Correlated Keystreams in Moustique
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Secure Transmission of Data Using Rabbit Algorithm
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 04 Issue: 05 | May -2017 www.irjet.net p-ISSN: 2395-0072 Secure Transmission of Data using Rabbit Algorithm Shweta S Tadkal1, Mahalinga V Mandi2 1 M. Tech Student , Department of Electronics & Communication Engineering, Dr. Ambedkar institute of Technology,Bengaluru-560056 2 Associate Professor, Department of Electronics & Communication Engineering, Dr. Ambedkar institute of Technology,Bengaluru-560056 ---------------------------------------------------------------------***----------------------------------------------------------------- Abstract— This paper presents the design and simulation of secure transmission of data using rabbit algorithm. The rabbit algorithm is a stream cipher algorithm. Stream ciphers are an important class of symmetric encryption algorithm, which uses the same secret key to encrypt and decrypt the data and has been designed for high performance in software implementation. The data or the plain text in our proposed model is the binary data which is encrypted using the keys generated by the rabbit algorithm. The rabbit algorithm is implemented and the language used to write the code is Verilog and then is simulated using Modelsim6.4a. The software tool used is Xilinx ISE Design Suit 14.7. Keywords—Cryptography, Stream ciphers, Rabbit algorithm 1. INTRODUCTION In today’s world most of the communications done using electronic media. Data security plays a vitalkrole in such communication. Hence there is a need to predict data from malicious attacks. This is achieved by cryptography. Cryptographydis the science of secretscodes, enabling the confidentiality of communication through an in secure channel. It protectssagainstbunauthorizedapartiesoby preventing unauthorized alterationhof use. Several encrypting algorithms have been built to deal with data security attacks. -
A Differential Fault Attack on MICKEY
A Differential Fault Attack on MICKEY 2.0 Subhadeep Banik and Subhamoy Maitra Applied Statistics Unit, Indian Statistical Institute Kolkata, 203, B.T. Road, Kolkata-108. s.banik [email protected], [email protected] Abstract. In this paper we present a differential fault attack on the stream cipher MICKEY 2.0 which is in eStream's hardware portfolio. While fault attacks have already been reported against the other two eStream hardware candidates Trivium and Grain, no such analysis is known for MICKEY. Using the standard assumptions for fault attacks, we show that if the adversary can induce random single bit faults in the internal state of the cipher, then by injecting around 216:7 faults and performing 232:5 computations on an average, it is possible to recover the entire internal state of MICKEY at the beginning of the key-stream generation phase. We further consider the scenario where the fault may affect at most three neighbouring bits and in that case we require around 218:4 faults on an average. Keywords: eStream, Fault attacks, MICKEY 2.0, Stream Cipher. 1 Introduction The stream cipher MICKEY 2.0 [4] was designed by Steve Babbage and Matthew Dodd as a submission to the eStream project. The cipher has been selected as a part of eStream's final hardware portfolio. MICKEY is a synchronous, bit- oriented stream cipher designed for low hardware complexity and high speed. After a TMD tradeoff attack [16] against the initial version of MICKEY (ver- sion 1), the designers responded by tweaking the design by increasing the state size from 160 to 200 bits and altering the values of some control bit tap loca- tions. -
Failures of Secret-Key Cryptography D
Failures of secret-key cryptography D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven http://xkcd.com/538/ 2011 Grigg{Gutmann: In the past 15 years \no one ever lost money to an attack on a properly designed cryptosystem (meaning one that didn't use homebrew crypto or toy keys) in the Internet or commercial worlds". 2011 Grigg{Gutmann: In the past 15 years \no one ever lost money to an attack on a properly designed cryptosystem (meaning one that didn't use homebrew crypto or toy keys) in the Internet or commercial worlds". 2002 Shamir:\Cryptography is usually bypassed. I am not aware of any major world-class security system employing cryptography in which the hackers penetrated the system by actually going through the cryptanalysis." Do these people mean that it's actually infeasible to break real-world crypto? Do these people mean that it's actually infeasible to break real-world crypto? Or do they mean that breaks are feasible but still not worthwhile for the attackers? Do these people mean that it's actually infeasible to break real-world crypto? Or do they mean that breaks are feasible but still not worthwhile for the attackers? Or are they simply wrong: real-world crypto is breakable; is in fact being broken; is one of many ongoing disaster areas in security? Do these people mean that it's actually infeasible to break real-world crypto? Or do they mean that breaks are feasible but still not worthwhile for the attackers? Or are they simply wrong: real-world crypto is breakable; is in fact being broken; is one of many ongoing disaster areas in security? Let's look at some examples. -
Key Differentiation Attacks on Stream Ciphers
Key differentiation attacks on stream ciphers Abstract In this paper the applicability of differential cryptanalytic tool to stream ciphers is elaborated using the algebraic representation similar to early Shannon’s postulates regarding the concept of confusion. In 2007, Biham and Dunkelman [3] have formally introduced the concept of differential cryptanalysis in stream ciphers by addressing the three different scenarios of interest. Here we mainly consider the first scenario where the key difference and/or IV difference influence the internal state of the cipher (∆key, ∆IV ) → ∆S. We then show that under certain circumstances a chosen IV attack may be transformed in the key chosen attack. That is, whenever at some stage of the key/IV setup algorithm (KSA) we may identify linear relations between some subset of key and IV bits, and these key variables only appear through these linear relations, then using the differentiation of internal state variables (through chosen IV scenario of attack) we are able to eliminate the presence of corresponding key variables. The method leads to an attack whose complexity is beyond the exhaustive search, whenever the cipher admits exact algebraic description of internal state variables and the keystream computation is not complex. A successful application is especially noted in the context of stream ciphers whose keystream bits evolve relatively slow as a function of secret state bits. A modification of the attack can be applied to the TRIVIUM stream cipher [8], in this case 12 linear relations could be identified but at the same time the same 12 key variables appear in another part of state register. -
Comparison of 256-Bit Stream Ciphers at the Beginning of 2006
Comparison of 256-bit stream ciphers at the beginning of 2006 Daniel J. Bernstein ? [email protected] Abstract. This paper evaluates and compares several stream ciphers that use 256-bit keys: counter-mode AES, CryptMT, DICING, Dragon, FUBUKI, HC-256, Phelix, Py, Py6, Salsa20, SOSEMANUK, VEST, and YAMB. 1 Introduction ECRYPT, a consortium of European research organizations, issued a Call for Stream Cipher Primitives in November 2004. A remarkable variety of ciphers were proposed in response by a total of 97 authors spread among Australia, Belgium, Canada, China, Denmark, England, France, Germany, Greece, Israel, Japan, Korea, Macedonia, Norway, Russia, Singapore, Sweden, Switzerland, and the United States. Evaluating a huge pool of stream ciphers, to understand the merits of each cipher, is not an easy task. This paper simplifies the task by focusing on the relatively small pool of ciphers that allow 256-bit keys. Ciphers limited to 128- bit keys (or 80-bit keys) are ignored. See Section 2 to understand my interest in 256-bit keys. The ciphers allowing 256-bit keys are CryptMT, DICING, Dragon, FUBUKI, HC-256, Phelix, Py, Py6, Salsa20, SOSEMANUK, VEST, and YAMB. I included 256-bit AES in counter mode as a basis for comparison. Beware that there are unresolved claims of attacks against Py (see [4] and [3]), SOSEMANUK (see [1]), and YAMB (see [5]). ECRYPT, using measurement tools written by Christophe De Canni`ere, has published timings for each cipher on several common general-purpose CPUs. The original tools and timings used reference implementations (from the cipher authors) but were subsequently updated for faster implementations (also from the cipher authors). -
