uLS and SPA1

CollecLed from dlerenL sources on Lhe neL based

on our LexL book,
book by lorouzan (gures), and oLher sources.
!"#$%&!'%()*+$%,%'-&-'-".-%
8lock - key
Modern 8lock Clpher
1hree Cuesuons
1ransposluon
SubsuLuuon
C4: Lxplaln Lhe key slze
8emember
ermuLauon can essenually capLure Lhe
essence of full slze ! blL Lransposluon and
subsuLuuon
Pow abouL addlng more sLages?
Lssenually "!#$%&'(permuLauon
Muluple cascaded permuLauons can be
capLured ln a slngle permuLauon
ermuLauon group - composluon operauon
keyless Clphers
keyless 1ransposluon - 8oxes - hw
keyless Clphers
keyless 1ransposluon - 8oxes - sw
C3: WhaL are Lhese?
lnverublllLy
C6: Pow Lo lnverL a sLralghL 1u permuLauon
Lable? Lx: 6 3 4 3 2 1
C7: lnverublllLy of
xC8 (ldenuLy and lnverse) x one lnpuL - key
Clrcular Shl - Swap
ComplemenL
SpllL
S-8ox
SubsuLuuon unlL n x m
n and m could be dlerenL
Llnear and non llnear
lnveruble S 8ox
uluslon and Confuslon
A dlerenL Lake
uluslon hldes Lhe relauonshlp beLween
clpher LexL and plaln LexL
Confuslon hldes Lhe relauonshlp beLween
clpher LexL and Lhe key
lf a slngle blL ln Lhe plaln LexL ls changed,
lf a slngle blL ln key ls changed,
Several changes ln clpher LexL blLs
roducL Clpher
Confuslon - uluslon
llesLel and non llesLel
llesLel
8oLh lnveruble and non lnveruble componenLs
Self lnveruble, lnveruble, non lnveruble
uLS
non llesLel
Cnly lnveruble componenLs
ALS
uoes f(k) need Lo be lnveruble?
LxLenslon 1 - CompllcaLe f(k)
rove L4=L1 and 84=81
LxLenslon 2 - CorrecL 8lghL Wlng!
non llesLel Clpher
uld we see one already?
SLream Clpher
Pave we seen Lhls before?
leedback Shl 8eglsLer
Lxample
8y Lhe way, whaL ls uLS?
kC or SymmeLrlc key
8lock or SLream
llesLel or non llesLel
uLS
SLrucLure
lnslde look
key generauon
Why Lhls?
Analysls
Auacks
1973, 1973 - nlS1 / l8M / llS
1o SLudy
lnlual and llnal ermuLauons
WhaL happens ln each of Lhe 16 rounds?
key Cenerauon
from one 36 blL Lo slxLeen 48 blL
lnlual and llnal ermuLauons
16 llesLel 8ounds
1he uLS funcuon
Lxpanslon 8ox - Why?
xC8
Lxpanded 8lghL Palf xC8 8ound key
8oLh same slze - 48 blLs
uLS key generaLes 8ound key
8ound key used only here
LlghL 6 x 4 S boxes Confuslon
S1 box (Seven more llke Lhls)
C/ for 101101
SLralghL ermuLauon
uLS ls done!
uLS ls done!
key Cenerauon
SlxLeen 8ounds
48 blL keys needed ln each round
uLS ls a 36 blL clpher
64 blLs acLually glven of whlch 8 are parlLy blLs
See arlLy urop sllde
arlLy urop
8ound 1,2,9,16 clrcular le shl by 1 blL
All oLher rounds 2 blLs shl
Shl Le
key Compresslon
Muluple uLS - uouble and 1rlple uLS
8ead abouL Modes of Cperauon Secuon 3.3
uLS ls done, almosL!
ChapLers 18 and 19, nexL!
SPA 1
Pash funcuons
Pash Lable - daLa sLrucLure
8elauonshlp beLween hashlng and
crypLographlc hash
Message ulgesL, Check Sum .
luncuon from arblL lengLh Lo xed lengLh
roperues of prelmage reslsLanL, second
prelmage reslsLanL and colllslon reslsLanL
Appllcauons - password sLorlng, dlglLal
slgnaLure and soware dlsLrlbuuon
SPA 1
Mu4, Mu3
SPA 1
Colllslon ln SPA 1, Mu3 .
WhaL ls meanL by a 'securlLy' of a hash
algorlLhm? Cr
When ls a hash algorlLhm Lermed 'secure'?
SPA 1 preparuon
160 blL message dlgesL
lnpuL x any slze - buL converLed Lo ? a muluple of 312
Lach lnpuL blL should aecL as many ouLpuL blLs as posslble
! SPA-1-Au(x)
! |x| ! 2
64
- 1
! d " (447-|x|) mod 312
! l " Lhe blnary represenLauon of |x|, where |l| = 64
! y " x || 1 || 0
d
|| l (|y| ls muluple of 312)
Cperauons
8lLwlse Anu, C8, xC8
ComplemenL
Addluon ln Z
2
32
Clrcular Le Shl by 's' posluons
values lnluallzed
! k
L

3A827999 lf 0 ! L ! 19
6Lu9L8A1 lf 20 ! L ! 39
8l188CuC lf 40 ! L ! 39
CA62C1u6 lf 60 ! L ! 79
! f
L
(8,C,u) =
(8 # C) $ ((8) # u) lf 0 ! L ! 19
8 % C % u lf 20 ! L ! 39
(8 # C) $ (8 # u) $ (C # u) lf 40 ! L ! 39
8 % C % u lf 60 ! L ! 79
H
0
" 67452301,
H
1
" EFCDAB89,
H
2
" 98BADCFE,
H
3
" 10325476,
H
4
" C3D2E1F0
1he AlgorlLhm
&!' l " 1 )! n
denoLe M
l
= W
0
|| W
1
||..|| W
13
, where each W
l
ls a
word
&!' L " 16 )! 79
+! W
L
" 8C1L
1
(W
L-3
% W
L-8
% W
L-14
% W
L-16
)
A " P
0
, ,8 " P
1
, C " P
2
, u " P
3
, L " P
4

&!' L " 0 )! 79
Lemp " 8C1L
3
(A) + f
L
(8,C,u) + L +W
L
+ k
L
L"u, u"C, C"8C1L
30
(8), 8"A, A"Lemp
P
0
" P
0
+ A, P
1
" P
1
+ 8, P
2
" P
2
+ C,
P
3
" P
3
+ u, P
4
" P
4
+ L
/-)*'" (P
0
|| P
1
|| P
2
|| P
3
|| P
4
)