SlideShare una empresa de Scribd logo

Basics of Cryptography - Stream ciphers and PRNG

julien pauli
julien pauli

Basics of Cryptography - Stream ciphers and PRNG

Tecnología
1 de 73
Basics of cryptography Shift registers and stream ciphers
Menu  Can't explain the whole cryptography here  Let's try to explain how it works  Simply  Let's see then some concrete examples  Among so many other fields of application...
Menu  Cryptography main rule  Vernam One Time Pad (OTP)  Computer applications  Problems  Solutions  Symetric computer-based cryptography  PRNG & LFSR  Designing a stream cipher using PHP and C  Applications :  DVD-Blu-Ray encryption (CSS / AACS)  Wifi (WEP : RC4)  GSM (A5/1)
About me  Julien PAULI - @julienpauli - github.com/jpauli  Working for Sensiolabs in Paris  Release manager of PHP 5.5 / 5.6  PHP internals contributor from time to time (bug fixes, internal API, performances)  Knowledges about CPU architectures, C lang, Linux and networking
Vernam OTP (One Time Password)  The only method of encryption that is mathematically absolutely 100% sure and uncrackable
Vernam OTP  The only method of encryption that is mathematically absolutely 100% sure and uncrackable Hello foo secretkey ????????? clear key encrypted +
Vernam OTP  You modulo-add clear text + a key, randomly chosen and of the same size (or more) than the clear text  The operation is fully bijective and can be undone , just like a classical math addition 3 + 8 = 11 11 - 8 = 3
Vernam OTP 3 + 8 = 11 11 ??? = ??? clear + key = encrypted  This cryptography method is the only one being 100% safe and not violable.  If you get the crypted content only, you'll never be able to get back the clear text, without having the key
Vernam OTP  Used in the image field this time : + =
Vernam conditions  Vernam OTP is 100% sure if and only if :  The key is random and cant be guessed  The key is kept secret  The key size is >= to the clear content size  The key is never reused (One Time Password : OTP)  The same key is used to encrypt and decrypt  This is called symetric encryption
Vernam conditions  If the key is reused : + = + = + = 1 1 2 2 keykey keykey
Vernam  Used during WW II  Enigma  Used in red phone  To link Moscow to Washington  Keys (physical) were carried using extra safe planes
In computer science  Machines make use of basis 2 (binary)  "modulo 2 addition" is called XOR (exclusive OR)  Noted or ^ A B A ^ B 0 0 0 0 1 1 1 0 1 1 1 0
XOR for cryptography  XOR satisfies Vernam OTP conditions  Having A a clear text  Having B a secret key  Crypted C = A ^ B  Clear A = C ^ B Symetric cryptography using key C
Vernam in computer sciences  Vernam based cryptography is inviolable if :  The key is kept secret  The key size is >= the clear size  The key is random  The key is never reused  Those 4 rules seem hard to achieve in modern computers world
1 - The key is kept secret
The key is secret  It is possible, while not best, to exchange the key securely  Hand to hand  "What's the wifi password please ?"  Usually, asymetric cryptography is used to create a secure channel to exchange the symetric crypto key
And then ?  Vernam based cryptography is inviolable if :  The key is kept secret  The key size is >= the clear size  The key is random  The key is not used more than once
2 - The key size is >= the clear size
Key size  To crypt 25Mb of data , one will need a 25Mb key  that's 26214400 characters  How to do to use a "reasonnably finite-size" key ?  Think about Wifi keys, often long sized, but not that long of thousands of thousands of chars
LFSR
LFSR  Linear Feedback Shift Register  Solution chosen to solve the problem "The key size must be >= the clear size to crypt"  How does that work ?
LFSR  Linear Feedback Shift Register  Computer and electronic structure  Easy to code in computer language  Easy to make into electronic chips  Very powerful, very fast
One byte : 8 digits (bits)  2^7 + 2^5 + 2^2 + 2^1 + 2^0 = 167 (decimal)  In computer science, 1 byte = 1 character (like 'f')  or one integer between 0 and 255 if you prefer  Let's take one byte from the secret key 1 01 10 1101 7 6 5 4 3 2 1 0
LFSR 1 01 10 1101  Shift register. At each clock tick ...  Shift digits one slot to the right  Reinject the right-out digit to the left  We got an infinite source of digits  This is a circular shift Extracted digit used to crypt one digit of the payload (using XOR)
LFSR 1 01 10 1101  Shift register  Shift to the right  Reinject on the left  We got an infinite number of digits but ...  We got a finite digit sequence (repeating itself) 1 10 11 1001 1 01 11 0011 1 11 01 0101 1- 2- 3- 4-
LFSR 1 01 10 1101  Shift register  We got an infinite digit sequence  But not random  The feedback function is 1 1 10 11 1001 1 01 11 0011 1 11 01 0101 . .. 1- 2- 3- 4- . . .
Where are we ?  Vernam based cryptography is inviolable if :  The key is secret  The key size is >= the clear size  The key is random  The key is never reused
LFSR 1 01 10 1101  The sequence is going to repeat itself  How to add it some randomness ? 1 10 11 1001 1 01 11 0011 1 11 01 0101 . .. 1- 2- 3- 4-
LFSR 1 01 10 1101  It's all about the feedback function  Let's complexify the feedback function
LFSR 1 01 10 1101 1 01 10 1101 1 10 11 1000 1 10 10 0001 1 11 01 0001 1- 2- 3- 4-
LFSR  That starts looking random right ? 1 01 10 1101 1 10 11 1000 1 10 10 0001 1 11 01 0001 167 83 145 240 bits Integer
LFSR vs Maths 1 01 10 1101  This can be mathematically modelized :  S = X^8 + X^7 + X^6 + X^5 + 1  This is a classic polynom , that can be solved
m-sequence LFSR 1 01 10 1101  As the output is injected back into the input, this LFSR will generate a finite number of states  The maximum sequence is 2^n - 1  "n" is the LFSR degree (number of digits)  This maximum sequence is called the "m-sequence"  In the above example, n is 8, the LFSR will have a maximum period of 255 states
m-sequence LFSR 1 01 10 1101  To get an m-sequence  The number of feedback digits must be odd  Their factors must be prime between them  S = X^8 + X^7 + X^6 + X^5 + 1  Works, this LFSR will have a m-sequence (255 states)  S = X^8 + 1  Doesn't work, this LFSR will repeat before 255 states
m-sequence LFSR 1 01 10 1101  If we extend LFSR to 32 digits, max period becomes 2^32 - 1  That's 4294967295 different states  Randomness slowly becomes more and more appearingly clear  With 32 digits (4 bytes or 4 secret key chars) we can encrypt 4294967295 digits, thus 512Mb.  Above that : the key repeats itself (and invalidates Vernam conditions)
LFSR example coded in PHP  https://github.com/jpauli/PHP-Crypto **Simple Galois LFSR, degree 7 (127 states m-sequence)** Used register bits for feedback : 7 6 Deducted Feedback function : 1100000 (0X60) Your initial state is : 00000000000000000000001110001100 (908) Let's now start the Linear Feedback Shift Register [Iteration] [-------Internal Register -------] [PRandom bit] | | | v v v 0 - 00000000000000000000001110001100 [ 0 ] 1 - 00000000000000000000000111000110 [ 0 ] 2 - 00000000000000000000000011100011 [ 1 ] 3 - 00000000000000000000000000010001 [ 1 ] 4 - 00000000000000000000000001101000 [ 0 ]
LFSR example coded in PHP for ($i = 0; $i < count(self::POLYNOMIAL_PRIME_COEFF[$this->degree]); $i++) $this->taps[ ] = self::POLYNOMIAL_PRIME_COEFF[$this->degree][$i]; $this->ff |= (1 << self::POLYNOMIAL_PRIME_COEFF[$this->degree][$i]); } /* LFSR always has first and last bit set */ $this->ff |= 1 << ($this->degree); $this->ff |=1; do { $this->iterations++; $this->currentState >>= 1; /* Shift register */ yield $this->iterations => $this->currentState; if ($this->currentState & 1) { $this->currentState ^= $this->ff; /* re-enter */ } } while ($this->currentState != $this->start);
Encryption with a LFSR ?  Pretty easy  Initialize LFSR with the secret key  Encrypt each clear digit with one digit generated from the LFSR using XOR operation  This is called a stream cipher  (bloc ciphers also exist)
Stream Cipher demo  https://github.com/jpauli/PHP-Crypto
Generating a random byte using an LFSR function getRandomByte(LFSR $lfsr) : int { $random = 0; $run = $lfsr->run(); for ($j=0; $j<8; $j++) { $random |= $lfsr->getCurrentBit() << $j; $run->next(); } return $random; }
Ciphering clear data with the random byte function cipher(string $input) : string { $dataSize = strlen($input); $i = 0; $output = ''; $lfsr = new LFSR($this->degree, $this->seed); do { $random = $this->getRandomByte($lfsr); $data = unpack('C', $input[$i]); $output .= pack('C', $outputByte = $data[1] ^ $random); } while (++$i < $dataSize); return $output; } Yeah !
Where are we ?  Vernam based cryptography is inviolable if :  The key is secret  The key size is >= the clear size  The key is random  The key is not reused
Stream ciphers can be secure if  The key is secret  The feedback digits are kept secret  The period is big enough (m-sequence) to never loop  The attacker cannot access the input stream  If the attacker can inject some data into the clear input, a linear equation system can be used to crack the LFSR and deduce the key  This, with only 2n states  "Berlekamp-Massey attack"
Having a good initialisation  Randomness will depend on how the key is used to initialize the LFSR in the stream cipher  The key is used to define the starting state of the LFSR  It can also be used to choose the feedback digits  The key is usually mixed with an initialization vector (IV), which is some piece of random bytes.  Thus, with the same key , the same LFSR will produce different output
Hacking the encryption process  If the LFSR starts looping, its going to produce the same output (repeat itself) and thus doesn't satisfy Vernam conditions anymore  If the attacker can inject some input, he can use Berlekamp- Massey attack to crack the LFSR key and states
How to strengthen the LFSR ?
Strengthen the encryption  Branch several LFSR together : 1 01 10 1101 1 11 00 output
Strengthen the encryption  Having several LFSR working together :  The loop is still linear  Thus can be cracked in polynomial time by injecting some traffic into the input  N-degree linear equation system  We push the time limit, only
Application examples  Well-known LFSR XOR based encryption systems  (And how they've been hacked)
Examples  Content Scrambling System (CSS)  DVD protection mechanism (from 1995)  Cracked in 1999 by hacking the LFSRs  Keys are cracked by injecting some input, watching the output and cracking the polynoms  DECSS is born, and movie piracy with it  Back then, less than 18 seconds were needed to a Pentium 3 @ 450Mhz to hack the LFSRs
CSS
DECSS  CSS keys are secret and distributed by DVDCCA to DVD- reader manufacturers  Keys are stored into the hardware (or soft for PC softwares)  Each device needs a key, this is costly  http://www.dvdcca.org/css.aspx  Hence, free world and Linux were forgotten from DVDCCA  The open/free world answered by cracking CSS  Lawsuits happened  Technical analysis of CSS :  http://www.lemuria.org/DeCSS/crypto.gq.nu/
CSS and VLC  Since, DECSS code is embeded into VLC  In libdvdcss  http://git.videolan.org/?p=libdvdcss.git;a=blob;f=src/css.c;  This code is the algorithm to hack CSS protected DVDs, to read them under Linux  Hacking the LFSRs and the keys  Otherwise the stream is crypted and unreadable
 LFSR cant be cryptographically secure, but we can still push the limits of the time needed to crack it  Time should be > brute force attack  If output is a linear function of the input, then it can be cracked  https://en.wikipedia.org/wiki/Correlation_attack  We need to have the output not being a linear function of the input.  Use a non-linear reentrancy function  NLFSR  Use a non-linear shift Strengthen the encryption
Trivium
Notes about Trivium  3 LFSR  A : 93 digits  B : 84 digits  C : 111 digits  On LFSR input depends on an other's output and one of its own digit  Period 2^64  Some of the output makes use of an AND  AND is a modulo-2 multiplication  Thus cryptanalysis of the output cant crack the LFSR in linear time anymore
Using Trivium  80 digits IV  loaded in the A LFSR left digits  secret key of 80 digits as well  loaded in the B LFSR left digits  All other digits are zeroed.  We shuffle 1152 round times.  Starting from 1153th time : we got our stream
Cracking Trivium  Today, no efficient attack has been discovered  We found algos in 2^68  Thus above brute force (2^64) , thus useless  As of today 2018, Trivium is recommanded by security experts
A5/1
A5/1  A5/1 makes use of 3 LFSR  19 / 22 / 23 digits  Introduces a non-linear shift :  LFSR are shifted only if it is in the MAJ(1,2,3) set
A5/1  A5/1 is used to crypt GSM communications  It took about 10 years, but today A5/1 is broken  In an acceptable time  Under acceptable computing hardware (CPU/Mem)  Often still needs some specific hardware  Some flaws were found in the GSM protocols that weaken A5/1 and allow an attack
RC4  Rivest Cipher 4 don't use LFSR, but still can be used as a pseudo random generator  The big picture of RC4 :  Byte based (unit is byte, not digit)  Works on a 256 bytes payload  Uses many permutations and one XOR only  Huge period, about 10^100  Depending on the key used  Max theoric period is : 2^170000
RC4  We put 256 bytes into an array  We shuffle the array by adding bytes and swapping them  We get one byte from the array at indexes i and j  We shuffle 2 array slots, then i and j
RC4
RC4 , demo in PHP and C  https://github.com/jpauli/PHP-Crypto
RC4 is cracked  As its been massively used since its creation (1987), RC4 has been cracked  Today, it is cracked. Flaws have been discovered  The first bytes leak some informations about the key  KSA (Key Scheduling Algo) is too weak  RC4 doesnt define how to use the IV  So weak usage started to appear (concatenation of IV with the key)  algo has some weaknesses  You can recognize RC4 from a P-random output stream
RC4 in practice  RC4 was used in 802.11 WEP (Wired Equivalent Privacy).  WEP is very weak :  Ability to inject some trafic in input, and watch the output, thus hijacking the internal state of RC4  Control checksum are weak (CRC32 : which is linear)  Reusage of the key (overflow of the stream cipher period)
Conclusions
Memorize  We talked about stream ciphers  There exists block ciphers  DES/AES/BlowFish/RC5  Every cipher uses the only 100% cryptographically secure Vernam one-time pad  A secret key  A key length >= the clear length  A modulo-2 addition (XOR in radix 2)
Memorize  100% cryptographically secure Vernam one-time pad  A secret key  A key length >= the clear length  A modulo-2 addition (XOR in radix 2)  ... is difficult to gather in computer world  We then use compromises : LFSR f.e  From XOR operations, we try to push the limits so far that it goes over brute force time  But cryptanalysers often use high level math tools to try to hack such systems  Daniel J Bernstein should be the most known engineer about cryptanalysis
Crypto using PHP ?  Don't use ext/mcrypt  Old, unmaintained, bugged and unsecure  Don't use mt_*() or rand() for crypto purposes  Use ext/hash if you need to hash  Use ext/sodium if you need to crypt  2018 crypto. secured stream ciphers :  trivium / salsa20 ...  Have a look at the "estream" project  http://www.ecrypt.eu.org/stream/
Thank you for listening !

Recomendados

2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
Symmetric ciphers questions and answers
Symmetric ciphers questions and answersSymmetric ciphers questions and answers
Symmetric ciphers questions and answersprdpgpt
 
modeling of system electronics, Operational Amplifier Basics Solved Examples ...
modeling of system electronics, Operational Amplifier Basics Solved Examples ...modeling of system electronics, Operational Amplifier Basics Solved Examples ...
modeling of system electronics, Operational Amplifier Basics Solved Examples ...Waqas Afzal
 
Seminar on Chaos Based Cryptography
Seminar on Chaos Based CryptographySeminar on Chaos Based Cryptography
Seminar on Chaos Based CryptographyMuhammad Hamid
 
An Image Encryption using Chaotic Based Cryptosystem
An Image Encryption using Chaotic Based CryptosystemAn Image Encryption using Chaotic Based Cryptosystem
An Image Encryption using Chaotic Based Cryptosystemxlyle
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 

Recomendados

2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
Symmetric ciphers questions and answers
Symmetric ciphers questions and answersSymmetric ciphers questions and answers
Symmetric ciphers questions and answersprdpgpt
 
modeling of system electronics, Operational Amplifier Basics Solved Examples ...
modeling of system electronics, Operational Amplifier Basics Solved Examples ...modeling of system electronics, Operational Amplifier Basics Solved Examples ...
modeling of system electronics, Operational Amplifier Basics Solved Examples ...Waqas Afzal
 
Seminar on Chaos Based Cryptography
Seminar on Chaos Based CryptographySeminar on Chaos Based Cryptography
Seminar on Chaos Based CryptographyMuhammad Hamid
 
An Image Encryption using Chaotic Based Cryptosystem
An Image Encryption using Chaotic Based CryptosystemAn Image Encryption using Chaotic Based Cryptosystem
An Image Encryption using Chaotic Based Cryptosystemxlyle
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
PyTorch for Deep Learning Practitioners
PyTorch for Deep Learning PractitionersPyTorch for Deep Learning Practitioners
PyTorch for Deep Learning PractitionersBayu Aldi Yansyah
 
First order response
First order responseFirst order response
First order responseMd. Mujahiduzzaman
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash functionomarShiekh1
 
The evolution of TMS, family of DSP\'s
The evolution of TMS, family of DSP\'sThe evolution of TMS, family of DSP\'s
The evolution of TMS, family of DSP\'sRitul Sonania
 
Cryptography
CryptographyCryptography
CryptographyKARNAN L S
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5Mohamed El-Serngawy
 
El Gamal Cryptosystem
El Gamal CryptosystemEl Gamal Cryptosystem
El Gamal CryptosystemAdri Jovin
 
Blow fish final ppt
Blow fish final pptBlow fish final ppt
Blow fish final pptAjay AJ
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesramya marichamy
 
AES.pptx
AES.pptxAES.pptx
AES.pptxRizwanBasha12
 
Cryptography
CryptographyCryptography
Cryptographygueste4c97e
 
quantum cryptography
quantum cryptographyquantum cryptography
quantum cryptographyvignans institute for management and technology for women
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of OperationRoman Oliynykov
 
Ch03
Ch03Ch03
Ch03Joe Christensen
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
RC 4
RC 4 RC 4
RC 4 Sovan Paul
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureAdarsh Patel
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
ElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptxElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptxIndian Institute of information technology Una
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)farazvirk554
 
symet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.pptsymet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.ppthalosidiq1
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
 

Más contenido relacionado

La actualidad más candente

PyTorch for Deep Learning Practitioners
PyTorch for Deep Learning PractitionersPyTorch for Deep Learning Practitioners
PyTorch for Deep Learning PractitionersBayu Aldi Yansyah
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash functionomarShiekh1
 
The evolution of TMS, family of DSP\'s
The evolution of TMS, family of DSP\'sThe evolution of TMS, family of DSP\'s
The evolution of TMS, family of DSP\'sRitul Sonania
 
El Gamal Cryptosystem
El Gamal CryptosystemEl Gamal Cryptosystem
El Gamal CryptosystemAdri Jovin
 
Blow fish final ppt
Blow fish final pptBlow fish final ppt
Blow fish final pptAjay AJ
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesramya marichamy
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of OperationRoman Oliynykov
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureAdarsh Patel
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)farazvirk554
 

La actualidad más candente (20)

PyTorch for Deep Learning Practitioners
PyTorch for Deep Learning PractitionersPyTorch for Deep Learning Practitioners
PyTorch for Deep Learning Practitioners
 
First order response
First order responseFirst order response
First order response
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
 
The evolution of TMS, family of DSP\'s
The evolution of TMS, family of DSP\'sThe evolution of TMS, family of DSP\'s
The evolution of TMS, family of DSP\'s
 
Cryptography
CryptographyCryptography
Cryptography
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
 
El Gamal Cryptosystem
El Gamal CryptosystemEl Gamal Cryptosystem
El Gamal Cryptosystem
 
Blow fish final ppt
Blow fish final pptBlow fish final ppt
Blow fish final ppt
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
AES.pptx
AES.pptxAES.pptx
AES.pptx
 
Cryptography
CryptographyCryptography
Cryptography
 
quantum cryptography
quantum cryptographyquantum cryptography
quantum cryptography
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
Ch03
Ch03Ch03
Ch03
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
 
RC 4
RC 4 RC 4
RC 4
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signature
 
block ciphers
block ciphersblock ciphers
block ciphers
 
ElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptxElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptx
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)
 

Similar a Basics of Cryptography - Stream ciphers and PRNG

symet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.pptsymet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.ppthalosidiq1
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
 
Lecture 2 coal sping12
Lecture 2 coal sping12Lecture 2 coal sping12
Lecture 2 coal sping12Rabia Khalid
 
Renas Rajab Asaad
Renas Rajab Asaad Renas Rajab Asaad
Renas Rajab Asaad Renas Rekany
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherMazin Alwaaly
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
Introduction to encryption
Introduction to encryptionIntroduction to encryption
Introduction to encryptionfaffyman
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportsakhi rehman
 
Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2AfiqEfendy Zaen
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochDefCamp
 
Network Security UNIT-II
Network Security UNIT-IINetwork Security UNIT-II
Network Security UNIT-IIrathnadeepa2
 
M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)SrideviM4
 
5 stream ciphers
5 stream ciphers5 stream ciphers
5 stream ciphersHarish Sahu
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:Asad Ali
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 
Lec2_cont.pptx galgotias University questions
Lec2_cont.pptx galgotias University questionsLec2_cont.pptx galgotias University questions
Lec2_cont.pptx galgotias University questionsYashJain47002
 
Encoder for (7,3) cyclic code using matlab
Encoder for (7,3) cyclic code using matlabEncoder for (7,3) cyclic code using matlab
Encoder for (7,3) cyclic code using matlabSneheshDutta
 

Similar a Basics of Cryptography - Stream ciphers and PRNG (20)

symet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.pptsymet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.ppt
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...
 
Lecture 2 coal sping12
Lecture 2 coal sping12Lecture 2 coal sping12
Lecture 2 coal sping12
 
Iss lecture 2
Iss lecture 2Iss lecture 2
Iss lecture 2
 
Renas Rajab Asaad
Renas Rajab Asaad Renas Rajab Asaad
Renas Rajab Asaad
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipher
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
 
Introduction to encryption
Introduction to encryptionIntroduction to encryption
Introduction to encryption
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_report
 
Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
Network Security UNIT-II
Network Security UNIT-IINetwork Security UNIT-II
Network Security UNIT-II
 
M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)M.Sridevi II-M.Sc (computer science)
M.Sridevi II-M.Sc (computer science)
 
5 stream ciphers
5 stream ciphers5 stream ciphers
5 stream ciphers
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-Hash
 
Lec2_cont.pptx galgotias University questions
Lec2_cont.pptx galgotias University questionsLec2_cont.pptx galgotias University questions
Lec2_cont.pptx galgotias University questions
 
Encoder for (7,3) cyclic code using matlab
Encoder for (7,3) cyclic code using matlabEncoder for (7,3) cyclic code using matlab
Encoder for (7,3) cyclic code using matlab
 
WiFi Security Explained
WiFi Security ExplainedWiFi Security Explained
WiFi Security Explained
 

Más de julien pauli

Doctrine with Symfony - SymfonyCon 2019
Doctrine with Symfony - SymfonyCon 2019Doctrine with Symfony - SymfonyCon 2019
Doctrine with Symfony - SymfonyCon 2019julien pauli
 
PHP 7 OPCache extension review
PHP 7 OPCache extension reviewPHP 7 OPCache extension review
PHP 7 OPCache extension reviewjulien pauli
 
PHP Internals and Virtual Machine
PHP Internals and Virtual MachinePHP Internals and Virtual Machine
PHP Internals and Virtual Machinejulien pauli
 
Mastering your home network - Do It Yourself
Mastering your home network - Do It YourselfMastering your home network - Do It Yourself
Mastering your home network - Do It Yourselfjulien pauli
 
SymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performancesSymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performancesjulien pauli
 
Php and threads ZTS
Php and threads ZTSPhp and threads ZTS
Php and threads ZTSjulien pauli
 
Symfony live 2017_php7_performances
Symfony live 2017_php7_performancesSymfony live 2017_php7_performances
Symfony live 2017_php7_performancesjulien pauli
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshopjulien pauli
 
Profiling php5 to php7
Profiling php5 to php7Profiling php5 to php7
Profiling php5 to php7julien pauli
 
PHP 7 performances from PHP 5
PHP 7 performances from PHP 5PHP 7 performances from PHP 5
PHP 7 performances from PHP 5julien pauli
 
Mysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionMysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionjulien pauli
 
Php extensions workshop
Php extensions workshopPhp extensions workshop
Php extensions workshopjulien pauli
 
Understanding PHP objects
Understanding PHP objectsUnderstanding PHP objects
Understanding PHP objectsjulien pauli
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13julien pauli
 

Más de julien pauli (20)

Doctrine with Symfony - SymfonyCon 2019
Doctrine with Symfony - SymfonyCon 2019Doctrine with Symfony - SymfonyCon 2019
Doctrine with Symfony - SymfonyCon 2019
 
Php engine
Php enginePhp engine
Php engine
 
PHP 7 OPCache extension review
PHP 7 OPCache extension reviewPHP 7 OPCache extension review
PHP 7 OPCache extension review
 
Dns
DnsDns
Dns
 
PHP Internals and Virtual Machine
PHP Internals and Virtual MachinePHP Internals and Virtual Machine
PHP Internals and Virtual Machine
 
Mastering your home network - Do It Yourself
Mastering your home network - Do It YourselfMastering your home network - Do It Yourself
Mastering your home network - Do It Yourself
 
SymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performancesSymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performances
 
Php and threads ZTS
Php and threads ZTSPhp and threads ZTS
Php and threads ZTS
 
Tcpip
TcpipTcpip
Tcpip
 
Symfony live 2017_php7_performances
Symfony live 2017_php7_performancesSymfony live 2017_php7_performances
Symfony live 2017_php7_performances
 
PHP 7 new engine
PHP 7 new enginePHP 7 new engine
PHP 7 new engine
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshop
 
Profiling php5 to php7
Profiling php5 to php7Profiling php5 to php7
Profiling php5 to php7
 
PHP 7 performances from PHP 5
PHP 7 performances from PHP 5PHP 7 performances from PHP 5
PHP 7 performances from PHP 5
 
PHP7 is coming
PHP7 is comingPHP7 is coming
PHP7 is coming
 
Mysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionMysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extension
 
Php extensions workshop
Php extensions workshopPhp extensions workshop
Php extensions workshop
 
Understanding PHP objects
Understanding PHP objectsUnderstanding PHP objects
Understanding PHP objects
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13
 
PHP5.5 is Here
PHP5.5 is HerePHP5.5 is Here
PHP5.5 is Here
 

Último

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 

Último (20)

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 

Basics of Cryptography - Stream ciphers and PRNG

  • 1. Basics of cryptography Shift registers and stream ciphers
  • 2. Menu  Can't explain the whole cryptography here  Let's try to explain how it works  Simply  Let's see then some concrete examples  Among so many other fields of application...
  • 3. Menu  Cryptography main rule  Vernam One Time Pad (OTP)  Computer applications  Problems  Solutions  Symetric computer-based cryptography  PRNG & LFSR  Designing a stream cipher using PHP and C  Applications :  DVD-Blu-Ray encryption (CSS / AACS)  Wifi (WEP : RC4)  GSM (A5/1)
  • 4. About me  Julien PAULI - @julienpauli - github.com/jpauli  Working for Sensiolabs in Paris  Release manager of PHP 5.5 / 5.6  PHP internals contributor from time to time (bug fixes, internal API, performances)  Knowledges about CPU architectures, C lang, Linux and networking
  • 5. Vernam OTP (One Time Password)  The only method of encryption that is mathematically absolutely 100% sure and uncrackable
  • 6. Vernam OTP  The only method of encryption that is mathematically absolutely 100% sure and uncrackable Hello foo secretkey ????????? clear key encrypted +
  • 7. Vernam OTP  You modulo-add clear text + a key, randomly chosen and of the same size (or more) than the clear text  The operation is fully bijective and can be undone , just like a classical math addition 3 + 8 = 11 11 - 8 = 3
  • 8. Vernam OTP 3 + 8 = 11 11 ??? = ??? clear + key = encrypted  This cryptography method is the only one being 100% safe and not violable.  If you get the crypted content only, you'll never be able to get back the clear text, without having the key
  • 9. Vernam OTP  Used in the image field this time : + =
  • 10. Vernam conditions  Vernam OTP is 100% sure if and only if :  The key is random and cant be guessed  The key is kept secret  The key size is >= to the clear content size  The key is never reused (One Time Password : OTP)  The same key is used to encrypt and decrypt  This is called symetric encryption
  • 11. Vernam conditions  If the key is reused : + = + = + = 1 1 2 2 keykey keykey
  • 12. Vernam  Used during WW II  Enigma  Used in red phone  To link Moscow to Washington  Keys (physical) were carried using extra safe planes
  • 13. In computer science  Machines make use of basis 2 (binary)  "modulo 2 addition" is called XOR (exclusive OR)  Noted or ^ A B A ^ B 0 0 0 0 1 1 1 0 1 1 1 0
  • 14. XOR for cryptography  XOR satisfies Vernam OTP conditions  Having A a clear text  Having B a secret key  Crypted C = A ^ B  Clear A = C ^ B Symetric cryptography using key C
  • 15. Vernam in computer sciences  Vernam based cryptography is inviolable if :  The key is kept secret  The key size is >= the clear size  The key is random  The key is never reused  Those 4 rules seem hard to achieve in modern computers world
  • 16. 1 - The key is kept secret
  • 17. The key is secret  It is possible, while not best, to exchange the key securely  Hand to hand  "What's the wifi password please ?"  Usually, asymetric cryptography is used to create a secure channel to exchange the symetric crypto key
  • 18. And then ?  Vernam based cryptography is inviolable if :  The key is kept secret  The key size is >= the clear size  The key is random  The key is not used more than once
  • 19. 2 - The key size is >= the clear size
  • 20. Key size  To crypt 25Mb of data , one will need a 25Mb key  that's 26214400 characters  How to do to use a "reasonnably finite-size" key ?  Think about Wifi keys, often long sized, but not that long of thousands of thousands of chars
  • 21. LFSR
  • 22. LFSR  Linear Feedback Shift Register  Solution chosen to solve the problem "The key size must be >= the clear size to crypt"  How does that work ?
  • 23. LFSR  Linear Feedback Shift Register  Computer and electronic structure  Easy to code in computer language  Easy to make into electronic chips  Very powerful, very fast
  • 24. One byte : 8 digits (bits)  2^7 + 2^5 + 2^2 + 2^1 + 2^0 = 167 (decimal)  In computer science, 1 byte = 1 character (like 'f')  or one integer between 0 and 255 if you prefer  Let's take one byte from the secret key 1 01 10 1101 7 6 5 4 3 2 1 0
  • 25. LFSR 1 01 10 1101  Shift register. At each clock tick ...  Shift digits one slot to the right  Reinject the right-out digit to the left  We got an infinite source of digits  This is a circular shift Extracted digit used to crypt one digit of the payload (using XOR)
  • 26. LFSR 1 01 10 1101  Shift register  Shift to the right  Reinject on the left  We got an infinite number of digits but ...  We got a finite digit sequence (repeating itself) 1 10 11 1001 1 01 11 0011 1 11 01 0101 1- 2- 3- 4-
  • 27. LFSR 1 01 10 1101  Shift register  We got an infinite digit sequence  But not random  The feedback function is 1 1 10 11 1001 1 01 11 0011 1 11 01 0101 . .. 1- 2- 3- 4- . . .
  • 28. Where are we ?  Vernam based cryptography is inviolable if :  The key is secret  The key size is >= the clear size  The key is random  The key is never reused
  • 29. LFSR 1 01 10 1101  The sequence is going to repeat itself  How to add it some randomness ? 1 10 11 1001 1 01 11 0011 1 11 01 0101 . .. 1- 2- 3- 4-
  • 30. LFSR 1 01 10 1101  It's all about the feedback function  Let's complexify the feedback function
  • 31. LFSR 1 01 10 1101 1 01 10 1101 1 10 11 1000 1 10 10 0001 1 11 01 0001 1- 2- 3- 4-
  • 32. LFSR  That starts looking random right ? 1 01 10 1101 1 10 11 1000 1 10 10 0001 1 11 01 0001 167 83 145 240 bits Integer
  • 33. LFSR vs Maths 1 01 10 1101  This can be mathematically modelized :  S = X^8 + X^7 + X^6 + X^5 + 1  This is a classic polynom , that can be solved
  • 34. m-sequence LFSR 1 01 10 1101  As the output is injected back into the input, this LFSR will generate a finite number of states  The maximum sequence is 2^n - 1  "n" is the LFSR degree (number of digits)  This maximum sequence is called the "m-sequence"  In the above example, n is 8, the LFSR will have a maximum period of 255 states
  • 35. m-sequence LFSR 1 01 10 1101  To get an m-sequence  The number of feedback digits must be odd  Their factors must be prime between them  S = X^8 + X^7 + X^6 + X^5 + 1  Works, this LFSR will have a m-sequence (255 states)  S = X^8 + 1  Doesn't work, this LFSR will repeat before 255 states
  • 36. m-sequence LFSR 1 01 10 1101  If we extend LFSR to 32 digits, max period becomes 2^32 - 1  That's 4294967295 different states  Randomness slowly becomes more and more appearingly clear  With 32 digits (4 bytes or 4 secret key chars) we can encrypt 4294967295 digits, thus 512Mb.  Above that : the key repeats itself (and invalidates Vernam conditions)
  • 37. LFSR example coded in PHP  https://github.com/jpauli/PHP-Crypto **Simple Galois LFSR, degree 7 (127 states m-sequence)** Used register bits for feedback : 7 6 Deducted Feedback function : 1100000 (0X60) Your initial state is : 00000000000000000000001110001100 (908) Let's now start the Linear Feedback Shift Register [Iteration] [-------Internal Register -------] [PRandom bit] | | | v v v 0 - 00000000000000000000001110001100 [ 0 ] 1 - 00000000000000000000000111000110 [ 0 ] 2 - 00000000000000000000000011100011 [ 1 ] 3 - 00000000000000000000000000010001 [ 1 ] 4 - 00000000000000000000000001101000 [ 0 ]
  • 38. LFSR example coded in PHP for ($i = 0; $i < count(self::POLYNOMIAL_PRIME_COEFF[$this->degree]); $i++) $this->taps[ ] = self::POLYNOMIAL_PRIME_COEFF[$this->degree][$i]; $this->ff |= (1 << self::POLYNOMIAL_PRIME_COEFF[$this->degree][$i]); } /* LFSR always has first and last bit set */ $this->ff |= 1 << ($this->degree); $this->ff |=1; do { $this->iterations++; $this->currentState >>= 1; /* Shift register */ yield $this->iterations => $this->currentState; if ($this->currentState & 1) { $this->currentState ^= $this->ff; /* re-enter */ } } while ($this->currentState != $this->start);
  • 39. Encryption with a LFSR ?  Pretty easy  Initialize LFSR with the secret key  Encrypt each clear digit with one digit generated from the LFSR using XOR operation  This is called a stream cipher  (bloc ciphers also exist)
  • 40. Stream Cipher demo  https://github.com/jpauli/PHP-Crypto
  • 41. Generating a random byte using an LFSR function getRandomByte(LFSR $lfsr) : int { $random = 0; $run = $lfsr->run(); for ($j=0; $j<8; $j++) { $random |= $lfsr->getCurrentBit() << $j; $run->next(); } return $random; }
  • 42. Ciphering clear data with the random byte function cipher(string $input) : string { $dataSize = strlen($input); $i = 0; $output = ''; $lfsr = new LFSR($this->degree, $this->seed); do { $random = $this->getRandomByte($lfsr); $data = unpack('C', $input[$i]); $output .= pack('C', $outputByte = $data[1] ^ $random); } while (++$i < $dataSize); return $output; } Yeah !
  • 43. Where are we ?  Vernam based cryptography is inviolable if :  The key is secret  The key size is >= the clear size  The key is random  The key is not reused
  • 44. Stream ciphers can be secure if  The key is secret  The feedback digits are kept secret  The period is big enough (m-sequence) to never loop  The attacker cannot access the input stream  If the attacker can inject some data into the clear input, a linear equation system can be used to crack the LFSR and deduce the key  This, with only 2n states  "Berlekamp-Massey attack"
  • 45. Having a good initialisation  Randomness will depend on how the key is used to initialize the LFSR in the stream cipher  The key is used to define the starting state of the LFSR  It can also be used to choose the feedback digits  The key is usually mixed with an initialization vector (IV), which is some piece of random bytes.  Thus, with the same key , the same LFSR will produce different output
  • 46. Hacking the encryption process  If the LFSR starts looping, its going to produce the same output (repeat itself) and thus doesn't satisfy Vernam conditions anymore  If the attacker can inject some input, he can use Berlekamp- Massey attack to crack the LFSR key and states
  • 47. How to strengthen the LFSR ?
  • 48. Strengthen the encryption  Branch several LFSR together : 1 01 10 1101 1 11 00 output
  • 49. Strengthen the encryption  Having several LFSR working together :  The loop is still linear  Thus can be cracked in polynomial time by injecting some traffic into the input  N-degree linear equation system  We push the time limit, only
