863 research outputs found
Testing the Randomness of Cryptographic Function Mappings
A cryptographic function with a fixed-length output, such as a block cipher, hash function, or message authentication code (MAC), should behave as a random mapping. The mapping\u27s randomness can be evaluated with statistical tests. Statistical test suites typically used to evaluate cryptographic functions, such as the NIST test suite, are not well-suited for testing fixed-output-length cryptographic functions. Also, these test suites employ a frequentist approach, making it difficult to obtain an overall evaluation of the mapping\u27s randomness. This paper describes CryptoStat, a test suite that overcomes the aforementioned deficiencies. CryptoStat is specifically designed to test the mappings of fixed-output-length cryptographic functions, and CryptoStat employs a Bayesian approach that quite naturally yields an overall evaluation of the mappings\u27 randomness. Results of applying CryptoStat to reduced-round and full-round versions of the AES block ciphers and the SHA-1 and SHA-2 hash functions are reported; the results are analyzed to determine the algorithms\u27 randomness margins
New results on the genetic cryptanalysis of TEA and reduced-round versions of XTEA
Congress on Evolutionary Computation. Portland, USA, 19-23 June 2004Recently, a simple way of creating very efficient distinguishers for cryptographic primitives such as block ciphers or hash functions, was presented by the authors. Here, this cryptanalysis attack is shown to be successful when applied over reduced round versions of the block cipher XTEA. Additionally, a variant of this genetic attack is introduced and its results over TEA shown to be the most powerful published to date
GENEROWANIE SEKWENCJI LOSOWYCH O ZWIĘKSZONEJ SILE KRYPTOGRAFICZNEJ
Random sequences are used in various applications in construction of cryptographic systems or formations of noise-type signals. For these tasks there is used the program generator of random sequences which is the determined device. Such a generator, as a rule, has special requirements concerning the quality of the numbers formation sequence. In cryptographic systems, the most often used are linearly – congruent generators, the main disadvantage of which is the short period of formation of pseudo-random number sequences. For this reason, in the article there is proposed the use of chaos generators as the period of the formed selection in this case depends on the size of digit net of the used computing system. It is obvious that the quality of the chaos generator has to be estimated through a system of the NIST tests. Therefore, detailed assessment of their statistical characteristics is necessary for practical application of chaos generators in cryptographic systems. In the article there are considered various generators and there is also given the qualitative assessment of the formation based on the binary random sequence. Considered are also the features of testing random number generators using the system. It is determined that not all chaos generators meet the requirements of the NIST tests. The article proposed the methods for improving statistical properties of chaos generators. The method of comparative analysis of random number generators based on NIST statistical tests is proposed, which allows to select generators with the best statistical properties. Proposed are also methods for improving the statistical characteristics of binary sequences, which are formed on the basis of various chaos generators.Sekwencje losowe wykorzystywane są do tworzenia systemów kryptograficznych lub do formowania sygnałów zakłócających. Do tych zadań wykorzystywany jest generator sekwencji losowych, który jest urządzeniem deterministycznym. Taki generator z reguły ma specjalne wymagania dotyczące jakości tworzenia sekwencji liczbowej. W systemach kryptograficznych najczęściej stosuje się generatory liniowo-przystające, których główną wadą jest krótki okres formowania pseudolosowych sekwencji liczbowych. Z tego powodu w artykule zaproponowano użycie generatora chaotycznego, jako że okres próbkowania w tym przypadku zależy od rozmiaru siatki bitowej w używanym systemie obliczeniowym. Oczywistym jest, że należy oszacować jakość generatora chaotycznego za pomocą systemu testów NIST, dlatego też do praktycznego zastosowania generatorów chaotycznych w systemach kryptograficznych wymagana jest szczegółowa ocena ich cech statystycznych. W artykule rozważono różne generatory, a także podano ocenę jakościową procesu formacji na podstawie losowej sekwencji binarnej. Rozważano również funkcje testowania generatorów liczbowych przy użyciu systemu. Stwierdzono, że nie wszystkie generatory chaotyczne spełniają wymagania testów NIST. W artykule zaproponowano metody poprawy właściwości statystycznych generatorów chaotycznych, tak jak również metodę analizy porównawczej generatorów liczb losowych, która oparta jest na testach statystycznych NIST, i która pozwala wybrać generatory o najlepszych cechach statystycznych. Przedstawiono także metody poprawy właściwości statystycznych sekwencji binarnych, które powstają na podstawie różnych generatorów chaotycznych
MV3: A new word based stream cipher using rapid mixing and revolving buffers
MV3 is a new word based stream cipher for encrypting long streams of data. A
direct adaptation of a byte based cipher such as RC4 into a 32- or 64-bit word
version will obviously need vast amounts of memory. This scaling issue
necessitates a look for new components and principles, as well as mathematical
analysis to justify their use. Our approach, like RC4's, is based on rapidly
mixing random walks on directed graphs (that is, walks which reach a random
state quickly, from any starting point). We begin with some well understood
walks, and then introduce nonlinearity in their steps in order to improve
security and show long term statistical correlations are negligible. To
minimize the short term correlations, as well as to deter attacks using
equations involving successive outputs, we provide a method for sequencing the
outputs derived from the walk using three revolving buffers. The cipher is fast
-- it runs at a speed of less than 5 cycles per byte on a Pentium IV processor.
A word based cipher needs to output more bits per step, which exposes more
correlations for attacks. Moreover we seek simplicity of construction and
transparent analysis. To meet these requirements, we use a larger state and
claim security corresponding to only a fraction of it. Our design is for an
adequately secure word-based cipher; our very preliminary estimate puts the
security close to exhaustive search for keys of size < 256 bits.Comment: 27 pages, shortened version will appear in "Topics in Cryptology -
CT-RSA 2007
Towards Human Computable Passwords
An interesting challenge for the cryptography community is to design
authentication protocols that are so simple that a human can execute them
without relying on a fully trusted computer. We propose several candidate
authentication protocols for a setting in which the human user can only receive
assistance from a semi-trusted computer --- a computer that stores information
and performs computations correctly but does not provide confidentiality. Our
schemes use a semi-trusted computer to store and display public challenges
. The human user memorizes a random secret mapping
and authenticates by computing responses
to a sequence of public challenges where
is a function that is easy for the
human to evaluate. We prove that any statistical adversary needs to sample
challenge-response pairs to recover , for
a security parameter that depends on two key properties of . To
obtain our results, we apply the general hypercontractivity theorem to lower
bound the statistical dimension of the distribution over challenge-response
pairs induced by and . Our lower bounds apply to arbitrary
functions (not just to functions that are easy for a human to evaluate),
and generalize recent results of Feldman et al. As an application, we propose a
family of human computable password functions in which the user
needs to perform primitive operations (e.g., adding two digits or
remembering ), and we show that .
For these schemes, we prove that forging passwords is equivalent to recovering
the secret mapping. Thus, our human computable password schemes can maintain
strong security guarantees even after an adversary has observed the user login
to many different accounts.Comment: Fixed bug in definition of Q^{f,j} and modified proofs accordingl
- …