Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 Stream Cipher Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li

Similar presentations


Presentation on theme: "Chapter 5 Stream Cipher Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li"— Presentation transcript:

1 Chapter 5 Stream Cipher Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li http://cst.hit.edu.cn/~lizhijun lizhijun_os@hit.edu.cn

2 Zhijun LiS1034040/Autumn08/HIT2 Outline Stream Cipher Overview Pseudorandom Number Generator PRNGs –LFSR –BBS Stream Ciphers

3 Zhijun LiS1034040/Autumn08/HIT3 Block Cipher Review The ways to encrypt the message –Block ciphers c=c 1 c 2 …=e K (m 1 )e K (m 2 )… –Stream ciphers c=c 1 c 2 …=e k1 (m 1 )e k2 (m 2 )… key stream (k 1,k 2,…) –Block cipher is an instance of Stream cipher The key stream is K, K,…

4 Zhijun LiS1034040/Autumn08/HIT4 Stream Cipher OTP Review: C=P  K and K is a random bits Stream ciphers: –Idea: replace “rand” by “pseudo rand” –Use Pseudorandom Number Generator (PRNG) –PRNG: {0,1} s → {0,1} n –The seed is the secret key E seed [M] = M  PRNG(seed)

5 Zhijun LiS1034040/Autumn08/HIT5 Stream Cipher Architecture Plaintext Short Key: K Encryption Pseudorandom byte generator (key stream generator)  M k C Plaintext Decryption  Pseudorandom byte generator (key stream generator) Short Key: K Ciphertext

6 Zhijun LiS1034040/Autumn08/HIT6 Stream Cipher: Properties More maths –OTP have perfect secrecy –More maths in pseudorandomness Very fast –Encryption based on  The same stream can be used only once –Known-plaintext attack –The period of PRNG should be long Used in many places –Network, DVD, Mobile

7 Zhijun LiS1034040/Autumn08/HIT7 Outline Stream Cipher Overview Pseudorandom Number Generator PRNGs –LFSR –BBS Stream Ciphers

8 Zhijun LiS1034040/Autumn08/HIT8 Definition: A PRNG (Pseudorandom Number Generator) G is deterministic polynomial algorithm s.t. –Expansion:  l(n)>n,  x, |G(x)| = l(|x|) –Pseudorandomness: {G(U n ); n  1} is polynomial indistinguishable from {U l(n) ; n  1}, where U n is a uniform random sequence PRNG

9 Zhijun LiS1034040/Autumn08/HIT9 Definition: Two random sequence {X n ; n  1} and {Y n ; n  1} are polynomial indistinguishable if:  polynomial Boolean function f: {0,1}*  {0,1}  positive polynomial p(x) and n  N |Pr(f(X n )=1) – Pr(f(Y n )=1)| < 1/p(n) Definition: Two random sequence {X n ; n  1} and {Y n ; n  1} are statistical indistinguishable if:  (n) = ½  x  {0,1} n |Pr(X n =x) - Pr(Y n =x)| < 1/p(n) Pseudorandomness

10 Zhijun LiS1034040/Autumn08/HIT10 Statistical Indistinguishable  Polynomial Indistinguishable Polynomial Indistinguishable  Statistical Indistinguishable Theorem: If G is a PRNG, then  (l(n))= ½  x  {0,1} l(n) |Pr(G(U n )=x) - Pr(U l(n) =x)| x  {0,1} l(n) : Pr(G(U n )=x)>0, |X|=2 n (G is deterministic) Pr(G(U n )=x)=0, |X|=2 l(n) -2 n = ½(2 n (2 -n – 2 -l(n) )+(2 l(n) – 2 n )2 -l(n) ) = 1-2 n-l(n)  1-2 n-(n+1) = 1/2 Indistinguishable

11 Zhijun LiS1034040/Autumn08/HIT11 Monobit test: the number of 1’s and 0’s are almost equal Poker test: for a 20,000 bits, divide it into 4-bit segments, let n i is the number of occurrences of a number i, compute X=(16/5000)  i=0 15 n i 2 – 5000, and 1.03<X<57.4 Runs test: for a 20,000 bits, the guideline of runs: Random Test of PRNG 12267-2733 21079-1421 3502-748 Required interval 4223-402 590-223 6+90-223

12 Zhijun LiS1034040/Autumn08/HIT12 If given a l 1 (n)=n+1 PRNG G 1, we can build a generator G with l(n)=p(n) as: –Initialization: s 0 with |s 0 |=n is the input of G –Iteration: G 1 (s i-1 )=x i s i, i=1,2,…,p(n) |s i |=n –Output: G(s 0 ) = x 1 x 2 …x p(n) Fact: The G build as before is a PRNG Expansion of PRNG

13 Zhijun LiS1034040/Autumn08/HIT13 Fact: The existence of PRNG and the existence of one-way function is equivalent –PRNG  One-way function Suppose G is a PRNG with l(n)=2n, if x,y  {0,1}* s.t. |x|=|y|, the function f(x,y)=G(x) f is a one-way function PRNG and One-way Function

14 Zhijun LiS1034040/Autumn08/HIT14 Outline Stream Cipher Overview Pseudorandom Number Generator PRNGs –LFSR –BBS Stream Ciphers

15 Zhijun LiS1034040/Autumn08/HIT15 K2K2 K1K1 K0K0 100 010 101 110 111 011 001 100 z 0 =0; z 1 =0; z 2 =1; z 3 =0; … An LFSR Example Output z2z2 z1z1 z0z0  K2K2 K1K1 K0K0

16 Zhijun LiS1034040/Autumn08/HIT16 C 0, C 1, …, C m-1 are the feedback coefficients C i =0 denotes an open switch (no connection) C i =1 denotes an closed switch (connection) Linear Feedback Shift Register

17 Zhijun LiS1034040/Autumn08/HIT17 LFSR Inside z i+m =  j=0 m-1 C j  z i+j mod 2; C j  {0,1} i=0,1,2,… C 0 C 1 … C m-1 (z i+1, z i+2,…, z i+m-1 )  = z i+m z 3 =z 1  z 0, z 4 =z 2  z 1, …, z i+2 =z i+1  z i z2z2 z1z1 z0z0  K2K2 K1K1 K0K0

18 Zhijun LiS1034040/Autumn08/HIT18 Characteristic Polynomial Definition: for a sequence of {z i }, if z j  c 1  z j-1  c 2  z j-2  …  c L  z j-L = 0, j  L. then the characteristic polynomial for {z i } is p(x) = 1+c 1 x +c 2 x 2 + … +c L x L Example: p(x) = 1+x 2 +x 3 z2z2 z1z1 z0z0  K2K2 K1K1 K0K0

19 Zhijun LiS1034040/Autumn08/HIT19 Characteristic Polynomial Remark The characteristic polynomial is for periodical sequence, not only for LFSR If the period of {a i } is N, then z j -z j-N =0, p(x)=1-x N –Must exist a characteristic polynomial for periodical {a i } –May be many characteristic polynomials for {a i } –If there are two characteristic polynomial f(x) and g(x), then r(x)=gcd(f(x),g(x)) is also a characteristic polynomial –Polynomial with smallest degree is important

20 Zhijun LiS1034040/Autumn08/HIT20 K2K2 K1K1 K0K0 100 010 101 110 111 011 001 100 z j = z j+7 ; j  1 Every LFSR is periodic –Because of limited states –Limited registers in LFSRs Maximum Sequence Length –The maximum period of G z2z2 z1z1 z0z0  K2K2 K1K1 K0K0 The Period of LFSR

21 Zhijun LiS1034040/Autumn08/HIT21 Maximum Length of LFSR Theorem: The maximum sequence length of LFSR is 2 n -1, where n is the number of registers Proof: –For K={k 0, k 1,…, k n }, there are 2 n different states –The sequence for K is K 1,K 2,…,K 2 n,K i,… K i must be in K 1,K 2,…,K 2 n So repeated –If bits in K are all zero, should be excluded –So 2 n -1

22 Zhijun LiS1034040/Autumn08/HIT22 m-sequence Definition: The sequence generated by LFSR with maximum sequence length is m-sequence Remark of m-sequence {z i }: –The period of {z i } is 2 n -1 –Satisfy the Golomb randomness In a period, the number of 0 and 1 is 2 n-1 -1 and 2 n-1 Others …

