A value of: -1 implies a 0.0 probability the second sequence is the complement of the first, 0 implies a 0.5 probability the sequences are uncorrelated, and +1 implies a 1.0 pro
Trang 1Conductor
A material in which electron flow occurs easily Typically a metal; usually copper, sometimes silver, brass or even aluminum A wire As opposed to an insulator
Confusion
Those parts of a cipher mechanism which change the correspondence
between input values and output values In contrast to diffusion
Confusion Sequence
The sequence combined with data in a stream cipher Normally produced by
a random number generator, it is also called a "running key."
Contextual
In the study of logic, an observed fact dependent upon other facts not being observed Or a statement which is conditionally true, provided other
unmentioned conditions have the appropriate state As opposed to absolute
Conventional Cipher
A secret key cipher
Congruence
Casually speaking, the remainder after a division of integers
In number theory we say than integer a (exactly) divides integer b (denoted a
| b) if and only if there is an integer k such that ak = b
In number theory we say that integer a is congruent to integer b modulo m, denoted a = b (mod m), if and only if m | (a - b) Here m is the divisor or
modulus
Convolution
Polynomial multiplication A multiplication of each term against each other term, with no "carries" from term to term Also see correlation
Used in the analysis of signal processing to develop the response of a
processing system to a complicated real-valued input signal The input signal
is first separated into some number of discrete impulses Then the system response to an impulse the output level at each unit time delay after the impulse is determined Finally, the expected response is computed as the sum of the contributions from each input impulse, multiplied by the
magnitude of each impulse This is an approximation to the convolution integral with an infinite number of infinitesimal delays Although originally accomplished graphically, the process is just polynomial multiplication
Trang 2It is apparently possible to compute the convolution of two sequences by taking the FFT of each, multiplying these results term-by-term, then taking the inverse FFT While there is an analogous relationship in the FWT, in this case the "delays" between the sequences represent mod 2 distance
differences, which may or may not be useful
Correlation
In general, the probability that two sequences of symbols will, in any
position, have the same symbol We expect two random binary sequences to have the same symbols about half the time
One way to evaluate the correlation of two real-valued sequences is to
multiply them together term-by-term and sum all results If we do this for all possible "delays" between the two sequences, we get a "vector" or
1-dimensional array of correlations which is a convolution Then the
maximum value represents the delay with the best correlation
Correlation Coefficient
The value from -1 to +1 describing the correlation of two binary sequences, averaged over the length of interest Correlation coefficient values are
related to the probability that, given a symbol from one sequence, the other sequence will have that same symbol A value of:
-1 implies a 0.0 probability (the second sequence is the complement of the first),
0 implies a 0.5 probability (the sequences are uncorrelated), and
+1 implies a 1.0 probability (the sequences are the same)
"The correlation coefficient associated with a pair of Boolean functions f(a)
and g(a) is denoted by C(f,g) and is given by
C(f,g) = 2 * prob(f(a) = g(a)) - 1 "
Daemen, J., R Govaerts and J Vanderwalle 1994 Correlation Matrices
Fast Software Encryption 276 Springer-Verlag
CRC
Cyclic Redundancy Check: A fast error-check hash based on mod 2
polynomial operations
Trang 3A CRC is essentially a fast remainder operation over a huge numeric value which is the data (For best speed, the actual computation occurs as mod 2 polynomial operations.) The CRC result is an excellent (but linear) hash value corresponding to the data
No CRC has any appreciable strength, but some applications even in
cryptography need no strength:
One example is authentication, provided the linear CRC hash result is protected by a block cipher
Another example is key processing, where the uncertainty in a User Key phrase of arbitrary size is collected into a hash result of fixed size In general, the hash result would be just as good for The Opponent as the original key phrase, so no strength shield could possibly improve the situation
A third example is the accumulation of the uncertainty in slightly uncertain physically random events When true randomness is accumulated, it is already as unknowable as any strength shield could make it
Cryptanalysis
That aspect of cryptology which concerns the strength analysis of a
cryptographic system, and the penetration or breaking of a cryptographic system Also "codebreaking."
