1 / 29

Key Exhaustive Search (Brute Force Attack)

Key Exhaustive Search (Brute Force Attack). DES-Challenge(I). RSA Data Security Inc’s protest against US’s export control(‘97) $10,000(‘97) award Key search machine by Internet Loveland’s Rocker Verser 60.1 Billion/1 day key search, succeeded in 18 quadrillion operations and 96 days

rhonda-schwartz
Download Presentation

Key Exhaustive Search (Brute Force Attack)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. KeyExhaustiveSearch (Brute Force Attack)

  2. DES-Challenge(I) RSA Data Security Inc’s protest against US’s export control(‘97) • $10,000(‘97) award • Key search machine by Internet Loveland’s Rocker Verser • 60.1 Billion/1 day key search, succeeded in 18 quadrillion operations and 96 days • 25% of Total 72 quadrillion (1q=1015 =0.1 kyung) • 90MHz, 16MB Memory Pentium(700 Million/sec) • http://www.rsa.com/des/

  3. DES-Challenge(II,III) P. Kocher Distributed.Net + EFF • 100,000 PC on Network • 56hr EFF(Electronic Frontier Foundation) • http://www.eff.org/DEScracker • Specific tools • 22hr 15min • 250,000$

  4. COPACOBANA Cost-Optimized Parallel Code Breaker Machine by Univ. of Bochum, Germany and Kiel Commercially available 120 FPGA’s of type XILINX Spartan3-1000 run in parallel 10,000$ of ¼ of EFF project

  5. Other Block Ciphers

  6. FEAL(I) P(64) K8,K9,K10,K11 K(64) L0(32) R0(32) fK (K0,K1) K0 f(R0,K0) fK (K2,K3) L7(32) R7(32) K7 f(R7,K7) fK (K14,K15) R8(32) L8(32) K12,K13,K14,K15 Fast data EnciphermentALgorithm by A. Shimizu & S . Miyaguchi, NTT, Japan, ‘87 C(64)

  7. S0 S0 S1 S0 S1 S1 S0 S1 FEAL(II) f K function f (Ri,Kj)-function a(32bit) Kj(16bit) a0 a1 a2 a3 k1 k0 b0 r0 b1 b (32bit) r1 b2 Ri (32bit) (32bit) b3 r2 r3 fK(a,b) Sd(X1,X2)=Rot2((X1+X2+d) mod256) where, d=0 or 1, X1 and X2 : 8bit, Rot2(Y) : 2-bit left rotation of 8-bit Y K2(r-1) : Left half of fK(a,b), K2(r-1)+1 : right half of fK(a,b)

  8. FEAL(III) Storage Complexity Processing Complexity Data Complexity FEAL-n (Attack Method) Known Chosen - 5 FEAL-4 (LC) 30Kb 6min. 100Kb 100 FEAL-6 (LC) - 40min. 224 FEAL-8 (LC) 10min. 27 pairs FEAL-8 (DC) 280Kb 2min. 229 pairs 230 op. FEAL-16 (DC) 245 pairs 246 op. FEAL-24 (DC) 266 pairs 267 op. FEAL-32 (DC)

  9. In() In() In() Lai’s Classification of “E/D-Similar” Iterated Ciphers (I) (I) Involution Ciphers Only X Y Z(1) Z(2) Z(r) Z Key Schedule Algorithm To decrypt : Reverse the Key Schedule

  10. In() In() In() PI PI PI Lai’s Classification of “E/D-Similar” Iterated Ciphers (II) (II) Involution Ciphers and Involutary Permutations Y X Z(2) Z(r) Z(1) Z Key Schedule Algorithm To decrypt : Reverse the Key Schedule Ex) DES, FEAL, LOKI, etc.

  11. Lai’s Classification of “E/D-Similar” Iterated Ciphers (III) * Group Ciphers Only X Y Z(2) Z(1) Z(r) Z Key Schedule Algorithm To decrypt : Reverse the Key Schedule and replace each subkey by its group inverse.

  12. In() In() In() Lai’s Classification of “E/D-Similar” Iterated Ciphers (IV) (III) Group Ciphers and Involution Ciphers X Y ZA(1) ZB(1) ZA(2) ZB(2) ZA(r) ZB(r) ZA(r+1) Key Schedule Algorithm Z To decrypt : Reverse the Key Schedule and replace each A-key by its group inverse. Ex) PES (*) Never should be used … equivalent to one encipherment with Z(1) Z(2) … Z(r)

  13. (IV) Group Ciphers, Involution Ciphers and Involutary Permutations such that PI(a b) = PI(a) PI(b) PI PI In() In() In() X Y ZA(r) ZA(1) ZB(1) ZA(2) ZB(2) ZB(r) ZA(r+1) Key Schedule Algorithm Z There is no PI in the last round. To decrypt : Reverse the Key Schedule and replace ZA(1) and ZA(r+1) by its group inverse and replace all other A-subkeys by the group inverses of their involutary permuted values [ PI(Z-1) = (PI(Z))-1]. Ex) IDEA

  14. IDEA(I) X1 X2 X3 X4 Pt (64 bit) P=(X1,X2,X3,X4) Ct (64 bit) C=(Y1,Y2,Y3,Y4) Zi(r) (16bit) : r -round key block (1) (1) (1) (1) Z1 Z2 Z3 Z4 : Xor Z5(1) round 1 : Mul. mod (216+1) Z6(1) : Add. mod (216) : MA structure All lines : 16 bit round 2-8 7 more rounds Output Transformation (9) (9) (9) (9) Z1 Z2 Z3 Z4 Y1 Y2 Y3 Y4 IDEA (International Data Encipherment Algorithm)

  15. IDEA(II) Divide 128-bit key into 52 16-bit word (1) Divide 128-bit into 8 blocks and use 6 blocks for round key (2) 25-bit left rotate of 128-bit (3) Repeat steps (1) and (2) till 8-round 8 Round Key block for Encryption / Decryption Encryption Key Block Decryption Key Block Round 1 2 3 4 5 6 7 8 Output Z1(1) Z2(1)Z3(1)Z4(1)Z5(1)Z6(1) Z1(2) Z2(2)Z3(2)Z4(2)Z5(2)Z6(2) Z1(3) Z2(3)Z3(3)Z4(3)Z5(3)Z6(3) Z1(4) Z2(4)Z3(4)Z4(4)Z5(4)Z6(4) Z1(5) Z2(5)Z3(5)Z4(5)Z5(5)Z6(5) Z1(6) Z2(6)Z3(6)Z4(6)Z5(6)Z6(6) Z1(7) Z2(7)Z3(7)Z4(7)Z5(7)Z6(7) Z1(8) Z2(8)Z3(8)Z4(8)Z5(8)Z6(8) Z1(9) Z2(9)Z3(9)Z4(9) Z1(9)-1 _Z2(9) _Z3(9)Z4(9)-1Z5(8)Z6(8) Z1(8)-1 -Z2(8) _Z3(8)Z4(8)-1Z5(7)Z6(7) Z1(7)-1 -Z2(7) _Z3(7)Z4(7)-1Z5(6)Z6(6) Z1(6)-1 -Z2(6) _Z3(6)Z4(6)-1Z5(5)Z6(5) Z1(5)-1 -Z2(5) _Z3(5)Z4(5)-1Z5(4)Z6(4) Z1(4)-1 -Z2(4) _Z3(4)Z4(4)-1Z5(3)Z6(3) Z1(3)-1 -Z2(3) _Z3(3)Z4(3)-1Z5(2)Z6(2) Z1(2)-1 -Z2(2) _Z3(2)Z4(2)-1Z5(1)Z6(1) Z1(1)-1 -Z2(1) _Z3(1)Z4(1)-1 Zi(j)-1 : multiplicative inverse of Zi(j) mod (216+1),-Zi(j) : additive inverse of Zi(j) mod 216

