Quasigroups and stream cipher Edon80

Similar documents
Large Quasigroups in Cryptography and their Properties Testing

Classical Cryptography

On periods of Edon-(2m, 2k) Family of Stream Ciphers

Testing the Properties of Large Quasigroups

All-Or-Nothing Transforms Using Quasigroups

Combinatorics of p-ary Bent Functions

CPA-Security. Definition: A private-key encryption scheme

Solution of Exercise Sheet 7

A Weak Cipher that Generates the Symmetric Group

Unpredictable Binary Strings

A survey of algebraic attacks against stream ciphers

Using semidirect product of (semi)groups in public key cryptography

About Vigenere cipher modifications

Lecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004

Resistance to Statistical Attacks of Parastrophic Quasigroup Transformation

Differential Fault Analysis of Trivium

Cube Attacks on Stream Ciphers Based on Division Property

Analysis of Some Quasigroup Transformations as Boolean Functions

Chapter 4 Mathematics of Cryptography

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Cryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev

A block cipher enciphers each block with the same key.

Public Key Encryption

Akelarre. Akelarre 1

Algebraic Aspects of Symmetric-key Cryptography

Real scripts backgrounder 3 - Polyalphabetic encipherment - XOR as a cipher - RSA algorithm. David Morgan

Introduction to Cryptology. Lecture 2

A Multiplicative Operation on Matrices with Entries in an Arbitrary Abelian Group

COMS W4995 Introduction to Cryptography October 12, Lecture 12: RSA, and a summary of One Way Function Candidates.

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Notes 10: Public-key cryptography

ORYX. ORYX not an acronym, but upper case Designed for use with cell phones. Standard developed by. Cipher design process not open

9 Knapsack Cryptography

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

CSc 466/566. Computer Security. 5 : Cryptography Basics

What is a semigroup? What is a group? What is the difference between a semigroup and a group?

Lecture 9 Julie Staub Avi Dalal Abheek Anand Gelareh Taban. 1 Introduction. 2 Background. CMSC 858K Advanced Topics in Cryptography February 24, 2004

Mathematical Foundations of Cryptography

Cryptographic Hash Function

Algebraic Attack Against Trivium

Block ciphers And modes of operation. Table of contents

Lecture 12: Block ciphers

Analysis of Modern Stream Ciphers

REU 2015: Complexity Across Disciplines. Introduction to Cryptography

Problem 4 (Wed Jan 29) Let G be a finite abelian group. Prove that the following are equivalent

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

RSA RSA public key cryptosystem

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

Math 299 Supplement: Modular Arithmetic Nov 8, 2013

L9: Galois Fields. Reading material

Virtual isomorphisms of ciphers: is AES secure against differential / linear attack?

Security of Networks (12) Exercises

In fact, 3 2. It is not known whether 3 1. All three problems seem hard, although Shor showed that one can solve 3 quickly on a quantum computer.

The RSA Cipher and its Algorithmic Foundations

Primitive Ideals of Semigroup Graded Rings

Chapter 2 : Perfectly-Secret Encryption

Algebraic Cryptanalysis of MQQ Public Key Cryptosystem by MutantXL

Private-key Systems. Block ciphers. Stream ciphers

UNPREDICTABLE BINARY STRINGS

Linear Approximations for 2-round Trivium

Introduction to Modern Cryptography. (1) Finite Groups, Rings and Fields. (2) AES - Advanced Encryption Standard

Breaking an encryption scheme based on chaotic Baker map

Cryptanalysis of Hiji-bij-bij (HBB)

-Cryptosystem: A Chaos Based Public Key Cryptosystem

Lattice Reduction Attack on the Knapsack

Shift Cipher. For 0 i 25, the ith plaintext character is. E.g. k = 3

Design of Filter Functions for Key Stream Generators using Boolean Power Functions Jong-Min Baek

Algebraic attack on stream ciphers Master s Thesis

Exercise Sheet Cryptography 1, 2011

Block vs. Stream cipher

Left almost semigroups dened by a free algebra. 1. Introduction

Lecture 24: MAC for Arbitrary Length Messages. MAC Long Messages

AES side channel attacks protection using random isomorphisms

Dependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA

On the security of a realization of cryptosystem MST 3

On some properties of PRNGs based on block ciphers in counter mode

A Low Data Complexity Attack on the GMR-2 Cipher Used in the Satellite Phones

Public key cryptosystem MST 3 : cryptanalysis and realization

Fundamentals of Modern Cryptography

COMP424 Computer Security

PERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY

Enhancing the Signal to Noise Ratio

Historical cryptography. cryptography encryption main applications: military and diplomacy

Fields and Galois Theory. Below are some results dealing with fields, up to and including the fundamental theorem of Galois theory.

