Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Lect. 10 : Cryptanalysis. 2 Block Cipher – Attack Scenarios  Attacks on encryption schemes  Ciphertext only attack: only ciphertexts are given  Known.

Published byPaula Hood Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Lect. 10 : Cryptanalysis. 2 Block Cipher – Attack Scenarios  Attacks on encryption schemes  Ciphertext only attack: only ciphertexts are given  Known."— Presentation transcript:

1 1 Lect. 10 : Cryptanalysis

2 2 Block Cipher – Attack Scenarios  Attacks on encryption schemes  Ciphertext only attack: only ciphertexts are given  Known plaintext attack: (plaintext, ciphertext) pairs are given  Chosen plaintext attack: (chosen plaintext, corresponding ciphertext) pairs  Adaptively chosen plaintext attack  Chosen ciphertext attack: (chosen ciphertext, corresponding plaintext) pairs  Adaptively chosen ciphertext attack E K D K Plaintext Ciphertext Plaintext Ciphertext Encryption Oracle Decryption Oracle

3 3 Cryptanalysis of Block Ciphers  Statistical Cryptanalysis  Differential cryptanalysis (DC)  Linear Cryptanalysis (LC)  Various key schedule cryptanalysis  Algebraic Cryptanalysis  Interpolation attacks  Side Channel Cryptanalysis  timing attacks  differential fault analysis  differential power analysis, etc.

4 4 Cryptanalysis of Block Ciphers - DC  Differential Cryptanalysis E. Biham and A. Shamir : Crypto90, Crypto92 Chosen plaintext attack, O(Breaking DES 16 ~ 2 47 ) Look for correlations in Round function input and output (DES : 2 47 )  high-probability differentials, impossible differentials  truncated differentials, higher-order differentials E Input difference Output difference Statistically non-uniform probability distribution: higher prob. for some fixed pattern  X &  Y  X = X  X  Y = Y  Y Prob. K * E.Biham, A. Shamir,”Differential Cryptanalysis of the Data Encryption Standard”, Springer-Verlag, 1993

5 5 Cryptanalysis of Block Ciphers - LC  Linear Cryptanalysis Matsui : Eurocrypt93, Crypto94 Known Plaintext Attack, O(Breaking DES 16 ) ~ 2 43 Look for correlations between key and cipher input and output  linear approximation, non-linear approximation,  generalized I/O sums, partitioning cryptanalysis E Input X Output Y Linear equation between some bits of X, Y and K may hold with higher prob. than others K * M. Matsui, ”Linear Cryptanalysis Method for DES Cipher”, Proc. of Eurocrypt’93,LNCS765, pp.386-397

6 6 Other Attacks on Block Ciphers  Algebraic Cryptanalysis deterministic/probabilistic interpolation attacks  Key Schedule Cryptanalysis Look for correlations between key changes & cipher input/output  equivalent keys, weak or semi-weak keys  related key attacks  Side-Channel Cryptanalysis timing attacks differential fault analysis differential power analysis, etc.

7 Traditional Cryptographic Model vs. Side Channel 7 Side Channel Power Consumption / Timing / EM Emissions / Acoustic Radiation / Temperature / Power Supply / Clock Rate, etc. E()D() Key Attacker Ke Kd C C=E(P,Ke) P=D(C,Kd) Insecure channel Secure channel PD

8 Model of Attack -Embedded security 8

Download ppt "1 Lect. 10 : Cryptanalysis. 2 Block Cipher – Attack Scenarios  Attacks on encryption schemes  Ciphertext only attack: only ciphertexts are given  Known."

Similar presentations

Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.

Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
SBSeg 2007, NCE/UFRJ, Rio de Janeiro Linear Analysis of reduced- round CAST-128 and CAST-256 Jorge Nakahara Jr 1 Mads Rasmussen 2 1 UNISANTOS, Brazil 2.

SBSeg 2007, NCE/UFRJ, Rio de Janeiro Linear Analysis of reduced- round CAST-128 and CAST-256 Jorge Nakahara Jr 1 Mads Rasmussen 2 1 UNISANTOS, Brazil 2.
Stream ciphers 2 Session 2. Contents PN generators with LFSRs Statistical testing of PN generator sequences Cryptanalysis of stream ciphers 2/75.

Stream ciphers 2 Session 2. Contents PN generators with LFSRs Statistical testing of PN generator sequences Cryptanalysis of stream ciphers 2/75.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
Analysis and design of symmetric ciphers David Wagner University of California, Berkeley.

Analysis and design of symmetric ciphers David Wagner University of California, Berkeley.
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Cryptanalysis Fundamentals of Symmetric-Key Cryptography Introduction to Practical Cryptography.

Cryptanalysis Fundamentals of Symmetric-Key Cryptography Introduction to Practical Cryptography.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
Towards a unifying view of block cipher cryptanalysis David Wagner University of California, Berkeley.

Towards a unifying view of block cipher cryptanalysis David Wagner University of California, Berkeley.
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Session 6: Introduction to cryptanalysis part 2. Symmetric systems The sources of vulnerabilities regarding linearity in block ciphers are S-boxes. Example.

Session 6: Introduction to cryptanalysis part 2. Symmetric systems The sources of vulnerabilities regarding linearity in block ciphers are S-boxes. Example.
JLM 20060209 12:161 Homework 6 – Problem 1 S-box 4 is observed to have the indicated output xor when presented with the indicated inputs In1: 0x22, In2:

JLM :161 Homework 6 – Problem 1 S-box 4 is observed to have the indicated output xor when presented with the indicated inputs In1: 0x22, In2:
FEAL FEAL 1.

FEAL FEAL 1.
Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.

Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography

Similar presentations

Ads by Google