DISTRIBUTED DIFFERENTIAL CRIPTANALYSIS OF FEAL - 8
|
|
- Ralf Todd
- 5 years ago
- Views:
Transcription
1 BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LV (LIX), Fasc. 1, 2009 SecŃia AUTOMATICĂ şi CALCULATOARE DISTRIBUTED DIFFERENTIAL CRIPTANALYSIS OF FEAL - 8 BY MIHAI HORIA ZAHARIA and *EUGEN CAZACU Abstract. In this paper a distributed approach for differential cryptanalysis of Fast Data Encipherment Algorithm (FEAL) 8 is presented. Because that algorithm is intensive computational, a mesh mapping using hypercube routing approach is used. A centralized client-server implementation was chosen. The simple partition of the problem is used in client job generation. Also, an example of MPI code is presented in order to underline the method appliance. \ Key words: distributed computing, differential attack, Feistel Cipher Mathematics Subject Classification: 68P25, 68N Introduction The differential cryptanalysis represents a theoretical method developed to reduce the searchable solution space in the case of attack of Feistel based ciphers or stream ciphers. The official history of cryptanalysis had begun in 1980 when Eli Biham and Adi Shamir published a Data Encryption Standard (DES) attack analysis using this technique. Anyhow, in a presentation made in 2006 about the history of cryptanalysis, Eli Biham claimed that the IBM knew about technique from 1974 and also that NSA knew. This assumption is based on the paper of Don Coppersmith [4]. Not all modern algorithms are sensitive to this type of attack (e.g. Advanced Encryption Standard - AES). There are also many varieties of these techniques, like: high order, truncated, impossible differential cryptanalysis, and the latest boomerang attack. That proves the high importance of this approach in order to maintain studies to improve the speed of the process. After DES, the next targets were FEAL 4, 8 and NX versions were studied by the cryptanalysts by using this method. The classic approach using
2 52 Mihai Horia Zaharia and Eugen Cazacu the known plain text approach was the most efficient one. Although for newer classes of improved ciphers the time begins to be unfeasible if the algorithm is executed onto a single machine. Of course, a supercomputer may be used but the costs become too high. In this context, a distributed approach clearly provides us a cheap method to increase the efficiency of this type of attack. In this paper a way of using distributing computing to decrease the method execution time is presented. The solution is very scalable and can be implemented into any type of cluster using any type of operating system 2. The FEAL 8 Algorithm Feistel based ciphers are yet used due to their simplicity that allows to be used in various applications within a medium security and lower or medium available computing power needs by the designers both at hardware or software levels. Fast Data Encipherment Algorithm or FEAL is a Feistel based cipher similar with DES but using a much simpler f function presented in Fig. 1 [6]. Fig. 1 FEAL - 8 base function. This algorithm class was designed especially for 8-bits microcontrollers. The result is that the algorithm use only byte oriented operations and avoids bits permutations as the look-up tables use. Unfortunately, this comes with a price, as is expected FEAL- 4 or 8 were proven to be more sensitive to attacks than the old DES. Even the increase of key length to 16 or 32 did not offer a security greater than DES [7].
3 Bul. Inst. Polit. Iaşi, t. LV (LIX), f. 1, The function f(a,y) depicted in Fig. 1 will map a 32 x 16 bits pair into a 32 bits output value. In this situation, only two 8 x 8 bits substitution tables also known as S-boxes are used. Each of them will map a 8 x 8 entry into a 8 bits output as it is presented in Table 1. Table 1 Returned Value U = (U 0, U 1, U 2, U 3 ) by the Functions f and f k U f(a,y) U f k (A,B) t 1 = (A 0 A 1 ) Y 0 A 0 A 1 t 2 = U 1 = U 2 = U 0 = U 3 = (A 2 A 3 ) Y 1 S 1 (t 1,t 2 ) S 0 (t 2,U 1 ) S 0 (A 0,U 1 ) S 1 (A 3,U 2 ) A 2 A 3 S 1 (t 1,t 2 B 0 ) S 0 (t 2,U 1 B 1 ) S 0 (A 0, U 1 B 2 ) S 1 (A 3, U 2 B 3 ) Each S-box sums one bit d {0,1 at the x and y arguments without taking into account the resulted carry and rotates the result as in Eq. (1). (1) S d ( x, y) = rotate twice( x+ y+ d mod 256). The key generator uses a function f k ( A, B), similar with the function f presented in Table 1, where A i, B i, Y i, t i and U i are represented using 8 bits, that will map two 32 bits entry into a 32 bits output. Most of the fundamental operators used are linear except the 256 modulo sum. This implies a fast implementation of the algorithm and little memory requirement. 3. FEAL 8 Cryptanalysis First of all, it is necessary to assume some notations that will be used in the following: a) n x represents a hexadecimal number with an index x; b) Ω P and Ω T are real input information and related encrypted output. The differential cryptanalysis attack using chosen text over FEAL 8 uses around 1000 information pairs that correspond to input data [2]. The input data are random chosen using the constraint Ω P =A x. This approach is used because six round characteristic with a 1/128 probability
4 54 Mihai Horia Zaharia and Eugen Cazacu (Fig. 2) where not all the Ω T bits are established. Five shorter characteristic are derived from the first rounds of Fig. 2 as follows: from first round the probability is 1, from first two and three rounds the probability is 1/4 and using the fifth and sixth round a 1/16 probability is obtained. Using the same techniques as the ones presented by Eli Biham and Adi Shamir for making the differential cryptanalysis of the full 16-round DES [3], the FEAL 8 may be reduced round by round beginning with the seventh rounds and finishing with only one. Fig. 2 Six round characteristic. The process is simpler than in the DES case [3] due to the inherent FEAL 8 simplicity by comparison with DES. Anyhow, the process needs enough computing resources in order to support a parallel or distributed approach. 4. FEAL 8 Distribution of Cryptanalysis Fig. 3. The main idea in implementing differential cryptanalysis is given in
5 Bul. Inst. Polit. Iaşi, t. LV (LIX), f. 1, DATA SETS PAIRS FILTER COMPUTE KEYS THE KEY Fig. 3 Differential cryptanalysis application. The flow of input pairs is filtered and the key is statistically computed using the keys resulted from filtered pairs. Fig. 4 Differential cryptanalysis distributed application architecture. The needed computing power for filtering the pairs is less than the one needed in numbering algorithm. That is the reason to use in some cases only the parallelization of keys computing algorithm. This approach decreases the network communication because the rejected keys are not transmitted. In the case of DES the number of bad keys is over 99%. The architecture of distributed application used to compute differential cryptanalysis is presented in Fig. 4. The high level pseudo code of this approach is presented in the following: a) Server sends the filtered or not pairs to clients; b) Server filters the keys if needed; c) Selected keys are used to count the possible keys;
6 56 Mihai Horia Zaharia and Eugen Cazacu d) The vectors with the possible keys are synchronized with the clients; e) The key with maximum probability is sent back to the server. The parallel approach is possible due to the independence between processes involved in any needed key to be computed. In order to minimize the cost of the keys vector synchronization a proper communication topology must be chosen. Usually for FEISTEL based algorithms a mesh topology is suitable. 5. FEAL-8 Approach In this case the used topology will be mesh. There are necessary much synchronization for computing subkeys on each round. The pairs emitted by server are unfiltered because one pair that can be incorrect into one round can be suitable into another. The pairs are successively used to compute the needed subkeys that are applied in each round. The algorithm used by server is presented as follows: 1. The server will assign a different port to each client in the cluster. This is necessary to handle client from the subnetworks that share the same IP. 2. The server will upload to each client the complete list with all active clients. In case of sequential run this list will be empty. 3. The communications will be made by broadcast over a hypercube. This have a log(n) complexity where n is the number of active clients. If there are not enough clients to fill a dimension d = ceil(log2(n)), 2 d > n then 0...(2 d -n) clients will emulate clients n 2 d. 4. The communications will be made in d steps. On each step the clients will exchange messages on dimensions 0...(d-1) and in step j the client i will communicate with i 2j, where the client with bit j=1 will be server and the client with bit j=0 will be client. In Fig. 5 the connection from clients, with d=3, where clients 4 7 can be emulate is presented. 5. Then the server will number the pair per each client into ClientLoad list. 6. The first split is in five parts to all clients and the process is repeated. 7. Each client will send a message to server each time when he finish to process a pair and this one will update the ClientLoad list. 8. The client with minimal value from ClientLoad list is elected and new work is given until the job is finished. 9. The server will wait until the clients finish their jobs and then will receive the following information from each client: a) Initial key computed if the algorithm succeed or an error message; b) The input and output traffic of the client; c) The sum of all wait times when the client communicate with others.
7 Bul. Inst. Polit. Iaşi, t. LV (LIX), f. 1, a) b) c) d) Fig. 5 Hypercube broadcast: a initial distribution of messages; b distribution before second step; c distribution before step 3; d final distribution. In the following, an example of method implementation using MPI is presented: # include //needed libraries int main(int argc, char** argv) { MPI Init(&argc, &argv); int rank; int size; int vect[50]; int tmpvect[50]; int virtualvect[50];
8 58 Mihai Horia Zaharia and Eugen Cazacu int virtualtmpvect[50]; //rank, and dimension computing MPI Status status; MPI Comm rank(mpi COMM WORLD, &rank); MPI Comm size(mpi COMM WORLD, &size); //vector setup with the needed information for other clients fill(vect, vect+size, 0); fill(tmpvect, tmpvect+size, 0); fill(virtualvect, virtualvect+size, 0); fill(virtualtmpvect, virtualtmpvect+size, 0); vect[rank] = rank; int d = ceil(log2((double)size)); //virtual clients init int hasvirtual[50]; int virtualpartener[50]; fill(virtualpartener, virtualpartener+size, -1); fill(hasvirtual, hasvirtual+size, -1); iota(virtualpartener+size, virtualpartener+(1<<d), 0); int hasvirtualsize = (1<<d) -size; iota(hasvirtual, hasvirtual+((1 <d) -size), size); //print virtual clients vector if(0 == rank) { copy(virtualpartener, virtualpartener+(1<<d), ostream iterator<int>(cout, )); cout << endl; copy(hasvirtual, hasvirtual+size, ostream iterator<int>(cout, )); cout << endl; MPI Barrier(MPI COMM WORLD); //all to all communication for(int i = 0; i < d; ++i) { if(hasvirtual[rank]!= -1) { int partener = hasvirtual[rank]ˆ(1<<i); if(partener >= size) partener = virtualpartener[partener]; MPI Send(&virtualVect, size, MPI INT, partener, 13, MPI COMM WORLD); MPI Recv(&virtualTmpVect, size, MPI INT, partener, 13, MPI COMM WORLD, &status); transform(virtualvect, virtualvect+size, virtualtmpvect, virtualvect, plus<int>()); int partener = rankˆ(1<<i); if(partener >= size) partener = virtualpartener[partener]; MPI Send(&vect, size, MPI INT, partener, 13, MPI COMM WORLD); MPI Recv(&tmpvect, size, MPI INT, partener, 13, MPI COMM WORLD, &status); transform(vect, vect+size, tmpvect, vect, plus<int>()); //print results for(int i=0; i<size; ++i) {if(rank == i) {cout << rank << : ; copy(vect, vect+size, ostream iterator<int>(cout, )); cout << endl; MPI Barrier(MPI COMM WORLD); return 0;
9 Bul. Inst. Polit. Iaşi, t. LV (LIX), f. 1, The client should follow the steps: 1. Waits the server to initiate computing process; 2. Receives his listen port for synchronizing with the other clients; 3. Receives the list with other clients; 4. The client begins to process the I/O pairs in accordance with the differential cryptanalysis algorithm. When a pair processing is finished, the server is announced to send the next one pair and so on; 5. When the key vector computing is finished, the client connects with another client and receives the key vector. Then, it uses the values from their vectors to update its own vector; 6. If the connection is simulated then the client sends initial a null vector that will be initiated with the received values. If the receiver is the same as emitter, than no communication is made just a local update of the vector virtualvect[]; 7. The key computing continues and before electing maximum from vector the previous synchronization step is done again; 8. The process stops when a good key is found or the algorithm fails. 4. Conclusions In this paper, it is presented a method of using cluster computing in speeding cryptanalysis specific techniques implementation. This is needed due to the fact that the differential cryptanalysis is a very complex method but has the inherent advantage of greatly decrease of the solution space. Even so breaking an algorithm designed especially to be resistant at almost brute force attack approach is intensive computational. The use of a computing cluster gives the possibility to obtain the solution of the problem in reasonable time. One of the results is that the chosen communication model is essential in order to make an efficient implementation of the distributed approach for differential cryptanalysis. The method used in problem parallelization gives to this approach a good scalability. Received: January 12, 2009 Gheorghe Asachi Technical University of Iaşi, Department of Computer Science and Engineering mike@cs.tuiasi.ro *Continental Automotive System the_e57@yahoo.com R E F E R E N C E S 1. Biham E., Dunkelman O., Keller N., Enhancing Differential-Linear Cryptanalysis. In LNCS, Springer-Verlag London, UK, 2002, Vol. 2501, Biham E., Shamir A., Differential Cryptanalysis of Feal and N-Hash. In LNCS, Springer-Verlag London, UK, 1995, Vol. 547, Biham E., Shamir A., Differential Cryptanalysis of the Full 16-Round DES. In LNCS,
10 60 Mihai Horia Zaharia and Eugen Cazacu Springer-Verlag London, UK, 1992, Vol. 740, Coppersmith D., The Data Encryption Standard (DES) and its Strength Against Attacks. IBM Journal of Research and Development 38, 3, 243, Lipmaa H., Moriai S., Efficient Algorithms for Computing Differential Properties of Addition. In LNCS, Springer-Verlag London, UK, 2001, Vol. 2355, Menezes A., Oorschot P., Vanstone S., Handbook of Applied Cryptography, Boca Raton, FL, US, CRC Press, * * * CRIPTANALIZA DIFERENłIALĂ DISTRIBUTĂ APLICATĂ A ALGORITMULUI FEAL - 8 (Rezumat) Este binecunoscut faptul că o tehnică de criptare este bună pentru a proteja o anumită informańie numai dacă costurile implicate în atacul respectivei metode depăşesc valoarea respectivei informańii. Pornind de la această afirmańie, încă de la începuturile criptografiei moderne s-a dezvoltat în paralel domeniul analizei rezistenńei la atacuri teoretice şi practice ale metodelor criptografice numit uzual criptanaliză. Deşi reprezintă în general apanajul unei clase de specialişti dedicańi, posibilităńile actuale ale tehnicii de calcul permit o creştere a vitezei de spargere fără a conduce la costuri suplimentare mari. Ca rezultat, această lucrare prezintă tehnica de folosire a calculului distribuit în acest scop, luând ca exemplu criptanaliza diferenńială a unui algoritm Feistel simplu cum este FEAL 8. Trebuie menńionat că această tehnică deşi nu poate fi aplicată cu succes asupra tuturor cifrurilor bloc de ultimă generańie cum este AES, are încă o serie de aplicańii şi prezintă încă potenńial de cercetare. Acest lucru este dovedit şi de variantele apărute ulterior cum este criptanaliza diferenńială de tipul generalizat (engl. high order ) trunchiată şi nu în ultimul rând atacul de tip bumerang. În lucrare este prezentată şi o exemplificare a abordării propuse folosind o implementare bazată pe o bibliotecă de tip MPI (Message Passing Interface).
