programming the demirci selc uk meet in the middle attack
play

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with - PowerPoint PPT Presentation

Sep 17, 2023 •121 likes •726 views

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei Sun 1 Patrick Derbez 2 Yosuke Todo 3 Bing Sun 4 Lei Hu 1 1 Institute of Information Engineering, Chinese Academy of Sciences, China 2 Universit

  1. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei Sun 1 Patrick Derbez 2 Yosuke Todo 3 Bing Sun 4 Lei Hu 1 1 Institute of Information Engineering, Chinese Academy of Sciences, China 2 Universit Rennes 1 / IRISA 3 NTT Secure Platform Laboratories 4 College of Science, National University of Defense Technology,China ASK2017 2017.12.11 Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 1 / 22

  2. Outlines Introduction 1 Modelling the MITM attack 2 MITM and Impossible differential application in design 3 Conclusion 4 Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 2 / 22

  3. Introduction Outline 1 Introduction Searching methods Distinguisher of Demirci-Selc ¸uk MITM Key recovery attack of MITM Modelling the MITM attack 2 MITM and Impossible differential application in design 3 Conclusion 4 Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 3 / 22

  4. Introduction Searching methods Automatic Cryptanalysis Dedicated search MILP ,CP ,SAT,SMT Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 3 / 22

  5. Introduction Searching methods Searching methods for MITM Demirci-Selc ¸uk MITM, FSE 2008. Derbez and Fouque: Dedicated search algorithm Li Lin, Wenling Wu: General model based on MILP Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 4 / 22

  6. Introduction Distinguisher of Demirci-Selc ¸uk MITM MITM Distinguisher E

  7. Introduction Distinguisher of Demirci-Selc ¸uk MITM MITM Distinguisher δ ( A ) -set: { P 0 , P 1 , . . . , P N − 1 } A E

  8. Introduction Distinguisher of Demirci-Selc ¸uk MITM MITM Distinguisher δ ( A ) -set: { P 0 , P 1 , . . . , P N − 1 } A E B { C 0 , C 1 , . . . , C N − 1 }

  9. Introduction Distinguisher of Demirci-Selc ¸uk MITM MITM Distinguisher δ ( A ) -set: { P 0 , P 1 , . . . , P N − 1 } A E B { C 0 , C 1 , . . . , C N − 1 } ∆ E ( A , B ) : { C 0 [ B ] ⊕ C 1 [ B ] , C 0 [ B ] ⊕ C 2 [ B ] , . . . , C 0 [ B ] ⊕ C N − 1 [ B ] } Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 5 / 22

  10. Introduction Distinguisher of Demirci-Selc ¸uk MITM A E B Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 6 / 22

  11. Introduction Distinguisher of Demirci-Selc ¸uk MITM Random Cipher: N R A E B Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 6 / 22

  12. Introduction Distinguisher of Demirci-Selc ¸uk MITM Random Cipher: N R A Block Cipher : N E (save into a hash table) E B

  13. Introduction Distinguisher of Demirci-Selc ¸uk MITM Random Cipher: N R A Block Cipher : N E (save into a hash table) E N R Condition N E < N R N E B

  14. Introduction Distinguisher of Demirci-Selc ¸uk MITM Random Cipher: N R A Block Cipher : N E (save into a hash table) E N R Condition N E < N R N E B Distinguisher: ( A , B , N E ) Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 6 / 22

  15. Introduction Key recovery attack of MITM Structure of the attack a cipher is divided in three keyed permutations: E 0 , E 1 , E 2 Construct distinguisher ( A , B , N E ) at E 1 state 0 state 0 E 0 state 2 r 0 A E 1 state 2( r 0+ r 1) B E 2 state 2( r 0+ r 1+ r 2) Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 7 / 22

  16. Modelling the MITM attack Outline Introduction 1 Modelling the MITM attack 2 Modelling the distinguisher Modelling the Key-Recovery Process 3 MITM and Impossible differential application in design Conclusion 4 Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 8 / 22

