applied cryptography - protocols, algorithms, and source code in c

# The practical effect of seal being a pseudo random

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: s Next ----------- 16.10 Gifford David Gifford invented a stream cipher and used it to encrypt news wire reports in the Boston area from 1984 until 1988 [608,607,609]. The algorithm has a single 8-byte register: b0, b1,..., b7. The key is the initial state of the register. The algorithm works in OFB; the plaintext does not affect the algorithm at all. (See Figure 16.17). To generate a key byte ki, concatenate b0 and b2 and concatenate b4 and b7. Multiply the two together to get a 32-bit number. The third byte from the left is ki. To update the register, take b1 and sticky right shift it 1 bit. This means the left-most bit is both shifted and also remains in place. Take b7 and shift it 1 bit to the left; there should be a 0 in the right-most bit position. Take the XOR of the modified b1, the modified b7, and b0. Shift the original register 1 byte to the right and put this byte in the left-most position. This algorithm remained secure throughout its life, but was broken in 1994 [287]. It turns out that the feedback polynomial isn’t primitive and can be attacked that way—oops. Figure 16.17 Gifford. 16.11 Algorithm M The name is from Knuth [863]. It’s a method for combining multiple pseudo-random streams that increases their security. One generator’s output is used to select a delayed output from the other generator [996,1003]. In C: #define ARR_SIZE (8192) /* for example — the larger the better */ static unsigned char delay[ ARR_SIZE ] ; unsigned char prngA( void ) ; long prngB( void ) ; void init_algM( void ) { long i ; for ( i = 0 ; i < ARR_SIZE ; i++ ) delay = prngA() ; } /* init_algM */ unsigned char algM( void ) { long j,v ; j = prngB() % ARR_SIZE ; /* get the delay index */ v = delay[j] ; /* get the value to return */ delay[j] = prngA() ; /* replace it */ return ( v ) ; } /* algM */ This has strength in that if prngA were truly random, one could not learn anything about prngB (and could therefore not cryptanalyze it). If prngA were of the form that it could be cryptanalyzed only if its o...
View Full Document

## This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online