avalanche effect in the family of block ciphers “sd-(n,k)” university “ss cyril and...
TRANSCRIPT
AVALANCHEAVALANCHE EFFECT IN THE FAMILY EFFECT IN THE FAMILY OF BLOCK CIPHERS “OF BLOCK CIPHERS “SD-(n,k)”SD-(n,k)”
AVALANCHEAVALANCHE EFFECT IN THE FAMILY EFFECT IN THE FAMILY OF BLOCK CIPHERS “OF BLOCK CIPHERS “SD-(n,k)”SD-(n,k)”
University “Ss Cyril and Methodius” – Skopje, RM
S. Markovski, PhD
A. Mileva, MSc
D. Gligoroski, PhD
V. Dimitrova, MSc
NATO Advanced Research Workshop
Velingrad, 21-25 October 2006
2
Kerckoff’s principle: “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.”
Shannon maxime: “The enemy knows the system.”
Bruce Schneier: “Every secret creates potential failure point.”
Kerckoff’s principle: “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.”
Shannon maxime: “The enemy knows the system.”
Bruce Schneier: “Every secret creates potential failure point.”
3
Introduction The family of block ciphers “SD-(n,k)” Avalanche effect in encryption Avalanche effect in decryption Future work Conclusion
Introduction The family of block ciphers “SD-(n,k)” Avalanche effect in encryption Avalanche effect in decryption Future work Conclusion
OutlineOutline
4
IntroductionIntroduction
Term first used by Horst FeistelThe avalanche effect refers to a desirable property of cryptographic algorithms, typically block-ciphers and hash functions. The avalanche effect is evident if, when an input is changed slightly (for example, flipping a single bit) the output changes significantly. Constructing a cipher to exhibit a substantial avalanche effect is one of the primary design goals. If a block cipher does not exhibit the avalanche effect to a significant degree, then it has poor randomization, and thus a cryptanalyst can make predictions about the input, being given only the output. This may be sufficient to partially or completely break the algorithm.
Term first used by Horst FeistelThe avalanche effect refers to a desirable property of cryptographic algorithms, typically block-ciphers and hash functions. The avalanche effect is evident if, when an input is changed slightly (for example, flipping a single bit) the output changes significantly. Constructing a cipher to exhibit a substantial avalanche effect is one of the primary design goals. If a block cipher does not exhibit the avalanche effect to a significant degree, then it has poor randomization, and thus a cryptanalyst can make predictions about the input, being given only the output. This may be sufficient to partially or completely break the algorithm.
5
The family of block ciphers “SD-(n,k)”
The family of block ciphers “SD-(n,k)”
Based is on quasigroup operations and quasigroup string transformations
Arbitrary alphabet A={a0,a1,...,ar}
Quasigroup (A,*) of order r and two of its parastrophes (A,\) and (A, /)
e-, d-, e’-, d’- transformations
Based is on quasigroup operations and quasigroup string transformations
Arbitrary alphabet A={a0,a1,...,ar}
Quasigroup (A,*) of order r and two of its parastrophes (A,\) and (A, /)
e-, d-, e’-, d’- transformations
6
Blocks with length of n letters
Key K=K0K1...Kn+4k-1, KiA , where k is number of repeating of 4 different quasigroup string transformations in encryption/decryption functions
Input: plaintext m0m1...mn-1, miA
Output: ciphertext c0c1...cn-1, ciA
Blocks with length of n letters
Key K=K0K1...Kn+4k-1, KiA , where k is number of repeating of 4 different quasigroup string transformations in encryption/decryption functions
Input: plaintext m0m1...mn-1, miA
Output: ciphertext c0c1...cn-1, ciA
The family of block ciphers “SD-(n,k)”
The family of block ciphers “SD-(n,k)”
7
Subfamilies “SD4-(n,k)”, “SD16-(n,k)”, “SD256-(n,k)”For “SD4-(n,k)” examples in this talk we are using this quasigroup of order 4
0 1 2 31 2 3 03 0 1 22 3 0 1
Subfamilies “SD4-(n,k)”, “SD16-(n,k)”, “SD256-(n,k)”For “SD4-(n,k)” examples in this talk we are using this quasigroup of order 4
0 1 2 31 2 3 03 0 1 22 3 0 1
The family of block ciphers “SD-(n,k)”
The family of block ciphers “SD-(n,k)”
8
Key length in bits
k SD4-(40,k) SD16-(20,k) SD256-(10,k)
1 88 96 112
2 96 112 144
3 104 128 176
4 112 144 208
5 120 160 240
6 128 176 272
7 136 192 304
8 144 208 336
9 152 224 368
10 160 240 400
The family of block ciphers “SD-(n,k)”
The family of block ciphers “SD-(n,k)”
Example of avalanche effect in encryption in SD4-(4,1) subfamily
(flipping one bit in plaintext)
Example of avalanche effect in encryption in SD4-(4,2) subfamily
