3 Cifrado en flujo basado en matrices triangulares superiores por bloques
4.3 Propuestas futuras
4.3.6 Criptoanálisis
Una última propuesta, en el marco del criptoanálisis, consiste en el estudio en mayor profundidad de la seguridad del criptosistema propuesto; trabajo que, no obstante, queda abierto a la comunidad científica.
[1] Aguirre, J., Alvarez, R., Tortosa, L., & Zamora, A. (2007). Fast Pseudorandom Generator Based on Packed Matrices. Avanced Topics in Information Security
and Privacy, 101 (ISSN 1790-5117), 98.
[2] Aguirre, J., Alvarez, R., Tortosa, L., & Zamora, A. (2007). Generador
pseudoaleatorio matricial optimizado sobre ℤ2. II Simposio sobre Seguridad
Informática.
[3] Aguirre, J., Alvarez, R., Tortosa, L., & Zamora, A. (2008). An Optimized Pseudorandom Generrator Using Packed Matrices. Transactions on
Information Science Applications, 5 (ISSN 1790-0832), 487-496.
[4] Alvarez, G., Montoya, F., & Peinado, A. (1998). Generación de Claves del Criptosistema de Clave Pública de Blum, Blum y Shub. Proc. V Reunión
Española sobre Criptología, 55-65.
[5] Alvarez, R. (2005). Aplicaciones de las matrices por bloques a los
criptosistemas de cifrado en flujo. Ph.D. dissertation, Universidad de
Alicante.
[6] Alvarez, R., & McGuire, G. (2009). S-Boxes, APN Functions and Related Codes. Enhancing Cryptographic Primitives with Techniques from Error
Correcting Codes, 23, 49-62.
[7] Alvarez, R., & Zamora, A. (2014). A Matrix PRNG with S-Box Output Filtering. Journal of Applied Mathematics, 2014.
[8] Alvarez, R., & Zamora, A. (2014). Randomness Analysis of Key-Derived S-Boxes. International Joint Conference SOCO’13-CISIS’13-ICEUTE’13, (págs. 611-618).
[9] Alvarez, R., Castel, M. J., Tortosa, L., & Zamora, A. (2009). Optimizing
matrix operations in Z2 by word packing. Applied Mathematics Letters, 22 (2), 242-244.
[10] Alvarez, R., Climent, J. J., Tortosa, L., & Zamora, A. (2003). A Pseudorandom Bit Generator Based on Block Upper Triangular Matrices. En Web
Engineering: Internacional Conference, ICWE 2003 LNCS 2722 (299-300).
Springer.
[11] Alvarez, R., Climent, J. J., Tortosa, L., & Zamora, A. (2004). Un generador matricial de claves frente a Blum Blum Shub. Avances en criptología y
seguridad de la información, 113-123.
[12] Alvarez, R., Climent, J., Tortosa, L., & Zamora, A. (2005). An efficient binary sequence generator with cryptographic applications. Applied Mathematics
and Computation, 167, 16-27.
[13] Alvarez, R., Ferrandez, F., Vicent, J., & Zamora, A. (2006). Applying quick exponentiation for block upper triangular matrices. Applied Mathematics and
Computation, 183, 729-737.
[14] Alvarez, R., Marti}nez, F.-M., Vicent, J.-F., & Zamora, A. (2012). Extensión y parametrización de un generador pseudoaleatorio matricial. Actas de la XII
Reunión Española sobre Criptología y Seguridad de la Información.
[15] Alvarez, R., Martinez, F. M., Vicent, J., & Zamora, A. (2012). Cryptographic Applications of 3 × 3 Block Upper Triangular Matrices. En L. N. in Computer Science (Ed.), Hybrid Artificial Intelligent Systems (págs. 97-104). Springer. [16] Alvarez, R., Martinez, F.-M., Vicent, J.-F., & Zamora, A. (2007). A New Public
Key Cryptosystem Based on Matrices. 6th WSEAS International Conference
on Information Security and Privacy, Tenerife, Spain, December 14-16. 200,
págs. 36-39. Advanced Topics in Information Security and Privacy.
[17] Alvarez, R., Martinez, F.-M., Vicent, J.-F., & Zamora, A. (2008). A Matricial Public Key Cryptosystem with Digital Signature. WSEAS Transactions on
Mathematics, 1, 1.
