234 references [12.8] Rabin, M.O.: ‘Probabilistic algorithms’ in Traub, J.F. (ed): Algorithms <strong>and</strong> Complexity, Academic Press, New York, pages 21–39 (1976). [12.9] Solovay, R. <strong>and</strong> V.Strassen: ‘Afast Monte Carlo test for primality’, SIAM Journal of Computing, 6, (1977), 84–5. Erratum: ibid, 7 (1978), 118. Chapter 13 [13.1] Rivest, R.L., A.Shamir <strong>and</strong> L. Adelman: ‘Amethod for obtaining digital signatures <strong>and</strong> public key cryptosystems’, Communications of <strong>the</strong> ACM, 21 (1978), 120-26. The essentials of this method <strong>and</strong> <strong>the</strong> Diffie–Hellman key exchange system had been discovered some years earlier by James Ellis at GCHQ but security restrictions prevented publication at <strong>the</strong> time. For an account of <strong>the</strong> work of Ellis <strong>and</strong> o<strong>the</strong>rs at GCHQ see <strong>the</strong> article ‘The open secret” by Steven Levy in Wired, April 1999, 108–15. [13.2] The proof of Fermat’s Last Theorem, by Andrew Wiles in 1993, involves extremely sophisticated ma<strong>the</strong>matics. For a good, very readable, account see Singh, Simon: Fermat’s Last Theorem; Fourth Estate, London (1997). [13.3] National Bureau of St<strong>and</strong>ards in Federal Register, issue of May 15th, 1973. [13.4] National Bureau of St<strong>and</strong>ards in Federal Register, issue of August 27th, 1974. [13.5] Konheim, A.G.: [5.2]. A full description of <strong>the</strong> DES with results of test data is given on pages 240–79. [13.6] Davies, D.W <strong>and</strong> W.L. Price; [12.7] Chapter 3, pages 49–87 deals with <strong>the</strong> DES. It should be noted that <strong>the</strong> S-Box tables on page 58 contain three errors. The S- Boxes are given correctly in [13.7]. [13.7] Federal Information Processing St<strong>and</strong>ards Publication 185: Escrowed Encryption St<strong>and</strong>ard (EES). A complete specification of Skipjack is given in ‘Skipjack <strong>and</strong> KEA Algorithm Specifications’ (Version 2.0, May 1998). [13.8] Lai, X. <strong>and</strong> J.L. Massey: ‘Aproposal for a new block encryption st<strong>and</strong>ard’, Advances in Cryptology, Eurocrypt ’90, Springer-Verlag, Berlin, pages 389–404; (1991). [13.9] Galbraith, S.: ‘Elliptic curve public key cryptography’, Ma<strong>the</strong>matics Today, 35 (3), 76–9 (June 1999). [13.10] Zimmermann, Philip: The Official PGP User’s Guide, MIT Press (1996). [13.11] Garfinkel, Simson L: PGP. Pretty Good Privacy, O’Reilly, Sebastopol, California (1994). [13.12] Beauchemin, P., G. Brassard, C. Crepeau, C. Goutier, <strong>and</strong> C. Pomerance: ‘The generation of r<strong>and</strong>om numbers that are probably prime’, Jounal of Cryptology, 1, 53–64 (1988). [13.13] Bell, E.T; Men of Ma<strong>the</strong>matics, Pelican Books, Harmondsworth, Middlesex (1953). Originally published in 1937. Provides very readable accounts of <strong>the</strong> lives <strong>and</strong> works of more than 30 of <strong>the</strong> greatest ma<strong>the</strong>maticians from ancient times to <strong>the</strong> early twentieth century. This edition is in two volumes; <strong>the</strong> chapter on Galois is in Volume 2.
Name index Adelman, L. 171, 234 Andrews, G. E. 232 Barker, W. G. 233 Beauchemin, P. 234 Beker, H. 233 Bell, E. T. 234 Berlekamp, E. R. 230 Brassard, G. 234 Brooke, R. 78 <strong>Caesar</strong>, <strong>Julius</strong> passim Chadwick, J. 230 Champollion, J. F. 230 Churchhouse, R. F. 232, 233 Clark, R. W. 231 Crepeau, C. 234 Davies, D. W. 233, 234 Deavours, C. A. 232 Denham, H. C. 231 Dickens, C. 33 Diffie, W. 166, 233 Doyle, A. C. ix Ellis, J. 234 Estermann, T. 233 Eratos<strong>the</strong>nes 173 Euclid 192–3 Euler, L. 173, 175, 205, 211 Feller, W. 232 Fermat, P. 173, 175, 234 Fibonacci passim Fitzgerald, E. 218 Flannery, B. P. 232 Francis, W. N. 230 Friedman, W. F. 231 Galbraith, S. 234 Galois, E. 216–7 ‘garbo’ 9, 52, 88–92, 230, 232 Garfinkel, S. L. 234 Garlinski, J. 232 Gauss, C. F. 209, 233 Golomb, S. W. 232 Good, I. J. 31, 35, 132, 231 Goutier, C. 234 Hadamard, J. 233 Hammersley, J. W. 232 Hamming, R. W. 8 H<strong>and</strong>scomb, D. C. 232 Hardy, G. H. 232, 233 Hellman, M. E. 166, 233 Hill, R. 230 Hinsley, F. H. 231 <strong>and</strong> passim Howlett, J. 233 Ingham, A. E. 233 Jefferson, T. 37–9, 110, 122 Kahn, D. 231 Konheim, A. G. 231, 234 Lai, X. 187, 234 Lavington, S. 233 Leonardo of Pisa see Fibonacci Levy, S. 234 Massey, J. L. 187, 234 Metropolis, N. 233 Moroney, M. J. 231 Morse, S. 64 Painvin, G. 58 Pepys, S. 7 [235]
- Page 2 and 3:
This page intentionally left blank
- Page 5 and 6:
R. F. Churchhouse Codes and ciphers
- Page 7 and 8:
Contents Preface ix 1 Introduction
- Page 9 and 10:
Cryptanalysisofalinearrecurrence 10
- Page 11 and 12:
Preface Virtually anyone who can re
- Page 13 and 14:
1 Introduction Some aspects of secu
- Page 15 and 16:
Not a very sophisticated method, pa
- Page 17 and 18:
change. As an example, anticipating
- Page 19 and 20:
Another form of encryption is the u
- Page 21 and 22:
and so is valid. On the other hand
- Page 23 and 24:
When the modulus is 10 only the num
- Page 25 and 26:
2 From Julius Caesar to simple subs
- Page 27 and 28:
Table 2.3 Shift Message 12 OUI 12 Y
- Page 29 and 30:
worry about but, on the other hand,
- Page 31 and 32:
then it is probably THE and the unk
- Page 33 and 34:
From Julius Caesar to simple substi
- Page 35 and 36:
From Julius Caesar to simple substi
- Page 37 and 38:
Table 2.6 From Julius Caesar to sim
- Page 39 and 40:
From Julius Caesar to simple substi
- Page 41 and 42:
and the key which provides the enci
- Page 43 and 44:
Further examination reveals that th
- Page 45 and 46:
ALTHOUGH I AM AN OLD MAN NIGHT IS G
- Page 47 and 48:
Polyalphabetic systems 35 messages
- Page 49 and 50:
Before leaving Vigenère try the fo
- Page 51 and 52:
Polyalphabetic systems 39 blocks of
- Page 53 and 54:
eginning at the top, but it is then
- Page 55 and 56:
first row above, for example, we fi
- Page 57 and 58:
Table 4.4 Key 3 1 5 2 4 1 2 3 4 5 6
- Page 59 and 60:
giving B G L D I N A F K E J O C H
- Page 61 and 62:
then the cipher text is HORUX SXSEO
- Page 63 and 64:
The plaintext digraphs are now sepa
- Page 65 and 66:
ox increases. By enumerating the po
- Page 67 and 68:
Example 5.1 HAPPY BIRTHDAY encipher
- Page 69 and 70:
Encryption The ‘plaintext’ is A
- Page 71 and 72:
plaintext digraphs according to som
- Page 73 and 74:
Cryptanalytic aspects of Playfair P
- Page 75 and 76:
OURXSITUATI ONXISXDESPE RATEXSENDXS
- Page 77 and 78:
the alphabet are represented by up
- Page 79 and 80:
From a cryptographic point of view
- Page 81 and 82:
3 7 0 7 7 4 1 5 6 1 7 8 5 3 8 1 9 0
- Page 83 and 84:
If we generate the same sequence (m
- Page 85 and 86:
Stencil ciphers The example above i
- Page 87 and 88:
Book ciphers A spy must avoid arous
- Page 89 and 90:
Table 7.2 Encipher table for a book
- Page 91 and 92:
Letter frequencies in book ciphers
- Page 93 and 94:
If then we try subtracting THE from
- Page 95 and 96:
where row F (the row of the cipher
- Page 97 and 98:
Ciphers for spies 85 that were nece
- Page 99 and 100:
mistake can occur if the sender lea
- Page 101 and 102:
inks and ciphers were provided by h
- Page 103 and 104:
Example 7.6 Encipher the message AG
- Page 105 and 106:
Ciphers for spies 93 simply a ‘ra
- Page 107 and 108:
going into the mathematical criteri
- Page 109 and 110:
numbers, 0 to 31 inclusive, into bi
- Page 111 and 112:
Linear recurrences The sequences lo
- Page 113 and 114:
Having converted the characters of
- Page 115 and 116:
What about sequences of higher orde
- Page 117 and 118:
combining the keys of two or more l
- Page 119 and 120:
Example 8.3 (1) Use the mid-square
- Page 121 and 122:
Problem 8.3 Starting with U 0 �1
- Page 123 and 124:
The Enigma cipher machine 111 syste
- Page 125 and 126:
The Enigma cipher machine 113 Plate
- Page 127 and 128:
The Enigma cipher machine 115 Plate
- Page 129 and 130:
Figure 9.2. wheel. For example, if
- Page 131 and 132:
wheel and then through the three wh
- Page 133 and 134:
first day of usage and so the asses
- Page 135 and 136:
The Enigma cipher machine 123 The m
- Page 137 and 138:
show how, in a typical encipherment
- Page 139 and 140:
interested reader can find it in [9
- Page 141 and 142:
great deal of data and many pages o
- Page 143 and 144:
It should be realised, of course, t
- Page 145 and 146:
10 The Hagelin cipher machine Histo
- Page 147 and 148:
ut there was no cryptographic advan
- Page 149 and 150:
of each cipher period, to which sid
- Page 151 and 152:
value can be expected to occur two
- Page 153 and 154:
Since some cages are obviously very
- Page 155 and 156:
2, there are 26! possible simple su
- Page 157 and 158:
The Hagelin cipher machine 145 Exam
- Page 159 and 160:
values are repeating at the appropr
- Page 161 and 162:
Overlapping will obviously affect t
- Page 163 and 164:
Table 10.6 The Hagelin cipher machi
- Page 165 and 166:
11 Beyond the Enigma The SZ42: a pr
- Page 167 and 168:
Description of the SZ42 machine The
- Page 169 and 170:
P1 41 43 Z1 (4) the five bits from
- Page 171 and 172:
which is approximately 1.6�10 19
- Page 173 and 174:
12 Public key cryptography Historic
- Page 175 and 176:
part of the story of what has been
- Page 177 and 178:
Public key cryptography 165 graphic
- Page 179 and 180:
(4) Now (k x ) y �(k y ) x �m x
- Page 181 and 182:
Public key cryptography 169 Despite
- Page 183 and 184:
If the cryptographer were prepared
- Page 185 and 186:
number of tests increased by a fact
- Page 187 and 188:
In this case the remainder is 4, no
- Page 189 and 190:
key, d, we use the Euclidean Algori
- Page 191 and 192:
the decipher key, d, is used instea
- Page 193 and 194:
and and, since Table 13.1 n N�2 n
- Page 195 and 196: The Data Encryption Standard (DES)
- Page 197 and 198: the message were known to relate to
- Page 199 and 200: whereas in block cipher systems, su
- Page 201 and 202: (1) X precedes M with information w
- Page 203 and 204: ways, since choosing to pair, say,
- Page 205 and 206: For example; if someone claims that
- Page 207 and 208: depth, mentioned in Chapter 3. If w
- Page 209 and 210: M9 Combining two biased streams of
- Page 211 and 212: and so 2�4�6�12 �(4095)�4
- Page 213 and 214: Verification Let the recurrence be
- Page 215 and 216: the lettersatsetting2ofthewheel,and
- Page 217 and 218: M16 Probability of a ‘depth’ in
- Page 219 and 220: (2) In how many ways can N be repre
- Page 221 and 222: Chapter 13 M21 (Rate of increase of
- Page 223 and 224: Multiply each of these by M: M, 2M,
- Page 225 and 226: If x 3 �0 divide x 2 by x 3 to gi
- Page 227 and 228: then k�[ log 2 n], where [z] deno
- Page 229 and 230: Mathematical aspects 217 problem un
- Page 231 and 232: RHAPSODY and SYMPHONY agree in posi
- Page 233 and 234: 4.2 (Number of possible transpositi
- Page 235 and 236: Table S.5 R H A P S O D Y B C E F G
- Page 237 and 238: Chapter 8 8.1 (Recurrences of order
- Page 239 and 240: columns in each case, are full of c
- Page 241 and 242: Chapter 11 11.1 (Pin-setting errors
- Page 243 and 244: [2.4] Moroney, M.J.: Facts from Fig
- Page 245: [10.3] Almost any elementary book o
- Page 249 and 250: Subject index Abwehr Enigma 124, 13
- Page 251 and 252: active pin 136 cage:‘good’ 141;