programming the demirci selc uk meet in the middle attack
play

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with - PowerPoint PPT Presentation

Sep 17, 2023 •121 likes •726 views

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei Sun 1 Patrick Derbez 2 Yosuke Todo 3 Bing Sun 4 Lei Hu 1 1 Institute of Information Engineering, Chinese Academy of Sciences, China 2 Universit

  1. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei Sun 1 Patrick Derbez 2 Yosuke Todo 3 Bing Sun 4 Lei Hu 1 1 Institute of Information Engineering, Chinese Academy of Sciences, China 2 Universit Rennes 1 / IRISA 3 NTT Secure Platform Laboratories 4 College of Science, National University of Defense Technology,China ASK2017 2017.12.11 Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 1 / 22

  2. Outlines Introduction 1 Modelling the MITM attack 2 MITM and Impossible differential application in design 3 Conclusion 4 Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 2 / 22

  3. Introduction Outline 1 Introduction Searching methods Distinguisher of Demirci-Selc ¸uk MITM Key recovery attack of MITM Modelling the MITM attack 2 MITM and Impossible differential application in design 3 Conclusion 4 Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 3 / 22

  4. Introduction Searching methods Automatic Cryptanalysis Dedicated search MILP ,CP ,SAT,SMT Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 3 / 22

  5. Introduction Searching methods Searching methods for MITM Demirci-Selc ¸uk MITM, FSE 2008. Derbez and Fouque: Dedicated search algorithm Li Lin, Wenling Wu: General model based on MILP Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 4 / 22

  6. Introduction Distinguisher of Demirci-Selc ¸uk MITM MITM Distinguisher E

  7. Introduction Distinguisher of Demirci-Selc ¸uk MITM MITM Distinguisher δ ( A ) -set: { P 0 , P 1 , . . . , P N − 1 } A E

  8. Introduction Distinguisher of Demirci-Selc ¸uk MITM MITM Distinguisher δ ( A ) -set: { P 0 , P 1 , . . . , P N − 1 } A E B { C 0 , C 1 , . . . , C N − 1 }

  9. Introduction Distinguisher of Demirci-Selc ¸uk MITM MITM Distinguisher δ ( A ) -set: { P 0 , P 1 , . . . , P N − 1 } A E B { C 0 , C 1 , . . . , C N − 1 } ∆ E ( A , B ) : { C 0 [ B ] ⊕ C 1 [ B ] , C 0 [ B ] ⊕ C 2 [ B ] , . . . , C 0 [ B ] ⊕ C N − 1 [ B ] } Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 5 / 22

  10. Introduction Distinguisher of Demirci-Selc ¸uk MITM A E B Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 6 / 22

  11. Introduction Distinguisher of Demirci-Selc ¸uk MITM Random Cipher: N R A E B Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 6 / 22

  12. Introduction Distinguisher of Demirci-Selc ¸uk MITM Random Cipher: N R A Block Cipher : N E (save into a hash table) E B

  13. Introduction Distinguisher of Demirci-Selc ¸uk MITM Random Cipher: N R A Block Cipher : N E (save into a hash table) E N R Condition N E < N R N E B

  14. Introduction Distinguisher of Demirci-Selc ¸uk MITM Random Cipher: N R A Block Cipher : N E (save into a hash table) E N R Condition N E < N R N E B Distinguisher: ( A , B , N E ) Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 6 / 22

  15. Introduction Key recovery attack of MITM Structure of the attack a cipher is divided in three keyed permutations: E 0 , E 1 , E 2 Construct distinguisher ( A , B , N E ) at E 1 state 0 state 0 E 0 state 2 r 0 A E 1 state 2( r 0+ r 1) B E 2 state 2( r 0+ r 1+ r 2) Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 7 / 22

  16. Modelling the MITM attack Outline Introduction 1 Modelling the MITM attack 2 Modelling the distinguisher Modelling the Key-Recovery Process 3 MITM and Impossible differential application in design Conclusion 4 Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 8 / 22

