darxplorer
play

DARXplorer a Toolbox for Cryptanalysis and Cipher Designers Dennis - PowerPoint PPT Presentation

Feb 06, 2024 •325 likes •757 views

DARXplorer a Toolbox for Cryptanalysis and Cipher Designers Dennis Hoppe Bauhaus-University Weimar 22nd April 2009 Dennis Hoppe (BUW) DARXplorer 22nd April 2009 1 / 31 Agenda 1 Introduction to Hash Functions 2 The ThreeFish Block Cipher 3

  1. DARXplorer a Toolbox for Cryptanalysis and Cipher Designers Dennis Hoppe Bauhaus-University Weimar 22nd April 2009 Dennis Hoppe (BUW) DARXplorer 22nd April 2009 1 / 31

  2. Agenda 1 Introduction to Hash Functions 2 The ThreeFish Block Cipher 3 Differential Cryptanalysis 4 DARXplorer – DC of ThreeFish 5 Results on ThreeFish 6 Generalization of DARXplorer Dennis Hoppe (BUW) DARXplorer 22nd April 2009 2 / 31

  3. Agenda 1 Introduction to Hash Functions 2 The ThreeFish Block Cipher 3 Differential Cryptanalysis 4 DARXplorer – DC of ThreeFish 5 Results on ThreeFish 6 Generalization of DARXplorer Dennis Hoppe (BUW) DARXplorer 22nd April 2009 3 / 31

  4. Introduction to Hash Functions Hash Functions A hash function H : { 0 , 1 } ∗ → { 0 , 1 } n is used to compute an n -bit fingerprint from an arbitrarily-sized input M ∈ { 0 , 1 } ∗ Most of them are based on a compression function C : { 0 , 1 } n × { 0 , 1 } m → { 0 , 1 } n with fixed size input Computation: H i := C ( H i − 1 , M i ) C C C . . . H[0] H[1] H[L-1] H[L] . . . M[1] M[2] M[L] Dennis Hoppe (BUW) DARXplorer 22nd April 2009 4 / 31

  5. Introduction to Hash Functions – cont’d Compression Functions A crucial building block of iterated hash functions is the compression function C Designer often make use of block ciphers Which properties should be imposed on C to guarantee that the hash function satisfies certain properties? Theorem (Damg˚ ard-Merkle) If the compression function C is collision-resistant , then the hash function H is collision-resistant as well. If the compression function C is preimage-resistant , then the hash function H is preimage-resistant as well. Dennis Hoppe (BUW) DARXplorer 22nd April 2009 5 / 31

  6. Introduction to Hash Functions – cont’d Vulnerability of Hash Functions Black-Box attacks on the compression function Exploit the way in which multiple compression functions are combined Joux (2004), Kelsey u. Kohno (2006) Attacks dependent on the internal details of the compression function Make use of cryptanalytical techniques One of the most successful attacks against block ciphers is Differential Cryptanalysis Used to crypt analyze MD4, MD5 [Wang u. a. (2004)] Dennis Hoppe (BUW) DARXplorer 22nd April 2009 6 / 31

  7. Introduction to Hash Functions – cont’d Vulnerability of Hash Functions Black-Box attacks on the compression function Exploit the way in which multiple compression functions are combined Joux (2004), Kelsey u. Kohno (2006) Attacks dependent on the internal details of the compression function Make use of cryptanalytical techniques One of the most successful attacks against block ciphers is Differential Cryptanalysis Used to crypt analyze MD4, MD5 [Wang u. a. (2004)] Dennis Hoppe (BUW) DARXplorer 22nd April 2009 6 / 31

  8. Agenda 1 Introduction to Hash Functions 2 The ThreeFish Block Cipher 3 Differential Cryptanalysis 4 DARXplorer – DC of ThreeFish 5 Results on ThreeFish 6 Generalization of DARXplorer Dennis Hoppe (BUW) DARXplorer 22nd April 2009 7 / 31

  9. Introduction to Block Ciphers One-way compression functions built from block ciphers H m i i-1 m H E E g i i-1 H i H i Davies-Meyer Matyas-Meyer-Oseas Dennis Hoppe (BUW) DARXplorer 22nd April 2009 8 / 31

