If we have random data, statistic values exceeding 95% of the distribution often called failure should occur about 1 time in 20.. Stream Cipher Diffusion In a conventional stream ciphe
Trang 1Source Code
The textual representation of a computer program as it is written by a
programmer Nowadays, source is typically in a high-level language like C, C++ or Pascal, but inevitably some programmers must work "close to the machine" in assembly language The "code" part of this is presumably an extension of the idea that, ultimately, all computer programs are executed as
"machine code" or machine language This consists of numeric values or
"operation codes" ("opcodes") which select the instruction to be executed,
and so represent a very public code for those instructions Also see object
code
State
Information storage, or "memory." In abstract machine theory, retained information, generally used to influence future events
In statistics, the current symbol from a sequence, or a value which selects or conditions possible outcomes (see: Markov process)
We normally measure "state" in units of information or bits, and 8 bits of
"state" can support 28 or 256 different state-value combinations or states
Also see: deterministic and keyspace
Stationary Process
In statistics, a stochastic (random) process (function) whose general statistics
do not change over time; in which every sub-sequence is representative of the whole; a homogenous process This may not be true of a Markov
process Also see: ergodic
Statistic
A computation or process intended to reduce diverse results into a
one-dimensional ordering of values for better understanding and comparison Also the value result of such a computation See statistics
A useful statistic will have some known (or at least explorable) probability distribution for the case "nothing unusual found." This allows the statistic value to be interpreted as the probability of finding that value or less, for the case "nothing unusual found." Then, if improbable statistic values occur
repeatedly and systematically, we can infer that something unusual is being
found, leading to the rejection of the null hypothesis
Trang 2It is also possible to explore different distributions for the same statistic under different conditions This can provide a way to guess which condition was in force when the data were obtained
Statistics
The mathematical science of interpreting probability to extract meaning from diverse results Also the analysis of a large population based on a
limited number of random samples from that population; this is also the ability to state probability bounds for the correctness of certain types of inductive reasoning See statistic and random variable
The usual role of statistics is to identify particular systematic events in the context of expected random variations that may conceal such events This often occurs in a context of difficult and costly experimentation, and there is
a premium on results which are so good that they stand above the noise; it may be that not much is lost if a weak positive is ignored
In contrast, cryptography and randomness generally support vast amounts of testing at low cost, and we seek weak indications In this context, we may find it more useful to conduct many tests and collect many statistic values, then visually and mathematically compare the experimental distribution to the ideal for that statistic
A statistical distribution usually represents what we should expect from random data or random sampling If we have random data, statistic values
exceeding 95% of the distribution (often called failure) should occur about 1
time in 20 And since that one time may happen on the very first test, it is only prudent to conduct many tests and accumulate results which are more likely to represent reality than any one result from a single test
In statistical randomness testing, "failure" should and must occur with the
appropriate frequency Thus, the failure to fail is itself a failure! This means that the very concept of statistical "failure" often may be inappropriate for cryptographic use Grading a result as "pass" or "fail" discards all but one bit
of information Further, a pass / fail result is a Bernoulli trial, which would take many, many similar tests to properly characterize So it may be more appropriate to collect 20 or more statistic probability values, and then
compare the accumulation to the expected distribution for that statistic This will provide a substantial basis for asserting that the sampled process either did or did not produce the same statistic distribution as a random process
Trang 3Due to random sampling, any statistical result is necessarily a probability,
rather than certainty An "unlucky" sampling can produce statistical results
which imply the opposite of reality In general, statistics simply cannot
provide the 100 percent certainty which is traditionally expected of
mathematical "proof."
Steganography
Greek for "sheltered writing." Methods of cryptology which seek to conceal
the existence of a message As opposed to cryptography which seeks to hide the information in the message, even if the message itself is completely
exposed
Stochastic
In statistics, random; involving a random variable
Stream Cipher
A cipher which directly handles messages of arbitrary size, by ciphering individual elements, such as bits or bytes This avoids the need to
accumulate data into a block before ciphering, as is necessary in a
conventional block cipher But note that a stream cipher can be seen as an operating mode, a "streaming" of a tiny block transformation Stream
ciphers can be called "combiner-style" ciphers
Stream Cipher Diffusion
In a conventional stream cipher, each element (for example, each byte) of the message is ciphered independently, and does not affect any other
element
In a few stream cipher designs, the value of one message byte may change
the enciphering of subsequent message bytes; this is forward data diffusion
But a stream cipher cannot change the enciphering of previous message
bytes In contrast, changing even the last bit in a block cipher block will generally change about half of the earlier bits within that same block
Changing a bit in one block may even affect later blocks if we have some sort of stream meta-cipher composed of block cipher transformations, like CBC
Note that a stream cipher generally does not need data diffusion for strength,
as does a block cipher In a block cipher, it may be possible to separate individual components of the cipher if their separate effects are not hidden
Trang 4by diffusion But a stream cipher generally re-uses the same transformation, and has no multiple data components to hide
Stream Cipher Construction
The classic stream cipher is very simple, consisting of a keyed random
number generator which produces a random-like confusion sequence or running key That sequence is then combined with plaintext data in a simple additive combiner to produce ciphertext
When an exclusive-OR combiner is used, exactly the same construction will also decipher the ciphertext But if The Opponents have some
known-plaintext and associated ciphertext, they can easily produce the original confusion sequence This, along with their expected knowledge of the cipher design, may allow them to attack and expose the confusion generator If this
is successful, it will, of course, break the system until the RNG is re-keyed
The ultimate stream cipher is the one-time pad, in which a really random
sequence is never re-used But if a sequence is re-used, The Opponent can
generally combine the two ciphertexts, eliminating the confusion sequence, and producing the combined result of two plaintexts Such a combination is normally easy to attack and penetrate
The re-use of confusion sequence is extremely dangerous in a stream cipher
design In general, all stream cipher designs must use a message key to
assure that the cipher is keyed with a random value for every new ciphering This does, of course, expand the ciphertext by the size of the message key
Another alternative in stream cipher design is to use a stronger combiner, such as Latin square or Dynamic Substitution combining This can
drastically reduce the complexity required in the confusion generator, which normally provides all stream cipher strength Each of these stronger
combiners is nonlinear, with substantial internal state, and the designer may elect to use multiple combinings in sequence, or a selection among different combiners Neither of these approaches make much sense with an additive combiner
Strength
The ability of a cipher to resist attack and maintain secrecy The overall
"strength" of a cipher is the minimum effort required to break the cipher, by
any possible attack But our knowledge of cipher "strength" is necessarily
Trang 5contextual and subjective, much like unpredictability in random sequences Although "strength" would seem to be the entire point of using a cipher, cryptography has no way to measure strength
Cipher "strength" is often taken as an absolute universal negative, the simple non-existence of any attack which could succeed, assuming some level of
attack resources But this means that overall "strength" may be forever
impossible to measure, because there is no hope of enumerating and
evaluating every possible attack
Strength and Cryptanalysis
Because we have no tools for the discussion of strength under all possible attacks, cipher "strength" is normally discussed in the context of particular attacks Each known attack approach can be elaborated for a particular
cipher, and a value calculated for the effort required to break the cipher in that way; this may set an "upper bound" on the unknown strength of the cipher (although some "elaborations" are clearly better than others) And while this is certainly better than not knowing the strength with respect to known attacks, such attacks may not represent the actual threat to the cipher
in the field (A cipher may even be said to have different "contextual
strengths," depending on the knowledge available to different Opponents.)
In general, we never know the "lower bound" or "true" strength of a cipher
So, unless a cipher is shown to be weaker than we can accept, cryptanalysis provides no useful information about cipher strength
It is sometimes argued that "our guys" are just as good as the Opponents, who thus could not break a cipher with less effort than we know Or it is said that if a better break were known, that secret necessarily would get out When viewed in isolation such statements are clearly false reasoning, yet these are the sort of assumptions that are often implicitly used to assert
strength after cryptanalysis
Since we cannot know the true situation, for a proper security analysis we must instead assume that our Opponents have more time, are better trained, are better
equipped, and may even be smarter than our guys Further, the Opponents are
quite likely to function as a well-motivated group with a common goal and which can keep secrets; clearly, this is a far different situation than the usual academic cryptanalysis So, again, cryptanalysis by