3.8 MEASURE OF RUNDOMNESS:

Transcription

1 Lec 10 : Data Security Stream Cipher Systems MEASURE OF RUNDOMNESS: DEFINITION: Run: sequence of identical bits (0 or 1) Ex Runs are 0,111, 0000, 111 Gap: runs of zeroes contain the gap 0000 Block: runs of ones contain blocks 1111,111 For with period P, Sm + p = Sm Auto correlation function: For any constant d, if we compare the sequence of S with Sd (after shifting d displacement), then Auto correlation function C(t) = (A - D) / P Where : A = no. Of identical bits. P = period of the sequence D = period of different bits d = displacement 0 <= d < p RANDOMNESS CHARACTERISTICS: 1. If p is even then ones equal zeros, other wise they differ by one only. 2. 1/2 of runs with length of 1, 1/4 of runs with length of 2, generally l / 2 i = i. 3. Auto correlation function (for d < > 0 out of phase) has constant value. Where d is the displacement. 1. FREQUENCY TEST: used to ensure that there is roughly the same number of O's and 1's using the following formula: X 2 =(n0 n1) 2 / n X 2 = 0 if n0 = n1 For good sequence 0 < X 2 < 3.84

2 Lec 10 : Data Security Stream Cipher Systems 2 2. SERIAL TEST: The serial test is used to ensure that the transition probabilities are reasonable. This will give as some level of confidence that each bit is independent of its predecessor suppose.01 occurs n 01, 10 occurs n0, 00 occurs n00 and 11 occurs n11 times. N01+n10=n0 or n0-1, n10+n11 = n01 or n1-1 and N10 + N01 + N00 + N11 = N-1 AND X 2 = 4/n - 1 Σ(nij) 2-2/n Σ(ni) For good sequence X 2 <= Ideally we wont: n01 = n10 = n00 = n11 n-1/4 3. POKER TEST: For any binary sequence of length m, there are 2^ different possibilities. In this test we partition our sequence into blocks of size m (sequence of ones), and then we count the frequency of each type of sections of length m in the sequence. If the frequencies are f0, f1,.. fm-1 We compute: X 2 = 2 m / F Σ (Xi) 2 / mi) F Where F = Σ fi = n/m 4. AUTO CORRELATION TEST: For a given sequence of n bits S1,..Sn then A (d) = ai ai+d 0 <= d <= n-1 A (o) = ai = ni If the sequence has ni of zeros and n1 of ones then µ= n1 2 (n-d) / n 2 The test will pass if X 2 = (A(d)- µ) 2 /µ X 2 <=3.841 for all values of d

3 Lec 10 : Data Security Stream Cipher Systems 3 5. RUNS TEST: Devide the sequence into blocks and gaps, let r0i be the number of gaps of length i and r1i be the number of blocks of length i. If r0 and r1 are number of gaps and blocks respectively then: r0 = roi and r1 = r11 This test applied after the sequence had passed the serial test, then we would expect about 1/2 the gaps with length 1, 1/4 of gaps of length 2, and so on. Ideally 1/2 i of runs having length i. Example: Given the following sequence of minimal length of Frequency test n0=15 n1=31-15=16 X 2 = (15-16) 2 / n = (-1) 2 /31 = 1/31 = < Pass 2.Serial test: n00=6 n01=8 n10=8 n11=8 X 2 = 4/n-l (n n n n11 2 ) - 2/n (n0 2 +n1 2 ) + 1 = 4/30 ( ) - 2/31( ) + 1 = = < 5.99 Pass

4 Lec 10 : Data Security Stream Cipher Systems 4 also n00+ n01 = n0-1 =6+8 =14 = n0-1 n11+n10=n11 =8+8=16=n1 n00+n01+n10+n11 = = 30 = n-l n-1/4 = 30/4 = 7.5 = 8 3.Poker test m=5 F=n/m=31/5=6 Then we have 6 blocks of 5 digit each We count Xi where i is number of ones in each block X 0=0 X1=1 X2=2 X3=1 X4=2 -. X5 = 0 X 2 = 25/6 (Xi) 2 /5i - 6 = 5.33(0 + 1/5 + 4/10 + 1/10 + 4/5 + 0) - 6 =5.33( /10) 6 =5.33*15/10-6 =1.995 Checking x 2 table with degree of freedom of = 31 then the test is pass 4.runs test r0=9 r1=8 n01=8= r0-1 n10=8= r1 n11 =n1 r1 = 16-8 = 8

5 Lec 10 : Data Security Stream Cipher Systems 5 n00 = 6= n0-r0 = 15-9 = 6 r01=5 r11=4 r02=2 r12=2 r03=2 r13=1 r14=0 r15=1 5 Auto correlation test n0= 15 n1=16 µ= (16) 2 (31-l) / (31) 2 =7.99 for d=l µ = 7.72 d=2 µ = 7.45 d= A(l)=8 X2 = (8-7.99) 2 / 7.99 = A(2)=8 X2=(8-7.72) 2 / 7.72= A(3)=8 X2 = (8-7.45) 2 / 7.45 = 0.04 And so on X 2 <= 3.84 for all value of d

6 Lec 10 : Data Security Stream Cipher Systems STREAM CIPHER CRYPTANALYSIS: Stream ciphers have a wide variety of design choices, and hence, a large number of complex stream generators have been designed with different periods and linear complexities. On the other hand different approaches have been used by many researchers to analyze stream ciphers, and have successfully cracked many of such systems. One of the earliest approaches are the matrix approach,and the Berlekamp Massey approach. Both methods used a known-plaintext attack to determine the linear equivalence and the primitive polynomial of the shift register. Thomas Siegenthler presented a divide-and-conquer approach, which often called correlation~attack, and shown that correlation immunity can be precisely defined. The basic idea behind correlation attack is to identify some correlation between the output of the generator and the output of one of its internal pieces, then by observing the output sequence, information can be obtainer' about the internal output. Using the collected information and other correlation about other internal output until the entire generator is broken. More efficient correlation attack based on using algebraic tools to determine the LFSR instead of the exhaustive search, this is called fast correction attack. Artificial neural networks is been used in a known-plaintext attack against linear feedback shift registers to obtain the linear equivalence, characteristic polynomial, and restore missing bits in the output sequences of the shift register. More recently, two ciphertext-only attack researches has been introduced; the first one uses Genetic Algorithms while the seco nd one uses Adaptive Genetic Programming. Both researches use the statistical properties of the natural language heavily in formulating the fitness function. These language features make the ciphertext-only attack possible, since it is used for measuring the fitness of the individual programs in a population of the genetic programming.