1 / 23

Chapter VI

Chapter VI. Stream Ciphers. Block cipher Split PT into successive blocks Equal sized bit streams Encrypt / decrypt Stream cipher PT –continuous bit stream Encrypt / decrypt Provided speed & better perfo . 1 / 2 decades ago Cs of today offer adequate power & speed

tommy
Download Presentation

Chapter VI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter VI Stream Ciphers

  2. Block cipher • Split PT into successive blocks • Equal sized bit streams • Encrypt / decrypt Stream cipher • PT –continuous bit stream • Encrypt / decrypt • Provided speed & better perfo. 1 / 2 decades ago • Cs of today offer adequate power & speed • BC meets requirements & preferred today • SC limited to applications with space & cost consraint – limited security • Cell phones / some military applications

  3. A stream cipher scheme

  4. Key stream generator  generates a succession of key stream bits • kiith bit • xi ith bit of incoming data stream • XOR’edwith ki in successive clock periods • XORedoutput yi crypto text bit in ith CP Receiver • Key stream generator  generates key stream sequence - ki • XORedwith crypto text stream yi • XORedbit stream is xiretrieved plain text stream.

  5. Decoder should know when to XOR & extract info. bit • Clocks to be in sync. • Else clock at receiver to predict instant of bit extraction – thru’ XOR Rx clock to be faster than Tx clock • PHY takes care of all these • Design / arch. of key stream generator  decides security

  6. One time pad [OTP] ideal for SC • Make OTP available in advance at either end • Select key bits in succession  encrypt / decrypt • Tx & Rx to be in sync. • Miss one bit  system goes topsy-turvy • OTP  not practical  who will bell the cat?

  7. self synchronizing stream • zi present state of a finite state machine • IV  initial vector input • zi present state • yi encrypted output • two inputs to FSM  zi& yi • zi+1 next state  function of IV, zi , & yi •  f(zi, IV, yi) • zi+1  next key bit for encryption • FSM  continuously clocked to provide succession of key bits for encryption • xi next PT bit to be encrypted • XOR zi & xi to form encrypted output bit yi

  8. FSM repeated at decryption end • Input yi • XORed output  xi decrypted output • Need for synchronized functioning avoided • Synchronizing decryption operation to encryption operation  provision in transmission protocol • Security depends on IV and functional form used for f(zi, IV, yi) • general structure of a cipher scheme 

  9. Self synchronizing stream cipher scheme

  10. LFSR based SC • Use Linear Feedback Shift Register (LFSR) to generate next state  simplest realization of SC • LFSR structure •  a 5-stage shift register • XOR outputs of selected stages & form input to first stage • Proper choice of feedback taps  generates longest possible sequence. • Generated sequence with an initial vector – 10 0 0 0 – loaded : • 10 0 0 0 1 0 0 1 0 1 1 0 0 1 1 1 1 1 0 0 0 1 1 0 1 1 1 0 1 0 * 1 0 0 0 0 1 . . . • ‘*”  signifies length of the sequence - 31 bits (25-1) ‘period’

  11. A five stage LFSR with feedback connections to generate the maximum length sequence; the initial vector loaded is 10000

  12. Sequence satisfies a number of criteria that random sequences satisfy •  Shows pseudorandom properties • In general select feedback taps  LFSR feedback equation corresponds to irreducible polynomial with coefficients in GF(2) • maximum length sequence generated • l-stage LFSR can generate a sequence of length (2l-1) bits

  13. Taps to generate maximum length sequences for LFSRs of different levngths • Bit sequences from LFSR → ‘nearly random’ • ‘Pseudo Random Binary Sequences (PRBS)’ • A PRBS appears well suited to be key stream • But sequence from a linear structure highly predictable • l-stage LFSR  a sequence of 2l-bits length enough to identify feedback scheme • Use Berlekamp-Massey algorithm & solve LFSR structure • → scheme vulnerable to attacks.

  14. Non-LFSR based sequence generators • Basic requirement in SC → generate a random key stream • random → scheme of key generation cannot be predicted easily • Specifically knowing scheme, IV should not be predictable in polynomial time • Adapt LFSR → generate key stream conforming to requirements • Various criteria to be satisfied by sequences identified • Linear complexity & correlation immunity  key ones

  15. Linear complexity • Length of sequence from LFSR of length l 2l-1 bits • Period of s[n] –– sequence formed from this  2l-1 • l ‘linear complexity’ of s[n] • With a sequence of length 2l, Berlekamp-Massey algorithm identifies underlying l-stage LFSR • A sequence of length 2l is ‘close enough’ to a corresponding linear sequence of length 2l •  Continuation beyond may also be close enough to linear one • → Weakness of sequence • Linear complexity is limited to order of l • Different criteria to identify linear complexity & select FSR to make linear complexity as large as possible have been identified

  16. Correlation Immunity • Consider s[n] generated from LFSR of length l • s[n] & s[n-k] are closely related for k = 2l-1 but not for other values of k • Any sequence generated from a linear sequence exhibits similar correlation properties •  Need to ensure correlation immunity of sequences • → Schemes to generate sequences should not exhibit any marked changes in correlation with changes in k values • Else →sequence length value exposed • Different criteria to ensure correlation immunity have been developed

  17. Feedback Shift Register Schemes • Different architectures available to generate key streams • All have LFSRs at the core • Outputs modified to get sequences with desirable characteristics • Non-linear combination generator → Figure ↓ • n sequence generators with lengths l1, l2, . . ln-1, & ln • All clocked at same rate • Choose LFSR lengths l1, l2, l3, . . & ln • Ensures overall output sequence length [zi ] is • lcm • Proper choice of f linear complexity can be made sufficiently large.

  18. Non-linear combination generator

  19. Non-linear Filter Generator → function of selected taps of LFSR stages • LFSR outputs filtered through f to generate output • Non-linear combination generator → take all LFSRs of equal length l1 & choose IV  Non-linear Filter Generator

  20. Multiplexor Generator →uses two LFSRs • Combine Selected taps of LFSR1 to form a binary address • Use address & select one tap of LFSR2 → output zi • Each clock pulse → a new address from LFSR1 • → a different bit from LFSR2 selected & output • LFRS1 → long enough to provide enough address bits to LFSR2 • l1 & l2→ lengths of LFSR1 & LFSR2 • → output sequence length up to • Linear complexity is not so easy to be estimated

  21. Multiplexor generator

  22. Generators using irregularly clocked LFSRs • Clock an LFSR irregularly → a random key sequence • Simplest scheme →use two LFSRs as in Figure • Clock LFSR1 regularly → output decides clocking of LFSR2 • LFSR2 output → key stream • Example: • Output of LFSR1 is 0 → LFSR2 is clocked once • Output of LFSR1 is 1 → LFSR2 is clocked twice • If both LFSRs have lstages • Sequence length can go up to (2l-1)2 • Linear complexity output ofl(2l - 1) • Scheme susceptible to correlation attacks

  23. Generator using an irregularly clocked LFSR

More Related