permutation based symmetric cryptography and keccak
play

Permutation-based symmetric cryptography and Keccak Joan Daemen 1 - PowerPoint PPT Presentation

Dec 22, 2022 •167 likes •695 views

. .. . .. . . .. . . .. . . .. . . . .. . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Permutation-based symmetric cryptography and Keccak Joan Daemen 1 joint work with . .. . . . . .. .

  1. . .. . .. . . .. . . .. . . .. . . . .. . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Permutation-based symmetric cryptography and Keccak Joan Daemen 1 joint work with . .. . . . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. Ecrypt II, Crypto for 2020, Tenerife, January 22 to 24, 2013 Guido Bertoni 1 , Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors

  2. . . . . .. . . .. . . .. . . .. . . .. .. . . 3 6 Keccak 5 Requirements for the permutation 4 On the efficiency of permutation-based cryptography Permutation-based cryptography .. 2 Mainstream symmetric cryptography 1 Outline Mainstream symmetric cryptography Permutation-based symmetric cryptography and Keccak . . .. .. .. .. . . .. . . . . . .. . . .. . . . .. . . . .. . . .. . .. . . . .. . . .. . Conclusions

  3. . .. .. . . .. . . . . . .. . . .. . . .. .. Block ciphers Keyed: MAC functions Non-keyed Hash functions Self-synchronizing Synchronous Stream ciphers Symmetric cryptographic primitives: . Symmetric crypto: what textbooks and intro’s say Mainstream symmetric cryptography Permutation-based symmetric cryptography and Keccak . .. . . . .. . . . .. . . .. . . .. . . .. . . .. . . .. .. . . .. . . . .. . .. . . .. . . And their modes-of-use

  4. . . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography The hash function cliché .. . .. . . . .. . . .. . . .. . . .. . .. .. . . .. . . .. . . .. . . .. . . Hash functions:

  5. . . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography The hash function cliché Hash functions: .. . .. . . . .. . . .. . . .. . . .. . .. .. . . .. . . .. . . .. . . .. . . But MD5, SHA-1, etc.: just block ciphers in some mode

  6. . .. . . .. . . .. . . .. . . .. . . . . You can do everything with a block cipher Hashing and its modes HMAC, MGF1, … MAC computation: CBC-MAC, C-MAC, … self-synchronizing: CFB synchronous: counter mode, OFB, … Stream encryption: Block encryption: ECB, CBC, … Mainstream symmetric cryptography . Permutation-based symmetric cryptography and Keccak . .. . . .. .. . .. . . . .. . . .. . . .. . . .. . . .. . .. . . . .. . . .. . .. .. . . .. . . Authenticated encryption: OCB, GCM, CCM …

  7. . . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography Seems like this is closer to the truth nowadays .. . .. . . . .. . . .. . . .. . . .. . .. .. . . .. . . .. . . .. . . .. . . Block cipher:

  8. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Block cipher operation

  9. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Block cipher operation: the inverse

  10. . .. .. . . .. . . . . . .. . . .. . . .. .. Block encryption: ECB, CBC, … Most schemes with misuse-resistant claims Authenticated encryption: OCB, GCM, CCM … MAC computation: CBC-MAC, C-MAC, … self-synchronizing: CFB synchronous: counter mode, OFB, … Stream encryption: Hashing and its modes HMAC, MGF1, … . Indicated in red: When do you need the inverse? Mainstream symmetric cryptography Permutation-based symmetric cryptography and Keccak . .. . . . .. . . . .. . . .. . . .. . . .. . . .. . . .. .. . . .. . . . .. . .. . . .. . . So for most uses you don’t need the inverse!

  11. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Internals of a typical block cipher

  12. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Hashing use case: Davies-Meyer compression function

  13. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Removing unnecessary diffusion restriction

  14. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Simplifying the view: iterated permutation

  15. . .. .. . . .. . . . . . .. . . .. . . .. .. Hashing and its modes HMAC, MGF1, … Authenticated encryption: OCB, GCM, CCM … MAC computation: CBC-MAC, C-MAC, … self-synchronizing: CFB synchronous: counter mode, OFB, … Stream encryption: Block encryption: ECB, CBC, … In all modes but those in red: . Where can you plug in a permutation? Mainstream symmetric cryptography Permutation-based symmetric cryptography and Keccak . .. . . . .. . . . .. . . .. . . .. . . .. . . .. . . .. .. . . .. . . . .. . .. . . .. . . But also nice opportunity to clean up the modes!

  16. . . . . .. . . .. . . .. . . .. . . .. .. . . 3 6 Keccak 5 Requirements for the permutation 4 On the efficiency of permutation-based cryptography Permutation-based cryptography .. 2 Mainstream symmetric cryptography 1 Outline Permutation-based cryptography Permutation-based symmetric cryptography and Keccak . . .. .. .. .. . . .. . . . . . .. . . .. . . . .. . . . .. . . .. . .. . . . .. . . .. . Conclusions

  17. . . . . .. . . .. . . .. . . .. . .. .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Permutation-based cryptography The sponge construction efficiency: processes r bits per call to f .. . . .. . . .. . . .. . . .. . . .. . . .. . . . .. . . .. . . .. . . .. . Flexibility in trading rate r for capacity c or vice versa f : a b -bit permutation with b = r + c security: provably resists generic attacks up to 2 c / 2

  18. . . . . .. . . .. . . .. . . .. . . .. .. . . Security for a specific choice of f Hermetic Sponge Strategy tight claim: no attacks better than generic attacks Security claim: target for attacks assurance by absence of attacks despite public scrutiny design f with attacks in mind security proof is infeasible limitation: inner collisions in c -bit inner part .. tight: as sound as theoretically possible assuming f has been chosen randomly Proof of security against generic attacks: What can we say about sponge security Permutation-based cryptography Permutation-based symmetric cryptography and Keccak . . .. .. .. .. . . .. . . . . . .. . . .. . . . .. . . . .. . . .. . .. . . . .. . . .. . weaker claims relax conditions on f

  19. . . .. . . .. . . .. . . .. . . .. . .. . . . .. . . .. . Permutation-based symmetric cryptography and Keccak Permutation-based cryptography Regular hashing Pre-sponge permutation-based hash functions Truncated permutation as compression function: Snefru [Merkle ’90] , FFT-Hash [Schnorr ’90] , …MD6 [Rivest et al. 2007] Streaming-mode: Subterranean , Panama , RadioGatún , . .. .. .. . . .. . . .. . . .. . . .. . . . . . . .. . . .. . . .. . . .. . . .. , Thomsen, 2007] , … Grindahl [Knudsen, Rechberger

  20. . . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Permutation-based cryptography Message authentication codes Pre-sponge (partially) permutation-based MAC function: .. . .. . . . .. . . .. . . .. . . .. . .. .. . . .. . . .. . . .. . . .. . . Pelican-MAC [Daemen, Rijmen 2005]

  21. . . .. . . .. . . .. . . .. . . .. . .. . . . .. . . .. . Permutation-based symmetric cryptography and Keccak Permutation-based cryptography Stream encryption Similar to block cipher modes: Long keystream per IV: like OFB Short keystream per IV: like counter mode Independent permutation-based stream ciphers: Salsa and . .. .. .. . . .. . . .. . . .. . . .. . . . . . . .. . . .. . .. . . . .. . . .. ChaCha [Bernstein 2007]

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Permutation Based Cryptography for IoT Guido Bertoni 1 Joint work with CIoT 2012, Antwerp,

Permutation Based Cryptography for IoT Guido Bertoni 1 Joint work with CIoT 2012, Antwerp,

. . . . . . Permutation Based Cryptography for IoT Permutation Based Cryptography for IoT Guido Bertoni 1 Joint work with CIoT 2012, Antwerp, November 21 Joan Daemen 1 , Michal Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP

755 views • 41 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan Daemen 1 , Michal Peeters 2 , and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. While mainstream symmetric cryptography has

519 views • 12 slides
Key Wrapping with the Keccak Permutation Dmitry Khovratovich University of Luxembourg 17 January