  16. RC-5(I) History on Ron’s Code • RC-1: never published • RC-2:64-bit block, 1987 • RC-3: broken • RC-4: stream cipher • RC-6: 128-bit block, AES-finalist, 1997 RC5: 32/64/128 –bit block, 1994 • Variables; • w : word length (16, 32) • r : number of round (0-255) • b : key byte (0 -255) • Ex) RC5-32/12/16 : 100Kb, 586PC To prevent weak key, use magic constant(e, ) in key scheduling Ease for H/W & S/W Implementation

  17. A B << << << A B RC-5(II) Encryption S[0] S[1] A = A + S[0] B = B + S[1] for i=1 to r do A= (A  B)<<B) + S[2*i] B= (B  A)<<A) + S[2*i +1] - S[i] : Round Key S[2*i] 1 round : XOR : Rotation S[2 *i +1] : addition mod 2w

  18. GOST Russia: GOvernment STandard 28147-89 internal specification(unpublished) 64-bit block cipher, 32 round 256-bit main key & 512-bit subkey No Key Scheduling Modify f-function of DES : 4x4 k-box

  19. MISTY Matsui, Ichigawa,Sorimachi,Tokita, Yamagishi in Mitsubishi co. 64-bit Block cipher,128-bit key, 8 Round Provable security against DC and LC By using recursive structure 30Mb/s (HP9735, PA7150-125MHz) Known as KASUMI for 3GPP group

  20. Skipjack Classified 64-bit block for replacing -> Internal structure published ‘98 80-bit key, 32 round Used for Clipper Project with Key Escrow ECB, CBC, 64 bit OFB, {1/8/16/ 32} bit CFB

  21. Blowfish(I) BruceSchneier, et al. XOR, Addition for 32 bit CPU 64bit block, 448 bit key, 8 x 32 S-box 16 round Takes long time for key scheduling

  22. F F F Blowfish(II) L(32) R(32) K1 32 32 K2 F(XL)=(((S1 + S2 mod 232)  S3,) +S4) mod 232 S1,S2,S3,S4 : 4 8 x 32 S-boxes 13 more rounds K16 K17 K18 L16(32) R16(32)

  23. SEED(I) (Korean Data Encryption Standard) • 128-bit symmetric block cipher • developed by KISA, ETRI, ADD + a Reference • KRyptoGate (Korean cRYPTOgraphers' GATEway) http://www.cryptogate.com • http://dosan.skku.ac.kr/~sjkim/Kr-Standard.html

  24. SEED(II) Introduction • Symmetric Block Cipher • Block size, key size : 128-bit • Feistel structure • 16 round Design criteria • Provide security proof • Secure against DC, LC, Higher order DC, and Related key attack • Faster than 3-DES in software • Use nonlinear function for round-key generation

  25. SEED(III) G-function F-function

  26. SEED(IV) F-function G-function

  27. SEED(V) Round-key generation in pseudo-code Input 128-bit key (A,B,C,D) Output round keys Ki,j

  28. Others TEA (Tiny Encryption Algorithm) for RFID/USN, XTEA, XXTEA ARIA, Serpent,Baseking, BATON, BEAR&LION, C2, Camellia, CAST-128,256, CIPHERUNICORN,CMEA, Cobra, Coconut98, Crypton, DEAL, E2, FROG, G-DES, Hasty Pudding Cipher, Hierocrypt,MUITL2, New Data Seal, SAFER-64,128, SHACAL, Square, Xenon, etc….

  29. Summary of Block Ciphers Algorithm Year Country Pt/Ct Key Round DES 1977 USA 64 16 56 FEAL 1987 Japan 64 64 4,8,16,32 GOST 1989 Russia 64 32 256 IDEA 1990 Swiss 64 8 128 LOKI 1991 Australia 64 16 64 80 1990 USA 64 32 SKIPJACK Japan 64 MISTY >8 128 1996 1998 Korea 128 SEED 16 128

More Related