FNR: Arbitrary length small domain block cipher proposal Sashank Dara , Scott Fluhrer Cisco Systems Inc Bangalore
Jun 21, 2015
FNR: Arbitrary length small domain block cipher proposal Sashank Dara , Scott Fluhrer
Cisco Systems Inc
Bangalore
Motivation
¤ AES works on fixed length inputs (128 bits), needs padding for other lengths.
¤ Variable length block ciphers ¤ Well Defined lengths( Network Packets, Database columns)
¤ Storage Gains (Cloud storage would blow up with AES-128 for smaller data types say 32 bits)
¤ Aides in preserving Formats of the inputs ( IPv4 Addresses, Credit Card Numbers, MAC Addresses, Time Stamps)
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
Design Goals
¤ Variable Input lengths
¤ To be Practical and Secure
¤ Common Key Length for arbitrary input domains
¤ Secure Building Blocks (Feistel Networks, SPN’s)
¤ Leverage Hardware Support (Say INTEL’s AES-NI)
¤ Don’t re-invent the wheel
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
Prior Art
¤ Michael Luby and Charles Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal on Computing, 17(2):373{386, 1988.
¤ Mihir Bellare and Phillip Rogaway. On the construction of variable-input-length ciphers. In Fast Software Encryption, pages 231{244. Springer, 1999.
¤ Moni Naor and Omer Reingold. On the construction of pseudorandom permutations: Lubyrackoff revisited. Journal of Cryptology, 12(1):29{66, 1999.
¤ John Black and Phillip Rogaway. Ciphers with arbitrary finite domains. In Topics in CryptologyCT- RSA 2002, pages 114{130. Springer, 2002
¤ Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers. Format-preserving encryption. In Selected Areas in Cryptography, pages 295{312. Springer, 2009.
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
Feistel Networks
Example: DES is Feistel based AES is not Feistel based, it is SPN
Pseudo Random Function
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
Pair wise Independent Permutations
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
A family of functions F is a pairwise independent permutation if: 1. Each member of the family is itself a permutation, and 2. For any fixed A, B (with A≠B, and both from the input set of the
permutation), and f is a random member from the family F, then the pair f(A),f(B) is equi-distributed over all distinct pairs from the output range of the function.
Naor and Reingold’s (NR) Scheme
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
Pwip is defined over an Affine function
y = aX +b where a,b in GF(2^n) Difficult to define GF(2^n) for variable lengths in practice Results in Complex Implementations
Flexible Naor and Reingold’s (FNR)
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
Pair wise Independence Based on (Invertible) Matrices
FNR’s Details
¤ Tweakable Variable Length Block Cipher (Precisely)
¤ Matrix Operations to be performed in GF(2)
¤ Number of Round functions is 7 (Pararin’s proof)
¤ Internal PRF is AES in ECB mode (Leverage AES-NI) ¤ To ensure input to PRF is unique we use a round constant
along with tweak string
FNR’s Security Measure
¤ The probability that an attacker can distinguish a cipher text from random text.
¤ Due to Naor and Reingold’s proof, using PWIP functions would result in a security measure as defined below
¤ Classic Feistel networks without PWIP would have as below
¤ Where r is round count, n is number of input bits, m is Number of pairs of plain text, cipher text needed by attacker to
Format Preserving encryption (FPE)
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
Samples
Ranking Approach
FPE examples with FNR
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
Performance of FNR
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
IP Addresses Credit Card Numbers
Conclusions and Future work
¤ Proposed a variable length block cipher
¤ Practical and based on secure building blocks
¤ Source code is released under LGPL-v2
¤ Future Work ¤ Exhaustive Cryptanalysis (theoretical and practical)
¤ Support more applications and formats like MAC Addresses, Time Stamps
Resources
¤ Specification ¤ https://eprint.iacr.org/2014/421
¤ Motivation and Applications ¤ http://cisco.github.io/libfnr/
¤ Source code ¤ https://github.com/cisco/libfnr ¤ https://github.com/cisco/jfnr (Java bindings)
¤ Reach out to for questions ¤ [email protected]
Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)