Cryptography & Algorithms
Theory and implementation of cryptographic algorithms...
56 files

Factoring RSA Keys With TLS Perfect Forward Secrecy
By Teddy Rogers
This report describes the successful factorization of RSA moduli, by connecting to faulty TLS servers which enable forward secrecy and which use an insufficiently hardened RSACRT implementation. The history of this particular RSACRT implementation defect is discussed, and the current state of countermeasures is reviewed. Some familiarity with the RSA cryptosystem and the Transport Layer Security protocol suite is assumed.
27 downloads
0 comments
Submitted

A Guide to RSA
By Teddy Rogers
Welcome to my latest paper which is on the subject of RSA.
My inspiration for this paper comes from the fact that until recently i had no knowledge of the RSA scheme and i want to share with you everything i learnt and present it in a way which would of benefited me more if i had of had this paper now.
This paper also assumes the reader has little knowledge of math and is not intended to be patronising however it might be difficult to follow if you are just reading it, i would recommend taking a pen and paper and following all calculations to make sure you really under each step.
37 downloads
0 comments
Updated

A Practical Cryptanalysis of the Telegram Messaging Protocol
By Teddy Rogers
The number one rule for cryptography is never create your own crypto. Instant messaging application Telegram has disregarded this rule and decided to create an original message encryption protocol. In this work we have done a thorough cryptanalysis of the encryption protocol and its implementation. We look at the underlying cryptographic primitives and how they are combined to construct the protocol, and what vulnerabilities this has. We have found that Telegram does not check integrity of the padding applied prior to encryption, which lead us to come up with two novel attacks on Telegram. The first of these exploits the unchecked length of the padding, and the second exploits the unchecked padding contents. Both of these attacks break the basic notions of INDCCA and INTCTXT security, and are confirmed to work in practice. Lastly, a brief analysis of the similar application TextSecure is done, showing that by using well known primitives and a proper construction provable security is obtained. We conclude that Telegram should have opted for a more standard approach.
25 downloads
0 comments
Updated

Advanced Encryption Standard by Example
By Teddy Rogers
The following document provides a detailed and easy to understand explanation of the implementation of the AES (RIJNDAEL) encryption algorithm. The purpose of this paper is to give developers with little or no knowledge of cryptography the ability to implement AES.
58 downloads
0 comments
Updated

Allout Attacks or How to Attack Cryptography Without Intensive Cryptanalysis
By Teddy Rogers
This article deals with operational attacks leaded against cryptographic tools. Problem is approached from several point of view, the goal being always to retrieve a maximum amount of information without resorting to intensive cryptanalysis. Therefore, focus will be set on errors, deliberate or not, from the implementation or the use of such tools, to information leakage.
First, straight attacks on encryption keys are examined. They are searched in binary files, in memory, or in memory files (such as hibernation files). We also show how a bad initialization on a random generator sharply reduces key entropy, and how to negate this entropy by inserting backdoors.
Then, we put ourselves in the place of an attacker confronted to cryptography. He must first detect such algorithms are used. Solutions for this problem are presented, to analyze binary files as well as communication streams.
Sometimes, an attacker can only access encrypted streams, without having necessary tools to generate such a stream, and is unable to break the encryption used. In such situations, we notice that it often remains information leakages which appear to be clearly interesting. We show how classic methods used in network supervision, forensics and sociology while studying social networks bring pertinent information. We build for example sociograms able to reveal key elements of an organization, to determine the type of organization, etc.
The final part puts in place the set of results obtained previously through the analysis of a closed network protocol. Packet format identification relies on the behavioural analysis of the program, once all the cryptographic elements have been identified.
32 downloads
0 comments
Updated

An Overview of Cryptography
By Teddy Rogers
Does increased security provide comfort to paranoid people? Or does security provide some very basic protections that we are naive to believe that we don't need? During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with.
There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography, which is the focus of this chapter. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. The reader is advised, then, that the topics covered in this chapter only describe the first of many steps necessary for better security in any number of situations.
This paper has two major purposes. The first is to define some of the terms and concepts behind basic cryptographic methods, and to offer a way to compare the myriad cryptographic schemes in use today. The second is to provide some real examples of cryptography in use today.
I would like to say at the outset that this paper is very focused on terms, concepts, and schemes in current use and is not a treatise of the whole field. No mention is made here about precomputerized crypto schemes, the difference between a substitution and transposition cipher, cryptanalysis, or other history. Interested readers should check out some of the books in the bibliography below for this detailed and interesting background information.
26 downloads
0 comments
Updated

Application of Multivariate Quadratic Public Key Systems
By Teddy Rogers
In this article, we investigate the class of multivariate quadratic (\MQ) public key systems. These systems are becoming a serious alternative to RSA or ECC based systems. After introducing the main ideas and briefly sketching some relevant systems, we deal with the advantages and disadvantages of these kind of schemes. Based on our observations, we determine application domains in which \MQschemes have advantages over RSA or ECC. We concentrate on product activation keys, electronic stamps and fast oneway functions.
21 downloads
0 comments
Updated

Block Ciphers and Cryptanalysis
By Teddy Rogers
This report gives a basic introduction to block cipher design and analysis. The concepts and design principles of block ciphers are explained, particularly the class of block ciphers known as Feistel ciphers. Some modern block cipher cryptoanalysis methods are demonstrated by applying them to variants of a weak Feistel cipher called Simplified TEA (STEA), which is based on the Tiny Encryption Algorithm (TEA).
22 downloads
0 comments
Updated

Cache Missing For Fun and Profit
By Teddy Rogers
We describe the construction of a channel between processes via the state of a shared memory cache, and its use in the cryptanalysis of RSA. Unlike earlier sidechannel attacks involving memory caches, our attack has the remarkable property of only requiring that a single private key operation be observed.
We also discuss other methods in which this channel might be abused, and provide some suggestions to processor designers, operating system vendors, and the authors of cryptographic software as to how this and related attacks could be mitigated or eliminated entirely.
18 downloads
0 comments
Updated

Cache Timing Attacks on AES
By Teddy Rogers
This paper demonstrates complete AES key recovery from knownplaintext timings of a network server on another computer. This attack should be blamed on the AES design, not on the particular AES library used by the server; it is extremely difficult to write constanttime highspeed AES software for common generalpurpose computers. This paper discusses several of the obstacles in detail.
26 downloads
0 comments
Updated

CRC and How to Reverse It
By Teddy Rogers
This essay consists of a CRC tutorial and a way of how to reverse it. Many Coders/Reversers don't know exactly how CRC works and almost no one knows how to reverse it, while this knowledge could be very usefull. First the tutorial will learn you how to calculate CRC in general, you can use it as data/code protection. Second, the reverse part will learn you (mainly) how to reverse CRC32, you can use this to break certain CRC protections in programs or over programs (like antivirus). There seem to be utilities who can 'correct' CRCs for you, but I doubt they also explain what they're doing. I'd like to warn you, since there is quite some math used in this essay. This wont harm anyone, and will be well understood by the avarage Reverser or Coder. Why? Well. If you dont know why math is used in CRC, I suggest that you click that button with a X at the topright of this screen. So I assume the reader has knowledge of binair rithmetic.
44 downloads
0 comments
Updated

Cryptography and Reverse Engineering
By Teddy Rogers
The topic we will cover today is Cryptography and Applied Reverse Engineering, the preferred OS will be obviously Windows, but Concepts and Techniques can be applied also for UNIX Like platforms, and partially on some kind of Crypto Hardware Devices such FPGAs.
It's important to well define what kind of Speech will be this, surely not an How To Crack speech, here we are Reversers and Not Crackers, people with Crack intentions can join to #Crackversity.
So what is the principal objective of this meet? To give a good and detailed Information about Reverse Engineering for Cryptography, you will find
Basics needed to understand Critical Security Applications Basic Knowledge on Cryptography Well Defined Learning Paths Pointers and Links Useful for the learning process Reversing hints for most common Protection Schemes32 downloads
0 comments
Updated

Description of the MD5 Algorithm
By Teddy Rogers
This document describes the MD5 messagedigest algorithm. The algorithm takes as input a message of arbitrary length and produces as output a 128bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a publickey crypto system such as RSA.
33 downloads
0 comments
Updated

Description of the SHA1 Algorithm
By Teddy Rogers
The purpose of this document is to make the SHA1 (Secure Hash Algorithm 1) hash algorithm conveniently available to the Internet community. The United States of America has adopted the SHA1 hash algorithm described herein as a Federal Information Processing Standard. Most of the text herein was taken by the authors from FIPS 1801. Only the C code implementation is "original".
23 downloads
0 comments
Updated

Development of Advanced Encryption Standard
By Teddy Rogers
Overview of the development process for the Advanced Encryption Standard.
27 downloads
0 comments
Updated

Disadvantages of Regulating Cryptography
By Teddy Rogers
In light of recent events new concern has arisen on the general availability of strong encryption software, and how this software might be abused for illegal or immoral actions. There is new fear that terrorists may enjoy access to strong cryptographic devices to communicate with total privacy. One of the suggested solutions is to force regulation of cryptography there by weaken the encryption software we are all allowed to use.
16 downloads
0 comments
Updated

Dissecting RC4 Algorithm
By Teddy Rogers
This tutorial will show you how RC4 algorithm works stepbystep.
Enclosed, a presentation and an executable file created by myself to make it clear for you.
20 downloads
0 comments
Updated

Efficient Implementation of Rijndael SBox
By Teddy Rogers
Discussion of an efficient hardware implementation of the Rijndael SBox.
21 downloads
0 comments
Updated

0 comments
Updated

Elliptic Curve Cryptosystem Classroom
By Teddy Rogers
Welcome to the Elliptic Curve Cryptosystem Classroom. This site provides an intuitive introduction to Elliptic Curves and how they are used to create a secure and powerful cryptosystem. The first three sections introduce and explain the properties of elliptic curves. A background understanding of abstract algebra is required, much of which can be found in the Background Algebra section. The next section describes the factor that makes elliptic curve groups suitable for a cryptosystem though the introduction of the Elliptic Curve Discrete Logarithm Problem (ECDLP). The last section brings the theory together and explains how elliptic curves and the ECDLP are applied in an encryption scheme. This classroom requires a JAVA enabled browser for the interactive elliptic curve experiments and animated examples.
Elliptic curves as algebraic/geometric entities have been studied extensively for the past 150 years, and from these studies has emerged a rich and deep theory. Elliptic curve systems as applied to cryptography were first proposed in 1985 independently by Neal Koblitz from the University of Washington, and Victor Miller, who was then at IBM, Yorktown Heights.
Many cryptosystems often require the use of algebraic groups. Elliptic curves may be used to form elliptic curve groups. A group is a set of elements with customdefined arithmetic operations on those elements. For elliptic curve groups, these specific operations are defined geometrically. By introducing more stringent properties to the elements of a group, such as limiting the number of points on such a curve, creates an underlying field for an elliptic curve group. In this classroom, elliptic curves are first examined over real numbers in order to illustrate the geometrical properties of elliptic curve groups. Thereafter, elliptic curves groups are examined with the underlying fields of Fp (where p is a prime) and F2m (a binary representation with 2m elements).
18 downloads
0 comments
Updated

Extending SAT Solvers to Cryptographic Problems
By Teddy Rogers
Cryptography ensures the confidentiality and authenticity of information but often relies on unproven assumptions. SAT solvers are a powerful tool to test the hardness of certain problems and have successfully been used to test hardness assumptions. This paper extends a SAT solver to efficiently work on cryptographic problems. The paper further illustrates how SAT solves process cryptographic functions using automatically generated visualizations, introduces techniques for simplifying the solving process by modifying cipher representations, and demonstrates the feasibility of the approach by solving three stream ciphers.
To optimize a SAT solver for cryptographic problems, we extend the solver's input language to support the XOR operation that is common in cryptography. To better understand the inner workings of the adapted solver and to identify bottlenecks, we visualize its execution. Finally, to improve the solving time significantly, we remove the bottlenecks by altering the function representation and by preparsing the resulting system of equations.
The main contribution of this paper is a new approach to solving cryptographic problems by adapting both the problem description and the solver synchronously instead of tweaking just one of them. Using these techniques, we were able to solve a wellresearched stream cipher 2^6 times faster than was previously possible.
16 downloads
0 comments
Updated

Factorization of a 768bit RSA Modulus
By Teddy Rogers
This paper reports on the factorization of the 768bit number RSA768 by the number field sieve factoring method and discusses some implications for RSA.
17 downloads
0 comments
Updated

FaultBased Attack of RSA Authentication
By Teddy Rogers
For any computing system to be secure, both hardware and software have to be trusted. If the hardware layer in a secure system is compromised, not only it would be possible to extract secret information about the software, but it would be extremely hard for the software to detect that an attack is underway. In this work we detail a complete endtoend faultattack on a microprocessor system and practically demonstrate how hardware vulnerabilities can be exploited to target secure systems. We developed a theoretical attack to the RSA signature algorithm, and we realized it in practice against an FPGA implementation of the system under attack. To perpetrate the attack, we inject transient faults in the target machine by regulating the voltage supply of the system. Thus, our attack does not require access to the victim system's internal components, but simply proximity to it.
The paper makes three important contributions: first, we develop a systematic faultbased attack on the modular exponentiation algorithm for RSA. Second, we expose and exploit a severe flaw on the implementation of the RSA signature algorithm on OpenSSL, a widely used package for SSL encryption and authentication. Third, we report on the first physical demonstration of a faultbased security attack of a computer microprocessor system running unmodified production software: we attack the original OpenSSL authentication library running on a SPARC Linux system implemented on FPGA, and extract the system's 1024bit RSA private key in approximately 100 hours.
24 downloads
0 comments
Updated

GPUbased Password Cracking
By Teddy Rogers
Since users rely on passwords to authenticate themselves to computer systems, adversaries attempt to recover those passwords. To prevent such a recovery, various password hashing schemes can be used to store passwords securely. However, recent advances in the graphics processing unit (GPU) hardware challenge the way we have to look at secure password storage. GPU's have proven to be suitable for cryptographic operations and provide a significant speedup in performance compared to traditional central processing units (CPU's).
This research focuses on the security requirements and properties of prevalent password hashing schemes. Moreover, we present a proof of concept that launches an exhaustive search attack on the MD5crypt password hashing scheme using modern GPU's. We show that it is possible to achieve a performance of 880 000 hashes per second, using different optimization techniques. Therefore our implementation, executed on a typical GPU, is more than 30 times faster than equally priced CPU hardware. With this performance increase, `complex' passwords with a length of 8 characters are now becoming feasible to crack. In addition, we show that between 50% and 80% of the passwords in a leaked database could be recovered within 2 months of computation time on one Nvidia GeForce 295 GTX.
26 downloads
0 comments
Updated

Handbook of Applied Cryptography
By Teddy Rogers
Examines symmetrickey block ciphers, including both general concepts and details of specific algorithms.
19 downloads
0 comments
Updated