SlideShare a Scribd company logo

ChapterTwoCryptoTheStreamCipherFHSU.pptx

Download as PPTX, PDF
S
ssuser0a47f0

About crytography

Technology
1 of 18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Dr. Hong Biao Zeng Materials are coming from Textbook of Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Fall 2022 In this chapter, students shall learn: 1/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Concepts to stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear feedback shift registers (LFSRs) Trivium: a modern stream cipher 2/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Stream Ciphers were invented in 1917 by Gilbert Vernam Stream Cipher: 3/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Encrypt bits individually Usually small and fast: common in embedded devices (e.g., A5/1 for GSM phones) Block Cipher: Always encrypt a full block (several bits) Are common for Internet applications Challenge: Draw graph to represent their difference Plaintext xi , ciphertext yi and key stream si consist of individual bits. Encryption: yi = esi (xi ) = xi + si mod 2,xi ,yi ,si ∈{0,1} 4/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Decryption: xi = esi (yi ) = yi + si mod 2 Challenge: Draw a graph to represent the idea. Security of stream cipher depends entirely on the key stream si : Should be random , i.e., Pr(si = 0) = Pr(si = 1) = 0.5 Must be reproducible by sender and receiver 5/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher 6/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Why is Modulo 2 Addition a Good Encryption Function? Modulo 2 addition is equivalent to XOR operation For perfectly random key stream si , each ciphertext output bit has a 50% chance to be 0 or 1: good statistic property for ciphertext Inverting XOR is simple, since it is the same XOR operation Challenge: Draw truth table for XOR We have three kinds of random number generators. 7/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher True RNG Pseudorandom NG Cryptographically Secure RNG Based on physical random processes: coin flipping, dice rolling, semiconductor noise, radioactive decay, mouse movement, clock jitter of digital circuits Output stream si should have good statistical properties: Pr(si = 0) = Pr(si = 1) = 50% (often achieved by post-processing) Output can neither be predicted nor be reproduced Typically used for generation of keys, nonces (used only-once values) and for many other purposes Generate sequences from initial seed value Typically, output stream has good statistical properties 8/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Output can be reproduced and can be predicted Often computed in a recursive way: s0 = seed si+1 = f (s0,s1,...,si ) Most PRNGs have bad cryptographic properties! Let’s analyze a simple PRNG. 9/18 Simple PRNG: Linear Congruential Generator S0 = seed Si+1 = ASi + B mod m Assume: unknown A, B and S0 as key
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Size of A, B and Si to be 100 bit 300 bit of output are known, i.e. S1,S2 and S3 Solving: S2 = AS1 + B mod m S3 = AS2 + B mod m 10/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Cryptographically Secure Pseudorandom Number Generator (CSPRNG) Special PRNG with additional property: Output must be unpredictable More precisely: Given n consecutive bits of output si , the following output bits sn+1 cannot be predicted (in polynomial time). Needed in cryptography, in particular for stream ciphers Remark: There are almost no other applications that need unpredictability, whereas many, many (technical) systems need PRNGs. 11/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher , , ∈{ , } L L 12/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Disadvantage: For almost all applications the OTP is impractical since the key must be as long as the message! (Imagine you have to encrypt a 1GByte email attachment.) Concatenated flip-flops (FF), i.e., a shift register together with a feedback path • Feedback computes fresh input by XOR of certain state bits • Degree m given by 13/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher number of storage elements • If pi = 1, the feedback connection is present (“closed switch), otherwise there is not feedback from this flip-flop (“open switch”) • Output sequence repeats periodically • Maximum output length: 2m-1 Linear Feedback Shift Registers (LFSRs): Example with m=3 14/18 LFSR output described by recursive equation: Si+3 = Si+1 + Si mod3
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Maximum output length (of 23 − 1 = 7) achieved only for certain feedback configurations. In class challenge: Give an example configuration 15/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher 16/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Initialization: Load 80-bit IV into A Load 80-bit key into B Set c109 , c110 , c111 =1, all other bits 0 Warm-Up: Clock cipher 4 x 288 = 1152 times without generating output Encryption: XOR-Sum of all three NLFSR outputs generates key stream si Design can be parallelized to produce up to 64 bits of output per clock cycle Stream ciphers are less popular than block ciphers in most domains such as Internet security. There are exceptions, for instance, the popular stream cipher RC4. Stream ciphers sometimes require fewer resources, e.g., code size or chip area, for implementation than block ciphers, and they are attractive for use in constrained environments such as cell phones. 17/18
Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher The requirements for a cryptographically secure pseudorandom number generator are far more demanding than the requirements for pseudorandom number generators used in other applications such as testing or simulation The One-Time Pad is a provable secure symmetric cipher. However, it is highly impractical for most applications because the key length has to equal the message length. Single LFSRs make poor stream ciphers despite their good statistical properties. However, careful combinations of several LFSR can yield strong ciphers. Lesson Learned 18/18

