Time-Memory Trade-Offs: False Alarm Detection Using Checkpoints

Since the original publication of Martin Hellman's cryptanalytic time-memory trade-off, a few improvements on the method have been suggested. In all these variants, the cryptanalysis time decreases with the square of the available memory. However, a large amount of work is wasted during the cryptanalysis process due to so-called "false alarms". In this paper we present a method of detection of false alarms which significantly reduces the cryptanalysis time while using a minute amount of memory. Our method, based on "checkpoints", reduces the time by much more than the square of the additional memory used, e.g., an increase of 0.89% of memory yields a 10.99% increase in performance. Beyond this practical improvement, checkpoints constitute a novel approach which has not yet been exploited and may lead to other interesting results. In this paper, we also present theoretical analysis of time-memory trade-offs, and give a complete characterization of the variant based on rainbow tables

Time-Memory Trade-Offs: False Alarm Detection Using Checkpoints, Extended Version

Since the original publication of Martin Hellman's cryptanalytic time-memory trade-off, a few improvements on the method have been suggested. In all these variants, the cryptanalysis time decreases with the square of the available memory. However, a large amount of work is wasted during the cryptanalysis process due to so-called "false alarms". In this paper we present a method of detection of false alarms which can significantly reduce the cryptanalysis time while using a minute amount of memory. Our method, based on "checkpoints", can reduce the time by much more than the square of the additional memory used, e.g., an increase of 0.89% of memory yields a 10.99% increase in performance. Even if our optimization is bounded, the gain in time per memory used is radically more important than in any existing variant of the trade-off. Beyond this practical improvement, checkpoints constitute a novel approach which has not yet been exploited and may lead to other interesting results. In this paper, we also present theoretical analysis of time-memory trade-offs, and give a complete characterization of the variant based on rainbow tables. This is the first time an exact expression is given for a variant of the trade-off and that the time-memory relationship can actually be plotted

A Comparison of Time-Memory Trade-Off Attacks on Stream Ciphers

Contains fulltext : 117176.pdf (preprint version ) (Open Access

Eavesdropping on GSM: state-of-affairs

In the almost 20 years since GSM was deployed several security problems have been found, both in the protocols and in the - originally secret - cryptography. However, practical exploits of these weaknesses are complicated because of all the signal processing involved and have not been seen much outside of their use by law enforcement agencies. This could change due to recently developed open-source equipment and software that can capture and digitize signals from the GSM frequencies. This might make practical attacks against GSM much simpler to perform. Indeed, several claims have recently appeared in the media on successfully eavesdropping on GSM. When looking at these claims in depth the conclusion is often that more is claimed than what they are actually capable of. However, it is undeniable that these claims herald the possibilities to eavesdrop on GSM using publicly available equipment. This paper evaluates the claims and practical possibilities when it comes to eavesdropping on GSM, using relatively cheap hardware and open source initiatives which have generated many headlines over the past year. The basis of the paper is extensive experiments with the USRP (Universal Software Radio Peripheral) and software projects for this hardware.Comment: 5th Benelux Workshop on Information and System Security (WISSec 2010), November 201

Quantum Time/Memory/Data Tradeoff Attacks

One of the most celebrated and useful cryptanalytic algorithms is Hellman\u27s time/memory tradeoff (and its Rainbow Table variant), which can be used to invert random-looking functions on $N$ possible values with time and space complexities satisfying $TM^2=N^2$. As a search problem, one can always transform it into the quantum setting by using Grover\u27s algorithm, but this algorithm does not benefit from the possible availability of auxiliary advice obtained during a free preprocessing stage. However, at FOCS\u2720 it was rigorously shown that a small amount of quantum auxiliary advice (which can be stored in a quantum memory of size $M \leq O(\sqrt{N})$) cannot possibly yield an attack which is better than Grover\u27s algorithm. In this paper we develop new quantum versions of Hellman\u27s cryptanalytic attack which use large memories in the standard QACM (Quantum Accessible Classical Memory) model of computation. In particular, we improve Hellman\u27s tradeoff curve to $T^{4/3}M^2=N^2$. When we generalize the cryptanalytic problem to a time/memory/data tradeoff attack (in which one has to invert $f$ for at least one of $D$ given values), we get the generalized curve $T^{4/3}M^2D^2=N^2$. A typical point on this curve is $D=N^{0.2}$, $M=N^{0.6}$, and $T=N^{0.3}$, whose time is strictly lower than both Grover\u27s algorithm and the classical Hellman algorithm (both of which require $T=N^{0.4}$ for these $D$ and $M$ parameters)

The Cost of False Alarms in Hellman and Rainbow Tradeoffs

Cryptanalytic time memory tradeoff algorithms are generic one-way function inversion techniques that utilize pre-computation. Even though the online time complexity is known up to a small multiplicative factor for any tradeoff algorithm, false alarms pose a major obstacle in its accurate assessment. In this work, we study the expected pre-image size for an iteration of functions and use the result to analyze the cost incurred by false alarms. We are able to present the expected online time complexities for the Hellman tradeoff and the rainbow table method in a manner that takes false alarms into account. We also analyze the effects of the checkpoint method in reducing false alarm costs. The ability to accurately compute the online time complexities will allow one to choose their tradeoff parameters more optimally, before starting the expensive pre-computation process

Comparison of Cryptanalytic Time Memory Tradeoff Algorithms with Focus on Some Rainbow Variants

학위논문 (박사)-- 서울대학교 대학원 : 수리과학부, 2016. 2. 홍진.Cryptanalytic time memory tradeoff algorithms are tools for inverting one-way functions, and they are used to recover passwords from unsalted password hashes. There are many publicly known tradeoff algorithms, and the rainbow tradeoff algorithm, which is widely believed to be the best tradeoff algorithm, at least among implementers, has been the most popular method. In this thesis, we provide accurate complexity analyses of the thick rainbow tradeoff algorithm and the non-perfect and perfect table fuzzy rainbow tradeoff algorithms. These are algorithms that have not yet received much attention. Our analyses show that, when the pre-computation cost and the online execution efficiency are both taken into consideration, the perfect table fuzzy rainbow tradeoff can be seen as performing the best among the three algorithms considered and actually even better than the original rainbow tradeoff. The computational complexities for some time memory data tradeoff methods are also analyzed. The multi-target tradeoffs that we cover are the classical Hellman, distinguished point, and fuzzy rainbow methods, both in their non-perfect and perfect table versions for the latter two methods. We find that their execution complexities are no different from the complexities of the corresponding single-target algorithms executed under certain matching parameters. As in the single-target case, we conclude that the perfect table fuzzy rainbow tradeoff algorithm is the most preferable among the multi-target tradeoff algorithms we have considered.Chapter 1 Introduction 1 Chapter 2 Preliminaries 5 2.1 Previous Results of Major Algorithms 7 2.1.1 Hellman Tradeoff 7 2.1.2 DP Tradeoff 8 2.1.3 Rainbow Tradeoff 10 2.2 Some Rainbow Variants 11 2.2.1 Thick Rainbow Tradeoff 12 2.2.2 Non-Perfect Table Fuzzy Rainbow Tradeoff 13 2.2.3 Perfect Table Fuzzy Rainbow Tradeoff 15 Chapter 3 Analyses of the Three Rainbow Variants 18 3.1 Thick Rainbow Tradeoff 18 3.1.1 Probability of Success 18 3.1.2 Online Complexity 21 3.2 Non-Perfect Table Fuzzy Rainbow Tradeoff 25 3.2.1 Probability of Success 25 3.2.2 Online Complexity 31 3.3 Perfect Table Fuzzy Rainbow Tradeoff 37 3.3.1 Probability of Success 37 3.3.2 Online Complexity 41 Chapter 4 Storage Optimization 49 4.1 The Degree of Ending Point Truncation 50 4.1.1 Thick Rainbow Tradeoff 50 4.1.2 Non-Perfect Table Fuzzy Rainbow Tradeoff 52 4.1.3 Perfect Table Fuzzy Rainbow Tradeoff 54 Chapter 5 Comparison of Algorithms 56 5.1 Adjustment Factors for Tradeoff Coefficients 56 5.2 Some Observations concerning Fuzzy Rainbow Tradeoffs 58 5.3 Comparison 63 Chapter 6 Time Memory Data Tradeoff Algorithms 67 6.1 Algorithms 67 6.2 Analysis 69 Chapter 7 Experiments 72 7.1 Thick Rainbow Tradeoff 72 7.2 Non-Perfect Table Fuzzy Rainbow Tradeoff 74 7.3 Perfect Table Fuzzy Rainbow Tradeoff 78 7.4 Time Memory Data Tradeoff Algorithms 84 Chapter 8 Conclusion 86 Abstract (in Korean) 91Docto