Crypto 101

Pomidorkowi
CONTENTS
CONTENTS
CONTENTS
CONTENTS
CHAPTER 1. ABOUT THISBOOK
how
why
that’sa bug
CHAPTER 4. ACKNOWLEDGM ENTS
CHAPTER 5. EXCLUSIVE OR
ki
Pi Ci
ki
Pi Ci
pi i
ki
pi ci
0 0= 0 1 0= 1
0 1= 1 1 1= 0
a b= b a
a b
a a= 0 a 0 0= 0
a 1 1= 0
a 0= a a
0 0= 0 a 1 0= 1
a b a= b
a b a= a a b
= 0 b
= b
commutativity commutative
bitwise
73 87 = 0b1001001 0b1010111
1 0 0 1 0 0 1
=
1 0 1 0 1 1 1
= 0 0 1 1 1 1 0
= 0b0011110
= 30
ki ki
Pi Ci Pi
perfect security
ci
pi
ki
Alice Bob
ki ki
Pi Ci Pi
Eve
c1 c2 = (p1 k) (p2 k) ( )
= p1 k p2 k ( )
= p1 p2 k k (a b= b a)
= p1 p2 0 (x x = 0)
= p1 p2 (x 0 = x)
p1
p2
Ci K
Cj
K
Cj Pj = (Pj K) Pj
= K Pj Pj
= K 0
= K
Pi = Ci K i
pi any
all
k = ci pi
k
pi = ci k
put
together
E
P C k
C = E (k; P )
CHAPTER 6. BLOCK CIPHERS
block size
D
C k
P
P = D (k; C)
k k
P C P
E D
keyed permutation permutation
keyed
24 = 16
0 F
1 E
2 D
3 C
4 B
5 A
6 9
7 8
E k
0
F
5
C
6 4
9
B 3
1
E
D
2
7
8 A
k
0
F
5
C
6 4
9
B 3
1
E
D
2
7
8 A
k
1
A
C
2
7
9
0
F D
5
6
8
4
3 E
B
24 =
16
2128 1038:5
n! n
n
n
n! = 1 2 3 : : : (n 1) n
5! = 120 10! =
3628800
(2128)!
2128 (2128)!
2128 2256
8 8
x x S(x) = 0 x S(x) =
x x x
a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3
a1;0 a1;1 a1;2 a1;3 b1;0 b1;1 b1;2 b1;3

!
7
a2;0 a2;1 a2;2 a2;3 b2;0 b2;1 b2;2 b2;3
a3;0 a3;1 a3;2 a3;3 b3;0 b3;1 b3;2 b3;3
4 4
rot at e 0 a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3
rot at e 1 a1;0 a1;1 a1;2 a1;3 b1;1 b1;2 b1;3 b1;0

!
7
rot at e 2 a2;0 a2;1 a2;2 a2;3 b2;2 b2;3 b2;0 b2;1
rot at e 3 a3;0 a3;1 a3;2 a3;3 b3;3 b3;0 b3;1 b3;2
a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3
a1;0 a1;1 a1;2 a1;3 b1;0 b1;1 b1;2 b1;3

!
7
a2;0 a2;1 a2;2 a2;3 b2;0 b2;1 b2;2 b2;3
a3;0 a3;1 a3;2 a3;3 b3;0 b3;1 b3;2 b3;3
c(x)
a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3
a1;0 a1;1 a1;2 a1;3 b1;0 b1;1 b1;2 b1;3

!
7
a2;0 a2;1 a2;2 a2;3 b2;0 b2;1 b2;2 b2;3
a3;0 a3;1 a3;2 a3;3 b3;0 b3;1 b3;2 b3;3
k0;0 k0;1 k0;2 k0;3
k1;0 k1;1 k1;2 k1;3
k2;0 k2;1 k2;2 k2;3
k3;0 k3;1 k3;2 k3;3

C = E D E S (k 1; D D E S (k 2; E D E S (k3 ; p)))
k3 = k1 k1 = k 2 = k3
E (k1; E (k2; E (k3; p)))

