Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stream Cipher. A stream cipher breaks the message M into successive characters or bits m 1, m 2,..., and enciphers each m i with the ith element k i of.

Published byAllen Hudson Modified over 9 years ago

Similar presentations

Presentation on theme: "Stream Cipher. A stream cipher breaks the message M into successive characters or bits m 1, m 2,..., and enciphers each m i with the ith element k i of."— Presentation transcript:

1 Stream Cipher

2 A stream cipher breaks the message M into successive characters or bits m 1, m 2,..., and enciphers each m i with the ith element k i of a key stream K=k 1 k 2...; that is, E K (M)=E k1 (m 1 )E k2 (m 2 )...

3 Periodic A stream cipher is periodic if the key stream repeats after d characters for some fixed d; otherwise, it is nonperiodic. Periodic: Rotor cipher, Hagelin cipher Nonperiodic: Vernam cipher (one-time pad), running-key cipher

4 Stream Cipher Two different approaches : synchronous methods self-synchronous methods

5 Synchronous Stream Cipher The key stream is generated independently of the message stream. If a ciphertext character is lost during transmission, the sender and receiver must resynchronize their key generators before they can proceed further.

6 Synchronous Stream Cipher Must ensure no part of the key stream is repeated Linear Feedback Shift Registers Output-block Feedback Mode Counter Method

7 Example of SSC

8 Self-synchronous Methods Each key character is derived from a fixed number n of preceding ciphertext characters. If a ciphertext character is lost or altered during transmission, the error propagates forward for n characters, but the cipher resynchronizes by itself after n correct ciphertext character have been received. Autokey cipher and Cipher Feedback Mode (CFM) Nonperiodic.

9 Example of Self-synchronous

10 Error Handling If errors are propagated by the decryption algorithm, applying error detecting codes before encryption provides a mechanism for authenticity.

11 Synchronous Stream Cipher key stream is generated independently of the message stream key stream must deterministic so the stream can be reproduced for decipherment. How to generate a random key stream? The starting stage of the key generator is initialized by a “ seed ” I 0.

12 Stream Cipher Stream ciphers are often breakable if the key stream repeats or has redundancy. To be un breakable, it must be a random sequence as long as the plaintext. Each element in the key alphabet should be uniformly distributed over the key stream, and there should be no long repeated subsequences or other patterns. No finite algorithm can generate truly random sequences.

13 LFSR LFSR (Linear Feedback Shift Register) shift register R=(r n, r n-1,..., r 1 ) “ tap ” sequence T=(t n, t n-1,..., t 1 ) t i and r i are binary digit bit r 1 is appended to the key stream, bits r n,...,r 2 are shifted right a new bit derived from T and R is inserted into the left end of the register.

14 LFSR Letting R ’ =(r n ’, r n-1 ’,... r 1 ’ ) denote the next state of R, we see that the computation of R ’ is thus: r i ’ =r i+1 i=1,...,n-1 r n ’ =TR=∑ n i=1 t i r i mod 2 R ’ =HR mod 2, where H is the nxn matrix. T(x)=t n x n + t n-1 x n-1 +... + t 1 x + 1 若 T(x) 為質多項式( primitive polynomial ) 則可以產生 2 n -1 個 sequence.

15 LFSR

16

17 Example of LFSR

18

19

20

21 LFSR The feedback loop attempts to simulate a one- time pad by transforming a short key I0 into a long pseudo-random sequence K. Unfortunately, the result is a poor approximation of the one-time pad.

22 Example of LFSR

23 Cryptanalysis of LFSR Known-plaintext attack 2n pairs of plaintext-ciphertext pairs M=m 1...m 2n, C=c 1...c 2n m i  c i =m i  (m i  k i )=ki, i=1,...,2n

24 Cryptanalysis of LFSR

25 Output-Block Feedback Mode weakness of LFSR is caused by the linearity of R ’ =HR mod 2 Nonlinear block ciphers such as the DES seem to be good candidates for this.

26 Output-block Feedback Mode

27 Counter Method Successive input blocks are generated by a simple counter. It is possible to generate the ith key character k i without generating the first i-1 key characters by setting the counter to I 0 + i – 1

28 Counter Method

29 Self-Synchronous Stream Cipher A Self-synchronous stream cipher derives each key character from a fixed number n of preceding ciphertext characters. Autokey Cipher and Cipher Feedback

30 Autokey Cipher An autokey cipher is one in which the key is derived from the message it enciphers. In Vigenere first cipher, the key is formed by appending the plaintext M= m 1 m 2... to a “ priming key ” character k 1 ; the ith key character (i>1) is thus given by k i =m i-1.

