDOC II, 311–313
REDOC III, 313
SAFER K-64, 339–341
security, based on one-way hash functions, 353–354
Skipjack, 328–329
versus stream ciphers, 210–211
SXAL8/MBAL, 344
triple encryption, 358–363
3–Way, 341–342
using one-way hash functions, 351–354
whitening, 366–367
xDES1, 365–366
Block length, doubling, 363
Block replay, 191–193
Blocks, 4
Blowfish, 336–339, 354, 647–654
Blum, Manuel, 89, 105, 108
Blum, Blum, and Shub generator, 417–418
Blum integers, 253
coin flipping, 543
zero-knowledge proofs, 549
Blum-Micali generator, 416–417
Boolean functions, in S-boxes, 350
Bosselaers, Antoon, 436, 441
Boyar, Joan, 369
Brassard, Gilles, 555, 557
Broadcasting:
anonymous, 137–139
secret, 523–524
Brute-force attack, 8, 151–152
software-based, 154–155
time and cost estimates, 152–154
Bureau of Export Administration, 610–611
Burrows, Michael, 66
CA-1.1, 327–328
Cade algorithm, 500–501
Caesar Cipher, 11
CAFE, 606–607
CALC, 346
Cantwell Bill, 615–616
Capstone, 593–594
Cascade generators, 405
Cascades, Gollmann, 387–388
Cascading:
multiple block algorithms, 367–368
multiple stream ciphers, 419–420
Cash, digital, see Digital cash
Cassells, Ian, 381
CAST, 334–335
S-boxes, 349
CBC, see Cipher block chaining mode
CCEP, 269, 598–599
CDMF, 366, 574
Cellhash, 446
Cellular automata, 500
Cellular automaton generator, 414
Certificates:
Privacy-Enhanced Mail, 579
public-key, 185–187
X.509, 574–575
Certification authority, 186
Certification path, 576
Certified mail, digital, 122–123
Chaining variables, 436
Chambers, Bill, 385–386
Characteristics, 286–288
Chaum, David, 84, 115, 133, 137, 536, 549
Cheater, 27
sharing secrets with, 531
Chess Grandmaster Problem, 109
Chinese Lottery, 156–157
Chinese remainder theorem, 249–250, 470
Chor-Rivest knapsack, 466
Chosen-ciphertext attack, 6–7, 471–472
Chosen-key attack, 7
Chosen-plaintext attack, 6–7, 359
Chosen-text attack, 7
Cipher:
substitution, 10–12
transposition, 12
Cipher block chaining mode, 193–197, 208–210
DES, 277–278
error extension, 196
error propagation, 195–196
initialization vector, 194
message authentication codes, 456
padding, 195
security, 196–197
self-recovering, 196
triple encryption, 360–361
Cipher block chaining of plaintext difference mode, 208
Cipher block chaining with checksum, 207–208
Cipher-feedback mode, 200–202, 208–210
DES, 277
error propagation, 201–202
initialization vector, 201
Cipher mode:
choosing, 208–210
summary, 208–210
Ciphertext, 1–2
auto key, 198
hiding in ciphertext, 227–228
pairs, differential cryptanalysis, 285
stealing, 191
Ciphertext-only attack, 5–6
Cleartext, see Plaintext
Clipper chip, 591–593
Clipper key-escrow, 328
Clipper phone, 594
Clock-controlled generators, 381
Clocking, 381
CoCom, 610
Code, 9
Coefficients, solving for, 248
Coin flipping, 89–92
fair, 541–543
into a well, 92
key generation, 92
using Blum integers, 543
using one-way functions, 90
using public-key cryptography, 90–91
using square roots, 541–542
Collision, 166
Collision-free, 30
Collision-resistance, 429
Combination generator, 381
Combining function, 381
Commercial COMSEC Endorsement Program, 269, 598–599
Commercial Data Masking Facility, 366, 574
Common Cryptographic Architecture, 573–574
Common modulus, dangers of, 493
Common modulus attack, RSA, 472
Communications:
using public-key cryptography, 31–34
using symmetric cryptography, 28–29
Communications channels, encryption, 216–220
Communications Setup, 517–518
Complementation property, 281
Complement keys, DES, 281–282
Completely blind signatures, 112–113
Complete set of residues, 242
Complexity-theoretic approach, stream ciphers, 415–418
Complexity theory, 237–242
algorithms, 237–239
complexity of problems, 239–241
Compression, 226
Compression function, 431
Compression permutation, 273–274
Compromise, 5
Compromised keys, 182–183
Computational complexity, 237
Computationally secure, 8
Computer algorithms, 17
Computer clock, as random-sequence generator, 424
Computer Security Act of 1987, 600–601
Computing, with encrypted data, 85–86, 540–541
COMSET, 517–518
Conditional Access for Europe, 606–607
Conference key distribution, 524
Confusion, 237, 346–347
Congruent, 242
Connection integer, 403
feedback with carry shift registers, maximal-period, 406–407
Continued fraction algorithm, 256
Contract signing, simultaneous:
with an arbitrator, 118
without an arbitrator
face-to-face, 118–119
not face-to-face, 119–120
using cryptography, 120–122
Control Vector, 180
Convertible undeniable signatures, 538–539
Coppersmith, Don, 94, 266, 280, 283, 293, 398, 457
Coppersmith’s algorithm, 263
Correlation attack, 380
Correlation immunity, stream ciphers, 380
Correlations, random-sequence generators, 425
Counter mode, 205–206, 209
Counting coincidences, 14
Crab, 342–344
Credit cards, anonymous, 147
Crepeau, Claude, 555
Crypt(1), 414
CRYPT(3), 296
Cryptanalysis, 1, 5–8
differential, see Differential cryptanalysis
FEAL, 311–312
GOST, 333–334
IDEA, 323
linear, 290–293
LOKI91, 316
Madryga, 306
N-Hash, 434–435
related-key, 290
Snefru, 432
types, 5–7
Cryptanalysts, 1
Crypt Breakers Workbench, 414
Cryptographers, 1
Cryptographic algorithm, see Cipher
Cryptographically secure pseudo-random, 45
Cryptographic facility, 562
Cryptographic mode, 189
Cryptographic protection, databases, 73–74
Cryptographic protocol, 22
Cryptography, 1
CRYPTO-LEGGO, 414
Cryptologists, 1
Cryptology, 1
CRYPTO-MECCANO, 346
Cryptosystems, 4
fair, 97
finite automaton public-key, 482
hybrid, 32–34
security, 234–235
weak, 97
Cusick, Thomas, 312
Cut and choose, 103
Cypherpunks, 609
Daemen, Joan, 325, 341, 349, 414
Damgard, Ivan, 446
Damm, Arvid Gerhard, 13
Data, encrypted:
computing with, 85–86, 540–541
discrete logarithm problem, 540–541
for storage, 220–222
Databases, cryptographic protection, 73–74
Data complexity, 9
Data Encryption Algorithm, see Data Encryption Standard
Data Encryption Standard, 17, 265–301
adoption, 267–268
algorithm, brute-force attack efficiency, 152–153
characteristics, 286–288
commercial chips, 279
compared to GOST, 333–334
compression permutation, 273–274
CRYPT(3), 296
decryption, 277
description, 270
DESX, 295
development, 265–267
differential cryptanalysis, 284–290
DES variants, 298
expansion permutation, 273–275
final permutation, 277
generalized, 296–297
hardware and software implementation, 278–279
with independent subkeys, 295
initial permutation, 271
iterated block cipher, 347
key transformation, 272–273
linear cryptanalysis, 290–293
modes, 277–278
multiple, 294–295
1987 review, 268–269
1993 review, 269–270
outline of algorithm, 270–272
P-boxes
design criteria, 294
permutation, 275, 277
RDES, 297–298
related-key cryptanalysis, 290
RIPE-MAC, 457–458
S-boxes, 349
alternate, 296–298
design criteria, 294
key-dependent, 298, 300, 354
substitution, 274–276
security, 278, 280–285
algebraic structure, 282–283
complement keys, 281–282
current, 300–301
key length, 283–284
number of rounds, 284
possibly weak keys, 281–282
S-box design, 284–285
semiweak keys, 280–281
weak keys, 280–281
snDES, 298–299
source code, 623–632
speeds on microprocessors and computers, 279
validation and certification of equipment, 268
Data Exchange Key, 581
Data Keys, 176
Davies, Donald, 562
Davies-Meyer, 448
abreast, 452
modified, 449–450
parallel, 451
tandem, 451–452
Davies-Price, 358
Decoherence, 165
Decryption, 1
DES, 277
key, 3
key-error detection, 179
knapsack algorithms, 465
with a public key, 39
with symmetric algorithm, 4
den Boer, Bert, 434, 436, 441
Denning-Sacco protocol, 63
Dense, 378
Dereferencing keys, 221–222
Derived sequence attack, 381
Designated confirmer signatures, 82–83, 539–540
Desmedt, Yvo, 81
DES, see Data Encryption Standard
Destruction:
information, 228–229
of keys, 184–185
DESX, 295
Dictionary attack, 52, 171–173
Differential cryptanalysis, 284–290
attacks against
DES, 288–290
DES variants, 298
Lucifer, 303
extending to higher-order differentials, 293
strength against, block cipher design theory, 348–349
Differential-linear cryptanalysis, 293
Diffie, Whitfield, 31, 37, 122, 216, 283, 419, 461, 501, 565
Diffie-Hellman:
EKE implementation, 519–520
extended, 515
failsafe, 547–548fair, 546–547
Hughes variant, 515
key exchange without exchanging keys, 515
patents, 516
with three or more parties, 514
Diffie’s randomized stream cipher, 419
Diffusion, 237, 346–347
Digital card, properties, 146
Digital cash, 139–147
anonymous, 139
credit cards, 147
money orders, 140
double spending problem, 140–141
off-line systems, 146
on-line systems, 145–146
other protocols, 145–147
perfect crime, 145
practical, 145
secret splitting, 142–145
Digital certified mail, 122–123
Digital Notary System, 78
Digital Signature Algorithm, 17, 483–494
attacks against k, 492
computation time comparison with RSA, 489
criticisms, 484–486
dangers of common modulus, 493
description, 486–488
ElGamal encryption with, 490–491
patents, 493–494
prime generation, 488–490
proposal for NIST standard, 483–486
RSA encryption with, 491
security, 491–492
speed precomputations, 487–488
subliminal channel, 493, 534–536
foiling, 536
variants, 494–495
Digital signatures, 34–41
algorithms, 39
applications, 41
blind, 112–115, 549–550
convertible undeniable signatures, 538–539
converting identification schemes to, 512
definition, 39
designated confirmer signatures, 82–83, 539–540
ElGamal, 476–478
with encryption, 41–44
entrusted undeniable, 82
fail-stop, 85
Fiat-Shamir signature scheme, 507–508
group signatures, 84–85
Guillou-Quisquater signature scheme, 509–510
improved arbitrated solution, 76
key exchange with, 50
multiple, 39–40
Guillou-Quisquater, 510
nonrepudiation, 40
oblivious, 117
protocol, 40
proxy, 83
public-key algorithms, 483–502
Cade algorithm, 500–501
cellular automata, 500
Digital Signature Algorithm, see Digital Signature Algorithm
discrete logarithm signature schemes, 496–498
ESIGN, 499–500
GOST digital signature algorithm, 495–496
Digital signatures (Cont.)
public-key algorithms (Cont.)
Matsumoto-Imai algorithm, 500
Ong-Schnorr-Shamir, 498–499
public-key cryptography, 37–38
attacks against, 43–44
one-way hash functions and, 38–39
resend attack, foiling, 43
RSA, 473–474
Schnorr signature scheme, 511–512
subliminal-free, 80
with symmetric cryptosystems and arbitrator, 35–37
terminology, 39
timestamps, 38
trees, 37
undeniable, 81–82, 536–539
Dining Cryptographers Problem, 137
Discrete logarithm, 245
in finite field, 261–263
zero-knowledge proofs, 548
Discrete Logarithm Problem, 501, 540–541
Discrete logarithm signature schemes, 496–498
Distributed Authentication Security Service, 62
Distributed convertible undeniable signatures, 539
Distributed key management, 187
DNA computing, 163–164
DNRSG, 387
DoD key generation, 175
Double encryption, 357–358
Double OFB/counter, 363–364
Double spending problem, 140–141
Driver-level encryption, 222–223
DSA, see Digital Signature Algorithm
Dynamic random-sequence generator, 387
E-box, 273
ECB, see Electronic codebook mode
Electronic checks, 146
Electronic codebook mode, 189–191, 208–210
combined with OFB, 364
DES, 277–278padding, 190–191
triple encryption, 362–363
Electronic coins, 146
Electronic Frontier Foundation, 608
Electronic-funds transfer, DES adoption, 268
Electronic Privacy Information Center, 608
ElGamal, 532–533
EKE implementation, 519
encryption, 478
with DSA, 490–491
patents, 479
signatures, 476–478
speed, 478–479
ElGamal, Taher, 263
Elliptic curve cryptosystems, 480–481
Elliptic curve method, 256
Ellison, Carl, 362
Encoding, 226
Encrypt-decrypt-encrypt mode, 359
Encrypted Key Exchange:
applications, 521–522
augmented, 520–521
basic protocol, 518–519
implementation with
Diffie-Hellman, 519–520
ElGamal, 519
RSA, 519
strengthening, 520
Encryption, 1
communication channels, 216–220
combining link-by-link and end-to-end, 219–221
with compression and error control, 226
data, for storage, 220–222
detection, 226–227
digital signatures with, 41–44
driver-level versus file-level, 222–223
ElGamal, 478
with DSA, 490–491
end-to-end, 217–220
with interleaving, 210–211
key, 3
knapsack algorithms, 464
link-by-link, 216–218
multiple, 357
with a private key, 39
probabilistic, 552–554
RSA, 468
with DSA, 491
with symmetric algorithm, 4
using public key, 5
End-to-end encryption, 217–220
combined with link-by-link, 219–221
Enigma, 13, 414
Entropy, 233–234
Entrusted undeniable signature, 82
Error detection:
during decryption, 179
during transmission, 178
Error extension, cipher block chaining mode, 196
Error propagation:
cipher block chaining mode, 195–196
cipher-feedback mode, 201–202
output-feedback mode, 204
Escrow agencies, 592
Escrowed Encryption Standard, 97, 593
ESIGN, 499–500, 533–534
Euclid’s algorithm, 245
Euler totient function, 248–249
Expansion permutation, 273–275, 315
Export:
of algorithms, 215–216, 610–616
foreign, 617
Exportable Protection Device, 389
Export Administration Act, 610
EXPTIME, 241
Extended Euclidean algorithm, 246–248
Factoring, 255–258
general number field sieve, 159–160
long-range predictions, 162
public-key encryption algorithms, 158–159
special number field sieve, 160–161
using quadratic sieve, 159
Factoring Problem, 501
Failsafe:
Diffie-Hellman, 547–548
key escrowing, 98
Fail-stop digital signatures, 85
Fair cryptosystems, 97
Fait-Shamir, 508
FAPKC0, 482
FAPKC1, 482
FAPKC2, 482
FEAL, 308–312
cryptanalysis, 311–312
description, 308–10
patents, 311
Feedback:
cipher block chaining mode, 193, 195
internal, output-feedback mode, 203
Feedback function, 373
Feedback shift register, 373
Feedback with carry shift registers, 402–404
combining generators, 405, 410
maximal-length, tap sequences, 408–409
maximal-period, connection integers, 406–407
Feedforward, cipher block chaining mode, 195
Feige, Uriel, 503–504
Feige-Fiat-Shamir, 503–508
enhancements, 506–507
identification scheme, 504–505
simplified, 503–504
Feistel, Horst, 266, 303
Feistel network, 347
Blowfish, 337
practically secure, 349
Fermat’s little theorem, 248
Euler’s generalization, 248
FFT-Hash, 446
Fiat, Amos, 503–504
Fiat-Shamir signature scheme, 507–508
Fibonacci configuration, 373, 379
Fibonacci shrinking generator, 391
File-level encryption, 222–223
Filter generator, 381
Finite field, 254
discrete logarithms, 261–263
FIPS PUB 46, 267
FIPS PUB 74, 267
FIPS PUB 81, 267
FIPS PUB 112, 267
Fish, 391
Fixed bit index, 543
Flat keyspace, 176
Flipping coins, see Coin flipping
Fortified key negotiation, 522
Galois configuration, linear feedback shift registers, 378–379
Galois field, computing in, 254–255
Garey, Michael, 241
Gatekeeper, 278
Geffe generator, 382–383
General number field sieve, 159–160, 256
General Services Administration, DES adoption, 268
Generators, 253–254
Gifford, 392–393
Gifford, David, 392
Gill, J., 501
Global deduction, 8
Goldwasser, Shafi, 94, 552
Gollmann, Dieter, 386
Gollmann cascade, 387–388
Goodman-McAuley cryptosystem, 466
Goresky, Mark, 404
GOST, 331–334, 354
source code, 643–647
GOST digital signature algorithm, 495–496
GOST hash function, 454
GOST R 34.10–94, 495
Gosudarstvennyi Standard Soyuza SSR, 331–334
Graham-Shamir knapsacks, 465
Graph isomorphism, 104–105
Greatest common divisor, 245–246
Grossman, Edna, 266
Group signatures, 84–85
Group Special Mobile, 389
Group structure, block ciphers design theory, 348
GSM, 389
Guillou, Louis, 102, 508
Guillou-Quisquater:
identification scheme, 508–510
signature scheme, 509–510
Gutmann, Peter, 353
Guy, Richard, 159
Haber, Stuart, 75, 485, 488
Hamiltonian cycles, 105–106
Hard drive, encrypted, providing random access to, 222
Hardware:
DES implementation, 278–279
encryption, 223–225
RSA, 469
Hash functions, see One-way hash functions
Hash value, 30
HAVAL, 445–446
Hellman, Martin, 31–32, 37, 262, 283, 293, 358–359, 461–462
Hiding information from an oracle, 86
Historical terms, 9
Homophonic substitution cipher, 10–11
Hughes, 515
Hughes, Eric, 609
Hughes XPD/KPD, 389–390
Hybrid cryptosystems, 32–34, 461
IBC-Hash, 458
IBM Common Cryptographic Architecture, 573–574
IBM secret-key management protocol, 561–562
IDEA, 319–325, 354
cryptanalysis, 323
description, 320–322
modes of operation, 323–325
overview, 320–321
patents, 325
S-boxes, 349
source code, 637–643
speed, 322–323
strength against differential cryptanalysis, 348
variants, 325
Ideal secrecy, 236
Identification schemes:
converting to signature schemes, 512
Feige-Fiat-Shamir, 503–508
Guillou-Quisquater, 508–510
Ohta-Okamoto, 508
Schnorr authentication and signature scheme, 510–512
Identity-based cryptosystems, 115
Ignition key, 564
Import, foreign, 617
Index of coincidence, 14
Information:
amount, information theory definition, 233
deduction, 8
destruction, 228–229
Information-theoretic approach, 418
stream ciphers, 415
Information theory, 233–237
cryptosystem security, 234–235
entropy and uncertainty, 233–234
in practice, 236–237
rate of the language, 234
unicity distance, 235–236
Ingemarsson, Ingemar, 418
Initialization vector:
cipher block chaining mode, 194
cipher-feedback mode, 201
output-feedback mode, 204
Inner-CBC, 360, 363
Insertion attack, synchronous stream ciphers, 203
Instance deduction, 8
Institute of Electrical and Electronics Engineers, 608
Integrated Services Digital Network, 563–565
Integrity, 2
Interactive protocol, 103
Interchange Key, 581
Interleave, 210–211
Interlock protocol, mutual authentication using, 54–55
Internal feedback, 203
International Association for Cryptologic Research, 605
International Standards Organization:
authentication framework, 574–577
DES adoption, 268
International Traffic in Arms Regulations, 610–614
Internet, Privacy-Enhanced Mail, 577–584
Introducers, 187
Inverses modulo a number, 246–248
IPES, 319
ISDN, 563–565
ISO 8732, 359
ISO 9796, 472, 474, 486
ISO/IEC 9979, 607
ISO X.509 protocols, 574–577
Iterated block cipher, 347
Jacobi symbol, 252–253
J-algebras, 501
Jam, 414
Jennings generator, 383–384
Johnson, David, 241
Jueneman’s methods, 457
Kaliski, Burt, 342
Karn, 351–352
Karn, Phil, 351
Karnin-Greene-Hellman, 530
Kerberos, 60, 566–571
abbreviations, 567
authentication steps, 567
credentials, 568
getting initial ticket, 569
getting server tickets, 569–570
licenses, 571
model, 566
requesting services, 570
security, 571
Version 4, 570–571
Version 5 messages, 568
Kerckhoffs, A., 5
Kerckhoffs’s assumption, 7
Key, 3
backup, 181–182
CDMF shortening, 366
complement, DES, 281–282
compromised, 182–183
controlling usage, 180
dereferencing, 221–222
destroying, 184–185
distribution in large networks, 177
generating, 170–175
ANSI X9.17 standard, 175
DoD, 175
pass phrases, 174–175
poor choices, 171–173
random keys, 173–174
reduced keyspaces, 170–171
ISDN, 563–564
lifetime, 183–184
possibly weak, DES, 281–282
semiweak, DES, 280–281
session, 33, 180
storing, 180–181
transferring, 176–177
transmission, error detection, 178
updating, 180
using, 179–180
verification, 178–179
weak
block ciphers design theory, 348DES, 280–281
Key and message broadcast, 51–52
Key and message transmission, 51
Key Auto-Key, 202
Keyboard latency, as random-sequence generator, 424–425
Key Certification Authority, 43
Key control vectors, 562
Key distribution:
anonymous, 94–95
conference, 524
Key Distribution Center, 43–44
Key-Encryption Keys, 176, 184
Key escrow, 97–100, 181–182, 591
politics, 98–100
Key exchange, 47–52
DASS, 62
Denning-Sacco protocol, 63
with digital signatures, 50
interlock protocol, 49–50
Kerberos, 60
key and message broadcast, 51–52
key and message transmission, 51
man-in-the-middle attack, 48–49
Needham-Schroeder protocol, 58–59
Neuman-Stubblebine protocol, 60–62
Otway-Rees protocol, 59–60
protocols, formal analysis, 65–68
with public-key cryptography, 48
with symmetric cryptography, 47–48
Wide-Mouth Frog protocol, 56–57
without exchanging keys, 515
Woo-Lam protocol, 63–64
Yahalom, 57–58
Key-exchange algorithms:
COMSET, 517–518
conference key distribution and secret broadcasting, 523–525
Diffie-Hellman, 513–516
Encrypted Key Exchange, 518–522
fortified key negotiation, 522
Shamir’s three-pass protocol, 516–517
station-to-station protocol, 516
Tatebayashi-Matsuzaki-Newman, 524–525
Key generation, using coin flipping, 92
Key length:
comparing symmetric and public-key, 165–166
deciding on, 166–167
DES, 283–284
public-key, 158–165
DNA computing, 163–164
quantum computing, 164–165
recommended lengths, 161–163
symmetric, 151–158
biotechnology as cryptanalysis tool, 156–157
brute-force attack, 151–154
Chinese Lottery, 156–157
neural networks, 155
software-based brute-force attacks, 154–155
thermodynamic limitations on brute-force attacks, 157–158
using viruses to spread cracking program, 155–156
Key management, 169–187
distributed, 187
public-key, 185–187
Key negotiation, fortified, 522
Key notarization, 562
Key revocation certificate, 585
Keyspace, 3
flat, 176
nonlinear, 175–176
reduced, 170–171
Keystream generator, 197–198
counter mode, 206
periodic, 202
Khafre, 317–318, 349
Khufu, 317, 349
Kilian, Joe, 116
Kim, Kwangjo, 298, 350
Kinetic Protection Device, 389–390
Klapper, Andy, 404
Klein, Daniel, 53, 171
Knapsack algorithms, 462–466
decryption, 465
encryption, 464
implementations, 465
patents, 466
public key created from private key, 464
security, 465
superincreasing, 463–464
variants, 465–466
Knapsack problem, 501
Known-plaintext attack, 6–7, 151, 359
Knudsen, Lars, 8, 293, 314, 316, 348–349
Knuth, 393, 501
Koblitz, Neal, 480
Konheim, Alan, 266, 280
Kravitz, David, 493
Kravitz-Reed, 481
KryptoKnight, 571–572
Lagged Fibonacci generators, 390
LaGrange interpolating polynomial scheme, 528–529
Lai, Xuejia, 319, 449
Langford, Susan, 293
Law Enforcement Access Field, 591
Legal issues, 618
Legendre symbol, 251
Lehmann, 259
Lehmann algorithm, 259
Length, shift register, 373
Lenstra, Arjen, 159, 162, 257, 485, 488
LFSR/FCSR summation/parity cascade, 410–411
Lidl, Rudolph, 481
Linear complexity:
profile, 380
stream ciphers, 380
Linear congruential generators, 369–372
combining, 371–372
constants, 370
Linear consistency test, 381
Linear cryptanalysis:
DES, 290–293
strength against, block cipher design theory, 348–349
Linear error-correcting codes, algorithms based on, 480
Linear feedback shift registers, 372–379
Galois, 378–379
primitive polynomials mod 2, 376–377
software, 378–379
stream ciphers using, see Stream ciphers
Linear syndrome algorithm, 381
Link-by-link encryption, 216–218
combined with end-to-end, 219–221
Linking protocol, timestamping, 76–77
Li-Wang algorithm, 346
Local deduction, 8
Lock-in, 388
Logarithms, discrete, see Discrete logarithm
LOKI, 314–316
S-boxes, 349
source code, 632–637
LOKI Double-Block, 451
Low decryption exponent attack, RSA, 473
Low encryption exponent attack, RSA, 472–473
Luby, Michael, 352
Luby-Rackoff, 352–353
xDES1, 365
LUC, 481
Lucas number, 481
Luccio-Mazzone, 501
Lucifer, 266, 303–304
Lu-Lee cryptosystem, 466
Lyndon words, 501
MacGuffin, 346
Madryga, W. E., 304
Mafia Fraud, 110
Magic numbers, 423
Manasse, Mark, 159, 257
Man-in-the-middle attack, 48–49
Masks, REDOC II, 312
Massey, James, 319, 339, 386, 418, 449
Master Key, 561
Master Terminal Key, 561
Matsui, Mitsuru, 290–291
Matsumoto-Imai algorithm, 500
Mauborgne, Joseph, 15
Maurer, Ueli, 419
Maurer’s randomized stream cipher, 419
Maximal period generator, 369
MBAL, 344
McEliece, Robert, 479
McEliece algorithm, 346, 479–480
MD2, 441
MD3, 446
MD4, 435–436
MD5, 436–441
MDC, 353–354
MDC-2, 452–453
MDC-4, 452–454
MD-strengthening, 431
Meet-in-the-middle attack, 358, 381
Mental poker, 92–95
Merkle, Ralph, 34, 316–318, 358–359, 432, 455, 461–462
Merkle’s puzzles, 34
Merritt, Michael, 67, 518, 520–521, 571
Message:
authentication, 56
broadcasting, 69
Privacy-Enhanced Mail, 579–582
recovery, 497–498
resending as receipt, 42–43
Message authentication codes, 31, 455–459
bidirectional, 457
CBC-MAC, 456
IBC-Hash, 458
Jueneman’s methods, 457
message authenticator algorithm, 456–457
one-way hash functions as, 458–459
RIPE-MAC, 457–458
stream ciphers, 459
Message authenticator algorithm, 456–457
Message broadcast, anonymous, 137–139
Message Digest, 435–436
Message Digest Cipher, 353
Message Integrity Check, 578
Message-meaning rule, 66
Message Security Protocol, 584
Meyer, Carl, 266, 278
Meyer, Joseph A., 614
Meyer-Schilling, 452
Micali, Silvio, 94, 508, 546–547, 552
Miller, Gary, 259
Miller, V. S., 480
Mimic functions, 10
Minimum-disclosure proofs, 108
MITRENET, 562–563
Miyaguchi, Shoji, 308
MMB, 325–327
m*n-bit S box, 349
Modular arithmetic, 242–245
Modular Multiplication-based Block cipher, 325–327
Modular reduction, 242
Modulo, inverses, 246–248
Monoalphabetic cipher, 10
Montgomery’s method, 244
Moore’s Law, 153
m-sequence, 374
MSP, 584
Muller, Winfried, 481
Multiparty unconditionally secure protocols, 137
Multiple-bit generator, 421
Multiple encryption, 357
quintuple, 366
Multiple Identity Fraud, 111
Multiple-key public-key cryptography, 527–528
Multiple signatures, 39–40
Multiplier, 369
Multispeed inner-product generator, 386–387
Mush, 392
Mutual shrinking generator, 392
MYK-80, 593–594
Mykotronx Clipper chip, 328
MYK-78T, 591–593
Nanoteq, 390
National Bureau of Standards, see National Institute of Standards and Technology
National Computer Security Center, 599–600
National Institute of Standards and Technology, 600–603
DES development, 265–267
Memorandum of Understanding, 601–603
National Security Agency, 597–599
DES development, 266–267
export of cryptography, 614–615
Memorandum of Understanding, 601–603
S-box development role, 278, 280
Navy Research Laboratory, protocol analyzer, 67–68
Needham, Roger, 58, 66, 216
Needham-Schroeder protocol, 58–59
Networks, large, key distribution, 177
Neuman-Stubblebine protocol, 60–62
Neural networks, breaking algorithms, 155
NewDES, 306–308
N-Hash, 433–435
Niederreiter, Harald, 501
Niederreiter algorithm, 480
Niemi cryptosystem, 466
Nobauer, Wilfried, 481
Noise, random, using as random-sequence generator, 423–424
Nonce-verification rule, 66
Non-Interactive Key Sharing systems, 115
Nonlinear-feedback shift registers, 412–413
Nonlinear keyspace, 175–176
Nonrepudiation, 2
Notz, Bill, 266
NP-complete problem, 240–242
graph isomorphism, 104
knapsack algorithms, 462
McEliece algorithm, 479
solving, 163–164
NRL Protocol Analyzer, 67–68
NSDD-145, 268
Nuclear Non-Proliferation Act, 610
Number field sieve, 256
Numbers:
2–adic, 404
large, 17–18
Number theory, 242–255
Barrett’s algorithm, 244
Blum integers, 253
Chinese remainder theorem, 249–250
Euclid’s algorithm, 245
Euler totient function, 248–249
extended Euclidean algorithm, 246–248
Fermat’s little theorem, 248
Galois field, computing in, 254–255
generators, 253–254
greatest common divisor, 245–246
inverses modulo a number, 246–248
Jacobi symbol, 252–253
Legendre symbol, 251
modular arithmetic, 242–245
Montgomery’s method, 244
prime numbers, 245
quadratic residues, 250–251
solving for coefficients, 248
Nyberg, Kaisa, 348
Oblivious transfer, 116–117, 550
Oblivous signatures, 117
OFB, see Output-feedback mode
Ohta, Kazuo, 146, 501
Ohta-Okamoto identification scheme, 508
Okamoto, Tatsuaki, 146, 501
1/p generator, 414
One-time pad, 15–17
hiding ciphertext in ciphertext, 227–228
One-time tape, 418
One-way accumulators, 95–96, 543
One-way function, 29–30
authentication using, 52
bit commitment using, 87–88
coin flipping using, 90
trap-door, 158
One-way hash functions, 30–31, 351–354
background, 429–431
birthday attacks, 165–166, 430
choosing, 455
cipher security, 353–354
compression function, 431
encryption speeds, 456
HAVAL, 445–446
improved arbitrated solution, 76
Karn, 351–352
length, 430–431
Luby-Rackoff, 352–353
MD2, 441
MD3, 446
MD4, 435–436
MD5, 436–441
MD-strengthening, 431
message authentication codes, 455–459
Message Digest Cipher, 353–354
multiple signatures, 40
N-Hash, 433–435
RIPE-MD, 445
Secure Hash Algorithm, 442–445signing documents with, 38–39
Snefru, 432
as unbiased random-bit generator, 107
using public-key algorithms, 455
using symmetric block algorithms, 446–455
AR hash function, 453
GOST hash function, 454
hash length equals block size, 447–449
LOKI Double-Block, 451
MDC-2 and MDC-4, 452–454
modified Davies-Meyer, 449–450
parallel Davies-Meyer, 451
Preneel-Bosselaers-Govaerts-Vandewalle, 450
Quisquater-Girault, 450
tandem and abreast Davies-Meyer, 451–452
Ong-Schnorr-Shamir, 498–499, 531–532
Orange Book, 599–600
Otway-Rees protocol, 59–60
Outerbridge, Richard, 363
Outer-CBC, 360
Output-feedback mode, 203–205, 208–210
combined with ECB, 364
DES, 277
with a nonlinear function, 208
Overtake, 598
Overwriting, 229
Padding:
cipher block chaining mode, 195
electronic codebook mode, 190–191
MD5, 436
Secure Hash Algorithm, 442
triple encryption with, 362
Painvin, Georges, 12
Pass phrases, 174–175
Passive attack, 27
Passive cheaters, 27
Patents, 609–610; See also specific algorithms
P-boxes:
design criteria, 294
permutation, 275, 277, 316
PEM, see Privacy-Enhanced Mail
Perfect secrecy, 235
Period, 11
shift register, 373
Permutation, 237
key, DES, 272–273
PES, 319, 324
Pike, 391–392
PKZIP, 394–395
Plaintext, 1–2
Plaintext block chaining mode, 208
Plaintext feedback mode, 208
Plaintext pair, right and wrong pairs, 287
Pless generator, 413–414
p-NEW scheme, 498
Pohlig, Stephen, 262
Pohlig-Hellman encryption scheme, 474
Polarized photons, 555
Pollard’s Monte Carlo algorithm, 256
Polyalphabetic substitution cipher, 10–11
Polygram substitution cipher, 10–11
Polynomials:
degree, shift register length, 374
dense, 378
irreducible, 255, 481
sparse, 378
Pomerance, Carl, 257
Powerline System, 466
Pre-image, 30
Preneel, Bart, 457
Preneel-Bosselaers-Govaerts-Vandewalle, 450
Pretty Good Privacy, 584–587
Price, William, 562
Prime numbers, 245
generation, 258–261
DSA, 488–490
practical considerations, 260–260
relatively prime, 245
strong, 261
Primitive, 253
Principal square root, 251
Privacy-Enhanced Mail, 577–584
certificates, 579
documents, 578
messages, 579–582
RIPEM, 583–584
security, 582–583
TIS/PEM, 583
Private key, 5
creating public key from, 464
for public-key cryptography, lifetime, 184
Probabilistic encryption, 552–554
Problems:
complexity, 239–241
EXPTIME, 241
hard, 239
intractable, 239
PSPACE, 241
Problems (Cont.)