[18] Alvarez, R., Tortosa, L., Vicent, J. F., & Zamora, A. (2004). An Integral Security Kernel. WSEAS Transactions on Business and Economics, 241-246. [19] Alvarez, R., Tortosa, L., Vicent, J., & Zamora, A. (2009). A non-abelian group
based on block upper triangular matrices with cryptographic applications. En L. N. in Computer Science 5527 (Ed.), Applied Algebra, Algebraic Algorithms
and Error-Correcting Codes (págs. 117-126). Springer.
[20] Anderson, R. (1995). On Fibonacci Keystream Generators. Fast Software
Encryption, (págs. 346-352).
[21] Aumasson, J.-P., Fischer, S., Khazaei, S., Meier, W., & Rechberger, C. (2008). New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba. En K. Nyberg (Ed.), Fast Software Encryption (Vol. 5086, págs. 470-488). Springer Berlin Heidelberg. Obtenido de
http://dx.doi.org/10.1007/978-3-540-71039-4_30
[22] Babbage, S., Canniere, C., Canteaut, A., Cid, C., Gilbert, H., Johansson, T., ... Robshaw, M. (2008). The eSTREAM Portfolio. eSTREAM, ECRYPT Stream
[23] Beker, H., & Piper, F. C. (1982). Cipher Systems: The Protection of
Communications. New York: John Wiley and Sons.
[24] Berlekamp, E. R. (1968). Algebraic Coding Theory. New York: McGraw Hill. [25] Bernstein, D. J. (2008). ChaCha, a Variant of Salsa20. Workshop Record of
SASC, 8.
[26] Bernstein, D. J. (2008). Notes on the ECRYPT Stream Cipher Project (eSTREAM). http://cr.yp.to/streamciphers.html.
[27] Bernstein, D. J. (2008). The Salsa20 Family of Stream Ciphers. En New
stream cipher designs (págs. 84-97). Springer.
[28] Blum, L., Blum, M., & Shub, M. (1986). A Simple Unpredictable
Pseudorandom Number Generator. SIAM Journal on Computing, 15-2, 364- 383.
[29] Boyar, J. (1989). Inferring Sequences Generated by a Linear Congruential Generator Missing Low-Order Bits. Journal of Cryptology, 1, 177-184. [30] Brennab, J. J., & Geist, B. (1998). Analysis of Iterated Modular
Exponentiation: The Orbits of xa mod n. Designs, Codes and Cryptography, 13, 229-245.
[31] Bruer, J. O. (1984). On Pseudorandom Sequences as Crypto Generators. Switzerland: Proc. Int. Zurich Seminar on Digital Communication. [32] Caballero-Gil, P., & Fuster-Sabater, A. (2005). Improvement of the Edit
Distance Attack to Clock-Controlled LFSR-Based Stream Ciphers. En
Computer Aided Systems Theory--EUROCAST 2005 (págs. 355-364).
Springer.
[33] Campbell, C. M. (1978). Design and Specification of Cryptographic Capabilities. IEEE Computer Society Mag., 16, 15-19.
[34] Campbell, J., Easter, R., Lee, A., & Snouffer, R. (2003). Approved Random Number Generators for FIPS PUB 140-2, Security Requirements for Cryptographic Modules. NIST. FIPS PUB, 140-2.
[35] Chabuad, F. (June de 2000). The Primitive and Irreducible Polynomial Server (PIPS). The Primitive and Irreducible Polynomial Server (PIPS). Obtenido de
http://zenfact.sourceforge.net/defaultind_COUNT_1_FILE0_PIPS.html
[36] Chabuad, F., & Lercier, R. (June de 2000). ZEN. ZEN. Obtenido de
http://zenfact.sourceforge.net
[37] Cusick, T. W. (1995). Properties of the Pseudorandom Number Generator.
IEEE Trans. Information Theory, 41, 1155-1159.
[38] Daeman, J., Govaerts, R., & Vandewalle, J. (1994). Resynchronization Weaknesses in Synchonous Stream Ciphers. En 93, Springer-Verlag (págs. 159-167). Proc. EUROCRYPT.
[39] Daemen, J., & Rijmen, V. (1999). AES Proposal: Rijndael. 1st Advanced
Encryption Standard (AES1) Conference, (págs. 343-348).
[40] Davies, D. W., & Parkin, G. I. (1983). The Average Size of the Key Stream in Output Feedback Encipherment. En Proc (págs. 263-279). Springer-Verlag: Workshop in Cryptography.
[41] Doty-Humphrey, C. (November de 2014). Practically Random. PractRand
0.92. Obtenido de http://sourceforge.net/projects/pracrand/
[42] Eastlake, D., Crocker, S., & Schiller, J. (1994). Randomness
Recommendations for Security. Network Working Group, RFC, 1750. [43] Fuster-Sabater, A. (2014). Design of Nonlinear Filters with Guaranteed
Lower Bounds on Sequence Complexity. International Joint Conference
SOCO’13-CISIS’13-ICEUTE’13, (págs. 557-566).
[44] Golomb, S. W. (1982). Shift register sequences. Aegean Park Press.
[45] Guanella, G. M. (1946). Means for and Method for Secret Signalling. U.S.
Patent, 2405400.
[46] Gupta, S. S., Maitra, S., Paul, G., & Sarkar, S. (2014). (Non-) Random Sequences from (Non-) Random Permutations—Analysis of RC4 Stream Cipher. Journal of cryptology, 27 (1), 67-108.
[47] Hernandez, L., Muñoz, F., Montoya, G., & Peinado, A. (1998). Maximal Period of Orbits of the BBS Generator. Proc. CISC ', 98, 71-80.
[48] Hogg, R. V., & Tannis, E. A. (1988). Probability and Statistical Inference. New York: Macmillan Publishing.
[49] Hussain, I., Shah, T., Gondal, M. A., & Khan, W. A. (2011). Construction of Cryptographically Strong 8 × 8 S-boxes. World Applied Sciences Journal, 13 (11), 2389-2395.
[50] Jueneman, R. R. (1983). Analysis of Certain Aspects of Output-Feedback Mode. Proc. CRYPTO ', 82, 99-127.
[51] Kelsey, J., Schneier, B., & Ferguson, N. Y. (1999). Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator. En
99, LNCS 1758, Springer Verlag (págs. 13-33). Proc. Selected Areas in
Cryptography.
[52] Klein, A. (2008). Attacks on the RC4 Stream Cipher. Designs, Codes and
Cryptography, 48(3), 269-286.
[53] Knudsen, L. (1998). Block Ciphers - A Survey. En LNCS 1528 (págs. 18-48). Springer-Verlag: State of the Art in Applied Cryptography.
[54] Knuth, D. E. (1981). The Art of Computer Programming - Seminumerical
[55] Krawczyk, H. (1992). How To Predict Congruential Generators. Journal of
Algorithms, 13, 527-545.
[56] Kuhn, G. J. (1988). Algorithms for Self-Synchronizing Ciphers. Proc.
COMSIG ', 88.
[57] Lagarias, J. C. (1990). Pseudorandom Number Generators in Cryptography and Number Theory. Proc. Symposia in Applied Mathematics, 42, 115-143. [58] L'Ecuyer, P. (August de 2009). TestU01. 1.2.3. Obtenido de
http://simul.iro.umontreal.ca/testu01/tu01.html
[59] L'Ecuyer, P., & Simard, R. (2007). TestU01: AC Library for Empirical Testing of Random Number Generators. ACM Transactions on Mathematical
Software (TOMS), 33(4), 22.
[60] Lehmer, D. (1951). Mathematical methods in large-scale computing units. Proceedings of a Second Symposium on Large Scale Digital Calculating Machinery.
[61] Lidl, R., & Niederreiter, H. (1983). Finite Fields: Encyclopedia of Mathematics and Its Applications. Computers and Mathematics with
Applications, 20. Addison-Wesley.
[62] Lidl, R., & Niederreiter, H. (1994). Introduction to Finite Fields and their
Applications. Cambridge: Cambridge University Press.
[63] Luby, M. (1996). Pseudorandomness and Cryptographic Applications. Princeton University Press.
[64] Lucena-Lopez, M.-J. (2015). Criptografía y seguridad en computadores 4-0.11.0. Obtenido de http://criptografiayseguridad.blogspot.com.es/ [65] Massey, J. L.-R., & Decoding, B. (1969). IEEE Transactions of Information
Theory. vol., 15, 122-127.
[66] Mathews, T. (1996). Suggestions for Random Number Generation in Software. News and Advices from RSA Laboratories, Bulletin, 1. [67] Maurer, U. (1995). The Role of Information Theory in Cryptography.
Cryptography and Coding IV, Inst. of Mathematics and its Applications, 49-
71.
[68] Menezes, A., van Oorschot, P., & Vanstone, S. (2001). Handbook of Applied
Cryptography. Florida: CRC Press.
