Presentation is loading. Please wait.

Presentation is loading. Please wait.

Francisco Blas Izquierdo Riera AKA klondike

Published byMelvyn Bennett Bailey Modified over 6 years ago

Similar presentations

Presentation on theme: "Francisco Blas Izquierdo Riera AKA klondike"— Presentation transcript:

1 Francisco Blas Izquierdo Riera AKA klondike
Contributor Analysis Francisco Blas Izquierdo Riera AKA klondike

2 About me Security interested since 17 Computer Engineer & MSc
Gentoo Hardened developer Cryptography fan: Implemented AES-SIV in an Atmega (Arduino) bootloader Implemented CTR, CMAC and SIV modes in the Haskell crypto-api library Wrote own efficient TTH implementations Pushed for adding stronger cryptography to the ADC protocol Currently working as pentester and providing cryptographic support at SecureLink

3 Introduction

4 Confusion and Diffusion
Defined by Claude Shannon in 1945 Confusion: ability of a cipher to hide the relation between plain and cipher text Diffusion: ability of a cipher to apply a bit change to all its outputs

5 The idea Reproduce the cryptographic algorithm
But instead of running operations see how these mix in contributors Focus on diffusion

6 Mapping operations

7 Black S-Box N bits input, M bits output
They propagate all inputs to all outputs For all output bits, output list = UNION(list for all input lists)

8 Bitwise NOT No interaction across bits Output list = input list

9 Bitwise AND, OR, XOR Only interaction between pairs of input bits
Output list = Union(Input list1, Input List2)

10 Shifts The second parameter can have any value
Spread all the dependencies of the first input to all the outputs all output lists = UNION(list for all input 1 lists)

11 Additions Contributions are spread from LSBs to MSBs
Think of the usual schoolbook addition For each bit: UNION(Lists for each list of a bit of equal or less significance)

12 Substractions Subtractions are the addition of a complement of 2 of the second operand Not of the operand (no changes) Add one (propagate as with addition on second operand) Add both operands (propagate as with addition) Equal to addition in all regards

13 Multiplications Similar to additions, LSBS spread toward MSBs
Think of schoolbook, addition of constant shifted products

14 Modulos Hard to map Use black S-BOX approach instead

15 Divisions Rarely used (division by 0 risk) Also hard to map
Use black S-BOX approach

16 White S-BOX Like Black S-BOX
Bit’s input contributors can be removed if shown to be independent (same value for all inputs)

17 Optimizing operations

18 Bitwise AND by constant
Empty input list if bit is 0, maintain if 1

19 Bitwise OR by constant Empty input list if bit is 1, maintain if 0

20 Bitwise XOR by constant
Output lists = input lists

21 Bitwise Shifts and Rotates by constant
Shift or rotate the input lists in the output lists

22 Arithmetic right shift by constant
Shift the input copying the MSB list to all the empty bits introduced on the right

23 Shifts and Rotates of constant
Rarely seen Use union of lists of second parameter for output Can be further optimized but understanding becomes harder

24 Multiplications by constant
Can be replaced by shifts and additions

25 Still lots left to do

26 Attacking the ciphers Given one or more known plaintexts, test all values of contributors on the bit with less contributors Filter those which gave the correct result Repeat on next bit with least contributors Independent contributor lists can be ran in parallel

27 Demo time

28 Simple demos 8-bit xor 8-bit Caesar Simple ARX cipher

29 Anything better?

30 Hard Demos Petya (first version) Salsa 2 Salsa 20

31 Comparing approaches

32 The algebraic approach
Results on procedure to break cipher for all keys Models cipher as set of equations Adds → groups of xors, ands and ors Rotates → remap bits Xors → xor of each bit

33 The algebraic approach (buts)
Equational reasoning is hard Simplification is painful and takes lots of time (usually NP problem with number of variables).

34 Contributor Analysis Evolution from pen and paper techniques I use
Simpler to reason with Successful attack also leads to technique to break cipher Analyzes input bit contributions to outputs, not how they are made Fast to run on ciphers O(n*m)

35 Contributor Analysis (buts)
Less precise than algebra Only finds blatantly broken ciphers More false negatives Also less precise than rotational cryptanalysis

36 Thanks! To my mother and father for supporting my curiosity since I was a kid To the Recon organizers for making this talk and conference possible To those who supported me during the research SecureLink for being flexible with my odd “personal research projects” But especially, to you for your attention

37 Questions?

38 Material at http://klondike.es/charlas/contributor/
And this is it Material at

Download ppt "Francisco Blas Izquierdo Riera AKA klondike"

Similar presentations

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
FEAL FEAL 1.

FEAL FEAL 1.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Overview Iterative combinational circuits Binary adders

Overview Iterative combinational circuits Binary adders
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
15-349 Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.
Computer Security CS 426 Lecture 3

Computer Security CS 426 Lecture 3
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Cryptanalysis. The Speaker  Chuck Easttom  

Cryptanalysis. The Speaker  Chuck Easttom  
CSCI 5857: Encoding and Encryption

CSCI 5857: Encoding and Encryption
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Chapter 4 – Arithmetic Functions and HDLs Logic and Computer Design Fundamentals.

Chapter 4 – Arithmetic Functions and HDLs Logic and Computer Design Fundamentals.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Cryptography Team Presentation 2

Cryptography Team Presentation 2
Charles Kime & Thomas Kaminski © 2004 Pearson Education, Inc. Terms of Use (Hyperlinks are active in View Show mode) Terms of Use Logic and Computer Design.

Charles Kime & Thomas Kaminski © 2004 Pearson Education, Inc. Terms of Use (Hyperlinks are active in View Show mode) Terms of Use Logic and Computer Design.
Arithmetic Logic Unit (ALU) Anna Kurek CS 147 Spring 2008.

Arithmetic Logic Unit (ALU) Anna Kurek CS 147 Spring 2008.

Similar presentations

Ads by Google