Random Number Generation and Stream Cipher GOUTAM P AUL Asst. Professor Department of Computer Science & Engineering Jadavpur University, Kolkata. July 16, 2011 Tutorial Workshop on Cryptology (Jointly organized by: CU & Centre of Excellence in Cryptology, ISI) Rajabazar Science College Campus, University of Calcutta, India.
194
Embed
Random Number Generation and Stream Cipher Random Number...Random Number Generation and Stream Cipher GOUTAM PAUL Asst. Professor Department of Computer Science & Engineering Jadavpur
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Random Number Generation andStream Cipher
GOUTAM PAUL
Asst. ProfessorDepartment of Computer Science & Engineering
Jadavpur University, Kolkata.
July 16, 2011
Tutorial Workshop on Cryptology(Jointly organized by: CU & Centre of Excellence in Cryptology, ISI)Rajabazar Science College Campus, University of Calcutta, India.
Checking that each symbol occurs with equalfrequency.For a binary string, proportion of 0’s and 1’s shouldbe 0.5 each.Can be generalized to n-gram frequencies.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 6 of 51
Checking that each symbol occurs with equalfrequency.For a binary string, proportion of 0’s and 1’s shouldbe 0.5 each.Can be generalized to n-gram frequencies.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 6 of 51
Correlation between two sequences/processes givesa measure of similarity between them.Autocorrelation: correlation between themeasurements of the same process at two differentinstances of time.If random, such autocorrelations should be near zerofor any and all time-lag separations.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 9 of 51
Correlation between two sequences/processes givesa measure of similarity between them.
Autocorrelation: correlation between themeasurements of the same process at two differentinstances of time.If random, such autocorrelations should be near zerofor any and all time-lag separations.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 9 of 51
Correlation between two sequences/processes givesa measure of similarity between them.Autocorrelation: correlation between themeasurements of the same process at two differentinstances of time.
If random, such autocorrelations should be near zerofor any and all time-lag separations.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 9 of 51
Correlation between two sequences/processes givesa measure of similarity between them.Autocorrelation: correlation between themeasurements of the same process at two differentinstances of time.If random, such autocorrelations should be near zerofor any and all time-lag separations.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 9 of 51
Natural Random Number GeneratorsPseudo-Random Number Generators
Necessity
One Time Pad requires a long stream of random bits.Other cryptographic schemes also require randomnumbers as keys.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 17 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Necessity
One Time Pad requires a long stream of random bits.
Other cryptographic schemes also require randomnumbers as keys.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 17 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Necessity
One Time Pad requires a long stream of random bits.Other cryptographic schemes also require randomnumbers as keys.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 17 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
One option: Natural Randomness
Thermal noise from a semiconductor resistor.Atmospheric noise.Quantum-mechanical phenomena.Tossing a coin.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 18 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
One option: Natural Randomness
Thermal noise from a semiconductor resistor.
Atmospheric noise.Quantum-mechanical phenomena.Tossing a coin.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 18 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
One option: Natural Randomness
Thermal noise from a semiconductor resistor.Atmospheric noise.
Quantum-mechanical phenomena.Tossing a coin.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 18 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
One option: Natural Randomness
Thermal noise from a semiconductor resistor.Atmospheric noise.Quantum-mechanical phenomena.
Tossing a coin.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 18 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
One option: Natural Randomness
Thermal noise from a semiconductor resistor.Atmospheric noise.Quantum-mechanical phenomena.Tossing a coin.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 18 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Why Natural Randomness is not useful?
Difficulty of sampling.Difficulty of synchronizing when the sender and thereceiver are far apart.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 19 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Why Natural Randomness is not useful?
Difficulty of sampling.
Difficulty of synchronizing when the sender and thereceiver are far apart.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 19 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Why Natural Randomness is not useful?
Difficulty of sampling.Difficulty of synchronizing when the sender and thereceiver are far apart.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 19 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Pragmatic Solution
A Finite State Machine.A seed (called the secret key) characterizes the initialstate.Same seed generates the same output sequence.Seed can be shared between the sender and thereceiver.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 20 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Pragmatic Solution
A Finite State Machine.
