1 / 65

Session 1

Session 1. Stream ciphers 1 . Introduction. If the level of security is not the highest one, instead of the Vernam cipher, a stream cipher can be used. Stream cipher A deterministic algorithm produces a pseudo-noise sequence (PN-sequence) Satisfies the 3 Golomb’s postulates.

carnig
Download Presentation

Session 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Session 1 Stream ciphers 1

  2. Introduction • If the level of security is not the highest one, instead of the Vernam cipher, a stream cipher can be used. • Stream cipher • A deterministic algorithm produces a pseudo-noise sequence (PN-sequence) • Satisfies the 3 Golomb’s postulates. • The key is short – much shorter than the plaintext - practical.

  3. Key xi zi zi yi TRANSMITTER RECEIVER xi xi zi = yi yi zi = xi Introduction Key Deterministic algorithm Deterministic algorithm COMM. CHANNEL xi

  4. Linear feedback shift registers • LFSR theory is developed enough to enable thorough analysis of the properties of the output sequence of a PN sequence generator containing LFSRs. • Because of that, the vast majority of PN generators are designed by combining LFSRs and non-linear Boolean functions.

  5. Linear feedback shift registers • A linear feedback shift register (LFSR): • n single-symbol memory cells (stages) • A linear feedback function – to express each new symbol of the output sequence as a linear function of the n previous symbols • The contents of the flip-flops is shifted one position at every clock pulse

  6. Linear feedback shift registers g – linear!

  7. Linear feedback shift registers • The state of the register – the contents of the stages between two clock pulses • The initial state – the contents of the stages at the moment of the beginning of the process

  8. Linear feedback shift registers • The state diagram of a LFSR is never singular, because the linear feedback function satisfies the non-singularity condition:

  9. Linear feedback shift registers • The maximum possible period of the output sequence is 2n-1. • The all-zero initial state is not used, because in that case only all-zero sequence would be produced. • The key – the initial contents of the LFSR.

  10. Linear feedback shift registers • The feedback function g of a LFSR is a linear recurrence – linear recurring sequences of order n

  11. Linear feedback shift registers • It is possible to associate the characteristic (feedback) polynomial to every linear recurrence • Analysis of the properties of the output sequence is made easier in such a way.

  12. Linear feedback shift registers Initial state Feedback polynomial Linear recurrence Example: An LFSR of length 4. Generated sequence: 1 1 1 0 1 0 1 ……

  13. Linear feedback shift registers • The characteristics of the output sequence of the LFSR depend on the characteristics of the feedback polynomial • The feedback polynomial can be: • reducible • irreducible • primitive

  14. 0000 0001 1000 0100 1010 0101 0010 0011 1001 1100 1110 1111 0111 0110 1011 1101 Linear feedback shift registers Example 1: Reducible feedback polynomial

  15. Linear feedback shift registers • LFSRs with reducible feedback polynomial: • The length of the output sequence depends on the initial state • Not adequate for use in cryptography

  16. 0000 0001 1000 1100 0110 0011 0010 1001 0100 1010 0101 1111 0111 1011 1101 1110 Linear feedback shift registers Example 2: Irreducible feedback polynomial

  17. Linear feedback shift registers • LFSRs with irreducible feedback polynomial: • The length of the output sequence does not depend on the initial state (except the all-zero state) • The period T is a factor of , L is the length of the LFSR • Not adequate for use in cryptography

  18. 0000 Linear feedback shift registers 1000 1100 1110 1111 0111 1011 0101 1010 1101 0110 0011 1001 0100 0010 0001 Example 3: Primitive feedback polynomial PN-sequence (m-sequence) The maximum possible period for this type of generator 111010110010001 …..

  19. Linear feedback shift registers • LFSRs with primitive feedback polynomial: • The length of the sequence does not depend on the initial state (except the all-zero state) • The period is • Adequate for use in cryptography, because the output sequence satisfies all the Golomb’s postulates

  20. Linear feedback shift registers • Thus, to use LFSRs in pseudorandom sequence generators we need primitive polynomials. • How do we get them? • We need some basic concepts of abstract algebra – groups, rings, Galois fields.

  21. Groups • A group is an algebraic structure consisting of a non-empty set G and a binary operation such that the following axioms of the group are satisfied: • Closure • Associativity • Existence of the identity (neutral) element • Existence of the inverse element for each element of G.

  22. Groups • Closure • Associativity • Existence of the neutral element • Existence of the inverse elements

  23. Groups • Multiplicative group - the operation * is the multiplication, i.e. “” • The identity element is 1 • The inverse element is x -1 • Additive group - the operation * is the sum, i.e. “+” • The identity element is 0 • The inverse element is –x

  24. Groups • Examples of additive groups: • Z, Q, R, C • , where the operation is the sum modulo n. • Examples of multiplicative groups: • , • , where the operation is the multiplication modulo n

  25. Groups • If in the group G the operation * fulfils the commutative property, i.e. then G is a commutative or Abelian group • If G is a finite group, the number of elements in G is called order of G and is represented by #G.

  26. Groups • An element gG is a generator of G if every element of G can be written as a power of g. G is then a cyclic group • The cyclic group:

  27. Groups • Example: show that 5 is a generator of Z12

  28. Groups • A nonempty subset H of G is called subgroup of G if it is closed for the operation * and the inversion, i.e. • The Lagrange theorem: • If G is a finite group and H is its subgroup, then #H divides #G,i.e.

  29. Groups • Examples: • A group of order 8 can have subgroups of order 2 and 4, but not of order 3 or 6. • A finite group, whose order is a prime number cannot have its own subgroups.

  30. Groups • The order of an elementgG of a finite group is the least positive integer k such that g k=e. • If k is the order of gG, then {e, g, g 2,…, g k -1} is a subgroup of G. • Corollary of the Lagrange theorem: • In a finite group, the order of each element divides the order of the group.

  31. Groups • Example: a subgroup of Z8:

  32. Rings • A ring is an algebraic structure consisting of a non-empty set G and 2 binary operations called summation, i.e. “+” and multiplication, i.e. “” such that the following holds: • (G,+) is an abelian group • The structure (G,) : closure, associativity and the existence of the neutral element • Multiplication distributes over addition, i.e.

  33. Fields • A field is an algebraic structure consisting of a non-empty set G and 2 binary operations called summation, i.e. “+” and multiplication, i.e. “” such that the following holds: • (G,+) is an abelian group – the additive group of the field • (G \{0},) is an abelian group – the multiplicative group of the field • Multiplication distributes over addition.

  34. Fields • Every field is a ring but the converse is not true • The difference is • The structure (G \{0},) of the field is a commutative group and in a general ring this is not required.

  35. Fields • Examples: • Field of rational numbers Q. • If p is a prime number, then Zp is a field • Zp is an additive commutative group. • (Zp) is a multiplicative commutative group.

  36. Finite fields • A finite field is a field with a finite number of elements, i.e. the set G is finite. • Theorem (1) • (i) The number of elements of a finite field F must be equal to the power of a prime number, i.e. #F =p m. • p is the characteristic of the field. • The field is represented by GF(p m ) (Galois Field).

  37. Finite fields • Theorem (2) • (ii) There is only one finite field of p m elements. If we fix an irreducible polynomial f (x ) of degree m with coefficients in Zp, the elements of GF(p m ) are represented as polynomials with coefficients in Zp of degree <m and the product of elements of GF(p m ) is realized as the product of polynomials modulo f (x ).

  38. Finite fields • The finite field GF(p m ) is called the extension field of the field GF(p ). • Theorem: • The multiplicative group of GF(p m ) is cyclic, i.e. there is at least 1 generator  of all its elements. • This generator  is called primitive element of the field GF(p m )

  39. Finite fields • Example (1): p =2, m =3, f (x )=x 3 +x +1, irreducible • The elements of the field (1): 000 0001, or 1 in the polynomial notation • The subsequent elements are obtained by multiplying the immediate predecessors by x and reducing modulo f (x ), i.e. 1 010, or x 2 100, or x 2

  40. Finite fields • Example (2): • The elements of the field (2): • 3 , or 011 4 110 • 5, or 111 • 6 , or 101

  41. Testing irreducibility • The fundamental theorem of arithmetic: • Every positive integer can be represented in a unique way as a product of prime factors. • Analogue in a GF: • Every polynomial in a GF can be represented in a unique way as a product of irreducible factors. • An irreducible polynomial has no irreducible factors except 1 and itself.

  42. Testing irreducibility • Theorem • If a polynomial f (x ) of degree n in GF(q ) does not have common factors with then it is irreducible. • To determine whether a given polynomial has common factors with some other polynomial we can use Euclidean algorithm

  43. Testing irreducibility • Example – polynomials in GF(2) • Find (x 5+x 4+x 2+x, x 4+x 3+x 2+x ) (x 5+x 4+x 2+x )=x (x 4+x 3+x 2+x )+(x 3+x ) (x 4+x 3+x 2+x )=(x +1)(x 3+x )+0 (x 5+x 4+x 2+x, x 4+x 3+x 2+x )=(x 3+x )

  44. Testing irreducibility • Example – Determine if the polynomial in GF(2) is irreducible. Irreducible

  45. Testing irreducibility • Example - Determine if the polynomial in GF(2) is irreducible. Not irreducible

  46. Primitive polynomials • The order of a polynomial P (x ), P (0)0 is the smallest integer e for which P (x ) divides x e -1. • In a finite field GF(q), if the order of an irreducible polynomial P (x ) is qn-1, this polynomial is called primitive polynomial.

  47. Primitive polynomials • Thus, to test whether a polynomial P (x ), deg P (x )=n in GF(q ) is primitive • Test whether P (x ) is irreducible • If P (x ) is irreducible, check whether it divides the polynomials x k -1, n  k < qn-1 • If P (x ) does NOT divide any of the polynomials above, then it is primitive. • Obviously, this procedure is not efficient.

  48. Primitive polynomials • Example: • The polynomial of degree 4 in GF(2) is irreducible and does not divide any of the polynomials . Because of that, it is primitive.

  49. Primitive polynomials • Theorem (Alanen, Knuth, 1964; Herlestam, 1982) • A polynomial f (x ) in GF(q ), q =p m , deg f (x )=n, is primitive if and only if it satisfies the following: • For all prime factors p ’ of ≢1 (mod f (x ))

  50. Primitive polynomials • For q =2, the polynomial f (x ) must have odd weight (i.e. odd number of terms) • Problem • Factorization of q n -1 is needed • If q n -1 is a prime, the condition 3 of the theorem is trivially satisfied. • For q =2, primes of the form 2n -1 are called Mersenne primes.

More Related