This preview shows page 1. Sign up to view the full content.
Unformatted text preview: utput were available in order (i.e., only if prngB were cryptanalyzed first) and otherwise it was effectively truly random, then the combination would be secure. 16.12 PKZIP
Roger Schlafly designed the encryption algorithm built into the PKZIP data compression program. It’s a stream cipher that encrypts data one byte at a time. At least, this is the algorithm in version 2.04g. I can’t speak for later versions, but unless there is some announcement you can probably assume that they are identical. The algorithm uses three 32bit variables, initialized as follows: K0 = 305419896 K1 = 591751049 K2 = 878082192 It has an 8bit key, K3, derived from K2. Here is the algorithm (all symbols are standard C notation): Ci = Pi ^ K3 K0 = crc32 (K0, Pi) K1 = K1 + (K0 & 0×000000ff) K1 = K1 * 134775813 + 1 K2 = crc32 (K2, K1 >> 24) K3 = ((K2  2) * ((K2  2) ^ 1)) >> 8 The function crc32 takes the previous value and a byte, XORs them, and calculates the next value by the CRC polynomial denoted by 0×edb88320. In practice, a 256entry table can be precomputed and the crc32 calculation becomes: crc32 (a, b) = (a >> 8) ^ table [(a & 0×ff) • b] The table is precomputed by the original definition of crc32: table [i] = crc32 (i, 0) To encrypt a plaintext stream, first loop the key bytes through the encryption algorithm to update the keys. Ignore the ciphertext output in this step. Then encrypt the plaintext, one byte at a time. Twelve random bytes are prepended to the plaintext, but that’s not really important. Decryption is similar to encryption, except that Ci is used in the second step of the algorithm instead of Pi. Security of PKZIP
Unfortunately, it’s not that great. An attack requires 40 to 200 bytes of known plaintext and has a time complexity of about 227 [166]. You can do it in a few hours on your personal computer. If the compressed file has any standard headers, getting the known plaintext is no problem. Don’t use the builtin encryption in PKZ...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details