Symmetric Cryptosystems
------------------------------------------------------------------------
Block ciphers <#block> Block cipher Modes/ Paddings <#mode-padding>
Stream ciphers <#Stream>
Provable Security <#security> Design/ Cryptanalysis <#analysis>
Related Links/ Resources <#link>
------------------------------------------------------------------------
Block ciphers
* AES(Rijndael)
o The Rijndael Page
, Joan
Daemen, and Vincent Rijmen.
o AES Proposal: Rijndael (corrected version)
,
Joan Daemen, and Vincent Rijmen (local copy
<../../resource/crypto/algorithm/block/rijndael doc V2.pdf>).
o Annex to AES Proposal: Rijndael
,
Joan Daemen, and Vincent Rijmen (local copy
<../../resource/crypto/algorithm/block/PropCorr.pdf>).
o Rijndael Test Values
,
NIST.
o Attacking Seven Rounds of Rijndael under 192-bit and 256-bit
Keys
,
Stefan Lucks, Presented at the 3rd AES Candidate Conference
(local copy
<../../resource/crypto/algorithm/block/04-slucks.pdf>).
o A collision attack on 7 rounds of Rijndael
,
Henri Gilbert, and Marine Minier, Presented at the 3rd AES
Candidate Conference (local copy
<../../resource/crypto/algorithm/block/11-hgilbert.pdf>).
o Relationships among Differential, Truncated Differential,
Impossible Differential Cryptanalyses against Word-Oriented
Block Ciphers like Rijndael, E2
,
Makoto Sugita, Kazukuni Kobara, Kazuhiro Uehara, Shuji
Kubota, and Hideki Imai, Presented at the 3rd AES Candidate
Conference (local copy
<../../resource/crypto/algorithm/block/32-msugita.pdf>).
o Cryptanalysis of Reduced Variants of Rijndael
,
Eli Biham, and Nathan Keller, Presented at the 3rd AES
Candidate Conference (local copy
<../../resource/crypto/algorithm/block/35-ebiham.pdf>).
o Improved Cryptanalysis of Rijndael
,
Niels Ferguson, John Kelsey, Stefan Lucks, Bruce Schneier,
Mike Stay, David Wagner, and Doug Whiting, Proceedings of
FSE 2000 (local copy
<../../resource/crypto/algorithm/block/rijndael-fse00.ps>).
* Blowfish
o The Blowfish Encryption Algorithm page
, Bruce Schneier.
o Description of a New Variable-Length Key, 64-Bit Cipher
(Blowfish) ,
Bruce Schneier, Fast Software Encryption, LNCS 809,
pp.191-204. Springer-Verlag, 1994.
o Blowfish -- One Year Later
, Bruce Schneier,
Dr. Dobb's Journal, September 1995.
o Blowfish test vectors
, Eric Young.
o On the weak keys of Blowfish
, S.
Vaudenay, Fast Software Encryption, Third International
Workshop, LNCS 1008, pp. 286-297. Springer-Verlag, 1995
(local copy
<../../resource/crypto/algorithm/block/fse96Vaudenay.ps>).
* CAST-128 / CAST-256
o The CAST-128 Encryption Algorithm
, Carlisle Adams,
RFC 2144, May 1997.
o The CAST-256 Encryption Algorithm
, Carlisle Adams,
and Jeff Gilchrist, RFC 2612, June 1999.
o CAST-256 Test Values
,
NIST.
o An Analysis of the CAST-256 Cipher
, C.
Adams, H. Heys, S. Tavares, and M. Wiener, Proceedings of
IEEE Canadian Conference on Electrical and Computer
Engineering, 1999 (local copy
<../../resource/crypto/algorithm/block/cast256.ps>).
o [Patent] Carlisle Adams
Symmetric cryptographic system for data encryption, U.S.
Patent 5,511,123, filed August 4 1994, issued April 23 1996.
* CRYPTON
o CRYPTON : A new 128-bit block cipher
.
o Specification and Analysis of CRYPTON Version 1.0
,
Chae Hoon Lim, June 1999.
o CRYPTON v1.0 Test Values
<../../resource/research/source-code/crypton_src.ZIP>,
Future Systems, Inc.
* DES / 3DES(DESede)
o Data Encryption Standard
, NIST FIPS
PUB 46-2 (supercedes FIPS PUB 46-1), U.S. Department of
Commerce, December 1993.
o Data Encryption Standard
, NIST DRAFT
FIPS PUB 46-3, U.S. Department of Commerce, 1999.
o Section 7.4 DES
, A.
Menezes, P.C. van Oorschot, amd S.A. Vanstone, Handbook of
Applied Cryptography, CRC Press, 1997 (local copy
<../../resource/crypto/algorithm/block/chap7.pdf>).
o Triple DES Test Vectors
,
NIST.
o A Known-Plaintext Attack on Two-Key Triple Encryption
,
Paul van Oorshot, and Michael Wiener, Advances in Cryptology
- EUROCRYPT '90 Proceedings, LNCS 473, pp. 318-325.
Springer-Verlag, 1991 (local copy
<../../resource/crypto/algorithm/block/ec90Oorshot.PDF>).
o Differential Cryptanalysis of the Full 16-Round DES
,
E. Biham, and A. Shamir, CS 708, Proceedings of Crypto '92,
LNCS 740, December 1991 (local copy
<../../resource/crypto/algorithm/block/CS0708.ps>).
o Linear cryptanalysis method for DES cipher
,
M. Matsui, Advances in Cryptology - EUROCRYPT '93
Proceedings, LNCS 765, pp. 386-397. Springer-Verlag, 1994
(local copy
<../../resource/crypto/algorithm/block/ec93Matsui.PDF>).
o New potentially weak keys for DES and LOKI
,
Lars Knudsen, Advances in Cryptology - EUROCRYPT '94
Proceedings, LNCS 950, pp. 419-424. Springer Verlag, 1995
(local copy
<../../resource/crypto/algorithm/block/ec94Knudsen.ps>).
o An Improvement of Davies' Attack on DES
,
E. Biham, and A. Biryukov, CS 817, EUROCRYPT '94
Proceedings, LNCS 950, Springer Verlag, 1995, and Journal of
Cryptology, Vol. 10, No. 3, pp. 195-206, 1997 (local copy
<../../resource/crypto/algorithm/block/ec94Biham.ps>).
o Attacking Triple Encryption
,
Stefan Lucks, Fast Software Encryption '98, LNCS 1372,
Springer-Verlag, 1998 (local copy
<../../resource/crypto/algorithm/block/fse98Lucks.pdf>).
* DESX
o How to protect DES against exhaustive key search
, Joe
Kilian, and Phillip Rogaway, Earlier version in Advances in
Cryptology - Crypto '96, LNCS 1109, pp. 252-267.
Springer-Verlag, 1996 (local copy
<../../resource/crypto/algorithm/block/cr96Kilian.ps>).
o Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X,
NewDES, RC2, and TEA
,
J. Kelsey, B. Schneier, and D. Wagner, ICICS '97
Proceedings, Springer-Verlag, November 1997 (local copy
<../../resource/crypto/algorithm/block/ICICS97Kelsey.pdf>).
* IDEA
o The IDEA Algorithm page
.
o Section 7.6 IDEA
, A.
Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of
Applied Cryptography, CRC Press, 1997 (local copy
<../../resource/crypto/algorithm/block/chap7.pdf>).
o IDEA C Source Code and Test Data (corrected version, May
1999) , Ascom
Systec, Ltd.
o On the design and security of block ciphers, X. Lai, ETH
Series in Information Processing, Vol. 1, Hartung-Gorre
Verlag, Konstanz Technische Hochschule (Zurich), 1992.
o Markov Ciphers and Differential Cryptanalysis
, X. Lai, J.L.
Massey, and S. Murphy, Advances in Cryptology - EUROCRYPT
'91, LNCS 547, pp. 17-38. Springer-Verlag, 1991 (local copy
<../../resource/crypto/algorithm/block/mc_dc.PDF>).
o Weak Keys of IDEA
,
Joan Daemen, Rene Govaerts, and Joos Vandewalle, Advances in
Cryptology - CRYPTO '93 Proceedings, LNCS 773, pp. 224-231.
Springer-Verlag, 1994 (local copy
<../../resource/crypto/algorithm/block/t.ps>).
o Cryptanalysis of 2.5 Rounds of IDEA
,
Joan Daemen, Rene Govaerts, and Joos Vandewalle, ESAT-COSIC
Technical Report 93/1, 1993 (local copy
<../../resource/crypto/algorithm/block/idea2.ps>).
o Two attacks on reduced IDEA
,
J. Borst, L. Knudsen, and V. Rijmen, Advances in Cryptology
- EUROCRYPT '97 Proceedings, LNCS 1233, pp. 1-13.
Springer-Verlag, 1997 (local copy
<../../resource/crypto/algorithm/block/tekst.ps>).
o Truncated Differentials of IDEA
,
L. Knudsen, and V. Rijmen, ESAT-COSIC Technical Report 97-1.
o Side Channel Cryptanalysis of Product Ciphers
, J. Kelsey,
B. Schneier, D. Wagner, and C. Hall, ESORICS '98 Proceedings
pp. 97-110, Springer-Verlag, September 1998 (local copy
<../../resource/crypto/algorithm/block/side-channel2.pdf>).
o Side Channel Attack Hardening of the IDEA(TM) Cipher
,
Ascom Systec White Paper (corrected version, May 1999)
o [Patent] .
