<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE article  PUBLIC "-//NLM//DTD Journal Publishing DTD v3.0 20080202//EN" "http://dtd.nlm.nih.gov/publishing/3.0/journalpublishing3.dtd"><article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" dtd-version="3.0" xml:lang="en" article-type="research article"><front><journal-meta><journal-id journal-id-type="publisher-id">JIS</journal-id><journal-title-group><journal-title>Journal of Information Security</journal-title></journal-title-group><issn pub-type="epub">2153-1234</issn><publisher><publisher-name>Scientific Research Publishing</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.4236/jis.2017.84024</article-id><article-id pub-id-type="publisher-id">JIS-80041</article-id><article-categories><subj-group subj-group-type="heading"><subject>Articles</subject></subj-group><subj-group subj-group-type="Discipline-v2"><subject>Computer Science&amp;Communications</subject></subj-group></article-categories><title-group><article-title>
 
 
  Ambiguous Multi-Symmetric Scheme and Applications
 
</article-title></title-group><contrib-group><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Richard</surname><given-names>Bassous</given-names></name><xref ref-type="aff" rid="aff1"><sup>1</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Ahmad</surname><given-names>Mansour</given-names></name><xref ref-type="aff" rid="aff1"><sup>1</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Roger</surname><given-names>Bassous</given-names></name><xref ref-type="aff" rid="aff1"><sup>1</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Huirong</surname><given-names>Fu</given-names></name><xref ref-type="aff" rid="aff1"><sup>1</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Ye</surname><given-names>Zhu</given-names></name><xref ref-type="aff" rid="aff2"><sup>2</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>George</surname><given-names>Corser</given-names></name><xref ref-type="aff" rid="aff3"><sup>3</sup></xref></contrib></contrib-group><aff id="aff2"><addr-line>Cleveland State University, Cleveland, OH, USA</addr-line></aff><aff id="aff3"><addr-line>Saginaw Valley State University, Saginaw, MI, USA</addr-line></aff><aff id="aff1"><addr-line>Oakland University, Rochester, MI, USA</addr-line></aff><pub-date pub-type="epub"><day>13</day><month>10</month><year>2017</year></pub-date><volume>08</volume><issue>04</issue><fpage>383</fpage><lpage>401</lpage><history><date date-type="received"><day>30,</day>	<month>September</month>	<year>2017</year></date><date date-type="rev-recd"><day>28,</day>	<month>October</month>	<year>2017</year>	</date><date date-type="accepted"><day>31,</day>	<month>October</month>	<year>2017</year></date></history><permissions><copyright-statement>&#169; Copyright  2014 by authors and Scientific Research Publishing Inc. </copyright-statement><copyright-year>2014</copyright-year><license><license-p>This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/</license-p></license></permissions><abstract><p>
 
 
  
    This paper introduces and evaluates the performance of a novel cipher scheme, Ambiguous Multi-Symmetric Cryptography (AMSC), which conceals multiple coherent plain-texts in one cipher-text. The cipher-text can be decrypted by different keys to produce different plain-texts. Security analysis showed that AMSC is secure against cipher-text only and known plain-text attacks. AMSC has the following applications: 1) it can send multiple messages for multiple receivers through one cipher-text; 2) it can send one real message and multiple decoys for camouflage; and 3) it can send one real message to one receiver using parallel processing. Performance comparison with leading symmetric algorithms (DES, AES and RC6) demonstrated AMSC’s efficiency in execution time. 
  
 
</p></abstract><kwd-group><kwd>Deniable Encryption</kwd><kwd> Multi Encryption</kwd><kwd> Honey Encryption</kwd><kwd> Steganography</kwd><kwd> Symmetric Encryption</kwd><kwd> Multi Encoding</kwd></kwd-group></article-meta></front><body><sec id="s1"><title>1. Introduction</title><p>Deniable encryption prevents attackers from knowing with certainty whether or not a particular sender or receiver can be linked to a specific plain-text message. This paper addresses the deniable encryption problem by proposing a new cipher scheme, Ambiguous Multi-Symmetric Cryptography (AMSC), which conceals multiple plain-texts, each with its own key, in one cipher-text. The deniable encryption problem is important because most encryption schemes are defenseless against an attacker once she possesses the key. Deniable encryption provides an additional layer of protection. With multiple plain-texts concealed in one cipher-text, an attacker cannot be certain which plain-text is genuine even if she possesses the cipher-text and one or more of the keys.</p><p>Several recent efforts in the area of deniable encryption have demonstrated the possibility of hiding/protecting the sender or receiver from revealing the decryption key when force is used. Following the early work of Canetti et al. [<xref ref-type="bibr" rid="scirp.80041-ref1">1</xref>] , a variety of methods for “deniable encryption” have already been presented, including, Kamouflage [<xref ref-type="bibr" rid="scirp.80041-ref2">2</xref>] and Honey Encryption [<xref ref-type="bibr" rid="scirp.80041-ref3">3</xref>] . These methods can protect against offline and brute force attacks on the encrypted data, as they provide multiple decoy coherent messages to fool the adversary. Unfortunately, they cannot be used for online secure communications.</p><p>Ideally, we want a deniable encryption scheme that: 1) Defends both communication parties against decryption key exposure. 2) Has good performance in both encryption and decryption. 3) Is secure against different attack models. For a), AMSC defends both sender and receiver by providing multiple decoy keys. As for b), AMSC has an initialization phase that speeds up the original encryption [<xref ref-type="bibr" rid="scirp.80041-ref4">4</xref>] tremendously. For c), we introduce a security operation in the encryption step that helps secure AMSC against Cipher-text only and Known plain-text attacks.</p><p>This problem is non-trivial due to the complexity of concealing multiple messages into one message. This problem can simply be solved by encrypting n messages and concatenating the sub cipher-texts into one cipher-text. However, this could lead to rubber-hose cryptanalysis [<xref ref-type="bibr" rid="scirp.80041-ref5">5</xref>] on the receiver if the adversary observes that sub cipher-texts and not the whole cipher-text is being decrypted. The adversary will continue to use force on the receiver to reveal more possible messages. Another problem with this approach happens if the adversary intercepts parts of the whole cipher-text. Theoretically, it could reveal one or more concatenated messages. While a partial cipher-text in AMSC does not reveal any message.</p><p>AMSC’s applications include multicast messaging and broadcast encryption. One video channel could generate multiple unique channels for different receivers. A second application is to deny the correct plain-text and key from the adversary by providing decoys. The third application is to use parallel computing to split one message into chunks and encrypt it using AMSC. This is possible due to the independent encryption operations that can run on different cores in parallel. This allows for faster encryption of a single message.</p><p>The primary contributions of this paper are as follows. First, compared with [<xref ref-type="bibr" rid="scirp.80041-ref4">4</xref>] , the encryption performance is enhanced by introducing a new algorithm. Second, the security is improved by introducing an extra operation in the encryption process, without affecting performance. Third, AMSC’s performance is compared to leading symmetric algorithms like DES, AES and RC6. Fourth, the security analysis is researched in more detail, notably the security of keys used, in addition to introducing another probabilistic approach. Fifth, computational complexity analysis is performed on the new algorithm.</p><p>The remainder of this paper is organized as follows: Section 2 provides background and related work, and compares our scheme to others. Section 3 defines the scheme. Section 4 proposes a new algorithm and presents its applications. Section 5 studies the security and possible attacks and shows a probabilistic solution. Section 6 examines the time complexity. Section 7 shows the results of our experiments.</p><p>Finally, Section 8 concludes.</p></sec><sec id="s2"><title>2. Background and Related Work</title><p>Canetti et al. [<xref ref-type="bibr" rid="scirp.80041-ref1">1</xref>] proposed a “Deniable Encryption”, which is a theoretical approach to deny someone the original plain-text when they get hold of the cipher-text and the right decryption key. Assume that Bob sends an encrypted message to Alice, and later on, Trudy holds Bob hostage until Bob releases the key. The released key will provide a fake plain-text. Canetti distinguished between two models:</p><p>1) multi-distributional deniability, requires the users to know in advance which messages they might want to conceal, whereas</p><p>2) full deniability, allows the user to decide afterward</p><p>Canetti presented a sender deniable scheme, using this first model. They also constructed a receiver deniable scheme that requires an additional round of interaction, and a sender-receiver-deniable protocol that relies on third parties.</p><p>One proposed scheme for denying symmetric encryption by Canetti would be to give n alternative messages to encrypt, and use n different keys, then construct the cipher-text as the concatenation of the encryption of all messages as shown in <xref ref-type="fig" rid="fig1">Figure 1</xref>. This is called a plan ahead scheme, where the i-th message is encrypted using the i-th key. One disadvantage of concatenation, is dealing with offsets at the recipient’s side. If the cipher-text size changes, offsets have to change accordingly. All offsets have to be re-communicated from the sender to all receivers every time the cipher-text size changes, as changing the number or size of messages will affect the offsets. On the other hand, AMSC generates a variable cipher-text size without using offsets for sub cipher-texts. The only condition is that each key has to be bigger than its plain-text. The other advantage of AMSC over concatenation, is in intercepting the cipher-text. Assume that a concatenated cipher-text has 3 cipher-texts that are 50 bytes each. If the adversary gets hold of part of the cipher-text, say the last 70 bytes, then at least one key and one plain-text are exposed. Therefore, partial message eavesdrop could reveal a plain-text. In AMSC however, if this happens, the cipher-text would be</p><p>incomplete and would not reveal any information about any message. Concatenation could also lead to rubber-hose cryptanalysis [<xref ref-type="bibr" rid="scirp.80041-ref5">5</xref>] , as the adversary might notice that a partial cipher-text was decrypted, and continue to use force to reveal more possible keys.</p><p>Kamouflage system [<xref ref-type="bibr" rid="scirp.80041-ref2">2</xref>] is used to store multiple decoys for each real password in a local password manager database like Firefox. Also a set of decoy master passwords (MB) on the database are generated. If the adversary cracks a decoy MB, they will get hold of decoy password sets. Kamouflage is only used to protect the local password manager of the stolen device.