Information and Computer Security CPIS 312 Lab 4 & 5 Symmetric key cryptography TRIGUI Mohamed Salim
Lab Objectives Students differentiate between stream cipher and block cipher. Students understand what is LSFR Students will learn how A5/1 algorithm works. Students will try to apply A5/1 algorithm practically. Students will learn how RC4 algorithm works. Students will try to apply RC4 algorithm practically.
Lab Outcomes At the end of this lab, students will be able to work with A5/1 algorithms as example of stream cipher by testing it practically during the lab. At the end of this lab, students will be able to work with RC4 algorithms as example of stream cipher by testing it practically during the lab.
Stream cipher A stream cipher is a symmetric cipher where convert one symbol of Plaintext immediately into a symbol of Ciphertext. Algorithms: Use one of the algorithms to generate the Key Stream (S) from the Key (K) C = P S; where C is the ciphertext, and P is the plaintext
Block cipher Encrypts a group of plaintext symbols as one block. It works on blocks of plaintext and produce blocks of ciphertext The columnar transposition is an example of block ciphers A block cipher might take a 128-bit block of plaintext as input, and output.
Feedback Function : XOR LFSR structure A5/1 based on Linear Feedback Shift Registers Purpose - to produce pseudo random bit sequence Consists of two parts : shift register – bit sequence feedback function Tap Sequence : bits that are input to the feedback function b1 b2 b3 b4 ... bn-1 bn output new value Feedback Function : XOR
LFSR features LFSR Period – the length of the output sequence before it starts repeating itself. n-bit LFSR can be in 2n-1 internal states the maximal period is also 2n-1 the tap sequence determines the period the polynomial formed by a tap sequence plus 1 must be a primitive polynomial (mod 2) What is primitive polynomial? Boolean polynomial p(x) that can be used to compute the increasing powers of n of x^n mod p(x), to obtain all possible non-zero polynoomials of degree less than p(x)
LFSR example x12+x6+x4+x+1 corresponds to LFSR of length 12 b1 b2 b3
A5/1 A5/1 consists of 3 shift registers X: 19 bits (x18,x17,x16, …,x0) Y: 22 bits (y21,y20,y19, …,y0) Z: 23 bits (z22,z21,z20, …,z0)
A5/1 At each step: m = maj(x8, y10, z10) If x8 = m then X steps Examples: maj(0,1,0) = 0 and maj(1,1,0) = 1 If x8 = m then X steps t = x18 x17 x16 x13 xi = xi1 for i = 18,17,…,1 and x0 = t If y10 = m then Y steps t = y21 y20 yi = yi1 for i = 21,20,…,1 and y0 = t If z10 = m then Z steps t = z22 z21 z20 z7 zi = zi1 for i = 22,21,…,1 and z0 = t Keystream bit is x18 y21 z22
A5/1 Each value is a single bit Key is initial fill of register X x18 x17 x16 x15 x14 x13 x12 x11 x10 x9 x8 x7 x6 x5 x4 x3 x2 x1 x0 Y y21 y20 y19 y18 y17 y16 y15 y14 y13 y12 y11 y10 y9 y8 y7 y6 y5 y4 y3 y2 y1 y0 Z z22 z21 z20 z19 z18 z17 z16 z15 z14 z13 z12 z11 z10 z9 z8 z7 z6 z5 z4 z3 z2 z1 z0 Each value is a single bit Key is initial fill of register Each register steps or not, based on (x8, y10, z10) Keystream bit is XOR of left bit of each register
A5/1 Example Each register steps or not, based on (x8, y10, z10) 1 Y 1 1 Z Each register steps or not, based on (x8, y10, z10) Keystream bit is XOR of right bits of registers Each register element is a single bit Key is initial fill of register
A5/1 Example We have m = maj(0,1,1) = 1 Y Z 1 Y 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 = 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Z 1 1 0 1 = 1 We have m = maj(0,1,1) = 1 Register X does nothing Registers Y and Z step Keystream bit is 0 0 1 = 1
RS4 Invented by Ron Rivest “RC” is “Ron’s Code” or “Rivest Cipher” A stream cipher Generate keystream byte at a step: Efficient in software Simple and elegant Used lots of places: WEP, etc. Most popular stream cipher in existence
RS4 algorithm Two phases Initialization (Key Setup) f = ( f + Si+ Kg) mod 256 Swap Si with Sf key stream byte (Ciphering (XOR)) i=f=0 i = ( i + 1) mod 256 & f = ( f + Si) mod 256 t= (Si + Sf ) mod 256 KeystreamByte = S[t]
We use 4 bytes state, and 2 bytes key RS4 example We use 4 bytes state, and 2 bytes key Initialization (Key Setup) Iteration 1 i=f=g=0 S[]=[s0, s1, s2, s3]= [0, 1, 2, 3] K[]= [k0, k1]= [2, 5] f = (f + S0+ K0) mod 4 f = (0 + 0+ 2) mod 4=2 Then Swap S0 with S2 New array S[]=[s0, s1, s2, s3]= [2, 1, 0, 3] i=0+1=1 g=(0+1) mod 2=1
RS4 example Iteration 2 i=1, f=2, g=1 S[]=[s0, s1, s2, s3]= [2, 1, 0, 3] K[]= [k0, k1]= [2, 5] f = (f + S1+ K1) mod 4 f = (2 + 1+ 5) mod 4=0 Then Swap S1 with S0 New array S[]=[s0, s1, s2, s3]= [1, 2, 0, 3] i=1+1=2 g=(1+1) mod 2=0
RS4 example Iteration 3 i=2, f=0, g=0 S[]=[s0, s1, s2, s3]= [1, 2, 0, 3] K[]= [k0, k1]= [2, 5] f = (f + S2+ K0) mod 4 f = (0 + 0+ 2) mod 4=2 Then Swap S2 with S2 New array S[]=[s0, s1, s2, s3]= [1, 2, 0, 3] i=2+1=3 g=(0+1) mod 2=1
RS4 example Iteration 4 i=3, f=2, g=1 S[]=[s0, s1, s2, s3]= [1, 2, 0, 3] K[]= [k0, k1]= [2, 5] f = (f + S3+ K1) mod 4 f = (2 + 3+ 5) mod 4=2 Then Swap S3 with S2 New array S[]=[s0, s1, s2, s3]= [1, 2, 3, 0]
RS4 example Our plaintext is: HI key stream byte “H” i=f=0 S[]=[s0, s1, s2, s3]= [1, 2, 3, 0] i = (i + 1) mod 4 i = (0 + 1) mod 4=1 f = (f + si) mod 4 f = (0 + 2) mod 4=2 Then Swap S1 with S2 New array S[]=[s0, s1, s2, s3]= [1, 3, 2, 0]
RS4 example t= (S1 + S2 ) mod 4 t= (3 + 2 ) mod 4=1 Key stream Byte = S[1]=3 (0000 0011) H 0100 1000 XOR 0000 0011 0100 1011
RS4 example Our plaintext is: HI “I” i=1, f=2 S[]=[s0, s1, s2, s3]= [1, 3, 2, 0] i = (i + 1) mod 4 i = (1 + 1) mod 4=2 f = (f + si) mod 4 f = (2 + 2) mod 4=0 Then Swap S2 with S0 New array S[]=[s0, s1, s2, s3]= [2, 3, 1, 0]
RS4 example t= (S2 + S0 ) mod 4 t= (1 + 2 ) mod 4=3 Key stream Byte = S[3]=0 (0000 0000) H 0100 1001 XOR 0000 0000 Plaintext: 0100 1000 0100 1001 Ciphertext: 0100 1011 0100 1001