Session 2

Session 2 Symmetric ciphers 1

Receiver Stream cipher definition • Recall the Vernam cipher: Transmitter Key distribution centre

Stream cipher definition • Advantage of the Vernam cipher • Unconditionally secure • Disadvantage • Requires one key bit for every plaintext bit • Because of that, if the level of security is not the highest one (the red phone line, etc.), instead of the Vernam cipher, a stream cipher can be used

Key xi zi zi yi TRANSMITTER RECEIVER xi xi zi = yi yi zi = xi Stream cipher definition Key Deterministic algorithm Deterministic algorithm COMM. CHANNEL xi

Stream cipher definition • The key is short – much shorter than the length of the plaintext (on average) • The key determines the initial state of a deterministicalgorithm • Based on the initial state, the algorithm generates the running key sequence • The running key sequence bits are summed modulo 2 with the corresponding bits of the plaintext

Stream cipher definition • Similarities and differences between the Vernam cipher and a stream cipher

Stream cipher properties • do not satisfy the perfect secrecy conditions (therunning key is not random but pseudorandom) • possess practical secrecy; the level of security depends on the design • advantage: the secret key is short – it is the only piece of information that the transmitter and the receiver must share

The running key • What are general characteristics of these sequences? • What generators produce them?

The running key • Pseudorandom sequences: • long period • pseudorandomness properties • unpredictability • etc.

The running key • The running key sequences generated by pseudorandom sequence generators are ultimately periodic (i.e. they may have an aperiodic prefix) • The period must be at least as long as the length of the plaintext • In practice, this period is much longer

The running key • Example: T = 2100 - 1 ≈ 1.26  1030 bits • If we generate 120 Mbits/s: Vc = 1.2  108 bits/sec  3.33  1014 years • 22200 times the age of the universe (1.5  1010 years) to generate the whole period

The running key • Distribution of zeros and ones …… 0100110100111010110010010 …… • a run of length k are k consecutive equal digits between two different digits. • runs of zeros (gaps) • runs of ones (blocks)

The running key • Autocorrelation Autocorrelation in phase: Autocorrelation out of phase: A – Number of coincidences D – Number of no coincidences T – Period k – Shift

The running key • Golomb’s pseudorandomness postulates: • G1: In each period of the considered sequence, the difference between the number of 1s and the number of 0s must not overcome unity

The running key • Golomb’s postulates • G2: In each period of the considered sequence, half of the runs, of the total number of observed runs, has the length 1, one fourth has the length 2, one eight has the length 3 … etc. For each length, there will be the same number of blocks and gaps

The running key • Golomb’s postulates • G3: The autocorrelation AC(k) out of phase must be constant for each k

The running key • Explanation of the Golomb’s postulates: • G1: The 1s and 0s must appear along the sequence with the same probability • G2: different n-grams (samples of n consecutive digits) must occur with the correct probability

The running key • Explanation of the Golomb’s postulates • G3: Computation of the coincidences between a sequence and its shifted versions must not give any information about the period of the sequence

The running key • PN sequence (Pseudo-Noise): • A finite sequence that satisfies the 3 Golomb’s postulates • Its properties are equal to the properties of a random sequence with uniform distribution

The running key • Unpredictability • Given a part of a sequence of any length, a cryptanalyst cannot predict the next digit with a probability of success greater than 0.5 • A measure of unpredictability: Linear complexity

The running key • PN sequence generators • Generators based on linear congruencies • Generators based on feedback shift registers • Linear feedback shift registers (LFSRs) • Non-linear feedback shift registers • etc.

Linear congruencies • The recurrence of the type • The parameters a, b and m can be used as the secret key • X0 is the seed that initializes the process

Linear congruencies • If the parameters a, b and m are chosen in an appropriate way, the numbers Xi are not repeated until they cover completely the segment [0,m -1] • Example:

Linear congruencies • Security of the generator: bad • Given a sufficiently long portion of the sequence, it is possible to deduce the parameters m, a and b, i.e. the key

Feedback shift registers • A feedback shift register (FSR): • n flip-flops (stages) • A feedback function – to express each new element of the output sequence as a function of the n previous elements • The contents of the flip-flops is shifted one position at every clock pulse

Feedback shift registers

Feedback shift registers • The state of the register – the contents of the stages between two clock pulses • The initial state – the contents of the stages at the moment of the beginning of the process

Feedback shift registers • The state diagram of a FSR is cyclic if the feedback function is not singular, i.e. it has the form:

Feedback shift registers • The period of the produced sequence depends on the number of stages n and the characteristics of the function g • The maximum possible period is 2n • The key – the initial contents of the FSR • The feedback function can also be kept secret

Feedback shift registers • Example 1: n =3

Feedback shift registers • Example 1 • Algebraic normal form of the function g :

Feedback shift registers • Example 1 The DeBruijn graph - singular

Feedback shift registers • Example 2: n =3

Feedback shift registers • Example 2 • Algebraic normal form of the function g :

Feedback shift registers • Example 2 The DeBruijn graph – non singular

Feedback shift registers • Problems with non-linear FSR • A systematic method of their analysis and manipulation does not exist – the mathematical theory is not well developed • The sequences generated by non-linear FSR have period 2n – De Bruijn sequences; these sequences do not satisfy the Golomb’s G3postulate

Linear feedback shift registers • The most important devices for generation of pseudorandom sequences • Their feedback function is a linear recurrence – linear recurring sequences of order n

Linear feedback shift registers • To avoid the null sequence, the initial state must be different from the all-zero state • The largest number of different states is 2n-1

Linear feedback shift registers • It is possible to associate the characteristic (feedback) polynomial to every linear recurrence

Linear feedback shift registers Initial state Feedback polynomial Linear recurrence Example: A LFSR of length 4. Generated sequence: 1 1 1 0 1 0 1 ……

Linear feedback shift registers • The characteristics of the output sequence of the LFSR depend on the characteristics of the feedback polynomial • The feedback polynomial can be: • reducible • irreducible • primitive

0000 0001 1000 0100 1010 0101 0010 0011 1001 1100 1110 1111 0111 0110 1011 1101 Linear feedback shift registers Example 1: Reducible feedback polynomial

Linear feedback shift registers • LFSRs with reducible feedback polynomial: • The length of the output sequence depends on the initial state • Not adequate for use in cryptography

0000 0001 1000 1100 0110 0011 0010 1001 0100 1010 0101 1111 0111 1011 1101 1110 Linear feedback shift registers Example 2: Irreducible feedback polynomial

Linear feedback shift registers • LFSRs with irreducible feedback polynomial: • The length of the output sequence does not depend on the initial state (except the all-zero state) • The period T is a factor of , L is the length of the LFSR • Not adequate for use in cryptography

0000 Linear feedback shift registers 1000 1100 1110 1111 0111 1011 0101 1010 1101 0110 0011 1001 0100 0010 0001 Example 3: Primitive feedback polynomial PN-sequence (m-sequence) The maximum possible period for this type of generator 111010110010001 …..

Linear feedback shift registers • LFSRs with primitive feedback polynomial: • The length of the sequence does not depend on the initial state (except the all-zero state) • The period is • Adequate for use in cryptography, because the output sequence satisfies all the Golomb’s postulates

Linear feedback shift registers • Linear complexity • The length of the smallest LFSR capable of generating the given sequence • The Berlekamp-Massey algorithm (1969): • Input: the given binary sequence • Output: • and the initial state

Linear feedback shift registers • The Berlekamp-Massey algorithm • Input to one step: n digits of a sequence • Determines the characteristics of the minimum LFSR capable of generating them • If the digit n +1 of the sequence can be generated by the current LFSR, the length of the current LFSR is preserved • Otherwise, a longer LFSR is needed

Linear feedback shift registers • The Berlekamp-Massey algorithm • Computational complexity of the Berlekamp-Massey algorithm is quadratic in the length of the minimum LFSR capable of generating the intercepted sequence • Thus, if the linear complexity is very high, then the task of predicting the next bits of the sequence is too complex

Session 2

Session 2

Presentation Transcript

Session 2

Session 2 -

Session 2

Session 2

Session #2

Session-2

Session 2

Session 2

Session 2

SESSION 2

Session 2

Session 2

Session 2

Session 2

Session 2

Session 2

SESSION 2

Session 2

Session 2

Session 2