1 / 10

Cryptography and Network Security, resuming some notes

Cryptography and Network Security, resuming some notes. Dr. M. Sakalli. Reminding cornerstones (1). Singular if not reversible. Feistel approximates ideal block cipher characteristics of OTP by a linear, reversible (tractable) block ciphers..

Download Presentation

Cryptography and Network Security, resuming some notes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cryptography and Network Security, resuming some notes Dr. M. Sakalli

  2. Reminding cornerstones (1) Singular if not reversible. Feistel approximates ideal block cipher characteristics of OTP by a linear, reversible (tractable) block ciphers.. • Ideal block cipher: A substitution cipher for n bit of words, |K|= word length*the number of words = n*2n. Feasible for n=64, |K|=270!!!.. The number of transformations = 2k • A linear reversible n=4, |K|=n2, vulnerable to cryptanalysis (Hill) y1 = k11x1 + k12x2 + k13x3 + k14x4 y2 = k21x1 + k22x2 + k23x3 + k24x4 y3 = k31x1 + k32x2 + k33x3 + k34x4 y4 = k41x1 + k42x2 + k43x3 + k44x4 Feistel uses product cipher to achieve this, alternates substitutions and permutations. In principle based on the Shannon’s diffusion and confusion to eliminate statistical attacks, (known plain text). Diffusionfor complexity between PT and CT, for example of an averaging system.. Confusion to introduce complexity between CT and K.. Classical Feistel: Block size 2w, |K|=64, 128, Rounds=16. Key generation. 2w of PT  {w, w}={L||R}  Round( L1..n F(R1..n, K1..n )||R), 16 times, swap( Ln || Rn) to get CT=(Ln+1 || Rn+1).

  3. Reminding cornerstones (2) Lucifer, DES (NBS) - Block size 2w, |K|=64permuted to 56 and 48 (circular shifts), rounds=16. Key generation. Li = Ri-1 F(Ri-1, Ki) = (32bit block, expanded to 48, permutated,  Ki) 8 of 6 bit S boxes  32 bits permuted again. Ri = Li-1 F(Ri-1, Ki) CT=(Li||Ri) = (32bit block, expanded to 48, permutated, Kn) - Avalanche Effect. 21 bit in Des. - 2w of PT  {w, w}={L||R}  Round( L1..n F(R1..n, K1..n )||R), 16 times, swap( Ln || Rn) to get CT=(Ln+1 || Rn+1).

  4. Differential cryptanalysis Observing the behaviors of blocks while evolving around each round. As an example.. mi+1 = mi-1F(mi, Ki) ∆mi+1 = mi+1 m’i+1 = [mi-1 f(mi, Ki)]  [m’i-1 f(m’i, Ki)] = ∆mi-1 [f(mi, Ki)  f(m’i, Ki)] • Many pairs of inputs to f with the same difference yielding the same output difference, ∆mi-1 if the same subkey is used. Suppose that X may cause Y with pr p, if for a fraction p of the pairs in which the input XOR is X, the output XOR equals Y, and therefore, ∆X∆YKi=0 ∆X∆Y=Ki . • First published attack capable of breaking DES in less than 255 complexity. Reported that successful cryptanalysis on the order of 247 encryptions - requiring 247 chosen plaintexts. - 8-round LUCIFER algorithm requires only 256 chosen plaintexts, whereas an attack on an 8-round DES requires only 214 chosen plaintexts.

  5. Linear Cryptanalysis: Linear cryptanalysis attempts to find linear dependency of high probability between the PT, CT and the K, by which Key might be retrieved (P[a1, a2, ..., aa]  C[b1, b2, ..., bb] = K[g1, g2, ..., gc] where a, b, g are the bit positions), . • Man-In-The-Middle Attack (MIM, or MITM): A "man-in-the-middle“ attack is an attack that is placed by an active attacker who can listen to the communication between two entities and can also change the contents of this communication. While performing this attack, the attacker pretends to be one of the parties in front of the other party. • Oracle Attack: An Oracle attack is in attack during which the attacker can be assisted by a machine or user who will perform encryption or decryption for him at will. The attacker can use multiple encryptions and decryptions of data of his choice to recover the key. • Related-Key Cryptanalysis: Related-key cryptanalysis refers to attacks based on encrypting plaintexts with various similar (but not identical) keys and analyzing the differences in output.

  6. Double DES

  7. Meet in the middle attack • P = D(K1, D(K2, E(K2, E(K1, P)))) • K1K2=K3: 128 bits. Useless since the result equivalent to a single encryption with a single 112-bit K. • Consider DES mapping 264 possible input blocks, with a specific key into a unique 64-bit C block. If two given input blocks would’ve been mapped to the same output block, then decryption to recover the original PT would be impossible. • With 264 possible inputs, the # of different mappings including permutation is (264!), for each key. 256 key. • Using DES twice, with different keys.. Producing a different output. • C = E(K2, E(K1, P)), • X = E(K1, P) = D(K2, C) • For a known pair of (P, C), the attack: • Encrypt P for all 256 possible values of K1 sort and store the results. • Next, decrypt C using all 256 possible values of K2. search for a match. If found one, then test the keys for a new known PC pair. If correct.

  8. For any given PT, 264 possible CT values that could be produced by double DES. 112-bit key in effect, so that there are 2112 possible keys. Therefore, on average, for a given plaintext P, the number of different112-bit keys that will produce a given CT is 2112/264 = 248. • Thus, 248 false alarms on the first (P, C) pair. With an additional 64 bits of known PT CT pair, the false alarm rate is reduced to 248-64 = 2-16. • Put together, if the meet-in-the-middle attack is performed on two blocks of known PT CT, determining the probability of the correct keys is 1/2-16. A known PT attack will succeed against double DES. • Triple DES with Two Keys • A countermeasure to the meet-in-the-middle attack is 3 stages of encryption with 3 different keys  raising the cost of the known-PT attack to 2112, beyond the practical reach. • The drawback is another 68 bits longer, somewhat unwieldy. • Alternative, Tuchman, a triple encryption using two keys, an encrypt-decrypt-encrypt (EDE) sequence: • C = E(K1, D(K2, E(K1, P))) • no practical cryptanalytic attacks on 3DES.

  9. FISH to be updated • FISH is a stream cipher using Lagged Fibonacci Generator and a shrinking generator. • Fibonacci shrinking stream cipher. • Lagged Fibonacci generators. LFG: -Sn = Sn-1 + Sn-2Sn = Sn-j * Sn-k (mod(m)), 0<j<k • Linear congruential generator, . • Pseudorandom generator. . • Xn+1= (a Xn +c) mod(m): Xn pseudorandom sequence. 0<a<m gain, 0c<m shift, c=0 park miller rng. 0X0<m, the seed (start value). • Randomness extremely sensitive of coefficients: The period of a general LCG is at most m, and for some choices of a much less than that. The LCG will have a full period if and only if: 1. c and m are relatively prime, 2. a-1 is divisible by all prime factors of m, 3. a-1 is a multiple of 4 if m is a multiple of 4.

More Related