the estream project
play

The eSTREAM Project Matt Robshaw Orange Labs 11.06.07 Orange Labs - PDF document

Dec 03, 2023 •361 likes •581 views

The eSTREAM Project Matt Robshaw Orange Labs 11.06.07 Orange Labs ECRYPT An EU Framework VI Network of Excellence > 5 M over 4.5 years More than 30 european institutions (academic and industry) ECRYPT activities are

  1. The eSTREAM Project Matt Robshaw Orange Labs 11.06.07 Orange Labs ECRYPT � An EU Framework VI Network of Excellence � > 5 M€ over 4.5 years � More than 30 european institutions (academic and industry) � ECRYPT activities are divided into Virtual Labs � Which in turn are divided into Working Groups General SPEED Assembly eSTREAM Strategic Project Executive Mgt Comm. Committee Coordinator STVL AZTEC PROVILAB VAMPIRE WAVILA WG1 WG2 WG3 WG4 The eSTREAM Project – Matt Robshaw (2) Orange Labs 1

  2. Cryptography (Overview!) � Cryptographic algorithms often divided into two classes � Symmetric (secret-key) cryptography • Participants using secret-key cryptography share the same key material � Asymmetric (public-key) cryptography • Participants using public-key cryptography use different key material � Symmetric encryption can be divided into two classes � Block ciphers � Stream ciphers The eSTREAM Project – Matt Robshaw (3) Orange Labs Stream Ciphers � Stream encryption relies on the generation of a "random looking" keystream � Encryption itself uses bitwise exclusive-or 0110100111000111001110000111101010101010101 keystream 1110111011101110111011101110111011100000100 plaintext 1000011100101001110101101001010001001010001 ciphertext � Stream encryption offers some interesting properties � They offer an attractive link with perfect secrecy (Shannon) � No data buffering required � Attractive error handling and propagation (for some applications) � How do we generate keystream ? The eSTREAM Project – Matt Robshaw (4) Orange Labs 2

  3. Stream Ciphers in a Nutshell � Stream ciphers employ an evolving state � We sample the state to derive keystream UPDATE UPDATE INITIALIZE STATE STATE OUTPUT OUTPUT ENCRYPT ENCRYPT The eSTREAM Project – Matt Robshaw (5) Orange Labs Stream Ciphers: Synchronous UPDATE UPDATE INITIALIZE STATE STATE OUTPUT OUTPUT ENCRYPT ENCRYPT The eSTREAM Project – Matt Robshaw (6) Orange Labs 3

  4. Stream Ciphers: Self-Synchronising UPDATE UPDATE INITIALIZE STATE STATE OUTPUT OUTPUT ENCRYPT ENCRYPT The eSTREAM Project – Matt Robshaw (7) Orange Labs Stream Ciphers: OFB Mode IV key key AES AES INITIALIZE STATE STATE OUTPUT OUTPUT ENCRYPT ENCRYPT The eSTREAM Project – Matt Robshaw (8) Orange Labs 4

  5. Stream Ciphers: Counter Mode IV COUNT COUNT INITIALIZE STATE STATE key key AES AES ENCRYPT ENCRYPT The eSTREAM Project – Matt Robshaw (9) Orange Labs Stream Ciphers: Dedicated IV key UPDATE UPDATE INITIALIZE STATE STATE EXTRACT EXTRACT ENCRYPT ENCRYPT The eSTREAM Project – Matt Robshaw (10) Orange Labs 5

  6. Stream Ciphers (Past) � Dedicated stream ciphers have an illustrious history � Dedicated stream ciphers have the reputation of being faster and more compact than block ciphers � Can (at times) be effectively analysed • LFSR-based stream ciphers have had a strong theoretical analytic framework since the 1950's � However, dedicated stream ciphers don't always have the best security reputation The eSTREAM Project – Matt Robshaw (11) Orange Labs Stream Ciphers (Present) � Dedicated stream ciphers are widely used � GSM, TLS + some hiccups, e.g. 802.11 � The issue is not "do we need stream ciphers" but " do we need stream ciphers of dedicated design"? � There are very few established dedicated stream ciphers � RC4, SNOW 2.0 � Attempts to change this haven't been successful; e.g. NESSIE The eSTREAM Project – Matt Robshaw (12) Orange Labs 6

  7. SASC 2004 � eSTREAM was launched with a workshop in October 2004 in Brugge � A variety of stream cipher proposals and industry position papers were presented � From this the scope of eSTREAM was established � Call for Proposals was devised The eSTREAM Project – Matt Robshaw (13) Orange Labs What is eSTREAM? � eSTREAM is a collaborative research effort � We (in ECRYPT) manage the eSTREAM process � We do not analyze or assess candidates � Our focus is the research community � eSTREAM is not a standardization body � However, the results of eSTREAM might be taken up by standardisation bodies or industry The eSTREAM Project – Matt Robshaw (14) Orange Labs 7

  8. eSTREAM Timeline CfP Phase 1 Phase 2 Phase 3 04/05 03/06 10/04 03/07 05/08 01/05 01/06 01/07 01/08 SASC SKEW SASC SASC (2004) (2005) (2006) (2007) The eSTREAM Project – Matt Robshaw (15) Orange Labs Submission Requirements � Very modest submission requirements � Proposals had to be received by April 30, 2005 � Submissions had to be either fast in software or resource- friendly in hardware key IV tag (optional) Profile 1 128 64 or 128 32, 64, 96, or 128 Profile 2 80 32 or 64 32 or 64 � Designers required to give an IP statement The eSTREAM Project – Matt Robshaw (16) Orange Labs 8

  9. The eSTREAM Submissions � There were 34 submissions � 32 synchronous and 2 self-synchronising � 7 submissions offered encryption + authentication � 74% submissions from outside ECRYPT Europe 57% Asia 16% N. America 14% Oceania 13% 12 12 10 SW HW The eSTREAM Project – Matt Robshaw (17) Orange Labs The eSTREAM Submissions PROFILE I PROFILE I+II PROFILE II ABC F-FCSR Achterbahn CryptMT Hermes8 DECIM DICING LEX Edon-80 DRAGON MAG Grain FROGBIT NLS MICKEY (128) HC-256 Phelix MOSQUITO Mir-1 Polar Bear SFINKS Py POMARANCH Trivium Salsa20 Rabbit TSC-3 SOSEMANUK SSS VEST TRBDK3 YAEA WG Yamb ZK-Crypt The eSTREAM Project – Matt Robshaw (18) Orange Labs 9

  10. Phase 1 Cryptanalysis PROFILE I PROFILE I+II PROFILE II ABC F-FCSR Achterbahn CryptMT Hermes8 DECIM DICING LEX Edon-80 DRAGON MAG Grain FROGBIT NLS MICKEY (128) HC-256 Phelix MOSQUITO Mir-1 Polar Bear SFINKS Py POMARANCH Trivium Salsa20 Rabbit TSC-3 SOSEMANUK SSS VEST TRBDK3 YAEA WG Yamb ZK-Crypt The eSTREAM Project – Matt Robshaw (19) Orange Labs Phase 1 Lessons � #1: The half-life of new stream ciphers is one year � #2: Self-synchronizing stream ciphers are hard to design The eSTREAM Project – Matt Robshaw (20) Orange Labs 10

  11. For Phase 2 – Trying Something New � Tweaking � The goal was to get better algorithms for the later stages � The AES process allowed (minor) tweaks for the finalists but we allowed all designers (even those of broken designs) to tweak � An administrative nightmare � Focus ciphers � We were very conscious of the limited time - we hoped to guide the direction of some cryptanalytic attention � Trying to avoid the LHF problem ( low hanging fruit ) The eSTREAM Project – Matt Robshaw (21) Orange Labs � Software The eSTREAM Project – Matt Robshaw (22) Orange Labs 11

  12. Phase 1 Submissions (SW) PROFILE I PROFILE I+II ABC F-FCSR CryptMT Hermes8 DICING LEX DRAGON MAG FROGBIT NLS HC-256 Phelix Mir-1 Polar Bear Py POMARANCH Salsa20 Rabbit SOSEMANUK SSS TRBDK3 YAEA Yamb The eSTREAM Project – Matt Robshaw (23) Orange Labs Phase 2 Submissions (SW) Focus Phase 2 Phase 2 Archived DRAGON ABC F-FCSR HC-256 CryptMT FROGBIT LEX DICING Fubuki Phelix NLS Hermes8 Py Polar Bear MAG Salsa20 Rabbit Mir-1 SOSEMANUK POMARANCH SSS TRBDK3 YAEA Yamb (7) (6) (10) The eSTREAM Project – Matt Robshaw (24) Orange Labs 12