CHAPTER 7. STREAM CIPHERS
:::
| {z } | {z } | {z }
# # #
z }| { z }| { z }| {
:::
:::
| {z } | {z } | {z }
# # #
z }| { z }| { z }| {
:::
128
24
passive
active
A
S
C = E CB (E k ; AkS)
C
k S
S k
C
A
once
S s0
s0
E k (Aks0 ) CR1
s0
CR1
A
b 1 1
A S
s0
f f
k
k
A
b
E
E
CR 1
a
S
A
s0 s1
b 2 2
A S
s0 s1
k E
CR 2
s0 Aks0
s1
A S
s0 a
f k E
p b
p
28 = 256 b
p p : : : p = pb
| {z }
b
25616
256
16 = 4096
ahead of time
P1 P2 P3
IV
k E k E k E
:::
C1 C2 C3
C1 C2 C3
:::
k D k D k D
IV
P1 P2 P3
I VA
I VM
G
PM = I VM I VA G
I VM
CM = E (k; I VM PM )
= E (k; I VM (I VM I VA G))
= E (k; I VA G)
P P1 P2 P3
k k
C = C1C2 C3
C 0 = C1 Z C1 Z
C0 P10; P20; P30
P10 = D (k; C1) IV

= D (k; C1) k
= P1
P20 = D (k; Z ) C1
= R
P30 = D (k; C1) Z

= D (k; C1)
= P1 IV
P10 = P1
P30 = P1 IV
(P1 I V) P1 = I V
stronger
are
whatever they want it to say
X X
Ci X Ci+ 1
:::
k D k D
:::
Pi0 Pi+ 1 X
Ci
Pi0
after
X
Pi + 1 X
Pi + 1
X
Pi0+ 1 = Pi + 1 X
= Pi + 1 ; = ;
= ; = ;
= ; = ;
may
constructing
padding oracle
R = r 1; r 2 : : : r b
Ci
RkCi
R = r 1r 2 : : : r b Ci
k D k D
IV
PR Pi = p1p2 : : : pb
previous
R
R rb
R RkCi
R
RkCi
Pi
every
and
C R
Pi
Pi R
R RkCi
Pi
p0 p1p2p3p4
p0 : : :
R
Pi p0 p00
p00 p1p2p3p4
p1 p2 p3 p4
is
R Pi
p00 p01p02p03p04
Ci
D (Ci )[b] rb
D (Ci )[b] rb =
D (Ci )[b] = rb
Ci
D (Ci )[b] rb =
almost
D (Ci )[b] rb =
=
b 1
why
slightly faster
timing attack
side-channel attack
synchronous
k C k C
Ki Ki
Ci
Pi Pi
asynchronous self-synchronizing
alleged
permutation
S
S
i; j S
S
identity permutation
0 1 2 3 ::: 254 255
0 1 2 3 ::: 254 255
j
j
S ::: ::: :::
Si Sj
Ki
K ::: :::
j S[i ] S[j ]
::: ::: :::
0 1 i j 254 255
f r om i t er t ool s i mpor t
def
f or in
f or in
r et ur n
S
i j = j + S[i ] j S[i ] S[j ]
::: ::: :::
0 1 i j 254 255
S[i ] S[j ]
S S[S[i ] + S[j ]]
Ki
::: ::: ::: :::
0 1 j i Si + Sj 255
Ki
def
f or in
y i el d
ki ki
Pi Ci Pi
k C k C
Ki Ki
Ci
Pi Pi
ki Ki
twice
k n kkn
n
k
224 226
k
+
i
(0; 0) i = 1 2 16 (1 + 2 9)
(0; 0) i 2
6 f 1; 255g 2 16 (1 + 2 8)
(0; 1) i 2
6 f 0; 1g 2 16 (1 + 2 8)
16
(0; i + 1) i 2
6 f 0; 255g 2 (1 + 2 8 )
16
(i + 1; 255) i =
6 254 2 (1 + 2 8 )
(255; i + 1) i 2
6 f 1; 254g 2 16 (1 + 2 8)
(255; i + 2) i 2
6 f 0; 253; 254; 255g 2 16 (1 + 2 8)
16
(255; 0) i = 254 2 (1 + 2 8 )
(255; 1) i = 255 2 16 (1 + 2 8)
(255; 2) i 2 f 0; 1g 2 16 (1 + 2 8)
(255; 255) i =
6 254 2 16 (1 + 2 8)
16
(129; 129) i = 2 2 (1 + 2 8 )
2 8 28
2 8
2 8 2 8 = 2 16
16 k
2 (1 + 2 )
i = 1 0
1+ 2 9
255
0; 1; 2; 255
k Pi
N k00: : : ki E Ci
N
i
Pi
Ci
N k00 : : : ki
N i
E k Si
Pi
Ci
pi si si = pi
n
n(n 1)
2
squared
authenticate
CHAPTER 8. KEY EXCHANGE
one-way
why
secret
y gx ( p)
x y g p
p g
x y
rA rB
mA mB
m A = gr A ( p)
m B = gr B ( p)
r m = gr ( p)
s = (gr A ) r B ( p)
(gr A ) r B ( p) = (gr B ) r A ( p)
rA rB
g
mA = gr A ( p) mB = gr B ( p)
rA rB
h p i
L 1/ 3; 3 64/ 9
p
L [1; 1/ 2] = O( n)
CHAPTER 9. PUBLIC-KEY ENCRYPTION
hybrid
p q
N
encryption exponent e
(N ; e)
M C
C Me ( N)
d decryption exponent C M
p q
d
M Cd ( N)
d
d
(N ; e)
M C
(N ; e)
C Me ( N)
N
p q p q
would
implementation
e
Pe P1 P
( N)
(n k p) (p) (k)
M 0: : : R
(n k)
(n k) (k)
(n k) ! (k)
X Y
(n k) (k)
X kY n
n N
R k k
n k
n k k
R M k000 : : :
G H
G k
n k H n k
k
X Y
X kY k
X kY X
n k Y k
M M k000 : : :
M k000 : : : = X G(R)
G(R)
G(R) = H (X ) Y
H
G X Y
M
H G
cryptographic
CHAPTER 10. HASH FUNCTIONS
will
m h pre-image
resistance
m m0
second pre-imageresistance
m; m 0
collision resistance
rainbow tables
2160
harder
as
H (M 1) H (M 1 kM 2 )
M1 H (M 1)
M1
H (M 1 ) ŀ xation
448 ( 512)
H (M 1kM 2 ) H (M 1)
H (M 1 kGkM 2 ) G gluepadding
glues
M1
M1
Mi A i = H (SkM i )
S
Mi
Ai
can’t
abused
CHAPTER 11. M ESSAGE AUTHENTICATION CODES
signature
algorithm
chosen messageattack
mi
ti
existential forgery
(m; t)
t0 m0
t0 mi
not
C=
E (K C ; P ) t = M AC(K M ; P )
C t
t = M AC(K M ; P ) C = E (K C ; P kt)
C t
C
C = E (K C ; P ) t = M AC(K M ; C)
C t
not
provable
t = H (kkm)
t H
H (k)
almost
k
k
kkmkp k
m p
m0
kkmkpkm 0
kkmkpkm 0kp0
exactly
mkpkm 0
k
gluepadding
m m0
def
f or in
r et ur n
t = H (mkk)
t = H (kkmkk)
m
k
pi n n er k
(= 0x3636 : : :)
f
b bit s
k
pou t er k
(= 0x5c5c: : :)
f
b bit s
pi nner
pout er
pi n ner pout er
p
a b
p
t = m a+ b ( p)
m
p m
M mi
P
t = (m n an + + m 1 a) + b ( p)
| {z }
P (M ;a)
P (M ; a) = a (a (a ( ) + m2) + m 1) + b ( p)
p
a; b
a b
m1; m2 (a; b)
t 1 = m1 a + b ( p)
t 2 = m2 a + b ( p)
a; b
t1 t 2 = (m 1 a + b) (m 2 a + b) ( p)
+
t1 t 2 = m1 a + b m2 a b ( p)
+ b b
t1 t 2 = m1 a m2 a ( p)
+ a
t1 t 2 = a (m 1 m 2) ( p)
+ (m 1 m2)
1
a = (t 1 t 2 )(m 1 m2) ( p)
a t1 t2 b
t 1 = m1 a + b ( p)
+
b = t1 m1 a ( p)
O
n F
CW ((k1; k2); n; M ) = F (k1; n) O(k2; M )
O(k2; M )
k1 k2
a b
k2
O
a b k2
(k 1; k2) = (k1 ; (a; b))

F (k1; n) F
O(k2 ; M ) M
O
wrong
about
A E
f encrypt ed
aut hent icat ed
P1 Pn X
:::
1 n X
k E k E k E
1 n ta
C1 ::: Cn t
t X
ta
ta
i
X Pi
P1 Pn
:::
1 n
k E k E
ta
CHAPTER 12. SIGNATURE ALGORITHMS
H
L N
L
L
N
q N N
L p
p 1 q
g
( p) q
g= 2(p 1)/ q ( p)
p 1 g
(p; q; g)
x 0 < x < q
y y = gx ( p)
(p; q; g; y) x
k
q k
k
r; s m
r = (gk ( p)) ( q)
1
s= k (H (m) + xr ) ( q)
q
q k
m
(r; s)
1
w= s ( q)
u1 = wH (m) ( q)
u2 = wr ( q)
v = (gu 1 yu 2 ( p)) ( q)
v r
k
(r i ; si )
mi k
(r 1; s1) (r 2; s2 ) m1 m2
s1 s2
1
s1 = k (H (m 1) + xr 1) ( q)
1
s2 = k (H (m 2) + xr 2) ( q)
r1 r2
r i = gk ( q)
k r k
ri x
si
1 1
s1 s2 = k (H (m 1) + xr ) k (H (m 2) + xr ) ( q)
1
= k ((H (m 1 ) + xr ) (H (m 2) + xr )) ( q)
1
= k (H (m 1) + xr H (m 2 ) xr ) ( q)
1
= k (H (m 1) H (m 2)) ( q)
1
k = (H (m 1 ) H (m 2 )) (s1 s2) ( q)
H (m 1) H (m 2)
s1
s2
k x
s
k x
1
s= k (H (m) + xr ) ( q)
(r; s)
x
sk = H (m) + xr ( q)
sk H (m) = xr ( q)
1
r (sk H (m)) = x ( q)
H (m) k
k s
1
r ( q)
r q
q
k
k k once
k ri ri
non-repudiation
keys
CHAPTER 13. KEY DERIVATION FUNCTIONS
not
extraction
phase
expansion phase
def
r et ur n
concentrating amplifying
def
” ” ” Ex pands t he k ey , wi t h opt i onal i nf o. ” ” ”
f or in
y i el d
def
” ” ” Col l ec t s out put f r om t he ex pans i on s t ep unt i l enough
has been col l ect ed; t hen r et ur ns t hat out put . ” ” ”
f or in
if
br eak
el s e
# Thi s bl ock i s execut ed when t he f or l oop * i sn’ t *
# t er mi nat ed by t he ‘ ‘ br eak ‘ ‘ s t at ement , whi ch
# happens when we r un out of ‘ ‘ ex pand‘ ‘ out put s
# bef or e r eachi ng t he desi r ed l engt h.

r ai s e Runt i meEr r or
r et ur n
look
CHAPTER 14. RANDOM NUMBER GENERATORS
r
4kB T f
i =
R
p
v= 4kB T R f
root mean square

f T
kB
thermal
could
never
always
Dual _EC_DRBG
(r P )
s (sP ) r (r Q)
P Q
s
s r
P
r = (sP )
r
Q
r Q
o = ( (r Q))
r P
s= (r P )
x
y
216
(r Q)
y2 x 3 + ax + b ( p)
a; b; p
x y
p p
y2 = q = x 3 + ax + b ( p) A = (x; q) =
(x; y)
A rQ
r s
r rQ
Q
e eQ = P
e
A rQ
(eA) = (er Q) = (r P ) ( p)
e; P; Q (r P )
s
e
s o
A right A
216 x
x
215 A
rQ
e eQ = P
P Q
P p Q0
P d
0
Q = dP
e eQ0 = P d Q0 = dP
e
d
s
P Q
actual
how Q
e
Q
d Q = dP d
d
d
219937 1 4 106001
not
S i
seed
tempering
i
seed
def
f or in
r et ur n
0 0= 0 1= 1 0= 0 1 1= 1
def
f or in
if
def
r et ur n
bijective one-to-one
232 32
def
r et ur n
def
f or in
r et ur n
def
f or in
r et ur n
CHAPTER 15. SSL AND TLS
perfect forward secrecy

