Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Stream Ciphers.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Stream Ciphers."— Presentation transcript:

1 CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Stream Ciphers

2 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set2 Problems Using cipher requires knowledge of environment, and threats in the environment, in which cipher will be used –Is the set of possible messages small? –Do the messages exhibit regularities that remain after encipherment? –Can an active wiretapper rearrange or change parts of the message?

3 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set3 Attack #1: Precomputation Set of possible messages M small Public key cipher f used Idea: precompute set of possible ciphertexts f(M), build table (m, f(m)) When ciphertext f(m) appears, use table to find m Also called forward searches

4 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set4 Example Cathy knows Alice will send Bob one of two messages: enciphered BUY, or enciphered SELL Using public key e Bob, Cathy precomputes m 1 = { BUY } e Bob, m 2 = { SELL } e Bob Cathy sees Alice send Bob m 2 Cathy knows Alice sent SELL

5 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set5 May Not Be Obvious Digitized sound –Seems like far too many possible plaintexts –Initial calculations suggest 2 32 such plaintexts –Analysis of redundancy in human speech reduced this to about 100,000 (≈ 2 17 ) –This is small enough to worry about precomputation attacks

6 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set6 Misordered Blocks Alice sends Bob message –n Bob = 77, e Bob = 17, d Bob = 53 –Message is LIVE (11 08 21 04) –Enciphered message is 44 57 21 16 Eve intercepts it, rearranges blocks –Now enciphered message is 16 21 57 44 Bob gets enciphered message, deciphers it –He sees EVIL

7 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set7 Notes Digitally signing each block won’t stop this attack Two approaches: –Cryptographically hash the entire message and sign it –Place sequence numbers in each block of message, so recipient can tell intended order –Then you sign each block

8 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set8 Statistical Regularities If plaintext repeats, ciphertext may too Example using DES: –input (in hex): 3231 3433 3635 3837 –corresponding output (in hex): ef7c 4bb2 b4ce 6f3b Fix: cascade blocks together (chaining) –More details later

9 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set9 What These Mean Use of strong cryptosystems, well-chosen (or random) keys not enough to be secure Other factors: –Protocols directing use of cryptosystems –Ancillary information added by protocols –Implementation (not discussed here) –Maintenance and operation (not discussed here)

10 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set10 Stream, Block Ciphers E encipherment function –E k (b) encipherment of message b with key k –In what follows, m = b 1 b 2 …, each b i of fixed length Block cipher –E k (m) = E k (b 1 )E k (b 2 ) … Stream cipher –k = k 1 k 2 … –E k (m) = E k1 (b 1 )E k2 (b 2 ) … –If k 1 k 2 … repeats itself, cipher is periodic and the length of its period is one cycle of k 1 k 2 …

11 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set11 Stream Ciphers Often (try to) implement one-time pad by xor’ing each bit of key with one bit of message –Example: m = 00101 k = 10010 c = 10111 But how to generate a good key?

12 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set12 Synchronous Stream Ciphers n-stage Linear Feedback Shift Register: consists of –n bit register r = r 0 …r n–1 –n bit tap sequence t = t 0 …t n–1 –Use: Use r n–1 as key bit Compute x = r 0 t 0  …  r n–1 t n–1 Shift r one bit to right, dropping r n–1, x becomes r 0

13 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set13 Operation r0r0 r n–1 … bibi … …  cici r0´r0´ r n–1 ´ … r i ´ = r i–1, 0 < i ≤ n r 0 t 0 + … + r n–1 t n–1

14 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set14 Example 4-stage LFSR; t = 1001 rk i new bit computationnew r 0010001  00  10  01 = 00001 0001101  00  00  11 = 11000 1000011  00  00  01 = 11100 1100011  10  00  01 = 11110 1110011  10  10  01 = 11111 1111111  10  10  11 = 00111 1110011  10  10  11 = 11011 Key sequence has period of 15 (010001111010110)

15 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set15 NLFSR n-stage Non-Linear Feedback Shift Register: consists of –n bit register r = r 0 …r n–1 –Use: Use r n–1 as key bit Compute x = f(r 0, …, r n–1 ); f is any function Shift r one bit to right, dropping r n–1, x becomes r 0 Note same operation as LFSR but more general bit replacement function

16 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set16 Example 4-stage NLFSR; f(r 0, r 1, r 2, r 3 ) = (r 0 & r 2 ) | r 3 rk i new bit computationnew r 11000(1 & 0) | 0 = 00110 01100(0 & 1) | 0 = 00011 00111(0 & 1) | 1 = 11001 10011(1 & 0) | 1 = 11100 11000(1 & 0) | 0 = 00110 01100(0 & 1) | 0 = 00011 00111(0 & 1) | 1 = 11001 Key sequence has period of 4 (0011)

17 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set17 Eliminating Linearity NLFSRs not common –No body of theory about how to design them to have long period Alternate approach: output feedback mode –For E encipherment function, k key, r register: Compute r= E k (r); key bit is rightmost bit of r Set r to r and iterate, repeatedly enciphering register and extracting key bits, until message enciphered –Variant: use a counter that is incremented for each encipherment rather than a register Take rightmost bit of E k (i), where i is number of encipherment

18 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set18 Self-Synchronous Stream Cipher Take key from message itself (autokey) Example: Vigenère, key drawn from plaintext –keyXTHEBOYHASTHEBA –plaintextTHEBOYHASTHEBAG –ciphertextQALFPNFHSLALFCT Problem: –Statistical regularities in plaintext show in key –Once you get any part of the message, you can decipher more

19 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set19 Another Example Take key from ciphertext (autokey) Example: Vigenère, key drawn from ciphertext –keyXQXBCQOVVNGNRTT –plaintextTHEBOYHASTHEBAG –ciphertextQXBCQOVVNGNRTTM Problem: –Attacker gets key along with ciphertext, so deciphering is trivial

20 6/4/2015CS283/Fall05/GWU/Vora/PKI All slides from Bishop's set20 Variant Cipher feedback mode: 1 bit of ciphertext fed into n bit register –Self-healing property: if ciphertext bit received incorrectly, it and next n bits decipher incorrectly; but after that, the ciphertext bits decipher correctly –Need to know k, E to decipher ciphertext k E k (r) r …E …  mimi cici

Download ppt "CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Stream Ciphers."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
Computer Security Set of slides 4 Dr Alexei Vernitski.

Computer Security Set of slides 4 Dr Alexei Vernitski.
Cryptography, Attacks and Countermeasures Lecture 3 - Stream Ciphers

Cryptography, Attacks and Countermeasures Lecture 3 - Stream Ciphers
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
8.1 Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

8.1 Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
Week 2 - Friday.  What did we talk about last time?  Substitution ciphers  Vigenère ciphers  One-time pad.

Week 2 - Friday.  What did we talk about last time?  Substitution ciphers  Vigenère ciphers  One-time pad.
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Announcements: Matlab: tutorial available at Matlab: tutorial available at

Announcements: Matlab: tutorial available at Matlab: tutorial available at
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #10-1 Chapter 10: Cipher Techniques Some Problems Types of Ciphers Networks Examples.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #10-1 Chapter 10: Cipher Techniques Some Problems Types of Ciphers Networks Examples.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.

Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Similar presentations

Ads by Google