SlideShare a Scribd company logo

Basics of Cryptography - Stream ciphers and PRNG

julien pauli
julien pauli

Basics of Cryptography - Stream ciphers and PRNG

1 of 73
Basics of cryptography Shift registers and stream ciphers
Menu  Can't explain the whole cryptography here  Let's try to explain how it works  Simply  Let's see then some concrete examples  Among so many other fields of application...
Menu  Cryptography main rule  Vernam One Time Pad (OTP)  Computer applications  Problems  Solutions  Symetric computer-based cryptography  PRNG & LFSR  Designing a stream cipher using PHP and C  Applications :  DVD-Blu-Ray encryption (CSS / AACS)  Wifi (WEP : RC4)  GSM (A5/1)
About me  Julien PAULI - @julienpauli - github.com/jpauli  Working for Sensiolabs in Paris  Release manager of PHP 5.5 / 5.6  PHP internals contributor from time to time (bug fixes, internal API, performances)  Knowledges about CPU architectures, C lang, Linux and networking
Vernam OTP (One Time Password)  The only method of encryption that is mathematically absolutely 100% sure and uncrackable
Vernam OTP  The only method of encryption that is mathematically absolutely 100% sure and uncrackable Hello foo secretkey ????????? clear key encrypted +
Vernam OTP  You modulo-add clear text + a key, randomly chosen and of the same size (or more) than the clear text  The operation is fully bijective and can be undone , just like a classical math addition 3 + 8 = 11 11 - 8 = 3
Vernam OTP 3 + 8 = 11 11 ??? = ??? clear + key = encrypted  This cryptography method is the only one being 100% safe and not violable.  If you get the crypted content only, you'll never be able to get back the clear text, without having the key
Vernam OTP  Used in the image field this time : + =
Vernam conditions  Vernam OTP is 100% sure if and only if :  The key is random and cant be guessed  The key is kept secret  The key size is >= to the clear content size  The key is never reused (One Time Password : OTP)  The same key is used to encrypt and decrypt  This is called symetric encryption
Vernam conditions  If the key is reused : + = + = + = 1 1 2 2 keykey keykey
Vernam  Used during WW II  Enigma  Used in red phone  To link Moscow to Washington  Keys (physical) were carried using extra safe planes
In computer science  Machines make use of basis 2 (binary)  "modulo 2 addition" is called XOR (exclusive OR)  Noted or ^ A B A ^ B 0 0 0 0 1 1 1 0 1 1 1 0
XOR for cryptography  XOR satisfies Vernam OTP conditions  Having A a clear text  Having B a secret key  Crypted C = A ^ B  Clear A = C ^ B Symetric cryptography using key C
Vernam in computer sciences  Vernam based cryptography is inviolable if :  The key is kept secret  The key size is >= the clear size  The key is random  The key is never reused  Those 4 rules seem hard to achieve in modern computers world
1 - The key is kept secret
The key is secret  It is possible, while not best, to exchange the key securely  Hand to hand  "What's the wifi password please ?"  Usually, asymetric cryptography is used to create a secure channel to exchange the symetric crypto key
And then ?  Vernam based cryptography is inviolable if :  The key is kept secret  The key size is >= the clear size  The key is random  The key is not used more than once
2 - The key size is >= the clear size
Key size  To crypt 25Mb of data , one will need a 25Mb key  that's 26214400 characters  How to do to use a "reasonnably finite-size" key ?  Think about Wifi keys, often long sized, but not that long of thousands of thousands of chars
LFSR
LFSR  Linear Feedback Shift Register  Solution chosen to solve the problem "The key size must be >= the clear size to crypt"  How does that work ?
LFSR  Linear Feedback Shift Register  Computer and electronic structure  Easy to code in computer language  Easy to make into electronic chips  Very powerful, very fast
One byte : 8 digits (bits)  2^7 + 2^5 + 2^2 + 2^1 + 2^0 = 167 (decimal)  In computer science, 1 byte = 1 character (like 'f')  or one integer between 0 and 255 if you prefer  Let's take one byte from the secret key 1 01 10 1101 7 6 5 4 3 2 1 0
LFSR 1 01 10 1101  Shift register. At each clock tick ...  Shift digits one slot to the right  Reinject the right-out digit to the left  We got an infinite source of digits  This is a circular shift Extracted digit used to crypt one digit of the payload (using XOR)
LFSR 1 01 10 1101  Shift register  Shift to the right  Reinject on the left  We got an infinite number of digits but ...  We got a finite digit sequence (repeating itself) 1 10 11 1001 1 01 11 0011 1 11 01 0101 1- 2- 3- 4-
LFSR 1 01 10 1101  Shift register  We got an infinite digit sequence  But not random  The feedback function is 1 1 10 11 1001 1 01 11 0011 1 11 01 0101 . .. 1- 2- 3- 4- . . .
Where are we ?  Vernam based cryptography is inviolable if :  The key is secret  The key size is >= the clear size  The key is random  The key is never reused
LFSR 1 01 10 1101  The sequence is going to repeat itself  How to add it some randomness ? 1 10 11 1001 1 01 11 0011 1 11 01 0101 . .. 1- 2- 3- 4-
