# session 1 stream ciphers 1. introduction if the level of security is not the highest one, instead of...

Post on 03-Jan-2016

213 views

Embed Size (px)

TRANSCRIPT

Classical Cryptography

Session 1Stream ciphers 1 1IntroductionIf the level of security is not the highest one, instead of the Vernam cipher, a stream cipher can be used.Stream cipherA deterministic algorithm produces a pseudo-noise sequence (PN-sequence)Satisfies the 3 Golombs postulates.The key is short much shorter than the plaintext - practical.2/65IntroductionxiKey zi ziyixixi zi = yiyi zi = xiTRANSMITTERRECEIVERxiDeterministic algorithmDeterministic algorithmKey COMM. CHANNEL3/65Linear feedback shift registersLFSR theory is developed enough to enable thorough analysis of the properties of the output sequence of a PN sequence generator containing LFSRs.Because of that, the vast majority of PN generators are designed by combining LFSRs and non-linear Boolean functions.4/65Linear feedback shift registersA linear feedback shift register (LFSR):n single-symbol memory cells (stages)A linear feedback function to express each new symbol of the output sequence as a linear function of the n previous symbolsThe contents of the flip-flops is shifted one position at every clock pulse5/65Linear feedback shift registers

6/65g linear!Linear feedback shift registersThe state of the register the contents of the stages between two clock pulsesThe initial state the contents of the stages at the moment of the beginning of the process7/65Linear feedback shift registersThe state diagram of a LFSR is never singular, because the linear feedback function satisfies the non-singularity condition:

8/65Linear feedback shift registersThe maximum possible period of the output sequence is 2n-1.The all-zero initial state is not used, because in that case only all-zero sequence would be produced.The key the initial contents of the LFSR.

9/65The feedback function g of a LFSR is a linear recurrence linear recurring sequences of order n

Linear feedback shift registers10/65It is possible to associate the characteristic (feedback) polynomial to every linear recurrence

Analysis of the properties of the output sequence is made easier in such a way.

Linear feedback shift registers11/65 Example: An LFSR of length 4.Generated sequence: 1 1 1 0 1 0 1 10001100111011110111101101011010

Initial stateFeedback polynomialLinear recurrenceLinear feedback shift registers12/6512The characteristics of the output sequence of the LFSR depend on the characteristics of the feedback polynomialThe feedback polynomial can be:reducibleirreducibleprimitiveLinear feedback shift registers13/65000110000100101001010010

0000011010111101001110011100111011110111

Linear feedback shift registersExample 1: Reducible feedback polynomial14/6514LFSRs with reducible feedback polynomial:The length of the output sequence depends on the initial stateNot adequate for use in cryptography

Linear feedback shift registers15/6500011000110001100011

000000101001010010100101

11110111101111011110

Linear feedback shift registersExample 2: Irreducible feedback polynomial16/6516LFSRs with irreducible feedback polynomial:The length of the output sequence does not depend on the initial state (except the all-zero state)The period T is a factor of , L is the length of the LFSRNot adequate for use in cryptography

Linear feedback shift registers

17/65 0000100011001110111101111011010110101101011000111001010000100001PN-sequence (m-sequence)The maximum possible period for this type of generator111010110010001 ..

Linear feedback shift registersExample 3: Primitive feedback polynomial18/6518LFSRs with primitive feedback polynomial:The length of the sequence does not depend on the initial state (except the all-zero state)The period is Adequate for use in cryptography, because the output sequence satisfies all the Golombs postulates

Linear feedback shift registers

19/65Thus, to use LFSRs in pseudorandom sequence generators we need primitive polynomials.How do we get them?We need some basic concepts of abstract algebra groups, rings, Galois fields.

Linear feedback shift registers20/65GroupsA group is an algebraic structure consisting of a non-empty set G and a binary operation such that the following axioms of the group are satisfied:ClosureAssociativityExistence of the identity (neutral) elementExistence of the inverse element for each element of G.21/65

GroupsClosureAssociativity

Existence of the neutral element

Existence of the inverse elements22/65

GroupsMultiplicative group - the operation * is the multiplication, i.e. The identity element is 1The inverse element is x -1Additive group - the operation * is the sum, i.e. +The identity element is 0The inverse element is x23/65GroupsExamples of additive groups:Z, Q, R, C , where the operation is the sum modulo n.Examples of multiplicative groups: , , where the operation is the multiplication modulo n 24/65

GroupsIf in the group G the operation * fulfils the commutative property, i.e.

then G is a commutative or Abelian groupIf G is a finite group, the number of elements in G is called order of G and is represented by #G.25/65

GroupsAn element gG is a generator of G if every element of G can be written as a power of g. G is then a cyclic groupThe cyclic group:

26/65

GroupsExample: show that 5 is a generator of Z1227/65

GroupsA nonempty subset H of G is called subgroup of G if it is closed for the operation * and the inversion, i.e.

The Lagrange theorem:If G is a finite group and H is its subgroup, then #H divides #G, i.e.

28/65

GroupsExamples:A group of order 8 can have subgroups of order 2 and 4, but not of order 3 or 6.A finite group, whose order is a prime number cannot have its own subgroups.

29/65GroupsThe order of an element gG of a finite group is the least positive integer k such that g k=e.If k is the order of gG, then {e, g, g 2,, g k -1} is a subgroup of G.Corollary of the Lagrange theorem:In a finite group, the order of each element divides the order of the group.30/65GroupsExample: a subgroup of Z8:

31/65

RingsA ring is an algebraic structure consisting of a non-empty set G and 2 binary operations called summation, i.e. + and multiplication, i.e. such that the following holds:(G,+) is an abelian groupThe structure (G,) : closure, associativity and the existence of the neutral elementMultiplication distributes over addition, i.e.32/65

FieldsA field is an algebraic structure consisting of a non-empty set G and 2 binary operations called summation, i.e. + and multiplication, i.e. such that the following holds:(G,+) is an abelian group the additive group of the field(G \{0},) is an abelian group the multiplicative group of the fieldMultiplication distributes over addition.33/65FieldsEvery field is a ring but the converse is not trueThe difference isThe structure (G \{0},) of the field is a commutative group and in a general ring this is not required.34/65FieldsExamples:Field of rational numbers Q.If p is a prime number, then Zp is a fieldZp is an additive commutative group.(Zp) is a multiplicative commutative group.35/65Finite fieldsA finite field is a field with a finite number of elements, i.e. the set G is finite.Theorem (1)(i) The number of elements of a finite field F must be equal to the power of a prime number, i.e. #F =p m.p is the characteristic of the field.The field is represented by GF(p m ) (Galois Field).36/65Finite fieldsTheorem (2)(ii) There is only one finite field of p m elements. If we fix an irreducible polynomial f (x ) of degree m with coefficients in Zp, the elements of GF(p m ) are represented as polynomials with coefficients in Zp of degree

Recommended