  17. Modelling the MITM attack Modelling the distinguisher Variables state 0 state 0 M E 0 state 2 r 0 X, Y, Z, M E 1 X, Y, Z state 2( r 0+ r 1) X, Y, Z, W E 2 W state 2( r 0+ r 1+ r 2) Var(X) describe the forward differential Var(Y) describe the backward determination Var(Z) models the relation between Var(X) and Var(Y) Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 8 / 22

  18. Modelling the MITM attack Modelling the distinguisher Forward differential Variables Var(X) X r [ j ] = 0 iff P 0 r [ j ] ⊕ P i r [ j ] = 0, ∀ i ∈ 1 , . . . , N − 1. state 0 A x 0 x 1 NL state 1 Round 0 L state 2 x 2 x 3 NL state 3 Round 1 L x 2 = x 0 state 4 x 0 + x 1 2 x 3 ≥ NL state 5 Round 2 x 3 ≤ x 0 + x 1 L state 6

  19. Modelling the MITM attack Modelling the distinguisher Forward differential Variables Var(X) X r [ j ] = 0 iff P 0 r [ j ] ⊕ P i r [ j ] = 0, ∀ i ∈ 1 , . . . , N − 1. state 0 A x 0 x 1 NL state 1 Round 0 L state 2 x 2 x 3 NL state 3 Round 1 L x 2 = x 0 state 4 x 0 + x 1 2 x 3 ≥ NL state 5 Round 2 x 3 ≤ x 0 + x 1 L state 6

  20. Modelling the MITM attack Modelling the distinguisher Forward differential Variables Var(X) X r [ j ] = 0 iff P 0 r [ j ] ⊕ P i r [ j ] = 0, ∀ i ∈ 1 , . . . , N − 1. state 0 A x 0 x 1 NL state 1 Round 0 L state 2 x 2 x 3 NL state 3 Round 1 L x 2 = x 0 state 4 x 0 + x 1 2 x 3 ≥ NL state 5 Round 2 x 3 ≤ x 0 + x 1 L state 6

  21. Modelling the MITM attack Modelling the distinguisher Forward differential Variables Var(X) X r [ j ] = 0 iff P 0 r [ j ] ⊕ P i r [ j ] = 0, ∀ i ∈ 1 , . . . , N − 1. state 0 A x 0 x 1 NL state 1 Round 0 L state 2 x 2 x 3 NL state 3 Round 1 L x 2 = x 0 state 4 x 0 + x 1 2 x 3 ≥ NL state 5 Round 2 x 3 ≤ x 0 + x 1 L state 6 Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 9 / 22

  22. Modelling the MITM attack Modelling the distinguisher Backward determination Variables Var(Y) y 0 y 1 state 0 NL state 1 Round 0 L y 2 y 3 state 2 NL state 3 Round 1 L y 2 + y 3 2 y 0 ≤ state 4 NL y 2 + y 3 ≥ y 0 state 5 Round 2 y 1 = y 3 L state 6 B

  23. Modelling the MITM attack Modelling the distinguisher Backward determination Variables Var(Y) y 0 y 1 state 0 NL state 1 Round 0 L y 2 y 3 state 2 NL state 3 Round 1 L y 2 + y 3 2 y 0 ≤ state 4 NL y 2 + y 3 ≥ y 0 state 5 Round 2 y 1 = y 3 L state 6 B

  24. Modelling the MITM attack Modelling the distinguisher Backward determination Variables Var(Y) y 0 y 1 state 0 NL state 1 Round 0 L y 2 y 3 state 2 NL state 3 Round 1 L y 2 + y 3 2 y 0 ≤ state 4 NL y 2 + y 3 ≥ y 0 state 5 Round 2 y 1 = y 3 L state 6 B

  25. Modelling the MITM attack Modelling the distinguisher Backward determination Variables Var(Y) y 0 y 1 state 0 NL state 1 Round 0 L y 2 y 3 state 2 NL state 3 Round 1 L y 2 + y 3 2 y 0 ≤ state 4 NL y 2 + y 3 ≥ y 0 state 5 Round 2 y 1 = y 3 L state 6 B Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 10 / 22

  26. Modelling the MITM attack Modelling the distinguisher Constraints for Var(Z) Variables Var(Z) describe the relation between Var(X) and Var(Y) : Z r [ j ] = 1 iff X r [ j ] = Y r [ j ] = 1 state 0 A NL state 1 Round 0 L state 2 NL state 3 Round 1 L state 4 NL state 5 Round 2 L state 6 B objective function: Minimize � r 0 + r 1 − 1 r = r 0 + 1 Z 2 r

  27. Modelling the MITM attack Modelling the distinguisher Constraints for Var(Z) Variables Var(Z) describe the relation between Var(X) and Var(Y) : Z r [ j ] = 1 iff X r [ j ] = Y r [ j ] = 1 state 0 A NL state 1 Round 0 L state 2 NL state 3 Round 1 L state 4 NL state 5 Round 2 L state 6 B objective function: Minimize � r 0 + r 1 − 1 r = r 0 + 1 Z 2 r Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 11 / 22

  28. Modelling the MITM attack Modelling the distinguisher Round 1 Round 2 SB , AC MC SB , AC MC AK , SR AK , SR Round 3 Round 4 SB , AC MC SB , AC MC AK , SR AK , SR Round 5 Round 6  1 0 1 1  SB , AC MC SB , AC MC       1 0 0 0   AK , SR AK , SR   MC =       0 1 1 0     Round 7 Round 8       SB , AC MC SB , AC MC   1 0 1 0 AK , SR AK , SR Round 9 Round 10 SB , AC MC SB , AC MC AK , SR AK , SR Round 11 SB , AC AK , SR

  29. Modelling the MITM attack Modelling the distinguisher Round 1 Round 2 SB , AC MC SB , AC MC AK , SR AK , SR Round 3 Round 4 SB , AC MC SB , AC MC AK , SR AK , SR Round 5 Round 6  1 0 1 1  SB , AC MC SB , AC MC       1 0 0 0   AK , SR AK , SR   MC =       0 1 1 0     Round 7 Round 8       SB , AC MC SB , AC MC   1 0 1 0 AK , SR AK , SR Round 9 Round 10 SB , AC MC SB , AC MC AK , SR AK , SR Round 11 SB , AC AK , SR

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei Sun 1 Patrick Derbez 2 Yosuke Todo 3 Bing Sun 4 Lei Hu 1 1 Institute of Information Engineering, Chinese Academy of Sciences, China 2 Univ Rennes,

1.17k views • 87 slides
Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez

Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez

Introduction Demirci and Sel cuk Attack Differential Enumeration Technique Conclusion Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez 1 Pierre-Alain Fouque 1 , 2 Ecole Normale Sup

1.25k views • 60 slides
A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented

A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented

A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented by Orhun Kara 1 Outline The AES A 5-round distinguisher Attack on 7-round AES-192, AES-256 and 8-round AES-256 Some optimizations

504 views • 19 slides
Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France

Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France

Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France FSE, March 3-5 2014 Plan 1 Match Box Meet-in-the-Middle Attacks Sieve-in-the-Middle Framework Match Box Cryptanalysis of KATAN 2 Description

1.61k views • 37 slides
Meet in the Middle Attack Using Output Truncation in 3 Pass HAVAL Yu Sasaki NTT

Meet in the Middle Attack Using Output Truncation in 3 Pass HAVAL Yu Sasaki NTT

Meet in the Middle Attack Using Output Truncation in 3 Pass HAVAL Yu Sasaki NTT Corporation 07/Sep/2009 ISC2009@Pisa 1/22 Yu Sasaki, MitM using output truncation of 3 Haval Summary HAVAL is a hash function that can produce

507 views • 23 slides
Meet in the Middle - STP March 20, 2019 1 / 17 Last weeks exercise Solution on whiteboard.

Meet in the Middle - STP March 20, 2019 1 / 17 Last weeks exercise Solution on whiteboard.

Meet in the Middle - STP March 20, 2019 1 / 17 Last weeks exercise Solution on whiteboard. 2 / 17 Recap of MitM attack Whiteboard 3 / 17 Searching for attacks By hand - Last week(s) Using the computer - This week 4 / 17

689 views • 23 slides
Desert Sky Middle School Virtual Meet the Teacher Hill/Willard/Crabtree/Chen Meet Your Teams

Desert Sky Middle School Virtual Meet the Teacher Hill/Willard/Crabtree/Chen Meet Your Teams

Desert Sky Middle School Virtual Meet the Teacher Hill/Willard/Crabtree/Chen Meet Your Teams Teachers: Ming Chen Meagan Willard Kristi Hill Lisa Crabtree Mandarin Math &amp; SS Language Arts Science &amp; SS &amp; SS &amp; SS Meet

551 views • 11 slides
Diffie-Hellman not secure against Man-in-the-Middle-attack: Want to guarantee authenticity. Alice

Diffie-Hellman not secure against Man-in-the-Middle-attack: Want to guarantee authenticity. Alice

Diffie-Hellman not secure against Man-in-the-Middle-attack: Want to guarantee authenticity. Alice Mallory Bob Can achieve this with publc-key cryptography as well. g a a First example: Schnorr Signature g m m a 1024 bit

283 views • 3 slides
Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g

Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g

Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g m m g ma g ma g n n g b b g nb g nb g ma g ma , g nb g nb Eike Ritter Cryptography 2014/15 106

417 views • 9 slides
Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle

Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle

Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle attack Diffie-Hellman Alice Bob new na new nb g na g nb K = (g nb ) na K = (g na ) nb Man-in-the-middle attack Diffie-Hellman Alice Bob Alice

401 views • 25 slides
Desert Sky Middle School Virtual Meet the Teacher Team C Team Introductions Tina Murray -

Desert Sky Middle School Virtual Meet the Teacher Team C Team Introductions Tina Murray -

Desert Sky Middle School Virtual Meet the Teacher Team C Team Introductions Tina Murray - Science Joe Isaac - Language Arts Lisa Nussmeier - Social Studies Melissa Little - Math Meet Our Specialists Sal Rodriguez - Physical Education (PE)

510 views • 12 slides
SELC : Sequential Elimination of Level Combinations by Means of Modified Genetic Algorithms

SELC : Sequential Elimination of Level Combinations by Means of Modified Genetic Algorithms

SELC : Sequential Elimination of Level Combinations by Means of Modified Genetic Algorithms Revision submitted to Technometrics Abhyuday Mandal Ph.D. Candidate School of Industrial and Systems Engineering Georgia Institute of Technology

487 views • 46 slides
WELCOME TO GLEN HILLS MIDDLE SCHOOL OPEN HOUSE 2019-20 Meet the 8th Grade Team! Mike

WELCOME TO GLEN HILLS MIDDLE SCHOOL OPEN HOUSE 2019-20 Meet the 8th Grade Team! Mike

WELCOME TO GLEN HILLS MIDDLE SCHOOL OPEN HOUSE 2019-20 Meet the 8th Grade Team! Mike Birmingham Jaclyn Orozco Natalie Block Shana Lucas Spanish Math Special Education AVID Coordinator AVID Elective Meet the 8th Grade Team! Jen Clark

190 views • 18 slides
Supersense Tagging for Arabic: The MT-in-the-Middle Attack Nathan Schneider Behrang Mohit Chris

Supersense Tagging for Arabic: The MT-in-the-Middle Attack Nathan Schneider Behrang Mohit Chris

Supersense Tagging for Arabic: The MT-in-the-Middle Attack Nathan Schneider Behrang Mohit Chris Dyer Kemal Oflazer Noah A. Smith 1 Gameplan Supersense(Tagging Baselines MT0in0the0Middle Analysis Outlook 3 Supersense(Tagging A

194 views • 18 slides
s e i t i v i t c A r a l u c i r r u c a r t x E Elm Middle School Why

s e i t i v i t c A r a l u c i r r u c a r t x E Elm Middle School Why

s e i t i v i t c A r a l u c i r r u c a r t x E Elm Middle School Why be involved? Fun Develop skills such as time management, Explore career prioritization, and interests organization, Meet people and

540 views • 15 slides
Welcome to Grapevine Middle School Meet the Counselors Mrs. Johnson- Counselor Traditional A-Z