tractable, 239
undecidable, 240
See also NP-complete problem
Processing complexity, 9
Product cipher, 347
Proofs of Membership, 111
Propagating cipher block chaining mode, 207
Proposed Encryption Standard, 319
Protocols, 21, 47
adjudicated, 26, 70–71
all-or-nothing disclosure of secrets, 96
analysis, approaches, 65–66
anonymous message broadcast, 137–139
arbitrated, 23–26
attacks against, 27
authentication, 576–577
authentication and key-exchange, formal analysis, 65–68
BAN logic, 66–67
basic zero-knowledge, 102–104
bit commitment, 86–88
blind signatures, 112–115
characteristics, 21
cryptographic, 22
DASS, 62
definition, 21
Denning-Sacco, 63
digital cash, see Digital cash
digital certified mail, 122–123
digital signatures, 40
distributed, timestamping, 77–78
fair coin flips, 89–92
IBM Common Cryptographic Architecture, 573–574
IBM secret-key management, 561–562
identity-based public-key cryptography, 115
interactive, 103
interlock, 49–50, 54–55
Kerberos, 60, 566–571
key escrow, 97–100
key exchange, 47–52
KryptoKnight, 571–572
lessons, 64–65
mental poker, 92–95
multiparty unconditionally secure, 137
Needham-Schroeder, 58
Neuman-Stubblebine, 60–62
oblivious signatures, 117
oblivious transfer, 116–117
one-way accumulators, 95–96
Otway-Rees, 59–60
purpose, 22–23
secret splitting, 70–71
secure circuit evaluation, 137
secure elections, see Secure elections
secure multiparty computation, 134–137
self-enforcing, 26–27
SESAME, 572
simultaneous contract signing, 118–122
simultaneous exchange of secrets, 123–124
subliminal channel, 79–80
timestamping, 75–79
types, 24
Wide-Mouth Frog, 56–57
Woo-Lam, 63–64
Yahalom, 57–58
See also Authentication; Zero-knowledge proofs
Pseudo-Hadamard Transform, 340
Pseudo-random function family, SEAL, 398–399
Pseudo-random-number generator, 78, 416
Pseudo-random sequence, 44–45
Pseudo-random-sequence generator, 44
bit commitment using, 88
generating multiple streams, 420–421
linear congruential generators, 369–372
linear feedback shift registers, 372–379
PSPACE, 241
Public key, 5
certificates, 185–187
creating from private key, 464
key length, 158–165
recommended lengths, 161–163
key management, 185–187
Public-key algorithms, 4–5, 33, 500–502
background, 461–462
based on linear error-correcting codes, 480
Diffie-Hellman, 513
ElGamal, 476–479
elliptic curve cryptosystems, 480–481
finite automaton cryptosystems, 482
knapsack algorithms, 462–466
LUC, 481
McEliece, 479–480
one-way hash functions using, 455
Pohlig-Hellman, 474
Rabin, 475–476
RSA, see RSA
security, 461–462
strength, 502
Public-key cryptography:
attacks against, 43–44
authentication using, 53–54
coin flipping using, 90–91
communications using, 31–34
identity-based, 115
key exchange with, 48
multiple-key, 68–69
private keys, lifetime, 184
signing documents with, 37–38
one-way hash functions, 38–39
versus symmetric cryptography, 216–217
Public-Key Cryptography Standards, 588–589
Public Key Partners, 604–605
Public-key ring, 585
Purchase-key attack, 7
Quadratic nonresidues, 251
Quadratic residues, 250–251
generator, 417
Quadratic sieve, 256
factoring, 159
Quantum computing, 164–165
Quantum cryptography, 554–557
Quintuple encryption, 366
Quisquater, Jean-Jacques, 102, 508
Quisquater-Girault, 450
Rabin, 475–476
Rabin, Michael, 103, 259, 518, 550
Rabin-Miller algorithm, 259–260
RACE Integrity Primitives Evaluation, 605–606
Rackoff, Charles, 352
Rainbow Books, 600
Rambutan, 390
Random keys, 173–174
Random noise, as random-sequence generator, 423–424
Random-number generation, 44
Random-sequence generators, 421–428
biases and correlations, 425–426
computer clock, 424
distilling randomness, 426–428
keyboard latency measurement, 424–425
RAND tables, 422–423
using random noise, 423–424
Random sequences, real, 45–46
Randomized approach, stream ciphers, 415
Randomized stream cipher, 419
Randomness, distilling, 426–428
RAND tables, 422–423
Rao-Nam algorithm, 346
Rate of the language, 234
RC2, 318–319
RC4, 319, 397–398
RC5, 344–346
source code, 659–662
RDES, 297–298
Receipt, resending message as, 42–43
REDOC II, 311–313
REDOC III, 313
Redundancy, of language, 234
Reeds, Jim, 369
Related-key cryptanalysis, 290
Renji, Tao, 482
Renting Passports, 111
Replay attacks, 58–59
Research and Development in Advanced Communication Technologies, Integrity Primitives Evaluation, 605–606
Resend attack, foiling, 43
Residue, 242
quadratic, 250–251
reduced set, 248
Restricted algorithms, 3
RFC 1421, 578
RFC 1422, 578
RFC 1423, 578
RFC 1424, 578
Richter, Manfield, 423
Riordan, Mark, 583–584
RIPE, 605–606
RIPEM, 583–584
RIPE-MAC, 457–458
RIPE-MD, 445
Rip van Winkle cipher, 418–419
Rivest, Ron, 159, 163, 318–319, 344, 397, 435, 440–441, 444, 446, 467
Rivest Cipher, 318
Robshaw, Matt, 342
Rogaway, Phil, 398
ROM key, 181
ROT13, 11
Rotor machines, 12–13
RSA, 17, 466–474
ability to break, zero-knowledge proofs, 548–549
attack on encrypting and signing with, 473–474
blind signatures, 548
chosen ciphertext attack, 471–472
common modulus attack, 472
compared to DSA, 485
computation time comparison with DSA, 489
as de facto standard, 485–486
EKE implementation, 519