23 Zhijun LiS1034040/Autumn08/HIT23 Inside for m-sequence Theorem: {a i } is an m-sequence if and only if its characteristic polynomial p(x) is primitive Definition: if p(x) is a irreducible with degree n and its rank of p(x) is 2 n -1, then the p(x) is a primitive polynomial Definition: the rank of p(x) is the minimum p s.t. p(x)|x p -1

24 Zhijun LiS1034040/Autumn08/HIT24 Inside for m-sequence Definition: the generating function of a sequence {a i } is: A(x) =  i=0  a i x i Theorem: if the characteristic polynomial for {a i } p(x)=1+c 1 x+…+c L x L, then A(x) = g(x)/p(x), where g(x) =  j=0 L-1 (  i=0 j c i a j-i )x j Proof: –p(x)A(x)=  j=0 L-1 (  i=0 j c i a j-i )x j +  j=L  (  i=0 L c i a j-i )x j –  i=0 L c i a j-i = 0 –So p(x)A(x) = g(x)

25 Zhijun LiS1034040/Autumn08/HIT25 Inside for m-sequence Theorem: if p(x) with degree n is the characteristic polynomial for {a i }, the rank of p(x) is p and the period of {a i } is r, then r|p Proof: –{a i } is periodical, A(x)=(  n=0 N-1 a n x n )(  k=0  x kN )= (  n=0 N-1 a n x n )/(1-x N ) –p(x)|x p -1  p(x)q(x) = x p -1 –p(x)A(x) = g(x)  (x p -1)A(x) = q(x)g(x) –deg(q(x))=p-n, deg(g(x))=n-1, so deg((x p -1)A(x)) = p-1 –So the N in A(x) is p –a i+p =a i, and let p=kr+t, a i+p =a i+kr+t =a i+t =a i, so t=0 –So r|p

26 Zhijun LiS1034040/Autumn08/HIT26 Inside for m-sequence Theorem: if m(x) is the characteristic polynomial with smallest degree of {a i }, then the period of {a i } = the rank of m(x) (r=p) Proof: –r|p –{a i } can be generated by LFSR with r registers –1-x r is also a characteristic polynomial for {a i } –m(x)|1-x r  x p -1 | 1-x r –p|r

27 Zhijun LiS1034040/Autumn08/HIT27 Inside for m-sequence Fact: an m-sequence (r=2 n -1) iff its characteristic polynomial p(x) with rank 2 n -1 Note: How to find a primitive polynomial –A condition: p(x) is irreducible –A fact: for any n, there must exist a primitive polynomial with degree n –Find: there are table for primitive polynomials –Example: p(x)=x 4 +x+1

28 Zhijun LiS1034040/Autumn08/HIT28 Example: Two LFSRs K3K3 K2K2 K1K1 K0K0 1100 0110 0011 0001 1000 1100 Example1: –m=4 –C 0 =1, C 1 =1, C 2 =1, C 3 =1 –p(x)=1+x+x 2 +x 3 +x 4 –r=5 K3K3 K2K2 K1K1 K0K0 1100 0110 1011 0101 1010 1101 1110 1111 0111 0011 0001 1000 0100 0010 1001 1100 Example2: –m=4 –C 0 =1, C 1 =1, C 2 =0, C 3 =0 –p(x)=1+x+x 4 –r=15=2 4 -1

29 Zhijun LiS1034040/Autumn08/HIT29 Another Focus for LFSR A LFSR with primitive polynomial can produce a m-sequence Another focus: –Given a sequence {a i }, how to build a simplest LFSR to produce {a i } –Definition: for sequence a=a 0,a 1,…,a N-1, the linear complexity of a (or C(a)) is the smallest number of registers in LFSR which can produce a

30 Zhijun LiS1034040/Autumn08/HIT30 Linear Complexity Remark Let the linear complexity of {a i } is L A know-plaintext attack: Complexity: –L is known: use linear relations O(L) –L is unknown: use Berlekamp-Massey algorithm O(L 2 )  L 2 1 c. c c..             n+L-1 n+1 n a. a a..             n+L-2 n n-1 a. a a..       n+L-3 n-1 n-2 a. a a... ….. n-1 n-L+1 n-L a. a a..       … …

