security and implementation properties of abc v 2
play

Security and Implementation Properties of ABC v.2 Vladimir Anashin - PowerPoint PPT Presentation

Oct 26, 2023 •251 likes •811 views

Outline ABC v.2 Security Scalability Performance Summary Security and Implementation Properties of ABC v.2 Vladimir Anashin Andrey Bogdanov 1 Ilya Kizhvatov 2 Russian State University for the Humanities, Moscow, Russia

  1. Outline ABC v.2 Security Scalability Performance Summary Security and Implementation Properties of ABC v.2 Vladimir Anashin † Andrey Bogdanov ‡ 1 Ilya Kizhvatov † 2 † Russian State University for the Humanities, Moscow, Russia ‡ escrypt GmbH – Embedded Security, Bochum, Germany SASC 2006, Leuven, Belgium 1Partially supported by Ruhr-Universität Bochum 2Partially supported by the ECRYPT stipend V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 1/15

  2. Outline ABC v.2 Security Scalability Performance Summary Outline ABC v.2 Status Tweaks Security Keystream Properties Attacks and Remedies Scalability Performance V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 2/15

  3. Outline ABC v.2 Security Scalability Performance Summary Status ABC v.2 The status of the cipher ◮ Originally submitted to eSTREAM ◮ Attacked (Berbain, Gilbert, Khazaei; July 2005) ◮ Tweaks − → ABC v.2 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 3/15

  4. Outline ABC v.2 Security Scalability Performance Summary Status ABC v.2 The status of the cipher ◮ Originally submitted to eSTREAM ◮ Attacked (Berbain, Gilbert, Khazaei; July 2005) ◮ Tweaks − → ABC v.2 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 3/15

  5. Outline ABC v.2 Security Scalability Performance Summary Status ABC v.2 The status of the cipher ◮ Originally submitted to eSTREAM − → ABC v.1 ◮ Attacked (Berbain, Gilbert, Khazaei; July 2005) ◮ Tweaks − → ABC v.2 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 3/15

  6. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 B Tweaks B ( x ) ◮ 128-bit LFSR A x z 3 ¯ ◮ Faster transform B B ( x ) + ¯ z 3 x ◮ Adjusted setup z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) procedures A ( z ) C C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  7. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 B Tweaks B ( x ) ◮ 128-bit LFSR A x z 3 ¯ ◮ Faster transform B B ( x ) + ¯ z 3 x ◮ Adjusted setup z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) procedures A ( z ) C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  8. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 B Tweaks B ( x ) ◮ 128-bit LFSR A x z 3 ¯ ◮ Faster transform B B ( x ) + ¯ z 3 x ◮ Adjusted setup z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) procedures A ( z ) C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  9. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Tweaks IV B ( x ) ◮ 128-bit LFSR A x z 3 ¯ ◮ Faster transform B B ( x ) + ¯ z 3 x ◮ Adjusted setup z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) procedures A ( z ) C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  10. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Effects IV B ( x ) ◮ Longer keystream x z 3 ¯ period B ( x ) + ¯ z 3 x ◮ Larger secret state z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) ◮ Negligible A ( z ) performance overhead C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  11. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Effects IV B ( x ) ◮ Longer keystream x z 3 ¯ period B ( x ) + ¯ z 3 x ◮ Larger secret state z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) ◮ Negligible A ( z ) performance overhead C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  12. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Effects IV B ( x ) ◮ Longer keystream x z 3 ¯ period B ( x ) + ¯ z 3 x ◮ Larger secret state z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) ◮ Negligible A ( z ) performance overhead C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  13. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Effects IV B ( x ) ◮ Longer keystream x z 3 ¯ period B ( x ) + ¯ z 3 x ◮ Larger secret state z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) ◮ Negligible A ( z ) performance overhead C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  14. Outline ABC v.2 Security Scalability Performance Summary Keystream Properties ABC v.2 Proven Keystream Properties ◮ The length P of the shortest period of 32 -bit words P = 2 32 · (2 127 − 1) ◮ Uniform distribution of 32 -bit words � � { number of word occurrences } − 1 1 � � � < √ � � 2 32 P P � ◮ High linear complexity λ 2 31 · (2 127 − 1) + 1 � λ � 2 31 + 1 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 5/15