Optimized Interpolation Attacks on LowMC

On the pseudo-random generator ISAAC

Cryptographic Hash Function

Cryptography Lecture 4 Block ciphers, DES, breaking DES

Question 2.1. Show that. is non-negligible. 2. Since. is non-negligible so is μ n +

Modern Cryptography Lecture 4

Structural Cryptanalysis of SASAS

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

Secure RAID Schemes from EVENODD and STAR Codes

Secret Key: stream ciphers & block ciphers

over a field F with char F 2: we define

Algebraic Immunity of S-boxes and Augmented Functions

Krull Dimension and Going-Down in Fixed Rings

Improved Slender-set Linear Cryptanalysis

Practical Complexity Cube Attacks on Round-Reduced Keccak Sponge Function

Genetic Search for Quasigroups with Heterogeneous Power Sequences

Transcription:

Department of Algebra, Charles University in Prague June 3, 2010

Stream cipher Edon80 Edon80 is a binary additive stream cipher Input stream m i ( c i ) K Edon80 KEYSTREAM GENERATOR k i Output stream c i ( m i ) K k i m i c i is a key is a ith bit of the keystream is a ith bit of the message is a ith bit of the ciphertext

Properties of keystream The keystream should

Properties of keystream The keystream should be a psedorandom sequence

Properties of keystream The keystream should be a psedorandom sequence have no period (or period longer than any admissible message)

Properties of keystream The keystream should be a psedorandom sequence have no period (or period longer than any admissible message)

Properties of keystream The keystream should be a psedorandom sequence have no period (or period longer than any admissible message) If this condition is not satisfied, two parts of the message will be encrypted by the same binary sequence, which opens ways to attack the cipher:

Why is the period of keystream a security problem? Let + be an operation of addition in Z t 2 Then c = m + k c = m + k

Why is the period of keystream a security problem? Let + be an operation of addition in Z t 2 Then c = m + k c = m + k and c + c = (m + k) + (m + k) = m + (k + k) + m = m + m

Why is the period of keystream a security problem? Let + be an operation of addition in Z t 2 Then c = m + k c = m + k and c + c = (m + k) + (m + k) = m + (k + k) + m = m + m Hence m = c + c + m

Why is the period of keystream a security problem? Let + be an operation of addition in Z t 2 Then c = m + k c = m + k and c + c = (m + k) + (m + k) = m + (k + k) + m = m + m Hence m = c + c + m Because most messages contain enough redundancy, it is possible to recover both m and m from m + m

Description of the keystream generator

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3}

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3}

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3}

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} 0 1 79

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} 0 1 79 K 0 K 1 K 79

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} 0 K 79 1 K 78 79 K 0 K 0 K 1 K 79

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} 0 K 79 K 79 0 K 0 1 K 78 79 K 0 K 0 K 1 K 79

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} K 0 K 1 K 79 0 K 79 K 79 0 K 0 (K 79 0 K 0 ) 0 K 1 1 K 78 79 K 0

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} K 0 K 1 K 79 0 K 79 K 79 0 K 0 (K 79 0 K 0 ) 0 K 1 1 K 78 79 K 0

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} K 0 K 1 K 79 0 K 79 K 79 0 K 0 (K 79 0 K 0 ) 0 K 1 1 K 78 K 78 1 (K 79 0 K 0 ) 79 K 0

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} K 0 K 1 K 79 0 K 79 K 79 0 K 0 (K 79 0 K 0 ) 0 K 1 1 K 78 K 78 1 (K 79 0 K 0 ) 79 K 0

Description of the keystream generator INPUT: K = K 0 K 79 4 fixed quasigroup operations on the set {0, 1, 2, 3} OUTPUT: keystream = (k i ) i=0 Step 1: K 0,, 79 Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} K 0 K 1 K 79 0 K 79 K 79 0 K 0 (K 79 0 K 0 ) 0 K 1 1 K 78 K 78 1 (K 79 0 K 0 ) 79 K 0 y 0 y 1 y 79

Description of the keystream generator Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3}

Description of the keystream generator Step 2: K, 0,, 79 y = y 0 y 79, y i {0, 1, 2, 3} Formally y = τ K0, 79 τ K1, 78 τ K79, 0 (K 0,, K 79 ), where τ y, : (a i ) (b i ) such that b 0 = y a 0, b i = b i 1 a i for i > 0

Description of the keystream generator Step 3: y, 0,, 79 keystream

Description of the keystream generator Step 3: y, 0,, 79 keystream Figure: System A

Description of the keystream generator Step 3: y, 0,, 79 keystream 0 1 79 Figure: System A

Description of the keystream generator Step 3: y, 0,, 79 keystream 0 y 0 1 y 1 79 y 79 Figure: System A

Description of the keystream generator Step 3: y, 0,, 79 keystream 0 y 0 1 y 1 79 y 79 0 1 2 3 0 1 Figure: System A

Description of the keystream generator Step 3: y, 0,, 79 keystream 0 1 2 3 0 1 0 y 0 y 0 0 0 (y 0 0 0) 0 1 1 y 1 79 y 79 Figure: System A

Description of the keystream generator Step 3: y, 0,, 79 keystream 0 1 2 3 0 1 0 y 0 y 0 0 0 (y 0 0 0) 0 1 1 y 1 y 1 1 (y 0 0 0) 79 y 79 Figure: System A

Description of the keystream generator Step 3: y, 0,, 79 keystream 0 1 2 3 0 1 0 y 0 y 0 0 0 (y 0 0 0) 0 1 1 y 1 y 1 1 (y 0 0 0) 79 y 79 Figure: System A

Description of the keystream generator Step 3: y, 0,, 79 keystream 0 1 2 3 0 1 0 y 0 y 0 0 0 (y 0 0 0) 0 1 1 y 1 y 1 1 (y 0 0 0) 79 y 79 a 79,0 k 0 a 79,2 k 1 a 79,4 k 2 Figure: System A

Periods of the Edon80 keystream

Periods of the Edon80 keystream J Hong, Remarks on the Period of Edon80 He showed that there is quite a large number of the pairs ({ 0,, 80 }, y) that produce the same sequence of period 2 and also that a random key produces a short period of the keystream (2 55, 2 63 ) with some probability (2 71, 2 60 )

Periods of the Edon80 keystream J Hong, Remarks on the Period of Edon80 He showed that there is quite a large number of the pairs ({ 0,, 80 }, y) that produce the same sequence of period 2 and also that a random key produces a short period of the keystream (2 55, 2 63 ) with some probability (2 71, 2 60 ) D Gligoroski, S Markovski, L Kocarev and M Gušev, Understanding Periods in Edon80- Response on Remarks on the Period of Edon80, by Jin Hong Based on the previous paper they made a statistical model of Edon80 which indicates the existence of weak keys But they claim that Edon80 is a good cipher anyway because the best attack on Edon80 is still the exhaustive search in the space of all keys It is also possible to increase the security by using 160 operations instead of 80

Our setting We suppose that

Our setting We suppose that = i for all i = 1, 2,, 79, but we work with a general finite quasigroup (Q, ),

Our setting We suppose that = i for all i = 1, 2,, 79, but we work with a general finite quasigroup (Q, ), X = (x i ) Q N a periodic sequence with a period P X instead of sequence 012301230123, and

Our setting We suppose that = i for all i = 1, 2,, 79, but we work with a general finite quasigroup (Q, ), X = (x i ) Q N a periodic sequence with a period P X instead of sequence 012301230123, and Y = (y i ) Q N a sequence with no special property (we have arbitrary number of rows)

System B x 0 x 1 x 2 x 3 y 0 y 0 x 0 (y 0 x 0 ) x 1 y 1 y 1 (y 0 x 0 ) (y 1 (y 0 x 0 )) ((y 0 x 0 ) x 1 ) y 2 y 2 (y 1 (y 0 x 0 )) y 3 Figure: System B

Periods of System A and System B Proposition Each row of System B is periodic, for any sequence Y = (y i ) i=1 QN

Periods of System A and System B Proposition Each row of System B is periodic, for any sequence Y = (y i ) i=1 QN Moreover, denote by P 0 be the period of the sequence X and by P i the period of the ith row of System B Then there exists k i {1, 2,, Q } such that P i = k i P i 1 for each i 1

