Date post: | 16-Jan-2017 |
Category: |
Technology |
Upload: | advanced-monitoring |
View: | 337 times |
Download: | 1 times |
Russian cryptography: block ciphers and modes of operation for them
Borodin Mikhail Yekaterinburg, 2016
Contents
• Block cipher
• History of block ciphers
• GOST 28147-89
• КузНечиК, Kuznyechik
• Modes of operation for block ciphers
Block ciphers
basic block cipher: a cipher that implements a reversible mapping of the set of plaintext blocks of the fixed length to the set of chiphertext blocks of the same length for any fixed key.
The NIST competition
• provide a high level of security
• be completely specified and easy to understand
• be economically implementable in electronic devices
• be available to all users
• be efficient to use
• be exportable
The security of the algorithm must reside in the key; the security should not depend on the secrecy of the algorithm.
The algorithm must:
The NIST competition, AES
Main requirements: • block size of 128 bits • three key lengths: 128, 192 and 256 bits • free distribution
Additional requirements: • easy hardware and software implementation of
used operations • focus on 32-bit processors • simple cipher structure for cryptanalysis
possibility.
AES, Rijndael Input 128-bit
AddRoundKey
SubBytes
ShiftRows
MixColumns
AddRoundKey
SubBytes
ShiftRows
AddRoundKey
Output 128-bit
Nr-
1
Input 128-bit
AddRoundKey
InvSubBytes
InvShiftRows
InvMixColumns
AddRoundKey
InvShiftRows
InvSubBytes
AddRoundKey
Output 128-bit
Nr-
1
Encryption Decryption
GOST 28147-89
Main characteristics: • block size of 64 bits
• key length of 256 bits
• based on Feistel network
• unfixed 4-to-4-bit S-boxes
• 32 rounds
GOST 28147-89
Disadvantages: • small block length
• there are theoretical attacks
Advantages: • high-speed software and
hardware implementations
• there are compact implementation
• the lack of practical attacks Features: • unfixed S-boxes
• simple key schedule
GOST R 34.12-2015
Main characteristics: • block size of 128 bits
• key length of 256 bits
• based on SP-network
• 8-to-8-bit S-box
• recursive MDS-code
«КузНечиК», Kuznyechik
Kuznyechik
Input 128-bit
X
S
L
X
Output 128-bit
9
Encryption DecryptionInput 128-bit
X
Inv L
Inv S
X
Output 128-bit
9
Kuznyechik, implementations
Platform: i7-2600 @ 3.4GHz, Win7, Compiler VS2008 x64:
• Encryption - 138 MB/sec (24 c/byte)
• Decryption - 120 MB/sec (27 c/byte)
NVIDIA GeForce GTX TITAN, CUDA-cores -2688, GPU memory – 6 GB, Intel Core i7-4770K:
• Encryption - 5518 MB/sec
Modes of operation
• Electronic Codebook, ECB
• Counter, CTR
• Output Feedback, OFB
• Cipher Block Chaining, CBC
• Cipher Feedback, CFB
• Message Authentication Code algorithm
Padding
Let 𝐫 = 𝑷 𝐦𝐨𝐝 𝐧.
1. 𝑃 = 𝑃, if 𝑟 = 0 𝑃||0𝑛−𝑟 , else
2. 𝑃||1||0𝑛−𝑟−1
3. 𝑃 = 𝑃, if 𝑟 = 0
𝑃||1||0𝑛−𝑟−1, else
n-bit r-bitn-bit (n-r)-bit
• ГОСТ Р 34.12–2015 "Информационная технология. Криптографическая защита информации. Блочные шифры"
• ГОСТ Р 34.13–2015 "Информационная технология. Криптографическая защита информации. Режимы работы блочных шифров"
• FIPS PUB 46-3", Data Encryption Standard (DES)”, January 15, 1977, 1999
• ISO/IEC 18033-3:2010 Information technology – Security techniques – Encryption algorithms – Part 3: Block ciphers
• Schneier B. Applied cryptography: protocols, algorithms, and source code in C. – john wiley & sons, 2007
• Бондаренко А., Маршалко Г., Шишкин В. ГОСТ Р 34.12–2015: чего ожидать от нового стандарта? // Information Security/ – 2015. – № 4. – С. 48–50
• http://competitions.cr.yp.to/aes.html
• https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
• A. Poschmann, S. Ling, H. Wang, 256 bit standardized crypto for 650 GE – GOST revisited, CHES 2010, LNCS 6225, pp. 219-233, 2010
• С. Смышляев. Вопросы применимости российских криптоалгоритмов, events.yandex.ru/events/meetings/24-july-2015/
• T. Isobe. A Single-Key Attack on the Full GOST Block Cipher, LNCS v. 6733, p. 290–305. Springer, 2011
• М. А. Бородин, А. С. Рыбкин «Высокоскоростные программные реализации блочного шифра "Кузнечик"» Проблемы информационной безопасности. Компьютерные системы. - 2014. - № 3. - С. 67-73
• I. Dinur, O. Dunkelman, A. Shamir. Improved Attacks on Full GOST, eprint.iacr.org
• D. Fomin, Implementation of an XSL block cipher with MDS-matrix liner transformation on NVIDIA CUDA. In 3rd Workshop on Current Trends in Cryptology (CTCrypt 2014)
• D. Fomin, A timing attack on CUDA implementations of an AES-type block cipher, CTCrypr 2015 Preproceedings, Kazan, 2015.