  15. Outline ABC v.2 Security Scalability Performance Summary Keystream Properties ABC v.2 Proven Keystream Properties ◮ The length P of the shortest period of 32 -bit words P = 2 32 · (2 127 − 1) ◮ Uniform distribution of 32 -bit words � � { number of word occurrences } − 1 1 � � � < √ � � 2 32 P P � ◮ High linear complexity λ 2 31 · (2 127 − 1) + 1 � λ � 2 31 + 1 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 5/15

  16. Outline ABC v.2 Security Scalability Performance Summary Keystream Properties ABC v.2 Proven Keystream Properties ◮ The length P of the shortest period of 32 -bit words P = 2 32 · (2 127 − 1) ◮ Uniform distribution of 32 -bit words � � { number of word occurrences } − 1 1 � � � < √ � � 2 32 P P � ◮ High linear complexity λ 2 31 · (2 127 − 1) + 1 � λ � 2 31 + 1 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 5/15

  17. Outline ABC v.2 Security Scalability Performance Summary Attacks and Remedies Attacks and Remedies Attack on ABC v.1 ◮ Divide and conquer (Berbain, Gilber; Khazaei) Non-bijective C → biased output → guessing the LFSR state Remedies ◮ Bijective C Distinguishing the right guess becomes impossible ◮ 128 -bit LFSR Attack complexity exceeds 2 128 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 6/15

  18. Outline ABC v.2 Security Scalability Performance Summary Attacks and Remedies Attacks and Remedies Attack on ABC v.1 ◮ Divide and conquer (Berbain, Gilber; Khazaei) Non-bijective C → biased output → guessing the LFSR state Remedies ◮ Bijective C Distinguishing the right guess becomes impossible ◮ 128 -bit LFSR Attack complexity exceeds 2 128 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 6/15

  19. Outline ABC v.2 Security Scalability Performance Summary Attacks and Remedies Attacks and Remedies Attack on ABC v.1 ◮ Divide and conquer (Berbain, Gilber; Khazaei) Non-bijective C → biased output → guessing the LFSR state Remedies ◮ Bijective C Distinguishing the right guess becomes impossible ◮ 128 -bit LFSR Attack complexity exceeds 2 128 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 6/15

  20. Outline ABC v.2 Security Scalability Performance Summary Attacks and Remedies Attacks and Remedies Attack on ABC v.1 ◮ Divide and conquer (Berbain, Gilber; Khazaei) Non-bijective C → biased output → guessing the LFSR state Remedies ◮ Bijective C − → attack possibility Distinguishing the right guess becomes impossible ◮ 128 -bit LFSR Attack complexity exceeds 2 128 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 6/15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval, Steve Kremer, Itsaka Rakotonirina Inria Nancy Grand-Est Security protocols TLS Wifi @ PASS E-voting E-passport 2 24 Security protocols

830 views • 69 slides
A (Co)inductive System Calculus for Security Properties [New title suggestions are welcome!]

A (Co)inductive System Calculus for Security Properties [New title suggestions are welcome!]

A (Co)inductive System Calculus for Security Properties [New title suggestions are welcome!] Eric Rothstein Morris Supervisor: Joachim Posegga Chair of IT Security University of Passau er@sec.uni-passau.de ESORICS 2015 - PhD Symposium

322 views • 17 slides
Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla ekr@rtfm.com EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 1 WARNING This talk contains no research content.

284 views • 15 slides
IMPLEMENTATION OF SECURITY COUNCIL RESOLUTION 2231 (2015) Ope Open Briefing n Briefing

IMPLEMENTATION OF SECURITY COUNCIL RESOLUTION 2231 (2015) Ope Open Briefing n Briefing

IMPLEMENTATION OF SECURITY COUNCIL RESOLUTION 2231 (2015) Ope Open Briefing n Briefing Security Council Facilitator New York, 1 March 2016 1 INTRODUCTION What has What are the changed since main provisions Implementation of Res. 2231?

416 views • 16 slides
Security Classification Policy Implementation in Policing Update Helen Edwards Head of

Security Classification Policy Implementation in Policing Update Helen Edwards Head of

Security Classification Policy Implementation in Policing Update Helen Edwards Head of Information Management March 2013 1 New Security Classifications From April 2014, the Government security classifications are changing.

173 views • 13 slides
PENSION IMPLEMENTATION IN THE CONTEXT OF LAW ON NATIONAL SOCIAL SECURITY SYSTEM: A MATHEMATICAL

PENSION IMPLEMENTATION IN THE CONTEXT OF LAW ON NATIONAL SOCIAL SECURITY SYSTEM: A MATHEMATICAL

PENSION IMPLEMENTATION IN THE CONTEXT OF LAW ON NATIONAL SOCIAL SECURITY SYSTEM: A MATHEMATICAL APPROACH Bambang Purwoko Member of National Social Security Council Experts Meeting of the ILO Le Meridien Jakarta, 12-15 December 2011 1

176 views • 16 slides
National Implementation Action Plans National Implementation Action Plans WORKSHOP ON THE

National Implementation Action Plans National Implementation Action Plans WORKSHOP ON THE

National Implementation Action Plans National Implementation Action Plans WORKSHOP ON THE IMPLEMENTATION OF UNITED NATIONS SECURITY COUNCIL WORKSHOP ON THE IMPLEMENTATION OF UNITED NATIONS SECURITY COUNCI L RESOLUTION 1540 (2004) RESOLUTION

229 views • 11 slides
Biological Risk Management and United Nations Security Council Resolution 1540: Implementation

Biological Risk Management and United Nations Security Council Resolution 1540: Implementation

Biological Risk Management and United Nations Security Council Resolution 1540: Implementation and Technical Assistance in Central America and the Caribbean Dana Perkins, PhD 1540 Committee Expert Regional Workshop on National Implementation

175 views • 16 slides
WORKSHOP ON THE IMPLEMENTATION OF UNITED NATIONS SECURITY COUNCIL RESOLUTION 1540 (2004)

WORKSHOP ON THE IMPLEMENTATION OF UNITED NATIONS SECURITY COUNCIL RESOLUTION 1540 (2004)

WORKSHOP ON THE IMPLEMENTATION OF UNITED NATIONS SECURITY COUNCIL RESOLUTION 1540 (2004) IMPLEMENTATION OF RESOLUTION 1540 (2004) IN AFRICA: AN OVERVIEW ADDIS ABABA, ETHIOPIA, 10 DECEMBER 2013 BENNIE LOMBARD MEMBER GROUP OF EXPERTS ASSISTING

768 views • 29 slides
Assessment, and Implementation Plan May 11, 2018 The Homeland Security Systems Engineering and

Assessment, and Implementation Plan May 11, 2018 The Homeland Security Systems Engineering and

Cyber Risk Metrics Survey, Assessment, and Implementation Plan May 11, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI) is a trademark of the U.S. Department of Homeland Security (DHS). The HSSEDI FFRDC is

151 views • 13 slides
A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke

A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke

A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke Huisman Alejandro Tamalet Radboud University Nijmegen, The Netherlands Introduction: The Goal Trusted devices (smart phones, PDA, smart

787 views • 42 slides
Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and Algorithmic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems &amp; Applications Nancy France August 2018

1.23k views • 78 slides
Compositional Verification of Security Properties for Embedded Execution Platforms Christoph

Compositional Verification of Security Properties for Embedded Execution Platforms Christoph

Compositional Verification of Security Properties for Embedded Execution Platforms Christoph Baumann , Oliver Schwarz , Mads Dam KTH Royal Institute of Technology, Stockholm, Sweden RISE.SICS, Kista, Sweden cbaumann@kth.se

903 views • 65 slides
Proving Properties of Security Protocols by Induction Lawrence C. Paulson Computer Laboratory

Proving Properties of Security Protocols by Induction Lawrence C. Paulson Computer Laboratory

Proving Security Protocols 1 L. C. Paulson Proving Properties of Security Protocols by Induction Lawrence C. Paulson Computer Laboratory University of Cambridge Proving Security Protocols 2 L. C. Paulson Cryptographic Protocol Analysis

389 views • 24 slides
Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure,

Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure,

Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure, quipe Abstraction Mehdi Bouaziz Friday, May 11 2012 Static Analysis of Security Properties by Abstract Interpretation Mehdi Bouaziz, cole normale

839 views • 29 slides
Australias Implementation of the ISPS Code ARF 4th Inter Sessional Meeting Maritime Security

Australias Implementation of the ISPS Code ARF 4th Inter Sessional Meeting Maritime Security