SELF-ADAPTABLE SECURITY ARCHITECTURE FOR POWER-AWARE EMBEDDED SYSTEMS
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LVI (LX), Fasc. 3, 2010 SecŃia AUTOMATICĂ şi CALCULATOARE SELF-ADAPTABLE SECURITY ARCHITECTURE
More informationA SIMPLIFIED IDEA ALGORITHM
A SIMPLIFIED IDEA ALGORITHM NICK HOFFMAN Abstract. In this paper, a simplified version of the International Data Encryption Algorithm (IDEA) is described. This simplified version, like simplified versions
More informationThe Rectangle Attack
The Rectangle Attack and Other Techniques for Cryptanalysis of Block Ciphers Orr Dunkelman Computer Science Dept. Technion joint work with Eli Biham and Nathan Keller Topics Block Ciphers Cryptanalysis
More informationDifferential-Linear Cryptanalysis of Serpent
Differential-Linear Cryptanalysis of Serpent Eli Biham 1, Orr Dunkelman 1, and Nathan Keller 2 1 Computer Science Department, Technion, Haifa 32000, Israel {biham,orrd}@cs.technion.ac.il 2 Mathematics
More informationVARIATION OF INTERNAL FORCES USING ARTIFICIAL NEURONAL NETWORK
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Volumul 63 (67), Numărul 1, 2017 Secţia CONSTRUCŢII. ARHITECTURĂ VARIATION OF INTERNAL FORCES USING
More informationDifferential Cryptanalysis
Differential Cryptanalysis See: Biham and Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer Verlag, 1993. c Eli Biham - March, 28 th, 2012 1 Differential Cryptanalysis The Data
More informationBOOLEAN FUNCTION DECOMPOSITION BASED ON FPGA BASIC CELL STRUCTURE
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LXI (LXV), Fasc. 1, 2015 SecŃia AUTOMATICĂ şi CALCULATOARE BOOLEAN FUNCTION DECOMPOSITION BASED
More informationLinear Cryptanalysis of Reduced Round Serpent
Linear Cryptanalysis of Reduced Round Serpent Eli Biham 1, Orr Dunkelman 1, and Nathan Keller 2 1 Computer Science Department, Technion Israel Institute of Technology, Haifa 32000, Israel, {biham,orrd}@cs.technion.ac.il,
More informationABOUT MANUFACTURING PROCESSES CAPABILITY ANALYSIS
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LIX (LXIII), Fasc. 4, 013 Secţia CONSTRUCŢII DE MAŞINI ABOUT MANUFACTURING PROCESSES CAPABILITY
More informationLinear Cryptanalysis of FEAL 8X Winning the FEAL 25 Years Challenge
Linear Cryptanalysis of FEAL 8X Winning the FEAL 25 Years Challenge Yaniv Carmeli Joint work with Prof. Eli Biham CRYPTODAY 2014 FEAL FEAL Published in 1987, designed by Miyaguchi and Shimizu (NTT). 64-bit
More informationAUTONOMOUS ROBOT NAVIGATION BASED ON FUZZY LOGIC AND REINFORCEMENT LEARNING
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi, Tomul LVI (LX), Fasc. 4, 2010 Secţia CONSTRUCŢII DE MAŞINI AUTONOMOUS ROBOT NAVIGATION BASED ON FUZZY
More informationImproved Truncated Differential Attacks on SAFER
Improved Truncated Differential Attacks on SAFER Hongjun Wu * Feng Bao ** Robert H. Deng ** Qin-Zhong Ye * * Department of Electrical Engineering National University of Singapore Singapore 960 ** Information
More informationA NOVEL SYSTOLIC ALGORITHM FOR 2-D DISCRETE SINE TRANSFORM
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LIX (LXIII), Fasc. 3, 2013 Secţia ELECTROTEHNICĂ. ENERGETICĂ. ELECTRONICĂ A NOVEL SYSTOLIC ALGORITHM
More informationDierential-Linear Cryptanalysis of Serpent? Haifa 32000, Israel. Haifa 32000, Israel
Dierential-Linear Cryptanalysis of Serpent Eli Biham, 1 Orr Dunkelman, 1 Nathan Keller 2 1 Computer Science Department, Technion. Haifa 32000, Israel fbiham,orrdg@cs.technion.ac.il 2 Mathematics Department,
More informationA Related Key Attack on the Feistel Type Block Ciphers
International Journal of Network Security, Vol.8, No.3, PP.221 226, May 2009 221 A Related Key Attack on the Feistel Type Block Ciphers Ali Bagherzandi 1,2, Mahmoud Salmasizadeh 2, and Javad Mohajeri 2
More informationFundamentals of Cryptography
Fundamentals of Cryptography Topics in Quantum-Safe Cryptography June 23, 2016 Part III Data Encryption Standard The Feistel network design m m 0 m 1 f k 1 1 m m 1 2 f k 2 2 DES uses a Feistel network
More informationNew Cryptanalytic Results on IDEA
New Cryptanalytic Results on IDEA Eli Biham, Orr Dunkelman, Nathan Keller Computer Science Dept., Technion Dept. of Electrical Engineering ESAT SCD/COSIC, KUL Einstein Institute of Mathematics, Hebrew
More informationNew Cryptanalytic Results on IDEA
New Cryptanalytic Results on IDEA Eli Biham, Orr Dunkelman, Nathan Keller Computer Science Dept., Technion Dept. of Electrical Engineering ESAT SCD/COSIC, KUL Einstein Institute of Mathematics, Hebrew
More informationMAC LEVEL BASED QUALITY OF SERVICE MANAGEMENT IN IEEE NETWORKS
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LVII (LXI), Fasc. 4, 2011 SecŃia ELECTROTEHNICĂ. ENERGETICĂ. ELECTRONICĂ MAC LEVEL BASED QUALITY
More informationA STUDY ON CLASSIFIERS ACCURACY FOR HAND POSE RECOGNITION
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LIX (LXIII), Fasc. 2, 2013 SecŃia AUTOMATICĂ şi CALCULATOARE A STUDY ON CLASSIFIERS ACCURACY
More informationSymmetric Cryptography. Chapter 6
Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream
More informationCryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles
Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working
More informationCourse Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here
Course Business Midterm is on March 1 Allowed to bring one index card (double sided) Final Exam is Monday, May 1 (7 PM) Location: Right here 1 Cryptography CS 555 Topic 18: AES, Differential Cryptanalysis,
More informationANALYSIS OF DATA TRANSMITTED BETWEEN THE SERVER AND THE CLIENT THROUGH DIFFERENT TYPES OF COMMUNICATION
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LIX (LXIII), Fasc. 1, 2013 Secţia ELECTROTEHNICĂ. ENERGETICĂ. ELECTRONICĂ ANALYSIS OF DATA TRANSMITTED
More informationCPS2323. Block Ciphers: The Data Encryption Standard (DES)
Block Ciphers: The Data Encryption Standard (DES) Content Block Ciphers: Constructing Pseudo Random Permutations using confusion/diffusion A call for an industry standard... and the NSA Lucifer and Feistel
More informationData Encryption Standard
ECE 646 Lecture 6 Data Encryption Standard Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th Edition, Chapter 3: Block Ciphers and the Data Encryption Standard Chapter 6.1: Multiple
More informationLecture 2: Secret Key Cryptography
T-79.159 Cryptography and Data Security Lecture 2: Secret Key Cryptography Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi 1 Reminder: Communication Model Adversary Eve Cipher, Encryption
More informationSelf evaluation of FEAL-NX
Self evaluation of FEAL-NX 1 Evaluation of security 1.1. Differential cryptanalysis In extending differential cryptanalysis, Aoki, Kobayashi, and Moriai [1] greatly reduced the computational amount needed
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationSymmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.
Symmetric Key Encryption Symmetric Key Encryption and 3- Tom Chothia Computer Security: Lecture 2 Padding Block cipher modes Advanced Encryption Standard ( AES ) AES is a state-of-the-art block cipher.
More informationA Methodology for Differential-Linear Cryptanalysis and Its Applications
A Methodology for Differential-Linear Cryptanalysis and Its Applications Jiqiang Lu Presenter: Jian Guo Institute for Infocomm Research, Agency for Science, Technology and Research, 1 Fusionopolis Way,
More informationSecret Key Cryptography (Spring 2004)
Secret Key Cryptography (Spring 2004) Instructor: Adi Shamir Teaching assistant: Eran Tromer 1 Background Lecture notes: DES Until early 1970 s: little cryptographic research in industry and academcy.
More informationMODELING THE FORCE-ELONGATION CURVE OF SINGLE YARNS
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LVI (LX), Fasc. 1, 2010 SecŃia TEXTILE. PIELĂRIE MODELING THE FORCE-ELONGATION CURVE OF SINGLE
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationpage 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas
Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher
More informationPRNGs & DES. Luke Anderson. 16 th March University Of Sydney.
PRNGs & DES Luke Anderson luke@lukeanderson.com.au 16 th March 2018 University Of Sydney Overview 1. Pseudo Random Number Generators 1.1 Sources of Entropy 1.2 Desirable PRNG Properties 1.3 Real PRNGs
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working on Stern's code, principally with
More informationReport on Present State of CIPHERUNICORN-A Cipher Evaluation (full evaluation)
Report on Present State of CIPHERUNICORN-A Cipher Evaluation (full evaluation) January 28, 2002 Masayuki Kanda, Member Symmetric-Key Cryptography Subcommittee 1 CIPHERUNICORN-A CIPHERUNICORN-A was presented
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationA Weight Based Attack on the CIKS-1 Block Cipher
A Weight Based Attack on the CIKS-1 Block Cipher Brian J. Kidney, Howard M. Heys, Theodore S. Norvell Electrical and Computer Engineering Memorial University of Newfoundland {bkidney, howard, theo}@engr.mun.ca
More informationStudy and Analysis of Symmetric Key-Cryptograph DES, Data Encryption Standard
Study and Analysis of Symmetric Key-Cryptograph DES, Data Encryption Standard Dr Atul Gonsai #1, Naimish Kakkad *2, Bhargavi Goswami $3, Dr Nikesh Shah @4 # Department of MCA, Saurashtra University, @
More informationTeam RZC: Fast Data Encipherment Algorithm (FEAL)
Team RZC: Fast Data Encipherment Algorithm (FEAL) Zachary Miller (zrm6085@rit.edu) Carlos Leonardo (cal3678@rit.edu) FEAL Algorithm FEAL [1] is a Block Cipher that normally includes eight Feistel Rounds
More informationOn the Design of Secure Block Ciphers
On the Design of Secure Block Ciphers Howard M. Heys and Stafford E. Tavares Department of Electrical and Computer Engineering Queen s University Kingston, Ontario K7L 3N6 email: tavares@ee.queensu.ca
More informationPrivate-Key Encryption
Private-Key Encryption Ali El Kaafarani Mathematical Institute Oxford University 1 of 50 Outline 1 Block Ciphers 2 The Data Encryption Standard (DES) 3 The Advanced Encryption Standard (AES) 4 Attacks
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationUnderstanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009
Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 29 These slides were prepared by Daehyun Strobel, Christof
More informationBlock Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan
Block Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan Block ciphers Keyed, invertible Large key space, large block size A block of plaintext is treated as a whole and used
More informationWeak Keys. References
Weak Keys The strength of the encryption function E K (P) may differ significantly for different keys K. If for some set WK of keys the encryption function is much weaker than for the others this set is
More informationLecture 3: Block Ciphers and the Data Encryption Standard. Lecture Notes on Computer and Network Security. by Avi Kak
Lecture 3: Block Ciphers and the Data Encryption Standard Lecture Notes on Computer and Network Security by Avi Kak (kak@purdue.edu) January 12, 2013 11:13am c 2013 Avinash Kak, Purdue University Goals:
More informationCryptanalysis of malware encrypted output files. Nelson Uto CPqD
Cryptanalysis of malware encrypted output files Nelson Uto CPqD Agenda Introduction. Cryptanalysis of File #1. Cryptanalysis of File #2. Cryptanalysis of File #3. Introduction CPqD was hired by a big Brazilian
More informationHill Cipher with Parallel Processing Involving Column, Row Shuffling, Permutation and Iteration on Plaintext and Key
International Journal of Computer Networks and Security, ISSN:25-6878, Vol.23, Issue.2 7 Hill Cipher with Parallel Processing Involving Column, Row Shuffling, Permutation and Iteration on Plaintext and
More informationThe Security of Elastic Block Ciphers Against Key-Recovery Attacks
The Security of Elastic Block Ciphers Against Key-Recovery Attacks Debra L. Cook 1, Moti Yung 2, Angelos D. Keromytis 2 1 Alcatel-Lucent Bell Labs, New Providence, New Jersey, USA dcook@alcatel-lucent.com
More informationCHECKING THE HOMOGENEITY OF CONCRETE USING ARTIFICIAL NEURAL NETWORK
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LXI (LXV), Fasc., 05 Secţia CONSTRUCŢII. ARHITECTURĂ CHECKING THE HOMOGENEITY OF CONCRETE USING
More informationNew attacks on the MacDES MAC Algorithm. 1st July Two new attacks are given on a CBC-MAC algorithm due to Knudsen and Preneel, [2],
New attacks on the MacDES MAC Algorithm Don Coppersmith IBM Research T. J. Watson Research Center Yorktown Heights, NY 10598, USA copper@watson.ibm.com Chris J. Mitchell Information Security Group Royal
More informationPLC APPLICATION FOR BRUSHLESS MOTOR POSITIONING
