Peter Landrock

Principles of key management

Security services based on cryptographic mechanisms assume keys to be distributed prior to secure communications. The secure management of these keys is one of the most critical elements when integrating cryptographic functions into a system, since any security concept will be ineffective if the key management is weak. This work approaches the problem of key management in a modular and hierarchical manner. It discusses key management security requirements, deals with generic key management concepts and design criteria, describes key management services and building blocks, as well as key management facilities, key management units, and their interrelationship. >

Classical codes as ideals in group algebras

The theory of algebraic codes is a perfect illustration of the fact that the more mathematical structure one is able to add to a system, the better are the descriptions one obtains: Changing from codes to linear codes, it is no longer necessary to compute all distances between any two codewords, only the codeword weights, in order to find the minimum distance. Going from linear codes to cyclic codes then, the linear structure is replaced by a much richer algebraic structure, and general results on properties of codes such as the BCH-bound, fast decoding algorithms, etc., may be developed.Thus it was an important result realizing that shortened Generalized Reed-Muller (GRM) codes are cyclic codes, since the GRM codes themselves were constructed only as linear codes. And it was interesting when S.D. Berman (see [1]) in 1967 discovered that the Reed-Muller codes over GF(2) may be described as ideals in a very natural algebra, namely the group algebra over an elementary abelian 2-group. Based on some properties of the GRM codes discovered by T. Kasami et al. in 1968 (see [7]), P. Charpin then could prove (see [2]) that a similar fact holds over GF(p).In retrospect, one is left with the impression that it is an extensive and complicated piece of work to establish these facts. Here, we go the opposite way and start with the algebra, develop some general properties, focus on some very basic ideals which happen to be the GRM codes. Our approach is very natural and is based on some classical results on group algebras developed by S. Jennings (see [6]) in the early forties, which P. Charpin apparently was unaware of. These results are straightforward when the underlying group is elementary abelian, and may be developed from scratch.The same methods apply to not only the extended Reed-Solomon codes but to all GRM codes over arbitrary finite fields.While the first sections may be of most interest to representation theory, our last section contains a new decoding algorithm of the Reed-Muller codes, which takes advantage of the underlying algebra structure, thus justifying the whole approach. There are definitely methods there, which may be applied to other group codes, such as those based on algebraic geometry.

Zero-Knowledge Authentication Scheme with Secret Key Exchange

Abstract. In this paper we formally define proof systems for functions and develop an example of such a proof with a constant number of rounds, which we modify (at no extra communication cost) into an identification scheme with secret key exchange for subsequent conventional encryption. Implemented on a standard 32-bit chip or similar, the whole protocol, which involves mutual identification of two users, exchange of a random common secret key, and verification of certificates for the public keys (RSA, 512 bits) takes less than 3/4 second.

Speeding up Prime Number Generation

We present various ways of speeding up the standard methods for generating provable, resp. probable primes. For probable primes, the effect of using test division and 2 as a fixed base for the Rabin test is analysed, showing that a speedup of almost 50% can be achieved with the same confidence level, compared to the standard method. For Maurers algorithm generating provable primes p, we show that a small extension of the algorithm will mean that only one prime factor of p−1 has to be generated, implying a gain in efficiency. Further savings can be obtained by combining with the Rabin test. Finally, we show how to combine the algorithms of Maurer and Gordon to make ”strong provable primes” that satisfy additional security constraints.

The extended Golay codes considered as ideals

Abstract In this note we answer the following question in the affirmative: Is there a natural algebraic structure on the vector spaces containing the extended binary and ternary Golay codes such that the codes become ideals in these algebras? Our motivation was a note of J. Wolfmann, that describes the extended binary Golay code as the binary image of a principal ideal in a group algebra over the field with eight elements, and also a note of D. Y. Goldberg, that contains a related result for the extended ternary Golay code. In the following we construct those codes as ideals in the binary group algebra over the symmetric group H4 and in the ternary twisted group algebra over the alternating group u 4, respectively. Before we present our results, we are going to remind the reader of the definition of Golay codes as special QR-codes. Here, for obvious reasons, we restrict out attention to the binary and ternary case. We assume that the reader is familiar with basic notions in coding theory and in representation theory as well.

On the number of irreducible characters in a 2-block☆

Both of these conjectures have been verified for D cyclic by Dade [9] or 1 D 1 <pz by Brauer and Feit [7] (for proof see Brauer [3, II]). In addition, the first conjecture has been verified if the inertial index of the block is 1 (see Brauer [4, IV]), while the second conjecture has been partly verified for psolvable groups by Fong. In one of several discussions I had with R. Brauer in 1974, he suggested to find a verification of these conjectures in the case of a principal 2-block with H, @ Z, @ Z, as defect group without involving the classification of groups with this Sylow 2-subgroup, from which the conjectures may quite easily be checked to hold. In [ 181, Ward was forced to do this for groups of Ree-type anyway, but the computations were quite involved, and the very special properties of these groups, including their order, were used heavily. In Theorem 2 of Section 2, we prove that the first conjecture holds in general for any defect group of order (less than or) equal to 8, while Theorem 8 of Section 3 states that the second conjecture hold if the block in addition is assumed to be principal. We shall not depend in our work on the classification of these groups. In particular we give an alternate and shorter proof of the result in [ 181 mentioned above without using any other property

Zero-knowledge authentication scheme with secret key exchange

In this note we first develop a new computationally zero-knowledge interactive proof system of knowledge, which then is modified into an authentication scheme with secret key exchange for subsequent conventional encryption. Implemented on a standard 32-bit chip or similar, the whole protocol, which involves mutual identification of two users, exchange of a random common secret key and verification of certificates for the public keys (RSA, 512 bits) takes less than 0.7 seconds.

Precautions taken against various potential attacks

This paper describes a “digital signature scheme giving message recovery” in order to submit it to the public scrutiny of IACR (the International Association for Cryptologic Research). This scheme is currently prepared by Subcommittee SC27, Security Techniques, inside Joint Technical Committee JTC1, Information Technology, established by both ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission).

A European call for cryptographic algorithms: ripe, race integrity primitives evaluation

The first aim of this paper is to situate the call for integrity and authentication algorithms within research on cryptography and within evolution of telecommunication. Motivations for submitting primitives and details on the submission process are also given.

A New Concept in Protocols: Verifiable Computational Delegation

I used to say that the only thing I can trust is what I can prove, but that was when I was a mathematician and now I’m a cryptographer (at least part-time) and then of course that no longer holds. I have to trust for instance that factoring is difficult. It reminds me of a conversation we had about a year ago in the Danish Security Council. Somebody was saying: you know, you don’t know what to trust these days, I’m very careful when I’m on the phone, I never say anything important on the phone. And I said I’m much more cautious, I simply never say anything important, you never know.