Recommended

CRYPTO Module 05.in.pdf
CRYPTO Module 05.in.pdfCRYPTO Module 05.in.pdf
CRYPTO Module 05.in.pdfAnushaS405812
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. K
[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. K[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. K
[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. KIJET - International Journal of Engineering and Techniques
 
Module 5 Pseudo Random Sequence(SEE NOW).pptx
Module 5 Pseudo Random Sequence(SEE NOW).pptxModule 5 Pseudo Random Sequence(SEE NOW).pptx
Module 5 Pseudo Random Sequence(SEE NOW).pptxAdityaAnand843311
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
Lfsr report
Lfsr report Lfsr report
Lfsr report Nandana Priyanka Eluri
 
Digital Electronics – Unit III.pdf
Digital Electronics – Unit III.pdfDigital Electronics – Unit III.pdf
Digital Electronics – Unit III.pdfKannan Kanagaraj
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherMazin Alwaaly
 

Recommended

CRYPTO Module 05.in.pdf
CRYPTO Module 05.in.pdfCRYPTO Module 05.in.pdf
CRYPTO Module 05.in.pdfAnushaS405812
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. K
[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. K[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. K
[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. KIJET - International Journal of Engineering and Techniques
 
Module 5 Pseudo Random Sequence(SEE NOW).pptx
Module 5 Pseudo Random Sequence(SEE NOW).pptxModule 5 Pseudo Random Sequence(SEE NOW).pptx
Module 5 Pseudo Random Sequence(SEE NOW).pptxAdityaAnand843311
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
Lfsr report
Lfsr report Lfsr report
Lfsr report Nandana Priyanka Eluri
 
Digital Electronics – Unit III.pdf
Digital Electronics – Unit III.pdfDigital Electronics – Unit III.pdf
Digital Electronics – Unit III.pdfKannan Kanagaraj
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherMazin Alwaaly
 
Predicting and Abusing WPA2/802.11 Group Keys
Predicting and Abusing WPA2/802.11 Group KeysPredicting and Abusing WPA2/802.11 Group Keys
Predicting and Abusing WPA2/802.11 Group Keysvanhoefm
 
LFSR
LFSRLFSR
LFSRCVR college of Engineering
 
LFSR final.pptxpppppplthddhfgfghgffhgfghgh
LFSR final.pptxpppppplthddhfgfghgffhgfghghLFSR final.pptxpppppplthddhfgfghgffhgfghgh
LFSR final.pptxpppppplthddhfgfghgffhgfghghpranavdk2003
 
LFSR final.pptxpppppplthddhfgfghgffhgfghgh
LFSR final.pptxpppppplthddhfgfghgffhgfghghLFSR final.pptxpppppplthddhfgfghgffhgfghgh
LFSR final.pptxpppppplthddhfgfghgffhgfghghpranavdk2003
 
Embedded systems and robotics by scmandota
Embedded systems and robotics by scmandotaEmbedded systems and robotics by scmandota
Embedded systems and robotics by scmandotascmandota
 
13.ppt
13.ppt13.ppt
13.pptDiptarshiBhowmick1
 
8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )
8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )
8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )Tarun Khaneja
 
P0460699102
P0460699102P0460699102
P0460699102IJERA Editor
 
ARM Introduction
ARM IntroductionARM Introduction
ARM IntroductionRamasubbu .P
 
counters and resister presentations.pptx
counters and resister presentations.pptxcounters and resister presentations.pptx
counters and resister presentations.pptxarushika2211
 
arm-intro.ppt
arm-intro.pptarm-intro.ppt
arm-intro.pptMostafaParvin1
 
A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...
A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...
A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...Kevin Mathew
 
Rotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineRotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineSaurabh Kaushik
 
40120140502003
4012014050200340120140502003
40120140502003IAEME Publication
 
FF and Latches.ppt
FF and Latches.pptFF and Latches.ppt
FF and Latches.pptRockFellerSinghRusse
 
amrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdfamrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdfamrapalibuildersreviews
 
5 stream ciphers
5 stream ciphers5 stream ciphers
5 stream ciphersHarish Sahu
 
Digital logic-formula-notes-final-1
Digital logic-formula-notes-final-1Digital logic-formula-notes-final-1
Digital logic-formula-notes-final-1Kshitij Singh
 
Ece221 Ch7 Part1
Ece221 Ch7 Part1Ece221 Ch7 Part1
Ece221 Ch7 Part1developmentalnerd
 
8051 microcontroller
8051 microcontroller8051 microcontroller
8051 microcontrollerJhemi22
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

