Binary One-time Pad and Linear Feedback Shift...
-
Upload
nguyencong -
Category
Documents
-
view
221 -
download
4
Transcript of Binary One-time Pad and Linear Feedback Shift...
![Page 1: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/1.jpg)
Binary One-time Pad and
Linear Feedback Shift Registers
1
![Page 2: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/2.jpg)
Bob and Alice want to communicate in binary securely using the
same basic idea as a letter-based one-time pad. Eve is listening...
1101011110111... 10111010111...
2
![Page 3: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/3.jpg)
Setup: Alice and Bob agree on a common stream of bits k0, k1,
k2, . . .
Encipherment: To prepare binary plaintext x0, x1, x2, . . ., Alice
calculates ciphertext y0, y1, y2, . . . by
yi = (xi + ki) MOD 2, i = 0,1,2, . . .
Decipherment: To decipher received ciphertext y0, y1, y2, . . .,
Bob calculates plaintext x0, x1, x2, . . . by
xi = (yi + ki) MOD 2, i = 0,1,2, . . .
This works because a + b ≡ a − b (mod2) for all a and b (in
particular, a and b equaling 0 and 1.
3
![Page 4: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/4.jpg)
Example
With the key 11011101 11111011 10010011 01110000
encipher: P L A N
4
![Page 5: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/5.jpg)
Solution
ASCII for the plaintext: 80, 76, 65, 78
binary plain: 01010000 01001100 01000001 01001110key: 11011101 11111011 10010011 01110000
cipher: 10001101 10110111 11010010 00111110
ASCII ciphertext: 141, 183, 210, 62
5
![Page 6: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/6.jpg)
Example Decipher
10010101 10111110 11011111 00100000
which was enciphered with the key
11011101 11111011 10010011 01110000
and interpret result as four ASCII values
6
![Page 7: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/7.jpg)
Solution Add bits modulo 2:
cipher 10010101 10111110 11011111 00100000key 11011101 11111011 10010011 01110000
plain 01001000decoded
7
![Page 8: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/8.jpg)
Solution Add bits modulo 2:
cipher 10010101 10111110 11011111 00100000key 11011101 11111011 10010011 01110000
plain 01001000 01000101decoded
8
![Page 9: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/9.jpg)
Solution Add bits modulo 2:
cipher 10010101 10111110 11011111 00100000key 11011101 11111011 10010011 01110000
plain 01001000 01000101 01001100decoded
9
![Page 10: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/10.jpg)
Solution Add bits modulo 2:
cipher 10010101 10111110 11011111 00100000key 11011101 11111011 10010011 01110000
plain 01001000 01000101 01001100 01010000decoded
10
![Page 11: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/11.jpg)
Solution Add bits modulo 2:
cipher 10010101 10111110 11011111 00100000key 11011101 11111011 10010011 01110000
plain 01001000 01000101 01001100 01010000decoded H E L P
11
![Page 12: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/12.jpg)
A true binary one-time pad
was proved unbreakable in
Claude E. Shannon (1916-
2001), Communication The-
ory of Secrecy Systems, Bell
System Technical Journal,
1949.
Source: www-groups.dcs.st-and.ac.uk/~history/Mathematicians/Shannon.html
12
![Page 13: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/13.jpg)
Feedback Shift Registers
Feedback shift registers are circuits or programs that simulate
random streams of 0’s and 1’s. Output from these passes some
standard tests for randomness.
13
![Page 14: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/14.jpg)
Motivational illustration: Four neighbors have extablished a pat-
tern by which they leave their porch lights on at night:
Anne does what Barbara did the night before
Barbara does what Cathy did the night before
Cathy does what Denise did the night before
Denise leaves her light on if either Anne or Barbara (but not
both) left their’s on the night before; otherwise she leaves it
off
14
![Page 15: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/15.jpg)
On a particular night, Denise’s light was on, Cathy’s off, Bar-
bara’s off, and Anne’s off. Determine Anne’s pattern of porch
lighting on successive nights.
15
![Page 16: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/16.jpg)
Denise, Cathy, Barbara, and Anne’s porch-lighting scheme
A′ ← B
B′ ← C
C′ ← D
D′ ← (B + A) MOD 2
+
D ABC
with initial assignments
D = 1 C = 0 B = 0 A = 0
16
![Page 17: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/17.jpg)
t D C B A0 1 0 0 01 0 1 0 02 0 0 1 03 1 0 0 14 1 1 0 05 0 1 1 06 1 0 1 17 0 1 0 18 1 0 1 09 1 1 0 110 1 1 1 011 1 1 1 112 0 1 1 113 0 0 1 114 0 0 0 115 1 0 0 016 0 1 0 017 0 0 1 018 1 0 0 119 1 1 0 020 0 1 1 021 1 0 1 122 0 1 0 123 1 0 1 024 1 1 0 1
17
![Page 18: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/18.jpg)
The “random” pattern in column A begins repeating at t = 15.
18
![Page 19: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/19.jpg)
Generic linear feedback shift register (LFSR)
b′1 ← b2
b′2 ← b3...
b′n−1 ← bn
b′n ← (cnbn + cn−1bn−1 +
· · · + c2b2 + c1b1) MOD 2,
where
19
![Page 20: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/20.jpg)
• bn, bn−1, . . ., b2, b1 are variables taking value 0 or 1,
• cn, cn−1, . . ., c2, c1 are coefficients (constants, either 0 or 1)
chosen in advance,
• prime (′) indicates the updated value of the variable.
20
![Page 21: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/21.jpg)
Example
b′1 ← b2
b′2 ← b3
b′3 ← b4
b′4 ← b5
b′5 ← (0 · b5 + 1 · b4 +
0 · b3 + 1 · b2 + 1 · b1) MOD 2
+
b5 b2 b1b3b4
c1 = 1
c2 = 1c4 = 1
Initial values
b5 = 1 b4 = 0 b3 = 1 b2 = 0 b1 = 0
21
![Page 22: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/22.jpg)
Internal States of LFSR
b5 b4 b3 b2 b11 0 1 0 00 1 0 1 00 0 1 0 11 0 0 1 01 1 0 0 10 1 1 0 01 0 1 1 01 1 0 1 11 1 1 0 10 1 1 1 00 0 1 1 10 0 0 1 10 0 0 0 11 0 0 0 00 1 0 0 01 0 1 0 00 1 0 1 0
22
![Page 23: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/23.jpg)
Output (sequence from b1):
001010011011100 0010100110111000 . . .
This can be used as a key in a binary one-time pad.
23
![Page 24: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/24.jpg)
Feedback Shift Registers in Spreadsheet
1
23
456789
1 01 11 21 31 41 51 61 71 81 92 02 12 22 32 42 52 62 7
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z AA AB AC AD
Linear feedback shift register Nonlinear feedback shift register
1 0 0 0 0 1 0 0 0 1 1 0 1 0 0
1 1 0 0 0 1 1 0 0 0 1 1 0 1 01 1 1 0 0 1 1 1 0 0 0 1 1 0 10 1 1 1 0 0 1 1 1 0 0 0 1 1 01 0 1 1 1 1 0 1 1 1 1 0 0 1 11 1 0 1 1 1 1 0 1 1 0 1 0 0 10 1 1 0 1 0 1 1 0 1 0 0 1 0 00 0 1 1 0 0 0 1 1 0 1 0 0 1 01 0 0 1 1 1 0 0 1 1 1 1 0 0 10 1 0 0 1 0 1 0 0 1 1 1 1 0 01 0 1 0 0 1 0 1 0 0 0 1 1 1 00 1 0 1 0 0 1 0 1 0 1 0 1 1 10 0 1 0 1 0 0 1 0 1 0 1 0 1 10 0 0 1 0 0 0 0 1 0 0 0 1 0 10 0 0 0 1 0 0 0 0 1 0 0 0 1 01 0 0 0 0 1 0 0 0 0 1 0 0 0 11 1 0 0 0 1 1 0 0 0 0 1 0 0 01 1 1 0 0 1 1 1 0 0 1 0 1 0 00 1 1 1 0 0 1 1 1 0 1 1 0 1 01 0 1 1 1 1 0 1 1 1 0 1 1 0 11 1 0 1 1 1 1 0 1 1 0 0 1 1 00 1 1 0 1 0 1 1 0 1 1 0 0 1 10 0 1 1 0 0 0 1 1 0 0 1 0 0 11 0 0 1 1 1 0 0 1 1 0 0 1 0 00 1 0 0 1 0 1 0 0 1 1 0 0 1 0
=MOD(R3+T3*V3,2)
=B3
=C3
=D3
=E3
=MOD(B3+C3+E3,2)
24
![Page 25: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/25.jpg)
Cryptanalysis of LFSR
Example Suppose 1 1 0 1 0 1 1 0 is the output of a 4-bit LFSR.
What is the formula for the LFSR?
25
![Page 26: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/26.jpg)
Solution We can complete part of the “state table” and then
fill backward:
b4 b3 b2 b11 0 1 10 1 0 11 0 1 01 1 0 10 1 1 0
0 1 10 1
0
26
![Page 27: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/27.jpg)
The LFSR has the form
b′4 ← (c4b4 + c3b3 + c2b2 + c1b1) MOD 2,
where the c’s are unknown. The boxed values are produced
when b’s from the line above are substituted. This gives four
congruences in the four unknowns c1, c2, c3, and c4:
27
![Page 28: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/28.jpg)
c4 · 1 + c3 · 0 + c2 · 1 + c1 · 1 ≡ 0 (1)
c4 · 0 + c3 · 1 + c2 · 0 + c1 · 1 ≡ 1 (2)
c4 · 1 + c3 · 0 + c2 · 1 + c1 · 0 ≡ 1 (3)
c4 · 1 + c3 · 1 + c2 · 0 + c1 · 1 ≡ 0 (4)
These simplify to
c4 + c2 + c1 ≡ 0 (5)
c3 + c1 ≡ 1 (6)
c4 + c2 ≡ 1 (7)
c4 + c3 + c1 ≡ 0 (8)
28
![Page 29: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/29.jpg)
Add (5) and (7) to get
c1 ≡ 1
Substitute this into (6) to get
c3 ≡ 0.
Substitute these into (8) to get
c4 ≡ 1.
Substitute c4 into (7) to get
c2 ≡ 0.
29
![Page 30: Binary One-time Pad and Linear Feedback Shift Registerstbarr.net/invitationtocryptology/FeedbackSRSlides.pdf · 2. Setup: Alice and Bob agree on a common stream of bits k0, k1, k2,...](https://reader033.fdocuments.us/reader033/viewer/2022051405/5a9b47bc7f8b9ad96f8dfabe/html5/thumbnails/30.jpg)
Thus the LFSR is
b′4 ← (1 · b4 + 0 · b3 + 0 · b2 + 1 · b1) MOD 2
or
b′4 ← (b4 + b1) MOD 2
30