[69] Mes, J. O. (april de 2015). Dev-C++ Orwell Obtenido de
http://orwelldevcpp.blogspot.com
[70] Mister, S., & Tavares, S. (1998). Cryptanalysis of RC4-like Ciphers. Select
[71] Murphy, S., & Robshaw, M. (2002). Key-Dependent S-Boxes and Differential Cryptanalysis. Designs, Codes and Cryptography, 27(3), 229-255. Obtenido de
http://dx.doi.org/10.1023/A%3A1019991004496
[72] National Bureau of Standards. (1980). DES Modes of Operation. Federal
Information Processing Standards Publication (FIPS PUB) 81.
[73] NIST (2000). A Statistical Test Suit for Random and Pseudorandom Number Generatiors for Cryptographic Applications Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. NIST
Special Publication, 800-22.
[74] O’Neill, M. E. (2015). Empirical Statistical Tests. Obtenido de
http://www.pcg-random.org/statistical-tests.html
[75] O'Connor, S. E. (1999-2015). COMPUTING PRIMITIVE POLYNOMIALS
Primpoly Version 12.0. Obtenido de
http://www.seanerikoconnor.freeservers.com
/Mathematics/AbstractAlgebra/PrimitivePolynomials/overview.html [76] Odoni, R. W., Varadharajan, V., & Sanders, P. W. (1984). Public Key
Distribution in Matrix Rings. Electronic Letters, 20(9), 386-387.
[77] Peinado, A., & Fuster-Sabater, A. (2013). Generation of Pseudorandom Binary Sequences by Means of Linear Feedback Shift Registers (LFSRs) with Dynamic Feedback. Mathematical and Computer Modelling, 57(11), 2596- 2604.
[78] Plumstead, J. B. (1983). Inferring a Sequence Generated by a Linear Congruence. Proc. CRYPTO ', 82, 317-319.
[79] Preneel, B., Nuttin, M., Rijmen, V., & Buelens, J. (1994). Cryptanalysis of the
CFB mode of the DES with a Reduced Number of Rounds. Springer-Verlag
212--223: Proc. CRYPTO '93.
[80] Rifa, J., & Huguet, L. (1991). Comunicación Digital. Masson.
[81] Rivest, R. L. (1992). The RC4 Encryption Algorithm. Inc: RSA Data Security. [82] Robshaw, M. (2008). The eSTREAM Project. En New Stream Cipher Designs
(págs. 1-6). Springer.
[83] Robshaw, M. J. (1994). Technical Report TR-401. RSA Laboratories. [84] Robshaw, M. J. (1995). Technical Report TR-701 2.0. RSA Laboratories. [85] Rueppel, R. A. (1986). Analysis and Design of Stream Ciphers. Springer-
Verlag.
[86] Rueppel, R. A. (1987). When Shift Registers Clock Themselves. Springer- Verlag 53--64: Proc. EUROCRYPT '87.
[87] Rueppel, R. A. (1992). Stream Ciphers. Contemporary Cryptology: The Science of Information Integrity, G. J. Simmons, IEEE press, 65-134.
[88] Savage, J. E. (1967). Some Simple Self-Synchronizing Digital Data Scramblers. Bell System Technical Journal, 46, 448-487.
[89] Schneier, B. (2015). Applied Cryptography: Protocols, Algorithms and. (S. C. in C (30th Anniversary ed.). New York: Wiley Computer Publishing, John Wiley & Sons, Inc.
[90] Selmer, E. S. (1966). Linear Recurrence over Finite Fields. Norway: University of Bergen.
[91] Shannon, C. E. (1948). A Mathematical Theory of Communication. Bell
System Technical Journal, 27(379), 623-656.
[92] Shannon, C. E., & Weaver, W. (1949). The Mathematical Theory of
Communication. University of Illinois press.
[93] Smeets, B. (1986). A Note on Sequences Generated by Clock-Controlled Shift
Registers. Springer-Verlag 40--42: Proc. EUROCRYPT '85.
[94] Stallings, W. (2014). Cryptography and Network Security: Principles and
Practice (Sixth ed.). New Jersey: Prentice Hall.
[95] Vazirani, U. V., & Vazirani, V. V. (1985). Efficient and Secure Pseudorandom Number Generation. Advances in cryptology, (págs. 193-202).
[96] Vicent-Frances, J.-F. (2007). Propuesta y análisis de criptosistemas de clave
pública basados en matrices triangulares superiores por bloques. Ph.D.
dissertation, Universidad de Alicante.
[97] Wackerly, D., Mendenhall, W., & Scheaffer, R. (1996). Mathematical
Statistics with Applications. Duxbury Press.
[98] Wu, H. (2004). A New Stream Cipher HC-256. En B. Roy, & W. Meier
(Edits.), Fast Software Encryption (Vol. 3017, págs. 226-244). Springer Berlin Heidelberg. Obtenido de http://dx.doi.org/10.1007/978-3-540-25937-4_15 [99] Wu, H. (2008). The Stream Cipher HC-128. En New Stream Cipher Designs
(págs. 39-47). Springer.
[100] Yao, A. C. (1982). and Applications of Trapdoor Functions. Proc (págs. 80-91). 23rd IEEE Symposium on Foundations of Computer Science.
[101] Zierler, N. (1959). Linear Recurring Sequences. Journal of the Society for
Índice de tablas
Tabla 1.1: Tabla de trasformaciones en una ronda doble de Salsa20 ... 30 Tabla 3.1: Ejemplo de combinaciones seleccionables ... 51 Tabla 3.2: Combinaciones top, min y bottom ... 52 Tabla 3.3: Probabilidades al bit ... 57 Tabla 3.4: Combinaciones probadas ... 59 Tabla 3.5: Mínimo de bits para el periodo y la semilla por combinación ... 60 Tabla 3.6: Bits por iteración y número de iteraciones por combinación ... 61 Tabla 3.7: Estimación de los costes por iteración y por bit ... 62 Tabla 3.8: Combinaciones admisibles probadas para 65537 ... 68 Tabla 3.9: Comparativa velocidades combinaciones 1-2-7 y 1-2-19 ... 69 Tabla 3.10: Valores de 𝑘4 y 𝑘5 para distintos valores de 𝑑 ... 71 Tabla 3.11: Comparativa con el enfoque optimizado para 𝑑 = 7 y 𝑑 = 19 ... 74 Tabla 3.12: Comparativa para mejora en d par ... 75 Tabla 3.13: Velocidades y tiempos en implementación óptima ... 76
Índice de figuras
Figura 1.1: Esquema original de comunicación de Shannon ... 5 Figura 1.2: Forma de Fibonacci para un LFSR ... 13 Figura 1.3: Forma de Galois para un LFSR ... 15 Figura 1.4: Cifrado de Vernam ... 23 Figura 1.5: Cifrado en modo output feedback (OFB) ... 27 Figura 1.6: Esquema de funcionamiento del PRGA de RC4 ... 28 Figura 3.1: Combinaciones top, min y bottom ... 53
Tabla de acrónimos
0r ... zero replacement
AES ... advanced encryption standard ARC4 ... alleged Rivest cipher 4 ARX ... add-rotate-xor AVX ... advanced vector extensions BBS ... Blum Blum Shub
bms ... bit menos significativo bpi ... bits por iteración
CBC ... cipher block chaining (modo) CFB ... cipher feedback (modo) CTR ... counter (modo) ECB ... electronic codebook (modo) ECRYPT ... European Network of Excellence for Cryptology eStream ... the ECRYPT Stream Cipher Project FPGA ... field programmable gate array GPGPU ... general purpose computing on graphics processing units GPU ... graphics processing unit HC128 ... Hongjun’s Cipher 128 HC256 ... Hongjun’s Cipher 256 KSA ... key scheduling algorithm LCG ... linear congruential generator LFSR ... linear feedback shift register
mbp ... mínimo de bits para el periodo mbs ... mínimo de bit para la semilla min ... combinación con tbn mínimo y 𝑚𝑏𝑠 ≥ 128
NLFSR ... non-linear feedback shift register OFB ... output feedback (modo) OTP ... one-time pad PCBC ... propagating cipher block chaining (modo) PIPS ... Primitive and Irreducible Polynomial Server PNI ... Prescott new instructions PractRand ... Practically Random PRGA ... pseudo-random generation algorithm Primpoly ... A Program for Computing Primitive Polynomials RC4 ... Rivest cipher 4 RFC ... request for comments
s-box ... caja de sustitución
SIMD ... single instruction, multiple data SSE ... streaming SIMD extensions SSL ... secure sockets layer
tbn ... tamaño de los bloques no nulos
TSB ... triangular superior por bloques (matriz) TSL ... transport layer security WEP ... wired equivalent privacy