Códigos y Criptografía Francisco Rodríguez Henríquez A Short Introduction to Stream Ciphers.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

1 KCipher-2 KDDI R&D Laboratories Inc.. ©KDDI R&D Laboratories Inc. All rights Reserved. 2 Introduction LFSR-based stream ciphers Linear recurrence between.
“Advanced Encryption Standard” & “Modes of Operation”
CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers
LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.
An Introduction to Stream Ciphers Zahra Ahmadian Electrical Engineering Department Sahrif University of Technology
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
Session 2: Secret key cryptography – stream ciphers – part 2.
Stream ciphers 2 Session 2. Contents PN generators with LFSRs Statistical testing of PN generator sequences Cryptanalysis of stream ciphers 2/75.
CIS 5371 Cryptography 3b. Pseudorandomness.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Block Ciphers and the Data Encryption Standard
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Stream Ciphers.
 We spoke about defense challenges  Crypto introduction o Secret key, public algorithms o Symmetric, asymmetric crypto, one-way hashes  Attacks on cryptography.
Session 2 Symmetric ciphers 1. Stream cipher definition Recall the Vernam cipher: Plaintext Ciphertext (Running) key
Announcements: Matlab: tutorial available at Matlab: tutorial available at
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
Stream cipher diagram + + Recall: One-time pad in Chap. 2.
Ref. Cryptography: theory and practice Douglas R. Stinson
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Announcements: Assignment 2 finalized Assignment 2 finalizedQuestions?Today: Wrap up Hill ciphers Wrap up Hill ciphers One-time pads and LFSR One-time.
EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.
Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
ORYX 1 ORYX ORYX 2 ORYX  ORYX not an acronym, but upper case  Designed for use with cell phones o To protect confidentiality of voice/data o For “data.
Session 2: Secret key cryptography – stream ciphers – part 1.
Computer Security CS 426 Lecture 3
Block and Stream Ciphers1 Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.
Cryptography Week-6.
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
EE5552 Network Security and Encryption block 4 Dr. T.J. Owens CEng MIET Dr T. Itagaki MIET, MIEEE, MAES.
Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.
Cryptography Lecture 8 Stefan Dziembowski
symmetric key cryptography
One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
CS555Spring 2012/Topic 51 Cryptography CS 555 Topic 5: Pseudorandomness and Stream Ciphers.
Stream Ciphers Making the one-time pad practical.
Stream Cipher July 2011.
Session 1 Stream ciphers 1.
Some Number Theory Modulo Operation: Question: What is 12 mod 9?
Multiple Encryption & DES  clearly a replacement for DES was needed Vulnerable to brute-force key search attacks Vulnerable to brute-force key search.
Chapter 9: Algorithms Types and Modes Dulal C. Kar Based on Schneier.
Part 9, Basic Cryptography 1. Introduction A cryptosystem is a tuple: ( M,K,C, E,D) where M is the set of plaintexts K the set of keys C the set of ciphertexts.
CRYPTANALYSIS OF STREAM CIPHER Bimal K Roy Cryptology Research Group Indian Statistical Institute Kolkata.
Introduction to Modern Symmetric-key Ciphers
Códigos y Criptografía Francisco Rodríguez Henríquez Códigos y Criptografía Francisco Rodríguez Henríquez CINVESTAV
NEW DIRECTIONS IN CRYPTOGRAPHY Made Harta Dwijaksara, Yi Jae Park.
Stream Cipher Introduction Pseudorandomness LFSR Design
University of Malawi, Chancellor College
Slide 1 Vitaly Shmatikov CS 378 Stream Ciphers. slide 2 Stream Ciphers uRemember one-time pad? Ciphertext(Key,Message)=Message  Key Key must be a random.
Information and Network Security Lecture 2 Dr. Hadi AL Saadi.
Understanding Cryptography – A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Chapter 2 – Stream Ciphers These slides were.
หัวข้อบรรยาย Stream cipher RC4 WEP (in)security LFSR CSS (in)security.
Modes of Operation block ciphers encrypt fixed size blocks – eg. DES encrypts 64-bit blocks with 56-bit key need some way to en/decrypt arbitrary amounts.
Introduction to Modern Symmetric-key Ciphers
STREAM CIPHERS by Jennifer Seberry.
Cryptography and Network Security Chapter 7
CH 6. Stream Ciphers Information Security & IoT Lab 김해용
Cryptography Lecture 15.
Stream Cipher Structure
Presentation transcript:

Códigos y Criptografía Francisco Rodríguez Henríquez A Short Introduction to Stream Ciphers

Códigos y Criptografía Francisco Rodríguez Henríquez One-Time Pad or Vernam Cipher The one-time pad, which is a provably secure cryptosystem, was developed by Gilbert Vernam in The message is represented as a binary string (a sequence of 0’s and 1’s using a coding mechanism such as ASCII coding. The key is a truly random sequence of 0’s and 1’s of the same length as the message. The encryption is done by adding the key to the message modulo 2, bit by bit. This process is often called exclusive or, and is denoted by XOR. The symbol  is used. ab c = a  b

Códigos y Criptografía Francisco Rodríguez Henríquez One-Time Pad or Vernam Cipher Example: Let the message be IF then its ASCII code be ( ) and the key be ( ). The ciphertext can be found exoring message and key bits Encryption: plaintext key ciphertext= (v) Decryption: ciphertext key plaintext

Códigos y Criptografía Francisco Rodríguez Henríquez Why One-Time Pad is provably secure? Or how can we prove it is unbreakable? The security depends on the randomness of the key. It is hard to define randomness. In cryptographic context, we seek two fundamental properties in a binary random key sequence: 1.Unpredictability: Independent of the number of the bits of a sequence observed, the probability of guessing the next bit is not better than ½. Therefore, the probability of a certain bit being 1 or 0 is exactly equal to ½. 2.Balanced (Equal Distribution): The number of 1’s and 0’s should be equal.

Códigos y Criptografía Francisco Rodríguez Henríquez Mathematical Proof the probability of a key bit being 1 or 0 is exactly equal to ½. The plaintext bits are not balanced. Let the probability of 0 be x and then the probability of 1 turns out to be 1-x. Let us calculate the probability of ciphertext bits. m i prob.k i prob.c i prob. 0 x0 ½0 ½ x 0 x1 ½1 ½ x 1 1-x0 ½1 ½ (1-x) 1 1-x1 ½0 ½ (1-x) We find out the probability of a ciphertext bit being 1 or 0 is equal to (½)x + (½)(1-x) = ½. Ciphertext looks like a random sequence.

Códigos y Criptografía Francisco Rodríguez Henríquez A Practical One-Time Pad A satellite produces and broadcasts several random sequences of bit at a rate fast enough such that no computer can store more than a very small fraction of them. Alice & Bob use a PKC to agree on a method of sampling bits from these random sequences. They use these bits to form a key for one-time pad. Eve, in theory, can break the PKC they used even though doing so is difficult. But by the time she breaks it, random bits Alice & Bob collected disappeared and Eve can not decrypt the message since she hasn’t got the resources to store all the random bits that have been broadcast.

Códigos y Criptografía Francisco Rodríguez Henríquez Symmetric-key ciphers Encrypt individual characters at a time, Faster and less complex in hardware, They are desirable in some applications in which buffering is limited bits must be individually processed as they are received. Transmission errors are highly probable. Vast amount of theoretical knowledge. Various design principles. Widely being used at present, will probably be used in the future.

Códigos y Criptografía Francisco Rodríguez Henríquez Basic Idea comes from One-Time-Pad cipher, Encryption : m i : plain-text bits. k i : key (key-stream ) bits c i : cipher-text bits. Decryption : Provably Secure. Drawback : Key-stream should be as long as plain-text. Key distribution & Management difficult. Solution : Stream Ciphers (in which key-stream is generated in pseudo-random fashion from relatively short secret key.

Códigos y Criptografía Francisco Rodríguez Henríquez Randomness : Closely related to unpredictability. Pseudo-randomness :PR sequences appears random to a computationally bounded adversary. Stream Ciphers can be modeled as Finite-state machine. S i F G S i+1 kiki mimi cici S i : state of the cipher at time t = i. F : state function. G : output function. Initial state, output and state functions are controlled by the secret key.

Códigos y Criptografía Francisco Rodríguez Henríquez 1.Synchronous Stream Ciphers Key-stream is independent of plain and cipher-text. Both sender &receiver must be synchronized. Resynchronization can be needed. No error propagation. Active attacks can easily be detected. 2. Self-Synchronizing Stream Ciphers Key-stream is a function of fixed number t of cipher-text bits. Limited error propagation (up to t bits). Active attacks cannot be detected. At most t bits later, it resynchronizes itself when synchronization is lost. It helps to diffuse plain-text statistics.

Códigos y Criptografía Francisco Rodríguez Henríquez Analysis Efforts to evaluate the security of stream ciphers. 1. Mathematical Analysis Period and Linear Complexity, Security against Correlation Attacks. 2. Pseudo-randomness Testing Statistical Tests, Linear Complexity, Ziv-Lempel Complexity Maximum Order Complexity, Maurer’s Universal Test. In testing, all the tests are applied to as many key-streams of different lengths as possible.

Códigos y Criptografía Francisco Rodríguez Henríquez Linear Feedback Shift Register (LFSR) Sequences The sequence Can be described by giving the initial values x 1 = 0, x 2 = 1, x 3 = 0, x 4 = 0, x 5 = 0; and the linear recurrence relation x n+5 = x n +x n+2 mod 2.

Códigos y Criptografía Francisco Rodríguez Henríquez Linear Feedback Shift Register (LFSR) Sequences More generally, consider a linear recurrence relation of length m: Where the coefficients C i are integers. If we specify the initial values x 1, x 2, …, x m, then all subsequent values of x n can be computed using the recurrence. A recurrence can be implemented in hardware/software applications by using a linear feedback shift register (LFSR).

Códigos y Criptografía Francisco Rodríguez Henríquez Linear Feedback Shift Register - LFSR Output sequence : Connection Polynomial If C(x) is primitive, LFSR is called maximum-length, and the output sequence is called m-sequence and its period is T = 2 L -1. m-sequences have good statistical properties. However, they are predictable. c 1 c 2 c L c i = 0 or 1

Códigos y Criptografía Francisco Rodríguez Henríquez If 2L successive bits of an m-sequence are known, the shortest LFSR which produces the rest of the sequence can be found using Berlekamp-Massey (BM) algorithm. Generally, the length of the shortest LFSR which generates a sequence is called linear complexity. Stream Cipher Designs Based on LFSRs LFSRs generate m-sequence. However, “ Linearity is the curse of cryptographer.” The methods of utilizing LFSRs as building blocks in the stream cipher design. The design principle : Use other blocks which introduce non-linearity while preserving the statistical properties of m-sequences.

Códigos y Criptografía Francisco Rodríguez Henríquez Nonlinear combination Generators Nonlinear Combiner Function F LFSR-L 1 LFSR-L 2 LFSR-L n output The Combiner Function should be, 1. Balanced, 2. Highly nonlinear, 3. Correlation Immune.

Códigos y Criptografía Francisco Rodríguez Henríquez Utilizing the algebraic normal form of the combiner function we can compute the linear complexity of the output sequence. Example (Geffe Generator ) : If the lengths of the LFSRs are relatively prime and all connection polynomials are primitive, then When we inspect the truth table of the combiner function we gain more insight about the security of Geffe generator.

Códigos y Criptografía Francisco Rodríguez Henríquez x 1 x 2 x 3 z = F(x 1,x 2,x 3 ) The combiner function is balanced. However, the correlation probability, Geffe generator is not secure.

Códigos y Criptografía Francisco Rodríguez Henríquez Nonlinear Filter Generator LFSR Filter Function output Upper bound for linear complexity, m : nonlinear order of the filter function. When L and m are big enough, the linear complexity will become large.

Códigos y Criptografía Francisco Rodríguez Henríquez Clock-controlled Generators An LFSR can be clocked by the output of another LFSR. This introduces an irregularity in clocking of the first LFSR, hence increase the linear complexity of its output. Example : Shrinking Generator LFSR - S LFSR - A sisi aiai s i = 1 output a i s i = 0 discard a i

Códigos y Criptografía Francisco Rodríguez Henríquez Relatively new design. However, it is analyzed and it seems secure under certain circumstances.

Códigos y Criptografía Francisco Rodríguez Henríquez Different Designs SEAL, RC4. They use expanded key tables, Fast in software, Look secure, They have not been fully analyzed yet, Efficient analysis tools are not developed.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.