CPSC
slides06

slides06 - Outline CPSC/PMAT 418 Introduction to...

• 9

This preview shows pages 1–3. Sign up to view the full content.

CPSC/PMAT 418 Introduction to Cryptography More on Cryptanalysis, Stream Ciphers, Modes of Operation, Hash Functions Renate Scheidler Department of Mathematics & Statistics Department of Computer Science University of Calgary (Original slides by Mike Jacobson With modifications by Mark Bauer and Renate Scheidler) Week 6 Renate Scheidler (University of Calgary) CPSC/PMAT 418 Week 6 1 / 33 Outline 1 Cryptanalysis of Block Ciphers Differential Cryptanalysis Other Advanced Attacks 2 Stream Ciphers Synchronous Stream Ciphers (SSC) Self-Synchronizing Stream Ciphers (Self-SSC) 3 Modes of Operation for Block Ciphers 4 Where are we at? 5 Hash Functions Iterated Hash Functions SHA-1 Renate Scheidler (University of Calgary) CPSC/PMAT 418 Week 6 2 / 33 Cryptanalysis of Block Ciphers Differential Cryptanalysis Differential cryptanalysis Biham and Shamir, Journal of Cryptology, 1991 — KPA Compares input XORs to output XORs, and traces these differences through the cipher. Both linear and differential cryptanalysis work quite well on DES with fewer than 16 rounds. The first edition of Stinson’s book (1995) discusses successful differential cryptanalysis attacks on 3-round and 6-round DES. Large-scale, parallel, brute-force attack is still the most practical attack on 16-round DES. DES was designed to be resistant against differential cryptanalysis (“T” or “Tickle” attack). IBM and NSA knew about differential cryptanalysis at the time. Renate Scheidler (University of Calgary) CPSC/PMAT 418 Week 6 3 / 33 Cryptanalysis of Block Ciphers Differential Cryptanalysis Requirements for full DES Type of attack Expected time # of ( M , C ) pairs Exhaustive search 2 55 none Linear Cryptanalysis 2 43 2 43 (chosen) Differential Cryptanalysis 2 47 2 47 (known) Note: AES not affected by these attacks (by design). Modern ciphers must be designed to credibly withstand linear and differential cryptanalysis! Renate Scheidler (University of Calgary) CPSC/PMAT 418 Week 6 4 / 33

This preview has intentionally blurred sections. Sign up to view the full version.

Cryptanalysis of Block Ciphers Other Advanced Attacks Algebraic Attacks Courtois 2001 — KPA, generates multivariate equations from S-boxes, where the unknowns are the key bits. So far no threat to any modern block cipher. Obstacle: solving multivariate equations seems to be hard in practice. Renate Scheidler (University of Calgary) CPSC/PMAT 418 Week 6 5 / 33 Cryptanalysis of Block Ciphers Other Advanced Attacks Biclique Attacks Enhanced meet-in-the-middle attack using bicliques that map internal states to ciphertexts via subkeys. First improved key recovery through the biclique attack on AES (Bogdanov, Khovratovich, Rechberger 2011): AES key length Exhaustive search Biclique (expected) 128 2 128 2 126 . 1 192 2 192 2 189 . 7 256 2 256 2 254 . 4 These and other attacks (e.g. square attack) are successful on 8 and lower round AES. Renate Scheidler (University of Calgary) CPSC/PMAT 418 Week 6 6 / 33 Stream Ciphers Stream Ciphers In contrast to block ciphers, stream ciphers don’t treat incoming characters independently.
This is the end of the preview. Sign up to access the rest of the document.
• Fall '14
• Cryptography, Cryptographic hash function, Block cipher, block ciphers, Renate Scheidler

{[ snackBarMessage ]}

What students are saying

• As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

Kiran Temple University Fox School of Business ‘17, Course Hero Intern

• I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

Dana University of Pennsylvania ‘17, Course Hero Intern

• The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

Jill Tulane University ‘16, Course Hero Intern