SlideShare a Scribd company logo

Specification of SNOW 3G in Cryptol

Ulisses Costa
Ulisses Costa
TechnologyEducation
1 of 21
Download to read offline
Specification of SNOW 3G in Cryptol Pedro Pereira Ulisses Costa Formal Methods in Software Engineering March 26, 2009 Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Index 1 Cryptol 2 Stream Ciphers 3 Conclusion Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Overview High-level language to deal with low-level problems Everything is a sequence Sequences can be either finite or infinite Primitive polymorphic functions Information Structure can be changed easily Recursion and sequence comprehensions ⇒ recurrence relations Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Types Cryptol Haskell tail : { a b } [ a +1] b -> [ a ] b ; tail :: [ b ] -> [ b ] Types are size and bit oriented Lists have infinite length Sequences have infinite size [b] - Polymorphism over b (inf) [a]b - Polymorphism over b Very similar notation Polymorphism Type inference Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Types Types in Cryptol are size oriented Cryptol drop : { a b c } ( fin a , a >= 0) = > (a ,[ a + b ] c ) -> [ b ] c take : { a b c } ( fin a , b >= 0) = > (a ,[ a + b ] c ) -> [ a ] c join : { a b c } [ a ][ b ] c -> [ a * b ] c split : { a b c } [ a * b ] c -> [ a ][ b ] c tail : { a b } [ a +1] b -> [ a ] b Haskell drop :: Int -> [ a ] -> [ a ] take :: Int -> [ a ] -> [ a ] concat :: [[ a ]] -> [ a ] -- join in cryptol tail :: [ a ] -> [ a ] Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Language Cryptol fib ( n ) = fibs @ n where { fibs = [0 1] # [| x + y || x <- drop (1 , fibs ) || y <- fibs |]; }; Haskell fib n = fibs !! n where fibs = [0 ,1] ++ [ x + y | x <- drop 1 fibs | y <- fibs ] 0 ghc -XParallelListComp Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Language Specification C MULα (c) = (MULxPOW (c, 23, 0xA9)|| MULxPOW (c, 245, 0xA9)|| MULxPOW (c, 48, 0xA9)|| /* The function MUL alpha . * Input c : 8 - bit input . MULxPOW (c, 239, 0xA9)) * Output : 32 - bit output . * See section 3.4.2 for details . */ u32 MULalpha ( u8 c ) { return Cryptol (((( u32 ) MULxPOW (c ,23 , 0 xa9 ) ) << 24 ) | ((( u32 ) MULxPOW (c , 245 ,0 xa9 ) ) << 16 ) | ((( u32 ) MULxPOW (c , 48 ,0 xa9 ) ) << 8 ) | ((( u32 ) MULxPOW (c , 239 ,0 xa9 ) ) ) ) ; MULa : [8] -> [32]; } MULa ( c ) = join ( reverse [ ( MULxPOW (c , 23 :[32] , 0 xA9 ) ) ( MULxPOW (c , 245:[32] , 0 xA9 ) ) ( MULxPOW (c , 48 :[32] , 0 xA9 ) ) ( MULxPOW (c , 239:[32] , 0 xA9 ) ) ] ); 0 ’reverse’ is used because Cryptol stores words in little-endian. Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Index 1 Cryptol 2 Stream Ciphers 3 Conclusion Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Stream Ciphers Characteristics Symmetric key ciphers ⇒ same key for encryption/decryption Typically very fast (faster than Block ciphers) Low hardware complexity Low memory requirements Encryption: plaintext ⊕ keystream Decryption: ciphertext ⊕ keystream Tries to capture the “essence” of the theoretically unbreakable One-Time Pad Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Stream Ciphers One-Time Pad Uses a truly random keystream Impossible to determine any kind of relation between ciphertext and plaintext Best attack: guessing the plaintext ⇒ Impossible to break Ok but in reality... The best we can do is generate a pseudo-random keystream ⇒ Statistical randomness (susceptible to attacks) But it’s possible to make it very HARD to break We cannot aim for theoretical security but practical security is good enough Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Linear Feedback Shift Register (LFSR) Generates a sequence of bits with near random properties But it’s mathematical structure gives too much away ⇒ possible to compute it’s polynomial representation S-boxes make it possible to hide its (low) linear complexity ⇒ practical security! Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
A simple LFSR in Cryptol lfsr : [ inf ] Bit ; lfsr = [ False True False False True False True True ] # [| ( x3 ^ x5 ^ x7 ) || x3 <- drop (3 , lfsr ) || x5 <- drop (5 , lfsr ) || x7 <- drop (7 , lfsr ) |]; Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Substitution boxes (S-boxes) Lookup table of portions of bits Reduces relation between plaintext and ciphertext (Shannon’s confusion property) Increases resistance to different Cryptanalysis techniques Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
S-boxes in Cryptol Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
SNOW 3G Invented at Lund University (Sweden) Chosen as the cipher of 3GPP encryption algorithms UEA2 and UIA2 Uses a 128/256 bit key Combination of a LFSR with a Finite State Machine (S-boxes) Best (known) attack is exaustive keyspace brute force (2128 ) ⇒ Completely safe by today’s standards Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
SNOW 3G Structure Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
SNOW 3G Spec I - MULx SNOW 3G Specification MULx maps 16 bits to 8 bits. If the leftmost (i.e. the most significant) bit of V equals 1, then MULx(V, c) = (V 8 1) ⊕ c else MULx(V, c) = V 8 1 MULx : ([8] , [8]) -> [8]; MULx (v , c ) = if ( v ! 0) == True then ( v << 1) ^ c else ( v << 1) ; Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
SNOW 3G Spec II - Initialization Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Index 1 Cryptol 2 Stream Ciphers 3 Conclusion Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Conclusion With Cryptol is much easier to specify low-level algorithms The specification is formal and easier to read Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
Questions ? Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol

Recommended

Snort - capturar e dissecar o tráfego da rede
Snort - capturar e dissecar o tráfego da redeSnort - capturar e dissecar o tráfego da rede
Snort - capturar e dissecar o tráfego da redeUlisses Costa
 
TinyOS 2.1 Tutorial: Hands-on Session
TinyOS 2.1 Tutorial: Hands-on SessionTinyOS 2.1 Tutorial: Hands-on Session
TinyOS 2.1 Tutorial: Hands-on SessionRazvan Musaloiu-E.
 
Pepe Vila - Cache and Syphilis [rooted2019]
Pepe Vila - Cache and Syphilis [rooted2019]Pepe Vila - Cache and Syphilis [rooted2019]
Pepe Vila - Cache and Syphilis [rooted2019]RootedCON
 
【論文紹介】Relay: A New IR for Machine Learning Frameworks
【論文紹介】Relay: A New IR for Machine Learning Frameworks【論文紹介】Relay: A New IR for Machine Learning Frameworks
【論文紹介】Relay: A New IR for Machine Learning FrameworksTakeo Imai
 
Vc4c development of opencl compiler for videocore4
Vc4c development of opencl compiler for videocore4Vc4c development of opencl compiler for videocore4
Vc4c development of opencl compiler for videocore4nomaddo
 
Salsa20
Salsa20Salsa20
Salsa20Amit Ghosh
 
Salsa20 Cipher
Salsa20 CipherSalsa20 Cipher
Salsa20 CipherNisarg Shah
 
深層学習フレームワークにおけるIntel CPU/富岳向け最適化法
深層学習フレームワークにおけるIntel CPU/富岳向け最適化法深層学習フレームワークにおけるIntel CPU/富岳向け最適化法
深層学習フレームワークにおけるIntel CPU/富岳向け最適化法MITSUNARI Shigeo
 

Recommended

Snort - capturar e dissecar o tráfego da rede
Snort - capturar e dissecar o tráfego da redeSnort - capturar e dissecar o tráfego da rede
Snort - capturar e dissecar o tráfego da redeUlisses Costa
 
TinyOS 2.1 Tutorial: Hands-on Session
TinyOS 2.1 Tutorial: Hands-on SessionTinyOS 2.1 Tutorial: Hands-on Session
TinyOS 2.1 Tutorial: Hands-on SessionRazvan Musaloiu-E.
 