More Related Content

Similar to ChapterTwoCryptoTheStreamCipherFHSU.pptx

Predicting and Abusing WPA2/802.11 Group Keys
Predicting and Abusing WPA2/802.11 Group KeysPredicting and Abusing WPA2/802.11 Group Keys
Predicting and Abusing WPA2/802.11 Group Keysvanhoefm
 
LFSR final.pptxpppppplthddhfgfghgffhgfghgh
LFSR final.pptxpppppplthddhfgfghgffhgfghghLFSR final.pptxpppppplthddhfgfghgffhgfghgh
LFSR final.pptxpppppplthddhfgfghgffhgfghghpranavdk2003
 
LFSR final.pptxpppppplthddhfgfghgffhgfghgh
LFSR final.pptxpppppplthddhfgfghgffhgfghghLFSR final.pptxpppppplthddhfgfghgffhgfghgh
LFSR final.pptxpppppplthddhfgfghgffhgfghghpranavdk2003
 
Embedded systems and robotics by scmandota
Embedded systems and robotics by scmandotaEmbedded systems and robotics by scmandota
Embedded systems and robotics by scmandotascmandota
 
8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )
8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )
8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )Tarun Khaneja
 
counters and resister presentations.pptx
counters and resister presentations.pptxcounters and resister presentations.pptx
counters and resister presentations.pptxarushika2211
 
A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...
A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...
A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...Kevin Mathew
 
Rotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineRotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineSaurabh Kaushik
 
5 stream ciphers
5 stream ciphers5 stream ciphers
5 stream ciphersHarish Sahu
 
Digital logic-formula-notes-final-1
Digital logic-formula-notes-final-1Digital logic-formula-notes-final-1
Digital logic-formula-notes-final-1Kshitij Singh
 
8051 microcontroller
8051 microcontroller8051 microcontroller
8051 microcontrollerJhemi22
 

Similar to ChapterTwoCryptoTheStreamCipherFHSU.pptx (20)

Predicting and Abusing WPA2/802.11 Group Keys
Predicting and Abusing WPA2/802.11 Group KeysPredicting and Abusing WPA2/802.11 Group Keys
Predicting and Abusing WPA2/802.11 Group Keys
 
LFSR
LFSRLFSR
LFSR
 
LFSR final.pptxpppppplthddhfgfghgffhgfghgh
LFSR final.pptxpppppplthddhfgfghgffhgfghghLFSR final.pptxpppppplthddhfgfghgffhgfghgh
LFSR final.pptxpppppplthddhfgfghgffhgfghgh
 
LFSR final.pptxpppppplthddhfgfghgffhgfghgh
LFSR final.pptxpppppplthddhfgfghgffhgfghghLFSR final.pptxpppppplthddhfgfghgffhgfghgh
LFSR final.pptxpppppplthddhfgfghgffhgfghgh
 
Embedded systems and robotics by scmandota
Embedded systems and robotics by scmandotaEmbedded systems and robotics by scmandota
Embedded systems and robotics by scmandota
 
13.ppt
13.ppt13.ppt
13.ppt
 
8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )
8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )
8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )
 
P0460699102
P0460699102P0460699102
P0460699102
 
ARM Introduction
ARM IntroductionARM Introduction
ARM Introduction
 
counters and resister presentations.pptx
counters and resister presentations.pptxcounters and resister presentations.pptx
counters and resister presentations.pptx
 
arm-intro.ppt
arm-intro.pptarm-intro.ppt
arm-intro.ppt
 
A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...
A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...
A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...
 
Rotor Cipher and Enigma Machine
Rotor Cipher and Enigma MachineRotor Cipher and Enigma Machine
Rotor Cipher and Enigma Machine
 
40120140502003
4012014050200340120140502003
40120140502003
 
FF and Latches.ppt
FF and Latches.pptFF and Latches.ppt
FF and Latches.ppt
 
amrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdfamrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdf
 
5 stream ciphers
5 stream ciphers5 stream ciphers
5 stream ciphers
 
Digital logic-formula-notes-final-1
Digital logic-formula-notes-final-1Digital logic-formula-notes-final-1
Digital logic-formula-notes-final-1
 
Ece221 Ch7 Part1
Ece221 Ch7 Part1Ece221 Ch7 Part1
Ece221 Ch7 Part1
 
8051 microcontroller
8051 microcontroller8051 microcontroller
8051 microcontroller
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Recently uploaded (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

ChapterTwoCryptoTheStreamCipherFHSU.pptx

  • 1. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Dr. Hong Biao Zeng Materials are coming from Textbook of Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Fall 2022 In this chapter, students shall learn: 1/18
  • 2. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Concepts to stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear feedback shift registers (LFSRs) Trivium: a modern stream cipher 2/18
  • 3. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Stream Ciphers were invented in 1917 by Gilbert Vernam Stream Cipher: 3/18
  • 4. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Encrypt bits individually Usually small and fast: common in embedded devices (e.g., A5/1 for GSM phones) Block Cipher: Always encrypt a full block (several bits) Are common for Internet applications Challenge: Draw graph to represent their difference Plaintext xi , ciphertext yi and key stream si consist of individual bits. Encryption: yi = esi (xi ) = xi + si mod 2,xi ,yi ,si ∈{0,1} 4/18
  • 5. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Decryption: xi = esi (yi ) = yi + si mod 2 Challenge: Draw a graph to represent the idea. Security of stream cipher depends entirely on the key stream si : Should be random , i.e., Pr(si = 0) = Pr(si = 1) = 0.5 Must be reproducible by sender and receiver 5/18
  • 6. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher 6/18
  • 7. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Why is Modulo 2 Addition a Good Encryption Function? Modulo 2 addition is equivalent to XOR operation For perfectly random key stream si , each ciphertext output bit has a 50% chance to be 0 or 1: good statistic property for ciphertext Inverting XOR is simple, since it is the same XOR operation Challenge: Draw truth table for XOR We have three kinds of random number generators. 7/18
  • 8. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher True RNG Pseudorandom NG Cryptographically Secure RNG Based on physical random processes: coin flipping, dice rolling, semiconductor noise, radioactive decay, mouse movement, clock jitter of digital circuits Output stream si should have good statistical properties: Pr(si = 0) = Pr(si = 1) = 50% (often achieved by post-processing) Output can neither be predicted nor be reproduced Typically used for generation of keys, nonces (used only-once values) and for many other purposes Generate sequences from initial seed value Typically, output stream has good statistical properties 8/18
  • 9. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Output can be reproduced and can be predicted Often computed in a recursive way: s0 = seed si+1 = f (s0,s1,...,si ) Most PRNGs have bad cryptographic properties! Let’s analyze a simple PRNG. 9/18 Simple PRNG: Linear Congruential Generator S0 = seed Si+1 = ASi + B mod m Assume: unknown A, B and S0 as key
  • 10. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Size of A, B and Si to be 100 bit 300 bit of output are known, i.e. S1,S2 and S3 Solving: S2 = AS1 + B mod m S3 = AS2 + B mod m 10/18
  • 11. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Cryptographically Secure Pseudorandom Number Generator (CSPRNG) Special PRNG with additional property: Output must be unpredictable More precisely: Given n consecutive bits of output si , the following output bits sn+1 cannot be predicted (in polynomial time). Needed in cryptography, in particular for stream ciphers Remark: There are almost no other applications that need unpredictability, whereas many, many (technical) systems need PRNGs. 11/18
  • 12. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher , , ∈{ , } L L 12/18
  • 13. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Disadvantage: For almost all applications the OTP is impractical since the key must be as long as the message! (Imagine you have to encrypt a 1GByte email attachment.) Concatenated flip-flops (FF), i.e., a shift register together with a feedback path • Feedback computes fresh input by XOR of certain state bits • Degree m given by 13/18
  • 14. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher number of storage elements • If pi = 1, the feedback connection is present (“closed switch), otherwise there is not feedback from this flip-flop (“open switch”) • Output sequence repeats periodically • Maximum output length: 2m-1 Linear Feedback Shift Registers (LFSRs): Example with m=3 14/18 LFSR output described by recursive equation: Si+3 = Si+1 + Si mod3
  • 15. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Maximum output length (of 23 − 1 = 7) achieved only for certain feedback configurations. In class challenge: Give an example configuration 15/18
  • 16. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher 16/18
  • 17. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher Initialization: Load 80-bit IV into A Load 80-bit key into B Set c109 , c110 , c111 =1, all other bits 0 Warm-Up: Clock cipher 4 x 288 = 1152 times without generating output Encryption: XOR-Sum of all three NLFSR outputs generates key stream si Design can be parallelized to produce up to 64 bits of output per clock cycle Stream ciphers are less popular than block ciphers in most domains such as Internet security. There are exceptions, for instance, the popular stream cipher RC4. Stream ciphers sometimes require fewer resources, e.g., code size or chip area, for implementation than block ciphers, and they are attractive for use in constrained environments such as cell phones. 17/18
  • 18. Outline Concepts of stream ciphers Random number generators (RNGs) One-Time Pad (OTP) Linear Feedback Shift Registers (LFSRs) Trivium: a modern stream cipher The requirements for a cryptographically secure pseudorandom number generator are far more demanding than the requirements for pseudorandom number generators used in other applications such as testing or simulation The One-Time Pad is a provable secure symmetric cipher. However, it is highly impractical for most applications because the key length has to equal the message length. Single LFSRs make poor stream ciphers despite their good statistical properties. However, careful combinations of several LFSR can yield strong ciphers. Lesson Learned 18/18