CLOCK CONTROL SEQUENCE RECONSTRUCTION IN NOISY GENERATORS WITH IRREGULAR CLOCKING
|
|
- Hilary Nicholson
- 5 years ago
- Views:
Transcription
1 CLOCK CONTOL SEUENCE ECONSTUCTION IN NOISY GENEATOS ITH IEGULA CLOCKING Slobodan V Petrović Institute of Applied Physics Serrano Madrid, Spain slobodan@ieccsices Amparo úster-sabater Institute of Applied Physics Serrano Madrid, Spain amparo@ieccsices ABSTACT Clock control sequence reconstruction is a key phase in the cryptanalysis of irregularly clocked Linear eedback Shift egisters (LSs), which are widely used in spreadspectrum systems The previously published reconstruction methods have been designed to work in the known plaintext attack scenario, ie without noise However, the influence of noise on the effectiveness of the clock control sequence reconstruction is decisive e present a clock control reconstruction procedure for the ciphertext only attack scenario The reconstruction is performed by a directed depth-first like search through the edit distance matrix The attack is effective even if the noise level is relatively high KEY ODS Telecommunications technology, Spread-spectrum, Cryptanalysis, Irregular clocking, Edit distance 1 Introduction The pseudo-random sequence generator, which contains a Linear eedback Shift egister (LS) whose clock control sequence is produced by a subgenerator of general type, is often used in spread-spectrum systems Its output sequence has good cryptographic characteristics (long period, high linear complexity, good statistical properties, etc) The general scheme of this type of generator is presented in the ig 1 igure 1 The general scheme of the generator However, if a sufficiently long prefix of the output sequence of such a generator is known, it is possible to reconstruct the initial state of the LS by means of a generalized correlation attack In [1] it was shown that, by making use of a special statistical model, it is possible to determine a set of candidate initial states of the LS, which could generate the intercepted output sequence This model employs the edit distance with the constraint on the maximum length of the runs of deletions Once the set of candidate initial states is known, the attack continues by determining the clock control sequence that, together with one of the candidate initial states of the LS, could generate the intercepted sequence Several approaches to the problem of clock control sequences reconstruction can be found in the literature irst, for every candidate, all the possible initial states of the subgenerator can be enumerated In [2], the inefficiency of such a method is overcome by using a probabilistic coding theory approach for the reconstruction of the clock control sequence in the shrinking generator In [3], the possibility of clock control sequence reconstruction by backtracking through the edit distance matrix was mentioned in the context of cryptanalysis of the alternating step generator In [4], a MAP decoding technique is used for reconstructing both candidate initial states of the clocked LS(s) and the clock control sequence All the previous methods have been developed for the known plaintext attack scenario, ie without noise However, in the process of clock control sequence reconstruction, the influence of noise on the effectiveness of the procedure is decisive In this paper, we develop a deterministic method of reconstruction of clock control sequences, in which the influence of noise is included by relating the noise level with the permitted weight deviation used in the search process A depth-first -like search through the constrained edit distance matrix associated with every candidate initial state is used The paths in this matrix that correspond to candidate clock control sequences are reconstructed By starting with the reconstruction of paths whose weight deviation from the optimum is 0 (the optimal paths - without noise) and by increasing this weight deviation according to the noise level (the suboptimal paths), we make our search a directed one 2 econstruction of candidate initial states The statistical model of the generator from the ig 1 is presented in the ig 2
2 %& & igure 2 The statistical model of the generator Let be the binary sequence produced by the shift register Let be a sequence of integers, named decimation sequence,, where is given in advance In the decimation process, the sequence is obtained in the following way: "! $# ')( *,+-/0,1,1,1 (1) In the statistical model, it 2 0 is supposed that is the realization of the sequence of independent and identically distributed (iid) random variables, with the probability $87! :9 "< 9, = >,? A@B The binary noise sequence,, is CD the realization of the sequence of random iid variables with the probability 354 CE +! GIH 1 J,?, where is the correlation parameter The cryptanalyst L- possesses K consecutive bits of the sequence, A which is the sum modulo 2 A@B of the decimated sequence and the noise sequence His/her task is to determine the initial state of the generator that produced the K L intercepted bits of the sequence The correlation attack described in [1] is based on the edit distance measure with the constraint on the maximum length of the runs of deletions This distance measure is defined as follows: Let M and N be two binary sequences of lengths O and K, respectively Let us consider the transformation of M into N using the elementary edit operations substitutions and deletions The constrained edit distance between M and N is defined as the minimum number of elementary edit operations needed to transform M into N, where the number of consecutive deletions is P Besides, the elementary edit operations are ordered in the sense that first the deletions are performed and the substitutions The edit distance defined above can be determined in an iterative way, by filling the matrix of partial constrained edit distances In the edit transformation, if represents the number of deletions and represents the number of substitutions, the edit distance between the prefix MTS <"U of the sequencem and the prefixn U of the sequencen is given by the following expression: VX BY Z6[ \] VX_^* 9 _^ + Y # 9 S # S <"U L U!_` ZaAb c^ Z6[ \ Od^eK ^ +! - 9 Z6[ \] - +-,1,1,1, K +-,1,1,1B Z6[ \) Of^gK (2) where S represents the elementary edit distance associated with a deletion (we assume that this value is constant), L! represents the elementary edit distance associated L with the substitution of the symbol by the symbol and is the maximum number of consecutive L! deletions rom now on, we shall assume that T8L iff Any permitted sequence of elementary edit operations can be represented jikmln! by means of a two dimensional edit se- over the alphabet,+-o quence h, where the empty symbol o is introduced in order to represent the deletions, i M andn is obtained by removing the empty symbols from l The length of the sequences i and l is O The edit sequence is constructed according to the following rules: ip 7! lk 7! 