Key Wrapping with the Keccak Permutation Dmitry Khovratovich University of Luxembourg 17 January

Key Wrapping with the Keccak Permutation Dmitry Khovratovich University of Luxembourg 17 January 2013 Key Wrapping Key wrap problem Multi-user system (e.g., industrial VPN): Many keys in use; Need of regular update; New session key

578 views • 29 slides
Innovations in symmetric cryptography Joan Daemen STMicroelectronics, Belgium SSTIC, Rennes, June

Innovations in symmetric cryptography Joan Daemen STMicroelectronics, Belgium SSTIC, Rennes, June

Innovations in symmetric cryptography Joan Daemen STMicroelectronics, Belgium SSTIC, Rennes, June 5, 2013 1 / 46 Outline 1 The origins 2 Early work 3 Rijndael 4 The sponge construction and Keccak 5 Conclusions 2 / 46 The origins

762 views • 59 slides
Permutation-based cryptography for the Internet of Things Gilles Van Assche 1 1 STMicroelectronics

Permutation-based cryptography for the Internet of Things Gilles Van Assche 1 1 STMicroelectronics

Permutation-based cryptography for the Internet of Things Gilles Van Assche 1 1 STMicroelectronics 2 Radboud University RIOT Summit 2017 Berlin, September 25-26, 2017 1 / 56 Joint work with Guido Bertoni, Joan Daemen 1 , 2 , Seth Hoffert,

871 views • 65 slides
New Techniques for Searching Di ff erential Trails in Keccak Guozhen Liu, Weidong Qiu, Yi Tu

New Techniques for Searching Di ff erential Trails in Keccak Guozhen Liu, Weidong Qiu, Yi Tu

New Techniques for Searching Di ff erential Trails in Keccak Guozhen Liu, Weidong Qiu, Yi Tu Nanyang Technological University, Singapore Shanghai Jiao Tong University, China 3-Round Di ff erential Trail Core Search of Keccak Permutation 1 / 21

392 views • 21 slides
SHA-3 and permutation-based cryptography Joan Daemen 1 Joint work with Crypto summer school

SHA-3 and permutation-based cryptography Joan Daemen 1 Joint work with Crypto summer school

SHA-3 and permutation-based cryptography Joan Daemen 1 Joint work with Crypto summer school ibenik, Croatia, June 1-6, 2014 1 / 49 Guido Bertoni 1 , Michal Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Outline

682 views • 56 slides
The State of the Art in Symmetric Lightweight Cryptography Lo Perrin Based on a joint work

The State of the Art in Symmetric Lightweight Cryptography Lo Perrin Based on a joint work

The State of the Art in Symmetric Lightweight Cryptography Lo Perrin Based on a joint work with Alex Biryukov November 18, 2017 Cryptacus Workshop Taken from a document writen originally in English. The programming of billions of processors

903 views • 75 slides
Outline Hash Functions 1 Iterated Hash Functions CPSC 418/MATH 318 Introduction to Cryptography

Outline Hash Functions 1 Iterated Hash Functions CPSC 418/MATH 318 Introduction to Cryptography

Outline Hash Functions 1 Iterated Hash Functions CPSC 418/MATH 318 Introduction to Cryptography SHA-1 SHA-3 (Keccak) Hash Functions, SHA-3, Message Authentication Codes 2 Sponge Construction Keccak Overview Renate Scheidler Keccak

888 views • 14 slides
Keccak From: 1.The Keccak reference 2. Keccak and the SHA-3 Standardization written by ! Guido

Keccak From: 1.The Keccak reference 2. Keccak and the SHA-3 Standardization written by ! Guido

Keccak From: 1.The Keccak reference 2. Keccak and the SHA-3 Standardization written by ! Guido Bertoni (STMicroelectronics) , ! Joan Daemen (STMicroelectronics) , ! Michal Peeters (NXP Semiconductors) , ! Gilles Van Assche

488 views • 26 slides
Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and

877 views • 28 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

263 views • 11 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
Synthesis of 5-BromoVerongamine, an Antibacterial Dibromotyrosine Metabolite from Pseudoceratina

Synthesis of 5-BromoVerongamine, an Antibacterial Dibromotyrosine Metabolite from Pseudoceratina

[c002] Synthesis of 5-BromoVerongamine, an Antibacterial Dibromotyrosine Metabolite from Pseudoceratina sponge Suresh K. Kottakota a , J. Jonathan Harburn a* , Anthony OShaughnessy a , Mark Gray a , Philppos Konstanidis a , Davis E. Yakubu a a

436 views • 7 slides
Bitcoin overview Joseph Bonneau This lecture Crypto background hash functions digital

Bitcoin overview Joseph Bonneau This lecture Crypto background hash functions digital

Lesson 1 Bitcoin overview Joseph Bonneau This lecture Crypto background hash functions digital signatures Intro to cryptocurrencies basic ledger-based cryptocurrency sybils and 51% attacks Lecture 1.1: Cryptographic Hash

878 views • 73 slides
state-recovery analysis of spritz Stefan Klbl 2 rc4 and tls RC4 Stream Cipher

state-recovery analysis of spritz Stefan Klbl 2 rc4 and tls RC4 Stream Cipher

Ralph Ankele 1 Christian Rechberger 2 August 25, 2015 1 RHUL, Royal Holloway University of London, United Kingdom 2 DTU Compute, Technical University of Denmark, Denmark state-recovery analysis of spritz Stefan Klbl 2 rc4 and tls RC4

656 views • 62 slides
Collision Spectrum, Entropy Loss, T-Sponges and Cryptanalysis of gluon -64 L eo Perrin Dmitry

Collision Spectrum, Entropy Loss, T-Sponges and Cryptanalysis of gluon -64 L eo Perrin Dmitry

Collision Spectrum, Entropy Loss, T-Sponges and Cryptanalysis of gluon -64 L eo Perrin Dmitry Khovratovitch firstname.lastname@uni.lu University of Luxembourg March 3, 2014 Perrin, Khovratovitch (Uni. of Luxembourg) Collision Spectrum,

1.12k views • 87 slides
Practical Analysis of Reduced-Round K ECCAK Mar a Naya-Plasencia, Andrea R ock and Willi

Practical Analysis of Reduced-Round K ECCAK Mar a Naya-Plasencia, Andrea R ock and Willi

Practical Analysis of Reduced-Round K ECCAK Mar a Naya-Plasencia, Andrea R ock and Willi Meier Indocrypt 2011 1 / 28 Overview Sponge construction and K ECCAK Previous analysis results Differentials in K ECCAK Differential

311 views • 28 slides
Generic security of the Keyed Sponge based on joint work with Guido Bertoni 1 , Michal Peeters 1

Generic security of the Keyed Sponge based on joint work with Guido Bertoni 1 , Michal Peeters 1

Generic security of the Keyed Sponge Generic security of the Keyed Sponge based on joint work with Guido Bertoni 1 , Michal Peeters 1 , Gilles Van Assche 1 , ArcticCrypt Longyearbyen July 19, 2016 1 / 30 Joan Daemen 1 , 2 Elena Andreeva 3

602 views • 33 slides
Sponge-Based Control-Flow Protection for IoT Devices Werner, Unterluggauer, Schaffenrath, Mangard

Sponge-Based Control-Flow Protection for IoT Devices Werner, Unterluggauer, Schaffenrath, Mangard

Sponge-Based Control-Flow Protection for IoT Devices Werner, Unterluggauer, Schaffenrath, Mangard 25th April 2018, London Graz University of Technology Motivation and Context Logical Attacks www.tugraz.at Exploit software and design bugs

616 views • 59 slides
www.pestcontrolcoronavirus.com Welcome and Introductions Sean Rollo, BCE President, CPMA

www.pestcontrolcoronavirus.com Welcome and Introductions Sean Rollo, BCE President, CPMA

www.pestcontrolcoronavirus.com Welcome and Introductions Sean Rollo, BCE President, CPMA www.pestcontrolcoronavirus.com Human Resource Perspectives Sara Cromwell, CHRL Human Resources Manager, Abell Pest Control

686 views • 30 slides

More recommend