security and implementation properties of abc v 2
play

Security and Implementation Properties of ABC v.2 Vladimir Anashin - PowerPoint PPT Presentation

Outline ABC v.2 Security Scalability Performance Summary Security and Implementation Properties of ABC v.2 Vladimir Anashin Andrey Bogdanov 1 Ilya Kizhvatov 2 Russian State University for the Humanities, Moscow, Russia


  1. Outline ABC v.2 Security Scalability Performance Summary Security and Implementation Properties of ABC v.2 Vladimir Anashin † Andrey Bogdanov ‡ 1 Ilya Kizhvatov † 2 † Russian State University for the Humanities, Moscow, Russia ‡ escrypt GmbH – Embedded Security, Bochum, Germany SASC 2006, Leuven, Belgium 1Partially supported by Ruhr-Universität Bochum 2Partially supported by the ECRYPT stipend V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 1/15

  2. Outline ABC v.2 Security Scalability Performance Summary Outline ABC v.2 Status Tweaks Security Keystream Properties Attacks and Remedies Scalability Performance V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 2/15

  3. Outline ABC v.2 Security Scalability Performance Summary Status ABC v.2 The status of the cipher ◮ Originally submitted to eSTREAM ◮ Attacked (Berbain, Gilbert, Khazaei; July 2005) ◮ Tweaks − → ABC v.2 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 3/15

  4. Outline ABC v.2 Security Scalability Performance Summary Status ABC v.2 The status of the cipher ◮ Originally submitted to eSTREAM ◮ Attacked (Berbain, Gilbert, Khazaei; July 2005) ◮ Tweaks − → ABC v.2 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 3/15

  5. Outline ABC v.2 Security Scalability Performance Summary Status ABC v.2 The status of the cipher ◮ Originally submitted to eSTREAM − → ABC v.1 ◮ Attacked (Berbain, Gilbert, Khazaei; July 2005) ◮ Tweaks − → ABC v.2 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 3/15

  6. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 B Tweaks B ( x ) ◮ 128-bit LFSR A x z 3 ¯ ◮ Faster transform B B ( x ) + ¯ z 3 x ◮ Adjusted setup z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) procedures A ( z ) C C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  7. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 B Tweaks B ( x ) ◮ 128-bit LFSR A x z 3 ¯ ◮ Faster transform B B ( x ) + ¯ z 3 x ◮ Adjusted setup z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) procedures A ( z ) C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  8. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 B Tweaks B ( x ) ◮ 128-bit LFSR A x z 3 ¯ ◮ Faster transform B B ( x ) + ¯ z 3 x ◮ Adjusted setup z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) procedures A ( z ) C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  9. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Tweaks IV B ( x ) ◮ 128-bit LFSR A x z 3 ¯ ◮ Faster transform B B ( x ) + ¯ z 3 x ◮ Adjusted setup z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) procedures A ( z ) C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  10. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Effects IV B ( x ) ◮ Longer keystream x z 3 ¯ period B ( x ) + ¯ z 3 x ◮ Larger secret state z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) ◮ Negligible A ( z ) performance overhead C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  11. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Effects IV B ( x ) ◮ Longer keystream x z 3 ¯ period B ( x ) + ¯ z 3 x ◮ Larger secret state z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) ◮ Negligible A ( z ) performance overhead C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  12. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Effects IV B ( x ) ◮ Longer keystream x z 3 ¯ period B ( x ) + ¯ z 3 x ◮ Larger secret state z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) ◮ Negligible A ( z ) performance overhead C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  13. Outline ABC v.2 Security Scalability Performance Summary Tweaks ABC v.2 Key B Effects IV B ( x ) ◮ Longer keystream x z 3 ¯ period B ( x ) + ¯ z 3 x ◮ Larger secret state z x A z = (¯ z 3 , ¯ z 2 , ¯ z 1 , ¯ z 0 ) ◮ Negligible A ( z ) performance overhead C 64 128 C ( x ) z 0 ¯ y = C ( x ) + ¯ z 0 plain text stream cipher text stream Result: Elimination of the known attacks V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 4/15

  14. Outline ABC v.2 Security Scalability Performance Summary Keystream Properties ABC v.2 Proven Keystream Properties ◮ The length P of the shortest period of 32 -bit words P = 2 32 · (2 127 − 1) ◮ Uniform distribution of 32 -bit words � � { number of word occurrences } − 1 1 � � � < √ � � 2 32 P P � ◮ High linear complexity λ 2 31 · (2 127 − 1) + 1 � λ � 2 31 + 1 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 5/15

  15. Outline ABC v.2 Security Scalability Performance Summary Keystream Properties ABC v.2 Proven Keystream Properties ◮ The length P of the shortest period of 32 -bit words P = 2 32 · (2 127 − 1) ◮ Uniform distribution of 32 -bit words � � { number of word occurrences } − 1 1 � � � < √ � � 2 32 P P � ◮ High linear complexity λ 2 31 · (2 127 − 1) + 1 � λ � 2 31 + 1 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 5/15

  16. Outline ABC v.2 Security Scalability Performance Summary Keystream Properties ABC v.2 Proven Keystream Properties ◮ The length P of the shortest period of 32 -bit words P = 2 32 · (2 127 − 1) ◮ Uniform distribution of 32 -bit words � � { number of word occurrences } − 1 1 � � � < √ � � 2 32 P P � ◮ High linear complexity λ 2 31 · (2 127 − 1) + 1 � λ � 2 31 + 1 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 5/15

  17. Outline ABC v.2 Security Scalability Performance Summary Attacks and Remedies Attacks and Remedies Attack on ABC v.1 ◮ Divide and conquer (Berbain, Gilber; Khazaei) Non-bijective C → biased output → guessing the LFSR state Remedies ◮ Bijective C Distinguishing the right guess becomes impossible ◮ 128 -bit LFSR Attack complexity exceeds 2 128 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 6/15

  18. Outline ABC v.2 Security Scalability Performance Summary Attacks and Remedies Attacks and Remedies Attack on ABC v.1 ◮ Divide and conquer (Berbain, Gilber; Khazaei) Non-bijective C → biased output → guessing the LFSR state Remedies ◮ Bijective C Distinguishing the right guess becomes impossible ◮ 128 -bit LFSR Attack complexity exceeds 2 128 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 6/15

  19. Outline ABC v.2 Security Scalability Performance Summary Attacks and Remedies Attacks and Remedies Attack on ABC v.1 ◮ Divide and conquer (Berbain, Gilber; Khazaei) Non-bijective C → biased output → guessing the LFSR state Remedies ◮ Bijective C Distinguishing the right guess becomes impossible ◮ 128 -bit LFSR Attack complexity exceeds 2 128 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 6/15

  20. Outline ABC v.2 Security Scalability Performance Summary Attacks and Remedies Attacks and Remedies Attack on ABC v.1 ◮ Divide and conquer (Berbain, Gilber; Khazaei) Non-bijective C → biased output → guessing the LFSR state Remedies ◮ Bijective C − → attack possibility Distinguishing the right guess becomes impossible ◮ 128 -bit LFSR Attack complexity exceeds 2 128 V. Anashin, A. Bogdanov, I. Kizhvatov http://crypto.rsuh.ru ABC v.2 Security and Implementation 6/15

Recommend


More recommend