Periods of System A and System B Proposition Each row of System B is periodic, for any sequence Y = (y i ) i=1 QN Moreover, denote by P 0 be the period of the sequence X and by P i the period of the ith row of System B Then there exists k i {1, 2,, Q } such that Corollary P i = k i P i 1 for each i 1 Each row of System A is periodic

Periods of System A and System B Proposition Each row of System B is periodic, for any sequence Y = (y i ) i=1 QN Moreover, denote by P 0 be the period of the sequence X and by P i the period of the ith row of System B Then there exists k i {1, 2,, Q } such that Corollary P i = k i P i 1 for each i 1 Each row of System A is periodic The keystream has period 2 n for some n = 0,, 161

Periods for central quasigroups

Periods for central quasigroups A central quasigroup (T-quasigroup, linear over an Abelian group) is a quasigroup (Q, ) such that there exists an Abelian group G = (Q, +), α, β Aut(G), and c Q such that x y = α(x) + β(y) + c for all x, y Q

Periods for central quasigroups A central quasigroup (T-quasigroup, linear over an Abelian group) is a quasigroup (Q, ) such that there exists an Abelian group G = (Q, +), α, β Aut(G), and c Q such that x y = α(x) + β(y) + c for all x, y Q A medial quasigroup (entropic quasigroup) is a central quasigroup such that the automorphisms α and β commute

Periods for central quasigroups A central quasigroup (T-quasigroup, linear over an Abelian group) is a quasigroup (Q, ) such that there exists an Abelian group G = (Q, +), α, β Aut(G), and c Q such that x y = α(x) + β(y) + c for all x, y Q A medial quasigroup (entropic quasigroup) is a central quasigroup such that the automorphisms α and β commute For central quasigroups, the problem to compute periods of System B leads to the problem to compute periods in the group ring Z eg [Aut(G)]

Periods for central quasigroups id G α α 2 β αβ + βα α 2 β + αβα + βα 2 β 2 αβ 2 + βαβ + β 2 α α 2 β 2 + αβαβ + αβ 2 α + βα 2 β + βαβα + β 2 α 2 β 3 αβ 3 + βαβ 2 + β 2 αβ + β 3 α β 4 αβ 4 + βαβ 3 + β 2 αβ 2 + β 3 αβ + β 4 α Figure: System C

Periods for central quasigroups id G α α 2 β αβ + βα α 2 β + αβα + βα 2 β 2 αβ 2 + βαβ + β 2 α α 2 β 2 + αβαβ + αβ 2 α + βα 2 β + βαβα + β 2 α 2 β 3 αβ 3 + βαβ 2 + β 2 αβ + β 3 α β 4 αβ 4 + βαβ 3 + β 2 αβ 2 + β 3 αβ + β 4 α Figure: System C Proposition Denote by P X be the period of the sequence X and by P i the period of the ith row of System C Then for each i N, e G lcm(p X, P i ) is a period (not necessary minimal) of the ith row of System B

Periods for central quasigroups Proposition Let e G = p r 1 1 prn n, where p k are distinct primes Let (Q, ) be a medial quasigroup Denote by P i the period of the ith row of System B Then there is a constant C > 0 such that P i < C i n holds for all sufficiently large i

Periods for central quasigroups Proposition Let e G = p r 1 1 prn n, where p k are distinct primes Let (Q, ) be a medial quasigroup Denote by P i the period of the ith row of System B Then there is a constant C > 0 such that P i < C i n holds for all sufficiently large i Proposition Let (Q, ) be a central quasigroup of order 4 Denote by P i the period of the ith row of System B Then there is a constant C > 0 such that P i < C i holds for all sufficiently large i

Periods for central quasigroups We have found that for central quasigroup (Q, ) of order 4 the periods increase at most linearly, but Edon80 needs to generate sequences whose periods grow rapidly This implies that the central quasigroups are not suitable for implementation of Edon80

Further directions of research Analyse System B for non-central quasigroups

Further directions of research Analyse System B for non-central quasigroups Prove the conjecture that periods increase exponentially for non-central quasigroups

Further directions of research Analyse System B for non-central quasigroups Prove the conjecture that periods increase exponentially for non-central quasigroups Find a concrete weak key for Edon80 or disprove its existence

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback