security and implementation properties of abc v 2
play

Security and Implementation Properties of ABC v.2 Vladimir Anashin - PowerPoint PPT Presentation

Oct 26, 2023 •251 likes •811 views

Outline ABC v.2 Security Scalability Performance Summary Security and Implementation Properties of ABC v.2 Vladimir Anashin Andrey Bogdanov 1 Ilya Kizhvatov 2 Russian State University for the Humanities, Moscow, Russia

  1. Outline ABC v.2 Security Scalability Performance Summary Security and Implementation Properties of ABC v.2 Vladimir Anashin † Andrey Bogdanov ‡ 1 Ilya Kizhvatov † 2 † Russian State University for the Humanities, Moscow, Russia ‡ escrypt GmbH – Embedded Security, Bochum, Germany SASC 2006, Leuven, Belgium 1Partially supported by Ruhr-Universität Bochum 2Partially supported by the ECRYPT stipend V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 1/15

  2. Outline ABC v.2 Security Scalability Performance Summary Outline ABC v.2 Status Tweaks Security Keystream Properties Attacks and Remedies Scalability Performance V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 2/15

  3. Outline ABC v.2 Security Scalability Performance Summary Status ABC v.2 The status of the cipher ◮ Originally submitted to eSTREAM ◮ Attacked (Berbain, Gilbert, Khazaei; July 2005) ◮ Tweaks − → ABC v.2 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 3/15

  4. Outline ABC v.2 Security Scalability Performance Summary Status ABC v.2 The status of the cipher ◮ Originally submitted to eSTREAM ◮ Attacked (Berbain, Gilbert, Khazaei; July 2005) ◮ Tweaks − → ABC v.2 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 3/15

  5. Outline ABC v.2 Security Scalability Performance Summary Status ABC v.2 The status of the cipher ◮ Originally submitted to eSTREAM − → ABC v.1 ◮ Attacked (Berbain, Gilbert, Khazaei; July 2005) ◮ Tweaks − → ABC v.2 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 3/15

  6. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 B Tweaks B ( x ) ◮ 128-bit LFSR A x z 3 ¯ ◮ Faster transform B B ( x ) + ¯ z 3 x ◮ Adjusted setup z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) procedures A ( z ) C C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  7. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 B Tweaks B ( x ) ◮ 128-bit LFSR A x z 3 ¯ ◮ Faster transform B B ( x ) + ¯ z 3 x ◮ Adjusted setup z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) procedures A ( z ) C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  8. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 B Tweaks B ( x ) ◮ 128-bit LFSR A x z 3 ¯ ◮ Faster transform B B ( x ) + ¯ z 3 x ◮ Adjusted setup z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) procedures A ( z ) C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  9. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Tweaks IV B ( x ) ◮ 128-bit LFSR A x z 3 ¯ ◮ Faster transform B B ( x ) + ¯ z 3 x ◮ Adjusted setup z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) procedures A ( z ) C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  10. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Effects IV B ( x ) ◮ Longer keystream x z 3 ¯ period B ( x ) + ¯ z 3 x ◮ Larger secret state z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) ◮ Negligible A ( z ) performance overhead C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  11. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Effects IV B ( x ) ◮ Longer keystream x z 3 ¯ period B ( x ) + ¯ z 3 x ◮ Larger secret state z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) ◮ Negligible A ( z ) performance overhead C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  12. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Effects IV B ( x ) ◮ Longer keystream x z 3 ¯ period B ( x ) + ¯ z 3 x ◮ Larger secret state z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) ◮ Negligible A ( z ) performance overhead C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  13. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Effects IV B ( x ) ◮ Longer keystream x z 3 ¯ period B ( x ) + ¯ z 3 x ◮ Larger secret state z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) ◮ Negligible A ( z ) performance overhead C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  14. Outline ABC v.2 Security Scalability Performance Summary Keystream Properties ABC v.2 Proven Keystream Properties ◮ The length P of the shortest period of 32 -bit words P = 2 32 · (2 127 − 1) ◮ Uniform distribution of 32 -bit words � � { number of word occurrences } − 1 1 � � � < √ � � 2 32 P P � ◮ High linear complexity λ 2 31 · (2 127 − 1) + 1 � λ � 2 31 + 1 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 5/15

