stream ciphers
DESCRIPTION
Stream Ciphers. CSCI284-162 Spring 2007 GWU. One-time pad is best. But key too long to be practical Can we use a pseudo-random key then, which would be generated from a short truly random string?. Stream Ciphers. - PowerPoint PPT PresentationTRANSCRIPT
CSCI284-162 Spring 2007
GWU
Stream Ciphers
04/19/23 CS284-162/Spring07/GWU/Vora/ Stream Ciphers
2
One-time pad is best
• But key too long to be practical
• Can we use a pseudo-random key then, which would be generated from a short truly random string?
04/19/23 CS284-162/Spring07/GWU/Vora/ Stream Ciphers
3
Stream Ciphers
• Message does not consist of words of symbols, but an (unending) stream of symbols.
• A key stream (not a single key) encrypts the stream of symbols
y1y2… = ez1(x1)ez2
(x2)…
Synchronous: when keystream generated by a key, independent of plaintext
z1,z2,… = g(K)
04/19/23 CS284-162/Spring07/GWU/Vora/ Stream Ciphers
4
Definition: Synchronous Stream Cipher
P: plaintextC: ciphertextK: keyspace(so far exactly that in block ciphers)L: keystream alphabetg: keystream generator
z1,z2,… = g(K) where K K, and zi L
ezi: P C
dzi: C P
dzi(ezi
(x)) = x
04/19/23 CS284-162/Spring07/GWU/Vora/ Stream Ciphers
5
Examples from ciphers we have already seen?
• Shift? Affine? Substitution? Vigenère? Permutation?
04/19/23 CS284-162/Spring07/GWU/Vora/ Stream Ciphers
6
Periodic Stream Cipher?
• Security?
• Binary addition as XOR, easy to implement in hardware.
• Encryption and decryption are the same operations: addition of the bit
04/19/23 CS284-162/Spring07/GWU/Vora/ Stream Ciphers
7
Example: Linear recurrenceProb 1.18 and 1.19 (text)
zi+4 = (zi + zi+1 + zi+2 + zi+3) mod 2
Of degree 4.
Why linear?
Start with some z1, z2, z3, z4
0 1 0 1 0 0 1 0 1 0 0 1
Period? Security?
Try two other initialization vectors
Same with
zi+4 = (zi + zi+3) mod 2
04/19/23 CS284-162/Spring07/GWU/Vora/ Stream Ciphers
8
Hardware implementationLinear Feedback Shift Register (LFSR)
….Delay Delay Delay
m
Cm-1 Cm-2 C0
C1
….
zi+m = j=0m-1 cizi+j
zizi+m
Key = (c0, c1, …cm-1, z0, z1, …zm-1)
04/19/23 CS284-162/Spring07/GWU/Vora/ Stream Ciphers
9
Shrinking Generator
Y = f(X, Z) / * X, Y, Z, (pseudo) random-number sequences *//* X and Z from an LFSR with different keys */
j := 0For every i
If (Xi == 1) /* Clock is ON */Yj = Zi /* Output other sequence */j +=1
EndifEnd i
Disadvantage?
04/19/23 CS284-162/Spring07/GWU/Vora/ Stream Ciphers
10
Shrinking Generator: Examples
04/19/23 CS284-162/Spring07/GWU/Vora/ Stream Ciphers
11
Stop-and-go Generator
Y = f(X, Z)
x_pos = 0; /* mark stop position */
Forall i
If(Zi == 1) /* Go. */
x_pos += 1
Endif
Yi := Xx_pos /* Hold onto output value */
End i
04/19/23 CS284-162/Spring07/GWU/Vora/ Stream Ciphers
12
Examples
04/19/23 CS284-162/Spring07/GWU/Vora/ Stream Ciphers
13
Is the one-time pad with a pseudo-random key perfectly secret?