Py (cipher)

Py (cipher)

* Py is a stream cipher submitted to eSTREAM by Eli Biham and Jennifer Seberry. It is one of the fastest eSTREAM candidates at around 2.6 cycles per byte on some platforms. It has a structure a little like RC4, but adds an array of 260 32-bit words which are indexed using a permutation of bytes, and produces 64 bits in each round.

The authors assert that the name be pronounced "Roo", a reference to the cipher's Australian origin, by reading the letters "Py" as Cyrillic (РУ) rather than Latin characters. This somewhat perverse pronunciation is understood to be their answer, in jest, to the difficult-to-pronounce name "Rijndael" for the cipher which was adopted as the Advanced Encryption Standard.

* In January 2007, three new ciphers TPy, TPypy and TPy6 have been designed by Eli Biham and Jennifer Seberry as strengthened variants of the original Py.

* At [http://www.cse.iitm.ac.in/~indocrypt2007 Indocrypt 2007] , Gautham Sekar, Souradyuti Paul and Bart Preneel proposed two new ciphers RCR-32 and RCR-64 based on the design principles of Py. =Attacks on the Py-family =
As of 2006, the best cryptanalytic attack on Py (by Hongjun Wu and Bart Preneel) can under some circumstances (eg where the IV is much longer than the key) recover the key given partial keystreams for 224 chosen IVs [http://www.ecrypt.eu.org/stream/papersdir/2006/052.pdf] .

In a more difficult scenario from the point of view of attacker, given only known plaintext (rather than chosen plaintext), there is also a distinguishing attack on the keystream (by Paul Crowley) which requires around 272 bytes of output and comparable time. This is an improvement on an attack presented by Gautham Sekar, Souradyuti Paul and Bart Preneel which requires 288 bytes. There is a still a debate whether these attacks constitute an academic break of Py. When the attackers claim that the above attacks can be built with workload less than the exhaustive search under the design specifications of Py and therefore, it is clearly a theoretical break of the cipher, the designers rule out the attacks because Py's security bounds limit any attacker to a total of 264 bytes of output across all keystreams everywhere. A recent revision of the Paul, Preneel, and Sekar paper includes a detailed discussion of this issue in section 9. There are no doubts about the legitimacy of the Wu and Preneel attack.

Py was selected as Phase 2 Focus Candidate for Profile 1 (software) by the eSTREAM project [http://www.ecrypt.eu.org/stream/endofphase1.html] but did not advance to Phase 3 due to the Wu and Preneel chosen IV attack. [http://www.ecrypt.eu.org/stream/endofphase2.html] .

In January 2007, three new ciphers namely TPy, TPypy and TPy6 have been proposed by the designers of Py to eliminate the above attacks. The TPy is still vulnerable against the above distinguishing attacks by Paul et al. (complexity 288) and Crowley (complexity 272). The best attack so far on the TPypy, which is conjectured to be the strongest of the Py-family of ciphers, is by Sekar et al. which is a distinguishing attack with data complexity 2281. This attack is only meaningful if the key-size of TPypy is longer than 281 bits.

To remove attacks on TPy and TPypy, Sekar, Paul and Preneel at [http://www.cse.iitm.ac.in/~indocrypt2007 Indocrypt 2007] gave proposals for two new ciphers RCR-32 and RCR-64. So far there are no attacks against the RCR-32 and RCR-64.