  15. Outline ABC v.2 Security Scalability Performance Summary Keystream Properties ABC v.2 Proven Keystream Properties ◮ The length P of the shortest period of 32 -bit words P = 2 32 · (2 127 − 1) ◮ Uniform distribution of 32 -bit words � � { number of word occurrences } − 1 1 � � � < √ � � 2 32 P P � ◮ High linear complexity λ 2 31 · (2 127 − 1) + 1 � λ � 2 31 + 1 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 5/15

  16. Outline ABC v.2 Security Scalability Performance Summary Keystream Properties ABC v.2 Proven Keystream Properties ◮ The length P of the shortest period of 32 -bit words P = 2 32 · (2 127 − 1) ◮ Uniform distribution of 32 -bit words � � { number of word occurrences } − 1 1 � � � < √ � � 2 32 P P � ◮ High linear complexity λ 2 31 · (2 127 − 1) + 1 � λ � 2 31 + 1 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 5/15

  17. Outline ABC v.2 Security Scalability Performance Summary Attacks and Remedies Attacks and Remedies Attack on ABC v.1 ◮ Divide and conquer (Berbain, Gilber; Khazaei) Non-bijective C → biased output → guessing the LFSR state Remedies ◮ Bijective C Distinguishing the right guess becomes impossible ◮ 128 -bit LFSR Attack complexity exceeds 2 128 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 6/15

  18. Outline ABC v.2 Security Scalability Performance Summary Attacks and Remedies Attacks and Remedies Attack on ABC v.1 ◮ Divide and conquer (Berbain, Gilber; Khazaei) Non-bijective C → biased output → guessing the LFSR state Remedies ◮ Bijective C Distinguishing the right guess becomes impossible ◮ 128 -bit LFSR Attack complexity exceeds 2 128 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 6/15

  19. Outline ABC v.2 Security Scalability Performance Summary Attacks and Remedies Attacks and Remedies Attack on ABC v.1 ◮ Divide and conquer (Berbain, Gilber; Khazaei) Non-bijective C → biased output → guessing the LFSR state Remedies ◮ Bijective C Distinguishing the right guess becomes impossible ◮ 128 -bit LFSR Attack complexity exceeds 2 128 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 6/15

  20. Outline ABC v.2 Security Scalability Performance Summary Attacks and Remedies Attacks and Remedies Attack on ABC v.1 ◮ Divide and conquer (Berbain, Gilber; Khazaei) Non-bijective C → biased output → guessing the LFSR state Remedies ◮ Bijective C − → attack possibility Distinguishing the right guess becomes impossible ◮ 128 -bit LFSR Attack complexity exceeds 2 128 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 6/15

Recommend

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval, Steve Kremer, Itsaka Rakotonirina Inria Nancy Grand-Est Security protocols TLS Wifi @ PASS E-voting E-passport 2 24 Security protocols

830 views • 69 slides
A (Co)inductive System Calculus for Security Properties [New title suggestions are welcome!]

A (Co)inductive System Calculus for Security Properties [New title suggestions are welcome!]

A (Co)inductive System Calculus for Security Properties [New title suggestions are welcome!] Eric Rothstein Morris Supervisor: Joachim Posegga Chair of IT Security University of Passau er@sec.uni-passau.de ESORICS 2015 - PhD Symposium

322 views • 17 slides
Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla ekr@rtfm.com EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 1 WARNING This talk contains no research content.

284 views • 15 slides
IMPLEMENTATION OF SECURITY COUNCIL RESOLUTION 2231 (2015) Ope Open Briefing n Briefing

IMPLEMENTATION OF SECURITY COUNCIL RESOLUTION 2231 (2015) Ope Open Briefing n Briefing

IMPLEMENTATION OF SECURITY COUNCIL RESOLUTION 2231 (2015) Ope Open Briefing n Briefing Security Council Facilitator New York, 1 March 2016 1 INTRODUCTION What has What are the changed since main provisions Implementation of Res. 2231?

416 views • 16 slides
Security Classification Policy Implementation in Policing Update Helen Edwards Head of

Security Classification Policy Implementation in Policing Update Helen Edwards Head of

Security Classification Policy Implementation in Policing Update Helen Edwards Head of Information Management March 2013 1 New Security Classifications From April 2014, the Government security classifications are changing.

173 views • 13 slides
PENSION IMPLEMENTATION IN THE CONTEXT OF LAW ON NATIONAL SOCIAL SECURITY SYSTEM: A MATHEMATICAL

PENSION IMPLEMENTATION IN THE CONTEXT OF LAW ON NATIONAL SOCIAL SECURITY SYSTEM: A MATHEMATICAL

PENSION IMPLEMENTATION IN THE CONTEXT OF LAW ON NATIONAL SOCIAL SECURITY SYSTEM: A MATHEMATICAL APPROACH Bambang Purwoko Member of National Social Security Council Experts Meeting of the ILO Le Meridien Jakarta, 12-15 December 2011 1

176 views • 16 slides
National Implementation Action Plans National Implementation Action Plans WORKSHOP ON THE

National Implementation Action Plans National Implementation Action Plans WORKSHOP ON THE

National Implementation Action Plans National Implementation Action Plans WORKSHOP ON THE IMPLEMENTATION OF UNITED NATIONS SECURITY COUNCIL WORKSHOP ON THE IMPLEMENTATION OF UNITED NATIONS SECURITY COUNCI L RESOLUTION 1540 (2004) RESOLUTION

229 views • 11 slides
Biological Risk Management and United Nations Security Council Resolution 1540: Implementation

Biological Risk Management and United Nations Security Council Resolution 1540: Implementation

Biological Risk Management and United Nations Security Council Resolution 1540: Implementation and Technical Assistance in Central America and the Caribbean Dana Perkins, PhD 1540 Committee Expert Regional Workshop on National Implementation

175 views • 16 slides
WORKSHOP ON THE IMPLEMENTATION OF UNITED NATIONS SECURITY COUNCIL RESOLUTION 1540 (2004)

WORKSHOP ON THE IMPLEMENTATION OF UNITED NATIONS SECURITY COUNCIL RESOLUTION 1540 (2004)

WORKSHOP ON THE IMPLEMENTATION OF UNITED NATIONS SECURITY COUNCIL RESOLUTION 1540 (2004) IMPLEMENTATION OF RESOLUTION 1540 (2004) IN AFRICA: AN OVERVIEW ADDIS ABABA, ETHIOPIA, 10 DECEMBER 2013 BENNIE LOMBARD MEMBER GROUP OF EXPERTS ASSISTING

768 views • 29 slides
Assessment, and Implementation Plan May 11, 2018 The Homeland Security Systems Engineering and

Assessment, and Implementation Plan May 11, 2018 The Homeland Security Systems Engineering and

Cyber Risk Metrics Survey, Assessment, and Implementation Plan May 11, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI) is a trademark of the U.S. Department of Homeland Security (DHS). The HSSEDI FFRDC is

151 views • 13 slides
A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke

A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke

A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke Huisman Alejandro Tamalet Radboud University Nijmegen, The Netherlands Introduction: The Goal Trusted devices (smart phones, PDA, smart

787 views • 42 slides
Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and Algorithmic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems &amp; Applications Nancy France August 2018

1.23k views • 78 slides
Compositional Verification of Security Properties for Embedded Execution Platforms Christoph

Compositional Verification of Security Properties for Embedded Execution Platforms Christoph

Compositional Verification of Security Properties for Embedded Execution Platforms Christoph Baumann , Oliver Schwarz , Mads Dam KTH Royal Institute of Technology, Stockholm, Sweden RISE.SICS, Kista, Sweden cbaumann@kth.se

903 views • 65 slides
Proving Properties of Security Protocols by Induction Lawrence C. Paulson Computer Laboratory

Proving Properties of Security Protocols by Induction Lawrence C. Paulson Computer Laboratory

Proving Security Protocols 1 L. C. Paulson Proving Properties of Security Protocols by Induction Lawrence C. Paulson Computer Laboratory University of Cambridge Proving Security Protocols 2 L. C. Paulson Cryptographic Protocol Analysis

389 views • 24 slides
Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure,

Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure,

Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure, quipe Abstraction Mehdi Bouaziz Friday, May 11 2012 Static Analysis of Security Properties by Abstract Interpretation Mehdi Bouaziz, cole normale

839 views • 29 slides
Australias Implementation of the ISPS Code ARF 4th Inter Sessional Meeting Maritime Security

Australias Implementation of the ISPS Code ARF 4th Inter Sessional Meeting Maritime Security

Australias Implementation of the ISPS Code ARF 4th Inter Sessional Meeting Maritime Security Anthony Gibson Maritime Operational Policy Office of Transport Security Department of Infrastructure and Transport For Thought Does voluntary

303 views • 13 slides
Investigating the security properties of MACs based on stream ciphers Leonie Simpson, Mufeed Al

Investigating the security properties of MACs based on stream ciphers Leonie Simpson, Mufeed Al

Investigating the security properties of MACs based on stream ciphers Leonie Simpson, Mufeed Al Mashrafi, Harry Bartlett, Ed Dawson and Kenneth Wong Institute for Future Environments Science and Engineering Faculty Queensland University of

650 views • 35 slides
United Nations Security Council Resolution 1540 (2004) - Update on National Implementation -

United Nations Security Council Resolution 1540 (2004) - Update on National Implementation -

United Nations Security Council Resolution 1540 (2004) - Update on National Implementation - Regional Workshop on the Implementation of UNSC Resolution 1540 (2004), 9-10 May 2013, Belgrade, Republic of Serbia Mr. KAI KIESSLER MEMBER GROUP OF

533 views • 18 slides
United Nations Security Council Travel Ban on Al-Qaida and associates: Implementation

United Nations Security Council Travel Ban on Al-Qaida and associates: Implementation

United Nations Security Council Travel Ban on Al-Qaida and associates: Implementation Opportunities and Challenges UN Counter-Terrorism Al-Qaida Monitoring Sanctions Security List Team Committee Council List 1988 Lists Sanctions

448 views • 21 slides
1 Multilevel Security Different security levels for resources Important systems A

1 Multilevel Security Different security levels for resources Important systems A

Last time Threats Introduction Threat analysis Policy Introduction to access Specification control matrix Design Implementation Operation and Maintenance 7/10 - 05 Distributed systems - Jonny Pettersson, UmU 1 Security in the

444 views • 13 slides
Apache Airavata Security Manager Authentication &amp; Authorization Im Implementation for a

Apache Airavata Security Manager Authentication &amp; Authorization Im Implementation for a

Apache Airavata Security Manager Authentication &amp; Authorization Im Implementation for a Multi- Tenant e-Science Framework Supun Nakandala, Hasini Gunasinghe, Suresh Marru and Marlon Pierce Science Gateways Research Center Indiana

695 views • 33 slides
COURSE IN INTRODUCT CTION SECURITY PROPERTIES SECURE DESIG IGN Dr. Ben Livshits High-Level

COURSE IN INTRODUCT CTION SECURITY PROPERTIES SECURE DESIG IGN Dr. Ben Livshits High-Level

CO 445H COURSE IN INTRODUCT CTION SECURITY PROPERTIES SECURE DESIG IGN Dr. Ben Livshits High-Level Course Logistics 2 https:/ ://www.doc.ic ic.ac.uk/~liv livshit its/cla lasses/CO445H/ / Course Logistics 3 Monday: 2-hour time

874 views • 53 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Model checking security properties of Java components Thomas Jensen IRISA Rennes, France DISPO

Model checking security properties of Java components Thomas Jensen IRISA Rennes, France DISPO

Model checking security properties of Java components Thomas Jensen IRISA Rennes, France DISPO meeting Ecole des Mines de Nantes 23 September 2004 Thomas Jensen: Model checking security properties of Java components Nantes, 23/09/2004

386 views • 37 slides

More recommend