FNR : Arbitrary length small domain block cipher proposal
•
1 j'aime•1,040 vues
We propose a practical flexible (or arbitrary) length small domain block cipher, FNR encryption scheme. FNR denotes Flexible Naor and Reingold. It can cipher small domain data formats like IPv4, Port numbers, MAC Addresses, Credit card numbers, any random short strings while preserving their input length. In addition to the classic Feistel networks, Naor and Reingold propose usage of Pair-wise independent permutation (PwIP) functions based on Galois Field GF(2 n). Instead we propose usage of random N ×N Invertible matrices in GF(2)
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à FNR : Arbitrary length small domain block cipher proposal
Similaire à FNR : Arbitrary length small domain block cipher proposal (20)
Dernier
Dernier (20)
FNR : Arbitrary length small domain block cipher proposal
- 1. FNR: Arbitrary length small domain block cipher proposal Sashank Dara , Scott Fluhrer Cisco Systems Inc Bangalore
- 2. Motivation ¤ AES works on fixed length inputs (128 bits), needs padding for other lengths. ¤ Variable length block ciphers ¤ Well Defined lengths( Network Packets, Database columns) ¤ Storage Gains (Cloud storage would blow up with AES-128 for smaller data types say 32 bits) ¤ Aides in preserving Formats of the inputs ( IPv4 Addresses, Credit Card Numbers, MAC Addresses, Time Stamps) Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
- 3. Design Goals ¤ Variable Input lengths ¤ To be Practical and Secure ¤ Common Key Length for arbitrary input domains ¤ Secure Building Blocks (Feistel Networks, SPN’s) ¤ Leverage Hardware Support (Say INTEL’s AES-NI) ¤ Don’t re-invent the wheel Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
- 4. Prior Art ¤ Michael Luby and Charles Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal on Computing, 17(2): 373{386, 1988. ¤ Mihir Bellare and Phillip Rogaway. On the construction of variable-input-length ciphers. In Fast Software Encryption, pages 231{244. Springer, 1999. ¤ Moni Naor and Omer Reingold. On the construction of pseudorandom permutations: Lubyrackoff revisited. Journal of Cryptology, 12(1):29{66, 1999. ¤ John Black and Phillip Rogaway. Ciphers with arbitrary finite domains. In Topics in CryptologyCT- RSA 2002, pages 114{130. Springer, 2002 ¤ Mihir Bellare, Thomas Ristenpart, Phillip Rogaway, and Till Stegers. Format-preserving encryption. In Selected Areas in Cryptography, pages 295{312. Springer, 2009. Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
- 5. Feistel Networks Pseudo Random Function Example: DES is Feistel based AES is not Feistel based, it is SPN Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
- 6. Pair wise Independent Permutations A family of functions F is a pairwise independent permutation if: 1. Each member of the family is itself a permutation, and 2. For any fixed A, B (with A≠B, and both from the input set of the permutation), and f is a random member from the family F, then the pair f(A),f(B) is equi-distributed over all distinct pairs from the output range of the function. Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
- 7. Naor and Reingold’s (NR) Scheme Pwip is defined over an Affine function y = aX +b where a,b in GF(2^n) Difficult to define GF(2^n) for variable lengths in practice Results in Complex Implementations Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
- 8. Flexible Naor and Reingold’s (FNR) Pair wise Independence Based on (Invertible) Matrices Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
- 9. FNR’s Details ¤ Tweakable Variable Length Block Cipher (Precisely) ¤ Matrix Operations to be performed in GF(2) ¤ Number of Round functions is 7 (Pararin’s proof) ¤ Internal PRF is AES in ECB mode (Leverage AES-NI) ¤ To ensure input to PRF is unique we use a round constant along with tweak string
- 10. FNR’s Security Measure ¤ The probability that an attacker can distinguish a cipher text from random text. ¤ Due to Naor and Reingold’s proof, using PWIP functions would result in a security measure as defined below ¤ Classic Feistel networks without PWIP would have as below ¤ Where r is round count, n is number of input bits, m is Number of pairs of plain text, cipher text needed by attacker to
- 11. Format Preserving encryption (FPE) Samples Ranking Approach Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
- 12. FPE examples with FNR Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
- 13. Performance of FNR IP Addresses Credit Card Numbers Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)
- 14. Conclusions and Future work ¤ Proposed a variable length block cipher ¤ Practical and based on secure building blocks ¤ Source code is released under LGPL-v2 ¤ Future Work ¤ Exhaustive Cryptanalysis (theoretical and practical) ¤ Support more applications and formats like MAC Addresses, Time Stamps
- 15. Resources ¤ Specification ¤ https://eprint.iacr.org/2014/421 ¤ Motivation and Applications ¤ http://cisco.github.io/libfnr/ ¤ Source code ¤ https://github.com/cisco/libfnr ¤ https://github.com/cisco/jfnr (Java bindings) ¤ Reach out to for questions ¤ libfnr-dev@external.cisco.com Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)