1 If both and are non-empty symbols, the substitution + ip 7! lk 7! of the symbol by takes place, O lk 7! 2 If is ip the 7! empty symbol, + the deletion of the symbol takes place, >O The first phase of the attack consists of the following steps [1]: +q The length O of the output sequence of the LS without decimation is estimated O depends on the maximum number of consecutive deletions The mathematical expectation of O is used or example, if + O sr Kst Next, the threshold u necessary for the classification of the initial states of should be determined or this to be carried out, the probability of false alarm 3 as well as the probability of missing the event 3cv are selected in advance The threshold is computed by checking + ta3v initial states, selected at random or each of them, the edit distance defined above between the output sequence generated by the actual initial state without decimation and the intercepted output sequence is calculated The threshold is selected to be greater than the maximum edit distance value obtained in this process -q or every possible initial state of, not used in the step + q, the constrained edit distance between its corresponding output sequence of length O and the intercepted sequence of length K is computed All the initial states that produce the output sequences from, whose edit distance is less than the threshold u, are included in the set of candidate initial states 3 Clock control sequence reconstruction The reconstruction of clock control sequences can be carried out by determining suboptimal paths over the edit distance matrix e call the optimal paths the paths through the edit VX distance matrix that at Ow^xK KxY y Let K be the length of the clock control sequence needed
3 to reconstruct the initial state of the subgenerator mentioned above The optimal paths pass through the cells VX y Y,1,1,1B VX y Y y in the column of the matrix V, where depends on the particular sequences If the noise level is, it is sufficient VX to reconstruct all the optimal paths that start at y Y,1,1,1B VX y Y But in the presence of noise, the clock control sequences corresponding to the optimal paths do not necessarily generate the captured output sequence Thus, apart from the optimal paths, we also need to reconstruct the suboptimal paths, whose weight-difference from the optimal ones does not overcome a discrepancy given in advance The value of depends on the noise level in the statistical model y e first need to determine the points in the column, through which the optimal paths that VX VX start at O^ K KxY pass To carry out this, every cell BY has, besides the value of the edit distance, four associated vectors: +q The vector of primary pointers VX + to the cells Y ^ + Y,1,1,1B VX Y *^ + Y VX from which it is possible to arrive to the cell BY with the minimum weight increment, # -q The vector of updated pointers VX + to the cells Y y Y,1,1,1 VX y Y y Y, through which it is possible to arrive to the y VX cell BY with the minimum weight increment, Z6[ \) Of^gK #8+- +p# y! r q The vector of pointers VX to the cells + Y + =^ Y,1,1,1B VX Y VX ^ + Y from which it is possible to arrive to the cell BY regardless of the weight increment, # q The vector of values of the edit distances corresponding to the elements of the vector The cardinality of this vector is also The actual values of y,, and depend on the concrete sequences V The matrix is filled by means of the algorithm, in which the equation (2) is implemented, together with the updating of the four vectors mentioned above The complete algorithm is given in the Appendix (Algorithm 1) The next step is reconstructing the candidate clock control sequences There are three sets of paths to be reconstructed The first one consists of optimal paths that start at the points VXOw^IK KxY 1 7 Y 7e +-,1,1,1B VX BY 1 y The second one consists of suboptimal paths, whose weight-difference from the optimal ones is, that start at VX O ^K KxY 1 7 Y 7 +-,1,1,1B VX BY 1 y The third set consists of suboptimal paths, whose weight-difference from the optimal ones is, that start at other points in the column y In order to determine the optimal and suboptimal paths that start at every initial point of any set, a special depth-first like search algorithm is devised In this algorithm, every branching point is processed by enumerating systematically all the paths that start in it In this search, a special kind of stack is used A reconstructed path is rejected if at some point its weight becomes greater than the optimal weight plus The complete algorithm is given in the Appendix (Algorithm 2) 4 The analysis of complexity The number V of optimal and permitted suboptimal paths in the matrix depends on the sequences M and N Nevertheless, it is possible to estimate the total number of paths (optimal and suboptimal) that pass through the VX y column y Every path between the elements Y and VX AY can be represented by a string of symbols from the alphabet V 9,1,1,1 VX, where represents the step in the matrix from the cell BY VX to the cell ^ + Y, 9 VX represents the step from the cell BY to the cell VXD^ +- 5^ + Y,, represents the step from the cell VX BY VX to the cell 6^x =^ + Y Let be the total number & of runs of deletions in the y edit transformation The length of every string is equal to, the sum of indexes of, y +-,1,1,1B, 7_ +-,1,1,1B in each string is equal to and the number of symbols in each string is equal to ^ It is obvious that, given, the number of strings is equal to The indexes of the symbols represent a partition of the integer, with constraints on the size of the parts ( ) In order to determine the number of paths, the value of is needed So the number of partitions of the integer should be determined with the additional constraint +-,1,1,1, that the number of parts must be equal to, Let m"! be the number of partitions of with the number of parts, where every part is The generating function associated with this problem is called the Gauss polynomial of degree k :!! % #" %$ m"! (3) ( [5]: Theorem 1 Let '&s Then the following holds!! + ^ #"!! + -" (see [5]) "<!B + ^ "<)( 9B!)* * * + + ^ ^!B + ^ +( 9!)* * * + ^ < 9,!! e should also have in mind that Obviously the number of partitions of the integer into exactly parts less than or equal to is: m"! * m"! ^ It can be proved [5] that: (4),!! #" *^ +-m"! (5) +q m"! g ^ +- m! ^/ -q Let 0!! #"! #" ^! T^ +! " Then 0!! #" ^ +-! #"
4 % The previous expressions give rise to the following result: Theorem 2 The total number of paths between VX y Y VX and AY, for the given, takes the following form: O ' 9! The equation (6) is the direct consequence of the application of the Theorem 1 and the posterior considerations It gives the number of paths corresponding to one starting point in the column y of the matrix V The behaviour of the value O y (6) is presented in the Table g y y 1 for different values of, assuming that t Table 1 - O for different values of ^ + O O t ^ +! , The total number of paths that pass through the column y depends on the sequencesm andn, as well as on The maximum number of points in the column y through which the paths can pass is given by the following expression: 8Z6[ \) Of^gK #8+- +p# y! Then the total number of paths that pass through the column y can be estimated to be (7) O O (8) where the maximum value of is equal to 5 Experimental results The number of paths necessary to find the clock control sequence should be as small as possible This number depends on Given a certain level of noise in the statistical model, the behaviour of the maximum value of, denoted by v, has been analysed experimentally The experiment has been carried out in the following way: 1000 initial states of a structure with two LSs are chosen at random In this structure one LS, 9, gen- erates the clock control sequence for the other, or each of them, the output sequence corrupted by the noise sequence generated at random is produced The noise level is the control variable of the experiment The set of candidates for the initial state of is determined Once the candidates have been obtained, for a fixed value of, the optimal and suboptimal paths are determined This process is repeated starting from and incrementing the value of until the clock control sequence generated by 9 is found The maximum value v obtained in this process is stored At the end of the experiment, the mean value v is calculated The dependence of v on for different values of y is depicted in the ig 3 ig 3 - Dependence of v on rom the ig 3 it can be concluded that: 1 or e, only the optimal paths that start in the column y of the edit distance matrix need to be reconstructed or relatively low levels of noise, the value 2 of v is small v depends approximately linearly on y 3 The dependence of v on is also approximately linear 6 Conclusion In this paper, a deterministic method of clock control sequence reconstruction in the presence of noise is described The method is applied in the cryptanalysis of a family of schemes containing irregularly clocked LSs, which are widely used in spread-spectrum systems The influence of noise on the clock control sequence reconstruction process is decisive because the level of noise affects significantly the effectiveness of the method Therefore, in our algorithm the influence of noise is taken into account by relating the noise level with the permitted deviation from the noiseless-case path weight The clock control reconstruction is performed by a directed depth-first like search through the edit distance matrix The search procedure maintains a special kind of stack, which is updated during the execution of the algorithm The maximum value of weight deviation necessary for the reconstruction of the actual clock control sequence depends on the noise level Experimental results show that the average number of paths that have to be reconstructed in order to find the true clock control sequence increases moderately with the noise level Acknowledgement This work was supported by Ministerio de Ciencia y Tecnología (Spain) under grant TIC
5 ? H eferences [1] J Golić and M Mihaljević, A Generalized Correlation Attack on a Class of Stream Ciphers Based on the Levenshtein Distance, Journal of Cryptology, Vol 3, No 3 (1991) [2] Chambers and J Golić, ast econstruction of Clock-Control Sequence, Electronics Letters, Vol 38, No 20 (2002) [3] J Golić and Menicocci, Edit Distance Correlation Attack on the Alternating Step Generator, Proceedings of CYPTO 97, LNCS 1294, Springer-Verlag, New York, 1997, pp [4] T Johansson, educed Complexity Correlation Attacks on Two Clock-Controlled Generators, Proceedings of ASIACYPT 98, LNCS 1514, Springer- Verlag, New York, 1998, pp [5] G Andrews, The Theory of Partitions, Addison- esley, eading, 1976 Appendix Algorithm 1 Input: Output: The sequences M and N of lengths O and K, respectively The length y of the clock control sequence necessary to reconstruct the initial state of the subgenerator that generates it The maximum length of runs of deletions The elementary distance S associated with the deletion of a symbol L The elementary edit distance Y associated with the L L substitution of the symbol by the symbol, V The matrix of edit distances with the vectors,, and associated with every cell comment Initialization VX BY 1 ^,,1,1,1B Of^gK,1,1,1B K The vectors,,, and associated with every cell VX BY are empty VX AY 1 ^ comment The row V of the matrix : for ^ + until K do VX BY 1 ^ + VX BY 1 ^ VX _^ + Y 1 # M BY N BY Y VX BY 1 + Y ^>, end comment Main loop for ^ + until K do for ^ + Z6[ \) until Of^gK p +! do Let be the minimum value of the expression VX ^* 9 ^ + Y 1 # 9 # M # BY N BY Y, (1) 9 ZaAb 7 X^ O ^ K -,1,1,1 Z6[ \] P^ Let be the number of values of 9 for which the expression (1) takes the value Then VX BY 1 ^ VX BY 1 ^ VX The vector BY 1 is filled with values of the expression =^8 + corresponding to the values 9 for which the expression (1) VX takes the value The vector BY 1 is filled with all the values (not necessarily the minimum ones) of the expression (1) end comment Determining updated pointers or y #8+, these pointers are not needed if g y #8+ for ^ Z6[ \) until Of^gK p VX BY 1 ^ VX BY 1 y #8+ else if VX or every element of BY 1,,1,1,1B Z6[ \) O ^ K VX the corresponding vector BY 1 of updated pointers is determined in the following way: the elements of VX VX VX BY 1 7 Y ]^ + Y ,1,1,1B VX, BY 1 are placed into BY 1, deleting the repeated ones end end, Algorithm 2: Input: The matrix V of edit distances, obtained by means of the Algorithm 1 The values of y, and Output: VX y All the paths that start at the point Y that belong to the corresponding set(s) mentioned above comment Initialization ^ ^ ^ comment Main loop y ^ do
