• Home

  • Documents

  • Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream...
9
1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007

Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:

Embed Size (px)

Citation preview

Page 1: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:

1

Analysis and Design of Stream Ciphers

Simon Fischer and Willi Meier

MICS Workshop, July 3 2007

Page 2: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:

2

Stream Ciphers

Use cipher to secure communication over insecure channel. Stream ciphers are very simple and fast.

• Profile 1: Optimised for software applications with high throughput requirements.

• Profile 2: Optimised for hardware applications with restricted resources.

Page 3: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:

3

Applications

Stream ciphers of profile 2 can be used in mobile devices such as:

• Cell phones

• Sensor networks

• RFID‘s

Well-known examples are the stream ciphers of GSM and Bluetooth, but both of them are insecure…

Page 4: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:

4

eSTREAM

European project eSTREAM was initiated in 2004.

Algorithm designers were invited to submit new stream cipher proposals.

Winners will be elected in 2008.

►34 submissions►Strong competition

Page 5: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:

5

Our contributions

(1) Submitted own design (jointly with University Lund): "Grain".

(2) We have analysed the security of some other submissions:

• Complete break of a weak submission

• Confirmed the security of one promising submission

• Improved a previous attack

• Observed partial weakness

Page 6: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:

6

The submission "Grain"

It can be implemented with very low hardware, it is efficient, and supposed to be secure.

One of the top candidates for eSTREAM profile 2.

Grain consists of• 80 bit linear shift register• 80 bit nonlinear shift register• Nonlinear filter function

Page 7: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:

7

One example of analysis

Well-known attacks on stream ciphers: algebraic attacks.Find and solve equations of low degree.

Inspired by algebraic attacks, we developed a new tool to assess the security of stream ciphers.

►Confirmed security of one eSTREAM submission.

Apply the new tool also to other stream ciphers. Recently, we could attack the "Alternating Step Generator"…

Page 8: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:

8

Attack on the Alternating Step Generator

The stream cipher ASG is very simple and elegant.It was developed 20 years ago in Switzerland.It consits of three linear shift registers, which are irregularly clocked.

Our attack improves the previous attacks by a factor of more than 7000!

Page 9: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:

9

Conclusions

►Security is necessary in mobile environments.

►Stream ciphers can be suitable for this need.

►The security of stream ciphers must be evaluated carefully.

►We participate in the analysis and design of modern stream ciphers.

Thank you for your attention!


Lecture 4 Page 1 CS 236 Stream and Block Ciphers Stream ciphers convert one symbol of plaintext immediately into one symbol of ciphertext Block ciphers

Lecture 4 Page 1 CS 236 Stream and Block Ciphers Stream ciphers convert one symbol of plaintext immediately into one symbol of ciphertext Block ciphers

Documents
Analysis of Lightweight Stream Ciphers

Analysis of Lightweight Stream Ciphers

Documents
Cryptanalysis of stream ciphers with linear masking · Cryptanalysis of stream ciphers with linear masking ... This framework can be applied to many ciphers, and for those ciphers

Cryptanalysis of stream ciphers with linear masking · Cryptanalysis of stream ciphers with linear masking ... This framework can be applied to many ciphers, and for those ciphers

Documents
Block Ciphers and Stream Ciphers - University of Haifaorrd/IntroToCrypto/Lecture3-BlockCiphers.pdf · Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided

Block Ciphers and Stream Ciphers - University of Haifaorrd/IntroToCrypto/Lecture3-BlockCiphers.pdf · Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided

Documents
Stream Ciphers and Block Ciphers A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. Examples of classical stream

Stream Ciphers and Block Ciphers A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. Examples of classical stream

Documents
Building Stream Ciphers from Block Ciphers and their Security

Building Stream Ciphers from Block Ciphers and their Security

Documents
LFSR-based Stream Ciphers - Inria · PDF fileChapter 3 LFSR-based Stream Ciphers Inordertominimizethesizeoftheinternalstate,streamciphersdedicatedtolow-costhard-ware implementations

LFSR-based Stream Ciphers - Inria · PDF fileChapter 3 LFSR-based Stream Ciphers Inordertominimizethesizeoftheinternalstate,streamciphersdedicatedtolow-costhard-ware implementations

Documents
Stream Ciphers for Constrained Environments

Stream Ciphers for Constrained Environments

Documents
Stream Ciphers: WG and LEX

Stream Ciphers: WG and LEX

Documents
Stream Ciphers: Dead or Alive? Stream Ciphers Seem to be Inherently Weaker Than Block Ciphers Guess and set attacks on stream ciphers can recover either the key or any state Generic

Stream Ciphers: Dead or Alive? Stream Ciphers Seem to be Inherently Weaker Than Block Ciphers Guess and set attacks on stream ciphers can recover either the key or any state Generic

Documents
Block Ciphers and Stream Ciphers: The State of the Art

Block Ciphers and Stream Ciphers: The State of the Art

Documents
Stream ciphers...Stream ciphers Stream Ciphers are Psuedorandom Generators made practical! They are better than PRG’s! Are Stream Ciphers ciphers? Depends on who you ask. Some people

Stream ciphers...Stream ciphers Stream Ciphers are Psuedorandom Generators made practical! They are better than PRG’s! Are Stream Ciphers ciphers? Depends on who you ask. Some people

Documents
Chapter 2 Stream Ciphers

Chapter 2 Stream Ciphers

Documents
Stream Ciphers- Laborator RSA

Stream Ciphers- Laborator RSA

Documents
Differential Power Analysis of Stream Ciphers

Differential Power Analysis of Stream Ciphers

Documents
Stream and Block Ciphers

Stream and Block Ciphers

Documents
Building Stream Ciphers from Block Ciphers and their … · Building Stream Ciphers from Block Ciphers and their Security Hans Christoph Hudde February 18, 2009 Seminararbeit Ruhr-Universit¨at

Building Stream Ciphers from Block Ciphers and their … · Building Stream Ciphers from Block Ciphers and their Security Hans Christoph Hudde February 18, 2009 Seminararbeit Ruhr-Universit¨at

Documents
An Introduction to Stream Ciphers

An Introduction to Stream Ciphers

Documents
Dan Boneh Stream ciphers Attacks on OTP and stream ciphers Online Cryptography Course Dan Boneh

Dan Boneh Stream ciphers Attacks on OTP and stream ciphers Online Cryptography Course Dan Boneh

Documents
Applied cryptanalysis - stream ciphers

Applied cryptanalysis - stream ciphers

Software
Brief Overview of Cryptography. 2 Outline cryptographic primitives – symmetric key ciphers block ciphers stream ciphers – asymmetric key ciphers – cryptographic

Brief Overview of Cryptography. 2 Outline cryptographic primitives – symmetric key ciphers block ciphers stream ciphers – asymmetric key ciphers – cryptographic

Documents
Stream ciphers

Stream ciphers

Technology
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz

«Applied cryptanalysis stream ciphers» by Vladimir Garbuz

Engineering
A Short Introduction to Stream Ciphers

A Short Introduction to Stream Ciphers

Documents
Symmetric Ciphers: Stream Ciphers - L-Università ta' Maltastaff.um.edu.mt/mvel3/files/crypto/2_StreamCiphers.pdf · 2016-09-07 · CPS2323 29/33 Hardware Stream Ciphers (ix) Trivium

Symmetric Ciphers: Stream Ciphers - L-Università ta' Maltastaff.um.edu.mt/mvel3/files/crypto/2_StreamCiphers.pdf · 2016-09-07 · CPS2323 29/33 Hardware Stream Ciphers (ix) Trivium

Documents
5 stream ciphers

5 stream ciphers

Documents
Stream cipher - Inria...Stream ciphers are classified into two types: synchronous stream ciphers and asynchronous stream ciphers. The most famous stream cipher is the Vernam cipher,

Stream cipher - Inria...Stream ciphers are classified into two types: synchronous stream ciphers and asynchronous stream ciphers. The most famous stream cipher is the Vernam cipher,

Documents
CS526Topic 3: Ciphers and Cipher Security 1 Information Security CS 526 Topic 3 Ciphers and Cipher Security: Stream Ciphers, Block Ciphers, Perfect Secrecy,

CS526Topic 3: Ciphers and Cipher Security 1 Information Security CS 526 Topic 3 Ciphers and Cipher Security: Stream Ciphers, Block Ciphers, Perfect Secrecy,

Documents
Block Ciphers and Cryptanalysis · Introduction Symmetric Key Cryptography Cryptanalysis Stream Ciphers Symmetric Ciphers can be classi ed as 1 Stream Ciphers 2 Block Ciphers Stream

Block Ciphers and Cryptanalysis · Introduction Symmetric Key Cryptography Cryptanalysis Stream Ciphers Symmetric Ciphers can be classi ed as 1 Stream Ciphers 2 Block Ciphers Stream

Documents
Cryptanalysis on Clock Controlled Stream Ciphers

Cryptanalysis on Clock Controlled Stream Ciphers

Documents