Harmonic division: Difference between revisions

From formulasearchengine
Jump to navigation Jump to search
en>Benmachine
More appropriate links
 
en>Addbot
m Bot: Migrating 5 interwiki links, now provided by Wikidata on d:q1101140 (Report Errors)
 
Line 1: Line 1:
I would like to introduce myself to you, I am Andrew and my wife doesn't like it at all. Her family life in Ohio. My working day occupation is an information officer but I've currently applied for another 1. The favorite hobby for him and his kids is to play lacross and he would never give it up.<br><br>Feel free to surf to my blog post online reader; [http://ltreme.com/index.php?do=/profile-127790/info/ ltreme.com],
{{Other uses|Hasty Pudding (disambiguation)}}
{{Infobox block cipher
| name          = Hasty Pudding Cipher
| image        =
| caption      =
| designers    = [[Richard Schroeppel]]
| publish date  = 1998&ndash;06
| derived from  =
| derived to   =
| related to   =
| certification =
| key size      = Variable
| block size    = Variable
| structure    =
| rounds        =
| cryptanalysis =
}}
 
The '''Hasty Pudding Cipher (HPC)''' is a variable-block-size [[block cipher]] designed by [[Richard Schroeppel]], which was an unsuccessful candidate in the competition for selecting the [[United States|U.S.]] [[Advanced Encryption Standard]] (AES).  It has a number of unusual properties for a block cipher: its input block size and key length are variable, and it includes an additional input parameter called the "spice" that is meant to be used as a secondary, non-secret key.  The Hasty Pudding cipher was the only AES candidate designed exclusively by U.S. cryptographers.<ref>[[Eli Biham]], ''[http://csrc.nist.gov/archive/aes/round1/comments/990416-ebiham2.pdf A Note on Comparing the AES Candidates]'', April 1999, public comment on AES.</ref><ref>[[Susan Landau]], ''[http://www.cs.ucdavis.edu/~rogaway/classes/227/fall01/landau-aes.pdf Communications Security for the Twenty-first Century: The Advanced Encryption Standard]'', Notices of the AMS, vol. 47, number 4, 2000.</ref>
 
The Hasty Pudding cipher is in the [[public domain]].<ref name="hpc-overview" />
 
==The cipher==
 
The Hasty Pudding cipher consists of 5 different sub-ciphers:<ref name="hpc-spec">{{Citation
|last=Schroeppel
|first=Rich
|authorlink=Richard Schroeppel
|title=Hasty Pudding Cipher Specification
|url=http://richard.schroeppel.name:8015/hpc/hpc-spec
|accessdate=2009-06-10
|edition=revised May 1999 |date=June 1998}}</ref>
 
{|
|-
|HPC-Tiny
|0&ndash;35 bits
|-
|HPC-Short
|36&ndash;64 bits
|-
|HPC-Medium
|65-128 bits
|-
|HPC-Long
|129&ndash;512 bits
|-
|HPC-Extended
|513+ bits
|}
 
The Hasty Pudding cipher algorithms all use 64-bit words internally.  The cipher is designed to run on 64-bit [[computer architecture|machines]], which can easily perform simple operations on 64-bit words.
 
===Key expansion===
 
The Hasty Pudding cipher can take a key of any number of bits for any one of the five subciphers.  The cipher itself uses a ''[[key table]]'' of 16,384 bits (256 64-bit words).  In order to derive the key table from the key, the key expansion function uses the following algorithm:<ref name="hpc-spec" />
 
# The first three words, ''KX''[0], ''KX''[1], ''KX''[2] are set based on constants, the sub-cipher, and the length of the key.  ''KX''[1] is computed with a multiplication; the other operations involved are an addition and a bit shift.
# Each successive word, ''KX''[''i''] is determined from the three previous words by an efficient recursive formula.
# The key bits are XORed into the bits of the key table, starting at ''KX''[0], until all the key bits are used.  (Keys longer than 8,192 bits use a more complicated procedure.)
# Several passes over the key table are made.  Each time, a "stirring function" is applied to each word of the key table, in sequence.  The stirring function uses eight internal variables, and uses 14 logical bit operations, 5 bit shifts, and 14 additions / subtractions. Each use of the stirring function will modify one word in the key table, based on its previous value, the values of certain other words, and the internal variables of the stirring function. (3 total passes is the default.)
 
===Encryption and decryption ===
 
Each of the subciphers uses a different algorithm, but there are certain similarities.  Three inputs are used to determine the ciphertext: the plaintext (in several 64-bit words plus one "fragment"), the spice (eight 64-bit words, with default value 0), and the key table.  The operations within the cipher consist of "stirring", in which internal variables are combined in various ways, with values from the key table and spice being included at regular intervals.  HPC-Short uses two fixed permutations in addition, and HPC-Tiny consists of many special sub-cases.
 
Decryption involves undoing the steps of encryption one by one.  Many operations are easily undone (e.g. ''s''0 = ''s''0&nbsp;+&nbsp;''s''1 is undone by computing ''s''0 = ''s''0&nbsp;&minus;&nbsp;''s''1).  Other operations are more complex to undo.  Some of the ideas involved include:
 
* An operation like ''x'' = ''x'' <math>\oplus</math> (''x'' >> 17 ) is undone by a two-step process: (1) ''x'' = ''x'' <math>\oplus</math> (''x'' >> 17 ), followed by (2) ''x'' = ''x'' <math>\oplus</math> (''x'' >> 34 ).
* The cipher uses value-dependent lookups into the key table.  These can be undone, since the lookup depends only on the last 8 bits of a variable, and when it becomes necessary to look up the value from the key table in decryption, the last 8 bits of the value at a certain earlier point in the computation are predictable, even when those operations cannot all be undone without the key table value.  For instance, if the lookup of ''k'' is based on the last 8 bits of ''x'', then when we want to undo a step like ''x'' = ''x'' <math>\oplus</math> (''k'' << 8), we can look up ''k'' by noting that the last 8 bits of ''x'' are unchanged by this operation.
 
The Hasty Pudding cipher can also be used to encrypt values in a range that do not translate to strings with an integral number of bits; for instance, it can encrypt a number from 0 to N by producing another number from 0 to ''N''.  It does this by using the smallest subcipher that can handle the input as a bit string, and applying it to the input as a bit string, repeatedly, until the output is in the proper range.<ref name="hpc-spec" />
 
===Performance===
The Hasty Pudding cipher was claimed by Schroeppel to be the fastest AES candidate on a 64-bit architecture;<ref name="hpc-oneyearlater">Rich Schroeppel, ''[http://web.archive.org/web/20021203180746/http://www.cs.arizona.edu/~rcs/hpc/hpc-oneyearlater The Hasty Pudding Cipher: One Year Later]'', accessed 9-01-2008</ref> Schroeppel claimed it to be twice as fast as its nearest competitor, [[DFC (cipher)|DFC]], and three times as fast as the other candidates, and that its performance on a 32-bit machine was adequate.<ref name="hpc-oneyearlater" />  Comments from others did not support this view; for instance, [[Bruce Schneier|Schneier]] et al.'s analysis ranked the Hasty Pudding cipher 4th best (376 cycles) on a 64-bit machine, although for [[Rijndael]] and [[Twofish]], the performance was only estimated.<ref name="schneier">[[Bruce Schneier]], [[John Kelsey]], [[Doug Whiting]], [[David A. Wagner|David Wagner]], [[Chris Hall (cryptographer)|Chris Hall]], and [[Niels Ferguson]], ''[http://www.windowsecurity.com/uplarticle/2/aes-performance.pdf Performance Comparison of the AES Submissions]'', The Second AES Candidate Conference, 1999.</ref>  On a 32-bit [[Pentium (brand)|Pentium]], Hasty Pudding encryption was rated by Schneier et al. at 1600 clock cycles, 10th best out of the 15 candidates.<ref name="schneier" />  Schneier et al., and Schroeppel, noted that the speed of the cipher would be significantly impacted on a 32-bit machine because of its heavy use of 64-bit operations, particularly bit shifts.<ref name="hpc-overview">Rich Schroeppel and Hilarie Orman, ''[http://web.archive.org/web/20030621202024/http://www.cs.arizona.edu/~rcs/hpc/hpc-overview An Overview of the Hasty Pudding Cipher],'' July 1998.</ref><ref name="schneier" />
 
The Hasty Pudding cipher's key setup was rated as relatively slow; 120000 cycles on a Pentium.<ref name="schneier" />
 
The cipher was criticized for its performance on [[smartcard]]s.  Specifically, some comments pointed out the difficulty of keeping over 2KB of RAM for the key table.<ref>Emanoil Daneliuc, [http://csrc.nist.gov/archive/aes/round1/comments/990222-edaneliuc.pdf Public comment on AES candidates], February 1999.</ref>
 
==Further work==
There have been relatively few results on attacking the Hasty Pudding cipher.  Early in the AES process, [[David A. Wagner|David Wagner]] noted that relatively large classes of Hasty Pudding keys were equivalent in that they led to the same key table.<ref name="wagner">David Wagner, ''Equivalent keys for HPC'', rump session talk at the 2nd AES Conference, [[Rome]], March 1999.</ref>  This was expanded upon by D'Halluin et al., who noted that for 128-bit keys, approximately 2<sup>120</sup> keys are "weak keys" which each have 2<sup>30</sup> equivalent keys each.<ref>Carl D'Halluin, Gert Bijnens, [[Bart Preneel]], and [[Vincent Rijmen]], ''[http://www.cosic.esat.kuleuven.be/publications/article-74.pdf Equivalent Keys of HPC]'', Advances in Cryptology &mdash; Proceedings of ASIACRYPT 1999, 1999.</ref>  In response to this attack, Schroeppel modified the key expansion algorithm to include one additional step.<ref name="hpc-spec" />
 
Despite the relative lack of cryptanalysis, the Hasty Pudding cipher was criticized for its hard-to-understand design and its lack of grounding in research results.<ref name="wagner" /><ref>Olivier Baudron, [[Henri Gilbert]], Louis Granboulan, [[Helena Handschuh]], [[Antoine Joux]], [[Phong Nguyen]], Fabrice Noilhan, [[David Pointcheval]], Thomas Pornin, Guillaume Poupard, [[Jacques Stern]], and [[Serge Vaudenay]], ''[http://csrc.nist.gov/archive/aes/round1/conf2/papers/baudron1.pdf Report on the AES Candidates]'', Second AES Conference, March 1999.</ref>  Schroeppel has offered a bottle of [[Dom Pérignon (wine)|Dom Pérignon champagne]] to the best paper presenting progress on the Hasty Pudding cipher.<ref name="hpc-overview" />  It did not make the second round of consideration for AES.<ref>James Nechvatal, Elaine Barker, Lawrence Bassham, William Burr, Morris Dworkin, James Foti, and Edward Roback, ''[http://csrc.nist.gov/archive/aes/round2/r2report.pdf Report on the Development of the Advanced Encryption Standard (AES)]'', [[NIST]] official release, October 2, 2000.</ref>
 
The Hasty Pudding cipher is regarded to be the first [[tweakable block cipher]].<ref>Moses Liskov, [[Ronald Rivest]], and [[David A. Wagner|David Wagner]], ''Tweakable Block Ciphers'', in Advances in Cryptology &mdash; Proceedings of CRYPTO '02, 2002.</ref>
 
==References==
{{reflist}}
 
==See also==
* [[Format-Preserving Encryption]]
 
{{Cryptography navbox | block}}
 
[[Category:Block ciphers]]

Latest revision as of 14:54, 27 February 2013

I'm Fernando (21) from Seltjarnarnes, Iceland.
I'm learning Norwegian literature at a local college and I'm just about to graduate.
I have a part time job in a the office.

my site; wellness [continue reading this..] Template:Infobox block cipher

The Hasty Pudding Cipher (HPC) is a variable-block-size block cipher designed by Richard Schroeppel, which was an unsuccessful candidate in the competition for selecting the U.S. Advanced Encryption Standard (AES). It has a number of unusual properties for a block cipher: its input block size and key length are variable, and it includes an additional input parameter called the "spice" that is meant to be used as a secondary, non-secret key. The Hasty Pudding cipher was the only AES candidate designed exclusively by U.S. cryptographers.[1][2]

The Hasty Pudding cipher is in the public domain.[3]

The cipher

The Hasty Pudding cipher consists of 5 different sub-ciphers:[4]

HPC-Tiny 0–35 bits
HPC-Short 36–64 bits
HPC-Medium 65-128 bits
HPC-Long 129–512 bits
HPC-Extended 513+ bits

The Hasty Pudding cipher algorithms all use 64-bit words internally. The cipher is designed to run on 64-bit machines, which can easily perform simple operations on 64-bit words.

Key expansion

The Hasty Pudding cipher can take a key of any number of bits for any one of the five subciphers. The cipher itself uses a key table of 16,384 bits (256 64-bit words). In order to derive the key table from the key, the key expansion function uses the following algorithm:[4]

  1. The first three words, KX[0], KX[1], KX[2] are set based on constants, the sub-cipher, and the length of the key. KX[1] is computed with a multiplication; the other operations involved are an addition and a bit shift.
  2. Each successive word, KX[i] is determined from the three previous words by an efficient recursive formula.
  3. The key bits are XORed into the bits of the key table, starting at KX[0], until all the key bits are used. (Keys longer than 8,192 bits use a more complicated procedure.)
  4. Several passes over the key table are made. Each time, a "stirring function" is applied to each word of the key table, in sequence. The stirring function uses eight internal variables, and uses 14 logical bit operations, 5 bit shifts, and 14 additions / subtractions. Each use of the stirring function will modify one word in the key table, based on its previous value, the values of certain other words, and the internal variables of the stirring function. (3 total passes is the default.)

Encryption and decryption

Each of the subciphers uses a different algorithm, but there are certain similarities. Three inputs are used to determine the ciphertext: the plaintext (in several 64-bit words plus one "fragment"), the spice (eight 64-bit words, with default value 0), and the key table. The operations within the cipher consist of "stirring", in which internal variables are combined in various ways, with values from the key table and spice being included at regular intervals. HPC-Short uses two fixed permutations in addition, and HPC-Tiny consists of many special sub-cases.

Decryption involves undoing the steps of encryption one by one. Many operations are easily undone (e.g. s0 = s0 + s1 is undone by computing s0 = s0 − s1). Other operations are more complex to undo. Some of the ideas involved include:

  • An operation like x = x (x >> 17 ) is undone by a two-step process: (1) x = x (x >> 17 ), followed by (2) x = x (x >> 34 ).
  • The cipher uses value-dependent lookups into the key table. These can be undone, since the lookup depends only on the last 8 bits of a variable, and when it becomes necessary to look up the value from the key table in decryption, the last 8 bits of the value at a certain earlier point in the computation are predictable, even when those operations cannot all be undone without the key table value. For instance, if the lookup of k is based on the last 8 bits of x, then when we want to undo a step like x = x (k << 8), we can look up k by noting that the last 8 bits of x are unchanged by this operation.

The Hasty Pudding cipher can also be used to encrypt values in a range that do not translate to strings with an integral number of bits; for instance, it can encrypt a number from 0 to N by producing another number from 0 to N. It does this by using the smallest subcipher that can handle the input as a bit string, and applying it to the input as a bit string, repeatedly, until the output is in the proper range.[4]

Performance

The Hasty Pudding cipher was claimed by Schroeppel to be the fastest AES candidate on a 64-bit architecture;[5] Schroeppel claimed it to be twice as fast as its nearest competitor, DFC, and three times as fast as the other candidates, and that its performance on a 32-bit machine was adequate.[5] Comments from others did not support this view; for instance, Schneier et al.'s analysis ranked the Hasty Pudding cipher 4th best (376 cycles) on a 64-bit machine, although for Rijndael and Twofish, the performance was only estimated.[6] On a 32-bit Pentium, Hasty Pudding encryption was rated by Schneier et al. at 1600 clock cycles, 10th best out of the 15 candidates.[6] Schneier et al., and Schroeppel, noted that the speed of the cipher would be significantly impacted on a 32-bit machine because of its heavy use of 64-bit operations, particularly bit shifts.[3][6]

The Hasty Pudding cipher's key setup was rated as relatively slow; 120000 cycles on a Pentium.[6]

The cipher was criticized for its performance on smartcards. Specifically, some comments pointed out the difficulty of keeping over 2KB of RAM for the key table.[7]

Further work

There have been relatively few results on attacking the Hasty Pudding cipher. Early in the AES process, David Wagner noted that relatively large classes of Hasty Pudding keys were equivalent in that they led to the same key table.[8] This was expanded upon by D'Halluin et al., who noted that for 128-bit keys, approximately 2120 keys are "weak keys" which each have 230 equivalent keys each.[9] In response to this attack, Schroeppel modified the key expansion algorithm to include one additional step.[4]

Despite the relative lack of cryptanalysis, the Hasty Pudding cipher was criticized for its hard-to-understand design and its lack of grounding in research results.[8][10] Schroeppel has offered a bottle of Dom Pérignon champagne to the best paper presenting progress on the Hasty Pudding cipher.[3] It did not make the second round of consideration for AES.[11]

The Hasty Pudding cipher is regarded to be the first tweakable block cipher.[12]

References

43 year old Petroleum Engineer Harry from Deep River, usually spends time with hobbies and interests like renting movies, property developers in singapore new condominium and vehicle racing. Constantly enjoys going to destinations like Camino Real de Tierra Adentro.

See also

Template:Cryptography navbox

  1. Eli Biham, A Note on Comparing the AES Candidates, April 1999, public comment on AES.
  2. Susan Landau, Communications Security for the Twenty-first Century: The Advanced Encryption Standard, Notices of the AMS, vol. 47, number 4, 2000.
  3. 3.0 3.1 3.2 Rich Schroeppel and Hilarie Orman, An Overview of the Hasty Pudding Cipher, July 1998.
  4. 4.0 4.1 4.2 4.3 Many property agents need to declare for the PIC grant in Singapore. However, not all of them know find out how to do the correct process for getting this PIC scheme from the IRAS. There are a number of steps that you need to do before your software can be approved.

    Naturally, you will have to pay a safety deposit and that is usually one month rent for annually of the settlement. That is the place your good religion deposit will likely be taken into account and will kind part or all of your security deposit. Anticipate to have a proportionate amount deducted out of your deposit if something is discovered to be damaged if you move out. It's best to you'll want to test the inventory drawn up by the owner, which can detail all objects in the property and their condition. If you happen to fail to notice any harm not already mentioned within the inventory before transferring in, you danger having to pay for it yourself.

    In case you are in search of an actual estate or Singapore property agent on-line, you simply should belief your intuition. It's because you do not know which agent is nice and which agent will not be. Carry out research on several brokers by looking out the internet. As soon as if you end up positive that a selected agent is dependable and reliable, you can choose to utilize his partnerise in finding you a home in Singapore. Most of the time, a property agent is taken into account to be good if he or she locations the contact data on his website. This may mean that the agent does not mind you calling them and asking them any questions relating to new properties in singapore in Singapore. After chatting with them you too can see them in their office after taking an appointment.

    Have handed an trade examination i.e Widespread Examination for House Brokers (CEHA) or Actual Property Agency (REA) examination, or equal; Exclusive brokers are extra keen to share listing information thus making certain the widest doable coverage inside the real estate community via Multiple Listings and Networking. Accepting a severe provide is simpler since your agent is totally conscious of all advertising activity related with your property. This reduces your having to check with a number of agents for some other offers. Price control is easily achieved. Paint work in good restore-discuss with your Property Marketing consultant if main works are still to be done. Softening in residential property prices proceed, led by 2.8 per cent decline within the index for Remainder of Central Region

    Once you place down the one per cent choice price to carry down a non-public property, it's important to accept its situation as it is whenever you move in – faulty air-con, choked rest room and all. Get round this by asking your agent to incorporate a ultimate inspection clause within the possibility-to-buy letter. HDB flat patrons routinely take pleasure in this security net. "There's a ultimate inspection of the property two days before the completion of all HDB transactions. If the air-con is defective, you can request the seller to repair it," says Kelvin.

    15.6.1 As the agent is an intermediary, generally, as soon as the principal and third party are introduced right into a contractual relationship, the agent drops out of the image, subject to any problems with remuneration or indemnification that he could have against the principal, and extra exceptionally, against the third occasion. Generally, agents are entitled to be indemnified for all liabilities reasonably incurred within the execution of the brokers´ authority.

    To achieve the very best outcomes, you must be always updated on market situations, including past transaction information and reliable projections. You could review and examine comparable homes that are currently available in the market, especially these which have been sold or not bought up to now six months. You'll be able to see a pattern of such report by clicking here It's essential to defend yourself in opposition to unscrupulous patrons. They are often very skilled in using highly unethical and manipulative techniques to try and lure you into a lure. That you must also protect your self, your loved ones, and personal belongings as you'll be serving many strangers in your home. Sign a listing itemizing of all of the objects provided by the proprietor, together with their situation. HSR Prime Recruiter 2010
  5. 5.0 5.1 Rich Schroeppel, The Hasty Pudding Cipher: One Year Later, accessed 9-01-2008
  6. 6.0 6.1 6.2 6.3 Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, Performance Comparison of the AES Submissions, The Second AES Candidate Conference, 1999.
  7. Emanoil Daneliuc, Public comment on AES candidates, February 1999.
  8. 8.0 8.1 David Wagner, Equivalent keys for HPC, rump session talk at the 2nd AES Conference, Rome, March 1999.
  9. Carl D'Halluin, Gert Bijnens, Bart Preneel, and Vincent Rijmen, Equivalent Keys of HPC, Advances in Cryptology — Proceedings of ASIACRYPT 1999, 1999.
  10. Olivier Baudron, Henri Gilbert, Louis Granboulan, Helena Handschuh, Antoine Joux, Phong Nguyen, Fabrice Noilhan, David Pointcheval, Thomas Pornin, Guillaume Poupard, Jacques Stern, and Serge Vaudenay, Report on the AES Candidates, Second AES Conference, March 1999.
  11. James Nechvatal, Elaine Barker, Lawrence Bassham, William Burr, Morris Dworkin, James Foti, and Edward Roback, Report on the Development of the Advanced Encryption Standard (AES), NIST official release, October 2, 2000.
  12. Moses Liskov, Ronald Rivest, and David Wagner, Tweakable Block Ciphers, in Advances in Cryptology — Proceedings of CRYPTO '02, 2002.