Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Российская криптография: блочные шифры и их режимы шифрования (Russian cryptography: block ciphers and modes of operation for them)

790 views

Published on

Небольшой рассказ об истории блочных шифров, ГОСТ 28147-89 и новом шифре Кузнечик.
Russian cryptography: block ciphers and modes of operation for them.

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Российская криптография: блочные шифры и их режимы шифрования (Russian cryptography: block ciphers and modes of operation for them)

  1. 1. Russian cryptography: block ciphers and modes of operation for them Borodin Mikhail Yekaterinburg, 2016
  2. 2. Contents • Block cipher • History of block ciphers • GOST 28147-89 • КузНечиК, Kuznyechik • Modes of operation for block ciphers
  3. 3. Block ciphers basic block cipher: a cipher that implements a reversible mapping of the set of plaintext blocks of the fixed length to the set of chiphertext blocks of the same length for any fixed key.
  4. 4. The NIST competition • provide a high level of security • be completely specified and easy to understand • be economically implementable in electronic devices • be available to all users • be efficient to use • be exportable The security of the algorithm must reside in the key; the security should not depend on the secrecy of the algorithm. The algorithm must:
  5. 5. The NIST competition, IBM «Lucifer» IBM Lucifer NIST NSA DES What is better?
  6. 6. DES 32-bit32-bit Li-1 Ri-1 Li Ri F+Ki 48-bit
  7. 7. The NIST competition, AES Main requirements: • block size of 128 bits • three key lengths: 128, 192 and 256 bits • free distribution Additional requirements: • easy hardware and software implementation of used operations • focus on 32-bit processors • simple cipher structure for cryptanalysis possibility.
  8. 8. AES, Rijndael Input 128-bit AddRoundKey SubBytes ShiftRows MixColumns AddRoundKey SubBytes ShiftRows AddRoundKey Output 128-bit Nr-1 Input 128-bit AddRoundKey InvSubBytes InvShiftRows InvMixColumns AddRoundKey InvShiftRows InvSubBytes AddRoundKey Output 128-bit Nr-1 Encryption Decryption
  9. 9. GOST 28147-89 Main characteristics: • block size of 64 bits • key length of 256 bits • based on Feistel network • unfixed 4-to-4-bit S-boxes • 32 rounds
  10. 10. GOST 28147-89 32-bit32-bit Li-1 Ri-1 Li Ri + <<<11 S-box F Ki 32-bit
  11. 11. GOST 28147-89
  12. 12. GOST 28147-89 Disadvantages: • small block length • there are theoretical attacks Advantages: • high-speed software and hardware implementations • there are compact implementation • the lack of practical attacks Features: • unfixed S-boxes • simple key schedule
  13. 13. GOST R 34.12-2015 Main characteristics: • block size of 128 bits • key length of 256 bits • based on SP-network • 8-to-8-bit S-box • recursive MDS-code «КузНечиК», Kuznyechik
  14. 14. Kuznyechik Input 128-bit X S L X Output 128-bit 9 Encryption Decryption Input 128-bit X Inv L Inv S X Output 128-bit 9
  15. 15. Kuznyechik, implementations Platform: i7-2600 @ 3.4GHz, Win7, Compiler VS2008 x64: • Encryption - 138 MB/sec (24 c/byte) • Decryption - 120 MB/sec (27 c/byte) NVIDIA GeForce GTX TITAN, CUDA-cores -2688, GPU memory – 6 GB, Intel Core i7-4770K: • Encryption - 5518 MB/sec
  16. 16. Modes of operation • Electronic Codebook, ECB • Counter, CTR • Output Feedback, OFB • Cipher Block Chaining, CBC • Cipher Feedback, CFB • Message Authentication Code algorithm
  17. 17. Padding Let 𝐫 = 𝑷 𝐦𝐨𝐝 𝐧. 1. 𝑃 = 𝑃, if 𝑟 = 0 𝑃||0 𝑛−𝑟 , else 2. 𝑃||1||0 𝑛−𝑟−1 3. 𝑃 = 𝑃, if 𝑟 = 0 𝑃||1||0 𝑛−𝑟−1 , else n-bit r-bitn-bit (n-r)-bit
  18. 18. Electronic Codebook, ECB
  19. 19. Counter, CTR
  20. 20. Output Feedback, OFB
  21. 21. Output Feedback, OFB
  22. 22. Cipher Block Chaining, CBC
  23. 23. Cipher Block Chaining, CBC
  24. 24. Cipher Feedback, CFB
  25. 25. Cipher Feedback, CFB
  26. 26. Message Authentication Code algorithm
  27. 27. Thank you for your attention!
  28. 28. • ГОСТ Р 34.12–2015 "Информационная технология. Криптографическая защита информации. Блочные шифры" • ГОСТ Р 34.13–2015 "Информационная технология. Криптографическая защита информации. Режимы работы блочных шифров" • FIPS PUB 46-3", Data Encryption Standard (DES)”, January 15, 1977, 1999 • ISO/IEC 18033-3:2010 Information technology – Security techniques – Encryption algorithms – Part 3: Block ciphers • Schneier B. Applied cryptography: protocols, algorithms, and source code in C. – john wiley & sons, 2007 • Бондаренко А., Маршалко Г., Шишкин В. ГОСТ Р 34.12–2015: чего ожидать от нового стандарта? // Information Security/ – 2015. – № 4. – С. 48–50 • http://competitions.cr.yp.to/aes.html • https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation • A. Poschmann, S. Ling, H. Wang, 256 bit standardized crypto for 650 GE – GOST revisited, CHES 2010, LNCS 6225, pp. 219-233, 2010 • С. Смышляев. Вопросы применимости российских криптоалгоритмов, events.yandex.ru/events/meetings/24-july-2015/ • T. Isobe. A Single-Key Attack on the Full GOST Block Cipher, LNCS v. 6733, p. 290–305. Springer, 2011 • М. А. Бородин, А. С. Рыбкин «Высокоскоростные программные реализации блочного шифра "Кузнечик"» Проблемы информационной безопасности. Компьютерные системы. - 2014. - № 3. - С. 67-73 • I. Dinur, O. Dunkelman, A. Shamir. Improved Attacks on Full GOST, eprint.iacr.org • D. Fomin, Implementation of an XSL block cipher with MDS-matrix liner transformation on NVIDIA CUDA. In 3rd Workshop on Current Trends in Cryptology (CTCrypt 2014) • D. Fomin, A timing attack on CUDA implementations of an AES-type block cipher, CTCrypr 2015 Preproceedings, Kazan, 2015.

×