1 / 66

A Framework for Stream Ciphers Based on Pseudorandomness, Randomness and Error-Correcting Coding

A Framework for Stream Ciphers Based on Pseudorandomness, Randomness and Error-Correcting Coding. Miodrag Mihaljevic Enhancing Crypto-Primitives with Techniques from Coding Theory NATO Advanced Research Workshop 6 - 9 October 2008 Veliko Tarnovo, Bulgaria. Roadmap. Introduction

elaine-blair
Download Presentation

A Framework for Stream Ciphers Based on Pseudorandomness, Randomness and Error-Correcting Coding

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Framework for Stream Ciphers Based on Pseudorandomness, Randomness and Error-Correcting Coding Miodrag Mihaljevic Enhancing Crypto-Primitives with Techniques from Coding Theory NATO Advanced Research Workshop 6 - 9 October 2008Veliko Tarnovo, Bulgaria

  2. Roadmap • Introduction • Underlying Ideas and Novel Framework • Particular Novel Stream Ciphering Approaches Based on Employment of Pure Randomness • A Model of Certain Stream Ciphers Based on Pure Randomness • LPN Problem and a Security Evaluation Approach • Framework for the Security Evaluation • Concluding Remarks

  3. I. Introduction Certain References on Cryptographic Primitives Based on Pure Randomness

  4. Some Initial References • R.J. McEliece, “A public key cryptosystem based on algebraic coding theory”, DSN progress report, 42-44:114-116, 1978. (well known reference) • M. Willett, “Deliberate noise in a modern cryptographic system”, IEEE Transactions on Information Theory, vol. 26, no. 1, pp.102-104, Jan. 1980. (almost forgotten reference) • A. Blum, M. Furst, M. Kearns and R. Lipton, “Cryptographic Primitives Based on Hard Learning Problems”, CRYPTO 1993, Lecture Notes in Computer Science, vol. 773, pp. 278–291, 1994. • N. Hopper and M. Blum, ``Secure Human Identification Protocols'', ASIACRYPT 2001, Lecture Notes in Computer Science, vol. 2248, pp. 52-66, 2001.

  5. A.D. Wyner, “The wire-tap channel”, Bell Systems Technical Journal, vol. 54, pp. 1355-1387, 1975. • A different approach for achieving secrecy of communication based on the noise has been reported by Wyner in 1975 assuming that the channel between the legitimate parties is with a lower noise in comparison with the channel via which a wire-tapper has access to the ciphertext. • The proposed method does not require any secret. It is based on a specific coding scheme which provides a reliably communications within the legitimate parties and prevents, at the same time, the wire-tapper from learning the communication's contents.

  6. Some Recent References • J. Katz and J. Shin, “Parallel and Concurrent Security of the HB and HB+ Protocols”, EUROCRYPT 2006, Lecture Notes in Computer Science, vol. 4004, pp. 73–87, 2006. • J.-P. Aumasson, M. Finiasz, W. Meier and S. Vaudenay, “TCHo: A Hardware-Oriented Trapdoor Cipher”, ACISP 2007, Lecture Notes in Computer Science, vol. 4586, pp. 184–199, 2007. • H. Gilbert, M.J.B. Robshaw and Y. Seurin, “HB#: Increasing the Security and Efficiency of HB+”, EUROCRYPT2008, Lecture Notes in Computer Science, vol. 4965, pp. 361-378, 2008. • H. Gilbert, M.J.B. Robshaw, and Y. Seurin, “How to Encrypt with the LPN Problem”, ICALP 2008, Part II, Lecture Notes in Computer Science, vol. 5126, pp. 679-690, 2008.

  7. Certain Origins for Our Work • M. Mihaljevic, “Generic framework for secure Yuen 2000 quantum-encryption employing the wire-tap channel approach”, Physical Review A, vol. 75, no. 5, pp. 052334-1-5, May 2007. • M. Fossorier, M. Mihaljevic and H. Imai, “Modeling Block Encoding Approaches for Fast Correlation Attack”, IEEE Transactions on Information Theory, vol. 53, no. 12, pp. 4728-4737, Dec. 2007. • M. Mihaljevic, M. Fossorier and H. Imai, “Security Evaluation of Certain Broadcast Encryption Schemes Employing a Generalized Time-Memory-Data Trade-Off”, IEEE Communications Letters, vol. 11, no. 12, pp. 988-990, Dec. 2007.

  8. II. Underlying Ideas and the Framework

  9. Employment of two different binary pure randomness within a cryptographic primitive: one Berunolli distributed with the parameter <<1/2 another with Uniform distribution and the parameter equal to 1/2 Dedicated encoding for providing the attacker confusion employing: Homophonic coding approaches Wire-tap Channel coding approaches Novelties of Our Designs in Comparison with the Reported ones

  10. Enhancing cryptographic primitives employing - pure randomness and - coding theory Particularly: Employment of the concept of the binary channels with insertion and complementation (and deletion). General Underlying Ideas in Our Designs

  11. A framework for design of stream ciphers which provides opportunity for design the security as high as possible based on the employed secret key, i.e. complexity of recovering the key as close as possible to O(2K) A trade-off between the security and the communications rate: Increase the security up to the upper limit at the expense of a moderate decrease of the communications rate. Main Goals

  12. Underlying Ideas for Novel Stream Ciphers Paradigm A Happy Merge (Marriage) of Pseudo-randomness and Randomness

  13. The Main Underlying Ideas • Employ physical noise which an attacker must face, in order to strengthen the stream cipher. • Strengthen the stream cipher employing a dedicated encoding following the homophonic or wire-tap channel encoding approaches.

  14. A Framework of Stream Ciphering Employing Randomness a related traditional stream cipher and a novel particular one based on deliberate randomness

  15. A Traditional Stream Cipher based on Encode+Encrypt Paradigm in order to cope with an inherent noise in the public communication channel employ “encode+encrypt” (the paradigm employed in GSM)

  16. Encryption Keystream Generator secret key Public Comm. Channel plaintext Error-Correction Encoding + Decryption Error-Correction Decoding + plaintext (b.s.c or erasure channel, for example) Keystream Generator secret key

  17. Novel Framework Based on Employment of Randomness and Dedicated Coding&Ciphering

  18. Encryption Keystream Generator secret key Dedicated Encoding&Encryption Public Comm. Channel Error-Correction Encoding plaintext Source of Randomness Decryption Dedicated Decoding&Decryption Error-Correction Decoding plaintext Keystream Generator secret key

  19. Traditional stream ciphers do not include any randomness: Basically, they are based on the deterministic operations which expand a short secret seed into a long pseudorandom sequence. This talk proposes an alternative approach yielding a novel paradigm for design of stream ciphers. The proposed framework employs a dedicated coding and a deliberate noise which, assuming the appropriate code and noise level, at the attacker's side provides increased confusion up to the limit determined by the secret key length. Decoding complexities with and without the secret key are extremely different Notes (1): Novel Paradigm

  20. In order to achieve the main security goal, the proposed stream ciphering approach includes the following two encoding schemes with impacts on the communications overhead: error-correction encoding of the messages; dedicated homophonic/wire-tap channel coding which performs expansion of the initial ciphertext.. Both of these issues imply the communications overhead: Accordingly, the proposed stream ciphers framework includes certain trade-off between the security and the communications overhead which in a number of scenarios can be considered as very appropriate. Notes (2): Security-Overhead Trade-Off

  21. III. Particular Novel Stream Ciphering Approaches Employing Randomness Homophonic and Wire-Tap Channel Like Coding

  22. III.1 Two Variants of a Simple Construction embed random bits + enforce a binary symmetric noise channel

  23. Variant A

  24. Encryption Keystream Generator secret key Public Comm. Channel Embedding + Error-Correction Encoding + plaintext Source of Randomness Decryption Decimation Error-Correction Decoding + plaintext Keystream Generator secret key

  25. Variant B

  26. Encryption Keystream Generator secret key Public Comm. Channel Embedding + + Error-Correction Encoding plaintext Source of Randomness Decryption Decimation Error-Correction Decoding + plaintext Keystream Generator secret key

  27. III.2 Stream Ciphering Employing Wire-Tap Channel Coding - a generic scheme and its discussion -

  28. Wire-Tap Channel A. D. Wyner, “The wire-tap channel”, Bell Systems Technical Journal, vol. 54, pp. 1355-1387, 1975.

  29. X Y Alice Channel C1 Bob U Channel C2 Z Eve

  30. Coding Strategy for the Wire-Tap Channel • Goal of encoding paradigm for the wire-tap channel is to make the noisy data available to Eve (across the wire tap channel) useless and achieving this goal is based on adding the randomness in encoding algorithm.

  31. Groups of the codewords:Same symbol denote different codewords belonging to the same group Codewords and N-dim Sphere * * x x * * * * x x x x x x x x * x * * * * * * * *

  32. Encryption Mapping Keystream Generator secret key Public Comm. Channel Wire-Tap Channel Encoding + Error-Correction Encoding + plaintext Source of Randomness Decryption Wire-Tap Channel Decoding Error-Correction Decoding + + plaintext Mapping Keystream Generator secret key

  33. IV. A Model of Certain Stream Ciphers Based on Pure Randomness - a model suitable for security analysis -

  34. Encryption Keystream Generator secret key Public Comm. Channel Embedding + + Error-Correction Encoding plaintext Source of Randomness Decryption Decimation Error-Correction Decoding + plaintext Keystream Generator secret key

  35. Security as a Decoding Problem after Two Noisy Channels Encryption Keystream Generator secret key Channel with Insertion of Random Bits Binary Symmetric Channel + Error-Correction Encoding plaintext

  36. Security Consideration via Implications of the Coding and the LPN Problem Encryption Keystream Generator secret key Homophonic Encoding LPN Problem Based Encryption Error-Correction Encoding plaintext

  37. Analytical Specification

  38. Simplified Model of a Stream Cipher

  39. V. LPN Problem and a Security Evaluation Approach (LPN – Learning from Parity with Noise)

  40. Problem of decoding of a general random linear block code after a binary symmetric channel with given crossover probability. More formal formulations of the problem as well as its solutions are possible. LPN Problem

  41. Underlying Problem of the LPN noisy variables = z1 linear-f1(x1, x2, …, xK) O S V Y E S R T D E E M F I N E D = z2 linear-f2(x1, x2, …, xK) … = zN linear-fN(x1, x2, …, xK) K << N

  42. Notations (1)

  43. Notations (2)

  44. Notations (3) - Oracles

  45. The LPN Problem and its Solution

  46. Hardness of the LPN Problem • M. Fossorier, M. Mihaljevic, H. Imai, Y. Cui and K. Matsuura, “An Algorithm for Solving the LPN Problem and its Application to Security Evaluation of the HB Protocols for RFID Authentication”, INDOCRYPT 2006, LNCS, vol. 4329, pp. 48-62, Dec. 2006.

  47. A Technical Lemma

  48. Security Evaluation Approaches and a Security Model

  49. Security evaluation via consideration of the underlying decoding problem. Security evaluation via a formal security model and an evaluation game. Further on, this approach will be discussed. Two Particular Security Evaluation Approaches

  50. A Security Evaluation Approach

More Related