Side Channel Analysis Attacks on Stream Ciphers
Side Channel Analysis Attacks on Stream Ciphers Daehyun Strobel 23.03.2009 Masterarbeit Ruhr-Universität Bochum Lehrstuhl Embedded Security Prof. Dr.-Ing. Christof Paar Betreuer: Dipl.-Ing. Markus Kasper Erklärung Ich versichere, dass ich die Arbeit ohne fremde Hilfe und ohne Benutzung anderer als der angegebenen Quellen angefertigt habe und dass die Arbeit in gleicher oder ähnlicher Form noch keiner anderen Prüfungsbehörde vorgelegen hat und von dieser als Teil einer Prüfungsleistung angenommen wurde. Alle Ausführungen, die wörtlich oder sinngemäß übernommen wurden, sind als solche gekennzeichnet. Bochum, 23.März 2009 Daehyun Strobel ii Abstract In this thesis, we present results from practical differential power analysis attacks on the stream ciphers Grain and Trivium. While most published works on practical side channel analysis describe attacks on block ciphers, this work is among the first ones giving report on practical results of power analysis attacks on stream ciphers. Power analyses of stream ciphers require different methods than the ones used in todays most popular attacks. While for the majority of block ciphers it is sufficient to attack the first or last round only, to analyze a stream cipher typically the information leakages of many rounds have to be considered. Furthermore the analysis of hardware implementations of stream ciphers based on feedback shift registers inevitably leads to methods combining algebraic attacks with methods from the field of side channel analysis. Instead of a direct recovery of key bits, only terms composed of several key bits and bits from the initialization vector can be recovered. An attacker first has to identify a sufficient set of accessible terms to finally solve for the key bits. -
Cs 255 (Introduction to Cryptography)
CS 255 (INTRODUCTION TO CRYPTOGRAPHY) DAVID WU Abstract. Notes taken in Professor Boneh’s Introduction to Cryptography course (CS 255) in Winter, 2012. There may be errors! Be warned! Contents 1. 1/11: Introduction and Stream Ciphers 2 1.1. Introduction 2 1.2. History of Cryptography 3 1.3. Stream Ciphers 4 1.4. Pseudorandom Generators (PRGs) 5 1.5. Attacks on Stream Ciphers and OTP 6 1.6. Stream Ciphers in Practice 6 2. 1/18: PRGs and Semantic Security 7 2.1. Secure PRGs 7 2.2. Semantic Security 8 2.3. Generating Random Bits in Practice 9 2.4. Block Ciphers 9 3. 1/23: Block Ciphers 9 3.1. Pseudorandom Functions (PRF) 9 3.2. Data Encryption Standard (DES) 10 3.3. Advanced Encryption Standard (AES) 12 3.4. Exhaustive Search Attacks 12 3.5. More Attacks on Block Ciphers 13 3.6. Block Cipher Modes of Operation 13 4. 1/25: Message Integrity 15 4.1. Message Integrity 15 5. 1/27: Proofs in Cryptography 17 5.1. Time/Space Tradeoff 17 5.2. Proofs in Cryptography 17 6. 1/30: MAC Functions 18 6.1. Message Integrity 18 6.2. MAC Padding 18 6.3. Parallel MAC (PMAC) 19 6.4. One-time MAC 20 6.5. Collision Resistance 21 7. 2/1: Collision Resistance 21 7.1. Collision Resistant Hash Functions 21 7.2. Construction of Collision Resistant Hash Functions 22 7.3. Provably Secure Compression Functions 23 8. 2/6: HMAC And Timing Attacks 23 8.1. HMAC 23 8.2. -
Security in Wireless Sensor Networks Using Cryptographic Techniques
American Journal of Engineering Research (AJER) 2014 American Journal of Engineering Research (AJER) e-ISSN : 2320-0847 p-ISSN : 2320-0936 Volume-03, Issue-01, pp-50-56 www.ajer.org Research Paper Open Access Security in Wireless Sensor Networks using Cryptographic Techniques Madhumita Panda Sambalpur University Institute of Information Technology(SUIIT)Burla, Sambalpur, Odisha, India. Abstract: -Wireless sensor networks consist of autonomous sensor nodes attached to one or more base stations.As Wireless sensor networks continues to grow,they become vulnerable to attacks and hence the need for effective security mechanisms.Identification of suitable cryptography for wireless sensor networks is an important challenge due to limitation of energy,computation capability and storage resources of the sensor nodes.Symmetric based cryptographic schemes donot scale well when the number of sensor nodes increases.Hence public key based schemes are widely used.We present here two public – key based algorithms, RSA and Elliptic Curve Cryptography (ECC) and found out that ECC have a significant advantage over RSA as it reduces the computation time and also the amount of data transmitted and stored. Keywords: -Wireless Sensor Network,Security, Cryptography, RSA,ECC. I. WIRELESS SENSOR NETWORK Sensor networks refer to a heterogeneous system combining tiny sensors and actuators with general- purpose computing elements. These networks will consist of hundreds or thousands of self-organizing, low- power, low-cost wireless nodes deployed to monitor and affect the environment [1]. Sensor networks are typically characterized by limited power supplies, low bandwidth, small memory sizes and limited energy. This leads to a very demanding environment to provide security. -
RC4-2S: RC4 Stream Cipher with Two State Tables
RC4-2S: RC4 Stream Cipher with Two State Tables Maytham M. Hammood, Kenji Yoshigoe and Ali M. Sagheer Abstract One of the most important symmetric cryptographic algorithms is Rivest Cipher 4 (RC4) stream cipher which can be applied to many security applications in real time security. However, RC4 cipher shows some weaknesses including a correlation problem between the public known outputs of the internal state. We propose RC4 stream cipher with two state tables (RC4-2S) as an enhancement to RC4. RC4-2S stream cipher system solves the correlation problem between the public known outputs of the internal state using permutation between state 1 (S1) and state 2 (S2). Furthermore, key generation time of the RC4-2S is faster than that of the original RC4 due to less number of operations per a key generation required by the former. The experimental results confirm that the output streams generated by the RC4-2S are more random than that generated by RC4 while requiring less time than RC4. Moreover, RC4-2S’s high resistivity protects against many attacks vulnerable to RC4 and solves several weaknesses of RC4 such as distinguishing attack. Keywords Stream cipher Á RC4 Á Pseudo-random number generator This work is based in part, upon research supported by the National Science Foundation (under Grant Nos. CNS-0855248 and EPS-0918970). Any opinions, findings and conclusions or recommendations expressed in this material are those of the author (s) and do not necessarily reflect the views of the funding agencies or those of the employers. M. M. Hammood Applied Science, University of Arkansas at Little Rock, Little Rock, USA e-mail: [email protected] K. -
CHUCK CHONSON: AMERICAN CIPHER by ERIC NOLAN A
CHUCK CHONSON: AMERICAN CIPHER By ERIC NOLAN A THESIS PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF FINE ARTS UNIVERSITY OF FLORIDA 2003 Copyright 2003 by Eric Nolan To my parents, and to Nicky ACKNOWLEDGMENTS I thank my parents, my teachers, and my colleagues. Special thanks go to Dominique Wilkins and Don Mattingly. iv TABLE OF CONTENTS ACKNOWLEDGMENTS..................................................................................................iv ABSTRACT......................................................................................................................vii CHAPTER 1 LIVE-IN GIRLFRIEND, SHERRY CRAVENS ...................................................... 1 2 DEPARTMENT CHAIR, FURRY LUISSON..........................................................8 3 TRAIN CONDUCTOR, BISHOP PROBERT........................................................ 12 4 TWIN BROTHER, MARTY CHONSON .............................................................. 15 5 DEALER, WILLIE BARTON ................................................................................ 23 6 LADY ON BUS, MARIA WOESSNER................................................................. 33 7 CHILDHOOD PLAYMATE, WHELPS REMIEN ................................................ 36 8 GUY IN TRUCK, JOE MURHPY .........................................................................46 9 EX-WIFE, NORLITTA FUEGOS...........................................................................49 10 -
Improved Correlation Attacks on SOSEMANUK and SOBER-128
Improved Correlation Attacks on SOSEMANUK and SOBER-128 Joo Yeon Cho Helsinki University of Technology Department of Information and Computer Science, Espoo, Finland 24th March 2009 1 / 35 SOSEMANUK Attack Approximations SOBER-128 Outline SOSEMANUK Attack Method Searching Linear Approximations SOBER-128 2 / 35 SOSEMANUK Attack Approximations SOBER-128 SOSEMANUK (from Wiki) • A software-oriented stream cipher designed by Come Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cedric` Lauradoux, Marine Minier, Thomas Pornin and Herve` Sibert. • One of the final four Profile 1 (software) ciphers selected for the eSTREAM Portfolio, along with HC-128, Rabbit, and Salsa20/12. • Influenced by the stream cipher SNOW and the block cipher Serpent. • The cipher key length can vary between 128 and 256 bits, but the guaranteed security is only 128 bits. • The name means ”snow snake” in the Cree Indian language because it depends both on SNOW and Serpent. 3 / 35 SOSEMANUK Attack Approximations SOBER-128 Overview 4 / 35 SOSEMANUK Attack Approximations SOBER-128 Structure 1. The states of LFSR : s0,..., s9 (320 bits) −1 st+10 = st+9 ⊕ α st+3 ⊕ αst, t ≥ 1 where α is a root of the primitive polynomial. 2. The Finite State Machine (FSM) : R1 and R2 R1t+1 = R2t ¢ (rtst+9 ⊕ st+2) R2t+1 = Trans(R1t) ft = (st+9 ¢ R1t) ⊕ R2t where rt denotes the least significant bit of R1t. F 3. The trans function Trans on 232 : 32 Trans(R1t) = (R1t × 0x54655307 mod 2 )≪7 4. The output of the FSM : (zt+3, zt+2, zt+1, zt)= Serpent1(ft+3, ft+2, ft+1, ft)⊕(st+3, st+2, st+1, st) 5 / 35 SOSEMANUK Attack Approximations SOBER-128 Previous Attacks • Authors state that ”No linear relation holds after applying Serpent1 and there are too many unknown bits...”. -
On the Use of Continued Fractions for Stream Ciphers
On the use of continued fractions for stream ciphers Amadou Moctar Kane Département de Mathématiques et de Statistiques, Université Laval, Pavillon Alexandre-Vachon, 1045 av. de la Médecine, Québec G1V 0A6 Canada. [email protected] May 25, 2013 Abstract In this paper, we present a new approach to stream ciphers. This method draws its strength from public key algorithms such as RSA and the development in continued fractions of certain irrational numbers to produce a pseudo-random stream. Although the encryption scheme proposed in this paper is based on a hard mathematical problem, its use is fast. Keywords: continued fractions, cryptography, pseudo-random, symmetric-key encryption, stream cipher. 1 Introduction The one time pad is presently known as one of the simplest and fastest encryption methods. In binary data, applying a one time pad algorithm consists of combining the pad and the plain text with XOR. This requires the use of a key size equal to the size of the plain text, which unfortunately is very difficult to implement. If a deterministic program is used to generate the keystream, then the system will be called stream cipher instead of one time pad. Stream ciphers use a great deal of pseudo- random generators such as the Linear Feedback Shift Registers (LFSR); although cryptographically weak [37], the LFSRs present some advantages like the fast time of execution. There are also generators based on Non-Linear transitions, examples included the Non-Linear Feedback Shift Register NLFSR and the Feedback Shift with Carry Register FCSR. Such generators appear to be more secure than those based on LFSR.