External links

* Eli Biham,Jennifer Seberry, [http://www.ecrypt.eu.org/stream/ciphers/py/py.ps Py specification] (PostScript)
* Eli Biham,Jennifer Seberry, [http://www.ecrypt.eu.org/stream/papersdir/2007/038.ps Tweaking the IV Setup of the Py Family of Stream Ciphers -- The Ciphers TPy, TPypy, and TPy6]
* [http://www.ecrypt.eu.org/stream/py.html eStream page on Py]
* Paul Crowley, [http://www.ciphergoth.org/crypto/py/ Cryptanalysis of Py]
* Souradyuti Paul,Bart Preneel,Gautham Sekar, [http://www.cosic.esat.kuleuven.be/publications/article-735.pdf Distinguishing attacks on the stream cipher Py] , FSE 2006.
* Gautham Sekar,Souradyuti Paul,Bart Preneel, [http://mirror.cr.yp.to/eprint.iacr.org/2007/075 Weaknesses in the Pseudorandom Bit Generation Algorithms of the Stream Ciphers TPypy and TPy] , IACR-ePrint report.
* Souradyuti Paul,Bart Preneel, [http://eprint.iacr.org/2005/448 On the (In)security of Stream Ciphers Based on Arrays and Modular Addition (Full Version) ] , Asicrypt 2006.
* Gautham Sekar,Souradyuti Paul,Bart Preneel, [http://www.cosic.esat.kuleuven.be/publications/article-932.pdf Related-key Attacks on the Py-family of Ciphers and an Approach to Repair the Weaknesses] , Indocrypt 2007.
* [http://www.iaik.tugraz.at/research/krypto/AES/old/~rijmen/rijndael/ The Rijndael page] - the "Rijndael FAQ" is gently parodied in Appendix B of the Py specification.


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Cipher (band) — Cipher Origin Long Beach, New York, USA Genres Hardcore punk Metalcore Years active 1996–2011? Labels Uprising Records …   Wikipedia

  • Cipher Complex — Developer(s) Edge of Reality Publisher(s) Sega Composer(s) Front 242 Plat …   Wikipedia

  • Cipher — Ci pher, n. [OF. cifre zero, F. Chiffre figure (cf. Sp.cifra, LL. cifra), fr. Ar. [,c]ifrun, [,c]afrun, empty, cipher, zero, fr. [,c]afira to be empty. Cf. {Zero}.] [1913 Webster] 1. (Arith.) A character [0] which, standing by itself, expresses… …   The Collaborative International Dictionary of English

  • Cipher key — Cipher Ci pher, n. [OF. cifre zero, F. Chiffre figure (cf. Sp.cifra, LL. cifra), fr. Ar. [,c]ifrun, [,c]afrun, empty, cipher, zero, fr. [,c]afira to be empty. Cf. {Zero}.] [1913 Webster] 1. (Arith.) A character [0] which, standing by itself,… …   The Collaborative International Dictionary of English

  • Cipher in the Snow — Directed by Keith J. Atkinson Produced by Judge Whitaker Keith J. Atkinson Written by Jean Mizer Screenplay by Carol Lynn Pearson …   Wikipedia

  • Cipher Feedback — Mode (CFB) ist eine Betriebsart (Modus), in der Blockchiffren betrieben werden, damit Klartexte verschlüsselt werden können, die länger als die Blocklänge des Chiffrierverfahrens sind. Beispiele für Blockchiffre sind der Data Encryption Standard… …   Deutsch Wikipedia

  • cipher — UK [ˈsaɪfə(r)] / US [ˈsaɪfər] or cypher UK / US noun Word forms cipher : singular cipher plural ciphers 1) [countable/uncountable] a secret system of writing, used for sending messages so that no one can understand them unless they know the… …   English dictionary

  • Cipher (disambiguation) — Cipher can refer to: An algorithm for performing encryption, including: substitution ciphers permutation ciphers An English name for the number 0 Cipher, an evil Pokémon syndicate, Cipher (marvel), a Marvel Comics X Men character. Cipher… …   Wikipedia

  • Cipher (album) — Cipher Studio album by The Alpha Conspiracy Released 2001 …   Wikipedia

  • Cipher Method — Studio album by Negative Format Released 2003 Genre …   Wikipedia

  • Cipher Pol — (サイファーポール, Saifā Pōru?) est un organisme de fiction du manga One Piece. Le terme vient de cipher, qui signifie chiffre et de pol, qui est une abréviation de police. Cipher Pol est une branche du gouvernement chargée de l espionnage et des… …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”