the family of block ciphers “sd-(n,k)” s. markovski d. gligoroski v. dimitrova a. mileva
TRANSCRIPT
THE FAMILY OF BLOCK CIPHERSTHE FAMILY OF BLOCK CIPHERS
““SD-(n,k)”SD-(n,k)”
S. Markovski
D. Gligoroski
V. Dimitrova
A. Mileva
NATO ARW, Velingrad 21-25 October 2006
2
Outline
Introduction Block ciphers Quasigroups Encryption/Decryption Algorithms Conclusion Future work
NATO ARW, Velingrad 21-25 October 2006
3
Introduction
We present a new family of block ciphers “SD-(n,k)“.
“SD-(n,k)“ is based on the properties of quasigroup operations and quasigroup string transformations.
This design allows choosing different level of security and different kind of performances.
NATO ARW, Velingrad 21-25 October 2006
4
Block ciphers
Block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation.
Plaintext
Ciphertext
EKey
Ciphertext
Plaintext
DKey
NATO ARW, Velingrad 21-25 October 2006
5
Block ciphers
To encrypt messages longer than block size a mode of operation is used
Basic mode of operation:ECB, CBC, OFB, CFB
Typical key size in bits are: 40, 56, 64, 80, 128, 192, 256,...
From 2001 standard is AES witch use– 128 bits for SECRET– 192 bits, 256 bits for TOP SECRET
NATO ARW, Velingrad 21-25 October 2006
6
ECB – Electronic Code Book
M0 ... MnM1
C0 ... CnC1
E ... EE
NATO ARW, Velingrad 21-25 October 2006
7
CBC – Cipher Block Chaining
M0 ... MnM1
C0 ... CnC1
E ... EE
IV
NATO ARW, Velingrad 21-25 October 2006
10
Quasigroup
Quasigroup (Q,*) is a groupoid satisfying the law:
(u,vQ)(!x,yQ)(x*u=v & u*y=v).
* 0 1 2 3
0 2 1 3 0
1 0 3 1 2
2 1 0 2 3
3 3 2 0 1 Q is a finite set. * is quasigroup oparation.
NATO ARW, Velingrad 21-25 October 2006
11
Latin square
Releated combinatorial structure is Latin square.
Latin square is an nxn matrix with elements from Q such that each row and column is a permutation of Q.
2 1 3 0
0 3 1 2
1 0 2 3
3 2 0 1
NATO ARW, Velingrad 21-25 October 2006
12
Quasigroup operations
Given a quasigroup (Q,*) two new operations, can be derived \ and / defined by:
x*y=z y=x\z x=z/y.
The algebra (Q,*,\,/) satisfies the identities:
x\(x*y)=y, x*(x\y)=y, (x*y)/y=x, (x/y)*y=x.
(Q,\), (Q,/) are qusigroups too.
NATO ARW, Velingrad 21-25 October 2006
13
Quasigroup operations
* 0 1 2 3
0 2 1 0 3
1 3 0 1 2
2 1 2 3 0
3 0 3 2 1
\ 0 1 2 3
0 2 1 0 3
1 1 2 3 0
2 3 0 1 2
3 0 3 2 1
/ 0 1 2 3
0 3 1 0 2
1 2 0 1 3
2 0 2 3 1
3 1 3 2 0
NATO ARW, Velingrad 21-25 October 2006
14
Quasigroup string transformations
We consider:– an alphabet A (finite set);– the set A+ of all nonempty finite words;– quasigroup operation *;– element lA (leader); =a1a2...an, where aiA.
We define:– 4 functions: el,*, dl,*, e’l,*,d’l,*:A+ A+.
NATO ARW, Velingrad 21-25 October 2006
15
Quasigroup string transformations
el,*()= b1b2...bn b1=l*a1, b2=b1*a2, ... bn=bn-1*an
a1 a2 ... an-1 an
l b1 b2 ... bn-1 bn
NATO ARW, Velingrad 21-25 October 2006
16
Quasigroup string transformations
dl,*()= c1c2...cn c1=l*a1, c2=a1*a2, ... cn=an-1*an
l a1 a2 ... an-1 an
c1 c2 ... cn-1 cn
NATO ARW, Velingrad 21-25 October 2006
17
Quasigroup string transformations
e’l,*()= b1b2...bn b1=a1*l, b2=a2*b1, ... bn=an*bn-1
a1 a2 ... an-1 an
l b1 b2 ... bn-1 bn
NATO ARW, Velingrad 21-25 October 2006
18
Quasigroup string transformations
d’l,*()= c1c2...cn c1=a1*l, c2=a2*a1, ... cn=an*an-1
l a1 a2 ... an-1 an
c1 c2 ... cn-1 cn
NATO ARW, Velingrad 21-25 October 2006
19
Quasigroup string transformations
Example:– A={0,1,2,3}, – l=0,– (A,*) and (A,\)
1021000000000112102201010300
’= e0,*() 1322130213021011211133013130
’’=d0,\(’) 1021000000000112102201010300
* 0 1 2 3
0 2 1 0 3
1 3 0 1 2
2 1 2 3 0
3 0 3 2 1
- =1021000000000112102201010300
\ 0 1 2 3
0 2 1 0 3
1 1 2 3 0
2 3 0 1 2
3 0 3 2 1
NATO ARW, Velingrad 21-25 October 2006
20
Quasigroup string transformations
Proposition 1: For each string MA+ and each leader lQ it holds that dl,\(el,*(M))=M=el,*(dl,\(M)), i.e. el,* and dl,\ are mutually inverse permutations of A+ ((el,*)-1= dl,\).
