jueves, 25 de octubre de 2012

Report 3

in this homework im going to talk about the stream cipher Sapphire.


¿What is a stream cipher?

A stream cipher is a type of symmetric encryption algorithm. Stream ciphers can be designed to be exceptionally fast, much faster than any block cipher

While block ciphers operate on large blocks of data, stream ciphers typically operate on smaller units of plaintext, usually bits. The encryption of any particular plaintext with a block cipher will result in the same ciphertext when the same key is used. With a stream cipher, the transformation of these smaller plaintext units will vary, depending on when they are encountered during the encryption process.

"THE SAPPHIRE"

Overview of the Sapphire II Stream Cipher:

The Sapphire II Stream Cipher is designed to have the following properties:

•  Useful for generation of cryptographic check values as well as protecting message privacy.

•  Accepts a variable length key for strength control.

•  Strong enough to justify at least a 64 bit key for balanced security. Further study is
recommended to see if this is, in fact, the case.

•  Small enough to be built into other applications with several keys active at once.The Sapphire II Stream Cipher Page 4

•  Key setup fast enough to support frequent key change operations but slow enough to discourage brute force attack on the key.

•  Fast enough to not significantly impact the speed of file read & write operations on most current platforms.
•  Portable among common computers and efficient in C, C++, and Pascal.

•  Operates on one 8-bit byte at a time.

•  Include both cipher text and plain text feedback (for both optimal data hiding and value in creation of cryptographic check values).

•  Acceptable performance as a pure pseudorandom number generator.

•  Allows some key re-use without severe security impacts.

Origins:
The Sapphire II Stream Cipher is a port of Swords C++ implementation of Michael Paul Johnson's 2 January 1995 public domain cipher

About:
The Sapphire II Stream Cipher is a reasonably fast, compact, portable algorithm that is useful for encryption, authentication, and pseudorandom number generation. This algorithm fills a niche that makes it uniquely qualified in a variety of respects to fill some common needs for security. The balancing act between speed, size, portability, security, versatility, and exportability make the Sapphire II Stream Cipher a good choice for many applications

how it Works:

Encryption:

Each encryption operation involves updating the index values, moving (up to) 5 bytes
around in the permutation vector, selecting an output byte, and adding the output byte bitwise modulo-2 (exclusive-or) to the plain text byte to produce the cipher text byte. The index values are incremented by different rules. The index called rotor just increases by one (modulo 256) each time. Ratchet increases by the value in the permutation vector pointed to by rotor. Avalanche increases by the value in the permutation vector pointed to by another byte in the permutation vector pointed to by the last cipher text byte. The last plain text and the last cipher text bytes are also kept as index variables.


Decryption:

Decryption is the almost same as encryption, except for the assignments to last_plain and last_cipher, which are swapped. The return value is the plain text byte instead of the cipher text byte.

attacks and vulnerabilities:

The Sapphire II Stream Cipher differs from the original Sapphire
Stream Cipher in that it has been made more robust against an adaptive chosen plain text attack.

jueves, 18 de octubre de 2012

Report 2


BLOCK CIPHER “LOKI97”

¿What is a block cipher?

Encryption scheme in which “the clear text is broken up into blocks of fixed length, and encrypted one block at a time”.Usually, a block cipher encrypts a block of clear text into a block of cipher text of the same length.

For this homework i chose the block cipher LOKI97

LOKI97

Origins:

Designed by Dr. Lawrie Brown, of the Australian Defence Force Academy with assistance from Dr. Josef Pieprzyk (who designed the S-boxes) and Dr. Jeniffer Seberry, and named after the Norse god of trickery and cunning, LOKI97 is a successor to the 64-bit block ciphers LOKI89 and LOKI91.


The purpose of LOKI97:
It was intended to be an evolution of the earlier LOKI89 and LOKI91 block ciphers. And then use 128-bit data and 128/192/256 bit keys, with a greatly strengthened key schedule, and using a significantly more complex round function composed of 2 S-P layers.

About:
LOKI97 is block cipher with 128-bit data and a 256-bit key schedule, which can be initialised by 128, 192, or 256-bit keys. The data computation uses 16 rounds of a balanced feistel network with a complex function f which incorporates two S-P layers. The 256-bit key schedule uses 48 rounds of an unbalanced feistel network using the same complex function f to generate the subkeys.

how it Works:
LOKI97 encrypts a 128-bit plaintext block to create a 128-bit ciphertext block. The data computation is initialised by dividing the 128-bit plaintext input value [L|R] into two 64-bit words:
      L0 = L
      R0 = R

These are then processed through 16 rounds (i=1,16) of a balanced feistel network:
      Ri = Li-1 xor f(Ri-1+SK3i-2,SK3i-1)
      Li = Ri-1+SK3i-2+SK3i

Each round uses both XOR (additional modulo 2) and integer addition (modulo 264) of the 64-bit data values. Since these are from incompatible groups, the operations do not compose, and thus strengthen the rounds against attacks, as well as obscuring the final round input value at the output, and providing some additional diffusion of input bits.

The resulting 128-bit ciphertext output value is composed of:
      [R16|L16]

The function f(A,B) should be designed to ensure maximal avalanche between all input bits to the function. The current proposal for this function f(A,B) is given below.
The decryption computation involves splitting the ciphertext into two 64-bit words:
      L16 = L
      R16 = R

and then running the rounds in reverse. ie: use 16 rounds (i=16,1)
      Ri-1 = Li xor f(Ri-SK3i,SK3i-1)
      Li-1 = Ri-SK3i-SK3i-2

The 128-bit plaintext value is given by
      [R0|L0]

The overall data computation thus looks as follows:


Key Schedule

LOKI97 uses a key schedule based on an unbalanced Feistel network (as per Schneier and Kelsey [ScKe96]), operating on four 64-bit words. It using the same function f(A,B) as the data computation to provide sufficient non-linearity to ensure that computing related keys is difficult.

The key schedule is initialised, based on the size of the key supplied, into the four 64-bit words [K40|K30|K20|K10] as follows:

Given a 256-bit key [Ka|Kb|Kc|Kd], let
[K40|K30|K20|K10] = [Ka|Kb|Kc|Kd]

Given a 192-bit key [Ka|Kb|Kc], let
[K40|K30|K20|K10] = [Ka|Kb|Kc|f(Ka,Kb)]

Given a 128-bit key [Ka|Kb], let
[K40|K30|K20|K10] = [Ka|Kb|f(Kb,Ka)|f(Ka,Kb)]

These are then processed through 48 rounds (i=1,48) to compute the 48 subkeys SKi as follows:
      SKi = K1i = K4i-1 xor gi(K1i-1,K3i-1,K2i-1)
      K4i = K3i-1
      K3i = K2i-1
      K2i = K1i-1

            where:
      gi(K1,K3,K2)=f(K1+K3+(Delta*i),K2)

      Delta = (sqrt(5)-1)*263 = 9E3779B97F4A7C1516

Three rounds of the key schedule are required to produce the three subkeys for each round of the data computation. Thus a total of 48 rounds are required for the key schedule, for a cost of approx three encryption computations.

The integer addition (module 264) of K1+K3+(Delta*i) forms an incompatible group with the xor used on the previous round output, as in the data computation. It includes multiples mod 264 of Delta, a value derived from the golden ratio, to reduce symmetry problems.
Decryption uses the keys in reverse order with (additive) inverses of the SK3i-2 and SK3i subkeys. These will need to be precomputed in encrypt order first - there is no reverse shortcut as for LOKI89 and LOKI91.

Function f(A,B)
The highly non-linear function f(A,B) takes two 64-bit input values A and B, processes them using two layers of S-boxes with the highest possible non-linearity, to produce a 64-bit output. The two permutations are used to ensure maximal avalanche between all bits in the function.

The major novel feature in my proposed design is the use of two layers of the S-P network instead of the one used in most other current feistel ciphers. This is to provide the desired maximal avalanche, as well as to minimise the posibility of suitable differential or linear characteristics. The presence of the keyed permutation on the input of the function, switching between different S-box inputs, ensures that predicting which S-box a particular input bit goes to is difficult. This increases the difficulty of deriving any useful attack characteristics.

This function is specified as follows:
      f(A,B) = Sb(P(Sa(E(KP(A,B)))),B)

Graphically, it looks as follows:


In more detail, the various component operations used are:
KP()
a very simple keyed permutation which splits its 64-bit input A into two 32-bit words, and uses the lower (rightmost) 32-bits of input B to decide whether to exchange corresponding pairs of bits in these words (if key bit is 1), or not (if key bit is 0), similar to that used in ICE [Kwan97]. It may be computed as:
KP([Al|Ar],SKr) = [((Al & ~SKr)|(Ar & SKr)) | ((Ar & ~SKr)|(Al & SKr))]

E()
expansion function, similar to LOKI91 but shifted for easier implementation, which selects overlapping groups of 13 bits (S1) or 11 bits (S2), so that at least some bits influence 2 S-boxes simultaneously, and with the preceeding addition, means all bits have some influence on multiple S-boxes. E thus maps a 64 bit input value [63-0] to a 96 bit output value [4-0,63-56|58-48|52-40|42-32|34-24|28-16|18-8|12-0].

Sa(), Sb()
are two columns of S-boxes, composed by concatenating boxes S1 and S2 (specified below), with Sa()=[S1,S2,S1,S2,S2,S1,S2,S1], and Sb()=[S2,S2,S1,S1,S2,S2,S1,S1]. In Sa() the inputs are autoclave (input+key from the output of E), in Sb() the upper bits are pure key bits (from the lower,rightmost 32-bits of B).

P()
permutation to diffuse S-Box outputs across full 64-bit width, using a regular, latin-square, pattern, similar to LOKI91, but with a slight change so the same output never goes to the corresponding input. P maps input bits [63-0] to
[56,48,40,32,24,16,08,00,57,49,41,33,25,17,09,01,
 58,50,42,34,26,18,10,02,59,51,43,35,27,19,11,03,
 60,52,44,36,28,20,12,04,61,53,45,37,29,21,13,05,
 62,54,46,38,30,22,14,06,63,55,47,39,31,23,15,07]

This function can theoretically be implemented with 24 table lookups (8 each
for Sa, P, and Sb), plus some and’s, or’s, xor’s, shifts and adds for each round, mak-ing it reasonably fast and efficient. Using compiled code of course wont achieve
this ideal.


Example:

For do this example i use the next page:

this page is just for the algorithm LOKI97 but there is other where you can do it with different algorithms and modes:

In this case i use de mode: Electronic codebook (ECB)

The simplest of the encryption modes is the electronic codebook (ECB) mode. The message is divided into blocks and each block is encrypted separately.


plain text : this homework is for Cryptography
Key : This is a very secret key




 After of Encrypt i get the cipher text:
amCKLPRri8TC0M8EjY6D+O0g+Apxum2iY//NPobY/7JJFtxLcn64UKZUvgtjNScT


and i get the plain text with the key and cipher text: 



plain text : this homework is for Cryptography


attacks and vulnerabilities:


resistant to differential
attacks

resistant to linear attacks




Bibliography: