EIDMA Cryptography Working Group, Friday October 10, 2003, Utrecht, danilo/ResearchPapers/Crypto...

EIDMA Cryptography Working Group, Friday October 10, 2003, Utrecht, http://www.pmf.ukim.edu.mk/~danilo/ResearchPapers/Crypto

Quasigroup transformations and their cryptographic potentials

Ass. Prof. Danilo GligoroskiInstitute of Informatics, Faculty of Natural Sciences,

Skopje, Republic of Macedonia


Overview

• Examples and definitions of latin squares and quasigroups

• Latin squares in mathematics• Latin squares in cryptology• Examples and definitions of quasigroup string

transformations• Edon block cipher• Edon stream cipher• Edon-C hash function• Edon-PRNG• Quasigroup Cryptanalysis, definition and examples• Conclusions and future work


Examples

0 1 2 3

0 2 1 0 3

1 3 0 1 2

2 1 2 3 0

3 0 3 2 1

A Quasigroup (Q,)

2 1 0 3

3 0 1 2

1 2 3 0

0 3 2 1

A Latin Square

0 1 2 3

1 2 3 0

2 3 0 1

3 0 1 2

A Latin Square

2 1 0 3

1 2 3 0

3 0 1 2

0 3 2 1

A Latin Square


Examples (cont.)

0 1 2 3

0 2 1 0 3

1 3 0 1 2

2 1 2 3 0

3 0 3 2 1

A Quasigroup (Q,)

Every quasigroup has 5 conjugates (parastrophes).

0 1 2 3

0 2 1 0 3

1 1 2 3 0

2 3 0 1 2

3 0 3 2 1

0 1 2 3

0 2 3 1 0

1 1 0 2 3

2 0 1 3 2

3 3 2 0 1

0 1 2 3

0 3 2 0 1

1 1 0 2 3

2 0 1 3 2

3 2 3 1 0

0 1 2 3

0 2 1 3 0

1 1 2 0 3

2 0 3 1 2

3 3 0 2 1

0 1 2 3

0 3 1 0 2

1 2 0 1 3

2 0 2 3 1

3 1 3 2 0

xy=z xz=y xy=z yx=z xy=z yz=x xy=z zx=y xy=z zy=x


Definitions


Definitions (cont.)• Wolf, M. 1989. “Nondeterministic Circuits, Space Complexity and Quasigroups”,

Computer Sciences Technical Report #870. Computer Sciences Department, University of Wisconsin -- Madison.

• "Definition: A Latin square is an n x n grid with each of the integers 1,2,...,n appearing exactly once in each row and column."

• "If each of the integers 1,2,...,n appears as a label for exactly one row and exactly one column then the Latin square can be viewed as a multiplication table of a quasigroup. We formalize the definitions of groups and quasigroups by considering the following four properties of a set Q with an associated binary operation *. For all a,b,c in Q:

– (1) There is a unique x such that a*b=x. – (2) There is a unique x such that a*x=b. – (3) There is a unique x such that x*a=b. – (4) (a*b)*c=a*(b*c)

• Definition: Q is a quasigroup if * satisfies properties 1,2 and 3.

• Definition: Q is a group if * satisfies properties 1,2,3, and 4.


A short mathematical history about Latin Squares

• First written reference in 1723• 36 officers problem – Euler 1779, introduced the phrase “Latin

square”• Steiner (1853) proposed the problem of arranging N things in

triplets, such that every pair occurs in just one and only one triplet. Such an arrangement may be called a simple triplet system or a Steiner's triplet system.

• 1870’s - 1890 A. Cayley (multiplication table of a group – Cayley table is Latin square)

• 1873-1890, E. Shroeder (about quasigroups with identity element – loop)

• 1930’s Moufang (close connection between projective planes and non-associative quasigroups)

• F. Yates (1936), - Balanced Incomplete Block Design• 1960’s – 2000’s Enumeration of latin squares of order n, Critical

sets in Latin Squares and Quasigroup Completion Problem.


