Crypto 101

Pomidorkowi
CONTENTS
CONTENTS
CONTENTS
CONTENTS
CHAPTER 1. ABOUT THISBOOK
how
why
that’sa bug
CHAPTER 4. ACKNOWLEDGM ENTS
CHAPTER 5. EXCLUSIVE OR
ki
Pi Ci
ki
Pi Ci
pi i
ki
pi ci
0 0= 0 1 0= 1
0 1= 1 1 1= 0
a b= b a
a b
a a= 0 a 0 0= 0
a 1 1= 0
a 0= a a
0 0= 0 a 1 0= 1
a b a= b
a b a= a a b
= 0 b
= b
commutativity commutative
bitwise
73 87 = 0b1001001 0b1010111
1 0 0 1 0 0 1
=
1 0 1 0 1 1 1
= 0 0 1 1 1 1 0
= 0b0011110
= 30
ki ki
Pi Ci Pi
perfect security
ci
pi
ki
Alice Bob
ki ki
Pi Ci Pi
Eve
c1 c2 = (p1 k) (p2 k) ( )
= p1 k p2 k ( )
= p1 p2 k k (a b= b a)
= p1 p2 0 (x x = 0)
= p1 p2 (x 0 = x)
p1
p2
Ci K
Cj
K
Cj Pj = (Pj K) Pj
= K Pj Pj
= K 0
= K
Pi = Ci K i
pi any
all
k = ci pi
k
pi = ci k
put
together
E
P C k
C = E (k; P )
CHAPTER 6. BLOCK CIPHERS
block size
D
C k
P
P = D (k; C)
k k
P C P
E D
keyed permutation permutation
keyed
24 = 16
0 F
1 E
2 D
3 C
4 B
5 A
6 9
7 8
E k
0
F
5
C
6 4
9
B 3
1
E
D
2
7
8 A
k
0
F
5
C
6 4
9
B 3
1
E
D
2
7
8 A
k
1
A
C
2
7
9
0
F D
5
6
8
4
3 E
B
24 =
16
2128 1038:5
n! n
n
n
n! = 1 2 3 : : : (n 1) n
5! = 120 10! =
3628800
(2128)!
2128 (2128)!
2128 2256
8 8
x x S(x) = 0 x S(x) =
x x x
a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3
a1;0 a1;1 a1;2 a1;3 b1;0 b1;1 b1;2 b1;3

!
7
a2;0 a2;1 a2;2 a2;3 b2;0 b2;1 b2;2 b2;3
a3;0 a3;1 a3;2 a3;3 b3;0 b3;1 b3;2 b3;3
4 4
rot at e 0 a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3
rot at e 1 a1;0 a1;1 a1;2 a1;3 b1;1 b1;2 b1;3 b1;0

!
7
rot at e 2 a2;0 a2;1 a2;2 a2;3 b2;2 b2;3 b2;0 b2;1
rot at e 3 a3;0 a3;1 a3;2 a3;3 b3;3 b3;0 b3;1 b3;2
a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3
a1;0 a1;1 a1;2 a1;3 b1;0 b1;1 b1;2 b1;3

!
7
a2;0 a2;1 a2;2 a2;3 b2;0 b2;1 b2;2 b2;3
a3;0 a3;1 a3;2 a3;3 b3;0 b3;1 b3;2 b3;3
c(x)
a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3
a1;0 a1;1 a1;2 a1;3 b1;0 b1;1 b1;2 b1;3

!
7
a2;0 a2;1 a2;2 a2;3 b2;0 b2;1 b2;2 b2;3
a3;0 a3;1 a3;2 a3;3 b3;0 b3;1 b3;2 b3;3
k0;0 k0;1 k0;2 k0;3
k1;0 k1;1 k1;2 k1;3
k2;0 k2;1 k2;2 k2;3
k3;0 k3;1 k3;2 k3;3

C = E D E S (k 1; D D E S (k 2; E D E S (k3 ; p)))
k3 = k1 k1 = k 2 = k3
E (k1; E (k2; E (k3; p)))

