Really Random A random value or sequence derived from a source which is expected to produce no predictable or repeatable relationship between values.. Also see: Random Number Machines:
Trang 1Random Variable
In statistics, a term or label for an unknown value Also used when each of the possible values have some known probability
A discrete random variable takes on a finite set of values The probability of each value is the frequency function or probability density function, and the
graph of the frequency function is the frequency distribution
Range
The set of the results from a mapping for all possible arguments Also see: domain
Really Random
A random value or sequence derived from a source which is expected to produce no predictable or repeatable relationship between values
Examples of a really random source might include radioactive decay,
Johnson or thermal noise, shot noise from a Zener diode or reverse-biased junction in breakdown, etc Clearly, some sort of circuitry will be required to detect these generally low-level events, and the quality of the result is often directly related to the design of the electronic processing Other sources of randomness might be precise keystroke timing, and the accumulated hash of text of substantial size Also called physically random and truly random As opposed to pseudorandom (see random number generator)
Really random values are particularly important as message key objects, or
as a sequence for use in a realized one-time pad
Also see: Random Number Machines: A Literature Survey and Random Electrical Noise: A Literature Survey, in the Literature Surveys and Reviews section of the Ciphers By Ritter page, and Randomness Links, in Ritter's Net Links page
Relay
Classically, an electro-mechanical component consisting of a mechanical switch operated by the magnetic force produced by an electromagnet, a conductor wound around an iron dowel or core A relay is at least potentially
a sort of mechanical (slow) and nonlinear amplifier which is well-suited to power control
Research Hypothesis
In statistics, the statement formulated so that the logically contrary
statement, the null hypothesis H0 has a test statistic with a known
Trang 2distribution for the case when there is nothing unusual to detect Also called the alternative hypothesis H1, and logically identical to "NOT-H0" or "H0 is not true."
Resistor
A basic electronic component in which voltage and current are linearly
related by Ohm's Law: E = IR Resistors can thus be used to limit current I
given voltage E: (I = E/R), or to produce voltage E from current I: (E = IR) Two resistors in series can divide voltage Ein to produce the output voltage Eo: ( Eo = Ein(R1/(R1+R2)) )
Also see capacitor and inductor
Ring
In abstract algebra, a nonempty set R with two dyadic (two-input,
one-output) operations which we choose to call "addition" and "multiplication" and denote + and * as usual If elements (not necessarily numbers) a, b are in
R, then a+b is in R, and ab (or a*b) are also in R The following properties hold:
1 Addition is commutative: a + b = b + a
2 Addition is associative: (a + b) + c = a + (b + c)
3 There is a "zero" or additive identity: a + 0 = a
4 There is an additive inverse: for any a there is an x in R such that a
+ x = 0
5 Multiplication is associative: (ab)c = a(bc)
6 Multiplication is distributive: a(b + c) = ab + ac and (b + c)a = ba +
ca
7 In a commutative ring, multiplication is commutative: ab = ba
8 In a ring with unity, there is a multiplicative identity: for e in R, ea
= ae = a
Root
A solution: A value which, when substituted for a variable in a mathematical equation, makes the statement true
RMS
root mean square
Root Mean Square
The square root of the integral of instantaneous values squared Thus, when measuring voltage or current, a value proportional to the average power in watts, even in a complex waveform
Trang 3RNG
Random Number Generator
Round
In the context of block cipher design, a term often associated with a Feistel block cipher such as DES A round is the set of operations which are
repeated multiple times to produce the final data For example, DES uses 16 generally identical rounds, each of which performs a number of operations
As opposed to a layer, which is not applied repeatedly
RSA
The name of an algorithm published by Ron Rivest, Adi Shamir, and Len Adleman (thus, R.S.A.) The first major public key system
Based on number-theoretic concepts and using huge numerical values, a RSA key must be perhaps ten times or more as long as a secret key for
similar security
Running Key
The confusion sequence in a stream cipher
Salt
An unnecessarily cute and sadly non-descriptive name for an arbitrary value, unique to a particular computer or installation, prepended to a password before hash authentication The "salt" acts to complicate attacks on the
password user-identification process by giving the same password different hash results on different systems Ideally, this would be a sort of keying for a secure hash
