exhausting demirci sel cuk meet in the middle attacks
play

Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against - PowerPoint PPT Presentation

Sep 21, 2022 •628 likes •1.25k views

Introduction Demirci and Sel cuk Attack Differential Enumeration Technique Conclusion Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez 1 Pierre-Alain Fouque 1 , 2 Ecole Normale Sup

  1. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Exhausting Demirci-Sel¸ cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez 1 Pierre-Alain Fouque 1 , 2 ´ Ecole Normale Sup´ erieure, France Universit´ e de Rennes 1, France March 13, 2013

  2. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Outline Introduction 1 Description of the AES AES and recent attacks Demirci and Sel¸ cuk Attack 2 Original attack Previous Improvements New improvements Finding Best Attacks Results Differential Enumeration Technique 3 The Technique New attack on 8 rounds Results Conclusion 4

  3. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Outline for section 1 Introduction 1 Description of the AES AES and recent attacks Demirci and Sel¸ cuk Attack 2 Original attack Previous Improvements New improvements Finding Best Attacks Results Differential Enumeration Technique 3 The Technique New attack on 8 rounds Results Conclusion 4

  4. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Advanced Encryption Standard ◮ Advanced Encryption Standard competition began in 1997 ◮ Rijndael was selected to be the new AES in 2001 AES basic structures ◮ iterated block cipher ◮ substitution permutation network ◮ block size: 128 bits ◮ 3 different key lengths: 128, 192, 256 bits ◮ number of rounds depends on key lengths: 10, 12, 14 rounds

  5. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Description of the AES ◮ Each 16-byte block is represented as a 4 × 4 matrix of bytes ◮ Each byte representing an element from F 256 ◮ 4 simple operations on the state matrix every round (except the last round) C ← M × C S X X SB X SR X MC AK X X X X k i x i y i z i w i x i +1

  6. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Description of the AES ◮ Each 16-byte block is represented as a 4 × 4 matrix of bytes ◮ Each byte representing an element from F 256 ◮ 4 simple operations on the state matrix every round (except the last round) C ← M × C S X X SB X SR X AK MC X X X X u i x i y i z i x i +1 ˜ w i k i = M × u i

  7. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion AES and recent attacks ◮ Designed to be strong against Linear and Differential cryptanalysis. ◮ Fairly simple algebraic description... ◮ ... but attacks using SAT-solver or Gr¨ obner basis algorithms never endanger it. ◮ Related-subkey attacks on the full AES-192/AES-256. ◮ Bicliques attacks on the full AES-128/AES-192/AES-256: Version Data Time Memory 2 88 2 126 . 2 2 8 128 2 80 2 189 . 4 2 8 192 2 40 2 254 . 4 2 8 256

  8. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Outline for section 2 Introduction 1 Description of the AES AES and recent attacks Demirci and Sel¸ cuk Attack 2 Original attack Previous Improvements New improvements Finding Best Attacks Results Differential Enumeration Technique 3 The Technique New attack on 8 rounds Results Conclusion 4

  9. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Preliminary Definition: δ -set Set of 256 AES-states that are all different in one state byte and all equal in the other state bytes.

  10. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Preliminary Definition: δ -set Set of 256 AES-states that are all different in one state byte and all equal in the other state bytes. ◮ At FSE 2008, Demirci and Sel¸ cuk described a 4-round property for AES. 4-round property Consider the encryption of a δ -set through four full AES rounds. For each of the 16 bytes of the state, the ordered sequence of 256 values of that byte in the corresponding ciphertexts is fully determined by just 25-byte parameters.

  11. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Preliminary Definition: δ -set Set of 256 AES-states that are all different in one state byte and all equal in the other state bytes. ◮ At FSE 2008, Demirci and Sel¸ cuk described a 4-round property for AES. 4-round property Consider the encryption of a δ -set through four full AES rounds. For each of the 16 bytes of the state, the ordered sequence of 256 values of that byte in the corresponding ciphertexts is fully determined by just 25-byte parameters. ◮ At most 2 8 × 25 = 2 200 possible sequences out of the 2 8 × 256 = 2 2048 theoretically possible.

  12. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Proof of the 4-round property ◮ Let consider the encryption of a δ -set through four full AES rounds: z i x i +1 z i +1 x i +2 z i +2 x i +3 z i +3 x i +4 Reminder: z j = SR ◦ SB ( x j ) and x j +1 = AK ◦ MC ( z j ).

