Tiny block ciphers for embedded systems

Watermarking, presumably.

--

John Devereux
Reply to
John Devereux
Loading thread data ...

Steganography is simply another tool with its own advantages and disadvantages. It is neither useless (as you are pretending that someone here claims despite no such claim being made) nor is it the perfect magic bullet that you claim it is.

Again, steganography is simply another tool with its own advantages and disadvantages. One of the disadvantages is that it is pretty easy to do a brute-force check of everything sent by a particular person or computer. One of the advantages is that it doesn't attract as much attention to you if nobody knows that you are sending secret information.

Here is the answer to the above, and to all future questions like the above:

formatting link
formatting link
formatting link
formatting link

--
Guy Macon
Reply to
Guy Macon

The following DVDs are examples of movies that I could not watch. An argument could be made that there are no actual movies on these DVDs...

Battlefield Earth: A Saga of the Year 3000 Gigli I Know Who Killed Me Deuce Bigalow: European Gigolo

Reply to
invalid

It's quite certainly not. Steganography is generally *easier* to break than all but the silliest approaches at cryptography.

Reply to
Hans-Bernhard Bröker

Why would you want to use a block cipher with such a small block size? That introduces weaknesses of its own. Unless you are a crypto expert familiar with those pitfalls, I wouldn't recommend it.

I would advise sticking to the standard suggestions I advised.

But again, the selection of a cipher is only about 5% of the problem, and it's the easy 5%. (Maybe it's only 1%.) Obsessing on the choice of block cipher doesn't make much sense.

Reply to
David Wagner

All you have to do is to insert your secret message near the end of the _Battlefield Earth_ DVD and send it to every rental store in the world. No encryption needed; nobody is capable of watching the entire movie, and so your secret is perfectly safe.

--
Guy Macon
Reply to
Guy Macon

Steganography is used to embed copy protection or user identification codes into media files so they are difficult to detect or remove. Look up "digital watermark" in google or wikipedia.

Reply to
Paul Rubin

Got it. Forgot that whole side of DRM. Thanks.

Reply to
Joe Pfeiffer

I think that there are some inkjet printers that embed some identifying marks within printed images.

Reply to
Chris Thomasson

Yes, in the form of "watermarking".

P. Potter: I agree with you. Stega cannot be used for key validation etc.

Reply to
Uncle Noah

2KB-8KB program memory The CPU is a new architecture specified and designed by me over last months. It is a RISC.
200 cycles per sample are reasonable. Not more than 500 cycles anyway.
8KB

Yet to specify. It could be NAND Flash, but haven't decided the size. It should have the size of program memory + data memory at minimum.

Is this product on sale? Is it a re-vamp of NES-like system (i love the platform)!

Taking about NES, I loved the PPU (alhough i can't put effort to redesign it, it is not legal after all).

I also have some ideas (and implementations) on paletted color images that don't need a palette to accompany them!!! There are limitations but i can put down a few more explanations if you are interested (you only need another magic number of 32-bits size). No palette whatsoever. My custom image format works but haven't publishized the idea before today.

In case of a NES-like system, what did you do for the graphics subsystem?

Regards Nikolaos Kavvadias

Reply to
Uncle Noah

Actually it is not, assuming that you don't own the "base" image and that it usually goes unnoticed. It could be easier only if you knew what images to examine and have a clue on the base image (at least some patterns, it order to extract the alphabet of the hidden message).

Nikolaos Kavvadias

Reply to
Uncle Noah

That's very true. It got under media attention just last year, but all major printing companies do that for about 3 decades (in one form or another).

But then again, why hasn't OBL been caught yet? (just joking)

Reply to
Uncle Noah

As I understand the terms, steganography is different from watermarking; they are both examples of information hiding, but they have little overlap (as I understand the terms). Watermarks are hard to remove but it might be easy to detect that a watermark is present. Stego messages might be easy to remove but it should be hard to detect that a stego-message is present.

Reply to
David Wagner

CT> I think that there are some inkjet printers that embed some CT> identifying marks within printed images.

More popular with lasers, actually.

formatting link

/Benny

Reply to
Benny Amorsen

Main reason for developing this chipher was for getting a tool which could be used for privacy protection of selected fields in large database *without breaking existing code*. As such, the tool must provide *non-expanding typeaware encryption* of privacy sensitive fields such as birthday, social security number, credit card number and others. It could be thought as scrambling data in such way that data is viewable, doesn't break existing applications, but scrambled data would not leak information about real values of these fields when encryption key is not available. Encryption key was specified to be

128 bits.

Security goal for such a cipher could be expressed as following: even when adversary, having access to encryption oracle, have collected encryption of all but last two points of the domain, adversary should not be able to distinguish encryption of remaining points significantly better than a random guess.

For example, using tinyPRP allowed to encrypt values of birthday fields to another valid date value that is between 18 and 69 years old, and as such it doesn't break any existing code that shows the record, but it doesn't provide any information except what is known to adversary apriory (if the person is working, then he/she is between 18 and 69 years old). Social security number in Norway is build by using birthday (DDMMYY) + 5 digit number that has special structire, wich is validated using known algorithm.

There was no existing tool that could allow to achieve this goal. Stream ciphers are not suitable at all (bit flipping and they can't provide non-expandability when size of domain isn't exact power of 2). Block ciphers with bigger block size would require too much processing (and may be unfeasible when block size is 80 bits or higher) if attempted to be used with cycle-walking mode for non-expanding encryption.

Another usage would be for creating a short MACs where using cipher with small block size is (arguably) better than using cipher with big block size and then truncating MAC's value to 32bits (as it is for example done in DSRC protocol for Electronic Fee Collection applications - see ISO 14906).

There are several other interesting uses for such cipher as well, some of them I have mentioned in my article. Again, I'm not encouraging to use this cipher for encrypting large amount of data where standard ciphers are supperior choice, but it is a very usefull tool when it is used for purposes that fits for ciphers with such a small block size.

-Valery.

Reply to
Valery Pryamikov

Here is a little explanation.

Cycle walking mode is following:

encryption: if (p does not belong to domain) then return error; do { p = encrypt(k,p); } while (p does not belong to domain); return p;

decryption: if (p does not belong to domain) then return error; do { p = decrypt(k,p); } while (p does not belong to domain); return p;

This is permutation (i.e. encryption and decryption works) and it allows non-expanding datatype-aware encryption / decryption.

however, if domain size is small, but blocksize is big, then it would require too many interation for getting out of the cycle. When block size is 64 bits and domain size < 2^24 - it could take several minutes for single encryption/decryption operation (with even more timer required for smaller domains). When blocksize is 80 bits or more - it may be unfeasible to finsish encryption/decryption with cycle walking mode if domain size is 2^16 or less.

-Valery.

Reply to
Valery Pryamikov

You have tripped up on stream ciphers in the above paragraph. A stream cipher can be used for any byte or even bit lenght without message expansion and that is its main advantage.

Take the good advice of Prof Wagner

.
Reply to
David Eather

Stream cipher can be used for encrypting *bitstring* without expansion. However encryption of integer number between 0 and 10000 will give you value expansion to ragne

0...16384.

-Valery

Reply to
Valery Pryamikov

It can be a stream of numbers between 0 and 10000, that you'd add mod

10000.
Reply to
Paul Rubin

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.