encryption, 468
with DSA, 491
in hardware, 469
low decryption exponent attack, 473
low encryption exponent attack, 472–473
patents, 474
restrictions on use, 473
security, 470–471
speed, 469
standards, 474
RSA Data Security, Inc., 295, 603–604
RSA Factoring Challenge, 257
RSA generator, 417
Rubber-hose cryptanalysis, 7
Rueppel, Ranier, 385–386
Running-key cipher, 12
SAFER K-64, 339–341
SAFER K-128, 341
Salt, 52–53
S-boxes:
alternate, DES, 296–298
Blowfish, 336
Boolean functions in, 350
DES, key-dependent, 298, 300
design
criteria, 294
security questions, 284
theory, 349–351
Lucifer, 303
NSA role, 278, 280
substitution, 274–276
Scherbius, Arthur, 13
Schlafly, Roger, 394
Schneier, Bruce, 336, 346
Schnorr, Claus, 418, 446, 510
Schnorr authentication and signature scheme, 510–512
Schroeder, Michael, 58, 216
Schwartau, Winn, 300
Sci.crypt, 608–609
Scott, Robert, 306
SEAL, 398–400
source code, 667–673
Secrecy:
ideal, 236
perfect, 235
Secrets, simultaneous exchange, 123–124
Secret sharing, 71–73
without adjudication, 72
with cheaters, 72
with disenrollment, 73
without revealing shares, 73
schemes with prevention, 73
verifiable, 73
Secret-sharing algorithms, 528–531
advanced threshold schemes, 530–531
Asmuth-Bloom, 529–530
cheater detection, 531
Karnin-Greene-Hellman, 530
LaGrange interpolating polynomial scheme, 528–529
vector scheme, 529
Secret splitting, 70–71
digital cash, 142–145
Secure and Fast Encryption Routine, 339
Secure circuit evaluation, 137
Secure elections, 125–134
divided protocols, 133
multiple-key ciphers, 133
simplistic voting protocols, 125–126
voting with
blind signatures, 126–127
single central facility, 128–130
two central facilities, 127–128
Secure elections (Cont.)
voting without central tabulating facility, 130–133
Secure European System for Applications in a Multivendor Environment, 572
Secure Hash Algorithm, 442–445
Secure multiparty computation, 134–137, 551–552
Secure Telephone Unit, 565
Security:
of algorithms, 8–9
Blowfish, 339
cipher block chaining mode, 196–197
ciphers based on one-way hash functions, 353–354
cryptosystem, 234–235
DES, 278, 280–285
algebraic structure, 282–283
current, 300–301
key length, 283–284
weak keys, 280–281
DSA, 491–492
ESIGN, 500
Kerberos, 571
knapsack algorithms, 465
MD5, 440–441
MMB, 326–327
output-feedback mode, 205
PKZIP, 395
Privacy-Enhanced Mail, 582–583
requirements for different information, 167
RSA, 470–471
SEAL, 400
Secure Hash Algorithm, 444–445
self-synchronizing stream cipher, 199
Selector string, 143
Self-decimated generator, 385–387
Self-enforcing protocols, 26–27
Self-recovering, cipher block chaining mode, 196
Self-shrinking generator, 388
Self-synchronizing stream cipher, 198–199
Selmer, E. S., 381
Semiweak keys, DES, 280–281
SESAME, 572
Session keys, 33, 180
SHA, 442–445
Shadows, 71–72
Shamir, Adi, 72, 284–285, 288, 291, 296, 303, 311–312, 314, 319, 416, 434, 462, 467, 502–504, 508, 516, 528
Shamir’s pseudo-random-number generator, 416
Shamir’s three-pass protocol, 516–517
Shimizu, Akihiro, 308
Shor, Peter, 164
Shrinking generator, 388, 411–412
Signature equation, 496
Signatures, see Digital signatures
Silverman, Bob, 159
Simmons, Gustavus, 72, 79, 493, 501, 531
Simple columnar transposition cipher, 12
Simple relations, 347–348
Simple substitution cipher, 10–11
Simultaneous exchange of secrets, 123–124
Skew, 425
SKEY, 53
SKID, 55–56
Skipjack, 267, 328–329
Smart cards, 587
observer, 146
Universal Electronic Payment System, 589–591
Smith, Lynn, 266
snDES, 298–299
Snefru, 432
Software:
DES implementation, 278–279
encryption, 225
linear feedback shift registers, 378–379
RSA speedups, 469–470
Software-based brute-force attack, 154–155
Software Publishers Association, 608
Solovay, Robert, 259
Solovay-Strassen algorithm, 259
Space complexity, 237
Sparse, 378
Special number field sieve, 160–161
SP network, 347
Square roots:
coin flipping using, 541–542
modulo n, 258
Standards:
public-key cryptography, 588–589
RSA, 474
Station-to-station protocol, 516
Steganography, 9–10
StepRightUp, 414
Stereotyped beginnings, 190
Stereotyped endings, 190
Storage:
data encryption for, 220–222
keys, 180–181
requirements, 9
Stornetta, W. Scott, 75
Straight permutation, 275
Strassen, Volker, 259
Stream algorithms, 4
Stream ciphers, 4, 189, 197–198
A5, 389
additive generators, 390–392
Algorithm M, 393–394
versus block ciphers, 210–211
Blum, Blum, and Shub generator, 417–418
Blum-Micali generator, 416–417
cascading multiple, 419–420
cellular automaton generator, 414
choosing, 420
complexity-theoretic approach, 415–418
correlation immunity, 380
counter mode, 206
crypt(1), 414
design and analysis, 379–381
Diffie’s randomized stream cipher, 419
encryption speeds, 420
feedback with carry shift registers, 402–404
Fish, 391
Gifford, 392–393
Hughes XPD/KPD, 389–390
information-theoretic approach, 418
linear complexity, 380
Maurer’s randomized stream cipher, 419
message authentication codes, 459
multiple, generating from single pseudo-random-sequence generator, 420–421
Mush, 392
Nanoteq, 390
nonlinear-feedback shift registers, 412–413
1/p generator, 414
