Российская криптография: блочные шифры и их режимы шифрования (Russian cryptography: block ciphers and modes of operation for them)
0 likes•1,015 views
The document summarizes Russian cryptography techniques, including block ciphers and modes of operation. It discusses the history of block ciphers and competitions like NIST AES. It specifically covers the Russian standards GOST 28147-89 and GOST R 34.12-2015 named Kuznyechik. It also reviews modes of operation like ECB, CBC, CTR, and padding techniques. Implementation results for Kuznyechik show encryption speeds of over 5GB/s on GPU. References are provided for further reading.
Российская криптография: блочные шифры и их режимы шифрования (Russian cryptography: block ciphers and modes of operation for them)
- 1. Russian cryptography: block ciphers and modes of operation for them Borodin Mikhail Yekaterinburg, 2016
- 2. Contents • Block cipher • History of block ciphers • GOST 28147-89 • КузНечиК, Kuznyechik • Modes of operation for block ciphers
- 3. Block ciphers basic block cipher: a cipher that implements a reversible mapping of the set of plaintext blocks of the fixed length to the set of chiphertext blocks of the same length for any fixed key.
- 4. The NIST competition • provide a high level of security • be completely specified and easy to understand • be economically implementable in electronic devices • be available to all users • be efficient to use • be exportable The security of the algorithm must reside in the key; the security should not depend on the secrecy of the algorithm. The algorithm must:
- 5. The NIST competition, IBM «Lucifer» IBM Lucifer NIST NSA DES What is better?
- 7. The NIST competition, AES Main requirements: • block size of 128 bits • three key lengths: 128, 192 and 256 bits • free distribution Additional requirements: • easy hardware and software implementation of used operations • focus on 32-bit processors • simple cipher structure for cryptanalysis possibility.
- 8. AES, Rijndael Input 128-bit AddRoundKey SubBytes ShiftRows MixColumns AddRoundKey SubBytes ShiftRows AddRoundKey Output 128-bit Nr-1 Input 128-bit AddRoundKey InvSubBytes InvShiftRows InvMixColumns AddRoundKey InvShiftRows InvSubBytes AddRoundKey Output 128-bit Nr-1 Encryption Decryption
- 9. GOST 28147-89 Main characteristics: • block size of 64 bits • key length of 256 bits • based on Feistel network • unfixed 4-to-4-bit S-boxes • 32 rounds
- 10. GOST 28147-89 32-bit32-bit Li-1 Ri-1 Li Ri + <<<11 S-box F Ki 32-bit
- 11. GOST 28147-89
- 12. GOST 28147-89 Disadvantages: • small block length • there are theoretical attacks Advantages: • high-speed software and hardware implementations • there are compact implementation • the lack of practical attacks Features: • unfixed S-boxes • simple key schedule
- 13. GOST R 34.12-2015 Main characteristics: • block size of 128 bits • key length of 256 bits • based on SP-network • 8-to-8-bit S-box • recursive MDS-code «КузНечиК», Kuznyechik
- 14. Kuznyechik Input 128-bit X S L X Output 128-bit 9 Encryption Decryption Input 128-bit X Inv L Inv S X Output 128-bit 9
- 15. Kuznyechik, implementations Platform: i7-2600 @ 3.4GHz, Win7, Compiler VS2008 x64: • Encryption - 138 MB/sec (24 c/byte) • Decryption - 120 MB/sec (27 c/byte) NVIDIA GeForce GTX TITAN, CUDA-cores -2688, GPU memory – 6 GB, Intel Core i7-4770K: • Encryption - 5518 MB/sec
- 16. Modes of operation • Electronic Codebook, ECB • Counter, CTR • Output Feedback, OFB • Cipher Block Chaining, CBC • Cipher Feedback, CFB • Message Authentication Code algorithm
- 17. Padding Let 𝐫 = 𝑷 𝐦𝐨𝐝 𝐧. 1. 𝑃 = 𝑃, if 𝑟 = 0 𝑃||0 𝑛−𝑟 , else 2. 𝑃||1||0 𝑛−𝑟−1 3. 𝑃 = 𝑃, if 𝑟 = 0 𝑃||1||0 𝑛−𝑟−1 , else n-bit r-bitn-bit (n-r)-bit
- 20. Counter, CTR
- 28. Cipher Block Chaining, CBC
- 29. Cipher Block Chaining, CBC
- 32. Message Authentication Code algorithm
- 33. Thank you for your attention!
- 34. • ГОСТ Р 34.12–2015 "Информационная технология. Криптографическая защита информации. Блочные шифры" • ГОСТ Р 34.13–2015 "Информационная технология. Криптографическая защита информации. Режимы работы блочных шифров" • FIPS PUB 46-3", Data Encryption Standard (DES)”, January 15, 1977, 1999 • ISO/IEC 18033-3:2010 Information technology – Security techniques – Encryption algorithms – Part 3: Block ciphers • Schneier B. Applied cryptography: protocols, algorithms, and source code in C. – john wiley & sons, 2007 • Бондаренко А., Маршалко Г., Шишкин В. ГОСТ Р 34.12–2015: чего ожидать от нового стандарта? // Information Security/ – 2015. – № 4. – С. 48–50 • http://competitions.cr.yp.to/aes.html • https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation • A. Poschmann, S. Ling, H. Wang, 256 bit standardized crypto for 650 GE – GOST revisited, CHES 2010, LNCS 6225, pp. 219-233, 2010 • С. Смышляев. Вопросы применимости российских криптоалгоритмов, events.yandex.ru/events/meetings/24-july-2015/ • T. Isobe. A Single-Key Attack on the Full GOST Block Cipher, LNCS v. 6733, p. 290–305. Springer, 2011 • М. А. Бородин, А. С. Рыбкин «Высокоскоростные программные реализации блочного шифра "Кузнечик"» Проблемы информационной безопасности. Компьютерные системы. - 2014. - № 3. - С. 67-73 • I. Dinur, O. Dunkelman, A. Shamir. Improved Attacks on Full GOST, eprint.iacr.org • D. Fomin, Implementation of an XSL block cipher with MDS-matrix liner transformation on NVIDIA CUDA. In 3rd Workshop on Current Trends in Cryptology (CTCrypt 2014) • D. Fomin, A timing attack on CUDA implementations of an AES-type block cipher, CTCrypr 2015 Preproceedings, Kazan, 2015.