<i nput
>
class
before
not
sent
CHAPTER 16. OPENPGP AND GPG
only
CHAPTER 17. OFF-THE-RECORD MESSAGING (OTR)
pA ; sA ) (pB ; sB )
E
D
S
r x
E (r; gx ) H (gx )
y gy
authenticate
s = (gy ) x
s c; c0
m 1; m 01 ; m 2 ; m 02
iB
x
(x; g )
M B = M m 1 (gx ; gy ; pB ; i B )
X B = (pB ; i B ; S(pB ; M B ))
r; E c(X B ); M m 2 (E c(X B ))
MB
r
H (gx )
s = (gx ) y
c; c0; m 1; m 01 ; m 2; m 02 m2
M m 2 (E c(X B ))
c
M B = M m 1 (gx ; gy ; pB ; i B )
S(pB ; M B )
iA
(y; gy ) MA = M m 01 (g ; gx ; pA ; i A )
y XA =
pA ; i A ; S(pA ; M A ) E c0(X A ); M m 02 (E c(X B ))
M m 02 (E c(X B ))
XB
E c0(X A ) XA
MA =
M m 01 (gy ; gx ; pA ; i A )
S(pA ; M A )
0
APPENDIX A. MODUL AR ARITHMETIC
2+ 5 = 7
10 2= 8
(10 + 4) 12 = 2
(2 5) 12 = 9
( 12)
=
10 + 4 2 ( 12)
2 5 9 ( 12)
equivalent modulo somemodulus
10+ 4 = 14
2 5 9( 12)
30 = 2 3 5
360 = 23 32 5
has
unique 2 2
2 2 1 2 2 1 1
not
n x = x| + x +{ z: : : + x}
n
a b c
c
( m) b a ( m)
2
5 6 2( 7) 6 5( 7)
5 6 = 30
a
a
1
x x = 1
a n
(n)
a 1 ( n)
a
a 1
(n) 1 1
a a ( n)
a 1
p 1
p (p) = p 1
a
1 (p) 1
a a ap 2
( p)
an = |a a { z: : : a}
n
220
220 = (210) 2
210
21
220 (210 15) 2 ( 15)

(1024 15) 2 ( 15)
42 ( 15)
16 ( 15)
1 ( 15)
3209 ( 19)
209 = 1 27 + 1 26 + 0 25 + 1 24 + 0 23 + 0 22 + 0 21 + 1 20
= 1 128 + 1 64 + 0 32 + 1 16 + 0 8 + 0 4 + 0 2 + 1 1
= 128 + 64 + 16 +1
3209 = 3128+ 64+ 16+ 1

= 3128 364 316 31
3128 ( 19) 364 ( 19)
3128 19 = (364 19) 2 ( 19)
316 17 ( 19)
364 (316) 4 174 16 ( 19)
3128 (364) 2 162 9 ( 19)
3209 = 3128 364 316 31 ( 19)

9 16 17 3 ( 19)
d
k k
P i j
2 2
kj = 1 kj = 0
t
X 1
k= 2i ki
i= 0
ki k i k
t
t 1
t= 3
t
X 1
6= 2i ki
i= 0
X2
= 2i ki
i= 0
= k2 22 + k1 21 + k0 20
= 1 22 + 1 21 + 0 20
(k 2; k1; k0) = (1; 1; 0)
Lj
t
X 1
Lj = 2i j
ki
i= j
L1 k= 6
X2
L1 = 2i 1
ki
i= 1
= 21 k2 + 20 k1
| {z } | {z }
i= 2 i= 1
= 2 1+ 1 1
= 3
Lj k j
multiplying
L j = 2 L j + 1 + kj
k
j
k=
Lj = L2 =
Lj + 1 = L3 =
2 Lj + 1 = 2 L3 =
L2 L3
kj
kj Lj
Hj
Hj = Lj + 1 ( ) Lj = Hj 1
L j = 2 L j + 1 + kj
+ (L j + 1 = H j + 1 1)
L j = L j + 1 + kj + H j + 1 1
+ (L j + 1 = H j + 1 1)
L j = 2 H j + 1 + kj 2
Lj
Hj
8
< 2L kj = 0;
j+1
Lj =
: L
j + 1 + Hj + 1 kj = 1:
8
<L
j + 1 + Hj + 1 kj = 0;
Hj =
: 2H kj = 1:
j+1
gk
8
< g2L j + 1 = gL j + 1 2 kj = 0;
gL j =
: gL j + 1 + H j + 1 = gL j + 1 gH j + 1 kj = 1:
8
< gL j + 1 + H j + 1 = gL j + 1 gH j + 1 kj = 0;
gH j =
: g2H j + 1 = gH j + 1 2 kj = 1:
Lj k j L0 k
k gk
gL 0 gL t 1 g
k
gL 0 = gk gk
kj = 0 gL j gH j
kj = 1
k
def
f or in
if
el s e
r et ur n
bx = y x= by b
x y y b x
36 9( 15) 6 39 ( 15)
intrinsically
a b (a; b) = 1 multi-
plicativeorder a ( b) k
ak = 1( b)
y2 = x 3 ax + b
x 2 + y2 = 1 + dx 2y2
APPENDIX B. ELLIPTIC CURVES
::: 2; 1; 0; 1; 2; : : :
a b ?
a?b
closure closed under

