Mihaljevic slides nato08

(1)

1

A Framework for Stream Ciphers Based

on Pseudorandomness, Randomness and

Error-Correcting Coding

Miodrag Mihaljevic

Enhancing Crypto-Primitives with Techniques from

Coding Theory

NATO Advanced Research Workshop 6 - 9 October 2008

(2)

2

Roadmap

• Introduction

• Underlying Ideas and Novel Framework

• Particular Novel Stream Ciphering Approaches Based

on Employment of Pure Randomness

• A Model of Certain Stream Ciphers Based on Pure

Randomness

• LPN Problem and a Security Evaluation Approach

• Framework for the Security Evaluation

(3)

3

I. Introduction

(4)

4

Some Initial References

• R.J. McEliece, “A public key cryptosystem based on algebraic coding theory”, DSN progress report, 42-44:114-116, 1978. (well known reference)

• M. Willett, “Deliberate noise in a modern cryptographic

system”, IEEE Transactions on Information Theory, vol. 26, no. 1, pp.102-104, Jan. 1980. (almost forgotten reference)

• A. Blum, M. Furst, M. Kearns and R. Lipton, “Cryptographic Primitives Based on Hard Learning Problems”, CRYPTO

1993, Lecture Notes in Computer Science, vol. 773, pp. 278– 291, 1994.

(5)

5

A.D. Wyner, “The wire-tap channel”,

Bell Systems

Technical Journal

, vol. 54, pp. 1355-1387, 1975.

• A different approach for achieving secrecy of

communication based on the noise has been reported

by Wyner in 1975 assuming that the channel

between the legitimate parties is with a lower noise in

comparison with the channel via which a wire-tapper

has access to the ciphertext.

•

The proposed method does not require any secret

.

It is based on a specific coding scheme which

provides a reliably communications within the

legitimate parties and prevents, at the same time, the

wire-tapper from learning the communication's

(6)

6

Some Recent References

• J. Katz and J. Shin, “Parallel and Concurrent Security of the HB and HB+ Protocols”, EUROCRYPT 2006, Lecture Notes in Computer Science, vol. 4004, pp. 73–87, 2006.

• J.-P. Aumasson, M. Finiasz, W. Meier and S. Vaudenay,

“TCHo: A Hardware-Oriented Trapdoor Cipher”, ACISP 2007,

Lecture Notes in Computer Science, vol. 4586, pp. 184–199, 2007.

• H. Gilbert, M.J.B. Robshaw and Y. Seurin, “HB#: Increasing the Security and Efficiency of HB+”, EUROCRYPT2008,

Lecture Notes in Computer Science, vol. 4965, pp. 361-378, 2008.

(7)

7

Certain Origins for Our Work

• M. Mihaljevic, “Generic framework for secure Yuen 2000 quantum-encryption employing the wire-tap channel

approach”, Physical Review A, vol. 75, no. 5, pp. 052334-1-5, May 2007.

• M. Fossorier, M. Mihaljevic and H. Imai, “Modeling Block Encoding Approaches for Fast Correlation Attack”, IEEE Transactions on Information Theory, vol. 53, no. 12, pp. 4728-4737, Dec. 2007.

• M. Mihaljevic, M. Fossorier and H. Imai, “Security Evaluation of Certain Broadcast Encryption Schemes

Employing a Generalized Time-Memory-Data Trade-Off”,

(8)

8

(9)

9

Novelties of Our Designs in

Comparison with the Reported ones

Employment of two different binary pure randomness within a cryptographic primitive: • one Berunolli distributed

with the parameter <<1/2 • another with Uniform

distribution and the parameter equal to 1/2

Dedicated encoding for providing the attacker confusion employing: • Homophonic coding

approaches

(10)

10

General Underlying Ideas in Our

Designs

Enhancing

cryptographic

primitives employing

- pure randomness and

- coding theory

• Particularly:

Employment of the

concept of the

binary

channels with

insertion and

complementation

(11)

11

Main Goals

• A framework for design of stream ciphers which

provides opportunity for design the security as

high as possible based on the employed secret key, i.e. complexity of

recovering the key as

close as possible to O(2K)

• A trade-off between the security and the

communications rate:

Increase the security up to the upper limit at the

expense of a moderate decrease of the

(12)

12

Underlying Ideas for Novel

Stream Ciphers Paradigm

A Happy Merge (Marriage) of

(13)

13

The Main Underlying Ideas

• Employ

physical noise

which an attacker

must face, in order to strengthen the stream

cipher.

•

Strengthen the stream cipher employing

a dedicated encoding

following the

(14)

14

A Framework of Stream Ciphering

Employing Randomness

a related traditional stream cipher and

a novel particular one based on

(15)

15

A Traditional Stream Cipher based

on Encode+Encrypt Paradigm

in order to cope with an inherent noise in

the public communication channel employ

“encode+encrypt”

(16)

(17)

17

Novel Framework

Based on Employment of

Randomness and Dedicated

(18)

18 Error-Correction Encoding Keystream Generator Public Comm. Channel Error-Correction Decoding plaintext secret key plaintext secret key Encryption Decryption Dedicated Encoding&Encryption

Source of Randomness

Keystream Generator Dedicated

(19)

19

Notes (1): Novel Paradigm

• Traditional stream ciphers do not include any

randomness: Basically, they are based on the deterministic operations which expand a short secret seed into a long pseudorandom sequence. • This talk proposes an

alternative approach yielding a novel

paradigm for design of stream ciphers.

• The proposed framework

employs a dedicated coding and a deliberate noise

which, assuming the

appropriate code and noise level, at the attacker's side provides increased

confusion up to the limit determined by the secret key length.

• _{Decoding complexities with}

(20)

20

Notes (2): Security-Overhead Trade-Off

In order to achieve the main security goal, the proposed stream ciphering approach includes the following two encoding schemes with impacts on the

communications overhead: • error-correction encoding of

the messages;

• dedicated homophonic/wire-tap channel coding which performs expansion of the initial ciphertext..

• Both of these issues imply the communications

overhead: Accordingly, the proposed stream ciphers framework

includes certain trade-off between the security and the communications

(21)

21

III. Particular Novel Stream Ciphering

Approaches Employing Randomness

(22)

22

III.1 Two Variants of a Simple

Construction

embed random bits +

(23)

23

(24)

24 Error-Correction Encoding Keystream Generator

+

Public Comm. Channel Error-Correction Decoding Keystream Generator

+

plaintext secret key plaintext secret key Encryption Decryption Embedding Decimation

+

(25)

25

(26)

+

(27)

27

III.2 Stream Ciphering Employing

Wire-Tap Channel Coding

(28)

-28

Wire-Tap Channel

A. D. Wyner, “The wire-tap channel”,

(29)

29

Alice Bob

Eve

Channel C1

Channel C2

U

X

Z

(30)

30

Coding Strategy for the

Wire-Tap Channel

• Goal of encoding paradigm for the wire-tap

channel is to

make the noisy data

available to Eve (across the wire tap

channel) useless

and achieving this goal is

based on adding the randomness in

(31)

31

Groups of the codewords: Same symbol denote different codewords belonging to the same group

*

x Codewords and N-dim Sphere

x x x x x

(32)

+

Mapping Public Comm. Channel Error-Correction Decoding Keystream Generator

+

plaintext secret key plaintext secret key Encryption Decryption Wire-Tap Channel Encoding Wire-Tap Channel Decoding

+

Source of Randomness

Mapping

(33)

33

IV. A Model of Certain Stream

Ciphers Based on Pure Randomness

(34)

+

(35)

+

plaintext secret key Encryption Channel with Insertion of Random Bits

Security as a Decoding Problem

after Two Noisy Channels

Binary Symmetric

(36)

36 Error-Correction Encoding Keystream Generator plaintext secret key Encryption Homophonic Encoding

Security Consideration via Implications

of the Coding and the LPN Problem

(37)

37

(38)

38

(39)

39

V. LPN Problem and a Security

Evaluation Approach

(40)

40

LPN Problem

• Problem of decoding

of a general random

linear block code after

a binary symmetric

channel with given

crossover probability.

• More formal

(41)

41

Underlying Problem of the LPN

linear-f1(x1, x2, …, xK)

= z

₁

linear-f2(x₁, x₂, …, x_K)

= z

₂

linear-fN(x₁, x₂, …, x_K)

= z

_N

…

O S V Y E S R T D E E M F I N E D noisy variables

(42)

42

(43)

43

(44)

44

(45)

45

(46)

46

Hardness of the LPN Problem

(47)

47

(48)

48

Security Evaluation Approaches

(49)

49

Two Particular

Security Evaluation Approaches

• Security evaluation via

consideration of the

underlying decoding

problem.

• Security evaluation via

a formal security

model and an

evaluation game.

• Further on, this

(50)

50

(51)

51

(52)

(53)

(54)

54

(55)

(56)

(57)

57

Proof. Recall that non-adaptive CPA-security (P1) implies adaptive CPA-security (P2), hence we may restrict ourselves to adversaries accessing the encryption oracle

(58)

(59)

(60)

(61)

(62)

(63)

(64)

64

VII. Concluding Notes

(65)

65

Main messages

• A general framework and certain particular

incarnations of

stream ciphers based on

randomness and dedicated coding

are proposed.

• The dedicated coding employs

homophonic and

wire-tap channel like coding

approaches.

• A security evaluation has been performed implying

that security under certain attacking scenarios

(66)

66

Thank You Very Much for the

Attention,

and