Stream Cipher

1
Stream Cipher
2
Stream Cipher

• A stream cipher breaks the message M into
  successive characters or bits m1, m2, ..., and
  enciphers each mi with the ith element ki of a
  key stream Kk1k2... that is,
• EK(M)Ek1(m1)Ek2(m2)...

3
Periodic

• A stream cipher is periodic if the key stream
  repeats after d characters for some fixed d
  otherwise, it is nonperiodic.
• Periodic
• Rotor cipher, Hagelin cipher
• Nonperiodic
• Vernam cipher (one-time pad), running-key cipher

4
Stream Cipher

• Two different approaches
• synchronous methods
• self-synchronous methods

5
Synchronous Stream Cipher

• The key stream is generated independently of the
  message stream.
• If a ciphertext character is lost during
  transmission, the sender and receiver must
  resynchronize their key generators before they
  can proceed further.

6
Synchronous Stream Cipher

• Must ensure no part of the key stream is repeated
• Linear Feedback Shift Registers
• Output-block Feedback Mode
• Counter Method

7
Example of SSC
8
Self-synchronous Methods

• Each key character is derived from a fixed number
  n of preceding ciphertext characters.
• If a ciphertext character is lost or altered
  during transmission, the error propagates forward
  for n characters, but the cipher resynchronizes
  by itself after n correct ciphertext character
  have been received.
• Autokey cipher and Cipher Feedback Mode (CFM)
• Nonperiodic.

9
Example of Self-synchronous
10
Error Handling

• If errors are propagated by the decryption
  algorithm, applying error detecting codes before
  encryption provides a mechanism for authenticity.

11
Synchronous Stream Cipher

• key stream is generated independently of the
  message stream
• key stream must deterministic so the stream can
  be reproduced for decipherment.
• How to generate a random key stream?
• The starting stage of the key generator is
  initialized by a seed I0.

12
Stream Cipher

• Stream ciphers are often breakable if the key
  stream repeats or has redundancy.
• To be un breakable, it must be a random sequence
  as long as the plaintext.
• Each element in the key alphabet should be
  uniformly distributed over the key stream, and
  there should be no long repeated subsequences or
  other patterns.
• No finite algorithm can generate truly random
  sequences.

13
LFSR

• LFSR (Linear Feedback Shift Register)
• shift register R(rn, rn-1, ..., r1)
• tap sequence T(tn, tn-1, ..., t1)
• ti and ri are binary digit
• bit r1 is appended to the key stream,
• bits rn, ...,r2 are shifted right
• a new bit derived from T and R is inserted into
  the left end of the register.

14
LFSR

• Letting R(rn, rn-1, ... r1) denote the next
  state of R, we see that the computation of R is
  thus
• riri1 i1,...,n-1
• rnTR?ni1tiri mod 2
• RHR mod 2, where H is the nxn matrix.
• T(x)tnxn tn-1xn-1 ... t1x 1
• ?T(x)?????(primitive polynomial)?????2n-1?sequenc
  e.

15
LFSR
16
LFSR
17
Example of LFSR
18
Example of LFSR
19
Example of LFSR
20
Example of LFSR
21
LFSR

• The feedback loop attempts to simulate a one-time
  pad by transforming a short key I0 into a long
  pseudo-random sequence K.
• Unfortunately, the result is a poor approximation
  of the one-time pad.

22
Example of LFSR
23
Cryptanalysis of LFSR

• Known-plaintext attack
• 2n pairs of plaintext-ciphertext pairs
• Mm1...m2n, Cc1...c2n
• mi?cimi ? (mi ? ki)ki, i1,...,2n

24
Cryptanalysis of LFSR
25
Output-Block Feedback Mode

• weakness of LFSR is caused by the linearity of
  RHR mod 2
• Nonlinear block ciphers such as the DES seem to
  be good candidates for this.

26
Output-block Feedback Mode
27
Counter Method

• Successive input blocks are generated by a simple
  counter.
• It is possible to generate the ith key character
  ki without generating the first i-1 key
  characters by setting the counter to I0 i 1

28
Counter Method
29
Self-Synchronous Stream Cipher

• A Self-synchronous stream cipher derives each key
  character from a fixed number n of preceding
  ciphertext characters.
• Autokey Cipher and Cipher Feedback

30
Autokey Cipher

• An autokey cipher is one in which the key is
  derived from the message it enciphers.
• In Vigenere first cipher, the key is formed by
  appending the plaintext M m1m2... to a priming
  key character k1 the ith key character (igt1) is
  thus given by kimi-1.

31
Autokey Cipher

• In Vigenere second cipher, the key is formed by
  appending each character of the ciphertext to the
  priming key k1 that is, kici-1 (i gt 1)

32
(No Transcript)
33
Aotukey Cipher

• ??it exposes the key in the ciphertext stream
• This problem is easily remedied by passing the
  ciphertext characters through a nonlinear block
  cipher to derive the key characters.
• Cipher Feedback mode (CFM)

34
Cipher Feedback mode (CFM)

• The ciphertext characters participate in the
  feedback loop.
• It is sometimes called changing, because each
  ciphertext character is functionally dependent on
  (chained to) preceding ciphertext characters.

35
Example of CFM
36
?????

• LFSR
• ???????
• ????????
• ???????
• ???????
• ?????
• ?????
• ?????
• ???

37
LFSR
38
???????

• xiaxi-1 b (mod m)
• x0???
• a, b, m ?KEY
• ??
• gcd(b,m)1
• ????????M???p??,ba-1???p ????
• IF 4m then 4b
• ??????????

39
????????
40
???????
41
???????????

• ????????????
• ???
• ?????(Unpredictable)
• ???
• Chi-Square ???
• Kolmogorov-Smirnov(KS)???

42
Chi-Square ???
43

44
????