Isaac stream cipher
Download as PPTX, PDF1 like1,009 views
The document discusses the stream cipher ISSAC (Indirection, Shift, Accumulate, Add, and Count). ISSAC was designed by Robert Jenkins Jr. in 1996 as an improvement over RC4 by addressing biases and short cycles. It uses a 256-element state array that is initialized with a key then modified using indirection, accumulation, addition, and a counter to generate cryptographically secure pseudorandom numbers. The document covers ISSAC's design, cryptanalysis showing it remains secure, and applications for encryption where fast random number generation is needed.
![PROGRAM ELEMENTS..
2.INITIALIZATION 1
Loads eight elements of the key
into integers, runs the mix()
function to randomize them, then
loads them into eight elements of
the array. Repeats until key is
exhausted.
for (i=0; i<RANDSIZ; i+=8)
{
a+=r[i ]; b+=r[i+1]; c+=r[i+2];
d+=r[i+3];
e+=r[i+4]; f+=r[i+5]; g+=r[i+6];
h+=r[i+7];
mix(a,b,c,d,e,f,g,h);
m[i ]=a; m[i+1]=b; m[i+2]=c;
m[i+3]=d;
m[i+4]=e; m[i+5]=f; m[i+6]=g;
m[i+7]=h;
}](https://image.slidesharecdn.com/isaacmodified-141112122702-conversion-gate01/85/Isaac-stream-cipher-16-320.jpg)
![PROGRAM ELEMENTS-
3.INITIALIZATION 2
Routine then runs a second pass
to mix more thoroughly,
loading elements of the array
instead of elements of the key
into the integers this time.
for (i=0; i<RANDSIZ; i+=8)
{
a+=m[i ]; b+=m[i+1];
c+=m[i+2]; d+=m[i+3];
e+=m[i+4]; f+=m[i+5];
g+=m[i+6]; h+=m[i+7];
mix(a,b,c,d,e,f,g,h);
m[i ]=a; m[i+1]=b;
m[i+2]=c; m[i+3]=d;
m[i+4]=e; m[i+5]=f;
m[i+6]=g; m[i+7]=h;
}](https://image.slidesharecdn.com/isaacmodified-141112122702-conversion-gate01/85/Isaac-stream-cipher-17-320.jpg)
Isaac stream cipher
- 1. Activity-ISAAC Submitted By A18 Anoop Betigeri 2BV11CS014 Chaitra Besthar 2BV11CS024 Megha Byali 2BV11CS045 Radhika patil 2BV11CS073
- 2. WHAT IS STREAM CIPHER !!! Key + Nounce = Keystream Plaintext Xor'd With Keystream = Ciphertext Ciphertext Xor'd With same keystream=Plaintext
- 3. What is ISSAC is…. ISSAC stands for Indirection, Shift, Accumulate, Add, and Count. It is a cryptographically secure pseudorandom number generator. It is stream cipher designed by Robert J. Jenkins Jr in 1996. ISAAC is fast especially when optimised and portable to most architectures in nearly all programming and scripting languages.
- 4. How ISSAC came up!! ● Based on the RC4 stream cipher ● Basic structure of RC4: ○ Starts with a 256-byte array, filled with the golden ratio, then modified with bytes of the key. ○ Each keystream bit modifies the array
- 5. Issues addresssed RC4 has a few issues, namely dealing with bias. ● Some sequences are more likely to occur than others- bias. ○ This is due to initialization of RC4 to avoid short cycles: sequences that will result in the keystream repeating earlier than expected. ● First few bytes of the keystream are significantly less random and give information about the key.
- 6. How Expansion Happened!! ● Robert Jenkins produced a number of ciphers attempting to expand on RC4 ○ IA- gives values based on sum of values in array rather than individual values. Still prone to bias. ○ IBAA- adds an accumulator (rotating value based off array value) to deal with bias issues. Does not appear to have bias, and short cycles are significantly reduced from what would be expected in RC4.
- 7. ISSAC origin The IBAA implementation is taken by Robert and he adds a counter incremented once per call. ○ This removes any chance of short cycles, as even if the sequence would normally cycle, the counter is different and thus the sequence is different. ○ Estimated cycle length is 2^8287 calls.
- 8. Operation.. The ISAAC algorithm has similarities with RC4. It uses an array of 256 four-octet integers as the internal state, writing the results to another 256 four-octet integer array, from which they are read one at a time until empty, at which point they are recomputed. The computation consists of altering i-element with (i⊕128)-element, two elements of the state array found by indirection, an accumulator, and a counter, for all values of i from 0 to 255. Since it only takes about 19 32-bit operations for each 32-bit output word, it is very fast on 32-bit computers.
- 9. Cryptanalysis on ISSAC It has been undertaken by Marina Pudovkina Her attack can recover the initial state with a complexity that is approximated to be less than the time needed for searching through the square root of all possible initial states. In practice this means that the attack needs 4.67×10^1240 instead of 10^2466. This result has had no practical impact on the security of ISAAC.
- 10. Cryptanalysis contd… In 2006 Jean-Philippe Aumasson discovered several sets of weak states. It is not clear if an attacker can tell from just the output whether the generator is in one of these weak states or not. There was error in last attack made after Aumason and the reason was errorneous algorithm rather than the real ISAAC. An improved version of ISAAC is proposed, called ISAAC+.