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Volumul 64 (68), Numărul 2, 2018 Secţia ELECTROTEHNICĂ. ENERGETICĂ. ELECTRONICĂ PLC APPLICATION FOR
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationPOST-RENDERING ENHANCEMENT OF VOLUMES
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LV (LIX), Fasc. 3, 2009 SecŃia AUTOMATICĂ şi CALCULATOARE POST-RENDERING ENHANCEMENT OF VOLUMES
More informationDESIGN AND REAL TIME IMPLEMENTATION OF MULTIPLE-MODEL CONTROL SOLUTION FOR SOME CLASSES OF NONLINEAR PROCESSES
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LVII (LXI), Fasc. 1, 2011 SecŃia AUTOMATICĂ şi CALCULATOARE DESIGN AND REAL TIME IMPLEMENTATION
More information6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a
More informationIntroduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space
Perfect Cipher Introduction to Cryptography Lecture 2 Benny Pinkas What type of security would we like to achieve? Given C, the adversary has no idea what M is Impossible since adversary might have a-priori
More informationKey Separation in Twofish
Twofish Technical Report #7 Key Separation in Twofish John Kelsey April 7, 2000 Abstract In [Mur00], Murphy raises questions about key separation in Twofish. We discuss this property of the Twofish key
More informationAPPLICATIONS OF MICROSOFT EXCEL - SOLVER FOR HORIZONTAL AND LEVELLING NETWORKS ADJUSTMENT
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Volumul 63 (67), Numărul 1-2, 2017 Secţia HIDROTEHNICĂ APPLICATIONS OF MICROSOFT EXCEL - SOLVER FOR
More informationA Block Cipher using Feistal s Approach Involving Permutation and Mixing of the Plaintext and the Additive Inverse of Key Matrix
Journal of omputer Science 4 (): 7-4, 8 ISSN 549-3636 8 Science Publications A Block ipher using Feistal s Approach Involving Permutation and Mixing of the Plaintext and the Additive Inverse of Key Matrix
More informationA Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher
A Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher Lu Xiao and Howard M. Heys 2 QUALCOMM Incorporated, lxiao@qualcomm.com 2 Electrical and Computer Engineering, Faculty
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationElastic Block Ciphers: The Feistel Cipher Case
Elastic Block Ciphers: The Feistel Cipher Case Debra L. Cook Moti Yung Angelos D. Keromytis Department of Computer Science Columbia University, New York, NY dcook,moti,angelos @cs.columbia.edu Technical
More informationLecture 3: Symmetric Key Encryption
Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07
More informationA COMPETENT ALGORITHM TO FIND THE INITIAL BASIC FEASIBLE SOLUTION OF COST MINIMIZATION TRANSPORTATION PROBLEM
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LIX (LXIII), Fasc. 1, 016 Secţia AUTOMATICĂ şi CALCULATOARE A COMPETENT ALGORITHM TO FIND THE
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationPreliminary Cryptanalysis of Reduced-Round Serpent
Preliminary Cryptanalysis of Reduced-Round Serpent Tadayoshi Kohno 1,JohnKelsey 2, and Bruce Schneier 2 1 Reliable Software Technologies kohno@rstcorp.com 2 Counterpane Internet Security, Inc. {kelsey,schneier}@counterpane.com
More informationOn the Security of the 128-Bit Block Cipher DEAL
On the Security of the 128-Bit Block Cipher DAL Stefan Lucks Theoretische Informatik University of Mannheim, 68131 Mannheim A5, Germany lucks@th.informatik.uni-mannheim.de Abstract. DAL is a DS-based block
More informationInternational Journal for Research in Applied Science & Engineering Technology (IJRASET) Performance Comparison of Cryptanalysis Techniques over DES
Performance Comparison of Cryptanalysis Techniques over DES Anupam Kumar 1, Aman Kumar 2, Sahil Jain 3, P Kiranmai 4 1,2,3,4 Dept. of Computer Science, MAIT, GGSIP University, Delhi, INDIA Abstract--The
More informationUNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan
UNIT - II Traditional Symmetric-Key Ciphers 1 Objectives To define the terms and the concepts of symmetric key ciphers To emphasize the two categories of traditional ciphers: substitution and transposition
More informationData Encryption Standard
ECE 646 Lecture 7 Data Encryption Standard Required Reading W. Stallings, "Cryptography and Network-Security," 5th Edition, Chapter 3: Block Ciphers and the Data Encryption Standard Chapter 6.1: Multiple
More informationc Eli Biham - March 13, Cryptanalysis of Modes of Operation (4) c Eli Biham - March 13, Cryptanalysis of Modes of Operation (4)
Single Modes: the S Modes of Operation Modes of Operation are used to hide patterns in the plaintexts, protect against chosen plaintext attacks, and to support fast on-line encryption with precomputation.
