René Govaerts

Weak keys for IDEA

Large classes of weak keys have been found for the block cipher algorithm IDEA, previously known as IPES [2]. IDEA has a 128- bit key and encrypts blocks of 64 bits. For a class of 223 keys IDEA exhibits a linear factor. For a certain class of 235 keys the cipher has a global characteristic with probability 1. For another class of 251 keys only two encryptions and solving a set of 16 nonlinear boolean equations with 12 variables is sufficient to test if the used key belongs to this class. If it does, its particular value can be calculated efficiently. It is shown that the problem of weak keys can be eliminated by slightly modifying the key schedule of IDEA.

Propagation characteristics of Boolean functions

The relation between the Walsh-Hadamard transform and the auto-correlation function of Boolean functions is used to study propagation characteristics of these functions. The Strict Avalanche Criterion and the Perfect Nonlinearity Criterion are generalized in a Propagation Criterion of degree k. New properties and constructions for Boolean bent functions are given and also the extension of the definition to odd values of n is discussed. New properties of functions satisfying higher order SAC are derived. Finally a general framework is established to classify functions according to their propagation characteristics if a number of bits is kept constant.

Fast Hashing on the Pentium

With the advent of the Pentium processor parallelization finally bccarne available to Intel based computer systems. One of the design principles of the MD4-family of hash functions (MD4, MD5, SHA-1, FLIPEMD-160) is to be fast on the 32-bit Intel processors. This paper shows that carefully coded implementations of these hash functions are able to exploit the Pentiums superscalar architecture to its maximum effect: the performance with respect to execution on a non-parallel architecture increases by about 60%. This is an important result in view of the recent claims on the limited data bandwidth of these hash functions. Moreover, it is conjectured that these implementations are very close to optimal. It will also be shown that the performance penalty incurred by non-cached data and endianness conversion is limited, and in the order of 10% of running time.

A New Approach to Block Cipher Design

In this paper we apply the cryptographic finite state machine approach as introduced in [1] to the design of symmetric key block ciphers. Key words in the design approach are simplicity, uniformity, parallelism, distributed nonlinearity and high diffusion. 3-Way is a block cipher with a block and key length of 96 bits. Key components in the construction of 3-Way are a 3-bit nonlinear S-box and a linear mapping that can be described by modular polynomial multiplication in ℤ 2 12 . The arrangement of the components allows software implementations in the range of 10 Mbit/s on a modern PC and dedicated hardware implementations above 1 Gbit/s using standard technology (1.2μ CMOS). The cipher structure of 3-Way is shown to be surprisingly strong with respect to both linear and differential cryptanalysis.

Collision-free hashfunctions based on blockcipher algorithms

The concept of collision free hash functions has been shown to be a useful building block of signature schemes and message authentication schemes. In this paper, a fast and secure proposal is made for a 2n-bit collison free hash function based on an n-bit encryp tion algorithm. In case of the DES, the length of the result is 128 bits, which suffices to thwart a birthday attack.

Analytical Characteristics of the DES.

The necessity to use cryptography in order to protect stored and transmitted data has been recognized in many commercial applications, such as electronic funds transfer (EFT), automated clearinghouses, etc ... (Diffie and Hellman, 1979).

Fast RSA-hardware: dream or reality

This paper describes a successful hardware implementation of the RSA algorithm. It is implemented as an 120-bit bit-slice processor, which may be interconnected without additional circuitry to obtain arbitrary word lengths. With 512-bit operands, exponentiation takes less than 30 milliseconds.

SHA: a design for parallel architectures?

To enhance system performance computer architectures tend to incorporate an increasing number of parallel execution units. This paper shows that the new generation of MD4-based customized hash functions (RIPEMD-128, RIPEMD-160, SHA-1) contains much more software parallelism than any of these computer architectures is currently able to provide. It is conjectured that the parallelism found in SHA-1 is a design principle. The critical path of SHA-1 is twice as short as that of its closest contender RIPEMD-160, but realizing it would require a 7-way multiple-issue architecture. It will also be shown that, due to the organization of RIPEMD-160 in two independent lines, it will probably be easier for future architectures to exploit its software parallelism.

How role based access control is implemented in SESAME

The authors share their experiences with implementing a scheme that enforces role-based access control in a distributed heterogeneous computing environment. This work was done in the framework of the EC RACE project SESAME (Secure European System in A Multivendor Environment). The SESAME project relies on the work done by ECMA (European Computer Manufacturers Association) to represent the credentials of the users, and it fully supports a GSS (group support system) API to help the application developers. We conclude that enforcing such a scheme is realistic and that writing applications that benefit from the advantages of role-based access control is very feasible. We have built several demonstration applications.

A Hardware Design Model for Cryptographic Algorithms

A hardware implementation model is proposed that can be used in the design of stream ciphers, block ciphers and cryptographic hash functions. The cryptographic finite state machine (CFSM) model is no mathematical tool, but a set of criteria that have to be met by a real hardware finite state machine that will be used in the implementation of a cryptographic algorithm. Diffusion is studied by means of the diffusion graph and dependence matrix. For the study of confusion differential cryptanalysis is used.