1. Cryptanalysis using Supercomputers, FPGAs and GPUs
P.V.Ananda Mohan
Fellow IEEE
24th Feb 2017

2. Cryptographic Algorithms for which Cryptanalysis is generally needed
A . Encryption algorithms like DES, T-DES. AES to find the encryption key – Cipher text only is available Fast search needed several keys at a time in parallel
Cipher Text
Key????
AES Decryption
Plain Text????

3. Cipher text
Plain text
Round Key
AddRoundKey
InvSubBytes
InvShiftRows
InvMixColumns
MixRoundKey
AddMixRoundKey
MixRound Key
SubBytes
ShiftRows
MixColumns
Fig.1. AES algorithm: (a) Encryption (b) Equivalent Inverse Decryption
(b)
(a)

4. Hash Collision
find two messages which hash to same hash value (collision attack) Fast search needed
SHA-1
Message1 ???
H(M1)
SHA-1
Message2???
H(M2)

5. Example of Hash Collision MD5
d131dd02c5e6eec4 693d9a0698aff95c 2fcab eab eb8fb7f89
55ad340609f4b302 83e a e8f7cdc99f d91dbdf280373c5b
d8823e f5b ae6dacd436c919c6 dd53e2b487da03fd d248cda0
e99f33420f577ee8 ce54b67080a80d1e c69821bcb6a f9652b6ff72a70
d131dd02c5e6eec4 693d9a0698aff95c 2fcab eab eb8fb7f89
55ad340609f4b302 83e f1415a e8f7cdc99f d91dbd c5b
d8823e f5b ae6dacd436c919c6 dd53e23487da03fd d248cda0
e99f33420f577ee8 ce54b d1e c69821bcb6a f965ab6ff72a70
Both produce the MD5 hash fb1a26e4bc422aef54eb4.

6. Cryptographic Algorithms for which Cryptanalysis is generally needed
C. non-bruteforce methods of AES key finding Algebraic cryptanalysis modelling system as over-defined equations
-- solving for unknowns SAT solvers (applicable for all types of problems stream and block ciphers)
Difficult problems- factorization, discrete logarithm etc

8. Courtesy:

11. Operations needed for Cryptanalysis
(a) AES encryption one round
(b) AES decryption one round
(c ) AES encryption last round
(d) AES instruction last round decryption
(e) AES first round key and all round keys from given decryption key
(f) AES Mix Column
(g) AES Inverse Mix Column
(h) Modulo 216 multiplication
(i) Mod 232 multiplication
(j) Mod 264 Multiplication
(k) 64 bit permutation
(l) 128 bit permutation
(m) Modulo addition (A+B) mod C
(n) Modulo Multiplication (A×B) mod M
(o) Modulo exponentiation XY mod N
(p) Fast comparison of Big integers
(q) Elliptic curve point doubling
(r) Elliptic curve point addition
(s) Miller loop for Pairing computation
(t) Montgomery Multiplication (A×B×2-n) mod M
(u) Square root mod n
(v) fast LFSR operation to compute next bit
(w) Fast LFSR compute and shift operation to compute next word
(x) Barrel shifting left or right by arbitrary number of bits
(y) Big integer multiplication using FFT

12. Use of GPUs Password recovery from Hashes (MD-5,SHA-1,SHA-2 etc)
Hashes are easy to compute but hard to invert
Operations needed are: the addition modulo power of two, bit shift and rotation, bitwise xor, bitwise or, bit negation and words permutation.
Available in GPUs

13. Types of Password search
Brute-force
Rainbow-table (time-memory trade-off, lot of pre-computation of hashes of numerous passwords needed)
Dictionary
First two are good for GPU based implementations
Brute- force Example implementations: whitepixel [4], ighashgpu[11], BarsWF [30], ++oclHashcat plus[2],Elcomsoft[1].
Rainbow-table (Rainbowcrack)

14. Block Ciphers on GPUs
AES, DES, 3DES, Blowfish also were implemented on GPUs
Several instances can be tested in one cycle

15. Asymmetric Cryptography
Multi-precision arithmetic
Modulo arithmetic- modulo exponentiation XY mod N (all X,Y and N are 160 bit to 4096 bits)
Example (A+B) mod m
Find S1= (A+B) and S2= (A+B-M) in parallel select S1 or S2 as the result based on sign of S2
Montgomery Reduction (X.Y.2-n) mod N
GPU outperforms CPU based implementations in several cases

17. Use of FPGAs

22. Acknowledgements

23. CONCLUSION
Crypto problems can be solved using special purpose Crypto ASIC based machines aided by GPUs
Supercomputers aided by GPUs and FPGAs
To focus on National needs for cryptanalysis