• 1995 -- McKay, B. and E. Rogoyski. 1995. Latin Squares of Order 10. Electronic Journal of Combinatorics. 2(3): 1-4.

Table 1: Numbers of normalized Latin rectangles)

For n=256, T>>1058000 ??!!??

• To obtain the total number of Latin rectangles, not necessarily normalized, multiply L(n,n) by n!(n-1)! i.e. T=L(n,n) n! (n-1)!

A short mathematical history about Latin Squares (cont.)

n L(n,n)

1 1

2 1

3 1

4 4

5 56

6 9,408

7 16,942,080

8 535,281,401,856

9 377,597,570,964,258,816

10 7,580,721,483,160,132,811,489,280

n L(n,n)

11 5.36x1033

12 1.62x1044

13 2.51x1056

14 2.33x1070

15 1.5x1086

16 1.0x10102

Table 2. Estimates of L(n,n) for larger n.


A short cryptology history about Latin Squares

• 1949 – Shannon, C. Communication Theory of Secrecy Systems. Bell System Technical Journal. 28: 656-715. "Perfect systems in which the number of cryptograms, the number of messages, and the number of keys are all equal are characterized by the properties that (1) each M is connected to each E by exactly one line, (2) all keys are equally likely. Thus the matrix representation of the system is a ‘Latin square’." (p. 681)


A short cryptology history about Latin Squares (cont.)

• S-boxes in Substitution/Permutation Networks block ciphers – every S-box can be seen as row or column of an quasigroup (some examples)– Lucifer 1970’s (uses two S-boxes mapping 4 bits to

4 bits)– As two rows of a quasigroup of order 16.

– DES 80’s (uses 8 S-boxes mapping 6 bits to 4 bits)– 8 rows of 8 Latin squares of order 64x64.

– AES 1999, (one S-box mapping 8 bits to 8 bits)– One row of a quasigroup of order 256.



• “Non-Expanding, Key Minimal, Robustly-Perfect, Linear and Bilinear Ciphers”, by Massey, Maurer and Wang, (Advances in Cryptology -- EUROCRYPT '87. 237-247. Springer-Verlag). Section 2 introduces the notion of a robustly-perfect block cipher and shows the connection of such ciphers to Latin squares.

• "Discrete Mathematics Using Latin Squares" by Laywine and Mullen, Chapter 14, covers:– 14.2 encryption based upon the theory of sets of MOLS– 14.3 secret sharing schemes based on critical sets– 14.4 Diffie-Hellman key exchange and RSA in the group of

row-Latin squares• "DESV: A Latin square variation of DES" by Carter, Dawson,

and Nielsen (Proceedings of the Workshop on Selected Areas in Cryptography, Ottawa, Canada, 1995)

• "Black box cryptanalysis of hash networks based on multipermutations“ Schnorr and Vaudenay (Eurocrypt '94 pp47-57)



• Denes and Keedwell, 1992, Authentication scheme based on Latin squares

• Bakhtiari, Safavi-Naini, Pieprzyk, 1997, MAC based on Latin Squares

1 0 1 2 3

0 2 1 0 3

1 3 0 1 2

2 1 2 3 0

3 0 3 2 1

2 0 1 2 3

0 0 1 2 3

1 1 0 3 2

2 3 2 1 0

3 2 3 0 1

f

3 0 1 2 3

0 1 0 3 2

1 0 1 2 3

2 3 2 1 0

3 2 3 0 1

f f …

Basic idea

Transformations on quasigroup(s)


Quasigroup string transformations

• 1997 – 2003, Gligoroski, Markovski, Andova, Bakeva, Stojcevska, Kusakatov, Institute of Informatics, Faculty of Natural Sc., Skopje

Basic idea 0 1 2 3

0 2 1 0 3

1 3 0 1 2

2 1 2 3 0

3 0 3 2 1

00102300120010020003

0 0 1 0 2 3 0 0 1 2 0 0 1 0 0 2 0 0 0 3

0 2 1 0 2 3 1 3 0 1 1 3 0 1 3 0 0 2 1 3 1e0()=

0 0 0 1 0 2 3 0 0 1 2 0 0 1 0 0 2 0 0 0 3

2 2 1 3 0 0 0 2 1 1 1 2 1 3 2 0 1 2 2 3d0()=

e0()=21023130113013002131

d0()=22130002111213201223

Letters frequency

0 1 2 3

0.6 0.15 0.15 0.10

e0() 0.25 0.35 0.15 0.25

d0() 0.20 0.30 0.35 0.15

0.6 0.15 0.15 0.10

0.25 0.35 0.15 0.25

0.20 0.30 0.35 0.15


Quasigroup string transformations - definitions


More definitions


Some interesting properties of quasigroup string transformations

Theorem for uniform distribution of letters in transformed strings

Let (Q,) is a quasigroup, aQ, and (Q,) is its corresponding first parastrophe. Then for every string Q+, da (ea())=.


Some interesting properties of quasigroup string transformations (cont.)

Transformation of strings with 4x4 Quasigroups. There are 576 4x4 quasigroups.For every {0,1,2,3}l l=1..6, there is at least one Q and k such that (e0(e0(…(e0())

…)=00…0. (e0() is applied k times)For n=7 there are 45 strings (0.27%) that CAN NOT be transformed in 00…0For n=8 there are 2,517 strings (3.84%) that CAN NOT be transformed in 00…0For n=9 there are 34,455 strings (13.14%) that CAN NOT be transformed in 00…0For n=10 there are 255,732 strings (24.39%) that CAN NOT be transformed in 00…0For n=11 there are 2,042,895 strings (48.71%) that CAN NOT be transformed in 00…0For n=12 there are 10,122,285 strings (60.33 %) that CAN NOT be transformed in 00…0

Transformation of strings with 5x5 QuasigroupsThere are 161280 5x5 quasigroups.I have checked for every {0,1,2,3,4}l l=1..12, and ALWAYS there is at least one Q and k such that (e0(e0(…(e0())…)=00…0. (e0() is applied k times)

Open problemWhat are the smallest lengths of strings in n (n>4) letters alphabet, that can not

be transformed in 00…0?


Edon – block cipher

• Variable length of blocks• Variable length of keys• For embeded systems (hardware

implementation) can use 2 quasigroups of order 16, and their first conjugates. In total 512 bytes for quasigroup storage, and with the code, less then 1024 bytes.

• In software implementation uses 2 quasigroups of order 256, and their first conjugates. In total 256 Kb.


Edon – block cipher (notation)

• Message block: M=m1m2 ... ml of length l bytes.

• Key: K=q1q2 ... qk of length k bytes.

• Inner key string P=p1p2 ... pk of length k bytes.

• Cipher block: C=c1c2 ... cl of length l bytes.


Edon – block cipher (ENCRYPTION)

I phase: • Key sheduling for obtaining inner key

string P=p1p2 ... pk of length k bytes from the key string K=q1q2...qk.

P:=K;

For i:=1 to k do

begin

If (q[i] mod 2)=0 then

P:=(e transform of P with first quasigroup and leader q[i]);

Else

P:=(d transform of P with second quasigroup and leader q[i]);

If i<k then RotateRight(P);

end;

II phase: • Encryption of a message block

Mj=m1m2 ... ml of length l bytes with the inner key string P=p1p2 ... pk of length k bytes.

For i:=1 to k do

begin

If (p[i] mod 2)=0 then

M:=(e transform of M with first quasigroup and leader p[i]);

Else

M:=(d transform of M with second quasigroup and leader p[i]);

If i<k then RotateRight(M);

end;


Edon – block cipher (ENCRYPTION)

llkl

kl

kk ccccCmmmm 121121 ......


Edon – block cipher (DECRYPTION)

I phase: • Key sheduling for obtaining inner key

string P=p1p2 ... pk of length k bytes from the key string K=q1q2...qk.

P:=K;

For i:=1 to k do

begin

If (q[i] mod 2)=0 then

P:=(e transform of P with first quasigroup and leader q[i]);

Else

P:=(d transform of P with second quasigroup and leader q[i]);

If i<k then RotateRight(P);

end;

II phase: • Dencryption of a block Cj=c1c2 ... cl of

length l bytes with the inner key string P=p1p2 ... pk of length k bytes.

For i:=k downto 1 do

begin

If (p[i] mod 2)=1 then

C:=(e transform of C with parastrophe of second quasigroup and leader p[i]);

Else

C:=(d transform of C with parastrophe of first quasigroup and leader p[i]);

If i>1 then RotateLeft(C);

end;


Edon – block cipher (DECRYPTION)

llkl

kl

kk mmmmMcccc 121121 ......


Edon – block cipher (Cryptanalysis)

• Variable length of a key means that it has variable number of rounds

• Different usage of e or d transformation has a role of “confusion” and “diffusion”

• Differential cryptanalysis after 4 rounds shows uniform distribution for almost every pair of two quasigroups.


Edon – block cipher (Cryptanalysis) (cont.)


Edon – stream cipher (ENCRYPTION)

• For i:=1 to k doIf (p[i] mod 2)=0begin

M:=(e transform of M, with first quasigroup and with leader p[i]);p[i]:=m[l];

endelse begin

temp:=m[l];M:=(d transform of M, with second quasigroup and with leader p[i]);p[i]:=temp;

end;

No key sheduling.

Inner key string P=p1p2 ... pk =K=q1q2...qk.


Edon – stream cipher (DECRYPTION)

• For i:=k downto 1 do

If (p[i] mod 2)=1

begin

C:=(e transform of C, with the parastrophe of second quasigroup and with leader p[i]);

p[i]:=c[l];

end

else begin

temp:=c[l];

C:=(d transform of C, with the parastrophe of first quasigroup and with leader p[i]);

p[i]:=temp;

end;


Edon – stream cipher (ENCRYPTION) (cont.)


Edon – C, cryptographic hash function

• Hash output length N can be variable

• Security properties doesn’t depend on initialization vector – easy transformation in MAC

• Restriction: In the quasigroup should be no element x such that xx=x


Edon – C, cryptographic hash function (cont.)

• Message block: M=m1m2 ...ml of length l bytes.

• Output hash length N.

• Initialisation vector H0=h1h2 ...hN

• Quasigroup cyclic vector transformation

defined as: If =a0a1 ...aN-1, =b0b1 ...bN-1

then

NN QQC :

)( C


Edon – C, cryptographic hash function (cont.)

Algorithm

1. Pad the message M=m1m2 ...ml and obtain new message M’ such that the length L of the new message is multiple of N i.e. L=N by this transformation:

2. Initialize the hash vector H0=h1h2 ...hN

3. For i=1 to do Hi=C(MiHi-1)

4. Output H


Edon – PRNG

• Uses K internal states of random function represented as a vector M=m1m2 ... mK

• For cryptographic purposes K should be at least 16.

• Seed is the initial value of the vector M.

• One quasigroup of order 256.

1.Initialize PRNG Vector M takes initial K values i.e. M=m1m2 ... mK 2. Get next 32 bit random number

For i:=1 to 8 do M:=e0(M) next_32_bit_random=

mk||mk-2||mk-4||mk-6

|| is concatenation.We made more then 1000 experiments to check the quality of produced random files (with Diehard and FIPS1402), and

never find any situation of falling on some test.

Our claims that this PRNG is secure are based on the fact that produced 32 bit random number is concatenation of non-neighbouring bytes after 8 rounds of quasigroup string transformation of the seed vector.


• This “encrypting” scheme is easy breakable with the “known plaintext” attack (if the quasigroup is known).

Quasigroup cryptanalysis (work in progress)

• For one quasigroup (Q,) define the following string transformation (QCA2):

• Transform a message block Mj=m1m2 ... mk of length k bytes with the key string P=p1p2 ... pk with the following procedure:

For i:=1 to k do

Begin

M:=(e transform of M with leader p[i]);

If i<k then RotateRight(M);

end;

m1 m2 m3 m4 m5 m6 m7

p1

p2

p3

p4

p5

p6

p7 c1 c2 c3 c4 c5 c6 c7


Quasigroup cryptanalysis (work in progress) (cont.)

Algorithm QCA2• 1. Convert a stream of pairs {Mi,Ci} i=1,2,…, obtained by some

cryptographic source (algorithm X) into a number base n.

• 2. Choose an arbitrary key string P=p1p2 ... Pk where elements pj are in the base n.

• 3. Search for a quasigroup (Q,) such that QCA2(Mi)=Ci for as much as possible values of i, until the number of elements in the corresponding partial Latin square is ~30% of n2.

• 4. Try to solve Quasigroup Completion Problem with the obtained partial latin square and to obtain a quasigroup (Q,).

• If the probability P{Q(P,M)=C}> for C=X(M), then we say that QCA2 has broken the algorithm X with success rate .



Some experiment results

• Experiment 1: RSA system where n has small value (12 bits). A latin square of order 64x64 that with QCA2 can successfully simulate ~27% the work of RSA.

• Experiment 2: RSA system where n has small value (20 bits). A latin square of order 64x64 that with QCA2 can successfully simulate ~10% the work of RSA.

• Experiment 3: AES encryption in ECB mode of 1,000,000 blocks of 128 bits “PT” – every block is different. Produced file “CT” is passing every known statistical test of randomness. Then I applied QCA2 on “PT” and “CT” and it proposed around 100 quasigroups of order 256. Around 10% of them can bijectively transform “CT” such that transformation fails drasticly on statistical tests.


18 5 24 1 10 17 19 3 8 23 26 6 12 27 20 9 29 0 22 33 39 28 30 38 13 16 21 25 31 36 2 14 4 7 37 15 11 32 34 3538 13 10 35 21 31 29 34 0 9 11 25 14 6 12 15 24 5 4 16 22 17 2 18 19 8 37 7 1 20 26 23 3 27 28 32 30 33 36 391 12 4 38 8 14 3 13 19 15 5 31 32 18 11 26 33 39 16 28 36 10 17 0 2 34 6 29 35 7 20 30 21 22 9 23 24 37 25 279 2 14 16 27 32 18 30 20 34 31 29 8 13 7 24 21 11 36 37 28 0 19 33 5 6 39 3 17 22 15 35 23 10 38 4 25 26 12 127 24 12 3 1 29 4 26 21 6 30 5 19 20 34 16 37 13 31 39 25 7 32 23 8 9 18 17 36 0 35 10 11 14 15 22 33 28 2 388 22 17 28 37 15 21 24 27 25 1 11 30 2 0 29 35 36 32 4 34 16 9 5 18 23 31 6 33 10 7 26 12 38 39 3 13 19 14 2015 14 13 17 11 6 5 35 9 18 38 16 28 36 37 39 4 19 7 22 0 20 25 3 10 21 33 2 12 23 27 24 8 26 29 31 32 30 1 3423 4 28 7 5 39 11 32 38 35 2 0 21 33 15 25 26 16 24 14 29 6 27 13 22 19 10 37 30 8 9 12 20 34 1 36 17 3 18 3111 0 3 31 2 16 7 17 10 19 15 20 1 12 4 18 39 6 13 38 8 22 14 21 23 33 28 24 26 34 25 29 27 32 35 5 36 9 37 3028 6 8 21 29 1 20 36 2 22 4 14 5 34 30 27 3 7 38 19 9 11 37 39 31 18 12 0 23 33 24 13 25 35 10 16 26 17 15 327 16 2 4 33 18 22 15 28 36 23 17 25 24 26 30 19 27 21 0 31 29 20 34 37 10 32 9 11 12 14 8 35 39 5 38 1 13 6 330 18 0 36 25 3 23 27 22 11 16 34 20 10 13 4 1 12 33 5 38 8 28 14 21 35 24 15 19 37 29 31 2 17 26 39 6 7 32 96 15 19 34 7 8 2 1 23 16 17 13 22 29 14 20 10 3 18 12 21 26 0 24 36 32 35 11 25 27 28 4 9 31 30 33 37 38 39 52 25 5 32 4 19 24 20 1 33 22 3 26 14 18 6 16 31 8 21 7 34 35 27 15 28 36 23 9 39 30 11 10 29 12 17 38 0 13 3734 11 36 27 16 22 6 25 18 5 21 1 35 0 17 23 15 26 20 29 10 12 3 32 4 24 9 28 37 38 13 7 39 19 31 30 8 14 33 222 17 32 37 23 5 9 6 11 24 12 21 27 25 2 1 28 29 15 20 35 13 16 19 38 30 14 26 18 31 33 34 7 36 3 8 39 4 10 016 21 22 39 9 12 32 7 35 17 14 15 38 19 29 8 25 20 23 13 30 1 4 26 0 27 2 5 6 11 34 18 28 24 33 37 31 10 3 3624 8 35 9 12 20 13 14 15 21 6 26 3 22 33 28 27 10 25 32 37 36 34 2 29 7 11 38 39 1 0 5 16 23 17 19 4 31 30 1813 36 9 33 18 34 14 29 12 26 19 22 0 32 6 2 7 17 27 35 1 37 5 31 16 38 3 21 4 24 39 15 30 20 8 25 28 11 23 1035 20 38 15 39 21 1 28 33 27 25 23 16 3 36 19 11 18 6 2 12 24 22 17 7 37 8 10 0 9 31 32 13 30 14 26 34 29 5 412 7 18 30 13 33 36 22 24 28 20 2 10 26 32 35 5 21 9 11 23 14 1 37 25 4 15 16 38 17 8 39 29 3 19 0 27 34 31 637 31 27 5 0 4 25 2 39 38 3 28 9 11 16 10 8 1 14 23 6 15 12 20 17 13 19 30 21 26 32 36 34 33 18 29 22 35 24 721 9 29 24 31 30 26 23 37 7 0 38 15 35 19 34 32 33 10 25 3 5 18 36 11 12 17 8 20 28 16 6 22 1 27 14 2 39 4 1336 37 6 8 35 0 27 5 26 12 39 4 17 15 21 3 30 9 1 18 32 31 24 22 28 25 34 13 2 29 19 33 38 11 16 10 20 23 7 1426 19 16 13 14 35 39 31 25 29 18 12 37 30 24 21 34 15 17 7 33 3 23 9 27 11 5 20 22 6 36 28 0 4 32 1 10 2 38 810 35 39 23 30 36 16 4 17 8 29 33 24 9 31 22 12 14 19 26 27 32 6 7 20 15 13 34 5 21 38 25 37 2 0 18 3 1 28 1117 32 33 6 26 23 28 16 13 39 34 18 4 38 35 31 20 22 29 24 2 19 36 25 3 0 27 1 10 30 21 37 14 8 7 9 15 5 11 124 3 37 10 32 38 30 11 29 31 27 19 34 39 25 33 18 23 35 36 24 9 13 1 6 20 0 22 7 16 5 2 26 12 21 28 14 8 17 155 23 34 22 15 28 37 8 30 0 32 24 18 4 3 11 31 25 12 10 13 21 33 29 35 39 1 27 14 19 17 38 36 9 20 2 7 6 26 1625 30 31 11 3 2 8 18 7 37 33 27 36 5 23 32 13 24 34 6 14 35 39 28 26 22 38 19 29 15 10 16 1 21 4 20 9 12 0 1729 33 11 18 34 7 31 37 4 10 8 30 23 16 22 0 36 28 39 1 26 25 38 12 24 14 20 32 3 35 6 27 17 13 2 21 5 15 9 1933 26 1 19 22 11 38 10 16 30 35 32 13 37 28 36 17 34 0 3 20 39 7 4 14 29 23 31 15 2 18 9 24 5 25 6 12 27 8 213 27 20 25 17 37 0 21 36 32 13 35 29 23 39 12 2 38 26 9 4 30 15 10 33 31 7 14 8 5 11 1 6 28 24 34 18 16 19 2232 28 21 29 38 9 33 12 31 14 36 39 11 7 1 37 0 35 2 34 15 27 10 8 30 26 22 4 13 25 3 17 5 18 6 24 19 20 16 2331 10 23 12 36 13 34 33 6 3 28 37 7 1 38 5 9 8 30 15 19 2 26 35 32 17 4 39 16 14 22 0 18 25 11 27 29 21 20 2420 29 25 14 24 10 35 9 32 1 37 36 39 8 27 17 38 30 3 31 5 18 11 6 12 2 16 33 28 13 4 19 15 0 34 7 23 22 21 2639 34 30 20 19 26 12 38 5 4 10 7 2 17 9 14 6 32 28 27 16 33 8 15 1 36 29 35 24 3 23 21 31 37 13 11 0 18 22 2519 38 26 2 28 24 10 0 14 20 7 9 6 31 8 13 22 37 5 17 11 4 29 16 39 1 30 36 34 18 12 3 32 15 23 35 21 25 27 330 39 7 26 20 27 15 19 3 13 9 8 31 28 10 38 14 2 37 30 17 23 21 11 34 5 25 18 32 4 1 22 33 6 36 12 16 24 35 2914 1 15 0 6 25 17 39 34 2 24 10 33 21 5 7 23 4 11 8 18 38 31 30 9 3 26 12 27 32 37 20 19 16 22 13 35 36 29 28

Latin square of order 40x40. With QCA2 it can successfully simulate 2.5% ofan RSA system where n has small value and 12 bits.



• Question: How big should be the order of the quasigroup n, such that it can brake an RSA 1024 with a success rate of 1%?

• Answer (speculative): If n=216, then every massage with less then 1024 bits can be represented with 64 letters. For storing one quasigroup of order n=216 we need 8 GB memory. The number of elements in such a quasigroup is 232, and to fullfill 30% of them we will need around ~231 pairs {Mi,Ci}.

• Answer (speculative): If n=224, then every massage with less then 1024 bits can be represented with 43 letters. For storing one quasigroup of order n=224 we need 768 TB memory, and to fullfill 30% of it we will need around ~247 pairs {Mi,Ci}.


Future work with quasigroup transformations in cryptology

In cryptography• Make more cryptoanalysis of

Edon algorithms• Develope protocols for

embedding one smaller quasigroup into another bigger one, and build hierarchies of trusted levels of communication.

In cryptanalysis• Make more experiments with

QCA2, with well known crypto algorithms: DES, 3-DES, AES, RSA, DH, ...

• Convert QCA2 into an algorithm QCA1 that makes cryptanalysis only with cipher text.

I am interested for research cooperation.Thanks.

In theory of computing• Efficient algorithms for

quasigroup transformation of strings with desired frequency distribution.

EIDMA Cryptography Working Group, Friday October 10, 2003, Utrecht, danilo/ResearchPapers/Crypto...

Documents

Transcript of EIDMA Cryptography Working Group, Friday October 10, 2003, Utrecht, danilo/ResearchPapers/Crypto...