* MARS
o MARS - A candidate cipher for AES," (corrected version)
, Carolynn
Burwick, Don Coppersmith, Edward D'Avignon, Rosario Gennaro,
Shai Halevi, Charanjit Jutla, Stephen M. Matyas Jr., Luke
O'Connor, Mohammad Peyravian, David Safford, and Nevenko
Zunicof. [Note that the key schedule described here is for
the initial version of MARS submitted as a first round AES
candidate.]
o Modification for MARS
,
Shai Halevi.
o MARS-2 Test Vectors
, IBM
Corporation.
o On Differential Properties of Data-Dependent Rotations and
Their Use in MARS and RC6
,
Scott Contini, and Yiqun Lisa Yin, Presented at the 2nd AES
Conference. (local copy
<../../resource/crypto/algorithm/block/contini.pdf>).
o MARS Attacks! Preliminary Cryptanalysis of Reduced-Round
MARS Variants
, John Kelsey,
and Bruce Schneier, Presented at the 3rd AES Candidate
Conference. (local copy
<../../resource/crypto/algorithm/block/mars-attacks.pdf>).
o Impossible Differential on 8-Round MARS' Core
,
Eli Biham, and Vladimir Furman, March 15, 2000. Presented at
the 3rd AES Candidate Conference (local copy
<../../resource/crypto/algorithm/block/07-ebiham.pdf>).
o The Complete Distribution of Linear Probabilities of MARS'
s-box , Kazumaro Aoki
(local copy <../../resource/crypto/algorithm/block/033.pdf>).
o [Patent]
[need patent title and date] U.S. Patent Application: IBM
application CR998021.
* RC2
o A Description of the RC2(r) Encryption Algorithm
, Ron Rivest, RFC
2268, March 1998.
o On the design and security of RC2
, L.R.
Knudsen, V. Rijmen, R.L. Rivest, and M.J.B. Robshaw, Fast
Software Encryption, LNCS 1372, pp. 206-221.
Springer-Verlag, 1998 (local copy
<../../resource/crypto/algorithm/block/fse98rc2.ps>).
o Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X,
NewDES, RC2, and TEA
,
J. Kelsey, B. Schneier, and D. Wagner, ICICS '97
Proceedings, Springer-Verlag, November 1997 (local copy
<../../resource/crypto/algorithm/block/ICICS97Kelsey.pdf>).
* RC5
o The RC5 Encryption Algorithm
(revised 20
March 1997), Ron Rivest (local copy
<../../resource/crypto/algorithm/block/rc5rev.ps>).
o The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms
, Ron Rivest, RFC
2040, October 1996.
o Section 7.7.2 RC5
, A.
Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of
Applied Cryptography, CRC Press, 1997 (local copy
<../../resource/crypto/algorithm/block/chap7.pdf>).
o On Differential and Linear Cryptanalysis of the RC5
Encryption Algorithm, B.S. Kaliski, and Y.L. Yin, Advances
in Cryptology - CRYPTO '95, pp. 171-184. Springer-Verlag,
1995. (local copy
<../../resource/crypto/algorithm/block/cr95_rc5.PDF>).
o Improved differential attack on RC5
,
Lars Knudsen, and W. Meier, Advances in Cryptology - Crypto
'96 Proceedings, LNCS 1109, pp. 216-228. Springer-Verlag,
1996 (local copy
<../../resource/crypto/algorithm/block/rc5.ps>).
o Linearly Weak Keys of RC5
, H.
Heys, IEE Electronics Letters, vol. 33, no. 10, pp. 836-838,
1997 (local copy
<../../resource/crypto/algorithm/block/rc5_letter.ps>).
o Improved Cryptanalysis of RC5
, A.
Biryukov, and E. Kushilevitz, Advances in Cryptology -
EuroCrypt '98 (local copy
<../../resource/crypto/algorithm/block/alex.ps>).
o A Timing Attack on RC5
, H.
Heys, Workshop on Selected Areas in Cryptography - SAC '98,
Queen's University, Kingston, Ontario, Aug. 1998 (local copy
<../../resource/crypto/algorithm/block/rc5_timing.ps>). To
be published by Springer-Verlag.
o A Timing Attack on RC5
,
Helena Handschuh, Gemplus' Corporate Product R&D Division:
Technical Report SC02-1998 (local copy
<../../resource/crypto/algorithm/block/sc02.pdf>).
o On the Security of the RC5 Encryption Algorithm
,
B.S. Kaliski Jr., and Y.L. Yin, RSA Laboratories Technical
Report TR-602, 1998 (local copy
<../../resource/crypto/algorithm/block/rc5-report1.pdf>).
o Correlation Attack to the Block Cipher RC5 and the
Simplified Variants of RC6
,
Takeshi Shimoyama, Kiyofumi Takeuchi, and Juri Hayakawa,
Presented at the 3rd AES Candidate Conference (local copy
<../../resource/crypto/algorithm/block/36-tshimoyama.pdf>).
o [Patent] RSA Data Security (assignee)
"Block Encryption Algorithm with Data-Dependent Rotations,"
U.S. Patent 5,724,428, filed November 1 1995, issued March 3
1998.
"Block Encryption Algorithm with Data-Dependent Rotations,"
U.S. Patent 5,835,600, filed April 21 1997, issued November
10 1998.
* RC6
o The RC6 Block Cipher
, Ron Rivest,
M.J.B. Robshaw, R. Sidney, and Y.L. Yin (local copy
<../../resource/crypto/algorithm/block/rc6.pdf>).
o Further notes on RC6
, Ron Rivest.
o RC6 Test Values
,
NIST.
o On Differential Properties of Data-Dependent Rotations and
Their Use in MARS and RC6
,
Scott Contini, and Yiqun Lisa Yin, Presented at the 2nd AES
Conference (local copy
<../../resource/crypto/algorithm/block/contini.pdf>).
o A note regarding the hash function use of MARS and RC6
, Markku-Juhani
Saarinen (local copy
<../../resource/crypto/algorithm/block/sshnote.pdf>).
o Correlations in RC6
, Willi Meier,
and Lars Knudsen, July 29, 1999 (local copy
<../../resource/crypto/algorithm/block/rc6.ps>).
o Correlation Attack to the Block Cipher RC5 and the
Simplified Variants of RC6
,
Takeshi Shimoyama, Kiyofumi Takeuchi, and Juri Hayakawa,
Presented at the 3rd AES Candidate Conference (local copy
<../../resource/crypto/algorithm/block/36-tshimoyama.pdf>).
o [Patent] RSA Data Security (assignee)
"Block Encryption Algorithm with Data-Dependent Rotations,"
U.S. Patent 5,724,428, filed November 1 1995, issued March 3
1998.
"Block Encryption Algorithm with Data-Dependent Rotations,"
U.S. Patent 5,835,600, filed April 21 1997, issued November
10 1998.
"Enhanced Block Encryption Algorithm with Data-Dependent
Rotations," U.S. Patent Application 09/094,649. Filed June
15, 1998.
* SAFER-K / SAFER-SK
o SAFER K-64: A Byte-Oriented Block Ciphering Algorithm
, Massey, J.
L., Fast Software Encryption, Proceedings of the Cambridge
Security Workshop, Cambridge, U.K., December 9-11, 1993, pp.
1-17. LNCS 809, Springer, 1994.
o SAFER K-64: One Year Later, Massey, J. L., Fast Software
Encryption: Second International Workshop, LNCS 1008, pp.
212-241, Leuven, Belgium, 14-16 December 1994.
Springer-Verlag, 1995.
o Section 7.7.1 SAFER
, A.
Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of
Applied Cryptography, CRC Press, 1997 (local copy
<../../resource/crypto/algorithm/block/chap7.pdf>).
o Announcement of a Strengthened Key Schedule for the Cipher
SAFER, Massey, J. L., September 9, 1995, (see file
'SAFER_SK.TXT' included in the SAFER toolkit, below).
o A Key-Schedule Weakness in SAFER K-64
,
Lars Knudsen, Advances in Cryptology - Crypto '95
Proceedings, LNCS 963, Springer-Verlag, 1995 (local copy
<../../resource/crypto/algorithm/block/saferkey.ps>).
(appendix with corrections
).
o A Generalization of Linear Cryptanalysis Applied to SAFER
, C. Harpes,
Internal report, Signal and Information Processing Lab.,
Swiss Federal Institute of Technology, Zurich, March 9, 1995
(local copy
<../../resource/crypto/algorithm/block/GLCsafer.ps>).
o Truncated differentials of SAFER
,
Lars Knudsen, and T.A. Berson, Fast Software Encryption,
LNCS 1039, pp. 15-26. Springer-Verlag, 1996 (local copy
<../../resource/crypto/algorithm/block/trunc_dif_saf.ps>).
* SEED
o 128-bit SEED
, KISA,
1998.12 (local copy
<../../resource/crypto/algorithm/block/128-seed.pdf>).
o TTA.KO-12.0004: 128
,
1999.
* Serpent
o Serpent home page
, Ross
Anderson, (source code in C, Python and Ada).
o Serpent page at Technion University
, Eli
Biham.
o Serpent: A Proposal for the Advanced Encryption Standard
, Ross
Anderson, Eli Biham, and Lars Knudsen (local copy
<../../resource/crypto/algorithm/block/serpent.pdf>).
o Serpent Test Values
,
NIST.
o An Analysis of Serpent-p and Serpent-p-ns
,
Orr Dunkelman, 2nd AES Conference, February 1999 (local copy
<../../resource/crypto/algorithm/block/dunkelman.pdf>).
o Speeding up Serpent
,
Dag Arne Osvik, March 13, 2000. Presented at the 3nd AES
Candidate Conference (local copy
<../../resource/crypto/algorithm/block/26-daosvik.pdf>).
o Preliminary Cryptanalysis of Reduced-Round Serpent
, T. Kohno,
John Kelsey, and Bruce Schneier, Third AES Candidate
Conference, 2000.
o [Patent] Ross Anderson, Eli Biham, Lars Knudsen
"Fast Block Cipher," U.K. Patent Application 9722798.9.
