Cryptography. Summer Term 2010

Similar documents
Cryptography. Dr. Michael Schneider Chapter 10: Pseudorandom Bit Generators and Stream Ciphers

Chapter 6 Random Number Generation

Network Security. Random Number Generation. Chapter 6. Network Security (WS 2003): 06 Random Number Generation 1 Dr.-Ing G.

Random and Pseudorandom Bit Generators

Cryptography and Network Security Chapter 7

Double-DES, Triple-DES & Modes of Operation

Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91

Chapter 6 Contemporary Symmetric Ciphers

Practical Aspects of Modern Cryptography

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

Information Security CS526

Cipher Suite Configuration Mode Commands

Information Security CS526

Chapter 6: Contemporary Symmetric Ciphers

U-II BLOCK CIPHER ALGORITHMS

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

CSE 127: Computer Security Cryptography. Kirill Levchenko

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

T Cryptography and Data Security

Cryptography MIS

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Cryptography Functions

Analysis of Cryptography and Pseudorandom Numbers

Network Security Essentials Chapter 2

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Blum-Blum-Shub cryptosystem and generator. Blum-Blum-Shub cryptosystem and generator

Computer Security: Principles and Practice

Basic principles of pseudo-random number generators

Stream Ciphers - RC4. F. Sozzani, G. Bertoni, L. Breveglieri. Foundations of Cryptography - RC4 pp. 1 / 16

CIS 4360 Secure Computer Systems Symmetric Cryptography

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Stream Ciphers An Overview

AN INTEGRATED BLOCK AND STREAM CIPHER APPROACH FOR KEY ENHANCEMENT

Winter 2011 Josh Benaloh Brian LaMacchia

Network Security Essentials

Introduction to Cryptography. Lecture 3

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

T Cryptography and Data Security

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

Introduction to Cryptography. Lecture 3

Computer Security CS 526

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Introduction to Cryptography. Vasil Slavov William Jewell College

Security. Communication security. System Security

Analysis, demands, and properties of pseudorandom number generators

About notation. Outline. Keying material and algorithm abstraction. T Cryptosystems. Symmetric algorithms

Stream Ciphers. Çetin Kaya Koç Winter / 13

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Cryptography BITS F463 S.K. Sahay

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Full Plaintext Recovery Attack on Broadcast RC4

Computational Security, Stream and Block Cipher Functions

Cryptography and Network Security

Cryptography (Overview)

Lecture 1 Applied Cryptography (Part 1)

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

Data Integrity & Authentication. Message Authentication Codes (MACs)

Data Encryption Standard (DES)

Applied Cryptography and Computer Security CSE 664 Spring 2018

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Symmetric Key Cryptography

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

3 Symmetric Cryptography

Comp527 status items. Crypto Protocols, part 2 Crypto primitives. Bart Preneel July Install the smart card software. Today

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

Introduction to Symmetric Cryptography

CSC 774 Network Security

Stream Ciphers. Koç ( ucsb ccs 130h explore crypto fall / 13

Stream Ciphers. Stream Ciphers 1

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

An implementation of super-encryption using RC4A and MDTM cipher algorithms for securing PDF Files on android

There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has

CSC 474/574 Information Systems Security

PASSWORDS & ENCRYPTION

TLS (TRANSPORT LAYER SECURITY) PROTOCOL

CPSC 467: Cryptography and Computer Security

RC4 Stream Cipher with a Random Initial State

Cryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi

Cryptography [Symmetric Encryption]

Network Security Technology Project

Secret Key Cryptography

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Different attacks on the RC4 stream cipher

Security Policy Document Version 3.3. Tropos Networks

Cryptography III: Symmetric Ciphers

Implementation of Modified RC4 Algorithm for Wireless Sensor Networks on CC2431

CPS2323. Symmetric Ciphers: Stream Ciphers

CPSC 467b: Cryptography and Computer Security

Block ciphers, stream ciphers

B) Symmetric Ciphers. B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers

Encryption. INST 346, Section 0201 April 3, 2018

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Implementation of Modified Chaos- based Random Number Generator for Text Encryption

Cache Timing Attacks in Cryptography

Data Integrity & Authentication. Message Authentication Codes (MACs)

Cryptography. Dr. Michael Schneider October 10, 2017 h_da WS2017/18 Security Protocols Dr. Michael Schneider 1

Syrvey on block ciphers

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

ISA 562: Information Security, Theory and Practice. Lecture 1

Transcription:

Cryptography Summer Term 2010 Harald Baier Chapter 3: Pseudo Random Bit Generators and Stream Ciphers

Contents Random bits and pseudo random bits Stream ciphers Harald Baier Cryptography h_da, Summer Term 2010 2

Contents Random bits and pseudo random bits Stream ciphers Source: http://www.xkcd.com/221/ Harald Baier Cryptography h_da, Summer Term 2010 3

Cryptographic applications of (pseudo) random bits Key streams for symmetric stream ciphers: ciphertext = plaintext XOR keystream We need a keystream which is as long as the plaintext. Key generation of symmetric block ciphers: Let l denote the key length in bits (e.g. l = 128 for AES) What is the attack complexity of a brute force attack, if every bit is truly random? if the key is derived from s truly random bits and then mapped to the whole key using a public mapping f (e.g. f = SHA-256)? Key generation of public / private key pairs Harald Baier Cryptography h_da, Summer Term 2010 4

Random bit generators Definition: Device or algorithm which outputs a sequence of statistically independent and unbiased binary digits. Examples? Generation of random numbers in 2 steps: Generate enough bits Map the bit string to a number Examples: Find a random integer in the interval [0, n]. Find a random real number in the interval [1,3]. Harald Baier Cryptography h_da, Summer Term 2010 5

