A case-based approach to cryptanalysis that explains how and why attacks can happenApplied Cryptanalysis focuses on practical attacks on real-world ciphers. Using detailed case studies, the authors demonstrate how modern cryptographic systems are broken, and they do so with a minimum of complex mathematics and technical jargon. All major classes of attacks are covered, providing IT professionals with the knowledge necessary for effective security implementation within their organizations. Each chapter concludes with a series of problems that enables the reader to practice and fine-tune their own cryptanalysis skills. Applied Cryptanalysis can serve as a textbook for a cryptanalysis course or for independent study.The text is organized around four major themes: * Classic Crypto offers an overview of a few classical cryptosystems, introducing and illustrating the basic principles, concepts, and vocabulary. The authors then cover World War II cipher machines, specifically the German Enigma, Japanese Purple, and American Sigaba. * Symmetric Ciphers analyzes shift registers and correlation attacks, as well as attacks on three specific stream ciphers: ORYX, RC4 (as used in WEP), and PKZIP. In addition, block ciphers are studied: Hellman's Time-Memory Trade-Off attack is discussed and three specific block ciphers are analyzed in detail (CMEA, Akelarre, and FEAL). * Hash Functions presents hash function design, birthday attacks, and the "Nostradamus" attack. Then the MD4 attack is examined, which serves as a precursor for the authors' highly detailed analysis of the recent attack on MD5. * Public Key Crypto includes an overview of several public key cryptosystems including the knapsack, Diffie-Hellman, Arithmetica, RSA, Rabin cipher, NTRU, and ElGamal. Factoring and discrete log attacks are analyzed, and the recent timing attacks on RSA are discussed in detail.
Author(s): Mark Stamp, Richard M. Low
Publisher: Wiley-IEEE Press
Year: 2007
Language: English
Pages: 425
Tags: Информатика и вычислительная техника;Информационная безопасность;Криптология и криптография;
APPLlED CRYPTANALYSIS: Breaking Ciphers in the Real World......Page 2
Contents......Page 10
Preface......Page 16
About the Authors......Page 20
Acknowledgments......Page 22
1.2 Good Guys and Bad Guys......Page 24
1.3 Terminology......Page 25
1.4 Selected Classic Crypto Topics......Page 27
1.4.1 Transposition Ciphers......Page 28
1.4.2 Substitution Ciphers......Page 31
1.4.3 One-Time Pad......Page 41
1.4.4 Codebook Ciphers......Page 43
1.5 Summary......Page 44
1.6 Problems......Page 45
2.1 Introduction......Page 48
2.2.1 Enigma Cipher Machine......Page 49
2.2.2 Enigma Keyspace......Page 52
2.2.3 Rotors......Page 54
2.2.4 Enigma Attack......Page 57
2.2.5 More Secure Enigma?......Page 60
2.3.1 Purple Cipher Machine......Page 61
2.3.2 Purple Keyspace......Page 67
2.3.3 Purple Diagnosis......Page 68
2.3.4 Decrypting Purple......Page 72
2.3.5 Purple versus Enigma......Page 73
2.4.1 Sigaba Cipher Machine......Page 75
2.4.2 Sigaba Keyspace......Page 80
2.4.3 Sigaba Attack......Page 82
2.4.4 Sigaba Conclusion......Page 90
2.5 Summary......Page 91
2.6 Problems......Page 92
3.1 Introduction......Page 102
3.2 Shift Registers......Page 104
3.2.1 Berlekamp-Massey Algorithm......Page 106
3.2.2 Cryptographically Strong Sequences......Page 108
3.2.3 Shift Register-Based Stream Ciphers......Page 112
3.2.4 Correlation Attack......Page 113
3.3 ORYX......Page 116
3.3.1 ORYX Cipher......Page 117
