1 / 23

Cryptographic Attacks on Scrambled LZ-Compression and Arithmetic Coding

Cryptographic Attacks on Scrambled LZ-Compression and Arithmetic Coding. By: RAJBIR SINGH BIKRAM KAHLON. Outline. LZ Compression Arithmetic Coding

sharne
Download Presentation

Cryptographic Attacks on Scrambled LZ-Compression and Arithmetic Coding

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cryptographic Attacks on Scrambled LZ-Compression and Arithmetic Coding By: RAJBIR SINGH BIKRAM KAHLON

  2. Outline • LZ Compression • Arithmetic Coding • Scrambled Input LZ Compression • Scrambled Input Arithmetic Coding • Attacks • Conclusions • References

  3. LZ Compression Algorithm • Find the longest substring in the codebook. • Output its code. • Append the very next character from the input and create a new codebook entry for the resulting string. • Advance past the end of the substring just encoded. Until no more character.

  4. LZ Compression • Example abbaabbaababbaaaabaabba Dictionary

  5. Scrambled LZ Compression Algorithm • Initialize the pseudo random number generator with encryption key. • Add null characters in dictionary. • Shuffle the initial values of dictionary. • Perform LZ Compression

  6. Arithmetic Coding • It takes a stream of input symbols and replaces it with a single floating point output number greater than 0 & less than 1. • Algorithm Set low to 0.0 Set high to 1.0 While there are still input symbols do Get an Input symbol Code_range = high - low. high = low + range*high_range(symbol) low = low + range*low_range(symbol) End of While Output low

  7. Scrambled Arithmetic Coding Algorithm • Initialize the pseudo random number with encryption key • Shuffle the probability table • Perform Arithmetic Coding

  8. Ciphertext-Only Attack • Attack model, in which access to a set of different ciphertexts is provided. Success If: • Plaintext corresponding to the ciphertext being analyzed. • The encryption key is revealed. • Any information about the plaintext pattern.

  9. Chosen-Ciphertext Attack • In this case, cryptanalyst chooses ciphertext of his choice. • One of the ciphertext(LZ) taken for analysis: ↕    Ö    ↕    r    ↕    æ    ↕    ☼    ↕    Ç    ↕      ↕   ↕    ↕    ↕    ¥    ↕    m    ↕    O    ↕    ≡    ↕    ∙    ↕     ═    ↕    &    ↕    ►    ↕    ▒    ↕    ⌡    ↕    ▲    ↕    x    ‼

  10. ADAPTIVE-CHOSEN-CIPHERTEXT ATTACK • Attacker sends a number of cipher texts to be decrypted and use these decrypted cipher texts to select subsequent cipher texts. • Most advanced version of cipher text attacks.

  11. Linear Cryptanalysis • A linear relation between bits of plaintext, the ciphertext and the bits of key is determined. • The basic idea is to approximate the operation of the cipher with an expression that is linear. Xi1 + Xi2 + ..Xiu + Yj1 + Yj2 + ..Yjv = 0                       where Xi represents the i-th bit of the input and Yj represents the j-th bit of the output and ‘+’ represents the exclusive-OR

  12. Conclusions On LZ-Compression • Null characters are part of cipher text, so its hard to distinguish between messages and null strings for traffic flow security. • The same encoded strings even within same message bear no resemblance to each other i.e. output is completely random. • A part of message can not be treated as separate and every part of message is completely dependant on what came prior to it.

  13. Conclusions On LZ-Compression • In case of linear attack on LZ compression, it involves big numbers for computation. • For 1076 bytes or 210890 possible sequences will generate 29372 possible enciphering permutations. The number of possible permutations is huge and hides the plaintext.

  14. Conclusions on Arithmetic Coding • No two messages M & M` produce same ciphertext file. • Arithmetic Coding does not use fixed codewords to represent symbols. • A large keyspace i.e. around 2048 bit encryption key makes it difficult to attack the algorithms introduced by Dr. Wang. • In case of linear attack, it requires 247 known-plaintext blocks and will result in one key bit.

  15. Chosen-Plaintext Attack • A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding cipher texts.

  16. Adaptive Chosen-Plaintext Attacks • This attack is similar to chosen-plaintext attack except that in this case, the cryptanalyst makes an nth query based on output of last (n-1) queries.

  17. Differential Attacks • In this kind of cryptanalysis, certain fixed differences between the plaintext and the cipher text are exploited till the last round of the cipher. Certain differences, called "characteristics," in plaintext pairs have a high probability of causing certain differences in the resulting cipher text pairs. To find the correct round key, simply collect enough guesses so that one sub key is suggested more often than all the others.

  18. Conclusions • Unicity Distance n = H(K)/[|M| - H(M)] H (K) = entropy of keys used in encryption |M| = maximum possible entropy for the plaintext H (M) = entropy of message

  19. Conclusions • Case1: Plaintext is ASCII characters Unicity Distance comes out to be 1432.16 characters (very large). • Case2: Plaintext is English Language Unicity Distance is 301.17 characters. H|M| is only value that changes.

  20. Conclusions • Large Keyspace – 2048 bit encryption key. • Cipher text Randomness. • Regularities Reduction. • Increased Entropy. • Differential Attacks Impractical. For m chosen-plaintext pairs, the corresponding known-plaintext will need about 2w/2(2m1/2) known plaintexts (w is the block size (in bits)). With 64-bit block using only eight chosen-plaintext pairs (very small number practically) ,the corresponding known-plaintext attack will require 234 plaintext-cipher text pairs, a large number. On DES,1.5MB/Sec. data stream of plaintexts for three years to get the data. Less efficient than brute force in DES(255 v/s 255.1)

  21. Conclusions • According to sci.crypt FAQ strong encryption should have following characterstics: • Large keyspace. • Reasonably Large unicity distance. • Randomness in cipher text. • Resistant to all known attacks. Dr. Wang’s Algorithm is very strong and resistant to above defined attacks.

  22. References • Wang, Chung-E Research paper {http://gaia.ecs.csus.edu/%7Ewang/cbj.pdf} • Arithmetic Coding Source Code {www.cipr.rpi.edu/~wheeler/ac, accessed 12-07-06} • Dr. Dobb’s Journal {http://www.dogma.net/markn/articles/arith/part1.htm, accessed 12-07-06} • Handbook of Applied Cryptography {http://www.cacr.math.uwaterloo.ca/hac/about/chap1.pdf} • RSA Laboratories {http://www.rsasecurity.com/rsalabs/node.asp?id=2167, accessed 12-07-06} • Sci.Crypt FAQ {http://www.contrib.andrew.cmu.edu/~shadow/crypt.html, accessed 12-07-06}

  23. ANY QUESTIONS???

More Related