Pseudo random bit generators (PRBG) Definition: A deterministic algorithm. Input (= seed) is a short truly random bit string of length k. Output is a bit string of length l» k seeming to be random. Remarks: The pseudo random bit sequence of length l is not random: There are 'only' 2^k different pseudo random sequences. BUT: There are 2^l different random sequences. An adversary SHALL not efficiently distinguish between truly random sequences and pseudo random sequences. Harald Baier Cryptography h_da, Summer Term 2010 6

The seed is crucial for security openssl-bug in Debian distribution: Seed was initialised with process ID On a Linux platform: s = 15 Every Debian generated RSA, AES,... key for use in TLS or SSH may be affected Time period: September 2006 May 2008 CVE-2008-0166: OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debianbased operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. Harald Baier Cryptography h_da, Summer Term 2010 7

Elementary tests for PRBG Polynomial-time statistical test: No polynomial-time algorithm can distinguish between truly random bits and pseudo random bits with probability significantly greater than 50%. Next-bit test: There is no polynomial-time algorithm which knows the first k bits of a PRBG but can not predict the k+1 bit with probability significantly greater than 50%. Such a PRBG is called a Cryptographically Secure PRBG (CSPRBG) Harald Baier Cryptography h_da, Summer Term 2010 8

A general concept for computational secure PRBG The concept is based on a one-way function f : f may be a cryptographically strong hash function. f may be a symmetric encryption scheme using a secret key. Input is a seed s. Output is the sequence f(s), f(s+1), f(s+2),... Often only a few bits of f(s+i) are used to hide correlations. Examples: PRBG in TLS (f makes use of an HMAC) PRBG of ANSI X9.17 (f makes use of Triple-DES) Harald Baier Cryptography h_da, Summer Term 2010 9

Example of a PRBG from ANSI Properties: Source: Handbook of Applied Cryptography ANSI X9.17 PRBG is 'only' computational secure. It is not a CSPRBG. Harald Baier Cryptography h_da, Summer Term 2010 10

Example of a CSPRBG: BBS Source: Handbook of Applied Cryptography Lenore Blum, Manuel Blum, and Michael Shub A Simple Unpredictable Pseudo-Random Number Generator SIAM Journal on Computing, volume 15, pages 364 383, 1986 Harald Baier Cryptography h_da, Summer Term 2010 11

Further information on BBS Variations of BBS: Output r least significant bits in step 3.2: Take care to hide correlations. Only O(log(log(n))) bits shall be output in one step. Output the parity bit of x i. Properties of Blum-Blum-Shub PRBG: BBS is a CSPRBG under the assumption that factoring integers is intractable I.e. BBS is a provable secure PRBG. n has to be chosen as for RSA (bit length about 2048). A relatively slow PRBG due to modulo squaring. Harald Baier Cryptography h_da, Summer Term 2010 12

Contents Random bits and pseudo random bits Stream ciphers Harald Baier Cryptography h_da, Summer Term 2010 13

Basic idea of stream ciphers Recapitulation of Vernam's cipher: c = m XOR k k is a truly random bit string as long as the message m. Unconditionally secure. Idea of stream ciphers: Replace truly random key string in Vernam's cipher by a pseudo-random sequence. The only source of true randomness is the seed: The symmetric key is essentially the seed. Expand it to a long key stream using a PRBG Harald Baier Cryptography h_da, Summer Term 2010 14

Model of stream ciphers (1/2) Finite state machine of the key stream. Two states: The current state of the machine. Update function to get the updated state. Mapping: Output filter to map the current state of the key stream to a an output bit / byte. Security requirement: Hide correlation between key bits (i.e. the seed) and output bits. Harald Baier Cryptography h_da, Summer Term 2010 15

Model of stream ciphers (2/2) Source: Nigel Smart Harald Baier Cryptography h_da, Summer Term 2010 16

A famous stream cipher: RC4 Officially 'Alleged RC4' for license reasons. Invented by Ron Rivest (the 'R' in RSA). RC = Ron's Cipher = Ron's Code = Rivest Cipher Remark: RC2, RC5, RC6 are symmetric block ciphers. Key length: 40 2048 bits Very fast in software and very easy to remember. Harald Baier Cryptography h_da, Summer Term 2010 17

RC4: Internal state An array S of 256 bytes: Every byte 0, 1,..., 255 appears exactly once. Initially we have S[i] = i for all 0 <= i <= 255. Then S is permuted in some key dependent way: Key Scheduling Algorithm (KSA). Two pointers to elements of S: The pointer i is increased by 1 in each step. The pointer j is updated in some key and state dependent way. The pointers are used within the Pseudo Random Generation Algorithm (PRGA). Harald Baier Cryptography h_da, Summer Term 2010 18

RC4: Key Scheduling Algorithm Let K be a key-dependent array of 256 bytes: If the input key k is shorter then 256 bytes (=2048 bits), concatenate k as often as necessary to get K. Generate the key-dependent array S as follows: for i=0 to 255 do S[i]=i; j = 0; for i=0 to 255 do { } j = ( j + S[i] + K[i] ) % 256; swap( S[i], S[j] ); Harald Baier Cryptography h_da, Summer Term 2010 19

RC4: Pseudo Random Generation Algorithm Initialisation: i=0; j=0; Generation of the next byte of the key stream: i = ( i + 1 ) % 256; j = ( j + S[i]) % 256; swap( S[i], S[j] ); tmp = ( S[i] + S[j] ) % 256; output( S[tmp] ); Every line needs to be there to make RC4 a secure cipher. Harald Baier Cryptography h_da, Summer Term 2010 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback