Shoji Miyaguchi

Fast data encipherment algorithm FEAL

In data communications and information processing systems, cryptography is the most effective way to secure communications and store data. The most commonly used cryptogryphic algorithm is DES (1). However, it is generally implemented with hardware, and the cost is prohibitive for small scale systems such as personal computer communications. Accordingly, an encipherment algorithm that has safety equal to DES and is suitable for software as well as hardware implementation is needed. The FEAL (Fast data Encipherment ALgorihtm) fills this need.

ESIGN: an efficient digital signature implementation for smart cards

ESIGN is an efficient digital signature algorithm [OkS, Ok], whose computation speed is more than twenty times faster than that of the RSA scheme, while its key length and signature length are comparable to those of the RSA scheme. This paper presents a software implementation of ESIGN on an 8bit micro-processor smart card. This realizes a computation time for signature generation of about 0.2 seconds. To achieve this remarkable speed for signature generation, appropriate implementation techniques such as pre-computation and table look-up techniques are effectively used. Moreover, this software implementation is compact enough for smart cards; the program size and the data size including the work area are at most 3Kbytes each. Practical identification schemes based on ESIGN are also presented.

Confirmation that some hash functions are not collision free

Hash functions are used to compress messages into digital signatures. A hash function has to be collision free; i.e., it must be computationally infeasible to construct different messages which output the same hash-value. This paper shows that five hash functions are not collision free, including the assumptions that an attacker can modify an initial value of the hash function. These hash functions are analyzed from the standpoints of their structure, the complementation property and the weak keys of the block ciphers used in them. As a result, it is clear that many pairs of messages can be created to generate the same hash-values. Therefore, users desiring to use these hash functions should be notified of their weakness.

A Switching Closure Test to Analyze Cryptosystems

The closure test MCT (meet-in-the-middle closure test) was introduced to analyze the algebraic properties of cryptosystems [KaRiSh]. Since MCT needs a large amount of memory, it is hard to implement with an ordinary meet-in-the-middle method. As a feasible version of MCT, this paper presents a switching closure test SCT which based on a new memoryless meet-in-the-middle method. To achieve the memoryless method, appropriate techniques, such as expansion of cycling detection methods for one function into a method for two functions and an efficient intersection search method that uses only a small amount of memory, are used in an extremely effective manner.

FEAL — Fast Data Encipherment Algorithm

This paper discusses the design of the fast data encipherment algorithm (FEAL). FEAL is a conventional encipherment algorithm using the same key for enciphering and deciphering. It is a block cipher algorithm which produces 64 bit ciphertext from 64 plaintext, using a 64-bit key. The main feature of the cipher processing in FEAL is that it is based on 8-bit data manipulations such as addition with modulo 256, and data cycle and data transfer commands for 1-byte. The program performance of FEAL is improved greatly compared with that of DES. The security of FEAL is based on the characteristic value representing the trace of the plaintext and ciphering key remaining in the ciphertext, as well as on the algorithm structure.

Results of switching-closure-test on FEAL

The closure tests, CCT and MCT, were introduced to analyze the algebraic properties of cryptosystems by Kaliski et al. [KaRiSh]. If a cryptosystem is closed, the tests give the same results “Fail” and the cryptosystem might be breakable. Though CCT requires much less memory and time than MCT, we cannot apply CCT to check cryptosystems having the same data and key block lengths such as FEAL with non-parity mode. Because CCT utilizes the differences in data and key block lengths.