Pepe Vila - Cache and Syphilis [rooted2019]
Pepe Vila - Cache and Syphilis [rooted2019]Pepe Vila - Cache and Syphilis [rooted2019]
Pepe Vila - Cache and Syphilis [rooted2019]RootedCON
 
【論文紹介】Relay: A New IR for Machine Learning Frameworks
【論文紹介】Relay: A New IR for Machine Learning Frameworks【論文紹介】Relay: A New IR for Machine Learning Frameworks
【論文紹介】Relay: A New IR for Machine Learning FrameworksTakeo Imai
 
Vc4c development of opencl compiler for videocore4
Vc4c development of opencl compiler for videocore4Vc4c development of opencl compiler for videocore4
Vc4c development of opencl compiler for videocore4nomaddo
 
Salsa20
Salsa20Salsa20
Salsa20Amit Ghosh
 
Salsa20 Cipher
Salsa20 CipherSalsa20 Cipher
Salsa20 CipherNisarg Shah
 
深層学習フレームワークにおけるIntel CPU/富岳向け最適化法
深層学習フレームワークにおけるIntel CPU/富岳向け最適化法深層学習フレームワークにおけるIntel CPU/富岳向け最適化法
深層学習フレームワークにおけるIntel CPU/富岳向け最適化法MITSUNARI Shigeo
 
AA-sort with SSE4.1
AA-sort with SSE4.1AA-sort with SSE4.1
AA-sort with SSE4.1MITSUNARI Shigeo
 
Chacha ppt
Chacha pptChacha ppt
Chacha pptVikramSingh1378
 
PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...
PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...
PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...Faisal Akber
 
Code GPU with CUDA - Identifying performance limiters
Code GPU with CUDA - Identifying performance limitersCode GPU with CUDA - Identifying performance limiters
Code GPU with CUDA - Identifying performance limitersMarina Kolpakova
 
Code GPU with CUDA - Applying optimization techniques
Code GPU with CUDA - Applying optimization techniquesCode GPU with CUDA - Applying optimization techniques
Code GPU with CUDA - Applying optimization techniquesMarina Kolpakova
 
20141105 asfws-norx-slides
20141105 asfws-norx-slides20141105 asfws-norx-slides
20141105 asfws-norx-slidesCyber Security Alliance
 
Design and Implementation of GCC Register Allocation
Design and Implementation of GCC Register AllocationDesign and Implementation of GCC Register Allocation
Design and Implementation of GCC Register AllocationKito Cheng
 
Crypto theory to practice
Crypto theory to practiceCrypto theory to practice
Crypto theory to practiceHarry Potter
 
深入淺出C語言
深入淺出C語言深入淺出C語言
深入淺出C語言Simen Li
 
Siphon
SiphonSiphon
SiphonUniversität Rostock
 
WebAssembly向け多倍長演算の実装
WebAssembly向け多倍長演算の実装WebAssembly向け多倍長演算の実装
WebAssembly向け多倍長演算の実装MITSUNARI Shigeo
 
Venkat ns2
Venkat ns2Venkat ns2
Venkat ns2venkatnampally
 
Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Ontico
 
EWD 3トレーニングコース#24 GlobalストレージのJavaScript用抽象化-(e) ドキュメントの末端ノードを渡り歩く
EWD 3トレーニングコース#24 GlobalストレージのJavaScript用抽象化-(e) ドキュメントの末端ノードを渡り歩くEWD 3トレーニングコース#24 GlobalストレージのJavaScript用抽象化-(e) ドキュメントの末端ノードを渡り歩く
EWD 3トレーニングコース#24 GlobalストレージのJavaScript用抽象化-(e) ドキュメントの末端ノードを渡り歩くKiyoshi Sawada
 
Correct sorting with Frama-C
Correct sorting with Frama-CCorrect sorting with Frama-C
Correct sorting with Frama-CUlisses Costa
 
GD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting ModuleGD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting ModuleUlisses Costa
 
Splint the C code static checker
Splint the C code static checkerSplint the C code static checker
Splint the C code static checkerUlisses Costa
 
Haskell
HaskellHaskell
HaskellRoberto Casadei
 
Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorialkriz5
 
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesPresentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesKaushal Kaith
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 
Cryptol experience
Cryptol experienceCryptol experience
Cryptol experienceUlisses Costa
 

More Related Content

What's hot

PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...
PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...
PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...Faisal Akber
 
Code GPU with CUDA - Identifying performance limiters
Code GPU with CUDA - Identifying performance limitersCode GPU with CUDA - Identifying performance limiters
Code GPU with CUDA - Identifying performance limitersMarina Kolpakova
 
Code GPU with CUDA - Applying optimization techniques
Code GPU with CUDA - Applying optimization techniquesCode GPU with CUDA - Applying optimization techniques
Code GPU with CUDA - Applying optimization techniquesMarina Kolpakova
 
Design and Implementation of GCC Register Allocation
Design and Implementation of GCC Register AllocationDesign and Implementation of GCC Register Allocation
Design and Implementation of GCC Register AllocationKito Cheng
 
Crypto theory to practice
Crypto theory to practiceCrypto theory to practice
Crypto theory to practiceHarry Potter
 
深入淺出C語言
深入淺出C語言深入淺出C語言
深入淺出C語言Simen Li
 
WebAssembly向け多倍長演算の実装
WebAssembly向け多倍長演算の実装WebAssembly向け多倍長演算の実装
WebAssembly向け多倍長演算の実装MITSUNARI Shigeo
 
Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Ontico
 
EWD 3トレーニングコース#24 GlobalストレージのJavaScript用抽象化-(e) ドキュメントの末端ノードを渡り歩く
EWD 3トレーニングコース#24 GlobalストレージのJavaScript用抽象化-(e) ドキュメントの末端ノードを渡り歩くEWD 3トレーニングコース#24 GlobalストレージのJavaScript用抽象化-(e) ドキュメントの末端ノードを渡り歩く
EWD 3トレーニングコース#24 GlobalストレージのJavaScript用抽象化-(e) ドキュメントの末端ノードを渡り歩くKiyoshi Sawada
 

What's hot (14)

AA-sort with SSE4.1
AA-sort with SSE4.1AA-sort with SSE4.1
AA-sort with SSE4.1
 
Chacha ppt
Chacha pptChacha ppt
Chacha ppt
 
PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...
PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...
PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...
 
Code GPU with CUDA - Identifying performance limiters
Code GPU with CUDA - Identifying performance limitersCode GPU with CUDA - Identifying performance limiters
Code GPU with CUDA - Identifying performance limiters
 
Code GPU with CUDA - Applying optimization techniques
Code GPU with CUDA - Applying optimization techniquesCode GPU with CUDA - Applying optimization techniques
Code GPU with CUDA - Applying optimization techniques
 
20141105 asfws-norx-slides
20141105 asfws-norx-slides20141105 asfws-norx-slides
20141105 asfws-norx-slides
 
Design and Implementation of GCC Register Allocation
Design and Implementation of GCC Register AllocationDesign and Implementation of GCC Register Allocation
Design and Implementation of GCC Register Allocation
 
Crypto theory to practice
Crypto theory to practiceCrypto theory to practice
Crypto theory to practice
 
深入淺出C語言
深入淺出C語言深入淺出C語言
深入淺出C語言
 
Siphon
SiphonSiphon
Siphon
 
WebAssembly向け多倍長演算の実装
WebAssembly向け多倍長演算の実装WebAssembly向け多倍長演算の実装
WebAssembly向け多倍長演算の実装
 
Venkat ns2
Venkat ns2Venkat ns2
Venkat ns2
 
Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)Performance tweaks and tools for Linux (Joe Damato)
Performance tweaks and tools for Linux (Joe Damato)
 
EWD 3トレーニングコース#24 GlobalストレージのJavaScript用抽象化-(e) ドキュメントの末端ノードを渡り歩く
EWD 3トレーニングコース#24 GlobalストレージのJavaScript用抽象化-(e) ドキュメントの末端ノードを渡り歩くEWD 3トレーニングコース#24 GlobalストレージのJavaScript用抽象化-(e) ドキュメントの末端ノードを渡り歩く
EWD 3トレーニングコース#24 GlobalストレージのJavaScript用抽象化-(e) ドキュメントの末端ノードを渡り歩く
 

Viewers also liked

Correct sorting with Frama-C
Correct sorting with Frama-CCorrect sorting with Frama-C
Correct sorting with Frama-CUlisses Costa
 
GD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting ModuleGD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting ModuleUlisses Costa
 
Splint the C code static checker
Splint the C code static checkerSplint the C code static checker
Splint the C code static checkerUlisses Costa
 
Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorialkriz5
 
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesPresentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesKaushal Kaith
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 

Viewers also liked (7)

Correct sorting with Frama-C
Correct sorting with Frama-CCorrect sorting with Frama-C
Correct sorting with Frama-C
 
GD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting ModuleGD::Graph - Graph Plotting Module
GD::Graph - Graph Plotting Module
 
Splint the C code static checker
Splint the C code static checkerSplint the C code static checker
Splint the C code static checker
 
Haskell
HaskellHaskell
Haskell
 
Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorial
 
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesPresentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with Data
 

Similar to Specification of SNOW 3G in Cryptol

Exploring the Cryptol Toolset
Exploring the Cryptol ToolsetExploring the Cryptol Toolset
Exploring the Cryptol ToolsetUlisses Costa
 
Specifying and Implementing SNOW3G with Cryptol
Specifying and Implementing SNOW3G with CryptolSpecifying and Implementing SNOW3G with Cryptol
Specifying and Implementing SNOW3G with CryptolUlisses Costa
 
The Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLThe Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLUlisses Costa
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsChristian Spolaore
 
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...AMD Developer Central
 
The Cryptography has YOU
The Cryptography has YOUThe Cryptography has YOU
The Cryptography has YOUYurii Bilyk
 
Python for Scientific Computing -- Ricardo Cruz
Python for Scientific Computing -- Ricardo CruzPython for Scientific Computing -- Ricardo Cruz
Python for Scientific Computing -- Ricardo Cruzrpmcruz
 
Symbolic Regression on Network Properties
Symbolic Regression on Network PropertiesSymbolic Regression on Network Properties
Symbolic Regression on Network PropertiesMarcus Märtens
 
Errors errors, everywhere! - JSession
Errors errors, everywhere! - JSessionErrors errors, everywhere! - JSession
Errors errors, everywhere! - JSessionDaniel Pokusa
 
Gpu workshop cluster universe: scripting cuda
Gpu workshop cluster universe: scripting cudaGpu workshop cluster universe: scripting cuda
Gpu workshop cluster universe: scripting cudaFerdinand Jamitzky
 
Classical cryptographic techniques, Feistel cipher structure
Classical cryptographic techniques, Feistel cipher structureClassical cryptographic techniques, Feistel cipher structure
Classical cryptographic techniques, Feistel cipher structureAdri Jovin
 
presentation_4086_1491889120 firewall.pdf
presentation_4086_1491889120 firewall.pdfpresentation_4086_1491889120 firewall.pdf
presentation_4086_1491889120 firewall.pdfmusaidris19
 
PVS-Studio team experience: checking various open source projects, or mistake...
PVS-Studio team experience: checking various open source projects, or mistake...PVS-Studio team experience: checking various open source projects, or mistake...
PVS-Studio team experience: checking various open source projects, or mistake...Andrey Karpov
 
Best C++ Programming Homework Help
Best C++ Programming Homework HelpBest C++ Programming Homework Help
Best C++ Programming Homework HelpC++ Homework Help
 
Using Deep Learning (Computer Vision) to Search for Oil and Gas
Using Deep Learning (Computer Vision) to Search for Oil and GasUsing Deep Learning (Computer Vision) to Search for Oil and Gas
Using Deep Learning (Computer Vision) to Search for Oil and GasSorin Peste
 
Encryptolog y-1216310707267721-9
Encryptolog y-1216310707267721-9Encryptolog y-1216310707267721-9
Encryptolog y-1216310707267721-9Shan Raja
 
design-compiler.pdf
design-compiler.pdfdesign-compiler.pdf
design-compiler.pdfFrangoCamila
 

Similar to Specification of SNOW 3G in Cryptol (20)

