|
|
SAPPHIRE : * Design in a little extra strength where there is doubt about what attacks might be a threat.The Sapphire Stream Cipher is very similar to a cipher I started work on inNovember 1993. It is also similar in some respects to the alledged RC-4 thatwas posted to sci.crypt recently. Both operate on the principle of amutating permutation vector. Alledged RC-4 doesn't include any feedback ofciphertext or plain text, however. This makes it more vulnerable to a knownplain text attack, and useless for creation of cryptographic check values. On the other hand, alledged RC-4 is faster.The Sapphire Stream Cipher is used in the shareware product Quicrypt, whichis available at and on the ColoradoCatacombs BBS (303-772-1062). There are two versions of Quicrypt: theexportable version (with a session key limited to 32 bits but with strongI notice you don't consider the adaptive selected plaintextattack. The attacker would be given a keyed black box, andbe able to put in any plaintext he wants, obtain correspondingciphertext, and repeat the process based on his observations.
SAPPHIRE : RC4 avoids the issue by having no feedback. It is certainlynot safe to use the same initial state for multiple encryptions,but running different plaintexts through will not help exposethe state. I played with adding feedback to an RC4-like cipher,but could not convince myself that I could beat an adaptiveattack.Since any one byte only effects 5 elements of the permutation vector,a change in one byte leaves the vector mostly the same. Inparticular, the permutation vector elements which effect theencryption of the next character will probably be the in the sameplace. As you said, the attacker knows rotor, last_plain, andlast_cipher. Can he use one character changes to feel around in thepermutation vector?The multiple levels of subscripting would tend to make this attackmore difficult. Did you specifically design the cipher to beat anadaptive selected plaintext attack? Do you specifically exclude thistype of attack?
SAPPHIRE : It's important to note that there are some real-world applications whereadaptive chosen plaintext or ciphertext *is* a reasonable attack. As anexample, think of some kind of encrypted TV, where you have to have thedecoder box to decrypt the television signal. If you could extract thekey from the box, you'd be able to manufacture your own boxes (at aprofit, at least until someone arrested you). An attacker might havecomplete control over this box's inputs and immediate access to itsoutputs--so that an adaptive chosen ciphertext attack is feasible. Ifthe attacker can use complete minute-by-minute control of the box'sinputs to get the key, then the system is broken. --John Kelsey, From: ()Subject: The Sapphire Stream Cipher Newsgroups: Date: 1994-12-14 14:36:11 PST Bryan G. Olson wrote:Michael Paul Johnson wrote: [...] And the attacker must determine (most of the) internal state.Note that he can easily determine the plaintext correspondingto any given ciphertext if also given the keyed black box. [Michael argues this would be at least very difficult] Absolutely. I think there is. We can look for coincidences which are more likelyto occur in the output of the cipher than in random selections.
SAPPHIRE : Michael Paul Johnson wrote: Oops, I should have been using an upper case W. It can be any numberof characters long, including 0. In response to some posts by Bryan G. Olson , I have donesome more analysis of the Sapphire Stream Cipher with respect to adaptivechosen plain text attacks. After making a computer slave away over theChristmas break (while I was off celebrating), I found some interestingthings.Bryan's observation was that there were certain small changes in plain text(easiest to do with two or three byte differences, followed by a single bytethe same) that result in all five of the index variables and most of thepermutation vector state the same. This can result in identical output foridentical subsequent input for some number of bytes after the change. Bryanexpressed concern that this might be helpful in recovering some keyinformation.
SAPPHIRE : My modeling of the above described situation shows that the above describeddeparture from the ideal certainly happens frequently enough to be ofconcern, but not for the reasons Bryan gave. I still have no idea how thiscorrelation could be used to either (1) help solve for key information orequivalent permutation vector state, or (2) help solve for the contents of anencrypted message that used the same key as the one being attacked with theadaptive chosen plain text attack. I did notice, however, that this doeshave serious implications for the use of the Sapphire Stream Cipher as acryptographic hash function, either keyed or keyless. As a result, theprocedure for computing a cryptographic hash with the Sapphire Stream Ciphershould be ammended to include some post-processing, as described below.
|
|
22k gold bracelets, barbell earrings, beaded crystal bracelets, big beads, bracelets en perles, ceiling pendants, coral earrings drop, crocheting bead necklaces, diamonds emeralds earrings, earrings claddagh silver, earrings gold hoops, engraveable id bracelets, family bracelets, fossil watchs, gold cobra pendants, gold fish pendants, gold plated beads, heart lariat necklaces, italia charms, jade buddha pendants, jelly bracelets, jewellery pendants, jewish name necklaces, lockets wholesale, making friendship bracelets, mikimoto pearl earrings, necklace earrings set, number pendants, onyx diamond earrings, patriotic earrings, picture pendants, plastic pony beads, power bracelets, rhinestone bridal bracelets, sea glass earrings, spongebob italian charm bracelets, teen earrings, turkish worry beads, wedding shower charms, wholesale choker pendants, wire jewelry necklaces, accupressure earrings, asian bracelets, beads chicago, boy charms, cherry necklaces, chitosan beads, diffusing silver necklaces, faux pearl necklaces, half earrings, heart diamond bracelets, indian bracelets, japanese porcelain pendants, mia bracelets, miniature pinscher charms, moss agate necklaces, rembrandt charms, skateboard and earrings, speidel identification bracelets, vintage crucifix necklaces, aardvark beads, african trade bracelets, all seasons beads, arm bracelets, aztec necklaces, bandana necklaces, beaded window charms, beads and beadworkers, beads jewelry kits, beads skull, beadwork creates necklaces, black y necklaces, bracelets hermes, brent pressure earrings, bright colorful beads, buffalo bone beads, cartouche earrings, celtic knotwork pendants, charms badminton birdie, chelsea charms tribute, chopard ladies watches, coqui charms, crossbones bracelets, dance charms, designer lampwork beads, diamond jewelry, discount pewter charms, dragon earrings, earstrings earrings, english charms, fashionable choker necklaces, flag necklaces, fork bracelets, fossil watches, ganz charms, goat earrings, goddess prayer beads, gzi beads, hand crafted bracelets, hebron beads, hip hop charms, history of earrings, hopi indian bracelets, house charms, illusion necklaces, imported beads, infinity earrings, italian beads, james avery charms, jewelry amethyst necklaces, jewelry bracelets 22kt, jewelry diamond earrings, jewelry earrings turquoise, jewelry gift box, jewelry necklaces pearl, jewelry rings jewelry, jewelry silver bracelets, jewelry zoppini charm, labret earrings, latvian pendants, lee brevard earrings, magnet bracelets uk, marcasite jewelry, mat?riel bracelets br?siliens, mele jewelry boxes, moon necklaces, murano glass necklaces, native american bracelets, necklaces semiprecious, nordic charms, omega watches, owl beads, patterns pony beads, pendants imports, penguin charms, personalized heart charms, pittsburgh beads, pow mia bracelets, pug charms, rondell beads, rose petal beads, rubber band bracelets, san marco bracelets, seashell necklaces, seiko watches, sheriff charms, silver drop beads, sj beads, southern charms babette, stampato bracelets, surf beads australia, tag bracelets, tiffany necklaces, twisted friendship bracelets, watches casio, watches rolex, wholesale gold charms, wire wrapped pendants, wolf charms, yin yang earrings