LFSR 1 01 10 1101  It's all about the feedback function  Let's complexify the feedback function
LFSR 1 01 10 1101 1 01 10 1101 1 10 11 1000 1 10 10 0001 1 11 01 0001 1- 2- 3- 4-
LFSR  That starts looking random right ? 1 01 10 1101 1 10 11 1000 1 10 10 0001 1 11 01 0001 167 83 145 240 bits Integer
LFSR vs Maths 1 01 10 1101  This can be mathematically modelized :  S = X^8 + X^7 + X^6 + X^5 + 1  This is a classic polynom , that can be solved
m-sequence LFSR 1 01 10 1101  As the output is injected back into the input, this LFSR will generate a finite number of states  The maximum sequence is 2^n - 1  "n" is the LFSR degree (number of digits)  This maximum sequence is called the "m-sequence"  In the above example, n is 8, the LFSR will have a maximum period of 255 states
m-sequence LFSR 1 01 10 1101  To get an m-sequence  The number of feedback digits must be odd  Their factors must be prime between them  S = X^8 + X^7 + X^6 + X^5 + 1  Works, this LFSR will have a m-sequence (255 states)  S = X^8 + 1  Doesn't work, this LFSR will repeat before 255 states
m-sequence LFSR 1 01 10 1101  If we extend LFSR to 32 digits, max period becomes 2^32 - 1  That's 4294967295 different states  Randomness slowly becomes more and more appearingly clear  With 32 digits (4 bytes or 4 secret key chars) we can encrypt 4294967295 digits, thus 512Mb.  Above that : the key repeats itself (and invalidates Vernam conditions)
LFSR example coded in PHP  https://github.com/jpauli/PHP-Crypto **Simple Galois LFSR, degree 7 (127 states m-sequence)** Used register bits for feedback : 7 6 Deducted Feedback function : 1100000 (0X60) Your initial state is : 00000000000000000000001110001100 (908) Let's now start the Linear Feedback Shift Register [Iteration] [-------Internal Register -------] [PRandom bit] | | | v v v 0 - 00000000000000000000001110001100 [ 0 ] 1 - 00000000000000000000000111000110 [ 0 ] 2 - 00000000000000000000000011100011 [ 1 ] 3 - 00000000000000000000000000010001 [ 1 ] 4 - 00000000000000000000000001101000 [ 0 ]
LFSR example coded in PHP for ($i = 0; $i < count(self::POLYNOMIAL_PRIME_COEFF[$this->degree]); $i++) $this->taps[ ] = self::POLYNOMIAL_PRIME_COEFF[$this->degree][$i]; $this->ff |= (1 << self::POLYNOMIAL_PRIME_COEFF[$this->degree][$i]); } /* LFSR always has first and last bit set */ $this->ff |= 1 << ($this->degree); $this->ff |=1; do { $this->iterations++; $this->currentState >>= 1; /* Shift register */ yield $this->iterations => $this->currentState; if ($this->currentState & 1) { $this->currentState ^= $this->ff; /* re-enter */ } } while ($this->currentState != $this->start);
Encryption with a LFSR ?  Pretty easy  Initialize LFSR with the secret key  Encrypt each clear digit with one digit generated from the LFSR using XOR operation  This is called a stream cipher  (bloc ciphers also exist)
Stream Cipher demo  https://github.com/jpauli/PHP-Crypto
Generating a random byte using an LFSR function getRandomByte(LFSR $lfsr) : int { $random = 0; $run = $lfsr->run(); for ($j=0; $j<8; $j++) { $random |= $lfsr->getCurrentBit() << $j; $run->next(); } return $random; }
Ciphering clear data with the random byte function cipher(string $input) : string { $dataSize = strlen($input); $i = 0; $output = ''; $lfsr = new LFSR($this->degree, $this->seed); do { $random = $this->getRandomByte($lfsr); $data = unpack('C', $input[$i]); $output .= pack('C', $outputByte = $data[1] ^ $random); } while (++$i < $dataSize); return $output; } Yeah !
Where are we ?  Vernam based cryptography is inviolable if :  The key is secret  The key size is >= the clear size  The key is random  The key is not reused
Stream ciphers can be secure if  The key is secret  The feedback digits are kept secret  The period is big enough (m-sequence) to never loop  The attacker cannot access the input stream  If the attacker can inject some data into the clear input, a linear equation system can be used to crack the LFSR and deduce the key  This, with only 2n states  "Berlekamp-Massey attack"
Having a good initialisation  Randomness will depend on how the key is used to initialize the LFSR in the stream cipher  The key is used to define the starting state of the LFSR  It can also be used to choose the feedback digits  The key is usually mixed with an initialization vector (IV), which is some piece of random bytes.  Thus, with the same key , the same LFSR will produce different output
Hacking the encryption process  If the LFSR starts looping, its going to produce the same output (repeat itself) and thus doesn't satisfy Vernam conditions anymore  If the attacker can inject some input, he can use Berlekamp- Massey attack to crack the LFSR key and states
How to strengthen the LFSR ?
Strengthen the encryption  Branch several LFSR together : 1 01 10 1101 1 11 00 output
Strengthen the encryption  Having several LFSR working together :  The loop is still linear  Thus can be cracked in polynomial time by injecting some traffic into the input  N-degree linear equation system  We push the time limit, only
Application examples  Well-known LFSR XOR based encryption systems  (And how they've been hacked)
Examples  Content Scrambling System (CSS)  DVD protection mechanism (from 1995)  Cracked in 1999 by hacking the LFSRs  Keys are cracked by injecting some input, watching the output and cracking the polynoms  DECSS is born, and movie piracy with it  Back then, less than 18 seconds were needed to a Pentium 3 @ 450Mhz to hack the LFSRs
CSS
DECSS  CSS keys are secret and distributed by DVDCCA to DVD- reader manufacturers  Keys are stored into the hardware (or soft for PC softwares)  Each device needs a key, this is costly  http://www.dvdcca.org/css.aspx  Hence, free world and Linux were forgotten from DVDCCA  The open/free world answered by cracking CSS  Lawsuits happened  Technical analysis of CSS :  http://www.lemuria.org/DeCSS/crypto.gq.nu/
CSS and VLC  Since, DECSS code is embeded into VLC  In libdvdcss  http://git.videolan.org/?p=libdvdcss.git;a=blob;f=src/css.c;  This code is the algorithm to hack CSS protected DVDs, to read them under Linux  Hacking the LFSRs and the keys  Otherwise the stream is crypted and unreadable
 LFSR cant be cryptographically secure, but we can still push the limits of the time needed to crack it  Time should be > brute force attack  If output is a linear function of the input, then it can be cracked  https://en.wikipedia.org/wiki/Correlation_attack  We need to have the output not being a linear function of the input.  Use a non-linear reentrancy function  NLFSR  Use a non-linear shift Strengthen the encryption
Trivium
Notes about Trivium  3 LFSR  A : 93 digits  B : 84 digits  C : 111 digits  On LFSR input depends on an other's output and one of its own digit  Period 2^64  Some of the output makes use of an AND  AND is a modulo-2 multiplication  Thus cryptanalysis of the output cant crack the LFSR in linear time anymore
Using Trivium  80 digits IV  loaded in the A LFSR left digits  secret key of 80 digits as well  loaded in the B LFSR left digits  All other digits are zeroed.  We shuffle 1152 round times.  Starting from 1153th time : we got our stream
Cracking Trivium  Today, no efficient attack has been discovered  We found algos in 2^68  Thus above brute force (2^64) , thus useless  As of today 2018, Trivium is recommanded by security experts
A5/1
A5/1  A5/1 makes use of 3 LFSR  19 / 22 / 23 digits  Introduces a non-linear shift :  LFSR are shifted only if it is in the MAJ(1,2,3) set
A5/1  A5/1 is used to crypt GSM communications  It took about 10 years, but today A5/1 is broken  In an acceptable time  Under acceptable computing hardware (CPU/Mem)  Often still needs some specific hardware  Some flaws were found in the GSM protocols that weaken A5/1 and allow an attack
RC4  Rivest Cipher 4 don't use LFSR, but still can be used as a pseudo random generator  The big picture of RC4 :  Byte based (unit is byte, not digit)  Works on a 256 bytes payload  Uses many permutations and one XOR only  Huge period, about 10^100  Depending on the key used  Max theoric period is : 2^170000
RC4  We put 256 bytes into an array  We shuffle the array by adding bytes and swapping them  We get one byte from the array at indexes i and j  We shuffle 2 array slots, then i and j
RC4
RC4 , demo in PHP and C  https://github.com/jpauli/PHP-Crypto
RC4 is cracked  As its been massively used since its creation (1987), RC4 has been cracked  Today, it is cracked. Flaws have been discovered  The first bytes leak some informations about the key  KSA (Key Scheduling Algo) is too weak  RC4 doesnt define how to use the IV  So weak usage started to appear (concatenation of IV with the key)  algo has some weaknesses  You can recognize RC4 from a P-random output stream
RC4 in practice  RC4 was used in 802.11 WEP (Wired Equivalent Privacy).  WEP is very weak :  Ability to inject some trafic in input, and watch the output, thus hijacking the internal state of RC4  Control checksum are weak (CRC32 : which is linear)  Reusage of the key (overflow of the stream cipher period)
Conclusions
Memorize  We talked about stream ciphers  There exists block ciphers  DES/AES/BlowFish/RC5  Every cipher uses the only 100% cryptographically secure Vernam one-time pad  A secret key  A key length >= the clear length  A modulo-2 addition (XOR in radix 2)
Memorize  100% cryptographically secure Vernam one-time pad  A secret key  A key length >= the clear length  A modulo-2 addition (XOR in radix 2)  ... is difficult to gather in computer world  We then use compromises : LFSR f.e  From XOR operations, we try to push the limits so far that it goes over brute force time  But cryptanalysers often use high level math tools to try to hack such systems  Daniel J Bernstein should be the most known engineer about cryptanalysis
Crypto using PHP ?  Don't use ext/mcrypt  Old, unmaintained, bugged and unsecure  Don't use mt_*() or rand() for crypto purposes  Use ext/hash if you need to hash  Use ext/sodium if you need to crypt  2018 crypto. secured stream ciphers :  trivium / salsa20 ...  Have a look at the "estream" project  http://www.ecrypt.eu.org/stream/
Thank you for listening !