</p><p>Juels and Ristenpart [<xref ref-type="bibr" rid="scirp.80041-ref3">3</xref>] introduced “Honey Encryption” (HE). It’s a method that creates plausible deniability for low min-entropy keys (like short passwords). HE generates a seed using a method called distribution-transforming encoder (DTE), from a message P, that belongs to a specific message space M (ex: credit card numbers). This seed is then encrypted by a conventional encryption algorithm. When an adversary tries to decrypt cipher-text C, plausible fake honey messages will be decrypted. Each application needs a construction of a different DTE. Ex: a DTE for RSA secret keys is different from a DTE for credit card numbers. Furthermore, HE is tightly coupled with password based encryption (PBE). HE security does not hold when the adversary has side information about the target message [<xref ref-type="bibr" rid="scirp.80041-ref3">3</xref>] (ex: if the adversary knows the public key in RSA, HE fails). Both “Kamouflage” and “Honey Encryption” protect against offline or online attacks by providing decoys. On the other hand, AMSC is used in secure communications. AMSC can send the same message with different interpretations to different receivers. In addition, AMSC can encrypt from a natural language message space, where HE for example, is focused on certain message spaces (ex: credit card numbers, RSA secret keys). Moreover, AMSC has the ability to deny encryption when force is used to reveal the keys, where both previous systems (Kamouflage and HE) cannot [<xref ref-type="bibr" rid="scirp.80041-ref3">3</xref>] .</p><p>ONeill et al. [<xref ref-type="bibr" rid="scirp.80041-ref6">6</xref>] provided a public key solution, where both sender and receiver can use deniability without relying on any third party. The solution is based on Multi-distributional deniability. They defined a new term “bi-deniable encryption” which allows a sender in possession of the receiver’s public key to communicate a message to the latter, confidentially. Additionally, if the parties are later coerced to reveal all their secret data namely, the coins used by the sender to encrypt her message and/or those used by the receiver to generate her key, bi-deniable encryption allows them to do so as if any desired message (possibly chosen as late as at the time of coercion) had been encrypted.</p><p>Sahai et al. [<xref ref-type="bibr" rid="scirp.80041-ref7">7</xref>] defined an identity based encryption (IBE), which allows sending an encrypted message to an identity without using a public key certificate. A user with a secret key K for the identity w is able to decrypt a cipher-text encrypted with the public key w ′ IFF w and w ′ are within a certain distance of each other by some metric. A document for example can be decrypted by a certain identity or group. They use biometric for IBE to generate keys from a trusted authority, afterwords, distribute a master secret key using Shamir into multiple private components, one for each attribute in the user’s identity, then only a subset of these private keys are necessary to decrypt the cipher-text.</p><p>A secret sharing scheme [<xref ref-type="bibr" rid="scirp.80041-ref8">8</xref>] follows a similar scheme as AMSC. It defines A ( k , n ) -threshold scheme as a method of sharing a secret S among a set of n participants in such a way that any k participants can compute the value of the secret, but no group of k − 1 or fewer can do so. The Chinese remainder theorem can be used to construct the secret S like in Mignotte’s [<xref ref-type="bibr" rid="scirp.80041-ref9">9</xref>] and Asmuth-Bloom’s Schemes [<xref ref-type="bibr" rid="scirp.80041-ref10">10</xref>] . However, it differs, as the secret points to one message, and k shares are needed to solve it using CRT.</p></sec><sec id="s3"><title>3. AMSC Scheme</title><p>Our scheme conceals various plain-texts into one cipher-text, hence the name “Multi-Symmetric”. <xref ref-type="fig" rid="fig2">Figure 2</xref> shows the system model. The scheme can be defined in three steps: Let P 1 , P 2 , ⋯ , P n be plain-texts, K 1 , K 2 , ⋯ , K n be keys accordingly, then:</p><p><sup>1</sup>Keys exchanges are out of scope of this paper.</p><p>1) Alice exchanges a number of AMSC co-prime keys with Bob. For added security, Alice can also exchange X which is the multiplication of all keys.<sup>1</sup></p><p>2) Alice generates cipher-text:</p><p>C = E A M S C ( [ K 1 , K 2 , ⋯ , K n ] , [ P 1 , P 2 , ⋯ , P n ] ) .</p><p>3) Bob decrypts C using key K i and gets P i .</p><p><xref ref-type="table" rid="table1">Table 1</xref> shows a glossary of symbols used in this paper.</p></sec><sec id="s4"><title>4. AMSC Algorithm</title><p>In this section, we present a new algorithm (AMSC v3) that satisfies the previous scheme. This algorithm enhances the performance of the two algorithms presented in [<xref ref-type="bibr" rid="scirp.80041-ref4">4</xref>] by introducing an initialization phase. This speeds up AMSC tremendously. Furthermore, the security is enhanced by adding an Xor operation to the encryption as a final step between the cipher-text and the multiplication of all keys. This strengthens the AMSC algorithm against the known plain-text attacks as explained in more detail in Section 5.1.2. The security and performance will be further discussed in Sections 5 and 7.</p><p>The AMSC algorithm is based on the Chinese Remainder theorem (CRT) [<xref ref-type="bibr" rid="scirp.80041-ref11">11</xref>] that is used to calculate the cipher-text.</p><table-wrap id="table1" ><label><xref ref-type="table" rid="table1">Table 1</xref></label><caption><title> Glossary of symbols</title></caption></table-wrap><p>CRT Theorem: Suppose that K 1 , K 2 , ⋯ , K n are pairwise relatively prime positive integers, and let P 1 , P 2 , ⋯ , P n be integers. Then the system of congruences, C ≡ P i ( m o d K i ) for 1 ≤ i ≤ n , has a unique solution modulo X = K 1 ∗ K 2 ∗ ⋯ ∗ K n , which is given by:</p><p>C ≡ P 1 X 1 s a + P 2 X 2 s 2 + ⋯ + P n X n s n ( m o d X ) , where X i = X / K i and s i ≡ ( X i ) − 1 ( m o d K i ) for 1 ≤ i ≤ n .</p><p>The AMSC algorithm prepares X i ∗ s i , i = 1 , ⋯ , n from above in the initialization step (calculated once). Afterwords, the encryption multiplies all plain-texts P 1 , ⋯ , P n with the initialization values and calculates the cipher.</p><sec id="s4_1"><title>4.1. Initialization</title><p>The first part initializes AMSC values that are used in encryption. We calculate X (the multiplication of all keys) and a set of numbers s i ∗ X / K i for each key K i , i = 1 , ⋯ , n .