DOCSLIB.ORG

Feistel Cipher Structure

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Feistel Cipher Structure Computer Security - Block Ciphers & DES (Data Encryption Standard) Howon Kim 2019.3 Agenda ◼ Review ◼ Block Ciphers & Stream Ciphers ❑ Stream Ciphers ❑ Block Ciphers ◼ DES ◼ Cryptanalysis ◼ Modes of Operations ◼ Next… 2 Review: Attack Types ◼ Attack types ❑ Ciphertext only ◼ Eve has only a copy of the ciphertext. ❑ Known plaintext ◼ Eve has a copy of a ciphertext and the corresponding plaintext. ◼ For example, if Eve knows that Alice always starts her message with “Dear Bob,” then Eve has a small piece of ciphertext and corresponding plaintext. ❑ Chosen plaintext ◼ Eve gains temporary access to the encryption machine. ◼ She cannot open it to find the key, but she can encrypt a large number of suitably chosen plaintexts and try to use the resulting ciphertexts to deduce the key. ❑ Chosen ciphertext ◼ Eve obtains temporary access to the decryption machine. 3 Review: Ciphertext Only Attack ◼ Eve has only the ciphertext. ❑ Y M W J J U F W Y X ◼ Her best strategy is an exhaustive search. ❑ There are only 26 possible keys. ❑ If the message is longer than a few letters, it is unlikely that there is more than one meaningful message that could be the plaintext. ◼ Try to decrypt it! 4 Review: Known Plaintext Attack ◼ It’s trivial.(only for shift cipher. Generally, not.) ❑ If Eve knows just one letter of the plaintext along with the corresponding letter of ciphertext, she can deduce the key. ◼ In this above example… ❑ Ciphertext: Y M W J J U F W Y X ❑ Plaintext: ? ? ? ? ? p ? ? ? ? 5 Review: CPA, CCA ◼ Attack 3: Chosen plaintext attack ❑ Choose the letter a as the plaintext. ❑ The ciphertext gives the key itself. ❑ Example: a ➔ F (= 5) ◼ Attack 4: Chosen ciphertext attack ❑ Choose the letter A as the ciphertext. ❑ The plaintext is the negative of the key. 6 Block vs Stream Ciphers ◼ block ciphers process messages in into blocks, each of which is then en/decrypted ◼ like a substitution on very big characters ❑ 64-bits or more ◼ stream ciphers process messages a bit or byte at a time when en/decrypting 7 Block vs Stream Ciphers Reference: Understanding Cryptography by C. Paar & J. Pelzl 8 Encryption & Decryption with Stream Ciphers Reference: Understanding Cryptography by C. Paar & J. Pelzl 9 Synchronous vs. Asynchronous Stream Cipher ◼ Synchronous Stream Cipher ❑ Key stream depends only on the key (and possibly an initialization vector IV) ◼ Asynchronous Stream Cipher ❑ Key stream depends also on the ciphertext (dotted feedback enabled) Reference: Understanding Cryptography by C. Paar & J. Pelzl 10 Why is mod 2 addition a good encryption function? Random한 key stream Si의 특성이 ciphertext에도 그대로 반영됨.즉, XOR(mod 2) 연산은 si의 난수성을 ciphertext에 반영 특성 가짐. 그림에서 key stream si의 0과1 비율은 각각 0.5 확률 -> Mod add 2, 즉 XOR 연산하면, random stream si의 특성을 ciphertext yi가 갖게 됨 11 LFSR Sequences : Example of Stream Cipher ◼ Linear Feedback Shift Register (LFSR) ❑ defined by a linear recurrence. ❑ implemented very easily, especially in hardware. ❑ very fast (only the operating frequency is, not the throughput) Example: xm+3 = xm+1 XOR xm XOR gate xm+2 xm+1 xm Ciphertext registers Plaintext Initial state (initial values): x1x2x3 = 010 Generated sequence: 0101110010111001… Plaintext (AB…): 0100000101000010… Ciphertext: 0001110111111011… 12 LFSR Sequences Example: xm+3 = xm+1 XOR xm (xm+3 = xm+1 XOR xm) XOR gate xm+2 xm+1 xm Ciphertext registers Plaintext Initial state (intial values): x1x2x3 = 010 Generated sequence: 0101110010111001… Plaintext (AB…): 0100000101000010… Ciphertext: 0001110111111011… xm+3 = xm+1 XOR xm m=7 : x =x xor x = 0 xor 0 = 0 m=1 : x4=x2 xor x1 = 1 xor 0 = 1 10 8 7 m=8 : x =x xor x = 1 xor 0 = 1 m=2: x5=x3 xor x2 = 0 xor 1 = 1 11 9 8 m=9 : x =x xor x = 0 xor 1 = 1 m=3: x6=x4 xor x3 = 1 xor 0 = 1 12 10 9 m=10: x =x xor x = 1 xor 0 = 1 m=4: x7=x5 xor x4 = 1 xor 1 = 0 13 11 10 m=11: x =x xor x = 1 xor 1 = 0 m=5: x8=x6 xor x5 = 1 xor 1 = 0 14 12 11 m=6: x =x xor x = 0 xor 1 = 1 m=12: x15=x13 xor x12 = 1 xor 1 = 0 9 7 6 13 LFSR Sequences ◼ Key length vs. Sequence length n ❑ Key length n ➔ sequence length ≤ 2 – 1. ❑ Above example ◼ Key length = 3 ◼ Sequence length = 7 ◼ An “approximation” to a one-time pad ❑ A small input generates a long binary sequence. The one-time pad (OTP) is an encryption algorithm where the plaintext is combined with a random key or "pad" that is as long as the plaintext and used only once. A modular addition is used to combine the plaintext with the pad. (For binary data, the operation XOR amounts to the same thing.) [From wikipedia] 14 LFSR Sequences: Attack ◼ Unfortunately, ❑ This encryption method succumbs easily to a known plaintext attack. ❑ This is because the construction is linear. ❑ If we know only a few consecutive bits of plaintext, along with the corresponding bits of ciphertext, an attack can determine the whole sequence. linear: - superposition property: f(x+y)=f(x)+f(y) - Homegeneity of degree 1 : f(ax)=a*f(x) 15 LFSR Sequences: Attack ◼ Example ❑ Suppose we know an initial segment of the (plaintext, ciphertext) pair. Ciphertext: 10010100001110100100101010101011110010… Plaintext : 11111111111… Sequence: 01101011110… 16 LFSR Sequences: Attack ◼ An attacker tries to recover the linear recurrence. ◼ She doesn’t know the size of the LFSR. ❑ First start with length 2. xn+2 = c0xn + c1xn+1 (“+” means XOR) Let n = 1 and n = 2, and use the known values x1= 0, x2 = 1, x3 = 1, x4 = 0. (Sequence: 01101011110…) we get x3 = c0x1 + c1x2 1 = c0 0 + c11 c0 = 1, c1= 1 x4 = c0x2 + c1x3 0 = c0 1 + c11 x5 = x3 + x4=1 + 0 = 1 Generated seq. : 01101101… x6 = x4 + x5=0 + 1 = 1 Not correct ! x7 = x5 + x6=1 + 1 = 0 x8 = x6 + x7=1 + 0 = 1 … 17 LFSR Sequences: Attack ◼ Try another length 3. ❑ This is impossible, either. ◼ Try length = 4. xn+4 = c0xn + c1xn+1 + c2xn+2 + c3xn+3 (Sequence: 01101011110…) x5 = c0x1 + c1x2 + c2x3 + c3x4 x6 = c0x2 + c1x3 + c2x4 + c3x5 x7 = c0x3 + c1x4 + c2x5 + c3x6 x8 = c0x4 + c1x5 + c2x6 + c3x7 c0 = 1, c1= 1, c2 = 0, c3= 0 18 LFSR Sequences: Attack ◼ Generalization ❑ It is known that an attacker can recover the linear recurrence if 2n consecutive elements in the sequence is revealed. ❑ This is much smaller than the period length of a sequence, i.e., 2n – 1. ◼ Improvement ❑ The problem is that the recurrence is linear, and an attacker can make a matrix equation. ❑ So, we append some nonlinear elements. 19 Real Stream Cipher 1 – A5/1 ◼ Example: GSM A5/1 Stream Cipher ❑ Used to encrypt mobile phone conversation R1 C1 m=Majority(C1,C2,C3) Majority에 해당하는 R2 Register만clocking됨 즉, 2개의register혹은 C2 3개의 register가 clocking됨 R3 Ex1) If C1=0, C2=1, C3=0 then C3 Clocking R1 and R3 Ex2) If C1=1,C2=1,C3=1 then Clocking R1,R2 and R3 20 New Stream Cipher Standardization ◼ ECRYPT ❑ European Network of Excellence for Cryptology ◼ eSTREAM ❑ ECRYPT Stream Cipher Project ❑ Phase 1 (Nov. 2004 ~) ◼ submission for cryptographic primitives ❑ Phase 2 (Aug. 2006 ~) ◼ Seven SW-based candidates ◼ DRAGON, HC-256, LEX, Phelix, Py, Salsa20, SOSEMANUK ◼ Four HW-based candidates ◼ Grain, MICKEY-128, Phelix, Trivium ❑ Phase 3 (April 2007 ~) ◼ Eight SW-based candidates ◼ CryptMT,Dragon, HC, LEX, NLS, Rabbit, Salsa20, SOSEMANUK ◼ Eight HW-based candidates ◼ DECIM, Edon80,F-FCSR,Grain, MICKEY, Moustique, Pomaranch, Trivium ❑ eStream Portpolio (April 2008): Finalized ◼ S/W:HC-128, Rabbit, Salsa20/12, SOSEMANUK ◼ H/W:F-FCSR-H v2, Grain v1, MICKEY v2, Trivium 21 Real Stream Cipher 2 - Trivium ◼ A Modern Stream Cipher: Trivium(Developed by Bart Preneel) ❑ 3 nonlinear LFSR(NLFSR) of length 93, 84, 111 ❑ Small in H/W ◼ Total register count : 288 , Non-linearity : 3 AND-gates ◼ 7 XOR-Gates (4 with three inputs) 22 Trivium ◼ Initialization ❑ Load leftmost 80-bit IV(Initial Vector) into A ❑ Load leftmost 80-bit key into B ❑ Set c109, c110, c111 = 1, all other register bits 0 ◼ Warm-Up ❑ Clock cipher 4 x 288 = 1,152 times w/o generating output ◼ Encryption ❑ XOR-sum of all three NLFSR outputs generates key stream si • IV는 randomizer역할을 하지만, 굳이 비밀로 유지할 필요 없음 (비밀정보는 무조건 key만!) • Stream cipher에서는 IV를 바꾸지 않으면, 동일한 key에 대해 동일한 key stream을 generate하므로, 안전도에 문제 생김. 