Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
FNR: Arbitrary length small domain 
block cipher proposal 
Sashank Dara , Scott Fluhrer 
Cisco Systems Inc 
Bangalore
Motivation 
¤ AES works on fixed length inputs (128 bits), needs 
padding for other lengths. 
¤ Variable length block ci...
Design Goals 
¤ Variable Input lengths 
¤ To be Practical and Secure 
¤ Common Key Length for arbitrary input domains 
...
Prior Art 
¤ Michael Luby and Charles Rackoff. How to construct pseudorandom 
permutations from pseudorandom functions. S...
Feistel Networks 
Pseudo 
Random 
Function 
Example: 
DES is Feistel based 
AES is not Feistel 
based, it is SPN 
Fourth I...
Pair wise Independent Permutations 
A family of functions F is a pairwise independent permutation if: 
1. Each member of t...
Naor and Reingold’s (NR) Scheme 
Pwip is defined over an 
Affine function 
y = aX +b where a,b in GF(2^n) 
Difficult to de...
Flexible Naor and Reingold’s (FNR) 
Pair wise Independence Based on (Invertible) Matrices 
Fourth International Conference...
FNR’s Details 
¤ Tweakable Variable Length Block Cipher (Precisely) 
¤ Matrix Operations to be performed in GF(2) 
¤ Nu...
FNR’s Security Measure 
¤ The probability that an attacker can distinguish a cipher 
text from random text. 
¤ Due to Na...
Format Preserving encryption (FPE) 
Samples 
Ranking Approach 
Fourth International Conference on Security, Privacy, and A...
FPE examples with FNR 
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2...
Performance of FNR 
IP Addresses Credit Card Numbers 
Fourth International Conference on Security, Privacy, and Applied Cr...
Conclusions and Future work 
¤ Proposed a variable length block cipher 
¤ Practical and based on secure building blocks ...
Resources 
¤ Specification 
¤ https://eprint.iacr.org/2014/421 
¤ Motivation and Applications 
¤ http://cisco.github.i...
Upcoming SlideShare
Loading in …5
×

FNR : Arbitrary length small domain block cipher proposal

854 views

Published on

We propose a practical flexible (or arbitrary) length small domain block cipher, FNR encryption scheme. FNR denotes Flexible Naor and Reingold. It can cipher small domain data formats like IPv4, Port numbers, MAC Addresses, Credit card numbers, any random short strings while preserving their input length. In addition to the classic Feistel networks, Naor and Reingold propose usage of Pair-wise independent permutation (PwIP) functions based on Galois Field GF(2 n). Instead we propose usage of random N ×N Invertible matrices in GF(2)

Published in: Technology
  • Be the first to comment

  • Be the first to like this

FNR : Arbitrary length small domain block cipher proposal

  1. 1. FNR: Arbitrary length small domain block cipher proposal Sashank Dara , Scott Fluhrer Cisco Systems Inc Bangalore
  2. 2. Motivation ¤ AES works on fixed length inputs (128 bits), needs padding for other lengths. ¤ Variable length block ciphers ¤ Well Defined lengths( Network Packets, Database columns) ¤ Storage Gains (Cloud storage would blow up with AES-128 for smaller data types say 32 bits) ¤ Aides in preserving Formats of the inputs ( IPv4 Addresses, Credit Card Numbers, MAC Addresses, Time Stamps) Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
  3. 3. Design Goals ¤ Variable Input lengths ¤ To be Practical and Secure ¤ Common Key Length for arbitrary input domains ¤ Secure Building Blocks (Feistel Networks, SPN’s) ¤ Leverage Hardware Support (Say INTEL’s AES-NI) ¤ Don’t re-invent the wheel Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
  4. 4. Prior Art ¤ Michael Luby and Charles Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal on Computing, 17(2): 373{386, 1988. ¤ Mihir Bellare and Phillip Rogaway. On the construction of variable-input-length ciphers. In Fast Software Encryption, pages 231{244. Springer, 1999. ¤ Moni Naor and Omer Reingold. On the construction of pseudorandom permutations: Lubyrackoff revisited. Journal of Cryptology, 12(1):29{66, 1999. ¤ John Black and Phillip Rogaway. Ciphers with arbitrary finite domains. In Topics in CryptologyCT- RSA 2002, pages 114{130. Springer, 2002 ¤ Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers. Format-preserving encryption. In Selected Areas in Cryptography, pages 295{312. Springer, 2009. Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
  5. 5. Feistel Networks Pseudo Random Function Example: DES is Feistel based AES is not Feistel based, it is SPN Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
  6. 6. Pair wise Independent Permutations A family of functions F is a pairwise independent permutation if: 1. Each member of the family is itself a permutation, and 2. For any fixed A, B (with A≠B, and both from the input set of the permutation), and f is a random member from the family F, then the pair f(A),f(B) is equi-distributed over all distinct pairs from the output range of the function. Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
  7. 7. Naor and Reingold’s (NR) Scheme Pwip is defined over an Affine function y = aX +b where a,b in GF(2^n) Difficult to define GF(2^n) for variable lengths in practice Results in Complex Implementations Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
  8. 8. Flexible Naor and Reingold’s (FNR) Pair wise Independence Based on (Invertible) Matrices Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
  9. 9. FNR’s Details ¤ Tweakable Variable Length Block Cipher (Precisely) ¤ Matrix Operations to be performed in GF(2) ¤ Number of Round functions is 7 (Pararin’s proof) ¤ Internal PRF is AES in ECB mode (Leverage AES-NI) ¤ To ensure input to PRF is unique we use a round constant along with tweak string
  10. 10. FNR’s Security Measure ¤ The probability that an attacker can distinguish a cipher text from random text. ¤ Due to Naor and Reingold’s proof, using PWIP functions would result in a security measure as defined below ¤ Classic Feistel networks without PWIP would have as below ¤ Where r is round count, n is number of input bits, m is Number of pairs of plain text, cipher text needed by attacker to
  11. 11. Format Preserving encryption (FPE) Samples Ranking Approach Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
  12. 12. FPE examples with FNR Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
  13. 13. Performance of FNR IP Addresses Credit Card Numbers Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
  14. 14. Conclusions and Future work ¤ Proposed a variable length block cipher ¤ Practical and based on secure building blocks ¤ Source code is released under LGPL-v2 ¤ Future Work ¤ Exhaustive Cryptanalysis (theoretical and practical) ¤ Support more applications and formats like MAC Addresses, Time Stamps
  15. 15. Resources ¤ Specification ¤ https://eprint.iacr.org/2014/421 ¤ Motivation and Applications ¤ http://cisco.github.io/libfnr/ ¤ Source code ¤ https://github.com/cisco/libfnr ¤ https://github.com/cisco/jfnr (Java bindings) ¤ Reach out to for questions ¤ libfnr-dev@external.cisco.com Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)

×