  17. Modelling the MITM attack Modelling the distinguisher Variables state 0 state 0 M E 0 state 2 r 0 X, Y, Z, M E 1 X, Y, Z state 2( r 0+ r 1) X, Y, Z, W E 2 W state 2( r 0+ r 1+ r 2) Var(X) describe the forward differential Var(Y) describe the backward determination Var(Z) models the relation between Var(X) and Var(Y) Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 8 / 22

  18. Modelling the MITM attack Modelling the distinguisher Forward differential Variables Var(X) X r [ j ] = 0 iff P 0 r [ j ] ⊕ P i r [ j ] = 0, ∀ i ∈ 1 , . . . , N − 1. state 0 A x 0 x 1 NL state 1 Round 0 L state 2 x 2 x 3 NL state 3 Round 1 L x 2 = x 0 state 4 x 0 + x 1 2 x 3 ≥ NL state 5 Round 2 x 3 ≤ x 0 + x 1 L state 6

  19. Modelling the MITM attack Modelling the distinguisher Forward differential Variables Var(X) X r [ j ] = 0 iff P 0 r [ j ] ⊕ P i r [ j ] = 0, ∀ i ∈ 1 , . . . , N − 1. state 0 A x 0 x 1 NL state 1 Round 0 L state 2 x 2 x 3 NL state 3 Round 1 L x 2 = x 0 state 4 x 0 + x 1 2 x 3 ≥ NL state 5 Round 2 x 3 ≤ x 0 + x 1 L state 6

  20. Modelling the MITM attack Modelling the distinguisher Forward differential Variables Var(X) X r [ j ] = 0 iff P 0 r [ j ] ⊕ P i r [ j ] = 0, ∀ i ∈ 1 , . . . , N − 1. state 0 A x 0 x 1 NL state 1 Round 0 L state 2 x 2 x 3 NL state 3 Round 1 L x 2 = x 0 state 4 x 0 + x 1 2 x 3 ≥ NL state 5 Round 2 x 3 ≤ x 0 + x 1 L state 6

  21. Modelling the MITM attack Modelling the distinguisher Forward differential Variables Var(X) X r [ j ] = 0 iff P 0 r [ j ] ⊕ P i r [ j ] = 0, ∀ i ∈ 1 , . . . , N − 1. state 0 A x 0 x 1 NL state 1 Round 0 L state 2 x 2 x 3 NL state 3 Round 1 L x 2 = x 0 state 4 x 0 + x 1 2 x 3 ≥ NL state 5 Round 2 x 3 ≤ x 0 + x 1 L state 6 Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 9 / 22

  22. Modelling the MITM attack Modelling the distinguisher Backward determination Variables Var(Y) y 0 y 1 state 0 NL state 1 Round 0 L y 2 y 3 state 2 NL state 3 Round 1 L y 2 + y 3 2 y 0 ≤ state 4 NL y 2 + y 3 ≥ y 0 state 5 Round 2 y 1 = y 3 L state 6 B

  23. Modelling the MITM attack Modelling the distinguisher Backward determination Variables Var(Y) y 0 y 1 state 0 NL state 1 Round 0 L y 2 y 3 state 2 NL state 3 Round 1 L y 2 + y 3 2 y 0 ≤ state 4 NL y 2 + y 3 ≥ y 0 state 5 Round 2 y 1 = y 3 L state 6 B

  24. Modelling the MITM attack Modelling the distinguisher Backward determination Variables Var(Y) y 0 y 1 state 0 NL state 1 Round 0 L y 2 y 3 state 2 NL state 3 Round 1 L y 2 + y 3 2 y 0 ≤ state 4 NL y 2 + y 3 ≥ y 0 state 5 Round 2 y 1 = y 3 L state 6 B

  25. Modelling the MITM attack Modelling the distinguisher Backward determination Variables Var(Y) y 0 y 1 state 0 NL state 1 Round 0 L y 2 y 3 state 2 NL state 3 Round 1 L y 2 + y 3 2 y 0 ≤ state 4 NL y 2 + y 3 ≥ y 0 state 5 Round 2 y 1 = y 3 L state 6 B Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 10 / 22

