Stream Ciphers. Debdeep Mukhopadhyay

Similar documents
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 2 Stream Ciphers ver.

Attacking of Stream Cipher Systems Using a Genetic Algorithm

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 2 Stream Ciphers ver.

New Address Shift Linear Feedback Shift Register Generator

A Pseudorandom Binary Generator Based on Chaotic Linear Feedback Shift Register

Performance Evaluation of Stream Ciphers on Large Databases

Stream Cipher. Block cipher as stream cipher LFSR stream cipher RC4 General remarks. Stream cipher

LFSR stream cipher RC4. Stream cipher. Stream Cipher

V.Sorge/E.Ritter, Handout 5

DESIGN and IMPLETATION of KEYSTREAM GENERATOR with IMPROVED SECURITY

Modified Alternating Step Generators with Non-Linear Scrambler

WG Stream Cipher based Encryption Algorithm

Lecture 8: Sequential Logic

Randomness analysis of A5/1 Stream Cipher for secure mobile communication

Fault Analysis of Stream Ciphers

Sequences and Cryptography

Synthesis Techniques for Pseudo-Random Built-In Self-Test Based on the LFSR

Welch Gong (Wg) 128 Bit Stream Cipher For Encryption and Decryption Algorithm

Testing of Cryptographic Hardware

Optimization of Multi-Channel BCH Error Decoding for Common Cases. Russell Dill Master's Thesis Defense April 20, 2015

Modified Version of Playfair Cipher Using Linear Feedback Shift Register and Transpose Matrix Concept

EFFICIENT IMPLEMENTATION OF RECENT STREAM CIPHERS ON RECONFIGURABLE HARDWARE DEVICES

BeepBeep: Embedded Real-Time Encryption

An Introduction to Cryptography

Fault Analysis of Stream Ciphers

21.1. Unit 21. Hardware Acceleration

From Theory to Practice: Private Circuit and Its Ambush

Cryptography CS 555. Topic 5: Pseudorandomness and Stream Ciphers. CS555 Spring 2012/Topic 5 1

A New Proposed Design of a Stream Cipher Algorithm: Modified Grain - 128

Cryptanalysis of LILI-128

Design for Test. Design for test (DFT) refers to those design techniques that make test generation and test application cost-effective.

A High- Speed LFSR Design by the Application of Sample Period Reduction Technique for BCH Encoder

(12) Patent Application Publication (10) Pub. No.: US 2003/ A1

VLSI System Testing. BIST Motivation

Final Exam CPSC/ECEN 680 May 2, Name: UIN:

Pseudorandom bit Generators for Secure Broadcasting Systems

Software Engineering 2DA4. Slides 9: Asynchronous Sequential Circuits

An Improved Hardware Implementation of the Grain-128a Stream Cipher

How to Predict the Output of a Hardware Random Number Generator

Breaking the Enigma. Dmitri Gabbasov. June 2, 2015

A New Random Keys Generator Depend on Multi Techniques

1. Convert the decimal number to binary, octal, and hexadecimal.

Cryptanalysis of the Bluetooth E 0 Cipher using OBDD s

DesignandImplementationofDataScramblerDescramblerSystemusingVHDL

Chapter 4. Logic Design

Experiment 8 Introduction to Latches and Flip-Flops and registers

Decim v2. To cite this version: HAL Id: hal

Digital Logic Design ENEE x. Lecture 19

MATHEMATICAL APPROACH FOR RECOVERING ENCRYPTION KEY OF STREAM CIPHER SYSTEM

Synchronous Sequential Logic

LFSRs as Functional Blocks in Wireless Applications Author: Stephen Lim and Andy Miller

Eric Roberts and Jerry Cain Handout #36 CS 106J May 15, The Enigma Machine

Department of CSIT. Class: B.SC Semester: II Year: 2013 Paper Title: Introduction to logics of Computer Max Marks: 30

Design and Implementation of Data Scrambler & Descrambler System Using VHDL

data and is used in digital networks and storage devices. CRC s are easy to implement in binary

YEDITEPE UNIVERSITY DEPARTMENT OF COMPUTER ENGINEERING. EXPERIMENT VIII: FLIP-FLOPS, COUNTERS 2014 Fall

CSE 352 Laboratory Assignment 3

True Random Number Generation with Logic Gates Only

ECE 172 Digital Systems. Chapter 2.2 Review: Ring Counter, Johnson Counter. Herbert G. Mayer, PSU Status 7/14/2018

LFSR Counter Implementation in CMOS VLSI

Overview: Logic BIST

Testing Digital Systems II

Comparative Analysis of Stein s. and Euclid s Algorithm with BIST for GCD Computations. 1. Introduction