6 H H ^ false comment This is the path overweight indicator while (! or >! ) and comment Detect a branching point VX if BY 1 +! and ( Y 1! ) ^ #8+ do comment Put, VX and BY on the Y 1 V ^ VX BY Y 1 ^> Y 1 ^8 end comment Process a branching point if Y 1! ^ false repeat Y 1 Y 1! or! Consider the possibility of branching from the current branching point to one of the possible successors, ie the point If this possibility is chosen, and after that only the branchings to the points that lead to the optimal subpaths are followed, the total weight of the chosen subpath is ^8 Y 1 V 1 and the total weight of the corresponding path is 7 ^ 7 jikml!"# Y 1 V 1 Y where is the function that jikmln! returns the weight of the path before the branching and is the prefix of the edit sequence of length comment 4A is the value of that corresponds to the previous path element if HE VX y Y 1 # 4A ^8 Y 1 V 1 Y 1 V 1 Y Y 1 V 1 ^8 Y 1 V 1 ^ + if Y 1 V 1 ^ ^ + 4A has been initialized from the 4A has not been initialized from ^ true until ( (all the successors have been examined) if end comment Process a non-branching point if ( and (not badpath) 4A has not been initialized from the ^ VX BY 1 VX BY 1 Y 7 ^ jikml!]# ) or ) if HE VX y Y 1 # 4A ^ VX BY 1 VX BY 1 Y ^ true end comment econstruct the current path if not if > ^ #8+ i Y ^>M # l,y Y ^N BY end 7 7 for ^ + until ^* 4A do ^ #8+ i Y ^>M # _^ 7 7 l Y Y ^ o end ^ if 4A ^8_^ + end end Store the obtained clock control sequence comment Back to the current branching point if > ^ ^g Y 1 _^g ^8 Y 1 ^8 Y 1 end until Y 1,
Deterministic Cryptanalysis of some Stream Ciphers
Deterministic Cryptanalysis of some Stream Ciphers P. Caballero-Gil 1, A. Fúster-Sabater 2 and C. Hernández-Goya 1 1 Faculty of Maths, D.E.I.O.C., University of La Laguna, 38271 Tenerife, Spain pcaballe@ull.es
More informationA NOISY CLOCK-CONTROLLED SHIFT REGISTER CRYPTANALYSIS CONCEPT BASED ON SEQUENCE COMPARISON APPROACH. Jovan Dj. Golic
OISY CLOCK-COTROLLED SHIFT REGISTER CRYPTLYSIS COCEPT BSED O SEQUECE COMPRISO PPROCH Wiodrag Jovan Dj. Golic J. Mihaljevic Institute of pplied Hathematics and Electronics. Belgrade Faculty of Electrical
More informationFast algorithm for generating ascending compositions
manuscript No. (will be inserted by the editor) Fast algorithm for generating ascending compositions Mircea Merca Received: date / Accepted: date Abstract In this paper we give a fast algorithm to generate
More informationA Connection between Network Coding and. Convolutional Codes
A Connection between Network Coding and 1 Convolutional Codes Christina Fragouli, Emina Soljanin christina.fragouli@epfl.ch, emina@lucent.com Abstract The min-cut, max-flow theorem states that a source
More informationCryptanalysis of ORYX
Cryptanalysis of ORYX D. Wagner 1, L. Simpson 2, E. Dawson 2, J. Kelsey 3, W. Millan 2, and B. Schneier 3 1 University of California, Berkeley daw@cs.berkeley.edu 2 Information Security Research Centre,
More informationStatistical Analysis of the Alleged RC4 Keystream Generator
Statistical Analysis of the Alleged RC4 Keystream Generator Scott R. Fluhrer and David A. McGrew Cisco Systems, Inc. 170 West Tasman Drive, San Jose, CA 95134 {sfluhrer, mcgrew}@cisco.com Abstract. The
More informationHill Cipher with Parallel Processing Involving Column, Row Shuffling, Permutation and Iteration on Plaintext and Key
International Journal of Computer Networks and Security, ISSN:25-6878, Vol.23, Issue.2 7 Hill Cipher with Parallel Processing Involving Column, Row Shuffling, Permutation and Iteration on Plaintext and
More informationISA 562: Information Security, Theory and Practice. Lecture 1
ISA 562: Information Security, Theory and Practice Lecture 1 1 Encryption schemes 1.1 The semantics of an encryption scheme. A symmetric key encryption scheme allows two parties that share a secret key
More informationStrict Key Avalanche Criterion
Strict Key Avalanche Criterion E Dawson, H Gustafson and A N Pettitt School of Mathematics and Information Security Research Centre Queensland University of Technology GPO Box 2434 Brisbane Qld 4001 Abstract.
More informationImproved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN
Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN Shahram Rasoolzadeh and Håvard Raddum Simula Research Laboratory {shahram,haavardr}@simula.no Abstract. We study multidimensional meet-in-the-middle
More informationChapter S:II. II. Search Space Representation
Chapter S:II II. Search Space Representation Systematic Search Encoding of Problems State-Space Representation Problem-Reduction Representation Choosing a Representation S:II-1 Search Space Representation
More informationA Chosen-Plaintext Linear Attack on DES
A Chosen-Plaintext Linear Attack on DES Lars R. Knudsen and John Erik Mathiassen Department of Informatics, University of Bergen, N-5020 Bergen, Norway {lars.knudsen,johnm}@ii.uib.no Abstract. In this
More informationError-Correcting Codes
Error-Correcting Codes Michael Mo 10770518 6 February 2016 Abstract An introduction to error-correcting codes will be given by discussing a class of error-correcting codes, called linear block codes. The
More informationEncryption using Venn-Diagrams and Graph
Encryption using Venn-Diagrams and Graph Parijit Kedia, Vellore Institute of Technology, Tamil Nadu, India Sumeet Agrawal, Vellore Institute of Technology, Tamil Nadu, India Abstract There are various
More informationImproved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN
Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN Shahram Rasoolzadeh and Håvard Raddum Simula Research Laboratory Abstract. We study multidimensional meet-in-the-middle attacks on the
More informationImproving the Discrimination Capability with an Adaptive Synthetic Discriminant Function Filter
Improving the Discrimination Capability with an Adaptive Synthetic Discriminant Function Filter 83 J. Ángel González-Fraga 1, Víctor H. Díaz-Ramírez 1, Vitaly Kober 1, and Josué Álvarez-Borrego 2 1 Department
More informationAn Efficient Algorithm for Computing Non-overlapping Inversion and Transposition Distance
An Efficient Algorithm for Computing Non-overlapping Inversion and Transposition Distance Toan Thang Ta, Cheng-Yao Lin and Chin Lung Lu Department of Computer Science National Tsing Hua University, Hsinchu
More informationOn the Security of Stream Cipher CryptMT v3
On the Security of Stream Cipher CryptMT v3 Haina Zhang 1, and Xiaoyun Wang 1,2 1 Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan 250100,
More informationALGORITHMIC DECIDABILITY OF COMPUTER PROGRAM-FUNCTIONS LANGUAGE PROPERTIES. Nikolay Kosovskiy
International Journal Information Theories and Applications, Vol. 20, Number 2, 2013 131 ALGORITHMIC DECIDABILITY OF COMPUTER PROGRAM-FUNCTIONS LANGUAGE PROPERTIES Nikolay Kosovskiy Abstract: A mathematical
More informationA Block Cipher Basing Upon a Revisit to the Feistel Approach and the Modular Arithmetic Inverse of a Key Matrix
IAENG International Journal of Computer Science, 32:4, IJCS_32_4_ A Block Cipher Basing Upon a Revisit to the Feistel Approach and the Modular Arithmetic Inverse of a Key Matrix S. Udaya Kumar V. U. K.