A seed (called the secret key) characterizes the initialstate.Same seed generates the same output sequence.Seed can be shared between the sender and thereceiver.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 20 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Pragmatic Solution
A Finite State Machine.A seed (called the secret key) characterizes the initialstate.
Same seed generates the same output sequence.Seed can be shared between the sender and thereceiver.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 20 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Pragmatic Solution
A Finite State Machine.A seed (called the secret key) characterizes the initialstate.Same seed generates the same output sequence.
Seed can be shared between the sender and thereceiver.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 20 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Pragmatic Solution
A Finite State Machine.A seed (called the secret key) characterizes the initialstate.Same seed generates the same output sequence.Seed can be shared between the sender and thereceiver.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 20 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Inherent Limitations
Each state transition of the FSM gives one newoutput.FSM has finite no. of states.So the output sequence must have a period.One Time Pad cannot be realized in practice.Goal: short seed, but long keystream.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 21 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Inherent Limitations
Each state transition of the FSM gives one newoutput.
FSM has finite no. of states.So the output sequence must have a period.One Time Pad cannot be realized in practice.Goal: short seed, but long keystream.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 21 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Inherent Limitations
Each state transition of the FSM gives one newoutput.FSM has finite no. of states.
So the output sequence must have a period.One Time Pad cannot be realized in practice.Goal: short seed, but long keystream.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 21 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Inherent Limitations
Each state transition of the FSM gives one newoutput.FSM has finite no. of states.So the output sequence must have a period.
One Time Pad cannot be realized in practice.Goal: short seed, but long keystream.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 21 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Inherent Limitations
Each state transition of the FSM gives one newoutput.FSM has finite no. of states.So the output sequence must have a period.One Time Pad cannot be realized in practice.
Goal: short seed, but long keystream.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 21 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Inherent Limitations
Each state transition of the FSM gives one newoutput.FSM has finite no. of states.So the output sequence must have a period.One Time Pad cannot be realized in practice.Goal: short seed, but long keystream.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 21 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.a,b,m are parameters.Example: C library function rand().Suitable for experimental purposes, butcryptographically not secure.Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.a,b,m are parameters.Example: C library function rand().Suitable for experimental purposes, butcryptographically not secure.Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.
a,b,m are parameters.Example: C library function rand().Suitable for experimental purposes, butcryptographically not secure.Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.a,b,m are parameters.
Example: C library function rand().Suitable for experimental purposes, butcryptographically not secure.Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.a,b,m are parameters.Example: C library function rand().
Suitable for experimental purposes, butcryptographically not secure.Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.a,b,m are parameters.Example: C library function rand().Suitable for experimental purposes, butcryptographically not secure.
Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Linear Congruential Generator
xn = axn−1 + b(modm).
x0 is the initial seed.a,b,m are parameters.Example: C library function rand().Suitable for experimental purposes, butcryptographically not secure.Same is true for any polynomial congruentialgenerator.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 22 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Blum-Blum-Shub (BBS) Generator
Choose two large primes p,q both congruent to3 mod 4.Set n = pq and choose a random integer x relativelyprime to n.Set initial seed x0 = x2(modn).j-th output is given by xj = x2
j−1(modn).Has provable security, but too slow for practical use.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 23 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Blum-Blum-Shub (BBS) Generator
Choose two large primes p,q both congruent to3 mod 4.
Set n = pq and choose a random integer x relativelyprime to n.Set initial seed x0 = x2(modn).j-th output is given by xj = x2
j−1(modn).Has provable security, but too slow for practical use.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 23 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Blum-Blum-Shub (BBS) Generator
Choose two large primes p,q both congruent to3 mod 4.Set n = pq and choose a random integer x relativelyprime to n.
Set initial seed x0 = x2(modn).j-th output is given by xj = x2
j−1(modn).Has provable security, but too slow for practical use.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 23 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Blum-Blum-Shub (BBS) Generator
Choose two large primes p,q both congruent to3 mod 4.Set n = pq and choose a random integer x relativelyprime to n.Set initial seed x0 = x2(modn).
j-th output is given by xj = x2j−1(modn).
Has provable security, but too slow for practical use.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 23 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Blum-Blum-Shub (BBS) Generator
Choose two large primes p,q both congruent to3 mod 4.Set n = pq and choose a random integer x relativelyprime to n.Set initial seed x0 = x2(modn).j-th output is given by xj = x2
j−1(modn).
Has provable security, but too slow for practical use.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 23 of 51
RandomnessRandom Number Generation
Stream Ciphers
Natural Random Number GeneratorsPseudo-Random Number Generators
Blum-Blum-Shub (BBS) Generator
Choose two large primes p,q both congruent to3 mod 4.Set n = pq and choose a random integer x relativelyprime to n.Set initial seed x0 = x2(modn).j-th output is given by xj = x2
j−1(modn).Has provable security, but too slow for practical use.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 23 of 51
The same key always produces the same keystream.Repeated use of the same key is just as bad asreusing a one-time pad.As a remedy, the IV is combined with the secret keyto form the effective key for the correspondingsession of the cipher, called a session key.Different session keys make the output of the streamcipher different in each session, even if the same keyis used.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 26 of 51
Repeated use of the same key is just as bad asreusing a one-time pad.As a remedy, the IV is combined with the secret keyto form the effective key for the correspondingsession of the cipher, called a session key.Different session keys make the output of the streamcipher different in each session, even if the same keyis used.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 26 of 51
The same key always produces the same keystream.Repeated use of the same key is just as bad asreusing a one-time pad.
As a remedy, the IV is combined with the secret keyto form the effective key for the correspondingsession of the cipher, called a session key.Different session keys make the output of the streamcipher different in each session, even if the same keyis used.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 26 of 51
The same key always produces the same keystream.Repeated use of the same key is just as bad asreusing a one-time pad.As a remedy, the IV is combined with the secret keyto form the effective key for the correspondingsession of the cipher, called a session key.
Different session keys make the output of the streamcipher different in each session, even if the same keyis used.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 26 of 51
The same key always produces the same keystream.Repeated use of the same key is just as bad asreusing a one-time pad.As a remedy, the IV is combined with the secret keyto form the effective key for the correspondingsession of the cipher, called a session key.Different session keys make the output of the streamcipher different in each session, even if the same keyis used.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 26 of 51
Primitive polynomial provides maximum length cycle,2d − 1 for degree d . Well known as m-sequence.By itself, not cryptographically secure, but usefulbuilding block for pseudo-randomness.Easy and efficient implementation in hardware, usingregisters (Flip-Flops) and simple logic gates.Deep mathematical development for a long time.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 29 of 51
Primitive polynomial provides maximum length cycle,2d − 1 for degree d . Well known as m-sequence.
By itself, not cryptographically secure, but usefulbuilding block for pseudo-randomness.Easy and efficient implementation in hardware, usingregisters (Flip-Flops) and simple logic gates.Deep mathematical development for a long time.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 29 of 51
Primitive polynomial provides maximum length cycle,2d − 1 for degree d . Well known as m-sequence.By itself, not cryptographically secure, but usefulbuilding block for pseudo-randomness.
Easy and efficient implementation in hardware, usingregisters (Flip-Flops) and simple logic gates.Deep mathematical development for a long time.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 29 of 51
Primitive polynomial provides maximum length cycle,2d − 1 for degree d . Well known as m-sequence.By itself, not cryptographically secure, but usefulbuilding block for pseudo-randomness.Easy and efficient implementation in hardware, usingregisters (Flip-Flops) and simple logic gates.
