Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stream Ciphers Making the one-time pad practical.

Published byAnastasia Robinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Stream Ciphers Making the one-time pad practical."— Presentation transcript:

1 Stream Ciphers Making the one-time pad practical

2 Breno de MedeirosFlorida State University Fall 2005 Binary One-Time Pad K[0]K[1]K[2]…K[n-2]K[n-1] M[0]M[1]M[2]…M[n-2]M[n-1] C[0]C[1]C[2]…C[n-2]C[n-1]     K[0]K[1]K[2]…K[n-2]K[n-1]  M[0]M[1]M[2]…M[n-2]M[n-1]

3 Breno de MedeirosFlorida State University Fall 2005 Idea behind stream ciphers Start with a fixed-length, shared secret. This is generally called the seed s. Use a procedure that, with the seed as input, generates a stream of bits that seems random, but which is in fact deterministically computable (from s). Use this stream (keystream) as the one-time pad: XOR it with the plaintext.

4 Breno de MedeirosFlorida State University Fall 2005 Types of Stream Ciphers A stream cipher is a finite state machine (finite input, fixed memory size, deterministic). Two main types: –Key-auto-Key (KAK, synchronous) -- state determined by last bits of keystream –Ciphertext-auto-key (CTAK, self- synchronizing) -- state determined by last bits of ciphertext

5 Breno de MedeirosFlorida State University Fall 2005 Linear Feedback Shift Registers Compute the parity of “tap” entries in a register Shift the register (right shift in the picture) Enter the parity bit in the new space (leftmost in picture)

6 Breno de MedeirosFlorida State University Fall 2005 Properties of Shift Registers Very efficient generators of pseudo-random sequences. Think of the newly computed bits as the output Generate provably long sequences before cycling Shift registers in crypto often results in weak ciphers, such as A5/x. However, the shrinking generator seems strong.

7 Breno de MedeirosFlorida State University Fall 2005 Shrinking Generator Two LFSR generate keystreams s k and t k If s k = 1, output t k If s k = 0, output nothing; increase k Buffer output in order to disguise timing delays which reveal information about the state of keystream s.

8 Breno de MedeirosFlorida State University Fall 2005 RC4 A state array of 256 bytes: S[0, …, 255] A key K, from 2 to 256 bytes: K[0, …, n] Initialize state as S[i] = i –FOR i = 0 … 255 j = j + S[i] + K[ i mod n] mod 256 SWAP(S[i], S[j])

9 Breno de MedeirosFlorida State University Fall 2005 RC4 Stream Generator i = 0; j= 0; WHILE(TRUE) –i = i + 1 mod 256; –j = j + S[i] mod 256; –SWAP(S[i], S[j]); –OUTPUT(S[ S[i] + S[j] mod 256] );

10 Breno de MedeirosFlorida State University Fall 2005 RC4 Weaknesses Initialization starts from a known state. –The first bytes of the RC4 key-stream are distinguishable from random output, and reveal information about the key. Recommendations: –Use random IVs, without ever re-using. –Generate strong pseudo-random keys –Drop initial bytes of key-stream practical: drop 768; paranoid: drop 3072

11 Breno de MedeirosFlorida State University Fall 2005 Is RC4 Insecure? RC4 has been well- studied. –No known methods to break RC4 (except brute- forcing the key) when used according to recommendations. –E.g.: Robust implementation of RC4 within SSL. RC4 was used in a very insecure way in the WEP protocol: –No method to distribute initial keys –Poor handling of IVs –No dropping of the first key-stream bytes 802.11.x took unnecessary risks.

12 Breno de MedeirosFlorida State University Fall 2005 Stream Cipher Summary Stream ciphers are efficient –Useful for secure communication with constrained devices (cell phones, smartcards) Good stream ciphers available (?) –Even as theoretical framework still in development Never re-use key-streams: must provide mechanism to change IV EVERYTIME.

Download ppt "Stream Ciphers Making the one-time pad practical."

Similar presentations

Computer Security Set of slides 4 Dr Alexei Vernitski.

Computer Security Set of slides 4 Dr Alexei Vernitski.
Block Cipher Modes of Operation and Stream Ciphers

Block Cipher Modes of Operation and Stream Ciphers
CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Introduction to Practical Cryptography Lectures 3/4 Stream Ciphers.

1 Introduction to Practical Cryptography Lectures 3/4 Stream Ciphers.
Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.

Syed Safi Uddin Qadri BETL/F07/0112 GSM Stream Cipher Algorithm Presented To Sir Adnan Ahmed Siddiqui.
Stream Ciphers Part 1  Cryptography 3 Stream Ciphers.

Stream Ciphers Part 1  Cryptography 3 Stream Ciphers.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Encryption/Decyprtion using RC4 Vivek Ramachandran.

Encryption/Decyprtion using RC4 Vivek Ramachandran.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Stream Ciphers.

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Stream Ciphers.
Announcements: Matlab: tutorial available at Matlab: tutorial available at

Announcements: Matlab: tutorial available at Matlab: tutorial available at
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
HSC: Building Stream Cipher from Secure Hash Functions Juncao Li Nov. 29 th 2007 Department of Computer Science Portland State University.

HSC: Building Stream Cipher from Secure Hash Functions Juncao Li Nov. 29 th 2007 Department of Computer Science Portland State University.
Stream cipher diagram + + Recall: One-time pad in Chap. 2.

Stream cipher diagram + + Recall: One-time pad in Chap. 2.
RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.

RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.
Foundations of Network and Computer Security J J ohn Black Lecture #34 Dec 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #34 Dec 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers.

Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers.
Cryptography and Network Security Chapter 6

Cryptography and Network Security Chapter 6
Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.

Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.

Similar presentations

Ads by Google