kasumi cryptosystem
TRANSCRIPT
-
8/18/2019 Kasumi Cryptosystem
1/17
Kasumi Cryptosystem
1.Algorithm
KASUMI algorithm processes the 64-bit word in two 32-bit halves, let ! " and right ! "# $he
inp%t word is concatenation o the let and right halves o the irst ro%nd
In each ro%nd the right hal is &'( with the o%tp%t o the ro%nd %nction ater which the halves
are swapped)
where K*i, K'i, KIi are ro%nd +es or the ith ro%nd#
$he ro%nd %nctions or even and odd ro%nds are slightl dierent# In each case the ro%nd
%nction is a composition o two %nctions *i and 'i# or an odd ro%nd
and or an even ro%nd
#
$he o%tp%t is the concatenation o the o%tp%ts o the last ro%nd#
#
.oth * and ' %nctions divide the 32-bit inp%t data to two /6-bit halves# $he * %nction is an
irreversible bit manip%lation while the ' %nction is an irreversible three ro%nd eistel-li+e
networ+#
2.Logic/design elements used in the algorithm
$he /20-bit +e K is divided into eight /6-bit s%b +es K i)
-
8/18/2019 Kasumi Cryptosystem
2/17
Function FL
$he 32-bit inp%t 1 o is divided to two /6-bit halves # irst the let hal
o the inp%t is Aed bitwise with ro%nd +e and rotated let b one bit# $he res%lt o
that is &'(ed to the right hal o the inp%t to get the right hal o the o%tp%t #
$hen the right hal o the o%tp%t is '(ed bitwise with the ro%nd +e and rotated let
b one bit# $he res%lt o that is &'(ed to the let hal o the inp%t to get the let hal o the
o%tp%t #
'%tp%t o the %nction is concatenation o the let and right halves #
Function FO
$he 32-bit inp%t x o is divided into two /6-bit halves , and
passed thro%gh three ro%nds o a eistel networ+#
In each o the three ro%nds !inde1ed b j that ta+es val%es /, 2, and 3" the let hal is modiied to
get the new right hal and the right hal is made the let hal o the ne1t ro%nd#
$he o%tp%t o the %nction is #
-
8/18/2019 Kasumi Cryptosystem
3/17
KASUMI 5'(K *'5
3. Cryptanalysis of Algorithm
-
8/18/2019 Kasumi Cryptosystem
4/17
a) Strength of the algorithm
• rovide 7onidentialit as well as Integirt#
• It %sing both ' and * combination or encrption#
!) "ea#ness of the algorithm
• Slowness o encrption) an entire bloc+ m%st be acc%m%lated beore encrption 8
decrption can begin#
• 9rror propagation) An error in one smbol ma corr%pt the entire bloc+#
c) Attac#s possi!le
• Sandwich Attac+
• .oomerang attac+s
d) Attac#s impossi!le
• *inear Attac+
• .r%te orce Attac+
e) $enefits
• More aster
• More hardware riendl
• (ob%st
• More diic%lt to crac+ compare to p%blic +e crptograph
• (e:%ired *ess 7omp%ting ower to be created than e:%ivalent private +es in
p%blic-+e crptograph
• encrpt 64-bit :%antities s%ch as 9S bloc+s
f) %ra&!ac#s • KASUMI is am%ch wea+er crptosstem
g) Computational po&er and other resources re'uired
-
8/18/2019 Kasumi Cryptosystem
5/17
Kas%mi is the sec%re architect%re; Schroeppel claimed it to be twice as ast as its nearest
competitor, and three times as ast as the other candidates, and that its perormance on a
32-bit machine was ade:%ate# $he Kas%mi ciphers +e set%p was rated as relativel slow;
7omp%tational power7 compiles badl with several compilers ? platorms#
(. Applications
• @SM
•97S, enhanced circ%it-switched data
• @(S pac+et radio service
• 9@(S, enhanced @(S
• UM$S
. *rogram
>eader ile
8---------------------------------------------------------
Kas%mi#h
---------------------------------------------------------8
tpede %nsigned char %0;
tpede %nsigned short %/6;
tpede %nsigned int %32;
void KeSched%le! %0 +e ";
void Kas%mi! %0 data, int tpe ";
C Code
Kas%mi#c
-
8/18/2019 Kasumi Cryptosystem
6/17
-----------------------------------------------------------------------
Bincl%de CKas%mi#hC
8--------- /6 bit rotate let ------------------------------------------8
Bdeine ('*/6!a,b" !%/6"!!aDDb"E!aFF!/6-b"""
8------- %nions) %sed to remove CendianC iss%es ------------------------8
tpede %nion G
%32 b32;
%/6 b/6H2;
%0 b0H4;
J 5'(;
tpede %nion G
%/6 b/6;
%0 b0H2;
J 5'(;
8-------- globals) $he s%b+e arras -----------------------------------8
static %/6 K*i/H0, K*i2H0;
static %/6 K'i/H0, K'i2H0, K'i3H0;
static %/6 KIi/H0, KIi2H0, KIi3H0;
8---------------------------------------------------------------------
I!"
$he I %nction !ig 3"# It incl%des the S and SL tables#
$ransorms a /6-bit val%e#
---------------------------------------------------------------------8
static %/6 I! %/6 in, %/6 s%b+e "
G
U/6 nine, seven;
Static %/6 SH < G
4, N, 62, 6, 22, 34, L4, L6, 30, 6, 63, L3, 2, /0,/23, 33,
,//3, 3L,//4, 2/, 6, 6, /2, 4, 3, 46, 2, 2,///,/24, 0/,
3, L,/2/, L, 2, 6N, 0, 40,/N/,/2, 4N,/2N,/N4, N, /, 43,
-
8/18/2019 Kasumi Cryptosystem
7/17
2N,/22, 2, 6/, 23,/NL, /3,/NN, , /, /6, , 02, /N,/N, L0,
//,//6, 6, //, 0L,/N6, N,/2,//0, LL, 06, 6L, 3N, ,/26, 0,
//2, /, /, , L, /4, LN, 04, L/, 0, 3,/N3, 32, L, 20, 66,
/N2, 3/, 26, 4, , 4, 0, L2, 3, 4, 0N, 4L, 60, 2L,//, 44,
64,/N,/N0, 24,//N, 03, 36, 0, 42, /L, /, 4/, 00,//L, L, 3J;
Static %/6 SL H < G
/6,23L,/6/,3L,3L/,334, L,330, 30,226, 40,30,42,30, LN,3L,
/03,23,/4,33/,4/,34N, /,362,3N6,NN,262, 02,2/6,/L,36,/,
/,24/,40L, 3,2N6, /, N,333, 44,24,30, 0,/43,22N, 0/,4NN,
L, 3,3/,24, 4,23,2/0,4N,42,264,/2,4L4,3/,2LN,3LL, 6,
/6,/L,3L,/2/,2,40N,423,2/2,24N, 20,462,/6,4N6,N,200,223,
N/,4N,24L,26, 0L,/06,22/,420,/64, 4,44N,/L6,40,42/,3N,/63,
232,/0,/34,34, /3,2N,4L/,/42,/L/, 6L,/L3,42,/2,22,366,/3,
344,3NN,26,242,43,32N,//3,20, //,243, 0,3/, 36, L3,4L6, 2,
40,446,402, 4/, 60,/6,4,/3/,326,4N3,33L, 2N, 3L,//,442,/24,
4,304,N0, 3,//2,/N,4L,//,/26,/6L, 3,260,2L,32/,/60,364,
363,2L2, 46,4LL,3L3,32,324, 24,46,26,/,46N,400,426,3NL,22L,
43L,N6,2N0,2/,34L,4N/,434,236, /6,2NL,3L, 2, 6,/2N,/LL,2,
46,4/6,22,20,246, 6, 03,3N,42N,34,/3,N2, 6, 6/,244,202,
/3,222,4/0, 6,306,360,26/,/N/,46,2L/,/L,43N, 4L, L,/66,33N,
20N,303,33,/20,302,4N0,/,4L,36,300,24,/N,4L,4/, 62,44,
/32,22,2N3,3/6,234, /4,3N/, L/,N3,206,424,2//,34,3N,/4N,34,
3,/N3,/2,42, /L,2/4,43,/46,4L0,3/4,444,23N,26,32L,/L0,20,
N,//6, 0,4/N, /N,2N,/N,//,23/, 4,/3L,46, 2L, 06,N, 32,
2, 26,342,/N,3/3,4LN,43/,230,4//,32,/4L,43, 4N,//L,/4,3,
/0,233,30L, /,440,23,32, ,//N,/0,322, /2,46L,3L2,36L,/LN,
/,/NL,3,/3,/0/, 00, ,3N0,26N,404, L0,22,3N,2,4/2,///,
336,3/0, 4,N4,4L2,2L,3N4, ,33,43, 2/,3,3N3,332,403, /0,
4, 0, 2,4L,44,20L,/NN,26L,2L6,40,2N,/N6, 3/,/N4,433, 04,
4/4,406,3L4, L6, LL,/4,//,/40,4/3,36/,4NL,2,/62,2/,3N2,2N/,
266,3/,343,/44,44/,36,/N0,2L0,2/, 34,/02,NL,/30,2/N,33,/33,
3//,32,320,/4/,3L6,346,/23,3/L,4N,20/,42L,220,443,40/, L2,4N4,
40,422,240,2L, 23,2/3,/3N,466, 22,2/,203, N,2L4,36N,4/L,/2,
-
8/18/2019 Kasumi Cryptosystem
8/17
3/2,3, ,460,/L4, 2,//,2L,463,20,224,44,24,/0, 0N,3L0,
204,33,/N,3LN,2LL,4/,4N,/04, ,2NN,340, 63,2N4,/00, 33,4/,
L, 3N,3/N,2/L, L4,/6N,/2L,4L3, 64,/L,263,/N2,/0L,2N,//4,4N2,
430,4,30,/22,/L2, 42,30/, ,/4,//0,/0N,44L,2L3,323,/36,30N,
43, 66, 6N,4,34/,44,2N2,432, 0,23, /,36,436,464, L,46/J;
8 $he si1teen bit inp%t is split into two %ne:%al halves,
nine bits and seven bits - as is the s%b +e8
nine < !%/6"!inFF";
seven < !%/6"!in?N1";
8 ow r%n the vario%s operations 8
nine < !%/6"!SLHnine = seven";
seven < !%/6"!SHseven = !nine ? N1"";
seven =< !s%b+eFFL";
nine =< !s%b+e?N1/";
nine < !%/6"!SLHnine = seven";
seven < !%/6"!SHseven = !nine ? N1"";
in < !%/6"!!sevenDDL" O nine";
ret%rn! in ";
J
8---------------------------------------------------------------------
$he '!" %nction#
$ransorms a 32-bit val%e# Uses Dinde1F to identi the
appropriate s%b+es to %se#
---------------------------------------------------------------------8
static %32 '! %32 in, int inde1 "
G
%/6 let, right;
8 Split the inp%t into two /6-bit words 8
let < !%/6"!inFF/6";
right < !%/6" in;
-
8/18/2019 Kasumi Cryptosystem
9/17
8 ow appl the same basic transormation three times 8
let =< K'i/Hinde1;
let < I! let, KIi/Hinde1 ";
let =< right;
right =< K'i2Hinde1;
right < I! right, KIi2Hinde1 ";
right =< let;
let =< K'i3Hinde1;
let < I! let, KIi3Hinde1 ";
let =< right;
in < !rightDD/6"Olet;
ret%rn! in ";
J
8---------------------------------------------------------------------
*!"
