Download presentation

Presentation is loading. Please wait.

Published byMohammed Waugh Modified over 3 years ago

1
LOKI LOKI block ciphers family (LOKI89.LOKI91) Similar to DES(except : F function, initial and final permutation, key scheduling algorithm ) K1=K L,K2=K R K3~K16: K i = ROL12(K J ), where J=i-2 K 3 = ROL(K 1 ) ROL12 代表 Rotate to Left 12 bits

4
Chosen key attack Chosen key chosen plaintext Knows only the relationship between two key,not the keys themselves Independent of number of rounds LOKI89, LOKI91

5
LOKI89 Original 64bit key K=(K L, K R ) K 1 = K L, K 2 = K R K 3 ~K 16, K i = ROL12(K J ), where J=i-2 ex: K 3 =ROL12(K 1 ), K 4 =ROL12(K 2 ) ….. New key K* = (K 2, K 3 ) = ( K R, ROL12(K L ) ) K 1 *= K L * = K 2, K 2 * = K R * = K 3 K 3 * ~K 16 * K i * of K* = K(i+1) of K ex: K 3 *= ROL12(K 1 *) = ROL12(K 2 ) = K 4 K 4 * = K 5

6
LOKI89 Original 64bit key K=(K L, K R ) K 1 = K L, K 2 = K R K 3 ~K 16, K i = ROL12(K J ), where J=i-2 ex: K 3 =ROL12(K 1 ), K 4 =ROL12(K 2 ) ….. New key K* = (K 2, K 3 ) = ( K R, ROL12(K L ) ) K 1 *= K L * = K 2, K 2 * = K R * = K 3 K 3 * ~K 16 * K i * of K* = K(i+1) of K ex: K 3 *= ROL12(K 1 *) = ROL12(K 2 ) = K 4 K 4 * = K 5

7
KRKR KLKL KRKR ROL12(K L)

9
使用 related key K and K* If the data are the same in both executions shifted by one round EX: data before 2nd round (under key K) = data before 1st round (under key K*):

11
plaintext P encrypted under key K data before 2nd round (under key K): ( P R ⊕ K R, P L ⊕ K L ⊕ F ( P R ⊕ K R, K L ) ) -----(1) data before 1st round (under key K*): P* ⊕ K* = ( P L * ⊕ K L *, P R * ⊕ K R * ) = ( P L * ⊕ K R, P R * ⊕ ROL12 (K L ) )------(2)

12
P L ⊕ K L P R ⊕ K R F( P R ⊕ K R, K L )

13
由 (1) = (2) P R ⊕ K R = P L * ⊕ K R ∴ P R = P L * ---(3) P L ⊕ K L ⊕ F( P R ⊕ K R, K L ) = P R * ⊕ ROL12(K L ) ∴ P L ⊕ K L ⊕ F( P R ⊕ K R, K L ) ⊕ ROL12(K L ) = P R *---(4) P* = (P R, P L ⊕ K L ⊕ ROL12(K L ) ⊕ F( P R ⊕ K R, K L )) ------(a) C* = (C R ⊕ K L ⊕ ROL12(K L ) ⊕ F( P R ⊕ K R, K L ), C L ) -------(b)

14
chosen key chosen plaintext P* = (P R, P L ⊕ K L ⊕ ROL12(K L ) ⊕ F( P R ⊕ K R, K L )) ------(a) C* = (C R ⊕ K L ⊕ ROL12(K L ) ⊕ F( P R ⊕ K R, K L ), C L ) -------(b) 已知 2 16 個 chosen key P, 2 16 個 P *, P R = P L * 2 unknown related key K, K*, K* = (K2,K3) Exist two plaintext P i, P j* such that P R * = P L ⊕ K L ⊕ ROL12(K L ) ⊕ F( P R ⊕ K R, K L ) By checking C R * = C L

15
chosen key chosen plaintext PRPR Randomly chosen 32 bits 2 16 個 P 0 ~ P 65535 P * 0 ~ P * 65535 Chosen 32 bits value

16
由 equation (a),(b) 相作 XOR 再搬移 F( P R ⊕ K R, K L )) ⊕ F(C L ⊕ K R ⊕ K L ) = P R* ⊕ P L ⊕ C L* ⊕ C R only unknown part : K R ⊕ K L 帶回 (a),(b) 可求出 K L ⊕ ROL12(K L ), 可以推出 K 和 K*

17
LOKI91 A random plaintext P C=LOKI91(P,K) and C*=LOKI91(P*,K*) K* = ( K R,ROL25(K L ) ) K1,K2 share the same 32 bits 2 32 possible values of K1,K2 calculate 2 32 data before 3rd round, P* 找出 real K1,K2 by verifying the relationship between cipher texts

18
32bit K R 32bit K L

Similar presentations

OK

Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's virtually indecipherable."

Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's virtually indecipherable."

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on review writing on books Ppt on e-mail spam Complete ppt on cybercrime Download free ppt on environment Ppt on artificial intelligence and robotics Download ppt on women empowerment Ppt on water softening techniques to improve Ppt on andhra pradesh Ppt on bank lending rate Download ppt on chromosomes