  10. The ThreeFish Block Cipher Motivation Tweakable block cipher, designed with the purpose to be used as a building block for a hash function Provides speed, flexibility and the ease of analysis to proof security Supports different block sizes (ThreeFish- n ); n = 256 , 512 , 1024 ThreeFish- n supports n -bit blocks and n -bit keys and a 128 -bit tweak Usage (Skein) Skein- n uses ThreeFish- n H i := C ( H i − 1 , T i , M i ) := Threefish H i − 1 ,T i ( M i ) ⊕ M i We have to show, that the probability is below 2 − 2 n − 128 by providing an upper bound on the probability of the best exclusive-OR difference Dennis Hoppe (BUW) DARXplorer 22nd April 2009 9 / 31

  11. The ThreeFish Block Cipher Motivation Tweakable block cipher, designed with the purpose to be used as a building block for a hash function Provides speed, flexibility and the ease of analysis to proof security Supports different block sizes (ThreeFish- n ); n = 256 , 512 , 1024 ThreeFish- n supports n -bit blocks and n -bit keys and a 128 -bit tweak Usage (Skein) Skein- n uses ThreeFish- n H i := C ( H i − 1 , T i , M i ) := Threefish H i − 1 ,T i ( M i ) ⊕ M i We have to show, that the probability is below 2 − 2 n − 128 by providing an upper bound on the probability of the best exclusive-OR difference Dennis Hoppe (BUW) DARXplorer 22nd April 2009 9 / 31

  12. The ThreeFish Block Cipher – cont’d Structure of ThreeFish-256 Non-linear MIX function on two 64 -bit words MIX MIX Permutation Input (A, B, C, D) Output (A, D, C, B) A B C D Key Schedule PERMUTE Generates subkeys A D C B Injects subkeys each 8th round Completely omitted in DARXplorer Dennis Hoppe (BUW) DARXplorer 22nd April 2009 10 / 31

  13. The ThreeFish Block Cipher – cont’d A B MIX Operation Primitives Addition mod 2 64 , Word-wise rotation, and <<< c Bit-wise exclusive-OR MIX ( A, B, c ) = ( X, Y ) Y = A + B X = ( A ≪ c ) ⊕ Y X Y Dennis Hoppe (BUW) DARXplorer 22nd April 2009 11 / 31

  14. Agenda 1 Introduction to Hash Functions 2 The ThreeFish Block Cipher 3 Differential Cryptanalysis 4 DARXplorer – DC of ThreeFish 5 Results on ThreeFish 6 Generalization of DARXplorer Dennis Hoppe (BUW) DARXplorer 22nd April 2009 12 / 31

  15. Differential Cryptanalysis Differential Cryptanalysis [Biham u. Shamir (1990)] Exploits the high probability of certain occurrences by tracing differences through the network ( X ′ , X ′′ ) , ∆ X = X ′ ⊕ X ′′ In: Out: ( Y ′ , Y ′′ ) , ∆ Y = Y ′ ⊕ Y ′′ Ideally randomizing cipher: the probability that a particular output difference ∆ Y occurs given a particular input difference ∆ X is 2 − n Dennis Hoppe (BUW) DARXplorer 22nd April 2009 13 / 31

  16. Differential Cryptanalysis – cont’d Example (DC) Input Difference: ∆ P 1 = [0000 1011 0000 0000] Difference-Pair for S-Box: S 12 : ∆ X = B → ∆ Y = 2 with probability p 1 = 1 / 2 Output Difference: ∆ V 1 = [0000 0010 0000 0000] Try to find r-round characteristics ! Dennis Hoppe (BUW) DARXplorer 22nd April 2009 14 / 31

  17. Differential Cryptanalysis of ThreeFish Differential Cryptanalysis of ThreeFish We need to make assumptions about the differential properties of the A B primitives Differential exclusive-OR δ w = δ u ⊕ δ v Pr [ δ w ] = 1 . 0 c <<< Differential rotations t ′ = ( u ⊕ δu ) ≪ i t = u ≪ i, δ t = t ⊕ t ′ = δ u ≪ i Pr [ δ t ] = 1 . 0 Differential addition X Y Evaluating the differential properties of addition with respect to exclusive-OR is hard Dennis Hoppe (BUW) DARXplorer 22nd April 2009 15 / 31

  18. Differential Cryptanalysis of ThreeFish Differential Cryptanalysis of ThreeFish We need to make assumptions about the differential properties of the A B primitives Differential exclusive-OR δ w = δ u ⊕ δ v Pr [ δ w ] = 1 . 0 c <<< Differential rotations t ′ = ( u ⊕ δu ) ≪ i t = u ≪ i, δ t = t ⊕ t ′ = δ u ≪ i Pr [ δ t ] = 1 . 0 Differential addition X Y Evaluating the differential properties of addition with respect to exclusive-OR is hard Dennis Hoppe (BUW) DARXplorer 22nd April 2009 15 / 31

  19. Differential Cryptanalysis of ThreeFish Differential Cryptanalysis of ThreeFish We need to make assumptions about the differential properties of the A B primitives Differential exclusive-OR δ w = δ u ⊕ δ v Pr [ δ w ] = 1 . 0 c <<< Differential rotations t ′ = ( u ⊕ δu ) ≪ i t = u ≪ i, δ t = t ⊕ t ′ = δ u ≪ i Pr [ δ t ] = 1 . 0 Differential addition X Y Evaluating the differential properties of addition with respect to exclusive-OR is hard Dennis Hoppe (BUW) DARXplorer 22nd April 2009 15 / 31

  20. Differential Cryptanalysis of ThreeFish – cont’d Computing the Differential Properties of Addition [Lipmaa u. Moriai (2001)] Due to the lack of theory it was hard to evaluate the security of ciphers that employ both exclusive-OR and addition Compute the probability that, given input differences δ u and δ v result in the output difference δ s DP + ( δ u , δ v → δ s ) Θ( log n ) (worst-case), Θ(1) + t (average) Compute all “good” output differentials in a deterministic way DP + max ( δ u , δ v ) = max δ s { DP + ( δ u , δ v → δ s ) } Θ( log n ) Dennis Hoppe (BUW) DARXplorer 22nd April 2009 16 / 31

  21. Differential Cryptanalysis of ThreeFish – cont’d Computing the Differential Properties of Addition [Lipmaa u. Moriai (2001)] Due to the lack of theory it was hard to evaluate the security of ciphers that employ both exclusive-OR and addition Compute the probability that, given input differences δ u and δ v result in the output difference δ s DP + ( δ u , δ v → δ s ) Θ( log n ) (worst-case), Θ(1) + t (average) Compute all “good” output differentials in a deterministic way DP + max ( δ u , δ v ) = max δ s { DP + ( δ u , δ v → δ s ) } Θ( log n ) Dennis Hoppe (BUW) DARXplorer 22nd April 2009 16 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Full Cost Allocation Plan and User Fee Study Results Presentation Goals t Present scope of

Full Cost Allocation Plan and User Fee Study Results Presentation Goals t Present scope of

Full Cost Allocation Plan and User Fee Study Results Presentation Goals t Present scope of services and study objectives t Present basic costing methodology and approach t Discuss a summary of findings and results t Questions Scope of Services t

434 views • 25 slides
Oracle Database Audit Scripts, Privacy &amp; Security considerations Challenge: Forensic analysis

Oracle Database Audit Scripts, Privacy &amp; Security considerations Challenge: Forensic analysis

Oracle Database Audit Scripts, Privacy &amp; Security considerations Challenge: Forensic analysis of license French case law concluded that that Oracle's scripts are scripting much more data than what is legally relevant usage on Oracle

117 views • 9 slides
Babelee Technical presentation The Video Automation Platform Babelee Littlesea developed

Babelee Technical presentation The Video Automation Platform Babelee Littlesea developed

Babelee Technical presentation The Video Automation Platform Babelee Littlesea developed Babelee, an high performing and fl exible platform that enables communication and marketing departments to cover the whole content strategy needs,

567 views • 17 slides
COATING TECHNOLOGY FOR BELOW GRADE APPLICATIONS MAUSOLEUM WATERPROOFING 2014 26,000 sf of

COATING TECHNOLOGY FOR BELOW GRADE APPLICATIONS MAUSOLEUM WATERPROOFING 2014 26,000 sf of

COATING TECHNOLOGY FOR BELOW GRADE APPLICATIONS MAUSOLEUM WATERPROOFING 2014 26,000 sf of concrete roof and wall surfaces waterproofed with 100 mils pure Polyurea 2016 24,700 sf of concrete roof and wall surfaces waterproofed

326 views • 13 slides
Protec'ng communica'on since 2013 Micael Berg Chief Sales Officer Cryp4fy Cryp'fy Call Secure

Protec'ng communica'on since 2013 Micael Berg Chief Sales Officer Cryp4fy Cryp'fy Call Secure

Protec'ng communica'on since 2013 Micael Berg Chief Sales Officer Cryp4fy Cryp'fy Call Secure voice and messaging, that Adds security to Your standard mobile phone Gives the You absolute and exclusive control of all cryptographic

262 views • 15 slides
SRS Client Future direction of SRS client Current Client Tested on 5 different distros in

SRS Client Future direction of SRS client Current Client Tested on 5 different distros in