More informationPGP: An Algorithmic Overview
PGP: An Algorithmic Overview David Yaw 11/6/2001 VCSG-482 Introduction The purpose of this paper is not to act as a manual for PGP, nor is it an in-depth analysis of its cryptographic algorithms. It is
More informationAN INTEGRATED BLOCK AND STREAM CIPHER APPROACH FOR KEY ENHANCEMENT
AN INTEGRATED BLOCK AND STREAM CIPHER APPROACH FOR KEY ENHANCEMENT 1 MANIKANDAN.G, 2 MANIKANDAN.R, 3 RAJENDIRAN.P, 4 KRISHNAN.G, 5 SUNDARGANESH.G 1 Assistant Professor, School of Computing, SASTRA University,
More informationThe MESH Block Ciphers
The MESH Block Ciphers Jorge Nakahara Jr, Vincent Rijmen, Bart Preneel, Joos Vandewalle Katholieke Universiteit Leuven, Dept. ESAT/SCD-COSIC, Belgium {jorge.nakahara,bart.preneel,joos.vandewalle}@esat.kuleuven.ac.be
More informationBiclique Attack of the Full ARIA-256
Biclique Attack of the Full ARIA-256 Shao-zhen Chen Tian-min Xu Zhengzhou Information Science and Technology Institute Zhengzhou 450002, China January 8, 202 Abstract In this paper, combining the biclique
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationCryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái
Cryptography and Network Security Block Ciphers + DES Lectured by Nguyễn Đức Thái Outline Block Cipher Principles Feistel Ciphers The Data Encryption Standard (DES) (Contents can be found in Chapter 3,
More informationCryptographic Algorithms - AES
Areas for Discussion Cryptographic Algorithms - AES CNPA - Network Security Joseph Spring Department of Computer Science Advanced Encryption Standard 1 Motivation Contenders Finalists AES Design Feistel
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationA COMPETENT ALGORITHM TO FIND THE INITIAL BASIC FEASIBLE SOLUTION OF COST MINIMIZATION TRANSPORTATION PROBLEM
BULETINUL INSTITUTULUI POLITEHNIC DIN IAŞI Publicat de Universitatea Tehnică Gheorghe Asachi din Iaşi Tomul LXI (LXV), Fasc., 05 SecŃia AUTOMATICĂ şi CALCULATOARE A COMPETENT ALGORITHM TO FIND THE INITIAL
More informationarxiv: v2 [cs.cr] 10 Sep 2015
XCRUSH: A Family of ARX Block Ciphers arxiv:1509.02584v2 [cs.cr] 10 Sep 2015 Evan Saulpaugh evan.saulpaugh@gmail.com September 8, 2015 Abstract. The XCRUSH family of non-feistel, ARX block ciphers is designed
More informationCryptanalysis. Andreas Klappenecker Texas A&M University
Cryptanalysis Andreas Klappenecker Texas A&M University How secure is a cipher? Typically, we don t know until it is too late Typical Attacks against Encryption Algorithms Ciphertext only attack: The attacker
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 4 The Advanced Encryption Standard (AES) Israel Koren ECE597/697 Koren Part.4.1
More informationAn Overview of Cryptanalysis Research for the Advanced Encryption Standard
An Overview of Cryptanalysis Research for the Advanced Encryption Standard Alan Kaminsky, Rochester Institute of Technology Michael Kurdziel, Harris Corporation Stanisław Radziszowski, Rochester Institute
More informationCryptanalysis. Ed Crowley
Cryptanalysis Ed Crowley 1 Topics Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types 2 Cryptanalysis Science of cracking ciphers and codes, decoding secrets,
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationChapter 6: Contemporary Symmetric Ciphers
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?
More informationA New Technique for Sub-Key Generation in Block Ciphers
World Applied Sciences Journal 19 (11): 1630-1639, 2012 ISSN 1818-4952 IDOSI Publications, 2012 DOI: 10.5829/idosi.wasj.2012.19.11.1871 A New Technique for Sub-Key Generation in Block Ciphers Jamal N.
More informationCryptography ThreeB. Ed Crowley. Fall 08
Cryptography ThreeB Ed Crowley Fall 08 Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types Cryptanalysis. Science of cracking ciphers and codes, decoding secrets,
More informationJournal of Global Research in Computer Science A UNIFIED BLOCK AND STREAM CIPHER BASED FILE ENCRYPTION
Volume 2, No. 7, July 2011 Journal of Global Research in Computer Science RESEARCH PAPER Available Online at www.jgrcs.info A UNIFIED BLOCK AND STREAM CIPHER BASED FILE ENCRYPTION Manikandan. G *1, Krishnan.G
More informationWeak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis
3. 2 13.57 Weak eys for a Related-ey Differential Attack Weak eys of the Full MISTY1 Block Cipher for Related-ey Cryptanalysis Institute for Infocomm Research, Agency for Science, Technology and Research,
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationNew Approach for Modifying Blowfish Algorithm by Using Multiple Keys
IJCSNS International Journal of Computer Science and Network Security, VOL. No.3, March 20 2 New Approach for Modifying Blowfish Algorithm by Using Multiple Keys Afaf M. Ali Al-Neaimi, Rehab F. Hassan
More informationBlock Encryption and DES
Block Encryption and DES Plain Text Block 1 Block 2 Block 3 Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available
More information