isaac stream cipher
TRANSCRIPT
Activity-ISAAC
Submitted By A18
Anoop Betigeri 2BV11CS014
Chaitra Besthar 2BV11CS024
Megha Byali 2BV11CS045
Radhika patil 2BV11CS073
WHAT IS STREAM CIPHER !!!
Key + Nounce =
Keystream
Plaintext Xor'd
With Keystream =
Ciphertext
Ciphertext Xor'd
With same
keystream=Plaintext
What is ISSAC is….
ISSAC stands for Indirection, Shift, Accumulate, Add, and Count.
It is a cryptographically secure pseudorandom number generator.
It is stream cipher designed by Robert J. Jenkins Jr in 1996.
ISAAC is fast especially when optimised and portable to most architectures in nearly all programming and scripting languages.
How ISSAC came up!!
● Based on the RC4 stream cipher
● Basic structure of RC4:
○ Starts with a 256-byte array, filled
with the golden ratio, then modified
with bytes of the key.
○ Each keystream bit modifies the
array
Issues addresssed
RC4 has a few issues, namely dealing with bias.
● Some sequences are more likely to occur than others- bias.
○ This is due to initialization of RC4 to avoid short cycles: sequences that will result in the keystream repeating earlier than expected.
● First few bytes of the keystream are significantly less random and give information about the key.
How Expansion Happened!!
● Robert Jenkins produced a number of ciphers attempting to expand on RC4
○ IA- gives values based on sum of values in array rather than individual values. Still prone to bias.
○ IBAA- adds an accumulator (rotating value based off array value) to deal with bias issues. Does not appear to have bias, and short cycles are significantly reduced from what would be expected in RC4.
ISSAC origin
The IBAA implementation is taken by
Robert and he adds a counter
incremented once per call.
○ This removes any chance of short
cycles, as even if the sequence would
normally cycle, the counter is different
and thus the sequence is different.
○ Estimated cycle length is 2^8287
calls.
Operation..
The ISAAC algorithm has similarities with RC4.
It uses an array of 256 four-octet integers as the internal state, writing the results to another 256 four-octet integer array, from which they are read one at a time until empty, at which point they are recomputed.
The computation consists of altering i-element with (i⊕128)-element, two elements of the state array found by indirection, an accumulator, and a counter, for all values of ifrom 0 to 255.
Since it only takes about 19 32-bit operations for each 32-bit output word, it is very fast on 32-bit computers.
Cryptanalysis on ISSAC
It has been undertaken by Marina
Pudovkina
Her attack can recover the initial state
with a complexity that is approximated to
be less than the time needed for
searching through the square root of all
possible initial states.
In practice this means that the attack
needs 4.67×10^1240 instead
of 10^2466. This result has had no
practical impact on the security of
ISAAC.
Cryptanalysis contd…
In 2006 Jean-Philippe Aumasson discovered several sets of weak states.
It is not clear if an attacker can tell from just the output whether the generator is in one of these weak states or not.
There was error in last attack made after Aumason and the reason was errorneousalgorithm rather than the real ISAAC.
An improved version of ISAAC is proposed, called ISAAC+.
Practical usage..Many implementations of ISAAC are so fast that they
can compete with other high speed PRNGs, even with
those designed primarily for speed not for security.
Only a few other generators of such high quality and
speed exist in usage.
ISAAC is used in the Unix tool ”shred” to securely
overwrite data.
This makes it suitable for applications where a
significant amount of random data needs to be
produced quickly, such solving using the Monte Carlo
method or for games.
How It happens…
The RNG should then be seeded with
the string "this is my secret key" and
finally the message "a Top Secret
secret" should be encrypted on that
key.
Your program's output ciphertext will
be a string of hexadecimal digits.
. Optional: Include a decryption check
by re-initializing ISAAC and
performing the same encryption pass
on the ciphertext.
Encryption method..
Two encryption schemes are possible:
XOR (Vernam)
Caesar-shift mod 95
Alternative sample view.
Message: a Top Secret secret
Key : this is my secret key
XOR : 1C0636190B1260233B35125F1E1D0E2F4C542
MOD : 734270227D36772A783B4A5F206266236978
XOR dcr: a Top Secret secret
MOD dcr: a Top Secret secret
About Isaac
No official seeding method for ISAAC has been published, but for this task we may as well just inject the bytes of our key into the randrsl array, padding with zeroes before mixing, like so.
ISAAC can of course also be initialized with a single 32-bit unsigned integer in the manner of traditional RNGs, and indeed used as such for research and gaming purposes.
PROGRAM ELEMENTS …1.MIX FUNCTION
Used with eight integers that will contain traces of the key: designed to ensure array elements will not reflect key.
mix(a,b,c,d,e,f,g,h) { a^=b<<11; d+=a; b+=c; b^=c>>2; e+=b; c+=d; c^=d<<8; f+=c; d+=e; d^=e>>16; g+=d; e+=f; e^=f<<10; h+=e; f+=g; f^=g>>4; a+=f; g+=h; g^=h<<8; b+=g; h+=a; h^=a>>9; c+=h; a+=b; }
PROGRAM ELEMENTS.. 2.INITIALIZATION 1
Loads eight elements of the key
into integers, runs the mix()
function to randomize them, then
loads them into eight elements of
the array. Repeats until key is
exhausted.
for (i=0; i<RANDSIZ; i+=8)
{
a+=r[i ]; b+=r[i+1]; c+=r[i+2];
d+=r[i+3];
e+=r[i+4]; f+=r[i+5]; g+=r[i+6];
h+=r[i+7];
mix(a,b,c,d,e,f,g,h);
m[i ]=a; m[i+1]=b; m[i+2]=c;
m[i+3]=d;
m[i+4]=e; m[i+5]=f; m[i+6]=g;
m[i+7]=h;
}
PROGRAM ELEMENTS-
3.INITIALIZATION 2
Routine then runs a second pass to mix more thoroughly, loading elements of the array instead of elements of the key into the integers this time.for (i=0; i<RANDSIZ; i+=8){a+=m[i ]; b+=m[i+1]; c+=m[i+2]; d+=m[i+3];e+=m[i+4]; f+=m[i+5]; g+=m[i+6]; h+=m[i+7];mix(a,b,c,d,e,f,g,h);m[i ]=a; m[i+1]=b; m[i+2]=c; m[i+3]=d;m[i+4]=e; m[i+5]=f; m[i+6]=g; m[i+7]=h;}
Program Elements4.GenerationThe rngstep function is the main function for the the ISAAC key generator.
rngstep(mix,a,b,mm,m,m2,r,x){
x = *m;
a = (a^(mix)) + *(m2++);
*(m++) = y = ind(mm,x) + a + b;
*(r++) = b = ind(mm,y>>8) + x;
}
What this essentially does is
stores the current memory into a register
set the new value of accumulator
set the next bit of memory to the addition of the 2-9 bits of x or the current memory with the accumulator and previous result
Lastly the results array is incremented and set to the addition of x and the 10-17 bits of y bit shifted right by 8
Program Elements5. Main Loop 1 b = ctx->randb + (++ctx-
>randc);
for (m = mm, mend = m2 = m+(RANDSIZ/2); m<mend; )
{
rngstep( a<<13, a, b, mm, m, m2, r, x);
rngstep( a>>6 , a, b, mm, m, m2, r, x);
rngstep( a<<2 , a, b, mm, m, m2, r, x);
rngstep( a>>16, a, b, mm, m, m2, r, x);
}
Adds the counter to element B, then calls rngstep()
function four times with different bitshifts of A for
the mix.
Program Elements:
6.Main Loop 2
Second loop just
iterates with M2
going from first
element to mend,
calling rngstep
four times
eachiteration.
Designed to
ensure that m2 is
at each array
index for at least
one rngstep.
ISSAC+
To fix some of weaknesses, we modify ISAAC’s algorithm,
We call the corresponding pseudo-random generator ISAAC+. The modifications: we add ⊕a to avoid the biases observed, perform rotations (symbols ≪, ≫) instead of shifts, so as to get more diffusion from the state bits, and replace an addition by a XOR to reduce the linearity
CONCLUSION and FUTURE PLAN
Its possible to understand the
thoroughly as stream cipher was
introduced in course.
ISSAC applications in real life can be
mapped with the learnt concept.
Its implementation can also be made
easily using C
“For every lock there is a Key…
It is better to KEEP SAFE YOUR LOCK THAN THE KEY”