Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-7 Secret-Key Ciphers.

Slides:



Advertisements
Similar presentations
Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x)  K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.
Advertisements

BCH Codes Hsin-Lung Wu NTPU.
Spread Spectrum Chapter 7.
Spread Spectrum Chapter 7. Spread Spectrum Input is fed into a channel encoder Produces analog signal with narrow bandwidth Signal is further modulated.
GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.
1 Introduction to Practical Cryptography Lectures 3/4 Stream Ciphers.
LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.
Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.
An Introduction to Stream Ciphers Zahra Ahmadian Electrical Engineering Department Sahrif University of Technology
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
Session 2: Secret key cryptography – stream ciphers – part 2.
Stream ciphers 2 Session 2. Contents PN generators with LFSRs Statistical testing of PN generator sequences Cryptanalysis of stream ciphers 2/75.
Copyright 2005, Agrawal & BushnellVLSI Test: Lecture 21alt1 Lecture 21alt BIST -- Built-In Self-Test (Alternative to Lectures 25, 26 and 27) n Definition.
Session 2 Symmetric ciphers 1. Stream cipher definition Recall the Vernam cipher: Plaintext Ciphertext (Running) key
Linearization of Stream Ciphers in Terms of Cellular Automata Amparo Fúster-Sabater Institute of Applied Physics (CSIC) Madrid (Spain)
Design for Testability Theory and Practice Lecture 11: BIST
Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.
Session 2: Secret key cryptography – stream ciphers – part 1.
Códigos y Criptografía Francisco Rodríguez Henríquez A Short Introduction to Stream Ciphers.
One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
Stream Ciphers Making the one-time pad practical.
A Method for Generating Full Cycles by a Composition of NLFSRs Elena Dubrova Royal Institute of Technology – KTH Stockholm, Sweden.
Session 1 Stream ciphers 1.
CRYPTANALYSIS OF STREAM CIPHER Bimal K Roy Cryptology Research Group Indian Statistical Institute Kolkata.
More Digital circuits. Ripple Counter The most common counter The problem is that, because more than one output is changing at once, the signal is glichy.
Linear Feedback Shift Register. 2 Linear Feedback Shift Registers (LFSRs) These are n-bit counters exhibiting pseudo-random behavior. Built from simple.
Bhupendra Singh Bhupendra Singh Scientist ‘B’ Scientist ‘B’ Centre for Artificial.
Stream Cipher Introduction Pseudorandomness LFSR Design
Stallings, Wireless Communications & Networks, Second Edition, © 2005 Pearson Education, Inc. All rights reserved Spread Spectrum Chapter.
Information and Network Security Lecture 2 Dr. Hadi AL Saadi.
หัวข้อบรรยาย Stream cipher RC4 WEP (in)security LFSR CSS (in)security.
Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-9 Public-Key Cryptography.
Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-5 Mathematical Background:
Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-12 Public-Key Cryptography.
Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-6 Ciphering and the.
Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Tutorial-5 Theory of Secret-Key.
Ciphering in GSM Mobile Stations Base Station Subsystem Exchange System Network Management Subscriber and terminal equipment databases BSC MSC VLR HLR.
2001 년 6 월 2 일 정지욱 연세대학교 전기전자공학과 Span Property 정지욱 1/7.
Public-Key Cryptography ElGamal Public-Key Crypto-System
Cryptographic Protocols Secret sharing, Threshold Security
Mathematical Background: Extension Fields
Network Security Design Fundamentals Lecture-13
FIRST REVIEW.
DH Public-Key Exchange
Introduction to Modern Symmetric-key Ciphers
Introduction to Modern Symmetric-key Ciphers
Fundamentals of Cellular and Wireless Networks
VLSI Testing Lecture 14: Built-In Self-Test
Cryptography Lecture 15.
ElGamal Public-Key Systems over GF(p) & GF(2m)
Overview Introduction Generating keystream sequences
Introduction to Modern Symmetric-key Ciphers
STREAM CIPHERS by Jennifer Seberry.
Prof. Saravanan Vijayakumaran
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology Design Fundamentals
CH 6. Stream Ciphers Information Security & IoT Lab 김해용
Cryptology Design Fundamentals
Information and Computer Security CPIS 312 Lab 4 & 5
Cryptographic Protocols Secret Sharing, Threshold Security
Network Security Design Fundamentals Lecture-13
Pseudorandom Numbers Network Security.
Cryptography Lecture 15.
Public-Key Cryptography Quadratic Residues and „Rabin Lock“
Introduction to Modern Cryptography
Mathematical Background: Extension Finite Fields
Presentation transcript:

Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-7 Secret-Key Ciphers Stream Ciphers: Design Principles Network Security Design Fundamentals ET-IDA , v27 Prof. W. Adi

Page : 2 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Outlines Stream Ciphers Design Fundamentals Historical Overview Historical Overview Basic Definitions Basic Definitions Linear Feedback Shift Register Sequences Linear Feedback Shift Register Sequences Stream Cipher Design Principles Stream Cipher Design Principles Some Contemporary Standards Some Contemporary Standards

Page : 3 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Additive Stream Cipher, similarity to the perfect Vernam Ciphers 1926 Key length not = Clear text length Key-tape Cipher Text X+Z Clear Text X Z + Clear Text X+Z+Z=X + Z ++ RKG Running Key Generator (no perfect secrecy!): Example: A5 in GSM Z RKG Clear Text Cipher Text Clear Text Z1 Z2 Z Z

Page : 4 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Block Ciphers no internal memory involved Two Major Secret Key Cipher Classes Stream Ciphers includes internal memory Additive Stream Cipher General Stream Cipher Message pure comb. logic n Key n Cryptogram n Cipher Text Clear Text RKG + Clear Text + RKG memory Non-linear finite state machine (Running Key Generator RKG)

Page : 5 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Stream Cipher Hagelin M-209 (2 nd World Ware) Sequence Length = 17x19x21x23x25x26  10 8 bits Key Length =  131 bits gcd (l i,l j )=1 Lengthes are relatively prime designed by Swedish cryptographer Boris Hagelin in the 1930s. l 1 =26 Electronic equivalent to the mechanical machine

Page : 6 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Linear Feedback Shift Registers LFSR Basic Linear Sequence Generator (canonical form 1) Basic Linear Sequence Generator (canonical form 1) D transform format Have length L and Connection Polynomial: C(D) = 1 + C 1 D 1 + C 2 D C L D L for j  L

Page : 7 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Polynomial degree=m Linear Feedback Shift Registers LFSR Basic Linear Sequence Generator (canonical form 2) Basic Linear Sequence Generator (canonical form 2) Division engine in the ring of polynomials Z p(x) Division in the ring of polynomials modulo P(x)= 1 + p 1 x 1 + p 2 x p m x m 01 m p 1 p 2 p m Output sequence

Page : 8 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Basic Linear Feedback Shift Register Structure LFSR LFSR output sequence is equivalent to dividing two polynomials: Example: MSB.... LSB Cycle length=3 The division 1/7 = Sequence Cycle length=6

Page : 9 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Basic Linear Feedback Shift Register Structure LFSR Example Example C(D) = D 4 + D 3 + D 2 + D + 1 Cycle structure:{1(1), 3(5)}. Is irreducible (non-primitive) with period e= N = 5, N divides = 15 Period N=5 of irreducible polynomial of degree L divides 2 L -1 = = 15 its cycle structure is: Cycle length=5

Page : 10 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Elements of the cyclic group Z * c(D) Basic Linear Feedback Shift Register Structure LFSR Example of a PN Sequence Example of a PN Sequence C(D) = D 3 + D + 1 is irreducible and primitive with period e=N = = 7. Cycle structure is {1(1), 1(7)}. Output sequence: Sequence properties: 1.The sequence length is 2 m -1 = 7 2. The number of 1‘s is 2 m-1 =4 3. The number of 0‘s is 2 m-1 –1 = 3 4. A shifted window of length m=3 on the sequence results with all 2 m -1 =7 non- zero m-bit binary patters (Window property) 5.The polynomial used and its reciprocal (mirrored pattern) result with the same sequence length C*(D) =D 3 C(D -1 ) = D 3 + D The number of primitive polynomials of degree m over GF(2) is:  (2 m -1) / m = 2 Window property