  13. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Proof of the 4-round property ◮ Let consider the encryption of a δ -set through four full AES rounds: ◮ To build the 256 values of the circled byte... z i x i +1 z i +1 x i +2 z i +2 x i +3 z i +3 x i +4 Reminder: z j = SR ◦ SB ( x j ) and x j +1 = AK ◦ MC ( z j ).

  14. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Proof of the 4-round property ◮ Let consider the encryption of a δ -set through four full AES rounds: ◮ To build the 256 values of the circled byte... ◮ ...guess the black bytes for one message and propagate the differences. z i x i +1 z i +1 x i +2 z i +2 x i +3 z i +3 x i +4 Reminder: z j = SR ◦ SB ( x j ) and x j +1 = AK ◦ MC ( z j ).

  15. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Basic attack ◮ They first use the property to mount an attack on 7 rounds of AES-256. x 0 z 0 x 1 z 1 4 rounds P x 5 z 5 x 6 z 6 C

  16. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Basic attack ◮ They first use the property to mount an attack on 7 rounds of AES-256. 1 Compute the 2 200 possible sequences and store them in a hash table. x 0 z 0 x 1 z 1 4 rounds P x 5 z 5 x 6 z 6 C

  17. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Basic attack ◮ They first use the property to mount an attack on 7 rounds of AES-256. 1 Compute the 2 200 possible sequences and store them in a hash table. 2 Ask for a structure of 2 32 plaintexts and choose one of them. x 0 z 0 x 1 z 1 4 rounds P x 5 z 5 x 6 z 6 C

  18. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Basic attack ◮ They first use the property to mount an attack on 7 rounds of AES-256. 1 Compute the 2 200 possible sequences and store them in a hash table. 2 Ask for a structure of 2 32 plaintexts and choose one of them. 3 Guess gray bytes to identify a δ -set and sort it. x 0 z 0 x 1 z 1 4 rounds P x 5 z 5 x 6 z 6 C

  19. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Basic attack ◮ They first use the property to mount an attack on 7 rounds of AES-256. 1 Compute the 2 200 possible sequences and store them in a hash table. 2 Ask for a structure of 2 32 plaintexts and choose one of them. 3 Guess gray bytes to identify a δ -set and sort it. 4 Guess black bytes to compute the sequence and check if it belongs to the table. x 0 z 0 x 1 z 1 4 rounds P x 5 z 5 x 6 z 6 C

  20. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Comments ◮ Let B on (resp. B off ) be the state bytes needed in the online (resp. offline) phase. ◮ A priori, the time complexity of the online phase is 2 8 ×|B on | × 2 8 partial encryptions/decryptions and the memory requirement is 2 8 ×|B off | 256-byte sequences. ◮ In our case |B on | = 10 and |B off | = 25. ◮ The memory complexity of this attack is too high to apply it on the 128 and 192-bit versions. ◮ But its time complexity is low enough to mount an attack from it on 8 rounds AES-256.

  21. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Comments (cont.) ◮ Bytes of B off (resp. B on ) are related by the AES equations = ⇒ they may assume less values than expected. x i +1 z i +1 x i +2 z i +2 x i +3 z i +3 x i +4 z i u i +1 u i k i +2 k i +3 ◮ Let K off be the vector space generated by these subkey bytes. ◮ In a similar way, we define K on from B on .

  22. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Previous Improvements ◮ Difference instead of Value: Store sequences of differences to remove the byte of x 5 from B off or from B on .

  23. Introduction Demirci and Sel¸ cuk Attack Differential Enumeration Technique Conclusion Previous Improvements ◮ Difference instead of Value: Store sequences of differences to remove the byte of x 5 from B off or from B on . ◮ Multiset: Store unordered sequences to slightly reduces the memory requirement and, as the S-box is a bijection, to remove the byte of x 1 from B on .

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei Sun 1 Patrick Derbez 2 Yosuke Todo 3 Bing Sun 4 Lei Hu 1 1 Institute of Information Engineering, Chinese Academy of Sciences, China 2 Univ Rennes,

1.17k views • 87 slides
Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei Sun 1 Patrick Derbez 2 Yosuke Todo 3 Bing Sun 4 Lei Hu 1 1 Institute of Information Engineering, Chinese Academy of Sciences, China 2 Universit

726 views • 60 slides
A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented

A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented

A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented by Orhun Kara 1 Outline The AES A 5-round distinguisher Attack on 7-round AES-192, AES-256 and 8-round AES-256 Some optimizations

504 views • 19 slides
Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France

Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France

Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France FSE, March 3-5 2014 Plan 1 Match Box Meet-in-the-Middle Attacks Sieve-in-the-Middle Framework Match Box Cryptanalysis of KATAN 2 Description

1.61k views • 37 slides
Meet in the Middle - STP March 20, 2019 1 / 17 Last weeks exercise Solution on whiteboard.

Meet in the Middle - STP March 20, 2019 1 / 17 Last weeks exercise Solution on whiteboard.

Meet in the Middle - STP March 20, 2019 1 / 17 Last weeks exercise Solution on whiteboard. 2 / 17 Recap of MitM attack Whiteboard 3 / 17 Searching for attacks By hand - Last week(s) Using the computer - This week 4 / 17

689 views • 23 slides
MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( )

MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( )

Software and Web Security 2 MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( ) MitM attack: attacker gets between the browser and the web server, eg eg by setting up a wifi access point

345 views • 9 slides
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the

Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the

Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU), memory, bandwidth, and disk space.

1.55k views • 28 slides
CompSci 514 Computer Networks Lecture 20: Combating Denial of Service Attacks Xiaowei Yang How

CompSci 514 Computer Networks Lecture 20: Combating Denial of Service Attacks Xiaowei Yang How

CompSci 514 Computer Networks Lecture 20: Combating Denial of Service Attacks Xiaowei Yang How to Attack : Exhausting shared resources L Flooding traffic to exhaust the bandwidth, memory, or CPU of a victim Spoof addresses to hide

971 views • 72 slides
Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on Third-Party Software Jeffrey Knockel, Jedidiah Crandall Computer Science Department University of New Mexico Recent News Iran: forged SSL

569 views • 27 slides
Desert Sky Middle School Virtual Meet the Teacher Hill/Willard/Crabtree/Chen Meet Your Teams

Desert Sky Middle School Virtual Meet the Teacher Hill/Willard/Crabtree/Chen Meet Your Teams

Desert Sky Middle School Virtual Meet the Teacher Hill/Willard/Crabtree/Chen Meet Your Teams Teachers: Ming Chen Meagan Willard Kristi Hill Lisa Crabtree Mandarin Math & SS Language Arts Science & SS & SS & SS Meet

551 views • 11 slides
Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects

Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects

Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects clients from compromised certificates Without revocation, these attacks would go undetected 2 Certificate Revocation Lists (CRLs) Lists of

544 views • 27 slides
Who knew it was such an exhausting commute from the coffee pot in the kitchen to my office in

Who knew it was such an exhausting commute from the coffee pot in the kitchen to my office in

Who knew it was such an exhausting commute from the coffee pot in the kitchen to my office in the upstairs bonus room? Just 16 steps. Each way. I counted. Its one of the quirky things you do on Day 89 of quarantine. Its got to be the

335 views • 29 slides
Desert Sky Middle School Virtual Meet the Teacher Team C Team Introductions Tina Murray -

Desert Sky Middle School Virtual Meet the Teacher Team C Team Introductions Tina Murray -

Desert Sky Middle School Virtual Meet the Teacher Team C Team Introductions Tina Murray - Science Joe Isaac - Language Arts Lisa Nussmeier - Social Studies Melissa Little - Math Meet Our Specialists Sal Rodriguez - Physical Education (PE)

510 views • 12 slides
Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle

Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle

Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle attack Diffie-Hellman Alice Bob new na new nb g na g nb K = (g nb ) na K = (g na ) nb Man-in-the-middle attack Diffie-Hellman Alice Bob Alice

401 views • 25 slides
Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill,

Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill,

Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill, Scott Ruoti, Kent Seamons, Daniel Zappala Internet Research Lab & Internet Security Research Lab Brigham Young University Certificate validation

484 views • 14 slides
WELCOME TO GLEN HILLS MIDDLE SCHOOL OPEN HOUSE 2019-20 Meet the 8th Grade Team! Mike