  26. Modelling the MITM attack Modelling the distinguisher Constraints for Var(Z) Variables Var(Z) describe the relation between Var(X) and Var(Y) : Z r [ j ] = 1 iff X r [ j ] = Y r [ j ] = 1 state 0 A NL state 1 Round 0 L state 2 NL state 3 Round 1 L state 4 NL state 5 Round 2 L state 6 B objective function: Minimize � r 0 + r 1 − 1 r = r 0 + 1 Z 2 r

  27. Modelling the MITM attack Modelling the distinguisher Constraints for Var(Z) Variables Var(Z) describe the relation between Var(X) and Var(Y) : Z r [ j ] = 1 iff X r [ j ] = Y r [ j ] = 1 state 0 A NL state 1 Round 0 L state 2 NL state 3 Round 1 L state 4 NL state 5 Round 2 L state 6 B objective function: Minimize � r 0 + r 1 − 1 r = r 0 + 1 Z 2 r Shi et al. Programming the Demirci-Selc ¸uk Meet-in-the-Middle Attack with Constraints ASK2017 2017.12.11 11 / 22

  28. Modelling the MITM attack Modelling the distinguisher Round 1 Round 2 SB , AC MC SB , AC MC AK , SR AK , SR Round 3 Round 4 SB , AC MC SB , AC MC AK , SR AK , SR Round 5 Round 6  1 0 1 1  SB , AC MC SB , AC MC       1 0 0 0   AK , SR AK , SR   MC =       0 1 1 0     Round 7 Round 8       SB , AC MC SB , AC MC   1 0 1 0 AK , SR AK , SR Round 9 Round 10 SB , AC MC SB , AC MC AK , SR AK , SR Round 11 SB , AC AK , SR

  29. Modelling the MITM attack Modelling the distinguisher Round 1 Round 2 SB , AC MC SB , AC MC AK , SR AK , SR Round 3 Round 4 SB , AC MC SB , AC MC AK , SR AK , SR Round 5 Round 6  1 0 1 1  SB , AC MC SB , AC MC       1 0 0 0   AK , SR AK , SR   MC =       0 1 1 0     Round 7 Round 8       SB , AC MC SB , AC MC   1 0 1 0 AK , SR AK , SR Round 9 Round 10 SB , AC MC SB , AC MC AK , SR AK , SR Round 11 SB , AC AK , SR

Recommend

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei Sun 1 Patrick Derbez 2 Yosuke Todo 3 Bing Sun 4 Lei Hu 1 1 Institute of Information Engineering, Chinese Academy of Sciences, China 2 Univ Rennes,

1.17k views • 87 slides
Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez

Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez

Introduction Demirci and Sel cuk Attack Differential Enumeration Technique Conclusion Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez 1 Pierre-Alain Fouque 1 , 2 Ecole Normale Sup

1.25k views • 60 slides
A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented

A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented

A Meet-in-the-Middle Attack on 8-Round AES H useyin Demirci Ali Aydn Sel cuk presented by Orhun Kara 1 Outline The AES A 5-round distinguisher Attack on 7-round AES-192, AES-256 and 8-round AES-256 Some optimizations

504 views • 19 slides
Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France

Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France

Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France FSE, March 3-5 2014 Plan 1 Match Box Meet-in-the-Middle Attacks Sieve-in-the-Middle Framework Match Box Cryptanalysis of KATAN 2 Description

1.61k views • 37 slides
Meet in the Middle Attack Using Output Truncation in 3 Pass HAVAL Yu Sasaki NTT

Meet in the Middle Attack Using Output Truncation in 3 Pass HAVAL Yu Sasaki NTT

Meet in the Middle Attack Using Output Truncation in 3 Pass HAVAL Yu Sasaki NTT Corporation 07/Sep/2009 ISC2009@Pisa 1/22 Yu Sasaki, MitM using output truncation of 3 Haval Summary HAVAL is a hash function that can produce

507 views • 23 slides
Meet in the Middle - STP March 20, 2019 1 / 17 Last weeks exercise Solution on whiteboard.

Meet in the Middle - STP March 20, 2019 1 / 17 Last weeks exercise Solution on whiteboard.

Meet in the Middle - STP March 20, 2019 1 / 17 Last weeks exercise Solution on whiteboard. 2 / 17 Recap of MitM attack Whiteboard 3 / 17 Searching for attacks By hand - Last week(s) Using the computer - This week 4 / 17

689 views • 23 slides
Desert Sky Middle School Virtual Meet the Teacher Hill/Willard/Crabtree/Chen Meet Your Teams

Desert Sky Middle School Virtual Meet the Teacher Hill/Willard/Crabtree/Chen Meet Your Teams

Desert Sky Middle School Virtual Meet the Teacher Hill/Willard/Crabtree/Chen Meet Your Teams Teachers: Ming Chen Meagan Willard Kristi Hill Lisa Crabtree Mandarin Math &amp; SS Language Arts Science &amp; SS &amp; SS &amp; SS Meet

551 views • 11 slides
Diffie-Hellman not secure against Man-in-the-Middle-attack: Want to guarantee authenticity. Alice

Diffie-Hellman not secure against Man-in-the-Middle-attack: Want to guarantee authenticity. Alice

Diffie-Hellman not secure against Man-in-the-Middle-attack: Want to guarantee authenticity. Alice Mallory Bob Can achieve this with publc-key cryptography as well. g a a First example: Schnorr Signature g m m a 1024 bit

283 views • 3 slides
Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g

Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g

Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g m m g ma g ma g n n g b b g nb g nb g ma g ma , g nb g nb Eike Ritter Cryptography 2014/15 106

417 views • 9 slides
Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle

Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle

Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle attack Diffie-Hellman Alice Bob new na new nb g na g nb K = (g nb ) na K = (g na ) nb Man-in-the-middle attack Diffie-Hellman Alice Bob Alice

401 views • 25 slides
Desert Sky Middle School Virtual Meet the Teacher Team C Team Introductions Tina Murray -

Desert Sky Middle School Virtual Meet the Teacher Team C Team Introductions Tina Murray -

Desert Sky Middle School Virtual Meet the Teacher Team C Team Introductions Tina Murray - Science Joe Isaac - Language Arts Lisa Nussmeier - Social Studies Melissa Little - Math Meet Our Specialists Sal Rodriguez - Physical Education (PE)

510 views • 12 slides
SELC : Sequential Elimination of Level Combinations by Means of Modified Genetic Algorithms

SELC : Sequential Elimination of Level Combinations by Means of Modified Genetic Algorithms

SELC : Sequential Elimination of Level Combinations by Means of Modified Genetic Algorithms Revision submitted to Technometrics Abhyuday Mandal Ph.D. Candidate School of Industrial and Systems Engineering Georgia Institute of Technology

487 views • 46 slides
WELCOME TO GLEN HILLS MIDDLE SCHOOL OPEN HOUSE 2019-20 Meet the 8th Grade Team! Mike

WELCOME TO GLEN HILLS MIDDLE SCHOOL OPEN HOUSE 2019-20 Meet the 8th Grade Team! Mike

WELCOME TO GLEN HILLS MIDDLE SCHOOL OPEN HOUSE 2019-20 Meet the 8th Grade Team! Mike Birmingham Jaclyn Orozco Natalie Block Shana Lucas Spanish Math Special Education AVID Coordinator AVID Elective Meet the 8th Grade Team! Jen Clark

190 views • 18 slides
Supersense Tagging for Arabic: The MT-in-the-Middle Attack Nathan Schneider Behrang Mohit Chris

Supersense Tagging for Arabic: The MT-in-the-Middle Attack Nathan Schneider Behrang Mohit Chris

Supersense Tagging for Arabic: The MT-in-the-Middle Attack Nathan Schneider Behrang Mohit Chris Dyer Kemal Oflazer Noah A. Smith 1 Gameplan Supersense(Tagging Baselines MT0in0the0Middle Analysis Outlook 3 Supersense(Tagging A