Cryptol experience
Cryptol experienceCryptol experience
Cryptol experience
 
Exploring the Cryptol Toolset
Exploring the Cryptol ToolsetExploring the Cryptol Toolset
Exploring the Cryptol Toolset
 
Specifying and Implementing SNOW3G with Cryptol
Specifying and Implementing SNOW3G with CryptolSpecifying and Implementing SNOW3G with Cryptol
Specifying and Implementing SNOW3G with Cryptol
 
The Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDLThe Cryptol Epilogue: Swift and Bulletproof VHDL
The Cryptol Epilogue: Swift and Bulletproof VHDL
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocols
 
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...
Productive OpenCL Programming An Introduction to OpenCL Libraries with Array...
 
The Cryptography has YOU
The Cryptography has YOUThe Cryptography has YOU
The Cryptography has YOU
 
Python for Scientific Computing -- Ricardo Cruz
Python for Scientific Computing -- Ricardo CruzPython for Scientific Computing -- Ricardo Cruz
Python for Scientific Computing -- Ricardo Cruz
 
Symbolic Regression on Network Properties
Symbolic Regression on Network PropertiesSymbolic Regression on Network Properties
Symbolic Regression on Network Properties
 
Errors errors, everywhere! - JSession
Errors errors, everywhere! - JSessionErrors errors, everywhere! - JSession
Errors errors, everywhere! - JSession
 
Gpu workshop cluster universe: scripting cuda
Gpu workshop cluster universe: scripting cudaGpu workshop cluster universe: scripting cuda
Gpu workshop cluster universe: scripting cuda
 
Classical cryptographic techniques, Feistel cipher structure
Classical cryptographic techniques, Feistel cipher structureClassical cryptographic techniques, Feistel cipher structure
Classical cryptographic techniques, Feistel cipher structure
 
presentation_4086_1491889120 firewall.pdf
presentation_4086_1491889120 firewall.pdfpresentation_4086_1491889120 firewall.pdf
presentation_4086_1491889120 firewall.pdf
 
keeloq-final
keeloq-finalkeeloq-final
keeloq-final
 
PVS-Studio team experience: checking various open source projects, or mistake...
PVS-Studio team experience: checking various open source projects, or mistake...PVS-Studio team experience: checking various open source projects, or mistake...
PVS-Studio team experience: checking various open source projects, or mistake...
 
Best C++ Programming Homework Help
Best C++ Programming Homework HelpBest C++ Programming Homework Help
Best C++ Programming Homework Help
 
Using Deep Learning (Computer Vision) to Search for Oil and Gas
Using Deep Learning (Computer Vision) to Search for Oil and GasUsing Deep Learning (Computer Vision) to Search for Oil and Gas
Using Deep Learning (Computer Vision) to Search for Oil and Gas
 
Cryptography
CryptographyCryptography
Cryptography
 
Encryptolog y-1216310707267721-9
Encryptolog y-1216310707267721-9Encryptolog y-1216310707267721-9
Encryptolog y-1216310707267721-9
 
design-compiler.pdf
design-compiler.pdfdesign-compiler.pdf
design-compiler.pdf
 

More from Ulisses Costa

Automatic Test Generation for Space
Automatic Test Generation for SpaceAutomatic Test Generation for Space
Automatic Test Generation for SpaceUlisses Costa
 
Automatic Test Generation for Space
Automatic Test Generation for SpaceAutomatic Test Generation for Space
Automatic Test Generation for SpaceUlisses Costa
 
Static Code Analyzer - Part IV
Static Code Analyzer - Part IVStatic Code Analyzer - Part IV
Static Code Analyzer - Part IVUlisses Costa
 
Static Code Analyzer - Part III
Static Code Analyzer - Part IIIStatic Code Analyzer - Part III
Static Code Analyzer - Part IIIUlisses Costa
 
Static Code Analyzer - Part II
Static Code Analyzer - Part IIStatic Code Analyzer - Part II
Static Code Analyzer - Part IIUlisses Costa
 
Static Code Analyzer - Part I
Static Code Analyzer - Part IStatic Code Analyzer - Part I
Static Code Analyzer - Part IUlisses Costa
 
Captura de Informação em Rede
Captura de Informação em RedeCaptura de Informação em Rede
Captura de Informação em RedeUlisses Costa
 
Uso de Honeypots com Honeyd
Uso de Honeypots com HoneydUso de Honeypots com Honeyd
Uso de Honeypots com HoneydUlisses Costa
 
Linux Instalation Party
Linux Instalation PartyLinux Instalation Party
Linux Instalation PartyUlisses Costa
 
Calculador Pointfree
Calculador PointfreeCalculador Pointfree
Calculador PointfreeUlisses Costa
 

More from Ulisses Costa (15)

Automatic Test Generation for Space
Automatic Test Generation for SpaceAutomatic Test Generation for Space
Automatic Test Generation for Space
 
Automatic Test Generation for Space
Automatic Test Generation for SpaceAutomatic Test Generation for Space
Automatic Test Generation for Space
 
Static Code Analyzer - Part IV
Static Code Analyzer - Part IVStatic Code Analyzer - Part IV
Static Code Analyzer - Part IV
 
Static Code Analyzer - Part III
Static Code Analyzer - Part IIIStatic Code Analyzer - Part III
Static Code Analyzer - Part III
 
Static Code Analyzer - Part II
Static Code Analyzer - Part IIStatic Code Analyzer - Part II
Static Code Analyzer - Part II
 
Static Code Analyzer - Part I
Static Code Analyzer - Part IStatic Code Analyzer - Part I
Static Code Analyzer - Part I
 
logCesium01
logCesium01logCesium01
logCesium01
 
Cesium Log ed2
Cesium Log ed2Cesium Log ed2
Cesium Log ed2
 
Captura de Informação em Rede
Captura de Informação em RedeCaptura de Informação em Rede
Captura de Informação em Rede
 
LDAP em VDM++
LDAP em VDM++LDAP em VDM++
LDAP em VDM++
 
Uso de Honeypots com Honeyd
Uso de Honeypots com HoneydUso de Honeypots com Honeyd
Uso de Honeypots com Honeyd
 
Apresentacao JML
Apresentacao JMLApresentacao JML
Apresentacao JML
 
Linux Instalation Party
Linux Instalation PartyLinux Instalation Party
Linux Instalation Party
 
Workshop LaTeX
Workshop LaTeXWorkshop LaTeX
Workshop LaTeX
 
Calculador Pointfree
Calculador PointfreeCalculador Pointfree
Calculador Pointfree
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Specification of SNOW 3G in Cryptol

  • 1. Specification of SNOW 3G in Cryptol Pedro Pereira Ulisses Costa Formal Methods in Software Engineering March 26, 2009 Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 2. Index 1 Cryptol 2 Stream Ciphers 3 Conclusion Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 3. Overview High-level language to deal with low-level problems Everything is a sequence Sequences can be either finite or infinite Primitive polymorphic functions Information Structure can be changed easily Recursion and sequence comprehensions ⇒ recurrence relations Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 4. Types Cryptol Haskell tail : { a b } [ a +1] b -> [ a ] b ; tail :: [ b ] -> [ b ] Types are size and bit oriented Lists have infinite length Sequences have infinite size [b] - Polymorphism over b (inf) [a]b - Polymorphism over b Very similar notation Polymorphism Type inference Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 5. Types Types in Cryptol are size oriented Cryptol drop : { a b c } ( fin a , a >= 0) = > (a ,[ a + b ] c ) -> [ b ] c take : { a b c } ( fin a , b >= 0) = > (a ,[ a + b ] c ) -> [ a ] c join : { a b c } [ a ][ b ] c -> [ a * b ] c split : { a b c } [ a * b ] c -> [ a ][ b ] c tail : { a b } [ a +1] b -> [ a ] b Haskell drop :: Int -> [ a ] -> [ a ] take :: Int -> [ a ] -> [ a ] concat :: [[ a ]] -> [ a ] -- join in cryptol tail :: [ a ] -> [ a ] Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 6. Language Cryptol fib ( n ) = fibs @ n where { fibs = [0 1] # [| x + y || x <- drop (1 , fibs ) || y <- fibs |]; }; Haskell fib n = fibs !! n where fibs = [0 ,1] ++ [ x + y | x <- drop 1 fibs | y <- fibs ] 0 ghc -XParallelListComp Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 7. Language Specification C MULα (c) = (MULxPOW (c, 23, 0xA9)|| MULxPOW (c, 245, 0xA9)|| MULxPOW (c, 48, 0xA9)|| /* The function MUL alpha . * Input c : 8 - bit input . MULxPOW (c, 239, 0xA9)) * Output : 32 - bit output . * See section 3.4.2 for details . */ u32 MULalpha ( u8 c ) { return Cryptol (((( u32 ) MULxPOW (c ,23 , 0 xa9 ) ) << 24 ) | ((( u32 ) MULxPOW (c , 245 ,0 xa9 ) ) << 16 ) | ((( u32 ) MULxPOW (c , 48 ,0 xa9 ) ) << 8 ) | ((( u32 ) MULxPOW (c , 239 ,0 xa9 ) ) ) ) ; MULa : [8] -> [32]; } MULa ( c ) = join ( reverse [ ( MULxPOW (c , 23 :[32] , 0 xA9 ) ) ( MULxPOW (c , 245:[32] , 0 xA9 ) ) ( MULxPOW (c , 48 :[32] , 0 xA9 ) ) ( MULxPOW (c , 239:[32] , 0 xA9 ) ) ] ); 0 ’reverse’ is used because Cryptol stores words in little-endian. Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 8. Index 1 Cryptol 2 Stream Ciphers 3 Conclusion Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 9. Stream Ciphers Characteristics Symmetric key ciphers ⇒ same key for encryption/decryption Typically very fast (faster than Block ciphers) Low hardware complexity Low memory requirements Encryption: plaintext ⊕ keystream Decryption: ciphertext ⊕ keystream Tries to capture the “essence” of the theoretically unbreakable One-Time Pad Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 10. Stream Ciphers One-Time Pad Uses a truly random keystream Impossible to determine any kind of relation between ciphertext and plaintext Best attack: guessing the plaintext ⇒ Impossible to break Ok but in reality... The best we can do is generate a pseudo-random keystream ⇒ Statistical randomness (susceptible to attacks) But it’s possible to make it very HARD to break We cannot aim for theoretical security but practical security is good enough Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 11. Linear Feedback Shift Register (LFSR) Generates a sequence of bits with near random properties But it’s mathematical structure gives too much away ⇒ possible to compute it’s polynomial representation S-boxes make it possible to hide its (low) linear complexity ⇒ practical security! Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 12. A simple LFSR in Cryptol lfsr : [ inf ] Bit ; lfsr = [ False True False False True False True True ] # [| ( x3 ^ x5 ^ x7 ) || x3 <- drop (3 , lfsr ) || x5 <- drop (5 , lfsr ) || x7 <- drop (7 , lfsr ) |]; Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 13. Substitution boxes (S-boxes) Lookup table of portions of bits Reduces relation between plaintext and ciphertext (Shannon’s confusion property) Increases resistance to different Cryptanalysis techniques Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 14. S-boxes in Cryptol Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 15. SNOW 3G Invented at Lund University (Sweden) Chosen as the cipher of 3GPP encryption algorithms UEA2 and UIA2 Uses a 128/256 bit key Combination of a LFSR with a Finite State Machine (S-boxes) Best (known) attack is exaustive keyspace brute force (2128 ) ⇒ Completely safe by today’s standards Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 16. SNOW 3G Structure Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 17. SNOW 3G Spec I - MULx SNOW 3G Specification MULx maps 16 bits to 8 bits. If the leftmost (i.e. the most significant) bit of V equals 1, then MULx(V, c) = (V 8 1) ⊕ c else MULx(V, c) = V 8 1 MULx : ([8] , [8]) -> [8]; MULx (v , c ) = if ( v ! 0) == True then ( v << 1) ^ c else ( v << 1) ; Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 18. SNOW 3G Spec II - Initialization Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 19. Index 1 Cryptol 2 Stream Ciphers 3 Conclusion Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 20. Conclusion With Cryptol is much easier to specify low-level algorithms The specification is formal and easier to read Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol
  • 21. Questions ? Pedro Pereira, Ulisses Costa Specification of SNOW 3G in Cryptol