s box reverse engineering
play

S-Box Reverse-Engineering Boolean Functions, American/Russian - PowerPoint PPT Presentation

Dec 31, 2023 •280 likes •1.28k views

S-Box Reverse-Engineering Boolean Functions, American/Russian Standards, and Butterflies Lo Perrin Based on joint works with Biryukov, Canteaut, Duval and Udovenko June 6, 2018 CECC18 Building Blocks for Symmetric Cryptography Statistics

  1. S-Box Reverse-Engineering Boolean Functions, American/Russian Standards, and Butterflies Léo Perrin Based on joint works with Biryukov, Canteaut, Duval and Udovenko June 6, 2018 CECC’18

  2. Building Blocks for Symmetric Cryptography Statistics and Skipjack TU-Decomposition and Kuznyechik The Butterfly Permutations and Functions Conclusion Outline 1 Building Blocks for Symmetric Cryptography 2 Statistics and Skipjack 3 TU-Decomposition and Kuznyechik The Butterfly Permutations and Functions 4 Conclusion 5 1 / 46

  3. Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Outline 1 Building Blocks for Symmetric Cryptography 2 Statistics and Skipjack 3 TU-Decomposition and Kuznyechik The Butterfly Permutations and Functions 4 Conclusion 5 1 / 46

  4. Definition (Block Cipher) x Input: n -bit block x Parameter: k -bit key E Output: n -bit block E x 1 use the same Symmetry: E and E E x Properties needed: Diffusion Confusion No cryptanalysis! Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Symmetric Cryptography There are many symmetric algorithms! Hash functions, MACs... 2 / 46

  5. Properties needed: Diffusion Confusion No cryptanalysis! Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Symmetric Cryptography There are many symmetric algorithms! Hash functions, MACs... Definition (Block Cipher) x Input: n -bit block x Parameter: k -bit key κ κ E Output: n -bit block E κ ( x ) Symmetry: E and E − 1 use the same κ E κ ( x ) 2 / 46

  6. Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Symmetric Cryptography There are many symmetric algorithms! Hash functions, MACs... Definition (Block Cipher) x Input: n -bit block x Parameter: k -bit key κ κ E Output: n -bit block E κ ( x ) Symmetry: E and E − 1 use the same κ E κ ( x ) Properties needed: Diffusion Confusion No cryptanalysis! 2 / 46

  7. Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion No Cryptanalysis? Let us look at a typical cryptanalysis technique: the differential attack. 3 / 46

  8. x x a a E E E x E x a b b Differential Attack If there are many x such that E x E x a b , then the cipher is not secure . 6ec1067e5c5390ae 6ec1067e5c5391ae 7abb3f43c4989a22 0x04d4595257eb06c8 0x7e6f661193739cea Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Differential Attacks ⊕ a = 0000000000000100 4 / 46

  9. x x a a E x E x a b b Differential Attack If there are many x such that E x E x a b , then the cipher is not secure . 6ec1067e5c5390ae 6ec1067e5c5391ae 7abb3f43c4989a22 0x04d4595257eb06c8 0x7e6f661193739cea Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Differential Attacks ⊕ a = 0000000000000100 E κ E κ 4 / 46

  10. x x a a E x E x a b b Differential Attack If there are many x such that E x E x a b , then the cipher is not secure . 6ec1067e5c5390ae 6ec1067e5c5391ae 7abb3f43c4989a22 0x04d4595257eb06c8 0x7e6f661193739cea Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Differential Attacks ⊕ a = 0000000000000100 E κ E κ 4 / 46

  11. x x a a E x E x a b Differential Attack If there are many x such that E x E x a b , then the cipher is not secure . 0x04d4595257eb06c8 0x7e6f661193739cea 6ec1067e5c5391ae 6ec1067e5c5390ae Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Differential Attacks ⊕ a = 0000000000000100 E κ E κ ⊕ b = 7abb3f43c4989a22 4 / 46

  12. a 0000000000000100 b Differential Attack If there are many x such that E x E x a b , then the cipher is not secure . 0x7e6f661193739cea 7abb3f43c4989a22 6ec1067e5c5391ae 6ec1067e5c5390ae 0x04d4595257eb06c8 Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Differential Attacks ⊕ x ⊕ a x a E κ E κ E κ ( x ) ⊕ E κ ( x ⊕ a ) b 4 / 46