194 views • 18 slides
s e i t i v i t c A r a l u c i r r u c a r t x E Elm Middle School Why

s e i t i v i t c A r a l u c i r r u c a r t x E Elm Middle School Why

s e i t i v i t c A r a l u c i r r u c a r t x E Elm Middle School Why be involved? Fun Develop skills such as time management, Explore career prioritization, and interests organization, Meet people and

540 views • 15 slides
Welcome to Grapevine Middle School Meet the Counselors Mrs. Johnson- Counselor Traditional A-Z

Welcome to Grapevine Middle School Meet the Counselors Mrs. Johnson- Counselor Traditional A-Z

Welcome to Grapevine Middle School Meet the Counselors Mrs. Johnson- Counselor Traditional A-Z Mrs. Gardner- Counselor Specializing in STEM and Dual Language Mrs. Lemke Student Advocate GMS Administration Principal Dr. Koehler

710 views • 14 slides
Road to Blended Learning How to use TCI Strategies in a Middle School Classroom Meet the

Road to Blended Learning How to use TCI Strategies in a Middle School Classroom Meet the

Road to Blended Learning How to use TCI Strategies in a Middle School Classroom Meet the Speakers! Dawn Smith Tom McClellan National Account Manager Customer Success Manager What Well Be Covering The Cooperative, Tolerant yet

347 views • 24 slides
Robot Attack! Repelling Bots, DDOS, and other Fiends Stanford Drupal Camp 2015 MEET YOUR GUIDES

Robot Attack! Repelling Bots, DDOS, and other Fiends Stanford Drupal Camp 2015 MEET YOUR GUIDES

Robot Attack! Repelling Bots, DDOS, and other Fiends Stanford Drupal Camp 2015 MEET YOUR GUIDES Suzanne Aldrich Martijn Gonlag Senior Customer Success Engineer - Pantheon Technical Support Engineer - CloudFlare AGENDA Surveying Robots

247 views • 13 slides
Notes to Slides Slide 2: The Middle East sits where Africa, Asia and Europe meet. The Greater

Notes to Slides Slide 2: The Middle East sits where Africa, Asia and Europe meet. The Greater

Notes to Slides Slide 2: The Middle East sits where Africa, Asia and Europe meet. The Greater Middle East includes all countries on the map to the left including Afghanistan and Pakistan, and all the other &quot;stans,&quot; but it also includes

138 views • 3 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day &gt;&gt; exploitation of the device &gt;&gt; the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Welcome to Middle School Information Night Join the Conversation on Twitter Using #MSInfoNight

Welcome to Middle School Information Night Join the Conversation on Twitter Using #MSInfoNight

Welcome to Middle School Information Night Join the Conversation on Twitter Using #MSInfoNight Meet Your Principals Dr. Lori Wiggins Dr. Casey Robinson Keisha Boggan Gunston H-B Woodlawn Jefferson 2 Meet Your Principals David McBride

359 views • 20 slides
PROPAGANDA Parallel ROP Attack Generator and Non-Direct Assembler Chris Lee and Ben Spinelli A

PROPAGANDA Parallel ROP Attack Generator and Non-Direct Assembler Chris Lee and Ben Spinelli A

PROPAGANDA Parallel ROP Attack Generator and Non-Direct Assembler Chris Lee and Ben Spinelli A return-oriented programming (ROP) attack takes advantage of buffer overflow vulnerabilities in executables to gain control of the program. Stack

395 views • 11 slides
Blended Learning Teaching Strategies Middle School Science Meet the Speakers! Nathan Marsha

Blended Learning Teaching Strategies Middle School Science Meet the Speakers! Nathan Marsha

Blended Learning Teaching Strategies Middle School Science Meet the Speakers! Nathan Marsha Curriculum Developer Director, Product Experience Icebreaker 1. Get two sticky notes (or tear a sheet of paper in half). 2. Think about your

538 views • 39 slides
Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th November 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur, Henry and David. The handout and

556 views • 8 slides

More recommend