Self-synchronizing stream ciphers and dynamical systems: state of the art and open issues

International audienceDynamical systems play a central role in the design of symmetric cryptosystems. Their use has been widely investigated both in ''chaos-based'' private communications and in stream ciphers over finite fields. In the former case, they get the form of automata named as Moore or Mealy machines. The main charateristic of stream ciphers lies in that they require synchronization of complex sequences generated by the dynamical systems involved at the transmitter and the receiver part. In this paper, we focus on a special class of symmetric ciphers, namely the Self-Synchronizing Stream Ciphers. Indeed, such ciphers have not been seriously explored so far although they get interesting properties of synchronization which could make them very appealing in practice. We review and compare different design approaches which have been proposed in the open literature and fully-specified algorithms are detailed for illustration purpose. Open issues related to the validation and the implementation of Self-Synchronizing Stream Ciphers are developped. We highlight the reason why some concepts borrowed from control theory appear to be useful to this end

Analysis and hardware implementation of synchronization methods for stream ciphers

In this thesis, we investigate two synchronization methods for stream ciphers. The first is statistical cipher feedback (SCFB) mode, which is a recently proposed mode of operation for block ciphers. The other is the marker-based mode, which is the synchronous stream cipher using "marker" to regain synchronization. SCFB mode is a hybrid of OFB mode and CFB mode; hence, it has a high throughput and the capability of self-synchronizing. The marker-based synchronous stream cipher is also able to obtain synchronization under limited circumstances. -- In this thesis, SCFB mode and the marker-based mode are both implemented in digital hardware targeting the FPGA technology. The device we have used is the Xilinx Spartan-3E FPGA. Commonly, SCFB mode is implemented by using the block cipher, AES, as the keystream generator; however, in our research, we use the stream cipher, Grain-128, as the keystream generator for SCFB mode implementation. The designed system structure and synthesis results of the two modes are given in this thesis. Throughout our research, VHDL code and Modelsim PE Student Edition 6.5d are used to design and simulate the functionality of our systems. The behavior level description is synthesized by using Xilinx ISE Webpack 10.1 tool and the .bit stream which is used to configure FPGA board is generated. The designed system is run on the Digilent Nexys II FPGA board and tested. To download the .bit stream on to the FPGA board and transfer data between the computer and FPGA, the Digilent Adept Suite tool is used. -- Through the FPGA hardware implementation, we obtain that SCFB mode configured for a stream cipher, Grain-128, can run at the speed of 89Mbps on a real FPGA and an efficiency of SCFB mode is 100%. The marker-based mode can reach the speed of 113 Mbps and has an efficiency of 94%. Although the system of marker-based mode is a little faster and has less hardware complexity than SCFB mode, it is limited in its synchronization recovery. In contrast, SCFB mode can regain synchronization for any number of bit slips. Hence, SCFB mode is more suitable for high speed physical layer security. -- The performance analysis of SCFB mode and marker-based mode is also provided with respect to characteristics of synchronization recovery delay (SRD) and error propagation factor (EPF). In particular, through the simulation of SRD and EPF versus varying sync patterns, we have found the best sync pattern format for SCFB mode. The best sync patterns are uncorrelated, that is, the shifted version of the sync pattern do not match the bits from the original sync pattern. In our research, we have used the sequence "10000000" as the sync pattern for SCFB mode implementation and as the marker for marker-based synchronous stream cipher implementation

Self-synchronized Encryption for Physical Layer in 10Gbps Optical Links

In this work a new self-synchronized encryption method for 10 Gigabit optical links is proposed and developed. Necessary modifications to introduce this kind of encryption in physical layers based on 64b/66b encoding, such as 10GBase-R, have been considered. The proposed scheme encrypts directly the 64b/66b blocks by using a symmetric stream cipher based on an FPE (Format Preserving Encryption) block cipher operating in PSCFB (Pipelined Statistical Cipher Feedback) mode. One of the main novelties in this paper is the security analysis done for this mode. For the first time, an expression for the IND-CPA (Indistinguishability under Chosen-Plaintext Attack) advantage of any adversary over this scheme has been derived. Moreover, it has been concluded that this mode can be considered secure in the same way of traditional modes are. In addition, the overall system has been simulated and implemented in an FPGA (Field Programmable Gate Array). An encrypted optical link has been tested with Ethernet data frames, concluding that it is possible to cipher traffic at this level, getting maximum throughput and hiding traffic pattern from passive eavesdroppers

