- By
**tommy** - Follow User

- 111 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' Chapter VI' - tommy

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### Chapter VI

Stream Ciphers

- Split PT into successive blocks
- Equal sized bit streams
- Encrypt / decrypt
Stream cipher

- PT –continuous bit stream
- Encrypt / decrypt
- Provided speed & better perfo. 1 / 2 decades ago
- Cs of today offer adequate power & speed
- BC meets requirements & preferred today
- SC limited to applications with space & cost consraint – limited security
- Cell phones / some military applications

- Key stream generator generates a succession of key stream bits
- kiith bit
- xi ith bit of incoming data stream
- XOR’edwith ki in successive clock periods
- XORedoutput yi crypto text bit in ith CP
Receiver

- Key stream generator generates key stream sequence - ki
- XORedwith crypto text stream yi
- XORedbit stream is xiretrieved plain text stream.

- Decoder should know when to XOR & extract info. bit
- Clocks to be in sync.
- Else clock at receiver to predict instant of bit extraction – thru’ XOR Rx clock to be faster than Tx clock
- PHY takes care of all these
- Design / arch. of key stream generator decides security

- One time pad [OTP] ideal for SC
- Make OTP available in advance at either end
- Select key bits in succession encrypt / decrypt
- Tx & Rx to be in sync.
- Miss one bit system goes topsy-turvy
- OTP not practical who will bell the cat?

self synchronizing stream

- zi present state of a finite state machine
- IV initial vector input
- zi present state
- yi encrypted output
- two inputs to FSM zi& yi
- zi+1 next state function of IV, zi , & yi
- f(zi, IV, yi)
- zi+1 next key bit for encryption
- FSM continuously clocked to provide succession of key bits for encryption
- xi next PT bit to be encrypted
- XOR zi & xi to form encrypted output bit yi

- FSM repeated at decryption end
- Input yi
- XORed output xi decrypted output
- Need for synchronized functioning avoided
- Synchronizing decryption operation to encryption operation provision in transmission protocol
- Security depends on IV and functional form used for f(zi, IV, yi)
- general structure of a cipher scheme

LFSR based SC

- Use Linear Feedback Shift Register (LFSR) to generate next state simplest realization of SC
- LFSR structure
- a 5-stage shift register
- XOR outputs of selected stages & form input to first stage
- Proper choice of feedback taps generates longest possible sequence.
- Generated sequence with an initial vector – 10 0 0 0 – loaded :
- 10 0 0 0 1 0 0 1 0 1 1 0 0 1 1 1 1 1 0 0 0 1 1 0 1 1 1 0 1 0 * 1 0 0 0 0 1 . . .
- ‘*” signifies length of the sequence - 31 bits (25-1) ‘period’

A five stage LFSR with feedback connections to generate the maximum length sequence; the initial vector loaded is 10000

- Sequence satisfies a number of criteria that random sequences satisfy
- Shows pseudorandom properties
- In general select feedback taps LFSR feedback equation corresponds to irreducible polynomial with coefficients in GF(2)
- maximum length sequence generated
- l-stage LFSR can generate a sequence of length (2l-1) bits

Taps to generate maximum length sequences for LFSRs of different levngths

- Bit sequences from LFSR → ‘nearly random’
- ‘Pseudo Random Binary Sequences (PRBS)’
- A PRBS appears well suited to be key stream
- But sequence from a linear structure highly predictable
- l-stage LFSR a sequence of 2l-bits length enough to identify feedback scheme
- Use Berlekamp-Massey algorithm & solve LFSR structure
- → scheme vulnerable to attacks.

Non-LFSR based sequence generators different

- Basic requirement in SC → generate a random key stream
- random → scheme of key generation cannot be predicted easily
- Specifically knowing scheme, IV should not be predictable in polynomial time
- Adapt LFSR → generate key stream conforming to requirements
- Various criteria to be satisfied by sequences identified
- Linear complexity & correlation immunity key ones

Linear complexity different

- Length of sequence from LFSR of length l 2l-1 bits
- Period of s[n] –– sequence formed from this 2l-1
- l ‘linear complexity’ of s[n]
- With a sequence of length 2l, Berlekamp-Massey algorithm identifies underlying l-stage LFSR
- A sequence of length 2l is ‘close enough’ to a corresponding linear sequence of length 2l
- Continuation beyond may also be close enough to linear one
- → Weakness of sequence
- Linear complexity is limited to order of l
- Different criteria to identify linear complexity & select FSR to make linear complexity as large as possible have been identified

Correlation Immunity different

- Consider s[n] generated from LFSR of length l
- s[n] & s[n-k] are closely related for k = 2l-1 but not for other values of k
- Any sequence generated from a linear sequence exhibits similar correlation properties
- Need to ensure correlation immunity of sequences
- → Schemes to generate sequences should not exhibit any marked changes in correlation with changes in k values
- Else →sequence length value exposed
- Different criteria to ensure correlation immunity have been developed

Feedback Shift Register Schemes different

- Different architectures available to generate key streams
- All have LFSRs at the core
- Outputs modified to get sequences with desirable characteristics
- Non-linear combination generator → Figure ↓
- n sequence generators with lengths l1, l2, . . ln-1, & ln
- All clocked at same rate
- Choose LFSR lengths l1, l2, l3, . . & ln
- Ensures overall output sequence length [zi ] is
- lcm
- Proper choice of f linear complexity can be made sufficiently large.

Non-linear combination generator different

- Non-linear Filter Generator → different function of selected taps of LFSR stages
- LFSR outputs filtered through f to generate output
- Non-linear combination generator → take all LFSRs of equal length l1 & choose IV Non-linear Filter Generator

- Multiplexor Generator → different uses two LFSRs
- Combine Selected taps of LFSR1 to form a binary address
- Use address & select one tap of LFSR2 → output zi
- Each clock pulse → a new address from LFSR1
- → a different bit from LFSR2 selected & output
- LFRS1 → long enough to provide enough address bits to LFSR2
- l1 & l2→ lengths of LFSR1 & LFSR2
- → output sequence length up to
- Linear complexity is not so easy to be estimated

Multiplexor generator different

- Generators using irregularly clocked LFSRs different
- Clock an LFSR irregularly → a random key sequence
- Simplest scheme →use two LFSRs as in Figure
- Clock LFSR1 regularly → output decides clocking of LFSR2
- LFSR2 output → key stream
- Example:
- Output of LFSR1 is 0 → LFSR2 is clocked once
- Output of LFSR1 is 1 → LFSR2 is clocked twice
- If both LFSRs have lstages
- Sequence length can go up to (2l-1)2
- Linear complexity output ofl(2l - 1)
- Scheme susceptible to correlation attacks

Download Presentation

Connecting to Server..