International Association for Cryptologic Research

International Association
for Cryptologic Research


Boris Ryabko

Affiliation: Siberian State Univ-Telecomm. & Comp. Sci


Provably Secure Universal Steganographic Systems
Boris Ryabko Daniil Ryabko
We propose a simple universal (that is, distribution--free) steganographic system in which covertexts with and without hidden texts are statistically indistinguishable. Moreover, the proposed steganographic system has two important properties. First, the rate of transmission of hidden information approaches the Shannon entropy of the covertext source as the size of blocks used for hidden text encoding tends to infinity. Second, if the size of the alphabet of the covertext source and its minentropy tend to infinity then the the number of bits of hidden text per letter of covertext tends to $\log(n!)/n$ where $n$ is the (fixed) size of blocks used for hidden text encoding. The proposed stegosystem uses randomization.
The experimental distinguishing attack on RC4
Sergey Doroshenko Boris Ryabko
The output of RC4 was analyzed using the "book stack" test for randomness. It is experimentally shown that the keystream generated from RC4 can be distinguished from random with about $2^{32}$ output bits.
Adaptive chi-square test and its application to some cryptographic problems
Boris Ryabko
We address the problem of testing the hypothesis H_0 that the letters from some alphabet A= {a_1,a_2,..., a_k }, are distributed uniformly against the alternative hypothesis H_1 that the true distribution is not uniform, in case k is large. (It is typical for random number testing and some cryptographic problems where k= 2^{10} - 2^{30} and more). In such a case it is difficult to use the chi-square test because the sample size must be greater than k. We suggest the adaptive chi-square test which can be successfully applied for testing some kinds of H_1 even in case when the sample size is much less than k. This statement is confirmed theoretically and experimentally. The theoretical proof is based on the consideration of one kind of the alternative hypothesis H_1 where the suggested test rejects the null hypothesis when the sample size is O( \sqrt{k} ) (instead of const k for the usual chi-square test ). For experimental investigation of the suggested test we consider a problem of testing ciphered Russian texts. It turns out that the suggested test can distinguish the ciphered texts from random sequences basing on a sample which is much smaller than that required for the usual chi-square test.
The simple ideal cipher system
Boris Ryabko
We address the problem of how to construct ideal cipher systems when the length of a key is much less than the length of an encrypted message. We suggest a new secret key cipher system in which firstly the message is transformed into two parts in such a way that the biggest part consists of independent and equiprobable letters. Secondly the relatively small second part is enciphered wholly by the Vernam cipher whereas only few bits from the biggest part are enciphered. This transformation is based on the fast version of the Elias construction of an unbiased random sequence. The time required for encoding and decoding and the memory size of the encoder and decoder are presented as functions of the ratio of the key length and the message length. The suggested scheme can be applied to sources with unknown statistics.


Sergey Doroshenko (1)
Daniil Ryabko (1)