output-feedback mode, 205
Pike, 391–392
PKZIP, 394–395
Pless generator, 413–414
Rambutan, 390
random-sequence generators, 421–428
RC4, 397–398
Rip van Winkle cipher, 418–419
RSA generator, 417
SEAL, 398–400
self-synchronizing, 198–199
synchronous, 202–203
system-theoretic approach, 415–416
using feedback with carry shift registers, 405–412
alternating stop-and-go generators, 410–411
cascade generators, 405
FCSR combining generators, 405, 410
LFSR/FCSR summation/parity cascade, 410–411
shrinking generators, 411–412
using linear feedback shift registers, 381–388
alternating stop-and-go generator, 383, 385
Beth-Piper stop-and-go generator, 383–384
bilateral stop-and-go generator, 384–385
DNRSG, 387
Geffe generator, 382
generalized Geffe generator, 382–383
Gollmann cascade, 387–388
Jennings generator, 383–384
multispeed inner-product generator, 386–387
self-decimated generator, 385–387
self-shrinking generator, 388
shrinking generator, 388
summation generator, 386–387
threshold generator, 384–386
WAKE, 400–402
Strict avalanche criteria, 350
Strong primes, 261
STU-III, 565–566
Subkey, 272
Blowfish, 338–339
Crab, 342–343
IDEA, 322
independent, DES, 295
Subliminal channel, 79–80
applications, 80
DSA, 493, 534–536
ElGamal, 532–533
ESIGN, 533–534
foiling, 536
Ong-Schnorr-Shamir, 531–532
signature algorithm, 79
Subliminal-free signature schemes, 80
Subprotocols, 26
Substitution boxes, 274–276
Substitution ciphers, 10–12
Substitution-permutation network, 347
SubStream, 414
Summation generator, 386–387
Superincreasing knapsack, 463–464
Superincreasing sequence, 463–464
Suppress-replay, 61
Surety Technologies, 79
SXAL8, 344
Symmetric algorithms, 4
Symmetric block algorithms, one-way hash functions using, 446–455
Symmetric cryptography:
bit commitment using, 86–87
communication using, 28–29
key exchange with, 47–48
versus public-key cryptography, 216–217
Symmetric cryptosystems, document signing, 35–37
Symmetric key length, 151–158
Synchronous stream cipher, 202–203
System-theoretic approach, stream ciphers, 415–416
Tap sequence, 373
feedback with carry shift registers, maximal-length, 408–409
Tatebayashi-Matsuzaki-Newman, 524–525
Tavares, Stafford, 334
TEA, 346
TEMPEST, 224
Terminology, 1–9, 39
Terrorist Fraud, 110
Thermodynamics, limitations on brute-force attacks, 157–158
Three-pass protocol, Shamir’s, 516–517
Three-Satisfiability, 242
3–Way, 341–342, 354
source code, 654–659
Three-Way Marriage Problem, 242
Threshold generator, 384–386
Threshold schemes, 71–72, 530–531
Ticket-Granting Service, 567
Ticket Granting Ticket, 569
Tickets, 568
Time complexity, 237
Timestamping, 75
arbitrated solution, 75–76
digital signatures, 38
distributed protocol, 77–78
improved arbitrated solution, 76
improvements, 78–79
linking protocol, 76–77
patented protocols, 78–79
protocols, 75–79
TIS/PEM, 583
Total break, 8
Traffic analysis, 219
Traffic-flow security, 217
Transfer, oblivious, 116–117
Transposition, 237
ciphers, 12
Trapdoor one-way function, 30
Traveling Salesman Problem, 241–242
Trees, digital signatures, 37
Trial division, 256
Triple encryption, 358–363
encrypt-decrypt-encrypt mode, 359
with minimum key, 360
modes, 360–362
with three keys, 360
with two keys, 358–359
variants, 362–363
TSD, 594–595
Tsujii-Kurosawa-Itoh-Fujioka-Matsumoto, 501
Tuchman, Walt, 266, 278, 280, 294, 303, 358
Tuckerman, Bryant, 266
Turing, Alan, 240
Turing machine, 239, 241
2–adic numbers, 404
UEPS, 589–591
Uncertainty, 234
Unconditional sender and recipient untraceability, 138
Undeniable digital signatures, 81–82, 536–539
Unicity distance, 235–236
Unit key, 591
United States, export rules, 610–616
Universal Electronic Payment System, 589–591
Unpredictable, to left and to right, 417
Updating, keys, 180
Utah Digital Signature Act, 618
van Oorschot, Paul, 359
Vector scheme, 529
Verification, keys, 178–179
Verification block, 179
Verification equation, 496
Vernam, Gilbert, 15
Vigenere cipher, 10–11, 14
Vino, 346
Viruses, to spread cracking program, 155–156
VLSI 6868, 278
Voting, see Secure elections
WAKE, 400–402
Wayner, Peter, 10
Weak keys:
block ciphers design theory, 348
DES, 280–281
Wheeler, David, 400
Whitening, 363, 366–367
Wide-Mouth Frog protocol, 56–57
Wiener, Michael, 153, 284, 359
Williams, 475–476
Wolfram, Steve, 414, 446
Wood, Michael, 311, 313
Woo-Lam protocol, 63–64
Word Auto Key Encryption, 400
Work factor, 9
xDES1, 365–366
XOR, 13–15
XPD, 389–390
Yagisawa algorithm, 501
Yahalom, 57–58
Yao’s millionaire problem, 551
Yung, Moti, 81
Yuval, Gideon, 430
Zero-knowledge proofs, 101–109, 548–549
ability to break RSA, 548–549
Chess Grandmaster Problem, 109
computational, 108
discrete logarithm, 548
generalities, 108–109
identity, 109–111
Mafia Fraud, 110
minimum-disclosure, 108
Multiple Identity Fraud, 111
n is Blum integer, 549
noninteractive, 106–107
no-use, 108
parallel, 106
perfect, 108
Proofs of Membership, 111
Renting Passports, 111
statistical, 108
Terrorist Fraud, 110
Zero-knowledge protocol:
basic, 102–104
graph isomorphism, 104–105
Hamiltonian cycles, 105–106
Zierler, Neal, 381
Zimmermann, Philip, 584


Previous Table of Contents Next