Table Of ContentLecture Notes in
Computer Science
Edited by G. Goos and J. Hartmanis
149
Cryptography
Proceedings of the Workshop on Cryptography
Burg Feuerstein, Germany, March 29 -April 2, 1982
Edited by Thomas Beth
S pr i ng e r-Ver Ia g
Berlin Heidelberg NewYork 1983
Editorial Board
D. Barstow W. Brauer P. Brinch Hansen D. Gries D. Luckham
C. Moler A. Pnueli G. Seegrnuller J. Stoer N. Wtrth
Editor
Thomas Beth
F r i ed i c h- A I ex a n d e r U ni ve rs i ta t Er la nge n- N u r nb erg
lnstitut fur Mathematische Maschinen und Datenverarbettung (Informatik 1)
Martensstr 3, 8520 Erlangen, FRG
m
Gesellschaft fur lnforrnatik e.V. lnstitut fur Mathernatische
-FachausschuO8- Maschinen und Datenverarbeitung
ARBEITSTAGUNG UPER KRYPTOGRAPHIE - BURG FEUERSTEIN - 29. 3. - 2. 4. 82
Diese erste europaische Arbeitstagung uber Kryptographie wurde von folgenden lnstttuttonen
gemetnsam getragen
Lehrstuhl I (Prof Dr K Leeb) des lnstituts fur Mathernatische Maschinen und
Datenverarbeitung (Inforrnatik) der Universttat Erlangen-Nurnberg
Gesellschaft fur Inforrnatik eV (FachausschuO 8)
Deutsche Forschungs-Gerneinschaft
CR Subject Classifications (1982): D 3
ISBN 3-540-119 93-0 Springer-Verlag Berlin Heidelberg New York
ISBN 0-387-11993-0 Springer-Verlag New York Heidelberg Berlin
Library of Congress Cataloging IP Publication Data Main entry under title Cryptography.
proceedings, Burg Feuerstein. 1982. (Lecture notes ir, computer science , 1491
1. Cryptography-Congresses I. Beth, Thomas, 1949.. II Srries. 2102 5 C78 1983 001.54'36 83~430
ISBN 0-387-11993-0
This work is subject to apyright. All rights are reserved. whether the whole or part of the material
is concerned, specifically those of translation, reprinting. re-use of illustrations. broadcasting.
reproduction by photocopying machine or similar means. and storage in data banks. Under
9 54 of the German Copyright Law where copies are rnadr for othw than private use, a fee is
payable to "Verwertungsgesellschaft Wort", Munich
L by Springrr-Verlag Berlin Hpidrlbrrg 1983
Printed in Germany
Printing and binding. Beltz Offsetdruck. Hernsbach/Bergstr
31 AE~/?Id n E~A?CVn
Wir wcrden in der Folge Gelegenheit nehrncn, die rnancherlei
Arten diescs Verstcckcns nahcr zii betrachten. Syrnbolik, Allc-
gorie, Ratsel, Attrape, Chiffrieren wurdcn in Ubung gesetzt.
Apprehension gcgen Kunstverwandte, hlarktschrcierei, Dunkel,
Witz und Geist hatten alle gleiches Intercsse, sich auf diesc
Weise zii uben und geltend zu rnachcn, so daU der Gcbratich
dieser Vcrheirnlichungskunste sehr lebhaft bis in das
siebzehntc Jahrhundert hinubergcht iind sich Zuni Teil noch in
den Kanzleien dcr Diplornatiker crhalt.
Goethe: Farbenlchre-Historischer Tei1,aus:"Lust am Geheirnnis"
This book contains the proceedings of a workshop on cryptography that took place
from March 29th to April 2nd , 1982 , at Burg Feuerstein in the lovely surroundings
of the Frankische Schweiz near Erlangen.
Burg Feuerstein is an extensive estate run by the diocese of Bamberg. It serves
many purposes , mainly of social character.
Our workshop on cryptography , however , proved to be in the best tradition\ of
these grounds , since the 'Burg is not a genuine castle : it was built in the early
1940 s as a camouflaged center for communications engineering emphasizirig crypto-
.
graphic research The unintended coincidence gives a good opportunity to note the
changes that cryptographic research has undergone since then. One of the mo\t
remarkable was the fact that thcre were 76 participants from 14 nations.
This volume contains 26 articles altogether. The introduction is an expository
survey for non-specialists and places in context the other 25 papers submitted. Tlrcse
are grouped into 10 sections within which they are arranged with regard to content.
The editor has refrained judiciously from judging the significance or consistency of all
the results. Together with its rather extensive ( doubly linked bibliography the book
could be used as a self-contained text. At the bacL of the book are a list of
participants as well as a list of the talks for which no paper was submitted.
-
ihe organizer is indebted to the Deutsche Forschungs - Gcmeinsrhaft and io the
Gesellschaft fur lnforrnatik for supporting the conference.
The advice given by H.J.Beker (Racal-Comsec,Salisbury) , by H.-R. Schuchrnann
(Siemens-Forschungslaboratorien,Munchen), and by N.J.A. Sloane (Bell Laboratories.
Murray Hill ) were of substantial help.
Finally it is a pleasure to thank R.Dierstein (DFVLR Oberpfaffenhofen) for his ex-
perienced aid in organizing the workshop.
T.B.
Contents
Section I : Introduction 1-18
Section 2 : Classical Cryptography 29-68
F.L.Raucr: Cryptology-Methods and Maxims 31
Mechanical Cryptographic Devices 47
A.G.Konheim: Cryptanalysis of a Kryha machine 49
H-R.Schuchmann: Enigma Variations 65
Section 3 : Mathematical Foundations 69- 128
N.J.A.Sloane: Encrypting by Random Rotations 71
Section 4 : Analogue Scrambling Schemes 129- 178
H.J.Beker: Analogue Speech Security Yystems 130
P.Hess;K.Wirl: A Voice Scrambling System for Testing arid Demonstration I47
K.-P.Tinimann: The Rating of Understanding in Secure Voice
Con1 m II n ic a t Io n Systems I57
L.Gyorfi;l.Kereles: Analysis of Multiple Access Channcl Using
hlultiple Level FSK 165
F.Pichler: Analog Scrambling by the General Fasr Fourier Transform 173
Section j : Stream Ciphers 179-2 16
F.C.Piper: Stream Ciphers IRI
S.M.Jennings: Multiplexed Sequences: Some Properties of
the Minimum Polynomial 189
T.Herlestan1: On Using Prime Polynomials in Crypto Generators 207
Section 6 : Cryptography in Large communication Systems 217-232
M.R.Oberman: Communication Security in Remote
Gntrolled Computer Systems 219
L.Horbach: Privacy and Data Protection in Medicine 228
Vlll
Section 7 : The Data Encryption Standard 233-279
I.Schaumuller-Bichl: Cryptanalysis of the Data Encryption
Standard by the Method of Formal Coding 235
J.A.Gordon;H.Ketkin: Are Big S-Boxes Best 257
D.W.l)avies;G.I.P.ParLin: The Average Cycle Size of the Key Stream
in Output Feedback Encipherment 26 3
Section 8 : Authentication Systcms 281-306
M .I >av io ;J .- M .G oe t ha I s ;J .- J .Q u is qu a t e r : Au t h e n t I cat ion Procedures 28 3
P.Sch0bi;J.L.Masse-y: Fast Authentication in a Trapdoor -Knapsack
Public Key Cryptocystem 289
Section 9 : The Merkle - Hcllnian - Scheme 307-322
I.lngcmarsson: A New Algorithm for the Solution of the
Knapsack Problem 3 09
R.Eier;H.Lagger: Trapdoors in Knapsack Cryptosystems 316
Section 10: The Rivest - Shamir - Adleman - Scheme 323-375
C.P.Schnorr: Is the RSA -Scheme Safe ? 325
J.Sattler;C.P.Schnorr: Ein Effizienzvergleich der Faktorisierungs-
verfahren von Morrison-Hrillhart und Schroeppel 33'
A.Ecker: Finite Semigroups and the RSA-Cryptosystem 353
M.Mignotte: How to Share a Secret? 37 I
List of talks for which no paper was snbmitted 376
Bibliography 377-397
List of Participants 398-402
Section I
Introduction
T. Beth (Ed.): Cryptography - EUROCRYPT '82, LNCS 149, pp. 1-28, 1983.
0 Springer-Verlag Berlin Heidelberg 1983
3
Having all of a sudden left the shady corner of semi-military art,
modern cryptography has become a central topic of research in all
areas of communication science.
Definitions
-
(cf. Bauer pp. 31 48) Cryptographic measures are applied to pro-
tect valuable data during transmission
against unwanted interception
INTERCEPTOR
Fig. A: passive violation
.
and (possibly undectable) forgery
Fig. 2: acti-se violation
-
In accordance with the subsequent paper of Bauer (pp. 31 481,
the technique applied to meet these requirements is called encw-
tion. In this process the transmitter enciphers (or encrypts) a
plaintext message into a ciphertext.
4
ciphertexc
ciphering
Fig. 3: The Wire-tap-channel
This transformation is called a cipher(function) which the auto-
rized receiver deciphers (decrypts).
An enemy is a person or institution who wants illegal access to the
messages. Assuming that the enemy can only get hold of the cipher-
texts, he has to perform a cryptanalysis in order to reconstitute
the plaintexts.
To add to the difficulties for a cryptanalyst, the cipher functions are
chosen to a varying parameter, called the key. A generator
cryptosystem consists of a class of injective cipher functions
E S : M - C ,
.
mapping plaintext messages(EM) into ciphertexts(EC)
The parameter s runs through the set K of keys.
These formulations are best demonstrated by the basic, classical
examples.
Historical Ciphers
A rather extensive portion of today’s cryptographic research is
still concerned with the study of classic crypto-systems. One of
the most simple systems, the socalled CAESAR,