  13. � Hardware The eSTREAM Project – Matt Robshaw (25) Orange Labs Phase 1 Submissions (HW) PROFILE I+II PROFILE II F-FCSR Achterbahn Hermes8 DECIM LEX Edon-80 MAG Grain NLS MICKEY (128) Phelix MOSQUITO Polar Bear SFINKS POMARANCH Trivium Rabbit TSC-3 SSS VEST TRBDK3 YAEA WG Yamb ZK-Crypt The eSTREAM Project – Matt Robshaw (26) Orange Labs 13

  14. Phase 2 Submissions (HW) Phase 2 Focus Phase 2 Archived Grain Achterbahn MAG MICKEY-128 DECIM SFINKS Phelix Edon-80 SSS Trivium F-FCSR TRBDK3 YAEA Hermes8 Yamb LEX MICKEY MOUSTIQUE NLS Polar Bear POMARANCH Rabbit Salsa20 TSC-4 VEST WG ZK-Crypt (4) (17) (5) The eSTREAM Project – Matt Robshaw (27) Orange Labs Phase 2 Lessons � Tweaking helped! � At the start of Phase 2, the SW profile contained 13 ciphers • Cryptanalysis results were announced against 3 � At the start of Phase 2, the HW profile contained 21 ciphers • Cryptanalysis results were announced against 4 � "Focus" ciphers didn't make much difference � There is rarely a consistent view on "distinguishing" attacks The eSTREAM Project – Matt Robshaw (28) Orange Labs 14

  15. Moving into Phase 3 � The decision depended on many issues including … � Security � Performance in comparison to the AES � Performance in comparison to other submissions � Simplicity � IP didn't have any role in the decision � For hardware, the complicated implementation trade- offs led us to make a first cut on size The eSTREAM Project – Matt Robshaw (29) Orange Labs � Software The eSTREAM Project – Matt Robshaw (30) Orange Labs 15

  16. Phase 3 Submissions (SW) Phase 3 Archived Phase 2 Archived CryptMT v3 ABC F-FCSR DRAGON DICING FROGBIT HC-128 Phelix Fubuki LEX v2 Polar Bear Hermes8 NLS v2 Py MAG Rabbit Mir-1 Salsa20 POMARANCH SOSEMANUK SSS TRBDK3 YAEA Yamb (8) (5) (10) The eSTREAM Project – Matt Robshaw (31) Orange Labs � Hardware The eSTREAM Project – Matt Robshaw (32) Orange Labs 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

eSTREAM Algorithms for the Next Round http://www.ecrypt.eu.org/stream/ 27 March 2007 Matt

eSTREAM Algorithms for the Next Round http://www.ecrypt.eu.org/stream/ 27 March 2007 Matt

eSTREAM Algorithms for the Next Round http://www.ecrypt.eu.org/stream/ 27 March 2007 Matt Robshaw Bart Preneel eSTREAM A multi-year project within ECRYPT to promote research into stream ciphers (2004-2008) The goal of eSTREAM is to

408 views • 6 slides
Stream ciphers and eSTREAM Stream ciphers and eSTREAM Thomas Johansson Lund University Lund

Stream ciphers and eSTREAM Stream ciphers and eSTREAM Thomas Johansson Lund University Lund

Stream ciphers and eSTREAM Stream ciphers and eSTREAM Thomas Johansson Lund University Lund University Motivation Motivation The most used stream cipher constructions (A5, RC4, E0, ...) all have serious weaknesses i k There is a

589 views • 25 slides
ChaCha, a variant of Salsa20 D. J. Bernstein University of Illinois at Chicago NSF

ChaCha, a variant of Salsa20 D. J. Bernstein University of Illinois at Chicago NSF

ChaCha, a variant of Salsa20 D. J. Bernstein University of Illinois at Chicago NSF ITR0716498 Note: ChaCha is not an eSTREAM candidate! Post-eSTREAM cryptography. The Salsa20 cipher family Salsa20/20 is faster than AES. I

256 views • 10 slides
Overtaking VEST Antoine Joux 1 , 2 Jean-Ren Reinhard 3 1 DGA 2 Universit de

Overtaking VEST Antoine Joux 1 , 2 Jean-Ren Reinhard 3 1 DGA 2 Universit de

Overtaking VEST Antoine Joux 1 , 2 Jean-Ren Reinhard 3 1 DGA 2 Universit de Versailles-St-Quentin-en-Yvelines, PRISM 3 DCSSI Crypto Lab 26 march 2007 VEST VEST is a set of stream cipher families submitted to eSTREAM by S. ONeil, B.

644 views • 40 slides
Improved Cryptanalysis of Py Paul Crowley LShift Ltd State of the Art in Stream Ciphers 2006 Py

Improved Cryptanalysis of Py Paul Crowley LShift Ltd State of the Art in Stream Ciphers 2006 Py

Py SPP attack Improving on the attack Improved Cryptanalysis of Py Paul Crowley LShift Ltd State of the Art in Stream Ciphers 2006 Py SPP attack Improving on the attack Py eSTREAM entrant by Eli Biham and Jennifer Seberry Fast in

870 views • 38 slides
Project Project Project Evolution of project Structured Collaborative Project Unstructured

Project Project Project Evolution of project Structured Collaborative Project Unstructured

Alain Fournier Presentation: Project Management Tools for Increasing Project Success! Alain is a Project and Portfolio Management Solutions Executive with Microsoft Canada specializing in Cloud Productivity Solutions Have over 20 years of

428 views • 21 slides
evaluations An unsuccessful project? An unsuccessful project? An unsuccessful project? A

evaluations An unsuccessful project? An unsuccessful project? An unsuccessful project? A

Effective post project evaluations An unsuccessful project? An unsuccessful project? An unsuccessful project? A successful project? Agenda for today Who are LCMB? The context for post project evaluation The project lifecycle Post project

476 views • 32 slides
BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title:

BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title:

BPR4GDPR Project Presentation Project ID Project acronym: BPR4GDPR Project title: Business Process Re-engineering and functional toolkit for GDPR compliance Contract number: 787149 Funded under the H2020 call DS-08-2017

421 views • 22 slides
HIT MODERNIZATION PROJECT HHS // IHS HIT Modernization Project PROJECT PURPOSE The HHS IHS HIT

HIT MODERNIZATION PROJECT HHS // IHS HIT Modernization Project PROJECT PURPOSE The HHS IHS HIT

HHS // IHS HIT MODERNIZATION PROJECT HHS // IHS HIT Modernization Project PROJECT PURPOSE The HHS IHS HIT Modernization Project is sponsored by the U.S. Department of Health and Human Services Office of the Chief Technology Officer (HHS OCTO)

712 views • 13 slides
NORTH FORK BIOENERGY PROJECT PROJECT STATUS Project Overview Project Team and Organization

NORTH FORK BIOENERGY PROJECT PROJECT STATUS Project Overview Project Team and Organization

2 nd Annual Rural Community Development Initiative Capacity Building and Wood Utilization Workshop NORTH FORK BIOENERGY PROJECT PROJECT STATUS Project Overview Project Team and Organization Major Milestones Accomplishments

631 views • 12 slides
2013 Project Excellence Awards Project Requirements In-house design project Project

2013 Project Excellence Awards Project Requirements In-house design project Project

2013 Project Excellence Awards Project Requirements In-house design project Project constructed or near completion Judging Criteria Unique design considerations Constructability Post-construction performance Stakeholder

682 views • 29 slides
This project goes under eight different steps. This project goes under eight different steps.

This project goes under eight different steps. This project goes under eight different steps.

This project goes under eight different steps. This project goes under eight different steps. Chapter One: The first step is about narrating some facts, by which my project and research were based on. Egypt is located in north east africa,

690 views • 46 slides
Agenda 1. Introductions 2. Sign-in 3. Project Location 4. Project Background 5. POE

Agenda 1. Introductions 2. Sign-in 3. Project Location 4. Project Background 5. POE

Agenda 1. Introductions 2. Sign-in 3. Project Location 4. Project Background 5. POE Drainage Alternatives 6. Project Benefits 7. Open Forum 8. Adjourn Project Location Project Background ASCG Inc. completed a Project Development

321 views • 15 slides
Trees Algorithms CSE 373 SU 18 BEN JONES 1 Announcements - Project 3 Due Tonight - Project

Trees Algorithms CSE 373 SU 18 BEN JONES 1 Announcements - Project 3 Due Tonight - Project

Minimum Spanning Data Structures and Trees Algorithms CSE 373 SU 18 BEN JONES 1 Announcements - Project 3 Due Tonight - Project 4 Assigned Today - Same partners as project 3 - We will re-run project 3 grading on project 4, just like the