Because there is no theory which guarantees strength for any conventional cipher, ciphers traditionally have been considered "strong" when they have been used for a long time with "nobody" knowing how to break them easily Cryptanalysis seeks to improve this process by applying the known attack strategies to new ciphers, and by actively seeking new ones It is normal to assume that at least known-plaintext is available; often, defined-plaintext is assumed The result is typically some value for the amount of "work" which will achieve a "break" (even if that value is impractical); this is "the"
strength of the cipher
But while cryptanalysis can prove "weakness" for a given level of effort, cryptanalysis cannot prove that there is no simpler attack:
Lack of proof of weakness is not proof of strength
Trang 4Indeed, when ciphers are used for real, The Opponents can hardly be
expected to advertise a successful break, but will instead work hard to
reassure users that their ciphers are still secure The fact that apparently
"nobody" knows how to break a cipher is somewhat less reassuring from this viewpoint In this context, using a wide variety of different ciphers can make good sense: This reduces the value of the information protected by any
particular cipher, which thus reduces the rewards from even a successful attack Having a numerous ciphers also requires The Opponents to field far greater resources to identify, analyze, and automate breaking (when
possible) of each different cipher
Many academic attacks are essentially theoretical, involving huge amounts
of data and computation But even when a direct technical attack is
practical, that may be the most difficult, expensive and time-consuming way
to obtain the desired information Other methods include making a paper copy, stealing a copy, bribery, coercion, and electromagnetic monitoring No cipher can keep secret something which has been otherwise revealed
Information security thus involves far more than just cryptography, and even
a cryptographic system is more than just a cipher Even finding that
information has been revealed does not mean that a cipher has been broken
At one time it was reasonable to say: "Any cipher a man can make, another man can break." However, with the advent of serious computer-based
cryptography, that statement is no longer valid, provided that every detail is
properly handled This, of course, often turns out to not be the case
Cryptanalyst
Someone who attacks ciphers with cryptanalysis A "codebreaker." Often called the Opponent by cryptographers, in recognition of the (serious) game
of thrust and parry between these parties
Cryptographer
Someone who creates ciphers using cryptography
Cryptographic Mechanism
A process for enciphering and/or deciphering, or an implementation (for example, hardware, computer software, hybrid, or the like) for performing that process See also cryptography and mechanism
Cryptography
Greek for "hidden writing." The art and science of transforming information into an intermediate form which secures that information while in storage or
in transit A part of cryptology, further divided into secret codes and ciphers
Trang 5As opposed to steganography, which seeks to hide the existence of any
message, cryptography seeks to render a message unintelligible even when the message is completely exposed
Cryptography includes at least:
secrecy (confidentiality, or privacy, or information security) and
message authentication (integrity)
Cryptography may also include:
nonrepudiation (the inability to deny sending a message),
access control (user or source authentication), and
availability (keeping security services available)
Modern cryptography generally depends upon translating a message into one
of an astronomical number of different intermediate representations, or
ciphertexts, as selected by a key If all possible intermediate representations have similar appearance, it may be necessary to try all possible keys to find the one which deciphers the message By creating mechanisms with an
astronomical number of keys, we can make this approach impractical
Cryptography may also be seen as a zero-sum game, where a cryptographer competes against a cryptanalyst We might call this the cryptography war
Cryptography War
Cryptography may be seen as a dynamic battle between cryptographer and cryptanalyst The cryptographer tries to produce a cipher which can retain secrecy Then, when it becomes worthwhile, one or more cryptanalysts try to penetrate that secrecy by attacking the cipher Fortunately for the war, even
after fifty years of mathematical cryptology, not one practical cipher has been accepted as proven secure in practice (See, for example, the one-time
pad.)
Note that the successful cryptanalyst must keep good attacks secret, or the opposing cryptographer will just produce a stronger cipher This means that the cryptographer is in the odd position of never knowing whether his or her best cipher designs are successful, or which side is winning
Cryptographers are often scientists who are trained to ignore unsubstantiated
claims But there will be no substantiation when a cipher system is attacked