WELCOME TO GLEN HILLS MIDDLE SCHOOL OPEN HOUSE 2019-20 Meet the 8th Grade Team! Mike

WELCOME TO GLEN HILLS MIDDLE SCHOOL OPEN HOUSE 2019-20 Meet the 8th Grade Team! Mike Birmingham Jaclyn Orozco Natalie Block Shana Lucas Spanish Math Special Education AVID Coordinator AVID Elective Meet the 8th Grade Team! Jen Clark

190 views • 18 slides
Research Question Background information ICT teachers from Zibo district, Shandong

Research Question Background information ICT teachers from Zibo district, Shandong

Toward Self-Organization Learning from a local K12 subject teachers community Toward Self-Organization Learning from a local K12 subject teachers community Zhuang Xiuli Xiuli.zhuang@gmail.com http://sociallearnlab.org/xiuli/ Beijing Normal

311 views • 3 slides
From Non-Expert to Editor: Students Improving Wikipedia Content for Global Communities Becky J.

From Non-Expert to Editor: Students Improving Wikipedia Content for Global Communities Becky J.

From Non-Expert to Editor: Students Improving Wikipedia Content for Global Communities Becky J. Carmichael Communication across the Curriculum Louisiana State University bcarmi1@lsu.edu Why Wikipedia? 5 million English Wikipedia articles

334 views • 18 slides
Recommendations on a Geospatial Information Reference Framework for Public Health (GIRF) How to

Recommendations on a Geospatial Information Reference Framework for Public Health (GIRF) How to

3/8/2010 Recommendations on a Geospatial Information Reference Framework for Public Health (GIRF) How to address gaps, and support the public health community in the GIRF context. Gail Kucera Pierre Lafond 30 September 2009 1 1

293 views • 10 slides
Numerical simulations of bosons and fermions in three dimensional optical lattices Ping Nang MA

Numerical simulations of bosons and fermions in three dimensional optical lattices Ping Nang MA

Dissertation ETH Number 21384 Numerical simulations of bosons and fermions in three dimensional optical lattices Ping Nang MA Ph.D. oral examination (Sept. 27, 2013) Main Collaborators: Prof. Lode POLLET (LMU, Munich), Dr. Sebastiano PILATI

1.02k views • 31 slides
to Meet the CCRPI Challenge Bobby Smith bobbysmith2020@outlook.com 229-221-7164

to Meet the CCRPI Challenge Bobby Smith bobbysmith2020@outlook.com 229-221-7164

Developing a Game Plan to Meet the CCRPI Challenge Bobby Smith bobbysmith2020@outlook.com 229-221-7164 http://www.ciclt.net/sn/clt/cpresa/default.aspx?ClientCode=cpresa http://www.ciclt.net/sn/clt/cpresa/default.aspx?Cli entCode=cpresa Show

935 views • 67 slides
Supporting Students Through Tiered Interventions 2013 2014 September 24, 2013 Superintendent

Supporting Students Through Tiered Interventions 2013 2014 September 24, 2013 Superintendent

Supporting Students Through Tiered Interventions 2013 2014 September 24, 2013 Superintendent Barbara DeaneWilliams Deputy Superintendent Shaun Nelms Barbara Tomasso James Giordano Deborah Hoeft Jamie Warren Assistant Superintendent for

1.03k views • 74 slides
School District 63 Saanich Budget 2019/20 Community Budget Meeting Wednesday, April 10 at 7:00

School District 63 Saanich Budget 2019/20 Community Budget Meeting Wednesday, April 10 at 7:00

School District 63 Saanich Budget 2019/20 Community Budget Meeting Wednesday, April 10 at 7:00 p.m. Bayside Middle School Multi-Purpose Room Overview of Meeting 7:00 pm Introductory Comments 7:15 pm Presentation and Q and A 7:45 pm

479 views • 22 slides
Security and Stability Advisory Committee Activities Update ICANN Beijing Meeting

Security and Stability Advisory Committee Activities Update ICANN Beijing Meeting

Security and Stability Advisory Committee Activities Update ICANN Beijing Meeting April 2013 Agenda 1. SSAC Overview and Activities Patrik Fltstrm 2. SAC057: SSAC Advisory on Internal Name Certificates Patrik

510 views • 19 slides

More recommend