Ppt fnr arbitrary length small domain block cipher proposal
Download as PPTX, PDF1 like282 views
FNR is a proposed block cipher that can encrypt data of arbitrary lengths, from 32 to 128 bits, while preserving the input length. It uses a Feistel network structure with pairwise independent permutations and AES as the round function. The key advantages are that it has no length expansion, preserves the input range, and supports arbitrary length inputs without depending on key length. However, it has disadvantages of potential performance overhead, lack of integrity features, and vulnerability to attacks when used in ECB mode.
Ppt fnr arbitrary length small domain block cipher proposal
- 1. FNR- Arbitrary length small domain block cipher proposal
- 2. Traditional block ciphers work on fixed blocks of data—as an example, AES is well-defined for 128/192/256 bits. But one of the issues is the need for padding—so if you need to encrypt small amounts of data you may end with a huge difference in input vs. output size. As an example, using AES/128 on ECB mode to encrypt an IPv4 address results in an input size of 32 bits, but an output size of 128 bits.This may not be desired for some applications.To address such needs, we have designed the FNR encryption scheme. Variable Length Block Ciphers- More useful Storage gain (cloud storage would blow up) Aids in preserving formats of the input (Port(16), IPv4(32), MAC (48) , IPv6 (128) etc.)
- 3. There is a compelling need for privacy of sensitive elds before data is shared with any cloud provider, semi-trusted vendors, partners etc. This paper propose a practical flexible length small domain block cipher,FNR encryption scheme. FNR denotes Flexible Naor and Reingold. It can cipher small domain data formats like IPv4, Port numbers, MAC Addresses, Credit card numbers, any random short strings while preserving their input length. While designing privacy for sensitive elds, it may be desirable to preserve the length of the inputs. Small domain block ciphers are useful tool in designing privacy of sensitive data fields of smaller length (<128 bits).
- 5. Arbitrary length - Input domains of variable lengths need to be supported. For example,a system that consists of NetFlow would have dierent domains like IPv4, Port, IPv6 etc. all are of dierent lengths. Key Length- A system might contain multiple domains of various lengths. If the key size is dependent on the input length, then managing key sizes of various lengths would be cumbersome. For this reasons key sizes should not depend on input length. Secure building blocks- The building blocks used for such design should be considered secure. For example techniques based on Feistel Networks of Luby Racko constructions, Substitution and Permutation Networks of AES are considered good blue prints for block cipher designs.
- 6. Leveraging hardware support - Modern processors support AES at assembly level (say AES-NI of Intel andAMD). Such provisions should be leveraged for faster software implementations Supporting software platforms- Due to the advances in cloud computing technology, privacy of smaller data fields may need to be implemented in variety of software platforms. For example browsers that run Java, JavaScript, thin clients based on REST interfaces etc. apart from ubiquitous C, CPP implementations. For this reason, variety of software platforms should be easily supportable. Intellectual Property Free- Either the building blocks that are used in the block cipher design or the block cipher itself should be free from any intellectual property rights.
- 7. Key- A 128 bit long secret key, K, is needed.This is used internally by Pseudo Random Function (PRF). Tweak- A tweak,T, is like IV. It should be nearly n/2 bits length, where n is number of input bits. A, B are two matrices- A is invertible binary matrix of N X N dimension. B is binary vector of 1 X N dimension.Where N denotes number of bits in the input. FNR, like any other block cipher, has two operations encryption and decryption.There are three inputs and an output for both of these operations.Typically the size of Plain text P is n bits such that n is in between 32 to 128 bits.
- 8. The plaintext is divided into two halves L0 and R0.Then the two halves pass through n rounds of processing then combine to produce the cipher block. Each round has as input L and R derived from the previous round as well as a sub-key derived from the overall K . All rounds have the same structure. A substitution is performed on the left half of the data.This is done by applying a round function to the right half of the data followed by the XOR of the output of that function and the left half of the data. Feistel is symmetric structure to construct block ciphers. One round of Feistel is a 2n bit permutation δ with an n bit round function as defined below
- 9. An r round Feistel network is simply the composition of r one round Feistel structures, transforming r n-bit functions f1, f2,…fr into a 2n bit permutation
- 11. Pair-wise Independent Permutations (PwIP) Algorithm - (Output, B)
- 12. Inverse PwIP Algorithm-
- 16. Security of LR (Luby Rackoff) schemes under went rigorous analysis by the community over many years. Also usage of PWIP is later proven to mitigate basic linear and differential cryptanalysis. Security Round Functions Round Count
- 17. Round Functions- If assume that the AES output for any given input is uniformly distributed, that means the AES output bits we actually use in the Feistel will be independent between even and odd rounds if the attacker could engineer a collision with probability 1; the fact that the collision probability between even and odd round is actually considerably smaller turns out to be irrelevant. Round Count- A minimum of 7 rounds are needed to mitigate adaptive chosen plaintext and chosen ciphertext attacks due to Patarin's proof. The security measure of block ciphers is based on the probability with which an attacker can distinguish the ciphertext from a random text. Although our PwIP is different from theirs, without loss of generality, holds good for FNR.
- 18. Security measure using PwIP functions Classic fiestel network without PwIP Where r is round count, n is number of bits of input domain, m is number of queries an attacker needs to make. So for example an input domain of 32 bits and round count of 7, it requires approximately 8757 pairs of plain text and cipher text. Where as without the use of PwIP functions attacker just needs around 950 pairs of plain text and cipher text.
- 20. IPv4 addresses- Each IPv4 is ranked as 32 bit integer before it is encrypted, the resultant cipher text is a 32 bit integer which is de-ranked into a dotted notation.
- 21. Credit card numbers- Each CC number is ranked as 15 digit number by dropping the LUHN CHECKSUM.The ranked integer is then encrypted to get a cipher text that is again 15 digit number. Such integer is de-ranked by appending a LUHN CHECKSUM at the end into a valid Credit card number.
- 22. Advantages No length expansion Key Length Range Preservation Arbitrary Length
- 23. No length expansion -The length of plain text and cipher text is same. No expansion in cipher text facilitates avoiding re-engineering of packet formats, database columns etc. Range Preservation- The encryption function results in the cipher which is in the same range of input values.This aides in designing format preservation of input domains. Arbitrary Length -The design does not mandate any xed input lengths. FNR is flexible for input domains that are 32 bits and 128 bits. Key Length -The key length is not dependent on the input length and rather depends on underlying PRF (in this caseAES-128/256).
- 25. Performance- The usage of matrices might add performance over head. No Integrity - FNR does not provide authentication and integrity. Deterministic- FNR does not provide any semantic security when used in ECB mode (like all other deterministic modes)