Cryptographic Attacks on Scrambled LZ-Compression and Arithmetic

Coding

By: RAJBIR SINGH BIKRAM KAHLON

Outline

LZ Compression Arithmetic Coding Scrambled Input LZ Compression Scrambled Input Arithmetic Coding Attacks Conclusions References

LZ Compression

Algorithm1. Find the longest substring in the codebook.

2. Output its code.

3. Append the very next character from the input and create a new codebook entry for the resulting string.

4. Advance past the end of the substring just encoded.

Until no more character.

LZ Compression

Example

abbaabbaababbaaaabaabba

Dictionary

Index Entry Index Entry

0

1

2

3

4

5

6

a

b

ab

bb

ba

aa

abb

7

8

9

10

11

12

13

baa

aba

abba

aaa

aab

baab

bba

Scrambled LZ Compression

Algorithm Initialize the pseudo random number

generator with encryption key. Add null characters in dictionary. Shuffle the initial values of dictionary. Perform LZ Compression

Arithmetic Coding

It takes a stream of input symbols and replaces it with a single floating point output number greater than 0 & less than 1.

Algorithm Set low to 0.0

Set high to 1.0 While there are still input symbols do Get an Input symbol Code_range = high - low. high = low + range*high_range(symbol) low = low + range*low_range(symbol) End of While Output low

Scrambled Arithmetic Coding

Algorithm Initialize the pseudo random number with encryption

key Shuffle the probability table Perform Arithmetic Coding

Ciphertext-Only Attack

Attack model, in which access to a set of different ciphertexts is provided.

Success If: Plaintext corresponding to the ciphertext

being analyzed. The encryption key is revealed. Any information about the plaintext pattern.

Chosen-Ciphertext Attack

In this case, cryptanalyst chooses ciphertext of his choice.

One of the ciphertext(LZ) taken for analysis:

↕    Ö    ↕    r    ↕    æ    ↕    ☼    ↕    Ç    ↕      ↕   ↕    ↕    ↕    ¥    ↕    m    ↕    O    ↕    ≡    ↕    ∙    ↕     ═    ↕    &    ↕    ►    ↕    ▒    ↕    ⌡    ↕    ▲    ↕    x    ‼

ADAPTIVE-CHOSEN-CIPHERTEXT ATTACK

Attacker sends a number of cipher texts to be decrypted and use these decrypted cipher texts to select subsequent cipher texts.

Most advanced version of cipher text attacks.

Linear Cryptanalysis

A linear relation between bits of plaintext, the ciphertext and the bits of key is determined.

The basic idea is to approximate the operation of the cipher with an expression that is linear.

Xi1 + Xi2 + ..Xiu + Yj1 + Yj2 + ..Yjv = 0                      

where Xi represents the i-th bit of the input and

Yj represents the j-th bit of the output and

‘+’ represents the exclusive-OR

Conclusions On LZ-Compression

Null characters are part of cipher text, so its hard to distinguish between messages and null strings for traffic flow security.

The same encoded strings even within same message bear no resemblance to each other i.e. output is completely random.

A part of message can not be treated as separate and every part of message is completely dependant on what came prior to it.

Conclusions On LZ-Compression

In case of linear attack on LZ compression, it involves big numbers for computation.

For 1076 bytes or 210890 possible sequences will generate 29372 possible enciphering permutations. The number of possible permutations is huge and hides the plaintext.

Conclusions on Arithmetic Coding

No two messages M & M` produce same ciphertext file.

Arithmetic Coding does not use fixed codewords to represent symbols.

A large keyspace i.e. around 2048 bit encryption key makes it difficult to attack the algorithms introduced by Dr. Wang.

In case of linear attack, it requires 247 known-plaintext blocks and will result in one key bit.

Chosen-Plaintext Attack

A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding cipher texts.

Adaptive Chosen-Plaintext Attacks

This attack is similar to chosen-plaintext attack except that in this case, the cryptanalyst makes an nth query based on output of last (n-1) queries.

Differential Attacks

In this kind of cryptanalysis, certain fixed differences between the plaintext and the cipher text are exploited till the last round of the cipher. Certain differences, called "characteristics," in plaintext pairs have a high probability of causing certain differences in the resulting cipher text pairs. To find the correct round key, simply collect enough guesses so that one sub key is suggested more often than all the others.

Conclusions

Unicity Distance

n = H(K)/[|M| - H(M)]

H (K) = entropy of keys used in encryption

|M| = maximum possible entropy for the plaintext

H (M) = entropy of message

Conclusions

Case1: Plaintext is ASCII characters

Unicity Distance comes out to be 1432.16 characters (very large).

Case2: Plaintext is English Language

Unicity Distance is 301.17 characters.

H|M| is only value that changes.

Conclusions

Large Keyspace – 2048 bit encryption key. Cipher text Randomness. Regularities Reduction. Increased Entropy. Differential Attacks Impractical. For m chosen-plaintext pairs,

the corresponding known-plaintext will need about 2w/2(2m1/2) known plaintexts (w is the block size (in bits)). With 64-bit block using only eight chosen-plaintext pairs (very small number practically) ,the corresponding known-plaintext attack will require 234 plaintext-cipher text pairs, a large number. On DES,1.5MB/Sec. data stream of plaintexts for three years to get the data. Less efficient than brute force in DES(255 v/s 255.1)

Conclusions

According to sci.crypt FAQ strong encryption should have following characterstics:

Large keyspace. Reasonably Large unicity distance. Randomness in cipher text. Resistant to all known attacks. Dr. Wang’s Algorithm is very strong and

resistant to above defined attacks.

References

Wang, Chung-E Research paper {http://gaia.ecs.csus.edu/%7Ewang/cbj.pdf} Arithmetic Coding Source Code {www.cipr.rpi.edu/~wheeler/ac, accessed 12-

07-06} Dr. Dobb’s Journal {http://www.dogma.net/markn/articles/arith/part1.htm,

accessed 12-07-06} Handbook of Applied Cryptography {

http://www.cacr.math.uwaterloo.ca/hac/about/chap1.pdf} RSA Laboratories {http://www.rsasecurity.com/rsalabs/node.asp?id=2167,

accessed 12-07-06} Sci.Crypt FAQ {http://www.contrib.andrew.cmu.edu/~shadow/crypt.html,

accessed 12-07-06}

ANY QUESTIONS???