Even in the best possible situation, random sampling will produce a range or distribution of test statistic values.. Often, even the worst possible statistic value can be produced by an
Trang 1the monographic transformations had multiple or homophonic alternatives for frequently-used letters Generally smaller than a codebook, due to the use
of the syllables instead of a comprehensive list of phrases A sort of early manual cipher with some characteristics of a code, that operated like a
codebook
Nominal
In statistics, measurements which are in categories or "bins." Also see:
ordinal, and interval
Nonlinearity
The extent to which a function is not linear See Boolean function
nonlinearity
NOT
A Boolean logic function which is the "complement" or the mod 2 addition
of 1
Null Hypothesis
In statistics, the particular statement or hypothesis H0 which is accepted unless a statistic testing that hypothesis produces evidence to the contrary Normally, the null hypothesis is accepted when the associated statistical test indicates "nothing unusual found."
The logically contrary alternative hypothesis H1 is sometimes formulated
with the specific hope that something unusual will be found, but this can be
very tricky to get right Many statistical tests (such as goodness-of-fit tests) can only indicate whether something matches what we expect, or does not But any number of things can cause a mismatch, including a fundamentally flawed experiment A simple mismatch does not normally imply the
presence of a particular quality
Even in the best possible situation, random sampling will produce a range or distribution of test statistic values Often, even the worst possible statistic value can be produced by an unlucky sampling of the best possible data It is thus important to know what distribution to expect because of the sampling
alone, so if we find a different distribution, that will be evidence supporting the alternative hypothesis H1
If we collect enough statistic values, we should see them occur in the ideal distribution for that particular statistic So if we call the upper 5 percent of the distribution "failure" (this is the significance level) we not only expect
but in fact require such "failure" to occur about 1 time in 20 If it does not,
Trang 2we will in fact have detected something unusual, something which might even indicate problems in the experimental design
If we have only a small number of samples, and do not run repeated trials, a relatively few chance events can produce an improbable statistic value,
which might cause us to reject a valid null hypothesis, and so commit a type
I error
On the other hand, if there is a systematic deviation in the underlying
distribution, only a very specific type of random sampling could mask that problem With few samples and trials, though, the chance random masking
of a systematic problem is still possible, and could lead to a type II error
Object Code
Typically, machine language instructions represented in a form which can be
"linked" with other routines Also see source code
Objective
In the study of logic, reality observed without interpretation As opposed to subjective or interpreted reality Alternately, a goal
Octal
Base 8: The numerical representation in which each digit has an alphabet of eight symbols, generally 0 through 7
Somewhat easier to learn than hexadecimal, since no new numeric symbols are needed, but octal can only represent three bits at a time This generally means that the leading digit will not take all values, and that means that the representation of the top part of two concatenated values will differ from its representation alone, which can be confusing Also see: binary and decimal
Octave
A frequency ratio of 2:1 From an 8-step musical scale
OFB
OFB or Output FeedBack is an operating mode for a block cipher
OFB is closely related to CFB, and is intended to provide some of the
characteristics of a stream cipher from a block cipher OFB is a way of using
a block cipher to form a random number generator The resulting
Trang 3pseudorandom confusion sequence can be combined with data as in the usual stream cipher
OFB assumes a shift register of the block cipher block size An IV or initial value first fills the register, and then is ciphered Part of the result, often just
a single byte, is used to cipher data, and also is shifted into the register The resulting new register value is ciphered, producing another confusion value for use in stream ciphering
One disadvantage of this, of course, is the need for a full block-wide
ciphering operation, typically for each data byte ciphered The advantage is the ability to cipher individual characters, instead of requiring accumulation into a block before processing
One Time Pad
The term "one time pad" (OTP) is rather casually used for two
fundamentally different types of cipher:
1 The Theoretical One Time Pad: a theoretical random source
produces values which are combined with data to produce ciphertext
In a theoretical discussion of this concept, we can simply assume
perfect randomness in the source, and this assumption supports a
mathematical proof that the cipher is unbreakable But the theoretical
result applies to reality only if we can prove the assumption is valid
in reality Unfortunately, we cannot do this, because provably perfect
randomness apparently cannot be attained in practice So the theoretical OTP does not really exist, except as a goal
2 The Realized One Time Pad: a really random source produces
values which are combined with data to produce ciphertext But
because we can neither assume nor prove perfect, theoretical-class
randomness in any real generator, this cipher does not have the mathematical proof of the theoretical system Thus, a realized one
time pad is NOT proven unbreakable, although it may in fact be
unbreakable in practice In this sense, it is much like other realized ciphers
A realized one time pad (OTP) is essentially a stream cipher with a really random confusion sequence used exactly once The confusion sequence is the key, and it is as long as the data Since this amount of keying material can be awkward to transfer and keep, we often see "pseudo" one-time pad
Trang 4designs which attempt to correct this deficiency Normally, the point is to achieve the theoretical advantages of a one-time pad without the costs; the problem with this is that the one-time pad theory of strength no longer
applies These variations are best seen as classic stream cipher designs
In a realized one time pad, the confusion sequence must be unpredictable
(not generated from a small key value) and must be transported to the far end and held at both locations in absolute secrecy like any other secret key But where a normal secret key might range perhaps from 16 bytes to 160 bytes, there must be as much OTP sequence as there will be data (which might well be megabytes) And a normal secret key could itself be sent
under a key (as in a message key or under a public key) But an OTP
sequence cannot be sent under a key, since this would make the OTP as
weak as the key, in which case we might as well use a normal cipher All this implies very significant inconveniences, costs, and risks, well beyond what one would at first expect, so even the realized one time pad is generally
considered impractical, except in very special situations
In a realized one time pad, the confusion sequence itself must be random for,
if not, it will be somewhat predictable And, although we have a great many statistical randomness tests, there is no test which can certify a sequence as either random or unpredictable This means that a sequence which we
assume to be random may not be the unpredictable sequence we need, and
we can never know for sure (This might be considered an argument for using a combiner with strength, such as a Latin square or Dynamic
Substitution.) In practice, the much touted "mathematically proven
unbreakability" of the one time pad depends upon an assumption of
randomness and unpredictability which we can neither test nor prove
The one time pad sometimes seems to have yet another level of strength above the usual stream cipher, the ever-increasing amount of
"unpredictability" or entropy in the confusion sequence, leading to an
indefinite unicity distance In contrast, the typical stream cipher will produce
a long sequence from a relatively small amount of initial state, and it can be argued that the entropy of an RNG is just the number of bits in its initial state In theory, this might mean that the initial state or key used in the
stream cipher could be identified after somewhat more than that same
amount of data had been enciphered But it is also perfectly possible for an unsuspected problem to occur in a really-random generator, and then the
Trang 5more sequence generated, the more apparent and useful that problem might
be to an Opponent
Nor does even a theoretical one time pad imply unconditional security:
Consider A sending the same message to B and C, using, of course, two different pads Now, suppose the Opponents can acquire plaintext from B and intercept the ciphertext to C If the system is using the usual additive
combiner, the Opponents can reconstruct the pad between A and C Now
they can send C any message they want, and encipher it under the correct pad And C will never question such a message, since everyone knows that a
one time pad provides "absolute" security as long as the pad is kept secure
Note that both A and C have done this, and they are the only ones who had
that pad
Various companies offer one time pad programs, and sometimes also the keying or "pad" material
One-To-One
Injective A mapping f: X -> Y where no two values x in X produce the same
result f(x) in Y A one-to-one mapping is invertible for those values of X which produce unique results f(x), but there may not be a full inverse
mapping g: Y -> X
One Way Diffusion
In the context of a block cipher, a one way diffusion layer will carry any changes in the data block in a direction from one side of the block to the other, but not in the opposite direction This is the usual situation for fast, effective diffusion layer realizations
Onto
Surjective A mapping f: X -> Y where f(x) covers all elements in Y Not
necessarily invertible, since multiple elements x in X could produce the same f(x) in Y
+ -+ + -+
| | ONTO | |
| X | | Y = f(X) |
| | f | |
| | -> | |
+ -+ + -+
Opcode
Operation code: a value which selects one operation from among a set of possible operations This is an encoding of functions as values These values