- 11. Practical usage.. Many implementations of ISAAC are so fast that they can compete with other high speed PRNGs, even with those designed primarily for speed not for security. Only a few other generators of such high quality and speed exist in usage. ISAAC is used in the Unix tool ”shred” to securely overwrite data. This makes it suitable for applications where a significant amount of random data needs to be produced quickly, such solving using the Monte Carlo method or for games.
- 12. How It happens… The RNG should then be seeded with the string "this is my secret key" and finally the message "a Top Secret secret" should be encrypted on that key. Your program's output ciphertext will be a string of hexadecimal digits. . Optional: Include a decryption check by re-initializing ISAAC and performing the same encryption pass on the ciphertext.
- 13. Encryption method.. Two encryption schemes are possible: XOR (Vernam) Caesar-shift mod 95 Alternative sample view. Message: a Top Secret secret Key : this is my secret key XOR : 1C0636190B1260233B35125F1E1D0E2F4C 542 MOD : 734270227D36772A783B4A5F20626623697 8 XOR dcr: a Top Secret secret MOD dcr: a Top Secret secret
- 14. About Isaac No official seeding method for ISAAC has been published, but for this task we may as well just inject the bytes of our key into the randrsl array, padding with zeroes before mixing, like so. ISAAC can of course also be initialized with a single 32-bit unsigned integer in the manner of traditional RNGs, and indeed used as such for research and gaming purposes.
- 15. PROGRAM ELEMENTS … 1.MIX FUNCTION Used with eight integers that will contain traces of the key: designed to ensure array elements will not reflect key. mix(a,b,c,d,e,f,g,h) { a^=b<<11; d+=a; b+=c; b^=c>>2; e+=b; c+=d; c^=d<<8; f+=c; d+=e; d^=e>>16; g+=d; e+=f; e^=f<<10; h+=e; f+=g; f^=g>>4; a+=f; g+=h; g^=h<<8; b+=g; h+=a; h^=a>>9; c+=h; a+=b; }
- 16. PROGRAM ELEMENTS.. 2.INITIALIZATION 1 Loads eight elements of the key into integers, runs the mix() function to randomize them, then loads them into eight elements of the array. Repeats until key is exhausted. for (i=0; i<RANDSIZ; i+=8) { a+=r[i ]; b+=r[i+1]; c+=r[i+2]; d+=r[i+3]; e+=r[i+4]; f+=r[i+5]; g+=r[i+6]; h+=r[i+7]; mix(a,b,c,d,e,f,g,h); m[i ]=a; m[i+1]=b; m[i+2]=c; m[i+3]=d; m[i+4]=e; m[i+5]=f; m[i+6]=g; m[i+7]=h; }
- 17. PROGRAM ELEMENTS- 3.INITIALIZATION 2 Routine then runs a second pass to mix more thoroughly, loading elements of the array instead of elements of the key into the integers this time. for (i=0; i<RANDSIZ; i+=8) { a+=m[i ]; b+=m[i+1]; c+=m[i+2]; d+=m[i+3]; e+=m[i+4]; f+=m[i+5]; g+=m[i+6]; h+=m[i+7]; mix(a,b,c,d,e,f,g,h); m[i ]=a; m[i+1]=b; m[i+2]=c; m[i+3]=d; m[i+4]=e; m[i+5]=f; m[i+6]=g; m[i+7]=h; }
- 18. Program Elements 4.Generation The rngstep function is the main function for the the ISAAC key generator. rngstep(mix,a,b,mm,m,m2,r,x){ x = *m; a = (a^(mix)) + *(m2++); *(m++) = y = ind(mm,x) + a + b; *(r++) = b = ind(mm,y>>8) + x; } What this essentially does is stores the current memory into a register set the new value of accumulator set the next bit of memory to the addition of the 2-9 bits of x or the current memory with the accumulator and previous result Lastly the results array is incremented and set to the addition of x and the 10-17 bits of y bit shifted right by 8
- 19. Program Elements 5. Main Loop 1 b = ctx->randb + (++ctx- >randc); for (m = mm, mend = m2 = m+(RANDSIZ/2); m<mend; ) { rngstep( a<<13, a, b, mm, m, m2, r, x); rngstep( a>>6 , a, b, mm, m, m2, r, x); rngstep( a<<2 , a, b, mm, m, m2, r, x); rngstep( a>>16, a, b, mm, m, m2, r, x); } Adds the counter to element B, then calls rngstep() function four times with different bitshifts of A for the mix.
- 20. Program Elements: 6.Main Loop 2 Second loop just iterates with M2 going from first element to mend, calling rngstep four times eachiteration. Designed to ensure that m2 is at each array index for at least one rngstep.
- 21. ISSAC+ To fix some of weaknesses, we modify ISAAC’s algorithm, We call the corresponding pseudo-random generator ISAAC+. The modifications: we add ⊕a to avoid the biases observed, perform rotations (symbols ≪, ≫) instead of shifts, so as to get more diffusion from the state bits, and replace an addition by a XOR to reduce the linearity
- 22. CONCLUSION and FUTURE PLAN Its possible to understand the thoroughly as stream cipher was introduced in course. ISSAC applications in real life can be mapped with the learnt concept. Its implementation can also be made easily using C
- 23. “For every lock there is a Key… It is better to KEEP SAFE YOUR LOCK THAN THE KEY”