Recommended

Cryptography
CryptographyCryptography
Cryptography
KARNAN L S
 
Cryptography
CryptographyCryptography
Cryptography
Jens Patel
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
History of cryptography
History of cryptographyHistory of cryptography
History of cryptography
Farah Shaikh
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
Pa Van Tanku
 
Modern Cryptography
Modern CryptographyModern Cryptography
Modern Cryptography
James McGivern
 
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWE
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWELattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWE
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWE
Priyanka Aash
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
CSNP
 

Recommended

Cryptography
CryptographyCryptography
Cryptography
KARNAN L S
 
Cryptography
CryptographyCryptography
Cryptography
Jens Patel
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
History of cryptography
History of cryptographyHistory of cryptography
History of cryptography
Farah Shaikh
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
Pa Van Tanku
 
Modern Cryptography
Modern CryptographyModern Cryptography
Modern Cryptography
James McGivern
 
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWE
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWELattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWE
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWE
Priyanka Aash
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
CSNP
 
Cryptography
CryptographyCryptography
Cryptography
IGZ Software house
 
Activity playfair cipher.pptx
Activity playfair cipher.pptxActivity playfair cipher.pptx
Activity playfair cipher.pptx
karthikaparthasarath
 
A Brief History of Cryptography
A Brief History of CryptographyA Brief History of Cryptography
A Brief History of Cryptography
guest9006ab
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
Shafaan Khaliq Bhatti
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
Jyothishmathi Institute of Technology and Science Karimnagar
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
Ram Dutt Shukla
 
Hash Function
Hash Function Hash Function
Hash Function
ssuserdfb2da
 
Block Cipher
Block CipherBlock Cipher
Block Cipher
Brandon Byungyong Jo
 
Rc4
Rc4Rc4
Rc4
Amjad Rehman
 
Key management
Key managementKey management
Key management
Sujata Regoti
 
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherCaesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Mona Rajput
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
n|u - The Open Security Community
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
zahid-mian
 
PacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto JackingPacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto Jacking
APNIC
 
CNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersCNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream Ciphers
Sam Bowne
 
Number theory and cryptography
Number theory and cryptographyNumber theory and cryptography
Number theory and cryptography
Yasser Ali
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated Encryption
Sam Bowne
 
El Gamal Cryptosystem
El Gamal CryptosystemEl Gamal Cryptosystem
El Gamal Cryptosystem
Adri Jovin
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
Animesh Shaw
 
symet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.pptsymet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.ppt
halosidiq1
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...
Codemotion
 

More Related Content

What's hot

Cryptography
CryptographyCryptography
Cryptography
IGZ Software house
 
Activity playfair cipher.pptx
Activity playfair cipher.pptxActivity playfair cipher.pptx
Activity playfair cipher.pptx
karthikaparthasarath
 
A Brief History of Cryptography
A Brief History of CryptographyA Brief History of Cryptography
A Brief History of Cryptography
guest9006ab
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
Shafaan Khaliq Bhatti
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
Jyothishmathi Institute of Technology and Science Karimnagar
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
Ram Dutt Shukla
 
Hash Function
Hash Function Hash Function
Hash Function
ssuserdfb2da
 
Block Cipher
Block CipherBlock Cipher
Block Cipher
Brandon Byungyong Jo
 
Rc4
Rc4Rc4
Rc4
Amjad Rehman
 
Key management
Key managementKey management
Key management
Sujata Regoti
 
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherCaesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Mona Rajput
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
n|u - The Open Security Community
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
zahid-mian
 
PacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto JackingPacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto Jacking
APNIC
 
CNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersCNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream Ciphers
Sam Bowne
 
Number theory and cryptography
Number theory and cryptographyNumber theory and cryptography
Number theory and cryptography
Yasser Ali
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated Encryption
Sam Bowne
 
El Gamal Cryptosystem
El Gamal CryptosystemEl Gamal Cryptosystem
El Gamal Cryptosystem
Adri Jovin
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
Animesh Shaw
 

What's hot (20)

Cryptography
CryptographyCryptography
Cryptography
 
Activity playfair cipher.pptx
Activity playfair cipher.pptxActivity playfair cipher.pptx
Activity playfair cipher.pptx
 
A Brief History of Cryptography
A Brief History of CryptographyA Brief History of Cryptography
A Brief History of Cryptography
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
 
Hash Function
Hash Function Hash Function
Hash Function
 
Block Cipher
Block CipherBlock Cipher
Block Cipher
 
Rc4
Rc4Rc4
Rc4
 
Key management
Key managementKey management
Key management
 
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherCaesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
 
PacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto JackingPacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto Jacking
 
CNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersCNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream Ciphers
 
Number theory and cryptography
Number theory and cryptographyNumber theory and cryptography
Number theory and cryptography
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated Encryption
 
El Gamal Cryptosystem
El Gamal CryptosystemEl Gamal Cryptosystem
El Gamal Cryptosystem
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 

Similar to Basics of Cryptography - Stream ciphers and PRNG

symet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.pptsymet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.ppt
halosidiq1
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...
Codemotion
 
Lecture 2 coal sping12
Lecture 2 coal sping12Lecture 2 coal sping12
Lecture 2 coal sping12Rabia Khalid
 
Renas Rajab Asaad
Renas Rajab Asaad Renas Rajab Asaad
Renas Rajab Asaad
Renas Rekany
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipher
Mazin Alwaaly
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
IJERD Editor
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
Introduction to encryption
Introduction to encryptionIntroduction to encryption
Introduction to encryption
faffyman
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_report
sakhi rehman
 
Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2AfiqEfendy Zaen
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
DefCamp
 
Network Security UNIT-II
Network Security UNIT-IINetwork Security UNIT-II
Network Security UNIT-II
rathnadeepa2
 
M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)
SrideviM4
 
5 stream ciphers
5 stream ciphers5 stream ciphers
5 stream ciphersHarish Sahu
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:
Asad Ali
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-Hash
Ankit Mehta
 
Lec2_cont.pptx galgotias University questions
Lec2_cont.pptx galgotias University questionsLec2_cont.pptx galgotias University questions
Lec2_cont.pptx galgotias University questions
YashJain47002
 
Encoder for (7,3) cyclic code using matlab
Encoder for (7,3) cyclic code using matlabEncoder for (7,3) cyclic code using matlab
Encoder for (7,3) cyclic code using matlab
SneheshDutta
 
WiFi Security Explained
WiFi Security ExplainedWiFi Security Explained
WiFi Security Explained
Somenath Mukhopadhyay
 

Similar to Basics of Cryptography - Stream ciphers and PRNG (20)

symet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.pptsymet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.ppt
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...
 
Lecture 2 coal sping12
Lecture 2 coal sping12Lecture 2 coal sping12
Lecture 2 coal sping12
 
Iss lecture 2
Iss lecture 2Iss lecture 2
Iss lecture 2
 
Renas Rajab Asaad
Renas Rajab Asaad Renas Rajab Asaad
Renas Rajab Asaad
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipher
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
 
Introduction to encryption
Introduction to encryptionIntroduction to encryption
Introduction to encryption
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_report
 
Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
Network Security UNIT-II
Network Security UNIT-IINetwork Security UNIT-II
Network Security UNIT-II
 
M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)
 
5 stream ciphers
5 stream ciphers5 stream ciphers
5 stream ciphers
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-Hash
 
Lec2_cont.pptx galgotias University questions
Lec2_cont.pptx galgotias University questionsLec2_cont.pptx galgotias University questions
Lec2_cont.pptx galgotias University questions
 
Encoder for (7,3) cyclic code using matlab
Encoder for (7,3) cyclic code using matlabEncoder for (7,3) cyclic code using matlab
Encoder for (7,3) cyclic code using matlab
 
WiFi Security Explained
WiFi Security ExplainedWiFi Security Explained
WiFi Security Explained
 

More from julien pauli

Doctrine with Symfony - SymfonyCon 2019
Doctrine with Symfony - SymfonyCon 2019Doctrine with Symfony - SymfonyCon 2019
Doctrine with Symfony - SymfonyCon 2019
julien pauli
 
Php engine
Php enginePhp engine
Php engine
julien pauli
 
PHP 7 OPCache extension review
PHP 7 OPCache extension reviewPHP 7 OPCache extension review
PHP 7 OPCache extension review
julien pauli
 
PHP Internals and Virtual Machine
PHP Internals and Virtual MachinePHP Internals and Virtual Machine
PHP Internals and Virtual Machine
julien pauli
 
Mastering your home network - Do It Yourself
Mastering your home network - Do It YourselfMastering your home network - Do It Yourself
Mastering your home network - Do It Yourself
julien pauli
 
SymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performancesSymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performances
julien pauli
 
Php and threads ZTS
Php and threads ZTSPhp and threads ZTS
Php and threads ZTS
julien pauli
 
Tcpip
TcpipTcpip
Tcpip
julien pauli
 
Symfony live 2017_php7_performances
Symfony live 2017_php7_performancesSymfony live 2017_php7_performances
Symfony live 2017_php7_performances
julien pauli
 
PHP 7 new engine
PHP 7 new enginePHP 7 new engine
PHP 7 new engine
julien pauli
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshop
julien pauli
 
Profiling php5 to php7
Profiling php5 to php7Profiling php5 to php7
Profiling php5 to php7
julien pauli
 
PHP 7 performances from PHP 5
PHP 7 performances from PHP 5PHP 7 performances from PHP 5
PHP 7 performances from PHP 5
julien pauli
 
PHP7 is coming
PHP7 is comingPHP7 is coming
PHP7 is coming
julien pauli
 
Mysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionMysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extension
julien pauli
 
Php extensions workshop
Php extensions workshopPhp extensions workshop
Php extensions workshopjulien pauli
 
Understanding PHP objects
Understanding PHP objectsUnderstanding PHP objects
Understanding PHP objectsjulien pauli
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13julien pauli
 
PHP5.5 is Here
PHP5.5 is HerePHP5.5 is Here
PHP5.5 is Here
julien pauli
 

More from julien pauli (20)

Doctrine with Symfony - SymfonyCon 2019
Doctrine with Symfony - SymfonyCon 2019Doctrine with Symfony - SymfonyCon 2019
Doctrine with Symfony - SymfonyCon 2019
 
Php engine
Php enginePhp engine
Php engine
 
PHP 7 OPCache extension review
PHP 7 OPCache extension reviewPHP 7 OPCache extension review
PHP 7 OPCache extension review
 
Dns
DnsDns
Dns
 
PHP Internals and Virtual Machine
PHP Internals and Virtual MachinePHP Internals and Virtual Machine
PHP Internals and Virtual Machine
 
Mastering your home network - Do It Yourself
Mastering your home network - Do It YourselfMastering your home network - Do It Yourself
Mastering your home network - Do It Yourself
 
SymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performancesSymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performances
 
Php and threads ZTS
Php and threads ZTSPhp and threads ZTS
Php and threads ZTS
 
Tcpip
TcpipTcpip
Tcpip
 
Symfony live 2017_php7_performances
Symfony live 2017_php7_performancesSymfony live 2017_php7_performances
Symfony live 2017_php7_performances
 
PHP 7 new engine
PHP 7 new enginePHP 7 new engine
PHP 7 new engine
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshop
 
Profiling php5 to php7
Profiling php5 to php7Profiling php5 to php7
Profiling php5 to php7
 
PHP 7 performances from PHP 5
PHP 7 performances from PHP 5PHP 7 performances from PHP 5
PHP 7 performances from PHP 5
 
PHP7 is coming
PHP7 is comingPHP7 is coming
PHP7 is coming
 
Mysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionMysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extension
 
Php extensions workshop
Php extensions workshopPhp extensions workshop
Php extensions workshop
 
Understanding PHP objects
Understanding PHP objectsUnderstanding PHP objects
Understanding PHP objects
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13
 
