slides06 - Outline CPSC/PMAT 418 Introduction to...

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CPSC/PMAT 418 Introduction to Cryptography More on Cryptanalysis, Stream Ciphers, Modes of Operation, Hash Functions Renate Scheidler Department of Mathematics & Statistics Department of Computer Science University of Calgary (Original slides by Mike Jacobson With modifications by Mark Bauer and Renate Scheidler) Week 6 Renate Scheidler (University of Calgary) CPSC/PMAT 418 Week 6 1 / 33 Outline 1 Cryptanalysis of Block Ciphers Differential Cryptanalysis Other Advanced Attacks 2 Stream Ciphers Synchronous Stream Ciphers (SSC) Self-Synchronizing Stream Ciphers (Self-SSC) 3 Modes of Operation for Block Ciphers 4 Where are we at? 5 Hash Functions Iterated Hash Functions SHA-1 Renate Scheidler (University of Calgary) CPSC/PMAT 418 Week 6 2 / 33 Cryptanalysis of Block Ciphers Differential Cryptanalysis Differential cryptanalysis Biham and Shamir, Journal of Cryptology, 1991 — KPA Compares input XORs to output XORs, and traces these differences through the cipher. Both linear and differential cryptanalysis work quite well on DES with fewer than 16 rounds. The first edition of Stinson’s book (1995) discusses successful differential cryptanalysis attacks on 3-round and 6-round DES. Large-scale, parallel, brute-force attack is still the most practical attack on 16-round DES. DES was designed to be resistant against differential cryptanalysis (“T” or “Tickle” attack). IBM and NSA knew about differential cryptanalysis at the time. Renate Scheidler (University of Calgary) CPSC/PMAT 418 Week 6 3 / 33 Cryptanalysis of Block Ciphers Differential Cryptanalysis Requirements for full DES Type of attack Expected time # of ( M , C ) pairs Exhaustive search 2 55 none Linear Cryptanalysis 2 43 2 43 (chosen) Differential Cryptanalysis 2 47 2 47 (known) Note: AES not affected by these attacks (by design). Modern ciphers must be designed to credibly withstand linear and differential cryptanalysis! Renate Scheidler (University of Calgary) CPSC/PMAT 418 Week 6 4 / 33
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cryptanalysis of Block Ciphers Other Advanced Attacks Algebraic Attacks Courtois 2001 — KPA, generates multivariate equations from S-boxes, where the unknowns are the key bits. So far no threat to any modern block cipher. Obstacle: solving multivariate equations seems to be hard in practice. Renate Scheidler (University of Calgary) CPSC/PMAT 418 Week 6 5 / 33 Cryptanalysis of Block Ciphers Other Advanced Attacks Biclique Attacks Enhanced meet-in-the-middle attack using bicliques that map internal states to ciphertexts via subkeys. First improved key recovery through the biclique attack on AES (Bogdanov, Khovratovich, Rechberger 2011): AES key length Exhaustive search Biclique (expected) 128 2 128 2 126 . 1 192 2 192 2 189 . 7 256 2 256 2 254 . 4 These and other attacks (e.g. square attack) are successful on 8 and lower round AES. Renate Scheidler (University of Calgary) CPSC/PMAT 418 Week 6 6 / 33 Stream Ciphers Stream Ciphers In contrast to block ciphers, stream ciphers don’t treat incoming characters independently.
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern