payatu.com Open in urlscan Pro
2606:4700:20::681a:aed  Public Scan

URL: https://payatu.com/blog/stream-ciphers-cryptography-for-ctfs/
Submission: On November 10 via api from US — Scanned from DE

Form analysis 3 forms found in the DOM

POST

<form data-form_id="2" id="fluentform_2" class="frm-fluent-form fluent_form_2 ff-el-form-top ff_form_instance_2_1 ffs_default ff-form-loaded" data-form_instance="ff_form_instance_2_1" method="POST" data-cb-wrapper="true">
  <fieldset style="border: none!important;margin: 0!important;padding: 0!important;background-color: transparent!important;box-shadow: none!important;outline: none!important; min-inline-size: 100%;">
    <legend class="ff_screen_reader_title" style="display: block; margin: 0!important;padding: 0!important;height: 0!important;text-indent: -999999px;width: 0!important;overflow:hidden;">Subscription Form</legend><input type="hidden"
      name="__fluent_form_embded_post_id" value="10877"><input type="hidden" id="_fluentform_2_fluentformnonce" name="_fluentform_2_fluentformnonce" value="ac5b5ca244"><input type="hidden" name="_wp_http_referer"
      value="/blog/stream-ciphers-cryptography-for-ctfs/">
    <div data-name="ff_cn_id_1" class="ff-t-container ff-column-container ff_columns_total_2  ">
      <div class="ff-t-cell ff-t-column-1" style="flex-basis: 80%;">
        <div class="ff-el-group">
          <div class="ff-el-input--content"><input type="email" name="email" id="ff_2_email" class="ff-el-form-control" placeholder="Your Email Address" data-name="email" aria-invalid="false" aria-required="true"></div>
        </div>
      </div>
      <div class="ff-t-cell ff-t-column-2" style="flex-basis: 20%;">
        <div class="ff-el-group ff-text-left ff_submit_btn_wrapper ff_submit_btn_wrapper_custom"><button class="ff-btn ff-btn-submit ff-btn-md ff_btn_style wpf_has_custom_css" type="submit" name="custom_submit_button-2_1"
            data-name="custom_submit_button-2_1">Subscribe</button>
          <style>
            form.fluent_form_2 .wpf_has_custom_css.ff-btn-submit {
              background-color: #409EFF;
              border-color: #409EFF;
              color: #ffffff;
              min-width: 100%;
            }

            form.fluent_form_2 .wpf_has_custom_css.ff-btn-submit:hover {
              background-color: #ffffff;
              border-color: #409EFF;
              color: #409EFF;
              min-width: 100%;
            }
          </style>
        </div>
      </div>
    </div>
  </fieldset>
</form>

POST

<form data-form_id="2" id="fluentform_2" class="frm-fluent-form fluent_form_2 ff-el-form-top ff_form_instance_2_2 ffs_default ff-form-loaded" data-form_instance="ff_form_instance_2_2" method="POST" data-cb-wrapper="true">
  <fieldset style="border: none!important;margin: 0!important;padding: 0!important;background-color: transparent!important;box-shadow: none!important;outline: none!important; min-inline-size: 100%;">
    <legend class="ff_screen_reader_title" style="display: block; margin: 0!important;padding: 0!important;height: 0!important;text-indent: -999999px;width: 0!important;overflow:hidden;">Subscription Form</legend><input type="hidden"
      name="__fluent_form_embded_post_id" value="10877"><input type="hidden" id="_fluentform_2_fluentformnonce" name="_fluentform_2_fluentformnonce" value="ac5b5ca244"><input type="hidden" name="_wp_http_referer"
      value="/blog/stream-ciphers-cryptography-for-ctfs/">
    <div data-name="ff_cn_id_1" class="ff-t-container ff-column-container ff_columns_total_2  ">
      <div class="ff-t-cell ff-t-column-1" style="flex-basis: 80%;">
        <div class="ff-el-group">
          <div class="ff-el-input--content"><input type="email" name="email" id="ff_2_2_email" class="ff-el-form-control" placeholder="Your Email Address" data-name="email" aria-invalid="false" aria-required="true"></div>
        </div>
      </div>
      <div class="ff-t-cell ff-t-column-2" style="flex-basis: 20%;">
        <div class="ff-el-group ff-text-left ff_submit_btn_wrapper ff_submit_btn_wrapper_custom"><button class="ff-btn ff-btn-submit ff-btn-md ff_btn_style wpf_has_custom_css" type="submit" name="custom_submit_button-2_1"
            data-name="custom_submit_button-2_1">Subscribe</button>
          <style>
            form.fluent_form_2 .wpf_has_custom_css.ff-btn-submit {
              background-color: #409EFF;
              border-color: #409EFF;
              color: #ffffff;
              min-width: 100%;
            }

            form.fluent_form_2 .wpf_has_custom_css.ff-btn-submit:hover {
              background-color: #ffffff;
              border-color: #409EFF;
              color: #409EFF;
              min-width: 100%;
            }
          </style>
        </div>
      </div>
    </div>
  </fieldset>
</form>

<form autocomplete="off" role="search" class="jetpack-instant-search__search-results-search-form">
  <div class="jetpack-instant-search__search-form">
    <div class="jetpack-instant-search__box"><label for="jetpack-instant-search__box-input-1" class="jetpack-instant-search__box-label">
        <div class="jetpack-instant-search__box-gridicon"><svg focusable="true" height="24" viewBox="0 0 24 24" width="24" xmlns="http://www.w3.org/2000/svg" aria-hidden="false" class="gridicon gridicons-search " style="height: 24px; width: 24px;">
            <title>Magnifying Glass</title>
            <g>
              <path d="M21 19l-5.154-5.154C16.574 12.742 17 11.42 17 10c0-3.866-3.134-7-7-7s-7 3.134-7 7 3.134 7 7 7c1.42 0 2.742-.426 3.846-1.154L19 21l2-2zM5 10c0-2.757 2.243-5 5-5s5 2.243 5 5-2.243 5-5 5-5-2.243-5-5z"></path>
            </g>
          </svg></div><input autocomplete="off" id="jetpack-instant-search__box-input-1" inputmode="search" placeholder="Search…" type="search" class="search-field jetpack-instant-search__box-input"><button tabindex="-1"
          class="screen-reader-text assistive-text">Search</button>
      </label></div>
  </div>
</form>

Text Content

We value your privacy

Dear visitor, our website uses cookies to provide you with a better browsing
experience and to analyze site traffic. By clicking 'Accept,' you consent to our
use of cookies.

Customize Reject All Accept All
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions.
You will find detailed information about all cookies under each consent category
below.

The cookies that are categorized as "Necessary" are stored on your browser as
they are essential for enabling the basic functionalities of the site. ... Show
more

NecessaryAlways Active

Necessary cookies are required to enable the basic features of this site, such
as providing secure log-in or adjusting your consent preferences. These cookies
do not store any personally identifiable data.

No cookies to display.

Functional

Functional cookies help perform certain functionalities like sharing the content
of the website on social media platforms, collecting feedback, and other
third-party features.

No cookies to display.

Analytics

Analytical cookies are used to understand how visitors interact with the
website. These cookies help provide information on metrics such as the number of
visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance

Performance cookies are used to understand and analyze the key performance
indexes of the website which helps in delivering a better user experience for
the visitors.

No cookies to display.

Advertisement

Advertisement cookies are used to provide visitors with customized
advertisements based on the pages you visited previously and to analyze the
effectiveness of the ad campaigns.

No cookies to display.

Reject All Save My Preferences Accept All
Skip to content
 * Services
   
   
   SERVICES
   
    * IoT Security Assessment
    * Red Team Assessment
    * Product Security
    * AI/ML Security Audit
    * Web Application Security Testing
    * SOC Service
   
    * IoT Security Assessment
    * Red Team Assessment
    * Product Security
    * AI/ML Security Audit
    * Web Application Security Testing
    * SOC Service
   
    * Mobile Application Security Testing
    * DevSecOps Consulting
    * Code Review
    * Cloud Security Assessment
    * Critical Infrastructure Assessment
   
    * Mobile Application Security Testing
    * DevSecOps Consulting
    * Code Review
    * Cloud Security Assessment
    * Critical Infrastructure Assessment
 * Products
   
   
   PRODUCTS
   
   EXPLIoT
   EXPLIoT is framework for IoT security testing
   and exploitation.
   EXPLIoT Store
   EXPLIoT Store is the ultimate marketplace
   for IoT security hacking and learning gadgets.
   EXPLIoT Academy
   EXPLIoT Academy is an online institution
   for learning practical courses related to IoT security.
   
   CloudFuzz
   
   CloudFuzz is platform that lets you code for bugs
   by running your software with millions of test cases.
   
   Product Partner – Riscure
   
   Riscure’s top-of-the-line security products such as Inspector SCA, Inspector
   FI, Truecode, etc.
   
