Random Variable In statistics, a term or label for an unknown value. Also used when each of the possible values have some known probability. A discrete random variable takes on a finite set of values. The probability of each value is the frequency function or probability density function, and the graph of the frequency function is the frequency distribution. Range The set of the results from a mapping for all possible arguments. Also see: domain. Really Random A random value or sequence derived from a source which is expected to produce no predictable or repeatable relationship between values. Examples of a really random source might include radioactive decay, Johnson or thermal noise, shot noise from a Zener diode or reverse-biased junction in breakdown, etc. Clearly, some sort of circuitry will be required to detect these generally low-level events, and the quality of the result is often directly related to the design of the electronic processing. Other sources of randomness might be precise keystroke timing, and the accumulated hash of text of substantial size. Also called physically random and truly random. As opposed to pseudorandom (see random number generator). Really random values are particularly important as message key objects, or as a sequence for use in a realized one-time pad. Also see: Random Number Machines: A Literature Survey and Random Electrical Noise: A Literature Survey, in the Literature Surveys and Reviews section of the Ciphers By Ritter page, and Randomness Links, in Ritter's Net Links page. Relay Classically, an electro-mechanical component consisting of a mechanical switch operated by the magnetic force produced by an electromagnet, a conductor wound around an iron dowel or core. A relay is at least potentially a sort of mechanical (slow) and nonlinear amplifier which is well-suited to power control. Research Hypothesis In statistics, the statement formulated so that the logically contrary statement, the null hypothesis H 0 has a test statistic with a known distribution for the case when there is nothing unusual to detect. Also called the alternative hypothesis H 1 , and logically identical to "NOT-H 0 " or "H 0 is not true." Resistor A basic electronic component in which voltage and current are linearly related by Ohm's Law: E = IR. Resistors can thus be used to limit current I given voltage E: (I = E/R), or to produce voltage E from current I: (E = IR). Two resistors in series can divide voltage Ein to produce the output voltage Eo: ( Eo = Ein(R1/(R1+R2)) ). Also see capacitor and inductor. Ring In abstract algebra, a nonempty set R with two dyadic (two-input, one- output) operations which we choose to call "addition" and "multiplication" and denote + and * as usual. If elements (not necessarily numbers) a, b are in R, then a+b is in R, and ab (or a*b) are also in R. The following properties hold: 1. Addition is commutative: a + b = b + a 2. Addition is associative: (a + b) + c = a + (b + c) 3. There is a "zero" or additive identity: a + 0 = a 4. There is an additive inverse: for any a there is an x in R such that a + x = 0 5. Multiplication is associative: (ab)c = a(bc) 6. Multiplication is distributive: a(b + c) = ab + ac and (b + c)a = ba + ca 7. In a commutative ring, multiplication is commutative: ab = ba 8. In a ring with unity, there is a multiplicative identity: for e in R, ea = ae = a Root A solution: A value which, when substituted for a variable in a mathematical equation, makes the statement true. RMS root mean square. Root Mean Square The square root of the integral of instantaneous values squared. Thus, when measuring voltage or current, a value proportional to the average power in watts, even in a complex waveform. RNG Random Number Generator. Round In the context of block cipher design, a term often associated with a Feistel block cipher such as DES. A round is the set of operations which are repeated multiple times to produce the final data. For example, DES uses 16 generally identical rounds, each of which performs a number of operations. As opposed to a layer, which is not applied repeatedly. RSA The name of an algorithm published by Ron Rivest, Adi Shamir, and Len Adleman (thus, R.S.A.). The first major public key system. Based on number-theoretic concepts and using huge numerical values, a RSA key must be perhaps ten times or more as long as a secret key for similar security. Running Key The confusion sequence in a stream cipher. Salt An unnecessarily cute and sadly non-descriptive name for an arbitrary value, unique to a particular computer or installation, prepended to a password before hash authentication. The "salt" acts to complicate attacks on the password user-identification process by giving the same password different hash results on different systems. Ideally, this would be a sort of keying for a secure hash. Sample In statistics, one or more elements, typically drawn at random from some population. Normally, we cannot hope to examine the full population, and so must instead investigate samples of the population, with the hope that they represent the larger whole. Often, random sampling occurs "without replacement"; effectively, each individual sample is returned to the population before the next sample is drawn. S-Box Substitution box or table; typically a component of a cryptographic system. "S-box" is a rather non-specific term, however, since S-boxes can have more inputs than outputs, or more outputs than inputs, each of which makes a single invertible table impossible. The S-boxes used in DES contain multiple invertible substitution tables, with the particular table used at any time being data-selected. One possible S-box is the identity transformation (0->0, 1->1, 2->2, ) which clearly has no effect at all, while every other transformation has at least some effect. So different S-boxes obviously can contain different amounts of some qualities. Qualities often mentioned include avalanche and Boolean function nonlinearity. However, one might expect that different ciphering structures will need different table characteristics to a greater or less degree. So the discussion of S-box strength always occurs within the context of a particular cipher construction. S-Box Avalanche With respect to avalanche, any input change even one bit will select a different table entry. Over all possible input values and changes, the number of output bits changed will have a binomial distribution. (See the bit changes section of the Ciphers By Ritter / JavaScript computation pages.) So, in this respect, all tables are equal. On the other hand, it is possible to arrange tables so that single-bit input changes are guaranteed to produce at least two-bit output changes, and this would seem to improve avalanche. But we note that this is probable even with a randomly-constructed table, so we have to ask just how much this guarantee has improved things. In a Feistel cipher, it seems like this might reduce the number of needed rounds by one. But in actual operation, the plaintext block is generally randomized, as in CBC-mode. This means that the probability of getting a single-bit change in operation is very low anyway. It is true that cipher avalanche is tested using single-bit input changes, and that is the way avalanche is defined. The point of this is to assure that every output bit is "affected" by every input bit. But I see this as more of an experimental requirement than an operational issue that need be optimized. S-Box Nonlinearity With respect to Boolean function nonlinearity, as tables get larger it becomes very difficult and essentially impossible to find tables with ideal nonlinearity values. This means that we are always accepting a compromise value, and this is especially the case if the table must also have high values of other S-box qualities. Even randomly-constructed tables tend to have reasonable nonlinearity values. We might expect an 8-bit table to have a nonlinearity of about 100 (that is, 100 bits must change in one of the eight 256-bit output functions to reach the closest affine Boolean function). Experimental measurement of the nonlinearity of 1,000,000 random 8-bit tables shows exactly one table with a nonlinearity as low as 78, and the computed probability of an actually linear table (nonlinearity zero) is something like 10 -72 or 2 -242 . The NSA-designed 8-bit table in Skipjack cipher has a computed nonlinearity of 104. While not quite the highest value we could find, it is in the top 2.5 percent of the distribution, and it seems improbable that this occurred by accident. We might assume that this table is representative of the modern understanding of the needs of a Feistel design with a fixed table. If so, we might conclude that good nonlinearity (or something very much like it) is a necessary, if not quite sufficient, part of the design. Keyed S-Boxes It is "easy" to construct keyed S-boxes, by shuffling under the control of a keyed cryptographic random number generator. (See, for example: A Keyed Shuffling System for Block Cipher Cryptography.) This has the significant advantage of providing no fixed tables for The Opponent to understand and attack. One question is whether one should attempt to measure and discard tables with poorer qualities than others. My personal feeling is that the ciphering structure should be strong enough to handle the expected random table distribution without added measurement and selection. Also see: S-Box Design: A Literature Survey, in the Literature Surveys and Reviews section of the Ciphers By Ritter page. Scalable A cipher design which can produce both large real ciphers and tiny experimental versions from the exact same construction rules. Scalability is about more than just variable size: Scalability is about establishing a uniform structural identity which is size-independent, so that we achieve a strong . truly random. As opposed to pseudorandom (see random number generator). Really random values are particularly important as message key objects, or as a sequence for use in a realized one-time. Salt An unnecessarily cute and sadly non-descriptive name for an arbitrary value, unique to a particular computer or installation, prepended to a password before hash authentication. The "salt". impossible. The S-boxes used in DES contain multiple invertible substitution tables, with the particular table used at any time being data-selected. One possible S-box is the identity transformation