이에, IV를 바꿔서 동일한 key에서도 다른 key stream이 나오도록 함 23 Agenda ◼ Review ◼ Block Ciphers & Stream Ciphers ❑ Stream Ciphers ❑ Block Ciphers ◼ DES ◼ Cryptanalysis ◼ Modes of Operations ◼ Next… 24 Block Cipher Principles ◼ most symmetric block ciphers are based on a Feistel Cipher Structure ◼ block ciphers look like an extremely large substitution 64 ◼ would need table of 2 entries for a 64-bit block ◼ instead create from smaller building blocks ◼ using idea of a product cipher 25 Claude Shannon and Substitution- Permutation Ciphers ◼ in 1949 Claude Shannon introduced idea of substitution-permutation (S-P) networks ❑ modern substitution-transposition product cipher ◼ these form the basis of modern block ciphers ◼ S-P networks are based on the two primitive cryptographic operations we have seen before: ❑ substitution (S-box) ❑ permutation (P-box) ◼ provide confusion and diffusion of message 26 Confusion and Diffusion ◼ cipher needs to be completely obscure statistical properties of original message ◼ a one-time pad does this ◼ more practically Shannon suggested combining elements to obtain: ◼ diffusion – dissipates statistical structure of plaintext over bulk of ciphertext ❑ Diffusion is associated with dependency of bits of the output on bits of the input. ❑ In a cipher with good diffusion, flipping an input bit should change each output bit with a probability of one half.
Load more

Recommended publications
  • Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1
    International Journal of Grid and Distributed Computing Vol. 10, No. 11 (2017), pp.79-98 http://dx.doi.org/10.14257/ijgdc.2017.10.11.08 Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1 Rahul Saha1, G. Geetha2, Gulshan Kumar3 and Hye-Jim Kim4 1,3School of Computer Science and Engineering, Lovely Professional University, Punjab, India 2Division of Research and Development, Lovely Professional University, Punjab, India 4Business Administration Research Institute, Sungshin W. University, 2 Bomun-ro 34da gil, Seongbuk-gu, Seoul, Republic of Korea Abstract Cryptography has always been a core component of security domain. Different security services such as confidentiality, integrity, availability, authentication, non-repudiation and access control, are provided by a number of cryptographic algorithms including block ciphers, stream ciphers and hash functions. Though the algorithms are public and cryptographic strength depends on the usage of the keys, the ciphertext analysis using different functions and operations used in the algorithms can lead to the path of revealing a key completely or partially. It is hard to find any survey till date which identifies different operations and functions used in cryptography. In this paper, we have categorized our survey of cryptographic functions and operations in the algorithms in three categories: block ciphers, stream ciphers and cryptanalysis attacks which are executable in different parts of the algorithms. This survey will help the budding researchers in the society of crypto for identifying different operations and functions in cryptographic algorithms. Keywords: cryptography; block; stream; cipher; plaintext; ciphertext; functions; research problems 1. Introduction Cryptography [1] in the previous time was analogous to encryption where the main task was to convert the readable message to an unreadable format.