Australias Implementation of the ISPS Code ARF 4th Inter Sessional Meeting Maritime Security Anthony Gibson Maritime Operational Policy Office of Transport Security Department of Infrastructure and Transport For Thought Does voluntary

303 views • 13 slides
FUELING PERFORMANCE NUTRITION FOR ATHLETES EN ENDURANCE E S SPEED EED H HYDRATION P

FUELING PERFORMANCE NUTRITION FOR ATHLETES EN ENDURANCE E S SPEED EED H HYDRATION P

FUELING PERFORMANCE NUTRITION FOR ATHLETES EN ENDURANCE E S SPEED EED H HYDRATION P PER ERFORMANCE E STREN ENGT GTH RECOV COVERY Visit us a t www.Co a c hRo b b .c o m I am sleeping like a baby 2 nd day in a row, something

729 views • 44 slides
From Array Domains to Abstract Interpretation Under Store-Buffer-Based Memory Models Thibault

From Array Domains to Abstract Interpretation Under Store-Buffer-Based Memory Models Thibault

From Array Domains to Abstract Interpretation Under Store-Buffer-Based Memory Models Thibault Suzanne, Antoine Min Static Analysis: 23rd International Symposium, SAS 2016 September, 2016, Edinburgh, UK Pirmin Schmid Seminar Software

759 views • 50 slides
Town of Burlington Department of Public Works Planning Board Informational Presentation Weston

Town of Burlington Department of Public Works Planning Board Informational Presentation Weston

Town of Burlington Department of Public Works Planning Board Informational Presentation Weston &amp; Sampson January 05, 2012 Meadow Road / Middlesex Turnpike Site | 3.4 Acres 1 Acre Environm ental Resources Map Wetlands Limits

536 views • 20 slides
Ami Z Zota, Sc ScD, M MS Founder and Director, Agents of Change in Environmental Health

Ami Z Zota, Sc ScD, M MS Founder and Director, Agents of Change in Environmental Health

Ami Z Zota, Sc ScD, M MS Founder and Director, Agents of Change in Environmental Health Associate Professor, George Washington University Milken School of Public Health https://www.agentsofchangeineh.com/ Image credit: Raya Hudhud My work

469 views • 10 slides
Combining Distant and Partial Supervision for Relation Extraction Gabor Angeli , Julie Tibshirani,

Combining Distant and Partial Supervision for Relation Extraction Gabor Angeli , Julie Tibshirani,

Combining Distant and Partial Supervision for Relation Extraction Gabor Angeli , Julie Tibshirani, Jean Y. Wu, Christopher D. Manning Stanford University October 28, 2014 Angeli, Tibshirani, Wu, Manning (Stanford) Combining Distant and Partial

960 views • 78 slides
A meshless method for the Reissner-Mindlin plate equations based on a stabilized mixed weak form

A meshless method for the Reissner-Mindlin plate equations based on a stabilized mixed weak form

A meshless method for the Reissner-Mindlin plate equations based on a stabilized mixed weak form using maximum-entropy basis functions J.S. Hale*, P.M. Baiz 11th September 2012 J.S. Hale 1 Mixed MaxEnt Method for Plates - ECCOMAS 2012

781 views • 29 slides
Spelling Presentation Book, Grade 3 (SRA Reading Mastery, Signature Spelling Presentation Book,

Spelling Presentation Book, Grade 3 (SRA Reading Mastery, Signature Spelling Presentation Book,

[PDF] Spelling Presentation Book, Grade 3 (SRA Reading Mastery, Signature Edition) Spelling Presentation Book, Grade 3 (SRA Reading Mastery, Signature Spelling Presentation Book, Grade 3 (SRA Reading Mastery, Signature Edition) Edition) Book

136 views • 3 slides
Math 233 Warm Up Problems September 15, 2009 1. Find the gradients of the functions (a) x f ( x

Math 233 Warm Up Problems September 15, 2009 1. Find the gradients of the functions (a) x f ( x

Math 233 Warm Up Problems September 15, 2009 1. Find the gradients of the functions (a) x f ( x , y ) = f = x + y 2 (b) x f ( x , y , z ) = f = y + z 2 2. Supose you have a function f ( x , y ) and you know that f f f (4 , 7) =

317 views • 7 slides

More recommend