DOCSLIB.ORG

Cryptanalysis of Rcplike Stream Ciphers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cryptanalysis of RCPlike Stream Ciphers by Serge Mister A thesis submitted to the Department of EIectrical and Computer Engineering in conformity with the requirements for the degree of Master of Science (Engineering) Queen7sUniversity Kingston, Ontario, Canada May 1998 Copyright (ZJ Serge Mister, 1998 National Library Bibliothèque nationale 1+1 .cm, du Canada Acquisitions and Acquisitions et Bibliographie Services services bibliographiques 395 Wellington Street 395. nie Wellington OttawaON K1AON4 Ottawa ON KI A ON4 Canada Canada The author has granted a non- L'auteur a accordé une licence non exclusive licence allowing the exclusive permettant à la National Library of Canada to Bibliothèque nationale du Canada de reproduce, loan, distribute or sell reproduire, prêter, distribuer ou copies of this thesis in microform, vendre des copies de cette thèse sous paper or electronic formats. la forme de microfiche/fïlm, de reproduction sur papier ou sur format électronique. The author retains ownership of the L'auteur conserve la propriété du copyright in this thesis. Neither the droit d'auteur qui protège cette thèse. thesis nor substantial extracts fkom it Ni la thèse ni des extraits substantiels may be printed or otherwise de celle-ci ne doivent être imprimés reproduced without the author's ou autrement reproduits sans son permission. autorisation. Abstract Cryptography is one important building block used in communication systems to provide confidentiality and authenticity Stream ciphers, ciphers which encrypt data one bit or a few bits at a tirne. have been used for many years in environments where low delay and high speed are a requirement. Until recentl- most stream ciphers were generally constructed using a set of linear feedback shift registers and a nonlinear combiner. Although these offer advantages in terms of ease of analysis and efficient hardware implementation, t heir low performance in software settings and the increasing success of correlation attacks has lead to the proposal of software-oriented stream ciphers. RClo a stream cipher designed by Rivest for RSA Data Security Inc., has found several commercial applications. but little public analysis has been done to date. In this thesis, alleged RC4 (hereafter called RC4') is described and existing analysis outlined. The properties of RCl: and in particular its cycle structure, are discussed. Several variant s of a basic "tracking" attack are analysed, providing experimental results for scaled-dom versions of RC4. For euample, the state of a 5 bit RCClike cipher can be obtained from a portion of the keystream using 242 steps, while the nominal keyspace of the systern is 2l6'. In addition to presenting an interpretation of the results, the thesis contains experimental data offering insight into the RC4 algorithm and its security. This analysis shows that. although the full-size RC4 remains secure against known atta&; keystreams are distinguishable from randomly generated bit streams, and the RC4 key can easily be recovered if a significant fraction of the full cycle of keystream bits is generated. The tracking attacks discussed provide a significant irnprovement over the exhaustive search of the full RC4 keyspace. More work is necessary to make these attacks practical in the case where a reduced keyspace is used. Because the expected RC4 cycle length is vast and only a small portion of the full RC4 keyspace is used in practice, such facts may not pose an immediate concern. lU;hile RC4 remains a trade secret of RSA Data Security Inc., the aigorithm described in [25] is believed to be output-compatible with RC4. This thesis discusses the algorithm given in [25], and is referred to as RC4 for convenience. Acknowledgment s I would like to thank rny supervisor. Dr. S. E. Tavares, for his supervision and guidance throughout this project . Thanks also to Mike Wiener for his helpful suggestions, and to the Natural Sciences and Engineering Research Council (XSERC). the School of Graduate Studies and Research of Queen's University and Communications and Information Technologv Ontario (CITO) for their financial support of this work. Contents Abstract Acknow ledgment s Contents List of Tables v List of Figures vi List of Symbols vii I Introduction 1 1.1 Overview and Motivation ......................... 1 1.2 General Cryptographic Systems ..................... 3 1.3 Stream Ciphers .............................. 5 1.3.1 Linear Feedback Shift Register Based Designs ......... 6 .-. 1.3.2 Other Designs ........................... i 1.4 Propert ies of Stream Ciphers ....................... 7 1.5 RC4 Stream Cipher ............................ 8 1.6 Background on Cycle Structures ..................... 11 2 Literature Review 13 2.1 Stream Cipher Proposais ......................... 13 2.1.1 Linear Feedback Shift Register Based Stream Ciphers ..... 13 2.1.2 SEAL ...............................15 2.2 Cryptanalysis of Stream Ciphers ..................... 15 2.3 Cryptanalysis of RC4 ........................... 16 2.3.1 Sci. Crypt Discussion Sumrnary ................. 17 2.3.2 A class of weak keys in RC4 ................... 18 2.3.3 Linear Statistical Weaknesses in RC4 .............. 20 2.3.4 Cornments Gom RSA ....................... 21 3 Periodicity Analysis of RC4 24 3.1 Charactenzation of RCI Cycles ................. 24 3.2 A Partitioning of RC1 Cycles ...................... 28 4 Systematic Cryptanalysis of RC4 36 1.1 ObtainingaKeyfromtheRC4State .................. 36 -1.2 Fornard Tracking Attack ......................... 37 4.3 Efficient Starting Points for Forward Tracking ............. 44 1.1 Backtracking Attack ........................... 18 4.5 Probabilistic Xttacks ........................... 49 4.5.1 Probabilistic Mode1 of RC4 ................... 50 4.5.2 Laddered Backtracking Attack .................. 51 1.5.3 Most Probable Path Backtracking &ta& ............ 54 4.6 Practicd Attach in Lnusual Scenanos ................. 39 4.7 Sumrnary of Attack Performance .................... 61 5 Conclusion 62 3.1 SummaryandDiscussion ......................... 62 5.2 Suggestions for Further Study ...................... 63 APPENDICES 69 A Short Cycles of RC4-3 69 -4 .1 -1 Cycle of Length 24 ........................... 70 A.2 -4 Second Cycle of Length 24 ...................... 71 A.3 -4 Third Cycle of Length 21 ....................... 72 A.4 -4 Fourth Cycle of Length 24 ....................... 73 B Detailed Key Distribution for n = 2 and n = 3 74 B.1 Key Distribution for n = 2 ........................ 75 B.2 Key Distribution for n = 3 ........................ 83 C Forward Tracking Algorithm in Detail 93 D Probabilistic Information in RC4-4 97 Vit a List of Tables Nominal and Effective Key Sizes for RC3-n . 10 Deilation of RC4 Gap Lengths from those of Random Keystream . 18 Possible Periods for RC1 with Word Length 2 and 3 . 26 Expected Cycle Lengths for a Randomly Chosen Invertible Mapping . 27 Cycle Lengths for a Random Permutation With 2580480 elements (n= 3) 29 Solutions Found by Fonvard Tracking for a Nonzero Keystream . 41 Solutions Found by Fonvard Tracking for a Zero Keystream . 41 Solutions Found by Forward Tracking for a Zero Keystream (approx.) 13 Complexity of the Fomwd Tracking Algorithm . 45 Time to Recover Key, Soned by Path Count (n = 4) . - . 46 Average Fomard Tracking Search Time . 46 Keystreams bhirnizing 'iode Count in the Forward Tracking Attack 48 Solutions Found by Backtracking for a Nonzero Keystrearn . 49 Guess Success Probability of Most Probable Depth 6 Path Backtrack- ing-4ttack.. 59 Complexity of Most Probable Depth 6 Path Backtracking Attack . 60 Time to Recover RCCn Key with Multiple Keystreams . Estimated Upper Bound on the "'T'rue" Keyspace of RCCn . RC4-4 State Sequence for an Initial Key k = {O, 1,1,1) . RC14 State Probability Matrix - 1 Keystream Byte -4nalysed . RC4-4 State Probability Matrix - 3 Keystream Bytes Anaiysed . RC4-4 State Probability Matrix - 6 Keystream Bytes -4nalysed . RC4-4 State Probability Matrix - 9 Keystream Bytes Analysed . RCM State Probability Matrix - 10 Keystream Bytes -4nalysed RC44 State Probability Matrix - 11 Keystream Bytes -4nalysed RC4-4 State Probability Matrix - 12 Keystream Bytes -2nalysed RC4-4 State Probability Yatrix - 13 Keystream Bytes halysed List of Figures - The General Structure of a Stream Cipher . - . - . - - - 3 A Linear Feedback Shift Register Based Stream Cipher . - . - - 6 The -4lleged RC4 Stream Cipher . 10 The Cycle Map for the Function f (z) = x2 + 7 mod 31 . 11 The Cycle Map for the Function f (z) = xi + 7 mod 31 . - 12 LFSR Based Stream Cipher Examples . - 14 RCC3 Cycle Distribution Compared with a Random Permutation . 28 The Right Shift Operation for an RC4n State . 30 Partitioning of an RC4 Cycle . 34 Fonvard Tracking Algorithm for n = 2. and a O Keystream of Length 4 40 Xumber of Nodes Visited During Forward Trachg . 44 Time to Recover Key. Sorted by Node Count at Depths 1 and 2 (n = 4) 45 Time to Recover Key, Sorted by Node Count at Depths 3 and 1 (n = 4) 47 Time to Recover Key. Sorted by Node Count at Depths 5 and 6 (n = 4) 47 Laddered Backtracking Attack . - - - 52 Tree Diagram for blost Probable Depth 2 Path Backtracking Attack . 55 List of Symbols The ith word of the ciphertext. See the definition of Ki for more e'cplanation. If D is an RC4 state (see the entq for (2'' j'? SI)): the state obtained by initialking RC4 to state D and performing t encryptions. (2r.jr. Sf) .ln RC1 state defined by i = ir.j = j'. S = Sr. (rjr-{ - - Sn}An RC4 state defined by i = ir. j = j', S = {SA, - : s;*-l}- In descriptions of RCClike algorithms, the counter i which is part of the state of RC4. It is also used as a general count er when no confusion would result . In descriptions of RC41ike algorithms, the counter j which is part of the state of RC4. It is also used as a general counter mhen no confusion would result. The ith word of the key used to initialize RCglike algo- rithms. This key is of length 1- and the words of the key are ko,. ? kr-l. The ith word of the generated keystream. In an RCP like system, this word is XORed with the corresponding plaintext word Pito produce the ciphertext word Ci.
Recommended publications
  • 2020 Sneak Peek Is Now Available

    2020 Sneak Peek Is Now Available

    GISWatch 2020 GISW SNEAK PEEK SNEAK PEEK GLOBAL INFORMATION atch 2020 SOCIETY WATCH 2020 Technology, the environment and a sustainable world: Responses from the global South ASSOCIATION FOR PROGRESSIVE COMMUNICATIONS (APC) AND SWEDISH INTERNATIONAL DEVELOPMENT COOPERATION AGENCY (SIDA) GISWatch 2020 SNEAK PEEK Global Information Society Watch 2020 SNEAK PEEK Technology, the environment and a sustainable world: Responses from the global South APC would like to thank the Swedish International Development Cooperation Agency (Sida) for their support for Global Information Society Watch 2020. Published by APC 2021 Creative Commons Attribution 4.0 International (CC BY 4.0) https://creativecommons.org/licenses/by/4.0/ Some rights reserved. Disclaimer: The views expressed herein do not necessarily represent those of Sida, APC or its members. GISWatch 2020 SNEAK PEEK Table of contents Introduction: Returning to the river.... ............................................4 Alan Finlay The Sustainable Development Goals and the environment ............................9 David Souter Community networks: A people – and environment – centred approach to connectivity ................................................13 “Connecting the Unconnected” project team www.rhizomatica.org; www.apc.org Australia . 18 Queensland University of Technology and Deakin University marcus foth, monique mann, laura bedford, walter fieuw and reece walters Brazil . .23 Brazilian Association of Digital Radio (ABRADIG) anna orlova and adriana veloso Latin America . 28 Gato.Earth danae tapia and paz peña Uganda . .33 Space for Giants oliver poole GISWatch 2020 SNEAK PEEK Introduction: Returning to the river Alan Finlay do not have the same power as governments or the agribusiness, fossil fuel and extractive industries, and that to refer to them as “stakeholders” would The terrain of environmental sustainability involves make this power imbalance opaque.
  • Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

    Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

    Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices † ‡ ‡ ‡ Nadia Heninger ∗ Zakir Durumeric ∗ Eric Wustrow J. Alex Halderman † University of California, San Diego ‡ The University of Michigan [email protected] {zakir, ewust, jhalderm}@umich.edu Abstract expect that today’s widely used operating systems and RSA and DSA can fail catastrophically when used with server software generate random numbers securely. In this malfunctioning random number generators, but the extent paper, we test that proposition empirically by examining to which these problems arise in practice has never been the public keys in use on the Internet. comprehensively studied at Internet scale. We perform The first component of our study is the most compre- the largest ever network survey of TLS and SSH servers hensive Internet-wide survey to date of two of the most and present evidence that vulnerable keys are surprisingly important cryptographic protocols, TLS and SSH (Sec- widespread. We find that 0.75% of TLS certificates share tion 3.1). By scanning the public IPv4 address space, keys due to insufficient entropy during key generation, we collected 5.8 million unique TLS certificates from and we suspect that another 1.70% come from the same 12.8 million hosts and 6.2 million unique SSH host keys faulty implementations and may be susceptible to com- from 10.2 million hosts. This is 67% more TLS hosts promise. Even more alarmingly, we are able to obtain than the latest released EFF SSL Observatory dataset [18]. RSA private keys for 0.50% of TLS hosts and 0.03% of Our techniques take less than 24 hours to scan the entire SSH hosts, because their public keys shared nontrivial address space for listening hosts and less than 96 hours common factors due to entropy problems, and DSA pri- to retrieve keys from them.
  • 9/11 Report”), July 2, 2004, Pp

    9/11 Report”), July 2, 2004, Pp

    Final FM.1pp 7/17/04 5:25 PM Page i THE 9/11 COMMISSION REPORT Final FM.1pp 7/17/04 5:25 PM Page v CONTENTS List of Illustrations and Tables ix Member List xi Staff List xiii–xiv Preface xv 1. “WE HAVE SOME PLANES” 1 1.1 Inside the Four Flights 1 1.2 Improvising a Homeland Defense 14 1.3 National Crisis Management 35 2. THE FOUNDATION OF THE NEW TERRORISM 47 2.1 A Declaration of War 47 2.2 Bin Ladin’s Appeal in the Islamic World 48 2.3 The Rise of Bin Ladin and al Qaeda (1988–1992) 55 2.4 Building an Organization, Declaring War on the United States (1992–1996) 59 2.5 Al Qaeda’s Renewal in Afghanistan (1996–1998) 63 3. COUNTERTERRORISM EVOLVES 71 3.1 From the Old Terrorism to the New: The First World Trade Center Bombing 71 3.2 Adaptation—and Nonadaptation— ...in the Law Enforcement Community 73 3.3 . and in the Federal Aviation Administration 82 3.4 . and in the Intelligence Community 86 v Final FM.1pp 7/17/04 5:25 PM Page vi 3.5 . and in the State Department and the Defense Department 93 3.6 . and in the White House 98 3.7 . and in the Congress 102 4. RESPONSES TO AL QAEDA’S INITIAL ASSAULTS 108 4.1 Before the Bombings in Kenya and Tanzania 108 4.2 Crisis:August 1998 115 4.3 Diplomacy 121 4.4 Covert Action 126 4.5 Searching for Fresh Options 134 5.
  • Methods for Symmetric Key Cryptography and Cryptanalysis EWM Phd Summer School, Turku, June 2009