    [Show full text]
  • On Parallelizing the Cryptmt Stream Cipher
    On Parallelizing the CryptMT Stream Cipher Deian Stefan, David B. Nummey, Jared Harwayne-Gidansky and Ishaan L. Dalal S∗ProCom2 // Dept. of Electrical Engineering, The Cooper Union New York, NY 10003 {stefan, nummey, harway, ishaan}@cooper.edu Abstract—Fast stream ciphers are used extensively for en- array (FPGA) based implementations. Finally, we elaborate crypted data transmission in mobile networks and over multi- upon a massive parallelization technique that allows CryptMT gigabit links. CryptMT, a recently proposed stream cipher, is to scale to even higher throughputs. one of the final candidates for standardization by the European Union’s eSTREAM project. Cryptanalysis of CryptMT has dis- covered no feasible attacks thus far. II. STRUCTURE OF CryptMT We present a scalable technique for parallelizing CryptMT and A stream cipher generates (encrypted) ciphertext by present an area-efficient hardware implementation on a field- programmable gate array (FPGA). On the Xilinx Virtex-2 Pro XOR’ing a keystream with the plaintext message. CryptMT is FPGA, a 2× parallelization delivers throughputs of up to 16 a symmetric stream cipher—both encryption and decryption Gbits/s while using minimal logic resources (1,782 slices). This utilize the same keystream generator; this generator must is highly area-efficient compared to implementations of ciphers be initialized with a secret (mutually shared) key as well such as AES. Possibilities for higher degrees of parallelization as an initial vector (IV) that need not be secret. The key are also discussed. and IV lengths can be chosen to vary from 128- to 2048- I. INTRODUCTION bits; larger key-lengths imply a higher resistance to brute- force (i.e., exhaustive key search) attacks.
    [Show full text]
  • Název Studentské Práce
    VYSOKÉ UČENÍ TECHNICKÉ V BRNĚ Fakulta elektrotechniky a komunikačních technologií DIZERTAČNÍ PRÁCE Brno, 2017 Ing. Radek Fujdiak VYSOKÉ UČENÍ TECHNICKÉ V BRNĚ BRNO UNIVERSITY OF TECHNOLOGY FAKULTA ELEKTROTECHNIKY A KOMUNIKAČNÍCH TECHNOLOGIÍ FACULTY OF ELECTRICAL ENGINEERING AND COMMUNICATION ÚSTAV TELEKOMUNIKACÍ DEPARTMENT OF TELECOMMUNICATIONS ANALÝZA A OPTIMALIZACE DATOVÉ KOMUNIKACE PRO TELEMETRICKÉ SYSTÉMY V ENERGETICE ANALYSIS AND OPTIMIZATION OF DATA COMMUNICATION FOR TELEMETRIC SYSTEMS IN ENERGY DIZERTAČNÍ PRÁCE DOCTORAL THESIS AUTOR PRÁCE Ing. Radek Fujdiak AUTHOR ŠKOLITEL prof. Ing. Jiří Mišurec, CSc. SUPERVISOR BRNO 2017 ABSTRAKT Dizertační práce se zabývá výzkumem v oblasti optimalizace telemetrických systémů v energetice z pohledu informační bezpečnosti. Práce pojednává o současných problémech informační bezpečnosti, její definici a i o metodách, které vedou k naplnění bezpečnostních principů, a soustředí se zejména na oblast, kde jsou využívány zařízení s omezenými zdroji To z toho důvodu, že zařízení s limitovanými zdroji, tj. operační paměť, omezený přístup k elektrické energii, výkon, aj., představují bezpečnostní rizika, která mohou ovlivňovat následně celou energetickou infrastrukturu v případě nasazení technologií v konceptu inteligentních sítí. Jsou přiblíženy dnešní vědecké výzvy v této oblasti, objasněna terminologie i legislativa, která je pro tuto oblast také velice zásadní. Hlavní část dizertační práce je následně věnována výzkumu vlastního hybridního řešení, kryptosystému. Jedná se o řešení, které nenaplňuje pouze jeden bezpečnostní princip (např. pouze autentičnost), nýbrž o ře- šení, které nabízí všechny požadované principy informační bezpečnosti v energetice. Je provedena hloubková analýza dnešních řešení, které jsou následně evaluovány vlastními měřeními i pomocí současné aktuální literatury. Následně je proveden návrh kombinací symetrických a asymetrických kryptografických algoritmů, tak aby byla zaručena efektivita výsledného systému, ale také zachována jeho komplexnost systému.
    [Show full text]
  • Lecture Notes in Computer Science
    International Journal of Recent Technology and Engineering (IJRTE) ISSN: 2277-3878, Volume-8 Issue-2, July 2019 Safe Light Weight Cipher using Ethernet and Pentatop Number J. Harikrishna, Ch. Rupa, P. Raveendra Babu Abstract. Current essential factor in this world to send a sen- Cryptography is discipline or techniques employed on the sitive information over the unsecured network like the internet electronic messages by converting them into unreadable is security. Protection of sensitive data is becoming a major format by using secret keys. Depending on the key used, raising problem due to rising technologies. A recent attack on encryption techniques divided into different types. Electronic Mail of CBI shows that attacker’s efficiency rate. In the traditional symmetric Key Cryptography (SKC), use Standard cryptographic algorithms can be exploited by the only single key which is kept secret for both encryption and attackers frequently and unable to apply for standard devices decryption. This can uses in most common algorithms such because of their energy consumption due to high computation with slow processing. Lightweight cryptography based algo- as AES (Advanced Encryption Standard) and DES (Data rithms can reduce these problems. This paper deals with sym- Encryption Standard). It extends to Asymmetric Key Cryp- metric key cryptography technique to encrypt the data where tography (AKC) which uses two keys, one for encryption the sender and receiver share a common key which can also be and another for decryption. E.g.: RSA (Rivest, Shamir, called a secret key cryptography. To encrypt and decrypt the Adleman) algorithm [14]. Any one from these approaches data, randomly generated Pentatope Number has used as a key.
    [Show full text]
  • External THESIS
    NLFS: A NEW NON-LINEAR FEEDBACK STREAM CIPHER Thesis submitted in Partial Fulfillment of the Requirements for the Award of the Degree of Master of Technology in Computer Science and Engineering by SIVA APPARAO RAPETI [06CS6021] Under the guidance of Professor D.Roy Chowdhury Department of Computer Science & Engineering Indian Institute of Technology, Kharagpur May, 2008 1 Department of Computer Science & Engineering, Indian Institute of Technology, Kharagpur -721302, India. Certificate May, 2008 This is to certify that the thesis entitled “NLFS: A NEWNON-LINEAR FEEDBACK STREAM CIPHER” submitted to the Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur by SIVA APPARAO RAPETI (Roll No. 06CS6021) for the partial fulfillment of the requirements for the award of degree of Master of Technology in Computer Science and Engineering is a bonafide record of the work carried out by him under my supervision and guidance. .……….……………………….. Prof. D.Roy Chowdhury Dept. of Computer Science and Engineering Indian Institute of Technology Kharagpur-721302 2 Acknowledgement I avail this unique opportunity to express my gratitude and indebtedness to my project supervisor Prof. D.Roy Chowdhury, Department of Computer Science And Engineering, Indian Institute of Technology, Kharagpur , for her sustained interest, advises, perpetual encouragement and thoughtful constructive criticisms during the course of the investigation and preparation of the manuscript. I am sincerely grateful to Prof. Indranil Sen Gupta, Professor and Head, Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur for providing all necessary facilities for the successful completion of my project. I would like to extend my heartfelt thanks to my friends for their support and help to overcome the difficulties by always being with me in my ups and downs during the project.
    [Show full text]
  • The Estream Project
    The eSTREAM Project Matt Robshaw Orange Labs 11.06.07 Orange Labs ECRYPT An EU Framework VI Network of Excellence > 5 M€ over 4.5 years More than 30 european institutions (academic and industry) ECRYPT activities are divided into Virtual Labs Which in turn are divided into Working Groups General SPEED eSTREAM Assembly Project Executive Strategic Coordinator Mgt Comm. Committee STVL AZTEC PROVILAB VAMPIRE WAVILA WG1 WG2 WG3 WG4 The eSTREAM Project – Matt Robshaw (2) Orange Labs 1 Cryptography (Overview!) Cryptographic algorithms often divided into two classes Symmetric (secret-key) cryptography • Participants using secret-key cryptography share the same key material Asymmetric (public-key) cryptography • Participants using public-key cryptography use different key material Symmetric encryption can be divided into two classes Block ciphers Stream ciphers The eSTREAM Project – Matt Robshaw (3) Orange Labs Stream Ciphers Stream encryption relies on the generation of a "random looking" keystream Encryption itself uses bitwise exclusive-or 0110100111000111001110000111101010101010101 keystream 1110111011101110111011101110111011100000100 plaintext 1000011100101001110101101001010001001010001 ciphertext Stream encryption offers some interesting properties They offer an attractive link with perfect secrecy (Shannon) No data buffering required Attractive error handling and propagation (for some applications) How do we generate keystream ? The eSTREAM Project – Matt Robshaw (4) Orange Labs 2 Stream Ciphers in a Nutshell Stream ciphers
    [Show full text]
  • Correlated Keystreams in Moustique
    Outline eStream ciphers Moustique: Self-Synchronizing Stream Cipher Cryptanalysis of Moustique Conclusions Correlated Keystreams in Moustique Emilia K¨asper, Vincent Rijmen, Tor Bjørstad, Christian Rechberger, Matt Robshaw and Gautham Sekar K.U. Leuven, ESAT-COSIC The Selmer Center, University of Bergen Graz University of Technology France T´el´ecomResearch and Development Africacrypt 2008 Casablanca, June 2008 Emilia K¨asper Correlated Keystreams in Moustique Outline eStream ciphers Moustique: Self-Synchronizing Stream Cipher Cryptanalysis of Moustique Conclusions Background on eStream April 2005: Call for stream cipher primitives 34 submissions April 2007: 16 ciphers in \focus" May 2008: final portfolio, 8 ciphers http://www.ecrypt.eu.org/stream Emilia K¨asper Correlated Keystreams in Moustique Outline eStream ciphers Moustique: Self-Synchronizing Stream Cipher Cryptanalysis of Moustique Conclusions eStream Portfolio software hardware CryptMT DECIM Dragon Edon80 HC F-FCSR LEX Grain NLS Mickey Rabbit Moustique Salsa20 Pomaranch SOSEMANUK Trivium Emilia K¨asper Correlated Keystreams in Moustique Outline eStream ciphers Moustique: Self-Synchronizing Stream Cipher Cryptanalysis of Moustique Conclusions eStream Portfolio software hardware HC-128 F-FCSR-H v2 Grain v1 Mickey v2 Rabbit Salsa20/12 SOSEMANUK Trivium Emilia K¨asper Correlated Keystreams in Moustique Outline eStream ciphers Moustique: Self-Synchronizing Stream Cipher Cryptanalysis of Moustique Conclusions Moustique factsheet Tweaked version of Mosquito hardware-oriented design,
    [Show full text]
  • On Statistical Analysis of Synchronous Stream Ciphers
    ON STATISTICAL ANALYSIS OF SYNCHRONOUS STREAM CIPHERS MELTEM SONMEZ¨ TURAN APRIL 2008 ON STATISTICAL ANALYSIS OF SYNCHRONOUS STREAM CIPHERS A THESIS SUBMITTED TO THE GRADUATE SCHOOL OF APPLIED MATHEMATICS OF THE MIDDLE EAST TECHNICAL UNIVERSITY BY MELTEM SONMEZ¨ TURAN IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY IN THE DEPARTMENT OF CRYPTOGRAPHY APRIL 2008 Approval of the Graduate School of Applied Mathematics Prof. Dr. Ersan AKYILDIZ Director I certify that this thesis satisfies all the requirements as a thesis for the degree of Doctor of Philosophy. Prof. Dr. Ferruh OZBUDAK¨ Head of Department This is to certify that we have read this thesis and that in our opinion it is fully adequate, in scope and quality, as a thesis for the degree of Doctor of Philosophy. Assoc. Prof. Dr. Ali DOGANAKSOY˘ Supervisor Examining Committee Members Prof. Dr. Ersan AKYILDIZ Prof. Dr. Ferruh OZBUDAK¨ Prof. Dr. Semih Koray Assoc. Prof. Dr. Ali DOGANAKSOY˘ Dr. Orhun KARA I hereby declare that all information in this document has been obtained and presented in accordance with academic rules and ethical conduct. I also declare that, as required by these rules and conduct, I have fully cited and referenced all material and results that are not original to this work. Name, Last name : Signature : iii Abstract ON STATISTICAL ANALYSIS OF SYNCHRONOUS STREAM CIPHERS S¨onmez Turan, Meltem Ph.D., Department of Cryptography Supervisor: Assoc. Prof. Ali Do˘ganaksoy April 2008, 146 pages Synchronous stream ciphers constitute an important class of symmetric ciphers. After the call of the eSTREAM project in 2004, 34 stream ciphers with different design approaches were proposed.
    [Show full text]
  • CRYPTOGRAPHIC MERSENNE TWISTER and FUBUKI STREAM/BLOCK CIPHER 1. Introduction in This Paper, We Consider Cryptographic Systems I
    CRYPTOGRAPHIC MERSENNE TWISTER AND FUBUKI STREAM/BLOCK CIPHER MAKOTO MATSUMOTO, TAKUJI NISHIMURA, MARIKO HAGITA, AND MUTSUO SAITO Abstract. We propose two stream ciphers based on a non-secure pseudoran- dom number generator (called the mother generator). The mother generator is here chosen to be the Mersenne Twister (MT), a widely used 32-bit integer generator having 19937 bits of internal state and period 219937 − 1. One proposal is CryptMT, which computes the accumulative product of the output of MT, and use the most significant 8 bits as a secure random numbers.Itsperiodisprovedtobe219937 − 1, and it is 1.5-2.0 times faster than the most optimized AES in counter-mode. The other proposal, named Fubuki, is designed to be usable also as a block cipher. It prepares nine different kinds of encryption functions (bijections from blocks to blocks), each of which takes a parameter. Fubuki encrypts a sequence of blocks (= a plain message) by applying these encryption functions iteratedly to each of the blocks. Both the combination of the functions and their parameters are pseudorandomly chosen by using its mother generator MT. The key and the initial value are passed to the initialization scheme of MT. 1. Introduction In this paper, we consider cryptographic systems implemented in software. We assume a 32-bit CPU machine with fast multiplication of words, and a moderate size of working area (about 4K bytes). In a narrow sense, a stream cipher system is to generate cryptographically secure pseudorandom numbers (PN) from a shared key, and take exclusive-or with the plain message to obtain ciphered message.
    [Show full text]
  • Hardware Evaluation of Estream Candidates
    Hardware Evaluation of eSTREAM Candidates Frank K. G¨urkaynak, Peter Luethi, Nico Bernold, Ren´eBlattmann,Victoria Goode, Marcel Marghitola, Hubert Kaeslin, Norbert Felber, Wolfgang Fichtner Integrated Systems Laboratory ETH Zurich 2. February 2006 Table of Contents 1 Overview 2 Methodology 3 Algorithms 4 Efficiency in Hardware 5 Results 6 Conclusions 2 / 28 Department of Information Technology Integrated Systems Laboratory and Electrical Engineering Zurich Algorithms that support only Profile-II Algorithms without any cryptological issues Algorithms which are not likely to get updates Once these are completed, look for additional algorithms that seem easy to implement. Implementing eSTREAM Candidates eSTREAM candidates (34) ABC Achterbahn CryptMT/Fubuki DECIM DICING DRAGON Edon80 F-FCSR Frogbit Grain HC-256 Hermes8 LEX MAG MICKEY Mir-1 MOSQUITO NLS Phelix Polar Bear POMARANCH Py Rabbit Salsa20 SFINKS SOSEMANUK SSS TRBDK3 YAEA Trivium TSC-3 VEST WG Yamb ZK-Crypt 3 / 28 Department of Information Technology Integrated Systems Laboratory and Electrical Engineering Zurich Algorithms without any cryptological issues Algorithms which are not likely to get updates Once these are completed, look for additional algorithms that seem easy to implement. Implementing eSTREAM Candidates eSTREAM candidates (12) ABC Achterbahn CryptMT/Fubuki DECIM DICING DRAGON Edon80 F-FCSR Frogbit Grain HC-256 Hermes8 LEX MAG MICKEY Mir-1 MOSQUITO NLS Phelix Polar Bear POMARANCH Py Rabbit Salsa20 SFINKS SOSEMANUK SSS TRBDK3 YAEA Trivium TSC-3 VEST WG Yamb ZK-Crypt Algorithms that support only Profile-II 3 / 28 Department of Information Technology Integrated Systems Laboratory and Electrical Engineering Zurich Algorithms which are not likely to get updates Once these are completed, look for additional algorithms that seem easy to implement.
