Stream Ciphers CSCI 283172 Fall 2006 GWU All

Stream, Block Ciphers • E encipherment function – Ek(b) encipherment of message b with

Stream Ciphers • Often (try to) implement one-time pad by xor’ing each bit of

Synchronous Stream Ciphers • n-stage Linear Feedback Shift Register: consists of – n bit

Operation … r 0 … rn– 1 bi … ci r 0´ … rn–

Example 4 -stage LFSR; t = 1001 r ki new bit computation new r

NLFSR • n-stage Non-Linear Feedback Shift Register: consists of – n bit register r

Example 4 -stage NLFSR; f(r 0, r 1, r 2, r 3) = (r

Eliminating Linearity • NLFSRs not common – No body of theory about how to

Self-Synchronous Stream Cipher • Take key from message itself (autokey) • Example: Vigenère, key

Another Example • Take key from ciphertext (autokey) • Example: Vigenère, key drawn from

Variant • Cipher feedback mode: 1 bit of ciphertext fed into n bit register

Slides: 12

Download presentation

Stream Ciphers CSCI 283/172 Fall 2006 GWU All slides from Bishop’s slide set CS 283 -172/Fall 06/GWU/Vora/Stream Ciphers slides from Bishop's set All

Stream, Block Ciphers • E encipherment function – Ek(b) encipherment of message b with key k – In what follows, m = b 1 b 2 …, each bi of fixed length • Block cipher – Ek(m) = Ek(b 1)Ek(b 2) … • Stream cipher – k = k 1 k 2 … – Ek(m) = Ek 1(b 1)Ek 2(b 2) … – If k 1 k 2 … repeats itself, cipher is periodic and the length of its period is one cycle of k 1 k 2 … 2/22/2021 CS 283 -172/Fall 06/GWU/Vora/Stream Ciphers slides from Bishop's set All 2

Stream Ciphers • Often (try to) implement one-time pad by xor’ing each bit of key with one bit of message – Example: m = 00101 k = 10010 c = 10111 • But how to generate a good key? 2/22/2021 CS 283 -172/Fall 06/GWU/Vora/Stream Ciphers slides from Bishop's set All 3

Synchronous Stream Ciphers • n-stage Linear Feedback Shift Register: consists of – n bit register r = r 0…rn– 1 – n bit tap sequence t = t 0…tn– 1 – Use: • Use rn– 1 as key bit • Compute x = r 0 t 0 … rn– 1 tn– 1 • Shift r one bit to right, dropping rn– 1, x becomes the new value of r 0 2/22/2021 CS 283 -172/Fall 06/GWU/Vora/Stream Ciphers slides from Bishop's set All 4

Operation … r 0 … rn– 1 bi … ci r 0´ … rn– 1´ ri´ = ri– 1, 0<i≤n r 0 t 0 + … + rn– 1 tn– 1 2/22/2021 CS 283 -172/Fall 06/GWU/Vora/Stream Ciphers slides from Bishop's set All 5

Example 4 -stage LFSR; t = 1001 r ki new bit computation new r 0010 0 01 00 10 01 = 0 0001 1 01 00 00 11 = 1 1000 0 11 00 00 01 = 1 1100 0 11 10 00 01 = 1 1110 0 11 10 10 01 = 1 1111 10 10 11 = 0 0111 1110 0 11 10 10 11 = 1 1011 Key sequence has period of 15 (010001111010110) 2/22/2021 CS 283 -172/Fall 06/GWU/Vora/Stream Ciphers slides from Bishop's set All 6

NLFSR • n-stage Non-Linear Feedback Shift Register: consists of – n bit register r = r 0…rn– 1 – Use: • Use rn– 1 as key bit • Compute x = f(r 0, …, rn– 1); f is any function • Shift r one bit to right, dropping rn– 1, x becomes r 0 Note same operation as LFSR but more general bit replacement function 2/22/2021 CS 283 -172/Fall 06/GWU/Vora/Stream Ciphers slides from Bishop's set All 7

Example 4 -stage NLFSR; f(r 0, r 1, r 2, r 3) = (r 0 AND r 2) OR r 3 r 1100 0110 0011 1001 1100 0110 0011 ki 0 0 1 1 0 0 1 new bit computation new r (1 AND 0) OR 0 = 0 (0 AND 1) OR 1 = 1 0110 0011 1001 1100 0110 0011 1001 Key sequence has period of 4 (0011) 2/22/2021 CS 283 -172/Fall 06/GWU/Vora/Stream Ciphers slides from Bishop's set All 8

Eliminating Linearity • NLFSRs not common – No body of theory about how to design them to have long period • Alternate approach: output feedback mode – For E encipherment function, k key, r register: • Compute r = Ek(r); key bit is rightmost bit of r • Set r to r and iterate, repeatedly enciphering register and extracting key bits, until message enciphered – Variant: use a counter that is incremented for each encipherment rather than a register • Take rightmost bit of Ek(i), where i is number of encipherment 2/22/2021 CS 283 -172/Fall 06/GWU/Vora/Stream Ciphers slides from Bishop's set All 9

Self-Synchronous Stream Cipher • Take key from message itself (autokey) • Example: Vigenère, key drawn from plaintext – key – plaintext – ciphertext XTHEBOYHASTHEBAG QALFPNFHSLALFCT • Problem: – Statistical regularities in plaintext show in key – Once you get any part of the message, you can decipher more 2/22/2021 CS 283 -172/Fall 06/GWU/Vora/Stream Ciphers slides from Bishop's set All 10

Another Example • Take key from ciphertext (autokey) • Example: Vigenère, key drawn from ciphertext – key – plaintext – ciphertext XQXBCQOVVNGNRTT THEBOYHASTHEBAG QXBCQOVVNGNRTTM • Problem: – Attacker gets key along with ciphertext, so deciphering is trivial 2/22/2021 CS 283 -172/Fall 06/GWU/Vora/Stream Ciphers slides from Bishop's set All 11

Variant • Cipher feedback mode: 1 bit of ciphertext fed into n bit register – Self-healing property: if ciphertext bit received incorrectly, it and next n bits decipher incorrectly; but after that, the ciphertext bits decipher correctly – Need to know k, E to deciphertext r … k E Ek(r) … mi ci 2/22/2021 CS 283 -172/Fall 06/GWU/Vora/Stream Ciphers slides from Bishop's set All 12