Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptanalysis of Block Ciphers

Published byMarcellino Caselli Modified over 5 years ago

Similar presentations

Presentation on theme: "Cryptanalysis of Block Ciphers"— Presentation transcript:

1 Cryptanalysis of Block Ciphers
- Linear Cryptanalysis Differential Cryptanalysis Cryptanalysis of Block Ciphers CSCI284 Spring 2008 GWU This slide set almost entirely from: H. M. Heys, "A Tutorial on Linear and Differential Cryptanalysis", Technical Report CORR , Centre for Applied Cryptographic Research, Department of Combinatorics and Optimization, University of Waterloo, Mar (Also appears in Cryptologia, vol. XXVI, no. 3, pp , 2002.)

2 Recall: Single SP block
One part of key “S” block permutations From: Hey’s paper 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

3 4 Rounds 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

4 An attack: linear cryptanalysis
First concentrate on breaking a single S-box: Model S-box in terms of probabilities of linear relationships between input and output bits E.g.: x1 x4 = y2  y4 is true with what probability? If S-box were truly random, what would be the probability of that equation being true? Difference is the bias – the higher it is, the easier an attack 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

5 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

6 Generate some of these 4/16/2019
CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

7 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

8 U1 P5 P7  P8  K15 K17  K18 = V16 V1 V16  K26 = V26  V28
4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

9 Errors There are some errors in each approximation. What happens to them as concatenated? 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

10 Combined errors 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

11 Further 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

12 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

13 Complexity of linear cryptanalysis
Need known plaintext-ciphertext pairs O(1 / 2) 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

14 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

15 Differential Cryptanalysis
Like linear cryptanalysis, concentrate on breaking a single S-box: Model S-box in terms of probabilities of output differences given input differences E.g.:x = 1011 y = 0010 is true with what probability? If S-box were truly random, what would be the probability? Difference is the bias – the higher the bias, the easier an attack 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

16 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

17 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

18 Then choose S-boxes Total probability = 27/1024 4/16/2019
CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

19 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

20 Try all target sub-keys
Try all sub-keys and see which one gives the correct input to the last round most often. That’s the most likely sub-key. 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

21 4/16/2019 CS /Spring08/GWU/Vora/Block Ciphers: Cryptanalysis All equations, tables, figures and accompanying text from Heys

Download ppt "Cryptanalysis of Block Ciphers"

Similar presentations

6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.

6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.

The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.

LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
SBSeg 2007, NCE/UFRJ, Rio de Janeiro Linear Analysis of reduced- round CAST-128 and CAST-256 Jorge Nakahara Jr 1 Mads Rasmussen 2 1 UNISANTOS, Brazil 2.

SBSeg 2007, NCE/UFRJ, Rio de Janeiro Linear Analysis of reduced- round CAST-128 and CAST-256 Jorge Nakahara Jr 1 Mads Rasmussen 2 1 UNISANTOS, Brazil 2.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Analysis and design of symmetric ciphers David Wagner University of California, Berkeley.

Analysis and design of symmetric ciphers David Wagner University of California, Berkeley.
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
Session 6: Introduction to cryptanalysis part 2. Symmetric systems The sources of vulnerabilities regarding linearity in block ciphers are S-boxes. Example.

Session 6: Introduction to cryptanalysis part 2. Symmetric systems The sources of vulnerabilities regarding linearity in block ciphers are S-boxes. Example.
JLM 20060209 12:161 Homework 6 – Problem 1 S-box 4 is observed to have the indicated output xor when presented with the indicated inputs In1: 0x22, In2:

JLM :161 Homework 6 – Problem 1 S-box 4 is observed to have the indicated output xor when presented with the indicated inputs In1: 0x22, In2:
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.

Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
Cryptanalysis on Substitution- Permutation Networks Jen-Chang Liu, 2005 Ref: Cryptography: Theory and Practice, D. R. Stinson.

Cryptanalysis on Substitution- Permutation Networks Jen-Chang Liu, 2005 Ref: Cryptography: Theory and Practice, D. R. Stinson.
CSE 651: Introduction to Network Security

CSE 651: Introduction to Network Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Cryptanalysis. The Speaker  Chuck Easttom  

Cryptanalysis. The Speaker  Chuck Easttom  

Similar presentations

Ads by Google