deciphering the message data. Alternately, the random value itself may be sent unenciphered, but is then enciphered or hashed (under a keyed cryptographic hash) to produce a value used as the data ciphering key. The message key assures that the actual data is ciphered under a key which is an arbitrary selection from a huge number of possible keys; it therefore prevents weakness due to user key selection. A message key is used exactly once, no matter how many times the same message is enciphered, so at most, a successful attack on a message key exposes just one message. The internal construction of a random message key cannot be controlled by a user, and thus prevents all attacks based on repeated ciphering under a single key. To the extent that the message key value really is random and is never exposed on either end, the message key is much more easily protected than ordinary text (see ideal secrecy). In a sense, a message key is the higher-level concept of an IV, which is necessarily distinct for each particular design. MITM Man In The Middle. Mixing The act of transforming multiple input values into one or more output values, such that changing any input value will change the output value. There is no implication that the result must be balanced, but effective mixing may need to be, in some sense, complete. Also see Mixing Cipher, combiner, Latin square combiner, and Balanced Block Mixing. Mixing Cipher A block cipher based on Balanced Block Mixing of small elements in FFT- like or FWT-like mixing patterns. Below, we have a toy 32-bit-block Mixing Cipher. Plaintext at the top is transformed into ciphertext at the bottom. Each "S" is an 8-bit substitution table, and each table (and now each mixing operation also) is individually keyed. Horizontal lines connect elements which are to be mixed together: Each * * represents a single Balanced Block Mixing or BBM. Each BBM takes two elements, mixes them, and returns two mixed values. The mixed results then replace the original values in the selected positions just like the "butterfly" operations used in some FFT's. A 32-Bit Mixing Cipher | | | | <- Input Block (Plaintext) S S S S <- Fencing | | | | * * * * <- 2 BBM Mixings | | | | * * | <- 1 BBM Mixing | * * <- 1 BBM Mixing | | | | S S S S <- Fencing | | | | * * | | * * | | | | * * * * | | | | S S S S <- Fencing | | | | <- Output Block (Ciphertext) By mixing each element with another, and then each pair with another pair and so on, every element is eventually mixed with every other element. Each BBM mixing is dyadic, so each "sub-level" is a mixing of twice as many elements as the sublevel before it. A block of n elements is thus fully mixed in log 2 n sublevels, and each result element is equally influenced equally by each and every input element. The pattern of these mixings is exactly like some implementations of the FFT, and thus the term "FFT-style." Also see the articles in the Mixing Ciphers section on the Ciphers By Ritter pages. Mod 2 The field formed from the set of integers {0,1} with operations + and * producing the remainder after dividing by modulus 2. Thus: 0 + 0 = 0 0 + 1 = 1 1 + 0 = 1 1 + 1 = 0 1 + 1 + 1 = 1 0 * 0 = 0 0 * 1 = 0 1 * 0 = 0 1 * 1 = 1 Subtraction mod 2 is the same as addition mod 2. The operations + and * can also be considered the logic functions XOR and AND respectively. Mod 2 Polynomial A polynomial in which the coefficients are taken mod 2. The four arithmetic operations addition, subtraction, multiplication and division are supported. As usual, mod 2 subtraction is the same as mod 2 addition. Each column of coefficients is added separately, without "carrys" to an adjacent column: Addition and Subtraction: 1 0 1 1 + 0 1 0 1 + 1 1 0 0 0 0 1 0 Multiplication: 1 0 1 1 * 1 1 0 0 0 0 1 0 1 1 1 0 1 1 1 1 1 0 1 0 0 Polynomial multiplication is not the same as repeated polynomial addition. But there is a fast approach to squaring mod 2 polynomials: a b c d a b c d ad bd cd dd ac bc cc dc ab bb cb db aa ba ca da a 0 b 0 c 0 d To square a mod 2 polynomial, all we have to do is "insert" a zero between every column. Note that aa = a for a = 0 or a = 1, and ab = ba, so either 0 + 0 = 0 or 1 + 1 = 0. Division: 1 0 1 1 1 1 0 0 ) 1 1 1 0 1 0 0 1 1 0 0 1 0 1 0 1 1 0 0 1 1 0 0 1 1 0 0 0 The decision about whether the divisor "goes into" the dividend is based exclusively on the most-significant (leftmost) digit. This makes polynomial division far easier than integer division. Mod 2 polynomials behave much like integers in that one polynomial may or may not divide another without remainder. This means that we can expect to find analogies to integer "primes," which we call irreducible polynomials. Mod 2 polynomials do not constitute a field; clearly, the size of a multiplication is unbounded. However, a finite field of polynomials can be created by choosing an irreducible modulus polynomial, thus producing a Galois field GF 2 n . Mode One possibility is: block cipher operating mode. Modulo Casually, the remainder after an integer division by a modulus; see congruence. When the modulus is prime, this may generate a useful field. Monadic Relating to monad, which is Greek for single or one. In particular, a function with a single input or argument, also called unary. Also see: dyadic. Monoalphabetic Substitution Substitution using a single alphabet. Also called simple substitution. As opposed to Polyalphabetic Substitution. Monographic Greek for "single letter." A cipher which translates one plaintext symbol at a time into ciphertext. As opposed to polygraphic; also see homophonic and polyphonic. Multiple Encryption Enciphering or encrypting a message more than once. This usually has the strength advantage of producing a very random-like ciphertext from the first pass, which is of course the "plaintext" for the next pass. Multiple encryption using different keys can be a way to increase strength. And multiple encryption using different ciphers can reduce the probability of using a single cipher which has been broken in secret. In both cases, the cost is additional ciphering operations. Unfortunately, multiple encryption using just two (2) ciphers may not be much advantage: If we assume The Opponents know which ciphers are used, they can manipulate both the plaintext and the ciphertext to search for a match (a "meet-in-the-middle" attack strategy). One way to avoid this is to use three (3) cipherings, as in Triple DES. Multiple encryption also can be dangerous, if a single cipher is used with the same key each time. Some ciphers are involutions which both encipher and decipher with the same process; these ciphers will decipher a message if it is enciphered a second time under the same key. This is typical of classic additive synchronous stream ciphers, as it avoids the need to have separate encipher and decipher operations. But it also can occur with block ciphers operated in stream-cipher-like modes such as OFB, for exactly the same reason. Nomenclator Originally, a list of transformations from names to symbols or numbers for diplomatic communications. Later, typically a list of transformations from names, polygraphic syllables, and monographic letters, to numbers. Usually . sense, a message key is the higher-level concept of an IV, which is necessarily distinct for each particular design. MITM Man In The Middle. Mixing The act of transforming multiple input values. may generate a useful field. Monadic Relating to monad, which is Greek for single or one. In particular, a function with a single input or argument, also called unary. Also see: dyadic. Monoalphabetic