CHAPTER 7. STREAM CIPHERS
:::
| {z } | {z } | {z }
# # #
z }| { z }| { z }| {
:::
:::
| {z } | {z } | {z }
# # #
z }| { z }| { z }| {
:::
128
24
passive
active
A
S
C = E CB (E k ; AkS)
C
k S
S k
C
A
once
S s0
s0
E k (Aks0 ) CR1
s0
CR1
A
b 1 1
A S
s0
f f
k
k
A
b
E
E
CR 1
a
S
A
s0 s1
b 2 2
A S
s0 s1
k E
CR 2
s0 Aks0
s1
A S
s0 a
f k E
p b
p
28 = 256 b
p p : : : p = pb
| {z }
b
25616
256
16 = 4096
ahead of time
P1 P2 P3
IV
k E k E k E
:::
C1 C2 C3
C1 C2 C3
:::
k D k D k D
IV
P1 P2 P3
I VA
I VM
G
PM = I VM I VA G
I VM
CM = E (k; I VM PM )
= E (k; I VM (I VM I VA G))
= E (k; I VA G)
P P1 P2 P3
k k
C = C1C2 C3
C 0 = C1 Z C1 Z
C0 P10; P20; P30
P10 = D (k; C1) IV

= D (k; C1) k
= P1
P20 = D (k; Z ) C1
= R
P30 = D (k; C1) Z

= D (k; C1)
= P1 IV
P10 = P1
P30 = P1 IV
(P1 I V) P1 = I V
stronger
are
whatever they want it to say
X X
Ci X Ci+ 1
:::
k D k D
:::
Pi0 Pi+ 1 X
Ci
Pi0
after
X
Pi + 1 X
Pi + 1
X
Pi0+ 1 = Pi + 1 X
= Pi + 1 ; = ;
= ; = ;
= ; = ;
may
constructing
padding oracle
R = r 1; r 2 : : : r b
Ci
RkCi
R = r 1r 2 : : : r b Ci
k D k D
IV
PR Pi = p1p2 : : : pb
previous
R
R rb
R RkCi
R
RkCi
Pi
every
and
C R
Pi
Pi R
R RkCi
Pi
p0 p1p2p3p4
p0 : : :
R
Pi p0 p00
p00 p1p2p3p4
p1 p2 p3 p4
is
R Pi
p00 p01p02p03p04
Ci
D (Ci )[b] rb
D (Ci )[b] rb =
D (Ci )[b] = rb
Ci
D (Ci )[b] rb =
almost
D (Ci )[b] rb =
=
b 1
why
slightly faster
timing attack
side-channel attack
synchronous
k C k C
Ki Ki
Ci
Pi Pi
asynchronous self-synchronizing
alleged
permutation
S
S
i; j S
S
identity permutation
0 1 2 3 ::: 254 255
0 1 2 3 ::: 254 255
j
j
S ::: ::: :::
Si Sj
Ki
K ::: :::
j S[i ] S[j ]
::: ::: :::
0 1 i j 254 255
f r om i t er t ool s i mpor t
def
f or in
f or in
r et ur n
S
i j = j + S[i ] j S[i ] S[j ]
::: ::: :::
0 1 i j 254 255
S[i ] S[j ]
S S[S[i ] + S[j ]]
Ki
::: ::: ::: :::
0 1 j i Si + Sj 255
Ki
def
f or in
y i el d
ki ki
Pi Ci Pi
k C k C
Ki Ki
Ci
Pi Pi
ki Ki
twice
k n kkn
n
k
224 226
k
+
i
(0; 0) i = 1 2 16 (1 + 2 9)
(0; 0) i 2
6 f 1; 255g 2 16 (1 + 2 8)
(0; 1) i 2
6 f 0; 1g 2 16 (1 + 2 8)
16
(0; i + 1) i 2
6 f 0; 255g 2 (1 + 2 8 )
16
(i + 1; 255) i =
6 254 2 (1 + 2 8 )
(255; i + 1) i 2
6 f 1; 254g 2 16 (1 + 2 8)
(255; i + 2) i 2
6 f 0; 253; 254; 255g 2 16 (1 + 2 8)
16
(255; 0) i = 254 2 (1 + 2 8 )
(255; 1) i = 255 2 16 (1 + 2 8)
(255; 2) i 2 f 0; 1g 2 16 (1 + 2 8)
(255; 255) i =
6 254 2 16 (1 + 2 8)
16