Deep mathematical development for a long time.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 29 of 51
Primitive polynomial provides maximum length cycle,2d − 1 for degree d . Well known as m-sequence.By itself, not cryptographically secure, but usefulbuilding block for pseudo-randomness.Easy and efficient implementation in hardware, usingregisters (Flip-Flops) and simple logic gates.Deep mathematical development for a long time.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 29 of 51
Suppose we know the segment 011010111100 of akeystream sequence.We also know that it is generated by some LFSR.We do not necessarily know the length of therecurrence.We need to determine the coefficients.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 30 of 51
Suppose we know the segment 011010111100 of akeystream sequence.We also know that it is generated by some LFSR.We do not necessarily know the length of therecurrence.
We need to determine the coefficients.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 30 of 51
Suppose we know the segment 011010111100 of akeystream sequence.We also know that it is generated by some LFSR.We do not necessarily know the length of therecurrence.We need to determine the coefficients.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 30 of 51
Result: The m ×m matrix is invertible mod2, iff there isno linear recurrence relation of length less than m that issatisfied by the 2m values x1, x2, . . . , x2m.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 34 of 51
Result: The m ×m matrix is invertible mod2, iff there isno linear recurrence relation of length less than m that issatisfied by the 2m values x1, x2, . . . , x2m.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 34 of 51
Result: The m ×m matrix is invertible mod2, iff there isno linear recurrence relation of length less than m that issatisfied by the 2m values x1, x2, . . . , x2m.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 34 of 51
Take n LFSRs of different length (may be pairwiseprime).Initialize them with seeds.In each clock, take the n-many outputs from theLFSRs, which are fed as n-inputs to an n-variableBoolean function.May be some memory element is added.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 35 of 51
Take n LFSRs of different length (may be pairwiseprime).
Initialize them with seeds.In each clock, take the n-many outputs from theLFSRs, which are fed as n-inputs to an n-variableBoolean function.May be some memory element is added.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 35 of 51
Take n LFSRs of different length (may be pairwiseprime).Initialize them with seeds.In each clock, take the n-many outputs from theLFSRs, which are fed as n-inputs to an n-variableBoolean function.
May be some memory element is added.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 35 of 51
Take n LFSRs of different length (may be pairwiseprime).Initialize them with seeds.In each clock, take the n-many outputs from theLFSRs, which are fed as n-inputs to an n-variableBoolean function.May be some memory element is added.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 35 of 51
Take one LFSR.Initialize that with a seed.In each clock, take the n-many outputs from theLFSR from different locations, which are fed asn-inputs to an n-variable Boolean function.May be considered with additional memory element.The Boolean function and memory together form aFinite State Machine.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 36 of 51
Initialize that with a seed.In each clock, take the n-many outputs from theLFSR from different locations, which are fed asn-inputs to an n-variable Boolean function.May be considered with additional memory element.The Boolean function and memory together form aFinite State Machine.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 36 of 51
In each clock, take the n-many outputs from theLFSR from different locations, which are fed asn-inputs to an n-variable Boolean function.May be considered with additional memory element.The Boolean function and memory together form aFinite State Machine.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 36 of 51
Take one LFSR.Initialize that with a seed.In each clock, take the n-many outputs from theLFSR from different locations, which are fed asn-inputs to an n-variable Boolean function.
May be considered with additional memory element.The Boolean function and memory together form aFinite State Machine.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 36 of 51
Take one LFSR.Initialize that with a seed.In each clock, take the n-many outputs from theLFSR from different locations, which are fed asn-inputs to an n-variable Boolean function.May be considered with additional memory element.
The Boolean function and memory together form aFinite State Machine.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 36 of 51
Take one LFSR.Initialize that with a seed.In each clock, take the n-many outputs from theLFSR from different locations, which are fed asn-inputs to an n-variable Boolean function.May be considered with additional memory element.The Boolean function and memory together form aFinite State Machine.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 36 of 51
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)
Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.
GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?
FSM contains S-boxes and Registers.Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.
Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.Registers are memory words.
S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
Nonlinear Filter Generator Model With Memory.More than one bit processed together (32-bit words)Use LFSRs over larger fields: need the LFSRevolution operations to be efficient.GF (232) or GF (231 − 1) to relate with 32-bit words ofmodern processors. Are we moving towards 64-bitwords?FSM contains S-boxes and Registers.Registers are memory words.S-boxes are multiple output Boolean functions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 38 of 51
Initially, stream ciphers were targeted towardshardware only.Later, software stream ciphers became popular dueto their speed and efficiency compared to softwareimplementation of block ciphers.Typically consists of two modules:
KSA : key × IV→ internal state andPRGA : internal state→ keystream word.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 39 of 51
Initially, stream ciphers were targeted towardshardware only.
Later, software stream ciphers became popular dueto their speed and efficiency compared to softwareimplementation of block ciphers.Typically consists of two modules:
KSA : key × IV→ internal state andPRGA : internal state→ keystream word.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 39 of 51
Initially, stream ciphers were targeted towardshardware only.Later, software stream ciphers became popular dueto their speed and efficiency compared to softwareimplementation of block ciphers.
Typically consists of two modules:KSA : key × IV→ internal state andPRGA : internal state→ keystream word.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 39 of 51
Initially, stream ciphers were targeted towardshardware only.Later, software stream ciphers became popular dueto their speed and efficiency compared to softwareimplementation of block ciphers.Typically consists of two modules:
KSA : key × IV→ internal state andPRGA : internal state→ keystream word.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 39 of 51
Wide commercial applications SSL, TLS, WEP, WPA,AOCE, Microsoft Windows, Lotus Notes, OracleSecure SQL etc.Generally used with 5 to 16 bytes key, thoughprovision for 256 bytes key is there.Uses a permutation over Z256 as the internal state.Operations: Swaps and Modulo 256 additions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 40 of 51
Wide commercial applications SSL, TLS, WEP, WPA,AOCE, Microsoft Windows, Lotus Notes, OracleSecure SQL etc.
Generally used with 5 to 16 bytes key, thoughprovision for 256 bytes key is there.Uses a permutation over Z256 as the internal state.Operations: Swaps and Modulo 256 additions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 40 of 51
Wide commercial applications SSL, TLS, WEP, WPA,AOCE, Microsoft Windows, Lotus Notes, OracleSecure SQL etc.Generally used with 5 to 16 bytes key, thoughprovision for 256 bytes key is there.
Uses a permutation over Z256 as the internal state.Operations: Swaps and Modulo 256 additions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 40 of 51
Wide commercial applications SSL, TLS, WEP, WPA,AOCE, Microsoft Windows, Lotus Notes, OracleSecure SQL etc.Generally used with 5 to 16 bytes key, thoughprovision for 256 bytes key is there.Uses a permutation over Z256 as the internal state.
Operations: Swaps and Modulo 256 additions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 40 of 51
Wide commercial applications SSL, TLS, WEP, WPA,AOCE, Microsoft Windows, Lotus Notes, OracleSecure SQL etc.Generally used with 5 to 16 bytes key, thoughprovision for 256 bytes key is there.Uses a permutation over Z256 as the internal state.Operations: Swaps and Modulo 256 additions.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 40 of 51
An event that distinguishes the keystream from auniformly random stream.For a stream cipher, the event is based on somecombination of the keystream bits.The attack complexity is given by the number ofsamples required for a given success probability.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 44 of 51
An event that distinguishes the keystream from auniformly random stream.
For a stream cipher, the event is based on somecombination of the keystream bits.The attack complexity is given by the number ofsamples required for a given success probability.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 44 of 51
An event that distinguishes the keystream from auniformly random stream.For a stream cipher, the event is based on somecombination of the keystream bits.
The attack complexity is given by the number ofsamples required for a given success probability.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 44 of 51
An event that distinguishes the keystream from auniformly random stream.For a stream cipher, the event is based on somecombination of the keystream bits.The attack complexity is given by the number ofsamples required for a given success probability.
GOUTAM PAUL Random Number Generation and Stream Cipher Slide 44 of 51