This preview shows page 1. Sign up to view the full content.
Unformatted text preview: he key, is forced to pursue a bruteforce search through the random string. The security of this sort of cipher can be expressed by the average number of bits a cryptanalyst must examine before the chances of determining the key improve over pure guessing. Rip van Winkle Cipher
James Massey and Ingemar Ingemarsson proposed the Rip van Winkle cipher [1011], so named because the receiver has to receive 2n bits of ciphertext before attempting decryption. The algorithm, illustrated in Figure 17.10, is simple to implement, provably secure, and completely impractical. Simply XOR the plaintext with the keystream, and delay the keystream by 0 to 20 years—the exact delay is part of the key. In Massey’s words: “One can easily guarantee that the enemy cryptanalyst will need thousands of years to break the cipher, if one is willing to wait millions of years to read the plaintext.” Further work on this idea can be found in [1577,755]. Figure 17.10 Rip van Winkle cipher. Diffie’s Randomized Stream Cipher
This scheme was first proposed by Whitfield Diffie [1362]. The data are 2n random sequences. The key is k, a random nbit string. To encrypt a message, Alice uses the kth random string as a onetime pad. She then sends the ciphertext plus the 2n random strings over 2n + 1 different communications channels. Bob knows k, so he can easily choose which onetime pad to decrypt the message with. Eve has no choice but to examine the random sequences one at a time until she finds the correct onetime pad. Any attack must examine an expected number of bits which is in O(2n). Rueppel points out that if you send n random strings instead of 2n, and if the key is used to specify a linear combination of those random strings, the security is the same. Maurer’s Randomized Stream Cipher
Ueli Maurer described a scheme based on XORing the plaintext with several large public randombit sequences [1034,1029,1030]. The key is the set of starting positions within each sequence. This turns out to be provably almost secure, with a calculable probability of being broken based on how much memory the attacker has at his disposal, without regard to the amount of co...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details