Enigma. Developed and patented (in 1918) by Arthur Scherbius Many variations on basic design Eventually adopted by Germany

Ultra-lightweight 8-bit Multiplicative Inverse Based S-box Using LFSR

MODEL QUESTIONS WITH ANSWERS THIRD SEMESTER B.TECH DEGREE EXAMINATION DECEMBER CS 203: Switching Theory and Logic Design. Time: 3 Hrs Marks: 100

Logic Design. Flip Flops, Registers and Counters

UPDATE TO DOWNSTREAM FREQUENCY INTERLEAVING AND DE-INTERLEAVING FOR OFDM. Presenter: Rich Prodan

Figure 1 shows a simple implementation of a clock switch, using an AND-OR type multiplexer logic.

Digital Design, Kyung Hee Univ. Chapter 5. Synchronous Sequential Logic

CS3350B Computer Architecture Winter 2015

Segmented Leap-Ahead LFSR Architecture for Uniform Random Number Generator

CS408 Cryptography & Internet Security

ASYNCHRONOUS COUNTER CIRCUITS

PA Substitution Cipher

CHAPTER 4: Logic Circuits

The Swiss cipher machine NeMa

CHAPTER 4: Logic Circuits

Keywords- Cryptography, Frame, Least Significant Bit, Pseudo Random Equations, Text, Video Image, Video Steganography.

Analysis of Different Pseudo Noise Sequences

CS61C : Machine Structures

AIR FORCE INSTITUTE OF TECHNOLOGY

Power Optimization of Linear Feedback Shift Register Using Clock Gating

PART FOUR. Polyalphabetic Substitution Systems PERIODIC POLYALPHABETIC SUBSTITUTION SYSTEMS

Asynchronous (Ripple) Counters

Notes on Digital Circuits

SECURED EEG DISTRIBUTION IN TELEMEDICINE USING ENCRYPTION MECHANISM

Training Note TR-06RD. Schedules. Schedule types

COMP sequential logic 1 Jan. 25, 2016

DIGITAL CIRCUIT LOGIC UNIT 11: SEQUENTIAL CIRCUITS (LATCHES AND FLIP-FLOPS)

BLOCK CIPHER AND NON-LINEAR SHIFT REGISTER BASED RANDOM NUMBER GENERATOR QUALITY ANALYSIS

Digital Fundamentals: A Systems Approach

Sequential Circuit Design: Principle

Fault Analysis of GRAIN-128

Dynamic Power Reduction in Sequential Circuits Using Look Ahead Clock Gating Technique R. Manjith, C. Muthukumari

Contents Circuits... 1

VLSI Test Technology and Reliability (ET4076)

Chapter 9 Counters. Clock Edge Output Q 2 Q 1 Q

EECS150 - Digital Design Lecture 3 Synchronous Digital Systems Review. Announcements

Individual Project Report

Transcription:

Stream Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -7232 Classifications Objectives Feedback Based Stream Ciphers Linear Feedback Shift Registers m sequences Low Power Ajit Pal IIT Kharagpur

Block vs Stream Ciphers Differences are not definitive. Blocks Ciphers process plaintext in large blocks. Stream Ciphers process plaintext in small blocks, even bits Pure Block ciphers are memory-less. Stream cipher encryption depends not only on the plaintext, key but also on the current state, One Time Pad A Vernam cipher over the binary alphabet is defined by: c = m k, for i =, 2,3,... i i i Unconditionally secured, H(K) H(M) Low Power Ajit Pal IIT Kharagpur 2

One Time Pad Drawback: key as long as the plaintext. This motivates the design of stream ciphers where the key stream is generated from a small key. The intent is protection against computationally bounded adversary. Synchronous Stream Ciphers Keystream is generated independently of the plaintext message and of the ciphertext. Encryption process: Updating a state variable using σ i+ = f(σ i, k) Generating a key stream, z i = g(σ i, k) Producing the ciphertext stream, Ci = h(z i, m i ) E.g.: Binary Additive Stream Cipher: streams are binary and h is Low Power Ajit Pal IIT Kharagpur 3

General Model of a synchronous stream cipher Properties of Synchronous Stream Ciphers. Synchronization Requirements:. Sender and Receiver must be synchronized using the same key and operating at the same state within that key 2. Insertion/Deletion may cause loss of synchronization 3. Re-synchronization may need re-initialization and/or special marks in the stream at regular intervals. 2. No Error Propagation:. Modified digit does not affect decryption of other digits 3. Active Attacks:. Insertion/Deletion/Replay cause loss of synchronization, thus is detected by the decryptor. 2. Due to lack of error propagation, the adversary can determine ciphertext and plaintext pairs. Low Power Ajit Pal IIT Kharagpur 4

Self Synchronization Stream Ciphers A self-synchronizing or asynchronous stream cipher is one in which the key stream is generated as a function of: the key a fixed number of previous ciphertext digits. Self Synchronization Stream Ciphers σ i = (C i-t, C i-t+,, C i- ) z i = g(σ i, k) C i = h(z i, m i ) where σ = (C -t, C -t+,, C - ) is the initial state and z i is the keystream and c i is the cipher-stream Low Power Ajit Pal IIT Kharagpur 5

General Model of a selfsynchronization stream cipher Properties Self-synchronization: possible with insertions/deletions (at most t digits may be lost) Limited Error Propagation: digit modification/insertion/deletion may cause incorrect decryption of up to t digits. Active Attacks Modification can be detected due to incorrect decryption better than synchronous stream ciphers. It is more difficult than for synch. stream ciphers to detect insertion / deletion / replay of ciphertext digits. Diffusion of plaintext statistics: Better Low Power Ajit Pal IIT Kharagpur 6

Need for Modes of Block Ciphers Block Ciphers deal with blocks of data In real life there are two important issues: plaintext much larger than a typical block length of 28 bits plaintext not a multiple of the block length The obvious solution is the first mode, called the Electronic Code Book (ECB) These modes were first standardized in FIPS Publication 8 in 98. Example: bit CFB I =IV -bit shift key I j n c j- -bit shift I j E E key Leftmost bit x j + o j c j + o j x j Encryption decryption Low Power Ajit Pal IIT Kharagpur 7

Feedback Shift Registers They are the basic blocks of many keystream generators. Linear Feedback Shift Registers (LFSRs) well suited for hardware implementations can produce sequences of large period good statistical properties can be analyzed by algebraic techniques Linear Feedback Shift Registers An LFSR of length L consists of L stages (or delay elements) capable of storing bit each and a clock controlling the movement of data. During each unit of time: Content of stage is output Content of stage j is moved to stage j- for each j ( to L- ) New content of stage L- is the feedback bit computed as sum without carry of previous contents of a fixed subset of stages. Low Power Ajit Pal IIT Kharagpur 8

An LFSR of length L Denoted as <L,C(D)> C(D)=+c D+ +c L D L is called the connection polynomial. L is the length of the LFSR Example Consider the LFSR <4,+D+D 4 > Low Power Ajit Pal IIT Kharagpur 9

Low Power Ajit Pal IIT Kharagpur Sequence of the LFSR 7 6 5 4 3 2 D D D 2 D 3 t Sequence of the LFSR 5 4 3 2 9 8 D D D 2 D 3 t

Periodicity of the LFSR sequences If C(D) is a connection polynomial of degree L and is irreducible over Z 2, then each of the 2 L - non-zero initial states of the LFSR produces an output sequence with period equal to the least positive integer N, such that C(D) divides +D n Periodicity of the LFSR sequences For some polynomials all the cycle lengths are equal to 2 L -. These polynomials are called primitive polynomials. The sequence is then called m-sequence. It has good statistical properties. Example: +D+D 4 was also primitive and thus we obtained a maximum length LFSR. Low Power Ajit Pal IIT Kharagpur

Reconstructing the LFSR? Given a sequence can we reconstruct the LFSR which generates the sequence. Generating the sequence An LFSR is said to generate a sequence s if there is some initial state for which the output sequence of an LFSR is s. A sequence of finite length n is denoted by s n. Low Power Ajit Pal IIT Kharagpur 2

Linear Complexity Linear Complexity of an infinite binary sequence s, denoted L(s) is defined as:. If s is the sequence, L(s)= 2. If no LFSR generates s, L(s)= 3. otherwise, L(s) is the length of the shortest LFSR that generates s. Linear Complexity for a finite sequence Linear Complexity for a finite sequence s n, is the shortest LFSR that generates a sequence having s n as its first n terms. Low Power Ajit Pal IIT Kharagpur 3

Example Reconstruct an LFSR (of the shortest length) which generates the sequence. Points to Ponder! Can you modify the LFSR with connection polynomial primitive to include the all state? Low Power Ajit Pal IIT Kharagpur 4

Further Reading D. Stinson, Cryptography: Theory and Practice, Chapman & Hall/CRC A. Menezes, P. Van Oorschot, Scott Vanstone, Handbook of Applied Cryptography (Available online) Next Days Topic Stream Ciphers (contd.) Low Power Ajit Pal IIT Kharagpur 5

2024 © artsdocbox.com Privacy Policy | Terms of Service | Feedback