Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream...
Transcript of Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream...
![Page 1: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:](https://reader031.fdocuments.net/reader031/viewer/2022030503/5aaf6b2f7f8b9a5d0a8d6560/html5/thumbnails/1.jpg)
1
Analysis and Design of Stream Ciphers
Simon Fischer and Willi Meier
MICS Workshop, July 3 2007
![Page 2: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:](https://reader031.fdocuments.net/reader031/viewer/2022030503/5aaf6b2f7f8b9a5d0a8d6560/html5/thumbnails/2.jpg)
2
Stream Ciphers
Use cipher to secure communication over insecure channel. Stream ciphers are very simple and fast.
• Profile 1: Optimised for software applications with high throughput requirements.
• Profile 2: Optimised for hardware applications with restricted resources.
![Page 3: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:](https://reader031.fdocuments.net/reader031/viewer/2022030503/5aaf6b2f7f8b9a5d0a8d6560/html5/thumbnails/3.jpg)
3
Applications
Stream ciphers of profile 2 can be used in mobile devices such as:
• Cell phones
• Sensor networks
• RFID‘s
Well-known examples are the stream ciphers of GSM and Bluetooth, but both of them are insecure…
![Page 4: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:](https://reader031.fdocuments.net/reader031/viewer/2022030503/5aaf6b2f7f8b9a5d0a8d6560/html5/thumbnails/4.jpg)
4
eSTREAM
European project eSTREAM was initiated in 2004.
Algorithm designers were invited to submit new stream cipher proposals.
Winners will be elected in 2008.
►34 submissions►Strong competition
![Page 5: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:](https://reader031.fdocuments.net/reader031/viewer/2022030503/5aaf6b2f7f8b9a5d0a8d6560/html5/thumbnails/5.jpg)
5
Our contributions
(1) Submitted own design (jointly with University Lund): "Grain".
(2) We have analysed the security of some other submissions:
• Complete break of a weak submission
• Confirmed the security of one promising submission
• Improved a previous attack
• Observed partial weakness
![Page 6: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:](https://reader031.fdocuments.net/reader031/viewer/2022030503/5aaf6b2f7f8b9a5d0a8d6560/html5/thumbnails/6.jpg)
6
The submission "Grain"
It can be implemented with very low hardware, it is efficient, and supposed to be secure.
One of the top candidates for eSTREAM profile 2.
Grain consists of• 80 bit linear shift register• 80 bit nonlinear shift register• Nonlinear filter function
![Page 7: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:](https://reader031.fdocuments.net/reader031/viewer/2022030503/5aaf6b2f7f8b9a5d0a8d6560/html5/thumbnails/7.jpg)
7
One example of analysis
Well-known attacks on stream ciphers: algebraic attacks.Find and solve equations of low degree.
Inspired by algebraic attacks, we developed a new tool to assess the security of stream ciphers.
►Confirmed security of one eSTREAM submission.
Apply the new tool also to other stream ciphers. Recently, we could attack the "Alternating Step Generator"…
![Page 8: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:](https://reader031.fdocuments.net/reader031/viewer/2022030503/5aaf6b2f7f8b9a5d0a8d6560/html5/thumbnails/8.jpg)
8
Attack on the Alternating Step Generator
The stream cipher ASG is very simple and elegant.It was developed 20 years ago in Switzerland.It consits of three linear shift registers, which are irregularly clocked.
Our attack improves the previous attacks by a factor of more than 7000!
![Page 9: Analysis and Design of Stream Ciphers - mics. · PDF file1 Analysis and Design of Stream Ciphers Simon Fischer and Willi Meier MICS Workshop, July 3 2007Authors: Rainer A RueppelAffiliation:](https://reader031.fdocuments.net/reader031/viewer/2022030503/5aaf6b2f7f8b9a5d0a8d6560/html5/thumbnails/9.jpg)
9
Conclusions
►Security is necessary in mobile environments.
►Stream ciphers can be suitable for this need.
►The security of stream ciphers must be evaluated carefully.
►We participate in the analysis and design of modern stream ciphers.
Thank you for your attention!