(129; 129) i = 2 2 (1 + 2 8 )
2 8 28
2 8
2 8 2 8 = 2 16
16 k
2 (1 + 2 )
i = 1 0
1+ 2 9
255
0; 1; 2; 255
k Pi
N k00: : : ki E Ci
N
i
Pi
Ci
N k00 : : : ki
N i
E k Si
Pi
Ci
pi si si = pi
n
n(n 1)
2
squared
authenticate
CHAPTER 8. KEY EXCHANGE
one-way
why
secret
y gx ( p)
x y g p
p g
x y
rA rB
mA mB
m A = gr A ( p)
m B = gr B ( p)
r m = gr ( p)
s = (gr A ) r B ( p)
(gr A ) r B ( p) = (gr B ) r A ( p)
rA rB
g
mA = gr A ( p) mB = gr B ( p)
rA rB
h p i
L 1/ 3; 3 64/ 9
p
L [1; 1/ 2] = O( n)
CHAPTER 9. PUBLIC-KEY ENCRYPTION
hybrid
p q
N
encryption exponent e
(N ; e)
M C
C Me ( N)
d decryption exponent C M
p q
d
M Cd ( N)
d
d
(N ; e)
M C
(N ; e)
C Me ( N)
N
p q p q
would
implementation
e
Pe P1 P
( N)
(n k p) (p) (k)
M 0: : : R
(n k)
(n k) (k)
(n k) ! (k)
X Y
(n k) (k)
X kY n
n N
R k k
n k
n k k
R M k000 : : :
G H
G k
n k H n k
k
X Y
X kY k
X kY X
n k Y k
M M k000 : : :
M k000 : : : = X G(R)
G(R)
G(R) = H (X ) Y
H
G X Y
M
H G
cryptographic
CHAPTER 10. HASH FUNCTIONS
will
m h pre-image
resistance
m m0
second pre-imageresistance
m; m 0
collision resistance
rainbow tables
2160
harder
as
H (M 1) H (M 1 kM 2 )
M1 H (M 1)
M1
H (M 1 ) ŀ xation
448 ( 512)
H (M 1kM 2 ) H (M 1)
H (M 1 kGkM 2 ) G gluepadding
glues
M1
M1
Mi A i = H (SkM i )
S
Mi
Ai
can’t
abused
CHAPTER 11. M ESSAGE AUTHENTICATION CODES
signature
algorithm
chosen messageattack
mi
ti
existential forgery
(m; t)
t0 m0
t0 mi
not
C=
E (K C ; P ) t = M AC(K M ; P )
C t
t = M AC(K M ; P ) C = E (K C ; P kt)
C t
C
C = E (K C ; P ) t = M AC(K M ; C)
C t
not
provable
t = H (kkm)
t H
H (k)
almost
k
k
kkmkp k
m p
m0
kkmkpkm 0
kkmkpkm 0kp0
exactly
mkpkm 0
k
gluepadding
m m0
def
f or in
r et ur n
t = H (mkk)
t = H (kkmkk)
m
k
pi n n er k
(= 0x3636 : : :)
f
b bit s
k
pou t er k
(= 0x5c5c: : :)
f
b bit s
pi nner
pout er
pi n ner pout er
p
a b
p
t = m a+ b ( p)
m
p m
M mi
P
t = (m n an + + m 1 a) + b ( p)
| {z }
P (M ;a)
P (M ; a) = a (a (a ( ) + m2) + m 1) + b ( p)
p
a; b
a b
m1; m2 (a; b)
t 1 = m1 a + b ( p)
t 2 = m2 a + b ( p)
a; b
t1 t 2 = (m 1 a + b) (m 2 a + b) ( p)
+
t1 t 2 = m1 a + b m2 a b ( p)
+ b b
t1 t 2 = m1 a m2 a ( p)
+ a
t1 t 2 = a (m 1 m 2) ( p)
+ (m 1 m2)
1
a = (t 1 t 2 )(m 1 m2) ( p)
a t1 t2 b
t 1 = m1 a + b ( p)
+
b = t1 m1 a ( p)
O
n F
CW ((k1; k2); n; M ) = F (k1; n) O(k2; M )
O(k2; M )
k1 k2
a b
k2
O
a b k2
(k 1; k2) = (k1 ; (a; b))

F (k1; n) F
O(k2 ; M ) M
O
wrong
about
A E
f encrypt ed
aut hent icat ed
P1 Pn X
:::
1 n X
k E k E k E
1 n ta
C1 ::: Cn t
t X
ta
ta
i
X Pi
P1 Pn
:::
1 n
k E k E
ta
CHAPTER 12. SIGNATURE ALGORITHMS
H
L N
L
L
N
q N N
L p
p 1 q
g
( p) q
g= 2(p 1)/ q ( p)
p 1 g
(p; q; g)
x 0 < x < q
y y = gx ( p)
(p; q; g; y) x
k
q k
k
r; s m
r = (gk ( p)) ( q)
1
s= k (H (m) + xr ) ( q)
q
q k
m
(r; s)
1
w= s ( q)
u1 = wH (m) ( q)
u2 = wr ( q)
v = (gu 1 yu 2 ( p)) ( q)
v r
k
(r i ; si )
mi k
(r 1; s1) (r 2; s2 ) m1 m2
s1 s2
1
s1 = k (H (m 1) + xr 1) ( q)
1
s2 = k (H (m 2) + xr 2) ( q)
r1 r2
r i = gk ( q)
k r k
ri x
si
1 1
s1 s2 = k (H (m 1) + xr ) k (H (m 2) + xr ) ( q)
1
= k ((H (m 1 ) + xr ) (H (m 2) + xr )) ( q)
1
= k (H (m 1) + xr H (m 2 ) xr ) ( q)
1
= k (H (m 1) H (m 2)) ( q)
1
k = (H (m 1 ) H (m 2 )) (s1 s2) ( q)
H (m 1) H (m 2)
s1
s2
k x
s
k x
1
s= k (H (m) + xr ) ( q)
(r; s)
x
sk = H (m) + xr ( q)
sk H (m) = xr ( q)
1
r (sk H (m)) = x ( q)
H (m) k
k s
1
r ( q)
r q
q
k
k k once
k ri ri
non-repudiation
keys
CHAPTER 13. KEY DERIVATION FUNCTIONS
not
extraction
phase
expansion phase
def
r et ur n
concentrating amplifying
def
” ” ” Ex pands t he k ey , wi t h opt i onal i nf o. ” ” ”
f or in
y i el d
def
” ” ” Col l ec t s out put f r om t he ex pans i on s t ep unt i l enough
has been col l ect ed; t hen r et ur ns t hat out put . ” ” ”
f or in
if
br eak
el s e
# Thi s bl ock i s execut ed when t he f or l oop * i sn’ t *
# t er mi nat ed by t he ‘ ‘ br eak ‘ ‘ s t at ement , whi ch
# happens when we r un out of ‘ ‘ ex pand‘ ‘ out put s
# bef or e r eachi ng t he desi r ed l engt h.

r ai s e Runt i meEr r or
r et ur n
look
CHAPTER 14. RANDOM NUMBER GENERATORS
r
4kB T f
i =
R
p
v= 4kB T R f
root mean square

f T
kB
thermal
could
never
always
Dual _EC_DRBG
(r P )
s (sP ) r (r Q)
P Q
s
s r
P
r = (sP )
r
Q
r Q
o = ( (r Q))
r P
s= (r P )
x
y
216
(r Q)
y2 x 3 + ax + b ( p)
a; b; p
x y
p p
y2 = q = x 3 + ax + b ( p) A = (x; q) =
(x; y)
A rQ
r s
r rQ
Q
e eQ = P
e
A rQ
(eA) = (er Q) = (r P ) ( p)
e; P; Q (r P )
s
e
s o
A right A
216 x
x
215 A
rQ
e eQ = P
P Q
P p Q0
P d
0
Q = dP
e eQ0 = P d Q0 = dP
e
d
s
P Q
actual
how Q
e
Q
d Q = dP d
d
d
219937 1 4 106001
not
S i
seed
tempering
i
seed
def
f or in
r et ur n
0 0= 0 1= 1 0= 0 1 1= 1
def
f or in
if
def
r et ur n
bijective one-to-one
232 32
def
r et ur n
def
f or in
r et ur n
def
f or in
r et ur n
CHAPTER 15. SSL AND TLS
perfect forward secrecy

<i nput
>
class
before
not
sent
CHAPTER 16. OPENPGP AND GPG
only
CHAPTER 17. OFF-THE-RECORD MESSAGING (OTR)
pA ; sA ) (pB ; sB )
E
D
S
r x
E (r; gx ) H (gx )
y gy
authenticate
s = (gy ) x
s c; c0
m 1; m 01 ; m 2 ; m 02
iB
x
(x; g )
M B = M m 1 (gx ; gy ; pB ; i B )
X B = (pB ; i B ; S(pB ; M B ))
r; E c(X B ); M m 2 (E c(X B ))
MB
r
H (gx )
s = (gx ) y
c; c0; m 1; m 01 ; m 2; m 02 m2
M m 2 (E c(X B ))
c
M B = M m 1 (gx ; gy ; pB ; i B )
S(pB ; M B )
iA
(y; gy ) MA = M m 01 (g ; gx ; pA ; i A )
y XA =
pA ; i A ; S(pA ; M A ) E c0(X A ); M m 02 (E c(X B ))
M m 02 (E c(X B ))
XB
E c0(X A ) XA
MA =
M m 01 (gy ; gx ; pA ; i A )
S(pA ; M A )
0
APPENDIX A. MODUL AR ARITHMETIC
2+ 5 = 7
10 2= 8
(10 + 4) 12 = 2
(2 5) 12 = 9
( 12)
=
10 + 4 2 ( 12)
2 5 9 ( 12)
equivalent modulo somemodulus
10+ 4 = 14
2 5 9( 12)
30 = 2 3 5
360 = 23 32 5
has
unique 2 2
2 2 1 2 2 1 1
not
n x = x| + x +{ z: : : + x}
n
a b c
c
( m) b a ( m)
2
5 6 2( 7) 6 5( 7)
5 6 = 30
a
a
1
x x = 1
a n
(n)
a 1 ( n)
a
a 1
(n) 1 1
a a ( n)
a 1
p 1
p (p) = p 1
a
1 (p) 1
a a ap 2
( p)
an = |a a { z: : : a}
n
220
220 = (210) 2
210
21
220 (210 15) 2 ( 15)

(1024 15) 2 ( 15)
42 ( 15)
16 ( 15)
1 ( 15)
3209 ( 19)
209 = 1 27 + 1 26 + 0 25 + 1 24 + 0 23 + 0 22 + 0 21 + 1 20
= 1 128 + 1 64 + 0 32 + 1 16 + 0 8 + 0 4 + 0 2 + 1 1
= 128 + 64 + 16 +1
3209 = 3128+ 64+ 16+ 1

= 3128 364 316 31
3128 ( 19) 364 ( 19)
3128 19 = (364 19) 2 ( 19)
316 17 ( 19)
364 (316) 4 174 16 ( 19)
3128 (364) 2 162 9 ( 19)
3209 = 3128 364 316 31 ( 19)

9 16 17 3 ( 19)
d
k k
P i j
2 2
kj = 1 kj = 0
t
X 1
k= 2i ki
i= 0
ki k i k
t
t 1
t= 3
t
X 1
6= 2i ki
i= 0
X2
= 2i ki
i= 0
= k2 22 + k1 21 + k0 20
= 1 22 + 1 21 + 0 20
(k 2; k1; k0) = (1; 1; 0)
Lj
t
X 1
Lj = 2i j
ki
i= j
L1 k= 6
X2
L1 = 2i 1
ki
i= 1
= 21 k2 + 20 k1
| {z } | {z }
i= 2 i= 1
= 2 1+ 1 1
= 3
Lj k j
multiplying
L j = 2 L j + 1 + kj
k
j
k=
Lj = L2 =
Lj + 1 = L3 =
2 Lj + 1 = 2 L3 =
L2 L3
kj
kj Lj
Hj
Hj = Lj + 1 ( ) Lj = Hj 1
L j = 2 L j + 1 + kj
+ (L j + 1 = H j + 1 1)
L j = L j + 1 + kj + H j + 1 1
+ (L j + 1 = H j + 1 1)
L j = 2 H j + 1 + kj 2
Lj
Hj
8
< 2L kj = 0;
j+1
Lj =
: L
j + 1 + Hj + 1 kj = 1:
8
<L
j + 1 + Hj + 1 kj = 0;
Hj =
: 2H kj = 1:
j+1
gk
8
< g2L j + 1 = gL j + 1 2 kj = 0;
gL j =
: gL j + 1 + H j + 1 = gL j + 1 gH j + 1 kj = 1:
8
< gL j + 1 + H j + 1 = gL j + 1 gH j + 1 kj = 0;
gH j =
: g2H j + 1 = gH j + 1 2 kj = 1:
Lj k j L0 k
k gk
gL 0 gL t 1 g
k
gL 0 = gk gk
kj = 0 gL j gH j
kj = 1
k
def
f or in
if
el s e
r et ur n
bx = y x= by b
x y y b x
36 9( 15) 6 39 ( 15)
intrinsically
a b (a; b) = 1 multi-
plicativeorder a ( b) k
ak = 1( b)
y2 = x 3 ax + b
x 2 + y2 = 1 + dx 2y2
APPENDIX B. ELLIPTIC CURVES
::: 2; 1; 0; 1; 2; : : :
a b ?
a?b
closure closed under

addition
a b c
(a ? b) ? c = a ? (b ? c)
associativity associative
i a?i = i ?a = a
a+ 0= 0+ a = a
a b
a ? b = b? a = i i
a + ( a) = ( a) + a = 0
a; b a ? b = b ? a
commutativity commutative
P Q P+ Q
P Q R P + (Q + R) =
(P + Q) + R
O
P P + O= O+ P = P
P + Q= Q+ P
P; Q
In Advancesin Cryptology - ASIACRYPT ’96, LNCS1163
BIBLIOGRAPHY
Advancesin Cryptology -
EUROCRYPT ’94 - LectureNotesin Computer Science
BIBLIOGRAPHY
Noticesof theAM S
Ļ edesign of Rijndael: AES

— theAdvanced Encryption Standard
BIBLIOGRAPHY
Des. Codes
Cryptography
BIBLIOGRAPHY
Proceedingsof the13th ACM conferenceon

Computer and CommunicationsSecurity
BIBLIOGRAPHY
Journal of Cryptology
GLOSSARY
GLOSSARY
GLOSSARY
N once
GLOSSARY
GLOSSARY
GLOSSARY
ACRONYM S
ACRONYM S
ACRONYM S

Crypto 101

Uploaded by

Copyright:

Available Formats

Crypto 101

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Crypto 101

Uploaded by

Copyright:

Available Formats

Pomidorkowi

keyed permutation permutation

a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3

a1;0 a1;1 a1;2 a1;3 b1;0 b1;1 b1;2 b1;3

a3;0 a3;1 a3;2 a3;3 b3;0 b3;1 b3;2 b3;3

rot at e 0 a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3

rot at e 1 a1;0 a1;1 a1;2 a1;3 b1;1 b1;2 b1;3 b1;0

rot at e 3 a3;0 a3;1 a3;2 a3;3 b3;3 b3;0 b3;1 b3;2

a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3

a1;0 a1;1 a1;2 a1;3 b1;0 b1;1 b1;2 b1;3

a3;0 a3;1 a3;2 a3;3 b3;0 b3;1 b3;2 b3;3

a0;0 a0;1 a0;2 a0;3 b0;0 b0;1 b0;2 b0;3

a1;0 a1;1 a1;2 a1;3 b1;0 b1;1 b1;2 b1;3

a3;0 a3;1 a3;2 a3;3 b3;0 b3;1 b3;2 b3;3

k0;0 k0;1 k0;2 k0;3

k1;0 k1;1 k1;2 k1;3

k2;0 k2;1 k2;2 k2;3

k3;0 k3;1 k3;2 k3;3

E (k1; E (k2; E (k3; p)))

C0 P10; P20; P30

P10 = D (k; C1) IV

P30 = D (k; C1) Z

whatever they want it to say

0 1 2 3 ::: 254 255

0 1 2 3 ::: 254 255

S ::: ::: :::

::: ::: :::

i j = j + S[i ] j S[i ] S[j ]

::: ::: :::

::: ::: ::: :::

CW ((k1; k2); n; M ) = F (k1; n) O(k2; M )

(k 1; k2) = (k1 ; (a; b))

# bef or e r eachi ng t he desi r ed l engt h.

root mean square

perfect forward secrecy

equivalent modulo somemodulus

220 (210 15) 2 ( 15)

3209 = 3128+ 64+ 16+ 1

3128 ( 19) 364 ( 19)

3128 19 = (364 19) 2 ( 19)

3209 = 3128 364 316 31 ( 19)

(k 2; k1; k0) = (1; 1; 0)

closure closed under

Ļ edesign of Rijndael: AES

Proceedingsof the13th ACM conferenceon

You might also like