Attacks on Block Ciphers-Network Security-Lecture Slides, Slides of Cryptography and System Security

This lecture was delivered by Prof. Adityavardhana Gavde at Ankit Institute of Technology and Science. It is part of series lecture on Network Security course. It includes: Network, Security, Attacks, Block Ciphers, Differential, Linear,  Cryptanalysis, Weaknesses, DES

Typology: Slides

2011/2012

Uploaded on 07/23/2012

pararijka
pararijka 🇮🇳

4.5

(4)

90 documents

1 / 21

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
NetworkSecurity
(Lec 8)
(AttacksonBlockCiphers)
(Differential&LinearCryptanalysis)
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15

Partial preview of the text

Download Attacks on Block Ciphers-Network Security-Lecture Slides and more Slides Cryptography and System Security in PDF only on Docsity!

Network

Security

(Lec 8)

(Attacks

on

Block

Ciphers)

(Differential

Linear

Cryptanalysis)

Finding

Weaknesses

in

DES

DES

vulnerable

to

brute

force

attack

due

to

short

key

length.

But

interest

was

also

to

find

cryptanalysis

attacks

on

DES.

Triple

DES

make

brute

force

impractical.

Leads

to

the

discovery

of

most

promising

and

powerful

approaches.

History

Reported in open literature in

First use in cryptanalysis of

FEAL

by Murphy.  Followed by number of papers by Biham and Shamir.  Was the first publish attack

that can break

DES

in less then

55  Can successfully cryptanalyze DES

with

47 encryptions, requiring

47 chosen plaintext.  The

47 is significantly less than

55 but need for 2 47 chosen plaintext make this attack only theoretical interest.

History

Although a powerful tool ,but do not do well against

DES.

Reason

according to

IBM

was known to the team as early as

The need to strength

DES

against Differential cryptanalysis played a major rule in design of

S

boxes and

P.

Differential cryptanalysis of eight round

LUCIFER

require

chosen plaintext

where as attack on eight round

DES

requires

14 chosen plaintext.

Differential

Cryptanalysis

Differential

Cryptanalysis

Suppose, that many pairs of input to f with the same difference yield the same output difference if the same key is used.  In other words,

X

may cause

Y

with probability p, if for the fraction p of the pairs in which the input

XOR

is

X

the output

XOR

is

Y.

we want to suppose that there are number of values of

X

that have high probability of causing a particular output difference.  If number of such differences are determined

it is feasible to determine the sub

key used in the function f.

Linear

cryptanalysis

Technique

for

analyzing

block

cipher.

It

is

a

known

plaintext

attack,

used

to

break

DES

using

workstations

and

43

known

plaintexts.

It

approximates

non

linear

part

of

the

cipher

to

a

linear

part

so

that

it

gives

same

result

as

non

linear

part

but

also

give

some

incorrect

results.

Linear

approximation

holds

probabistically,

we

need

a

lot

of

known

plaintexts

to

use

approximation.

docsity.com

Example:

Round

Linear

approximation

Linear

approximation

 For a 97.7% success rate , the equation N=|p ‐ 1/2| ‐ 2 is suggested.  Thus for a success rate of 97.7% we would require |0. ‐ 0.500| ‐ 2 = known plaintext.  If number of rounds increase to eight then the probability is

and around 400 known plaintext are required.

Block

Ciphers

Design

Principles

Much

progress,

to

make

them

strong.

But

the

basic

principles

remain

same.

Number

of

rounds

design

of

F

and

key

scheduling.

S

box

Design

 Should be non ‐ linear and difficult to approximate with linear function.  S ‐ box size, n x m s ‐ box.  Larger S ‐ boxes are more ‐ resistant to linear and differential attacks.  Mister and Adams proposed, must satisfy Strict avalanche criterion (SAC ), (that output bit j of an S ‐ box should change with probability ½ , when any single input bit i is inverted) and  bit independence criterion (BIC),( that output bits j and k should change independently when any single input bit i is inverted)  also sujects that they should be bent .  GA(Guaranteed Avalanche)

S

box

Design

Nyberg,

suggests:

Random:

Use

pseudorandom

number

generation. 

Random

with

testing:

choose

randomly,

throw

away

that

do

not

pass.

Human

made:

maths,

difficult

in

large

S

boxes.

Math

made:

according

to

maths

principles,

resistant

against

linear

and

differential,

good

diffusion.

Design

of

Function

F

Heart

of

Fiestel

block

cipher.

Provides

confusion

in

a

Fiestel

cipher.

F

should

be

non

linear.

Algorithm

should

have

good

avalanche

properties. 

Strict

avalanche

criterion(SAC)

Another

criterion

is

bit

independence

criterion(BIC).

Key

Schedule

algorithm

Sub

keys

to

maximize

the

difficulty

of

deducing

individual

sub

keys

and

difficulty

of

working

back

to

main

key,

no

general

criteria.

Hall

suggest

should

guarantee

key/cipher

text

strict

criterion

and

bit

independent

criterion.

docsity.com