1 / 8

Lect. 10 : Cryptanalysis

Lect. 10 : Cryptanalysis. K. K. Block Cipher – Attack Scenarios. Attacks on encryption schemes Ciphertext only attack : only ciphertexts are given Known plaintext attack : (plaintext, ciphertext) pairs are given Chosen plaintext attack : (chosen plaintext, corresponding ciphertext) pairs

katina
Télécharger la présentation

Lect. 10 : Cryptanalysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lect. 10 : Cryptanalysis

  2. K K Block Cipher – Attack Scenarios • Attacks on encryption schemes • Ciphertext only attack: only ciphertexts are given • Known plaintext attack: (plaintext, ciphertext) pairs are given • Chosen plaintext attack: (chosen plaintext, corresponding ciphertext) pairs • Adaptively chosen plaintext attack • Chosen ciphertext attack: (chosen ciphertext, corresponding plaintext) pairs • Adaptively chosen ciphertext attack E D Plaintext Ciphertext Plaintext Ciphertext Decryption Oracle Encryption Oracle

  3. Cryptanalysis of Block Ciphers • Statistical Cryptanalysis • Differential cryptanalysis (DC) • Linear Cryptanalysis (LC) • Various key schedule cryptanalysis • Algebraic Cryptanalysis • Interpolation attacks • Side Channel Cryptanalysis • timing attacks • differential fault analysis • differential power analysis, etc.

  4. Cryptanalysis of Block Ciphers - DC • Differential Cryptanalysis • E. Biham and A. Shamir : Crypto90, Crypto92 • Chosen plaintext attack, O(Breaking DES16 ~ 247) • Look for correlations in Round function input and output (DES : 247) • high-probability differentials, impossible differentials • truncated differentials, higher-order differentials * E.Biham, A. Shamir,”Differential Cryptanalysis of the Data Encryption Standard”, Springer-Verlag, 1993 Input difference X = X  X Statistically non-uniform probability distribution: higher prob. for some fixed pattern X & Y Prob. E K Y = Y  Y Output difference

  5. Cryptanalysis of Block Ciphers - LC • Linear Cryptanalysis • Matsui : Eurocrypt93, Crypto94 • Known Plaintext Attack, O(Breaking DES16) ~ 243 • Look for correlations between key and cipher input and output • linear approximation, non-linear approximation, • generalized I/O sums, partitioning cryptanalysis * M. Matsui, ”Linear Cryptanalysis Method for DES Cipher”, Proc. of Eurocrypt’93,LNCS765, pp.386-397 Input X Linear equation between some bits of X, Y and K may hold with higher prob. than others E K Output Y

  6. Other Attacks on Block Ciphers • Algebraic Cryptanalysis • deterministic/probabilistic interpolation attacks • Key Schedule Cryptanalysis • Look for correlations between key changes & cipher input/output • equivalent keys, weak or semi-weak keys • related key attacks • Side-Channel Cryptanalysis • timing attacks • differential fault analysis • differential power analysis, etc.

  7. Side Channel • Traditional Cryptographic Model vs. Side Channel Power Consumption / Timing / EM Emissions / Acoustic Attacker C=E(P,Ke) P=D(C,Kd) C E() D() P D Insecure channel Kd Ke Secure channel Key Radiation / Temperature / Power Supply / Clock Rate, etc.

  8. Model of Attack-Embedded security

More Related