Download presentation

Presentation is loading. Please wait.

Published byKristian Marler Modified over 3 years ago

1
Scalable Involutional PP-1 Block Cipher for Limited Resources K. Chmiel, A. Grocholewska-Czuryło, J. Stokłosa Poznan University of Technology Institute of Control and Information Engineering Poznan, Poland

2
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 2 Basic assumptions of the PP-1 cipher project Scalability – extendable data block size and key size; Resources – limited (small memory, simple processor); -the same resources for encryption and decryption: -one involutional S-box (i.e. S 1 = S ), -one involutional P-box (i.e. P 1 = P ), -the same round keys; -simple elementary operations: -modulo 2 sum, -addition, -subtraction, -shifts; Implementation – efficient in software and hardware.

3
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 3 Data processing path Fig. 2. Nonlinear element NL (j = 1, 2,..., t) Fig. 1. One round of the PP-1 (i = 1, 2,..., r) Remarks: data blocks of n = t64 bits are processed in r rounds (t = 1, 2, 3,... ), two n-bit round keys k i =k 2i–1 and k i =k 2i are used in round i.

4
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 4 64-bit variant of PP-1 Fig. 3. Encryption and decryption performed by PP-1 (n = 64)

5
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 5 Round key scheduling Fig. 5. KS the main part of an iteration (j = 1, 2,..., t) Fig. 4. One iteration of key scheduling (i = 0, 1,..., 2r) Remarks: the cipher key k for the PP-1 algorithm is a sequence of n or 2n bits, the round keys k 1, k 2,..., k 2r are produced on outputs of iterations #1 to #2r. depends on k

6
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 6 Details of round key scheduling Remarks: function E value, is equal to XOR of 4MSBs of the two leftmost S-boxes, entry X 0 of iteration #0, is supplied by the n-bit constant B, inputs K i depend on cipher key k: n-bit or 2n-bit (k = k H ||k L ).. Entry X 0 : X 0 = B = B 1 ||B 2 ||...||B t where 64-bit B 1 = 912B4769B2496E7C, B j = Prm(B j–1 ) for j = 2, 3,..., t, Prm is calculated for nBb = 64 and nSb = 8. Inputs K i : K 2 = RL(B (A (K 0 K 1 ))) Function E: e i = E(b 1 b 2...b n ) = (b 1 b 9 )(b 2 b 10 )(b 3 b 11 )(b 4 b 12 ) for V i = b 1 b 2...b n, where b 1 is the MSB. K i = RL(K i1 ) for i = 3, 4,..., 2r

7
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 7 Involutional substitution S Fig. 6. Involutional 8 8-bit S-box S S(6F) = DA, S(DA) = 6F L H Method: generated using multiplicative inverse procedure, similar to AES, processed to remove existence of affine transformations between component Boolean functions. Parameters: nonlinearity – 110 (maxTA = 18), 2 nd maximum XOR DDT value – 4 (maxTD = 4).

8
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 8 Involutional permutation P Fig. 8. P for 8 8 bit matrices (n =64) Remarks: dissipates 8-bit output subblocks of S-boxes S in the n-bit block of a round, can be implemented by transposition of 8 8 bit matrices in processor words. Fig. 7. Bit mappings of involutional bit permutation P and their illustration (n =64)

9
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 9 Scalable permutation P Fig. 9. Algorithms to construct permutation P and their illustration (n = 64) Method (n = 64): algorithm Prm calculates bit mappings in Prm, to dissipate 4-bit subblocks in 32-bit block, algorithm P calculates involutional pairs of bit mappings in 64-bit P. Prm(x, nBb, nSb) {argument, number of block bits (e.g.64), number of S-box bits (e.g. 8)} 1. nS nBb div nSb {number of S-boxes} 2. Sno x mod nS +1 {S-box number(from 1)} 3. Sb (x 1) div nS + 1 {S-box bit (from 1)} 4. y (Sno 1) nSb + Sb {value of bit mapping} 5. return y P(pno, nBb, nSb) {pair number (from 1), number of block bits (e.g. 64), number of S-box bits (e.g. 8)} 1. y Prm(pno, nBb div 2, nSb div 2) {value of Prm} 2. px 2 pno 1 {odd argument (value) of bit mapping} 3. py 2 y {even value (argument) of bit mapping} 4. return (px, py)

