Cryptographic Attacks on Scrambled LZ-Compression and Arithmetic Coding

1
Cryptographic Attacks on Scrambled LZ-Compression
and Arithmetic Coding

• By
• 
  RAJBIR SINGH
• 
  BIKRAM KAHLON

2
Outline

• LZ Compression
• Arithmetic Coding
• Scrambled Input LZ Compression
• Scrambled Input Arithmetic Coding
• Attacks
• Conclusions
• References

3
LZ Compression

• Algorithm
• Find the longest substring in the codebook.
• Output its code.
• Append the very next character from the input and
  create a new codebook entry for the resulting
  string.
• Advance past the end of the substring just
  encoded.
• Until no more character.

4
LZ Compression

• Example
• abbaabbaababbaaaabaabba
• Dictionary

Index Entry Index Entry
0 1 2 3 4 5 6 a b ab bb ba aa abb 7 8 9 10 11 12 13 baa aba abba aaa aab baab bba
5
Scrambled LZ Compression

• Algorithm
• Initialize the pseudo random number generator
  with encryption key.
• Add null characters in dictionary.
• Shuffle the initial values of dictionary.
• Perform LZ Compression

6
Arithmetic Coding

• It takes a stream of input symbols and replaces
  it with a single floating point output number
  greater than 0 less than 1.
• Algorithm
• Set low to 0.0
• Set high to 1.0
• While there are still input symbols do
• Get an Input symbol
• Code_range high - low.
• high low rangehigh_range(symbol)
• low low rangelow_range(symbol)
• End of While
• Output low

7
Scrambled Arithmetic Coding

• Algorithm
• Initialize the pseudo random number with
  encryption key
• Shuffle the probability table
• Perform Arithmetic Coding

8
Ciphertext-Only Attack

• Attack model, in which access to a set of
  different ciphertexts is provided.
• Success If
• Plaintext corresponding to the ciphertext being
  analyzed.
• The encryption key is revealed.
• Any information about the plaintext pattern.

9
Chosen-Ciphertext Attack

• In this case, cryptanalyst chooses ciphertext of
  his choice.
• One of the ciphertext(LZ) taken for analysis
• ?    Ö    ?    r    ?    æ    ?        ?    Ç   
  ?      ?   ?    ?    ?        ?    m    ?   
  O    ?        ?        ?     -    ?       
  ?    ?    ?        ?    )    ?    ?    ?    x   
  ?

10
ADAPTIVE-CHOSEN-CIPHERTEXT ATTACK

• Attacker sends a number of cipher texts to be
  decrypted and use these decrypted cipher texts to
  select subsequent cipher texts.
• Most advanced version of cipher text attacks.

11
Linear Cryptanalysis

• A linear relation between bits of plaintext, the
  ciphertext and the bits of key is determined.
• The basic idea is to approximate the operation of
  the cipher with an expression that is linear.
• Xi1 Xi2 ..Xiu Yj1 Yj2 ..Yjv
  0                      
• where Xi represents the i-th bit of the input
  and
• Yj represents the j-th bit of the output and
• represents the exclusive-OR

12
Conclusions On LZ-Compression

• Null characters are part of cipher text, so its
  hard to distinguish between messages and null
  strings for traffic flow security.
• The same encoded strings even within same message
  bear no resemblance to each other i.e. output is
  completely random.
• A part of message can not be treated as separate
  and every part of message is completely dependant
  on what came prior to it.

13
Conclusions On LZ-Compression

• In case of linear attack on LZ compression, it
  involves big numbers for computation.
• For 1076 bytes or 210890 possible sequences will
  generate 29372 possible enciphering permutations.
  The number of possible permutations is huge and
  hides the plaintext.

14
Conclusions on Arithmetic Coding

• No two messages M M produce same ciphertext
  file.
• Arithmetic Coding does not use fixed codewords to
  represent symbols.
• A large keyspace i.e. around 2048 bit encryption
  key makes it difficult to attack the algorithms
  introduced by Dr. Wang.
• In case of linear attack, it requires 247
  known-plaintext blocks and will result in one key
  bit.

15
Chosen-Plaintext Attack

• A chosen-plaintext attack (CPA) is an attack
  model for cryptanalysis which presumes that the
  attacker has the capability to choose arbitrary
  plaintexts to be encrypted and obtain the
  corresponding cipher texts.

16
Adaptive Chosen-Plaintext Attacks

• This attack is similar to chosen-plaintext attack
  except that in this case, the cryptanalyst makes
  an nth query based on output of last (n-1)
  queries.

17
Differential Attacks

• In this kind of cryptanalysis, certain fixed
  differences between the plaintext and the cipher
  text are exploited till the last round of the
  cipher. Certain differences, called
  "characteristics," in plaintext pairs have a high
  probability of causing certain differences in the
  resulting cipher text pairs. To find the correct
  round key, simply collect enough guesses so that
  one sub key is suggested more often than all the
  others.

18
Conclusions

• Unicity Distance
• n H(K)/M - H(M)
• H (K) entropy of keys used in encryption
• M maximum possible entropy for the
  plaintext
• H (M) entropy of message

19
Conclusions

• Case1 Plaintext is ASCII characters
• Unicity Distance comes out to be 1432.16
  characters (very
  large).
• Case2 Plaintext is English Language
• Unicity Distance is 301.17 characters.
• HM is only value that changes.

20
Conclusions

• Large Keyspace 2048 bit encryption key.
• Cipher text Randomness.
• Regularities Reduction.
• Increased Entropy.
• Differential Attacks Impractical. For m
  chosen-plaintext pairs, the corresponding
  known-plaintext will need about 2w/2(2m1/2) known
  plaintexts (w is the block size (in bits)). With
  64-bit block using only eight chosen-plaintext
  pairs (very small number practically) ,the
  corresponding known-plaintext attack will require
  234 plaintext-cipher text pairs, a large number.
  On DES,1.5MB/Sec. data stream of plaintexts for
  three years to get the data. Less efficient than
  brute force in DES(255 v/s 255.1)

21
Conclusions

• According to sci.crypt FAQ strong encryption
  should have following characterstics
• Large keyspace.
• Reasonably Large unicity distance.
• Randomness in cipher text.
• Resistant to all known attacks.
• Dr. Wangs Algorithm is very strong and
  resistant to above defined attacks.

22
References

• Wang, Chung-E Research paper http//gaia.ecs.csus
  .edu/7Ewang/cbj.pdf
• Arithmetic Coding Source Code www.cipr.rpi.edu/w
  heeler/ac, accessed 12-07-06
• Dr. Dobbs Journal http//www.dogma.net/markn/art
  icles/arith/part1.htm, accessed 12-07-06
• Handbook of Applied Cryptography
  http//www.cacr.math.uwaterloo.ca/hac/about/chap1
  .pdf
• RSA Laboratories http//www.rsasecurity.com/rsala
  bs/node.asp?id2167, accessed 12-07-06
• Sci.Crypt FAQ http//www.contrib.andrew.cmu.edu/
  shadow/crypt.html, accessed 12-07-06

23

• ANY QUESTIONS???