Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 Stream Cipher Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li

Published byAnne Booker Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 5 Stream Cipher Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li"— Presentation transcript:

1 Chapter 5 Stream Cipher Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li http://cst.hit.edu.cn/~lizhijun lizhijun_os@hit.edu.cn

2 Zhijun LiS1034040/Autumn08/HIT2 Outline Stream Cipher Overview Pseudorandom Number Generator PRNGs –LFSR –BBS Stream Ciphers

3 Zhijun LiS1034040/Autumn08/HIT3 Block Cipher Review The ways to encrypt the message –Block ciphers c=c 1 c 2 …=e K (m 1 )e K (m 2 )… –Stream ciphers c=c 1 c 2 …=e k1 (m 1 )e k2 (m 2 )… key stream (k 1,k 2,…) –Block cipher is an instance of Stream cipher The key stream is K, K,…

4 Zhijun LiS1034040/Autumn08/HIT4 Stream Cipher OTP Review: C=P  K and K is a random bits Stream ciphers: –Idea: replace “rand” by “pseudo rand” –Use Pseudorandom Number Generator (PRNG) –PRNG: {0,1} s → {0,1} n –The seed is the secret key E seed [M] = M  PRNG(seed)

5 Zhijun LiS1034040/Autumn08/HIT5 Stream Cipher Architecture Plaintext Short Key: K Encryption Pseudorandom byte generator (key stream generator)  M k C Plaintext Decryption  Pseudorandom byte generator (key stream generator) Short Key: K Ciphertext

6 Zhijun LiS1034040/Autumn08/HIT6 Stream Cipher: Properties More maths –OTP have perfect secrecy –More maths in pseudorandomness Very fast –Encryption based on  The same stream can be used only once –Known-plaintext attack –The period of PRNG should be long Used in many places –Network, DVD, Mobile

7 Zhijun LiS1034040/Autumn08/HIT7 Outline Stream Cipher Overview Pseudorandom Number Generator PRNGs –LFSR –BBS Stream Ciphers

8 Zhijun LiS1034040/Autumn08/HIT8 Definition: A PRNG (Pseudorandom Number Generator) G is deterministic polynomial algorithm s.t. –Expansion:  l(n)>n,  x, |G(x)| = l(|x|) –Pseudorandomness: {G(U n ); n  1} is polynomial indistinguishable from {U l(n) ; n  1}, where U n is a uniform random sequence PRNG

9 Zhijun LiS1034040/Autumn08/HIT9 Definition: Two random sequence {X n ; n  1} and {Y n ; n  1} are polynomial indistinguishable if:  polynomial Boolean function f: {0,1}*  {0,1}  positive polynomial p(x) and n  N |Pr(f(X n )=1) – Pr(f(Y n )=1)| < 1/p(n) Definition: Two random sequence {X n ; n  1} and {Y n ; n  1} are statistical indistinguishable if:  (n) = ½  x  {0,1} n |Pr(X n =x) - Pr(Y n =x)| < 1/p(n) Pseudorandomness

10 Zhijun LiS1034040/Autumn08/HIT10 Statistical Indistinguishable  Polynomial Indistinguishable Polynomial Indistinguishable  Statistical Indistinguishable Theorem: If G is a PRNG, then  (l(n))= ½  x  {0,1} l(n) |Pr(G(U n )=x) - Pr(U l(n) =x)| x  {0,1} l(n) : Pr(G(U n )=x)>0, |X|=2 n (G is deterministic) Pr(G(U n )=x)=0, |X|=2 l(n) -2 n = ½(2 n (2 -n – 2 -l(n) )+(2 l(n) – 2 n )2 -l(n) ) = 1-2 n-l(n)  1-2 n-(n+1) = 1/2 Indistinguishable

11 Zhijun LiS1034040/Autumn08/HIT11 Monobit test: the number of 1’s and 0’s are almost equal Poker test: for a 20,000 bits, divide it into 4-bit segments, let n i is the number of occurrences of a number i, compute X=(16/5000)  i=0 15 n i 2 – 5000, and 1.03<X<57.4 Runs test: for a 20,000 bits, the guideline of runs: Random Test of PRNG 12267-2733 21079-1421 3502-748 Required interval 4223-402 590-223 6+90-223

12 Zhijun LiS1034040/Autumn08/HIT12 If given a l 1 (n)=n+1 PRNG G 1, we can build a generator G with l(n)=p(n) as: –Initialization: s 0 with |s 0 |=n is the input of G –Iteration: G 1 (s i-1 )=x i s i, i=1,2,…,p(n) |s i |=n –Output: G(s 0 ) = x 1 x 2 …x p(n) Fact: The G build as before is a PRNG Expansion of PRNG

13 Zhijun LiS1034040/Autumn08/HIT13 Fact: The existence of PRNG and the existence of one-way function is equivalent –PRNG  One-way function Suppose G is a PRNG with l(n)=2n, if x,y  {0,1}* s.t. |x|=|y|, the function f(x,y)=G(x) f is a one-way function PRNG and One-way Function

14 Zhijun LiS1034040/Autumn08/HIT14 Outline Stream Cipher Overview Pseudorandom Number Generator PRNGs –LFSR –BBS Stream Ciphers

15 Zhijun LiS1034040/Autumn08/HIT15 K2K2 K1K1 K0K0 100 010 101 110 111 011 001 100 z 0 =0; z 1 =0; z 2 =1; z 3 =0; … An LFSR Example Output z2z2 z1z1 z0z0  K2K2 K1K1 K0K0

16 Zhijun LiS1034040/Autumn08/HIT16 C 0, C 1, …, C m-1 are the feedback coefficients C i =0 denotes an open switch (no connection) C i =1 denotes an closed switch (connection) Linear Feedback Shift Register

17 Zhijun LiS1034040/Autumn08/HIT17 LFSR Inside z i+m =  j=0 m-1 C j  z i+j mod 2; C j  {0,1} i=0,1,2,… C 0 C 1 … C m-1 (z i+1, z i+2,…, z i+m-1 )  = z i+m z 3 =z 1  z 0, z 4 =z 2  z 1, …, z i+2 =z i+1  z i z2z2 z1z1 z0z0  K2K2 K1K1 K0K0

18 Zhijun LiS1034040/Autumn08/HIT18 Characteristic Polynomial Definition: for a sequence of {z i }, if z j  c 1  z j-1  c 2  z j-2  …  c L  z j-L = 0, j  L. then the characteristic polynomial for {z i } is p(x) = 1+c 1 x +c 2 x 2 + … +c L x L Example: p(x) = 1+x 2 +x 3 z2z2 z1z1 z0z0  K2K2 K1K1 K0K0

19 Zhijun LiS1034040/Autumn08/HIT19 Characteristic Polynomial Remark The characteristic polynomial is for periodical sequence, not only for LFSR If the period of {a i } is N, then z j -z j-N =0, p(x)=1-x N –Must exist a characteristic polynomial for periodical {a i } –May be many characteristic polynomials for {a i } –If there are two characteristic polynomial f(x) and g(x), then r(x)=gcd(f(x),g(x)) is also a characteristic polynomial –Polynomial with smallest degree is important

20 Zhijun LiS1034040/Autumn08/HIT20 K2K2 K1K1 K0K0 100 010 101 110 111 011 001 100 z j = z j+7 ; j  1 Every LFSR is periodic –Because of limited states –Limited registers in LFSRs Maximum Sequence Length –The maximum period of G z2z2 z1z1 z0z0  K2K2 K1K1 K0K0 The Period of LFSR

21 Zhijun LiS1034040/Autumn08/HIT21 Maximum Length of LFSR Theorem: The maximum sequence length of LFSR is 2 n -1, where n is the number of registers Proof: –For K={k 0, k 1,…, k n }, there are 2 n different states –The sequence for K is K 1,K 2,…,K 2 n,K i,… K i must be in K 1,K 2,…,K 2 n So repeated –If bits in K are all zero, should be excluded –So 2 n -1

22 Zhijun LiS1034040/Autumn08/HIT22 m-sequence Definition: The sequence generated by LFSR with maximum sequence length is m-sequence Remark of m-sequence {z i }: –The period of {z i } is 2 n -1 –Satisfy the Golomb randomness In a period, the number of 0 and 1 is 2 n-1 -1 and 2 n-1 Others …

23 Zhijun LiS1034040/Autumn08/HIT23 Inside for m-sequence Theorem: {a i } is an m-sequence if and only if its characteristic polynomial p(x) is primitive Definition: if p(x) is a irreducible with degree n and its rank of p(x) is 2 n -1, then the p(x) is a primitive polynomial Definition: the rank of p(x) is the minimum p s.t. p(x)|x p -1

24 Zhijun LiS1034040/Autumn08/HIT24 Inside for m-sequence Definition: the generating function of a sequence {a i } is: A(x) =  i=0  a i x i Theorem: if the characteristic polynomial for {a i } p(x)=1+c 1 x+…+c L x L, then A(x) = g(x)/p(x), where g(x) =  j=0 L-1 (  i=0 j c i a j-i )x j Proof: –p(x)A(x)=  j=0 L-1 (  i=0 j c i a j-i )x j +  j=L  (  i=0 L c i a j-i )x j –  i=0 L c i a j-i = 0 –So p(x)A(x) = g(x)

25 Zhijun LiS1034040/Autumn08/HIT25 Inside for m-sequence Theorem: if p(x) with degree n is the characteristic polynomial for {a i }, the rank of p(x) is p and the period of {a i } is r, then r|p Proof: –{a i } is periodical, A(x)=(  n=0 N-1 a n x n )(  k=0  x kN )= (  n=0 N-1 a n x n )/(1-x N ) –p(x)|x p -1  p(x)q(x) = x p -1 –p(x)A(x) = g(x)  (x p -1)A(x) = q(x)g(x) –deg(q(x))=p-n, deg(g(x))=n-1, so deg((x p -1)A(x)) = p-1 –So the N in A(x) is p –a i+p =a i, and let p=kr+t, a i+p =a i+kr+t =a i+t =a i, so t=0 –So r|p

26 Zhijun LiS1034040/Autumn08/HIT26 Inside for m-sequence Theorem: if m(x) is the characteristic polynomial with smallest degree of {a i }, then the period of {a i } = the rank of m(x) (r=p) Proof: –r|p –{a i } can be generated by LFSR with r registers –1-x r is also a characteristic polynomial for {a i } –m(x)|1-x r  x p -1 | 1-x r –p|r

27 Zhijun LiS1034040/Autumn08/HIT27 Inside for m-sequence Fact: an m-sequence (r=2 n -1) iff its characteristic polynomial p(x) with rank 2 n -1 Note: How to find a primitive polynomial –A condition: p(x) is irreducible –A fact: for any n, there must exist a primitive polynomial with degree n –Find: there are table for primitive polynomials –Example: p(x)=x 4 +x+1

28 Zhijun LiS1034040/Autumn08/HIT28 Example: Two LFSRs K3K3 K2K2 K1K1 K0K0 1100 0110 0011 0001 1000 1100 Example1: –m=4 –C 0 =1, C 1 =1, C 2 =1, C 3 =1 –p(x)=1+x+x 2 +x 3 +x 4 –r=5 K3K3 K2K2 K1K1 K0K0 1100 0110 1011 0101 1010 1101 1110 1111 0111 0011 0001 1000 0100 0010 1001 1100 Example2: –m=4 –C 0 =1, C 1 =1, C 2 =0, C 3 =0 –p(x)=1+x+x 4 –r=15=2 4 -1

29 Zhijun LiS1034040/Autumn08/HIT29 Another Focus for LFSR A LFSR with primitive polynomial can produce a m-sequence Another focus: –Given a sequence {a i }, how to build a simplest LFSR to produce {a i } –Definition: for sequence a=a 0,a 1,…,a N-1, the linear complexity of a (or C(a)) is the smallest number of registers in LFSR which can produce a

30 Zhijun LiS1034040/Autumn08/HIT30 Linear Complexity Remark Let the linear complexity of {a i } is L A know-plaintext attack: Complexity: –L is known: use linear relations O(L) –L is unknown: use Berlekamp-Massey algorithm O(L 2 )  L 2 1 c. c c..             n+L-1 n+1 n a. a a..             n+L-2 n n-1 a. a a..       n+L-3 n-1 n-2 a. a a... ….. n-1 n-L+1 n-L a. a a..       … …

31 Zhijun LiS1034040/Autumn08/HIT31 Nonlinear Sequence f() is nonlinear Features: –The period of output sequence is 2 n –The sequence with maximum length is M-sequence –M-sequence has good random properties –The number of M-sequence is 2 2 n-1 - n –#Nonlinear function=2 2 n -2 n, where #linear function=2 n znzn z1z1 z0z0 f(z 0,z 1,…,z n ) …

32 Zhijun LiS1034040/Autumn08/HIT32 Practical Nonlinear Sequence General nonlinear sequence is infant Practical nonlinear sequence –Use m-sequence as the driven sequence –Forward feedback sequence –Nonlinear combination sequence –Clock-controlled sequence

33 Zhijun LiS1034040/Autumn08/HIT33 Forward Feedback Sequence Fact: –Its period is 2 n -1 –Its linear complexity is exponentially increasing  znzn z1z1 z0z0 z2z2 … f output m-sequence

34 Zhijun LiS1034040/Autumn08/HIT34 Nonlinear Combination Sequence Theorem: let r i is the linear complexity of LFSR i, if r i s coprime, then for the output sequence Its period is  i=1 n (2 r i -1) Its linear complexity is f(r 1,…,r n ) LFSR 1 LFSR 2 LFSR n f(x) output

35 Zhijun LiS1034040/Autumn08/HIT35 Geffe Generator f(a 1,a 2,a 3 )=(a 1  a 2 )  ((  a 1 )  a 3 ) If the length of LFSR 1, LFSR 2, LFSR 3 is n 1,n 2,n 3 Its linear complexity is (n 1 +1)n 2 +n 1 n 3 Its period is lcm(n 1,n 2,n 3 ) LFSR 2 LFSR 3 LFSR 1 output addr a2a2 a3a3 a1a1

36 Zhijun LiS1034040/Autumn08/HIT36 Clock-Controlled Sequence Idea: Use some m-sequence to control the back (or forward) of other m-sequences Advantages: –Its linear complexity is exponential with the number of registers in LFSR –Its linear complexity can be controlled easily Disadvantages: –Not good randomness –Many long runs

37 Zhijun LiS1034040/Autumn08/HIT37 Stop-and-go Generator Remark: –Long period and large linear complexity –Correlation attack in LFSR 1 But not weaken the security essentially LFSR 2 LFSR 3 LFSR 1  clock output

38 Zhijun LiS1034040/Autumn08/HIT38 Attack to Nonlinear Sequence Correlation attack Idea: Divide and Conquer Reason: Key space –Brute force:  i=1 n (2 r i -1) –DC attack:  i=1 n 2 r i Method: –If Pr(z k =x i )=1/2+ , then z k is correlated with x i –Search the key space of x i, and use correlation to test LFSR 1 LFSR 2 LFSR n f(x) output correlation zkzk xixi

39 Zhijun LiS1034040/Autumn08/HIT39 A Correlation Attack Example The f is: Y = X 1 if X 3 = 0 = X 2 if X 3 = 1 Prob[P=0] = 0.58 Prob[Y=X 1 ] = 3/4 Prob[Y=X 2 ] =1/4 Prob[C=X 1 ] = Prob[Y=X 1 ]  Prob[P=0] + Prob[Y!=X 1 ]  Prob[P=1] = ? 0.54  0.5 LFSR1 LFSR2 LFSR3 f Y P C  X1X1 X2X2 X3X3

40 Zhijun LiS1034040/Autumn08/HIT40 Outline Stream Cipher Overview Pseudorandom Number Generator PRNGs –LFSR –BBS Stream Ciphers

41 Zhijun LiS1034040/Autumn08/HIT41 Blum Blum Shub Another method to generate the pseudorandom sequence is based on difficult problem Shamir generator –Factoring problem BBS generator –Quadratic residual problem

42 Zhijun LiS1034040/Autumn08/HIT42 Definition: b is a quadratic residue modulo p if  x  Z p * such that x 2  b mod p Q p is the set of all quadratic residues modulo p –Let g be generator of Z p *, then b=g a is a quadratic residue iff. a is even –|Q p | = (p-1)/2 Quadratic Residue

43 Zhijun LiS1034040/Autumn08/HIT43 A element b in Q p has exactly two square roots –b has at least two square roots if x 2  b mod p, then (p-x) 2  b mod p –b has at most two square roots in Z p * if x 2  b mod p and y 2  b mod p –then x 2 – y 2  0 mod p –then p | (x+y)(x-y), either x=y, or x+y=p Square Root of Elements in Q p

44 Zhijun LiS1034040/Autumn08/HIT44 Legendre Symbol The Legendre symbol is defined If p is an odd prime and a is an integer a p = 0 if p|a 1 if a  Q p -1 if a  Q p

45 Zhijun LiS1034040/Autumn08/HIT45 Euler’s Criterion a p Theorem: = a (p-1)/2 mod p Proof: If a = x 2, then a (p-1)/2 = x (p-1) = 1 (mod p) If a (p-1)/2 =1, let a = g j, where g is a generator –Then g j(p-1)/2 = 1 (mod p) –(p-1)|j(p-1)/2, thus j must be even –Therefore, a=g j is a quadratic residue

46 Zhijun LiS1034040/Autumn08/HIT46 let n>2 be odd with prime factorization n = p 1 e1 p 2 e2 …p k ek Definition: The Jacobi symbol of n is Note: The Jacobi symbol can be computed without factoring n! Jacobi Symbol = a n a p1p1 a p2p2 a pkpk … e1e1 e2e2 ekek

47 Zhijun LiS1034040/Autumn08/HIT47 let n>2 be odd with prime factorization n = p 1 e 1 p 2 e 2 …p k e k Fact1: x 2 =a mod p iff x 2 =a mod p e Fact2: x 2 =a mod n iff x 2 =a mod p i e i for all i  {1,…,k} Theorem: x 2 =a mod n has solutions iff = 1 for all i  {1,…,k}, and has 2 k solutions Proof: By CRT –x  b i,1, b i,2 mod p i e i, so has 2 k xs s.t. x 2 =a mod n by CRT x 2 = a mod n a p

48 Zhijun LiS1034040/Autumn08/HIT48 Square Roots of x 2  1 mod pq Fact: if n=pq, then x 2  1 (mod n) has four solutions: x 2  1 (mod n) iff both x 2  1 (mod p) and x 2  1 (mod q) –Two trivial solutions: 1 and n-1 1 is solution to x  1 (mod p) and x  1 (mod q) n-1 is solution to x  -1 (mod p) and x  -1 (mod q) –Two other solutions solution to x  1 (mod p) and x  -1 (mod q) solution to x  -1 (mod p) and x  1 (mod q) Example: n=3  5=15 –x 2  1 (mod 15) has the following solutions: 1, 14; 4, 11(by CRT)