More information1. Introduction. 2. Motivation and Problem Definition. Volume 8 Issue 2, February Susmita Mohapatra
Pattern Recall Analysis of the Hopfield Neural Network with a Genetic Algorithm Susmita Mohapatra Department of Computer Science, Utkal University, India Abstract: This paper is focused on the implementation
More informationGraph Theory for Modelling a Survey Questionnaire Pierpaolo Massoli, ISTAT via Adolfo Ravà 150, Roma, Italy
Graph Theory for Modelling a Survey Questionnaire Pierpaolo Massoli, ISTAT via Adolfo Ravà 150, 00142 Roma, Italy e-mail: pimassol@istat.it 1. Introduction Questions can be usually asked following specific
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK MORE RANDOMNESS OF IMPROVED RC4 (IRC4) THAN ORIGINAL RC4 HEMANTA DEY 1, DR. UTTAM
More informationRandom Permutations, Random Sudoku Matrices and Randomized Algorithms
Random Permutations, Random Sudoku Matrices and Randomized Algorithms arxiv:1312.0192v1 [math.co] 1 Dec 2013 Krasimir Yordzhev Faculty of Mathematics and Natural Sciences South-West University, Blagoevgrad,
More informationOptimization of Bit Rate in Medical Image Compression
Optimization of Bit Rate in Medical Image Compression Dr.J.Subash Chandra Bose 1, Mrs.Yamini.J 2, P.Pushparaj 3, P.Naveenkumar 4, Arunkumar.M 5, J.Vinothkumar 6 Professor and Head, Department of CSE, Professional
More informationPattern Recognition Using Graph Theory
ISSN: 2278 0211 (Online) Pattern Recognition Using Graph Theory Aditya Doshi Department of Computer Science and Engineering, Vellore Institute of Technology, Vellore, India Manmohan Jangid Department of
More informationImage Encryption by Pixel Property Separation
Image Encryption by Pixel Property Separation Karthik Chandrashekar Iyer and Aravinda Subramanya 1 Abstract Pixels in an image are essentially constituted of two properties, position and colour. Pixel
More informationA New Attack with Side Channel Leakage during Exponent Recoding Computations
A New Attack with Side Channel Leakage during Exponent Recoding Computations Yasuyuki Sakai 1 and Kouichi Sakurai 2 1 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa 247-8501, Japan ysakai@iss.isl.melco.co.jp
More informationCryptosystems. Truong Tuan Anh CSE-HCMUT
Cryptosystems Truong Tuan Anh CSE-HCMUT anhtt@hcmut.edu.vn 2 In This Lecture Cryptography Cryptosystem: Definition Simple Cryptosystem Shift cipher Substitution cipher Affine cipher Cryptanalysis Cryptography
More informationCHAPTER 2. KEYED NON-SURJECTIVE FUNCTIONS IN STREAM CIPHERS54 All bytes in odd positions of the shift register are XORed and used as an index into a f
CHAPTER 2. KEYED NON-SURJECTIVE FUNCTIONS IN STREAM CIPHERS53 is 512. Λ This demonstrates the contribution to the security of RC4 made by the simple swapping of S table entries in the memory update function.
More informationDifferential Cryptanalysis of Madryga
Differential Cryptanalysis of Madryga Ken Shirriff Address: Sun Microsystems Labs, 2550 Garcia Ave., MS UMTV29-112, Mountain View, CA 94043. Ken.Shirriff@eng.sun.com Abstract: The Madryga encryption algorithm
More informationCUBE-TYPE ALGEBRAIC ATTACKS ON WIRELESS ENCRYPTION PROTOCOLS
CUBE-TYPE ALGEBRAIC ATTACKS ON WIRELESS ENCRYPTION PROTOCOLS George W. Dinolt, James Bret Michael, Nikolaos Petrakos, Pantelimon Stanica Short-range (Bluetooth) and to so extent medium-range (WiFi) wireless
More informationIN ORMATION THEORY TESTS BASED PER ORMANCE EVALUATION O CRYPTOGRAPHIC TECHNIQUES
International Journal of Information Technology and Knowledge Management July-December 2008, Volume 1, No. 2, pp. 475-483 IN ORMATION THEORY TESTS BASED PER ORMANCE EVALUATION O CRYPTOGRAPHIC TECHNIQUES
More informationPredicated Software Pipelining Technique for Loops with Conditions
Predicated Software Pipelining Technique for Loops with Conditions Dragan Milicev and Zoran Jovanovic University of Belgrade E-mail: emiliced@ubbg.etf.bg.ac.yu Abstract An effort to formalize the process
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 7 January 30, 2012 CPSC 467b, Lecture 7 1/44 Public-key cryptography RSA Factoring Assumption Computing with Big Numbers Fast Exponentiation
More informationTraining Digital Circuits with Hamming Clustering
IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS I: FUNDAMENTAL THEORY AND APPLICATIONS, VOL. 47, NO. 4, APRIL 2000 513 Training Digital Circuits with Hamming Clustering Marco Muselli, Member, IEEE, and Diego
More informationREDUCING GRAPH COLORING TO CLIQUE SEARCH
Asia Pacific Journal of Mathematics, Vol. 3, No. 1 (2016), 64-85 ISSN 2357-2205 REDUCING GRAPH COLORING TO CLIQUE SEARCH SÁNDOR SZABÓ AND BOGDÁN ZAVÁLNIJ Institute of Mathematics and Informatics, University
More informationInternational Journal for Research in Applied Science & Engineering Technology (IJRASET) Performance Comparison of Cryptanalysis Techniques over DES
Performance Comparison of Cryptanalysis Techniques over DES Anupam Kumar 1, Aman Kumar 2, Sahil Jain 3, P Kiranmai 4 1,2,3,4 Dept. of Computer Science, MAIT, GGSIP University, Delhi, INDIA Abstract--The
More informationLinear Cryptanalysis of Reduced Round Serpent
Linear Cryptanalysis of Reduced Round Serpent Eli Biham 1, Orr Dunkelman 1, and Nathan Keller 2 1 Computer Science Department, Technion Israel Institute of Technology, Haifa 32000, Israel, {biham,orrd}@cs.technion.ac.il,
More informationAN ALGORITHM USING WALSH TRANSFORMATION FOR COMPRESSING TYPESET DOCUMENTS Attila Fazekas and András Hajdu
AN ALGORITHM USING WALSH TRANSFORMATION FOR COMPRESSING TYPESET DOCUMENTS Attila Fazekas and András Hajdu fattila@math.klte.hu hajdua@math.klte.hu Lajos Kossuth University 4010, Debrecen PO Box 12, Hungary
More informationAn algorithm for Performance Analysis of Single-Source Acyclic graphs
An algorithm for Performance Analysis of Single-Source Acyclic graphs Gabriele Mencagli September 26, 2011 In this document we face with the problem of exploiting the performance analysis of acyclic graphs
More informationRecurrent Neural Network Models for improved (Pseudo) Random Number Generation in computer security applications
Recurrent Neural Network Models for improved (Pseudo) Random Number Generation in computer security applications D.A. Karras 1 and V. Zorkadis 2 1 University of Piraeus, Dept. of Business Administration,
More informationA Modified Playfair Encryption Using Fibonacci Numbers
A Modified Playfair Encryption Using Fibonacci Numbers Mohd Vasim Ahamad 1, Maria Masroor 2, Urooj Fatima 3 Aligarh Muslim University (India) ABSTRACT With the technology advancements and easy availability
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationA Meet in the Middle Attack on Reduced Round Kuznyechik
IEICE TRANS. FUNDAMENTALS, VOL.Exx??, NO.xx XXXX 200x 1 LETTER Special Section on Cryptography and Information Security A Meet in the Middle Attack on Reduced Round Kuznyechik Riham ALTAWY a), Member and
More informationDDS Dynamic Search Trees
DDS Dynamic Search Trees 1 Data structures l A data structure models some abstract object. It implements a number of operations on this object, which usually can be classified into l creation and deletion
More informationInformation Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay
Information Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay Lecture - 11 Coding Strategies and Introduction to Huffman Coding The Fundamental
More informationIntegral Cryptanalysis of the BSPN Block Cipher
Integral Cryptanalysis of the BSPN Block Cipher Howard Heys Department of Electrical and Computer Engineering Memorial University hheys@mun.ca Abstract In this paper, we investigate the application of
More informationMOST attention in the literature of network codes has
3862 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 56, NO. 8, AUGUST 2010 Efficient Network Code Design for Cyclic Networks Elona Erez, Member, IEEE, and Meir Feder, Fellow, IEEE Abstract This paper introduces
More informationOn Universal Cycles of Labeled Graphs
On Universal Cycles of Labeled Graphs Greg Brockman Harvard University Cambridge, MA 02138 United States brockman@hcs.harvard.edu Bill Kay University of South Carolina Columbia, SC 29208 United States
More informationFUTURE communication networks are expected to support
1146 IEEE/ACM TRANSACTIONS ON NETWORKING, VOL 13, NO 5, OCTOBER 2005 A Scalable Approach to the Partition of QoS Requirements in Unicast and Multicast Ariel Orda, Senior Member, IEEE, and Alexander Sprintson,
More information/ Approximation Algorithms Lecturer: Michael Dinitz Topic: Linear Programming Date: 2/24/15 Scribe: Runze Tang
600.469 / 600.669 Approximation Algorithms Lecturer: Michael Dinitz Topic: Linear Programming Date: 2/24/15 Scribe: Runze Tang 9.1 Linear Programming Suppose we are trying to approximate a minimization
More informationOn the Design of Secure Block Ciphers
On the Design of Secure Block Ciphers Howard M. Heys and Stafford E. Tavares Department of Electrical and Computer Engineering Queen s University Kingston, Ontario K7L 3N6 email: tavares@ee.queensu.ca
More information2.2 Set Operations. Introduction DEFINITION 1. EXAMPLE 1 The union of the sets {1, 3, 5} and {1, 2, 3} is the set {1, 2, 3, 5}; that is, EXAMPLE 2
2.2 Set Operations 127 2.2 Set Operations Introduction Two, or more, sets can be combined in many different ways. For instance, starting with the set of mathematics majors at your school and the set of
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 3 January 13, 2012 CPSC 467b, Lecture 3 1/36 Perfect secrecy Caesar cipher Loss of perfection Classical ciphers One-time pad Affine
More informationA Block Cipher using Feistal s Approach Involving Permutation and Mixing of the Plaintext and the Additive Inverse of Key Matrix
Journal of omputer Science 4 (): 7-4, 8 ISSN 549-3636 8 Science Publications A Block ipher using Feistal s Approach Involving Permutation and Mixing of the Plaintext and the Additive Inverse of Key Matrix
More informationTrees. 3. (Minimally Connected) G is connected and deleting any of its edges gives rise to a disconnected graph.