Filed October 30, 1997.
* Skipjack
o SKIPJACK and KEA Specifications,
,
NIST, May 1998 (local copy
<../../resource/crypto/algorithm/block/skipjack.pdf>).
o Observations on the SkipJack Encryption Algorithm
maintained by Eli Biham, Alex Biryukov, Orr Dunkelman, Eran
Richardson, and Adi Shamir.
o Initial Observations on Skipjack: Cryptanalysis of
Skipjack-3XOR
,
E. Biham, A. Biryukov, O. Dunkelman, E. Richardson, and A.
Shamir, Proceedings of SAC'98 (local copy
<../../resource/crypto/algorithm/block/CS0946[1].ps>).
o Truncated differentials and Skipjack
,
Lars R. Knudsen, M.J.B. Robshaw, and David Wagner,
Proceedings of CRYPTO '99 (local copy
<../../resource/crypto/algorithm/block/skipjack-crypto99.ps>).
* Square
o The Square Page
, Joan
Daemen, Lars Knudsen, and Vincent Rijmen.
o The Block Cipher Square
,
Joan Daemen, Lars Knudsen, and Vincent Rijmen, Fast Software
Encryption, LNCS 1267, pp. 149-165. Springer-Verlag, 1997
(local copy
<../../resource/crypto/algorithm/block/VR-9700.ps>).
o Validation data set for Square v1.0
,
Paulo Barreto.
* Twofish
o The Twofish: A New Block Cipher Page
, Bruce Schneier,
John Kelsey, Doug Whiting, David Wagner, Chris Hall, and
Niels Ferguson.
o Twofish: A 128-bit Block Cipher
, Bruce
Schneier, John Kelsey, Doug Whiting, David Wagner, Chris
Hall, and Niels Ferguson, 15 June 1998. Presented at the 1st
AES Conference.
o Twofish Test Values
,
NIST.
o On the Twofish Key Schedule
, Bruce
Schneier, John Kelsey, Doug Whiting, David Wagner, Chris
Hall, and Niels Ferguson, Twofish Technical Report #3, Fifth
Annual Workshop on Selected Areas in Cryptography, Springer
Verlag, August 1998.
o An Observation on the Key Schedule of Twofish
,
Fauzan Mirza, and Sean Murphy, Presented at the 2nd AES
Conference (local copy
<../../resource/crypto/algorithm/block/mirza.pdf>).
o The Saturation Attack - a Bait for Twofish
, Stefan Lucks.
Top <#top>
------------------------------------------------------------------------
Block cipher Modes and Paddings
* ECB/CBC/CFB/OFB mode
o DES Modes of Operation
, NIST FIPS
PUB 81, U.S. Department of Commerce, December 1980.
o Part 5: Product Ciphers
(5.14),
sci.crypt FAQ.
* ECB mode
* CBC mode
* CFB mode
o Cryptanalysis of the CFB mode of the DES with a reduced
number of rounds
,
B. Preneel, M. Nuttin, V. Rijmen, and J. Buelens, Advances
in Cryptology, Proceedings Crypto'93, LNCS 773 ,
Springer-Verlag, 1994, pp. 212-223 (local copy
<../../resource/crypto/algorithm/block/VR-9300.ps>).
* OFB mode
o Analysis of Certain Aspects of Output Feedback Mode
,
Robert R. Jueneman, Advances in Cryptology - Crypto '82
Proceedings, Plenum Press, 1982, pp. 99-127 (local copy
<../../resource/crypto/algorithm/block/cr82Jueneman.pdf>).
o The average cycle size of the key stream in output feedback
encipherment, D.W. Davies, and G.I.P. Parkin, Cryptography,
Proceedings of the Workshop on Cryptography,
Burg-Feuerstein, Germany, March 29-April 2, 1982,
Springer-Verlag, 1983, pp. 263-279. Also in Advances in
Cryptology - Crypto '82 Proceedings, Plenum Press, 1983, pp.
97-98 (local copy(Abstract)
<../../resource/crypto/algorithm/block/cr82Davies.pdf>).
* Counter mode
o A Note on NSA's Dual Counter Mode of Encryption
,
Pompiliu Donescu, Virgil D. Gligor, and David Wagner,
Preliminary version, August 5, 2001. (local copy
<../../resource/crypto/algorithm/block/dcm-prelim.ps>).
o Comments to NIST Concerning AES-modes of Operations:
CTR-mode Encryption
, Helger
Lipmaa, Phillip Rogaway and David Wagner, Comments to NIST
Concerning AES-modes of Operations: CTR-mode Encryption. In
Symmetric Key Block Cipher Modes of Operation Workshop,
Baltimore, Maryland, US, 2000,10 (local copy
<../../resource/crypto/algorithm/block/ctr.pdf>).
o Section 9.9 Counter Mode, Bruce Schneier, Applied
Cryptography, Second Edition, John Wiley & Sons, 1996.
* AONT(All-or-nothing transform)
o On Perfect and Adaptive Security in Exposure-Resilient
Cryptography
, Yevgeniy
Dodis, Amit Sahai and Adam Smith, Proc. of Eurocrypt'2001,
Springer-Verlag, LNCS 2045, pp.301-324, 2001 (local copy
<../../resource/crypto/algorithm/block/colorings.ps>).
o The Security of All-Or-Nothing Encryption: Protecting
Against Exhaustive Key Search
,
A. Desai, Full paper of Crypto'2000 Proceedings,
Springer-Verlag, LNCS 1880, pp.359-375, 2000 (local copy
<../../resource/crypto/algorithm/block/aone.ps>)
o Exposure-Resilient Functions and All-Or-Nothing Transforms
, Ran
Canetti, Yevgeniy Dodis, Shaih Halevi, Eyal Kushilevitz and
Amit Sahai, Proc. of Eurocrypt'2000, Springer-Verlag, LNCS
1807, pp.453-470, 2000 (local copy
<../../resource/crypto/algorithm/block/erf-aont.ps>)
o On the Security Properties of OAEP as an All-or-nothing
Transform
,
Victor Boyko, Full paper of Crypto'99 Proceedings,
Springer-Verlag, LNCS 1666, pp.503-518, 1999 (local copy
<../../resource/crypto/algorithm/block/aont-oaep.ps>)
o Something About All or Nothing (Transforms)
, Doug
Stinson, Short Notes, 1999 (local copy
<../../resource/crypto/algorithm/block/aon.ps>).
o All-or-nothing encryption and the package transform
, R.
Rivest, Proc. of FSE'97, Springer-Verlag, LNCS 1267,
pp.210-218, 1997 (local copy
<../../resource/crypto/algorithm/block/aont.ps>).
* PKCS Padding
o PKCS #7: Cryptographic Message Syntax Standard
,
RSA Security.
o PKCS #5: Password-Based Encryption Standard
,
RSA Security.
* OneAndZeroes
* CTS
o The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms
, Ron Rivest, RFC
2040, October 1996. (The "RC5-CTS" mode is equivalent to
RC5/CBC/CTS; this gives a source of test vectors, at least
for one cipher.)
* NoPadding
Top <#top>
------------------------------------------------------------------------
Stream ciphers
* RC4
o RC4 page
o The Algorithm (Stream Cipher) RC4 (ARC-4)
by Albert.
o A Class of Weak Keys in the RC4 Stream Cipher
, Andrew
Roos, Preliminary draft, November 1997.
o Using the Fluhrer, Mantin, and Shamir Attack to Break WEP
, Adam
Stubblefield, John Ioannidis, Aviel D. Rubin, Technical
report AT&T, August 06, 2001. (local copy
<../../resource/hot-topic/wlan/wep_attack.pdf>)
o Weaknesses in the key scheduling algorithm of RC4
,
S. Fluhrer,I. Mantin, A. Shamir, Eighth Annual Workshop on
Selected Areas in Cryptography(SAC), August 2001. (local
copy <../../resource/crypto/algorithm/block/rc4_ksaproc.pdf>)
o A Practical Attack on Broadcast RC4
,
Mantin and Shamir, FSE 2001. (local copy
<../../resource/crypto/algorithm/block/bc_rc4.ps>)
o Statistical Analysis of the Alleged RC4 Key stream Generator
,
Fluhrer and McGrew, FSE 2000. (local copy
<../../resource/crypto/algorithm/block/FluhrerMcgrew.pdf>)
o Analysis Methods for (Alleged) RC4
,
Knudsen, Meier, Preneel, Rijmen and Verdoolaege, ASIACRYPT
1998. (local copy
<../../resource/crypto/algorithm/block/Knudsen.ps>)
o Linear Statistical Weakness of Alleged RC4 Key stream
Generator
,
Golic, EUROCRYPT 1997. (local copy
<../../resource/crypto/algorithm/block/Golic.pdf>)
* SEAL
o A Software-Optimized Encryption Algorithm
,
(revised September 1997), P. Rogaway, and D. Coppersmith
(local copy <../../resource/crypto/algorithm/block/seal.ps>).
o Section 6.4.1 SEAL
, A.
Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of
Applied Cryptography, CRC Press, 1997 (local copy
<../../resource/crypto/algorithm/block/chap6.pdf>).
o X2 [chi-squared] Cryptanalysis of the SEAL Encryption
Algorithm
,
H. Handschuh, and H. Gilbert, Fast Software Encryption -
FSE4, LNCS 1267, pp. 1-12, 1997 (local copy
<../../resource/crypto/algorithm/block/fse97handschuh.ps>).
o [Patent] P. Rogaway, D. Coppersmith
"Software-efficient pseudorandom function and the use
thereof for encryption," U.S. Patent 5,454,039, filed
December 6 1993, issued September 26 1995.
"Software-efficient pseudorandom function and the use
thereof for encryption," U.S. Patent 5,675,652, filed June 7
1995, issued October 7 1997.
Top <#top>
------------------------------------------------------------------------
Provable Security of Symmetric Cryptosystem
* Notions of Security
o A Concrete Security Treatment of Symmetric Encryption:
Analysis of the DES Modes of Operation
,
M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, Full paper
of 38th Annual Symposium on Foundations of Computer Science
Proceedings, IEEE, 1997 (local copy
<../../resource/crypto/algorithm/block/sym-enc.ps>).
o Complete Characterization of Security Notions for
Probabilistic Private-Key Encryption, J. Katz and M. Yung,
Proc. of STOC'2000, pp.245-254, ACM, 2000.
* Construction
o New Paradigms for Constructing Symmetric Encryption Schemes
Secure Against Chosen-Ciphertext Attack
, Anand
Desai, Full paper of Crypto'2000 Proceedings,
Springer-Verlag, LNCS 1880, pp.394-412, 2000 (local copy
<../../resource/crypto/algorithm/block/secca.ps>).
o Unforgeable Encryption and Adaptively Secure Modes of
Operation, K. Katz and M. Yung, Proc. of FSE'00,
Springer-Verlag, LNCS 1978, pp.284-299, 2000
o Authenticated Encryption: Relations among notions and
analysis of the generic composition paradigm
, M.
Bellare and C. Namprempre, Full paper of Asiacrypt'2000
Proceedings, Springer-Verlag, LNCS 1976, pp.531-545, 2000
(local copy <../../resource/crypto/algorithm/block/oem.ps>).
o Encode-then-encipher encryption: How to exploit nonces or
redundancy in plaintexts for efficient cryptography
,
M. Bellare and P. Rogaway, Proc. of Asiscrypt'2000,
Springer-Verlag, LNCS 1976, pp.317-330, 2000 (local copy
<../../resource/crypto/algorithm/block/encode.ps>).
o The Security of Chaffing and Winnowing
, M.
Bellare and A. Boldyreva, Full paper of Asiacrypt'2000
Proceedings, Springer-Verlag, LNCS 1976, pp.517-530, 2000
(local copy <../../resource/crypto/algorithm/block/cw.ps>).
o Chaffing and winnowing: Confidentiality without encryption
, R.
Rivest, CryptoBytes of RSA Laboratories, vol.4(1):12-17,
1998,summer (local copy
<../../resource/crypto/algorithm/block/chaffing-980701.txt>).
* Attacks
o The Rectangle Attack-Rectangling the Serpent
, E. Biham, O.
Dunkelman and N. Keller, Proc. of Eurocrypt'2001,
Springer-Verlag, LNCS 2045, pp.340-357, 2001 (local copy
<../../resource/crypto/algorithm/block/serpent.ps>).
o Amplified Boomerang Attacks Against Reduced-Round MARS and
Serpent , J.
Kelsey, T. Kohno, and B. Schneier, Proc. of FSE'2000,
Springer-Verlag, LNCS 1978, pp.75-93, 2001 (local copy
<../../resource/crypto/algorithm/block/boomerang2.ps>).
o The boomerang attack
, David Wagner,
Proc. of FSE'99, Springer-Verlag, LNCS 1636, pp.156-170,
1999 (local copy
<../../resource/crypto/algorithm/block/boomerang.ps>).
(local copy(slide)
<../../resource/crypto/algorithm/block/boomerang-slide.ps>).
o Advanced Slide Attacks
, Alex Biryukov and
David Wagner, Proc. of Eurocrypt'2000, Springer-Verlag, LNCS
1807, pp.589-606, 2000 (local copy
<../../resource/crypto/algorithm/block/slideattacks2.ps>).
o Slide attacks ,
Alex Biryukov and David Wagner, Proc. of FSE'99,
Springer-Verlag, LNCS 1636, pp.245-259, 1999 (local copy
<../../resource/crypto/algorithm/block/slideattacks.ps>).
o A Chosen-Plaintext Linear Attack on DES, Lars R. Knudsen and
John Erik Mathiassen, Proc. of FSE'2000, Springer-Verlag,
LNCS 1978, pp.262-272, 2001
o From Differential Cryptanalysis to Ciphertext-Only Attacks
,
A.Biryukov and E.Kushilevitz, Proc. of CRYPTO'98,
Springer-Verlag, LNCS 1462, pp.72-88, 1998 (local copy
<../../resource/crypto/algorithm/block/cr98proc.ps>).
o A chosen plaintext attack of the 16-round Khufu
cryptosystem, H. Gilbert and P. Chauvaud, Proc. of
Crypto'94, Springer-Verlag, LNCS 839, pp.359-368, 1994
o A new method for known plaintext attack of FEAL cipher, M.
Matsui and A. Yamagishi, Proc. of Eurocrypt'92,
Springer-Verlag, LNCS 658, pp.81-91, 1992
Top <#top>
------------------------------------------------------------------------
Design/Cryptanalysis
[Collection of papers]
* Cryptanalysis of Block Ciphers
by
Thomas Jakobsen (Last update: June 15, 1998).