Proposition 2: For each string MA+ and each leader lQ it holds that d’l,/(e’l,*(M))=M=e’l,*(d’l,/(M)), i.e. e’l,* and d’l,/ are mutually inverse permutations of A+ ((e’l,*)-1= d’l,/).
NATO ARW, Velingrad 21-25 October 2006
21
Encryption/Decryption functions of “SD-(n,k)”
We use: – Blocks with length of n letters;– Key K=K0K1...Kn+4k-1, KiA , where k is number of
repeating of four different quasigroup string transformations in encryption/decryption functions;
– Input: plaintext m0m1...mn-1, miA
– Output: ciphertext c0c1...cn-1, ciA
We use: – Blocks with length of n letters;– Key K=K0K1...Kn+4k-1, KiA , where k is number of
repeating of four different quasigroup string transformations in encryption/decryption functions;
– Input: plaintext m0m1...mn-1, miA
– Output: ciphertext c0c1...cn-1, ciA
NATO ARW, Velingrad 21-25 October 2006
22
Encryption algorithm
EA1: For i=0 to n-1 do bi=Ki*mi
EA2: For j=0 to k-1 do
b0Kn+4j*b0
For i=0 to n-1 do bibi-1*bi
bn-1Kn+4j+1*bn-1
For i=n-1 down to 1 do bi-1bi*bi-1
b0b0 *Kn+4j+2
For i=1 to n-1 do bibi*bi-1
bn-1bn-1 * Kn+4j+3
For i=n-1 down to 1 do bi-1bi-1*bi
EA3: For i=0 to n-1 do ci=Ki*bi
EA1: For i=0 to n-1 do bi=Ki*mi
EA2: For j=0 to k-1 do
b0Kn+4j*b0
For i=0 to n-1 do bibi-1*bi
bn-1Kn+4j+1*bn-1
For i=n-1 down to 1 do bi-1bi*bi-1
b0b0 *Kn+4j+2
For i=1 to n-1 do bibi*bi-1
bn-1bn-1 * Kn+4j+3
For i=n-1 down to 1 do bi-1bi-1*bi
EA3: For i=0 to n-1 do ci=Ki*bi
NATO ARW, Velingrad 21-25 October 2006
23
Decryption algorithm
DA1: For i=0 to n-1 do bi=Ki\ci
DA2: For j=k-1 down to 0 do
For i=1 to n-1 do bi-1bi-1/bi
bn-1bn-1 /Kn+4j+3
For i=n-1 down to 1 do bibi/bi-1
b0b0 /Kn+4j+2
For i=1 to n-1 do bi-1bi\bi-1
bn-1Kn+4j+1 \ bn-1
For i=n-1 down to 1 do bibi-1\bi
b0Kn+4j\b0
DA3: For i=0 to n-1 do mi=Ki\bi
DA1: For i=0 to n-1 do bi=Ki\ci
DA2: For j=k-1 down to 0 do
For i=1 to n-1 do bi-1bi-1/bi
bn-1bn-1 /Kn+4j+3
For i=n-1 down to 1 do bibi/bi-1
b0b0 /Kn+4j+2
For i=1 to n-1 do bi-1bi\bi-1
bn-1Kn+4j+1 \ bn-1
For i=n-1 down to 1 do bibi-1\bi
b0Kn+4j\b0
DA3: For i=0 to n-1 do mi=Ki\bi
NATO ARW, Velingrad 21-25 October 2006
24
Encryption/Decryption algorithms
The algorithms EAK and DAK for fixed K can be considered as transformations of the set An
EAK(DAK(m0m1...mn-1))=m0m1...mn-1
DAK(EAK(m0m1...mn-1))=m0m1...mn-1.
Theorem: The transformations EAK and DAK are permutations of the set An.
The algorithms EAK and DAK for fixed K can be considered as transformations of the set An
EAK(DAK(m0m1...mn-1))=m0m1...mn-1
DAK(EAK(m0m1...mn-1))=m0m1...mn-1.
Theorem: The transformations EAK and DAK are permutations of the set An.
NATO ARW, Velingrad 21-25 October 2006
25
Conclusion
– This is a new family of block ciphers.– Very flexible design.– Easy implementation.– It has a large range of applications.
– This is a new family of block ciphers.– Very flexible design.– Easy implementation.– It has a large range of applications.
NATO ARW, Velingrad 21-25 October 2006
26
Future Work
– Cryptanalysis of “SD-(n,k)”.– Practical implementation.– Design improvement.
– Cryptanalysis of “SD-(n,k)”.– Practical implementation.– Design improvement.