Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dan Boneh Stream ciphers Real-world Stream Ciphers Online Cryptography Course Dan Boneh.

Published bySage Gower Modified over 10 years ago

Similar presentations

Presentation on theme: "Dan Boneh Stream ciphers Real-world Stream Ciphers Online Cryptography Course Dan Boneh."— Presentation transcript:

1 Dan Boneh Stream ciphers Real-world Stream Ciphers Online Cryptography Course Dan Boneh

2 Dan Boneh Old example (software) : RC4 (1987) Used in HTTPS and WEP Weaknesses: 1.Bias in initial output: Pr[ 2 nd byte = 0 ] = 2/256 2.Prob. of (0,0) is 1/256 2 + 1/256 3 3.Related key attacks 2048 bits 128 bits seed 1 byte per round

3 Dan Boneh Old example (hardware) : CSS (badly broken) Linear feedback shift register (LFSR): DVD encryption (CSS): 2 LFSRs GSM encryption (A5/1,2): 3 LFSRs Bluetooth (E0): 4 LFSRs all broken

4 Dan Boneh Old example (hardware) : CSS (badly broken) CSS: seed = 5 bytes = 40 bits

5 Dan Boneh Cryptanalysis of CSS (2 17 time attack) For all possible initial settings of 17-bit LFSR do: Run 17-bit LFSR to get 20 bytes of output Subtract from CSS prefix ⇒ candidate 20 bytes output of 25-bit LFSR If consistent with 25-bit LFSR, found correct initial settings of both !! Using key, generate entire CSS output 17-bit LFSR 25-bit LFSR + (mod 256) 8 8 8 encrypted movie prefix CSS prefix ⊕

6 Dan Boneh Modern stream ciphers: eStream PRG: {0,1} s × R {0,1} n Nonce: a non-repeating value for a given key. E(k, m ; r) = m ⊕ PRG(k ; r) The pair (k,r) is never used more than once.

7 Dan Boneh eStream: Salsa 20 (SW+HW) Salsa20: {0,1} 128 or 256 × {0,1} 64 {0,1} n (max n = 2 73 bits) Salsa20( k ; r) := H ( k, (r, 0) ) ll H ( k, (r, 1) ) ll … h: invertible function. designed to be fast on x86 (SSE2) τ0kτ1riτ2kτ3τ0kτ1riτ2kτ3 τ0kτ1riτ2kτ3τ0kτ1riτ2kτ3 64 bytes krikri krikri 32 bytes 64 byte output ⊕ h (10 rounds) 64 bytes

8 Dan Boneh Is Salsa20 secure (unpredictable) ? Unknown: no known provably secure PRGs In reality: no known attacks better than exhaustive search

9 Dan Boneh Performance: Crypto++ 5.6.0 [ Wei Dai ] AMD Opteron, 2.2 GHz ( Linux) PRGSpeed (MB/sec) RC4126 Salsa20/12 643 Sosemanuk727 eStream

10 Dan Boneh Generating Randomness (e.g. keys, IV) Pseudo random generators in practice: (e.g. /dev/random) Continuously add entropy to internal state Entropy sources: Hardware RNG: Intel RdRand inst. (Ivy Bridge). 3Gb/sec. Timing: hardware interrupts (keyboard, mouse) NIST SP 800-90: NIST approved generators

11 Dan Boneh End of Segment

Download ppt "Dan Boneh Stream ciphers Real-world Stream Ciphers Online Cryptography Course Dan Boneh."

Similar presentations

Dan Boneh Block ciphers Exhaustive Search Attacks Online Cryptography Course Dan Boneh.

Dan Boneh Block ciphers Exhaustive Search Attacks Online Cryptography Course Dan Boneh.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Xiutao Feng Institute of Software Chinese Academy of Sciences A Byte-Based Guess and Determine Attack on SOSEMANUK.

Xiutao Feng Institute of Software Chinese Academy of Sciences A Byte-Based Guess and Determine Attack on SOSEMANUK.
Online Cryptography Course Dan Boneh

Online Cryptography Course Dan Boneh
CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Introduction to Practical Cryptography Lectures 3/4 Stream Ciphers.

1 Introduction to Practical Cryptography Lectures 3/4 Stream Ciphers.
LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.

LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.
Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.

Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.
Stream Ciphers Part 1  Cryptography 3 Stream Ciphers.

Stream Ciphers Part 1  Cryptography 3 Stream Ciphers.
An Introduction to Stream Ciphers Zahra Ahmadian Electrical Engineering Department Sahrif University of Technology

An Introduction to Stream Ciphers Zahra Ahmadian Electrical Engineering Department Sahrif University of Technology
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
1 CS 255 Lecture 4 Attacks on Block Ciphers Brent Waters.

1 CS 255 Lecture 4 Attacks on Block Ciphers Brent Waters.
Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.

Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
6. Practical Constructions of Symmetric-Key Primitives

6. Practical Constructions of Symmetric-Key Primitives
ORYX 1 ORYX ORYX 2 ORYX  ORYX not an acronym, but upper case  Designed for use with cell phones o To protect confidentiality of voice/data o For “data.

ORYX 1 ORYX ORYX 2 ORYX  ORYX not an acronym, but upper case  Designed for use with cell phones o To protect confidentiality of voice/data o For “data.
Computer Security CS 426 Lecture 3

Computer Security CS 426 Lecture 3
Dan Boneh Collision resistance Generic birthday attack Online Cryptography Course Dan Boneh.

Dan Boneh Collision resistance Generic birthday attack Online Cryptography Course Dan Boneh.
1/17 Bluetooth Security Ain Shams University Faculty of Engineering Integrated Circuits Lab Presented by: Mohammed Abdelsattar Ismail Sameh Talal Magd-El-Din.

1/17 Bluetooth Security Ain Shams University Faculty of Engineering Integrated Circuits Lab Presented by: Mohammed Abdelsattar Ismail Sameh Talal Magd-El-Din.

Similar presentations

Ads by Google