iso update
play

ISO Update Who knew standardization could be this fun? Lo Perrin - PowerPoint PPT Presentation

Feb 27, 2024 •105 likes •551 views

ISO Update Who knew standardization could be this fun? Lo Perrin Inria, France January 20, 2020 Dagstuhl 20041 General Context Randomness of a Structure: The Kolmogorov Anomaly Counter Arguments Conclusion How are Streebog and

  1. ISO Update Who knew standardization could be this fun? Léo Perrin Inria, France January 20, 2020 Dagstuhl 20041

  2. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion How are Streebog and Kuznyechik doing? 2 / 16

  3. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Outline General Context 1 “Randomness” of a Structure: The Kolmogorov Anomaly 2 “Counter Arguments” 3 Conclusion 4 2 / 16

  4. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Plan of this Section General Context 1 What are these Algorithms? Timeline and Results What the Designers Say “Randomness” of a Structure: The Kolmogorov Anomaly 2 “Counter Arguments” 3 Conclusion 4 2 / 16

  5. Common ground Both are standard symmetric primitives in Russia. Both were designed by the FSB (TC26). Both use the same 8 8 S-Box, π . General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Kuznyechik/Streebog Streebog Type Hash function Publication 2012 Kuznyechik Type Block cipher Publication 2015 3 / 16

  6. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Kuznyechik/Streebog Streebog Type Hash function Publication 2012 Kuznyechik Type Block cipher Publication 2015 Common ground Both are standard symmetric primitives in Russia. Both were designed by the FSB (TC26). Both use the same 8 × 8 S-Box, π . 3 / 16

  7. Jun. 2018 Luxembourg representatives at ISO asked me about these Oct. 2018 ISO standardization of Streebog (ISO 10118-3) Dec. 2018 Publication of the TKlog decomposition FSE’19 Apr. 2019 ISO decision to postpone the inclusion of Kuznyechik Apr. 2019 Russian law mandating the use of Russian algorithms Summer 2019 Time to act Oct. 2019 ISO had to make a decision General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Timeline By March 2016, Kuznyechik and Streebog were both GOST standards and IETF RFCs. May 2016 Publication of the first decomposition (TU-decomposition) EC’16 Feb 2017 Publication of the second decomposition (Belarus-like) FSE’17 4 / 16

  8. Dec. 2018 Publication of the TKlog decomposition FSE’19 Apr. 2019 ISO decision to postpone the inclusion of Kuznyechik Apr. 2019 Russian law mandating the use of Russian algorithms Summer 2019 Time to act Oct. 2019 ISO had to make a decision General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Timeline By March 2016, Kuznyechik and Streebog were both GOST standards and IETF RFCs. May 2016 Publication of the first decomposition (TU-decomposition) EC’16 Feb 2017 Publication of the second decomposition (Belarus-like) FSE’17 Jun. 2018 Luxembourg representatives at ISO asked me about these Oct. 2018 ISO standardization of Streebog (ISO 10118-3) 4 / 16

  9. Summer 2019 Time to act Oct. 2019 ISO had to make a decision General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Timeline By March 2016, Kuznyechik and Streebog were both GOST standards and IETF RFCs. May 2016 Publication of the first decomposition (TU-decomposition) EC’16 Feb 2017 Publication of the second decomposition (Belarus-like) FSE’17 Jun. 2018 Luxembourg representatives at ISO asked me about these Oct. 2018 ISO standardization of Streebog (ISO 10118-3) Dec. 2018 Publication of the TKlog decomposition FSE’19 Apr. 2019 ISO decision to postpone the inclusion of Kuznyechik Apr. 2019 Russian law mandating the use of Russian algorithms 4 / 16

  10. Summer 2019 Time to act General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Timeline By March 2016, Kuznyechik and Streebog were both GOST standards and IETF RFCs. May 2016 Publication of the first decomposition (TU-decomposition) EC’16 Feb 2017 Publication of the second decomposition (Belarus-like) FSE’17 Jun. 2018 Luxembourg representatives at ISO asked me about these Oct. 2018 ISO standardization of Streebog (ISO 10118-3) Dec. 2018 Publication of the TKlog decomposition FSE’19 Apr. 2019 ISO decision to postpone the inclusion of Kuznyechik Apr. 2019 Russian law mandating the use of Russian algorithms Oct. 2019 ISO had to make a decision 4 / 16

  11. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Timeline By March 2016, Kuznyechik and Streebog were both GOST standards and IETF RFCs. May 2016 Publication of the first decomposition (TU-decomposition) EC’16 Feb 2017 Publication of the second decomposition (Belarus-like) FSE’17 Jun. 2018 Luxembourg representatives at ISO asked me about these Oct. 2018 ISO standardization of Streebog (ISO 10118-3) Dec. 2018 Publication of the TKlog decomposition FSE’19 Apr. 2019 ISO decision to postpone the inclusion of Kuznyechik Apr. 2019 Russian law mandating the use of Russian algorithms Summer 2019 Time to act Oct. 2019 ISO had to make a decision 4 / 16

  12. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion The TKlog Structure  → F 2 8 F 2 8     �→ κ ( 0 )  0 π : α 17 j �→ κ ( 16 − j ) for 1 ≤ j ≤ 15    �→ κ ( 16 − i ) ⊕ ( α 17 ) s ( j ) α i + 17 j  for 0 < i , 0 ≤ j < 16  κ ( 15 ) ⊕ F 2 4 { 0 } F 2 4 κ ( { 1 , . . . , 15 } ) κ ( 14 ) ⊕ F 2 4 α 16 × F 2 4 α 2 × F 2 4 α × F 2 4 ... ... ... κ ( 0 ) ⊕ F 2 4 κ ( 0 ) 5 / 16

  13. https://www.cnews.ru/news/top/2019-04-02_vlasti_prinuditelno_perevedut_runet_na_rossijskie General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion RUnet The use of national encryption standards is being made mandatory in Russia. 6 / 16

  14. https://www.cnews.ru/news/top/2019-04-02_vlasti_prinuditelno_perevedut_runet_na_rossijskie General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion RUnet The use of national encryption standards is being made mandatory in Russia. 6 / 16

  15. In private conversations, they explicitely said they used a Fisher-Yates shuffle to generate random S-boxes. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion What its Designers Said (at ISO) [...] 7 / 16

  16. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion What its Designers Said (at ISO) [...] In private conversations, they explicitely said they used a Fisher-Yates shuffle to generate random S-boxes. 7 / 16

  17. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Plan of this Section General Context 1 “Randomness” of a Structure: The Kolmogorov Anomaly 2 Definition How to Estimate It? “Counter Arguments” 3 Conclusion 4 7 / 16

  18. How likely is it for a random S-box to have a “structure”? General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion General Question How “far” is the behaviour of a specific S-box from that of a “random S-box”? 8 / 16

  19. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion General Question How “far” is the behaviour of a specific S-box from that of a “random S-box”? How likely is it for a random S-box to have a “structure”? 8 / 16

  20. https://codegolf.stackexchange.com/questions/186498/ proving-that-a-russian-cryptographic-standard-is-too-structured General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Definition 165 ASCII characters that fit on 7 bits: this program is 1155 -bit long. Let P ( S ) be the bitlength of a C implementation of S ∈ S 2 n . Definition (Kolmogorov Anomaly) The Kolmogorov Anomaly of S for C is the opposite of the log 2 of the probability that a random S-box has a C implementation at most as long as that of S . 9 / 16

  21. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Estimating the Kolmogorov Anomaly How to estimate it? ( ≤ 1155 ) -bit C programs implementing 8-bit permutations ( ≤ 1155 ) -bit strings S 2 8 For π , we get: = 2 1156 − 1 # ( ≤ 1155)-bit C prog. ≤ # ( ≤ 1155)-bit strings. ≈ 2 − 528 , | S 2 8 | | S 2 8 | 256 ! meaning that the Kolmogorov anomaly of π for C is at least 528. 10 / 16

  22. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Plan of this Section General Context 1 “Randomness” of a Structure: The Kolmogorov Anomaly 2 “Counter Arguments” 3 Artist Rendition Summary of the Counter-Arguments I Was Told Conclusion 4 10 / 16

  23. General Context “Randomness” of a Structure: The Kolmogorov Anomaly “Counter Arguments” Conclusion Artist Rendition Discussions with the Alleged Designers, Allegory . Python M., 1969. 11 / 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OOC General Meeting- June 5, 2013 BSEE Update Agenda Regulatory Update NTL Update Alternate

OOC General Meeting- June 5, 2013 BSEE Update Agenda Regulatory Update NTL Update Alternate

OOC General Meeting- June 5, 2013 BSEE Update Agenda Regulatory Update NTL Update Alternate Compliance Update Idle Iron Update Supplemental Bonding/Decommissioning Cost Update SEMS Update Other Questions/ Beat Up Regulator? Final Rule

769 views • 29 slides
Enrollment Update 2 Enrollment Update K-12 3 Enrollment Update K-5 4 Enrollment Update 6-8 5

Enrollment Update 2 Enrollment Update K-12 3 Enrollment Update K-5 4 Enrollment Update 6-8 5

Enrollment Update 2 Enrollment Update K-12 3 Enrollment Update K-5 4 Enrollment Update 6-8 5 Enrollment Update 9-12 6 BOE Declining Enrollment Resolution During the June 8, 2018, the Board of Education Meeting approved the Declining

716 views • 29 slides
Integrating User Community Content with Systems Management Aaron Prayther, aprayther@lce.com

Integrating User Community Content with Systems Management Aaron Prayther, aprayther@lce.com

Integrating User Community Content with Systems Management Aaron Prayther, aprayther@lce.com James Labocki, jlabocki@redhat.com 05.06.11 3 4 Update 5 Update Update Update Update Update Update Update Update Update Update Update

799 views • 65 slides
Legal Update Legal Update Legal Update Legal Update Title Issues Conveyances of causes of

Legal Update Legal Update Legal Update Legal Update Title Issues Conveyances of causes of

Legal Update Legal Update Legal Update Legal Update Title Issues Conveyances of causes of action Injury occurred before Plaintiff owned the property Prior owners did not convey the cause of action in deed Discovery Rule

437 views • 18 slides
1/23/2014 NWC Redevelopment Programme Update Procurement Update Demolition Update

1/23/2014 NWC Redevelopment Programme Update Procurement Update Demolition Update

1/23/2014 NWC Redevelopment Programme Update Procurement Update Demolition Update Programme Communications &amp; Engagement Next Steps NWC Redevelopment Project Update Alignment to Councils Objectives New Walk Site

319 views • 4 slides
Spokesmans update: Contents: Update Evolution of organisation Towards Step IV

Spokesmans update: Contents: Update Evolution of organisation Towards Step IV

K. Long, 12 December, 2013 Spokesmans update: Contents: Update Evolution of organisation Towards Step IV CM38 Napa California, 24-26 February 2014 Spokesmans update Update: R. Preece (and TS) will cover progress, so: Just

390 views • 11 slides
.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry

.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry

.ke DNSSec Update Toilem Poriot Godwin .ke DNSsec update Update on what .ke registry experienced 30th April 2015-- Longest mornings I have ever had. Day started as usual but takes a turn at 9:30am Great day turns to a

449 views • 11 slides
Agenda 1. Update on Elder Selection / Chiller purchase Kim C 2. Update from Finance Team Laurie

Agenda 1. Update on Elder Selection / Chiller purchase Kim C 2. Update from Finance Team Laurie

12/2 Congregation Meeting Agenda 1. Update on Elder Selection / Chiller purchase Kim C 2. Update from Finance Team Laurie Wallis 3. Update on Gerald Farley Report Kirby J 4. Update on Communications Drew Hoey 5. Update on Governance Dan

682 views • 42 slides
NC F1RST COVID-19 Update H. Tasaico April 24, 2020 NC F!RST COVID19 Update COVID19 -

NC F1RST COVID-19 Update H. Tasaico April 24, 2020 NC F!RST COVID19 Update COVID19 -

NC F1RST COVID-19 Update H. Tasaico April 24, 2020 NC F!RST COVID19 Update COVID19 - Confirmed Deaths 2 NC F!RST COVID19 Update The Great Lockdown Unemployment Claims 4/21 NC Update: 700K 4/23 US Update: 26.5M Source: FT, Trading

151 views • 14 slides
ARENA RENOVATION ARENA RENOVATION ARENA RENOVATION ARENA RENOVATION UPDATE UPDATE UPDATE

ARENA RENOVATION ARENA RENOVATION ARENA RENOVATION ARENA RENOVATION UPDATE UPDATE UPDATE

ARENA RENOVATION ARENA RENOVATION ARENA RENOVATION ARENA RENOVATION UPDATE UPDATE UPDATE UPDATE August 8, 2019 ENVIRONMENTAL QUALITY AND SUSTAINABILITY COMMISSION Update on City Update on City Update on City- Update on City - -

313 views • 13 slides
IQCS Update from MRS Debrah Harding Managing Director MRS Topics for Today - Update from MRS

IQCS Update from MRS Debrah Harding Managing Director MRS Topics for Today - Update from MRS

IQCS Update from MRS Debrah Harding Managing Director MRS Topics for Today - Update from MRS - New MRS initiatives for 2019/20: Launch of the MRS/AQR RAS Training Update to the MRS Code of Conduct Update to ISO 20252: 2019 Update on GDPR

351 views • 33 slides
IQCS AGM Update from MRS Debrah Harding Managing Director MRS Topics for Today - Update from

IQCS AGM Update from MRS Debrah Harding Managing Director MRS Topics for Today - Update from

IQCS AGM Update from MRS Debrah Harding Managing Director MRS Topics for Today - Update from MRS - New MRS initiatives for 2019/20: Launch of the MRS/AQR RAS Training Update to the MRS Code of Conduct Update to ISO 20252: 2019 Update on

539 views • 33 slides
MRL CRG Cleanaway Update 21 May 2020 Operations Update Fill progression 4B-2 (Lift 4) is now

MRL CRG Cleanaway Update 21 May 2020 Operations Update Fill progression 4B-2 (Lift 4) is now

MRL CRG Cleanaway Update 21 May 2020 Operations Update Fill progression 4B-2 (Lift 4) is now 50% complete Elevation | 2 Operations Update Landfill Gas Collection Update The 40 new vertical extraction gas wells completed in

448 views • 15 slides
Programme Update Status Update, Six Month Report &amp; Change Request Status Update Lake

Programme Update Status Update, Six Month Report &amp; Change Request Status Update Lake

Programme Update Status Update, Six Month Report &amp; Change Request Status Update Lake Rotorua Low Nitrogen Land Use Fund Round 2 Recommendations. Incentives Scheme 20T Achieved, 25T in pipeline. Strategic Review for new

149 views • 12 slides
Illinois Legal Update Patrick M. Miller, Partner ILLINOIS Legal Update Case Law Update:

Illinois Legal Update Patrick M. Miller, Partner ILLINOIS Legal Update Case Law Update:

Illinois Legal Update Patrick M. Miller, Partner ILLINOIS Legal Update Case Law Update: Limitations periods applicable to construction related and indemnification claims Strict application of affidavit requirements in Mechanics Lien

721 views • 35 slides
Investor update presentation February 2017 Content Update on Q4 2016 financial performance 3-8

Investor update presentation February 2017 Content Update on Q4 2016 financial performance 3-8

Investor update presentation February 2017 Content Update on Q4 2016 financial performance 3-8 Recap on ATG Evolution 9-10 Update on hospitality strategic business unit 11-14 Update on online travel and E-Commerce 15-17 2 Section 1

378 views • 17 slides
Low profile slides type RTS TECHNISCHE DATEN ASSEMBLY The mounting holes of each type are

Low profile slides type RTS TECHNISCHE DATEN ASSEMBLY The mounting holes of each type are

Low profile slides type RTS TECHNISCHE DATEN ASSEMBLY The mounting holes of each type are drilled to a standard confjguration in slide-top and -base and permit the user a quick attachment into the application. Thread holes in the table

368 views • 7 slides
Virtual Town Hall: Impact of COVID 19 Immigration Topics for UR Faculty &amp; Advisors Fall

Virtual Town Hall: Impact of COVID 19 Immigration Topics for UR Faculty &amp; Advisors Fall

Virtual Town Hall: Impact of COVID 19 Immigration Topics for UR Faculty &amp; Advisors Fall 2020 Academic Planning and Advising Considerations for Faculty/Advisors/Administrators to support F 1 International Students July 23, 2020 11:00

381 views • 9 slides
and implications for Integrated Resource Planning Proposed Reference System Plan for the CPUC

and implications for Integrated Resource Planning Proposed Reference System Plan for the CPUC

Overview of CAISOs Transmission Planning Process and implications for Integrated Resource Planning Proposed Reference System Plan for the CPUC Integrated Resource Planning (IRP) Process, San Francisco September 25, 2017 Delphine Hou

240 views • 12 slides
Texas Tech University System Enterprise Risk Management Workshop October 31, 2017 ERM Overview

Texas Tech University System Enterprise Risk Management Workshop October 31, 2017 ERM Overview

Texas Tech University System Enterprise Risk Management Workshop October 31, 2017 ERM Overview Evolution of Risk Management Enterprise Risk Management Workshop Risk Traditional Definition The possibility Minimizing the that something

557 views • 36 slides
Quality Assurance &amp; Standards PSD3 Nov 2013 PSD3 QA Lecture 1 Overview Quality

Quality Assurance &amp; Standards PSD3 Nov 2013 PSD3 QA Lecture 1 Overview Quality

Quality Assurance &amp; Standards PSD3 Nov 2013 PSD3 QA Lecture 1 Overview Quality Assurance (QA) checking what we are producing QA standards checking the checking PSD3 QA Lecture 2 Further Reading Sommerville 9 th

341 views • 32 slides
Good Enough Architecture Stefan Tilkov stefan.tilkov@innoq.com @stilkov &quot;Tegel

Good Enough Architecture Stefan Tilkov stefan.tilkov@innoq.com @stilkov &quot;Tegel

GOTO Berlin 2019 Good Enough Architecture Stefan Tilkov stefan.tilkov@innoq.com @stilkov &quot;Tegel Airport TXL Berlin May 2012 - 19&quot; by andynash is licensed under CC BY-SA 2.0 (Software) Architecture De f initions Fundamental

873 views • 68 slides
Working Group U P D A T E T O V S P C 1 2 / 1 1 / 1 3 Background Stakeholders have

Working Group U P D A T E T O V S P C 1 2 / 1 1 / 1 3 Background Stakeholders have

ISO-NE Distributed Generation Working Group U P D A T E T O V S P C 1 2 / 1 1 / 1 3 Background Stakeholders have encouraged ISO-NE to include the impacts of Distributed Generation (DG) in RSP Goal Interim forecast to be included

338 views • 12 slides
Rule of Thumb for selecting Insulated Metal Panels (IMPS) Paul Bertram FCSI, CDT, LEED AP

Rule of Thumb for selecting Insulated Metal Panels (IMPS) Paul Bertram FCSI, CDT, LEED AP

Rule of Thumb for selecting Insulated Metal Panels (IMPS) Paul Bertram FCSI, CDT, LEED AP BD&amp;C paul.bertram@kingspan.com 386-785-3063 IMP Continuous Improvement &amp; Product Optimization Insulated Metal Panel Cradle to Grave

253 views • 7 slides

More recommend