payatu.com
Open in
urlscan Pro
2606:4700:20::681a:aed
Public Scan
URL:
https://payatu.com/blog/stream-ciphers-cryptography-for-ctfs/
Submission: On November 10 via api from US — Scanned from DE
Submission: On November 10 via api from US — Scanned from DE
Form analysis
3 forms found in the DOMPOST
<form data-form_id="2" id="fluentform_2" class="frm-fluent-form fluent_form_2 ff-el-form-top ff_form_instance_2_1 ffs_default ff-form-loaded" data-form_instance="ff_form_instance_2_1" method="POST" data-cb-wrapper="true">
<fieldset style="border: none!important;margin: 0!important;padding: 0!important;background-color: transparent!important;box-shadow: none!important;outline: none!important; min-inline-size: 100%;">
<legend class="ff_screen_reader_title" style="display: block; margin: 0!important;padding: 0!important;height: 0!important;text-indent: -999999px;width: 0!important;overflow:hidden;">Subscription Form</legend><input type="hidden"
name="__fluent_form_embded_post_id" value="10877"><input type="hidden" id="_fluentform_2_fluentformnonce" name="_fluentform_2_fluentformnonce" value="ac5b5ca244"><input type="hidden" name="_wp_http_referer"
value="/blog/stream-ciphers-cryptography-for-ctfs/">
<div data-name="ff_cn_id_1" class="ff-t-container ff-column-container ff_columns_total_2 ">
<div class="ff-t-cell ff-t-column-1" style="flex-basis: 80%;">
<div class="ff-el-group">
<div class="ff-el-input--content"><input type="email" name="email" id="ff_2_email" class="ff-el-form-control" placeholder="Your Email Address" data-name="email" aria-invalid="false" aria-required="true"></div>
</div>
</div>
<div class="ff-t-cell ff-t-column-2" style="flex-basis: 20%;">
<div class="ff-el-group ff-text-left ff_submit_btn_wrapper ff_submit_btn_wrapper_custom"><button class="ff-btn ff-btn-submit ff-btn-md ff_btn_style wpf_has_custom_css" type="submit" name="custom_submit_button-2_1"
data-name="custom_submit_button-2_1">Subscribe</button>
<style>
form.fluent_form_2 .wpf_has_custom_css.ff-btn-submit {
background-color: #409EFF;
border-color: #409EFF;
color: #ffffff;
min-width: 100%;
}
form.fluent_form_2 .wpf_has_custom_css.ff-btn-submit:hover {
background-color: #ffffff;
border-color: #409EFF;
color: #409EFF;
min-width: 100%;
}
</style>
</div>
</div>
</div>
</fieldset>
</form>
POST
<form data-form_id="2" id="fluentform_2" class="frm-fluent-form fluent_form_2 ff-el-form-top ff_form_instance_2_2 ffs_default ff-form-loaded" data-form_instance="ff_form_instance_2_2" method="POST" data-cb-wrapper="true">
<fieldset style="border: none!important;margin: 0!important;padding: 0!important;background-color: transparent!important;box-shadow: none!important;outline: none!important; min-inline-size: 100%;">
<legend class="ff_screen_reader_title" style="display: block; margin: 0!important;padding: 0!important;height: 0!important;text-indent: -999999px;width: 0!important;overflow:hidden;">Subscription Form</legend><input type="hidden"
name="__fluent_form_embded_post_id" value="10877"><input type="hidden" id="_fluentform_2_fluentformnonce" name="_fluentform_2_fluentformnonce" value="ac5b5ca244"><input type="hidden" name="_wp_http_referer"
value="/blog/stream-ciphers-cryptography-for-ctfs/">
<div data-name="ff_cn_id_1" class="ff-t-container ff-column-container ff_columns_total_2 ">
<div class="ff-t-cell ff-t-column-1" style="flex-basis: 80%;">
<div class="ff-el-group">
<div class="ff-el-input--content"><input type="email" name="email" id="ff_2_2_email" class="ff-el-form-control" placeholder="Your Email Address" data-name="email" aria-invalid="false" aria-required="true"></div>
</div>
</div>
<div class="ff-t-cell ff-t-column-2" style="flex-basis: 20%;">
<div class="ff-el-group ff-text-left ff_submit_btn_wrapper ff_submit_btn_wrapper_custom"><button class="ff-btn ff-btn-submit ff-btn-md ff_btn_style wpf_has_custom_css" type="submit" name="custom_submit_button-2_1"
data-name="custom_submit_button-2_1">Subscribe</button>