 * Who We Are
   
   
   WHO WE ARE
   
    * About Us
    * Payatu Bandits
    * Hardware-Lab
    * News
    * Career
   
    * About Us
    * Payatu Bandits
    * Hardware-Lab
    * News
    * Career
 * Resources
   
   
   RESOURCES
   
    * Blog
    * Masterclass
    * Case Studies
    * Ebooks
    * Advisory
    * Media
    * Checklist
    * Reports
    * Datasheet
   
    * Blog
    * Masterclass
    * Case Studies
    * Ebooks
    * Advisory
    * Media
    * Checklist
    * Reports
    * Datasheet
   
   
   TOOLS
   
    * BugBazaar
    * securecode.wiki
    * DVAPI
   
    * BugBazaar
    * securecode.wiki
    * DVAPI
   
   
   
   
   COMMUNITY
   
    * Telegram Community
   
    * Telegram Community
 * Contact Us
   
   
   CONTACT US
   
    * Pune Location
    * Europe Location
    * Australia Location
    * USA Location
   
    * Pune Location
    * Europe Location
    * Australia Location
    * USA Location
 * We Are Hiring
   
   
   TOP OPENINGS
   
    * Security consultant
    * IT sales
    * Pre-Sales Executive
    * Software Developer
    * Embedded Developer
   
    * Security consultant
    * IT sales
    * Pre-Sales Executive
    * Software Developer
    * Embedded Developer
   
   ALL OPENINGS
   
   Get all of it
   Be a Bandit
   
   
   EMPLOYEE CENTRIC WORK CULTURE
   
   Join the work culture that offers - Flexible Work Hours, Adaptable Leave
   Structure, Employee Wellness Schemes, Wanderlusting Work Plans, International
   Brand Exposure, Rewards and Recognitions.
   
   
   NEVER STOP LEARNING
   
   Be a part of a clan that motivates and keeps you on edge with opportunities
   like Reimbursement Policy Upto 1000 USD for Certification Courses, Hosting
   Internal & External Webinars, Personal Goal Setting & Guidance for KRA.
   
   
   COHERE WITH THE COMMUNITY
   
   We are more than a company; we are a community which offers opportunities to
   be a part of global conferences, promote in-house talent for writing research
   papers, provides support and rewards for writing blogs and reward employees
   for referrals.



 * Services
   
   
   SERVICES
   
    * IoT Security Assessment
    * Red Team Assessment
    * Product Security
    * AI/ML Security Audit
    * Web Application Security Testing
    * SOC Service
   
    * IoT Security Assessment
    * Red Team Assessment
    * Product Security
    * AI/ML Security Audit
    * Web Application Security Testing
    * SOC Service
   
    * Mobile Application Security Testing
    * DevSecOps Consulting
    * Code Review
    * Cloud Security Assessment
    * Critical Infrastructure Assessment
   
    * Mobile Application Security Testing
    * DevSecOps Consulting
    * Code Review
    * Cloud Security Assessment
    * Critical Infrastructure Assessment
 * Products
   
   
   PRODUCTS
   
   EXPLIoT
   EXPLIoT is framework for IoT security testing
   and exploitation.
   EXPLIoT Store
   EXPLIoT Store is the ultimate marketplace
   for IoT security hacking and learning gadgets.
   EXPLIoT Academy
   EXPLIoT Academy is an online institution
   for learning practical courses related to IoT security.
   
   CloudFuzz
   
   CloudFuzz is platform that lets you code for bugs
   by running your software with millions of test cases.
   
   Product Partner – Riscure
   
   Riscure’s top-of-the-line security products such as Inspector SCA, Inspector
   FI, Truecode, etc.
   
 * Who We Are
   
   
   WHO WE ARE
   
    * About Us
    * Payatu Bandits
    * Hardware-Lab
    * News
    * Career
   
    * About Us
    * Payatu Bandits
    * Hardware-Lab
    * News
    * Career
 * Resources
   
   
   RESOURCES
   
    * Blog
    * Masterclass
    * Case Studies
    * Ebooks
    * Advisory
    * Media
    * Checklist
    * Reports
    * Datasheet
   
    * Blog
    * Masterclass
    * Case Studies
    * Ebooks
    * Advisory
    * Media
    * Checklist
    * Reports
    * Datasheet
   
   
   TOOLS
   
    * BugBazaar
    * securecode.wiki
    * DVAPI
   
    * BugBazaar
    * securecode.wiki
    * DVAPI
   
   
   
   
   COMMUNITY
   
    * Telegram Community
   
    * Telegram Community
 * Contact Us
   
   
   CONTACT US
   
    * Pune Location
    * Europe Location
    * Australia Location
    * USA Location
   
    * Pune Location
    * Europe Location
    * Australia Location
    * USA Location
 * We Are Hiring
   
   
   TOP OPENINGS
   
    * Security consultant
    * IT sales
    * Pre-Sales Executive
    * Software Developer
    * Embedded Developer
   
    * Security consultant
    * IT sales
    * Pre-Sales Executive
    * Software Developer
    * Embedded Developer
   
   ALL OPENINGS
   
   Get all of it
   Be a Bandit
   
   
   EMPLOYEE CENTRIC WORK CULTURE
   
   Join the work culture that offers - Flexible Work Hours, Adaptable Leave
   Structure, Employee Wellness Schemes, Wanderlusting Work Plans, International
   Brand Exposure, Rewards and Recognitions.
   
   
   NEVER STOP LEARNING
   
   Be a part of a clan that motivates and keeps you on edge with opportunities
   like Reimbursement Policy Upto 1000 USD for Certification Courses, Hosting
   Internal & External Webinars, Personal Goal Setting & Guidance for KRA.
   
   
   COHERE WITH THE COMMUNITY
   
   We are more than a company; we are a community which offers opportunities to
   be a part of global conferences, promote in-house talent for writing research
   papers, provides support and rewards for writing blogs and reward employees
   for referrals.





STREAM CIPHERS: CRYPTOGRAPHY FOR CTFS


 * Mukund Kedia
 * July 4, 2024



Stream ciphers operate on each bit of data in the message rather than on a chunk
of data at a time. Encryption and decryption are straightforward with stream
ciphers, which use the same keystream for both processes. Stream ciphers are
inherently simple, involving only XOR operations for both encryption and
decryption, using the same keystream each time.

Table of Contents

Toggle
 * OTP (One Time Pad)
   * Issues with mitigation of the OTP
 * Use of PRNG
 * LCG (Linear Congruential Generators)
 * LFSR (Linear Feedback Shift Register)
   * Encryption
   * Attack on LFSR
 * References


OTP (ONE TIME PAD)

The One Time Pad (OTP) is a type of stream cipher, but it has been deemed
impractical for long-term use. In OTP, a user encrypts a message by XORing it
with a secret key message.

The vulnerability of OTP lies in its XOR operations and properties. It has been
observed that if multiple ciphertexts are generated using the same key, an
attacker could potentially reverse engineer the ciphertext to recover the
plaintext.

The above code demonstrates how the XOR operation can be used to obtain the
plaintext from ciphertext, with the help of a key. If the same key is used
multiple times, and the attacker possesses any pair of ciphertext and plaintext,
they can deduce the key and use it to decrypt other ciphertexts.


ISSUES WITH MITIGATION OF THE OTP

To mitigate the above vulnerability, we would need to generate a new key every
time we encrypt data. However, constantly generating a new key with the same
number of bits as the message would be labour-intensive. If a new keystream is
used each time, then OTP becomes unconditionally secure. Its keystream is
generated from a truly random number generator (TRNG). Therefore, this
necessitates the adoption of newer encryption techniques.


USE OF PRNG

The key part of a Stream Cipher is generating the keystream, which should
consist of random numbers. A PRNG (Pseudo-Random Number Generator) can be
utilized for this purpose. It is designed to generate pseudo-random numbers
using an algorithm and an initial seed (initial number sequence), approximating
truly random numbers.

In the diagram below, we denote the keystream as S to illustrate the operation
of the Stream Cipher. Modulo 2 arithmetic is employed to obtain either 0 or 1
for each bit of the message. Modulo 2 addition refers to the XOR operation.

The diagram below represents the generation of the key stream.

Modular arithmetic and Rings are important concepts required to understand the
formation of equations.


LCG (LINEAR CONGRUENTIAL GENERATORS)

The above code shows the encryption process, which involves generating keys
using LCG (Linear Congruential Generators), an example of PRNG.

The above code shows the decryption process of ciphertext text with keys
generated using LCG.

The above code demonstrates an attack on LCG, where A and B (which are parts of
the keys) are calculated using only the first few characters of the plaintext
and ciphertext. The attack utilizes the Extended Euclidean algorithm to
determine the modular inverse of a number.

The code comments depict the calculation of A and B values. This underscores the
necessity of finding the modular inverse of (S1 – S2), where S1, S2, and S3
represent initial segments of the keystream.

If the attacker knows the first three values of the plaintext stream, they can
compute the corresponding first three values of the keystream using XOR
operations with the ciphertext stream. This approach would unveil the constant
values of the encryption equation (A and B), enabling the computation of all
subsequent keystream values.


LFSR (LINEAR FEEDBACK SHIFT REGISTER)

It employs a Stream Cipher that can operate on small hardware, specifically with
low power consumption. This cipher generates pseudo-random numbers that are even
more difficult to crack.

Below is a diagram illustrating a general LFSR (Linear Feedback Shift Register).

For the attack on LFSR to succeed, the attacker needs the complete encrypted
text, the degree of the LFSR (denoted by ‘m’), and the first ‘2m’ plaintext
values, which might include the header part. From these values, the attacker can
derive the LFSR configuration.

The keystream Si can be computed from 0 to 2m-1 using this information. To
calculate S2m, an algebraic equation can be formulated using the following
equation, where Pi can be either 0 or 1.

The Gaussian elimination technique can be utilized to determine all the values
of P0 to Pm-1. This enables us to subsequently compute the key values S2m,
S2m+1, and so on.


ENCRYPTION

The code below demonstrates the encryption process, generating the keystream
from an LFSR (Linear Feedback Shift Register) pseudo-random number generator.


ATTACK ON LFSR

The code below demonstrates the attack technique to deduce the remaining values
of the keystream by acquiring the values of P (as illustrated in the diagram
above). It assumes the attacker has access to the ciphertext and the first 2m
bits of the plaintext.

Here, the degree of the LFSR (m) is 3, so 2m bits equals 6. The first 6 bits of
the secret keystream, generated in the previous code, are used and provided in
the comments of the current code. The ciphertext generated from the previous
encryption process is input for this attack scenario. The attacker also knows
the plaintext’s first 6 (2m) bits.

If the first 6 bits of the plaintext are known, a straightforward XOR operation
between the plaintext bits and ciphertext bits reveals the first 6 bits of the
keystream (denoted as Si, from S0 to S5).

The code below outputs the value of P, which was initially used in the previous
code to generate the keystream. By determining the P value, the attacker can
subsequently compute the entire keystream using the equations detailed in the
code comments below.

The matrix (2D array / List) depicted in the code is computed using the Si
values for application in the Gaussian elimination method.


REFERENCES

 1. https://tailcall.net/posts/cracking-rngs-lcgs/
 2. https://www.geeksforgeeks.org/multiplicative-inverse-under-modulo-m/
 3. https://www.geeksforgeeks.org/gaussian-elimination/
 4. Introduction to Cryptography by Christof Paar

Subscribe to our Newsletter
Subscription Form
Subscribe


Research Powered Cybersecurity Services and Training. Eliminate security threats
through our innovative and extensive security assessments.


SUBSCRIBE TO OUR NEWSLETTER

Subscription Form
Subscribe



SERVICES

 * IoT Security Assessment
 * Red Team Assessment
 * Product Security
 * AI/ML Security Audit
 * Web Application Security Testing
 * SOC Service

 * Mobile Application Security Testing
 * DevSecOps Consulting
 * Code Review
 * Cloud Security Assessment
 * Critical Infrastructure Assessment


PRODUCTS

 * ExPLIoT
 * EXPLIoT Store
 * EXPLIoT Academy
 * CloudFuzz


CONFERENCE

 * Nullcon
 * Hardwear.io


RESOURCES

 * Blog
 * Masterclass
 * Case Studies
 * Ebooks
 * Advisory
 * Media
 * Checklist
 * Reports
 * Datasheet


ABOUT

 * Career
 * About Us
 * News
 * Contact-Us
 * Payatu Bandits
 * WhatsApp Community
 * Hardware-Lab
 * Disclosure Policy
 * Corporate Partners

Services
Iot Security Testing
Red Team Assessment
Product Security
AI/ML Security Audit
Web Security Testing
Mobile Security Testing
DevSecOps Consulting
Code Review
Cloud Security
Critical Infrastructure
SOC Service
Products
ExPLIoT
CloudFuzz
Conference
Nullcon
Hardwear.io
Resources
Blog
E-Book
Advisory
Media
Case Studies
MasterClass Series
BugBazaar
Securecode.wiki
About
About Us
Career
News
Contact Us
Payatu Bandits
WhatsApp Community
Hardware-Lab
Disclosure Policy
Corporate Partners
Youtube Linkedin Facebook Twitter Instagram Whatsapp
All rights reserved © 2024 Payatu



SEARCH RESULTS

Magnifying Glass
Search
Close search results
FiltersShow filters
Sort by:
Relevance•Newest•Oldest


NO RESULTS FOUND


FILTER OPTIONS


Close Search
Search powered by Jetpack