(flipping one bit in plaintext)
Example of avalanche effect in encryption in SD4-(4,1) subfamily
(flipping one bit in key)
12
Avalanche effect in encryptionAvalanche effect in encryption
Block size of 80 bits Subtract-with-borrow random number
generator with period 21492
Examination for each k={1,2,3,4,5,6,7,8,9,10} and for each subfamilies “SD4-(40,k)”, “SD16-(20,k)” and “SD256-(10,k)”
For every k, we use 1000 different random generated pairs of plaintext and keys
We compute mean and standard deviation of bit differences in ciphertext
Block size of 80 bits Subtract-with-borrow random number
generator with period 21492
Examination for each k={1,2,3,4,5,6,7,8,9,10} and for each subfamilies “SD4-(40,k)”, “SD16-(20,k)” and “SD256-(10,k)”
For every k, we use 1000 different random generated pairs of plaintext and keys
We compute mean and standard deviation of bit differences in ciphertext
13
Avalanche effect in encryptionAvalanche effect in encryption
Results for “SD4-(40, k)”: Flipping one bit in plaintext cause
already for k=2 50% different bits in ciphertext
Standard deviation is stabilized around 5,6 for k=3
Flipping one bit in key cause dropping of different bits in ciphertext from 50,57% for k=1 to 50,16% for k=10
Standard deviation drops from 6,31 for k=2 to 5,88 for k=10
Results for “SD4-(40, k)”: Flipping one bit in plaintext cause
already for k=2 50% different bits in ciphertext
Standard deviation is stabilized around 5,6 for k=3
Flipping one bit in key cause dropping of different bits in ciphertext from 50,57% for k=1 to 50,16% for k=10
Standard deviation drops from 6,31 for k=2 to 5,88 for k=10
14
Avalanche effect in encryptionAvalanche effect in encryption
Results for “SD4-(40, k)” different modes CBC, OFB and CFB: Random generated key and plaintext of
10000 bits IV – first n letter from key For OFB and CFB parameter r=8 Flipping one bit in last 4k letters in key
cause already for k=1 50% different bits in ciphertext in all modes
Standard deviation varies between 0,28 and 0,49 in all modes
15
Avalanche effect in encryptionAvalanche effect in encryption
Results for “SD16-(20, k)”: Flipping one bit in plaintext cause already
for k=1 50% different bits in ciphertext Standard deviation is stabilized around
5,6 for k=2 Flipping one bit in key cause dropping of
different bits in ciphertext from 50,15% for k=1 to 50,05% for k=10
Standard deviation is stabilized around 5,6 for k=2
Results for “SD16-(20, k)”: Flipping one bit in plaintext cause already
for k=1 50% different bits in ciphertext Standard deviation is stabilized around
5,6 for k=2 Flipping one bit in key cause dropping of
different bits in ciphertext from 50,15% for k=1 to 50,05% for k=10
Standard deviation is stabilized around 5,6 for k=2
16
Avalanche effect in encryptionAvalanche effect in encryption
Results for “SD16-(20, k)” different modes CBC, OFB and CFB: Random generated key and plaintext of
10000 bits IV – first n letter from key For OFB and CFB parameter r=8 Flipping one bit in last 4k letters in key
cause already for k=1 50% different bits in ciphertext in all modes
Standard deviation varies between 0,30 and 0,38 in all modes
17
Avalanche effect in encryptionAvalanche effect in encryption
Results for “SD256-(10, k)”: Flipping one bit in plaintext cause
already for k=1 50% different bits in ciphertext
Standard deviation is stabilized around 5,6 for k=1
Flipping one bit in key cause already for k=1 50% different bits in ciphertext
Standard deviation is stabilized around 5,6 for k=1
Results for “SD256-(10, k)”: Flipping one bit in plaintext cause
already for k=1 50% different bits in ciphertext
Standard deviation is stabilized around 5,6 for k=1
Flipping one bit in key cause already for k=1 50% different bits in ciphertext
Standard deviation is stabilized around 5,6 for k=1
18
Avalanche effect in encryptionAvalanche effect in encryption
Results for “SD256-(10, k)” different modes CBC, OFB and CFB: Random generated key and plaintext of
10000 bits IV – first n letter from key For OFB and CFB parameter r=8 Flipping one bit in last 4k letters in key
cause already for k=1 50% different bits in ciphertext in all modes
Standard deviation varies between 0,32 and 0,42 in all modes
Example of avalanche effect in decryption in SD4-(4,1) subfamily
(flipping one bit in ciphertext)
Example of avalanche effect in decryption in SD4-(4,2) subfamily
(flipping one bit in ciphertext)
21
Avalanche effect in decryptionAvalanche effect in decryption
