Cipher, dan Cipher Transposisi Cipher Substitusi, Vigenere ...
FNR : Arbitrary length small domain block cipher proposal
-
Upload
sashank-dara -
Category
Technology
-
view
195 -
download
7
description
Transcript of FNR : Arbitrary length small domain block cipher proposal
![Page 1: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/1.jpg)
FNR: Arbitrary length small domain block cipher proposal Sashank Dara , Scott Fluhrer
Cisco Systems Inc
Bangalore
![Page 2: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/2.jpg)
Motivation
¤ AES works on fixed length inputs (128 bits), needs padding for other lengths.
¤ Variable length block ciphers ¤ Well Defined lengths( Network Packets, Database columns)
¤ Storage Gains (Cloud storage would blow up with AES-128 for smaller data types say 32 bits)
¤ Aides in preserving Formats of the inputs ( IPv4 Addresses, Credit Card Numbers, MAC Addresses, Time Stamps)
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
![Page 3: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/3.jpg)
Design Goals
¤ Variable Input lengths
¤ To be Practical and Secure
¤ Common Key Length for arbitrary input domains
¤ Secure Building Blocks (Feistel Networks, SPN’s)
¤ Leverage Hardware Support (Say INTEL’s AES-NI)
¤ Don’t re-invent the wheel
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
![Page 4: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/4.jpg)
Prior Art
¤ Michael Luby and Charles Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal on Computing, 17(2):373{386, 1988.
¤ Mihir Bellare and Phillip Rogaway. On the construction of variable-input-length ciphers. In Fast Software Encryption, pages 231{244. Springer, 1999.
¤ Moni Naor and Omer Reingold. On the construction of pseudorandom permutations: Lubyrackoff revisited. Journal of Cryptology, 12(1):29{66, 1999.
¤ John Black and Phillip Rogaway. Ciphers with arbitrary finite domains. In Topics in CryptologyCT- RSA 2002, pages 114{130. Springer, 2002
¤ Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers. Format-preserving encryption. In Selected Areas in Cryptography, pages 295{312. Springer, 2009.
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
![Page 5: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/5.jpg)
Feistel Networks
Example: DES is Feistel based AES is not Feistel based, it is SPN
Pseudo Random Function
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
![Page 6: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/6.jpg)
Pair wise Independent Permutations
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
A family of functions F is a pairwise independent permutation if: 1. Each member of the family is itself a permutation, and 2. For any fixed A, B (with A≠B, and both from the input set of the
permutation), and f is a random member from the family F, then the pair f(A),f(B) is equi-distributed over all distinct pairs from the output range of the function.
![Page 7: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/7.jpg)
Naor and Reingold’s (NR) Scheme
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
Pwip is defined over an Affine function
y = aX +b where a,b in GF(2^n) Difficult to define GF(2^n) for variable lengths in practice Results in Complex Implementations
![Page 8: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/8.jpg)
Flexible Naor and Reingold’s (FNR)
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
Pair wise Independence Based on (Invertible) Matrices
![Page 9: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/9.jpg)
FNR’s Details
¤ Tweakable Variable Length Block Cipher (Precisely)
¤ Matrix Operations to be performed in GF(2)
¤ Number of Round functions is 7 (Pararin’s proof)
¤ Internal PRF is AES in ECB mode (Leverage AES-NI) ¤ To ensure input to PRF is unique we use a round constant
along with tweak string
![Page 10: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/10.jpg)
FNR’s Security Measure
¤ The probability that an attacker can distinguish a cipher text from random text.
¤ Due to Naor and Reingold’s proof, using PWIP functions would result in a security measure as defined below
¤ Classic Feistel networks without PWIP would have as below
¤ Where r is round count, n is number of input bits, m is Number of pairs of plain text, cipher text needed by attacker to
![Page 11: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/11.jpg)
Format Preserving encryption (FPE)
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
Samples
Ranking Approach
![Page 12: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/12.jpg)
FPE examples with FNR
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
![Page 13: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/13.jpg)
Performance of FNR
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
IP Addresses Credit Card Numbers
![Page 14: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/14.jpg)
Conclusions and Future work
¤ Proposed a variable length block cipher
¤ Practical and based on secure building blocks
¤ Source code is released under LGPL-v2
¤ Future Work ¤ Exhaustive Cryptanalysis (theoretical and practical)
¤ Support more applications and formats like MAC Addresses, Time Stamps
![Page 15: FNR : Arbitrary length small domain block cipher proposal](https://reader035.fdocuments.net/reader035/viewer/2022062405/5586e4dcd8b42a20728b4614/html5/thumbnails/15.jpg)
Resources
¤ Specification ¤ https://eprint.iacr.org/2014/421
¤ Motivation and Applications ¤ http://cisco.github.io/libfnr/
¤ Source code ¤ https://github.com/cisco/libfnr ¤ https://github.com/cisco/jfnr (Java bindings)
¤ Reach out to for questions ¤ [email protected]
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)