Sample
In statistics, one or more elements, typically drawn at random from some population
Normally, we cannot hope to examine the full population, and so must
instead investigate samples of the population, with the hope that they
represent the larger whole Often, random sampling occurs "without
replacement"; effectively, each individual sample is returned to the
population before the next sample is drawn
S-Box
Substitution box or table; typically a component of a cryptographic system
"S-box" is a rather non-specific term, however, since S-boxes can have more
Trang 4inputs than outputs, or more outputs than inputs, each of which makes a single invertible table impossible The S-boxes used in DES contain multiple invertible substitution tables, with the particular table used at any time being data-selected
One possible S-box is the identity transformation (0->0, 1->1, 2->2, ) which clearly has no effect at all, while every other transformation has at
least some effect So different S-boxes obviously can contain different
amounts of some qualities Qualities often mentioned include avalanche and Boolean function nonlinearity However, one might expect that different
ciphering structures will need different table characteristics to a greater or
less degree So the discussion of S-box strength always occurs within the context of a particular cipher construction
S-Box Avalanche
With respect to avalanche, any input change even one bit will select a different table entry Over all possible input values and changes, the number
of output bits changed will have a binomial distribution (See the bit changes section of the Ciphers By Ritter / JavaScript computation pages.) So, in this respect, all tables are equal
On the other hand, it is possible to arrange tables so that single-bit input changes are guaranteed to produce at least two-bit output changes, and this
would seem to improve avalanche But we note that this is probable even
with a randomly-constructed table, so we have to ask just how much this
guarantee has improved things In a Feistel cipher, it seems like this might
reduce the number of needed rounds by one But in actual operation, the
plaintext block is generally randomized, as in CBC-mode This means that
the probability of getting a single-bit change in operation is very low
anyway
It is true that cipher avalanche is tested using single-bit input changes, and that is the way avalanche is defined The point of this is to assure that every output bit is "affected" by every input bit But I see this as more of an
experimental requirement than an operational issue that need be optimized
S-Box Nonlinearity
With respect to Boolean function nonlinearity, as tables get larger it
becomes very difficult and essentially impossible to find tables with
Trang 5ideal nonlinearity values This means that we are always accepting a
compromise value, and this is especially the case if the table must also have high values of other S-box qualities
Even randomly-constructed tables tend to have reasonable nonlinearity values We might expect an 8-bit table to have a nonlinearity of about 100 (that is, 100 bits must change in one of the eight 256-bit output functions to reach the closest affine Boolean function) Experimental measurement of the nonlinearity of 1,000,000 random 8-bit tables shows exactly one table with a
nonlinearity as low as 78, and the computed probability of an actually linear
table (nonlinearity zero) is something like 10-72 or 2-242
The NSA-designed 8-bit table in Skipjack cipher has a computed
nonlinearity of 104 While not quite the highest value we could find, it is in
the top 2.5 percent of the distribution, and it seems improbable that this occurred by accident We might assume that this table is representative of the modern understanding of the needs of a Feistel design with a fixed table
If so, we might conclude that good nonlinearity (or something very much like it) is a necessary, if not quite sufficient, part of the design
Keyed S-Boxes
It is "easy" to construct keyed S-boxes, by shuffling under the control of a keyed cryptographic random number generator (See, for example: A Keyed Shuffling System for Block Cipher Cryptography.) This has the significant advantage of providing no fixed tables for The Opponent to understand and attack
One question is whether one should attempt to measure and discard tables with poorer qualities than others My personal feeling is that the ciphering structure should be strong enough to handle the expected random table
distribution without added measurement and selection
Also see: S-Box Design: A Literature Survey, in the Literature Surveys and Reviews section of the Ciphers By Ritter page
Scalable
A cipher design which can produce both large real ciphers and tiny experimental versions from the exact same construction rules Scalability is about more than just
Trang 6variable size: Scalability is about establishing a uniform structural identity which is size-independent, so that we achieve a strong