Avalanche effect in decryption function is not really a issue
Avalanche effect in decryption function usually is not so significant as in encryption function
Avalanche effect in decryption function is not really a issue
Avalanche effect in decryption function usually is not so significant as in encryption function
22
Avalanche effect in decryptionAvalanche effect in decryption
Substract-with-borrow random number generator with period 21492
Examination for each k={1,2,...,20} and for each subfamilies “SD4-(40,k)”, “SD16-(20,k)” and “SD256-(10,k)”
For every k, we use 1000 different random generated pairs of ciphertext and keys
We compute mean and standard deviation of bit differences in plaintext
Substract-with-borrow random number generator with period 21492
Examination for each k={1,2,...,20} and for each subfamilies “SD4-(40,k)”, “SD16-(20,k)” and “SD256-(10,k)”
For every k, we use 1000 different random generated pairs of ciphertext and keys
We compute mean and standard deviation of bit differences in plaintext
23
Avalanche effect in decryptionAvalanche effect in decryption
Results for “SD4-(40, k)”: Flipping one bit in ciphertext cause
growing up different bits in plaintext from 6,46% for k=1 to 38,55% for k=10 and its stabilizing around 50% for k=19
Standard deviation is stabilized around 5,6 for k=19
Results for “SD4-(40, k)”: Flipping one bit in ciphertext cause
growing up different bits in plaintext from 6,46% for k=1 to 38,55% for k=10 and its stabilizing around 50% for k=19
Standard deviation is stabilized around 5,6 for k=19
24
Avalanche effect in decryptionAvalanche effect in decryption
Results for “SD16-(20, k)”: Flipping one bit in ciphertext cause
growing up different bits in plaintext from 12,06% for k=1 and its stabilizing around 50% for k=10
Standard deviation is stabilized around 5,6 for k=10
Results for “SD16-(20, k)”: Flipping one bit in ciphertext cause
growing up different bits in plaintext from 12,06% for k=1 and its stabilizing around 50% for k=10
Standard deviation is stabilized around 5,6 for k=10
25
Avalanche effect in decryptionAvalanche effect in decryption
Results for “SD256-(10, k)”: Flipping one bit in ciphertext cause
growing up different bits in plaintext from 22,05% for k=1 and its stabilizing around 50% for k=5
Standard deviation is stabilized around 5,6 for k=5
Results for “SD256-(10, k)”: Flipping one bit in ciphertext cause
growing up different bits in plaintext from 22,05% for k=1 and its stabilizing around 50% for k=5
Standard deviation is stabilized around 5,6 for k=5
26
Future workFuture work
Cryptanalysis of “SD-(n,k)”• linear cryptanalysis and its extensions
and variants• differential cryptanalysis and its
extensions and variants• multiset cryptanalysis• other cryptanalysis
Practical implementationDesign improvement
Cryptanalysis of “SD-(n,k)”• linear cryptanalysis and its extensions
and variants• differential cryptanalysis and its
extensions and variants• multiset cryptanalysis• other cryptanalysis
Practical implementationDesign improvement
27
ConclusionConclusion
The “SD-(n,k)” is a new family of block ciphers, based on quasigroup string transformations and quasigroup operations
The “SD-(n,k)” exhibit a substantial avalanche effect in encryption function
Avalanche effect is evident in all basic modes of operation (ECB, CBC, OFB, CFB)
Avalanche effect in decryption function is not so significant as in encryption function, which was expectable
The “SD-(n,k)” is a new family of block ciphers, based on quasigroup string transformations and quasigroup operations
The “SD-(n,k)” exhibit a substantial avalanche effect in encryption function
Avalanche effect is evident in all basic modes of operation (ECB, CBC, OFB, CFB)
Avalanche effect in decryption function is not so significant as in encryption function, which was expectable
28
ConclusionConclusion
For avalanche effect, k must be at least:
3, for “SD4-(n,k)” subfamily 2, for “SD16-(n,k)” subfamily 1, for “SD256-(n,k)” subfamily
To satisfy today security needs for key length, k must be at least:
6, for “SD4-(n,k)” subfamily 3, for “SD16-(n,k)” subfamily 2, for “SD256-(n,k)” subfamily
For avalanche effect, k must be at least:
3, for “SD4-(n,k)” subfamily 2, for “SD16-(n,k)” subfamily 1, for “SD256-(n,k)” subfamily
To satisfy today security needs for key length, k must be at least:
6, for “SD4-(n,k)” subfamily 3, for “SD16-(n,k)” subfamily 2, for “SD256-(n,k)” subfamily
THANKS FOR YOUR ATTENTION