1 Lect. 10 : Cryptanalysis. 2 Block Cipher – Attack Scenarios  Attacks on encryption schemes  Ciphertext only attack: only ciphertexts are given  Known.

Slides:

Advertisements

Similar presentations

Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.

Advertisements

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

SBSeg 2007, NCE/UFRJ, Rio de Janeiro Linear Analysis of reduced- round CAST-128 and CAST-256 Jorge Nakahara Jr 1 Mads Rasmussen 2 1 UNISANTOS, Brazil 2.

Stream ciphers 2 Session 2. Contents PN generators with LFSRs Statistical testing of PN generator sequences Cryptanalysis of stream ciphers 2/75.

Cryptography and Network Security Chapter 3

Block Ciphers and the Data Encryption Standard

Cryptography and Network Security

Analysis and design of symmetric ciphers David Wagner University of California, Berkeley.

Data Encryption Standard (DES)

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Cryptanalysis Fundamentals of Symmetric-Key Cryptography Introduction to Practical Cryptography.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Towards a unifying view of block cipher cryptanalysis David Wagner University of California, Berkeley.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

Session 6: Introduction to cryptanalysis part 2. Symmetric systems The sources of vulnerabilities regarding linearity in block ciphers are S-boxes. Example.

JLM :161 Homework 6 – Problem 1 S-box 4 is observed to have the indicated output xor when presented with the indicated inputs In1: 0x22, In2:

Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

ICS 454: Principles of Cryptography

Cryptography and Network Security Chapter 3. Chapter 3 – Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working on Stern's.

Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.

Cryptanalysis on Substitution- Permutation Networks Jen-Chang Liu, 2005 Ref: Cryptography: Theory and Practice, D. R. Stinson.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

Chapter 3 – Block Ciphers and the Data Encryption Standard

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Cryptanalysis. The Speaker  Chuck Easttom  

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on “A Tutorial on Linear and Differential Cryptanalysis” by Howard Heys.] Modern block ciphers.

The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.

Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.

Block ciphers 2 Session 4. Contents Linear cryptanalysis Differential cryptanalysis 2/48.

Differential Cryptanalysis - quite similar to linear cryptanalysis - exploits the relationship between the difference of two inputs and the difference.

Aug. 27, 1998KCDSA Task Force Team1 Specification and Analysis of CRYPTON V1.0 Chae Hoon Lim Future Systems, Inc.

Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:

Cryptographic Attacks on Scrambled LZ-Compression and Arithmetic Coding By: RAJBIR SINGH BIKRAM KAHLON.

1 Number Theory and Advanced Cryptography 5. Cryptanalysis of RSA Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.

BLOCK CIPHER SYSTEMS OPERATION MODES OF DATA ENCRYPTION STANDARD (DES)

The Latest Attacks on AES Mehrdad Abdi 1 بسم الله الرحمن الرحیم.

DIFFERENTIAL CRYPTANALYSIS Chapter 3.4. Ciphertext only attack. The cryptanalyst knows the cryptograms. This happens, if he can eavesdrop the communication.

CS555Spring 2012/Topic 101 Cryptography CS 555 Topic 10: Block Cipher Security & AES.

Le Trong Ngoc Security Fundamentals (2) Encryption mechanisms 4/2011.

Introduction to Information Security Lect. 6: Block Ciphers.

1 Symmetric key cryptography: DES DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64 bit plaintext input How secure.

The RC5 Encryption Algorithm: Two Years On Lisa Yin RC5 Encryption –Ron Rivest, December 1994 –Fast Block Cipher –Software and Hardware Implementations.

Block Ciphers and the Advanced Encryption Standard

CRYPTOGRAPHY PRESENTED BY : NILAY JAYSWAL BRANCH : COMPUTER SCIENCE & ENGINEERING ENTRY NO. : 14BCS033 1.

Data Encryption Standard (DES)

© Information Security Group, ICU1 Block Cipher- introduction  DES Description: Feistel, S-box Exhaustive Search, DC and LC Modes of Operation  AES Description:

DES Analysis and Attacks CSCI 5857: Encoding and Encryption.

Linear Cryptanalysis of DES

Block Cipher- introduction

1 The Data Encryption Standard. 2 Outline 4.1 Introduction 4.4 DES 4.5 Modes of Operation 4.6 Breaking DES 4.7 Meet-in-the-Middle Attacks.

David Evans CS551: Security and Privacy University of Virginia Computer Science Lecture 4: Dissin’ DES The design took.

CS519, © A.SelcukDifferential & Linear Cryptanalysis1 CS 519 Cryptography and Network Security Instructor: Ali Aydin Selcuk.

RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer.

CS548_ ADVANCED INFORMATION SECURITY Jong Heon, Park / Hyun Woo, Cho Paper Presentation #1 Improved version of LC in attacking DES.

Linear Cryptanalysis of DES M. Matsui. 1.Linear Cryptanalysis Method for DES Cipher. EUROCRYPT 93, 1994.Linear Cryptanalysis Method for DES Cipher 2.The.

1 Differential Cryptanalysis.  Introduction ◦ Biham and Shamir : CR90, CR92 ◦ Efficient than Key Exhaustive Search ◦ Chosen Plaintext Attack ◦ O(Breaking.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

Markov Ciphers and Differential Cryptanalysis Jung Daejin Lee Sangho.

CST 312 Pablo Breuer. A block of plaintext is treated as a whole and used to produce a ciphertext block of equal length Typically a block size of 64 or.

@Yuan Xue Announcement Project Release Team forming Homework 1 will be released next Tuesday.

Computer and Information Security Chapter 6 Advanced Cryptanalysis 1.

CH15 –Security & Crypto.

مروري برالگوريتمهاي رمز متقارن(كليد پنهان)

Introduction to Modern Symmetric-key Ciphers

Cryptanalysis of Block Ciphers

Presentation transcript:

1 Lect. 10 : Cryptanalysis

2 Block Cipher – Attack Scenarios  Attacks on encryption schemes  Ciphertext only attack: only ciphertexts are given  Known plaintext attack: (plaintext, ciphertext) pairs are given  Chosen plaintext attack: (chosen plaintext, corresponding ciphertext) pairs  Adaptively chosen plaintext attack  Chosen ciphertext attack: (chosen ciphertext, corresponding plaintext) pairs  Adaptively chosen ciphertext attack E K D K Plaintext Ciphertext Plaintext Ciphertext Encryption Oracle Decryption Oracle

3 Cryptanalysis of Block Ciphers  Statistical Cryptanalysis  Differential cryptanalysis (DC)  Linear Cryptanalysis (LC)  Various key schedule cryptanalysis  Algebraic Cryptanalysis  Interpolation attacks  Side Channel Cryptanalysis  timing attacks  differential fault analysis  differential power analysis, etc.

4 Cryptanalysis of Block Ciphers - DC  Differential Cryptanalysis E. Biham and A. Shamir : Crypto90, Crypto92 Chosen plaintext attack, O(Breaking DES 16 ~ 2 47 ) Look for correlations in Round function input and output (DES : 2 47 )  high-probability differentials, impossible differentials  truncated differentials, higher-order differentials E Input difference Output difference Statistically non-uniform probability distribution: higher prob. for some fixed pattern  X &  Y  X = X  X  Y = Y  Y Prob. K * E.Biham, A. Shamir,”Differential Cryptanalysis of the Data Encryption Standard”, Springer-Verlag, 1993

5 Cryptanalysis of Block Ciphers - LC  Linear Cryptanalysis Matsui : Eurocrypt93, Crypto94 Known Plaintext Attack, O(Breaking DES 16 ) ~ 2 43 Look for correlations between key and cipher input and output  linear approximation, non-linear approximation,  generalized I/O sums, partitioning cryptanalysis E Input X Output Y Linear equation between some bits of X, Y and K may hold with higher prob. than others K * M. Matsui, ”Linear Cryptanalysis Method for DES Cipher”, Proc. of Eurocrypt’93,LNCS765, pp

6 Other Attacks on Block Ciphers  Algebraic Cryptanalysis deterministic/probabilistic interpolation attacks  Key Schedule Cryptanalysis Look for correlations between key changes & cipher input/output  equivalent keys, weak or semi-weak keys  related key attacks  Side-Channel Cryptanalysis timing attacks differential fault analysis differential power analysis, etc.

Traditional Cryptographic Model vs. Side Channel 7 Side Channel Power Consumption / Timing / EM Emissions / Acoustic Radiation / Temperature / Power Supply / Clock Rate, etc. E()D() Key Attacker Ke Kd C C=E(P,Ke) P=D(C,Kd) Insecure channel Secure channel PD

Model of Attack -Embedded security 8