    Methods for Symmetric Key Cryptography and Cryptanalysis EWM Phd Summer School, Turku, June 2009

    Methods for Symmetric Key Cryptography and Cryptanalysis EWM PhD Summer School, Turku, June 2009 Kaisa Nyberg [email protected] Department of Information and Computer Science Helsinki University of Technology and Nokia, Finland Methods for Symmetric Key Cryptography and Cryptanalysis – 1/32 This lecture is dedicated to the memory of Professor Susanne Dierolf a dear and supporting friend, a highly respected colleague, and a great European Woman in Mathematics, who passed away in May 2009 at the age of 64 in Trier, Germany. Methods for Symmetric Key Cryptography and Cryptanalysis – 2/32 Outline 1. Boolean function Linear approximation of Boolean function Related probability distribution 2. Cryptographic encryption primitives Linear approximation of block cipher Linear approximation of stream cipher 3. Cryptanalysis and attack scenarios Key information deduction on block cipher Distinguishing attack on stream cipher Initial state recovery of stream cipher 4. Conclusions Methods for Symmetric Key Cryptography and Cryptanalysis – 3/32 Boolean Functions Methods for Symmetric Key Cryptography and Cryptanalysis – 4/32 Binary vector space n Z 2 the space of n-dimensional binary vectors ¨ sum modulo 2 Given two vectors 1 n 1 n n a = ´a ; : : : ; a µ; b = ´b ; : : : ; b µ ¾ Z 2 the inner product (dot product) is defined as 1 1 n n a ¡ b = a b ¨ ¡ ¡ ¡ ¨ a b : Then a is called the linear mask of b. Methods for Symmetric Key Cryptography and Cryptanalysis – 5/32 Boolean function n f : Z 2 Z 2 Boolean function. Linear Boolean function is of the form f ´x µ = u ¡ x for some n fixed linear mask u ¾ Z 2.
  • Politecnico Di Torino

    Politecnico Di Torino

    POLITECNICO DI TORINO Master Degree Course in Electronic Engineering Master Degree Thesis Evaluation of Encryption Algorithm Security in Heterogeneous Platform against Differential Power Analysis Attack Supervisor: Candidate: Prof. Stefano DI CARLO Fiammetta VOLPE Student ID: 235145 A.A. 2017/2018 Summary An embedded system security can be violated at different levels of abstraction: the vulnerability is not only present from software point of view, but also the hardware can be attacked. This thesis is focused on an hardware attack at logic/microelectronic level called Differential Power Analysis (DPA), included in the larger categories of the Power Analysis (PA) and Side-Channel Anal- ysis, catalogued like a passive and non-invasive attack, since it includes the observation of the normal behaviour of the device without any physical alteration. As a consequence, this kind of attack could be extremely dangerous and it doesn’t leave any trace. A DPA attack is essentially based on the principle that the power consumption is correlated to the activity of the device during data encryption, so also to the used encryption key. Thus, using statistical analysis on a sufficiently large number of power traces, it is possible to detect the correct hypothesis for the key. Due to the improvement of FPGAs in terms of capacity and performance and the significant in- crement of the value of handled data, it is essential to do an analysis of the level of vulnerability of the device. For this reason, the MachXO2-7000 FPGA included, together with a STM32F4 CPU and a SLJ52G SECURITY CONTROLLER-SMART CARD, inside the BGA chip SEcubeTM, appositely designed for security goals, is the chosen target for this thesis.
  • World Economic Survey 1963

    World Economic Survey 1963

    WORLD ECONOMIC SURVEY 1963 II. Current Economic Developments UNITED NATIONS Department of Economic and Social Affairs Vv'©RLD ECONOMIC SURVEY 1963 t II. Current Economic Developments UNITED NATIONS New York, 1964 E/3902/Rev.1 ST/Y, CA/Sa UNITED NATIONS PUBLICATION J Sales No. : 64. II.C. 3 Price: SU.S. 1.50 (or equivalent in other currencies) FOREWORD This report represents part II of the World Economic Survey, 1963. As indicated in the Foreword to part I, "'Trade and Development: Trends, Needs and Policies" (Sales No. :64.II.C.1), it consists of three chapters and an annex dealing with recent developments in the world economy. Chapter 1 analyses the situation in the industrially advanced private enterprise countries. Chapter 2 reviews current trends in the Countries that are heavily dependent on the export of primary commodities. Chapter 3 provides an account of recent changes in the centrally planned economies. The three chapters follow an introduction which draws attention to some of the salient features of the current situation. The annex presents a summary of the current primary commodity situation. Most of the analysis is concerned with the calendar year 1963; chapters 1 and 2 conclude with brief assessments of the outlook for 1964. These discussions of outlook draw to a large extent on the replies of Governments to a questionnaire on economic trends, problems and policies circulated by the Secretary-General in November 1963. Like part I, part II of the World Economic Survey, 1963 was prepared in the Department of Economic and Social Affairs by the Bureau of General Economic Research and Policies.
  • An Introduction to Cryptography Copyright © 1990-1999 Network Associates, Inc

    An Introduction to Cryptography Copyright © 1990-1999 Network Associates, Inc

    An Introduction to Cryptography Copyright © 1990-1999 Network Associates, Inc. and its Affiliated Companies. All Rights Reserved. PGP*, Version 6.5.1 6-99. Printed in the United States of America. PGP, Pretty Good, and Pretty Good Privacy are registered trademarks of Network Associates, Inc. and/or its Affiliated Companies in the US and other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. Portions of this software may use public key algorithms described in U.S. Patent numbers 4,200,770, 4,218,582, 4,405,829, and 4,424,414, licensed exclusively by Public Key Partners; the IDEA(tm) cryptographic cipher described in U.S. patent number 5,214,703, licensed from Ascom Tech AG; and the Northern Telecom Ltd., CAST Encryption Algorithm, licensed from Northern Telecom, Ltd. IDEA is a trademark of Ascom Tech AG. Network Associates Inc. may have patents and/or pending patent applications covering subject matter in this software or its documentation; the furnishing of this software or documentation does not give you any license to these patents. The compression code in PGP is by Mark Adler and Jean-Loup Gailly, used with permission from the free Info-ZIP implementation. LDAP software provided courtesy University of Michigan at Ann Arbor, Copyright © 1992-1996 Regents of the University of Michigan. All rights reserved. This product includes software developed by the Apache Group for use in the Apache HTTP server project (http://www.apache.org/). Copyright © 1995-1999 The Apache Group. All rights reserved. See text files included with the software or the PGP web site for further information.
  • Generic Attacks on Stream Ciphers

    Generic Attacks on Stream Ciphers

    Generic Attacks on Stream Ciphers John Mattsson Generic Attacks on Stream Ciphers 2/22 Overview What is a stream cipher? Classification of attacks Different Attacks Exhaustive Key Search Time Memory Tradeoffs Distinguishing Attacks Guess-and-Determine attacks Correlation Attacks Algebraic Attacks Sidechannel Attacks Summary Generic Attacks on Stream Ciphers 3/22 What is a stream cipher? Input: Secret key (k bits) Public IV (v bits). Output: Sequence z1, z2, … (keystream) The state (s bits) can informally be defined as the values of the set of variables that describes the current status of the cipher. For each new state, the cipher outputs some bits and then jumps to the next state where the process is repeated. The ciphertext is a function (usually XOR) of the keysteam and the plaintext. Generic Attacks on Stream Ciphers 4/22 Classification of attacks Assumed that the attacker has knowledge of the cryptographic algorithm but not the key. The aim of the attack Key recovery Prediction Distinguishing The information available to the attacker. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-chipertext Generic Attacks on Stream Ciphers 5/22 Exhaustive Key Search Can be used against any stream cipher. Given a keystream the attacker tries all different keys until the right one is found. If the key is k bits the attacker has to try 2k keys in the worst case and 2k−1 keys on average. An attack with a higher computational complexity than exhaustive key search is not considered an attack at all. Generic Attacks on Stream Ciphers 6/22 Time Memory Tradeoffs (state) Large amounts of precomputed data is used to lower the computational complexity.
  • Analysis of Chosen Plaintext Attacks on the WAKE Stream Cipher