</p><p>These values are calculated only once and not per encryption. These are the steps needed to initialize:</p><p>1) Multiply keys K i , ⋯ , n to get a number X.</p><p>2) Use the extended Euclidean algorithm to find the roots r , s for every key K i such that:</p><p>r i ( K i ) + s i ( X / K i ) = 1 (1)</p><p>Algorithm 1 shows AMSC v3 Initialization.</p><disp-formula id="scirp.80041-formula29"><graphic  xlink:href="//html.scirp.org/file/6-7800473x44.png"  xlink:type="simple"/></disp-formula></sec><sec id="s4_2"><title>4.2. Encryption</title><p>After initialization, subsequent cipher-texts are calculated by:</p><p>C = ∑ i = 1 n P i s i X / K i (2)</p><p>where s i X / K i is calculated in the initialization step. There is an option to XOR the final cipher-text C to X. This will make AMSC secure against known plain-text attacks as discussed in detail in Section 5.</p><p>C = ( ∑ i = 1 n P i s i X / K i ) ⊕ X (3)</p><p>Algorithm 2 shows the steps for AMSC v3 Encryption.</p><disp-formula id="scirp.80041-formula30"><graphic  xlink:href="//html.scirp.org/file/6-7800473x48.png"  xlink:type="simple"/></disp-formula></sec><sec id="s4_3"><title>4.3. Decryption</title><p>The decryption simply takes the cipher-text c and mods it with the corresponding key K i . If the xOR operation is used in the encryption to strengthens the cipher, then the input for decryption needs X besides the cipher-text. One important note: If all keys are primes, and the receiver knows x and her key K i , it is not possible to know the rest of the keys as this is a factorization problem. Algorithm 3 shows the steps for AMSC v3 Decryption.</p><disp-formula id="scirp.80041-formula31"><graphic  xlink:href="//html.scirp.org/file/6-7800473x51.png"  xlink:type="simple"/></disp-formula></sec><sec id="s4_4"><title>4.4. Example</title><p>Let n = 4 , P a = 64 bits and K a = 65 bits.</p><p>Assume we use prime keys (we can use co-primes as well): K 1 = 36893488147419103183 , K 2 = 36893488147419103153 , K 3 = 36893488147419103117 , K 4 = 36893488147419103091 and plain-texts P 1 = 5407036729192671602 , P 2 = 12217864333306969557 , P 3 = 9169178348075514855 , P 4 = 8659079797496077286 .</p><p>Using AMSC with no XOR operations, we calculate cipher-text</p><p>C = 16394186300320500502435771192868738239953 − 75900079267888735899798043807086216329 .</p></sec></sec><sec id="s5"><title>5. Security Analysis</title><p>In this section, we evaluate our algorithm under a variety of security attack models, including a thorough study on prime and co-prime keys. Then, we present a probabilistic solution for the encryption process.</p><sec id="s5_1"><title>5.1. Security Attack Models</title><sec id="s5_1_1"><title>5.1.1. Cipher-Text only Attack [<xref ref-type="bibr" rid="scirp.80041-ref12">12</xref>]</title><p>When one cipher-text is intercepted, a brute force attack [<xref ref-type="bibr" rid="scirp.80041-ref13">13</xref>] is one way to crack the encryption. AMSC can use prime or co-prime keys. Both will be analyzed.</p><p>1) Primes: The prime number theorem states that there are approximately C / l n ( C ) primes &lt; = C . The size of the cipher-text depends on three factors: the average block size Pa, the number of blocks n, and the average key size Ka. <xref ref-type="table" rid="table2">Table 2</xref> shows how the three factors n, Pa, Ka affect the cipher-text size, along side the number of steps needed to find all prime keys.</p><p>2) Co-primes: For any cipher-text C, the number of sets of positive integers ≤ C in which two elements are co-primes lies between</p><p>2 Π ( C ) ∗ e ( 1 / 2 + O ( 1 ) ) ∗ C     and     2 Π ( C ) ∗ e ( 2 + O ( 1 ) ) ∗ C (4)</p><p>by Theorem 3.3 of Cameron and Erdos [<xref ref-type="bibr" rid="scirp.80041-ref14">14</xref>] . Π ( C ) is defined as the prime</p><table-wrap id="table2" ><label><xref ref-type="table" rid="table2">Table 2</xref></label><caption><title> Three factors n, Pa, Ka that affect cipher-text size</title></caption></table-wrap><p>counting function of c.</p><p>Nathanson [<xref ref-type="bibr" rid="scirp.80041-ref15">15</xref>] improved this in Theorem 2 as follows:</p><p>2 C − 2 ⌊ C / 2 ⌋ − C ∗ 2 ⌊ C / 3 ⌋ &lt; = F ( C ) &lt; = 2 C − 2 ⌊ C / 2 ⌋ (5)</p><p>where F ( C ) is the number of relatively prime subsets of { 1,2, ⋯ , n } .</p><p>Furthermore, Nathanson derived an approximation F n ( C ) for the number of n-elements sets of positive integers ≤ C in which two elements are co-primes:</p><p>( C n ) − ( ⌊ C / 2 ⌋ n ) − C * ( ⌊ C / 3 ⌋ n ) &lt; = F n ( C ) &lt; = ( C n ) − ( ⌊ C / 2 ⌋ n ) (6)</p><p>Using Equation (6), we construct <xref ref-type="table" rid="table3">Table 3</xref> to approximate the number of co-prime sets based on the size of cipher-text C and the number of plain-text(s) n. <xref ref-type="table" rid="table4">Table 4</xref> shows the number of all co-prime subsets ≤ cipher-text C. It also shows the number of co-prime subsets if C ⊕ X is used.</p><p>To find all elements of the co-prime sets we can use different methods:</p><p>・ n = 2: if we want to find all pair sets that are co-primes ≤ C, we can use the Farey sequence [<xref ref-type="bibr" rid="scirp.80041-ref16">16</xref>] . There exists an algorithm [<xref ref-type="bibr" rid="scirp.80041-ref17">17</xref>] to find all sets ≤ C in O ( C 2 ) time complexity.</p><p>・ n = 3: if we want to find all triplet sets that are co-primes ≤ C, we can use the primitive Pythagorean triples [<xref ref-type="bibr" rid="scirp.80041-ref18">18</xref>] . One formula for finding all primitive triplets ≤ C is the Euclid’s Formula. The Time complexity of this formula is O ( C ∗ log ( C ) ) [<xref ref-type="bibr" rid="scirp.80041-ref19">19</xref>] .</p><p>・ n &gt; 3: In this case we can examine all subsets where n = 2 and chain them together to generate the subsets with the required n.</p><p>3) The XOR operation has been widely used in cryptography, especially in symmetric key cryptography [<xref ref-type="bibr" rid="scirp.80041-ref20">20</xref>] [<xref ref-type="bibr" rid="scirp.80041-ref21">21</xref>] [<xref ref-type="bibr" rid="scirp.80041-ref22">22</xref>] . The security of XOR mainly depends on the key strength, where it must be extremely difficult for the adversary to predict the key. In addition, the key and the message should have the same length to avoid repetition. With these two conditions, the brute force attack is the only possible attack that can be used to break the cipher-text [<xref ref-type="bibr" rid="scirp.80041-ref23">23</xref>] [<xref ref-type="bibr" rid="scirp.80041-ref24">24</xref>] . To break an encrypted message of size n bits, the adversary needs 2<sub>n</sub> steps. This process is computationally infeasible even for small values of n.</p><p>In this work, we introduce an XOR between the cipher-text c with X (The multiplication of all keys). This is done to break the mathematical pattern. In</p><table-wrap id="table3" ><label><xref ref-type="table" rid="table3">Table 3</xref></label><caption><title> The number of relatively prime subsets of { 1,2, ⋯ , C } of cardinality n, where C is the AMSC cipher-text</title></caption></table-wrap><table-wrap id="table4" ><label><xref ref-type="table" rid="table4">Table 4</xref></label><caption><title> The number of all relatively prime subsets of { 1,2, ⋯ , C } of any cardinality</title></caption></table-wrap><p>other words, if there is any kind of attacks that uses mathematical operations to break the cipher-text c and extract the keys, then it will be of no use after the XOR operation. Moreover, XOR defends against the known plain-text attacks as discussed in Section 5.1.2.</p></sec><sec id="s5_1_2"><title>5.1.2. Known Plain-Text Attack [<xref ref-type="bibr" rid="scirp.80041-ref25">25</xref>]</title><p>In a classical attack, the adversary can examine one plain-text to its cipher-text and tries to reveal the key. In AMSC, however, the adversary has multiple inputs and one output. We will study two cases. One, where the adversary only knows one plain-text and the rest are unknown, and the second, we assume that all plain-texts are known going into the oracle.</p><p>1) one plain-text is known: The adversary does not know the total number of plain-texts n or their contents. The oracle generates the final cipher-text c. The adversary has to solve the equation: P i = C mod K i , where P i and c are known. No one solution is possible. If keys are primes, then a possible prime factorization (computationally infeasible) of C − P i might reveal one possible key K i .</p><p>2) n plain-texts are known: The adversary examines n plain-texts and their cipher-texts for each encryption. We end up with n equations for each cipher:</p><p>C 1 ≡ P i 1 ( mod K i ) , i = 1 , ⋯ , n C 2 ≡ P i 2 ( mod K i ) , i = 1 , ⋯ , n                 ⋮ C z ≡ P i z ( mod K i ) , i = 1 , ⋯ , n</p><p>We know that:</p><p>K i is a divisor of ( C 1 − P i 1 , C 2 − P i 2 , ⋯ , C z − P i z )</p><p>therefore:</p><p>K i | G C D ( C 1 − P i 1 , C 2 − P i 2 , ⋯ , C z − P i z ) (7)</p><p>where GCD is the greater common denominator. We have to find the GCD of z − 1 numbers which has a computational complexity of O ( z − 1 ∗ ( log ( C 1 − P i 1 ) ) ) .</p><p>As more ciphers are calculated and z approaches ∞ , the gcd gets close to K i . To mitigate this issue, we do C ⊕ X in the last step of encryption.</p></sec><sec id="s5_1_3"><title>5.1.3. Chosen Plain-Text Attack (CPA) [<xref ref-type="bibr" rid="scirp.80041-ref26">26</xref>]</title><p>This case is very similar to Section 5.1.2. However, XOR can not help in this case because the adversary can feed their own plain-texts. The adversary can reveal X in such a simple way:</p><p>Let all plain-texts P 1 , ⋯ , n = 0 , then</p><p>C ⊕ X = 0 ⊕ X = X</p><p>Once X is known, subsequent oracle cipher-texts can be XORed with X to produce the original cipher-texts. Afterwords, the GCD can be used to reveal the keys as stated previously. We conclude that AMSC is not secure against this attack if the adversary chooses all plain-texts. We know that chosen plain-text attack and chosen cipher-text attack fail with all deterministic algorithms. Hence we have to use probabilistic approaches as discussed in Section 5.2.</p></sec><sec id="s5_1_4"><title>5.1.4. Chosen Cipher-Text Attack (CCA) [<xref ref-type="bibr" rid="scirp.80041-ref27">27</xref>]</title><p>This attack happens when the adversary has access to the decryption oracle.</p><p>AMSC is not CCA immune in the current form. We can start with C = 1 (<xref ref-type="table" rid="table5">Table 5</xref>) and keep doubling the cipher-text input until the output plain-text becomes smaller than the previous value. Example: Let K i = 75 . When output P = 53 , we stop and calculate K i = C − P = 128 − 53 = 75 .</p><p>To mitigate this, when we can add the XOR operation C ⊕ X at the end of encryption, then we would have two cases for X:</p><p>1) X is odd: The adversary can find the key by feeding the oracle C = 1 . The reason is:</p><p>( C ⊕ X ) = X − 1 . This is due to the add without carry in the XOR operation. Ex:</p><p>if X = 9 = ( 1001 ) 2 and C = 1 then ( C ⊕ X ) = ( 1000 ) 2 = X − 1 .</p><p>We also know that:</p><p>( X − 1 mod K i ) = K i − 1 , since K i is a divisor of X. Therefore:</p><table-wrap id="table5" ><label><xref ref-type="table" rid="table5">Table 5</xref></label><caption><title> Example of chosen cipher-text attack, where K i = 75 </title></caption></table-wrap><p>P i = ( C ⊕ X ) mod K i</p><p>P i = ( X − 1 mod K i ) = K i − 1</p><p>K i = P i + 1</p><p>2) X is even: The previous case will not work. We can choose X to be even by having only one of the keys K i as even. This will strengthens the security of AMSC against CCA attacks.