  • 50. Application examples  Well-known LFSR XOR based encryption systems  (And how they've been hacked)
  • 51. Examples  Content Scrambling System (CSS)  DVD protection mechanism (from 1995)  Cracked in 1999 by hacking the LFSRs  Keys are cracked by injecting some input, watching the output and cracking the polynoms  DECSS is born, and movie piracy with it  Back then, less than 18 seconds were needed to a Pentium 3 @ 450Mhz to hack the LFSRs
  • 52. CSS
  • 53. DECSS  CSS keys are secret and distributed by DVDCCA to DVD- reader manufacturers  Keys are stored into the hardware (or soft for PC softwares)  Each device needs a key, this is costly  http://www.dvdcca.org/css.aspx  Hence, free world and Linux were forgotten from DVDCCA  The open/free world answered by cracking CSS  Lawsuits happened  Technical analysis of CSS :  http://www.lemuria.org/DeCSS/crypto.gq.nu/
  • 54. CSS and VLC  Since, DECSS code is embeded into VLC  In libdvdcss  http://git.videolan.org/?p=libdvdcss.git;a=blob;f=src/css.c;  This code is the algorithm to hack CSS protected DVDs, to read them under Linux  Hacking the LFSRs and the keys  Otherwise the stream is crypted and unreadable
  • 55.  LFSR cant be cryptographically secure, but we can still push the limits of the time needed to crack it  Time should be > brute force attack  If output is a linear function of the input, then it can be cracked  https://en.wikipedia.org/wiki/Correlation_attack  We need to have the output not being a linear function of the input.  Use a non-linear reentrancy function  NLFSR  Use a non-linear shift Strengthen the encryption
  • 57. Notes about Trivium  3 LFSR  A : 93 digits  B : 84 digits  C : 111 digits  On LFSR input depends on an other's output and one of its own digit  Period 2^64  Some of the output makes use of an AND  AND is a modulo-2 multiplication  Thus cryptanalysis of the output cant crack the LFSR in linear time anymore
  • 58. Using Trivium  80 digits IV  loaded in the A LFSR left digits  secret key of 80 digits as well  loaded in the B LFSR left digits  All other digits are zeroed.  We shuffle 1152 round times.  Starting from 1153th time : we got our stream
  • 59. Cracking Trivium  Today, no efficient attack has been discovered  We found algos in 2^68  Thus above brute force (2^64) , thus useless  As of today 2018, Trivium is recommanded by security experts
  • 60. A5/1
  • 61. A5/1  A5/1 makes use of 3 LFSR  19 / 22 / 23 digits  Introduces a non-linear shift :  LFSR are shifted only if it is in the MAJ(1,2,3) set
  • 62. A5/1  A5/1 is used to crypt GSM communications  It took about 10 years, but today A5/1 is broken  In an acceptable time  Under acceptable computing hardware (CPU/Mem)  Often still needs some specific hardware  Some flaws were found in the GSM protocols that weaken A5/1 and allow an attack
  • 63. RC4  Rivest Cipher 4 don't use LFSR, but still can be used as a pseudo random generator  The big picture of RC4 :  Byte based (unit is byte, not digit)  Works on a 256 bytes payload  Uses many permutations and one XOR only  Huge period, about 10^100  Depending on the key used  Max theoric period is : 2^170000
  • 64. RC4  We put 256 bytes into an array  We shuffle the array by adding bytes and swapping them  We get one byte from the array at indexes i and j  We shuffle 2 array slots, then i and j
  • 65. RC4
  • 66. RC4 , demo in PHP and C  https://github.com/jpauli/PHP-Crypto
  • 67. RC4 is cracked  As its been massively used since its creation (1987), RC4 has been cracked  Today, it is cracked. Flaws have been discovered  The first bytes leak some informations about the key  KSA (Key Scheduling Algo) is too weak  RC4 doesnt define how to use the IV  So weak usage started to appear (concatenation of IV with the key)  algo has some weaknesses  You can recognize RC4 from a P-random output stream
  • 68. RC4 in practice  RC4 was used in 802.11 WEP (Wired Equivalent Privacy).  WEP is very weak :  Ability to inject some trafic in input, and watch the output, thus hijacking the internal state of RC4  Control checksum are weak (CRC32 : which is linear)  Reusage of the key (overflow of the stream cipher period)
  • 70. Memorize  We talked about stream ciphers  There exists block ciphers  DES/AES/BlowFish/RC5  Every cipher uses the only 100% cryptographically secure Vernam one-time pad  A secret key  A key length >= the clear length  A modulo-2 addition (XOR in radix 2)
  • 71. Memorize  100% cryptographically secure Vernam one-time pad  A secret key  A key length >= the clear length  A modulo-2 addition (XOR in radix 2)  ... is difficult to gather in computer world  We then use compromises : LFSR f.e  From XOR operations, we try to push the limits so far that it goes over brute force time  But cryptanalysers often use high level math tools to try to hack such systems  Daniel J Bernstein should be the most known engineer about cryptanalysis
  • 72. Crypto using PHP ?  Don't use ext/mcrypt  Old, unmaintained, bugged and unsecure  Don't use mt_*() or rand() for crypto purposes  Use ext/hash if you need to hash  Use ext/sodium if you need to crypt  2018 crypto. secured stream ciphers :  trivium / salsa20 ...  Have a look at the "estream" project  http://www.ecrypt.eu.org/stream/
  • 73. Thank you for listening !