Cryptology - I: Project #4

Instructors: R.E. Newman-Wolfe and M.S. Schmalz

Overview

The goal of this project is to motivate you to do research and some software development of a cryptographic or cryptanalytic algorithm. Although you may find the list of topics and project phases somewhat daunting initially, you will also find that the stepwise approach makes project execution and completion much easier. Your full palette of R&D-related skills (e.g., library research, theory development, software design and development, programming and testing, analysis, and reporting) will be enhanced by this exercise. More importantly, you will acquire an in-depth knowledge of at least one topic or topical area in cryptology, as well as an overview of the cryptologic literature.

General Tasks for Undergrads and Grads

Pick one topic from the list below, or choose your own. If you choose your own topic, it must be of sufficient complexity and quality to compare with the topics listed below.

You will be asked to form groups of one, two, or three individuals, with number and quality of groups commensurate with the topic chosen. We suggest you cluster as one grad student and one or two undergrads. The grad student can lead theory development and software design, and the undergrads can help with theory and do software design and implementation.

The list of individuals in your group, as well as your chosen group topic, are listed in Project-4 Teams . If you want to change groups before your proposal is submitted, you may (with instructor permission). Otherwise, plan to stay with your group.

Getting Help from Instructors

We are here to help you get started, and to help with rough or sticky spots along the way. Additionally, we can point you to literature sources that will help you start your literature search quickly and productively. Please feel free to ask either instructor to help you with sticky spots on any phase of the project.

Project Phases

In addition to the choice of topic, tasks in this project will include:

  1. Proposal. Your group will prepare a brief (i.e., two page) proposal document that details your topic of choice, group members/roles, technical approach, expected pitfalls/solutions, and preliminary references you plan to use. The purpose of this document is to get you thinking about your project at a high level. Dr. Schmalz will be posting a list of literature sources on the Web shortly. You can start with relevant sources from the bibliography in Stinson. For literature available in the UF library, use LUIS to search UF's card catalog and the on-line engineering abstracts.

  2. Design Report. A four- or five-page summary of (a) literature review, (b) basic theory you plan to use, (c) high-level software design (block diagram), (d) expected pitfalls and how you plan to overcome these problems and (e) expected results. In concept, this is like the rough draft of a short conference paper, but need not look like a conference paper (one-column output is fine, but must be laser-printed). This phase of the project helps you clarify your initial design and gets you thinking about problems you might encounter.

  3. Preliminary Code and Results. You will prepare and submit (a) an ASCII listing (two-up, laser printer) of your code, (b) any changes to the software design (with rationale), and (c) preliminary results on small datasets or models. This phase of your project will help establish the validity of your technique, as well as provide ample documentation for partial credit, should your final implementation encounter serious problems. This also provides you with a working document from which to construct your Final Report.

  4. Final Documented Code, Results, and Report. You will prepare and submit (a) an ASCII listing (two-up, laser printed) of your final code, (b) man page(s) for your final code in printed and electronic form, and (c) a five- to ten-page writeup of your project (1. Background, 2. Previous work, 3. Theory, 4. Software Design, 5. Implementational Considerations, 6. Results, 7. Discussion (to include analysis of successes and failures), 8. Conclusions (to include suggestions for future work), and 9. References). Additionally, you will submit several illustrative cases in hardcopy and electronic form.

Project Topics.

We have chosen the following topics to reflect areas of current interest in cryptology:

  1. DES Attack. Research and implement a method currently in the public domain for attacking DES (e.g., Differential Cryptanalysis, Related-Key Attack, or Linear Cryptanalysis). Test your implementation on at least three rounds of DES. If you choose Differential Cryptanalysis, you will need vast amounts of storage if you try to attack realistic DES systems. Since this topic was just discussed in class and is covered in our text, this would be a timely project, but difficult for near-realistic cryptosystems.

  2. Software Development. Implement the General Security Services Applications Programming Interface (GSS/API) for a cryptosystem of your choice (including DES, RSA, or IDEA). Ask Dr. Newman-Wolfe for more details regarding this project.

  3. Pseudo-Random Number Generator (PRNG). Research previous approaches to PRNGs and implement the most "random" PRNG (i.e., one with an extremely long cycle). In particular, you would produce an output bitstream such that no bit could be predicted given its predecessor(s). Note: This might be difficult if you attempt implementation on a home computer, due to the large memory model that will be required. In contrast, our Departmental servers have up to 128MB of physical memory available per server, which should be sufficient for this application.

  4. Prime Number Prediction (PNP). There are a variety of innovative schemes in the literature for predicting the next largest (or smallest) prime given a number known to be prime or nonprime. This project would involve characterizing such methods in terms of time/space design tradeoffs, and implementing one or two such algorithms. Using the algorithms you develop, you would then predict prime numbers near very large (256- to 512-bit) nonprimes, which could support key generation for RSA/PGP. Statistical analysis of the time complexity vs. actual runtime would be required, and could be used to support Project 5 (possible collaboration permitted teams on heterogeneous projects). Since there is much support in the literature for this effort, the amount of theory development would be somewhat less than, say, that required for Projects 3 or 5.

  5. Time-Based RSA Attacks (TBRSA). RSA encryption and decryption exhibit nonconstant complexity (manifest implementationally as runtime) that can provide important clues about key structure. In this project, the team(s) would research the literature for TBRSA attacks, then characterize previous work sufficiently (performance analysis and statistical analysis of effectivity) to suggest improvements in the prior art. Your subsequent improved design(s) would be implemented in software. The end result would be a program that would predict useful features of the key (length, number of factors, nearness to a prime number, etc.) that might be useful for further cryptanalysis of RSA/PGP.

  6. Factorization of Large Numbers (FLN). RSA-encrypted ciphertext is vulnerable if the factorization of large numbers (which includes testing for primality) can be performed efficiently. In this project, the team would research previous work in FLN, where collaboration with the team(s) doing Projects #4 (PNP) or #5 (TBRSA) is possible. The resultant software implementation would address the following sub-problems: (a) multiplication and addition of very large (256- and 512-bit) numbers, (b) factorization of such numbers given realistic time and space constraints, and (c) approximations for factorizing very large numbers.

  7. A Topic of Your Choice. This topic must be (a) an involved (i.e., complex) topic, (b) must be on the leading edge of cryptography or cryptanalysis research, and (c) must be able to be implemented in software (not just a theory project). If you have a burning desire to do a particular project that is not listed above, please discuss your idea with one or both of the instructors now. Do not wait until the last minute, or we will not be able to help you adequately, since your topic might be one we are not well acquainted with.

    General Requirements

    You shall submit electronically:
    1. Documentation in form of one man page for each program, with format similar to Unix man pages (see /usr/man/man1/*). Include a section for theory of operation. Be sure to specify input and output.

    2. Makefile (see make(1)) - this should be cumulative for the entire term (i.e., every makefile you submit should include commands to make everything you have submitted).

    3. Complete source code, including header files. Code should have sufficient comments internally to aid understanding, and be free of manifest constants (use the #define preprocessor command as needed). Programs should handle erroneous input and provide help to the user.

    Programming Hints

    Here are some suggestions to make life a little easier:

    References

    The majority of these references are available in the UF Science Library. Other sources are University of Central Florida (Orlando), and Inter-Libary Loan.

    1. DES attack

      2. Biham, E. and A. Shamir. "Differential cryptanalysis of DES-like cryptosystems", Journal of Cryptology 4:3-72 (1991).

      Biham, E. and A. Shamir. Differential Cryptanalysis of the Data Encryption Standard, New York: Springer-Verlag (1993).

      Biham, E. and A. Shamir. "Differential Cryptanalysis of the Full 16-round DES", Advances in Cryptology -- Proceedings of CRYPTO '92 also published as Lecture Notes in Computer Science (New York: Springer-Verlag) 740:494-502 (1993).

      Brickell, E.F., J.H. Moore, and M.R. Purtill. "Structure in the S-boxes of DES", in Advances in Cryptology -- Proceedings of CRYPTO '86 also published as Lecture Notes in Computer Science (New York: Springer-Verlag) 263:3-8 (1987).

      Matsui, M. "Linear cryptanalysis method for DES cipher", in Advances in Cryptology -- Proceedings of EUROCRYPT '93 also published as Lecture Notes in Computer Science (New York: Springer-Verlag) 765:386-397 (1994).

      Matsui, M. "The first experimental cryptanalysis of the data encryption standard", in Advances in Cryptology -- Proceedings of CRYPTO '94 also published as Lecture Notes in Computer Science (New York: Springer-Verlag) 839:1;11 (1994).

    2. Software: GSS/API

      3. Dr. Nemo has posted some interesting information. Look in Project-4 GSS/API References.

      Of particular interest is RFC1508.

    3. Pseudo-Random Number Generator.

      Blum, L., M. Blum, and M. Shub. "A simple, unpredictable random number generator", SIAM Journal on Computing 15:364-383 (1986).

      Blum, M. and S. Micali. "How to generate cryptographically strong sequences of psuedo-random bits", SIAM Journal on Computing 13:850-864 (1984).

      Boyar, J. "Inferring sequences produced by pseudo-random numbers", Journal of ACM 36:129-141 (1989).

      Haas, A. "The Multiple Prime Random Number Generator", ACM Transactions on Mathematical Software 13:368-81 (1987).

      Herring, C. and J.I. Palmore. "Random number generators are chaotic", Communications of the ACM 38:121-122 (1995).

      Lagarias, J.C. "Pseudo-random number generators in cryptography and number theory", in Cryptology and Computational Number Theory, pp. 115-143, American Mathematical Society (1990).

      Lin, K.Y., B. Krishna, and H. Krishna. "Rings, fields, the Chinese remainder theorem and an extension", IEEE Transactions on Circuits and Systems. Part II, Analog and Digital Signal Processing 41:641-655 (1994).

      Vazirani, U. and V. Vasirani. "Efficient and secure pseudorandom number generation", in Proceedings of the 25th Annual Symposium on the Foundations of Computer Science (IEEE Press), pp.458-463 (1984).

    4. Calculating Large Prime Numbers

      Anon. "Mathematicians calculate largest prime number", New Scientist 123:31 (1989).

      Apostol, T.M. Introduction to Analytic Number Theory, New York: Springer-Verlag (1976).

      Bach, E. Analytic Methods in the Analysis and Design of Number- theoretic Algorithms, Cambridge, MA: MIT Press (1985).

      Beauchemin, P., G. Brassard, C. Crepeau, C. Gouthier, and C. Pomerance. "The generation of random numbers that are probably prime", Journal of Cryptology 1:53-64 (1988).

      Damgard, I.B. P. Landrock, and C. Pomerance. "Average case error estimates for the strong probable prime test", Mathematics of Computation 61:177-194 (1993).

      Davenport, H. Multiplicative Number Theory, New York: Springer-Verlag (1980).

      Dhavakodi, S.T. "On the parity of the number of small prime factors of integers", Ph.D. Dissertation, University of Florida (1992).

      Estermann, T. Introduction to Modern Prime Number Theory, Cambridge University Press (1961).

      Garfinkel, S. "A prime patent: legal rights to a number upset programmers and lawyers", Scientific American 273:30 (1995).

      Kranakis, E. Primality and Cryptography, New York: Wiley (1986).

      Motohashi, Y. Lectures on Sieve Methods and Prime Number Theory, New York: Springer (1983).

      Rabin, M.O. "Probabilistic algorithms for testing primality", Journal of Number Theory 12:128-138 (1980).

      Ribenboim, P. The Book of Prime Number Records, New York: Springer-Verlag (1988).

      Solovay, R. and V. Strassen. "A fast Monte Carlo test for primality", SIAM Journal on Computing 6:84-85 (1977).

    5. Time-Based RSA Attacks -- TBD

    6. Factoring of Large Numbers.

      Alexi, W., B. Chor, O. Coldrich, and C.P. Schnorr. "RSA and Rabin functions: certain parts are as hard as the whole", SIAM Journal on Computing 17:194-209 (1988).

      Bressoud, D.M. Factorization and Primality Testing, New York: Springer-Verlag (1989).XS

      Campbell, J. "Sharing the secret to scientific problem solving", Electronics World & Wireless World 100:627-628 (1994).

      Davis, D.N. "The prime discriminant factorization of discriminants of algebraic number fields", Ph.D. Dissertation, University of Florida, Department of Mathematics (1978).

      DeLaurentis, J.M. "A further weakness in the common-modulus protocol for the RSA cryptosystem", Cryptologia 8:253-259 (1984).

      Heath, D.J. "An application of the calculus of communicating systems to the prime factorization problem", Information and Software Technology 35:474-478 (1993).

      Kleiner, K. "Squeamish ossifrage dents electronic armour", New Scientist 142:5 (1994).

      Koblitz, N. "Elliptic curve cryptosystems", Mathematics of Computation 48:203-209 (1987).

      Kranakis, E. Primality and Cryptography, New York: Wiley (1986).

      Lenstra, A.K. and H.W. Lenstra (Eds.) The Development of the Number Field Sieve, Lecture Notes in Mathematics 1554, New York: Springer-Verlag (1993).XS

      Menezes, A.M. Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers (1993).

      Menezes, A.J. and S.A. Vanstone. "Elliptic curve cryptosystems and their implementation", Journal of Cryptology 6:209-224 (1993).

      Ruthen, R. "Factoring googols; computers on three continents factor an elusive number", Scientific American 259:22 (1988).

      Taubes, G. "Small army of code-breakers conquers a 129-digit giant", Science 264:776-777 (1994).

      7. This concludes the preliminary description for Project #4.