Welcome to Grapevine Middle School Meet the Counselors Mrs. Johnson- Counselor Traditional A-Z

Welcome to Grapevine Middle School Meet the Counselors Mrs. Johnson- Counselor Traditional A-Z Mrs. Gardner- Counselor Specializing in STEM and Dual Language Mrs. Lemke Student Advocate GMS Administration Principal Dr. Koehler

710 views • 14 slides
VISUALIZING THE DRIFT OF LOD USING SELF-ORGANIZING MAPS

VISUALIZING THE DRIFT OF LOD USING SELF-ORGANIZING MAPS

VISUALIZING THE DRIFT OF LOD USING SELF-ORGANIZING MAPS Albert Meroo-Peuela, Peter WiHek, Sndor Darnyi 1 st DriL-a-LOD Workshop, EKAW #

748 views • 25 slides
Automated Testing Laboratory for Embedded Linux Distributions . Pawe Wieczorek October 11,

Automated Testing Laboratory for Embedded Linux Distributions . Pawe Wieczorek October 11,

Automated Testing Laboratory for Embedded Linux Distributions . Pawe Wieczorek October 11, 2016 Samsung R&amp;D Institute Poland Agenda . 1. Introduction 2. Motivation 3. Automation opportunities with our solutions 4. Future plans 5.

683 views • 53 slides
AmuseWiki: a library oriented wiki engine (talk) Marco Pessotto (melmothX) September 3, 2015,

AmuseWiki: a library oriented wiki engine (talk) Marco Pessotto (melmothX) September 3, 2015,

AmuseWiki: a library oriented wiki engine (talk) Marco Pessotto (melmothX) September 3, 2015, Granada Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 User management . . . . . . . . . . . .

444 views • 7 slides
KDI Semantic Heterogeneity Examples Fausto Giunchiglia and Mattia Fumagallli University of

KDI Semantic Heterogeneity Examples Fausto Giunchiglia and Mattia Fumagallli University of

KDI Semantic Heterogeneity Examples Fausto Giunchiglia and Mattia Fumagallli University of Trento 0/61 Open Data Projects Open data is data that anyone can access, use or share. Simple as that. When big companies or governments release

499 views • 30 slides
Improved Attacks on Full GOST Itai Dinur 1 , Orr Dunkelman 1,2 and Adi Shamir 1 1 The Weizmann

Improved Attacks on Full GOST Itai Dinur 1 , Orr Dunkelman 1,2 and Adi Shamir 1 1 The Weizmann

Improved Attacks on Full GOST Itai Dinur 1 , Orr Dunkelman 1,2 and Adi Shamir 1 1 The Weizmann Institute, Israel 2 University of Haifa, Israel GOST Designed by Soviet cryptographers in the 1980 s Motivated by the desire to construct an

995 views • 34 slides
Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Cryptography Encryption and Attacks Encryption Building Blocks Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography Stream Cipher Design Principles Example: Brute School of Engineering and Technology

681 views • 51 slides
CS CS 134 134 Fa Fall2016 Mi Midterm rm Re Review 1 Co Comp mputer r Se Securi rity:

CS CS 134 134 Fa Fall2016 Mi Midterm rm Re Review 1 Co Comp mputer r Se Securi rity:

CS CS 134 134 Fa Fall2016 Mi Midterm rm Re Review 1 Co Comp mputer r Se Securi rity: y: Th The Ca Cast of of C Characters Your Computer/Phone/Tablet Attacker or Adversary Your data: financial, health records, intellectual

958 views • 75 slides
Meet in the Middle March 18, 2020 1 / 24 My optimizations F : 4 Sbox : 26 Sbox 8 b i t

Meet in the Middle March 18, 2020 1 / 24 My optimizations F : 4 Sbox : 26 Sbox 8 b i t

Meet in the Middle March 18, 2020 1 / 24 My optimizations F : 4 Sbox : 26 Sbox 8 b i t : 12 Sbox 16 b i t : 12 Round f u n c t i o n : 14 Next roundkey : 6 Encrypt : 318 Encrypt u n r o l l e d : 314 2 / 24 Sbox

470 views • 27 slides

More recommend