Chapter vi
Download
1 / 23

Chapter VI - PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on

Chapter VI. Stream Ciphers. Block cipher Split PT into successive blocks Equal sized bit streams Encrypt / decrypt Stream cipher PT –continuous bit stream Encrypt / decrypt Provided speed & better perfo . 1 / 2 decades ago Cs of today offer adequate power & speed

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Chapter VI' - tommy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Chapter vi

Chapter VI

Stream Ciphers


Block cipher

  • Split PT into successive blocks

  • Equal sized bit streams

  • Encrypt / decrypt

    Stream cipher

  • PT –continuous bit stream

  • Encrypt / decrypt

  • Provided speed & better perfo. 1 / 2 decades ago

  • Cs of today offer adequate power & speed

  • BC meets requirements & preferred today

  • SC limited to applications with space & cost consraint – limited security

  • Cell phones / some military applications



  • Key stream generator  generates a succession of key stream bits

  • kiith bit

  • xi ith bit of incoming data stream

  • XOR’edwith ki in successive clock periods

  • XORedoutput yi crypto text bit in ith CP

    Receiver

  • Key stream generator  generates key stream sequence - ki

  • XORedwith crypto text stream yi

  • XORedbit stream is xiretrieved plain text stream.


  • Decoder should know when to XOR & extract info. bit

  • Clocks to be in sync.

  • Else clock at receiver to predict instant of bit extraction – thru’ XOR Rx clock to be faster than Tx clock

  • PHY takes care of all these

  • Design / arch. of key stream generator  decides security


  • One time pad [OTP] ideal for SC

  • Make OTP available in advance at either end

  • Select key bits in succession  encrypt / decrypt

  • Tx & Rx to be in sync.

  • Miss one bit  system goes topsy-turvy

  • OTP  not practical  who will bell the cat?


Self synchronizing stream
self synchronizing stream

  • zi present state of a finite state machine

  • IV  initial vector input

  • zi present state

  • yi encrypted output

  • two inputs to FSM  zi& yi

  • zi+1 next state  function of IV, zi , & yi

  •  f(zi, IV, yi)

  • zi+1  next key bit for encryption

  • FSM  continuously clocked to provide succession of key bits for encryption

  • xi next PT bit to be encrypted

  • XOR zi & xi to form encrypted output bit yi


  • FSM repeated at decryption end

  • Input yi

  • XORed output  xi decrypted output

  • Need for synchronized functioning avoided

  • Synchronizing decryption operation to encryption operation  provision in transmission protocol

  • Security depends on IV and functional form used for f(zi, IV, yi)

  • general structure of a cipher scheme 



Lfsr based sc
LFSR based SC

  • Use Linear Feedback Shift Register (LFSR) to generate next state  simplest realization of SC

  • LFSR structure

  •  a 5-stage shift register

  • XOR outputs of selected stages & form input to first stage

  • Proper choice of feedback taps  generates longest possible sequence.

  • Generated sequence with an initial vector – 10 0 0 0 – loaded :

  • 10 0 0 0 1 0 0 1 0 1 1 0 0 1 1 1 1 1 0 0 0 1 1 0 1 1 1 0 1 0 * 1 0 0 0 0 1 . . .

  • ‘*”  signifies length of the sequence - 31 bits (25-1) ‘period’


A five stage LFSR with feedback connections to generate the maximum length sequence; the initial vector loaded is 10000


  • Sequence satisfies a number of criteria that random sequences satisfy

  •  Shows pseudorandom properties

  • In general select feedback taps  LFSR feedback equation corresponds to irreducible polynomial with coefficients in GF(2)

  • maximum length sequence generated

  • l-stage LFSR can generate a sequence of length (2l-1) bits


Taps to generate maximum length sequences for LFSRs of different levngths

  • Bit sequences from LFSR → ‘nearly random’

  • ‘Pseudo Random Binary Sequences (PRBS)’

  • A PRBS appears well suited to be key stream

  • But sequence from a linear structure highly predictable

  • l-stage LFSR  a sequence of 2l-bits length enough to identify feedback scheme

  • Use Berlekamp-Massey algorithm & solve LFSR structure

  • → scheme vulnerable to attacks.


Non lfsr based sequence generators
Non-LFSR based sequence generators different

  • Basic requirement in SC → generate a random key stream

  • random → scheme of key generation cannot be predicted easily

  • Specifically knowing scheme, IV should not be predictable in polynomial time

  • Adapt LFSR → generate key stream conforming to requirements

  • Various criteria to be satisfied by sequences identified

  • Linear complexity & correlation immunity  key ones


Linear complexity
Linear complexity different

  • Length of sequence from LFSR of length l 2l-1 bits

  • Period of s[n] –– sequence formed from this  2l-1

  • l ‘linear complexity’ of s[n]

  • With a sequence of length 2l, Berlekamp-Massey algorithm identifies underlying l-stage LFSR

  • A sequence of length 2l is ‘close enough’ to a corresponding linear sequence of length 2l

  •  Continuation beyond may also be close enough to linear one

  • → Weakness of sequence

  • Linear complexity is limited to order of l

  • Different criteria to identify linear complexity & select FSR to make linear complexity as large as possible have been identified


Correlation immunity
Correlation Immunity different

  • Consider s[n] generated from LFSR of length l

  • s[n] & s[n-k] are closely related for k = 2l-1 but not for other values of k

  • Any sequence generated from a linear sequence exhibits similar correlation properties

  •  Need to ensure correlation immunity of sequences

  • → Schemes to generate sequences should not exhibit any marked changes in correlation with changes in k values

  • Else →sequence length value exposed

  • Different criteria to ensure correlation immunity have been developed


Feedback shift register schemes
Feedback Shift Register Schemes different

  • Different architectures available to generate key streams

  • All have LFSRs at the core

  • Outputs modified to get sequences with desirable characteristics

  • Non-linear combination generator → Figure ↓

  • n sequence generators with lengths l1, l2, . . ln-1, & ln

  • All clocked at same rate

  • Choose LFSR lengths l1, l2, l3, . . & ln

  • Ensures overall output sequence length [zi ] is

  • lcm

  • Proper choice of f linear complexity can be made sufficiently large.



  • Non-linear Filter Generator → different function of selected taps of LFSR stages

  • LFSR outputs filtered through f to generate output

  • Non-linear combination generator → take all LFSRs of equal length l1 & choose IV  Non-linear Filter Generator


  • Multiplexor Generator → different uses two LFSRs

  • Combine Selected taps of LFSR1 to form a binary address

  • Use address & select one tap of LFSR2 → output zi

  • Each clock pulse → a new address from LFSR1

  • → a different bit from LFSR2 selected & output

  • LFRS1 → long enough to provide enough address bits to LFSR2

  • l1 & l2→ lengths of LFSR1 & LFSR2

  • → output sequence length up to

  • Linear complexity is not so easy to be estimated



  • Generators using irregularly clocked LFSRs different

  • Clock an LFSR irregularly → a random key sequence

  • Simplest scheme →use two LFSRs as in Figure

  • Clock LFSR1 regularly → output decides clocking of LFSR2

  • LFSR2 output → key stream

  • Example:

  • Output of LFSR1 is 0 → LFSR2 is clocked once

  • Output of LFSR1 is 1 → LFSR2 is clocked twice

  • If both LFSRs have lstages

  • Sequence length can go up to (2l-1)2

  • Linear complexity output ofl(2l - 1)

  • Scheme susceptible to correlation attacks



ad