  13. a 0000000000000100 b 0x04d4595257eb06c8 0x7e6f661193739cea 7abb3f43c4989a22 6ec1067e5c5390ae 6ec1067e5c5391ae Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Differential Attacks ⊕ x ⊕ a x a E κ E κ E κ ( x ) ⊕ E κ ( x ⊕ a ) b Differential Attack If there are many x such that E κ ( x ) ⊕ E κ ( x ⊕ a ) = b , then the cipher is not secure . 4 / 46

  14. i S S S S S S S S L Substitution-Permutation Network Such a block cipher iterates the round function above several times. S is the S ubstitution B ox (S-Box). Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Basic Block Cipher Structure How do we build block ciphers that prevent such attacks (as well as others)? 5 / 46

  15. Substitution-Permutation Network Such a block cipher iterates the round function above several times. S is the S ubstitution B ox (S-Box). Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Basic Block Cipher Structure How do we build block ciphers that prevent such attacks (as well as others)? κ i ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ S S S S S S S S L 5 / 46

  16. Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion Basic Block Cipher Structure How do we build block ciphers that prevent such attacks (as well as others)? κ i ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ S S S S S S S S L Substitution-Permutation Network Such a block cipher iterates the round function above several times. S is the S ubstitution B ox (S-Box). 5 / 46

  17. Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion The S-Box (1/2) The S-Box π of the latest Russian standards, Kuznyechik (BC) and Streebog (HF). 6 / 46

  18. In academic papers presenting new block ciphers, the choice of S is carefully explained. Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion The S-Box (2/2) Importance of the S-Box If S is such that S ( x ) ⊕ S ( x ⊕ a ) = b does not have many solutions x for all ( a , b ) then the cipher may be proved secure against differential attacks. 7 / 46

  19. Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion The S-Box (2/2) Importance of the S-Box If S is such that S ( x ) ⊕ S ( x ⊕ a ) = b does not have many solutions x for all ( a , b ) then the cipher may be proved secure against differential attacks. In academic papers presenting new block ciphers, the choice of S is carefully explained. 7 / 46

  20. Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion S-Box Design 8 / 46

  21. Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion S-Box Design 8 / 46

  22. Building Blocks for Symmetric Cryptography Statistics and Skipjack Basics of Symmetric Cryptography TU-Decomposition and Kuznyechik Block Cipher Design The Butterfly Permutations and Functions Conclusion S-Box Design Grøstl... iScream... Khazad... 8 / 46

Recommend

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a

Reverse Engineering CS 166 Armen Boursalian 30 Apr 2018 Reverse Engineering Take a product, understand how it works Usually limited to certain aspects, not full systems Need to know a little bit about a lot of topics to gain

636 views • 11 slides
Reverse Engineering TCP/ IP Reverse Engineering TCP/ IP Steven Low EAS, Caltech Joint work

Reverse Engineering TCP/ IP Reverse Engineering TCP/ IP Steven Low EAS, Caltech Joint work

Reverse Engineering TCP/ IP Reverse Engineering TCP/ IP Steven Low EAS, Caltech Joint work with: Li J W Li, J. Wang, Pongsajapan, Tan, Tang, M. Wang P j T T M W Outline Background Layering as optimization decomposition L

932 views • 47 slides
Next-Generation Debuggers For Reverse Engineering For Reverse Engineering The ERESI team

Next-Generation Debuggers For Reverse Engineering For Reverse Engineering The ERESI team

Next-Generation Debuggers For Reverse Engineering For Reverse Engineering The ERESI team eresi@asgardlabs.org This presentation is about .. The Embedded ERESI debugger : e2dbg The Embedded ERESI tracer : etrace The ERESI reverse

849 views • 47 slides
CS 166: Information Security Reverse Engineering & Digital Rights Management Prof. Tom

CS 166: Information Security Reverse Engineering & Digital Rights Management Prof. Tom

CS 166: Information Security Reverse Engineering & Digital Rights Management Prof. Tom Austin San Jos State University SRE Software Reverse Engineering Also known as Reverse Code Engineering (RCE) Or simply reversing

1.04k views • 80 slides
Reverse Engineering MAC: A Non-Cooperative Game Model Jianwei Huang Information Engineering The

Reverse Engineering MAC: A Non-Cooperative Game Model Jianwei Huang Information Engineering The

Reverse Engineering MAC: A Non-Cooperative Game Model Jianwei Huang Information Engineering The Chinese University of Hong Kong Joint work with J.-W. Lee, A. Tang, M. Chiang and A. R. Canderbank J. Huang (CUHK) Reverse Engineering MAC Nov.

