Transcript Cryptographic Attacks on Scrambled Input LZ
Cryptographic Attacks on Scrambled LZ-Compression and Arithmetic Coding
By: RAJBIR SINGH BIKRAM KAHLON
Outline
LZ Compression Arithmetic Coding Scrambled Input LZ Compression Scrambled Input Arithmetic Coding Attacks Conclusions References
LZ Compression
Algorithm 1.
Find the longest substring in the codebook.
2.
3.
4.
Output its code.
Append the very next character from the input and create a new codebook entry for the resulting string.
Advance past the end of the substring just encoded.
Until no more character.
LZ Compression
Example abbaabbaababbaaaabaabba Dictionary Index 0 1 2 3 4 5 6 Entry a b ab bb ba aa abb Index 7 8 9 10 11 12 13 Entry baa aba abba aaa aab baab bba
Scrambled LZ Compression
Algorithm Initialize the pseudo random number generator with encryption key.
Add null characters in dictionary.
Shuffle the initial values of dictionary. Perform LZ Compression
Arithmetic Coding
It takes a stream of input symbols and replaces it with a single floating point output number greater than 0 & less than 1. Algorithm Set low to 0.0 Set high to 1.0
While there are still input symbols do Get an Input symbol Code_range = high - low.
high = low + range*high_range(symbol) low = low + range*low_range(symbol) End of While Output low
Scrambled Arithmetic Coding
Algorithm Initialize the pseudo random number with encryption key Shuffle the probability table Perform Arithmetic Coding
Ciphertext-Only Attack
Attack model, in which access to a set of different ciphertexts is provided.
Success If: Plaintext corresponding to the ciphertext being analyzed.
The encryption key is revealed.
Any information about the plaintext pattern.
Chosen-Ciphertext Attack
In this case, cryptanalyst chooses ciphertext of his choice.
One of the ciphertext(LZ) taken for analysis: ↕ Ö ↕ r ↕ æ ↕ ☼ ↕ Ç ↕ ↕ ↕ ↕ ↕ ¥ ↕ m ↕ O ↕ ≡ ↕ ∙ ↕ ═ ↕ & ↕ ► ↕ ▒ ↕ ⌡ ↕ ▲ ↕ x ‼
ADAPTIVE-CHOSEN-CIPHERTEXT ATTACK
Attacker sends a number of cipher texts to be decrypted and use these decrypted cipher texts to select subsequent cipher texts. Most advanced version of cipher text attacks.
Linear Cryptanalysis
A linear relation between bits of plaintext, the ciphertext and the bits of key is determined.
The basic idea is to approximate the operation of the cipher with an expression that is linear.
Xi1 + Xi2 + ..Xiu + Yj1 + Yj2 + ..Yjv = 0 where Xi represents the i-th bit of the input and Yj represents the j-th bit of the output and ‘+’ represents the exclusive-OR
Conclusions On LZ-Compression
Null characters are part of cipher text , so its hard to distinguish between messages and null strings for traffic flow security.
The same encoded strings even within same message bear no resemblance to each other i.e. output is completely random . A part of message can not be treated as separate and every part of message is completely dependant on what came prior to it.
Conclusions On LZ-Compression
In case of linear attack on LZ compression, it involves big numbers for computation. For 1076 bytes or 2 10890 will generate 2 9372 possible sequences possible enciphering permutations.
The number of possible permutations is huge and hides the plaintext.
Conclusions on Arithmetic Coding
No two messages M & M` produce same ciphertext file .
Arithmetic Coding does not use fixed codewords to represent symbols.
A large keyspace i.e. around 2048 bit encryption key makes it difficult to attack the algorithms introduced by Dr. Wang. In case of linear attack, it requires 2 47 known plaintext blocks and will result in one key bit.
Chosen-Plaintext Attack
A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding cipher texts.
Adaptive Chosen-Plaintext Attacks
This attack is similar to chosen-plaintext attack except that in this case, the cryptanalyst makes an nth query based on output of last (n-1) queries.
Differential Attacks
In this kind of cryptanalysis, certain fixed differences between the plaintext and the cipher text are exploited till the last round of the cipher. Certain differences, called "characteristics," in plaintext pairs have a high probability of causing certain differences in the resulting cipher text pairs. To find the correct round key, simply collect enough guesses so that one sub key is suggested more often than all the others.
Conclusions
Unicity Distance n = H(K)/[|M| - H(M)] H (K) = entropy of keys used in encryption |M| = maximum possible entropy for the plaintext H (M) = entropy of message
Conclusions
Case1: Plaintext is ASCII characters Unicity Distance comes out to be 1432.16 characters (very large).
Case2: Plaintext is English Language Unicity Distance is 301.17 characters.
H|M| is only value that changes.
Conclusions
Large Keyspace – 2048 bit encryption key.
Cipher text Randomness.
Regularities Reduction.
Increased Entropy.
Differential Attacks Impractical. For m chosen-plaintext pairs, the corresponding known-plaintext will need about 2 require 2 34 the data. Less efficient than brute force in DES(2 55 w/2 (2m using only eight chosen-plaintext pairs (very small number practically) ,the corresponding known-plaintext attack will plaintext-cipher text pairs, a large number. On v/s 2 55.1
1/2 ) ) known plaintexts (w is the block size (in bits)). With 64-bit block DES,1.5MB/Sec. data stream of plaintexts for three years to get
Conclusions
According to sci.crypt FAQ strong encryption should have following characterstics: Large keyspace.
Reasonably Large unicity distance.
Randomness in cipher text.
Resistant to all known attacks.
Dr. Wang’s Algorithm is very strong and resistant to above defined attacks.
References
Wang, Chung-E Research paper {http://gaia.ecs.csus.edu/%7Ewang/cbj.pdf} Arithmetic Coding Source Code {www.cipr.rpi.edu/~wheeler/ac, accessed 12 07-06} Dr. Dobb’s Journal {http://www.dogma.net/markn/articles/arith/part1.htm, accessed 12-07-06} Handbook of Applied Cryptography {http://www.cacr.math.uwaterloo.ca/hac/about/chap1.pdf} RSA Laboratories {http://www.rsasecurity.com/rsalabs/node.asp?id=2167, accessed 12-07-06} Sci.Crypt FAQ {http://www.contrib.andrew.cmu.edu/~shadow/crypt.html, accessed 12-07-06}
ANY QUESTIONS???