$he *!" %nction#
$ransorms a 32-bit val%e# Uses Dinde1F to identi the
appropriate s%b+es to %se#
---------------------------------------------------------------------8
static %32 *! %32 in, int inde1 "
G
%/6 l, r, a, b;
8 split o%t the let and right halves 8
l < !%/6"!inFF/6";
r < !%/6"!in";
8 do the *!" operations
8
a < !%/6" !l ? K*i/Hinde1";
r =< ('*/6!a,/";
b < !%/6"!r E K*i2Hinde1";
l =< ('*/6!b,/";
-
8/18/2019 Kasumi Cryptosystem
10/17
8 p%t the two halves bac+ together 8
in < !lDD/6" O r;
ret%rn! in ";
J
8---------------------------------------------------------------------
Kas%mi!"
---------------------------------------------------------------------8
void Kas%mi! %0 data "
G
%32 let, right, temp;
5'( d;
int n;
8 Start b getting the data into two 32-bit words !9ndean correct" 8
d < !5'("data;
let < !dHN#b0HNDD24"O!dHN#b0H/DD/6"O!dHN#b0H2DD0"O!dHN#b0H3"; right <
!dH/#b0HNDD24"O!dH/#b0H/DD/6"O!dH/#b0H2DD0"O!dH/#b0H3"; n < N;
doG temp < *! let, n ";
temp < '! temp, nOO ";
right =< temp;
temp < '! right, n ";
temp < *! temp, nOO ";
let =< temp;
Jwhile! nD
-
8/18/2019 Kasumi Cryptosystem
11/17
8---------------------------------------------------------------------
Ke Sched%le!"
.%ild the +e sched%le# Most C+eC operations %se /6-bit
s%b+es so we b%ild %/6-siPed arras that are CendianC correct#
---------------------------------------------------------------------8
void Ke Sched%le! %0 + "
G
static %/6 7H < G
N1N/23,N146,N10LA.,N179, N197,N1.AL0,N164,N132/N J;
%/6 +eH0, KprimeH0;
5'( +/6;
int n;
8 Start b ens%ring the s%b +es are 9ndean correct on a /6-bit basis 8
+/6 < !5'( "+;
or! n
-
8/18/2019 Kasumi Cryptosystem
12/17
+.Sample input and Output
Ke) 2. 6 4 L 02 7 .3 NN L 27 4L /N 40 0/ 40
Inp%t ) 9A N2 4 /4 A 7 4 04
o%tp%t ) / L. 2 /7 N. 4
-
8/18/2019 Kasumi Cryptosystem
13/17
-
8/18/2019 Kasumi Cryptosystem
14/17
-
8/18/2019 Kasumi Cryptosystem
15/17
-
8/18/2019 Kasumi Cryptosystem
16/17
,.-eferences
1. 3rd @eneration artnership roRect, $echnical Speciication @ro%p Services and Sstem
Aspects, 3@ Sec%rit,KASUMI Speciication, 3#/#/ !2NN/"
2. .iham, 9#, %n+elman, '#, Keller, #) A (elated-Ke (ectangle Attac+ on the %ll
KASUMI# In) (o, .# !ed#" ASIA7(T$ 2NN# *7S, vol# 300, pp# 44346/# Springer,
>eidelberg !2NN"
3. .alderas-7ontreras, $omas; 7%mplido, (ene; eregrino-Uribe, 7la%dia) 'n the design
and implementation o a (IS7 processor e1tension or the KASUMI encrption
algorithm !2NN0"
4. @eneral (eport on the esign, Speciication and 9val%ation o 3@ Standard
7onidentialit and Integrit AlgorithmsC# 3@!2NNL"
. K# Via, 7# (echberger, and 5ang, W@reen crptanalsis) meet-in-the-middle
+erecover or the %ll +as%mi cipher,X $ech# (ep# 2N//8466, !2N//"#
http://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33908-300.pdfhttp://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33908-300.pdfhttp://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33908-300.pdfhttp://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33908-300.pdf
-
8/18/2019 Kasumi Cryptosystem
17/17
+. http)88en#wi+ipedia#org8wi+i8KASUM
,. www#trincoll#ed%8depts8cpsc8crptograph8inde1#html