31 Autokey Cipher In Vigenere second cipher, the key is formed by appending each character of the ciphertext to the priming key k 1 ; that is, k i =c i-1 (i > 1)

32

33 Aotukey Cipher 缺點: it exposes the key in the ciphertext stream This problem is easily remedied by passing the ciphertext characters through a nonlinear block cipher to derive the key characters. Cipher Feedback mode (CFM)

34 The ciphertext characters participate in the feedback loop. It is sometimes called “ changing ”, because each ciphertext character is functionally dependent on (chained to) preceding ciphertext characters.

35 Example of CFM

36 亂數產生器 LFSR 線性同餘產生器 非線性亂數產生器 截切亂數產生器 數學計算產生器 分解因數法 離散對數法 二次剩餘法 質數法

37 LFSR

38 線性同餘產生器 x i =ax i-1 + b (mod m) x 0 為初值 a, b, m 為 KEY 條件: gcd(b,m)=1 對於每個能夠整除 M 之質數 p 而言, b=a-1 必須為 p 之 整數倍 IF 4|m then 4|b 缺點:產生之亂數可預測

39 非線性亂數產生器

40 截切亂數產生器

41 亂數產生器的安全性評估 好的亂數產生器具備之特性 週期長 不可預測性( Unpredictable ) 測試法: Chi-Square 測試法 Kolmogorov-Smirnov(KS) 測試法

42 Chi-Square 測試法

43

44 判斷標準

Download ppt "Stream Cipher. A stream cipher breaks the message M into successive characters or bits m 1, m 2,..., and enciphers each m i with the ith element k i of."

Similar presentations

Classical Encryption Techniques Week 6-wend. One-Time Pad if a truly random key as long as the message is used, the cipher will be secure called a One-Time.

Classical Encryption Techniques Week 6-wend. One-Time Pad if a truly random key as long as the message is used, the cipher will be secure called a One-Time.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Classical Cryptosystems Shift Ciphers (Caesar) y= x+k (mod 26) Affine Ciphers y=ax+b (mod 26) Vigenere Ciphers codes=(02,14,03,04,18) Substitution Ciphers.

Classical Cryptosystems Shift Ciphers (Caesar) y= x+k (mod 26) Affine Ciphers y=ax+b (mod 26) Vigenere Ciphers codes=(02,14,03,04,18) Substitution Ciphers.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Stream Ciphers.

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Stream Ciphers.
 We spoke about defense challenges  Crypto introduction o Secret key, public algorithms o Symmetric, asymmetric crypto, one-way hashes  Attacks on cryptography.

 We spoke about defense challenges  Crypto introduction o Secret key, public algorithms o Symmetric, asymmetric crypto, one-way hashes  Attacks on cryptography.
Announcements: Matlab: tutorial available at Matlab: tutorial available at

Announcements: Matlab: tutorial available at Matlab: tutorial available at
亂數產生器安全性評估 之統計測試 SEC HW7 姓名:翁玉芬 學號:89321037.

亂數產生器安全性評估 之統計測試 SEC HW7 姓名:翁玉芬 學號:
Classical Cryptography 1. Introduction: Some Simple Cryptosystems.

Classical Cryptography 1. Introduction: Some Simple Cryptosystems.
Stream cipher diagram + + Recall: One-time pad in Chap. 2.

Stream cipher diagram + + Recall: One-time pad in Chap. 2.
© The McGraw-Hill Companies, Inc., 2008 第 6 章 製造流程的選擇與設計.

© The McGraw-Hill Companies, Inc., 2008 第 6 章 製造流程的選擇與設計.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 2 Data Encryption algorithms Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 2 Data Encryption algorithms Part II.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Monte Carlo Simulation Part.1 Dept. Phys., Tunghai Univ. Numerical Methods, C. T. Shih.

Monte Carlo Simulation Part.1 Dept. Phys., Tunghai Univ. Numerical Methods, C. T. Shih.
CH 15- 元件可靠度之驗證  驗證方法  指數模式之可靠度驗證  韋式模式之可靠度驗證  對數常態模式之可靠度驗證  失效數為零時之可靠度估算  各種失效模式之應用.

CH 15- 元件可靠度之驗證  驗證方法  指數模式之可靠度驗證  韋式模式之可靠度驗證  對數常態模式之可靠度驗證  失效數為零時之可靠度估算  各種失效模式之應用.
EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
觀測量的權 權的觀念與計算.

觀測量的權 權的觀念與計算.

Similar presentations

Ads by Google