Luke James O'Connor

MIERA: Method for Inter-Enterprise Role-Based Authorization

This paper addresses the problem of inter-enterprise transaction authorization, as required when an employee of one organization commissions work to another organization. On receiving an order from another organization, a company wants to be sure that the sender is actually entitled to do so within his or her organization. The MIERA scheme can be used for both intra- and inter-enterprise authorization and bases the decisions on roles. We define an authorization tree for a transaction type that determines which combination of roles can authorize such transactions. This tree allows the order-receiving organization to verify whether the order-sending employee was properly authorized.

On blending attacks for mixes with memory

Blending attacks are a general class of traffic-based attacks, exemplified by the (n–1)-attack. Adding memory or pools to mixes mitigates against such attacks, however there are few known quantitative results concerning the effect of pools on blending attacks. In this paper we give a precise analysis of the number of rounds required to perform an (n–1)-attack on the pool mix, timed pool mix, timed dynamic pool mix and the binomial mix.

XOR and non-XOR differential probabilities

Differential cryptanalysis is a well-known attack on iterated ciphers whose success is determined by the probability of predicting sequences of differences from one round of the cipher to the next. The notion of difference is typically defined with respect to the group operation (s) used to combine the subkey in the round function F. For a given round operation π of F, such as an S-box, let DP⊗(π) denote the probability of the most likely non-trivial difference for π when differences are defined with respect to ⊗. In this paper we investigate how the distribution of DP⊗(π) varies as the group operation ⊗ is varied when π is a uniformly selected permutation. We prove that DP⊗(π) is maximised with high probability when differences are defined with respect to XOR.

An analysis of exponentiation based on formal languages

A recoding rule for exponentiation is a method for reducing the cost of the exponentiation ae by reducing the number of required multiplications. If w(e) is the (hamming) weight of e, and e the result of applying the recoding rule A to e, then the purpose is to reduce wA(e) as compared to w(e). A well-known example of a recoding rule is to convert a binary exponent into a signed-digit representation in terms of the digits { 1;1; 0 } where 1 = -1, by recoding runs of 1s. In this paper we show how three recoding rules can be modelled via regular languages to obtain precise information about the resulting weight distributions. In particular we analyse the recoding rules employed by the 2k-ary, sliding window and optimal signed-digit exponentiation algorithms. We prove that the sliding window method has an expected recoded weight of approximately n/(k +1) for relevant k-bit windows and n-bit exponents, and also that the variance is small. We also prove for the optimal signed digit method that the expected weight is approximately n/3 with a variance of 2n/27. In general the sliding window method provides the best performance, and performs less than 85% of the multiplications required for the other methods for a majority of exponents.

On String Replacement Exponentiation

The string replacement (SR) method was recently proposed as a methodfor exponentiation ae in a group G. The canonicalk-SR method operates by replacing a run of i onesin a binary exponent,0<i≤k, with i-1 zeroes followedby the single digit b=2i-1. After recoding, it was shown in[5] that the expected weight of e tends to n/4 forn-bit exponents. In this paper we show that the canonicalk-SR recoding process can be described as a regular language andthen use generating functions to derive the exact probability distribution ofrecoded exponent weights. We also show that the canonical 2-SR recodingproduces weight distributions very similar to (optimal) signed-digitrecodings, but no group inversions are required.