Danilo Gligoroski

Unbiased random sequences from quasigroup string transformations

The need of true random number generators for many purposes (ranging from applications in cryptography and stochastic simulation, to search heuristics and game playing) is increasing every day. Many sources of randomness possess the property of stationarity. However, while a biased die may be a good source of entropy, many applications require input in the form of unbiased bits, rather than biased ones. In this paper, we present a new technique for simulating fair coin flips using a biased, stationary source of randomness. Moreover, the same technique can also be used to improve some of the properties of pseudo random number generators. In particular, an improved pseudo random number generator has almost unmeasurable period, uniform distribution of the letters, pairs of letters, triples of letters, and so on, and passes many statistical tests of randomness. Our algorithm for simulating fair coin flips using a biased, stationary source of randomness (or for improving the properties of pseudo random number generators) is designed by using quasigroup string transformations and its properties are mathematically provable. It is very flexible, the input/output strings can be of 2-bits letters, 4-bits letters, bytes, 2-bytes letters, and so on. It is of linear complexity and it needs less than 1Kb memory space in its 2-bits and 4-bits implementations, hence it is suitable for embedded systems as well.

The Stream Cipher Edon80

Edon80 is a hardware binary additive synchronous stream cipher. Its properties are: 1.) The internal structure is highly pipelined; 2.) It is highly parallelizable, making it scalable from the speed of processing point of view; 3.) Its design principles offer possibilities to achieve significant speed asymmetry -- it belongs to a family of stream ciphers that in hardware can have a constant speed of one bit per clock cycle, but in software implementation on popular modern CPUs can be made as slow as needed. Since its first description in 2005, it has been analyzed by several cryptographers, have been implemented in a more compact way and a MAC functionality have been added. We give a full description of Edon80 including latest developments and updates.

High Performance Implementation of a Public Key Block Cipher - MQQ, for FPGA Platforms

This is the first implementation in FPGA of the recently published class of public key algorithms - MQQ, that are based on quasigroup string transformations. Our implementation achieves decryption throughput of 399 Mbps on an Xilinx Virtex-5 FPGA that is running on 249.4 MHz. The encryption throughput of our implementation achieves 44.27 Gbps on an Xilinx Virtex-5 chip that is running on 276.7 MHz. Compared to RSA implementation on the same FPGA platform this implementation of MQQ is 10,000 times faster in decryption, and is more than 17,000 times faster in encryption. The main goal of this work was to build a hardware that can perform operations with the public and the private key that have as high as possible speed. Our main comparison is with RSA with a similar cryptographic strength, because we want to emphasize that RSA being essentially sequential algorithm can not benefit from the parallel capabilities that modern FPGAs offer, while MQQ can.

Error-Correcting Codes Based on Quasigroups

Error-correcting codes based on quasigroup transformations are proposed. For the proposed codes, similar to recursive convolutional codes, the correlation exists between any two bits of a codeword, which can have infinite length, theoretically. However, in contrast to convolutional codes, the proposed codes are nonlinear and almost random: for codewords with large enough length, the distribution of the letters, pair of letters, triple of letters, and so on, is uniform. Simulation results of bit-error probability for several codes in binary symmetric channels are presented.

Classification of quasigroups by random walk on torus

Quasigroups are algebraic structures closely related to Latin squares which have many different applications. There are several classifications of quasigroups based on their algebraic properties. In this paper we propose another classification based on the properties of strings obtained by specific quasigroup transformations. More precisely, in our research we identified some quasigroup transformations which can be applied to arbitrary strings to produce pseudo random sequences. We performed tests for randomness of the obtained pseudo-random sequences by random walks on torus. The randomness tests provided an empirical classification of quasi-groups.

On the importance of the key separation principle for different modes of operation

The key separation principle for different modes of operation of the block ciphers is a cryptographic folklore wisdom that states: One should always use distinct keys for distinct algorithms and distinct modes of operation. If this principle is violated, then there are generic attacks that can recover the whole or a part of the encrypted messages. By the advent of software packages and libraries that offer some or all modes of operation of block ciphers, the violation of this principle is really possible in practice. We show that under the same key, OFB mode of operation is a special case of the CBC mode of operation, and that if CBC and CTR modes of operation are interchangeably used under the same secret key - then the security of the encryption process is seriously weakened. Moreover in the chosen plaintext attack scenario with interchanged use of CBC and OFB mode under the same key, we give a concrete list of openssl commands that can extract the complete plaintext without knowing the secret key.

Quasigroups as Boolean Functions, Their Equation Systems and Gröbner Bases

In this short note we represent quasigroups of order 2 n as vector valued Boolean functions f:{0,1}2n →{0,1} n . The representation of finite quasigroups as vector valued Boolean functions allows us systems of quasigroup equations to be solved by using Grobner bases.

Bypassing Data Execution Prevention on MicrosoftWindows XP SP2

The evolution of Microsoft Windows from a desktop operating system into a server operating system has brought attention to and concern of some severe security issues. Attacks that exploited buffer overflows started appearing for the services that were used on the new server operating system. Recently, Microsoft decided to implement a protective measure: data execution prevention - DEP in two of their products: Service Pack 2 for Windows XP and Service Pack 1 for Windows 2003. The measure has been implemented as one of the core security mechanisms with the intention to prevent the attackers from breaking into the system i.e., to prevent the execution of code in non-executable memory regions. In this paper we show that the initial implementation of the software for DEP in Windows XP Service Pack 2 is actually not at all secure and that stack overflow attacks against DEP are as effective as attacks against systems that do not have DEP

Balanced locally repairable codes

We introduce a family of balanced locally repairable codes (BLRCs) [n, k, d] for arbitrary values of n, k and d. Similar to other locally repairable codes (LRCs), the presented codes are suitable for applications that require a low repair locality. The novelty that we introduce in our construction is that we relax the strict requirement the repair locality to be a fixed small number l, and we allow the repair locality to be either l or l + 1. This gives us the flexibility to construct BLRCs for arbitrary values of n and k which partially solves the open problem of finding a general construction of LRCs. Additionally, the relaxed locality criteria gives us an opportunity to search for BLRCs that have a low repair locality even when double failures occur. We use metrics such as a storage overhead, an average repair bandwidth, a Mean Time To Data Loss (MTTDL) and an update complexity to compare the performance of BLRCs with existing LRCs.

A Polynomial-Time Key-Recovery Attack on MQQ Cryptosystems

We investigate the security of the family of MQQ public key cryptosystems using multivariate quadratic quasigroups (MQQ). These cryptosystems show especially good performance properties. In particular, the MQQ-SIG signature scheme is the fastest scheme in the ECRYPT benchmarking of cryptographic systems (eBACS). We show that both the signature scheme MQQ-SIG and the encryption scheme MQQ-ENC, although using different types of MQQs, share a common algebraic structure that introduces a weakness in both schemes. We use this weakness to mount a successful polynomial time key-recovery attack that finds an equivalent key using the idea of so-called good keys. In the process we need to solve a MinRank problem that, because of the structure, can be solved in polynomial-time assuming some mild algebraic assumptions. We highlight that our theoretical results work in characteristic \(2\) which is known to be the most difficult case to address in theory for MinRank attacks and also without any restriction on the number of polynomials removed from the public-key. This was not the case for previous MinRank like-attacks against \(\mathcal {MQ}\) schemes. From a practical point of view, we are able to break an MQQ-SIG instance of \(80\) bits security in less than \(2\) days, and one of the more conservative MQQ-ENC instances of \(128\) bits security in little bit over \(9\) days. Altogether, our attack shows that it is very hard to design a secure public key scheme based on an easily invertible MQQ structure.