Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography Lecture 15.

Published byGlenna Hardja Modified over 5 years ago

Similar presentations

Presentation on theme: "Cryptography Lecture 15."— Presentation transcript:

1 Cryptography Lecture 15

2 Summary and review We have finished our treatment of private-key schemes! (Though it will come up again later) Private-key crypto is used extensively in practice Arguably more than public-key crypto

3

4 So far… We have seen how to construct schemes based on various lower-level primitives Stream ciphers/PRGs Block ciphers/PRFs Hash functions How do we construct these primitives?

5 Two approaches Construct from even lower-level assumptions
Can prove secure (given lower-level assumption) Typically inefficient Build directly Much more efficient! Need to assume security, but We have formal definitions to aim for We can concentrate our analysis on these primitives We can develop/analyze various design principles

6 Stream ciphers/PRGs

7 Terminology Init algorithm GetBits algorithm
Takes as input a key + initialization vector (IV) Outputs initial state GetBits algorithm Takes as input the current state Outputs next bit/byte/chunk and updated state Allows generation of as many bits as needed

8 Security requirements
If there is no IV, then (for a uniform key) the output of GetBits should be indistinguishable from a uniform, independent stream of bits If there is an IV, then (for a uniform key) the outputs of GetBits on multiple, uniform IVs should be indistinguishable from multiple uniform, independent streams of bits Even if the attacker is given the IVs

9 LFSRs Degree n  n registers
State: bits sn-1, …, s0 (contents of the registers) Feedback coefficients cn-1, …, c0 (view as part of state; do not change) State updated and output generated in each “clock tick”

10 Example Assume initial content of registers is 0100
First 4 state transitions: 0100  1010  0101  0010  … First 3 output bits: …

11 LFSRs as stream ciphers
Key + IV used to initialize the state of the LFSR (possibly including feedback coefficients) One bit of output per clock tick State updated

12 LFSRs State (and output) “cycles” if state ever repeated
Maximal-length LFSR cycles through all 2n - 1 nonzero states Known how to set feedback coefficients so as to achieve maximal length

13 LFSRs Maximal-length LFSRs have good statistical properties…
…but they are not cryptographically secure!

14 Security? Are LFSRs secure? Might hope for 2n-bit security
n-bit state + n bits to specify feedback Slightly less if we insist on maximal-length LFSR

15 LFSRs If feedback coefficients known, the first n output bits directly reveal the initial state! Even if feedback coefficients are unknown, can use linear algebra to learn everything from 2n consecutive output bits Moral: linearity is bad for cryptography (because linear algebra is so powerful)

16 Nonlinear FSRs Add nonlinearity to prevent attacks
Nonlinear feedback Output is a nonlinear function of the state Multiple (coupled) LFSRs …or any combination of the above Still want to preserve statistical properties of the output, and long cycle length

17 Trivium Designed by De Cannière and Preneel in 2006 as part of eSTREAM competition Intended to be simple and efficient (especially in hardware) Essentially no attacks better than brute-force search are known

18 Trivium

19 Trivium Three FSRs of degree 93, 84, and 111 Initialization:
80-bit key in left-most registers of first FSR 80-bit IV in left-most registers of second FSR Remaining registers set to 0, except for three right-most registers of third FSR Run for 4 x 288 clock ticks

Download ppt "Cryptography Lecture 15."

Similar presentations

1 KCipher-2 KDDI R&D Laboratories Inc.. ©KDDI R&D Laboratories Inc. All rights Reserved. 2 Introduction LFSR-based stream ciphers Linear recurrence between.

1 KCipher-2 KDDI R&D Laboratories Inc.. ©KDDI R&D Laboratories Inc. All rights Reserved. 2 Introduction LFSR-based stream ciphers Linear recurrence between.
1 Introduction to Practical Cryptography Lectures 3/4 Stream Ciphers.

1 Introduction to Practical Cryptography Lectures 3/4 Stream Ciphers.
LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.

LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.
An Introduction to Stream Ciphers Zahra Ahmadian Electrical Engineering Department Sahrif University of Technology

An Introduction to Stream Ciphers Zahra Ahmadian Electrical Engineering Department Sahrif University of Technology
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Session 2 Symmetric ciphers 1. Stream cipher definition Recall the Vernam cipher: Plaintext 000110111101101 Ciphertext 110000101000110 (Running) key 110110010101011.

Session 2 Symmetric ciphers 1. Stream cipher definition Recall the Vernam cipher: Plaintext Ciphertext (Running) key
Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.

Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.
Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.

Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
6. Practical Constructions of Symmetric-Key Primitives

6. Practical Constructions of Symmetric-Key Primitives
Session 2: Secret key cryptography – stream ciphers – part 1.

Session 2: Secret key cryptography – stream ciphers – part 1.
Computer Security CS 426 Lecture 3

Computer Security CS 426 Lecture 3
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
CS555Spring 2012/Topic 51 Cryptography CS 555 Topic 5: Pseudorandomness and Stream Ciphers.

CS555Spring 2012/Topic 51 Cryptography CS 555 Topic 5: Pseudorandomness and Stream Ciphers.
Stream Ciphers Making the one-time pad practical.

Stream Ciphers Making the one-time pad practical.
Resynchronization Attacks on WG and LEX Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven ESAT/COSIC.

Resynchronization Attacks on WG and LEX Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven ESAT/COSIC.
Cryptanalysis of the Stream Cipher DECIM Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven ESAT/COSIC.

Cryptanalysis of the Stream Cipher DECIM Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven ESAT/COSIC.

Similar presentations

Ads by Google