704 views • 59 slides
Presentation Agenda Project History/Background Project Overview Current Project Status

Presentation Agenda Project History/Background Project Overview Current Project Status

Presentation Agenda Project History/Background Project Overview Current Project Status Project Opportunities 1 1 Pre-Solicitation Conference June 2018 www.newnicebridge.com 2 Welcome and Introductions Project Team MDTA

776 views • 38 slides
1 We will begin with some background information on the project. We will then talk about why we

1 We will begin with some background information on the project. We will then talk about why we

Welcome. My name is Mark Frechette. I am the project director for the New York State Department of Transportations (NYSDOT) I 81 Viaduct Project. Thank you for being here tonight. The project team has been working hard and we are excited to

548 views • 39 slides
WWII European Theater The Resistance In Nazi Germany France Organizes Occupies France The

WWII European Theater The Resistance In Nazi Germany France Organizes Occupies France The

WWII European Theater The Resistance In Nazi Germany France Organizes Occupies France The Army Of The Shadows French Resistance Tactics The Counter Resistance D-Day Normandy Invasion Comparisons Contrasts Similarities 1.

417 views • 26 slides
UNREACHED PEOPLE GROUP OF THE DAY The Durbet of Mongolia Population: 78,000 99.9% Tibetan

UNREACHED PEOPLE GROUP OF THE DAY The Durbet of Mongolia Population: 78,000 99.9% Tibetan

UNREACHED PEOPLE GROUP OF THE DAY The Durbet of Mongolia Population: 78,000 99.9% Tibetan Buddhist Few Believers The Durbet, like other Mongols, are known for their love of fine horses and horse racing. Many of the Durbet live as nomads,

604 views • 10 slides
Genesis Series Lesson #028 September 23, 2003 Dean Bible Ministries www.deanbibleministries.org

Genesis Series Lesson #028 September 23, 2003 Dean Bible Ministries www.deanbibleministries.org

Genesis Series Lesson #028 September 23, 2003 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. Gen. 2:25 And they were both naked, the man and his wife, and were not ashamed. Gen. 2:25 And they were both naked, the

394 views • 21 slides
Battle for Wesnoth A turn-based strategy game On a hexagonal board Role playing game

Battle for Wesnoth A turn-based strategy game On a hexagonal board Role playing game

Battle for Wesnoth A turn-based strategy game On a hexagonal board Role playing game style elements Single player and multiplayer modes Runs on a variety of platforms Highly customizable and 'moddable'. So what's special

624 views • 18 slides
Deep learning for natural language processing Introduction to natural language processing

Deep learning for natural language processing Introduction to natural language processing

Deep learning for natural language processing Introduction to natural language processing Aix-Marseille Universit, LIF/CNRS 20 Feb 2017 Benoit Favre (AMU) DL4NLP: NLP intro 20 Feb 2017 1 / 24 Benoit Favre < benoit.favre@univ-mrs.fr >

920 views • 24 slides
A Deeper Look at Induction Induction and recursion are key ideas in computer science. I think it is

A Deeper Look at Induction Induction and recursion are key ideas in computer science. I think it is

A Deeper Look at Induction Induction and recursion are key ideas in computer science. I think it is worth taking a deeper look at the role of induction in mathematics. The material today will be more abstract, but stick with me. Today: Finish up

415 views • 25 slides
The Purpose of Visualization Ma Maneesh Agrawala CS 448B: Visualization Fall 2020 1 How much

The Purpose of Visualization Ma Maneesh Agrawala CS 448B: Visualization Fall 2020 1 How much

The Purpose of Visualization Ma Maneesh Agrawala CS 448B: Visualization Fall 2020 1 How much data (bytes) did we produce in 2016? 2 1 2016: 16.1 zetabytes [Gantz 2017] 3 2016: 16.1 zetabytes 10x increase over 5 years [Gantz 2017] 4

1.21k views • 41 slides
Week 6: The Lord and the Lion: C. S. Lewis on Aslan and the Christian Life I believe in

Week 6: The Lord and the Lion: C. S. Lewis on Aslan and the Christian Life I believe in

Week 6: The Lord and the Lion: C. S. Lewis on Aslan and the Christian Life I believe in Christianity as I believe that the Sun has risen, not only because I see it, but because by it I see everything else. C. S. Lewis, Is Theology

478 views • 30 slides

More recommend