3.3.2 ORYX Attack......Page 120
3.3.3 Secure ORYX?......Page 125
3.4 RC4......Page 126
3.4.2 RC4 Attack......Page 128
3.5 PKZIP......Page 133
3.5.1 PKZIP Cipher......Page 134
3.5.2 PKZIP Attack......Page 136
3.6 Summary......Page 143
3.7 Problems......Page 144
4.1 Introduction......Page 150
4.2 Block Cipher Modes......Page 151
4.3 Feistel Cipher......Page 154
4.4.1 Cryptanalytic TMTO......Page 156
4.4.2 Bad Chains......Page 160
4.4.3 Success Probability......Page 164
4.4.4 Distributed TMTO......Page 165
4.4.5 TMTO Conclusions......Page 166
4.5.1 CMEA Cipher......Page 167
4.5.2 SCMEA Cipher......Page 169
4.5.3 SCMEA Chosen Plaintext Attack......Page 170
4.5.4 CMEA Chosen Plaintext Attack......Page 171
4.5.5 SCMEA Known Plaintext Attack......Page 174
4.5.6 CMEA Known Plaintext Attack......Page 181
4.5.7 More Secure CMEA?......Page 182
4.6.1 Akelarre Cipher......Page 183
4.6.2 Akelarre Attack......Page 189
4.6.3 Improved Akelarre?......Page 192
4.7 FEAL......Page 193
4.7.1 FEAL-4 Cipher......Page 194
4.7.2 FEAL-4 Differential Attack......Page 195
4.7.3 FEAL-4 Linear Attack......Page 200
4.7.4 Confusion and Diffusion......Page 205
4.9 Problems......Page 206
5.1 Introduction......Page 216
5.2.1 The Birthday Problem......Page 223
5.2.2 Birthday Attacks on Hash Functions......Page 224
5.2.3 Digital Signature Birthday Attack......Page 225
5.2.4 Nostradarnus Attack......Page 226
5.3.1 MD4 Algorithm......Page 231
5.3.2 MD4 Attack......Page 233
5.3.3 A Meaningful Collision......Page 247
5.4.1 MD5 Algorithm......Page 248
5.4.2 A Precise Differential......Page 254
5.4.3 Outline of Wang’s Attack......Page 256
5.4.4 Wang’s MD5 Differentials......Page 258
5.4.5 Reverse Engineering Wang’s Attack......Page 261
5.4.6 Stevens’ Implementation of Wang’s Attack......Page 275
5.4.7 A Practical Attack......Page 276
5.5 Summary......Page 279
5.6 Problems......Page 280
6.1 Introduction......Page 288
6.2 Merkle-Hellman Knapsack......Page 290
6.2.1 Lattice-Reduct ion Attack......Page 293
6.3 Diffie-Hellman Key Exchange......Page 298
6.3.1 Man-in-the-Middle At tack......Page 300
6.3.2 Diffie-Hellman Conclusion......Page 301
6.4 Arithmetica Key Exchange......Page 302
6.4.1 Hughes-Tannenbaum Length Attack......Page 306
6.5 RSA......Page 307
6.5.1 Mathematical Issues......Page 308
6.5.2 RSA Conclusion......Page 311
6.6 Rabin Cipher......Page 312
6.6.1 Chosen Ciphertext Attack......Page 314
6.6.2 Rabin Cryptosystem Conclusion......Page 315
6.7 NTRU Cipher......Page 316
6.7.1 Meet-in-the-Middle Attack......Page 322
6.7.2 Multiple Transmission Attack......Page 324
6.7.3 Chosen Ciphertext Attack......Page 325
6.7.4 NTRU Conclusion......Page 327
6.8 ElGamal Signature Scheme......Page 328
6.8.2 ElGamal Signature Conclusion......Page 331
6.10 Problems......Page 332
7.1 Introduction......Page 338
7.2.1 Trial Division......Page 339
7.2.2 Dixon’s Algorithm......Page 340
7.2.3 Quadratic Sieve......Page 346
7.2.4 Factoring Conclusions......Page 350
7.3.1 Trial Multiplication......Page 353
7.3.2 Baby-Step Giant-Step......Page 354
7.3.3 Index Calculus......Page 355
7.3.4 Discrete Log Conclusions......Page 356
7.4.1 Timing Attacks......Page 357
7.4.2 Glitching Attack......Page 376
7.4.3 Implementation Attacks Conclusions......Page 377
7.6 Problems......Page 378
A-1 MD5 Tables......Page 384
A-2.1 Number Theory......Page 394
A-2.3 Ring Theory......Page 395
A-2.4 Linear Algebra......Page 396
Annotated Bibliography......Page 398
Index......Page 416