miércoles, 24 de octubre de 2012

Stream Cipher - SOBER-128

Introduction:
The sober-128 stream cipher, was develop for Philip Hawkes, Michael Paddon and Gregory G. Rose, in Gladesville Australia for Qualcomm Autralia. (Curiosity, this same people develop Turing Cipher).

Why?
The reason by the article is have a stream cipher primitive constructor that having a some characteristics by:
  • quickly
  • easy
  • open source
  • secure
"SOBER-128 is based on simple 32 bit operations*. Keys and optional nonces of arbitrary length are supported. Enumeration of keys is thought to be the most efficient attack for key lengths of 128 bits or less. SOBER-128 may be configured to calculate an arbitrary length Message AuthenticationCode (MAC) as part of the encryption or decryption process." 

*(such as 32-bit XOR and addition modulo 232), and references to small fixed arrays.

Implementations
SOBER-128 is use in many computing environments (smart cards to large computers), but principally in mobile systems.

Description:
SOBER-128 is constructed from a linear feedback shift register (LFSR), a non-linear filter (NLF)* and a nonlinear plaintext feed back function (PFF)**.

* Is used to generate the keystream.
** Is used to perturb the LFSR when a MAC is desired.

Sober-128 operate in two modes:

  • Synchronous mode:
  • MAC (Message authentication mode:)

The first is use to when a MAC isn't required, where in the keystream generation is independent of the plaintext. And the second utilizes the PFF to perturb the LFSR with plaintext during encryption or decryption. After the message has been processed, the keystream generator is used to produce a MAC (MAC is required).

LFSR
This consists of 17 words of state, designated R[0] through R[16].

pseudocode:

Step(R):
              x = R[15] ^ R[4] ^ (R[0] << 8)
                  ^ Multab[(R[0] >> 24) & 0xff];
              for (i = 0 to 15):
                  R[i] = R[i + 1];
              R[16] = x;


Where Multab is a table of 256 constants.

NLF

pseudocode:

NLF(R, Konst) = f((((f(R[0] + R[16]) >>> 8) + R[1]) ^ Konst)
                          + R[6]) + R[13];



where "f" is a substitution box function and "Konst" is a constant that is calculated during cipher initialization. The function f is defined by:


f(x) = SBox[x >> 24] ^ x;



Where SBox is a table of 256 constants.

PFF
pseudocode:

PFF(R, Konst, x) = f((f(R[4] + x) >>> 8) + Konst);





Encryption and Decryption:
Encryption is achieved by producing a keystream, which is then combined with the plaintext. The keystream is generated in groups of 4 octets.
pseudocode:


        Step(R);
          x = NLF(R, Konst);
          for (i = 0 to 3):
              v[i] = x & 0xff;
              x = x >> 8;


Encryption:

        for (i = 0 to p.length - 1):
              c[i] = p[i] ^ v[i];


Decryption:

        for (i = 0 to p.length - 1):
              p[i] = c[i] ^ v[i];


*p is the plaintext
*c is the ciphertext
*v is the keystream

Security:
Searching in the web I found this comment in a forum, about the security:
"The base attack on SOBER-128 is an exhaustive key search, (complexity of 2^128).In all attacks, it is assumed that the attacker observes a certain amount of keystream produced by one or more secret keys, and the attacker knows the corresponding plaintext and nonces. This is considered to resist an attack if either the attack requires the owner of the secret key(s) to generate more than 2^80 key stream words, or the computational complexity of the attack is equivalent to the attacker rekeying the cipher 2^128 times and generating at least 5 words of output each time."

Code example:
c
java

Tables:
http://tools.ietf.org/html/draft-paddon-sober128-01#appendix-A
http://tools.ietf.org/html/draft-paddon-sober128-01#appendix-B

Referencias:
http://en.wikipedia.org/wiki/SOBER-128
http://tools.ietf.org/html/draft-paddon-sober128-01
https://opensource.qualcomm.com/index.php?sober128
https://opensource.qualcomm.com/assets/pdf/SOBER-128-v2.pdf
http://www.ietf.org/mail-archive/web/cfrg/current/msg00293.html
http://www.ietf.org/mail-archive/web/cfrg/current/msg00280.html

2 comentarios:

  1. Faltó un ejemplo paso por paso y checar la gramática. Van 6 pts, pero ya estaba considerando un 5. Más cuidado con la presentación.

    ResponderEliminar
  2. Vaya mierda de post si no tienes ni puta idea dedicate a otra cosa

    ResponderEliminar