<style>
form.fluent_form_2 .wpf_has_custom_css.ff-btn-submit {
background-color: #409EFF;
border-color: #409EFF;
color: #ffffff;
min-width: 100%;
}
form.fluent_form_2 .wpf_has_custom_css.ff-btn-submit:hover {
background-color: #ffffff;
border-color: #409EFF;
color: #409EFF;
min-width: 100%;
}
</style>
</div>
</div>
</div>
</fieldset>
</form>
<form autocomplete="off" role="search" class="jetpack-instant-search__search-results-search-form">
<div class="jetpack-instant-search__search-form">
<div class="jetpack-instant-search__box"><label for="jetpack-instant-search__box-input-1" class="jetpack-instant-search__box-label">
<div class="jetpack-instant-search__box-gridicon"><svg focusable="true" height="24" viewBox="0 0 24 24" width="24" xmlns="http://www.w3.org/2000/svg" aria-hidden="false" class="gridicon gridicons-search " style="height: 24px; width: 24px;">
<title>Magnifying Glass</title>
<g>
<path d="M21 19l-5.154-5.154C16.574 12.742 17 11.42 17 10c0-3.866-3.134-7-7-7s-7 3.134-7 7 3.134 7 7 7c1.42 0 2.742-.426 3.846-1.154L19 21l2-2zM5 10c0-2.757 2.243-5 5-5s5 2.243 5 5-2.243 5-5 5-5-2.243-5-5z"></path>
</g>
</svg></div><input autocomplete="off" id="jetpack-instant-search__box-input-1" inputmode="search" placeholder="Search…" type="search" class="search-field jetpack-instant-search__box-input"><button tabindex="-1"
class="screen-reader-text assistive-text">Search</button>
</label></div>
</div>
</form>
Text Content
We value your privacy Dear visitor, our website uses cookies to provide you with a better browsing experience and to analyze site traffic. By clicking 'Accept,' you consent to our use of cookies. Customize Reject All Accept All Customize Consent Preferences We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below. The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... Show more NecessaryAlways Active Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data. No cookies to display. Functional Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features. No cookies to display. Analytics Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc. No cookies to display. Performance Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors. No cookies to display. Advertisement Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns. No cookies to display. Reject All Save My Preferences Accept All Skip to content * Services SERVICES * IoT Security Assessment * Red Team Assessment * Product Security * AI/ML Security Audit * Web Application Security Testing * SOC Service * IoT Security Assessment * Red Team Assessment * Product Security * AI/ML Security Audit * Web Application Security Testing * SOC Service * Mobile Application Security Testing * DevSecOps Consulting * Code Review * Cloud Security Assessment * Critical Infrastructure Assessment * Mobile Application Security Testing * DevSecOps Consulting * Code Review * Cloud Security Assessment * Critical Infrastructure Assessment * Products PRODUCTS EXPLIoT EXPLIoT is framework for IoT security testing and exploitation. EXPLIoT Store EXPLIoT Store is the ultimate marketplace for IoT security hacking and learning gadgets. EXPLIoT Academy EXPLIoT Academy is an online institution for learning practical courses related to IoT security. CloudFuzz CloudFuzz is platform that lets you code for bugs by running your software with millions of test cases. Product Partner – Riscure Riscure’s top-of-the-line security products such as Inspector SCA, Inspector FI, Truecode, etc. * Who We Are WHO WE ARE * About Us * Payatu Bandits * Hardware-Lab * News * Career * About Us * Payatu Bandits * Hardware-Lab * News * Career * Resources RESOURCES * Blog * Masterclass * Case Studies * Ebooks * Advisory * Media * Checklist * Reports * Datasheet * Blog * Masterclass * Case Studies * Ebooks * Advisory * Media * Checklist * Reports * Datasheet TOOLS * BugBazaar * securecode.wiki * DVAPI * BugBazaar * securecode.wiki * DVAPI COMMUNITY * Telegram Community * Telegram Community * Contact Us CONTACT US * Pune Location * Europe Location * Australia Location * USA Location * Pune Location * Europe Location * Australia Location * USA Location * We Are Hiring TOP OPENINGS * Security consultant * IT sales * Pre-Sales Executive * Software Developer * Embedded Developer * Security consultant * IT sales * Pre-Sales Executive * Software Developer * Embedded Developer ALL OPENINGS Get all of it Be a Bandit EMPLOYEE CENTRIC WORK CULTURE Join the work culture that offers - Flexible Work Hours, Adaptable Leave Structure, Employee Wellness Schemes, Wanderlusting Work Plans, International Brand Exposure, Rewards and Recognitions. NEVER STOP LEARNING Be a part of a clan that motivates and keeps you on edge with opportunities like Reimbursement Policy Upto 1000 USD for Certification Courses, Hosting Internal & External Webinars, Personal Goal Setting & Guidance for KRA. COHERE WITH THE COMMUNITY We are more than a company; we are a community which offers opportunities to be a part of global conferences, promote in-house talent for writing research papers, provides support and rewards for writing blogs and reward employees for referrals. * Services SERVICES * IoT Security Assessment * Red Team Assessment * Product Security * AI/ML Security Audit * Web Application Security Testing * SOC Service * IoT Security Assessment * Red Team Assessment * Product Security * AI/ML Security Audit * Web Application Security Testing * SOC Service * Mobile Application Security Testing * DevSecOps Consulting * Code Review * Cloud Security Assessment * Critical Infrastructure Assessment * Mobile Application Security Testing * DevSecOps Consulting * Code Review * Cloud Security Assessment * Critical Infrastructure Assessment * Products PRODUCTS EXPLIoT EXPLIoT is framework for IoT security testing and exploitation. EXPLIoT Store EXPLIoT Store is the ultimate marketplace for IoT security hacking and learning gadgets. EXPLIoT Academy EXPLIoT Academy is an online institution for learning practical courses related to IoT security. CloudFuzz CloudFuzz is platform that lets you code for bugs by running your software with millions of test cases. Product Partner – Riscure Riscure’s top-of-the-line security products such as Inspector SCA, Inspector FI, Truecode, etc. * Who We Are WHO WE ARE * About Us * Payatu Bandits * Hardware-Lab * News * Career * About Us * Payatu Bandits * Hardware-Lab * News * Career * Resources RESOURCES * Blog * Masterclass * Case Studies * Ebooks * Advisory * Media * Checklist * Reports * Datasheet * Blog * Masterclass * Case Studies * Ebooks * Advisory * Media * Checklist * Reports * Datasheet TOOLS * BugBazaar * securecode.wiki * DVAPI * BugBazaar * securecode.wiki * DVAPI COMMUNITY * Telegram Community * Telegram Community * Contact Us CONTACT US * Pune Location * Europe Location * Australia Location * USA Location * Pune Location * Europe Location * Australia Location * USA Location * We Are Hiring TOP OPENINGS * Security consultant * IT sales * Pre-Sales Executive * Software Developer * Embedded Developer * Security consultant * IT sales * Pre-Sales Executive * Software Developer * Embedded Developer ALL OPENINGS Get all of it Be a Bandit EMPLOYEE CENTRIC WORK CULTURE Join the work culture that offers - Flexible Work Hours, Adaptable Leave Structure, Employee Wellness Schemes, Wanderlusting Work Plans, International Brand Exposure, Rewards and Recognitions. NEVER STOP LEARNING Be a part of a clan that motivates and keeps you on edge with opportunities like Reimbursement Policy Upto 1000 USD for Certification Courses, Hosting Internal & External Webinars, Personal Goal Setting & Guidance for KRA. COHERE WITH THE COMMUNITY We are more than a company; we are a community which offers opportunities to be a part of global conferences, promote in-house talent for writing research papers, provides support and rewards for writing blogs and reward employees for referrals. STREAM CIPHERS: CRYPTOGRAPHY FOR CTFS * Mukund Kedia * July 4, 2024 Stream ciphers operate on each bit of data in the message rather than on a chunk of data at a time. Encryption and decryption are straightforward with stream ciphers, which use the same keystream for both processes. Stream ciphers are inherently simple, involving only XOR operations for both encryption and decryption, using the same keystream each time. Table of Contents Toggle * OTP (One Time Pad) * Issues with mitigation of the OTP * Use of PRNG * LCG (Linear Congruential Generators) * LFSR (Linear Feedback Shift Register) * Encryption * Attack on LFSR * References OTP (ONE TIME PAD) The One Time Pad (OTP) is a type of stream cipher, but it has been deemed impractical for long-term use. In OTP, a user encrypts a message by XORing it with a secret key message. The vulnerability of OTP lies in its XOR operations and properties. It has been observed that if multiple ciphertexts are generated using the same key, an attacker could potentially reverse engineer the ciphertext to recover the plaintext. The above code demonstrates how the XOR operation can be used to obtain the plaintext from ciphertext, with the help of a key. If the same key is used multiple times, and the attacker possesses any pair of ciphertext and plaintext, they can deduce the key and use it to decrypt other ciphertexts. ISSUES WITH MITIGATION OF THE OTP To mitigate the above vulnerability, we would need to generate a new key every time we encrypt data. However, constantly generating a new key with the same number of bits as the message would be labour-intensive. If a new keystream is used each time, then OTP becomes unconditionally secure. Its keystream is generated from a truly random number generator (TRNG). Therefore, this necessitates the adoption of newer encryption techniques. USE OF PRNG The key part of a Stream Cipher is generating the keystream, which should consist of random numbers. A PRNG (Pseudo-Random Number Generator) can be utilized for this purpose. It is designed to generate pseudo-random numbers using an algorithm and an initial seed (initial number sequence), approximating truly random numbers. In the diagram below, we denote the keystream as S to illustrate the operation of the Stream Cipher. Modulo 2 arithmetic is employed to obtain either 0 or 1 for each bit of the message. Modulo 2 addition refers to the XOR operation. The diagram below represents the generation of the key stream. Modular arithmetic and Rings are important concepts required to understand the formation of equations. LCG (LINEAR CONGRUENTIAL GENERATORS) The above code shows the encryption process, which involves generating keys using LCG (Linear Congruential Generators), an example of PRNG. The above code shows the decryption process of ciphertext text with keys generated using LCG. The above code demonstrates an attack on LCG, where A and B (which are parts of the keys) are calculated using only the first few characters of the plaintext and ciphertext. The attack utilizes the Extended Euclidean algorithm to determine the modular inverse of a number. The code comments depict the calculation of A and B values. This underscores the necessity of finding the modular inverse of (S1 – S2), where S1, S2, and S3 represent initial segments of the keystream. If the attacker knows the first three values of the plaintext stream, they can compute the corresponding first three values of the keystream using XOR operations with the ciphertext stream. This approach would unveil the constant values of the encryption equation (A and B), enabling the computation of all subsequent keystream values. LFSR (LINEAR FEEDBACK SHIFT REGISTER) It employs a Stream Cipher that can operate on small hardware, specifically with low power consumption. This cipher generates pseudo-random numbers that are even more difficult to crack. Below is a diagram illustrating a general LFSR (Linear Feedback Shift Register). For the attack on LFSR to succeed, the attacker needs the complete encrypted text, the degree of the LFSR (denoted by ‘m’), and the first ‘2m’ plaintext values, which might include the header part. From these values, the attacker can derive the LFSR configuration. The keystream Si can be computed from 0 to 2m-1 using this information. To calculate S2m, an algebraic equation can be formulated using the following equation, where Pi can be either 0 or 1. The Gaussian elimination technique can be utilized to determine all the values of P0 to Pm-1. This enables us to subsequently compute the key values S2m, S2m+1, and so on. ENCRYPTION The code below demonstrates the encryption process, generating the keystream from an LFSR (Linear Feedback Shift Register) pseudo-random number generator. ATTACK ON LFSR The code below demonstrates the attack technique to deduce the remaining values of the keystream by acquiring the values of P (as illustrated in the diagram above). It assumes the attacker has access to the ciphertext and the first 2m bits of the plaintext. Here, the degree of the LFSR (m) is 3, so 2m bits equals 6. The first 6 bits of the secret keystream, generated in the previous code, are used and provided in the comments of the current code. The ciphertext generated from the previous encryption process is input for this attack scenario. The attacker also knows the plaintext’s first 6 (2m) bits. If the first 6 bits of the plaintext are known, a straightforward XOR operation between the plaintext bits and ciphertext bits reveals the first 6 bits of the keystream (denoted as Si, from S0 to S5). The code below outputs the value of P, which was initially used in the previous code to generate the keystream. By determining the P value, the attacker can subsequently compute the entire keystream using the equations detailed in the code comments below. The matrix (2D array / List) depicted in the code is computed using the Si values for application in the Gaussian elimination method. REFERENCES 1. https://tailcall.net/posts/cracking-rngs-lcgs/ 2. https://www.geeksforgeeks.org/multiplicative-inverse-under-modulo-m/ 3. https://www.geeksforgeeks.org/gaussian-elimination/ 4. Introduction to Cryptography by Christof Paar Subscribe to our Newsletter Subscription Form Subscribe Research Powered Cybersecurity Services and Training. Eliminate security threats through our innovative and extensive security assessments. SUBSCRIBE TO OUR NEWSLETTER Subscription Form Subscribe SERVICES * IoT Security Assessment * Red Team Assessment * Product Security * AI/ML Security Audit * Web Application Security Testing * SOC Service * Mobile Application Security Testing * DevSecOps Consulting * Code Review * Cloud Security Assessment * Critical Infrastructure Assessment PRODUCTS * ExPLIoT * EXPLIoT Store * EXPLIoT Academy * CloudFuzz CONFERENCE * Nullcon * Hardwear.io RESOURCES * Blog * Masterclass * Case Studies * Ebooks * Advisory * Media * Checklist * Reports * Datasheet ABOUT * Career * About Us * News * Contact-Us * Payatu Bandits * WhatsApp Community * Hardware-Lab * Disclosure Policy * Corporate Partners Services Iot Security Testing Red Team Assessment Product Security AI/ML Security Audit Web Security Testing Mobile Security Testing DevSecOps Consulting Code Review Cloud Security Critical Infrastructure SOC Service Products ExPLIoT CloudFuzz Conference Nullcon Hardwear.io Resources Blog E-Book Advisory Media Case Studies MasterClass Series BugBazaar Securecode.wiki About About Us Career News Contact Us Payatu Bandits WhatsApp Community Hardware-Lab Disclosure Policy Corporate Partners Youtube Linkedin Facebook Twitter Instagram Whatsapp All rights reserved © 2024 Payatu SEARCH RESULTS Magnifying Glass Search Close search results FiltersShow filters Sort by: Relevance•Newest•Oldest NO RESULTS FOUND FILTER OPTIONS Close Search Search powered by Jetpack