Pseudorandom Number Generation and Stream Ciphers

Similar documents
Random Bit Generation and Stream Ciphers

DUBLIN CITY UNIVERSITY

II. RC4 Cryptography is the art of communication protection. This art is scrambling a message so it cannot be clear; it

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Implementation / Programming: Random Number Generation

A4M33PAL, ZS , FEL ČVUT

Block Ciphers Security of block ciphers. Symmetric Ciphers

Two Factor Full Factorial Design with Replications

Analyzing the Efficiency and Security of Permuted Congruential Number Generators

o Broken by using frequency analysis o XOR is a polyalphabetic cipher in binary

Introduction to Cryptography CS 355

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

A Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery

Random. Bart Massey Portland State University Open Source Bridge Conf. June 2014

CPSC 467: Cryptography and Computer Security

Image Encryption using Pseudo Random Number Generators

Stream Ciphers And Pseudorandomness Revisited. Table of contents

Analysis of a Modified RC4 Algorithm

Number Theory and Public Key Cryptography Kathryn Sommers

Public Key Cryptography

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

B. Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

DUBLIN CITY UNIVERSITY

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo

Network Security: Secret Key Cryptography

Diffie-Hellman key-exchange protocol

4. Design Principles of Block Ciphers and Differential Attacks

TMA4155 Cryptography, Intro

Lab 6 Using PicoBlaze. Speed Punching Game

Solution: Alice tosses a coin and conveys the result to Bob. Problem: Alice can choose any result.

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

EE 418: Network Security and Cryptography

The number theory behind cryptography

Generation of AES Key Dependent S-Boxes using RC4 Algorithm

Digital Data Communication Techniques

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography

Introduction to Cryptography

Distribution of Primes

Course Business. Harry. Hagrid. Homework 2 Due Now. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Location: Right here

AES Encryption and Decryption in Microsoft.NET

Implementation and Performance Testing of the SQUASH RFID Authentication Protocol

Proceedings of Meetings on Acoustics

Quality of Encryption Measurement of Bitmap Images with RC6, MRC6, and Rijndael Block Cipher Algorithms

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Spread Spectrum. Chapter 18. FHSS Frequency Hopping Spread Spectrum DSSS Direct Sequence Spread Spectrum DSSS using CDMA Code Division Multiple Access

Merkle s Puzzles. c Eli Biham - May 3, Merkle s Puzzles (8)

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

SHA-3 and permutation-based cryptography

Classical Cryptography

ORDER AND CHAOS. Carl Pomerance, Dartmouth College Hanover, New Hampshire, USA

Comments on An Image Encryption Scheme Based on Rotation Matrix Bit-Level Permutation and Block Diffusion

Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

A Novel Color Image Cryptosystem Using Chaotic Cat and Chebyshev Map

Related Ideas: DHM Key Mechanics

Public-key Cryptography: Theory and Practice

Fermat s little theorem. RSA.

An Efficient Quasigroup Block Cipher

Wireless Physical Layer Concepts: Part II

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

V.Sorge/E.Ritter, Handout 2

CDMA Physical Layer Built-in Security Enhancement

CHAPTER 2. Instructor: Mr. Abhijit Parmar Course: Mobile Computing and Wireless Communication ( )

Threshold Implementations. Svetla Nikova

Image Encryption Based on New One-Dimensional Chaotic Map

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

A Secure Image Encryption Algorithm Based on Hill Cipher System

CESEL: Flexible Crypto Acceleration. Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis

Conditional Cube Attack on Reduced-Round Keccak Sponge Function

Application: Public Key Cryptography. Public Key Cryptography

The Chinese Remainder Theorem

CRYPTANALYSIS OF THE PERMUTATION CIPHER OVER COMPOSITION MAPPINGS OF BLOCK CIPHER

Automated Analysis and Synthesis of Block-Cipher Modes of Operation

MA/CSSE 473 Day 9. The algorithm (modified) N 1

Discrete Square Root. Çetin Kaya Koç Winter / 11

Why (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System

Purple. Used by Japanese government. Not used for tactical military info. Used to send infamous 14-part message

Differential Cryptanalysis of REDOC III

Classification of Ciphers

Modular arithmetic Math 2320

Symmetric-key encryption scheme based on the strong generating sets of permutation groups

OFDM Based Low Power Secured Communication using AES with Vedic Mathematics Technique for Military Applications

RSA hybrid encryption schemes

CS70: Lecture 8. Outline.

NEW METHOD FOR USING CHAOTIC MAPS TO IMAGE ENCRYPTION

Quasi group based crypto-system

LOSSLESS CRYPTO-DATA HIDING IN MEDICAL IMAGES WITHOUT INCREASING THE ORIGINAL IMAGE SIZE THE METHOD

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Introduction to Cryptography

MAT199: Math Alive Cryptography Part 2

A Practical Method to Achieve Perfect Secrecy

Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS

Security Enhancement and Speed Monitoring of RSA Algorithm

Is Your Mobile Device Radiating Keys?

Running head: SIMPLE SECRECY. Simple Secrecy: Analog Stream Cipher for Secure Voice Communication. John Campbell

EE 418 Network Security and Cryptography Lecture #3

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10

Public-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh

Transcription:

Pseudorandom Number Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/ 7-1

Overview 1. Principles of Pseudorandom Number Generation 2. Pseudorandom number generators 3. Pseudorandom number generation using a block cipher 4. Stream Cipher 5. RC4 These slides are based on Lawrie Brown Lawrie Brown s slides supplied with William Stalling s book Cryptography and Network Security: Principles and Practice, 6 th Ed, 2013. 7-2

Pseudo Random Numbers Many uses of random numbers in cryptography nonces in authentication protocols to prevent replay keystream for a one-time pad These values should be statistically random, uniform distribution, independent unpredictability of future values from previous values True random numbers provide this Psuedo Deterministic, reproducible, generated by a formula 7-3

A Sample Generator For example, Starting with x 0 =5: The first 32 numbers obtained by the above procedure 10, 3, 0, 1, 6, 15, 12, 13, 2, 11, 8, 9, 14, 7, 4, 5 10, 3, 0, 1, 6, 15, 12, 13, 2, 11, 8, 9, 14, 7, 4, 5. By dividing x's by 16: 0.6250, 0.1875, 0.0000, 0.0625, 0.3750, 0.9375, 0.7500, 0.8125, 0.1250, 0.6875, 0.5000, 0.5625, 0.8750, 0.4375, 0.2500, 0.3125, 0.6250, 0.1875, 0.0000, 0.0625, 0.3750, 0.9375, 0.7500, 0.8125, 0.1250, 0.6875, 0.5000, 0.5625, 0.8750, 0.4375, 0.2500, 0.3125. 7-4

Terminology Seed = x 0 Pseudo-Random: Deterministic yet would pass randomness tests Fully Random: Not repeatable Cycle length, Tail, Period 7-5

Linear-Congruential Generators Discovered by D. H. Lehmer in 1951 The residues of successive powers of a number have good randomness properties. Equivalently, a = multiplier m = modulus 7-6

Linear-Congruential Generators (Cont) Lehmer's choices: a = 23 and m = 10 8 +1 Good for ENIAC, an 8-digit decimal machine. Generalization: Can be analyzed easily using the theory of congruences Mixed Linear-Congruential Generators or Linear-Congruential Generators (LCG) Mixed = both multiplication by a and addition of b 7-7

Blum Blum Shub Generator Use least significant bit from iterative equation: x i = x 2 i-1 mod n where n=p.q p.q,, and primes p,q=3 mod 4 Unpredictable, passes next-bit test Security rests on difficulty of factoring N Is unpredictable given any run of bits Slow, since very large numbers must be used Too slow for cipher use, good for key generation 7-8

Random & Pseudorandom Number Generators 7-9

Using Block Ciphers as PRNGs Can use a block cipher to generate random numbers for cryptographic applications, For creating session keys from master key CTR X i = E K [V i ] OFB X i = E K [X i-1 ] 7-10

ANSI X9.17 PRG Keys Date/Time Next Seed Seed Random Stream 7-11

Natural Random Noise Best source is natural randomness in real world Find a regular but random event and monitor Do generally need special h/w to do this E.g., radiation counters, radio noise, audio noise, thermal noise in diodes, leaky capacitors, mercury discharge tubes etc Starting to see such h/w in new CPU's Problems of bias or uneven distribution in signal Have to compensate for this when sample, often by passing bits through a hash function Best to only use a few noisiest bits from each sample RFC4086 recommends using multiple sources + hash 7-12

Stream Ciphers Process message bit by bit (as a stream) A pseudo random keystream XOR ed with plaintext bit by bit C i = M i XOR StreamKey i But must never reuse stream key otherwise messages can be recovered 7-13

RC4 A proprietary cipher owned by RSA DSI Another Ron Rivest design, simple but effective Variable key size, byte-oriented stream cipher Widely used (web SSL/TLS, wireless WEP/WPA) Key forms random permutation of all 8-bit values Uses that permutation to scramble input info processed a byte at a time 7-14

RC4 Key Schedule Start with an array S of numbers: 0..255 Use key to well and truly shuffle S forms internal state of the cipher for i = 0 to 255 do S[i] = i T[i] = K[i mod keylen]) j = 0 for i = 0 to 255 do j = (j + S[i] + T[i]) (mod 256) swap (S[i], S[j]) 7-15

RC4 Encryption Encryption continues shuffling array values Sum of shuffled pair selects "stream key" value from permutation XOR S[t] with next byte of message to en/decrypt i = j = 0 for each message byte M i i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(s[i], S[j]) t = (S[i] + S[j]) (mod 256) C i = M i XOR S[t] 7-16

RC4 Overview 7-17

Summary 1. Pseudorandom number generators use a seed and a formula to generate the next number 2. Stream ciphers xor a random stream with the plain text. 3. RC4 is a stream cipher 7-18

Homework 7 a. Find the period of the following generator using seed x 0 =1: b. Now repeat part a with seed x 0 =2 c. What RC4 key value will leave S unchanged during initialization? That is, after the initial permutation of S, the entries of S will be equal to the values from 0 through 255 in ascending order. 7-19

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback