## CryptoDB

### Dieter Schmidt

#### Publications

Year
Venue
Title
2015
EPRINT
2015
EPRINT
2010
EPRINT
The block cipher 1024 has a key schedule that somehow resembles that of IDEA. The user key is cyclicly shifted by a fiexed amount to form the round keys. In the key schedule of IDEA this has lead to weak keys. The primitive key schedule from 1024 may lead also to attacks with related keys. Although to the knowlegde of the author weak keys or attacks with related keys have not yet been published, there is a need to put things right. The new one-way key schedule of 1024XKS (eXtended Key Schedule) has pseudo-random round keys, which are obtained by using the cipher as randomizer.Apart from that, the user key has now to sizes, 2048 bit and 4096 bit. Also the order of the s-boxes have been changed to thwart attacks based on symmetry
2009
EPRINT
A cryptographer with week algorithm get his feedback almost instantly by the open crypto community. But what about government cryptanalysis ? Given the fact that there is a considerable amount of cryptanalysis behind closed doors, what is to be done to get COMINT deaf ? The NSA, as the most closely examined SIGINT agency, has a workforce of 38,000 [2], among them several thousand cryptologist. The actual wiretapping is done by the Central Security Service with 25,000 women and men. Other industrialised states have also thousands cryptologist at their wage role. The block cipher 1024 is an attempt to make cryptanalysis more difficult especially with differential (DC) and linear cryptanalysis. The assumption is that the increased security will defeat other cryptanalytical not yet known by the open crypto community. 1024 has a block size of 1024 bits and a key length of 2048 bits.
2006
EPRINT
We present the Zhuang-Zi algorithm, a new method for solving multivariate polynomial equations over a finite field. We describe the algorithm and present examples, some of which cannot be solved with the fastest known algorithms.
2005
PKC
2005
EPRINT
In this article the author shows that for the block cipher Blowfish, the subkeys for the third and fourth round do not depend on the first 64 bits of the userkey
2005
EPRINT
In this paper, the block cipher Kaweichel is presented. It is an extension of Blowfish for 64-bit architectures. The aim is to use the commonplace instructions of modern microprocessors. A main objective was to harden against known attacks on Blowfish. The author does not claim intellectual property on Kaweichel and the cipher will remain unpatented. A C reference implementation is available on the web.
2005
EPRINT
In this report the block cipher Kaweichel is examined with regard to linear and differential cryptanalysis. As a result of this investigation new versions with a reduced number of rounds are proposed.
2004
EPRINT
Sflash is a fast multivariate signature scheme. Though the first version Sflash-v1 was flawed, a second version, Sflash-v2 was selected by the Nessie Consortium and was recommended for implementation of low-end smart cards. Very recently, due to the security concern, the designer of Sflash recommended that Sflash-v2 should not be used, instead a new version Sflash-v3 is proposed, which essentially only increases the length of the signature. The Sflash family of signature schemes is a variant of the Matsumoto and Imai public key cryptosystem. The modification is through the Minus method, namely given a set of polynomial equations, one takes out a few of them to make them much more difficult to solve. In this paper, we attack the Sflash-v3 scheme by combining an idea from the relinearization method by Kipnis and Shamir, which was used to attack the Hidden Field Equation schemes, and the linearization method by Patarin. We show that the attack complexity is less than 2^80, the security standard required by the Nessie Consortium.
2004
EPRINT
Recently Landau and Diffie gave in a series of articles in the Notices of the American Mathematical Society and in the American Mathematical Monthly excellent expositions on how the theory of multivariable polynomials are used in cryptography. However they covered only half of the story. They covered only the theory of polynomials in symmetric or secret cryptography. There is another half of the story, namely the story about the theory of multivariable polynomials in asymmetric or public key cryptosystems. We give an overview of the families of public key cryptosystems, which have been developed in the last ten years.
2003
EPRINT
We show all the existing TTM implementation schemes have a defect that there exist linearization equations $\sum_{i=1,j=1}^{n,m} a_{ij}x_iy_j(x_1,\dots,x_{n})+ \sum_{i=1}^{n} b_ix_i+\sum_{j=1}^{m} c_jy_j(x_1,\dots,x_{n}) + d= 0,$ which are satisfied by the components $y_i(x_1,\dots,x_n)$ of the ciphers of the TTM schemes. We further demonstrate that, for the case of the most recent two implementation schemes in two versions of the paper \cite{CM}, where the inventor of TTM used them to refute a claim in \cite{CG}, if we do a linear substitution with the linear equations derived from the linearization equations for a given ciphertext, we can find the plaintext easily by an iteration of the procedure of first search for linear equations by linear combinations and then linear substitution. The computation complexity of the attack on these two schemes is less than $2^{35}$ over a finite field of size $2^8$.
2002
EPRINT
The author proposes a block cipher wich is easy to implement in software on modern 32 bit microprocessorsThe building blocks of the cipher are from the block ciphers MMB and SAFER. The cipher may be expanded for use with future 64 bit processors. Also a new diffusion layer, developed from the SAFER diffusion layer is proposed. It has complextity $\mathcal{O}(n \enspace log \enspace n)$ and the author conjectures that it is MDS. Diffusion layers currently known to be MDS are based on matrices and thus have complexity $\mathcal{O}(n^2)$.

#### Coauthors

Jintai Ding (5)
Jason E. Gower (1)