Page : 11 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Linear Feedback Shift Registers LFSR With maximum sequence lenght P-N-Sequence (Pseudo-Noise) characteristics P-N-Sequence (Pseudo-Noise) characteristics If the connection or division Polynomial of degree m is selected to be a primitive Polynomial,that is an irreducible polynomial, where the order of x is=2 m -1 (the highest possible order), then the output sequence is called a Pseudo-Noise (PN) sequence. In general, PN Sequences have the following properties: 1. The sequence length is 2 m The number of 1‘s is 2 m-1 3. The number of 0‘s is 2 m-1 –1 4. A shifted window of length m on the sequence results with all 2 m -1 non-zero m-bit binary patters (Window property) 5.The polynomial used and its reciprocal (mirrored pattern) result with the same sequence length 6.The number of primitive polynomials over GF(2) is:  (2 m -1) / m

Page : 12 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Basic Linear Feedback Shift Register Structure LFSR, Example of a PN Sequence Output sequence =  Sequence properties: 1.The sequence length is 2 m -1= 15 2.The number of 1’s is 2 m-1 ₌ 8 3.The number of 0’s is 2 m-1 -1 = 7 4.A shifted window of length m=4 bits on the sequence results with all 2 m - 1= 15 non-zero 4-bit binary patters (window property) 5.The polynomial used and its reciprocal mirrored pattern result with the same sequence length C*(D)=D 4 +D The number of primitive polynomials of degree m over GF(2) is :  ( 2 m – 1) / m =  ( 2 4 – 1)/4 = Cycle structure is { 1(1), 1(15) } If C(D) is a primitive polynomial C(D) = D 4 +D +1, Then ist periode N = =

Page : 13 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Linear Feedback Shift Register as a Key Generator? Primitive polynomial C(D) = D 4 + D of degree 4 => period N = = …. A bad Cipher ! Why? Output key stream (k i ) 4-bit window

Page : 14 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Are PN-Sequences good for stream ciphers? Massey-Berlekamp Algorithm: It is possible to find the shortest connection Polynomial C(D) and the initial value of the register if only 2L bits of the sequence are known (example in former page can be cracked if only 2x4=8 bits of the key stream are known) Definition: The linear Complexity L(S) of a sequence S is: the length the S of the shortest LFSR that generates the sequence S. - Sequence randomness quality: very good - Security : very bad (Massey-Berlekamp Algorithm)

Page : 15 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Non-Linear Feedback Shift Register Structure NLFSR Singular and Non-singular cases Singular and Non-singular cases Intial State complement c Non-singular over GF(2) if c  0 f : is any function Singular Non-Singular Non-linear feedback if using other than XOR functions other than XOR functions

Page : 16 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Running Key Generators Hadamard Combiner LFSR1 LFSR2 S 2n S n S 1n <C 1 (D),L 1 > <C 2 (D),L 2 > C 1 (D) & C 2 (D) irreducible with periods N 1, N 2 and degree L 1, L 2 such that gcd(L 1, L 2 ) = 1 Linear complexity L(S 0, S 1, S 2...) = L 1.L 2 Sequence Period is N = lcm(N 1, N 2 ) = N 1. N 2 Bad output statistics of 1 and 0 distribution! Reason: AND gate results with 75% of Zeros as output for all input combinations.

Page : 17 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Running Key Generators Geffe´s Running Key Generator C 1 (D), C 2 (D) and C 3 (D) irreducible with periods N 1, N 2 N 3 and degree L 1, L 2, L 3 such that gcd(L i, L j ) = 1 Linear complexity L(S n )= L 3 + L 1.L 2 + L 2.L 3 Sequence Period is N = lcm(N 1, N 2,N 3 ) complement LFSR 3 LFSR 2 LFSR 1 Better distribution of 1’s and 0’s !

