Life After DES: New Methods, New Attacks - Cryptology Unlocked

Cryptography Reference

In-Depth Information

cryptanalysis is rather complicated. Astonishingly, there is a free program to

break this code. But let's look at these things in turn.

The pkzip tool widely used in the PC world groups several files into a single

one — an archive. The files are compressed using a suitable method, and the entire

archive can be encrypted. We are interested in the latter feature, of course. Despite

it being complicated, this section is important, since you will come to understand

at least roughly how today cryptanalysts can disentangle complex things.

The pkzip Cipher

The pkzip encryption is a stream cipher. Similarly to RC4, it creates a key-

dependent byte sequence which is XORed with the ciphertext or the plaintext. In

pkzip , the key-dependent byte sequence depends additionally on the plaintext

previously encrypted. For this reason, and because twelve partially random

bytes, which serve as an initialization vector, among other things, are set prior

to the encryption, an insertion attack won't work.

The method uses three secret 32-bit words, key0, key1 , and key2 , and a secret

byte, K . Byte K is XORed with the plaintext for encryption, or ciphertext

for decryption. Subsequently, the method computes new values for key0, key1,

key2 , and K , depending on the plaintext. This actualization procedure looks

like this:

C=P ⊕ K

key0 = crc32(key0,P)

(a)

key1 = (key1 + (key0 & 0xff)) * 134775813 + 1

(b)

key2 = crc32(key2, key1 >> 24)

(c)

tmp

= key2 | 3

(d)

= (tmp * (tmp ⊕ 1)) >> 8

K

(e)

where P is a plaintext byte, C is a ciphertext byte, and tmp is a 16-bit number.

Similarly to the C programming language, A

n denotes the right shift of A

by n bytes, i.e., key1 24 is the most significant byte of key1 , and K is the

most significant byte of tmp* ( tmp ⊕ 1). The operation key0 & 0xff creates the

least significant byte of key0 , and the expression key2 | 3 just means that the

two least significant bits of key2 are set equal to 1. Finally, crc32() is an easily

computable CRC polynomial:

crc32(key,c) = (key >> 8)

⊕

crctab[(key&0xff) ⊕

c]

(5)

Cryptology Unlocked

Search WWH ::

Custom Search

Home