Trees 1 Introduction Trees are very special kind of (undirected) graphs. Formally speaking, a tree is a connected graph that is acyclic. 1 This definition has some drawbacks: given a graph it is not trivial
More informationThe problem of string or sequence classification addressed in this paper is the following.
BACKGROUND The problem of string or sequence classification addressed in this paper is the following. The input consists of an alphabet A, along with an input string or sequence X = x 1x 2.. x m and a
More informationEfficient subset and superset queries
Efficient subset and superset queries Iztok SAVNIK Faculty of Mathematics, Natural Sciences and Information Technologies, University of Primorska, Glagoljaška 8, 5000 Koper, Slovenia Abstract. The paper
More informationCryptography. Summer Term 2010
Cryptography Summer Term 2010 Harald Baier Chapter 3: Pseudo Random Bit Generators and Stream Ciphers Contents Random bits and pseudo random bits Stream ciphers Harald Baier Cryptography h_da, Summer Term
More informationChapter 5 VARIABLE-LENGTH CODING Information Theory Results (II)
Chapter 5 VARIABLE-LENGTH CODING ---- Information Theory Results (II) 1 Some Fundamental Results Coding an Information Source Consider an information source, represented by a source alphabet S. S = { s,
More informationGenerating (n,2) De Bruijn Sequences with Some Balance and Uniformity Properties. Abstract
Generating (n,) De Bruijn Sequences with Some Balance and Uniformity Properties Yi-Chih Hsieh, Han-Suk Sohn, and Dennis L. Bricker Department of Industrial Management, National Huwei Institute of Technology,
More information1. Draw the state graphs for the finite automata which accept sets of strings composed of zeros and ones which:
P R O B L E M S Finite Autom ata. Draw the state graphs for the finite automata which accept sets of strings composed of zeros and ones which: a) Are a multiple of three in length. b) End with the string
More informationThe Encoding Complexity of Network Coding
The Encoding Complexity of Network Coding Michael Langberg Alexander Sprintson Jehoshua Bruck California Institute of Technology Email: mikel,spalex,bruck @caltech.edu Abstract In the multicast network
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More informationDiscrete models of the NLFSR generators
Computer Applications in Electrical Engineering Discrete models of the NLFSR generators Janusz Walczak, Rafał Stępień Silesian Uniyersity of Technology 44-100 Gliwice, ul. Akademicka 10, e-mail: janusz.walczak@polsl.pl,
More informationCryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building
Cryptographic Techniques Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building Outline Data security Cryptography basics Cryptographic systems DES RSA C. H. HUANG IN CML 2 Cryptography
More informationOutput: For each size provided as input, a figure of that size is to appear, followed by a blank line.
Problem 1: Divisor Differences Develop a program that, given integers m and k satisfying m > k > 0, lists every pair of positive integers (i,j) such that j i = k and both i and j are divisors of m. Input:
More informationMethod for security monitoring and special filtering traffic mode in info communication systems
Method for security monitoring and special filtering traffic mode in info communication systems Sherzod Rajaboyevich Gulomov Provide Information Security department Tashkent University of Information Technologies
More informationApplication of the Computer Capacity to the Analysis of Processors Evolution. BORIS RYABKO 1 and ANTON RAKITSKIY 2 April 17, 2018
Application of the Computer Capacity to the Analysis of Processors Evolution BORIS RYABKO 1 and ANTON RAKITSKIY 2 April 17, 2018 arxiv:1705.07730v1 [cs.pf] 14 May 2017 Abstract The notion of computer capacity
More informationBiclique Attack of the Full ARIA-256
Biclique Attack of the Full ARIA-256 Shao-zhen Chen Tian-min Xu Zhengzhou Information Science and Technology Institute Zhengzhou 450002, China January 8, 202 Abstract In this paper, combining the biclique
More informationUnlabeled equivalence for matroids representable over finite fields
Unlabeled equivalence for matroids representable over finite fields November 16, 2012 S. R. Kingan Department of Mathematics Brooklyn College, City University of New York 2900 Bedford Avenue Brooklyn,
More informationA Note on Scheduling Parallel Unit Jobs on Hypercubes
A Note on Scheduling Parallel Unit Jobs on Hypercubes Ondřej Zajíček Abstract We study the problem of scheduling independent unit-time parallel jobs on hypercubes. A parallel job has to be scheduled between
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationCOMPUTER SCIENCE Paper 1
COMPUTER SCIENCE Paper 1 (THEORY) (Three hours) Maximum Marks: 70 (Candidates are allowed additional 15 minutes for only reading the paper. They must NOT start writing during this time) -----------------------------------------------------------------------------------------------------------------------
More informationarxiv:cs/ v2 [cs.cr] 27 Aug 2006
On the security of the Yen-Guo s domino signal encryption algorithm (DSEA) arxiv:cs/0501013v2 [cs.cr] 27 Aug 2006 Chengqing Li a, Shujun Li b, Der-Chyuan Lou c and Dan Zhang d a Department of Mathematics,
More informationAbstract Combinatorial Games
Abstract Combinatorial Games Arthur Holshouser 3600 Bullard St. Charlotte, NC, USA Harold Reiter Department of Mathematics, University of North Carolina Charlotte, Charlotte, NC 28223, USA hbreiter@email.uncc.edu
More informationMulti-Stage Fault Attacks
Multi-Stage Fault Attacks Applications to the Block Cipher PRINCE Philipp Jovanovic Department of Informatics and Mathematics University of Passau March 27, 2013 Outline 1. Motivation 2. The PRINCE Block
More informationS. Erfani, ECE Dept., University of Windsor Network Security. 2.3-Cipher Block Modes of operation
2.3-Cipher Block Modes of operation 2.3-1 Model of Conventional Cryptosystems The following figure, which is on the next page, illustrates the conventional encryption process. The original plaintext is
More informationIntroduction and Simulation of Modified Left Algorithms to Attribute Orthogonal Codes in 3 rd Generation Systems
J. Basic. Appl. Sci. Res., 1(12)2950-2959, 2011 2011, TextRoad Publication ISSN 2090-4304 Journal of Basic and Applied Scientific Research www.textroad.com Introduction and Simulation of Modified Left
More informationA New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4
IJSRD - International Journal for Scientific Research & Development Vol. 2, Issue 08, 2014 ISSN (online): 2321-0613 A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam
More informationLOW-DENSITY PARITY-CHECK (LDPC) codes [1] can
208 IEEE TRANSACTIONS ON MAGNETICS, VOL 42, NO 2, FEBRUARY 2006 Structured LDPC Codes for High-Density Recording: Large Girth and Low Error Floor J Lu and J M F Moura Department of Electrical and Computer
More informationS. Dasgupta, C.H. Papadimitriou, and U.V. Vazirani 165
S. Dasgupta, C.H. Papadimitriou, and U.V. Vazirani 165 5.22. You are given a graph G = (V, E) with positive edge weights, and a minimum spanning tree T = (V, E ) with respect to these weights; you may
More informationEFFICIENT ATTRIBUTE REDUCTION ALGORITHM
EFFICIENT ATTRIBUTE REDUCTION ALGORITHM Zhongzhi Shi, Shaohui Liu, Zheng Zheng Institute Of Computing Technology,Chinese Academy of Sciences, Beijing, China Abstract: Key words: Efficiency of algorithms
More informationCSCI 5454 Ramdomized Min Cut
CSCI 5454 Ramdomized Min Cut Sean Wiese, Ramya Nair April 8, 013 1 Randomized Minimum Cut A classic problem in computer science is finding the minimum cut of an undirected graph. If we are presented with
More informationAn Efficient Stream Cipher Using Variable Sizes of Key-Streams
An Efficient Stream Cipher Using Variable Sizes of Key-Streams Hui-Mei Chao, Chin-Ming Hsu Department of Electronic Engineering, Kao Yuan University, #1821 Jhongshan Rd., Lujhu Township, Kao-Hsiung County,
More informationFrom Static to Dynamic Routing: Efficient Transformations of Store-and-Forward Protocols
SIAM Journal on Computing to appear From Static to Dynamic Routing: Efficient Transformations of StoreandForward Protocols Christian Scheideler Berthold Vöcking Abstract We investigate how static storeandforward
More informationWorst-case Ethernet Network Latency for Shaped Sources
Worst-case Ethernet Network Latency for Shaped Sources Max Azarov, SMSC 7th October 2005 Contents For 802.3 ResE study group 1 Worst-case latency theorem 1 1.1 Assumptions.............................
More informationA Related Key Attack on the Feistel Type Block Ciphers
International Journal of Network Security, Vol.8, No.3, PP.221 226, May 2009 221 A Related Key Attack on the Feistel Type Block Ciphers Ali Bagherzandi 1,2, Mahmoud Salmasizadeh 2, and Javad Mohajeri 2
More informationA SIMPLIFIED IDEA ALGORITHM
A SIMPLIFIED IDEA ALGORITHM NICK HOFFMAN Abstract. In this paper, a simplified version of the International Data Encryption Algorithm (IDEA) is described. This simplified version, like simplified versions
More informationImproved Attack on Full-round Grain-128
Improved Attack on Full-round Grain-128 Ximing Fu 1, and Xiaoyun Wang 1,2,3,4, and Jiazhe Chen 5, and Marc Stevens 6, and Xiaoyang Dong 2 1 Department of Computer Science and Technology, Tsinghua University,
More informationFast Efficient Clustering Algorithm for Balanced Data
Vol. 5, No. 6, 214 Fast Efficient Clustering Algorithm for Balanced Data Adel A. Sewisy Faculty of Computer and Information, Assiut University M. H. Marghny Faculty of Computer and Information, Assiut
More informationLet denote the number of partitions of with at most parts each less than or equal to. By comparing the definitions of and it is clear that ( ) ( )
Calculating exact values of without using recurrence relations This note describes an algorithm for calculating exact values of, the number of partitions of into distinct positive integers each less than
More informationFuzzy C-means Clustering with Temporal-based Membership Function
Indian Journal of Science and Technology, Vol (S()), DOI:./ijst//viS/, December ISSN (Print) : - ISSN (Online) : - Fuzzy C-means Clustering with Temporal-based Membership Function Aseel Mousa * and Yuhanis
More informationOptimally-balanced Hash Tree Generation in Ad Hoc Networks
African Journal of Information and Communication Technology, Vol. 6, No., September Optimally-balanced Hash Tree Generation in Ad Hoc Networks V. R. Ghorpade, Y. V. Joshi and R. R. Manthalkar. Kolhapur
More informationFramework for Design of Dynamic Programming Algorithms
CSE 441T/541T Advanced Algorithms September 22, 2010 Framework for Design of Dynamic Programming Algorithms Dynamic programming algorithms for combinatorial optimization generalize the strategy we studied
More informationEncryption à la Mod Name
Rock Around the Clock Part Encryption à la Mod Let s call the integers,, 3,, 5, and the mod 7 encryption numbers and define a new mod 7 multiplication operation, denoted by, in the following manner: a
More informationImproving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude
Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude Paul C. van Oorschot and Michael J. Wiener Bell-Northern Research, P.O. Box 3511 Station C, Ottawa, Ontario, K1Y 4H7, Canada {paulv,wiener}@bnr.ca
More informationEE 595 (PMP) Introduction to Security and Privacy Homework 1 Solutions
EE 595 (PMP) Introduction to Security and Privacy Homework 1 Solutions Assigned: Tuesday, January 17, 2017, Due: Sunday, January 28, 2017 Instructor: Tamara Bonaci Department of Electrical Engineering
More informationL2. An Introduction to Classical Cryptosystems. Rocky K. C. Chang, 23 January 2015
L2. An Introduction to Classical Cryptosystems Rocky K. C. Chang, 23 January 2015 This and the next set of slides 2 Outline Components of a cryptosystem Some modular arithmetic Some classical ciphers Shift
More information