Presentation is loading. Please wait.

Presentation is loading. Please wait.

JLM 20060209 12:161 Homework 6 – Problem 1 S-box 4 is observed to have the indicated output xor when presented with the indicated inputs In1: 0x22, In2:

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "JLM 20060209 12:161 Homework 6 – Problem 1 S-box 4 is observed to have the indicated output xor when presented with the indicated inputs In1: 0x22, In2:"— Presentation transcript:

1 JLM 20060209 12:161 Homework 6 – Problem 1 S-box 4 is observed to have the indicated output xor when presented with the indicated inputs In1: 0x22, In2: 0x16, Output xor: 0x0c In1: 0x12, In2: 0x0c, Output xor: 0x05 Perform a differential cryptanalysis and produce the possible candidate key(s). You may find the tables provided in “DC.txt” helpful.

2 JLM 20060209 12:162 Homework 6, problem 2 (omit) Consider the 2 round iterative differential characteristic for DES 0x19600000000000  0x19600000000000, p=1/234 Suppose for the following questions we can always find chosen plaintext with S/N ratio high enough to require only 10 “right pairs” for a successful differential cryptanalysis (“DC”). a.On average, how many chosen plain ciphertext pairs are required for a successful DC on two rounds? b.On average, how many chosen plain ciphertext pairs are required for a successful DC on ten rounds? c.After how many rounds is DC impossible because there cannot possibly be enough plain ciphertext pairs to succeed?

3 JLM 20060209 12:163 Homework 6 – Problem 3 A certain cipher C with 6 bit key k 1, k 2, k 3, k 4, k 5, k 6 has 4 linear constraints. Given the corresponding plaintext, ciphertext pairs and substituting the equations become: 0= k 1 Å k 3 Å k 4 0= k 4 Å k 5 0= k 1 Å k 2 1= k 1 Å k 6 Guessing k 1 and k 3 calculate k 2, k 4, k 5, k 6. How many encryptions are needed to discover the correct key with exhaustive search in the worst case? How many are needed with these constraints?

4 JLM 20060209 12:164 Homework 6, problem 4 (A) Suppose the cipher C has a linear constraint (Equation 1) that holds with probability p=.75 where the input to C is plaintext bits i 1 ||i 2 ||…||i 6 ; the output is the ciphertext bits o 1 ||o 2 ||…||o 6 under key bits k 1 ||k 2 ||…||k 6. The constants a 1, a 2, …, a 6, b 1, b 2, …, b 6, c 1, c 2, …, c 6, d are all known. Equation 1: a 1 i 1 Å a 2 i 2 Å a 3 i 3 Å a 4 i 4 Å a 5 i 5 Å a 6 i 6 Å b 1 o 1 Å b 2 o 2 Å b 3 o 3 Å b 4 o 4 Å b 5 o 5 Å b 6 o 6 =  c 1 k 1 Å c 2 k 2 Å c 3 k 3 Å c 4 k 4 Å c 5 k 5 Å c 6 k 6 Å d Finally, suppose upon substituting values from 3 plaintext/ciphertext pairs the left hand side of equation 1 has values 1,1,0, respectively. What are the odds that c 1 k 1 Å c 2 k 2 Å c 3 k 3 Å c 4 k 4 Å c 5 k 5 Å c 6 k 6 Å d=1 rather than 0? (B) Suppose the same setup as in A but 3 out of 4 plaintext/ciphertext pairs “vote” that c 1 k 1 Å c 2 k 2 Å c 3 k 3 Å c 4 k 4 Å c 5 k 5 Å c 6 k 6 Å d=1. What are the odds that c 1 k 1 Å c 2 k 2 Å c 3 k 3 Å c 4 k 4 Å c 5 k 5 Å c 6 k 6 Å d=1 rather than 0?

5 JLM 20060209 12:165 Homework 6, problem 4 (C) Constructing a multi-round constraint Suppose C is a four round iterative cipher with plaintext input, P and ciphertext output C where each round has 6 bit input I and 6 bit output O and per round keys K (1), K (2),…K (6). Using Matsui’s notation suppose the contraints: I[1,2] Å O[3,4]= K (1) [1,3]R1 I[3,4] Å O[1,5]= K (2) [4,6]R2 I[1,5] Å O[1,6]= K (3) [1,5]R3 I[1,6] Å O[2,5]= K (4) [2]R4 hold with probabilities p 1 =.8, p 2 =.9, p 3 =.8, p 4 =.9, respectively. What is the probability that P[1,2] Å C[2,5]= K (1) [1,3] Å K (2) [4,6] Å K (3) [1,5] Å K (4) [2]?