49 Zhijun LiS1034040/Autumn08/HIT49 Blum Blum Shub Generator Blum Blum Shub (BBS) generator Initialization: –For n, select two primes p,q  R [2 n/2-1, 2 n/2 ] such that p  q  3 mod 4 –The seed x 0  R [1, N] such that = =1 Expansion: –For an input sequence x i, x i+1  x i 2 mod n Output: –y i = x i mod 2 x0x0 p x0x0 q

50 Zhijun LiS1034040/Autumn08/HIT50 BBS Generator Example N = 192649 = 383  503 sXiXi YiYi 020749 11431351 21776711 3970480 4899920 51740511 6806491 7456631 8694420 91868940 101770460 111379220 121231751 1386300 141143860 15148631 161330151 171060651 18458700 191371711 20480600

51 Zhijun LiS1034040/Autumn08/HIT51 BBS Generator Analysis Fact: If there is a distinguisher D which tells BBS from random sequence, then D can be converted into a probabilistic polynomial-time algorithm A which guess the x -1 mod 2 given x 0  Z N Q+ (D  A) Note: N=pq, p and q are two primes –Z N Q+ = {x  Z N | = = 1} –Z N Q- = {x  Z N | = = -1} x p x q x p x q

52 Zhijun LiS1034040/Autumn08/HIT52 Quadratic Residue Problem Definition: Given N=pq, and an integer x  Z N Q, the QRP is does x  Z N Q+ ? Fact: From algorithm A, we can build algorithm B (A  B) Algorithm B(N,x) where x  Z N Q (1) Let x 0  x 2 mod N (2) Call A(N,x 0 ) = b  {0,1} (3) If b  x mod 2 then x  Z N Q+, else x  Z N Q-

53 Zhijun LiS1034040/Autumn08/HIT53 Why B can Work? Theorem: If N=pq with p  q  3 mod 4, then each quadratic residue mod N has exactly one square root which is a quadratic residue Proof: –x 2  a mod N have four solutions: r 1 =(b mod p, c mod q), -r 1 =(-b mod p, -c mod q), r 2 =(-b mod p, c mod q), -r 2 =(b mod p, -c mod q) – = = because =(-1) (p-1)/2 =(-1) 2m+1 =-1 – = = - r1r1 N b p c q -r 1 N p r2r2 N b p c q p r1r1 N

54 Zhijun LiS1034040/Autumn08/HIT54 Why B can Work? For algorithm A –The x -1 is a quadratic residue –A(N,x 0 ) mod 2 is the parity bit of x -1 For Algorithm B(N,x) –(1) Let x 0  x 2 mod N –(2) Call A(N,x 0 ) = b  {0,1} –(3) If b  x mod 2 then x  Z N Q+, else x  Z N Q- –If b is the parity bit of x, x is a quadratic residue

55 Zhijun LiS1034040/Autumn08/HIT55 Outline Stream Cipher Overview Pseudorandom Number Generator PRNGs –LFSR –BBS Stream Ciphers

56 Zhijun LiS1034040/Autumn08/HIT56 A5

57 Zhijun LiS1034040/Autumn08/HIT57 A5 Remark Clock-controlled sequence –Driven by three m-sequence –Produced by three LFSRs –Majority function is nonlinear Application –A5 can protect the voice communication in GSM

58 Zhijun LiS1034040/Autumn08/HIT58 RC4 Overview Designed by Ron Rivest in 1987, public in 1994 Simple and effective design –Very fast and very easy to remember Byte-oriented stream cipher –The internal states is a byte array S[0..255] –S[0..255] is a permutation of 0 to 255 Applications –In SSL to protect the Internet traffic –In WEP to protect the wireless links

59 Zhijun LiS1034040/Autumn08/HIT59 RC4: Initialisation Produce a initial permutation from the key K (K is divided into L bytes. In fact, this is a pad) Initialisation: for i=0 to 255 do S[i] = i; j = 0; for i=0 to 255 do j = (j + S[i] + K[i mod L]) mod 256; swap (S[i], S[j]);

60 Zhijun LiS1034040/Autumn08/HIT60 RC4: Encryption Two indexes: i, j with i=j=0 Produce one byte of keystream Ks: i = (i + 1)mod 256;(Loop for next Ks) j = (j + S[i])mod 256; swap (S[i], S[j]); t = (S[i] + S[j])mod 256; Ks = S[t]; Encryption: C i = M i  S[t]

61 Zhijun LiS1034040/Autumn08/HIT61 RC4: Example K 56756756 S 01234567 j = (j + S[i] + K[i]) mod 256; swap (S[i], S[j]);i = 0 j = 5 S 51234067 S 54071632 i = (i + 1) mod 8; j = (j + S[i]) mod 8; swap (S[i], S[j]); t = (S[i] + S[j]) mod 8; k = S[t]; i = (0+1) mod 8 = 1 j = (0+S[1]) mod 8 = 4 S 51074632 t = (S[4]+S[1])) mod 8 = 1 + 4 mod 8 =5 k = S[5] = 6

62 Zhijun LiS1034040/Autumn08/HIT62 Note of Steps in RC4 Encryption i=(i + 1)mod 256: Every array element is used once after 256 iterations j=(j + S[i])mod 256: Makes the ouput depend non-linearly on the array swap(S[i], S[j]): Makes sure the array is evolved as the iteration t=(S[i] + S[j])mod 256: Makes sure the output sequence reveals little about the internal state of the array

63 Zhijun LiS1034040/Autumn08/HIT63 RC4 Security The period of RC4 is 256!  2 1700 Claimed secure against known attacks –Have some analyses, none practical

64 Zhijun LiS1034040/Autumn08/HIT64 Summary Stream Cipher Architecture Pseudorandomness Number Generator PRNGs –LFSR –BBS Stream Ciphers –A5 –RC4

Download ppt "Chapter 5 Stream Cipher Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li"

Similar presentations

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Stream Ciphers Part 1  Cryptography 3 Stream Ciphers.

Stream Ciphers Part 1  Cryptography 3 Stream Ciphers.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
Session 2: Secret key cryptography – stream ciphers – part 2.

Session 2: Secret key cryptography – stream ciphers – part 2.
Stream ciphers 2 Session 2. Contents PN generators with LFSRs Statistical testing of PN generator sequences Cryptanalysis of stream ciphers 2/75.

Stream ciphers 2 Session 2. Contents PN generators with LFSRs Statistical testing of PN generator sequences Cryptanalysis of stream ciphers 2/75.
CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos

CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Public Key Encryption Algorithm

Public Key Encryption Algorithm
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Block ciphers 1 Session 3. Contents Design of block ciphers Non-linear transformations 2/25.

Block ciphers 1 Session 3. Contents Design of block ciphers Non-linear transformations 2/25.
Session 2 Symmetric ciphers 1. Stream cipher definition Recall the Vernam cipher: Plaintext 000110111101101 Ciphertext 110000101000110 (Running) key 110110010101011.

Session 2 Symmetric ciphers 1. Stream cipher definition Recall the Vernam cipher: Plaintext Ciphertext (Running) key
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Stream cipher diagram + + Recall: One-time pad in Chap. 2.

Stream cipher diagram + + Recall: One-time pad in Chap. 2.
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 2 Data Encryption algorithms Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 2 Data Encryption algorithms Part II.
RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.

RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.
Complexity1 Pratt’s Theorem Proved. Complexity2 Introduction So far, we’ve reduced proving PRIMES  NP to proving a number theory claim. This is our next.

Complexity1 Pratt’s Theorem Proved. Complexity2 Introduction So far, we’ve reduced proving PRIMES  NP to proving a number theory claim. This is our next.
and Factoring Integers

and Factoring Integers
1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.

1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.

Similar presentations

Ads by Google