Cryptography

An implementation of basic ciphers, authentication codes and common attacks.

Implementations

1. Block Cipher(AES)

Implementing a block cipher in both CBC(Chained block cipher) and CTR(counter) mode using AES in ECB(Electronic codebook) mode. CBC MODE

CTR MODE

Since CTR mode is not chained it can be parallelised and it uses the pathos.multiprocessing library of python to distribute each block to a different core. Encyption and decryption of a 3.9MB file takes 6.5 seconds, I found that parallelisation did not offer significant improvement in speed as the majority of the time is spent in copying the large text rather than the encryption part.

2. Video Authentication

To authenticate a streamed video against tampering, a SHA256 hash is computed on it. To allow live playing of the video it is broken into chunks and a chained hash is calculated as shown:

Attacks

1. Many time pad attack

Attack on a one time pad when the same stream cipher key is used more than once to encrypt text The attack leverages patterns in the ASCII representation of text to completely decrypt the target ciphertext when given 10 ciphertexts encrypted with the same OTP. In particular we consider what happens when a space character gets xored with a alphabet - It inverts the case of the character. Then by xor'ing the target ciphertext with each of the given ciphertexts we can determine the character present at each position.

$c_1=k \oplus m_1$

$c_2=k \oplus m_2$

$c_1 \oplus c_2 = m_1 \oplus m_2$

2. Padding oracle attack

The dummy website contains encrypted customer data in its url and uses a chained block cipher for encryption. When the padding for the decrypted CBC ciphertext is invalid it returns a HTTP 403 error(forbidden request). However if the padding is valid but the decrypted message is invalid it returns a HTTP 404 error(URL not found).

Using only this information the padding oracle is able to completely decrypt the ciphertext in at most $256 * |m|$ requests to the server The implementation used a few tricks to speedup the attack such as :

Use the multiprocessing library in python to speedup the attack by parallelising it across all cores of the CPU
Each block of the text is assigned to a different core
Instead of checking all ASCII characters in order it uses a frequency table to check in order of occurence frequency

On a 8 core processor the attack takes 372 seconds for 3 blocks of AES-128 ciphertext

3. Meet in the middle attack for discrete log

Given a large prime p of size 500 bits , a generator g, h from the group $\mathbb{Z}^{*}_{p}$ such that $h=g^{x}$ where $1<\leqslantx\leqslant2^{40}$

We need to find the exponent x. The brute force algorithm takes $O(exp(n))$ Using a meet in the middle method by maintaining a hash table we can reduce this to $O(exp(\sqrt{n}))$ i.e by writing the exponent x as $x=Bx_{0} x_{1}$ where $B=2^{20}$