Trance-0/NoteNextra-origin
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
571efa1bad06555e64b82919fa7c99d9d6c22a3d
NoteNextra-origin/content/CSE4303/CSE4303_L7.md
Trance-0 0e28ba6261 update
2026-02-12 11:56:24 -06:00

2.7 KiB
Raw Blame History

CSE4303 Introduction to Computer Security (Lecture 7)

Cryptography in Symmetric Systems

Symmetric systems

Symmetric (shared-key) encryption

  • Classical techniques
  • Computer-aided techniques
  • Formal reasoning
  • Realizations:
    • Stream ciphers
    • Block ciphers

Stream ciphers

  1. Operate on PT one bit at a time (usually), as a bit "stream"
  2. Generate arbitrarily long keystream on demand

Keystream

Keystream G(k) generated from key k.

Encryption:


E(k,m) = m \oplus G(k)

Decryption:


D(k,c) = c \oplus G(k)

Security abstraction

  1. XOR transfers randomness of keystream to randomness of CT regardless of PTs content
  2. Security depends on G being "practically" indistinguishable from random string and "practically" unpredictable
  3. Idea: shouldnt be able to predict next bit of generator given all bits seen so far

Keystream G(k)

  • Idea: shouldnt be able to predict next bit of generator given all bits seen so far
  • Strategies and challenges: many!

Idea that doesnt quite work: Linear Feedback Shift Register (LFSR)

  • Choice of feedback: by algebra
  • Pro: fast, statistically close to random
  • Problem: susceptible to cryptanalysis (because linear)

LFSR-based modifications

  • Use non-linear combo of multiple LFSRs
  • Use controlled clocking (e.g. only cycle the LFSR when another LFSR outputs a 1)
  • Etc.

Others

  • Modular arithmetic-based constructions
  • Other algebraic constructions

Hazards

  1. Weak PRG
  2. Key re-use
  3. Predictable effect of modifying CT on decrypted PT

Weak PRG

  • Makes semantic security impossible

Key re-use

Suppose:


c_1 = m_1 \oplus G(k)

and


c_2 = m_2 \oplus G(k)

Then:


c_1 \oplus c_2 = m_1 \oplus m_2

This may be enough to recover m_1 or m_2 using natural language properties.

IV (Initialization Vector)

Used to avoid key re-use:

  • IV incremented per frame
  • But repeats after 2^{24} frames
  • Sometimes resets to 0
  • Enough to recover key within minutes

Note:

  • Happens if keystream period is too short
  • Real-world example: WEP attack (802.11b)

Predictable modification of ciphertext

If attacker modifies ciphertext by XORing p:

Ciphertext becomes:


(m \oplus k) \oplus p

Decryption yields:


m \oplus p
  • Affects integrity
  • Not CCA-secure for integrity

Summary: Stream ciphers

Pros

  • Fast
  • Memory-efficient
  • No minimum PT size

Cons

  • Require good PRG
  • Can never re-use key
  • No integrity mechanism

Note

  • Integrity mechanisms exist for other symmetric ciphers (block ciphers)
  • "Authenticated encryption"

Examples / Uses

  • RC4: legacy stream cipher (e.g. WEP)
  • ChaCha / Salsa: Android cell phone encryption (Adiantum)