SRS Client Future direction of SRS client Current Client Tested on 5 different distros in 32 bit and 64 bit Requires a dedicated test/build box Difficult Crypt::OpenPGP dependencies Poor error reporting Not thread

495 views • 5 slides
Attacks on Android 7 File Based Encryption Ronan Loftus 1 &amp; Marwin Baumann 1 1 Systems and

Attacks on Android 7 File Based Encryption Ronan Loftus 1 &amp; Marwin Baumann 1 1 Systems and

Introduction Overview Attacks Conclusion Attacks on Android 7 File Based Encryption Ronan Loftus 1 &amp; Marwin Baumann 1 1 Systems and Network Engineering MSc. University of Amsterdam Research Project 1, 2017 Ronan Loftus &amp; Marwin

990 views • 41 slides
DPM COR DPM CORPORA PORATE TE P PRESE RESENT NTATION TION Chelopech Mine, Bulgaria Aug

DPM COR DPM CORPORA PORATE TE P PRESE RESENT NTATION TION Chelopech Mine, Bulgaria Aug

DPM COR DPM CORPORA PORATE TE P PRESE RESENT NTATION TION Chelopech Mine, Bulgaria Aug ugust ust 20 2016 16 FORWARD LOOKING STATEMENTS This presentation contains forward looking information or &quot;forward looking

625 views • 47 slides
SCRAM authentication Heikki Linnakangas / Pivotal pg_hba.conf # TYPE DATABASE USER

SCRAM authentication Heikki Linnakangas / Pivotal pg_hba.conf # TYPE DATABASE USER

SCRAM authentication Heikki Linnakangas / Pivotal pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD # &quot;local&quot; is for Unix domain socket connections only local all all trust # Use

393 views • 25 slides
Vulcan: Hardware Support for Detecting Sequential Consistency Violations Dynamically Abdullah

Vulcan: Hardware Support for Detecting Sequential Consistency Violations Dynamically Abdullah

Vulcan: Hardware Support for Detecting Sequential Consistency Violations Dynamically Abdullah Muzahid , Shanxiang Qi , and Josep Torrellas University of Illinois at Urbana-Champaign http://iacoma.cs.uiuc.edu MICRO December 2012 Sequential

261 views • 24 slides
We build Transport for the North John Cridland for a better Spitalfields Crypt Trust Gary

We build Transport for the North John Cridland for a better Spitalfields Crypt Trust Gary

Upfront magazine We build for a better society issue #7: 17, June A Skanska publication in print online Inside this issue Creating a positive legacy K&amp;L Gates Clarissa Coleman We build Transport for the North John Cridland for a

292 views • 5 slides
New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 Subhamoy Maitra ,

New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 Subhamoy Maitra ,

New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 Subhamoy Maitra , ISI, Kolkata Goutam Paul , Jadavpur University, Kolkata Roadmap Introduction Related Work and Contribution Bias in the Permutation

531 views • 36 slides
Presentation by the UK Team to Germany Mackenzie, Isabel, Joanna, Luka, Ben, Mario OVERVIEW OF

Presentation by the UK Team to Germany Mackenzie, Isabel, Joanna, Luka, Ben, Mario OVERVIEW OF

Presentation by the UK Team to Germany Mackenzie, Isabel, Joanna, Luka, Ben, Mario OVERVIEW OF THE CITY OF HAMBURG HAMBURG CITY IS THE SECOND LARGEST CITY IN GERMANY AFTER BERLIN AND THE NINTH LARGEST IN THE EU (EUROPEAN UNION) IN TERMS OF

389 views • 15 slides
OpenOSPFD Claudio Jeker &lt;claudio@openbsd.org&gt; Introduction maintain routing table

OpenOSPFD Claudio Jeker &lt;claudio@openbsd.org&gt; Introduction maintain routing table

OpenOSPFD Claudio Jeker &lt;claudio@openbsd.org&gt; Introduction maintain routing table automatically choose &quot;best&quot; path recover from network failures (reroute) default free routing divide Internet into autonomous systems (AS) same

545 views • 28 slides
http://www.lambdaspa.com - E-Mail: info@lambdaspa.com Cap. Soc. 500.000 i.v. - Reg. Impr.

http://www.lambdaspa.com - E-Mail: info@lambdaspa.com Cap. Soc. 500.000 i.v. - Reg. Impr.

COMPANY PRESENTATION LAMBDA Spa is involved since years in the design, development and implementation of laser equipment for specific use in medical, dental and restoration fields. In 1987 LAMBDA begins its activity in the field of cultural

390 views • 18 slides
A presentation from Alena Lewandowski Alena Lewandowski and Lena Kster Alena Lewandowski

A presentation from Alena Lewandowski Alena Lewandowski and Lena Kster Alena Lewandowski

A presentation from Alena Lewandowski Alena Lewandowski and Lena Kster Alena Lewandowski Welcome to Fritzlar Hello, my name is Alena Lewandowski! Alena Lewandowski! I am 13 years old. Im a pupil at I m a pupil at Bundesprsident-

436 views • 42 slides
Advancing Your Practice: ROME, ITALY Spring Break 2014 Renee Petropoulos &amp; Tucker Neel See

Advancing Your Practice: ROME, ITALY Spring Break 2014 Renee Petropoulos &amp; Tucker Neel See

Advancing Your Practice: ROME, ITALY Spring Break 2014 Renee Petropoulos &amp; Tucker Neel See breathtaking works of art. Eat the best Italian food of your life. Make new friends. Touch thousands of years of history. Walk in the footsteps of

470 views • 23 slides
Engage Leeds Employment &amp; Engagement Service City Wide project involving 4 Organisations

Engage Leeds Employment &amp; Engagement Service City Wide project involving 4 Organisations

Engage Leeds Employment &amp; Engagement Service City Wide project involving 4 Organisations Contract Holder North West North East South 1500 Clients 500 Clients in across Leeds at each wedge any one time 25 Clients per 1 Employment

367 views • 10 slides
Support for File system Kyungsik Lee SW Platform Lab., Corporate R&amp;D LG Electronics, Inc.

Support for File system Kyungsik Lee SW Platform Lab., Corporate R&amp;D LG Electronics, Inc.

Linux Kernel Encryption Support for File system Kyungsik Lee SW Platform Lab., Corporate R&amp;D LG Electronics, Inc. 2016/10/20 Mobile Security Mobile Security is an important issue More data could be more danger with mobile devices

242 views • 23 slides
Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $

Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $

Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $ whoami Performance and security at Cloudflare Passionate about security and crypto Enjoy low level programming @ignatkn Performance vs

1.45k views • 133 slides
1 12 WEST 12th STREET, EXISTING SIDEWALK PLAN NEW YORK, NEW YORK 10011 03-04-2011 EXTEND

1 12 WEST 12th STREET, EXISTING SIDEWALK PLAN NEW YORK, NEW YORK 10011 03-04-2011 EXTEND

EXTEND SIDEWALK REPAIR BEYOND PROPERTY LINE TO INSURE NO TRIP HAZARDS OR DEFECTS AT COMPLETION OF THE WORK. 2' - 2&quot; 13' - 10 1/8&quot; 127.9' PROPERTY LINE EXISTING 26.05' STREET SIGN TO REMAIN KEY EXISTING CONCRETE SIDEWALKS

300 views • 3 slides
Avon &amp; Somerset Police Cyber Protect Kristian Evans COVID19 Presentation 24 March, 2020

Avon &amp; Somerset Police Cyber Protect Kristian Evans COVID19 Presentation 24 March, 2020

Avon &amp; Somerset Police Cyber Protect Kristian Evans COVID19 Presentation 24 March, 2020 Sources Useful (only slightly technical) Links www.lifewire.com www.howtogeek.com www.ncsc.gov.uk Background Information COVID-19 Being

677 views • 47 slides
Fr. Christopher Marshall &amp; Fr. Gerry Lennon (Chaplain to the Childrens Hospital) Fr Ray

Fr. Christopher Marshall &amp; Fr. Gerry Lennon (Chaplain to the Childrens Hospital) Fr Ray

Metropolitan Cathedral &amp; Basilica of St Chad St Chads Queensway, Birmingham, B4 6EU Tel: Cathedral House 0121 236 2251 or 0121 236 5535 Fax: 0121 230 6281 e-mail: reception@rc-birmingham.org Website: www.stchadscathedral.org.uk Twitter:

259 views • 5 slides
ITEC 5321 Information Systems Security Spring 07 Slax KillBill Edition v5.1.8.1 Deepanwita

ITEC 5321 Information Systems Security Spring 07 Slax KillBill Edition v5.1.8.1 Deepanwita

ITEC 5321 Information Systems Security Spring 07 Slax KillBill Edition v5.1.8.1 Deepanwita Bagchi 03-03-2007 Agenda Why is Security important? Role of NIST Different Technical Controls suggested by NIST What is a Live CD?

303 views • 19 slides

More recommend