    [Show full text]
  • Classification of Cryptographic Libraries
    Institute of Software Technology University of Stuttgart Universitätsstraße 38 D–70569 Stuttgart Fachstudie Classification of cryptographic libraries Andreas Poppele, Rebecca Eichler, Roland Jäger Course of Study: Softwaretechnik Examiner: Prof. Dr. rer. nat. Stefan Wagner Supervisor: Kai Mindermann, M.Sc. Commenced: 2017/03/07 Completed: 2017/09/07 CR-Classification: A.1, A.2 Declaration 2/186 Zusammenfassung Bei der Umsetzung von Sicherheitskonzepten stehen Softwareentwickler vor der Heraus- forderung eine passende kryptografische Bibliothek zu finden. Es gibt eine Vielzahl von kryptographischen Bibliotheken für verschiedene Programmiersprachen, ohne dass es eine standardisierte Auffassung von verschiedenen Eigenschaften dieser kryptographischen Bibliotheken gibt. Dieser Bericht liefert eine Klassifizierung von über 700 kryptograph- ischen Bibliotheken. Die Bibliotheken wurden in Bezug auf Aktualität und Beliebtheit ausgewählt. Um einen standardisierten Überblick zu liefern, wurden die wichtigsten Merkmale dieser Bibliotheken gesammelt und definiert. Die Datenerhebung zu diesen Merkmalen wurde sowohl manuell als auch automatisiert durchgeführt. Die Klassifizier- ung enthält Informationen, die erfahrenen und unerfahrenen Entwicklern im kryptografis- chen Bereich helfen, eine Bibliothek zu finden, die ihren Fähigkeiten und Anforderungen entspricht. Darüber hinaus kann sie als Grundlage für Studien über jede Form der Verbesserung dieser Bibliotheken und vieles mehr verwendet werden. Abstract Software developers today are faced with choosing cryptographic libraries in order to implement security concepts. There is a large variety of cryptographic libraries for diverse programming languages, without there being a standardized conception of different properties of these cryptographic libraries. This report provides a classification of over 700 cryptographic libraries. The libraries were chosen pertaining to currentness and popularity. In order to provide a standardized overview the most important traits and characteristics of these libraries were gathered and defined.
    [Show full text]
  • GPU Accelerated AES
    Degree in Computer Engineering Technical University of Madrid School of Computer Engineering End of Term Project GPU Accelerated AES Research Center for Computational Simulation Research Group on Quantum Information and Computation Author: Jesús Martín Berlanga Tutor: Dr. Jesús Martinez Mateo MADRID, JUNE 2017 Abstract An open-source AES GPU implementation has been developed from scratch with CUDA. The implementation is based in lookup tables and supports ECB, CTR, CBC∗, and CFB∗ operation modes. Factors such as the parallelism level, the use of constant and shared memory, asynchronous page-locked IO, and overlapping between data transfers and cal- culations has been taking into account. The results show a speedup peak of 119% with CTR encryption against OpenSSL’s CPU implementation with files larger than 60 MB (without AES-NI support) and a peak of 87% with CBC/CFB decryption of files larger than 125 MB. The maximum registered throughput is 237 MB/s, above drive buffer read rate of 208 MB/s (non-cached). Although it is expected to obtain performance yields around 55% with CTR encryption and 49% with CBC or CFB decryption, it is recom- mended to consider the use of a CPU implementation with AES-NI hardware until the current implementation is further analysed and, if possible, optimized. Index terms— High Performance Computing (HPC), General Purpose Graphics Process- ing Unit (GPGPU), Advanced Encryption Standard (AES) *only decryption Resumen Se ha realizado una implementacion´ GPU de codigo´ abierto en CUDA del cifrador AES con tablas de busqueda´ en los modos de operacion´ ECB, CTR, CBC∗, y CFB∗.Sehan tenido en cuenta distintos factores de rendimiento, entre ellos el nivel de paralelismo, el uso de memoria constante y compartida, la lectura as´ıncrona de ficheros en memoria no paginada, y el solapamiento de transferencias y computo.´ Se ha alcanzado una mejora maxima´ de 119% para el cifrado en modo CTR con respecto a la implementacion´ CPU de OpenSSL (sin AES-NI) y una mejora maxima´ del 87% para el descifrado CBC/CFB.
    [Show full text]