PHP5.5 is Here
PHP5.5 is HerePHP5.5 is Here
PHP5.5 is Here
 

Recently uploaded

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 

Recently uploaded (20)

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 

Basics of Cryptography - Stream ciphers and PRNG

  • 1. Basics of cryptography Shift registers and stream ciphers
  • 2. Menu  Can't explain the whole cryptography here  Let's try to explain how it works  Simply  Let's see then some concrete examples  Among so many other fields of application...
  • 3. Menu  Cryptography main rule  Vernam One Time Pad (OTP)  Computer applications  Problems  Solutions  Symetric computer-based cryptography  PRNG & LFSR  Designing a stream cipher using PHP and C  Applications :  DVD-Blu-Ray encryption (CSS / AACS)  Wifi (WEP : RC4)  GSM (A5/1)
  • 4. About me  Julien PAULI - @julienpauli - github.com/jpauli  Working for Sensiolabs in Paris  Release manager of PHP 5.5 / 5.6  PHP internals contributor from time to time (bug fixes, internal API, performances)  Knowledges about CPU architectures, C lang, Linux and networking
  • 5. Vernam OTP (One Time Password)  The only method of encryption that is mathematically absolutely 100% sure and uncrackable
  • 6. Vernam OTP  The only method of encryption that is mathematically absolutely 100% sure and uncrackable Hello foo secretkey ????????? clear key encrypted +
  • 7. Vernam OTP  You modulo-add clear text + a key, randomly chosen and of the same size (or more) than the clear text  The operation is fully bijective and can be undone , just like a classical math addition 3 + 8 = 11 11 - 8 = 3
  • 8. Vernam OTP 3 + 8 = 11 11 ??? = ??? clear + key = encrypted  This cryptography method is the only one being 100% safe and not violable.  If you get the crypted content only, you'll never be able to get back the clear text, without having the key
  • 9. Vernam OTP  Used in the image field this time : + =
  • 10. Vernam conditions  Vernam OTP is 100% sure if and only if :  The key is random and cant be guessed  The key is kept secret  The key size is >= to the clear content size  The key is never reused (One Time Password : OTP)  The same key is used to encrypt and decrypt  This is called symetric encryption
  • 11. Vernam conditions  If the key is reused : + = + = + = 1 1 2 2 keykey keykey
  • 12. Vernam  Used during WW II  Enigma  Used in red phone  To link Moscow to Washington  Keys (physical) were carried using extra safe planes
  • 13. In computer science  Machines make use of basis 2 (binary)  "modulo 2 addition" is called XOR (exclusive OR)  Noted or ^ A B A ^ B 0 0 0 0 1 1 1 0 1 1 1 0
  • 14. XOR for cryptography  XOR satisfies Vernam OTP conditions  Having A a clear text  Having B a secret key  Crypted C = A ^ B  Clear A = C ^ B Symetric cryptography using key C
  • 15. Vernam in computer sciences  Vernam based cryptography is inviolable if :  The key is kept secret  The key size is >= the clear size  The key is random  The key is never reused  Those 4 rules seem hard to achieve in modern computers world
  • 16. 1 - The key is kept secret
  • 17. The key is secret  It is possible, while not best, to exchange the key securely  Hand to hand  "What's the wifi password please ?"  Usually, asymetric cryptography is used to create a secure channel to exchange the symetric crypto key
  • 18. And then ?  Vernam based cryptography is inviolable if :  The key is kept secret  The key size is >= the clear size  The key is random  The key is not used more than once
  • 19. 2 - The key size is >= the clear size
  • 20. Key size  To crypt 25Mb of data , one will need a 25Mb key  that's 26214400 characters  How to do to use a "reasonnably finite-size" key ?  Think about Wifi keys, often long sized, but not that long of thousands of thousands of chars
  • 21. LFSR
  • 22. LFSR  Linear Feedback Shift Register  Solution chosen to solve the problem "The key size must be >= the clear size to crypt"  How does that work ?
  • 23. LFSR  Linear Feedback Shift Register  Computer and electronic structure  Easy to code in computer language  Easy to make into electronic chips  Very powerful, very fast
  • 24. One byte : 8 digits (bits)  2^7 + 2^5 + 2^2 + 2^1 + 2^0 = 167 (decimal)  In computer science, 1 byte = 1 character (like 'f')  or one integer between 0 and 255 if you prefer  Let's take one byte from the secret key 1 01 10 1101 7 6 5 4 3 2 1 0
  • 25. LFSR 1 01 10 1101  Shift register. At each clock tick ...  Shift digits one slot to the right  Reinject the right-out digit to the left  We got an infinite source of digits  This is a circular shift Extracted digit used to crypt one digit of the payload (using XOR)
  • 26. LFSR 1 01 10 1101  Shift register  Shift to the right  Reinject on the left  We got an infinite number of digits but ...  We got a finite digit sequence (repeating itself) 1 10 11 1001 1 01 11 0011 1 11 01 0101 1- 2- 3- 4-
  • 27. LFSR 1 01 10 1101  Shift register  We got an infinite digit sequence  But not random  The feedback function is 1 1 10 11 1001 1 01 11 0011 1 11 01 0101 . .. 1- 2- 3- 4- . . .
  • 28. Where are we ?  Vernam based cryptography is inviolable if :  The key is secret  The key size is >= the clear size  The key is random  The key is never reused
  • 29. LFSR 1 01 10 1101  The sequence is going to repeat itself  How to add it some randomness ? 1 10 11 1001 1 01 11 0011 1 11 01 0101 . .. 1- 2- 3- 4-
  • 30. LFSR 1 01 10 1101  It's all about the feedback function  Let's complexify the feedback function
  • 31. LFSR 1 01 10 1101 1 01 10 1101 1 10 11 1000 1 10 10 0001 1 11 01 0001 1- 2- 3- 4-
  • 32. LFSR  That starts looking random right ? 1 01 10 1101 1 10 11 1000 1 10 10 0001 1 11 01 0001 167 83 145 240 bits Integer
  • 33. LFSR vs Maths 1 01 10 1101  This can be mathematically modelized :  S = X^8 + X^7 + X^6 + X^5 + 1  This is a classic polynom , that can be solved
  • 34. m-sequence LFSR 1 01 10 1101  As the output is injected back into the input, this LFSR will generate a finite number of states  The maximum sequence is 2^n - 1  "n" is the LFSR degree (number of digits)  This maximum sequence is called the "m-sequence"  In the above example, n is 8, the LFSR will have a maximum period of 255 states
  • 35. m-sequence LFSR 1 01 10 1101  To get an m-sequence  The number of feedback digits must be odd  Their factors must be prime between them  S = X^8 + X^7 + X^6 + X^5 + 1  Works, this LFSR will have a m-sequence (255 states)  S = X^8 + 1  Doesn't work, this LFSR will repeat before 255 states
  • 36. m-sequence LFSR 1 01 10 1101  If we extend LFSR to 32 digits, max period becomes 2^32 - 1  That's 4294967295 different states  Randomness slowly becomes more and more appearingly clear  With 32 digits (4 bytes or 4 secret key chars) we can encrypt 4294967295 digits, thus 512Mb.  Above that : the key repeats itself (and invalidates Vernam conditions)
  • 37. LFSR example coded in PHP  https://github.com/jpauli/PHP-Crypto **Simple Galois LFSR, degree 7 (127 states m-sequence)** Used register bits for feedback : 7 6 Deducted Feedback function : 1100000 (0X60) Your initial state is : 00000000000000000000001110001100 (908) Let's now start the Linear Feedback Shift Register [Iteration] [-------Internal Register -------] [PRandom bit] | | | v v v 0 - 00000000000000000000001110001100 [ 0 ] 1 - 00000000000000000000000111000110 [ 0 ] 2 - 00000000000000000000000011100011 [ 1 ] 3 - 00000000000000000000000000010001 [ 1 ] 4 - 00000000000000000000000001101000 [ 0 ]
  • 38. LFSR example coded in PHP for ($i = 0; $i < count(self::POLYNOMIAL_PRIME_COEFF[$this->degree]); $i++) $this->taps[ ] = self::POLYNOMIAL_PRIME_COEFF[$this->degree][$i]; $this->ff |= (1 << self::POLYNOMIAL_PRIME_COEFF[$this->degree][$i]); } /* LFSR always has first and last bit set */ $this->ff |= 1 << ($this->degree); $this->ff |=1; do { $this->iterations++; $this->currentState >>= 1; /* Shift register */ yield $this->iterations => $this->currentState; if ($this->currentState & 1) { $this->currentState ^= $this->ff; /* re-enter */ } } while ($this->currentState != $this->start);
  • 39. Encryption with a LFSR ?  Pretty easy  Initialize LFSR with the secret key  Encrypt each clear digit with one digit generated from the LFSR using XOR operation  This is called a stream cipher  (bloc ciphers also exist)
  • 40. Stream Cipher demo  https://github.com/jpauli/PHP-Crypto
  • 41. Generating a random byte using an LFSR function getRandomByte(LFSR $lfsr) : int { $random = 0; $run = $lfsr->run(); for ($j=0; $j<8; $j++) { $random |= $lfsr->getCurrentBit() << $j; $run->next(); } return $random; }
  • 42. Ciphering clear data with the random byte function cipher(string $input) : string { $dataSize = strlen($input); $i = 0; $output = ''; $lfsr = new LFSR($this->degree, $this->seed); do { $random = $this->getRandomByte($lfsr); $data = unpack('C', $input[$i]); $output .= pack('C', $outputByte = $data[1] ^ $random); } while (++$i < $dataSize); return $output; } Yeah !
  • 43. Where are we ?  Vernam based cryptography is inviolable if :  The key is secret  The key size is >= the clear size  The key is random  The key is not reused
  • 44. Stream ciphers can be secure if  The key is secret  The feedback digits are kept secret  The period is big enough (m-sequence) to never loop  The attacker cannot access the input stream  If the attacker can inject some data into the clear input, a linear equation system can be used to crack the LFSR and deduce the key  This, with only 2n states  "Berlekamp-Massey attack"
  • 45. Having a good initialisation  Randomness will depend on how the key is used to initialize the LFSR in the stream cipher  The key is used to define the starting state of the LFSR  It can also be used to choose the feedback digits  The key is usually mixed with an initialization vector (IV), which is some piece of random bytes.  Thus, with the same key , the same LFSR will produce different output
  • 46. Hacking the encryption process  If the LFSR starts looping, its going to produce the same output (repeat itself) and thus doesn't satisfy Vernam conditions anymore  If the attacker can inject some input, he can use Berlekamp- Massey attack to crack the LFSR key and states
  • 47. How to strengthen the LFSR ?
  • 48. Strengthen the encryption  Branch several LFSR together : 1 01 10 1101 1 11 00 output
  • 49. Strengthen the encryption  Having several LFSR working together :  The loop is still linear  Thus can be cracked in polynomial time by injecting some traffic into the input  N-degree linear equation system  We push the time limit, only
  • 50. Application examples  Well-known LFSR XOR based encryption systems  (And how they've been hacked)
  • 51. Examples  Content Scrambling System (CSS)  DVD protection mechanism (from 1995)  Cracked in 1999 by hacking the LFSRs  Keys are cracked by injecting some input, watching the output and cracking the polynoms  DECSS is born, and movie piracy with it  Back then, less than 18 seconds were needed to a Pentium 3 @ 450Mhz to hack the LFSRs
  • 52. CSS
  • 53. DECSS  CSS keys are secret and distributed by DVDCCA to DVD- reader manufacturers  Keys are stored into the hardware (or soft for PC softwares)  Each device needs a key, this is costly  http://www.dvdcca.org/css.aspx  Hence, free world and Linux were forgotten from DVDCCA  The open/free world answered by cracking CSS  Lawsuits happened  Technical analysis of CSS :  http://www.lemuria.org/DeCSS/crypto.gq.nu/
  • 54. CSS and VLC  Since, DECSS code is embeded into VLC  In libdvdcss  http://git.videolan.org/?p=libdvdcss.git;a=blob;f=src/css.c;  This code is the algorithm to hack CSS protected DVDs, to read them under Linux  Hacking the LFSRs and the keys  Otherwise the stream is crypted and unreadable
  • 55.  LFSR cant be cryptographically secure, but we can still push the limits of the time needed to crack it  Time should be > brute force attack  If output is a linear function of the input, then it can be cracked  https://en.wikipedia.org/wiki/Correlation_attack  We need to have the output not being a linear function of the input.  Use a non-linear reentrancy function  NLFSR  Use a non-linear shift Strengthen the encryption
  • 57. Notes about Trivium  3 LFSR  A : 93 digits  B : 84 digits  C : 111 digits  On LFSR input depends on an other's output and one of its own digit  Period 2^64  Some of the output makes use of an AND  AND is a modulo-2 multiplication  Thus cryptanalysis of the output cant crack the LFSR in linear time anymore
  • 58. Using Trivium  80 digits IV  loaded in the A LFSR left digits  secret key of 80 digits as well  loaded in the B LFSR left digits  All other digits are zeroed.  We shuffle 1152 round times.  Starting from 1153th time : we got our stream
  • 59. Cracking Trivium  Today, no efficient attack has been discovered  We found algos in 2^68  Thus above brute force (2^64) , thus useless  As of today 2018, Trivium is recommanded by security experts
  • 60. A5/1
  • 61. A5/1  A5/1 makes use of 3 LFSR  19 / 22 / 23 digits  Introduces a non-linear shift :  LFSR are shifted only if it is in the MAJ(1,2,3) set
  • 62. A5/1  A5/1 is used to crypt GSM communications  It took about 10 years, but today A5/1 is broken  In an acceptable time  Under acceptable computing hardware (CPU/Mem)  Often still needs some specific hardware  Some flaws were found in the GSM protocols that weaken A5/1 and allow an attack
  • 63. RC4  Rivest Cipher 4 don't use LFSR, but still can be used as a pseudo random generator  The big picture of RC4 :  Byte based (unit is byte, not digit)  Works on a 256 bytes payload  Uses many permutations and one XOR only  Huge period, about 10^100  Depending on the key used  Max theoric period is : 2^170000
  • 64. RC4  We put 256 bytes into an array  We shuffle the array by adding bytes and swapping them  We get one byte from the array at indexes i and j  We shuffle 2 array slots, then i and j
  • 65. RC4
  • 66. RC4 , demo in PHP and C  https://github.com/jpauli/PHP-Crypto
  • 67. RC4 is cracked  As its been massively used since its creation (1987), RC4 has been cracked  Today, it is cracked. Flaws have been discovered  The first bytes leak some informations about the key  KSA (Key Scheduling Algo) is too weak  RC4 doesnt define how to use the IV  So weak usage started to appear (concatenation of IV with the key)  algo has some weaknesses  You can recognize RC4 from a P-random output stream
  • 68. RC4 in practice  RC4 was used in 802.11 WEP (Wired Equivalent Privacy).  WEP is very weak :  Ability to inject some trafic in input, and watch the output, thus hijacking the internal state of RC4  Control checksum are weak (CRC32 : which is linear)  Reusage of the key (overflow of the stream cipher period)
  • 70. Memorize  We talked about stream ciphers  There exists block ciphers  DES/AES/BlowFish/RC5  Every cipher uses the only 100% cryptographically secure Vernam one-time pad  A secret key  A key length >= the clear length  A modulo-2 addition (XOR in radix 2)
  • 71. Memorize  100% cryptographically secure Vernam one-time pad  A secret key  A key length >= the clear length  A modulo-2 addition (XOR in radix 2)  ... is difficult to gather in computer world  We then use compromises : LFSR f.e  From XOR operations, we try to push the limits so far that it goes over brute force time  But cryptanalysers often use high level math tools to try to hack such systems  Daniel J Bernstein should be the most known engineer about cryptanalysis
  • 72. Crypto using PHP ?  Don't use ext/mcrypt  Old, unmaintained, bugged and unsecure  Don't use mt_*() or rand() for crypto purposes  Use ext/hash if you need to hash  Use ext/sodium if you need to crypt  2018 crypto. secured stream ciphers :  trivium / salsa20 ...  Have a look at the "estream" project  http://www.ecrypt.eu.org/stream/
  • 73. Thank you for listening !