Meet-in-the-Middle!
2-DES key is (k^i, k)
Build a table 2
Sort the table in n log n or in this case 56 2^56
The attack is time efficient but requires about 2^56 of space
"effective" key-length of 2-DES <= 62 bits any key size over 90-bits is considered secure The improvement of sorting in n log n is at the heart of reducing algorithmic time Linear & Differential attacks Basic idea of linear cryptanalysis Probability that a given message bit XOR'd with the ciphertext = 1/2 = some episilon Keep trying to cut an exhaustive search by factors of 2 What is the significance of the 5th S-box beeing chosen poorly? What does this bias allow an attacker to do? You can deduce 14 bits of information about the key 56 -14 = 42 bits of the key left to do an exhaustive search on Anyone releasing a cipher today has to prove it's not vulnerable to linear cryptanalysis Attacks on Implementation Power cryptanalysis What was Paul Kocher's insight around hardware power fluctuations? AES 128-bit block size and variable key sizes of 128, 192, 256-bits How could a quantum computer break a block cipher in 2^(n/2)? 2 4X4 matricies; one for the key and one for the state info AES 4 invertible steps:
- byte substitution
- shift row
- mix columns
- add key
2 Theoretical Goals
- Abstract model for Block Ciphers
- Argue that CBC and counter-mode are secure
PseudoRandomPermutation (PRP) versus Secure PRP
Assume AES and 3DES are secure and just focus on PRP
No comments:
Post a Comment