</p></sec></sec><sec id="s5_2"><title>5.2. Deterministic vs. Probabilistic</title><p>AMSC is deterministic. We present two approaches to make AMSC probabilistic [<xref ref-type="bibr" rid="scirp.80041-ref28">28</xref>] :</p><p>・ First approach: We construct:</p><p>C = C 0 + t ∗ L C M ( K 1 , K 2 , ⋯ , K n ) (8)</p><p>where C 0 is a base solution using CRT, t is any random integer and LCM is the least common multiplier of all keys. Note that L C M ( K 1 , K 2 , ⋯ , K n ) = K 1 ∗ K 2 ∗ ⋯ ∗ K n / G C D ( K 1 , K 2 , ⋯ , K n ) = K 1 ∗ K 2 ∗ ⋯ ∗ K n</p><p>We can use variable t as a random Initialization vector (IV) to yield different cipher-texts:</p><p>C 1 = E AMSC ( [ K 1 , K 2 , ⋯ , K n ] , [ P 1 , P 2 , ⋯ , P N ] )</p><p>C 2 = E AMSC ( [ K 1 , K 2 , ⋯ , K n ] , [ P 1 , P 2 , ⋯ , P N ] )</p><p>C i = E AMSC ( [ K 1 , K 2 , ⋯ , K n ] , [ P 1 , P 2 , ⋯ , P N ] )</p><p>where C 1 ≠ C 2 ≠ ⋯ ≠ C i i = 1 , ⋯ , n .</p><p>・ Second approach: We define another probabilistic solution. Let K r , P r be a random key and a random plain-text accordingly. The cipher-text will become:</p><p>( ∑ i = 1 n   P i ∗ s i ∗ X / K i ) + P r ∗ s r ∗ X / K r (9)</p><p>The random key and plain-text can be re-generated for every encryption. In the encryption phase, we only need to calculate P r ∗ s r ∗ X / K r once, and then add it to the cipher-text as a final step. This random key will make the cipher-text probabilistic with a small increase in size. Ex: for n = 4, where average block size P a = 32 and average key size K a = 33 . For a deterministic cipher-text, the average size is about 129 bits. For a probabilistic cipher-text using approach 2 by adding a random key, the size grows to about 163 bits, a difference of about 34 bits. For a probabilistic cipher-text using approach 1 by setting the random IV t = 150 , the cipher-text grows to about 139 bits. For t = 1500 the cipher-text grows to about 143 bits.</p><p>We compare Equations (8) and (9), and examine the cipher-text size. When</p><p>n = z , we calculate X z = ∑ i = 1 z K i . When we add a random key K r , n becomes</p><p>z + 1 . Thus we have:</p><p>X z + 1 / K r = X z . Therefore, Equation (9) will have a smaller cipher-text size than the Equation (8) iff P r ∗ S r &lt; t .</p></sec></sec><sec id="s6"><title>6. Computational Complexity Analysis</title><p>We know that multiplication, division and modular operations take O ( d 2 ) [<xref ref-type="bibr" rid="scirp.80041-ref29">29</xref>] , addition takes O ( d ) [<xref ref-type="bibr" rid="scirp.80041-ref29">29</xref>] , where d is the number of decimal digits of the largest operands. For base 10 number X, that would be O ( ( ⌊ log ( X ) ⌋ + 1 ) 2 ) and O ( ⌊ l o g ( X ) ⌋ + 1 ) respectively.</p><p>・ In initialization, the first loop takes n ( ⌊ log ( X ) ⌋ + 1 ) 2 steps. In the second loop, the GCD takes ( log ( K i ) ∗ log ( X / K i ) ) [<xref ref-type="bibr" rid="scirp.80041-ref30">30</xref>] , then a multiplications and a division. Overall, n ( log ( K i ) ∗ log ( X / K i ) + 2 ( ⌊ log ( X ) ⌋ + 1 ) 2 ) . Therefore the time complexity is: O ( n ( ⌊ log ( X ) ⌋ + 1 ) 2 ) , where n is the number of keys and X is the multiplication of keys.</p><p>・ In encryption, we loop n times and do an addition and a multiplication of numbers close to X. Therefore, the overall time complexity for encryption is O ( n ( ⌊ log ( X ) ⌋ + 1 ) 2 ) .</p><p>・ To decrypt cipher-text C using key K i , we have a time complexity of</p><p>O ( ( ⌊ log ( C ) ⌋ + 1 ) 2 ) , as the operation is P i = C mod K i .</p><p><sup>2</sup>z is the number of solutions that has to be intersected using AMSC v1.</p><p><xref ref-type="table" rid="table6">Table 6</xref> shows the time complexity for all versions of AMSC.<sup>2</sup></p></sec><sec id="s7"><title>7. Experimental Study Analysis</title><p>In this section, we evaluate the new algorithm AMSC v3 against different symmetric algorithms with different key sizes.</p><sec id="s7_1"><title>7.1. Experimental Setup</title><p>All experiments were done on an Intel Core i7 3610QM CPU with 8 GB memory. The AMSC core library and the symmetric algorithms comparison were implemented in .NET 4.0 using C# programming language. Each symmetric algorithm is measured in three different phases. The first, is initializing n cipher-text classes and creating n random keys that will be used for encryption/decryption. The second is encrypting n different random plain-texts using the previous keys accordingly, and then concatenating the sub cipher-texts. This gives us a fair comparison to AMSC. On the decryption side,</p><table-wrap id="table6" ><label><xref ref-type="table" rid="table6">Table 6</xref></label><caption><title> Time complexity analysis of AMSC 1, 2 [<xref ref-type="bibr" rid="scirp.80041-ref4">4</xref>] , and 3</title></caption></table-wrap><p>we decrypt each sub-cipher-text by the its key to get back the original plain-text. We run each operation a total of 100,000 times and take the average. The total time for each operation is measured. For AES and DES, we used the built in .Net crypto libraries AESCryptoServiceProvider and DESCryptoServiceProvider respectively which are both Fips certified [<xref ref-type="bibr" rid="scirp.80041-ref31">31</xref>] libraries. As for RC6, we used Bouncy Castle’s [<xref ref-type="bibr" rid="scirp.80041-ref32">32</xref>] crytpo library v1.7. <xref ref-type="table" rid="table7">Table 7</xref> defines the legends that are used in the results.</p></sec><sec id="s7_2"><title>7.2. Experimental Results</title><sec id="s7_2_1"><title>7.2.1. Initialization: AMSC, DES, AES and RC6</title><p><xref ref-type="fig" rid="fig3">Figure 3</xref> compares the execution time of AMSC’s initialization to that of DES, AES and RC6. The initialization time for the symmetric algorithm includes initializing n cipher-texts objects with n random keys, and getting them ready for encryption or decryption.</p><table-wrap id="table7" ><label><xref ref-type="table" rid="table7">Table 7</xref></label><caption><title> Experiment definitions</title></caption></table-wrap><p>DES uses 64-bit keys. AES and RC6 use both 128-bit and 256-bit keys. AS for AMSC, we pick 129-bit and 257-bit keys. These keys are very close to their counter part AES and RC6. Furthermore, they will be used in the encryption and decryption experiments. Recall that every AMSC key has to be greater than its plain-text block. In the case of DES, the plain-text block is 64-bit. AES and RC6, both use 128-bit plain-text block. Note that AMSC’s initialization time grows linearly as n increases. Nonetheless, it still has smaller initialization time than DES.</p></sec><sec id="s7_2_2"><title>7.2.2. Encryption: AMSC, DES, AES and RC6</title><p>For symmetric algorithms we encrypt n plain-texts using n keys for the n cipher-text objects that were initialized, and then concatenate all the sub cipher-texts into one final cipher-text. This makes it fair to compare against AMSC. <xref ref-type="fig" rid="fig4">Figure 4</xref>(a) compares the execution time of AMSC encryption to that of</p><p>DES using a 64-bit block size with three different size keys for AMSC. Note that AMSC’s encryption time is significantly less than that of DES. Furthermore, <xref ref-type="fig" rid="fig4">Figure 4</xref>(b) uses 128-bit block size to compare AMSC with AES and RC6. For AES, AMSC 129-bit beats AES 128-bit keys. AMSC 257-bit has better performance until about 4 plain-texts. This is due to the multiplication of large numbers as n increases. As for RC6, AMSC is slower.</p></sec><sec id="s7_2_3"><title>7.2.3. Decryption: AMSC, DES, AES and RC6</title><p>The total AMSC time to decrypt the same cipher-text into n plain-text messages using n keys is measured. For the symmetric algorithms, n sub cipher-texts are decrypted and time is measured. <xref ref-type="fig" rid="fig5">Figure 5</xref>(a) shows that AMSC is faster than DES. <xref ref-type="fig" rid="fig5">Figure 5</xref>(b) shows that AMSC 129-bit beats both AES 128-bit and AES 256-bit. However, AMSC 257-bit is slower than AES due to the time it takes to divide the large cipher-text by each key.</p></sec></sec></sec><sec id="s8"><title>8. Conclusions</title><p>Deniable encryption offers an additional layer of protection for senders and receivers, who may be forced to give up encryption keys, or who may find it advantageous to have multiple plain-texts in one cipher-text. This paper showed that a novel system, ASMC, conceals multiple plain-texts in one cipher-text and performs competitively with more mainstream encryption techniques.</p><p>This paper showed that AMSC is a method for multi-key encoding and deniable encryption that withstands COA and KPA security attacks. AMSC’s performance in initialization is faster than DES 64-bit but a little slower than AES. In Encryption, however, AMSC 129-bit is about 42% faster than AES 128-bit. On the decryption side, AMSC 129-bit is about 110% faster than DES 64-bit and 16% faster than AES 128-bit for 5 plain-texts.</p><p>Our future work in this area includes applying parallel computing to AMSC. We also like to explore different applications of AMSC in TV and other broadcasts.</p></sec><sec id="s9"><title>Acknowledgements</title><p>The authors would like to thank Dr. Kruk for giving feedback. This research work is partially supported by the National Science Foundation under Grants CNS-1338105, CNS-1343141, CNS-1460897, DGE-1623713. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.</p></sec><sec id="s10"><title>Cite this paper</title><p>Bassous, R., Mansour, A., Bassous, R., Fu, H., Zhu, Y. and Corser, G. (2017) Ambiguous Multi-Sym- metric Scheme and Applications. Journal of Information Security, 8, 383-401. https://doi.org/10.4236/jis.2017.84024</p></sec></body><back><ref-list><title>References</title><ref id="scirp.80041-ref1"><label>1</label><mixed-citation publication-type="other" xlink:type="simple">Canetti, R., Dwork, C., Naor, M. and Ostrovsky, R. (1997) Deniable Encryption. In: Advances in Cryptology CRYPTO’97, Springer, Berlin, 90-104.  
https://doi.org/10.1007/BFb0052229</mixed-citation></ref><ref id="scirp.80041-ref2"><label>2</label><mixed-citation publication-type="other" xlink:type="simple">Bojinov, H., Bursztein, E., Boyen, X. and Boneh, D. (2010) Kamouage: Loss-Resistant Password Management. In: Computer Security-ESORICS 2010, Springer, Berlin, 286-302.</mixed-citation></ref><ref id="scirp.80041-ref3"><label>3</label><mixed-citation publication-type="other" xlink:type="simple">Juels, A. and Ristenpart, T. (2014) Honey Encryption: Security beyond the Brute-Force Bound. In: Advances in Cryptology-EUROCRYPT 2014, Springer, Berlin, 293-310. https://doi.org/10.1007/978-3-642-55220-5_17</mixed-citation></ref><ref id="scirp.80041-ref4"><label>4</label><mixed-citation publication-type="other" xlink:type="simple">Bassous, R., Bassous, R., Fu, H. and Zhu, Y. (2015) Ambiguous Multi-Symmetric Cryptography. In: Communications (ICC), 2015 IEEE International Conference on, 7394-7399.</mixed-citation></ref><ref id="scirp.80041-ref5"><label>5</label><mixed-citation publication-type="other" xlink:type="simple">Schneier, B. (1996) Applied Cryptography. 2nd Edition, John Wiley &amp; Sons, Hoboken, New Jersey.</mixed-citation></ref><ref id="scirp.80041-ref6"><label>6</label><mixed-citation publication-type="other" xlink:type="simple">ONeill, A., Peikert, C. and Waters, B. (2011) Bi-Deniable Public-Key Encryption. In: Annual Cryptology Conference, Springer, Berlin, 525-542.</mixed-citation></ref><ref id="scirp.80041-ref7"><label>7</label><mixed-citation publication-type="other" xlink:type="simple">Sahai, A. and Waters, B. (2005) Fuzzy identity-based encryption. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, 457-473. https://doi.org/10.1007/11426639_27</mixed-citation></ref><ref id="scirp.80041-ref8"><label>8</label><mixed-citation publication-type="other" xlink:type="simple">Shamir, A. (1979) How to Share a Secret. Communications of the ACM, 22, 612-613. https://doi.org/10.1145/359168.359176</mixed-citation></ref><ref id="scirp.80041-ref9"><label>9</label><mixed-citation publication-type="other" xlink:type="simple">Mignotte, M. (1983) How to Share a Secret. In: Cryptography, Springer, Berlin, 371-375. https://doi.org/10.1007/3-540-39466-4_27</mixed-citation></ref><ref id="scirp.80041-ref10"><label>10</label><mixed-citation publication-type="other" xlink:type="simple">Asmuth, C. and Bloom, J. (1983) A Modular Approach to Key Safe-Guarding. IEEE Transactions on Information Theory, 29, 208-210.  
https://doi.org/10.1109/TIT.1983.1056651</mixed-citation></ref><ref id="scirp.80041-ref11"><label>11</label><mixed-citation publication-type="other" xlink:type="simple">Cormen, T.H., Leiserson, C.E., Rivest, R.L. and Stein, C. (2001) Introduction to Algorithms. 2nd Edition, MIT Press and McGraw-Hill.</mixed-citation></ref><ref id="scirp.80041-ref12"><label>12</label><mixed-citation publication-type="other" xlink:type="simple">Biryukov, A. and Kushilevitz, E. (1998) From Differential Cryptanalysis to Ciphertext-Only Attacks. In: Advances in Cryptology CRYPTO’98, Springer, Berlin, 72-88. https://doi.org/10.1007/BFb0055721</mixed-citation></ref><ref id="scirp.80041-ref13"><label>13</label><mixed-citation publication-type="other" xlink:type="simple">Reynard, R. (1997) Secret Code Breaker II: A Cryptanalyst’s Handbook. Vol. 2, Smith &amp; Daniel.</mixed-citation></ref><ref id="scirp.80041-ref14"><label>14</label><mixed-citation publication-type="other" xlink:type="simple">Mollin, R.A. (1990) Number Theory. Proceedings of the 1st Conference of the Canadian Number Theory Association, Banff, 17-27 April 1988, Vol. 1.</mixed-citation></ref><ref id="scirp.80041-ref15"><label>15</label><mixed-citation publication-type="other" xlink:type="simple">Nathanson, M.B. (2007) Affne Invariants, Relatively Prime Sets, and a Phi Function for Subsets of {1, 2,..., n}. Integers, 7, A1.</mixed-citation></ref><ref id="scirp.80041-ref16"><label>16</label><mixed-citation publication-type="other" xlink:type="simple">Norman Routledge (2008) Computing Farey Series. The Mathematical Gazette, 55-62.</mixed-citation></ref><ref id="scirp.80041-ref17"><label>17</label><mixed-citation publication-type="other" xlink:type="simple">Stack Exchange (2013) Generating All Co-Prime Pairs within Limits.  
http://math.stackexchange.com/questions/422830/generating-all-coprime-pairs-within-limits</mixed-citation></ref><ref id="scirp.80041-ref18"><label>18</label><mixed-citation publication-type="other" xlink:type="simple">Berggren, B. (1934) Pytagoreiska trianglar. Elementa: Tidskrift f&amp;ouml;r element&amp;auml;r matematik, fysik och kemi, 17, 129-139. (in Swedish)</mixed-citation></ref><ref id="scirp.80041-ref19"><label>19</label><mixed-citation publication-type="other" xlink:type="simple">Stackoverflow (2013) Proof: Pythagorean Triple Algorithm Is Faster by Euclid’s Formula?  
http://stackoverflow.com/questions/18294496/proof-pythagorean-triple-algorithm-is-faster-by-euclids-formula</mixed-citation></ref><ref id="scirp.80041-ref20"><label>20</label><mixed-citation publication-type="other" xlink:type="simple">Bellare, M., Krovetz, T. and Rogaway, P. (1998) Luby-Rackoff Back-Wards: Increasing Security by Making Block Ciphers Non-Invertible. In: Advances in Cryptology Eurocrypt’98, Springer, Berlin, 266-280.  
https://doi.org/10.1007/BFb0054132</mixed-citation></ref><ref id="scirp.80041-ref21"><label>21</label><mixed-citation publication-type="other" xlink:type="simple">Hall, C., Wagner, D., Kelsey, J. and Schneier, B. (1998) Building Prfs from Prps. In: Advances in Cryptology Crypto’98, Springer, Berlin, 370-389.  
https://doi.org/10.1007/BFb0055742</mixed-citation></ref><ref id="scirp.80041-ref22"><label>22</label><mixed-citation publication-type="other" xlink:type="simple">Lucks, S. (2000) The Sum of Prps Is a Secure Prf. In: Advances in Cryptology Eurocrypt 2000, Springer, Berlin, 470-484. https://doi.org/10.1007/3-540-45539-6_34</mixed-citation></ref><ref id="scirp.80041-ref23"><label>23</label><mixed-citation publication-type="other" xlink:type="simple">Paar, C. and Pelzl, J. (2009) Understanding Cryptography: A Textbook for Students and Practitioners. Springer Science &amp; Business Media, Berlin.</mixed-citation></ref><ref id="scirp.80041-ref24"><label>24</label><mixed-citation publication-type="other" xlink:type="simple">Menezes, A.J., Van Oorschot, P.C. and Vanstone, S.A. (1996) Handbook of Applied Cryptography. CRC Press.</mixed-citation></ref><ref id="scirp.80041-ref25"><label>25</label><mixed-citation publication-type="other" xlink:type="simple">Singh, S. (2000) The Code Book: The Secret History of Codes and Codebreaking. Fourth Estate, London.</mixed-citation></ref><ref id="scirp.80041-ref26"><label>26</label><mixed-citation publication-type="other" xlink:type="simple">Matsui, M. (1994) Linear Cryptanalysis Method for Des Cipher. In: Advances in Cryptology Eurocrypt’93, Springer, Berlin, 386-397.  
https://doi.org/10.1007/3-540-48285-7_33</mixed-citation></ref><ref id="scirp.80041-ref27"><label>27</label><mixed-citation publication-type="other" xlink:type="simple">Cramer, R. and Shoup, V. (1998) A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack. In: Advances in Cryptology CRYPTO’98, Springer, Berlin, 13-25. https://doi.org/10.1007/BFb0055717</mixed-citation></ref><ref id="scirp.80041-ref28"><label>28</label><mixed-citation publication-type="other" xlink:type="simple">Goldwasser, S. and Micali, S. (1984) Probabilistic Encryption. Journal of Computer and System Sciences, 28, 270-299.</mixed-citation></ref><ref id="scirp.80041-ref29"><label>29</label><mixed-citation publication-type="other" xlink:type="simple">Wikipedia. Computational Complexity of Mathematical Operations.</mixed-citation></ref><ref id="scirp.80041-ref30"><label>30</label><mixed-citation publication-type="other" xlink:type="simple">Math Stack Exchange (2014) What Is the Time Complexity of Euclid’s Algorithm?  
http://math.stackexchange.com/questions/258596/what-is-the-time-complexity-of-euclids-algorithm-upper-bound-lower-bound-and-a</mixed-citation></ref><ref id="scirp.80041-ref31"><label>31</label><mixed-citation publication-type="other" xlink:type="simple">National Institute of Standards and Technology (2002) Security Requirements for Cryptographic Modules.</mixed-citation></ref><ref id="scirp.80041-ref32"><label>32</label><mixed-citation publication-type="other" xlink:type="simple">Bouncy Castle (2011) The Legion of the Bouncy Castle. 
http://www.bouncycastle.org/csharp/</mixed-citation></ref></ref-list></back></article>