Page : 18 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Running Key Generators Massey-Rueppel gcd(L 1, L 2 ) = 1 C 1 (D), C 2 (D) are irreducible L 2  L 1 Linear complexity L(S n )= L 1.L 2 Sequence Period is N = lcm(N 1, N 2 ) Clock f 1 Clock f 2 < f 1 /2

Page : 19 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Running Key Generators Non-linear Combination of LFSR Sequences If gcd (L i, L j ) = 1 and C 1 (D)... C n (D) are irreducible then: L(S 0, S 1,...S n ) = f k (L 1, L 2,...L n ) Example: for f k (x 1, x 2, x 3 ) = x 1 + x 2 x 3 + x 1 x 2 and L 1 = 5, L 2 = 7, L 3 = 9 L(S 1, S 2, S 3 ) = L 1 + L 2 L 3 + L 1 L 2 = = 103 Number of possible functions = 2 2n2n LFSR 1 LFSR 2 LFSR n

Page : 20 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Designing a Running Key Generators Non-linear Combination of LFSR Sequences If C (D) is primitive then the resulting linear complexity is: F NLO= m= 3=L/2 For m = L/2 Linear Complexity L(S)  2 L- log L LFSR with primitive connection polynomial PN sequence: period 2 L -1 = =63 Non-linear function F with non-linear order NLO=m F = x 1.x 2 + x 3 + x 4.x 5.x 6 Where m is the non-linear order of the function F Design steps: 1.Select a primitive polynomial of degree L 2.Select a function F with a nonlinear order m=L/2 3.Select some low order terms in F (for good 1/0 distribution) 4.Compute effective linear complexity L(S) order =2 order =1 S 2

Page : 21 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Self Synchronizing Stream Cipher Not Self Synchronising Cipher Self Synchronising Cipher Synchronises after L subsequent error free Symbols Block Cipher Or a highly non-linear function

Page : 22 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 The Most Widespread Stream Cipher The Most Widespread Stream Cipher GSM Mobile Phone Cipher : A5/1,2.. Unpublished Ciphers ! More than million devices worldwide!

Page : 23 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 GSM : Mobile Phone A5/1 Stream-Cipher LFSR1 LFSR2 LFSR3 Clock Control De-linearizer C C C Stop/go-1 Stop/go-2 Stop/go-3 Z(t) length = 23 Bits length = 22 Bits length = 19 Bits Effective key length = 40 Bits ? /1/1 /1/1 /1/1 L inear F eedback S hift R egister Published by Berkely Students, Effectively attacked by A. Shamir 1999/2000 The attack can find the key in less than a second on a single PC with 128 MB RAM and two 73 GB hard disks, by analysing the output of the A5/1 algorithm in the first two minutes of the conversation

Page : 24 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 The answer of GSM Association was : Mobile Phone Cipher A5/2 Clock Control LFSR: L inear F eedback S hift R egister LFSR1 C1 length = 19 Bits Majority Function LFSR2 C2 length = 21 Bits LFSR3 C3 length = 23 Bits LFSR4 C length = 16 Bits Key-Stream Majority Function Export version cracked by Barkan, Biham and Keller August a ciphertext-only attack on A5/2 that requires a few dozen milliseconds of encrypted off-the-air cellular conversation and finds the correct key in less than a second on a personal computer

Page : 25 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 List of all irreducible Polynomials up to degree 11 over GF(2 ) 1/2

Page : 26 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 List of all irreducible Polynomials upto degree 11 over GF(2) 2/2

Page : 27 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 All Primitive Polynomials up to degree 11 The number of primitive polynomials over GF(2) is:  (2 m -1) / m

Page : 28 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Larger Primitive Polynomials Factorization of 2 n -1

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.