cryptanalysis of symmetric key primitives automated
play

Cryptanalysis of Symmetric-Key Primitives: Automated Techniques - PowerPoint PPT Presentation

Apr 05, 2023 •110 likes •886 views

Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Cryptanalysis of Symmetric-Key Primitives: Automated Techniques Nicky Mouha ESAT/COSIC, KU Leuven, Belgium IBBT, Belgium Summer School on Tools, Mykonos

  1. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Cryptanalysis of Symmetric-Key Primitives: Automated Techniques Nicky Mouha ESAT/COSIC, KU Leuven, Belgium IBBT, Belgium Summer School on Tools, Mykonos Tuesday, May 29, 2012 1 / 39

  2. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Outline Introduction 1 Three Easy, Automated Techniques 2 MILP Programming SAT Solvers Regular Expressions Tools for Cryptography 3 Conclusion 4 2 / 39

  3. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Symmetric-key Ciphers: Types of attacks Statistical attacks Linear and differential cryptanalysis, slide attacks,... Detect statistical non-randomness 3 / 39

  4. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Symmetric-key Ciphers: Types of attacks Statistical attacks Linear and differential cryptanalysis, slide attacks,... Detect statistical non-randomness Meet-in-the-middle attacks Many techniques (splice-and cut, partial matching, partial fi xing,...), guess-and-determine attacks, attack on 2DES,... Separate equations into two or more groups to solve them more ef fi ciently 3 / 39

  5. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Symmetric-key Ciphers: Types of attacks Statistical attacks Linear and differential cryptanalysis, slide attacks,... Detect statistical non-randomness Meet-in-the-middle attacks Many techniques (splice-and cut, partial matching, partial fi xing,...), guess-and-determine attacks, attack on 2DES,... Separate equations into two or more groups to solve them more ef fi ciently Algebraic attacks See next slide 3 / 39

  6. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Algebraic Attacks: De fi nition Represent cryptographic primitive as system of equations Use equation solver to retrieve key 4 / 39

  7. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Algebraic Attacks: De fi nition Represent cryptographic primitive as system of equations Use equation solver to retrieve key SAT solvers MiniSat2, CryptoMiniSat,... Gröbner basis method Buchberger’s algorithm, F 4 , F 5 ,... Mixed Integer Linear Programming (MILP) CPLEX, SYMPHONY,... 4 / 39

  8. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Algebraic Attacks: De fi nition Represent cryptographic primitive as system of equations Use equation solver to retrieve key SAT solvers MiniSat2, CryptoMiniSat,... Gröbner basis method Buchberger’s algorithm, F 4 , F 5 ,... Mixed Integer Linear Programming (MILP) CPLEX, SYMPHONY,... Hopefully detects inherent structure, and solves equations faster than brute force! 4 / 39

  9. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Algebraic Attacks: Advantages and Disadvantages Algebraic attacks on symmetric-key ciphers Biggest disadvantages : Can only fi nd practical attacks, no high-complexity attacks 5 / 39

  10. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Algebraic Attacks: Advantages and Disadvantages Algebraic attacks on symmetric-key ciphers Biggest disadvantages : Can only fi nd practical attacks, no high-complexity attacks Execution time (and memory requirements): unpredictable 5 / 39

  11. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Algebraic Attacks: Advantages and Disadvantages Algebraic attacks on symmetric-key ciphers Biggest disadvantages : Can only fi nd practical attacks, no high-complexity attacks Execution time (and memory requirements): unpredictable “Not a single proper block cipher has been broken using pure algebraic techniques faster than with other techniques.” (Albrecht) 5 / 39

  12. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Algebraic Attacks: Advantages and Disadvantages Algebraic attacks on symmetric-key ciphers Biggest disadvantages : Can only fi nd practical attacks, no high-complexity attacks Execution time (and memory requirements): unpredictable “Not a single proper block cipher has been broken using pure algebraic techniques faster than with other techniques.” (Albrecht) Biggest advantages : “Black box” technique, no crypto knowledge required 5 / 39

  13. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Algebraic Attacks: Advantages and Disadvantages Algebraic attacks on symmetric-key ciphers Biggest disadvantages : Can only fi nd practical attacks, no high-complexity attacks Execution time (and memory requirements): unpredictable “Not a single proper block cipher has been broken using pure algebraic techniques faster than with other techniques.” (Albrecht) Biggest advantages : “Black box” technique, no crypto knowledge required Can work with very few plaintext-ciphertext pairs 5 / 39

  14. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Algebraic Attacks: Advantages and Disadvantages Algebraic attacks on symmetric-key ciphers Biggest disadvantages : Can only fi nd practical attacks, no high-complexity attacks Execution time (and memory requirements): unpredictable “Not a single proper block cipher has been broken using pure algebraic techniques faster than with other techniques.” (Albrecht) Biggest advantages : “Black box” technique, no crypto knowledge required Can work with very few plaintext-ciphertext pairs Useful to break extremely weak ciphers: Crypto-1 in 40s, HiTag2 in 6.5h on one Xeon E5345 @ 2.33GHz (Soos) 5 / 39

  15. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Automated Techniques: Still Useful Tool to construct statistical and MitM attacks Therefore, program execution time: not so important 6 / 39

  16. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Automated Techniques: Still Useful Tool to construct statistical and MitM attacks Therefore, program execution time: not so important Program: executed only once 6 / 39

  17. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Automated Techniques: Still Useful Tool to construct statistical and MitM attacks Therefore, program execution time: not so important Program: executed only once More time spent on: coding, debugging, optimizing, parallel implementation, verifying,... Verifying correctness: very dif fi cult 6 / 39

  18. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Automated Techniques: Still Useful Tool to construct statistical and MitM attacks Therefore, program execution time: not so important Program: executed only once More time spent on: coding, debugging, optimizing, parallel implementation, verifying,... Verifying correctness: very dif fi cult Programmer’s time: costs more than CPU time! 6 / 39

  19. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Automated Techniques: Still Useful Tool to construct statistical and MitM attacks Therefore, program execution time: not so important Program: executed only once More time spent on: coding, debugging, optimizing, parallel implementation, verifying,... Verifying correctness: very dif fi cult Programmer’s time: costs more than CPU time! More important: Easy to program Easy to verify Easy to parallelize 6 / 39

  20. Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Goal of this lecture Use three easy, automated techniques MILP programming SAT solvers Regular expressions as tools to construct attacks ... and start breaking ciphers today! 7 / 39

  21. Introduction MILP Programming Three Easy, Automated Techniques SAT Solvers Tools for Cryptography Regular Expressions Conclusion Outline Introduction 1 Three Easy, Automated Techniques 2 MILP Programming SAT Solvers Regular Expressions Tools for Cryptography 3 Conclusion 4 8 / 39

  22. Introduction MILP Programming Three Easy, Automated Techniques SAT Solvers Tools for Cryptography Regular Expressions Conclusion Differential Cryptanalysis Differential characteristic a 1 a 2 Δ a b 1 b 2 Δ b c 1 c 2 Δ c Δ d d 1 d 2 9 / 39

  23. Δ α Introduction MILP Programming Three Easy, Automated Techniques SAT Solvers Tools for Cryptography Regular Expressions Conclusion Differential Cryptanalysis: S-box Differential Probability DP ( Δ α → Δ β ) : # { 0 ≤ a < 2 8 : S ( a ) ⊕ S ( a ⊕ Δ α ) = Δ β } a a ⊕ Δ α 2 8 Max. diff. prob. (MDP): 4/256 = 2 − 6 S S AES: only component that is non-linear in GF ( 2 8 ) S ( a ) S ( a ⊕ Δ α ) Non-active S-box: DP ( 0 → 0 ) = 1 = Δ β ? Count active S-boxes! 10 / 39

  24. Introduction MILP Programming Three Easy, Automated Techniques SAT Solvers Tools for Cryptography Regular Expressions Conclusion Representation of variables Every pair of bytes is “shrunk” to one bit x i : x i = 0 if the bytes are the same x i = 1 if the bytes are different 11 / 39

  25. Introduction MILP Programming Three Easy, Automated Techniques SAT Solvers Tools for Cryptography Regular Expressions Conclusion Representation of variables Every pair of bytes is “shrunk” to one bit x i : x i = 0 if the bytes are the same x i = 1 if the bytes are different Note: simpli fi es the analysis! Our results prove lower bounds, but characteristics may contain a contradiction 11 / 39

Recommend

Out of Oddity New Cryptanalytic Techniques against Symmetric Primitives Optimized for

Out of Oddity New Cryptanalytic Techniques against Symmetric Primitives Optimized for

Out of Oddity New Cryptanalytic Techniques against Symmetric Primitives Optimized for Integrity Proof Systems Tim Beyne, Anne Canteaut, Itai Dinur, Maria Eichlseder, Gregor Leander, Ga etan Leurent, L eo Perrin, Mar a Naya

488 views • 34 slides
New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr

Quantum-safe (Symmetric) Cryptography Quantum Collision Search Quantum k-xor Algorithms New Algorithms for Quantum (Symmetric) Cryptanalysis Mara Naya-Plasencia 2 , Andr Schrottenloher 2 Joint work with Andr Chailloux 2 and Lorenzo Grassi

1.63k views • 65 slides
New MILP Modelings for Symmetric-Key Primitives Christina Boura (Joint-work with Daniel Coggia)

New MILP Modelings for Symmetric-Key Primitives Christina Boura (Joint-work with Daniel Coggia)

New MILP Modelings for Symmetric-Key Primitives Christina Boura (Joint-work with Daniel Coggia) University of Versailles and Inria de Paris August 6, 2020 1 / 43 Symmetric-key encryption Alice and Bob share the same secret key for encryption

983 views • 47 slides
Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin CSC &amp; SnT, University of Luxembourg CryptoLUX Team ; supervised by Alex Biryukov July 5th 2018 Introduction What is cryptography?

1.14k views • 71 slides
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and Differential Cryptanalysis by Howard Heys.] Modern block ciphers (like DES and AES): - proceed in rounds - each round has its own round key or subkey

644 views • 21 slides
Minimalism of Software Implementation Extensive Performance Analysis of Symmetric Primitives

Minimalism of Software Implementation Extensive Performance Analysis of Symmetric Primitives

Minimalism of Software Implementation Extensive Performance Analysis of Symmetric Primitives on the RL78 Microcontroller - Mitsuru Matsui and Yumiko Murakami Information Technology R&amp;D Center Mitsubishi Electric Corporation Agenda 1.

719 views • 32 slides
Digital Signatures from Symmetric-Key Primitives Christian Rechberger IAIK, TU Graz and DTU

Digital Signatures from Symmetric-Key Primitives Christian Rechberger IAIK, TU Graz and DTU

Digital Signatures from Symmetric-Key Primitives Christian Rechberger IAIK, TU Graz and DTU Compute, DTU March 7, 2017 Based on Joint Work With David Derler Claudio Orlandi Sebastian Ramacher Daniel Slamanig TU Graz Aarhus University TU

187 views • 14 slides
Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation Problem and

779 views • 47 slides
Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin SnT, University of Luxembourg April 25, 2017 PhD Defence Introduction On S-Box Reverse-Engineering On Lightweight Cryptography Conclusion

1.76k views • 137 slides
A Framework for Automated Biclique Cryptanalysis of Block Ciphers F. Abed C. Forler E. List S.

A Framework for Automated Biclique Cryptanalysis of Block Ciphers F. Abed C. Forler E. List S.

Motivation Biclique Cryptanalysis Our Framework Results A Framework for Automated Biclique Cryptanalysis of Block Ciphers F. Abed C. Forler E. List S. Lucks J. Wenzel Bauhaus-Universit at Weimar FSE 2013, Singapore 13.03.2013 F.

633 views • 31 slides
MPC-Friendly Symmetric Key Primitives Lorenzo Grassi 1 Christian Rechberger 1 s Rotaru 2 Drago

MPC-Friendly Symmetric Key Primitives Lorenzo Grassi 1 Christian Rechberger 1 s Rotaru 2 Drago

MPC-Friendly Symmetric Key Primitives Lorenzo Grassi 1 Christian Rechberger 1 s Rotaru 2 Drago Peter Scholl 2 Nigel P. Smart 2 1 Graz University of Technology 2 University of Bristol October 25, 2016 What is Multiparty Computation? What is

1.32k views • 64 slides
Objectives Models for Cryptanalysis Cryptanalysis of Monoalphabetic Ciphers

Objectives Models for Cryptanalysis Cryptanalysis of Monoalphabetic Ciphers

Cryptanalysis of Classical Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Models for Cryptanalysis Cryptanalysis of

657 views • 20 slides
Theoretical Background on Cryptographic Primitives Bogdan Groza This material intends to be a

Theoretical Background on Cryptographic Primitives Bogdan Groza This material intends to be a

Theoretical Background on Cryptographic Primitives Bogdan Groza This material intends to be a brief introduction to symmetric and asymmetric cryptographic primitives, pointing out some relevant design principles and security properties.

532 views • 26 slides
Post-Quantum EPID Signatures from Symmetric Primitives Dan Boneh Saba Eskandarian Ben Fisch

Post-Quantum EPID Signatures from Symmetric Primitives Dan Boneh Saba Eskandarian Ben Fisch

Post-Quantum EPID Signatures from Symmetric Primitives Dan Boneh Saba Eskandarian Ben Fisch Hardware Enclaves A trusted component in an untrusted system Protected memory isolates enclave from compromised OS Untrusted System Enclave

505 views • 34 slides
Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world

Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world

Lightweight Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world crypto and privacy Sibenik, Croatia - June 15 2018 Outline Symmetric lightweight primitives Most used cryptanalysis Impossible

1.31k views • 76 slides
Th eorie algorithmique des nombres et applications ` a la cryptanalyse de primitives

Th eorie algorithmique des nombres et applications ` a la cryptanalyse de primitives

Th eorie algorithmique des nombres et applications ` a la cryptanalyse de primitives cryptographiques Emmanuel Thom e 13 d ec. 2012 HDR E. Thom e 1/34 Algorithmic Number Theory and Applications to the Cryptanalysis of

620 views • 51 slides
A Natural Language Approach to Automated Cryptanalysis of Two-time Pads Joshua Mason Kathryn

A Natural Language Approach to Automated Cryptanalysis of Two-time Pads Joshua Mason Kathryn

A Natural Language Approach to Automated Cryptanalysis of Two-time Pads Joshua Mason Kathryn Watkins Jason Eisner Adam Stubblefield The Two Time Pad Problem Attack at Dawn doQvYcSWIPyXaC Attack at Dawn doQvYcSWIPyXaC Take the

1.15k views • 99 slides
Examples of symmetric primitives D. J. Bernstein message len Permutation fixed Compression

Examples of symmetric primitives D. J. Bernstein message len Permutation fixed Compression

1 Examples of symmetric primitives D. J. Bernstein message len Permutation fixed Compression function fixed Block cipher fixed Tweakable block cipher fixed Hash function variable MAC (without nonce) variable MAC (using nonce)

1.08k views • 107 slides
Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey Bogdanov Andrey Bogdanov K.U.Leuven, ESAT/COSIC Outline Outline Distribution of Correlation Data Complexity Linear Hulls Zero

659 views • 30 slides
Algebraic Aspects of Symmetric-key Cryptography Carlos Cid (carlos.cid@rhul.ac.uk) Information

Algebraic Aspects of Symmetric-key Cryptography Carlos Cid (carlos.cid@rhul.ac.uk) Information

Algebraic Aspects of Symmetric-key Cryptography Carlos Cid (carlos.cid@rhul.ac.uk) Information Security Group Royal Holloway, University of London 04.May.2007 ECRYPT Summer School 1 Algebraic Techniques in Cryptanalysis Algebra is the

659 views • 61 slides
Statistics in Cryptanalysis Subhabrata Samajder Indian Statistical Institute, Kolkata 24 th May,

Statistics in Cryptanalysis Subhabrata Samajder Indian Statistical Institute, Kolkata 24 th May,

Statistics in Cryptanalysis Subhabrata Samajder Indian Statistical Institute, Kolkata 24 th May, 2017 0/35 Cryptanalysis of Affine Cipher Outline Cryptanalysis of Affine Cipher 1 Hypothesis Testing 2 Linear Cryptanalysis 3 0/35

1.52k views • 110 slides
Introduction to the theory of secret key cryptography Andreas H ulsing Eindhoven University

Introduction to the theory of secret key cryptography Andreas H ulsing Eindhoven University

Introduction to the theory of secret key cryptography Andreas H ulsing Eindhoven University of Technology 17 June 2019 Secret key encryption MAC Main primitives of secret key / symmetric cryptography High-level primitives Low-level

1.51k views • 114 slides
Beyond Block I/O: Rethinking / Traditional Storage Primitives Traditional Storage Primitives

Beyond Block I/O: Rethinking / Traditional Storage Primitives Traditional Storage Primitives

Beyond Block I/O: Rethinking / Traditional Storage Primitives Traditional Storage Primitives Xiangyong Ouyang * , David Nellans , Robert Wipfel , David Flynn , D. K. Panda * d * D id Fl D K P * The Ohio State University

335 views • 29 slides
Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen Differential and

Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen Differential and

Differential cryptanalysis Linear cryptanalysis Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen Differential and Linear Cryptanalysis Differential cryptanalysis Linear cryptanalysis Iterated block ciphers (DES,

910 views • 53 slides

More recommend