605 views • 38 slides
Reverse Engineering Closed, heterogeneous platforms and the defenders dilemma Looking back at

Reverse Engineering Closed, heterogeneous platforms and the defenders dilemma Looking back at

Reverse Engineering Closed, heterogeneous platforms and the defenders dilemma Looking back at the last 20 years of RE and looking ahead at the next few SSTIC 2018 -- Thomas Dullien (Halvar Flake) Progress in Reverse Engineering 2010

941 views • 64 slides
Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms Lo Perrin SnT, University of Luxembourg April 25, 2017 PhD Defence Introduction On S-Box Reverse-Engineering On Lightweight Cryptography Conclusion

1.76k views • 137 slides
Reverse engineering basics @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs

Reverse engineering basics @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs

Reverse engineering basics @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs http://kirils.org for more Possible Security Reverse engineering? www.indiamart.com Contents Hardware architecture Processors and machine language

536 views • 25 slides
Understanding human speech recognition: Reverse-engineering the engineering solution using

Understanding human speech recognition: Reverse-engineering the engineering solution using

Cai Wingfield CSLB, Department of Psychology Workshop on Neurocomputation: From Brains to Machines University of Cambridge 25 November 2015 Understanding human speech recognition: Reverse-engineering the engineering solution using EMEG

196 views • 18 slides
Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs WCRE 2008 Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software Architecture Group David R. Cheriton School of Computer Science University of Waterloo Canada

726 views • 57 slides
Reverse engineering AT32UC3As JTAG Introduction Overview LSE Summer Week 2014 TAP

Reverse engineering AT32UC3As JTAG Introduction Overview LSE Summer Week 2014 TAP

Reverse engineering AT32UC3As JTAG Pierre Surply Reverse engineering AT32UC3As JTAG Introduction Overview LSE Summer Week 2014 TAP Controller Scan Chain Pierre Surply Boundary Scan UC3 JTAG EPITA 2016 Reverse engineering Jul

968 views • 72 slides
Reverse Engineering Dr. Vadim Zaytsev aka @grammarware UvA, MSc SE, 9 November 2015 Roadmap

Reverse Engineering Dr. Vadim Zaytsev aka @grammarware UvA, MSc SE, 9 November 2015 Roadmap

Reverse Engineering Dr. Vadim Zaytsev aka @grammarware UvA, MSc SE, 9 November 2015 Roadmap W44 Introduction V.Zaytsev W45 Metaprogramming J.Vinju W46 Reverse Engineering V.Zaytsev W47 Software Analytics M.Bruntink W48 Clone

751 views • 31 slides
Reverse Engineering DSP Code GameCube DSP Analyzing GCN DSP code Pierre Bourdon Conclusion

Reverse Engineering DSP Code GameCube DSP Analyzing GCN DSP code Pierre Bourdon Conclusion

Reverse Engineering DSP Code Pierre Bourdon Introduction DSP Reverse Engineering DSP Code GameCube DSP Analyzing GCN DSP code Pierre Bourdon Conclusion delroth@lse.epita.fr http://lse.epita.fr February 12, 2013 Context Reverse

856 views • 18 slides
Introduction .NET Reverse Engineering Eric DePree Introduction to .NET Programs written for

Introduction .NET Reverse Engineering Eric DePree Introduction to .NET Programs written for

Introduction .NET Reverse Engineering Eric DePree Introduction to .NET Programs written for .NET are easy to reverse engineer. This is not in any way a fault in the design of .NET; it is simply a reality of modern, intermediate-compiled

132 views • 10 slides
Explaining the Boom-Bust Cycle in the U.S. Housing Market: A Reverse-Engineering Approach

Explaining the Boom-Bust Cycle in the U.S. Housing Market: A Reverse-Engineering Approach

Overview Evidence Model Calibration Quantitative Results Reverse Engineered Shocks Conclusion Extras Explaining the Boom-Bust Cycle in the U.S. Housing Market: A Reverse-Engineering Approach Paolo Gelain Kevin J. Lansing Gisle J.

717 views • 50 slides
Reverse engineering using computational algebra Elena Dimitrova School of Mathematical and

Reverse engineering using computational algebra Elena Dimitrova School of Mathematical and

Reverse engineering using computational algebra Elena Dimitrova School of Mathematical and Statistical Sciences Clemson University http://edimit.people.clemson.edu/ Algebraic Biology E. Dimitrova (Clemson) Reverse engineering using

864 views • 57 slides
Computer and Information Security Fall 2019 Reverse Engineering Tyler Bletsch Duke University

Computer and Information Security Fall 2019 Reverse Engineering Tyler Bletsch Duke University

ECE590 Computer and Information Security Fall 2019 Reverse Engineering Tyler Bletsch Duke University With additional content by Jiaming Li, NC State University, 2015 What is software reverse engineering? Determine and possibly change

629 views • 35 slides
Reverse engineering - traces to state machines Neil Walkinshaw and Kirill Bogdanov 1 1 Department

Reverse engineering - traces to state machines Neil Walkinshaw and Kirill Bogdanov 1 1 Department

Inference Competition Reverse engineering - traces to state machines Neil Walkinshaw and Kirill Bogdanov 1 1 Department of Computer Science The University of Sheffield TAIC PART, September 4, 2010 U. of Sheffield Reverse engineering - traces

660 views • 17 slides
Software Maintenance Overview Legacy code Reverse-engineering Re-engineering

Software Maintenance Overview Legacy code Reverse-engineering Re-engineering

Software Maintenance Overview Legacy code Reverse-engineering Re-engineering Preventative Maintenance Michal Young / Stuart Faulk 05/16/99 1 Post-Deployment Evolution a.k.a. maintenance General definition:

238 views • 10 slides
ECE590 Computer and Information Security Fall 2018 Reverse Engineering Tyler Bletsch Duke

ECE590 Computer and Information Security Fall 2018 Reverse Engineering Tyler Bletsch Duke

ECE590 Computer and Information Security Fall 2018 Reverse Engineering Tyler Bletsch Duke University With additional content by Jiaming Li, NC State University, 2015 What is software reverse engineering? Determine and possibly change

643 views • 35 slides
17 th Workshop on Software Engineering Education and Reverse Engineering Primosten, Croatia

17 th Workshop on Software Engineering Education and Reverse Engineering Primosten, Croatia

17 th Workshop on Software Engineering Education and Reverse Engineering Primosten, Croatia September 2018 "A proposed model for peer assessment in t he digit al age: Leveraging social media plat forms" | 17t h Workshop on

248 views • 13 slides
Reverse-engineering human intelligence, and engineering more human-like AI Josh Tenenbaum MIT

Reverse-engineering human intelligence, and engineering more human-like AI Josh Tenenbaum MIT

Reverse-engineering human intelligence, and engineering more human-like AI Josh Tenenbaum MIT Computational Cognitive Science Group CSAIL Department of Brain and Cognitive Sciences March 2013 A success story: Intelligence as statistics

379 views • 5 slides
spin Static instrumentation for binary reverse-engineering David Guillen Fandos Tarragona

spin Static instrumentation for binary reverse-engineering David Guillen Fandos Tarragona

spin Static instrumentation for binary reverse-engineering David Guillen Fandos Tarragona Spain david@davidgf.net davidgf.net github.com/davidgfnet Reverse-engineering What are we talking about? Discover how a software program

261 views • 23 slides
Reverse engineering using computational algebra Matthew Macauley Department of Mathematical

Reverse engineering using computational algebra Matthew Macauley Department of Mathematical

Reverse engineering using computational algebra Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4500, Spring 2017 M. Macauley (Clemson) Reverse engineering using computational

655 views • 29 slides

More recommend