31 Zhijun LiS1034040/Autumn08/HIT31 Nonlinear Sequence f() is nonlinear Features: –The period of output sequence is 2 n –The sequence with maximum length is M-sequence –M-sequence has good random properties –The number of M-sequence is 2 2 n-1 - n –#Nonlinear function=2 2 n -2 n, where #linear function=2 n znzn z1z1 z0z0 f(z 0,z 1,…,z n ) …

32 Zhijun LiS1034040/Autumn08/HIT32 Practical Nonlinear Sequence General nonlinear sequence is infant Practical nonlinear sequence –Use m-sequence as the driven sequence –Forward feedback sequence –Nonlinear combination sequence –Clock-controlled sequence

33 Zhijun LiS1034040/Autumn08/HIT33 Forward Feedback Sequence Fact: –Its period is 2 n -1 –Its linear complexity is exponentially increasing  znzn z1z1 z0z0 z2z2 … f output m-sequence

34 Zhijun LiS1034040/Autumn08/HIT34 Nonlinear Combination Sequence Theorem: let r i is the linear complexity of LFSR i, if r i s coprime, then for the output sequence Its period is  i=1 n (2 r i -1) Its linear complexity is f(r 1,…,r n ) LFSR 1 LFSR 2 LFSR n f(x) output

35 Zhijun LiS1034040/Autumn08/HIT35 Geffe Generator f(a 1,a 2,a 3 )=(a 1  a 2 )  ((  a 1 )  a 3 ) If the length of LFSR 1, LFSR 2, LFSR 3 is n 1,n 2,n 3 Its linear complexity is (n 1 +1)n 2 +n 1 n 3 Its period is lcm(n 1,n 2,n 3 ) LFSR 2 LFSR 3 LFSR 1 output addr a2a2 a3a3 a1a1

36 Zhijun LiS1034040/Autumn08/HIT36 Clock-Controlled Sequence Idea: Use some m-sequence to control the back (or forward) of other m-sequences Advantages: –Its linear complexity is exponential with the number of registers in LFSR –Its linear complexity can be controlled easily Disadvantages: –Not good randomness –Many long runs

37 Zhijun LiS1034040/Autumn08/HIT37 Stop-and-go Generator Remark: –Long period and large linear complexity –Correlation attack in LFSR 1 But not weaken the security essentially LFSR 2 LFSR 3 LFSR 1  clock output

38 Zhijun LiS1034040/Autumn08/HIT38 Attack to Nonlinear Sequence Correlation attack Idea: Divide and Conquer Reason: Key space –Brute force:  i=1 n (2 r i -1) –DC attack:  i=1 n 2 r i Method: –If Pr(z k =x i )=1/2+ , then z k is correlated with x i –Search the key space of x i, and use correlation to test LFSR 1 LFSR 2 LFSR n f(x) output correlation zkzk xixi

39 Zhijun LiS1034040/Autumn08/HIT39 A Correlation Attack Example The f is: Y = X 1 if X 3 = 0 = X 2 if X 3 = 1 Prob[P=0] = 0.58 Prob[Y=X 1 ] = 3/4 Prob[Y=X 2 ] =1/4 Prob[C=X 1 ] = Prob[Y=X 1 ]  Prob[P=0] + Prob[Y!=X 1 ]  Prob[P=1] = ? 0.54  0.5 LFSR1 LFSR2 LFSR3 f Y P C  X1X1 X2X2 X3X3

40 Zhijun LiS1034040/Autumn08/HIT40 Outline Stream Cipher Overview Pseudorandom Number Generator PRNGs –LFSR –BBS Stream Ciphers

41 Zhijun LiS1034040/Autumn08/HIT41 Blum Blum Shub Another method to generate the pseudorandom sequence is based on difficult problem Shamir generator –Factoring problem BBS generator –Quadratic residual problem

42 Zhijun LiS1034040/Autumn08/HIT42 Definition: b is a quadratic residue modulo p if  x  Z p * such that x 2  b mod p Q p is the set of all quadratic residues modulo p –Let g be generator of Z p *, then b=g a is a quadratic residue iff. a is even –|Q p | = (p-1)/2 Quadratic Residue

43 Zhijun LiS1034040/Autumn08/HIT43 A element b in Q p has exactly two square roots –b has at least two square roots if x 2  b mod p, then (p-x) 2  b mod p –b has at most two square roots in Z p * if x 2  b mod p and y 2  b mod p –then x 2 – y 2  0 mod p –then p | (x+y)(x-y), either x=y, or x+y=p Square Root of Elements in Q p

44 Zhijun LiS1034040/Autumn08/HIT44 Legendre Symbol The Legendre symbol is defined If p is an odd prime and a is an integer a p = 0 if p|a 1 if a  Q p -1 if a  Q p

45 Zhijun LiS1034040/Autumn08/HIT45 Euler’s Criterion a p Theorem: = a (p-1)/2 mod p Proof: If a = x 2, then a (p-1)/2 = x (p-1) = 1 (mod p) If a (p-1)/2 =1, let a = g j, where g is a generator –Then g j(p-1)/2 = 1 (mod p) –(p-1)|j(p-1)/2, thus j must be even –Therefore, a=g j is a quadratic residue

46 Zhijun LiS1034040/Autumn08/HIT46 let n>2 be odd with prime factorization n = p 1 e1 p 2 e2 …p k ek Definition: The Jacobi symbol of n is Note: The Jacobi symbol can be computed without factoring n! Jacobi Symbol = a n a p1p1 a p2p2 a pkpk … e1e1 e2e2 ekek

47 Zhijun LiS1034040/Autumn08/HIT47 let n>2 be odd with prime factorization n = p 1 e 1 p 2 e 2 …p k e k Fact1: x 2 =a mod p iff x 2 =a mod p e Fact2: x 2 =a mod n iff x 2 =a mod p i e i for all i  {1,…,k} Theorem: x 2 =a mod n has solutions iff = 1 for all i  {1,…,k}, and has 2 k solutions Proof: By CRT –x  b i,1, b i,2 mod p i e i, so has 2 k xs s.t. x 2 =a mod n by CRT x 2 = a mod n a p

48 Zhijun LiS1034040/Autumn08/HIT48 Square Roots of x 2  1 mod pq Fact: if n=pq, then x 2  1 (mod n) has four solutions: x 2  1 (mod n) iff both x 2  1 (mod p) and x 2  1 (mod q) –Two trivial solutions: 1 and n-1 1 is solution to x  1 (mod p) and x  1 (mod q) n-1 is solution to x  -1 (mod p) and x  -1 (mod q) –Two other solutions solution to x  1 (mod p) and x  -1 (mod q) solution to x  -1 (mod p) and x  1 (mod q) Example: n=3  5=15 –x 2  1 (mod 15) has the following solutions: 1, 14; 4, 11(by CRT)

49 Zhijun LiS1034040/Autumn08/HIT49 Blum Blum Shub Generator Blum Blum Shub (BBS) generator Initialization: –For n, select two primes p,q  R [2 n/2-1, 2 n/2 ] such that p  q  3 mod 4 –The seed x 0  R [1, N] such that = =1 Expansion: –For an input sequence x i, x i+1  x i 2 mod n Output: –y i = x i mod 2 x0x0 p x0x0 q

50 Zhijun LiS1034040/Autumn08/HIT50 BBS Generator Example N = 192649 = 383  503 sXiXi YiYi 020749 11431351 21776711 3970480 4899920 51740511 6806491 7456631 8694420 91868940 101770460 111379220 121231751 1386300 141143860 15148631 161330151 171060651 18458700 191371711 20480600

51 Zhijun LiS1034040/Autumn08/HIT51 BBS Generator Analysis Fact: If there is a distinguisher D which tells BBS from random sequence, then D can be converted into a probabilistic polynomial-time algorithm A which guess the x -1 mod 2 given x 0  Z N Q+ (D  A) Note: N=pq, p and q are two primes –Z N Q+ = {x  Z N | = = 1} –Z N Q- = {x  Z N | = = -1} x p x q x p x q

52 Zhijun LiS1034040/Autumn08/HIT52 Quadratic Residue Problem Definition: Given N=pq, and an integer x  Z N Q, the QRP is does x  Z N Q+ ? Fact: From algorithm A, we can build algorithm B (A  B) Algorithm B(N,x) where x  Z N Q (1) Let x 0  x 2 mod N (2) Call A(N,x 0 ) = b  {0,1} (3) If b  x mod 2 then x  Z N Q+, else x  Z N Q-

