Cryptography - Sage

More documents

Recommendations

Info

The Advanced Encryption Standard allows Rijndael with key lengths 128, 192, or 256 bits.The eight-bit byte blocks which form the matrix entries are interpreted as elements ofthe finite field of 2 8 = 256 elements. The finite field is represented by the quotient ringF 2 8 = F 2 [X]/(X 8 + X 4 + X 3 + X + 1),whose elements are polynomials c 7 X 7 + c 6 X 6 + c 5 X 5 + c 4 X 4 + c 3 X 3 + c 2 X 2 + c 1 X + c 0 .We denote by BS, SR, MC, and ARK these four basic steps. There exist correspondinginverse operations IBS, ISR, IMC, IARK. The flow of the algorithms for enciphering anddeciphering are as follows:1. ARK2. BS, SR, MC, ARK.3. BS, SR, MC, ARK4. BS, SR, ARK1. ARK2. IBS, ISR, IMC, IARK.3. IBS, ISR, IMC, IARK4. IBS, ISR, ARKByteSub. The ByteSub operation is given by the S-box look-up table. Alternatively theS-box has a description in terms of the structure of the finite fields and linear algebra. Letx ′ be the inverse of x in F 2 8 if x ≠ 0 and set x ′ = x = 0 otherwise. Then the ByteSub stepis given by x ↦→ X 6 + X 5 + X + 1 + x ′ A where A is the matrix:⎛⎞1 1 1 1 1 0 0 00 1 1 1 1 1 0 00 0 1 1 1 1 1 0A =0 0 0 1 1 1 1 11 0 0 0 1 1 1 1⎜ 1 1 0 0 0 1 1 1⎟⎝ 1 1 1 0 0 0 1 1 ⎠1 1 1 1 0 0 0 15.4 Modes of OperationBlock ciphers can be applied to longer ciphertexts using one of various modes of operation.We assume that the input is plaintext M = M 1 M 2 . . ., the block enciphering map for givenkey K is E K , and the output is C = C 1 C 2 . . .. The possible block cipher modes of operationwhich we treat are identified by the acronyms ECB, CBC, CFB, and OFB. In each case weassume that we have a cipher of block length n, with enciphering maps E K and decipheringmaps D K for each key K.5.4. Modes of Operation 41
5.4.1 Electronic Codebook Mode (ECB)Electronic codebook mode is the most obvious way to use a block cipher.Enciphering.Input:k-bit key Kn-bit plaintext blocks M = M 1 M 2 . . . M t .Algorithm:Output:n-bit ciphertext blocks C = C 1 C 2 . . . C t .Deciphering.Input:k-bit key Kn-bit ciphertext blocks C = C 1 C 2 . . . C t .Algorithm:Output:n-bit plaintext blocks M = M 1 M 2 . . . M t .C j = E K (M j ).M j = D K (C j ).To explain the name, one should think of this mode as being defined by a lookup tableor codebook. Consider, for example, DES, which operates on 64 bit (binary) strings. Thesedescribe, for instance, 8 characters in 8-bit ASCII (or in 7-bit ASCII with one paritycheck bit). For each key K, the codebook contains the ciphertext image of each of these8 character strings as a lookup table. In order to encipher the message, the electroniccodebook is consulted for the ciphertext encoding of each block. Note that the number ofsuch hypothetical codebooks is itself enormous – for DES there are 2 56 possible keys, eachwith its own codebook.We now consider some of the properties and limitations of ECB mode. The categoriesbelow are chosen for comparison with the modes of operations which follow.Properties:1. Identical plaintext. The same plaintext block always maps to the same ciphertextblock.2. Chaining dependencies. Reordering the plaintext blocks induces a reordering of thesame ciphertext blocks.3. Error propagation. An error in a ciphertext block results in a deciphering error onlyin the corresponding plaintext block.Security Remarks:42 Chapter 5. Block Ciphers
Page 1 and 2: Author (David R. Kohel) /Title (Cry
Page 4 and 5: CONTENTS1 Introduction to Cryptogra
Page 6: PrefaceWhen embarking on a project
Page 10 and 11: information. We introduce here some
Page 12 and 13: ut strings in A ∗ map injectively
Page 14 and 15: CHAPTERTWOClassical Cryptography2.1
Page 16 and 17: LV MJ CW XP QO IG EZ NB YH UA DS RK
Page 18 and 19: As a special case, consider 2-chara
Page 20 and 21: Note that if d k = 1, then we omit
Page 22: ExercisesSubstitution ciphersExerci
Page 25 and 26: Ciphertext-only AttackThe cryptanal
Page 27 and 28: of size n, suppose that p i is the
Page 29 and 30: Note that ZKZ and KZA are substring
Page 31: Checking possible keys, the partial
Page 34 and 35: sage: X = pt.frequency_distribution
Page 36 and 37: CHAPTERFOURInformation TheoryInform
Page 38 and 39: For each of these we can extend our
Page 40 and 41: in terms of the cryptosystem), then
Page 42 and 43: CHAPTERFIVEBlock CiphersData Encryp
Page 44 and 45: Deciphering. Suppose we begin with
Page 48 and 49: 1. Malicious substitution of a ciph
Page 50 and 51: locks M j−1 , . . . , M 1 as well
Page 52: where X = K ⊕ M = (X 1 , X 2 , X
Page 55 and 56: 6.2 Properties of Stream CiphersSyn
Page 57 and 58: Exercise. Verify that the equality
Page 59 and 60: n 2 n − 11 12 33 74 155 316 637 1
Page 61 and 62: Exercise 6.6 In the previous exerci
Page 63 and 64: Exercise 6.9 Compute the first 8 te
Page 65 and 66: which holds since −4 = 17 + (−1
Page 67 and 68: must therefore have a divisor of de
Page 69 and 70: Shrinking Generator cryptosystemLet
Page 72 and 73: CHAPTEREIGHTPublic Key Cryptography
Page 74 and 75: Initial setup:1. Alice and Bob publ
Page 76 and 77: We apply this rule in the RSA algor
Page 78 and 79: the discrete logarithm problem (DLP
Page 80 and 81: Man in the Middle AttackThe man-in-
Page 82: Exercise 8.6 Fermat’s little theo
Page 85 and 86: k < p − 1 with GCD(k, p − 1) =
Page 88 and 89: CHAPTERTENSecret SharingA secret sh
Page 90: using any t shares (x 1 , y 1 ), .
Page 93 and 94: sage-------------------------------
Page 95 and 96: sage: x.is_unit?Type:builtin_functi
Page 97 and 98:
Python (hence SAGE) has useful data
Page 99 and 100:
sage: n = 12sage: for i in range(n)
Page 101 and 102:
sage: I = [55+i for i in range(3)]
Page 103 and 104:
sage: I = [7, 4, 11, 11, 14, 22, 14
Page 105 and 106:
ExercisesRead over the above SAGE t
Page 107 and 108:
102
Page 109 and 110:
Solution. The block length is the n
Page 111 and 112:
Solution.below.The coincidence inde
Page 113 and 114:
analysis of the each of the decimat
Page 115 and 116:
arbitrary permutation of the alphab
Page 117 and 118:
In order to understand naturally oc
Page 119 and 120:
We do this by first verifying the e
Page 121 and 122:
Solution.None provided.Linear feedb
Page 123 and 124:
Multiplying each through by the con
Page 125 and 126:
Solution. The linear complexity of
Page 127 and 128:
If a, b, and c are as above, then f
Page 129 and 130:
Exercise 8.5 Use SAGE to find a lar
Page 131 and 132:
Solution. Now we can verify that e
Page 133 and 134:
which has no common factors with p
Page 135 and 136:
sage: p = 2^32+61sage: m = (p-1).qu
Page 137 and 138:
sage: a5 := a^n5sage: c5 := c^n5sag
Page 139 and 140:
The application of this function E
Page 141 and 142:
5. (∗) How many elements a of G h
Page 143:
1. The value f(0) of the polynomial
show all

Cryptography - Sage

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?