* Differential Cryptanalysis: A Literature Survey
by Terry Ritter.
* Linear Cryptanalysis: A Literature Survey
by Terry Ritter.
* Cryptanalysis Papers
by Michael
Graffam.
* Analysis and design of cryptographic algorithms
, R. Anderson.
* Methods of Cryptanalysis
, Dr. Alex
Biryukov. (Lecture)
[Paper]
* A Mathematical Theory of Communication
, Claude
E. Shannon, Bell System Technical Journal, vol. 27, pp.379-423 and
623-656, July and October, 1948. (local copy
<../../resource/crypto/algorithm/block/shannon1948.pdf>).
* Communication Theory of Secrecy Systems
, Claude Shannon, Bell
System Technical Journal, Vol 28, Oct 1949, pp.656-715.
* Cryptography and Computer Privacy
, Horst Feistel,
Scientific American, Vol. 228, No.5 , 1973.
* A practical approach to the design of high speed
self-synchronizing stream ciphers
, J.
Daemen, R. Govaerts, and J. Vandewalle, Singapore ICCS/ISITA '92
Conference Proceedings, IEEE, 1992, pp. 279-283 (local copy
<../../resource/crypto/algorithm/block/ssscjo.ps>).
* A Fast Method for Cryptanalysis of Substitution Ciphers
, T.
Jakobsen, and Thomas Jakobsen, Cryptologia 19(3), July 1995 (local
copy <../../resource/crypto/algorithm/block/subst.ps>).
* Cipher and hash function design. Strategies based on linear and
differential cryptanalysis
, J. Daemen,
Doctoral Dissertation , March 1995.
* Known Plaintext Cryptanalysis of Tree-Structured Block Ciphers, H.
Heys and S. Tavares, IEE Electronics Letters, v. 31, n. 10, 1995,
pp. 784-785. (Also presented at TRIO Researcher's Retreat,
Kingston, Ontario, May 1994).
* Substitution-Permutation Networks Resistant to Differential and
Linear Cryptanalysis
, H. Heys and S.
E. Tavares, Journal of Cryptology, v. 9, n. 1, 1996, pp. 1-19.
(Also presented at 2nd ACM Conference on Computer and
Communications Security, Fairfax, Virginia, Nov. 1994) (local copy
<../../resource/crypto/algorithm/block/jc_96.ps>).
* Unbalanced Feistel Networks and Block Cipher Design
, B. Schneier
and J. Kelsey, Fast Software Encryption, Third International
Workshop Proceedings (February 1996), Springer-Verlag, 1996, pp.
121-144.
* Cryptanalysis of Substitution-Permutation Networks Using
Key-Dependent Degeneracy
, H. Heys and S.
Tavares, Cryptologia, v. XX, n. 3, 1996, pp. 258-274 (local copy
<../../resource/crypto/algorithm/block/cry_96.ps>).
* Key-Schedule Cryptanalysis of 3-WAY, IDEA, G-DES, RC4, SAFER, and
Triple-DES , J.
Kelsey, B. Schneier, and D. Wagner, Advances in Cryptology -
Crypto '96 Proceedings, pp. 237-251. Springer-Verlag, August 1996.
* Self-Study Course in Block Cipher Cryptanalysis
, B. Schneier,
Cryptologia, v.24, n.1, Jan 2000, pp. 18-34. (local copy
<../../resource/crypto/algorithm/block/cryptanalysis.pdf>).
Top <#top>
------------------------------------------------------------------------
Related Links/Resources
* NESSIE (New European Schemes for Signatures, Integrity, and
Encryption) .
* Standard Cryptographic Algorithm Naming
.
o Symmetric Cipher
.
o Block cipher Mode
.
o Block cipher Padding
.
* Block Ciphers
by Helger Lipmaa.
o Block Ciphers: Cryptanalysis
by Helger Lipmaa.
* Cryptography A-2-Z , SSH
Communications Security Corp.
o Cryptanalysis and Attacks on Cryptosystems
.
o Secret Key Cryptosystems
.
* Encryption Algorithms based on the Block Cipher Principles
,
Security.KAIST.
* Cryptography
by Michael Graffam.
* Advanced Encryption Standard (AES)
.
o Public Workshop on Symmetric Key Block Cipher Modes of
Operation
, NIST,
October 20, 2000.
o The Third Advanced Encryption Standard (AES) Candidate
Conference
,
NIST, April 13-14, 2000.
o Second AES Candidate Conference (AES2)
,
NIST, March 22-23, 1999.
o First AES Candidate Conference (AES1)
,
NIST, August 20-22, 1998.
* ISO 8372: 1987, Modes of operation for a 64- bit block cipher
algorithm.
* ISO/IEC 10116: 1997, Modes of operation for an n- bit block cipher
algorithm (2nd edition).
Top <#top>
------------------------------------------------------------------------