6 JLM 20060209 12:166 Homework 6, problem 4 (D) Suppose C is a multi round iterative cipher with 40 bit plaintext input, P, and ciphertext output, C, and 40 bit key. Suppose, using Matsui’s notation, that the following four linearly independent constraints: i.P[a 1 (1), a 2 (1),…, a 40 (1) ] Å C[b 1 (1), b 2 (1),…, b 40 (1) ]= K[c 1 (1), c 2 (1),…, c 40 (1) ] ii.P[a 1 (2), a 2 (2),…, a 40 (2) ] Å C[b 1 (2), b 2 (2),…, b 40 (2) ]= K[c 1 (2), c 2 (2),…, c 40 (2) ] iii.P[a 1 (3), a 2 (3),…, a 40 (3) ] Å C[b 1 (3), b 2 (3),…, b 40 (3) ]= K[c 1 (3), c 2 (3),…, c 40 (3) ] iv.P[a 1 (4), a 2 (4),…, a 40 (4) ] Å C[b 1 (4), b 2 (4),…, b 40 (4) ]= K[c 1 (4), c 2 (4),…, c 40 (4) ] hold with probabilities p 1 =.75, p 2 =.7, p 3 =.8, p 4 =.9, respectively. Suppose that on 10 plaintext/ciphertext pairs the LHS of i, ii, iii and iv “vote” that the RHS of the equations are 0 with tallies (2,8,2,8) What is the probabilities that each of the most popular choices for the resulting constraints is correct? What is the probability that all 4 are correct? If all 4 are correct, and assuming C takes 1 microsecond/encrypt, what is the time to break C by exhaustive search (assuming a serial processor)? How about by applying the 4 constraints and searching for the remaining key bits (assuming a serial processor)? PS: Key search is a “trivially parallelizable” operation.

7 JLM 20060209 12:167 Homework 6, problem 4 (E) In the lecture we noted that there was a linear attack that worked on 16 round DES with 2 43 plaintext/ciphertext pairs where the basic constraint held with probability p= ½ + e where e = 1.19 x 2 -21 is the “bias”. Using this fact, estimate for what p, there are not enough corresponding plain/cipher texts to enable applying the Linear cryptanalysis to reduce the search keyspace.

Download ppt "JLM 20060209 12:161 Homework 6 – Problem 1 S-box 4 is observed to have the indicated output xor when presented with the indicated inputs In1: 0x22, In2:"

Similar presentations

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Cryptography and Network Security, resuming some notes Dr. M. Sakalli.

Cryptography and Network Security, resuming some notes Dr. M. Sakalli.
Cryptography Course 2008 Lecture 4 Jesper Buus Nielsen Modern Block Ciphers 1/43 Contents Encryption modes –Cipher-Block Chaining (CBC) Mode –Counter mode.

Cryptography Course 2008 Lecture 4 Jesper Buus Nielsen Modern Block Ciphers 1/43 Contents Encryption modes –Cipher-Block Chaining (CBC) Mode –Counter mode.
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Session 6: Introduction to cryptanalysis part 2. Symmetric systems The sources of vulnerabilities regarding linearity in block ciphers are S-boxes. Example.

Session 6: Introduction to cryptanalysis part 2. Symmetric systems The sources of vulnerabilities regarding linearity in block ciphers are S-boxes. Example.
FEAL FEAL 1.

FEAL FEAL 1.
JLM 20060209 12:161 University of Washington CSEP 590TU – Practical Aspects of Modern Cryptography Instructors: Josh Benaloh, Brian LaMacchia, John Manferdelli.

JLM :161 University of Washington CSEP 590TU – Practical Aspects of Modern Cryptography Instructors: Josh Benaloh, Brian LaMacchia, John Manferdelli.
Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.

Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Announcements: Quizzes returned at end of class Quizzes returned at end of class This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption.

Announcements: Quizzes returned at end of class Quizzes returned at end of class This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption.
Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.

Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
CNS2010lecture 5 :: attacks on DES1 ELEC5616 computer and network security matt barrie

CNS2010lecture 5 :: attacks on DES1 ELEC5616 computer and network security matt barrie
Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.

Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Similar presentations

Ads by Google