    Analysis of Chosen Plaintext Attacks on the WAKE Stream Cipher

    Analysis of chosen plaintext attacks on the WAKE Stream Cipher Marina Pudovkina [email protected] Moscow Engineering Physics Institute (Technical University) Department of Cryptology and Discrete Mathematics Abstract. Stream ciphers are an important class of encryption algorithms, which are widely used in practice. In this paper the security of the WAKE stream cipher is investigated. We present two chosen plaintext attacks on this cipher. The complexities of these attacks can be estimated as 1019.2 and 1014.4. Keywords. WAKE. Stream Cipher. Cryptanalysis. 1 Introduction Symmetric cryptosystems can be subdivided into block and stream ciphers. Block ciphers operate with a fixed transformation on large blocks of plaintext data; stream ciphers operate with a time- varying transformation on individual plaintext digits. Typically, a stream cipher consists of a keystream generator whose pseudo-random output sequence is added modulo 2 to the plaintext bits. A major goal in stream cipher design is to efficiently produce random-looking sequences. But the keystream can be generated efficiently; there certainly exists such a simple description. WAKE is the Word Auto Key Encryption algorithm, invented by David Wheeler [1]. It has a very simple description and produces a stream of 4n-bit words, which can be XORed with a plaintext stream to produce ciphertext, or XORed with a ciphertext stream to produce plaintext. It is fast on most modern computers, and relies on repeated table use and having a large state space. WAKE works in CFB mode; the previous ciphertext word is used to generate the next key word. It is being used in the current version of Dr.
  • Cryptanalysis Techniques for Stream Cipher: a Survey

    Cryptanalysis Techniques for Stream Cipher: a Survey

    International Journal of Computer Applications (0975 – 8887) Volume 60– No.9, December 2012 Cryptanalysis Techniques for Stream Cipher: A Survey M. U. Bokhari Shadab Alam Faheem Syeed Masoodi Chairman, Department of Research Scholar, Dept. of Research Scholar, Dept. of Computer Science, AMU Computer Science, AMU Computer Science, AMU Aligarh (India) Aligarh (India) Aligarh (India) ABSTRACT less than exhaustive key search, then only these are Stream Ciphers are one of the most important cryptographic considered as successful. A symmetric key cipher, especially techniques for data security due to its efficiency in terms of a stream cipher is assumed secure, if the computational resources and speed. This study aims to provide a capability required for breaking the cipher by best-known comprehensive survey that summarizes the existing attack is greater than or equal to exhaustive key search. cryptanalysis techniques for stream ciphers. It will also There are different Attack scenarios for cryptanalysis based facilitate the security analysis of the existing stream ciphers on available resources: and provide an opportunity to understand the requirements for developing a secure and efficient stream cipher design. 1. Ciphertext only attack 2. Known plain text attack Keywords Stream Cipher, Cryptography, Cryptanalysis, Cryptanalysis 3. Chosen plaintext attack Techniques 4. Chosen ciphertext attack 1. INTRODUCTION On the basis of intention of the attacker, the attacks can be Cryptography is the primary technique for data and classified into two categories namely key recovery attack and communication security. It becomes indispensable where the distinguishing attacks. The motive of key recovery attack is to communication channels cannot be made perfectly secure. derive the key but in case of distinguishing attack, the From the ancient times, the two fields of cryptology; attacker’s motive is only to derive the original from the cryptography and cryptanalysis are developing side by side.
  • Voice Encryption Using Twin Stream Cipher Algorithm تشفير الصوت باستخدام خوارزمية التوأم

    Voice Encryption Using Twin Stream Cipher Algorithm تشفير الصوت باستخدام خوارزمية التوأم

    Voice Encryption Using Twin Stream Cipher Algorithm تشفير الصوت باستخدام خوارزمية التوأم اﻻنسيابية Prepared by Omar Mejbel Hammad Aljouani ((401320142)) Supervisor Dr. Hebah H. O. Nasereddin Dr. Abdulkareem O. Ibadi Master Thesis Submitted in Partial Fulfillment of the Requirements of the Master Degree in Computer Science Department of Computer Science Faculty of Information Technology Middle East University Amman - Jordan January - 2016 II ((بسم هللا الرحمن الرحيم(( ّ يَ ْر ف عَََللاَهَا ّل ذي نََآ مَ هنواَ م ْن هك ْمََ وَا ّلَ ذي نََ} ه ه ْ ْ {أَوتواَال عل مََ دَ ر جات ))صدق هللا العظيم(( II III IV Acknowledgment I utilize this opportunity to thank everyone helped me reach this stage and everyone who encourage me during performing this thesis. I want to thank Dr. Hebah H. O. Nasereddin for her guidance and supervision during writing this thesis. Extended thanks are also for my family and friends who encourage me during writing this thesis. I also want to thank everyone who believes that the knowledge is right for everyone. The greatest thank ever to assistant prof. Abdulkareem O. Ibadi, the head of software engineering department at Baghdad College for economic sciences. V Dedication اهدي خﻻصة جهدي العلمي المتواضع الى : قرة عيني الرسول محمد عليه افضل الصﻻة واتم التسليم ...... وطني العراق الجريح .................................... اخي الشهيد الحاضر الغائب صهيب ................... والدي ووالدتي واختي رفاق دربي ومسيرتي ............... كل من كان له بصمة بجهدي العلمي هذا............. كل الشهداء الذين استشهدوا برصاص الغدر والخيانة ...... كل من كان يدعي لي ويوجهني ويتمنى لي الخير ......... جامعة بغداد أخص بها كلية التربية ابن الهيثم ....... اﻻعدادية المركزية للبنين .................. VI Table of Contents AUTHORIZATION STATEMENT ..........................................................
  • Unlocking Encryption: Information Security and the Rule of Law

    Unlocking Encryption: Information Security and the Rule of Law

    Unlocking Encryption: Information Security and the Rule of Law BY DANIEL CASTRO AND ALAN MCQUINN | MARCH 2016 Advancements in the field of information security, particularly in how to Advances in use encryption to protect the confidentiality of information, have vastly information security could lead to tradeoffs improved security for consumers and businesses. But as products and in the effectiveness of services have become more secure, it has become harder for law law enforcement, but enforcement and national security agencies to access some information limiting encryption will that could help them prevent and investigate crimes and terrorism.1 This certainly make the has created one of the most difficult policy dilemmas of the digital age, as average consumer and business less secure. encryption both improves security for consumers and businesses and makes it harder for governments to protect them from other threats. There is no way to square this circle, so any choice will come with tradeoffs. However, ITIF believes that the U.S. government should not restrict or weaken encryption, because any attempts to do so would reduce the overall security of law-abiding citizens and businesses, make it more difficult for U.S. companies to compete in global markets, and limit advancements in information security. Moreover, attempts to restrict or weaken encryption would be ineffective at keeping this technology out of the hands of many criminals and terrorists. Cybersecurity is often portrayed as a never-ending arms race pitting those who wish to secure their computers and networks against attackers intent on breaking into their INFORMATION TECHNOLOGY & INNOVATION FOUNDATION | MARCH 2016 PAGE 1 systems.