addition
a b c
(a ? b) ? c = a ? (b ? c)
associativity associative
i a?i = i ?a = a
a+ 0= 0+ a = a
a b
a ? b = b? a = i i
a + ( a) = ( a) + a = 0
a; b a ? b = b ? a
commutativity commutative
P Q P+ Q
P Q R P + (Q + R) =
(P + Q) + R
O
P P + O= O+ P = P
P + Q= Q+ P
P; Q
In Advancesin Cryptology - ASIACRYPT ’96, LNCS1163
BIBLIOGRAPHY
Advancesin Cryptology -
EUROCRYPT ’94 - LectureNotesin Computer Science
BIBLIOGRAPHY
Noticesof theAM S
Ļ edesign of Rijndael: AES

— theAdvanced Encryption Standard
BIBLIOGRAPHY
Des. Codes
Cryptography
BIBLIOGRAPHY
Proceedingsof the13th ACM conferenceon

Computer and CommunicationsSecurity
BIBLIOGRAPHY
Journal of Cryptology
GLOSSARY
GLOSSARY
GLOSSARY
N once
GLOSSARY
GLOSSARY
GLOSSARY
ACRONYM S
ACRONYM S
ACRONYM S

Crypto 101

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Crypto 101

Uploaded by

Copyright:

Available Formats

Pomidorkowi

keyed permutation permutation

a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3

a1;0 a1;1 a1;2 a1;3 b1;0 b1;1 b1;2 b1;3

a3;0 a3;1 a3;2 a3;3 b3;0 b3;1 b3;2 b3;3

rot at e 0 a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3

rot at e 1 a1;0 a1;1 a1;2 a1;3 b1;1 b1;2 b1;3 b1;0

rot at e 3 a3;0 a3;1 a3;2 a3;3 b3;3 b3;0 b3;1 b3;2

a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3

a1;0 a1;1 a1;2 a1;3 b1;0 b1;1 b1;2 b1;3

a3;0 a3;1 a3;2 a3;3 b3;0 b3;1 b3;2 b3;3

a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3

a1;0 a1;1 a1;2 a1;3 b1;0 b1;1 b1;2 b1;3

a3;0 a3;1 a3;2 a3;3 b3;0 b3;1 b3;2 b3;3

k0;0 k0;1 k0;2 k0;3

k1;0 k1;1 k1;2 k1;3

k2;0 k2;1 k2;2 k2;3

k3;0 k3;1 k3;2 k3;3

E (k1; E (k2; E (k3; p)))

C0 P10; P20; P30

P10 = D (k; C1) IV

P30 = D (k; C1) Z

whatever they want it to say

0 1 2 3 ::: 254 255

0 1 2 3 ::: 254 255

S ::: ::: :::

::: ::: :::

i j = j + S[i ] j S[i ] S[j ]

::: ::: :::

::: ::: ::: :::

CW ((k1; k2); n; M ) = F (k1; n) O(k2; M )

(k 1; k2) = (k1 ; (a; b))

# bef or e r eachi ng t he desi r ed l engt h.

root mean square

perfect forward secrecy

equivalent modulo somemodulus

220 (210 15) 2 ( 15)

3209 = 3128+ 64+ 16+ 1

3128 ( 19) 364 ( 19)

3128 19 = (364 19) 2 ( 19)

3209 = 3128 364 316 31 ( 19)

(k 2; k1; k0) = (1; 1; 0)

closure closed under

Ļ edesign of Rijndael: AES

Proceedingsof the13th ACM conferenceon

You might also like