Investigating the Applicability of Cellular Automata in Cryptosystems

1
Investigating the Applicability of Cellular
Automata in Cryptosystems

• Robert Schick

2
Purpose

• I developed software to answer the following
  questions
• How can cellular automatas pseudo-random
  behavior be applied to cryptography?
• What techniques could be used to attack this
  algorithm and how effective would they be?
• What measures could be taken to block these
  attacks?

3
Cryptosystems
decryption algorithm
plaintext
ciphertext
deciphered plaintext
encryption algorithm
key
key

• Symmetric cryptosystem
• Difficulty of obtaining key is the limiting
  factor in the security of the cryptosystem
• Minimum key size limited by capabilities of brute
  force

4
Cellular Automata

• Cellular automata (CA) are an example of a
  discrete dynamical system, in which interactions
  which update the state of the cells occur in
  discrete intervals.
• The most famous cellular automaton is John
  Conways Game of Life
• Every cell x in an environment E interacts with
  its neighbors by updating itself based on the
  following rules

5
Iterating

• For an automata with an environment of k cells
  which can assumed S states each, there are Sk
  environment states. In this situation, there are
  29 512 unique states.

6
Diffusion and Confusion

• Confusion relates to the relationship between the
  ciphertext and key being as intricate as possible
• Diffusion refers to the dissipation of statistics
  of the plaintext in the ciphertext.
• These attributes deal with the nature of the
  transformations that are applied and how well
  they conceal the statistics of the system.

7
Sensitivity to Initial Conditions

• States which differ infinitesimally, by a single
  bit, often display dramatically different
  behavior after being iterated.
• If the disturbance fills the entire
  environment, the states meet the avalanche bit
  criterion.
• This is an important aspect of a well diffused
  system

8
Step 0
State A
A\B
State B
9
Step 5
State A
A\B
State B
10
Step 10
State A
A\B
State B
11
Cipher
KEY HELLO
PLAINTEXT WORLD
CIPHERTEXT
(4,0)
(86,4)
(162,0)
(172,1)
(176,4)
12
Decipher
KEY HELLO
PLAINTEXT
W
O
R
L
D
13
Cryptographic Attacks

• Ciphertext-only Adversary only has access to a
  set of ciphertexts.
• Plaintext Adversary is in possession of
  ciphertext with corresponding plaintext generated
  by the same key.
• Chosen Plaintext/Ciphertext Adversary can
  generate plaintext/ciphertext under a key, access
  to a decryption oracle
• Related-key adversary can generate ciphertext
  and plaintext under two different keys of which
  the only knowledge is the difference between the
  keys.

14
Breaches

• Total break adversary deduces the key and
  therefore has access to all the plaintexts and
  ciphertexts.
• Global deduction Adversary discovers an
  algorithm which emulates the keyed algorithm, but
  without explicit knowledge of the key.
• Instance deduction Adversary discovers
  plaintexts and ciphertexts that were previously
  unknown.
• Distinguishing algorithm the attacker can
  distinguish ciphertext from a random permutation.

15
Ciphertext Only

• Substitution Cipher
• First term strictly increasing
• This allows for a ciphertexts to be constructed
  of unique ciphercharacters
• Frequency analysis doesnt work, due to the
  diffusion
• For a (3,4,2) ruleset, an average of 37
  iterations occurred between ciphercharacters

16
Chosen Plaintext

• 1. Batch chosen-plaintext Adversary chooses all
  of the plaintext before encryption.
• 2. Adaptive chosen-plaintext Adversary can
  interact with the plaintext and corresponding
  encryption results in real time, utilizing
  information gained from previous encryption
  sessions.
• GLOBAL DEDUCTION

17
Building the dictionary
18
Complete
19
Effectiveness of Attacks

• Anything that could conceivably be classified as
  frequency analysis will not produce significant
  results, since in a given ciphertext no character
  repeats.
• Related Key attacks will also not produce
  significant results
• The most effective attack is the dictionary type
  chosen plaintext attack

20
Countermeasures

• To protect against this attack, I modified the
  algorithm so that every time a new character is
  added to the ciphertext, the ruleset is updated
  based on some factor that is not available to the
  adversary.
• The factor I chose was the leftmost column of the
  environment (since the ASCII characters occupy
  only the first 127/255 values a byte can assume),
  which was not being used to encode information
• By computing a hash sum on the plaintext at the
  beginning and comparing it with the leftmost
  column of the key, the attack that previously
  succeeded is effectively blocked, and additional
  security is added.

21
Modified Cipher
Performing a similar operation on the plaintext
and comparing it with the leftmost column of the
key to assign an original ruleset adds an
additional layer of security (IND-CCA1 at least)
Evaluate the left most column and modulus it with
the number of rulesets that are being alternated
between. This partitions the set of all states
into a division group, then assign a ruleset to
each modular value
KEY HELLO
22
Conclusions

• Cellular automata have many attributes that allow
  them to be successfully implemented in a
  symmetric cryptosystem
• If a constant ruleset is used, numerous drawbacks
  occur in both security and in that there is an
  upper limit of characters that can be
  successfully encoded
• By allowing the ruleset to interact with the
  plaintext, security is increased and the number
  of characters of ciphertext is bounded by the
  plaintext

23
Future Research

• Comparison to the random oracle model, security
  proof
• More manipulation with the many variables,
  especially expanding rulesets to the more general
  evolution function
• More cryptanalysis using techniques such as
  linear and differential cryptanalysis, analysis
  of information entropy and Shannon information.
• Applications to asymmetric cryptosystem