# session 2 symmetric ciphers 1. stream cipher definition recall the vernam cipher: plaintext...

Post on 19-Dec-2015

213 views

Category:

## Documents

Embed Size (px)

TRANSCRIPT

• Slide 1
• Session 2 Symmetric ciphers 1
• Slide 2
• Stream cipher definition Recall the Vernam cipher: Plaintext 000110111101101 Ciphertext 110000101000110 (Running) key 110110010101011 (Running) key 110110010101011 Ciphertext 110000101000110 Plaintext 000110111101101 Key distribution centre Receiver Transmitter 2/85
• Slide 3
• Stream cipher definition Advantage of the Vernam cipher Unconditionally secure Disadvantage Requires one key bit for every plaintext bit Because of that, if the level of security is not the highest one (the red phone line, etc.), instead of the Vernam cipher, a stream cipher can be used 3/85
• Slide 4
• Stream cipher definition xixi Key zizi zizi yiyi xixi x i z i = y i y i z i = x i TRANSMITTERRECEIVER xixi Deterministic algorithm Key COMM. CHANNEL 4/85
• Slide 5
• Stream cipher definition The key is short much shorter than the length of the plaintext (on average) The key determines the initial state of a deterministic algorithm Based on the initial state, the algorithm generates the running key sequence The running key sequence bits are summed modulo 2 with the corresponding bits of the plaintext 5/85
• Slide 6
• Stream cipher definition Similarities and differences between the Vernam cipher and a stream cipher Vernam cipher (running key) Stream cipher (running key) Length text Length seq. YES Used once YES RandomnessPseudorandomness 6/85
• Slide 7
• Stream cipher properties do not satisfy the perfect secrecy conditions (the running key is not random but pseudorandom) possess practical secrecy; the level of security depends on the design advantage: the secret key is short it is the only piece of information that the transmitter and the receiver must share 7/85
• Slide 8
• The running key What are general characteristics of these sequences? What generators produce them? 8/85
• Slide 9
• The running key Pseudorandom sequences: long period pseudorandomness properties unpredictability etc. 9/85
• Slide 10
• The running key The running key sequences generated by pseudorandom sequence generators are ultimately periodic (i.e. they may have an aperiodic prefix) The period must be at least as long as the length of the plaintext In practice, this period is much longer 10/85
• Slide 11
• The running key Example: T = 2 100 - 1 1.26 10 30 bits If we generate 120 Mbits/s: V c = 1.2 10 8 bits/sec 3.33 10 14 years 22200 times the age of the universe (1.5 10 10 years) to generate the whole period 11/85
• Slide 12
• The running key Distribution of zeros and ones 0100110100111010110010010 a run of length k are k consecutive equal digits between two different digits. runs of zeros (gaps) runs of ones (blocks) 12/85
• Slide 13
• The running key Autocorrelation Autocorrelation in phase: Autocorrelation out of phase: A Number of coincidences D Number of no coincidences T Period k Shift Original seq.1011001010000111 Shifted seq.0010100001111011 13/85
• Slide 14
• The running key Golombs pseudorandomness postulates: G 1 : In each period of the considered sequence, the difference between the number of 1s and the number of 0s must not overcome unity 14/85
• Slide 15
• The running key Golombs postulates G 2 : In each period of the considered sequence, half of the runs, of the total number of observed runs, has the length 1, one fourth has the length 2, one eight has the length 3 etc. For each length, there will be the same number of blocks and gaps 15/85
• Slide 16
• The running key Golombs postulates G 3 : The autocorrelation AC(k) out of phase must be constant for each k 16/85
• Slide 17
• The running key Explanation of the Golombs postulates: G 1 : The 1s and 0s must appear along the sequence with the same probability G 2 : different n-grams (samples of n consecutive digits) must occur with the correct probability 17/85
• Slide 18
• The running key Explanation of the Golombs postulates G 3 : Computation of the coincidences between a sequence and its shifted versions must not give any information about the period of the sequence 18/85
• Slide 19
• The running key PN sequence (Pseudo-Noise): A finite sequence that satisfies the 3 Golombs postulates Its properties are equal to the properties of a random sequence with uniform distribution 19/85
• Slide 20
• The running key Unpredictability Given a part of a sequence of any length, a cryptanalyst cannot predict the next digit with a probability of success greater than 0.5 A measure of unpredictability: Linear complexity 20/85
• Slide 21
• The running key PN sequence generators Generators based on linear congruencies Generators based on feedback shift registers Linear feedback shift registers (LFSRs) Non-linear feedback shift registers etc. 21/85
• Slide 22
• Linear congruencies The recurrence of the type The parameters a, b and m can be used as the secret key X 0 is the seed that initializes the process 22/85
• Slide 23
• Linear congruencies If the parameters a, b and m are chosen in an appropriate way, the numbers X i are not repeated until they cover completely the segment [0,m -1] Example: 23/85
• Slide 24
• Linear congruencies Security of the generator: bad Given a sufficiently long portion of the sequence, it is possible to deduce the parameters m, a and b, i.e. the key 24/85
• Slide 25
• Feedback shift registers A feedback shift register (FSR): n flip-flops (stages) A feedback function to express each new element of the output sequence as a function of the n previous elements The contents of the flip-flops is shifted one position at every clock pulse 25/85
• Slide 26
• Feedback shift registers 26/85
• Slide 27
• Feedback shift registers The state of the register the contents of the stages between two clock pulses The initial state the contents of the stages at the moment of the beginning of the process 27/85
• Slide 28
• Feedback shift registers The state diagram of a FSR is cyclic if the feedback function is not singular, i.e. it has the form: 28/85
• Slide 29
• Feedback shift registers The period of the produced sequence depends on the number of stages n and the characteristics of the function g The maximum possible period is 2 n The key the initial contents of the FSR The feedback function can also be kept secret 29/85
• Slide 30
• Example 1: n =3 x1x1 x2x2 x3x3 g 0000 0010 0100 0110 1000 1011 1101 1110 Feedback shift registers 30/85
• Slide 31
• Example 1 Algebraic normal form of the function g : Feedback shift registers 31/85
• Slide 32
• Example 1 The DeBruijn graph - singular Feedback shift registers 32/85
• Slide 33
• Example 2: n =3 x1x1 x2x2 x3x3 g 0000 0011 0100 0111 1000 1011 1101 1110 Feedback shift registers 33/85
• Slide 34
• Example 2 Algebraic normal form of the function g : Feedback shift registers 34/85
• Slide 35
• Example 2 The DeBruijn graph non singular Feedback shift registers 35/85
• Slide 36
• Problems with non-linear FSR A systematic method of their analysis and manipulation does not exist the mathematical theory is not well developed The sequences generated by non-linear FSR have period 2 n De Bruijn sequences; these sequences do not satisfy the Golombs G 3 postulate Feedback shift registers 36/85
• Slide 37
• The most important devices for generation of pseudorandom sequences Their feedback function is a linear recurrence linear recurring sequences of order n Linear feedback shift registers 37/85
• Slide 38
• To avoid the null sequence, the initial state must be different from the all-zero state The largest number of different states is 2 n -1 Linear feedback shift registers 38/85
• Slide 39
• It is possible to associate the characteristic (feedback) polynomial to every linear recurrence Linear feedback shift registers 39/85
• Slide 40
• Example: A LFSR of length 4. Generated sequence: 1 1 1 0 1 0 1 1000 1100 1110 1111 0111 1011 0101 1010 Initial state Feedback polynomial Linear recurrence Linear feedback shift registers 40/85
• Slide 41
• The characteristics of the output sequence of the LFSR depend on the characteristics of the feedback polynomial The feedback polynomial can be: reducible irreducible primitive Linear feedback shift registers 41/85
• Slide 42
• 0001 1000 0100 1010 0101 0010 0000 0110 1011 1101 0011 1001 1100 1110 1111 0111 Linear feedback shift registers Example 1: Reducible feedback polynomial 42/85
• Slide 43
• LFSRs with reducible feedback polynomial: The length of the output sequence depends on the initial state Not adequate for use in cryptography Linear feedback shift registers 43/85
• Slide 44
• 0001 1000 1100 0110 0011 0000 0010 1001 0100 1010 0101 1111 0111 1011 1101 1110 Linear feedback shift registers

Recommended