miércoles, 17 de octubre de 2012

Report 2


Hi, this is the report number 2, in past week we talked about the block ciphers.
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks, with an unvarying transformation that is specified by a symmetric key. Block ciphers are important elementary components in the design of many cryptographic protocols, and are widely used to implement encryption of bulk data.

When performing encryption, block cipher unit takes as input a block of plaintext (or light) and produces a block cipher of equal size. The exact transformation is controlled using a second input: the secret key provided by the user.

To perform the reverse process, decryption, entering a ciphertext block and produces original plaintext.

The block cipher encryption differs from the flow (stream ciphers) in that, in the latter, operates in individual digits one by one, and the processing varies during the encryption process.

The type of block that i chose is the Skipjack cypher.


Skiperjack origin

Skipjack was developed in the USA by the NSA (National Security Agency) initially for Clipper and Capstone chips. The design began in 1985 and completed its evaluation in 1990.

The purpose of Skipjack

The main purpose of skipjack is for militar application, Skipjack was used in hardware stuff (microchips).

Skipjack is a symmetric cipher using 64-bit blocks and a 80-bit key. It was used in the Clipper program (draft chip) but he had the key holder (key escrow) built (the keyring was part of the key exchange mechanism and no data encryption).

It is slower than Blowfish and AES any of the proposals, but still and is twice faster than DES 32-bit micros. It's fast when used in smart cards and efficient in hardware.

How Skipjack works (with example)

Ok, first, we are going to talk about the design principles:

-Symmetry in encryption & decryption, protects against choosen plaintext and chosen ciphertext attacks.

- Not too much Symmetry. Symmetry is broken with round counters. protects against symmetry based attacks.

- 80-bit Key. Effective size against differential & linear attacks.

Skipjack works with:

*64-bit block size and 80-bit key

*32 rounds , composed of round functions
*Two round functions RuleA, RuleB and their inverses (decryption)

Ok, let´s to see the Skipjack cipher operations (and decipher too).

W1 is the first quarter of the block, W2 is the second quarter and successively, it means each W has 16 bits,

Skipjack has 32 rounds. These rounds are of two types, A and B. A type A round proceeds as follows:

The first quarter of the block (called W1) is enciphered by the "G permutation", which is actually a four-round Feistel cipher. The result, and the round number (where round numbers go from 1 through 32), are XORed with the fourth quarter of the block (W4). Then each quarter of the block is moved to the next position; W1 to W2, W2 to W3, W3 to W4, and W4 back to W1.

A type B round proceeds as follows:
The second quarter of the block (W2) is XORed with the round number and the first quarter of the block (W1). Then the first quarter of the block is enciphered by the "G permutation". Again, each quarter of the block is moved to the next position; W1 to W2, W2 to W3, W3 to W4, and W4 back to W1.

The rotation of quarters of the block is not omitted after the last round. The 32 rounds of Skipjack consists of eight type A rounds, eight type B rounds, eight type A rounds, and eight type B rounds. Note that by having a type A round first, and a type B round last, the form of the first quarter on the "inside" is XORed with one of the other quarters in the first and last rounds.
Permutation G is a four-round Feistel cipher, involving dividing its 16-bit input into two 8-bit halves. Like DES, the left half of the block is not changed in each round, but acts as input to the f-function, the output of which is XORed to the right half. Unlike DES, the two halves are swapped after the last round (as the algorithm has only four rounds, all four iterations of the f-function can be illustrated, going alternately from right to left, and then from left to right; in that form, no swaps at all are required).

The f-function of the G permutation is as simple as one might expect for an f-function only 8 bits wide: the input is first XORed with the current round's subkey, and then the result is substituted according to a lookup table, called F.
The subkeys for G, each one byte long, are simply four consecutive bytes of the 80-bit key. The first four bytes are used in the first round, the next four bytes in the second, the last two bytes followed by the first two bytes in the third, and so on.

The images of the previous explanation are the following:

Rule A, and B previously commented, and A^-1, B^-1 (it means the inverse, decipher)

Permutations to cipher and decipher (G, and G^-1 )

Decipher (previous images illustrate the decryption too)

For decipherment, each round is replaced by a corresponding deciphering round, and these rounds are, of course, executed in the reverse of the enciphering order.
The deciphering equivalent of a type A round is as follows:
The first quarter, W1, is XORed with W2 and the round number (rounds now counting down from 32 to 1). Then the second quarter, W2, is subjected to the inverse of the G permutation. Then, each quarter is moved to the position of the preceding one; W1 to W4, W2 to W1, W3 to W2, and W4 to W3.
The deciphering equivalent of a type B round is the following:
The second quarter, W2, is subjected to the inverse of the G permutation. The third quarter, W3, is then XORed with the round number and the changed value of W2. Again, each quarter is moved to the position of the preceding one; W1 to W4, W2 to W1, W3 to W2, and W4 to W3.
The deciphering equivalent of the G permutation involves using the four subkeys in reverse order - and reversing the roles of the right and left halves of the 16-bit quarter block.

Attacks and vulnerabilities

Algorithm is a high risk, which means that there was a high risk that was committed. Therefore, it is unlikely that the NSA put in him their most secret designs.
It not takes a lot of time the key prepararación, the size of the key is small (80 bits).

Skipjack was declassified in order to facilitate finding private companies to manufacture devices using that algorithm for use by the U.S. Government. Some people have called attention to the fact that only a short time previously, government spokespersons were saying that the disclosure of that algorithm would harm national security.
However, I have noted that the inconsistency involved may be more apparent than real. Between the statements cited, and the declassification of Skipjack, a paper was published by an academic researcher noting that Feistel ciphers of a particular type, specifically those in which the f-function was itself a series of Feistel rounds, could be proven to be immune to differential cryptanalysis.
SKIPJACK, although not precisely of that type, is closely related: one of the four subblocks undergoes Feistel rounds, but in addition to the result being used, as an f-function output, on another subblock, the subblock is also retained in its modified state.

The book "Top Secret Intranet", reveals that SKIPJACK was considered adequate to safeguard information classified SECRET but not information classified TOP SECRET.


* Less diffusion in B rounds and A-1 rounds

* Bad interactions between the round-types
* A one bit difference in input to the F Table may cause a difference of only one bit in its output
* Eli Biham had shown an attack on 31 round skipjack using impossible differentials
* Less security margin

Some of code in Perl (obtained from this webpage: http://search.cpan.org/~jcduque/Crypt-Skipjack-1.0.2/Skipjack.pm
). It was not made for me, but if you want to study the code you can visit the webpage, it is more explicit in the webpage.


    use diagnostics;
    use strict;
    use warnings;
    use Crypt::Skipjack;

    # key must be 10 bytes long
    my $key = "0123456789";

    my $cipher = new Crypt::Skipjack $key;

    print "blocksize = ", $cipher->blocksize, " bytes \n";
    print "keysize = ", $cipher->keysize, " bytes \n";

    # block must be 8 bytes long
    my $plaintext1 = "abcdef01";

    my $ciphertext = $cipher->encrypt($plaintext1);
    my $plaintext2 = $cipher->decrypt($ciphertext);

    print "Decryption OK\n" if ($plaintext1 eq $plaintext2);


1 comentario:

  1. Faltó elaborar un ejemplo. La redacción en inglés está decente, por lo cual te pongo 6 de 7.