53 Zhijun LiS1034040/Autumn08/HIT53 Why B can Work? Theorem: If N=pq with p  q  3 mod 4, then each quadratic residue mod N has exactly one square root which is a quadratic residue Proof: –x 2  a mod N have four solutions: r 1 =(b mod p, c mod q), -r 1 =(-b mod p, -c mod q), r 2 =(-b mod p, c mod q), -r 2 =(b mod p, -c mod q) – = = because =(-1) (p-1)/2 =(-1) 2m+1 =-1 – = = - r1r1 N b p c q -r 1 N p r2r2 N b p c q p r1r1 N

54 Zhijun LiS1034040/Autumn08/HIT54 Why B can Work? For algorithm A –The x -1 is a quadratic residue –A(N,x 0 ) mod 2 is the parity bit of x -1 For Algorithm B(N,x) –(1) Let x 0  x 2 mod N –(2) Call A(N,x 0 ) = b  {0,1} –(3) If b  x mod 2 then x  Z N Q+, else x  Z N Q- –If b is the parity bit of x, x is a quadratic residue

55 Zhijun LiS1034040/Autumn08/HIT55 Outline Stream Cipher Overview Pseudorandom Number Generator PRNGs –LFSR –BBS Stream Ciphers

56 Zhijun LiS1034040/Autumn08/HIT56 A5

57 Zhijun LiS1034040/Autumn08/HIT57 A5 Remark Clock-controlled sequence –Driven by three m-sequence –Produced by three LFSRs –Majority function is nonlinear Application –A5 can protect the voice communication in GSM

58 Zhijun LiS1034040/Autumn08/HIT58 RC4 Overview Designed by Ron Rivest in 1987, public in 1994 Simple and effective design –Very fast and very easy to remember Byte-oriented stream cipher –The internal states is a byte array S[0..255] –S[0..255] is a permutation of 0 to 255 Applications –In SSL to protect the Internet traffic –In WEP to protect the wireless links

59 Zhijun LiS1034040/Autumn08/HIT59 RC4: Initialisation Produce a initial permutation from the key K (K is divided into L bytes. In fact, this is a pad) Initialisation: for i=0 to 255 do S[i] = i; j = 0; for i=0 to 255 do j = (j + S[i] + K[i mod L]) mod 256; swap (S[i], S[j]);

60 Zhijun LiS1034040/Autumn08/HIT60 RC4: Encryption Two indexes: i, j with i=j=0 Produce one byte of keystream Ks: i = (i + 1)mod 256;(Loop for next Ks) j = (j + S[i])mod 256; swap (S[i], S[j]); t = (S[i] + S[j])mod 256; Ks = S[t]; Encryption: C i = M i  S[t]

61 Zhijun LiS1034040/Autumn08/HIT61 RC4: Example K 56756756 S 01234567 j = (j + S[i] + K[i]) mod 256; swap (S[i], S[j]);i = 0 j = 5 S 51234067 S 54071632 i = (i + 1) mod 8; j = (j + S[i]) mod 8; swap (S[i], S[j]); t = (S[i] + S[j]) mod 8; k = S[t]; i = (0+1) mod 8 = 1 j = (0+S[1]) mod 8 = 4 S 51074632 t = (S[4]+S[1])) mod 8 = 1 + 4 mod 8 =5 k = S[5] = 6

62 Zhijun LiS1034040/Autumn08/HIT62 Note of Steps in RC4 Encryption i=(i + 1)mod 256: Every array element is used once after 256 iterations j=(j + S[i])mod 256: Makes the ouput depend non-linearly on the array swap(S[i], S[j]): Makes sure the array is evolved as the iteration t=(S[i] + S[j])mod 256: Makes sure the output sequence reveals little about the internal state of the array

63 Zhijun LiS1034040/Autumn08/HIT63 RC4 Security The period of RC4 is 256!  2 1700 Claimed secure against known attacks –Have some analyses, none practical

64 Zhijun LiS1034040/Autumn08/HIT64 Summary Stream Cipher Architecture Pseudorandomness Number Generator PRNGs –LFSR –BBS Stream Ciphers –A5 –RC4


Download ppt "Chapter 5 Stream Cipher Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li"

Similar presentations


Ads by Google