PANAMA, MUGI & MULTI-S01 Cipher - PowerPoint PPT Presentation

About This Presentation
Title:

PANAMA, MUGI & MULTI-S01 Cipher

Description:

about PANAMA, MUGI & MULTI-S01 Cipher – PowerPoint PPT presentation

Number of Views:69
Slides: 27
Provided by: karunakarsaroj
Category: Other
Tags:

less

Transcript and Presenter's Notes

Title: PANAMA, MUGI & MULTI-S01 Cipher


1
PANAMA, MUGI MULTI-S01 Cipher
  • Karunakar Saroj
  • M.Tech
  • IIT PATNA

2
PANAMA
  • Designed by Joan Daemen and Craig Clapp
  • It can used as hash function and stream cipher.
  • The designers of Panama did not fasten upon the
    design using linear feedback shift registers
    (LFSR), which were mainstream in the design of
    stream ciphers, but the principle design of block
    ciphers. This implies the evaluation techniques
    are applicable to Panama. Furthermore its design
    strategy is simple and has generality. So we can
    design a PRNG similar to Panama. On the other
    hand the design of Panama is unprecedented so
    that the security of Panama is not evaluated
    enough at present.
  • Typical application of PANAMA-
  • Encryption decryption of video rate data in
    conditional access application eg. Pay TV, set
    top box
  • Stream cipher MULTI-S01 cipher uses Panama
    output as the keystream for a block-based
    chaining operation which provides a message
    integrity check.

3
Design Principle
  • Composed of 273 unit each 32-bit words
  • Based on finite state machine with state a (NFSR)
    and buffer b (LFSR).
  • a has 17 unit (a0a16), each 32 bit so total 17
    32 544 bits.
  • b has 8 unit (b0b7) with 32 stages, each 32 bit
    so total 8 32 32 8192 bits.
  • Its updates by performing an iteration.
  • Structure of PANAMA Internal state (a,b)
    Update function (?,?)
  • Mode for PANAMA-
  • Reset- State buffer are set to 0.
  • Push- inject an input generate no output.
  • Pull- no input generate an output.

4
(No Transcript)
5
Buffer collisions
6
Components of PANAMA
  • State updating transformation-
  • ? denotes the associative composition of
    transformation.
  • s corresponds with bitwise addition of buffer
    and input words c s (a)
  • ? is invertible liner transformation
  • p is permutation combines cycle word shift and
    permutation of word position
  • ? is invertible nonlinear transformation

7
State updating transformation-
8
Push (above) and Pull (below) mode-
9
Observations on the design of PANAMA
  • Length of the chaining variable The chaining
    variable corresponds to the internal state and
    buffer, with a total length of 54481928736
    bits. The hash result is only 256 bits long.
  • Nature of the iteration function Iteration
    function, used to update the state and buffer,
    has a parallel (rather than a sequential)
    structure for each of the transformations ?, p,
    ? and s the seventeen state words a0 to a16 can
    in principle be updated in parallel.
  • Presence of an output transformation Panama
    first processes all message blocks using the
    iteration function in push mode, and then applies
    33 extra iterations in pull mode, which form an
    output transformation mapping the value of the
    chaining variable (state and buffer) to the hash
    result (part of the final state).

10
PANAMA Hash Function-
  • Maps a message of arbitrary length M to a hash
    result of 256 bit.
  • Executed in 2 phases-
  • Padding - convert M into M in a length
    multiple of 256 by appending a single one
    followed by number b of zero bits.
  • Iteration- Input sequence of M P1, P2, PV
    loaded into PANAMA module.

11
PANAMA stream encryption scheme-
  • Initialized by first loading the 256 bit key K,
    256 bit diversification parameter Q and
    performing 32 additional blank pull iteration
  • During keystream generation an 8 word block z is
    delivered at the output for each iteration.

12
PANAMA -Key Stream Generator (KSG)
13
Difference propagation in buffer of PANAMA-
14
Difference between PANAMA and MUGI-
  • The MUGI design aims to achieve the following two
    points
  • Efficiency in hardware implementations.
    Particularly a gate efficient implementation must
    be possible.
  • To make evaluation easier than Panama.
  • To achieve these properties, the basic data size
    is decreased from 256-bit to 64-bit. And an 8-bit
    substitution table is adopted to improve the
    security of ? In addition, an extended Feistel
    network is adopted in ? instead of a simple
    SPN-structure, in order to simplify the
    evaluation.
  • MUGI is more efficient.
  • 256 bits KS at every step in PANANMA, 64 bit KS
    at each step of MUGI.
  • PANAMA does not use the keystream output for any
    feedback, whereas MUGI uses all the output as
    feedback into the next nonlinear stage.
  • PANAMA has much more state memory than MUGI.
  • PANAMA may be more secure than MUGI.

15
Difference between PANAMA and MUGI-
MUGI PANAMA
State a has 3 unit buffer b has 16 unit State a has 17 unit buffer b has 8 unit, with 32 stages
Each unit is 64 bit Each unit is 32 bit
evaluation easier than Panama
suitable both in software and hardware implementations.
PANAMA has more state memory than MUGI. These serious structural differences indicate that PANAMA more secure than MUGI.
16
Security of KSG
  • The security of KSG is reduced to the
    relationship between input and output bits (or
    relationship between output bits).
  • All attacks to KSG that improve over exhaustive
    key search and over exhaustive search over the
    internal state use some of these relationships
    and guess the internal state.
  • We consider the possibility that the attacker can
    observe any kind of relationship, i.e. the
    condition that the attacker can observe some
    deviation between input and output bits (or
    between only output bits) is identified with the
    success of the attack, even if the attacker
    cannot get any information about the internal
    state.
  • The relationship mentioned above is divided into
    three cases as follows

17
  • Randomness. An attacker fixes a secret key and an
    initial vector, and then he observes the relation
    in the output sequence.
  • Re-synchronization attack. An attacker fixes a
    secret key, and then he observes the relation
    between initial vectors and output sequences.
  • Related-key. An attacker fixes an initial vector,
    and then he observes the relation between keys
    and output sequences. The related-key attack
    includes observing the relation between keys and
    initial vectors.

18
Similarity between PANAMA MUGI-
19
  • Both ciphers employ a design of two finite state
    machines that interact. One of these is a linear
    device and the other is nonlinear.
  • The output of both ciphers is taken from the
    output of the nonlinear section.
  • (S,F, f) which consists of an internal state S,
    its update function F, and the output filter f
    which abstracts the output sequence from the
    internal state S.

20
Alternative View of MUGI -
21
  • MUGI has a 1216-bit internal state and uses a key
    of 128 bits.
  • B lfsr, a nfsr

22
Brief overview on MULTI S01
  • MULTI-S01 cipher is an entire message encryption
    algorithm . A new key is used for every new
    message. The encryption process can be outlined
    as follows.
  • 1. Create the key material (A, all Bi and S) by
    running Panama on the combination of key K and
    diversification parameter Q.
  • 2. Pad the message to a multiple of 64 bits using
    standard means. Then append two blocks with key
    and redundancy data.
  • 3. Encrypt block i by XOR with 64-bits of
    Panama output Bi. Store this as Fi
  • 4. Multiply each block by the 64-bit value A,
    using the designated finite field.
  • 5. XOR Fi-1 by the result of (b) to make
    ciphertext block i.

23
Cont
  • The security claims of MULTI-S01
  • 1. achieves high security of data
    confidentiality, assuming a secure PRNG.
  • 2. high security of data integrity
  • 3. an attacker cannot determine any part of PRNG
    output just from known plaintexts.
  • The performance claims of MULTI-S01
  • 1. operates faster than encryption algorithms
    based on block ciphers.
  • 2. pre-computation of the random sequence is easy
    to do.

24
  • Flaws have been found in MULTI-S01
  • FLAW 1 Lacks Robustness
  • The security claims, while strictly true, are not
    robust in that they fail to be true under a minor
    violation of the key management rules. It is
    vitally important that implementations of
    MULTI-S01 adhere strictly to the key management
    rules that require a new key to be used for every
    encryption.
  • FLAW 2 Attacks on integrity check
  • With knowledge of the key, it is a simple task
    for an insider to find two messages which produce
    the same integrity check. This is a serious flaw
    in integrity check mechanism.
  • Due to these two flaws, especially Flaw 2, the
    evaluators would not recommend the adoption of
    MULTI-S01 Algorithm as a standard .

25
(No Transcript)
26
References
  • Joan Daemen, Craig Clapp Fast Hashing and Stream
    Encryption with PANAMA
  • Bill Millan, Gary Carter Evaluation of
    MULTI-S01
  • Dai Watanabe Soichi Furuya, Hirotaka
    Yoshida,Kazuo Takaragi, and Bart Preneel A New
    Keystream Generator MUGI
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "PANAMA, MUGI & MULTI-S01 Cipher" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!