10
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 10 Differential and Linear Approximation p = N(X,Y) / 2 n X' {0,..,2 n –1}, Y' {0,..,2 m –1} Fig. 10. Differential and linear approximation of function f : {0,1} n {0,1} m f(X) f(X X') = Y' p X {1,..,n}, Y {1,..,m} Y[Y] = X[X] p = N(X,Y) / 2 n | p| = | p – 1/2 | effectiveness of differential approximation effectiveness of linear approximation

11
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 11 Approximation Tables Fig. 11. Function f: {0,1} 4 {0,1} 2 and its approximation tables TDf and TAf TDf[X, Y] = N(X, Y) TAf[X, Y] = N(X, Y) = N(X, Y) - 2 n-1 maxTD = max{TDf[X', Y'] : X' 0 Y' 0} maxTA = max{|TAf[X', Y']| : X' Y' }

12
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 12 Quality of S-box S (PP-1) Fig. 12. Comparison of S-box S to randomly selected S-boxes (n = 8, m = 8)

13
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 13 DES Algorithm Fig. 13. General structure and function f of DES (IBM 1977) c 1 (j) ||c 2 (j) = c 2 (j-1) ||c 1 (j-1) f(c 2 (j-1), k j ) for j = 1, 2,..., 15 c 1 (j) ||c 2 (j) = c 1 (j-1) f(c 2 (j-1), k j )||c 2 (j-1) for j = 16

14
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 14 Quality of S-boxes S1-S8 (DES) Fig. 14. Comparison of S-boxes S1-S8 to randomly selected S-boxes (n = 6, m = 4)

15
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 15 Evaluation of PP-1 Fig. 15. Number r of rounds for n-bit block ( s = 8, q a = 2, q p = 1) r ( n/2 – log q p ) / ( s/2 – log q a ) | p a + | | p p + | | p i + | q a /2 s/2 +1 | p p + | q p /2 n/2 +1 | p a + | (1/2) (q a /2 s/2 ) r (q a /2 s/2 ) r q p /2 n/2 comparative algorithm (1) (5) (4) (2) (3) (7) (6)

16
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 16 Evaluation of DES Fig. 16. Comparative algorithm and evaluation of DES quality Evaluation methods: exact – the best nonzero linear approximation of a cipher is determined, rough – the best nonzero linear approximation of a cipher is assumed to be a composition of the best nonzero linear approximation of a single iteration, intermediate –the best zero-nonzero approximation of a cipher is found, that fulfils approximation conditions. improved S1, S5, S7

17
10-12.06.2010Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 17 Conclusions PP-1, is a new scalable block cipher that is simple, efficient and secure; PP-1 is aimed to be used on platforms with limited resources, and especially with a limited amount of memory; Due to the fact that PP-1 uses only very simple arithmetic operations, the cipher can be implemented on different platforms such as smart- cards, TV decoders, mobiles, etc.; We could not find any significant constraint in PP-1 and have not inserted any hidden weakness.

Similar presentations

OK

Announcements: Homework 2 returned Homework 2 returned Monday: Written (concept and small calculations) exam on breaking ch 2 ciphers Monday: Written (concept.

Announcements: Homework 2 returned Homework 2 returned Monday: Written (concept and small calculations) exam on breaking ch 2 ciphers Monday: Written (concept.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on law of conservation of mass Ppt on bluetooth broadcasting system Ppt on total internal reflection example Ppt on obesity management guidelines Ppt on addition for class 3 Ppt on electric meter testing companies Ppt on the road not taken interpretation Ppt on network layer design issues Complete ppt on cybercrime Ppt on panel discussion