On the Design and Analysis of Stream Ciphers

This thesis presents new cryptanalysis results for several different stream cipher constructions. In addition, it also presents two new stream ciphers, both based on the same design principle. The first attack is a general attack targeting a nonlinear combiner. A new class of weak feedback polynomials for linear feedback shift registers is identified. By taking samples corresponding to the linear recurrence relation, it is shown that if the feedback polynomial has taps close together an adversary to take advantage of this by considering the samples in a vector form. Next, the self-shrinking generator and the bit-search generator are analyzed. Both designs are based on irregular decimation. For the self-shrinking generator, it is shown how to recover the internal state knowing only a few keystream bits. The complexity of the attack is similar to the previously best known but uses a negligible amount of memory. An attack requiring a large keystream segment is also presented. It is shown to be asymptotically better than all previously known attacks. For the bit-search generator, an algorithm that recovers the internal state is given as well as a distinguishing attack that can be very efficient if the feedback polynomial is not carefully chosen. Following this, two recently proposed stream cipher designs, Pomaranch and Achterbahn, are analyzed. Both stream ciphers are designed with small hardware complexity in mind. For Pomaranch Version 2, based on an improvement of previous analysis of the design idea, a key recovery attack is given. Also, for all three versions of Pomaranch, a distinguishing attack is given. For Achterbahn, it is shown how to recover the key of the latest version, known as Achterbahn-128/80. The last part of the thesis introduces two new stream cipher designs, namely Grain and Grain-128. The ciphers are designed to be very small in hardware. They also have the distinguishing feature of allowing users to increase the speed of the ciphers by adding extra hardware

Self-Synchronized Encryption for Physical Layer in Gigabit Ethernet Optical Links

In this work a new self-synchronized symmetric encryption solution for high speed communication systems necessary to preserve the format of the plaintext is proposed, developed and tested. This new encryption mechanism is based on the block cipher operation mode called PSCFB (Pipelined Statistical Cipher Feedback) and the modulo operation. The confidentiality of this mode is analyzed in terms of its IND-CPA (Indistinguishability under Chosen-Plaintext Attack) advantage, concluding that it can be considered secure in the same way as traditional modes are. The encryption system has been integrated in the physical layer of a 1000Base-X Gigabit Ethernet Interface, where the 8b/10b symbol flow is encrypted at line rate. Moreover, an implementation of the proposed system has been carried out in an FPGA (Field Programmable Gate Array) device. Finally, an encrypted optical link has been tested with real Ethernet frames, getting maximum throughput and protecting the data traffic from passive eavesdroppers

Self-synchronizing stream ciphers and dynamical systems: state of the art and open issues

Dynamical systems play a central role in the design of symmetric cryptosystems. Their use has been widely investigated both in "chaos-based" private communications and in stream ciphers over finite fields. In the former case, they get the form of automata named as Moore or Mealy machines. The main charateristic of stream ciphers lies in that they require synchronization of complex sequences generated by the dynamical systems involved at the transmitter and the receiver part. In this paper, we focus on a special class of symmetric ciphers, namely the SelfSynchronizing Stream Ciphers. Indeed, such ciphers have not been seriously explored so far although they get interesting properties of synchronization which could make them very appealing in practice. We review and compare different design approaches which have been proposed in the open literature and fully-specified algorithms are detailed for illustration purpose. Open issues related to the validation and the implementation of Self-Synchronizing Stream Ciphers are developped. We highlight the reason why some concepts borrowed from control theory appear to be useful to this end

Implementation of FPGA in the Design of Embedded Systems

The use of FPGAs (Field Programmable Gate Arrays) and configurable processors is an interesting new phenomenon in embedded development. FPGAs offer all of the features needed to implement most complex designs. Clock management is facilitated by on-chip PLL (phase-locked loop) or DLL (delay-locked loop) circuitry. Dedicated memory blocks can be configured as basic single-port RAMs, ROMs, FIFOs, or CAMs. Data processing, as embodied in the devices’ logic fabric, varies widely. The ability to link the FPGA with backplanes, high-speed buses, and memories is afforded by support for various single ended and differential I/O standards. Also found on today’s FPGAs are system-building resources such as high speed serial I/Os, arithmetic modules, embedded processors, and large amounts of memory. Here in our project we have tried to implement such powerful FPGAs in the design of possible embedded systems that can be designed, burned and deployed at the site of operation for handling of many kinds of applications. In our project we have basically dealt with two of such applications –one the prioritized traffic light controller and other a speech encrypting and decrypting system