weverton luis da costa cordeiro [email protected] blowfish
TRANSCRIPT
![Page 2: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/2.jpg)
Agenda
● Introdução● Funcionamento● Criptoanálise● Principais Usuários● Curiosidades● Considerações Finais● Referências
![Page 3: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/3.jpg)
Blowfish
● Projetista: Bruce Schneier● Algoritmo criptográfico de chave
simétrica● Melhor desempenho que DES e IDEA● Primeiramente publicado em 1994
Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish)
Publicação: Fast Software Encryption, Cambridge Security Workshop Proceedings (December 1993), Springer-Verlag, 1994, pp. 191-204.
![Page 4: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/4.jpg)
Blowfish
● Principais Características Estrutura: Rede de Feistel
● 16 rounds Cifragem de Bloco
● Tamanho: 64 bits Tamanho da chave: 32 até 448 bits (passos de 8 bits)
Caixas de substituição: dependente da chave
Algoritmo de agendamento de chaves: “complexo”
Decriptação é identica à encriptação exceto pela ordem das chaves da rodada
● Mesma abordagem do Data Encription Standard
![Page 5: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/5.jpg)
Blowfish
● Consiste em duas partes Expansão de Chave
● Converte uma chave de até 448 bits em um P array contendo 18 sub-chaves e 4 caixas de substituição com 256 entradas, representando um processamento de 4168 bytes
Encriptação de Dados● Utilizando uma função simples iterada 16 vezes
![Page 6: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/6.jpg)
Blowfish: Funcionamento
● Modos de Funcionamento (Alguns...) ECB (Electronic Code Book)
● Cada bloco é criptografado independentemente● Blocos de texto idênticos são criptografados para o mesmo
bloco cifrado● Reordenação do texto plano resulta na mesma reordenação
dos blocos cifrados● Erros de encriptação apenas afetam o bloco onde o mesmo
ocorreu
CBC (Cipher Block Chaining)● (Bloco cifrado no passo anterior) XOR (Bloco de texto plano
do passo atual) = (Bloco de texto a ser cifrado no passo atual)
![Page 7: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/7.jpg)
Blowfish: Rede de Feistel
![Page 8: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/8.jpg)
Blowfish: Algoritmo Principal
![Page 9: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/9.jpg)
Blowfish: Algoritmo Principal
● Sub-chaves Array com 18 sub-chaves Sub-chave Pi utilizada na i-ésima rodada
Sub-chaves P17 e P18 utilizadas no último passo, numa operação de XOR com uma das metades xR e xL
![Page 10: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/10.jpg)
Blowfish: Round Function
● Inconsistência (de acordo com o código): ((S1[a] + S2[b]) XOR S3[c]) + S4[d]
![Page 11: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/11.jpg)
Blowfish: Round Function
● Caixas de substituição 4 caixas Possuem 256 entradas cada Recebem 8 bits como entrada e produzem 32
bits de saída
![Page 12: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/12.jpg)
Blowfish: Key Schedule
![Page 13: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/13.jpg)
Blowfish: Key Schedule
● Notas Para inicializar 18 sub-chaves e 4 tabelas de
substituição, são necessários 18*32 + 4*256*32 = 576 + 32768 = 33344 dígitos binários de PI
Para finalizar 18 sub-chaves e 4 tabelas de substituição, é necessário aplicar o algoritmo Blowfish (18+4*256)/2 = 1042/2 = 521 vezes.
● É utilizada a chave secreta para a geração das mesmas● Cada nova chave requer o processamento equivalente à
encriptação de 4KB de texto
![Page 14: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/14.jpg)
Blowfish: Criptoanálise
● Nenhum estudo efetivo publicado até o ano de 2006 (Bruce Schneier, Wikipédia)
● No entanto Bloco de 64 bits considerado pequeno,
suscetível a ataque de aniversário (birthday attack)
![Page 15: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/15.jpg)
Blowfish: Criptoanálise
● Artigos Publicados On the Weak Keys of Blowfish (1996)
● Proceedings of the Third International Workshop on Fast Software Encryption table of contents
● Autores: Serge Vaudenay● Abstract: There is a class of keys that can be detected--although
not broken--in Blowfish variants of 14 rounds or less.
![Page 16: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/16.jpg)
Blowfish: Criptoanálise
● Artigos Publicados
On Weaknesses of Non–surjective Round Functions (1997)
● Journal: Designs, Codes and Cryptography● Autores: Vincent Rijmen, Bart Preneel, Erik De Win● Abstract: We propose a new attack on Feistel ciphers with a non-
surjective round function. CAST and LOKI91 are examples of such ciphers.
On the Key Schedule of Blowfish (2005)● Disponível em: http://citeseer.ist.psu.edu/schmidt05key.html● Autores: Dieter Schimidt● Abstract: In this article the author shows that for the block cipher
Blowfish, the subkeys for the third and fourth round do not depend on the first 64 bits of the userkey.
![Page 17: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/17.jpg)
Blowfish: “Principais” “Usuários”
PuTTY
![Page 18: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/18.jpg)
Blowfish: Curiosidades
● The software magazine Dr. Dobb's Journal is sponsoring $1000 contest for the best cryptanalysis of Blowfish received before April 1995. Please contact me for details.
![Page 19: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/19.jpg)
Blowfish: Curiosidades
● Blowfish on "24" (On April 27, 2005) Two nights ago, my encryption algorithm Blowfish was mentioned on
the Fox show "24." An alleged computer expert from the fictional anti-terror agency CTU was trying to retrieve some files from a terrorist's laptop. This is the exchange between the agent and the terrorist's girlfriend:
They used Blowfish algorithm.
How can you tell?
By the tab on the file headers.
Can you decrypt it?
CTU has a proprietary algorithm. It shouldn't take that long. We'll start by trying to hack the password. Let's start with the basics. Write down nicknames, birthdays, pets -- anything you think he might have used.
● Quote: “I just tried explaining to my wife why this was funny and she said "I didn't understand anything you just said". Nevermind.”
![Page 20: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/20.jpg)
Considerações Finais
● Blowfish Grande popularidade alcançada a partir da
sua distribuição sob domínio público Não existe criptoanálise eficiente conhecida
● Vulnerável a ataque de aniversário, portanto não recomendado para criptografia de grandes quantidades de dados
Resistente à criptoanálise linear, diferencial e integral
Continua em largo uso, para a criptografia de pequenas quantidades de dados
![Page 21: Weverton Luis da Costa Cordeiro weverton.cordeiro@inf.ufrgs.br Blowfish](https://reader035.vdocuments.mx/reader035/viewer/2022081505/552fc10e497959413d8c4c93/html5/thumbnails/21.jpg)
Referências● Schneier, B. (1994) “Description of a New Variable-Length Key, 64-
Bit Block Cipher (Blowfish)”. In: Fast Software Encryption, Cambridge Security Workshop Proceedings (December 1993), Springer-Verlag, 1994, pp. 191-204.
● Cryptography Tutorials - Herong's Tutorial Notes. Disponível em: http://www.herongyang.com/crypto/cipher_blowfish.html. Acesso em: Abril, 2007.
● Blowfish (cipher). Disponível em: http://en.wikipedia.org/wiki/Blowfish_(cipher). Acesso em: Abril, 2007.
● The Blowfish Encryption Algorithm. Disponível em: http://www.schneier.com/blowfish.html. Acesso em: Abril, 2007.
● [Courses] [C] A tutorial on Blowfish. Disponível em: http://mailman.linuxchix.org/pipermail/courses/2002-December/001120.html. Acesso em: Abril, 2007.